@tatchi-xyz/sdk 0.31.0 → 0.31.1

package/dist/esm/sdk/{registration-BP9M3tE1.js → registration-BR2G9tz_.js}

@@ -13,7 +13,7 @@ import { toError } from "./errors-DevlT39D.js";
 import { isSerializedRegistrationCredential, serializeRegistrationCredentialWithPRF } from "./safari-fallbacks-BcMFntiP.js";
 import "./touchIdPrompt-JPhrOx8o.js";
 import { ERROR_MESSAGES, getIntentDigest, getNearAccountId, getRegisterAccountPayload, isUserCancelledSecureConfirm } from "./collectAuthenticationCredentialForVrfChallenge-DqzPzwvU.js";
-import { createConfirmSession, createConfirmTxFlowAdapters } from "./createAdapters-1Hmc1vVC.js";
+import { createConfirmSession, createConfirmTxFlowAdapters } from "./createAdapters-DF32SIZa.js";
 
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.ts
 async function handleRegistrationFlow(ctx, request, worker, opts) {
@@ -27,78 +27,70 @@ async function handleRegistrationFlow(ctx, request, worker, opts) {
 		transactionSummary
 	});
 	const nearAccountId = getNearAccountId(request);
-	console.debug("[RegistrationFlow] start", {
-		nearAccountId,
-		uiMode: confirmationConfig?.uiMode,
-		behavior: confirmationConfig?.behavior,
-		theme: confirmationConfig?.theme,
-		intentDigest: transactionSummary?.intentDigest
-	});
-	const nearRpc = await adapters.near.fetchNearContext({
-		nearAccountId,
-		txCount: 1,
-		reserveNonces: true
-	});
-	if (nearRpc.error && !nearRpc.transactionContext) return session.confirmAndCloseModal({
-		requestId: request.requestId,
-		intentDigest: getIntentDigest(request),
-		confirmed: false,
-		error: `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}`
-	});
-	const transactionContext = nearRpc.transactionContext;
-	session.setReservedNonces(nearRpc.reservedNonces);
-	const computeBoundIntentDigestB64u = async () => {
-		const uiIntentDigest = getIntentDigest(request);
-		if (!uiIntentDigest) throw new Error("Missing intentDigest for registration flow");
-		return sha256Base64UrlUtf8(uiIntentDigest);
-	};
-	const rpId = adapters.vrf.getRpId();
-	const boundIntentDigestB64u = await computeBoundIntentDigestB64u();
-	const bootstrap = await adapters.vrf.generateVrfKeypairBootstrap({
-		vrfInputData: {
-			userId: nearAccountId,
-			rpId,
-			blockHeight: transactionContext.txBlockHeight,
-			blockHash: transactionContext.txBlockHash,
-			intentDigest: boundIntentDigestB64u
-		},
-		saveInMemory: true,
-		sessionId: request.requestId
-	});
-	let uiVrfChallenge = bootstrap.vrfChallenge;
-	console.debug("[RegistrationFlow] VRF bootstrap ok", { blockHeight: uiVrfChallenge.blockHeight });
-	const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallenge });
-	if (!confirmed) {
-		console.debug("[RegistrationFlow] user cancelled");
-		return session.confirmAndCloseModal({
+	try {
+		const nearRpc = await adapters.near.fetchNearContext({
+			nearAccountId,
+			txCount: 1,
+			reserveNonces: true
+		});
+		if (nearRpc.error && !nearRpc.transactionContext) return session.confirmAndCloseModal({
 			requestId: request.requestId,
 			intentDigest: getIntentDigest(request),
 			confirmed: false,
-			error: uiError
+			error: `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}`
 		});
-	}
-	try {
-		const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);
-		uiVrfChallenge = refreshed.vrfChallenge;
-		session.updateUI({ vrfChallenge: uiVrfChallenge });
-		console.debug("[RegistrationFlow] VRF JIT refresh ok", { blockHeight: uiVrfChallenge.blockHeight });
-	} catch (e) {
-		console.debug("[RegistrationFlow] VRF JIT refresh skipped", e);
-	}
-	let credential;
-	let deviceNumber = request.payload?.deviceNumber ?? 1;
-	const tryCreate = async (dn) => {
-		console.debug("[RegistrationFlow] navigator.credentials.create start", { deviceNumber: dn });
-		return await adapters.webauthn.createRegistrationCredential({
-			nearAccountId,
-			challenge: uiVrfChallenge,
-			deviceNumber: dn
+		const transactionContext = nearRpc.transactionContext;
+		session.setReservedNonces(nearRpc.reservedNonces);
+		const computeBoundIntentDigestB64u = async () => {
+			const uiIntentDigest = getIntentDigest(request);
+			if (!uiIntentDigest) throw new Error("Missing intentDigest for registration flow");
+			return sha256Base64UrlUtf8(uiIntentDigest);
+		};
+		const rpId = adapters.vrf.getRpId();
+		const boundIntentDigestB64u = await computeBoundIntentDigestB64u();
+		const bootstrap = await adapters.vrf.generateVrfKeypairBootstrap({
+			vrfInputData: {
+				userId: nearAccountId,
+				rpId,
+				blockHeight: transactionContext.txBlockHeight,
+				blockHash: transactionContext.txBlockHash,
+				intentDigest: boundIntentDigestB64u
+			},
+			saveInMemory: true,
+			sessionId: request.requestId
 		});
-	};
-	try {
+		let uiVrfChallenge = bootstrap.vrfChallenge;
+		console.debug("[RegistrationFlow] VRF bootstrap ok", { blockHeight: uiVrfChallenge.blockHeight });
+		const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallenge });
+		if (!confirmed) {
+			console.debug("[RegistrationFlow] user cancelled");
+			return session.confirmAndCloseModal({
+				requestId: request.requestId,
+				intentDigest: getIntentDigest(request),
+				confirmed: false,
+				error: uiError
+			});
+		}
+		try {
+			const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);
+			uiVrfChallenge = refreshed.vrfChallenge;
+			session.updateUI({ vrfChallenge: uiVrfChallenge });
+			console.debug("[RegistrationFlow] VRF JIT refresh ok", { blockHeight: uiVrfChallenge.blockHeight });
+		} catch (e) {
+			console.debug("[RegistrationFlow] VRF JIT refresh skipped", e);
+		}
+		let credential;
+		let deviceNumber = request.payload?.deviceNumber ?? 1;
+		const tryCreate = async (dn) => {
+			console.debug("[RegistrationFlow] navigator.credentials.create start", { deviceNumber: dn });
+			return await adapters.webauthn.createRegistrationCredential({
+				nearAccountId,
+				challenge: uiVrfChallenge,
+				deviceNumber: dn
+			});
+		};
 		try {
 			credential = await tryCreate(deviceNumber);
-			console.debug("[RegistrationFlow] credentials.create ok");
 		} catch (e) {
 			const err = toError(e);
 			const name = String(err?.name || "");
@@ -149,14 +141,13 @@ async function handleRegistrationFlow(ctx, request, worker, opts) {
 	} catch (err) {
 		const cancelled = isUserCancelledSecureConfirm(err);
 		const msg = String(toError(err)?.message || err || "");
-		if (/Missing PRF result/i.test(msg) || /Missing PRF results/i.test(msg)) return session.cleanupAndRethrow(err);
 		if (cancelled) window.parent?.postMessage({ type: "WALLET_UI_CLOSED" }, "*");
 		const isPrfBrowserUnsupported = /WebAuthn PRF output is missing from navigator\.credentials\.create\(\)/i.test(msg) || /does not fully support the WebAuthn PRF extension during registration/i.test(msg) || /roaming hardware authenticators .* not supported in this flow/i.test(msg);
 		return session.confirmAndCloseModal({
 			requestId: request.requestId,
 			intentDigest: getIntentDigest(request),
 			confirmed: false,
-			error: cancelled ? ERROR_MESSAGES.cancelled : isPrfBrowserUnsupported ? msg : ERROR_MESSAGES.collectCredentialsFailed
+			error: cancelled ? ERROR_MESSAGES.cancelled : isPrfBrowserUnsupported ? msg : msg || ERROR_MESSAGES.collectCredentialsFailed
 		});
 	}
 }

