npm - @tatchi-xyz/sdk - Versions diffs - 0.21.0 → 0.31.1 - Mend

@tatchi-xyz/sdk 0.21.0 → 0.31.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2501) hide show

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"validation.js","names":["~~isObject~~","~~assertString~~","~~normalizeRegistrationCredential~~","~~validateVRFChallenge~~","~~ensureEd25519Prefix~~","~~base58Encode~~"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/validation.ts"],"sourcesContent":["import { normalizeRegistrationCredential } from '../../credentialsHelpers';\nimport type { WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport { isObject, assertString } from '~~../../../WalletIframe~~/validation';\nimport { DelegateActionInput } from '../../../types/delegate';\nimport { base58Encode } from '../../../../utils/base58';\nimport { ensureEd25519Prefix } from '../../../nearCrypto';\n\n// Strongly typed payload expected from the WASM → JS boundary\nexport interface RegistrationCredentialConfirmationPayload {\n confirmed: boolean;\n requestId: string;\n intentDigest: string;\n credential: WebAuthnRegistrationCredential; // serialized PublicKeyCredential (no methods)\n vrfChallenge: VRFChallenge;\n transactionContext?: TransactionContext;\n error?: string;\n}\n\nfunction validateTransactionContextMaybe(input: unknown): TransactionContext \| undefined {\n if (input == null) return undefined;\n if (!isObject(input)) {\n throw new Error('Invalid transactionContext: expected object');\n }\n\n const {\n nearPublicKeyStr,\n nextNonce,\n txBlockHeight,\n txBlockHash,\n accessKeyInfo,\n } = input as {\n nearPublicKeyStr?: unknown;\n nextNonce?: unknown;\n txBlockHeight?: unknown;\n txBlockHash?: unknown;\n accessKeyInfo?: unknown;\n };\n\n // Minimal structural validation; AccessKeyView is complex. Be tolerant because the WASM struct omits it.\n const normalizedNearPublicKeyStr = assertString(\n nearPublicKeyStr,\n 'transactionContext.nearPublicKeyStr',\n );\n const normalizedNextNonce = assertString(nextNonce, 'transactionContext.nextNonce');\n const normalizedTxBlockHeight = assertString(\n txBlockHeight,\n 'transactionContext.txBlockHeight',\n );\n const normalizedTxBlockHash = assertString(txBlockHash, 'transactionContext.txBlockHash');\n\n let normalizedAccessKeyInfo = accessKeyInfo as TransactionContext['accessKeyInfo'] \| undefined;\n if (normalizedAccessKeyInfo != null && !isObject(normalizedAccessKeyInfo)) {\n throw new Error('Invalid transactionContext.accessKeyInfo: expected object');\n }\n if (normalizedAccessKeyInfo == null) {\n // Synthesize a minimal placeholder; not used by registration flows consuming this payload\n normalizedAccessKeyInfo = { nonce: 0 } as unknown as TransactionContext['accessKeyInfo'];\n }\n\n return {\n nearPublicKeyStr: normalizedNearPublicKeyStr,\n nextNonce: normalizedNextNonce,\n txBlockHeight: normalizedTxBlockHeight,\n txBlockHash: normalizedTxBlockHash,\n accessKeyInfo: normalizedAccessKeyInfo,\n };\n}\n\nfunction validateCredentialMaybe(input: unknown): WebAuthnRegistrationCredential \| undefined {\n if (input == null) return undefined;\n\n const cred = normalizeRegistrationCredential(input);\n if (cred.type !== 'public-key') {\n throw new Error('Invalid credential.type: expected \"public-key\"');\n }\n\n const { id, rawId, response, authenticatorAttachment } = cred as {\n id?: unknown;\n rawId?: unknown;\n response?: unknown;\n authenticatorAttachment?: unknown;\n };\n\n // Core field/type validation (serialized shapes should be base64url strings)\n assertString(id, 'credential.id');\n assertString(rawId, 'credential.rawId');\n\n if (!isObject(response)) {\n throw new Error('Invalid credential.response: expected object');\n }\n\n const {\n clientDataJSON,\n attestationObject,\n transports,\n } = response as {\n clientDataJSON?: unknown;\n attestationObject?: unknown;\n transports?: unknown;\n };\n\n assertString(clientDataJSON, 'credential.response.clientDataJSON');\n assertString(attestationObject, 'credential.response.attestationObject');\n\n if (!Array.isArray(transports)) {\n throw new Error('Invalid credential.response.transports: expected string[]');\n }\n for (const t of transports) {\n if (typeof t !== 'string') {\n throw new Error('Invalid credential.response.transports item: expected string');\n }\n }\n\n if (authenticatorAttachment != null && typeof authenticatorAttachment !== 'string') {\n throw new Error('Invalid credential.authenticatorAttachment: expected string \| undefined');\n }\n\n // Note: prf.results may be undefined/null here. We intentionally do NOT\n // require them at the boundary; internal callers that need PRF (e.g. key\n // derivation) will extract/compute them separately. Contract payloads must\n // not include PRF values.\n return cred;\n}\n\nfunction validateVrfChallengeMaybe(input: unknown): VRFChallenge \| undefined {\n if (input == null) return undefined;\n return validateVRFChallenge(input as Parameters<typeof validateVRFChallenge>[0]);\n}\n\nexport function parseAndValidateRegistrationCredentialConfirmationPayload(\n payload: unknown,\n): RegistrationCredentialConfirmationPayload {\n\n if (!isObject(payload)) {\n throw new Error('Invalid response payload: expected object');\n }\n\n const {\n confirmed,\n requestId,\n intentDigest,\n credential,\n vrfChallenge,\n transactionContext,\n error,\n } = payload as {\n confirmed?: unknown;\n requestId?: unknown;\n intentDigest?: unknown;\n credential?: unknown;\n vrfChallenge?: unknown;\n transactionContext?: unknown;\n error?: unknown;\n };\n\n const normalizedRequestId = assertString(requestId, 'requestId');\n\n // intentDigest is only used for TX signing requests, not registration or link device requests\n const normalizedIntentDigest =\n intentDigest == null ? '' : assertString(intentDigest, 'intentDigest');\n\n const normalizedCredential =\n credential != null ? validateCredentialMaybe(credential) : undefined;\n\n if (!normalizedCredential) {\n throw new Error('Missing registration credential');\n }\n\n const normalizedVrfChallenge =\n vrfChallenge != null ? validateVrfChallengeMaybe(vrfChallenge) : undefined;\n\n if (!normalizedVrfChallenge) {\n throw new Error('Missing VRF Challenge');\n }\n\n const normalizedTransactionContext =\n transactionContext != null ? validateTransactionContextMaybe(transactionContext) : undefined;\n\n const normalizedError =\n error == null ? undefined : assertString(error, 'error');\n\n return {\n confirmed: !!confirmed,\n requestId: normalizedRequestId,\n intentDigest: normalizedIntentDigest,\n credential: normalizedCredential,\n vrfChallenge: normalizedVrfChallenge,\n transactionContext: normalizedTransactionContext,\n error: normalizedError,\n };\n}\n\nexport { ensureEd25519Prefix };\n\nexport const toPublicKeyString = (pk: DelegateActionInput['publicKey']): string => {\n if (typeof pk === 'string') {\n return pk;\n }\n return ensureEd25519Prefix(base58Encode(pk.keyData));\n};\n"],"mappings":"~~;;;;;;;;;;;;;AAoBA~~,SAAS,gCAAgC,OAAgD;AACvF,KAAI,SAAS,KAAM,QAAO;AAC1B,KAAI,~~CAACA~~,4BAAS,OACZ,OAAM,IAAI,MAAM;CAGlB,MAAM,EACJ,kBACA,WACA,eACA,aACA,kBACE;CASJ,MAAM,6BAA6BC,gCACjC,kBACA;CAEF,MAAM,sBAAsBA,gCAAa,WAAW;CACpD,MAAM,0BAA0BA,gCAC9B,eACA;CAEF,MAAM,wBAAwBA,gCAAa,aAAa;CAExD,IAAI,0BAA0B;AAC9B,KAAI,2BAA2B,QAAQ,CAACD,4BAAS,yBAC/C,OAAM,IAAI,MAAM;AAElB,KAAI,2BAA2B,KAE7B,2BAA0B,EAAE,OAAO;AAGrC,QAAO;EACL,kBAAkB;EAClB,WAAW;EACX,eAAe;EACf,aAAa;EACb,eAAe;;;AAInB,SAAS,wBAAwB,OAA4D;AAC3F,KAAI,SAAS,KAAM,QAAO;CAE1B,MAAM,OAAOE,2DAAgC;AAC7C,KAAI,KAAK,SAAS,aAChB,OAAM,IAAI,MAAM;CAGlB,MAAM,EAAE,IAAI,OAAO,UAAU,4BAA4B;AAQzD,iCAAa,IAAI;AACjB,iCAAa,OAAO;AAEpB,KAAI,CAACF,4BAAS,UACZ,OAAM,IAAI,MAAM;CAGlB,MAAM,EACJ,gBACA,mBACA,eACE;AAMJ,iCAAa,gBAAgB;AAC7B,iCAAa,mBAAmB;AAEhC,KAAI,CAAC,MAAM,QAAQ,YACjB,OAAM,IAAI,MAAM;AAElB,MAAK,MAAM,KAAK,WACd,KAAI,OAAO,MAAM,SACf,OAAM,IAAI,MAAM;AAIpB,KAAI,2BAA2B,QAAQ,OAAO,4BAA4B,SACxE,OAAM,IAAI,MAAM;AAOlB,QAAO;;AAGT,SAAS,0BAA0B,OAA0C;AAC3E,KAAI,SAAS,KAAM,QAAO;AAC1B,QAAOG,wCAAqB;;AAG9B,SAAgB,0DACd,SAC2C;AAE3C,KAAI,CAACH,4BAAS,SACZ,OAAM,IAAI,MAAM;CAGlB,MAAM,EACJ,WACA,WACA,cACA,YACA,cACA,oBACA,UACE;CAUJ,MAAM,sBAAsBC,gCAAa,WAAW;CAGpD,MAAM,yBACJ,gBAAgB,OAAO,KAAKA,gCAAa,cAAc;CAEzD,MAAM,uBACJ,cAAc,OAAO,wBAAwB,cAAc;AAE7D,KAAI,CAAC,qBACH,OAAM,IAAI,MAAM;CAGlB,MAAM,yBACJ,gBAAgB,OAAO,0BAA0B,gBAAgB;AAEnE,KAAI,CAAC,uBACH,OAAM,IAAI,MAAM;CAGlB,MAAM,+BACJ,sBAAsB,OAAO,gCAAgC,sBAAsB;CAErF,MAAM,kBACJ,SAAS,OAAO,SAAYA,gCAAa,OAAO;AAElD,QAAO;EACL,WAAW,CAAC,CAAC;EACb,WAAW;EACX,cAAc;EACd,YAAY;EACZ,cAAc;EACd,oBAAoB;EACpB,OAAO~~;;;AAMX,MAAa,qBAAqB,OAAiD;AACjF,KAAI,OAAO,OAAO,SAChB,QAAO;AAET,QAAOG,uCAAoBC,4BAAa,GAAG~~"}
1	+ {"version":3,"file":"validation.js","names":["ensureEd25519Prefix","base58Encode","isObject","assertString","normalizeRegistrationCredential","validateVRFChallenge"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/validation.ts"],"sourcesContent":["import { normalizeRegistrationCredential } from '../../credentialsHelpers';\nimport type { WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport { isObject, assertString } from '@/utils/validation';\nimport { DelegateActionInput } from '../../../types/delegate';\nimport { base58Encode } from '../../../../utils/base58';\n\nimport { ensureEd25519Prefix } from '../../../nearCrypto';\nexport { ensureEd25519Prefix };\n\nexport const toPublicKeyString = (pk: DelegateActionInput['publicKey']): string => {\n if (typeof pk === 'string') {\n return pk;\n }\n return ensureEd25519Prefix(base58Encode(pk.keyData));\n};\n\n// Strongly typed payload expected from the WASM → JS boundary\nexport interface RegistrationCredentialConfirmationPayload {\n confirmed: boolean;\n requestId: string;\n intentDigest: string;\n credential: WebAuthnRegistrationCredential; // serialized PublicKeyCredential (no methods)\n vrfChallenge: VRFChallenge;\n transactionContext?: TransactionContext;\n error?: string;\n}\n\nfunction validateTransactionContextMaybe(input: unknown): TransactionContext \| undefined {\n if (input == null) return undefined;\n if (!isObject(input)) {\n throw new Error('Invalid transactionContext: expected object');\n }\n\n const {\n nearPublicKeyStr,\n nextNonce,\n txBlockHeight,\n txBlockHash,\n accessKeyInfo,\n } = input as {\n nearPublicKeyStr?: unknown;\n nextNonce?: unknown;\n txBlockHeight?: unknown;\n txBlockHash?: unknown;\n accessKeyInfo?: unknown;\n };\n\n // Minimal structural validation; AccessKeyView is complex. Be tolerant because the WASM struct omits it.\n const normalizedNearPublicKeyStr = assertString(\n nearPublicKeyStr,\n 'transactionContext.nearPublicKeyStr',\n );\n const normalizedNextNonce = assertString(nextNonce, 'transactionContext.nextNonce');\n const normalizedTxBlockHeight = assertString(\n txBlockHeight,\n 'transactionContext.txBlockHeight',\n );\n const normalizedTxBlockHash = assertString(txBlockHash, 'transactionContext.txBlockHash');\n\n let normalizedAccessKeyInfo = accessKeyInfo as TransactionContext['accessKeyInfo'] \| undefined;\n if (normalizedAccessKeyInfo != null && !isObject(normalizedAccessKeyInfo)) {\n throw new Error('Invalid transactionContext.accessKeyInfo: expected object');\n }\n if (normalizedAccessKeyInfo == null) {\n // Synthesize a minimal placeholder; not used by registration flows consuming this payload\n normalizedAccessKeyInfo = { nonce: 0 } as unknown as TransactionContext['accessKeyInfo'];\n }\n\n return {\n nearPublicKeyStr: normalizedNearPublicKeyStr,\n nextNonce: normalizedNextNonce,\n txBlockHeight: normalizedTxBlockHeight,\n txBlockHash: normalizedTxBlockHash,\n accessKeyInfo: normalizedAccessKeyInfo,\n };\n}\n\nfunction validateCredentialMaybe(input: unknown): WebAuthnRegistrationCredential \| undefined {\n if (input == null) return undefined;\n\n const cred = normalizeRegistrationCredential(input);\n if (cred.type !== 'public-key') {\n throw new Error('Invalid credential.type: expected \"public-key\"');\n }\n\n const { id, rawId, response, authenticatorAttachment } = cred as {\n id?: unknown;\n rawId?: unknown;\n response?: unknown;\n authenticatorAttachment?: unknown;\n };\n\n // Core field/type validation (serialized shapes should be base64url strings)\n assertString(id, 'credential.id');\n assertString(rawId, 'credential.rawId');\n\n if (!isObject(response)) {\n throw new Error('Invalid credential.response: expected object');\n }\n\n const {\n clientDataJSON,\n attestationObject,\n transports,\n } = response as {\n clientDataJSON?: unknown;\n attestationObject?: unknown;\n transports?: unknown;\n };\n\n assertString(clientDataJSON, 'credential.response.clientDataJSON');\n assertString(attestationObject, 'credential.response.attestationObject');\n\n if (!Array.isArray(transports)) {\n throw new Error('Invalid credential.response.transports: expected string[]');\n }\n for (const t of transports) {\n if (typeof t !== 'string') {\n throw new Error('Invalid credential.response.transports item: expected string');\n }\n }\n\n if (authenticatorAttachment != null && typeof authenticatorAttachment !== 'string') {\n throw new Error('Invalid credential.authenticatorAttachment: expected string \| undefined');\n }\n\n // Note: prf.results may be undefined/null here. We intentionally do NOT\n // require them at the boundary; internal callers that need PRF (e.g. key\n // derivation) will extract/compute them separately. Contract payloads must\n // not include PRF values.\n return cred;\n}\n\nfunction validateVrfChallengeMaybe(input: unknown): VRFChallenge \| undefined {\n if (input == null) return undefined;\n return validateVRFChallenge(input as Parameters<typeof validateVRFChallenge>[0]);\n}\n\nexport function parseAndValidateRegistrationCredentialConfirmationPayload(\n payload: unknown,\n): RegistrationCredentialConfirmationPayload {\n\n if (!isObject(payload)) {\n throw new Error('Invalid response payload: expected object');\n }\n\n const {\n confirmed,\n requestId,\n intentDigest,\n credential,\n vrfChallenge,\n transactionContext,\n error,\n } = payload as {\n confirmed?: unknown;\n requestId?: unknown;\n intentDigest?: unknown;\n credential?: unknown;\n vrfChallenge?: unknown;\n transactionContext?: unknown;\n error?: unknown;\n };\n\n const normalizedRequestId = assertString(requestId, 'requestId');\n\n // intentDigest is only used for TX signing requests, not registration or link device requests\n const normalizedIntentDigest =\n intentDigest == null ? '' : assertString(intentDigest, 'intentDigest');\n\n const normalizedCredential =\n credential != null ? validateCredentialMaybe(credential) : undefined;\n\n if (!normalizedCredential) {\n throw new Error('Missing registration credential');\n }\n\n const normalizedVrfChallenge =\n vrfChallenge != null ? validateVrfChallengeMaybe(vrfChallenge) : undefined;\n\n if (!normalizedVrfChallenge) {\n throw new Error('Missing VRF Challenge');\n }\n\n const normalizedTransactionContext =\n transactionContext != null ? validateTransactionContextMaybe(transactionContext) : undefined;\n\n const normalizedError =\n error == null ? undefined : assertString(error, 'error');\n\n return {\n confirmed: !!confirmed,\n requestId: normalizedRequestId,\n intentDigest: normalizedIntentDigest,\n credential: normalizedCredential,\n vrfChallenge: normalizedVrfChallenge,\n transactionContext: normalizedTransactionContext,\n error: normalizedError,\n };\n}"],"mappings":";;;;;;AAWA,MAAa,qBAAqB,OAAiD;AACjF,KAAI,OAAO,OAAO,SAChB,QAAO;AAET,QAAOA,uCAAoBC,4BAAa,GAAG;;AAc7C,SAAS,gCAAgC,OAAgD;AACvF,KAAI,SAAS,KAAM,QAAO;AAC1B,KAAI,CAACC,4BAAS,OACZ,OAAM,IAAI,MAAM;CAGlB,MAAM,EACJ,kBACA,WACA,eACA,aACA,kBACE;CASJ,MAAM,6BAA6BC,gCACjC,kBACA;CAEF,MAAM,sBAAsBA,gCAAa,WAAW;CACpD,MAAM,0BAA0BA,gCAC9B,eACA;CAEF,MAAM,wBAAwBA,gCAAa,aAAa;CAExD,IAAI,0BAA0B;AAC9B,KAAI,2BAA2B,QAAQ,CAACD,4BAAS,yBAC/C,OAAM,IAAI,MAAM;AAElB,KAAI,2BAA2B,KAE7B,2BAA0B,EAAE,OAAO;AAGrC,QAAO;EACL,kBAAkB;EAClB,WAAW;EACX,eAAe;EACf,aAAa;EACb,eAAe;;;AAInB,SAAS,wBAAwB,OAA4D;AAC3F,KAAI,SAAS,KAAM,QAAO;CAE1B,MAAM,OAAOE,2DAAgC;AAC7C,KAAI,KAAK,SAAS,aAChB,OAAM,IAAI,MAAM;CAGlB,MAAM,EAAE,IAAI,OAAO,UAAU,4BAA4B;AAQzD,iCAAa,IAAI;AACjB,iCAAa,OAAO;AAEpB,KAAI,CAACF,4BAAS,UACZ,OAAM,IAAI,MAAM;CAGlB,MAAM,EACJ,gBACA,mBACA,eACE;AAMJ,iCAAa,gBAAgB;AAC7B,iCAAa,mBAAmB;AAEhC,KAAI,CAAC,MAAM,QAAQ,YACjB,OAAM,IAAI,MAAM;AAElB,MAAK,MAAM,KAAK,WACd,KAAI,OAAO,MAAM,SACf,OAAM,IAAI,MAAM;AAIpB,KAAI,2BAA2B,QAAQ,OAAO,4BAA4B,SACxE,OAAM,IAAI,MAAM;AAOlB,QAAO;;AAGT,SAAS,0BAA0B,OAA0C;AAC3E,KAAI,SAAS,KAAM,QAAO;AAC1B,QAAOG,wCAAqB;;AAG9B,SAAgB,0DACd,SAC2C;AAE3C,KAAI,CAACH,4BAAS,SACZ,OAAM,IAAI,MAAM;CAGlB,MAAM,EACJ,WACA,WACA,cACA,YACA,cACA,oBACA,UACE;CAUJ,MAAM,sBAAsBC,gCAAa,WAAW;CAGpD,MAAM,yBACJ,gBAAgB,OAAO,KAAKA,gCAAa,cAAc;CAEzD,MAAM,uBACJ,cAAc,OAAO,wBAAwB,cAAc;AAE7D,KAAI,CAAC,qBACH,OAAM,IAAI,MAAM;CAGlB,MAAM,yBACJ,gBAAgB,OAAO,0BAA0B,gBAAgB;AAEnE,KAAI,CAAC,uBACH,OAAM,IAAI,MAAM;CAGlB,MAAM,+BACJ,sBAAsB,OAAO,gCAAgC,sBAAsB;CAErF,MAAM,kBACJ,SAAS,OAAO,SAAYA,gCAAa,OAAO;AAElD,QAAO;EACL,WAAW,CAAC,CAAC;EACb,WAAW;EACX,cAAc;EACd,YAAY;EACZ,cAAc;EACd,oBAAoB;EACpB,OAAO"}

