@tatchi-xyz/sdk 0.31.0 → 0.32.0

package/dist/esm/sdk/{transactions-DAZrPW-6.js → transactions-Cg1TIUyK.js}

@@ -11,12 +11,12 @@ import "./tags-ByzxP7Cc.js";
 import "./lit-events-Bb4tAEO2.js";
 import "./tx-confirmer-wrapper-DWKpXTUW.js";
 import { toError } from "./errors-DevlT39D.js";
-import { PASSKEY_MANAGER_DEFAULT_CONFIGS } from "./defaultConfigs-BmCU1_qI.js";
+import { PASSKEY_MANAGER_DEFAULT_CONFIGS } from "./defaultConfigs-BQqiXif-.js";
 import "./safari-fallbacks-BcMFntiP.js";
 import "./touchIdPrompt-JPhrOx8o.js";
 import { getLastLoggedInDeviceNumber } from "./getDeviceNumber-y3mMtky6.js";
 import { ERROR_MESSAGES, SecureConfirmationType, getIntentDigest, getNearAccountId, getSignTransactionPayload, getTxCount, isUserCancelledSecureConfirm } from "./collectAuthenticationCredentialForVrfChallenge-DqzPzwvU.js";
-import { createConfirmSession, createConfirmTxFlowAdapters } from "./createAdapters-1Hmc1vVC.js";
+import { createConfirmSession, createConfirmTxFlowAdapters } from "./createAdapters-DF32SIZa.js";
 
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.ts
 function getSigningAuthMode(request) {
@@ -35,91 +35,91 @@ async function handleTransactionSigningFlow(ctx, request, worker, opts) {
 		transactionSummary
 	});
 	const nearAccountId = getNearAccountId(request);
-	const signingAuthMode = getSigningAuthMode(request);
-	const usesNeeded = getTxCount(request);
-	const vrfIntentDigestB64u = request.type === SecureConfirmationType.SIGN_TRANSACTION ? getIntentDigest(request) : request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE ? await computeUiIntentDigestFromNep413({
-		nearAccountId,
-		recipient: request.payload.recipient,
-		message: request.payload.message
-	}) : void 0;
-	const sessionPolicyDigest32 = request.payload.sessionPolicyDigest32;
-	const nearRpc = await adapters.near.fetchNearContext({
-		nearAccountId,
-		txCount: usesNeeded,
-		reserveNonces: true
-	});
-	if (!nearRpc.transactionContext) {
-		console.error("[SigningFlow] fetchNearContext failed", {
-			error: nearRpc.error,
-			details: nearRpc.details
-		});
-		return session.confirmAndCloseModal({
-			requestId: request.requestId,
-			intentDigest: getIntentDigest(request),
-			confirmed: false,
-			error: nearRpc.details ? `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}` : ERROR_MESSAGES.nearRpcFailed
+	try {
+		const signingAuthMode = getSigningAuthMode(request);
+		const usesNeeded = getTxCount(request);
+		const vrfIntentDigestB64u = request.type === SecureConfirmationType.SIGN_TRANSACTION ? getIntentDigest(request) : request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE ? await computeUiIntentDigestFromNep413({
+			nearAccountId,
+			recipient: request.payload.recipient,
+			message: request.payload.message
+		}) : void 0;
+		const sessionPolicyDigest32 = request.payload.sessionPolicyDigest32;
+		const nearRpc = await adapters.near.fetchNearContext({
+			nearAccountId,
+			txCount: usesNeeded,
+			reserveNonces: true
 		});
-	}
-	session.setReservedNonces(nearRpc.reservedNonces);
-	let transactionContext = nearRpc.transactionContext;
-	const rpId = adapters.vrf.getRpId();
-	let uiVrfChallenge;
-	let uiVrfChallengeForUi = rpId ? {
-		userId: nearAccountId,
-		rpId,
-		blockHeight: transactionContext.txBlockHeight,
-		blockHash: transactionContext.txBlockHash
-	} : void 0;
-	if (signingAuthMode === "webauthn") {
-		uiVrfChallenge = await adapters.vrf.generateVrfChallengeForSession({
-			userId: nearAccountId,
-			rpId,
-			blockHeight: transactionContext.txBlockHeight,
-			blockHash: transactionContext.txBlockHash,
-			...vrfIntentDigestB64u ? { intentDigest: vrfIntentDigestB64u } : {},
-			...sessionPolicyDigest32 ? { sessionPolicyDigest32 } : {}
-		}, request.requestId);
-		uiVrfChallengeForUi = uiVrfChallenge;
-	}
-	const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallengeForUi });
-	if (!confirmed) return session.confirmAndCloseModal({
-		requestId: request.requestId,
-		intentDigest: getIntentDigest(request),
-		confirmed: false,
-		error: uiError
-	});
-	if (signingAuthMode === "warmSession") {
-		try {
-			await adapters.vrf.dispenseSessionKey({