package/dist/esm/sdk/{registration-MrAOC8Ub.js → registration-R70lvG_o.js}

@@ -1,6 +1,6 @@
 import "./validation-hUZgySTx.js";
 import { ERROR_MESSAGES, getIntentDigest, getNearAccountId, getRegisterAccountPayload, isSerializedRegistrationCredential, isUserCancelledSecureConfirm, serializeRegistrationCredentialWithPRF, sha256Base64UrlUtf8, toError } from "./collectAuthenticationCredentialForVrfChallenge-C9p90e5Z.js";
-import { createConfirmSession, createConfirmTxFlowAdapters } from "./createAdapters-Dv7ZJPf1.js";
+import { createConfirmSession, createConfirmTxFlowAdapters } from "./createAdapters-4c8mBiD5.js";
 import "./css-loader-DWW-_Vli.js";
 
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.ts
@@ -15,78 +15,70 @@ async function handleRegistrationFlow(ctx, request, worker, opts) {
 		transactionSummary
 	});
 	const nearAccountId = getNearAccountId(request);
-	console.debug("[RegistrationFlow] start", {
-		nearAccountId,
-		uiMode: confirmationConfig?.uiMode,
-		behavior: confirmationConfig?.behavior,
-		theme: confirmationConfig?.theme,
-		intentDigest: transactionSummary?.intentDigest
-	});
-	const nearRpc = await adapters.near.fetchNearContext({
-		nearAccountId,
-		txCount: 1,
-		reserveNonces: true
-	});
-	if (nearRpc.error && !nearRpc.transactionContext) return session.confirmAndCloseModal({
-		requestId: request.requestId,
-		intentDigest: getIntentDigest(request),
-		confirmed: false,
-		error: `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}`
-	});
-	const transactionContext = nearRpc.transactionContext;
-	session.setReservedNonces(nearRpc.reservedNonces);
-	const computeBoundIntentDigestB64u = async () => {
-		const uiIntentDigest = getIntentDigest(request);
-		if (!uiIntentDigest) throw new Error("Missing intentDigest for registration flow");
-		return sha256Base64UrlUtf8(uiIntentDigest);
-	};
-	const rpId = adapters.vrf.getRpId();
-	const boundIntentDigestB64u = await computeBoundIntentDigestB64u();
-	const bootstrap = await adapters.vrf.generateVrfKeypairBootstrap({
-		vrfInputData: {
-			userId: nearAccountId,
-			rpId,
-			blockHeight: transactionContext.txBlockHeight,
-			blockHash: transactionContext.txBlockHash,
-			intentDigest: boundIntentDigestB64u
-		},
-		saveInMemory: true,
-		sessionId: request.requestId
-	});
-	let uiVrfChallenge = bootstrap.vrfChallenge;
-	console.debug("[RegistrationFlow] VRF bootstrap ok", { blockHeight: uiVrfChallenge.blockHeight });
-	const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallenge });
-	if (!confirmed) {
-		console.debug("[RegistrationFlow] user cancelled");
-		return session.confirmAndCloseModal({
+	try {
+		const nearRpc = await adapters.near.fetchNearContext({
+			nearAccountId,
+			txCount: 1,
+			reserveNonces: true
+		});
+		if (nearRpc.error && !nearRpc.transactionContext) return session.confirmAndCloseModal({
 			requestId: request.requestId,
 			intentDigest: getIntentDigest(request),
 			confirmed: false,
-			error: uiError
+			error: `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}`
 		});
-	}
-	try {
-		const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);
-		uiVrfChallenge = refreshed.vrfChallenge;
-		session.updateUI({ vrfChallenge: uiVrfChallenge });
-		console.debug("[RegistrationFlow] VRF JIT refresh ok", { blockHeight: uiVrfChallenge.blockHeight });
-	} catch (e) {
-		console.debug("[RegistrationFlow] VRF JIT refresh skipped", e);
-	}
-	let credential;
-	let deviceNumber = request.payload?.deviceNumber ?? 1;
-	const tryCreate = async (dn) => {
-		console.debug("[RegistrationFlow] navigator.credentials.create start", { deviceNumber: dn });
-		return await adapters.webauthn.createRegistrationCredential({
-			nearAccountId,
-			challenge: uiVrfChallenge,
-			deviceNumber: dn
+		const transactionContext = nearRpc.transactionContext;
+		session.setReservedNonces(nearRpc.reservedNonces);
+		const computeBoundIntentDigestB64u = async () => {
+			const uiIntentDigest = getIntentDigest(request);
+			if (!uiIntentDigest) throw new Error("Missing intentDigest for registration flow");
+			return sha256Base64UrlUtf8(uiIntentDigest);
+		};
+		const rpId = adapters.vrf.getRpId();
+		const boundIntentDigestB64u = await computeBoundIntentDigestB64u();
+		const bootstrap = await adapters.vrf.generateVrfKeypairBootstrap({
+			vrfInputData: {
+				userId: nearAccountId,
+				rpId,
+				blockHeight: transactionContext.txBlockHeight,
+				blockHash: transactionContext.txBlockHash,
+				intentDigest: boundIntentDigestB64u
+			},
+			saveInMemory: true,
+			sessionId: request.requestId
 		});
-	};
-	try {
+		let uiVrfChallenge = bootstrap.vrfChallenge;
+		console.debug("[RegistrationFlow] VRF bootstrap ok", { blockHeight: uiVrfChallenge.blockHeight });
+		const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallenge });
+		if (!confirmed) {
+			console.debug("[RegistrationFlow] user cancelled");
+			return session.confirmAndCloseModal({
+				requestId: request.requestId,
+				intentDigest: getIntentDigest(request),
+				confirmed: false,
+				error: uiError
+			});
+		}
+		try {
+			const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);
+			uiVrfChallenge = refreshed.vrfChallenge;
+			session.updateUI({ vrfChallenge: uiVrfChallenge });
+			console.debug("[RegistrationFlow] VRF JIT refresh ok", { blockHeight: uiVrfChallenge.blockHeight });
+		} catch (e) {
+			console.debug("[RegistrationFlow] VRF JIT refresh skipped", e);
+		}
+		let credential;
+		let deviceNumber = request.payload?.deviceNumber ?? 1;
+		const tryCreate = async (dn) => {
+			console.debug("[RegistrationFlow] navigator.credentials.create start", { deviceNumber: dn });
+			return await adapters.webauthn.createRegistrationCredential({
+				nearAccountId,
+				challenge: uiVrfChallenge,
+				deviceNumber: dn
+			});
+		};
 		try {
 			credential = await tryCreate(deviceNumber);
-			console.debug("[RegistrationFlow] credentials.create ok");
 		} catch (e) {
 			const err = toError(e);
 			const name = String(err?.name || "");
@@ -137,18 +129,17 @@ async function handleRegistrationFlow(ctx, request, worker, opts) {
 	} catch (err) {
 		const cancelled = isUserCancelledSecureConfirm(err);
 		const msg = String(toError(err)?.message || err || "");
-		if (/Missing PRF result/i.test(msg) || /Missing PRF results/i.test(msg)) return session.cleanupAndRethrow(err);
 		if (cancelled) window.parent?.postMessage({ type: "WALLET_UI_CLOSED" }, "*");
 		const isPrfBrowserUnsupported = /WebAuthn PRF output is missing from navigator\.credentials\.create\(\)/i.test(msg) || /does not fully support the WebAuthn PRF extension during registration/i.test(msg) || /roaming hardware authenticators .* not supported in this flow/i.test(msg);
 		return session.confirmAndCloseModal({
 			requestId: request.requestId,
 			intentDigest: getIntentDigest(request),
 			confirmed: false,
-			error: cancelled ? ERROR_MESSAGES.cancelled : isPrfBrowserUnsupported ? msg : ERROR_MESSAGES.collectCredentialsFailed
+			error: cancelled ? ERROR_MESSAGES.cancelled : isPrfBrowserUnsupported ? msg : msg || ERROR_MESSAGES.collectCredentialsFailed
 		});
 	}
 }
 
 //#endregion
 export { handleRegistrationFlow };
-//# sourceMappingURL=registration-MrAOC8Ub.js.map
+//# sourceMappingURL=registration-R70lvG_o.js.map