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/index.js CHANGED Viewed

@@ -1,10 +1,9 @@
-const require_rolldown_runtime = require('../../../_virtual/rolldown_runtime.js');
+const require_validation = require('../../../utils/validation.js');
 const require_signer_worker = require('../../types/signer-worker.js');
+const require_errors = require('../../../utils/errors.js');
 const require_index = require('../../IndexedDBManager/index.js');
 const require_config = require('../../../config.js');
-const require_validation = require('../../WalletIframe/validation.js');
 const require_workers = require('../../sdkPaths/workers.js');
-const require_errors = require('../../../utils/errors.js');
 const require_touchIdPrompt = require('../touchIdPrompt.js');
 const require_workerControlMessages = require('../../workerControlMessages.js');
 const require_sessionMessages = require('./sessionMessages.js');
@@ -21,13 +20,9 @@ const require_signTransactionWithKeyPair = require('./handlers/signTransactionWi
 const require_signNep413Message = require('./handlers/signNep413Message.js');
 const require_registerDevice2WithDerivedKey = require('./handlers/registerDevice2WithDerivedKey.js');
 const require_exportNearKeypairUi = require('./handlers/exportNearKeypairUi.js');
+const require_deriveThresholdEd25519ClientVerifyingShare = require('./handlers/deriveThresholdEd25519ClientVerifyingShare.js');
 //#region src/core/WebAuthnManager/SignerWorkerManager/index.ts
-require_index.init_IndexedDBManager();
-require_validation.init_validation();
-require_signer_worker.init_signer_worker();
-require_touchIdPrompt.init_touchIdPrompt();
-require_errors.init_errors();
 /**
 * WebAuthnWorkers handles PRF, workers, and COSE operations
 *
@@ -41,15 +36,17 @@ var SignerWorkerManager = class {
 	nearClient;
 	userPreferencesManager;
 	nonceManager;
+	relayerUrl;
 	workerBaseOrigin;
 	nearExplorerUrl;
-	constructor(vrfWorkerManager, nearClient, userPreferencesManager, nonceManager, rpIdOverride, enableSafariGetWebauthnRegistrationFallback = true, nearExplorerUrl) {
+	constructor(vrfWorkerManager, nearClient, userPreferencesManager, nonceManager, relayerUrl, rpIdOverride, enableSafariGetWebauthnRegistrationFallback = true, nearExplorerUrl) {
 		this.indexedDB = require_index.IndexedDBManager;
 		this.touchIdPrompt = new require_touchIdPrompt.TouchIdPrompt(rpIdOverride, enableSafariGetWebauthnRegistrationFallback);
 		this.vrfWorkerManager = vrfWorkerManager;
 		this.nearClient = nearClient;
 		this.userPreferencesManager = userPreferencesManager;
 		this.nonceManager = nonceManager;
+		this.relayerUrl = relayerUrl;
 		this.nearExplorerUrl = nearExplorerUrl;
 	}
 	setWorkerBaseOrigin(origin) {
@@ -65,7 +62,8 @@ var SignerWorkerManager = class {
 			userPreferencesManager: this.userPreferencesManager,
 			nonceManager: this.nonceManager,
 			rpIdOverride: this.touchIdPrompt.getRpId(),
-			nearExplorerUrl: this.nearExplorerUrl
+			nearExplorerUrl: this.nearExplorerUrl,
+			relayerUrl: this.relayerUrl
 		};
 	}
 	createSecureWorker() {
@@ -347,6 +345,13 @@ var SignerWorkerManager = class {
 			...args
 		});
 	}
+	async deriveThresholdEd25519ClientVerifyingShare(args) {
+		return require_deriveThresholdEd25519ClientVerifyingShare.deriveThresholdEd25519ClientVerifyingShare({
+			ctx: this.getContext(),
+			sessionId: args.sessionId,
+			nearAccountId: String(args.nearAccountId)
+		});
+	}
 	/**
 	* Secure private key decryption with dual PRF
 	*/