-				sessionId: request.requestId,
-				uses: usesNeeded
+		if (!nearRpc.transactionContext) {
+			console.error("[SigningFlow] fetchNearContext failed", {
+				error: nearRpc.error,
+				details: nearRpc.details
 			});
-		} catch (err) {
-			const msg = String(toError(err)?.message || err || "");
 			return session.confirmAndCloseModal({
 				requestId: request.requestId,
 				intentDigest: getIntentDigest(request),
 				confirmed: false,
-				error: msg || "Failed to dispense warm session key"
+				error: nearRpc.details ? `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}` : ERROR_MESSAGES.nearRpcFailed
 			});
 		}
-		session.confirmAndCloseModal({
+		session.setReservedNonces(nearRpc.reservedNonces);
+		let transactionContext = nearRpc.transactionContext;
+		const rpId = adapters.vrf.getRpId();
+		let uiVrfChallenge;
+		let uiVrfChallengeForUi = rpId ? {
+			userId: nearAccountId,
+			rpId,
+			blockHeight: transactionContext.txBlockHeight,
+			blockHash: transactionContext.txBlockHash
+		} : void 0;
+		if (signingAuthMode === "webauthn") {
+			uiVrfChallenge = await adapters.vrf.generateVrfChallengeForSession({
+				userId: nearAccountId,
+				rpId,
+				blockHeight: transactionContext.txBlockHeight,
+				blockHash: transactionContext.txBlockHash,
+				...vrfIntentDigestB64u ? { intentDigest: vrfIntentDigestB64u } : {},
+				...sessionPolicyDigest32 ? { sessionPolicyDigest32 } : {}
+			}, request.requestId);
+			uiVrfChallengeForUi = uiVrfChallenge;
+		}
+		const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallengeForUi });
+		if (!confirmed) return session.confirmAndCloseModal({
 			requestId: request.requestId,
 			intentDigest: getIntentDigest(request),
-			confirmed: true,
-			transactionContext
+			confirmed: false,
+			error: uiError
 		});
-		return;
-	}
-	try {
-		const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);
-		uiVrfChallenge = refreshed.vrfChallenge;
-		transactionContext = refreshed.transactionContext;
-		session.updateUI({ vrfChallenge: uiVrfChallenge });
-	} catch (e) {
-		console.debug("[SigningFlow] VRF JIT refresh skipped", e);
-	}
-	try {
+		if (signingAuthMode === "warmSession") {
+			try {
+				await adapters.vrf.dispenseSessionKey({
+					sessionId: request.requestId,
+					uses: usesNeeded
+				});
+			} catch (err) {
+				const msg = String(toError(err)?.message || err || "");
+				return session.confirmAndCloseModal({
+					requestId: request.requestId,
+					intentDigest: getIntentDigest(request),
+					confirmed: false,
+					error: msg || "Failed to dispense warm session key"
+				});
+			}
+			session.confirmAndCloseModal({
+				requestId: request.requestId,
+				intentDigest: getIntentDigest(request),
+				confirmed: true,
+				transactionContext
+			});
+			return;
+		}
+		try {
+			const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);
+			uiVrfChallenge = refreshed.vrfChallenge;
+			transactionContext = refreshed.transactionContext;
+			session.updateUI({ vrfChallenge: uiVrfChallenge });
+		} catch (e) {
+			console.debug("[SigningFlow] VRF JIT refresh skipped", e);
+		}
 		if (!uiVrfChallenge) throw new Error("Missing vrfChallenge for WebAuthn signing flow");
 		const serializedCredential = await adapters.webauthn.collectAuthenticationCredentialWithPRF({
 			nearAccountId,
@@ -167,7 +167,6 @@ async function handleTransactionSigningFlow(ctx, request, worker, opts) {
 	} catch (err) {
 		const cancelled = isUserCancelledSecureConfirm(err);
 		const msg = String(toError(err)?.message || err || "");
-		if (/Missing PRF result/i.test(msg) || /Missing PRF results/i.test(msg)) return session.cleanupAndRethrow(err);
 		if (cancelled) window.parent?.postMessage({ type: "WALLET_UI_CLOSED" }, "*");
 		const isWrongPasskeyError = /multiple passkeys \(devicenumbers\) for account/i.test(msg);
 		return session.confirmAndCloseModal({

package/dist/esm/sdk/{transactions-CrjP8yPD.js → transactions-CxsklyCK.js}

@@ -1,7 +1,7 @@
 import "./validation-hUZgySTx.js";