package/dist/esm/sdk/registration-R70lvG_o.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registration-R70lvG_o.js","names":["uiVrfChallenge: VRFChallenge","credential: PublicKeyCredential | undefined","e: unknown","serialized: WebAuthnRegistrationCredential","err: unknown"],"sources":["../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport {\n  TransactionSummary,\n  RegistrationSecureConfirmRequest,\n} from '../types';\nimport { VRFChallenge, TransactionContext } from '../../../../types';\nimport type { WebAuthnRegistrationCredential } from '../../../../types/webauthn';\nimport { sha256Base64UrlUtf8 } from '../../../../digests/intentDigest';\nimport {\n  getNearAccountId,\n  getIntentDigest,\n  isUserCancelledSecureConfirm,\n  ERROR_MESSAGES,\n  getRegisterAccountPayload,\n} from './index';\nimport { isSerializedRegistrationCredential, serializeRegistrationCredentialWithPRF } from '../../../credentialsHelpers';\nimport { toError } from '../../../../../utils/errors';\nimport { createConfirmSession } from '../adapters/session';\nimport { createConfirmTxFlowAdapters } from '../adapters/createAdapters';\n\nexport async function handleRegistrationFlow(\n  ctx: VrfWorkerManagerContext,\n  request: RegistrationSecureConfirmRequest,\n  worker: Worker,\n  opts: { confirmationConfig: ConfirmationConfig; transactionSummary: TransactionSummary },\n): Promise<void> {\n\n  const { confirmationConfig, transactionSummary } = opts;\n  const adapters = createConfirmTxFlowAdapters(ctx);\n  const session = createConfirmSession({\n    adapters,\n    worker,\n    request,\n    confirmationConfig,\n    transactionSummary,\n  });\n  const nearAccountId = getNearAccountId(request);\n\n  try {\n    // 1) NEAR context\n    const nearRpc = await adapters.near.fetchNearContext({ nearAccountId, txCount: 1, reserveNonces: true });\n    if (nearRpc.error && !nearRpc.transactionContext) {\n      return session.confirmAndCloseModal({\n        requestId: request.requestId,\n        intentDigest: getIntentDigest(request),\n        confirmed: false,\n        error: `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}`,\n      });\n    }\n    const transactionContext = nearRpc.transactionContext as TransactionContext;\n    session.setReservedNonces(nearRpc.reservedNonces);\n\n    const computeBoundIntentDigestB64u = async (): Promise<string> => {\n      const uiIntentDigest = getIntentDigest(request);\n      if (!uiIntentDigest) {\n        throw new Error('Missing intentDigest for registration flow');\n      }\n      return sha256Base64UrlUtf8(uiIntentDigest);\n    };\n\n    // 2) Initial VRF challenge via bootstrap\n    const rpId = adapters.vrf.getRpId();\n    const boundIntentDigestB64u = await computeBoundIntentDigestB64u();\n    const bootstrap = await adapters.vrf.generateVrfKeypairBootstrap({\n      vrfInputData: {\n        userId: nearAccountId,\n        rpId,\n        blockHeight: transactionContext.txBlockHeight,\n        blockHash: transactionContext.txBlockHash,\n        intentDigest: boundIntentDigestB64u,\n      },\n      saveInMemory: true,\n      sessionId: request.requestId,\n    });\n    let uiVrfChallenge: VRFChallenge = bootstrap.vrfChallenge;\n    console.debug('[RegistrationFlow] VRF bootstrap ok', { blockHeight: uiVrfChallenge.blockHeight });\n\n    // 3) UI confirm\n    const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallenge });\n    if (!confirmed) {\n      console.debug('[RegistrationFlow] user cancelled');\n      return session.confirmAndCloseModal({\n        requestId: request.requestId,\n        intentDigest: getIntentDigest(request),\n        confirmed: false,\n        error: uiError,\n      });\n    }\n\n    // 4) JIT refresh VRF (best-effort)\n    try {\n      const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);\n      uiVrfChallenge = refreshed.vrfChallenge;\n      session.updateUI({ vrfChallenge: uiVrfChallenge });\n      console.debug('[RegistrationFlow] VRF JIT refresh ok', { blockHeight: uiVrfChallenge.blockHeight });\n    } catch (e) {\n      console.debug('[RegistrationFlow] VRF JIT refresh skipped', e);\n    }\n\n    // 5) Collect registration credentials (with duplicate retry)\n    let credential: PublicKeyCredential | undefined;\n    let deviceNumber = request.payload?.deviceNumber ?? 1;\n\n    const tryCreate = async (dn?: number): Promise<PublicKeyCredential> => {\n      console.debug('[RegistrationFlow] navigator.credentials.create start', { deviceNumber: dn });\n      return await adapters.webauthn.createRegistrationCredential({\n        nearAccountId,\n        challenge: uiVrfChallenge,\n        deviceNumber: dn,\n      });\n    };\n\n    try {\n      credential = await tryCreate(deviceNumber);\n    } catch (e: unknown) {\n\n      const err = toError(e);\n      const name = String(err?.name || '');\n      const msg = String(err?.message || '');\n      const isDuplicate = name === 'InvalidStateError' || /excluded|already\\s*registered/i.test(msg);\n\n      if (isDuplicate) {\n        const nextDeviceNumber = (deviceNumber !== undefined && Number.isFinite(deviceNumber)) ? (deviceNumber + 1) : 2;\n        console.debug('[RegistrationFlow] duplicate credential, retry with next deviceNumber', { nextDeviceNumber });\n        // Keep request payload and intentDigest in sync with the deviceNumber retry.\n        deviceNumber = nextDeviceNumber;\n        getRegisterAccountPayload(request).deviceNumber = nextDeviceNumber;\n        request.intentDigest = request.type === 'registerAccount'\n          ? `register:${nearAccountId}:${nextDeviceNumber}`\n          : `device2-register:${nearAccountId}:${nextDeviceNumber}`;\n\n        // Regenerate a VRF challenge bound to the updated intentDigest so the contract-side\n        // VRF input derivation remains consistent end-to-end.\n        const retryBoundIntentDigestB64u = await computeBoundIntentDigestB64u();\n        const retryBootstrap = await adapters.vrf.generateVrfKeypairBootstrap({\n          vrfInputData: {\n            userId: nearAccountId,\n            rpId,\n            blockHeight: transactionContext.txBlockHeight,\n            blockHash: transactionContext.txBlockHash,\n            intentDigest: retryBoundIntentDigestB64u,\n          },\n          saveInMemory: true,\n          sessionId: request.requestId,\n        });\n        uiVrfChallenge = retryBootstrap.vrfChallenge;\n        session.updateUI({ vrfChallenge: uiVrfChallenge });\n\n        credential = await tryCreate(nextDeviceNumber);\n      } else {\n        console.error('[RegistrationFlow] credentials.create failed (non-duplicate)', { name, msg });\n        throw err;\n      }\n    }\n\n    // We require registration credentials to include dual PRF outputs (first + second)\n    // so VRF/NEAR key derivation can happen inside the workers without passing PRF outputs\n    // as separate main-thread values.