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","names":["IndexedDBManager","TouchIdPrompt","resolveWorkerUrl","SIGNER_WORKER_MANAGER_CONFIG","vrfPort: MessagePort \| undefined","attachSessionPort","WorkerControlMessage","error: unknown","promises: Promise<void>[]","toError","withSessionId","responses: WorkerResponseForRequest<T>[]","isSignerWorkerControlMessage","isWorkerProgress","isWorkerError","isWorkerSuccess","isObject","deriveNearKeypairAndEncryptFromSerialized","decryptPrivateKeyWithPrf","checkCanRegisterUser","registerDevice2WithDerivedKey","signTransactionsWithActions","signDelegateAction","recoverKeypairFromPasskey","extractCosePublicKey","signTransactionWithKeyPair","signNep413Message","exportNearKeypairUi"],"sources":["../../../../../src/core/WebAuthnManager/SignerWorkerManager/index.ts"],"sourcesContent":["import { SIGNER_WORKER_MANAGER_CONFIG } from \"../../../config\";\nimport { ClientAuthenticatorData, UnifiedIndexedDBManager } from '../../IndexedDBManager';\nimport { IndexedDBManager } from '../../IndexedDBManager';\nimport { SignedTransaction, type NearClient } from '../../NearClient';\nimport { isObject } from '../../WalletIframe/validation';\nimport { resolveWorkerUrl } from '../../sdkPaths';\nimport {\n WorkerRequestType,\n WorkerResponseForRequest,\n isWorkerProgress,\n isWorkerError,\n isWorkerSuccess,\n WorkerProgressResponse,\n WorkerErrorResponse,\n WorkerRequestTypeMap,\n} from '../../types/signer-worker';\nimport { VrfWorkerManager } from '../VrfWorkerManager';\nimport { VRFChallenge } from '../../types/vrf-worker';\nimport type { ActionArgsWasm, TransactionInputWasm } from '../../types/actions';\nimport type { DelegateActionInput } from '../../types/delegate';\nimport type { onProgressEvents } from '../../types/sdkSentEvents';\nimport type { AuthenticatorOptions } from '../../types/authenticatorOptions';\nimport { AccountId } from \"../../types/accountIds\";\nimport { TransactionContext } from '../../types/rpc';\nimport {\n ConfirmationConfig,\n WasmSignedDelegate,\n} from '../../types/signer-worker';\nimport { TouchIdPrompt } from \"../touchIdPrompt\";\nimport { isSignerWorkerControlMessage } from './sessionMessages';\nimport { WorkerControlMessage } from '../../workerControlMessages';\n\nimport {\n decryptPrivateKeyWithPrf,\n checkCanRegisterUser,\n signTransactionsWithActions,\n recoverKeypairFromPasskey,\n extractCosePublicKey,\n signTransactionWithKeyPair,\n signNep413Message,\n deriveNearKeypairAndEncryptFromSerialized,\n signDelegateAction,\n registerDevice2WithDerivedKey,\n exportNearKeypairUi,\n} from './handlers';\nimport { RpcCallPayload } from '../../types/signer-worker';\nimport { UserPreferencesManager } from '../userPreferences';\nimport { NonceManager } from '../../nonceManager';\nimport { WebAuthnAuthenticationCredential, WebAuthnRegistrationCredential } from '../../types';\nimport { toError } from '@/utils/errors';\nimport { withSessionId } from './handlers/session';\nimport { attachSessionPort } from './sessionHandshake.js';\n\ntype WithOptionalSessionId<T> = T extends { sessionId: string }\n ? Omit<T, 'sessionId'> & { sessionId?: string }\n : T;\n\ntype SigningSessionEntry = {\n worker: Worker;\n wrapKeySeedPort?: MessagePort;\n createdAt: number;\n};\n\nexport interface SignerWorkerManagerContext {\n touchIdPrompt: TouchIdPrompt;\n nearClient: NearClient;\n indexedDB: UnifiedIndexedDBManager;\n userPreferencesManager: UserPreferencesManager;\n nonceManager: NonceManager;\n rpIdOverride?: string;\n nearExplorerUrl?: string;\n vrfWorkerManager?: VrfWorkerManager;\n sendMessage: <T extends keyof WorkerRequestTypeMap>(args: {\n message: {\n type: T;\n payload: WithOptionalSessionId<WorkerRequestTypeMap[T]['request']>;\n };\n onEvent?: (update: onProgressEvents) => void;\n timeoutMs?: number;\n sessionId?: string;\n }) => Promise<WorkerResponseForRequest<T>>;\n};\n\n/*\n WebAuthnWorkers handles PRF, workers, and COSE operations\n \n Note: Challenge store removed as VRF provides cryptographic freshness\n * without needing centralized challenge management\n /\nexport class SignerWorkerManager {\n\n private indexedDB: UnifiedIndexedDBManager;\n private touchIdPrompt: TouchIdPrompt;\n private vrfWorkerManager: VrfWorkerManager;\n private nearClient: NearClient;\n private userPreferencesManager: UserPreferencesManager;\n private nonceManager: NonceManager;\n private workerBaseOrigin: string \| undefined;\n private nearExplorerUrl?: string;\n\n constructor(\n vrfWorkerManager: VrfWorkerManager,\n nearClient: NearClient,\n userPreferencesManager: UserPreferencesManager,\n nonceManager: NonceManager,\n rpIdOverride?: string,\n enableSafariGetWebauthnRegistrationFallback: boolean = true,\n nearExplorerUrl?: string,\n ) {\n this.indexedDB = IndexedDBManager;\n this.touchIdPrompt = new TouchIdPrompt(rpIdOverride, enableSafariGetWebauthnRegistrationFallback);\n this.vrfWorkerManager = vrfWorkerManager;\n this.nearClient = nearClient;\n this.userPreferencesManager = userPreferencesManager;\n this.nonceManager = nonceManager;\n this.nearExplorerUrl = nearExplorerUrl;\n }\n\n setWorkerBaseOrigin(origin: string \| undefined): void {\n this.workerBaseOrigin = origin;\n }\n\n getContext(): SignerWorkerManagerContext {\n return {\n sendMessage: this.sendMessage.bind(this), // bind to access this.createSecureWorker\n indexedDB: this.indexedDB,\n touchIdPrompt: this.touchIdPrompt,\n vrfWorkerManager: this.vrfWorkerManager,\n nearClient: this.nearClient,\n userPreferencesManager: this.userPreferencesManager,\n nonceManager: this.nonceManager,\n rpIdOverride: this.touchIdPrompt.getRpId(),\n nearExplorerUrl: this.nearExplorerUrl,\n };\n }\n\n createSecureWorker(): Worker {\n const workerUrlStr = resolveWorkerUrl(\n SIGNER_WORKER_MANAGER_CONFIG.WORKER.URL,\n { worker: 'signer', baseOrigin: this.workerBaseOrigin }\n )\n try {\n const worker = new Worker(workerUrlStr, {\n type: SIGNER_WORKER_MANAGER_CONFIG.WORKER.TYPE,\n name: SIGNER_WORKER_MANAGER_CONFIG.WORKER.NAME\n });\n // minimal error handler in tests; avoid noisy logs\n worker.onerror = () => {};\n return worker;\n } catch (error) {\n // Do not silently downgrade to same‑origin. Cross‑origin workers must be\n // resolvable under the configured wallet origin with proper headers.\n // Surface a precise error so tests assert the real path.\n const msg = error instanceof Error ? error.message : String(error);\n throw new Error(`Failed to create secure worker: ${msg}`);\n }\n }\n\n /\n Executes a worker operation by sending a message to the secure worker.\n * Handles progress updates via onEvent callback, supports both single and multiple response patterns.\n * Intercepts secure confirmation handshake messages for pluggable UI.\n * Resolves with the final worker response or rejects on error/timeout.\n \n @template T - Worker request type.\n * @param params.message - The message to send to the worker.\n * @param params.onEvent - Optional callback for progress events.\n * @param params.timeoutMs - Optional timeout in milliseconds.\n * @returns Promise resolving to the worker response for the request.\n /\n private workerPool: Worker[] = [];\n private readonly MAX_WORKER_POOL_SIZE = 3; // Increased for security model\n // Map of active signing sessions to reserved workers and optional WrapKeySeed ports\n private signingSessions: Map<string, SigningSessionEntry> = new Map();\n private readonly SIGNING_SESSION_TIMEOUT_MS = 5 60 * 1000; // 5 minutes\n\n private getWorkerFromPool(): Worker {\n if (this.workerPool.length > 0) {\n return this.workerPool.pop()!;\n }\n return this.createSecureWorker();\n }\n\n private terminateAndReplaceWorker(worker: Worker): void {\n // Always terminate workers to clear memory\n worker.terminate();\n // Asynchronously create a replacement worker for the pool\n this.createReplacementWorker();\n }\n\n /*\n Reserve a signer worker \"session\"\n \n What this does:\n * - Reserves a specific `Worker` instance from the pool and pins it to `sessionId`.\n * - Ensures the signer worker has a dedicated `MessagePort` attached for receiving `WrapKeySeed`\n * from the VRF worker (VRF → Signer channel).\n \n Port wiring:\n * - The VRF worker retains one end of a `MessageChannel` and the signer worker receives the other.\n * - This method attaches the signer-facing port via a control message (`ATTACH_WRAP_KEY_SEED_PORT`)\n * and waits for an ACK (`ATTACH_WRAP_KEY_SEED_PORT_OK`) before exposing the session.\n \n @param sessionId - Session identifier used to correlate MessagePorts + ready signals.\n * @param opts.signerPort - Optional signer-facing `MessagePort` created/owned by the caller (VRF-created channel).\n * If omitted, this method creates a fresh `MessageChannel` and returns `vrfPort` so the\n * caller can transfer it to the VRF worker.\n * @returns `{ worker, signerPort, vrfPort }` where `vrfPort` is only present when we created the channel here.\n /\n async reserveSignerWorkerSession(sessionId: string, opts?: { signerPort?: MessagePort }): Promise<{ worker: Worker; signerPort?: MessagePort; vrfPort?: MessagePort }> {\n if (this.signingSessions.has(sessionId)) {\n throw new Error(`Signing session already exists for id: ${sessionId}`);\n }\n // Reserve a worker from the pool for this sessionId.\n const worker = this.getWorkerFromPool();\n let signerPort = opts?.signerPort;\n let vrfPort: MessagePort \| undefined;\n if (!signerPort) {\n // If caller did not provide a signer-facing port, create a channel.\n // - port1 => signer worker (receiver)\n // - port2 => VRF worker (sender) returned to caller\n const channel = new MessageChannel();\n signerPort = channel.port1;\n vrfPort = channel.port2;\n }\n\n // Attach the signerPort to the worker and wait for ACK before adding to signingSessions\n try {\n if (!signerPort) {\n throw new Error('Missing signerPort for signing session');\n }\n\n // Use centralized handshake logic (registers listener, sends message, waits for ACK)\n await attachSessionPort(worker, sessionId, signerPort);\n\n // Only add to signingSessions after successful attachment\n // (prevents callers from observing a session that can't receive WrapKeySeed yet).\n this.signingSessions.set(sessionId, {\n worker,\n wrapKeySeedPort: signerPort,\n createdAt: Date.now(),\n });\n\n } catch (err) {\n console.error('[SignerWorkerManager]: Failed to attach WrapKeySeed port to signer worker', err);\n // Best-effort cleanup\n try { signerPort?.close(); } catch {}\n try { vrfPort?.close(); } catch {}\n this.terminateAndReplaceWorker(worker);\n this.signingSessions.delete(sessionId);\n throw err;\n }\n return { worker, signerPort, vrfPort };\n }\n\n /\n Release a signing session: close ports and terminate/replace the worker to zeroize state.\n /\n releaseSigningSession(sessionId: string): void {\n const entry = this.signingSessions.get(sessionId);\n if (!entry) return;\n try { entry.wrapKeySeedPort?.close() } catch {}\n try { this.terminateAndReplaceWorker(entry.worker) } catch {}\n this.signingSessions.delete(sessionId);\n }\n\n /\n Sweep expired signing sessions based on createdAt and timeout.\n /\n sweepExpiredSigningSessions(): void {\n const now = Date.now();\n for (const [sessionId, entry] of this.signingSessions.entries()) {\n if (now - entry.createdAt > this.SIGNING_SESSION_TIMEOUT_MS) {\n this.releaseSigningSession(sessionId);\n }\n }\n }\n\n private async createReplacementWorker(): Promise<void> {\n try {\n const worker = this.createSecureWorker();\n\n // Simple health check\n const healthPromise = new Promise<void>((resolve, reject) => {\n const timeout = setTimeout(() => reject(new Error('Health check timeout')), 5000);\n\n const onMessage = (event: MessageEvent) => {\n if (event.data?.type === WorkerControlMessage.WORKER_READY \|\| event.data?.ready) {\n worker.removeEventListener('message', onMessage);\n clearTimeout(timeout);\n resolve();\n }\n };\n\n worker.addEventListener('message', onMessage);\n worker.onerror = () => {\n worker.removeEventListener('message', onMessage);\n clearTimeout(timeout);\n reject(new Error('Worker error during health check'));\n };\n });\n\n await healthPromise;\n\n if (this.workerPool.length < this.MAX_WORKER_POOL_SIZE) {\n this.workerPool.push(worker);\n } else {\n worker.terminate();\n }\n } catch (error: unknown) {\n console.warn('SignerWorkerManager: Failed to create replacement worker:', error);\n }\n }\n\n /\n Pre-warm worker pool by creating and initializing workers in advance\n * This reduces latency for the first transaction by having workers ready\n /\n async preWarmWorkerPool(): Promise<void> {\n const promises: Promise<void>[] = [];\n\n for (let i = 0; i < this.MAX_WORKER_POOL_SIZE; i++) {\n promises.push(\n new Promise<void>((resolve, reject) => {\n try {\n const worker = this.createSecureWorker();\n\n // Set up one-time ready handler\n const onReady = (event: MessageEvent) => {\n if (event.data?.type === WorkerControlMessage.WORKER_READY \|\| event.data?.ready) {\n worker.removeEventListener('message', onReady);\n this.terminateAndReplaceWorker(worker);\n resolve();\n }\n };\n\n worker.addEventListener('message', onReady);\n\n // Set up error handler\n worker.onerror = (error) => {\n worker.removeEventListener('message', onReady);\n console.error(`WebAuthnManager: Worker ${i + 1} pre-warm failed:`, error);\n reject(error);\n };\n\n // Timeout after 5 seconds\n setTimeout(() => {\n worker.removeEventListener('message', onReady);\n // Pre-warm timeouts are benign; workers will be created on-demand later.\n // console.debug(`WebAuthnManager: Worker ${i + 1} pre-warm timeout`);\n reject(new Error('Pre-warm timeout'));\n }, 5000);\n\n } catch (error: unknown) {\n console.error(`WebAuthnManager: Failed to create worker ${i + 1}:`, error);\n reject(toError(error));\n }\n })\n );\n }\n\n try {\n await Promise.allSettled(promises);\n } catch (error: unknown) {\n console.warn('WebAuthnManager: Some workers failed to pre-warm:', error);\n }\n }\n\n private async sendMessage<T extends WorkerRequestType>({\n sessionId,\n message,\n onEvent,\n timeoutMs = SIGNER_WORKER_MANAGER_CONFIG.TIMEOUTS.DEFAULT, // 60s\n }: {\n sessionId?: string;\n message: { type: T; payload: WithOptionalSessionId<WorkerRequestTypeMap[T]['request']> };\n onEvent?: (update: onProgressEvents) => void;\n timeoutMs?: number;\n }): Promise<WorkerResponseForRequest<T>> {\n\n // Clean up any expired signing sessions before allocating a worker\n this.sweepExpiredSigningSessions();\n\n const payloadSessionId = (message.payload as any)?.sessionId as string \| undefined;\n if (sessionId && payloadSessionId && payloadSessionId !== sessionId) {\n throw new Error(\n `sendMessage: payload.sessionId (${payloadSessionId}) does not match provided sessionId (${sessionId})`\n );\n }\n\n const effectiveSessionId = sessionId \|\| payloadSessionId;\n const sessionEntry = effectiveSessionId ? this.signingSessions.get(effectiveSessionId) : undefined;\n if (effectiveSessionId && !sessionEntry) {\n throw new Error(`Signing session not found for id: ${effectiveSessionId}`);\n }\n\n // Normalize/inject sessionId into payload once to avoid duplication at call sites.\n const finalPayload = effectiveSessionId\n ? withSessionId(effectiveSessionId, message.payload)\n : (message.payload);\n\n const worker = sessionEntry ? sessionEntry.worker : this.getWorkerFromPool();\n const isSessionWorker = !!sessionEntry;\n\n return new Promise((resolve, reject) => {\n const timeoutId = setTimeout(() => {\n try {\n if (isSessionWorker && effectiveSessionId) {\n // Release reserved session to avoid leaking worker/port\n this.releaseSigningSession(effectiveSessionId);\n } else {\n this.terminateAndReplaceWorker(worker);\n }\n } catch {}\n // Notify any open modal host to transition to error state\n try {\n const seconds = Math.round(timeoutMs / 1000);\n window.postMessage({ type: 'MODAL_TIMEOUT', payload: `Timed out after ${seconds}s, try again` }, '');\n } catch {}\n reject(new Error(`Worker operation timed out after ${timeoutMs}ms`));\n }, timeoutMs);\n\n const responses: WorkerResponseForRequest<T>[] = [];\n\n worker.onmessage = async (event) => {\n try {\n // Ignore control messages (lifecycle/session setup) – they are handled elsewhere.\n if (isSignerWorkerControlMessage(event?.data)) {\n return;\n }\n // Ignore readiness pings that can arrive if a worker was just spawned\n if (event?.data?.type === WorkerControlMessage.WORKER_READY \|\| event?.data?.ready) {\n return; // not a response to an operation\n }\n // Use strong typing from WASM-generated types\n const response = event.data as WorkerResponseForRequest<T>;\n responses.push(response);\n\n // Handle progress updates using WASM-generated numeric enum values\n if (isWorkerProgress(response)) {\n const progressResponse = response as WorkerProgressResponse;\n onEvent?.(progressResponse.payload as onProgressEvents);\n return; // Continue listening for more messages\n }\n\n // Handle errors using WASM-generated enum\n if (isWorkerError(response)) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n const errorResponse = response as WorkerErrorResponse;\n console.error('Worker error response:', errorResponse);\n reject(new Error(errorResponse.payload.error));\n return;\n }\n\n // Handle successful completion types using strong typing\n if (isWorkerSuccess(response)) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n resolve(response as WorkerResponseForRequest<T>);\n return;\n }\n\n // If we reach here, the response doesn't match any expected type\n console.error('Unexpected worker response format:', {\n response,\n });\n\n // Check if it's a generic Error object\n if (isObject(response) && 'message' in response && 'stack' in response) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n console.error('Worker sent generic Error object:', response);\n reject(new Error(`Worker sent generic error: ${(response as Error).message}`));\n return;\n }\n\n // Unknown response format\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n reject(new Error(`Unknown worker response format: ${JSON.stringify(response)}`));\n } catch (error: unknown) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n console.error('Error processing worker message:', error);\n const err = toError(error);\n reject(new Error(`Worker message processing error: ${err.message}`));\n }\n };\n\n worker.onerror = (event) => {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n const errorMessage = event.error?.message \|\| event.message \|\| 'Unknown worker error';\n console.error('Worker error details (progress):', {\n message: errorMessage,\n filename: event.filename,\n lineno: event.lineno,\n colno: event.colno,\n error: event.error\n });\n reject(new Error(`Worker error: ${errorMessage}`));\n };\n\n // Format message for Rust SignerWorkerMessage structure using WASM types\n const formattedMessage = {\n type: message.type, // Numeric enum value from WorkerRequestType\n payload: finalPayload,\n };\n\n worker.postMessage(formattedMessage);\n });\n }\n\n /*\n Derive NEAR keypair from a serialized WebAuthn registration credential\n /\n async deriveNearKeypairAndEncryptFromSerialized(args: {\n credential: WebAuthnRegistrationCredential;\n nearAccountId: AccountId;\n options?: {\n authenticatorOptions?: AuthenticatorOptions;\n deviceNumber?: number;\n };\n sessionId: string;\n }): Promise<{\n success: boolean;\n nearAccountId: AccountId;\n publicKey: string;\n /\n Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n /\n chacha20NonceB64u?: string;\n wrapKeySalt?: string;\n }> {\n return deriveNearKeypairAndEncryptFromSerialized({ ctx: this.getContext(), ...args });\n }\n\n /\n Secure private key decryption with dual PRF\n /\n async decryptPrivateKeyWithPrf(args: {\n nearAccountId: AccountId,\n authenticators: ClientAuthenticatorData[],\n sessionId: string,\n }): Promise<{\n decryptedPrivateKey: string;\n nearAccountId: AccountId\n }> {\n return decryptPrivateKeyWithPrf({ ctx: this.getContext(), ...args });\n }\n\n async checkCanRegisterUser(args: {\n vrfChallenge: VRFChallenge,\n credential: WebAuthnRegistrationCredential,\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: AuthenticatorOptions; // Authenticator options for registration check\n onEvent?: (update: onProgressEvents) => void;\n }): Promise<{\n success: boolean;\n verified?: boolean;\n registrationInfo?: unknown;\n logs?: string[];\n signedTransactionBorsh?: number[];\n error?: string;\n }> {\n return checkCanRegisterUser({ ctx: this.getContext(), ...args });\n }\n\n /\n Combined Device2 registration: derive NEAR keypair + sign registration transaction\n * in a single operation without requiring a separate authentication prompt.\n \n This replaces the old two-step flow (register → authenticate → sign).\n * PRF.second and WrapKeySeed are already in the signer worker via MessagePort.\n /\n async registerDevice2WithDerivedKey(args: {\n sessionId: string;\n nearAccountId: AccountId;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n contractId: string;\n wrapKeySalt: string;\n deviceNumber?: number;\n deterministicVrfPublicKey: string;\n }): Promise<{\n success: boolean;\n publicKey: string;\n signedTransaction: any;\n wrapKeySalt: string;\n encryptedData?: string;\n /\n Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n /\n chacha20NonceB64u?: string;\n error?: string;\n }> {\n return registerDevice2WithDerivedKey({ ctx: this.getContext(), ...args });\n }\n\n // === ACTION-BASED SIGNING METHODS ===\n\n /\n Sign multiple transactions with shared VRF challenge and credential\n * Efficiently processes multiple transactions with one PRF authentication\n /\n async signTransactionsWithActions(args: {\n transactions: TransactionInputWasm[],\n rpcCall: RpcCallPayload,\n onEvent?: (update: onProgressEvents) => void,\n confirmationConfigOverride?: Partial<ConfirmationConfig>,\n title?: string;\n body?: string;\n sessionId: string,\n }): Promise<Array<{\n signedTransaction: SignedTransaction;\n nearAccountId: AccountId;\n logs?: string[]\n }>> {\n return signTransactionsWithActions({\n ctx: this.getContext(),\n ...args\n });\n }\n\n async signDelegateAction(args: {\n delegate: DelegateActionInput;\n rpcCall: RpcCallPayload;\n onEvent?: (update: onProgressEvents) => void;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n title?: string;\n body?: string;\n sessionId: string;\n }): Promise<{\n signedDelegate: WasmSignedDelegate;\n hash: string;\n nearAccountId: AccountId;\n logs?: string[];\n }> {\n return signDelegateAction({ ctx: this.getContext(), ...args });\n }\n\n /\n Recover keypair from authentication credential for account recovery\n * Uses dual PRF-based Ed25519 key derivation with account-specific HKDF and AES encryption\n /\n async recoverKeypairFromPasskey(args: {\n credential: WebAuthnAuthenticationCredential;\n accountIdHint?: string;\n sessionId: string,\n }): Promise<{\n publicKey: string;\n encryptedPrivateKey: string;\n /* Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for encrypted key /\n chacha20NonceB64u: string;\n accountIdHint?: string;\n wrapKeySalt: string;\n }> {\n return recoverKeypairFromPasskey({ ctx: this.getContext(), ...args });\n }\n\n /\n Extract COSE public key from WebAuthn attestation object\n * Simple operation that doesn't require TouchID or progress updates\n /\n async extractCosePublicKey(attestationObjectBase64url: string): Promise<Uint8Array> {\n return extractCosePublicKey({ ctx: this.getContext(), attestationObjectBase64url });\n }\n\n /\n Sign transaction with raw private key (for key replacement in Option D device linking)\n * No TouchID/PRF required - uses provided private key directly\n /\n async signTransactionWithKeyPair(args: {\n nearPrivateKey: string;\n signerAccountId: string;\n receiverId: string;\n nonce: string;\n blockHash: string;\n actions: ActionArgsWasm[];\n }): Promise<{\n signedTransaction: SignedTransaction;\n logs?: string[];\n }> {\n return signTransactionWithKeyPair({ ctx: this.getContext(), ...args });\n }\n\n /\n Sign a NEP-413 message using the user's passkey-derived private key\n \n @param payload - NEP-413 signing parameters including message, recipient, nonce, and state\n * @returns Promise resolving to signing result with account ID, public key, and signature\n /\n async signNep413Message(payload: {\n message: string;\n recipient: string;\n nonce: string;\n state: string \| null;\n accountId: string;\n title?: string;\n body?: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n sessionId: string;\n contractId?: string;\n nearRpcUrl?: string;\n }): Promise<{\n success: boolean;\n accountId: string;\n publicKey: string;\n signature: string;\n state?: string;\n error?: string;\n }> {\n return signNep413Message({\n ctx: this.getContext(),\n payload\n });\n }\n\n /\n Two-phase export (worker-driven):\n * - Phase 1: collect PRF (uiMode: 'skip')\n * - Decrypt inside worker\n * - Phase 2: show export UI with decrypted key (kept open until user closes)\n */\n async exportNearKeypairUi(args: {\n nearAccountId: AccountId,\n variant?: 'drawer'\|'modal',\n theme?: 'dark'\|'light',\n sessionId: string,\n }): Promise<void> {\n return exportNearKeypairUi({ ctx: this.getContext(), ...args });\n }\n\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyFA,IAAa,sBAAb,MAAiC;CAE/B,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CAER,YACE,kBACA,YACA,wBACA,cACA,cACA,8CAAuD,MACvD,iBACA;AACA,OAAK,YAAYA;AACjB,OAAK,gBAAgB,IAAIC,oCAAc,cAAc;AACrD,OAAK,mBAAmB;AACxB,OAAK,aAAa;AAClB,OAAK,yBAAyB;AAC9B,OAAK,eAAe;AACpB,OAAK,kBAAkB;;CAGzB,oBAAoB,QAAkC;AACpD,OAAK,mBAAmB;;CAG1B,aAAyC;AACvC,SAAO;GACL,aAAa,KAAK,YAAY,KAAK;GACnC,WAAW,KAAK;GAChB,eAAe,KAAK;GACpB,kBAAkB,KAAK;GACvB,YAAY,KAAK;GACjB,wBAAwB,KAAK;GAC7B,cAAc,KAAK;GACnB,cAAc,KAAK,cAAc;GACjC,iBAAiB,KAAK;;;CAI1B,qBAA6B;EAC3B,MAAM,eAAeC,iCACnBC,4CAA6B,OAAO,KACpC;GAAE,QAAQ;GAAU,YAAY,KAAK;;AAEvC,MAAI;GACF,MAAM,SAAS,IAAI,OAAO,cAAc;IACtC,MAAMA,4CAA6B,OAAO;IAC1C,MAAMA,4CAA6B,OAAO;;AAG5C,UAAO,gBAAgB;AACvB,UAAO;WACA,OAAO;GAId,MAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO;AAC5D,SAAM,IAAI,MAAM,mCAAmC;;;;;;;;;;;;;;;CAgBvD,AAAQ,aAAuB;CAC/B,AAAiB,uBAAuB;CAExC,AAAQ,kCAAoD,IAAI;CAChE,AAAiB,6BAA6B,MAAS;CAEvD,AAAQ,oBAA4B;AAClC,MAAI,KAAK,WAAW,SAAS,EAC3B,QAAO,KAAK,WAAW;AAEzB,SAAO,KAAK;;CAGd,AAAQ,0BAA0B,QAAsB;AAEtD,SAAO;AAEP,OAAK;;;;;;;;;;;;;;;;;;;;;CAsBP,MAAM,2BAA2B,WAAmB,MAAmH;AACrK,MAAI,KAAK,gBAAgB,IAAI,WAC3B,OAAM,IAAI,MAAM,0CAA0C;EAG5D,MAAM,SAAS,KAAK;EACpB,IAAI,aAAa,MAAM;EACvB,IAAIC;AACJ,MAAI,CAAC,YAAY;GAIf,MAAM,UAAU,IAAI;AACpB,gBAAa,QAAQ;AACrB,aAAU,QAAQ;;AAIpB,MAAI;AACF,OAAI,CAAC,WACH,OAAM,IAAI,MAAM;AAIlB,SAAMC,2CAAkB,QAAQ,WAAW;AAI3C,QAAK,gBAAgB,IAAI,WAAW;IAClC;IACA,iBAAiB;IACjB,WAAW,KAAK;;WAGX,KAAK;AACZ,WAAQ,MAAM,6EAA6E;AAE3F,OAAI;AAAE,gBAAY;WAAiB;AACnC,OAAI;AAAE,aAAS;WAAiB;AAChC,QAAK,0BAA0B;AAC/B,QAAK,gBAAgB,OAAO;AAC5B,SAAM;;AAER,SAAO;GAAE;GAAQ;GAAY;;;;;;CAM/B,sBAAsB,WAAyB;EAC7C,MAAM,QAAQ,KAAK,gBAAgB,IAAI;AACvC,MAAI,CAAC,MAAO;AACZ,MAAI;AAAE,SAAM,iBAAiB;UAAgB;AAC7C,MAAI;AAAE,QAAK,0BAA0B,MAAM;UAAgB;AAC3D,OAAK,gBAAgB,OAAO;;;;;CAM9B,8BAAoC;EAClC,MAAM,MAAM,KAAK;AACjB,OAAK,MAAM,CAAC,WAAW,UAAU,KAAK,gBAAgB,UACpD,KAAI,MAAM,MAAM,YAAY,KAAK,2BAC/B,MAAK,sBAAsB;;CAKjC,MAAc,0BAAyC;AACrD,MAAI;GACF,MAAM,SAAS,KAAK;GAGpB,MAAM,gBAAgB,IAAI,SAAe,SAAS,WAAW;IAC3D,MAAM,UAAU,iBAAiB,uBAAO,IAAI,MAAM,0BAA0B;IAE5E,MAAM,aAAa,UAAwB;AACzC,SAAI,MAAM,MAAM,SAASC,mDAAqB,gBAAgB,MAAM,MAAM,OAAO;AAC/E,aAAO,oBAAoB,WAAW;AACtC,mBAAa;AACb;;;AAIJ,WAAO,iBAAiB,WAAW;AACnC,WAAO,gBAAgB;AACrB,YAAO,oBAAoB,WAAW;AACtC,kBAAa;AACb,4BAAO,IAAI,MAAM;;;AAIrB,SAAM;AAEN,OAAI,KAAK,WAAW,SAAS,KAAK,qBAChC,MAAK,WAAW,KAAK;OAErB,QAAO;WAEFC,OAAgB;AACvB,WAAQ,KAAK,6DAA6D;;;;;;;CAQ9E,MAAM,oBAAmC;EACvC,MAAMC,WAA4B;AAElC,OAAK,IAAI,IAAI,GAAG,IAAI,KAAK,sBAAsB,IAC7C,UAAS,KACP,IAAI,SAAe,SAAS,WAAW;AACrC,OAAI;IACF,MAAM,SAAS,KAAK;IAGpB,MAAM,WAAW,UAAwB;AACvC,SAAI,MAAM,MAAM,SAASF,mDAAqB,gBAAgB,MAAM,MAAM,OAAO;AAC/E,aAAO,oBAAoB,WAAW;AACtC,WAAK,0BAA0B;AAC/B;;;AAIJ,WAAO,iBAAiB,WAAW;AAGnC,WAAO,WAAW,UAAU;AAC1B,YAAO,oBAAoB,WAAW;AACtC,aAAQ,MAAM,2BAA2B,IAAI,EAAE,oBAAoB;AACnE,YAAO;;AAIT,qBAAiB;AACf,YAAO,oBAAoB,WAAW;AAGtC,4BAAO,IAAI,MAAM;OAChB;YAEIC,OAAgB;AACvB,YAAQ,MAAM,4CAA4C,IAAI,EAAE,IAAI;AACpE,WAAOE,uBAAQ;;;AAMvB,MAAI;AACF,SAAM,QAAQ,WAAW;WAClBF,OAAgB;AACvB,WAAQ,KAAK,qDAAqD;;;CAItE,MAAc,YAAyC,EACrD,WACA,SACA,SACA,YAAYJ,4CAA6B,SAAS,WAMX;AAGvC,OAAK;EAEL,MAAM,mBAAoB,QAAQ,SAAiB;AACnD,MAAI,aAAa,oBAAoB,qBAAqB,UACxD,OAAM,IAAI,MACR,mCAAmC,iBAAiB,uCAAuC,UAAU;EAIzG,MAAM,qBAAqB,aAAa;EACxC,MAAM,eAAe,qBAAqB,KAAK,gBAAgB,IAAI,sBAAsB;AACzF,MAAI,sBAAsB,CAAC,aACzB,OAAM,IAAI,MAAM,qCAAqC;EAIvD,MAAM,eAAe,qBACjBO,8BAAc,oBAAoB,QAAQ,WACzC,QAAQ;EAEb,MAAM,SAAS,eAAe,aAAa,SAAS,KAAK;EACzD,MAAM,kBAAkB,CAAC,CAAC;AAE1B,SAAO,IAAI,SAAS,SAAS,WAAW;GACtC,MAAM,YAAY,iBAAiB;AACjC,QAAI;AACF,SAAI,mBAAmB,mBAErB,MAAK,sBAAsB;SAE3B,MAAK,0BAA0B;YAE3B;AAER,QAAI;KACF,MAAM,UAAU,KAAK,MAAM,YAAY;AACvC,YAAO,YAAY;MAAE,MAAM;MAAiB,SAAS,mBAAmB,QAAQ;QAAiB;YAC3F;AACR,2BAAO,IAAI,MAAM,oCAAoC,UAAU;MAC9D;GAEH,MAAMC,YAA2C;AAEjD,UAAO,YAAY,OAAO,UAAU;AAClC,QAAI;AAEF,SAAIC,qDAA6B,OAAO,MACtC;AAGF,SAAI,OAAO,MAAM,SAASN,mDAAqB,gBAAgB,OAAO,MAAM,MAC1E;KAGF,MAAM,WAAW,MAAM;AACvB,eAAU,KAAK;AAGf,SAAIO,uCAAiB,WAAW;MAC9B,MAAM,mBAAmB;AACzB,gBAAU,iBAAiB;AAC3B;;AAIF,SAAIC,oCAAc,WAAW;AAC3B,mBAAa;AACb,UAAI,CAAC,gBAAiB,MAAK,0BAA0B;MACrD,MAAM,gBAAgB;AACtB,cAAQ,MAAM,0BAA0B;AACxC,aAAO,IAAI,MAAM,cAAc,QAAQ;AACvC;;AAIF,SAAIC,sCAAgB,WAAW;AAC7B,mBAAa;AACb,UAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,cAAQ;AACR;;AAIF,aAAQ,MAAM,sCAAsC,EAClD;AAIF,SAAIC,4BAAS,aAAa,aAAa,YAAY,WAAW,UAAU;AACtE,mBAAa;AACb,UAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,cAAQ,MAAM,qCAAqC;AACnD,6BAAO,IAAI,MAAM,8BAA+B,SAAmB;AACnE;;AAIF,kBAAa;AACb,SAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,4BAAO,IAAI,MAAM,mCAAmC,KAAK,UAAU;aAC5DT,OAAgB;AACvB,kBAAa;AACb,SAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,aAAQ,MAAM,oCAAoC;KAClD,MAAM,MAAME,uBAAQ;AACpB,4BAAO,IAAI,MAAM,oCAAoC,IAAI;;;AAI7D,UAAO,WAAW,UAAU;AAC1B,iBAAa;AACb,QAAI,CAAC,gBAAiB,MAAK,0BAA0B;IACrD,MAAM,eAAe,MAAM,OAAO,WAAW,MAAM,WAAW;AAC9D,YAAQ,MAAM,oCAAoC;KAChD,SAAS;KACT,UAAU,MAAM;KAChB,QAAQ,MAAM;KACd,OAAO,MAAM;KACb,OAAO,MAAM;;AAEf,2BAAO,IAAI,MAAM,iBAAiB;;GAIpC,MAAM,mBAAmB;IACvB,MAAM,QAAQ;IACd,SAAS;;AAGX,UAAO,YAAY;;;;;;CAOvB,MAAM,0CAA0C,MAiB7C;AACD,SAAOQ,4FAA0C;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;CAMhF,MAAM,yBAAyB,MAO5B;AACD,SAAOC,0DAAyB;GAAE,KAAK,KAAK;GAAc,GAAG;;;CAG/D,MAAM,qBAAqB,MAcxB;AACD,SAAOC,kDAAqB;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;;;;CAU3D,MAAM,8BAA8B,MAqBjC;AACD,SAAOC,oEAA8B;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;CASpE,MAAM,4BAA4B,MAY9B;AACF,SAAOC,gEAA4B;GACjC,KAAK,KAAK;GACV,GAAG;;;CAIP,MAAM,mBAAmB,MAatB;AACD,SAAOC,8CAAmB;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;CAOzD,MAAM,0BAA0B,MAW7B;AACD,SAAOC,4DAA0B;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;CAOhE,MAAM,qBAAqB,4BAAyD;AAClF,SAAOC,kDAAqB;GAAE,KAAK,KAAK;GAAc;;;;;;;CAOxD,MAAM,2BAA2B,MAU9B;AACD,SAAOC,8DAA2B;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;;;CASjE,MAAM,kBAAkB,SAmBrB;AACD,SAAOC,4CAAkB;GACvB,KAAK,KAAK;GACV;;;;;;;;;CAUJ,MAAM,oBAAoB,MAKR;AAChB,SAAOC,gDAAoB;GAAE,KAAK,KAAK;GAAc,GAAG"}