 import { ERROR_MESSAGES, SecureConfirmationType, computeUiIntentDigestFromNep413, getIntentDigest, getNearAccountId, getSignTransactionPayload, getTxCount, isUserCancelledSecureConfirm, toAccountId, toError } from "./collectAuthenticationCredentialForVrfChallenge-C9p90e5Z.js";
-import { PASSKEY_MANAGER_DEFAULT_CONFIGS, getLastLoggedInDeviceNumber } from "./getDeviceNumber-f8bfPB9U.js";
-import { createConfirmSession, createConfirmTxFlowAdapters } from "./createAdapters-Dv7ZJPf1.js";
+import { PASSKEY_MANAGER_DEFAULT_CONFIGS, getLastLoggedInDeviceNumber } from "./getDeviceNumber-WiNzKx1x.js";
+import { createConfirmSession, createConfirmTxFlowAdapters } from "./createAdapters-4c8mBiD5.js";
 import "./css-loader-DWW-_Vli.js";
 
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.ts
@@ -21,91 +21,91 @@ async function handleTransactionSigningFlow(ctx, request, worker, opts) {
 		transactionSummary
 	});
 	const nearAccountId = getNearAccountId(request);
-	const signingAuthMode = getSigningAuthMode(request);
-	const usesNeeded = getTxCount(request);
-	const vrfIntentDigestB64u = request.type === SecureConfirmationType.SIGN_TRANSACTION ? getIntentDigest(request) : request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE ? await computeUiIntentDigestFromNep413({
-		nearAccountId,
-		recipient: request.payload.recipient,
-		message: request.payload.message
-	}) : void 0;
-	const sessionPolicyDigest32 = request.payload.sessionPolicyDigest32;
-	const nearRpc = await adapters.near.fetchNearContext({
-		nearAccountId,
-		txCount: usesNeeded,
-		reserveNonces: true
-	});
-	if (!nearRpc.transactionContext) {
-		console.error("[SigningFlow] fetchNearContext failed", {
-			error: nearRpc.error,
-			details: nearRpc.details
-		});
-		return session.confirmAndCloseModal({
-			requestId: request.requestId,
-			intentDigest: getIntentDigest(request),
-			confirmed: false,
-			error: nearRpc.details ? `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}` : ERROR_MESSAGES.nearRpcFailed
+	try {
+		const signingAuthMode = getSigningAuthMode(request);
+		const usesNeeded = getTxCount(request);
+		const vrfIntentDigestB64u = request.type === SecureConfirmationType.SIGN_TRANSACTION ? getIntentDigest(request) : request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE ? await computeUiIntentDigestFromNep413({
+			nearAccountId,
+			recipient: request.payload.recipient,
+			message: request.payload.message
+		}) : void 0;
+		const sessionPolicyDigest32 = request.payload.sessionPolicyDigest32;
+		const nearRpc = await adapters.near.fetchNearContext({
+			nearAccountId,
+			txCount: usesNeeded,
+			reserveNonces: true
 		});
-	}
-	session.setReservedNonces(nearRpc.reservedNonces);
-	let transactionContext = nearRpc.transactionContext;
-	const rpId = adapters.vrf.getRpId();
-	let uiVrfChallenge;
-	let uiVrfChallengeForUi = rpId ? {
-		userId: nearAccountId,
-		rpId,
-		blockHeight: transactionContext.txBlockHeight,
-		blockHash: transactionContext.txBlockHash
-	} : void 0;
-	if (signingAuthMode === "webauthn") {
-		uiVrfChallenge = await adapters.vrf.generateVrfChallengeForSession({
-			userId: nearAccountId,
-			rpId,
-			blockHeight: transactionContext.txBlockHeight,
-			blockHash: transactionContext.txBlockHash,
-			...vrfIntentDigestB64u ? { intentDigest: vrfIntentDigestB64u } : {},
-			...sessionPolicyDigest32 ? { sessionPolicyDigest32 } : {}
-		}, request.requestId);
-		uiVrfChallengeForUi = uiVrfChallenge;
-	}
-	const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallengeForUi });
-	if (!confirmed) return session.confirmAndCloseModal({
-		requestId: request.requestId,
-		intentDigest: getIntentDigest(request),
-		confirmed: false,
-		error: uiError
-	});
-	if (signingAuthMode === "warmSession") {
-		try {
-			await adapters.vrf.dispenseSessionKey({
-				sessionId: request.requestId,
-				uses: usesNeeded
+		if (!nearRpc.transactionContext) {
+			console.error("[SigningFlow] fetchNearContext failed", {
+				error: nearRpc.error,
+				details: nearRpc.details
 			});
-		} catch (err) {
-			const msg = String(toError(err)?.message || err || "");
 			return session.confirmAndCloseModal({
 				requestId: request.requestId,
 				intentDigest: getIntentDigest(request),