\n    const serialized: WebAuthnRegistrationCredential = isSerializedRegistrationCredential(credential)\n      ? (credential as unknown as WebAuthnRegistrationCredential)\n      : serializeRegistrationCredentialWithPRF({\n          credential: credential! as PublicKeyCredential,\n          firstPrfOutput: true,\n          secondPrfOutput: true,\n      });\n\n    // 6) Respond + close\n    session.confirmAndCloseModal({\n      requestId: request.requestId,\n      intentDigest: getIntentDigest(request),\n      confirmed: true,\n      credential: serialized,\n      // PRF outputs are embedded in serialized credential; VRF worker extracts and sends via MessagePort\n      vrfChallenge: uiVrfChallenge,\n      transactionContext,\n    });\n  } catch (err: unknown) {\n\n    const cancelled = isUserCancelledSecureConfirm(err);\n    const msg = String((toError(err))?.message || err || '');\n    if (cancelled) {\n      window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '*');\n    }\n\n    const isPrfBrowserUnsupported =\n      /WebAuthn PRF output is missing from navigator\\.credentials\\.create\\(\\)/i.test(msg)\n      || /does not fully support the WebAuthn PRF extension during registration/i.test(msg)\n      || /roaming hardware authenticators .* not supported in this flow/i.test(msg);\n\n    return session.confirmAndCloseModal({\n      requestId: request.requestId,\n      intentDigest: getIntentDigest(request),\n      confirmed: false,\n      error: cancelled\n        ? ERROR_MESSAGES.cancelled\n        : (isPrfBrowserUnsupported ? msg : (msg || ERROR_MESSAGES.collectCredentialsFailed)),\n    });\n  }\n}\n"],"mappings":";;;;;;AAqBA,eAAsB,uBACpB,KACA,SACA,QACA,MACe;CAEf,MAAM,EAAE,oBAAoB,uBAAuB;CACnD,MAAM,WAAW,4BAA4B;CAC7C,MAAM,UAAU,qBAAqB;EACnC;EACA;EACA;EACA;EACA;;CAEF,MAAM,gBAAgB,iBAAiB;AAEvC,KAAI;EAEF,MAAM,UAAU,MAAM,SAAS,KAAK,iBAAiB;GAAE;GAAe,SAAS;GAAG,eAAe;;AACjG,MAAI,QAAQ,SAAS,CAAC,QAAQ,mBAC5B,QAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAc,gBAAgB;GAC9B,WAAW;GACX,OAAO,GAAG,eAAe,cAAc,IAAI,QAAQ;;EAGvD,MAAM,qBAAqB,QAAQ;AACnC,UAAQ,kBAAkB,QAAQ;EAElC,MAAM,+BAA+B,YAA6B;GAChE,MAAM,iBAAiB,gBAAgB;AACvC,OAAI,CAAC,eACH,OAAM,IAAI,MAAM;AAElB,UAAO,oBAAoB;;EAI7B,MAAM,OAAO,SAAS,IAAI;EAC1B,MAAM,wBAAwB,MAAM;EACpC,MAAM,YAAY,MAAM,SAAS,IAAI,4BAA4B;GAC/D,cAAc;IACZ,QAAQ;IACR;IACA,aAAa,mBAAmB;IAChC,WAAW,mBAAmB;IAC9B,cAAc;;GAEhB,cAAc;GACd,WAAW,QAAQ;;EAErB,IAAIA,iBAA+B,UAAU;AAC7C,UAAQ,MAAM,uCAAuC,EAAE,aAAa,eAAe;EAGnF,MAAM,EAAE,WAAW,OAAO,YAAY,MAAM,QAAQ,WAAW,EAAE,cAAc;AAC/E,MAAI,CAAC,WAAW;AACd,WAAQ,MAAM;AACd,UAAO,QAAQ,qBAAqB;IAClC,WAAW,QAAQ;IACnB,cAAc,gBAAgB;IAC9B,WAAW;IACX,OAAO;;;AAKX,MAAI;GACF,MAAM,YAAY,MAAM,SAAS,IAAI,yBAAyB,SAAS;AACvE,oBAAiB,UAAU;AAC3B,WAAQ,SAAS,EAAE,cAAc;AACjC,WAAQ,MAAM,yCAAyC,EAAE,aAAa,eAAe;WAC9E,GAAG;AACV,WAAQ,MAAM,8CAA8C;;EAI9D,IAAIC;EACJ,IAAI,eAAe,QAAQ,SAAS,gBAAgB;EAEpD,MAAM,YAAY,OAAO,OAA8C;AACrE,WAAQ,MAAM,yDAAyD,EAAE,cAAc;AACvF,UAAO,MAAM,SAAS,SAAS,6BAA6B;IAC1D;IACA,WAAW;IACX,cAAc;;;AAIlB,MAAI;AACF,gBAAa,MAAM,UAAU;WACtBC,GAAY;GAEnB,MAAM,MAAM,QAAQ;GACpB,MAAM,OAAO,OAAO,KAAK,QAAQ;GACjC,MAAM,MAAM,OAAO,KAAK,WAAW;GACnC,MAAM,cAAc,SAAS,uBAAuB,iCAAiC,KAAK;AAE1F,OAAI,aAAa;IACf,MAAM,mBAAoB,iBAAiB,UAAa,OAAO,SAAS,gBAAkB,eAAe,IAAK;AAC9G,YAAQ,MAAM,yEAAyE,EAAE;AAEzF,mBAAe;AACf,8BAA0B,SAAS,eAAe;AAClD,YAAQ,eAAe,QAAQ,SAAS,oBACpC,YAAY,cAAc,GAAG,qBAC7B,oBAAoB,cAAc,GAAG;IAIzC,MAAM,6BAA6B,MAAM;IACzC,MAAM,iBAAiB,MAAM,SAAS,IAAI,4BAA4B;KACpE,cAAc;MACZ,QAAQ;MACR;MACA,aAAa,mBAAmB;MAChC,WAAW,mBAAmB;MAC9B,cAAc;;KAEhB,cAAc;KACd,WAAW,QAAQ;;AAErB,qBAAiB,eAAe;AAChC,YAAQ,SAAS,EAAE,cAAc;AAEjC,iBAAa,MAAM,UAAU;UACxB;AACL,YAAQ,MAAM,gEAAgE;KAAE;KAAM;;AACtF,UAAM;;;EAOV,MAAMC,aAA6C,mCAAmC,cACjF,aACD,uCAAuC;GACzB;GACZ,gBAAgB;GAChB,iBAAiB;;AAIvB,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAc,gBAAgB;GAC9B,WAAW;GACX,YAAY;GAEZ,cAAc;GACd;;UAEKC,KAAc;EAErB,MAAM,YAAY,6BAA6B;EAC/C,MAAM,MAAM,OAAQ,QAAQ,MAAO,WAAW,OAAO;AACrD,MAAI,UACF,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;EAG3D,MAAM,0BACJ,0EAA0E,KAAK,QAC5E,yEAAyE,KAAK,QAC9E,iEAAiE,KAAK;AAE3E,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAc,gBAAgB;GAC9B,WAAW;GACX,OAAO,YACH,eAAe,YACd,0BAA0B,MAAO,OAAO,eAAe"}