1	+ {"version":3,"file":"index.js","names":["IndexedDBManager","TouchIdPrompt","resolveWorkerUrl","SIGNER_WORKER_MANAGER_CONFIG","vrfPort: MessagePort \| undefined","attachSessionPort","WorkerControlMessage","error: unknown","promises: Promise<void>[]","toError","withSessionId","responses: WorkerResponseForRequest<T>[]","isSignerWorkerControlMessage","isWorkerProgress","isWorkerError","isWorkerSuccess","isObject","deriveNearKeypairAndEncryptFromSerialized","deriveThresholdEd25519ClientVerifyingShare","decryptPrivateKeyWithPrf","checkCanRegisterUser","registerDevice2WithDerivedKey","signTransactionsWithActions","signDelegateAction","recoverKeypairFromPasskey","extractCosePublicKey","signTransactionWithKeyPair","signNep413Message","exportNearKeypairUi"],"sources":["../../../../../src/core/WebAuthnManager/SignerWorkerManager/index.ts"],"sourcesContent":["import { SIGNER_WORKER_MANAGER_CONFIG } from \"../../../config\";\nimport { ClientAuthenticatorData, UnifiedIndexedDBManager } from '../../IndexedDBManager';\nimport { IndexedDBManager } from '../../IndexedDBManager';\nimport { SignedTransaction, type NearClient } from '../../NearClient';\nimport { isObject } from '@/utils/validation';\nimport { resolveWorkerUrl } from '../../sdkPaths';\nimport {\n WorkerRequestType,\n WorkerResponseForRequest,\n isWorkerProgress,\n isWorkerError,\n isWorkerSuccess,\n WorkerProgressResponse,\n WorkerErrorResponse,\n WorkerRequestTypeMap,\n} from '../../types/signer-worker';\nimport { VrfWorkerManager } from '../VrfWorkerManager';\nimport { VRFChallenge } from '../../types/vrf-worker';\nimport type { ActionArgsWasm, TransactionInputWasm } from '../../types/actions';\nimport type { DelegateActionInput } from '../../types/delegate';\nimport type { onProgressEvents, RegistrationEventStep3 } from '../../types/sdkSentEvents';\nimport type { AuthenticatorOptions } from '../../types/authenticatorOptions';\nimport { AccountId } from \"../../types/accountIds\";\nimport { TransactionContext } from '../../types/rpc';\nimport {\n ConfirmationConfig,\n type SignerMode,\n WasmSignedDelegate,\n} from '../../types/signer-worker';\nimport type { ThresholdBehavior } from '../../types/signer-worker';\nimport { TouchIdPrompt } from \"../touchIdPrompt\";\nimport { isSignerWorkerControlMessage } from './sessionMessages';\nimport { WorkerControlMessage } from '../../workerControlMessages';\n\nimport {\n decryptPrivateKeyWithPrf,\n checkCanRegisterUser,\n signTransactionsWithActions,\n recoverKeypairFromPasskey,\n extractCosePublicKey,\n signTransactionWithKeyPair,\n signNep413Message,\n deriveNearKeypairAndEncryptFromSerialized,\n signDelegateAction,\n registerDevice2WithDerivedKey,\n exportNearKeypairUi,\n deriveThresholdEd25519ClientVerifyingShare,\n} from './handlers';\nimport { RpcCallPayload } from '../../types/signer-worker';\nimport { UserPreferencesManager } from '../userPreferences';\nimport { NonceManager } from '../../nonceManager';\nimport { WebAuthnAuthenticationCredential, WebAuthnRegistrationCredential } from '../../types';\nimport { toError } from '@/utils/errors';\nimport { withSessionId } from './handlers/session';\nimport { attachSessionPort } from './sessionHandshake.js';\n\ntype WithOptionalSessionId<T> = T extends { sessionId: string }\n ? Omit<T, 'sessionId'> & { sessionId?: string }\n : T;\n\ntype SigningSessionEntry = {\n worker: Worker;\n wrapKeySeedPort?: MessagePort;\n createdAt: number;\n};\n\nexport interface SignerWorkerManagerContext {\n touchIdPrompt: TouchIdPrompt;\n nearClient: NearClient;\n indexedDB: UnifiedIndexedDBManager;\n userPreferencesManager: UserPreferencesManager;\n nonceManager: NonceManager;\n relayerUrl: string;\n rpIdOverride?: string;\n nearExplorerUrl?: string;\n vrfWorkerManager?: VrfWorkerManager;\n sendMessage: <T extends keyof WorkerRequestTypeMap>(args: {\n message: {\n type: T;\n payload: WithOptionalSessionId<WorkerRequestTypeMap[T]['request']>;\n };\n onEvent?: (update: onProgressEvents) => void;\n timeoutMs?: number;\n sessionId?: string;\n }) => Promise<WorkerResponseForRequest<T>>;\n};\n\n/*\n WebAuthnWorkers handles PRF, workers, and COSE operations\n \n Note: Challenge store removed as VRF provides cryptographic freshness\n * without needing centralized challenge management\n /\nexport class SignerWorkerManager {\n\n private indexedDB: UnifiedIndexedDBManager;\n private touchIdPrompt: TouchIdPrompt;\n private vrfWorkerManager: VrfWorkerManager;\n private nearClient: NearClient;\n private userPreferencesManager: UserPreferencesManager;\n private nonceManager: NonceManager;\n private relayerUrl: string;\n private workerBaseOrigin: string \| undefined;\n private nearExplorerUrl?: string;\n\n constructor(\n vrfWorkerManager: VrfWorkerManager,\n nearClient: NearClient,\n userPreferencesManager: UserPreferencesManager,\n nonceManager: NonceManager,\n relayerUrl: string,\n rpIdOverride?: string,\n enableSafariGetWebauthnRegistrationFallback: boolean = true,\n nearExplorerUrl?: string,\n ) {\n this.indexedDB = IndexedDBManager;\n this.touchIdPrompt = new TouchIdPrompt(rpIdOverride, enableSafariGetWebauthnRegistrationFallback);\n this.vrfWorkerManager = vrfWorkerManager;\n this.nearClient = nearClient;\n this.userPreferencesManager = userPreferencesManager;\n this.nonceManager = nonceManager;\n this.relayerUrl = relayerUrl;\n this.nearExplorerUrl = nearExplorerUrl;\n }\n\n setWorkerBaseOrigin(origin: string \| undefined): void {\n this.workerBaseOrigin = origin;\n }\n\n getContext(): SignerWorkerManagerContext {\n return {\n sendMessage: this.sendMessage.bind(this), // bind to access this.createSecureWorker\n indexedDB: this.indexedDB,\n touchIdPrompt: this.touchIdPrompt,\n vrfWorkerManager: this.vrfWorkerManager,\n nearClient: this.nearClient,\n userPreferencesManager: this.userPreferencesManager,\n nonceManager: this.nonceManager,\n rpIdOverride: this.touchIdPrompt.getRpId(),\n nearExplorerUrl: this.nearExplorerUrl,\n relayerUrl: this.relayerUrl,\n };\n }\n\n createSecureWorker(): Worker {\n const workerUrlStr = resolveWorkerUrl(\n SIGNER_WORKER_MANAGER_CONFIG.WORKER.URL,\n { worker: 'signer', baseOrigin: this.workerBaseOrigin }\n )\n try {\n const worker = new Worker(workerUrlStr, {\n type: SIGNER_WORKER_MANAGER_CONFIG.WORKER.TYPE,\n name: SIGNER_WORKER_MANAGER_CONFIG.WORKER.NAME\n });\n // minimal error handler in tests; avoid noisy logs\n worker.onerror = () => {};\n return worker;\n } catch (error) {\n // Do not silently downgrade to same‑origin. Cross‑origin workers must be\n // resolvable under the configured wallet origin with proper headers.\n // Surface a precise error so tests assert the real path.\n const msg = error instanceof Error ? error.message : String(error);\n throw new Error(`Failed to create secure worker: ${msg}`);\n }\n }\n\n /\n Executes a worker operation by sending a message to the secure worker.\n * Handles progress updates via onEvent callback, supports both single and multiple response patterns.\n * Intercepts secure confirmation handshake messages for pluggable UI.\n * Resolves with the final worker response or rejects on error/timeout.\n \n @template T - Worker request type.\n * @param params.message - The message to send to the worker.\n * @param params.onEvent - Optional callback for progress events.\n * @param params.timeoutMs - Optional timeout in milliseconds.\n * @returns Promise resolving to the worker response for the request.\n /\n private workerPool: Worker[] = [];\n private readonly MAX_WORKER_POOL_SIZE = 3; // Increased for security model\n // Map of active signing sessions to reserved workers and optional WrapKeySeed ports\n private signingSessions: Map<string, SigningSessionEntry> = new Map();\n private readonly SIGNING_SESSION_TIMEOUT_MS = 5 60 * 1000; // 5 minutes\n\n private getWorkerFromPool(): Worker {\n if (this.workerPool.length > 0) {\n return this.workerPool.pop()!;\n }\n return this.createSecureWorker();\n }\n\n private terminateAndReplaceWorker(worker: Worker): void {\n // Always terminate workers to clear memory\n worker.terminate();\n // Asynchronously create a replacement worker for the pool\n this.createReplacementWorker();\n }\n\n /*\n Reserve a signer worker \"session\"\n \n What this does:\n * - Reserves a specific `Worker` instance from the pool and pins it to `sessionId`.\n * - Ensures the signer worker has a dedicated `MessagePort` attached for receiving `WrapKeySeed`\n * from the VRF worker (VRF → Signer channel).\n \n Port wiring:\n * - The VRF worker retains one end of a `MessageChannel` and the signer worker receives the other.\n * - This method attaches the signer-facing port via a control message (`ATTACH_WRAP_KEY_SEED_PORT`)\n * and waits for an ACK (`ATTACH_WRAP_KEY_SEED_PORT_OK`) before exposing the session.\n \n @param sessionId - Session identifier used to correlate MessagePorts + ready signals.\n * @param opts.signerPort - Optional signer-facing `MessagePort` created/owned by the caller (VRF-created channel).\n * If omitted, this method creates a fresh `MessageChannel` and returns `vrfPort` so the\n * caller can transfer it to the VRF worker.\n * @returns `{ worker, signerPort, vrfPort }` where `vrfPort` is only present when we created the channel here.\n /\n async reserveSignerWorkerSession(sessionId: string, opts?: { signerPort?: MessagePort }): Promise<{ worker: Worker; signerPort?: MessagePort; vrfPort?: MessagePort }> {\n if (this.signingSessions.has(sessionId)) {\n throw new Error(`Signing session already exists for id: ${sessionId}`);\n }\n // Reserve a worker from the pool for this sessionId.\n const worker = this.getWorkerFromPool();\n let signerPort = opts?.signerPort;\n let vrfPort: MessagePort \| undefined;\n if (!signerPort) {\n // If caller did not provide a signer-facing port, create a channel.\n // - port1 => signer worker (receiver)\n // - port2 => VRF worker (sender) returned to caller\n const channel = new MessageChannel();\n signerPort = channel.port1;\n vrfPort = channel.port2;\n }\n\n // Attach the signerPort to the worker and wait for ACK before adding to signingSessions\n try {\n if (!signerPort) {\n throw new Error('Missing signerPort for signing session');\n }\n\n // Use centralized handshake logic (registers listener, sends message, waits for ACK)\n await attachSessionPort(worker, sessionId, signerPort);\n\n // Only add to signingSessions after successful attachment\n // (prevents callers from observing a session that can't receive WrapKeySeed yet).\n this.signingSessions.set(sessionId, {\n worker,\n wrapKeySeedPort: signerPort,\n createdAt: Date.now(),\n });\n\n } catch (err) {\n console.error('[SignerWorkerManager]: Failed to attach WrapKeySeed port to signer worker', err);\n // Best-effort cleanup\n try { signerPort?.close(); } catch {}\n try { vrfPort?.close(); } catch {}\n this.terminateAndReplaceWorker(worker);\n this.signingSessions.delete(sessionId);\n throw err;\n }\n return { worker, signerPort, vrfPort };\n }\n\n /\n Release a signing session: close ports and terminate/replace the worker to zeroize state.\n /\n releaseSigningSession(sessionId: string): void {\n const entry = this.signingSessions.get(sessionId);\n if (!entry) return;\n try { entry.wrapKeySeedPort?.close() } catch {}\n try { this.terminateAndReplaceWorker(entry.worker) } catch {}\n this.signingSessions.delete(sessionId);\n }\n\n /\n Sweep expired signing sessions based on createdAt and timeout.\n /\n sweepExpiredSigningSessions(): void {\n const now = Date.now();\n for (const [sessionId, entry] of this.signingSessions.entries()) {\n if (now - entry.createdAt > this.SIGNING_SESSION_TIMEOUT_MS) {\n this.releaseSigningSession(sessionId);\n }\n }\n }\n\n private async createReplacementWorker(): Promise<void> {\n try {\n const worker = this.createSecureWorker();\n\n // Simple health check\n const healthPromise = new Promise<void>((resolve, reject) => {\n const timeout = setTimeout(() => reject(new Error('Health check timeout')), 5000);\n\n const onMessage = (event: MessageEvent) => {\n if (event.data?.type === WorkerControlMessage.WORKER_READY \|\| event.data?.ready) {\n worker.removeEventListener('message', onMessage);\n clearTimeout(timeout);\n resolve();\n }\n };\n\n worker.addEventListener('message', onMessage);\n worker.onerror = () => {\n worker.removeEventListener('message', onMessage);\n clearTimeout(timeout);\n reject(new Error('Worker error during health check'));\n };\n });\n\n await healthPromise;\n\n if (this.workerPool.length < this.MAX_WORKER_POOL_SIZE) {\n this.workerPool.push(worker);\n } else {\n worker.terminate();\n }\n } catch (error: unknown) {\n console.warn('SignerWorkerManager: Failed to create replacement worker:', error);\n }\n }\n\n /\n Pre-warm worker pool by creating and initializing workers in advance\n * This reduces latency for the first transaction by having workers ready\n /\n async preWarmWorkerPool(): Promise<void> {\n const promises: Promise<void>[] = [];\n\n for (let i = 0; i < this.MAX_WORKER_POOL_SIZE; i++) {\n promises.push(\n new Promise<void>((resolve, reject) => {\n try {\n const worker = this.createSecureWorker();\n\n // Set up one-time ready handler\n const onReady = (event: MessageEvent) => {\n if (event.data?.type === WorkerControlMessage.WORKER_READY \|\| event.data?.ready) {\n worker.removeEventListener('message', onReady);\n this.terminateAndReplaceWorker(worker);\n resolve();\n }\n };\n\n worker.addEventListener('message', onReady);\n\n // Set up error handler\n worker.onerror = (error) => {\n worker.removeEventListener('message', onReady);\n console.error(`WebAuthnManager: Worker ${i + 1} pre-warm failed:`, error);\n reject(error);\n };\n\n // Timeout after 5 seconds\n setTimeout(() => {\n worker.removeEventListener('message', onReady);\n // Pre-warm timeouts are benign; workers will be created on-demand later.\n // console.debug(`WebAuthnManager: Worker ${i + 1} pre-warm timeout`);\n reject(new Error('Pre-warm timeout'));\n }, 5000);\n\n } catch (error: unknown) {\n console.error(`WebAuthnManager: Failed to create worker ${i + 1}:`, error);\n reject(toError(error));\n }\n })\n );\n }\n\n try {\n await Promise.allSettled(promises);\n } catch (error: unknown) {\n console.warn('WebAuthnManager: Some workers failed to pre-warm:', error);\n }\n }\n\n private async sendMessage<T extends keyof WorkerRequestTypeMap>({\n sessionId,\n message,\n onEvent,\n timeoutMs = SIGNER_WORKER_MANAGER_CONFIG.TIMEOUTS.DEFAULT, // 60s\n }: {\n sessionId?: string;\n message: { type: T; payload: WithOptionalSessionId<WorkerRequestTypeMap[T]['request']> };\n onEvent?: (update: onProgressEvents) => void;\n timeoutMs?: number;\n }): Promise<WorkerResponseForRequest<T>> {\n\n // Clean up any expired signing sessions before allocating a worker\n this.sweepExpiredSigningSessions();\n\n const payloadSessionId = (message.payload as any)?.sessionId as string \| undefined;\n if (sessionId && payloadSessionId && payloadSessionId !== sessionId) {\n throw new Error(\n `sendMessage: payload.sessionId (${payloadSessionId}) does not match provided sessionId (${sessionId})`\n );\n }\n\n const effectiveSessionId = sessionId \|\| payloadSessionId;\n const sessionEntry = effectiveSessionId ? this.signingSessions.get(effectiveSessionId) : undefined;\n if (effectiveSessionId && !sessionEntry) {\n throw new Error(`Signing session not found for id: ${effectiveSessionId}`);\n }\n\n // Normalize/inject sessionId into payload once to avoid duplication at call sites.\n const finalPayload = effectiveSessionId\n ? withSessionId(effectiveSessionId, message.payload)\n : (message.payload);\n\n const worker = sessionEntry ? sessionEntry.worker : this.getWorkerFromPool();\n const isSessionWorker = !!sessionEntry;\n\n return new Promise((resolve, reject) => {\n const timeoutId = setTimeout(() => {\n try {\n if (isSessionWorker && effectiveSessionId) {\n // Release reserved session to avoid leaking worker/port\n this.releaseSigningSession(effectiveSessionId);\n } else {\n this.terminateAndReplaceWorker(worker);\n }\n } catch {}\n // Notify any open modal host to transition to error state\n try {\n const seconds = Math.round(timeoutMs / 1000);\n window.postMessage({ type: 'MODAL_TIMEOUT', payload: `Timed out after ${seconds}s, try again` }, '');\n } catch {}\n reject(new Error(`Worker operation timed out after ${timeoutMs}ms`));\n }, timeoutMs);\n\n const responses: WorkerResponseForRequest<T>[] = [];\n\n worker.onmessage = async (event) => {\n try {\n // Ignore control messages (lifecycle/session setup) – they are handled elsewhere.\n if (isSignerWorkerControlMessage(event?.data)) {\n return;\n }\n // Ignore readiness pings that can arrive if a worker was just spawned\n if (event?.data?.type === WorkerControlMessage.WORKER_READY \|\| event?.data?.ready) {\n return; // not a response to an operation\n }\n // Use strong typing from WASM-generated types\n const response = event.data as WorkerResponseForRequest<T>;\n responses.push(response);\n\n // Handle progress updates using WASM-generated numeric enum values\n if (isWorkerProgress(response)) {\n const progressResponse = response as WorkerProgressResponse;\n onEvent?.(progressResponse.payload as onProgressEvents);\n return; // Continue listening for more messages\n }\n\n // Handle errors using WASM-generated enum\n if (isWorkerError(response)) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n const errorResponse = response as WorkerErrorResponse;\n console.error('Worker error response:', errorResponse);\n reject(new Error(errorResponse.payload.error));\n return;\n }\n\n // Handle successful completion types using strong typing\n if (isWorkerSuccess(response)) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n resolve(response as WorkerResponseForRequest<T>);\n return;\n }\n\n // If we reach here, the response doesn't match any expected type\n console.error('Unexpected worker response format:', {\n response,\n });\n\n // Check if it's a generic Error object\n if (isObject(response) && 'message' in response && 'stack' in response) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n console.error('Worker sent generic Error object:', response);\n reject(new Error(`Worker sent generic error: ${(response as Error).message}`));\n return;\n }\n\n // Unknown response format\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n reject(new Error(`Unknown worker response format: ${JSON.stringify(response)}`));\n } catch (error: unknown) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n console.error('Error processing worker message:', error);\n const err = toError(error);\n reject(new Error(`Worker message processing error: ${err.message}`));\n }\n };\n\n worker.onerror = (event) => {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n const errorMessage = event.error?.message \|\| event.message \|\| 'Unknown worker error';\n console.error('Worker error details (progress):', {\n message: errorMessage,\n filename: event.filename,\n lineno: event.lineno,\n colno: event.colno,\n error: event.error\n });\n reject(new Error(`Worker error: ${errorMessage}`));\n };\n\n // Format message for Rust SignerWorkerMessage structure using WASM types\n const formattedMessage = {\n type: message.type, // Numeric enum value from WorkerRequestType\n payload: finalPayload,\n };\n\n worker.postMessage(formattedMessage);\n });\n }\n\n /*\n Derive NEAR keypair from a serialized WebAuthn registration credential\n /\n async deriveNearKeypairAndEncryptFromSerialized(args: {\n credential: WebAuthnRegistrationCredential;\n nearAccountId: AccountId;\n options?: {\n authenticatorOptions?: AuthenticatorOptions;\n deviceNumber?: number;\n };\n sessionId: string;\n }): Promise<{\n success: boolean;\n nearAccountId: AccountId;\n publicKey: string;\n /\n Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n /\n chacha20NonceB64u?: string;\n wrapKeySalt?: string;\n }> {\n return deriveNearKeypairAndEncryptFromSerialized({ ctx: this.getContext(), ...args });\n }\n\n async deriveThresholdEd25519ClientVerifyingShare(args: {\n sessionId: string;\n nearAccountId: AccountId;\n }): Promise<{\n success: boolean;\n nearAccountId: string;\n clientVerifyingShareB64u: string;\n wrapKeySalt: string;\n error?: string;\n }> {\n return deriveThresholdEd25519ClientVerifyingShare({\n ctx: this.getContext(),\n sessionId: args.sessionId,\n nearAccountId: String(args.nearAccountId),\n });\n }\n\n /\n Secure private key decryption with dual PRF\n /\n async decryptPrivateKeyWithPrf(args: {\n nearAccountId: AccountId,\n authenticators: ClientAuthenticatorData[],\n sessionId: string,\n }): Promise<{\n decryptedPrivateKey: string;\n nearAccountId: AccountId\n }> {\n return decryptPrivateKeyWithPrf({ ctx: this.getContext(), ...args });\n }\n\n async checkCanRegisterUser(args: {\n vrfChallenge: VRFChallenge,\n credential: WebAuthnRegistrationCredential,\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: AuthenticatorOptions; // Authenticator options for registration check\n onEvent?: (update: RegistrationEventStep3) => void;\n }): Promise<{\n success: boolean;\n verified?: boolean;\n registrationInfo?: unknown;\n logs?: string[];\n signedTransactionBorsh?: number[];\n error?: string;\n }> {\n return checkCanRegisterUser({ ctx: this.getContext(), ...args });\n }\n\n /\n Combined Device2 registration: derive NEAR keypair + sign registration transaction\n * in a single operation without requiring a separate authentication prompt.\n \n This replaces the old two-step flow (register → authenticate → sign).\n * PRF.second and WrapKeySeed are already in the signer worker via MessagePort.\n /\n async registerDevice2WithDerivedKey(args: {\n sessionId: string;\n nearAccountId: AccountId;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n contractId: string;\n wrapKeySalt: string;\n deviceNumber?: number;\n deterministicVrfPublicKey: string;\n }): Promise<{\n success: boolean;\n publicKey: string;\n signedTransaction: any;\n wrapKeySalt: string;\n encryptedData?: string;\n /\n Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n /\n chacha20NonceB64u?: string;\n error?: string;\n }> {\n return registerDevice2WithDerivedKey({ ctx: this.getContext(), ...args });\n }\n\n // === ACTION-BASED SIGNING METHODS ===\n\n /\n Sign multiple transactions with shared VRF challenge and credential\n * Efficiently processes multiple transactions with one PRF authentication\n /\n async signTransactionsWithActions(args: {\n transactions: TransactionInputWasm[],\n rpcCall: RpcCallPayload,\n signerMode: SignerMode,\n onEvent?: (update: onProgressEvents) => void,\n confirmationConfigOverride?: Partial<ConfirmationConfig>,\n title?: string;\n body?: string;\n sessionId: string,\n }): Promise<Array<{\n signedTransaction: SignedTransaction;\n nearAccountId: AccountId;\n logs?: string[]\n }>> {\n return signTransactionsWithActions({\n ctx: this.getContext(),\n ...args\n });\n }\n\n async signDelegateAction(args: {\n delegate: DelegateActionInput;\n rpcCall: RpcCallPayload;\n signerMode: SignerMode;\n onEvent?: (update: onProgressEvents) => void;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n title?: string;\n body?: string;\n sessionId: string;\n }): Promise<{\n signedDelegate: WasmSignedDelegate;\n hash: string;\n nearAccountId: AccountId;\n logs?: string[];\n }> {\n return signDelegateAction({ ctx: this.getContext(), ...args });\n }\n\n /\n Recover keypair from authentication credential for account recovery\n * Uses dual PRF-based Ed25519 key derivation with account-specific HKDF and AES encryption\n /\n async recoverKeypairFromPasskey(args: {\n credential: WebAuthnAuthenticationCredential;\n accountIdHint?: string;\n sessionId: string,\n }): Promise<{\n publicKey: string;\n encryptedPrivateKey: string;\n /* Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for encrypted key /\n chacha20NonceB64u: string;\n accountIdHint?: string;\n wrapKeySalt: string;\n }> {\n return recoverKeypairFromPasskey({ ctx: this.getContext(), ...args });\n }\n\n /\n Extract COSE public key from WebAuthn attestation object\n * Simple operation that doesn't require TouchID or progress updates\n /\n async extractCosePublicKey(attestationObjectBase64url: string): Promise<Uint8Array> {\n return extractCosePublicKey({ ctx: this.getContext(), attestationObjectBase64url });\n }\n\n /\n Sign transaction with raw private key (for key replacement in Option D device linking)\n * No TouchID/PRF required - uses provided private key directly\n /\n async signTransactionWithKeyPair(args: {\n nearPrivateKey: string;\n signerAccountId: string;\n receiverId: string;\n nonce: string;\n blockHash: string;\n actions: ActionArgsWasm[];\n }): Promise<{\n signedTransaction: SignedTransaction;\n logs?: string[];\n }> {\n return signTransactionWithKeyPair({ ctx: this.getContext(), ...args });\n }\n\n /\n Sign a NEP-413 message using the user's passkey-derived private key\n \n @param payload - NEP-413 signing parameters including message, recipient, nonce, and state\n * @returns Promise resolving to signing result with account ID, public key, and signature\n /\n async signNep413Message(payload: {\n message: string;\n recipient: string;\n nonce: string;\n state: string \| null;\n accountId: string;\n signerMode: SignerMode;\n title?: string;\n body?: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n sessionId: string;\n contractId?: string;\n nearRpcUrl?: string;\n }): Promise<{\n success: boolean;\n accountId: string;\n publicKey: string;\n signature: string;\n state?: string;\n error?: string;\n }> {\n return signNep413Message({\n ctx: this.getContext(),\n payload\n });\n }\n\n /\n Two-phase export (worker-driven):\n * - Phase 1: collect PRF (uiMode: 'skip')\n * - Decrypt inside worker\n * - Phase 2: show export UI with decrypted key (kept open until user closes)\n */\n async exportNearKeypairUi(args: {\n nearAccountId: AccountId,\n variant?: 'drawer'\|'modal',\n theme?: 'dark'\|'light',\n sessionId: string,\n }): Promise<void> {\n return exportNearKeypairUi({ ctx: this.getContext(), ...args });\n }\n\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6FA,IAAa,sBAAb,MAAiC;CAE/B,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CAER,YACE,kBACA,YACA,wBACA,cACA,YACA,cACA,8CAAuD,MACvD,iBACA;AACA,OAAK,YAAYA;AACjB,OAAK,gBAAgB,IAAIC,oCAAc,cAAc;AACrD,OAAK,mBAAmB;AACxB,OAAK,aAAa;AAClB,OAAK,yBAAyB;AAC9B,OAAK,eAAe;AACpB,OAAK,aAAa;AAClB,OAAK,kBAAkB;;CAGzB,oBAAoB,QAAkC;AACpD,OAAK,mBAAmB;;CAG1B,aAAyC;AACvC,SAAO;GACL,aAAa,KAAK,YAAY,KAAK;GACnC,WAAW,KAAK;GAChB,eAAe,KAAK;GACpB,kBAAkB,KAAK;GACvB,YAAY,KAAK;GACjB,wBAAwB,KAAK;GAC7B,cAAc,KAAK;GACnB,cAAc,KAAK,cAAc;GACjC,iBAAiB,KAAK;GACtB,YAAY,KAAK;;;CAIrB,qBAA6B;EAC3B,MAAM,eAAeC,iCACnBC,4CAA6B,OAAO,KACpC;GAAE,QAAQ;GAAU,YAAY,KAAK;;AAEvC,MAAI;GACF,MAAM,SAAS,IAAI,OAAO,cAAc;IACtC,MAAMA,4CAA6B,OAAO;IAC1C,MAAMA,4CAA6B,OAAO;;AAG5C,UAAO,gBAAgB;AACvB,UAAO;WACA,OAAO;GAId,MAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO;AAC5D,SAAM,IAAI,MAAM,mCAAmC;;;;;;;;;;;;;;;CAgBvD,AAAQ,aAAuB;CAC/B,AAAiB,uBAAuB;CAExC,AAAQ,kCAAoD,IAAI;CAChE,AAAiB,6BAA6B,MAAS;CAEvD,AAAQ,oBAA4B;AAClC,MAAI,KAAK,WAAW,SAAS,EAC3B,QAAO,KAAK,WAAW;AAEzB,SAAO,KAAK;;CAGd,AAAQ,0BAA0B,QAAsB;AAEtD,SAAO;AAEP,OAAK;;;;;;;;;;;;;;;;;;;;;CAsBP,MAAM,2BAA2B,WAAmB,MAAmH;AACrK,MAAI,KAAK,gBAAgB,IAAI,WAC3B,OAAM,IAAI,MAAM,0CAA0C;EAG5D,MAAM,SAAS,KAAK;EACpB,IAAI,aAAa,MAAM;EACvB,IAAIC;AACJ,MAAI,CAAC,YAAY;GAIf,MAAM,UAAU,IAAI;AACpB,gBAAa,QAAQ;AACrB,aAAU,QAAQ;;AAIpB,MAAI;AACF,OAAI,CAAC,WACH,OAAM,IAAI,MAAM;AAIlB,SAAMC,2CAAkB,QAAQ,WAAW;AAI3C,QAAK,gBAAgB,IAAI,WAAW;IAClC;IACA,iBAAiB;IACjB,WAAW,KAAK;;WAGX,KAAK;AACZ,WAAQ,MAAM,6EAA6E;AAE3F,OAAI;AAAE,gBAAY;WAAiB;AACnC,OAAI;AAAE,aAAS;WAAiB;AAChC,QAAK,0BAA0B;AAC/B,QAAK,gBAAgB,OAAO;AAC5B,SAAM;;AAER,SAAO;GAAE;GAAQ;GAAY;;;;;;CAM/B,sBAAsB,WAAyB;EAC7C,MAAM,QAAQ,KAAK,gBAAgB,IAAI;AACvC,MAAI,CAAC,MAAO;AACZ,MAAI;AAAE,SAAM,iBAAiB;UAAgB;AAC7C,MAAI;AAAE,QAAK,0BAA0B,MAAM;UAAgB;AAC3D,OAAK,gBAAgB,OAAO;;;;;CAM9B,8BAAoC;EAClC,MAAM,MAAM,KAAK;AACjB,OAAK,MAAM,CAAC,WAAW,UAAU,KAAK,gBAAgB,UACpD,KAAI,MAAM,MAAM,YAAY,KAAK,2BAC/B,MAAK,sBAAsB;;CAKjC,MAAc,0BAAyC;AACrD,MAAI;GACF,MAAM,SAAS,KAAK;GAGpB,MAAM,gBAAgB,IAAI,SAAe,SAAS,WAAW;IAC3D,MAAM,UAAU,iBAAiB,uBAAO,IAAI,MAAM,0BAA0B;IAE5E,MAAM,aAAa,UAAwB;AACzC,SAAI,MAAM,MAAM,SAASC,mDAAqB,gBAAgB,MAAM,MAAM,OAAO;AAC/E,aAAO,oBAAoB,WAAW;AACtC,mBAAa;AACb;;;AAIJ,WAAO,iBAAiB,WAAW;AACnC,WAAO,gBAAgB;AACrB,YAAO,oBAAoB,WAAW;AACtC,kBAAa;AACb,4BAAO,IAAI,MAAM;;;AAIrB,SAAM;AAEN,OAAI,KAAK,WAAW,SAAS,KAAK,qBAChC,MAAK,WAAW,KAAK;OAErB,QAAO;WAEFC,OAAgB;AACvB,WAAQ,KAAK,6DAA6D;;;;;;;CAQ9E,MAAM,oBAAmC;EACvC,MAAMC,WAA4B;AAElC,OAAK,IAAI,IAAI,GAAG,IAAI,KAAK,sBAAsB,IAC7C,UAAS,KACP,IAAI,SAAe,SAAS,WAAW;AACrC,OAAI;IACF,MAAM,SAAS,KAAK;IAGpB,MAAM,WAAW,UAAwB;AACvC,SAAI,MAAM,MAAM,SAASF,mDAAqB,gBAAgB,MAAM,MAAM,OAAO;AAC/E,aAAO,oBAAoB,WAAW;AACtC,WAAK,0BAA0B;AAC/B;;;AAIJ,WAAO,iBAAiB,WAAW;AAGnC,WAAO,WAAW,UAAU;AAC1B,YAAO,oBAAoB,WAAW;AACtC,aAAQ,MAAM,2BAA2B,IAAI,EAAE,oBAAoB;AACnE,YAAO;;AAIT,qBAAiB;AACf,YAAO,oBAAoB,WAAW;AAGtC,4BAAO,IAAI,MAAM;OAChB;YAEIC,OAAgB;AACvB,YAAQ,MAAM,4CAA4C,IAAI,EAAE,IAAI;AACpE,WAAOE,uBAAQ;;;AAMvB,MAAI;AACF,SAAM,QAAQ,WAAW;WAClBF,OAAgB;AACvB,WAAQ,KAAK,qDAAqD;;;CAItE,MAAc,YAAkD,EAC9D,WACA,SACA,SACA,YAAYJ,4CAA6B,SAAS,WAMX;AAGvC,OAAK;EAEL,MAAM,mBAAoB,QAAQ,SAAiB;AACnD,MAAI,aAAa,oBAAoB,qBAAqB,UACxD,OAAM,IAAI,MACR,mCAAmC,iBAAiB,uCAAuC,UAAU;EAIzG,MAAM,qBAAqB,aAAa;EACxC,MAAM,eAAe,qBAAqB,KAAK,gBAAgB,IAAI,sBAAsB;AACzF,MAAI,sBAAsB,CAAC,aACzB,OAAM,IAAI,MAAM,qCAAqC;EAIvD,MAAM,eAAe,qBACjBO,8BAAc,oBAAoB,QAAQ,WACzC,QAAQ;EAEb,MAAM,SAAS,eAAe,aAAa,SAAS,KAAK;EACzD,MAAM,kBAAkB,CAAC,CAAC;AAE1B,SAAO,IAAI,SAAS,SAAS,WAAW;GACtC,MAAM,YAAY,iBAAiB;AACjC,QAAI;AACF,SAAI,mBAAmB,mBAErB,MAAK,sBAAsB;SAE3B,MAAK,0BAA0B;YAE3B;AAER,QAAI;KACF,MAAM,UAAU,KAAK,MAAM,YAAY;AACvC,YAAO,YAAY;MAAE,MAAM;MAAiB,SAAS,mBAAmB,QAAQ;QAAiB;YAC3F;AACR,2BAAO,IAAI,MAAM,oCAAoC,UAAU;MAC9D;GAEH,MAAMC,YAA2C;AAEjD,UAAO,YAAY,OAAO,UAAU;AAClC,QAAI;AAEF,SAAIC,qDAA6B,OAAO,MACtC;AAGF,SAAI,OAAO,MAAM,SAASN,mDAAqB,gBAAgB,OAAO,MAAM,MAC1E;KAGF,MAAM,WAAW,MAAM;AACvB,eAAU,KAAK;AAGf,SAAIO,uCAAiB,WAAW;MAC9B,MAAM,mBAAmB;AACzB,gBAAU,iBAAiB;AAC3B;;AAIF,SAAIC,oCAAc,WAAW;AAC3B,mBAAa;AACb,UAAI,CAAC,gBAAiB,MAAK,0BAA0B;MACrD,MAAM,gBAAgB;AACtB,cAAQ,MAAM,0BAA0B;AACxC,aAAO,IAAI,MAAM,cAAc,QAAQ;AACvC;;AAIF,SAAIC,sCAAgB,WAAW;AAC7B,mBAAa;AACb,UAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,cAAQ;AACR;;AAIF,aAAQ,MAAM,sCAAsC,EAClD;AAIF,SAAIC,4BAAS,aAAa,aAAa,YAAY,WAAW,UAAU;AACtE,mBAAa;AACb,UAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,cAAQ,MAAM,qCAAqC;AACnD,6BAAO,IAAI,MAAM,8BAA+B,SAAmB;AACnE;;AAIF,kBAAa;AACb,SAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,4BAAO,IAAI,MAAM,mCAAmC,KAAK,UAAU;aAC5DT,OAAgB;AACvB,kBAAa;AACb,SAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,aAAQ,MAAM,oCAAoC;KAClD,MAAM,MAAME,uBAAQ;AACpB,4BAAO,IAAI,MAAM,oCAAoC,IAAI;;;AAI7D,UAAO,WAAW,UAAU;AAC1B,iBAAa;AACb,QAAI,CAAC,gBAAiB,MAAK,0BAA0B;IACrD,MAAM,eAAe,MAAM,OAAO,WAAW,MAAM,WAAW;AAC9D,YAAQ,MAAM,oCAAoC;KAChD,SAAS;KACT,UAAU,MAAM;KAChB,QAAQ,MAAM;KACd,OAAO,MAAM;KACb,OAAO,MAAM;;AAEf,2BAAO,IAAI,MAAM,iBAAiB;;GAIpC,MAAM,mBAAmB;IACvB,MAAM,QAAQ;IACd,SAAS;;AAGX,UAAO,YAAY;;;;;;CAOvB,MAAM,0CAA0C,MAiB7C;AACD,SAAOQ,4FAA0C;GAAE,KAAK,KAAK;GAAc,GAAG;;;CAGhF,MAAM,2CAA2C,MAS9C;AACD,SAAOC,8FAA2C;GAChD,KAAK,KAAK;GACV,WAAW,KAAK;GAChB,eAAe,OAAO,KAAK;;;;;;CAO/B,MAAM,yBAAyB,MAO5B;AACD,SAAOC,0DAAyB;GAAE,KAAK,KAAK;GAAc,GAAG;;;CAG/D,MAAM,qBAAqB,MAcxB;AACD,SAAOC,kDAAqB;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;;;;CAU3D,MAAM,8BAA8B,MAqBjC;AACD,SAAOC,oEAA8B;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;CASpE,MAAM,4BAA4B,MAa9B;AACF,SAAOC,gEAA4B;GACjC,KAAK,KAAK;GACV,GAAG;;;CAIP,MAAM,mBAAmB,MActB;AACD,SAAOC,8CAAmB;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;CAOzD,MAAM,0BAA0B,MAW7B;AACD,SAAOC,4DAA0B;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;CAOhE,MAAM,qBAAqB,4BAAyD;AAClF,SAAOC,kDAAqB;GAAE,KAAK,KAAK;GAAc;;;;;;;CAOxD,MAAM,2BAA2B,MAU9B;AACD,SAAOC,8DAA2B;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;;;CASjE,MAAM,kBAAkB,SAoBrB;AACD,SAAOC,4CAAkB;GACvB,KAAK,KAAK;GACV;;;;;;;;;CAUJ,MAAM,oBAAoB,MAKR;AAChB,SAAOC,gDAAoB;GAAE,KAAK,KAAK;GAAc,GAAG"}