 				confirmed: false,
-				error: msg || "Failed to dispense warm session key"
+				error: nearRpc.details ? `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}` : ERROR_MESSAGES.nearRpcFailed
 			});
 		}
-		session.confirmAndCloseModal({
+		session.setReservedNonces(nearRpc.reservedNonces);
+		let transactionContext = nearRpc.transactionContext;
+		const rpId = adapters.vrf.getRpId();
+		let uiVrfChallenge;
+		let uiVrfChallengeForUi = rpId ? {
+			userId: nearAccountId,
+			rpId,
+			blockHeight: transactionContext.txBlockHeight,
+			blockHash: transactionContext.txBlockHash
+		} : void 0;
+		if (signingAuthMode === "webauthn") {
+			uiVrfChallenge = await adapters.vrf.generateVrfChallengeForSession({
+				userId: nearAccountId,
+				rpId,
+				blockHeight: transactionContext.txBlockHeight,
+				blockHash: transactionContext.txBlockHash,
+				...vrfIntentDigestB64u ? { intentDigest: vrfIntentDigestB64u } : {},
+				...sessionPolicyDigest32 ? { sessionPolicyDigest32 } : {}
+			}, request.requestId);
+			uiVrfChallengeForUi = uiVrfChallenge;
+		}
+		const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallengeForUi });
+		if (!confirmed) return session.confirmAndCloseModal({
 			requestId: request.requestId,
 			intentDigest: getIntentDigest(request),
-			confirmed: true,
-			transactionContext
+			confirmed: false,
+			error: uiError
 		});
-		return;
-	}
-	try {
-		const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);
-		uiVrfChallenge = refreshed.vrfChallenge;
-		transactionContext = refreshed.transactionContext;
-		session.updateUI({ vrfChallenge: uiVrfChallenge });
-	} catch (e) {
-		console.debug("[SigningFlow] VRF JIT refresh skipped", e);
-	}
-	try {
+		if (signingAuthMode === "warmSession") {
+			try {
+				await adapters.vrf.dispenseSessionKey({
+					sessionId: request.requestId,
+					uses: usesNeeded
+				});
+			} catch (err) {
+				const msg = String(toError(err)?.message || err || "");
+				return session.confirmAndCloseModal({
+					requestId: request.requestId,
+					intentDigest: getIntentDigest(request),
+					confirmed: false,
+					error: msg || "Failed to dispense warm session key"
+				});
+			}
+			session.confirmAndCloseModal({
+				requestId: request.requestId,
+				intentDigest: getIntentDigest(request),
+				confirmed: true,
+				transactionContext
+			});
+			return;
+		}
+		try {
+			const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);
+			uiVrfChallenge = refreshed.vrfChallenge;
+			transactionContext = refreshed.transactionContext;
+			session.updateUI({ vrfChallenge: uiVrfChallenge });
+		} catch (e) {
+			console.debug("[SigningFlow] VRF JIT refresh skipped", e);
+		}
 		if (!uiVrfChallenge) throw new Error("Missing vrfChallenge for WebAuthn signing flow");
 		const serializedCredential = await adapters.webauthn.collectAuthenticationCredentialWithPRF({
 			nearAccountId,
@@ -153,7 +153,6 @@ async function handleTransactionSigningFlow(ctx, request, worker, opts) {
 	} catch (err) {
 		const cancelled = isUserCancelledSecureConfirm(err);
 		const msg = String(toError(err)?.message || err || "");
-		if (/Missing PRF result/i.test(msg) || /Missing PRF results/i.test(msg)) return session.cleanupAndRethrow(err);
 		if (cancelled) window.parent?.postMessage({ type: "WALLET_UI_CLOSED" }, "*");
 		const isWrongPasskeyError = /multiple passkeys \(devicenumbers\) for account/i.test(msg);
 		return session.confirmAndCloseModal({
@@ -167,4 +166,4 @@ async function handleTransactionSigningFlow(ctx, request, worker, opts) {
 
 //#endregion
 export { handleTransactionSigningFlow };
-//# sourceMappingURL=transactions-CrjP8yPD.js.map
+//# sourceMappingURL=transactions-CxsklyCK.js.map