package/dist/esm/sdk/{router-BEGGuWaB.js → router-2aGn-CTp.js}

@@ -5,7 +5,7 @@ import "./base64-dqpWgddX.js";
 import { ActionPhase, DeviceLinkingPhase, EmailRecoveryPhase, LoginPhase, RegistrationPhase, SyncAccountPhase } from "./sdkSentEvents-CzAZBFjP.js";
 import { toError } from "./errors-DevlT39D.js";
 import { SignedTransaction, openOfflineExportWindow } from "./overlay-Ci2FOQKE.js";
-import { PASSKEY_MANAGER_DEFAULT_CONFIGS } from "./defaultConfigs-BmCU1_qI.js";
+import { PASSKEY_MANAGER_DEFAULT_CONFIGS } from "./defaultConfigs-BQqiXif-.js";
 import { WebAuthnBridgeMessage, serializeAuthenticationCredentialWithPRF, serializeRegistrationCredentialWithPRF } from "./safari-fallbacks-BcMFntiP.js";
 
 //#region src/core/WalletIframe/client/on-events-progress-bus.ts

package/dist/esm/sdk/{rpcCalls-CMzj_Va_.js → rpcCalls-BPI0icZG.js}

@@ -6,7 +6,7 @@ import "./base64-dqpWgddX.js";
 import "./vrf-worker-BzQsJ5BW.js";
 import "./sdkSentEvents-CzAZBFjP.js";
 import "./errors-DevlT39D.js";
-import "./defaultConfigs-BmCU1_qI.js";
-import { buildSetRecoveryEmailsActions, checkCanRegisterUserContractCall, executeDeviceLinkingContractCalls, getAuthenticatorsByUser, getCredentialIdsContractCall, getDeviceLinkingAccountContractCall, getEmailRecoveryAttempt, getRecoveryEmailHashesContractCall, hasAccessKey, syncAuthenticatorsContractCall, thresholdEd25519Keygen, thresholdEd25519KeygenFromRegistrationTx, verifyAuthenticationResponse, waitForAccessKeyAbsent } from "./rpcCalls-B44MZora.js";
+import "./defaultConfigs-BQqiXif-.js";
+import { buildSetRecoveryEmailsActions, checkCanRegisterUserContractCall, executeDeviceLinkingContractCalls, getAuthenticatorsByUser, getCredentialIdsContractCall, getDeviceLinkingAccountContractCall, getEmailRecoveryAttempt, getRecoveryEmailHashesContractCall, hasAccessKey, syncAuthenticatorsContractCall, thresholdEd25519Keygen, thresholdEd25519KeygenFromRegistrationTx, verifyAuthenticationResponse, waitForAccessKeyAbsent } from "./rpcCalls-BW3M_q3-.js";
 
 export { buildSetRecoveryEmailsActions, getRecoveryEmailHashesContractCall };

package/dist/esm/sdk/{rpcCalls-B44MZora.js → rpcCalls-BW3M_q3-.js}

@@ -5,7 +5,7 @@ import { base64UrlDecode, base64UrlEncode } from "./base64-dqpWgddX.js";
 import { createRandomVRFChallenge } from "./vrf-worker-BzQsJ5BW.js";
 import { ActionPhase, DeviceLinkingPhase, DeviceLinkingStatus } from "./sdkSentEvents-CzAZBFjP.js";
 import { errorMessage } from "./errors-DevlT39D.js";
-import { DEFAULT_EMAIL_RECOVERY_CONTRACTS } from "./defaultConfigs-BmCU1_qI.js";
+import { DEFAULT_EMAIL_RECOVERY_CONTRACTS } from "./defaultConfigs-BQqiXif-.js";
 
 //#region src/core/rpcCalls.ts
 function normalizeByteArray(input) {

package/dist/esm/sdk/{scanDevice-Cp-r-Z2T.js → scanDevice-BBSehlMx.js}

@@ -3,18 +3,18 @@ import "./actions-fHadejPs.js";
 import "./rpc-Dq3ioE9T.js";
 import "./signer-worker-DK847sXj.js";
 import "./base64-dqpWgddX.js";
-import { getLoginSession } from "./login-DnROv3eA.js";
+import { getLoginSession } from "./login-BKhTuGcy.js";
 import "./vrf-worker-BzQsJ5BW.js";
 import { DeviceLinkingPhase, DeviceLinkingStatus } from "./sdkSentEvents-CzAZBFjP.js";
 import { DEVICE_LINKING_CONFIG, DeviceLinkingError, DeviceLinkingErrorCode } from "./config-BbNXtVtu.js";
 import "./accountIds-DVDhXwVA.js";
 import "./intentDigest-yivVENNK.js";
 import "./errors-DevlT39D.js";
-import "./IndexedDBManager-B1cUvdyY.js";
-import "./defaultConfigs-BmCU1_qI.js";
+import "./IndexedDBManager-CmdN7smS.js";
+import "./defaultConfigs-BQqiXif-.js";
 import "./safari-fallbacks-BcMFntiP.js";
 import "./touchIdPrompt-JPhrOx8o.js";
-import { executeDeviceLinkingContractCalls } from "./rpcCalls-B44MZora.js";
+import { executeDeviceLinkingContractCalls } from "./rpcCalls-BW3M_q3-.js";
 import "./getDeviceNumber-y3mMtky6.js";
 