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/sessionHandshake.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const require_rolldown_runtime = require('../../../_virtual/rolldown_runtime.js');
 const require_workerControlMessages = require('../../workerControlMessages.js');
 const require_sessionMessages = require('./sessionMessages.js');

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/sessionHandshake.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"sessionHandshake.js","names":["waitForWrapKeyPortAttach","WorkerControlMessage"],"sources":["../../../../../src/core/WebAuthnManager/SignerWorkerManager/sessionHandshake.ts"],"sourcesContent":["/*\n Session Handshake Orchestration for Signer Worker\n \n This module provides high-level functions for setting up and validating\n * signing sessions with the signer worker. It orchestrates the complete\n * handshake flow for port attachment so the VRF worker can deliver WrapKeySeed\n * to the signer worker over a session MessagePort.\n /\n\nimport { waitForWrapKeyPortAttach } from './sessionMessages.js';\nimport { computeUiIntentDigestFromTxs, orderActionForDigest } from '~~../txDigest~~';\nimport type { NearClient } from '../../NearClient';\nimport type { NonceManager } from '../../nonceManager';\nimport type { TransactionContext } from '../../types/rpc';\nimport type { TransactionInputWasm } from '../../types/actions';\nimport { WorkerControlMessage } from '../../workerControlMessages';\n\ntype VrfSessionKeyDispenser = {\n dispenseSessionKey: (args: { sessionId: string; uses?: number }) => Promise<unknown>;\n};\n\n/\n Attach a WrapKeySeed MessagePort to the signer worker and wait for acknowledgment.\n * This ensures the port is successfully attached before proceeding.\n \n Flow:\n * 1. Register ACK listener (avoids race where worker responds before we listen)\n * 2. Send ATTACH_WRAP_KEY_SEED_PORT message with port transfer\n * 3. Wait for ATTACH_WRAP_KEY_SEED_PORT_OK acknowledgment\n \n @param worker - The signer worker to attach the port to\n * @param sessionId - The signing session ID\n * @param signerPort - The MessagePort for receiving WrapKeySeed material\n * @param timeoutMs - How long to wait for ACK (default: 2000ms)\n * @throws Error if attachment fails or times out\n /\nexport async function attachSessionPort(\n worker: Worker,\n sessionId: string,\n signerPort: MessagePort,\n timeoutMs: number = 2000\n): Promise<void> {\n // Register the ACK listener BEFORE sending the message to avoid race condition\n const waitPromise = waitForWrapKeyPortAttach(worker, sessionId, timeoutMs);\n\n // Send the attach command (transfer the port)\n worker.postMessage(\n { type: WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT, sessionId },\n [signerPort]\n );\n\n // Wait for the worker to acknowledge successful attachment\n await waitPromise;\n}\n\nexport const generateSessionId = (): string => {\n return (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function')\n ? crypto.randomUUID()\n : `sign-session-${Date.now()}-${Math.random().toString(16).slice(2)}`\n}\n\nexport function isWarmSessionUnavailableError(err: unknown): boolean {\n const msg = err instanceof Error ? err.message : String(err);\n return (\n msg.includes('SESSION_NOT_FOUND') \|\|\n msg.includes('SESSION_EXPIRED') \|\|\n msg.includes('SESSION_EXHAUSTED')\n );\n}\n\nfunction releaseNoncesBestEffort(nonceManager: NonceManager, nonces: string[]): void {\n for (const n of nonces) {\n try { nonceManager.releaseNonce(n); } catch {}\n }\n}\n\n/\n Warm signing helper for transaction-like operations.\n \n - Computes canonical `intentDigest` for UI/signer validation\n * - Reserves nonces for `txCount` to avoid collisions\n * - Attempts VRF session key dispense (WrapKeySeed + wrapKeySalt) without prompting\n \n Returns null when the VRF session is missing/expired/exhausted so callers can\n * fall back to full confirmTxFlow.\n */\nexport async function tryPrepareWarmSigningContext(args: {\n nearClient: NearClient;\n nonceManager: NonceManager;\n txInputsForDigest: TransactionInputWasm[];\n sessionId: string;\n vrfWorkerManager: VrfSessionKeyDispenser;\n nonceCount?: number;\n uses?: number;\n}): Promise<{ intentDigest: string; transactionContext: TransactionContext } \| null> {\n const baseCtx = await args.nonceManager.getNonceBlockHashAndHeight(args.nearClient);\n const txCount = Math.max(1, args.nonceCount ?? args.txInputsForDigest.length ?? 1);\n const reservedNonces = args.nonceManager.reserveNonces(txCount);\n\n let keepReservations = false;\n try {\n const transactionContext: TransactionContext = {\n ...baseCtx,\n nextNonce: reservedNonces[0] ?? baseCtx.nextNonce,\n };\n\n const intentDigest = await computeUiIntentDigestFromTxs(\n args.txInputsForDigest.map(tx => ({\n receiverId: tx.receiverId,\n actions: tx.actions.map(orderActionForDigest),\n })) as TransactionInputWasm[]\n );\n\n const uses = Math.max(1, args.uses ?? txCount);\n try {\n await args.vrfWorkerManager.dispenseSessionKey({ sessionId: args.sessionId, uses });\n } catch (err) {\n if (isWarmSessionUnavailableError(err)) {\n return null;\n }\n throw err;\n }\n\n keepReservations = true;\n return { intentDigest, transactionContext };\n } finally {\n if (!keepReservations) {\n releaseNoncesBestEffort(args.nonceManager, reservedNonces);\n }\n }\n}\n"],"mappings":"~~;;;;;;;;;;;;;;;;;;;;~~AAoCA,eAAsB,kBACpB,QACA,WACA,YACA,YAAoB,KACL;CAEf,MAAM,cAAcA,iDAAyB,QAAQ,WAAW;AAGhE,QAAO,YACL;EAAE,MAAMC,mDAAqB;EAA2B;IACxD,CAAC;AAIH,OAAM;;AAGR,MAAa,0BAAkC;AAC7C,QAAQ,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,aAClE,OAAO,eACP,gBAAgB,KAAK,MAAM,GAAG,KAAK,SAAS,SAAS,IAAI,MAAM"}
1	+ {"version":3,"file":"sessionHandshake.js","names":["waitForWrapKeyPortAttach","WorkerControlMessage"],"sources":["../../../../../src/core/WebAuthnManager/SignerWorkerManager/sessionHandshake.ts"],"sourcesContent":["/*\n Session Handshake Orchestration for Signer Worker\n \n This module provides high-level functions for setting up and validating\n * signing sessions with the signer worker. It orchestrates the complete\n * handshake flow for port attachment so the VRF worker can deliver WrapKeySeed\n * to the signer worker over a session MessagePort.\n /\n\nimport { waitForWrapKeyPortAttach } from './sessionMessages.js';\nimport { computeUiIntentDigestFromTxs, orderActionForDigest } from '../../digests/intentDigest';\nimport type { NearClient } from '../../NearClient';\nimport type { NonceManager } from '../../nonceManager';\nimport type { TransactionContext } from '../../types/rpc';\nimport type { TransactionInputWasm } from '../../types/actions';\nimport { WorkerControlMessage } from '../../workerControlMessages';\n\ntype VrfSessionKeyDispenser = {\n dispenseSessionKey: (args: { sessionId: string; uses?: number }) => Promise<unknown>;\n};\n\n/\n Attach a WrapKeySeed MessagePort to the signer worker and wait for acknowledgment.\n * This ensures the port is successfully attached before proceeding.\n \n Flow:\n * 1. Register ACK listener (avoids race where worker responds before we listen)\n * 2. Send ATTACH_WRAP_KEY_SEED_PORT message with port transfer\n * 3. Wait for ATTACH_WRAP_KEY_SEED_PORT_OK acknowledgment\n \n @param worker - The signer worker to attach the port to\n * @param sessionId - The signing session ID\n * @param signerPort - The MessagePort for receiving WrapKeySeed material\n * @param timeoutMs - How long to wait for ACK (default: 2000ms)\n * @throws Error if attachment fails or times out\n /\nexport async function attachSessionPort(\n worker: Worker,\n sessionId: string,\n signerPort: MessagePort,\n timeoutMs: number = 2000\n): Promise<void> {\n // Register the ACK listener BEFORE sending the message to avoid race condition\n const waitPromise = waitForWrapKeyPortAttach(worker, sessionId, timeoutMs);\n\n // Send the attach command (transfer the port)\n worker.postMessage(\n { type: WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT, sessionId },\n [signerPort]\n );\n\n // Wait for the worker to acknowledge successful attachment\n await waitPromise;\n}\n\nexport const generateSessionId = (): string => {\n return (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function')\n ? crypto.randomUUID()\n : `sign-session-${Date.now()}-${Math.random().toString(16).slice(2)}`\n}\n\nexport function isWarmSessionUnavailableError(err: unknown): boolean {\n const msg = err instanceof Error ? err.message : String(err);\n return (\n msg.includes('SESSION_NOT_FOUND') \|\|\n msg.includes('SESSION_EXPIRED') \|\|\n msg.includes('SESSION_EXHAUSTED')\n );\n}\n\nfunction releaseNoncesBestEffort(nonceManager: NonceManager, nonces: string[]): void {\n for (const n of nonces) {\n try { nonceManager.releaseNonce(n); } catch {}\n }\n}\n\n/\n Warm signing helper for transaction-like operations.\n \n - Computes canonical `intentDigest` for UI/signer validation\n * - Reserves nonces for `txCount` to avoid collisions\n * - Attempts VRF session key dispense (WrapKeySeed + wrapKeySalt) without prompting\n \n Returns null when the VRF session is missing/expired/exhausted so callers can\n * fall back to full confirmTxFlow.\n */\nexport async function tryPrepareWarmSigningContext(args: {\n nearClient: NearClient;\n nonceManager: NonceManager;\n txInputsForDigest: TransactionInputWasm[];\n sessionId: string;\n vrfWorkerManager: VrfSessionKeyDispenser;\n nonceCount?: number;\n uses?: number;\n}): Promise<{ intentDigest: string; transactionContext: TransactionContext } \| null> {\n const baseCtx = await args.nonceManager.getNonceBlockHashAndHeight(args.nearClient);\n const txCount = Math.max(1, args.nonceCount ?? args.txInputsForDigest.length ?? 1);\n const reservedNonces = args.nonceManager.reserveNonces(txCount);\n\n let keepReservations = false;\n try {\n const transactionContext: TransactionContext = {\n ...baseCtx,\n nextNonce: reservedNonces[0] ?? baseCtx.nextNonce,\n };\n\n const intentDigest = await computeUiIntentDigestFromTxs(\n args.txInputsForDigest.map(tx => ({\n receiverId: tx.receiverId,\n actions: tx.actions.map(orderActionForDigest),\n })) as TransactionInputWasm[]\n );\n\n const uses = Math.max(1, args.uses ?? txCount);\n try {\n await args.vrfWorkerManager.dispenseSessionKey({ sessionId: args.sessionId, uses });\n } catch (err) {\n if (isWarmSessionUnavailableError(err)) {\n return null;\n }\n throw err;\n }\n\n keepReservations = true;\n return { intentDigest, transactionContext };\n } finally {\n if (!keepReservations) {\n releaseNoncesBestEffort(args.nonceManager, reservedNonces);\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAoCA,eAAsB,kBACpB,QACA,WACA,YACA,YAAoB,KACL;CAEf,MAAM,cAAcA,iDAAyB,QAAQ,WAAW;AAGhE,QAAO,YACL;EAAE,MAAMC,mDAAqB;EAA2B;IACxD,CAAC;AAIH,OAAM;;AAGR,MAAa,0BAAkC;AAC7C,QAAQ,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,aAClE,OAAO,eACP,gBAAgB,KAAK,MAAM,GAAG,KAAK,SAAS,SAAS,IAAI,MAAM"}

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/sessionMessages.js CHANGED Viewed

@@ -1,14 +1,24 @@
-const require_rolldown_runtime = require('../../../_virtual/rolldown_runtime.js');
 const require_workerControlMessages = require('../../workerControlMessages.js');
 //#region src/core/WebAuthnManager/SignerWorkerManager/sessionMessages.ts
+function asSessionMessage(msg) {
+	if (!isObject(msg)) return null;
+	if (typeof msg.type !== "string") return null;
+	if (msg.sessionId != null && typeof msg.sessionId !== "string") return null;
+	if (msg.error != null && typeof msg.error !== "string") return null;
+	return msg;
+}
 /**
 * Type guard to check if a message is a control message.
 */
 function isSignerWorkerControlMessage(msg) {
 	if (!isObject(msg) || typeof msg.type !== "string") return false;
-	const type = msg.type;
-	return type === require_workerControlMessages.WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_OK || type === require_workerControlMessages.WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_ERROR || type === require_workerControlMessages.WorkerControlMessage.WORKER_READY;
+	switch (msg.type) {
+		case require_workerControlMessages.WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_OK: return typeof msg.sessionId === "string";
+		case require_workerControlMessages.WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_ERROR: return typeof msg.sessionId === "string" && typeof msg.error === "string";
+		case require_workerControlMessages.WorkerControlMessage.WORKER_READY: return typeof msg.ready === "boolean";
+		default: return false;
+	}
 }
 function isObject(value) {
 	return typeof value === "object" && value !== null;
@@ -30,8 +40,8 @@ function waitForSessionMessage(worker, options) {
 			reject(/* @__PURE__ */ new Error(`Timeout waiting for session message (${successTypes.join("|")})${sessionId ? ` for session ${sessionId}` : ""}`));
 		}, timeoutMs);
 		const messageHandler = (event) => {
-			const msg = event.data;
-			if (!msg || typeof msg.type !== "string") return;
+			const msg = asSessionMessage(event.data);
+			if (!msg) return;
 			if (sessionId && msg.sessionId !== sessionId) return;
 			if (errorType && msg.type === errorType) {
 				cleanup();

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/sessionMessages.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"sessionMessages.js","names":["WorkerControlMessage"],"sources":["../../../../../src/core/WebAuthnManager/SignerWorkerManager/sessionMessages.ts"],"sourcesContent":["/*\n Session Message Handling for Signer Worker\n \n This module provides helpers for waiting on session lifecycle messages from the signer worker.\n * Session messages are JS-only messages that never go through the Rust JSON pipeline\n * and are used for worker lifecycle management and session setup.\n /\n\nimport { WorkerControlMessage } from '../../workerControlMessages';\n\n// === SESSION MESSAGE TYPES ===\n\n/\n Control message sent by the signer worker after successfully attaching\n * a WrapKeySeed MessagePort for a signing session.\n /\nexport interface AttachWrapKeySeedPortOkMessage {\n type: typeof WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_OK;\n sessionId: string;\n}\n\n/\n Control message sent by the signer worker when attaching a WrapKeySeed\n * MessagePort fails.\n /\nexport interface AttachWrapKeySeedPortErrorMessage {\n type: typeof WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_ERROR;\n sessionId: string;\n error: string;\n}\n\n/\n Control message sent by the signer worker when it's ready to receive messages.\n /\nexport interface WorkerReadyMessage {\n type: typeof WorkerControlMessage.WORKER_READY;\n ready: boolean;\n}\n\n/\n All control messages that can be sent by the signer worker.\n /\nexport type SignerWorkerControlMessage =\n \| AttachWrapKeySeedPortOkMessage\n \| AttachWrapKeySeedPortErrorMessage\n \| WorkerReadyMessage;\n\n/\n Type guard to check if a message is a control message.\n /\nexport function isSignerWorkerControlMessage(msg: unknown): msg is SignerWorkerControlMessage {\n if (!isObject(msg) \|\| typeof (msg ~~as any)~~.type !== 'string') {\n return false;\n }\n ~~const~~ ~~type =~~ (msg as ~~any)~~.~~type;\~~n return ~~type~~ === WorkerControlMessage.~~ATTACH_WRAP_KEY_SEED_PORT_OK\~~n \|\| ~~type~~ === ~~WorkerControlMessage~~.~~ATTACH_WRAP_KEY_SEED_PORT_ERROR\~~n \|\| ~~type~~ === ~~WorkerControlMessage.WORKER_READY~~;\n}\n\nfunction isObject(value: unknown): value is Record<string, unknown> {\n return typeof value === 'object' && value !== null;\n}\n\n// === SESSION MESSAGE HELPERS ===\n\n/\n Generic helper for waiting on session messages from a worker.\n * Registers a listener, sends no message (caller handles that), and waits for a matching response.\n \n @param worker - The worker to listen to\n * @param options - Configuration for what to wait for\n * @returns Promise that resolves when the expected message arrives, rejects on timeout or error\n /\nexport function waitForSessionMessage(\n worker: Worker,\n options: {\n /* Message type(s) to wait for (success) /\n successType: string \| string[];\n /* Optional error type to reject on /\n errorType?: string;\n /* Session ID to match (if applicable) /\n sessionId?: string;\n /* Timeout in milliseconds /\n timeoutMs?: number;\n /* Custom message validator - return true to resolve, false to ignore, throw to reject /\n validator?: (msg: ~~any~~) => boolean;\n }\n): Promise<void> {\n const {\n successType,\n errorType,\n sessionId,\n timeoutMs = 2000,\n validator,\n } = options;\n\n const successTypes = Array.isArray(successType) ? successType : [successType];\n\n return new Promise<void>((resolve, reject) => {\n const timeout = setTimeout(() => {\n cleanup();\n reject(new Error(\n `Timeout waiting for session message (${successTypes.join('\|')})${sessionId ? ` for session ${sessionId}` : ''}`\n ));\n }, timeoutMs);\n\n const messageHandler = (event: MessageEvent) => {\n const msg = event.data;\n\n // Skip if message doesn't have a type\n if (!msg ~~\|\| typeof msg.type !== 'string'~~) ~~{\n~~ return;\n }\n\n // Check if sessionId matches (if specified)\n if (sessionId && msg.sessionId !== sessionId) {\n return;\n }\n\n // Check for error type\n if (errorType && msg.type === errorType) {\n cleanup();\n const error = msg.error \|\| 'Unknown error';\n reject(new Error(`Session message error: ${error}`));\n return;\n }\n\n // Check for success type\n if (successTypes.includes(msg.type)) {\n // Run custom validator if provided\n if (validator) {\n try {\n const shouldResolve = validator(msg);\n if (!shouldResolve) {\n return; // Validator said to ignore this message\n }\n } catch (err) {\n cleanup();\n reject(err);\n return;\n }\n }\n\n cleanup();\n resolve();\n }\n };\n\n const cleanup = () => {\n clearTimeout(timeout);\n worker.removeEventListener('message', messageHandler);\n };\n\n worker.addEventListener('message', messageHandler);\n });\n}\n\n/\n Wait for the worker to acknowledge successful attachment of the WrapKeySeed port.\n * This provides early detection of attach failures instead of only seeing late WASM errors.\n \n @param worker - The worker that should send the ACK\n * @param sessionId - The session ID to match\n * @param timeoutMs - How long to wait before rejecting (default: 2000ms)\n * @returns Promise that resolves on success ACK, rejects on error or timeout\n */\nexport function waitForWrapKeyPortAttach(\n worker: Worker,\n sessionId: string,\n timeoutMs: number = 2000\n): Promise<void> {\n return waitForSessionMessage(worker, {\n successType: WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_OK,\n errorType: WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_ERROR,\n sessionId,\n timeoutMs,\n });\n}\n"],"mappings":"~~;;;;;;;AAkDA~~,SAAgB,6BAA6B,KAAiD;AAC5F,KAAI,CAAC,SAAS,QAAQ,~~OAAQ~~,~~IAAY~~,SAAS,~~SACjD~~,QAAO;~~CAET~~,~~MAAM~~,~~OAAQ~~,~~IAAY~~;~~AAC1B~~,QAAO,~~SAASA~~,~~mDAAqB~~,~~gCAChC~~,~~SAASA~~,mDAAqB,~~mCAC9B~~,~~SAASA~~,mDAAqB~~;;AAGrC~~,SAAS,SAAS,OAAkD;AAClE,QAAO,OAAO,UAAU,YAAY,UAAU;;;;;;;;;;AAahD,SAAgB,sBACd,QACA,SAYe;CACf,MAAM,EACJ,aACA,WACA,WACA,YAAY,KACZ,cACE;CAEJ,MAAM,eAAe,MAAM,QAAQ,eAAe,cAAc,CAAC;AAEjE,QAAO,IAAI,SAAe,SAAS,WAAW;EAC5C,MAAM,UAAU,iBAAiB;AAC/B;AACA,0BAAO,IAAI,MACT,wCAAwC,aAAa,KAAK,KAAK,GAAG,YAAY,gBAAgB,cAAc;KAE7G;EAEH,MAAM,kBAAkB,~~UAAwB~~;~~GAC9C~~,MAAM,MAAM,MAAM;~~AAGlB~~,OAAI,CAAC,~~OAAO,OAAO,IAAI,SAAS,SAC9B~~;~~AAIF~~,OAAI,aAAa,IAAI,cAAc,UACjC;AAIF,OAAI,aAAa,IAAI,SAAS,WAAW;AACvC;IACA,MAAM,QAAQ,IAAI,SAAS;AAC3B,2BAAO,IAAI,MAAM,0BAA0B;AAC3C;;AAIF,OAAI,aAAa,SAAS,IAAI,OAAO;AAEnC,QAAI,UACF,KAAI;KACF,MAAM,gBAAgB,UAAU;AAChC,SAAI,CAAC,cACH;aAEK,KAAK;AACZ;AACA,YAAO;AACP;;AAIJ;AACA;;;EAIJ,MAAM,gBAAgB;AACpB,gBAAa;AACb,UAAO,oBAAoB,WAAW;;AAGxC,SAAO,iBAAiB,WAAW;;;;;;;;;;;;AAavC,SAAgB,yBACd,QACA,WACA,YAAoB,KACL;AACf,QAAO,sBAAsB,QAAQ;EACnC,aAAaA,mDAAqB;EAClC,WAAWA,mDAAqB;EAChC;EACA"}
1	+ {"version":3,"file":"sessionMessages.js","names":["WorkerControlMessage"],"sources":["../../../../../src/core/WebAuthnManager/SignerWorkerManager/sessionMessages.ts"],"sourcesContent":["/*\n Session Message Handling for Signer Worker\n \n This module provides helpers for waiting on session lifecycle messages from the signer worker.\n * Session messages are JS-only messages that never go through the Rust JSON pipeline\n * and are used for worker lifecycle management and session setup.\n /\n\nimport { WorkerControlMessage } from '../../workerControlMessages';\n\n// === SESSION MESSAGE TYPES ===\n\n/\n Control message sent by the signer worker after successfully attaching\n * a WrapKeySeed MessagePort for a signing session.\n /\nexport interface AttachWrapKeySeedPortOkMessage {\n type: typeof WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_OK;\n sessionId: string;\n}\n\n/\n Control message sent by the signer worker when attaching a WrapKeySeed\n * MessagePort fails.\n /\nexport interface AttachWrapKeySeedPortErrorMessage {\n type: typeof WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_ERROR;\n sessionId: string;\n error: string;\n}\n\n/\n Control message sent by the signer worker when it's ready to receive messages.\n /\nexport interface WorkerReadyMessage {\n type: typeof WorkerControlMessage.WORKER_READY;\n ready: boolean;\n}\n\n/\n All control messages that can be sent by the signer worker.\n /\nexport type SignerWorkerControlMessage =\n \| AttachWrapKeySeedPortOkMessage\n \| AttachWrapKeySeedPortErrorMessage\n \| WorkerReadyMessage;\n\nexport type SessionMessage = Record<string, unknown> & {\n type: string;\n sessionId?: string;\n error?: string;\n};\n\nfunction asSessionMessage(msg: unknown): SessionMessage \| null {\n if (!isObject(msg)) return null;\n if (typeof msg.type !== 'string') return null;\n if (msg.sessionId != null && typeof msg.sessionId !== 'string') return null;\n if (msg.error != null && typeof msg.error !== 'string') return null;\n return msg as SessionMessage;\n}\n\n/\n Type guard to check if a message is a control message.\n /\nexport function isSignerWorkerControlMessage(msg: unknown): msg is SignerWorkerControlMessage {\n if (!isObject(msg) \|\| typeof msg.type !== 'string') {\n return false;\n }\n\n switch (msg.type) {\n case WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_OK:\n return typeof msg.sessionId === 'string';\n case WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_ERROR:\n return typeof msg.sessionId === 'string' && typeof msg.error === 'string';\n case WorkerControlMessage.WORKER_READY:\n return typeof msg.ready === 'boolean';\n default:\n return false;\n }\n}\n\nfunction isObject(value: unknown): value is Record<string, unknown> {\n return typeof value === 'object' && value !== null;\n}\n\n// === SESSION MESSAGE HELPERS ===\n\n/\n Generic helper for waiting on session messages from a worker.\n * Registers a listener, sends no message (caller handles that), and waits for a matching response.\n \n @param worker - The worker to listen to\n * @param options - Configuration for what to wait for\n * @returns Promise that resolves when the expected message arrives, rejects on timeout or error\n /\nexport function waitForSessionMessage(\n worker: Worker,\n options: {\n /* Message type(s) to wait for (success) /\n successType: string \| string[];\n /* Optional error type to reject on /\n errorType?: string;\n /* Session ID to match (if applicable) /\n sessionId?: string;\n /* Timeout in milliseconds /\n timeoutMs?: number;\n /* Custom message validator - return true to resolve, false to ignore, throw to reject /\n validator?: (msg: SessionMessage) => boolean;\n }\n): Promise<void> {\n const {\n successType,\n errorType,\n sessionId,\n timeoutMs = 2000,\n validator,\n } = options;\n\n const successTypes = Array.isArray(successType) ? successType : [successType];\n\n return new Promise<void>((resolve, reject) => {\n const timeout = setTimeout(() => {\n cleanup();\n reject(new Error(\n `Timeout waiting for session message (${successTypes.join('\|')})${sessionId ? ` for session ${sessionId}` : ''}`\n ));\n }, timeoutMs);\n\n const messageHandler = (event: MessageEvent<unknown>) => {\n const msg = asSessionMessage(event.data);\n\n // Skip if message doesn't have a type\n if (!msg) return;\n\n // Check if sessionId matches (if specified)\n if (sessionId && msg.sessionId !== sessionId) {\n return;\n }\n\n // Check for error type\n if (errorType && msg.type === errorType) {\n cleanup();\n const error = msg.error \|\| 'Unknown error';\n reject(new Error(`Session message error: ${error}`));\n return;\n }\n\n // Check for success type\n if (successTypes.includes(msg.type)) {\n // Run custom validator if provided\n if (validator) {\n try {\n const shouldResolve = validator(msg);\n if (!shouldResolve) {\n return; // Validator said to ignore this message\n }\n } catch (err) {\n cleanup();\n reject(err);\n return;\n }\n }\n\n cleanup();\n resolve();\n }\n };\n\n const cleanup = () => {\n clearTimeout(timeout);\n worker.removeEventListener('message', messageHandler);\n };\n\n worker.addEventListener('message', messageHandler);\n });\n}\n\n/\n Wait for the worker to acknowledge successful attachment of the WrapKeySeed port.\n * This provides early detection of attach failures instead of only seeing late WASM errors.\n \n @param worker - The worker that should send the ACK\n * @param sessionId - The session ID to match\n * @param timeoutMs - How long to wait before rejecting (default: 2000ms)\n * @returns Promise that resolves on success ACK, rejects on error or timeout\n */\nexport function waitForWrapKeyPortAttach(\n worker: Worker,\n sessionId: string,\n timeoutMs: number = 2000\n): Promise<void> {\n return waitForSessionMessage(worker, {\n successType: WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_OK,\n errorType: WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_ERROR,\n sessionId,\n timeoutMs,\n });\n}\n"],"mappings":";;;AAqDA,SAAS,iBAAiB,KAAqC;AAC7D,KAAI,CAAC,SAAS,KAAM,QAAO;AAC3B,KAAI,OAAO,IAAI,SAAS,SAAU,QAAO;AACzC,KAAI,IAAI,aAAa,QAAQ,OAAO,IAAI,cAAc,SAAU,QAAO;AACvE,KAAI,IAAI,SAAS,QAAQ,OAAO,IAAI,UAAU,SAAU,QAAO;AAC/D,QAAO;;;;;AAMT,SAAgB,6BAA6B,KAAiD;AAC5F,KAAI,CAAC,SAAS,QAAQ,OAAO,IAAI,SAAS,SACxC,QAAO;AAGT,SAAQ,IAAI,MAAZ;EACE,KAAKA,mDAAqB,6BACxB,QAAO,OAAO,IAAI,cAAc;EAClC,KAAKA,mDAAqB,gCACxB,QAAO,OAAO,IAAI,cAAc,YAAY,OAAO,IAAI,UAAU;EACnE,KAAKA,mDAAqB,aACxB,QAAO,OAAO,IAAI,UAAU;EAC9B,QACE,QAAO;;;AAIb,SAAS,SAAS,OAAkD;AAClE,QAAO,OAAO,UAAU,YAAY,UAAU;;;;;;;;;;AAahD,SAAgB,sBACd,QACA,SAYe;CACf,MAAM,EACJ,aACA,WACA,WACA,YAAY,KACZ,cACE;CAEJ,MAAM,eAAe,MAAM,QAAQ,eAAe,cAAc,CAAC;AAEjE,QAAO,IAAI,SAAe,SAAS,WAAW;EAC5C,MAAM,UAAU,iBAAiB;AAC/B;AACA,0BAAO,IAAI,MACT,wCAAwC,aAAa,KAAK,KAAK,GAAG,YAAY,gBAAgB,cAAc;KAE7G;EAEH,MAAM,kBAAkB,UAAiC;GACvD,MAAM,MAAM,iBAAiB,MAAM;AAGnC,OAAI,CAAC,IAAK;AAGV,OAAI,aAAa,IAAI,cAAc,UACjC;AAIF,OAAI,aAAa,IAAI,SAAS,WAAW;AACvC;IACA,MAAM,QAAQ,IAAI,SAAS;AAC3B,2BAAO,IAAI,MAAM,0BAA0B;AAC3C;;AAIF,OAAI,aAAa,SAAS,IAAI,OAAO;AAEnC,QAAI,UACF,KAAI;KACF,MAAM,gBAAgB,UAAU;AAChC,SAAI,CAAC,cACH;aAEK,KAAK;AACZ;AACA,YAAO;AACP;;AAIJ;AACA;;;EAIJ,MAAM,gBAAgB;AACpB,gBAAa;AACb,UAAO,oBAAoB,WAAW;;AAGxC,SAAO,iBAAiB,WAAW;;;;;;;;;;;;AAavC,SAAgB,yBACd,QACA,WACA,YAAoB,KACL;AACf,QAAO,sBAAsB,QAAQ;EACnC,aAAaA,mDAAqB;EAClC,WAAWA,mDAAqB;EAChC;EACA"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/common.js CHANGED Viewed

@@ -1,11 +1,8 @@
-const require_rolldown_runtime = require('../../../../../_virtual/rolldown_runtime.js');
-const require_validation = require('../../../../WalletIframe/validation.js');
+const require_validation = require('../../../../../utils/validation.js');
 const require_errors = require('../../../../../utils/errors.js');
 const require_types = require('../types.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/common.ts
-require_validation.init_validation();
-require_errors.init_errors();
 function parseTransactionSummary(summaryData) {
 	if (!summaryData) return {};
 	if (require_validation.isString(summaryData)) try {