 //#region src/core/TatchiPasskey/scanDevice.ts

package/dist/esm/sdk/{syncAccount-CqWCmBVb.js → syncAccount-DEZHBiRa.js}

@@ -7,10 +7,10 @@ import "./vrf-worker-BzQsJ5BW.js";
 import "./sdkSentEvents-CzAZBFjP.js";
 import "./accountIds-DVDhXwVA.js";
 import "./errors-DevlT39D.js";
-import "./IndexedDBManager-B1cUvdyY.js";
-import "./defaultConfigs-BmCU1_qI.js";
-import "./rpcCalls-B44MZora.js";
+import "./IndexedDBManager-CmdN7smS.js";
+import "./defaultConfigs-BQqiXif-.js";
+import "./rpcCalls-BW3M_q3-.js";
 import "./getDeviceNumber-y3mMtky6.js";
-import { SyncAccountFlow, syncAccount } from "./syncAccount-Dt5jJbEB.js";
+import { SyncAccountFlow, syncAccount } from "./syncAccount-DHKtl-xh.js";
 
 export { SyncAccountFlow };

package/dist/esm/sdk/{syncAccount-Dt5jJbEB.js → syncAccount-DHKtl-xh.js}

@@ -3,8 +3,8 @@ import { base64UrlDecode } from "./base64-dqpWgddX.js";
 import { createRandomVRFChallenge } from "./vrf-worker-BzQsJ5BW.js";
 import { SyncAccountPhase, SyncAccountStatus } from "./sdkSentEvents-CzAZBFjP.js";
 import { toAccountId } from "./accountIds-DVDhXwVA.js";
-import { IndexedDBManager, buildThresholdEd25519Participants2pV1 } from "./IndexedDBManager-B1cUvdyY.js";
-import { getCredentialIdsContractCall, hasAccessKey, syncAuthenticatorsContractCall } from "./rpcCalls-B44MZora.js";
+import { IndexedDBManager, buildThresholdEd25519Participants2pV1 } from "./IndexedDBManager-CmdN7smS.js";
+import { getCredentialIdsContractCall, hasAccessKey, syncAuthenticatorsContractCall } from "./rpcCalls-BW3M_q3-.js";
 import { parseDeviceNumber } from "./getDeviceNumber-y3mMtky6.js";
 
 //#region src/core/WebAuthnManager/userHandle.ts

package/dist/esm/sdk/{transactions-DAZrPW-6.js → transactions-Cg1TIUyK.js}

@@ -11,12 +11,12 @@ import "./tags-ByzxP7Cc.js";
 import "./lit-events-Bb4tAEO2.js";
 import "./tx-confirmer-wrapper-DWKpXTUW.js";
 import { toError } from "./errors-DevlT39D.js";
-import { PASSKEY_MANAGER_DEFAULT_CONFIGS } from "./defaultConfigs-BmCU1_qI.js";
+import { PASSKEY_MANAGER_DEFAULT_CONFIGS } from "./defaultConfigs-BQqiXif-.js";
 import "./safari-fallbacks-BcMFntiP.js";
 import "./touchIdPrompt-JPhrOx8o.js";
 import { getLastLoggedInDeviceNumber } from "./getDeviceNumber-y3mMtky6.js";
 import { ERROR_MESSAGES, SecureConfirmationType, getIntentDigest, getNearAccountId, getSignTransactionPayload, getTxCount, isUserCancelledSecureConfirm } from "./collectAuthenticationCredentialForVrfChallenge-DqzPzwvU.js";
-import { createConfirmSession, createConfirmTxFlowAdapters } from "./createAdapters-1Hmc1vVC.js";
+import { createConfirmSession, createConfirmTxFlowAdapters } from "./createAdapters-DF32SIZa.js";
 