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/common.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"common.js","names":["isString","isObject","out: Record<string, unknown>","isFunction","SecureConfirmMessageType","isTouchIdCancellationError","toError"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/common.ts"],"sourcesContent":["import type { TransactionSummary, SecureConfirmDecision } from '../types';\nimport { SecureConfirmMessageType } from '../types';\nimport { isObject, isFunction, isString } from '~~../../../../WalletIframe~~/validation';\nimport { toError, isTouchIdCancellationError } from '../../../../../utils/errors';\n\nexport function parseTransactionSummary(summaryData: unknown): TransactionSummary {\n if (!summaryData) return {};\n if (isString(summaryData)) {\n try {\n const parsed = JSON.parse(summaryData) as unknown;\n return isObject(parsed) ? (parsed as TransactionSummary) : {};\n } catch (parseError) {\n console.warn('[SignerWorkerManager]: Failed to parse summary string:', parseError);\n return {};\n }\n }\n return isObject(summaryData) ? (summaryData as TransactionSummary) : {};\n}\n\n// ===== Utility: postMessage sanitization (exported in case flows need to respond directly) =====\nexport type NonFunctionKeys<T> = { [K in keyof T]: T[K] extends Function ? never : K }[keyof T];\n\nexport type ShallowPostMessageSafe<T> = T extends object\n ? Omit<Pick<T, NonFunctionKeys<T>>, '_confirmHandle'>\n : T;\n\nexport function sanitizeForPostMessage<T>(data: T): ShallowPostMessageSafe<T> {\n if (data == null) return data as ShallowPostMessageSafe<T>;\n if (Array.isArray(data)) return data.map((v) => v) as unknown as ShallowPostMessageSafe<T>;\n if (isObject(data)) {\n const src = data as Record<string, unknown>;\n const out: Record<string, unknown> = {};\n for (const key of Object.keys(src)) {\n if (key === '_confirmHandle') continue;\n const value = src[key];\n if (isFunction(value)) continue;\n out[key] = value;\n }\n return out as ShallowPostMessageSafe<T>;\n }\n return data as ShallowPostMessageSafe<T>;\n}\n\n// ===== Shared worker response + UI close helpers =====\nexport const ERROR_MESSAGES = {\n cancelled: 'User cancelled secure confirm request',\n collectCredentialsFailed: 'Failed to collect credentials',\n nearRpcFailed: 'Failed to fetch NEAR data',\n} as const;\n\nexport function sendConfirmResponse(worker: Worker, response: SecureConfirmDecision) {\n const sanitized = sanitizeForPostMessage(response);\n worker.postMessage({ type: SecureConfirmMessageType.USER_PASSKEY_CONFIRM_RESPONSE, data: sanitized });\n}\n\nexport function isUserCancelledSecureConfirm(error: unknown): boolean {\n return (\n isTouchIdCancellationError(error) \|\|\n (() => {\n const e = toError(error);\n return e?.name === 'NotAllowedError' \|\| e?.name === 'AbortError';\n })()\n );\n}\n\n"],"mappings":"~~;;;;;;;;~~AAKA,SAAgB,wBAAwB,aAA0C;AAChF,KAAI,CAAC,YAAa,QAAO;AACzB,KAAIA,4BAAS,aACX,KAAI;EACF,MAAM,SAAS,KAAK,MAAM;AAC1B,SAAOC,4BAAS,UAAW,SAAgC;UACpD,YAAY;AACnB,UAAQ,KAAK,0DAA0D;AACvE,SAAO;;AAGX,QAAOA,4BAAS,eAAgB,cAAqC;;AAUvE,SAAgB,uBAA0B,MAAoC;AAC5E,KAAI,QAAQ,KAAM,QAAO;AACzB,KAAI,MAAM,QAAQ,MAAO,QAAO,KAAK,KAAK,MAAM;AAChD,KAAIA,4BAAS,OAAO;EAClB,MAAM,MAAM;EACZ,MAAMC,MAA+B;AACrC,OAAK,MAAM,OAAO,OAAO,KAAK,MAAM;AAClC,OAAI,QAAQ,iBAAkB;GAC9B,MAAM,QAAQ,IAAI;AAClB,OAAIC,8BAAW,OAAQ;AACvB,OAAI,OAAO;;AAEb,SAAO;;AAET,QAAO;;AAIT,MAAa,iBAAiB;CAC5B,WAAW;CACX,0BAA0B;CAC1B,eAAe;;AAGjB,SAAgB,oBAAoB,QAAgB,UAAiC;CACnF,MAAM,YAAY,uBAAuB;AACzC,QAAO,YAAY;EAAE,MAAMC,uCAAyB;EAA+B,MAAM;;;AAG3F,SAAgB,6BAA6B,OAAyB;AACpE,QACEC,0CAA2B,iBACpB;EACL,MAAM,IAAIC,uBAAQ;AAClB,SAAO,GAAG,SAAS,qBAAqB,GAAG,SAAS"}
1	+ {"version":3,"file":"common.js","names":["isString","isObject","out: Record<string, unknown>","isFunction","SecureConfirmMessageType","isTouchIdCancellationError","toError"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/common.ts"],"sourcesContent":["import type { TransactionSummary, SecureConfirmDecision } from '../types';\nimport { SecureConfirmMessageType } from '../types';\nimport { isObject, isFunction, isString } from '@/utils/validation';\nimport { toError, isTouchIdCancellationError } from '../../../../../utils/errors';\n\nexport function parseTransactionSummary(summaryData: unknown): TransactionSummary {\n if (!summaryData) return {};\n if (isString(summaryData)) {\n try {\n const parsed = JSON.parse(summaryData) as unknown;\n return isObject(parsed) ? (parsed as TransactionSummary) : {};\n } catch (parseError) {\n console.warn('[SignerWorkerManager]: Failed to parse summary string:', parseError);\n return {};\n }\n }\n return isObject(summaryData) ? (summaryData as TransactionSummary) : {};\n}\n\n// ===== Utility: postMessage sanitization (exported in case flows need to respond directly) =====\nexport type NonFunctionKeys<T> = { [K in keyof T]: T[K] extends Function ? never : K }[keyof T];\n\nexport type ShallowPostMessageSafe<T> = T extends object\n ? Omit<Pick<T, NonFunctionKeys<T>>, '_confirmHandle'>\n : T;\n\nexport function sanitizeForPostMessage<T>(data: T): ShallowPostMessageSafe<T> {\n if (data == null) return data as ShallowPostMessageSafe<T>;\n if (Array.isArray(data)) return data.map((v) => v) as unknown as ShallowPostMessageSafe<T>;\n if (isObject(data)) {\n const src = data as Record<string, unknown>;\n const out: Record<string, unknown> = {};\n for (const key of Object.keys(src)) {\n if (key === '_confirmHandle') continue;\n const value = src[key];\n if (isFunction(value)) continue;\n out[key] = value;\n }\n return out as ShallowPostMessageSafe<T>;\n }\n return data as ShallowPostMessageSafe<T>;\n}\n\n// ===== Shared worker response + UI close helpers =====\nexport const ERROR_MESSAGES = {\n cancelled: 'User cancelled secure confirm request',\n collectCredentialsFailed: 'Failed to collect credentials',\n nearRpcFailed: 'Failed to fetch NEAR data',\n} as const;\n\nexport function sendConfirmResponse(worker: Worker, response: SecureConfirmDecision) {\n const sanitized = sanitizeForPostMessage(response);\n worker.postMessage({ type: SecureConfirmMessageType.USER_PASSKEY_CONFIRM_RESPONSE, data: sanitized });\n}\n\nexport function isUserCancelledSecureConfirm(error: unknown): boolean {\n return (\n isTouchIdCancellationError(error) \|\|\n (() => {\n const e = toError(error);\n return e?.name === 'NotAllowedError' \|\| e?.name === 'AbortError';\n })()\n );\n}\n\n"],"mappings":";;;;;AAKA,SAAgB,wBAAwB,aAA0C;AAChF,KAAI,CAAC,YAAa,QAAO;AACzB,KAAIA,4BAAS,aACX,KAAI;EACF,MAAM,SAAS,KAAK,MAAM;AAC1B,SAAOC,4BAAS,UAAW,SAAgC;UACpD,YAAY;AACnB,UAAQ,KAAK,0DAA0D;AACvE,SAAO;;AAGX,QAAOA,4BAAS,eAAgB,cAAqC;;AAUvE,SAAgB,uBAA0B,MAAoC;AAC5E,KAAI,QAAQ,KAAM,QAAO;AACzB,KAAI,MAAM,QAAQ,MAAO,QAAO,KAAK,KAAK,MAAM;AAChD,KAAIA,4BAAS,OAAO;EAClB,MAAM,MAAM;EACZ,MAAMC,MAA+B;AACrC,OAAK,MAAM,OAAO,OAAO,KAAK,MAAM;AAClC,OAAI,QAAQ,iBAAkB;GAC9B,MAAM,QAAQ,IAAI;AAClB,OAAIC,8BAAW,OAAQ;AACvB,OAAI,OAAO;;AAEb,SAAO;;AAET,QAAO;;AAIT,MAAa,iBAAiB;CAC5B,WAAW;CACX,0BAA0B;CAC1B,eAAe;;AAGjB,SAAgB,oBAAoB,QAAgB,UAAiC;CACnF,MAAM,YAAY,uBAAuB;AACzC,QAAO,YAAY;EAAE,MAAMC,uCAAyB;EAA+B,MAAM;;;AAG3F,SAAgB,6BAA6B,OAAyB;AACpE,QACEC,0CAA2B,iBACpB;EACL,MAAM,IAAIC,uBAAQ;AAClB,SAAO,GAAG,SAAS,qBAAqB,GAAG,SAAS"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/createAdapters.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const require_rolldown_runtime = require('../../../../../_virtual/rolldown_runtime.js');
 const require_near = require('./near.js');
 const require_vrf = require('./vrf.js');
 const require_ui = require('./ui.js');

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/createAdapters.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"createAdapters.js","names":["fetchNearContext","releaseReservedNonces","maybeRefreshVrfChallenge","collectAuthenticationCredentialWithPRF","renderConfirmUI"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/createAdapters.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmTxFlowAdapters } from './interfaces';\nimport { fetchNearContext, releaseReservedNonces } from './near';\nimport { maybeRefreshVrfChallenge } from './vrf';\nimport { collectAuthenticationCredentialWithPRF } from './webauthn';\nimport { closeModalSafely, renderConfirmUI } from './ui';\n\nfunction getVrfWorkerManager(ctx: VrfWorkerManagerContext) {\n const vrfWorkerManager = ctx.vrfWorkerManager;\n if (!vrfWorkerManager) {\n throw new Error('VrfWorkerManager not available');\n }\n return vrfWorkerManager;\n}\n\nexport function createConfirmTxFlowAdapters(ctx: VrfWorkerManagerContext): ConfirmTxFlowAdapters {\n return {\n near: {\n fetchNearContext: (opts) => fetchNearContext(ctx, opts),\n releaseReservedNonces: (nonces) => releaseReservedNonces(ctx, nonces),\n },\n vrf: {\n getRpId: () => ctx.touchIdPrompt.getRpId(),\n maybeRefreshVrfChallenge: (request, nearAccountId) => maybeRefreshVrfChallenge(ctx, request, nearAccountId),\n generateVrfKeypairBootstrap: (args) => getVrfWorkerManager(ctx).generateVrfKeypairBootstrap(args),\n generateVrfChallengeForSession: (inputData, sessionId) => getVrfWorkerManager(ctx).generateVrfChallengeForSession(inputData, sessionId),\n mintSessionKeysAndSendToSigner: (args) => getVrfWorkerManager(ctx).mintSessionKeysAndSendToSigner(args),\n dispenseSessionKey: (args) => getVrfWorkerManager(ctx).dispenseSessionKey(args),\n prepareDecryptSession: (args) => getVrfWorkerManager(ctx).prepareDecryptSession(args),\n requestRegistrationCredentialConfirmation: (args) => getVrfWorkerManager(ctx).requestRegistrationCredentialConfirmation(args),\n confirmAndDeriveDevice2RegistrationSession: (args) => getVrfWorkerManager(ctx).confirmAndDeriveDevice2RegistrationSession(args),\n checkVrfStatus: () => getVrfWorkerManager(ctx).checkVrfStatus(),\n },\n webauthn: {\n collectAuthenticationCredentialWithPRF: (args) => collectAuthenticationCredentialWithPRF({ ctx, ...args }),\n createRegistrationCredential: (args) => ctx.touchIdPrompt.generateRegistrationCredentialsInternal(args),\n },\n ui: {\n renderConfirmUI: (args) => renderConfirmUI({ ctx, ...args }),\n closeModalSafely,\n },\n };\n}\n\n"],"mappings":"~~;;;;;;;~~AAOA,SAAS,oBAAoB,KAA8B;CACzD,MAAM,mBAAmB,IAAI;AAC7B,KAAI,CAAC,iBACH,OAAM,IAAI,MAAM;AAElB,QAAO;;AAGT,SAAgB,4BAA4B,KAAqD;AAC/F,QAAO;EACL,MAAM;GACJ,mBAAmB,SAASA,8BAAiB,KAAK;GAClD,wBAAwB,WAAWC,mCAAsB,KAAK;;EAEhE,KAAK;GACH,eAAe,IAAI,cAAc;GACjC,2BAA2B,SAAS,kBAAkBC,qCAAyB,KAAK,SAAS;GAC7F,8BAA8B,SAAS,oBAAoB,KAAK,4BAA4B;GAC5F,iCAAiC,WAAW,cAAc,oBAAoB,KAAK,+BAA+B,WAAW;GAC7H,iCAAiC,SAAS,oBAAoB,KAAK,+BAA+B;GAClG,qBAAqB,SAAS,oBAAoB,KAAK,mBAAmB;GAC1E,wBAAwB,SAAS,oBAAoB,KAAK,sBAAsB;GAChF,4CAA4C,SAAS,oBAAoB,KAAK,0CAA0C;GACxH,6CAA6C,SAAS,oBAAoB,KAAK,2CAA2C;GAC1H,sBAAsB,oBAAoB,KAAK;;EAEjD,UAAU;GACR,yCAAyC,SAASC,wDAAuC;IAAE;IAAK,GAAG;;GACnG,+BAA+B,SAAS,IAAI,cAAc,wCAAwC;;EAEpG,IAAI;GACF,kBAAkB,SAASC,2BAAgB;IAAE;IAAK,GAAG;;GACrD"}
1	+ {"version":3,"file":"createAdapters.js","names":["fetchNearContext","releaseReservedNonces","maybeRefreshVrfChallenge","collectAuthenticationCredentialWithPRF","renderConfirmUI"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/createAdapters.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmTxFlowAdapters } from './interfaces';\nimport { fetchNearContext, releaseReservedNonces } from './near';\nimport { maybeRefreshVrfChallenge } from './vrf';\nimport { collectAuthenticationCredentialWithPRF } from './webauthn';\nimport { closeModalSafely, renderConfirmUI } from './ui';\n\nfunction getVrfWorkerManager(ctx: VrfWorkerManagerContext) {\n const vrfWorkerManager = ctx.vrfWorkerManager;\n if (!vrfWorkerManager) {\n throw new Error('VrfWorkerManager not available');\n }\n return vrfWorkerManager;\n}\n\nexport function createConfirmTxFlowAdapters(ctx: VrfWorkerManagerContext): ConfirmTxFlowAdapters {\n return {\n near: {\n fetchNearContext: (opts) => fetchNearContext(ctx, opts),\n releaseReservedNonces: (nonces) => releaseReservedNonces(ctx, nonces),\n },\n vrf: {\n getRpId: () => ctx.touchIdPrompt.getRpId(),\n maybeRefreshVrfChallenge: (request, nearAccountId) => maybeRefreshVrfChallenge(ctx, request, nearAccountId),\n generateVrfKeypairBootstrap: (args) => getVrfWorkerManager(ctx).generateVrfKeypairBootstrap(args),\n generateVrfChallengeForSession: (inputData, sessionId) => getVrfWorkerManager(ctx).generateVrfChallengeForSession(inputData, sessionId),\n mintSessionKeysAndSendToSigner: (args) => getVrfWorkerManager(ctx).mintSessionKeysAndSendToSigner(args),\n dispenseSessionKey: (args) => getVrfWorkerManager(ctx).dispenseSessionKey(args),\n prepareDecryptSession: (args) => getVrfWorkerManager(ctx).prepareDecryptSession(args),\n requestRegistrationCredentialConfirmation: (args) => getVrfWorkerManager(ctx).requestRegistrationCredentialConfirmation(args),\n confirmAndDeriveDevice2RegistrationSession: (args) => getVrfWorkerManager(ctx).confirmAndDeriveDevice2RegistrationSession(args),\n checkVrfStatus: () => getVrfWorkerManager(ctx).checkVrfStatus(),\n },\n webauthn: {\n collectAuthenticationCredentialWithPRF: (args) => collectAuthenticationCredentialWithPRF({ ctx, ...args }),\n createRegistrationCredential: (args) => ctx.touchIdPrompt.generateRegistrationCredentialsInternal(args),\n },\n ui: {\n renderConfirmUI: (args) => renderConfirmUI({ ctx, ...args }),\n closeModalSafely,\n },\n };\n}\n\n"],"mappings":";;;;;;AAOA,SAAS,oBAAoB,KAA8B;CACzD,MAAM,mBAAmB,IAAI;AAC7B,KAAI,CAAC,iBACH,OAAM,IAAI,MAAM;AAElB,QAAO;;AAGT,SAAgB,4BAA4B,KAAqD;AAC/F,QAAO;EACL,MAAM;GACJ,mBAAmB,SAASA,8BAAiB,KAAK;GAClD,wBAAwB,WAAWC,mCAAsB,KAAK;;EAEhE,KAAK;GACH,eAAe,IAAI,cAAc;GACjC,2BAA2B,SAAS,kBAAkBC,qCAAyB,KAAK,SAAS;GAC7F,8BAA8B,SAAS,oBAAoB,KAAK,4BAA4B;GAC5F,iCAAiC,WAAW,cAAc,oBAAoB,KAAK,+BAA+B,WAAW;GAC7H,iCAAiC,SAAS,oBAAoB,KAAK,+BAA+B;GAClG,qBAAqB,SAAS,oBAAoB,KAAK,mBAAmB;GAC1E,wBAAwB,SAAS,oBAAoB,KAAK,sBAAsB;GAChF,4CAA4C,SAAS,oBAAoB,KAAK,0CAA0C;GACxH,6CAA6C,SAAS,oBAAoB,KAAK,2CAA2C;GAC1H,sBAAsB,oBAAoB,KAAK;;EAEjD,UAAU;GACR,yCAAyC,SAASC,wDAAuC;IAAE;IAAK,GAAG;;GACnG,+BAA+B,SAAS,IAAI,cAAc,wCAAwC;;EAEpG,IAAI;GACF,kBAAkB,SAASC,2BAAgB;IAAE;IAAK,GAAG;;GACrD"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/near.js CHANGED Viewed

@@ -1,8 +1,6 @@
-const require_rolldown_runtime = require('../../../../../_virtual/rolldown_runtime.js');
 const require_errors = require('../../../../../utils/errors.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/near.ts
-require_errors.init_errors();
 async function fetchNearContext(ctx, opts) {
 	try {
 		const transactionContext = await ctx.nonceManager.getNonceBlockHashAndHeight(ctx.nearClient);
@@ -10,11 +8,8 @@ async function fetchNearContext(ctx, opts) {
 		let reservedNonces;
 		if (opts.reserveNonces) try {
 			reservedNonces = ctx.nonceManager.reserveNonces(txCount);
-			console.debug(`[NonceManager]: Reserved ${txCount} nonce(s):`, reservedNonces);
 			transactionContext.nextNonce = reservedNonces[0];
-		} catch (error) {
-			console.debug(`[NonceManager]: Failed to reserve ${txCount} nonce(s):`, error);
-		}
+		} catch (error) {}
 		return {
 			transactionContext,
 			reservedNonces

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/near.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"near.js","names":["reservedNonces: string[] \| undefined","fallback: TransactionContext","errorMessage"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/near.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport { TransactionContext } from '../../../../types';\nimport type { BlockReference, AccessKeyView } from '@near-js/types';\nimport { errorMessage } from '../../../../../utils/errors';\n\nexport async function fetchNearContext(\n ctx: VrfWorkerManagerContext,\n opts: { nearAccountId: string; txCount: number; reserveNonces: boolean },\n): Promise<{\n transactionContext: TransactionContext \| null;\n error?: string;\n details?: string;\n reservedNonces?: string[];\n}> {\n try {\n // Prefer NonceManager when initialized (signing flows)\n // Use cached transaction context if fresh; avoid forcing a refresh here.\n // JIT refresh later will force a new block height for the VRF challenge.\n const transactionContext = await ctx.nonceManager.getNonceBlockHashAndHeight(ctx.nearClient);\n\n const txCount = opts.txCount \|\| 1;\n let reservedNonces: string[] \| undefined;\n if (opts.reserveNonces) {\n try {\n reservedNonces = ctx.nonceManager.reserveNonces(txCount);\n ~~console.debug(`[NonceManager]: Reserved ${txCount} nonce(s):`, reservedNonces);\n~~ // Provide the first reserved nonce to the worker context; worker handles per-tx assignment\n transactionContext.nextNonce = reservedNonces[0];\n } catch (error) {\n ~~console.debug(`[NonceManager]: Failed to reserve ${txCount} nonce(s):`, error);\n~~ // Continue with existing nextNonce; worker may auto-increment where appropriate\n }\n }\n\n return { transactionContext, reservedNonces };\n } catch (error) {\n // Registration or pre-login flows may not have NonceManager initialized.\n // Fallback: fetch latest block info directly; nonces are not required for registration/link flows.\n try {\n const block = await ctx.nearClient.viewBlock({ finality: 'final' } as BlockReference);\n const txBlockHeight = String(block?.header?.height ?? '');\n const txBlockHash = String(block?.header?.hash ?? '');\n const fallback: TransactionContext = {\n nearPublicKeyStr: '', // not needed for registration VRF challenge\n accessKeyInfo: ({\n nonce: 0,\n permission: 'FullAccess',\n block_height: 0,\n block_hash: ''\n } as unknown) as AccessKeyView, // minimal shape; not used in registration/link flows\n nextNonce: '0',\n txBlockHeight,\n txBlockHash,\n } as TransactionContext;\n return { transactionContext: fallback };\n } catch (e) {\n return {\n transactionContext: null,\n error: 'NEAR_RPC_FAILED',\n details: errorMessage(e) \|\| errorMessage(error),\n };\n }\n }\n}\n\nexport function releaseReservedNonces(ctx: VrfWorkerManagerContext, nonces?: string[]) {\n nonces?.forEach((n) => ctx.nonceManager.releaseNonce(n));\n}\n\n"],"mappings":"~~;;;;;~~AAKA,eAAsB,iBACpB,KACA,MAMC;AACD,KAAI;EAIF,MAAM,qBAAqB,MAAM,IAAI,aAAa,2BAA2B,IAAI;EAEjF,MAAM,UAAU,KAAK,WAAW;EAChC,IAAIA;AACJ,MAAI,KAAK,cACP,KAAI;AACF,oBAAiB,IAAI,aAAa,cAAc;~~AAChD~~,~~WAAQ,MAAM,4BAA4B,QAAQ,aAAa;AAE/D,~~sBAAmB,YAAY,eAAe;WACvC,OAAO;~~AACd~~,~~WAAQ,MAAM,qCAAqC,QAAQ,aAAa;;AAK5E,~~SAAO;GAAE;GAAoB;;UACtB,OAAO;AAGd,MAAI;GACF,MAAM,QAAQ,MAAM,IAAI,WAAW,UAAU,EAAE,UAAU;GACzD,MAAM,gBAAgB,OAAO,OAAO,QAAQ,UAAU;GACtD,MAAM,cAAc,OAAO,OAAO,QAAQ,QAAQ;GAClD,MAAMC,WAA+B;IACnC,kBAAkB;IAClB,eAAgB;KACd,OAAO;KACP,YAAY;KACZ,cAAc;KACd,YAAY;;IAEd,WAAW;IACX;IACA;;AAEF,UAAO,EAAE,oBAAoB;WACtB,GAAG;AACV,UAAO;IACL,oBAAoB;IACpB,OAAO;IACP,SAASC,4BAAa,MAAMA,4BAAa;;;;;AAMjD,SAAgB,sBAAsB,KAA8B,QAAmB;AACrF,SAAQ,SAAS,MAAM,IAAI,aAAa,aAAa"}
1	+ {"version":3,"file":"near.js","names":["reservedNonces: string[] \| undefined","fallback: TransactionContext","errorMessage"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/near.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport { TransactionContext } from '../../../../types';\nimport type { BlockReference, AccessKeyView } from '@near-js/types';\nimport { errorMessage } from '../../../../../utils/errors';\n\nexport async function fetchNearContext(\n ctx: VrfWorkerManagerContext,\n opts: { nearAccountId: string; txCount: number; reserveNonces: boolean },\n): Promise<{\n transactionContext: TransactionContext \| null;\n error?: string;\n details?: string;\n reservedNonces?: string[];\n}> {\n try {\n // Prefer NonceManager when initialized (signing flows)\n // Use cached transaction context if fresh; avoid forcing a refresh here.\n // JIT refresh later will force a new block height for the VRF challenge.\n const transactionContext = await ctx.nonceManager.getNonceBlockHashAndHeight(ctx.nearClient);\n\n const txCount = opts.txCount \|\| 1;\n let reservedNonces: string[] \| undefined;\n if (opts.reserveNonces) {\n try {\n reservedNonces = ctx.nonceManager.reserveNonces(txCount);\n // Provide the first reserved nonce to the worker context; worker handles per-tx assignment\n transactionContext.nextNonce = reservedNonces[0];\n } catch (error) {\n // Continue with existing nextNonce; worker may auto-increment where appropriate\n }\n }\n\n return { transactionContext, reservedNonces };\n } catch (error) {\n // Registration or pre-login flows may not have NonceManager initialized.\n // Fallback: fetch latest block info directly; nonces are not required for registration/link flows.\n try {\n const block = await ctx.nearClient.viewBlock({ finality: 'final' } as BlockReference);\n const txBlockHeight = String(block?.header?.height ?? '');\n const txBlockHash = String(block?.header?.hash ?? '');\n const fallback: TransactionContext = {\n nearPublicKeyStr: '', // not needed for registration VRF challenge\n accessKeyInfo: ({\n nonce: 0,\n permission: 'FullAccess',\n block_height: 0,\n block_hash: ''\n } as unknown) as AccessKeyView, // minimal shape; not used in registration/link flows\n nextNonce: '0',\n txBlockHeight,\n txBlockHash,\n } as TransactionContext;\n return { transactionContext: fallback };\n } catch (e) {\n return {\n transactionContext: null,\n error: 'NEAR_RPC_FAILED',\n details: errorMessage(e) \|\| errorMessage(error),\n };\n }\n }\n}\n\nexport function releaseReservedNonces(ctx: VrfWorkerManagerContext, nonces?: string[]) {\n nonces?.forEach((n) => ctx.nonceManager.releaseNonce(n));\n}\n\n"],"mappings":";;;AAKA,eAAsB,iBACpB,KACA,MAMC;AACD,KAAI;EAIF,MAAM,qBAAqB,MAAM,IAAI,aAAa,2BAA2B,IAAI;EAEjF,MAAM,UAAU,KAAK,WAAW;EAChC,IAAIA;AACJ,MAAI,KAAK,cACP,KAAI;AACF,oBAAiB,IAAI,aAAa,cAAc;AAEhD,sBAAmB,YAAY,eAAe;WACvC,OAAO;AAKlB,SAAO;GAAE;GAAoB;;UACtB,OAAO;AAGd,MAAI;GACF,MAAM,QAAQ,MAAM,IAAI,WAAW,UAAU,EAAE,UAAU;GACzD,MAAM,gBAAgB,OAAO,OAAO,QAAQ,UAAU;GACtD,MAAM,cAAc,OAAO,OAAO,QAAQ,QAAQ;GAClD,MAAMC,WAA+B;IACnC,kBAAkB;IAClB,eAAgB;KACd,OAAO;KACP,YAAY;KACZ,cAAc;KACd,YAAY;;IAEd,WAAW;IACX;IACA;;AAEF,UAAO,EAAE,oBAAoB;WACtB,GAAG;AACV,UAAO;IACL,oBAAoB;IACpB,OAAO;IACP,SAASC,4BAAa,MAAMA,4BAAa;;;;;AAMjD,SAAgB,sBAAsB,KAA8B,QAAmB;AACrF,SAAQ,SAAS,MAAM,IAAI,aAAa,aAAa"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/requestAdapter.js CHANGED Viewed

@@ -1,9 +1,7 @@
-const require_rolldown_runtime = require('../../../../../_virtual/rolldown_runtime.js');
-const require_validation = require('../../../../WalletIframe/validation.js');
+const require_validation = require('../../../../../utils/validation.js');
 const require_types = require('../types.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/requestAdapter.ts
-require_validation.init_validation();
 /**
 * Validates secure-confirm requests (V2 only).
 * This deliberately does not accept JSON strings or shorthand/legacy shapes.
@@ -12,7 +10,6 @@ function validateSecureConfirmRequest(input) {
 	if (typeof input === "string") throw new Error("Invalid secure confirm request: expected an object (JSON strings are not supported)");
 	if (!require_validation.isObject(input)) throw new Error("parsed is not an object");
 	const p = input;
-	if (p.schemaVersion !== 2) throw new Error("schemaVersion must be 2");
 	if (!require_validation.isString(p.requestId) || !p.requestId) throw new Error("missing requestId");
 	if (!require_validation.isString(p.type) || !p.type) throw new Error("missing type");
 	if (p.summary === void 0 || p.summary === null) throw new Error("missing summary");

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/requestAdapter.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"requestAdapter.js","names":["isObject","isString","SecureConfirmationType","payload: any"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/requestAdapter.ts"],"sourcesContent":["import type { SecureConfirmRequest } from '../types';\nimport { SecureConfirmationType } from '../types';\nimport { isObject, isString } from '@/~~core~~/~~WalletIframe/~~validation';\n\n/*\n Validates secure-confirm requests (V2 only).\n * This deliberately does not accept JSON strings or shorthand/legacy shapes.\n */\nexport function validateSecureConfirmRequest(input: unknown): SecureConfirmRequest {\n if (typeof input === 'string') {\n throw new Error('Invalid secure confirm request: expected an object (JSON strings are not supported)');\n }\n if (!isObject(input)) throw new Error('parsed is not an object');\n const p = input as {\n ~~schemaVersion?: unknown;\n~~ requestId?: unknown;\n type?: unknown;\n summary?: unknown;\n payload?: unknown;\n };\n if (~~p.schemaVersion !== 2) throw new Error('schemaVersion must be 2');\n if (~~!isString(p.requestId) \|\| !p.requestId) throw new Error('missing requestId');\n if (!isString(p.type) \|\| !p.type) throw new Error('missing type');\n if (p.summary === undefined \|\| p.summary === null) throw new Error('missing summary');\n if (p.payload === undefined \|\| p.payload === null) throw new Error('missing payload');\n return input as unknown as SecureConfirmRequest;\n}\n\nexport function assertNoForbiddenMainThreadSigningSecrets(request: SecureConfirmRequest): void {\n if (\n request.type !== SecureConfirmationType.SIGN_TRANSACTION\n && request.type !== SecureConfirmationType.SIGN_NEP413_MESSAGE\n ) {\n return;\n }\n\n const payload: any = (request as any).payload \|\| {};\n if (payload.prfOutput !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field prfOutput');\n }\n if (payload.wrapKeySeed !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field wrapKeySeed');\n }\n if (payload.wrapKeySalt !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field wrapKeySalt');\n }\n if (payload.vrf_sk !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field vrf_sk');\n }\n}\n"],"mappings":"~~;;;;;;;;;;~~AAQA,SAAgB,6BAA6B,OAAsC;AACjF,KAAI,OAAO,UAAU,SACnB,OAAM,IAAI,MAAM;AAElB,KAAI,CAACA,4BAAS,OAAQ,OAAM,IAAI,MAAM;CACtC,MAAM,IAAI;~~AAOV~~,KAAI,~~EAAE,kBAAkB,EAAG,OAAM,IAAI,MAAM;AAC3C,KAAI,~~CAACC,4BAAS,EAAE,cAAc,CAAC,EAAE,UAAW,OAAM,IAAI,MAAM;AAC5D,KAAI,CAACA,4BAAS,EAAE,SAAS,CAAC,EAAE,KAAM,OAAM,IAAI,MAAM;AAClD,KAAI,EAAE,YAAY,UAAa,EAAE,YAAY,KAAM,OAAM,IAAI,MAAM;AACnE,KAAI,EAAE,YAAY,UAAa,EAAE,YAAY,KAAM,OAAM,IAAI,MAAM;AACnE,QAAO;;AAGT,SAAgB,0CAA0C,SAAqC;AAC7F,KACE,QAAQ,SAASC,qCAAuB,oBACrC,QAAQ,SAASA,qCAAuB,oBAE3C;CAGF,MAAMC,UAAgB,QAAgB,WAAW;AACjD,KAAI,QAAQ,cAAc,OACxB,OAAM,IAAI,MAAM;AAElB,KAAI,QAAQ,gBAAgB,OAC1B,OAAM,IAAI,MAAM;AAElB,KAAI,QAAQ,gBAAgB,OAC1B,OAAM,IAAI,MAAM;AAElB,KAAI,QAAQ,WAAW,OACrB,OAAM,IAAI,MAAM"}
1	+ {"version":3,"file":"requestAdapter.js","names":["isObject","isString","SecureConfirmationType","payload: any"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/requestAdapter.ts"],"sourcesContent":["import type { SecureConfirmRequest } from '../types';\nimport { SecureConfirmationType } from '../types';\nimport { isObject, isString } from '@/utils/validation';\n\n/*\n Validates secure-confirm requests (V2 only).\n * This deliberately does not accept JSON strings or shorthand/legacy shapes.\n */\nexport function validateSecureConfirmRequest(input: unknown): SecureConfirmRequest {\n if (typeof input === 'string') {\n throw new Error('Invalid secure confirm request: expected an object (JSON strings are not supported)');\n }\n if (!isObject(input)) throw new Error('parsed is not an object');\n const p = input as {\n requestId?: unknown;\n type?: unknown;\n summary?: unknown;\n payload?: unknown;\n };\n if (!isString(p.requestId) \|\| !p.requestId) throw new Error('missing requestId');\n if (!isString(p.type) \|\| !p.type) throw new Error('missing type');\n if (p.summary === undefined \|\| p.summary === null) throw new Error('missing summary');\n if (p.payload === undefined \|\| p.payload === null) throw new Error('missing payload');\n return input as unknown as SecureConfirmRequest;\n}\n\nexport function assertNoForbiddenMainThreadSigningSecrets(request: SecureConfirmRequest): void {\n if (\n request.type !== SecureConfirmationType.SIGN_TRANSACTION\n && request.type !== SecureConfirmationType.SIGN_NEP413_MESSAGE\n ) {\n return;\n }\n\n const payload: any = (request as any).payload \|\| {};\n if (payload.prfOutput !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field prfOutput');\n }\n if (payload.wrapKeySeed !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field wrapKeySeed');\n }\n if (payload.wrapKeySalt !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field wrapKeySalt');\n }\n if (payload.vrf_sk !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field vrf_sk');\n }\n}\n"],"mappings":";;;;;;;;AAQA,SAAgB,6BAA6B,OAAsC;AACjF,KAAI,OAAO,UAAU,SACnB,OAAM,IAAI,MAAM;AAElB,KAAI,CAACA,4BAAS,OAAQ,OAAM,IAAI,MAAM;CACtC,MAAM,IAAI;AAMV,KAAI,CAACC,4BAAS,EAAE,cAAc,CAAC,EAAE,UAAW,OAAM,IAAI,MAAM;AAC5D,KAAI,CAACA,4BAAS,EAAE,SAAS,CAAC,EAAE,KAAM,OAAM,IAAI,MAAM;AAClD,KAAI,EAAE,YAAY,UAAa,EAAE,YAAY,KAAM,OAAM,IAAI,MAAM;AACnE,KAAI,EAAE,YAAY,UAAa,EAAE,YAAY,KAAM,OAAM,IAAI,MAAM;AACnE,QAAO;;AAGT,SAAgB,0CAA0C,SAAqC;AAC7F,KACE,QAAQ,SAASC,qCAAuB,oBACrC,QAAQ,SAASA,qCAAuB,oBAE3C;CAGF,MAAMC,UAAgB,QAAgB,WAAW;AACjD,KAAI,QAAQ,cAAc,OACxB,OAAM,IAAI,MAAM;AAElB,KAAI,QAAQ,gBAAgB,OAC1B,OAAM,IAAI,MAAM;AAElB,KAAI,QAAQ,gBAAgB,OAC1B,OAAM,IAAI,MAAM;AAElB,KAAI,QAAQ,WAAW,OACrB,OAAM,IAAI,MAAM"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/requestHelpers.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const require_rolldown_runtime = require('../../../../../_virtual/rolldown_runtime.js');
 const require_types = require('../types.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/requestHelpers.ts

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/requestHelpers.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"requestHelpers.js","names":["SecureConfirmationType"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/requestHelpers.ts"],"sourcesContent":["import {\n SecureConfirmRequest,\n SecureConfirmationType,\n SignTransactionPayload,\n RegisterAccountPayload,\n SignNep413Payload,\n} from '../types';\n\nexport function getNearAccountId(request: SecureConfirmRequest): string {\n switch (request.type) {\n case SecureConfirmationType.SIGN_TRANSACTION:\n return getSignTransactionPayload(request).rpcCall.nearAccountId;\n case SecureConfirmationType.SIGN_NEP413_MESSAGE:\n return (request.payload as SignNep413Payload).nearAccountId;\n case SecureConfirmationType.REGISTER_ACCOUNT:\n case SecureConfirmationType.LINK_DEVICE:\n return getRegisterAccountPayload(request).nearAccountId;\n case SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF: {\n const p = request.payload as { nearAccountId?: string };\n return p?.nearAccountId \|\| '';\n }\n case SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI: {\n const p = request.payload as { nearAccountId?: string };\n return p?.nearAccountId \|\| '';\n }\n default:\n return '';\n }\n}\n\nexport function getTxCount(request: SecureConfirmRequest): number {\n return request.type === SecureConfirmationType.SIGN_TRANSACTION\n ? (getSignTransactionPayload(request).txSigningRequests?.length \|\| 1)\n : 1;\n}\n\nexport function getIntentDigest(request: SecureConfirmRequest): string \| undefined {\n if (request.type === SecureConfirmationType.SIGN_TRANSACTION) {\n const p = request?.payload as Partial<SignTransactionPayload> \| undefined;\n return p?.intentDigest;\n }\n return request?.intentDigest;\n}\n\nexport function getSignTransactionPayload(request: SecureConfirmRequest): SignTransactionPayload {\n if (request.type !== SecureConfirmationType.SIGN_TRANSACTION) {\n throw new Error(`Expected SIGN_TRANSACTION request, got ${request.type}`);\n }\n return request.payload as SignTransactionPayload;\n}\n\nexport function getRegisterAccountPayload(request: SecureConfirmRequest): RegisterAccountPayload {\n if (request.type !== SecureConfirmationType.REGISTER_ACCOUNT && request.type !== SecureConfirmationType.LINK_DEVICE) {\n throw new Error(`Expected REGISTER_ACCOUNT or LINK_DEVICE request, got ${request.type}`);\n }\n return request.payload as RegisterAccountPayload;\n}\n\n"],"mappings":"~~;;;;~~AAQA,SAAgB,iBAAiB,SAAuC;AACtE,SAAQ,QAAQ,MAAhB;EACE,KAAKA,qCAAuB,iBAC1B,QAAO,0BAA0B,SAAS,QAAQ;EACpD,KAAKA,qCAAuB,oBAC1B,QAAQ,QAAQ,QAA8B;EAChD,KAAKA,qCAAuB;EAC5B,KAAKA,qCAAuB,YAC1B,QAAO,0BAA0B,SAAS;EAC5C,KAAKA,qCAAuB,8BAA8B;GACxD,MAAM,IAAI,QAAQ;AAClB,UAAO,GAAG,iBAAiB;;EAE7B,KAAKA,qCAAuB,4BAA4B;GACtD,MAAM,IAAI,QAAQ;AAClB,UAAO,GAAG,iBAAiB;;EAE7B,QACE,QAAO;;;AAIb,SAAgB,WAAW,SAAuC;AAChE,QAAO,QAAQ,SAASA,qCAAuB,mBAC1C,0BAA0B,SAAS,mBAAmB,UAAU,IACjE;;AAGN,SAAgB,gBAAgB,SAAmD;AACjF,KAAI,QAAQ,SAASA,qCAAuB,kBAAkB;EAC5D,MAAM,IAAI,SAAS;AACnB,SAAO,GAAG;;AAEZ,QAAO,SAAS;;AAGlB,SAAgB,0BAA0B,SAAuD;AAC/F,KAAI,QAAQ,SAASA,qCAAuB,iBAC1C,OAAM,IAAI,MAAM,0CAA0C,QAAQ;AAEpE,QAAO,QAAQ;;AAGjB,SAAgB,0BAA0B,SAAuD;AAC/F,KAAI,QAAQ,SAASA,qCAAuB,oBAAoB,QAAQ,SAASA,qCAAuB,YACtG,OAAM,IAAI,MAAM,yDAAyD,QAAQ;AAEnF,QAAO,QAAQ"}
1	+ {"version":3,"file":"requestHelpers.js","names":["SecureConfirmationType"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/requestHelpers.ts"],"sourcesContent":["import {\n SecureConfirmRequest,\n SecureConfirmationType,\n SignTransactionPayload,\n RegisterAccountPayload,\n SignNep413Payload,\n} from '../types';\n\nexport function getNearAccountId(request: SecureConfirmRequest): string {\n switch (request.type) {\n case SecureConfirmationType.SIGN_TRANSACTION:\n return getSignTransactionPayload(request).rpcCall.nearAccountId;\n case SecureConfirmationType.SIGN_NEP413_MESSAGE:\n return (request.payload as SignNep413Payload).nearAccountId;\n case SecureConfirmationType.REGISTER_ACCOUNT:\n case SecureConfirmationType.LINK_DEVICE:\n return getRegisterAccountPayload(request).nearAccountId;\n case SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF: {\n const p = request.payload as { nearAccountId?: string };\n return p?.nearAccountId \|\| '';\n }\n case SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI: {\n const p = request.payload as { nearAccountId?: string };\n return p?.nearAccountId \|\| '';\n }\n default:\n return '';\n }\n}\n\nexport function getTxCount(request: SecureConfirmRequest): number {\n return request.type === SecureConfirmationType.SIGN_TRANSACTION\n ? (getSignTransactionPayload(request).txSigningRequests?.length \|\| 1)\n : 1;\n}\n\nexport function getIntentDigest(request: SecureConfirmRequest): string \| undefined {\n if (request.type === SecureConfirmationType.SIGN_TRANSACTION) {\n const p = request?.payload as Partial<SignTransactionPayload> \| undefined;\n return p?.intentDigest;\n }\n return request?.intentDigest;\n}\n\nexport function getSignTransactionPayload(request: SecureConfirmRequest): SignTransactionPayload {\n if (request.type !== SecureConfirmationType.SIGN_TRANSACTION) {\n throw new Error(`Expected SIGN_TRANSACTION request, got ${request.type}`);\n }\n return request.payload as SignTransactionPayload;\n}\n\nexport function getRegisterAccountPayload(request: SecureConfirmRequest): RegisterAccountPayload {\n if (request.type !== SecureConfirmationType.REGISTER_ACCOUNT && request.type !== SecureConfirmationType.LINK_DEVICE) {\n throw new Error(`Expected REGISTER_ACCOUNT or LINK_DEVICE request, got ${request.type}`);\n }\n return request.payload as RegisterAccountPayload;\n}\n\n"],"mappings":";;;AAQA,SAAgB,iBAAiB,SAAuC;AACtE,SAAQ,QAAQ,MAAhB;EACE,KAAKA,qCAAuB,iBAC1B,QAAO,0BAA0B,SAAS,QAAQ;EACpD,KAAKA,qCAAuB,oBAC1B,QAAQ,QAAQ,QAA8B;EAChD,KAAKA,qCAAuB;EAC5B,KAAKA,qCAAuB,YAC1B,QAAO,0BAA0B,SAAS;EAC5C,KAAKA,qCAAuB,8BAA8B;GACxD,MAAM,IAAI,QAAQ;AAClB,UAAO,GAAG,iBAAiB;;EAE7B,KAAKA,qCAAuB,4BAA4B;GACtD,MAAM,IAAI,QAAQ;AAClB,UAAO,GAAG,iBAAiB;;EAE7B,QACE,QAAO;;;AAIb,SAAgB,WAAW,SAAuC;AAChE,QAAO,QAAQ,SAASA,qCAAuB,mBAC1C,0BAA0B,SAAS,mBAAmB,UAAU,IACjE;;AAGN,SAAgB,gBAAgB,SAAmD;AACjF,KAAI,QAAQ,SAASA,qCAAuB,kBAAkB;EAC5D,MAAM,IAAI,SAAS;AACnB,SAAO,GAAG;;AAEZ,QAAO,SAAS;;AAGlB,SAAgB,0BAA0B,SAAuD;AAC/F,KAAI,QAAQ,SAASA,qCAAuB,iBAC1C,OAAM,IAAI,MAAM,0CAA0C,QAAQ;AAEpE,QAAO,QAAQ;;AAGjB,SAAgB,0BAA0B,SAAuD;AAC/F,KAAI,QAAQ,SAASA,qCAAuB,oBAAoB,QAAQ,SAASA,qCAAuB,YACtG,OAAM,IAAI,MAAM,yDAAyD,QAAQ;AAEnF,QAAO,QAAQ"}