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.ts
 function getSigningAuthMode(request) {
@@ -35,91 +35,91 @@ async function handleTransactionSigningFlow(ctx, request, worker, opts) {
 		transactionSummary
 	});
 	const nearAccountId = getNearAccountId(request);
-	const signingAuthMode = getSigningAuthMode(request);
-	const usesNeeded = getTxCount(request);
-	const vrfIntentDigestB64u = request.type === SecureConfirmationType.SIGN_TRANSACTION ? getIntentDigest(request) : request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE ? await computeUiIntentDigestFromNep413({
-		nearAccountId,
-		recipient: request.payload.recipient,
-		message: request.payload.message
-	}) : void 0;
-	const sessionPolicyDigest32 = request.payload.sessionPolicyDigest32;
-	const nearRpc = await adapters.near.fetchNearContext({
-		nearAccountId,
-		txCount: usesNeeded,
-		reserveNonces: true
-	});
-	if (!nearRpc.transactionContext) {
-		console.error("[SigningFlow] fetchNearContext failed", {
-			error: nearRpc.error,
-			details: nearRpc.details
-		});
-		return session.confirmAndCloseModal({
-			requestId: request.requestId,
-			intentDigest: getIntentDigest(request),
-			confirmed: false,
-			error: nearRpc.details ? `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}` : ERROR_MESSAGES.nearRpcFailed
+	try {
+		const signingAuthMode = getSigningAuthMode(request);
+		const usesNeeded = getTxCount(request);
+		const vrfIntentDigestB64u = request.type === SecureConfirmationType.SIGN_TRANSACTION ? getIntentDigest(request) : request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE ? await computeUiIntentDigestFromNep413({
+			nearAccountId,
+			recipient: request.payload.recipient,
+			message: request.payload.message
+		}) : void 0;
+		const sessionPolicyDigest32 = request.payload.sessionPolicyDigest32;
+		const nearRpc = await adapters.near.fetchNearContext({
+			nearAccountId,
+			txCount: usesNeeded,
+			reserveNonces: true
 		});
-	}
-	session.setReservedNonces(nearRpc.reservedNonces);
-	let transactionContext = nearRpc.transactionContext;
-	const rpId = adapters.vrf.getRpId();
-	let uiVrfChallenge;
-	let uiVrfChallengeForUi = rpId ? {
-		userId: nearAccountId,
-		rpId,
-		blockHeight: transactionContext.txBlockHeight,
-		blockHash: transactionContext.txBlockHash
-	} : void 0;
-	if (signingAuthMode === "webauthn") {
-		uiVrfChallenge = await adapters.vrf.generateVrfChallengeForSession({
-			userId: nearAccountId,
-			rpId,
-			blockHeight: transactionContext.txBlockHeight,
-			blockHash: transactionContext.txBlockHash,
-			...vrfIntentDigestB64u ? { intentDigest: vrfIntentDigestB64u } : {},
-			...sessionPolicyDigest32 ? { sessionPolicyDigest32 } : {}
-		}, request.requestId);
-		uiVrfChallengeForUi = uiVrfChallenge;
-	}
-	const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallengeForUi });
-	if (!confirmed) return session.confirmAndCloseModal({
-		requestId: request.requestId,
-		intentDigest: getIntentDigest(request),
-		confirmed: false,
-		error: uiError
-	});
-	if (signingAuthMode === "warmSession") {
-		try {
-			await adapters.vrf.dispenseSessionKey({
-				sessionId: request.requestId,
-				uses: usesNeeded
+		if (!nearRpc.transactionContext) {
+			console.error("[SigningFlow] fetchNearContext failed", {
+				error: nearRpc.error,
+				details: nearRpc.details
 			});
-		} catch (err) {
-			const msg = String(toError(err)?.message || err || "");
 			return session.confirmAndCloseModal({
 				requestId: request.requestId,
 				intentDigest: getIntentDigest(request),
 				confirmed: false,
-				error: msg || "Failed to dispense warm session key"
+				error: nearRpc.details ? `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}` : ERROR_MESSAGES.nearRpcFailed
 			});
 		}
-		session.confirmAndCloseModal({
+		session.setReservedNonces(nearRpc.reservedNonces);
+		let transactionContext = nearRpc.transactionContext;
+		const rpId = adapters.vrf.getRpId();
+		let uiVrfChallenge;
+		let uiVrfChallengeForUi = rpId ? {
+			userId: nearAccountId,
+			rpId,
+			blockHeight: transactionContext.txBlockHeight,
+			blockHash: transactionContext.txBlockHash
+		} : void 0;
+		if (signingAuthMode === "webauthn") {
+			uiVrfChallenge = await adapters.vrf.generateVrfChallengeForSession({
+				userId: nearAccountId,
+				rpId,
+				blockHeight: transactionContext.txBlockHeight,
+				blockHash: transactionContext.txBlockHash,
+				...vrfIntentDigestB64u ? { intentDigest: vrfIntentDigestB64u } : {},
+				...sessionPolicyDigest32 ? { sessionPolicyDigest32 } : {}
+			}, request.requestId);
+			uiVrfChallengeForUi = uiVrfChallenge;
+		}
+		const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallengeForUi });
+		if (!confirmed) return session.confirmAndCloseModal({
 			requestId: request.requestId,
 			intentDigest: getIntentDigest(request),
-			confirmed: true,
-			transactionContext
+			confirmed: false,
+			error: uiError
 		});
-		return;
-	}
-	try {
-		const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);
-		uiVrfChallenge = refreshed.vrfChallenge;
-		transactionContext = refreshed.transactionContext;
-		session.updateUI({ vrfChallenge: uiVrfChallenge });
-	} catch (e) {
-		console.debug("[SigningFlow] VRF JIT refresh skipped", e);
-	}
-	try {
+		if (signingAuthMode === "warmSession") {
+			try {
+				await adapters.vrf.dispenseSessionKey({
+					sessionId: request.requestId,
+					uses: usesNeeded
+				});
+			} catch (err) {
+				const msg = String(toError(err)?.message || err || "");
+				return session.confirmAndCloseModal({
+					requestId: request.requestId,
+					intentDigest: getIntentDigest(request),
+					confirmed: false,
+					error: msg || "Failed to dispense warm session key"
+				});
+			}
+			session.confirmAndCloseModal({
+				requestId: request.requestId,
+				intentDigest: getIntentDigest(request),
+				confirmed: true,
+				transactionContext
+			});
+			return;
+		}
+		try {
+			const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);
+			uiVrfChallenge = refreshed.vrfChallenge;
+			transactionContext = refreshed.transactionContext;
+			session.updateUI({ vrfChallenge: uiVrfChallenge });
+		} catch (e) {
+			console.debug("[SigningFlow] VRF JIT refresh skipped", e);
+		}
 		if (!uiVrfChallenge) throw new Error("Missing vrfChallenge for WebAuthn signing flow");
 		const serializedCredential = await adapters.webauthn.collectAuthenticationCredentialWithPRF({
 			nearAccountId,
@@ -167,7 +167,6 @@ async function handleTransactionSigningFlow(ctx, request, worker, opts) {
 	} catch (err) {
 		const cancelled = isUserCancelledSecureConfirm(err);
 		const msg = String(toError(err)?.message || err || "");
-		if (/Missing PRF result/i.test(msg) || /Missing PRF results/i.test(msg)) return session.cleanupAndRethrow(err);
 		if (cancelled) window.parent?.postMessage({ type: "WALLET_UI_CLOSED" }, "*");
 		const isWrongPasskeyError = /multiple passkeys \(devicenumbers\) for account/i.test(msg);
 		return session.confirmAndCloseModal({