package/dist/esm/sdk/transactions-CxsklyCK.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transactions-CxsklyCK.js","names":["transactionContext: TransactionContext","uiVrfChallenge: VRFChallenge | undefined","uiVrfChallengeForUi: Partial<VRFChallenge> | undefined","err: unknown","contractId: string | undefined","nearRpcUrl: string | undefined"],"sources":["../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport {\n  SecureConfirmationType,\n  TransactionSummary,\n  SigningSecureConfirmRequest,\n  SigningAuthMode,\n} from '../types';\nimport { VRFChallenge, TransactionContext } from '../../../../types';\nimport {\n  getNearAccountId,\n  getIntentDigest,\n  getTxCount,\n  isUserCancelledSecureConfirm,\n  ERROR_MESSAGES,\n  getSignTransactionPayload,\n} from './index';\nimport { toAccountId } from '../../../../types/accountIds';\nimport { getLastLoggedInDeviceNumber } from '../../../SignerWorkerManager/getDeviceNumber';\nimport { toError } from '../../../../../utils/errors';\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../../defaultConfigs';\nimport { createConfirmSession } from '../adapters/session';\nimport { createConfirmTxFlowAdapters } from '../adapters/createAdapters';\nimport { computeUiIntentDigestFromNep413 } from '../../../../digests/intentDigest';\n\nfunction getSigningAuthMode(request: SigningSecureConfirmRequest): SigningAuthMode {\n  if (request.type === SecureConfirmationType.SIGN_TRANSACTION) {\n    return getSignTransactionPayload(request).signingAuthMode ?? 'webauthn';\n  }\n  if (request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE) {\n    return request.payload.signingAuthMode ?? 'webauthn';\n  }\n  return 'webauthn';\n}\n\nexport async function handleTransactionSigningFlow(\n  ctx: VrfWorkerManagerContext,\n  request: SigningSecureConfirmRequest,\n  worker: Worker,\n  opts: { confirmationConfig: ConfirmationConfig; transactionSummary: TransactionSummary },\n): Promise<void> {\n  const { confirmationConfig, transactionSummary } = opts;\n  const adapters = createConfirmTxFlowAdapters(ctx);\n  const session = createConfirmSession({\n    adapters,\n    worker,\n    request,\n    confirmationConfig,\n    transactionSummary,\n  });\n  const nearAccountId = getNearAccountId(request);\n  try {\n    const signingAuthMode = getSigningAuthMode(request);\n    const usesNeeded = getTxCount(request);\n    const vrfIntentDigestB64u = request.type === SecureConfirmationType.SIGN_TRANSACTION\n      ? getIntentDigest(request)\n      : request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE\n        ? await computeUiIntentDigestFromNep413({\n          nearAccountId,\n          recipient: request.payload.recipient,\n          message: request.payload.message,\n        })\n        : undefined;\n    const sessionPolicyDigest32 = request.payload.sessionPolicyDigest32;\n\n    // 1) NEAR context + nonce reservation\n    const nearRpc = await adapters.near.fetchNearContext({ nearAccountId, txCount: usesNeeded, reserveNonces: true });\n    if (!nearRpc.transactionContext) {\n      // eslint-disable-next-line no-console\n      console.error('[SigningFlow] fetchNearContext failed', { error: nearRpc.error, details: nearRpc.details });\n      return session.confirmAndCloseModal({\n        requestId: request.requestId,\n        intentDigest: getIntentDigest(request),\n        confirmed: false,\n        error: nearRpc.details ? `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}` : ERROR_MESSAGES.nearRpcFailed,\n      });\n    }\n    session.setReservedNonces(nearRpc.reservedNonces);\n    let transactionContext: TransactionContext = nearRpc.transactionContext;\n\n    // 2) Security context shown in the confirmer (rpId + block height).\n    // For warmSession signing we still want to show this context even though\n    // we won't collect a WebAuthn credential.\n    const rpId = adapters.vrf.getRpId();\n    let uiVrfChallenge: VRFChallenge | undefined;\n    let uiVrfChallengeForUi: Partial<VRFChallenge> | undefined = rpId\n      ? {\n          userId: nearAccountId,\n          rpId,\n          blockHeight: transactionContext.txBlockHeight,\n          blockHash: transactionContext.txBlockHash,\n        }\n      : undefined;\n\n    // Initial VRF challenge (only needed for WebAuthn credential collection)\n    if (signingAuthMode === 'webauthn') {\n      uiVrfChallenge = await adapters.vrf.generateVrfChallengeForSession(\n        {\n          userId: nearAccountId,\n          rpId,\n          blockHeight: transactionContext.txBlockHeight,\n          blockHash: transactionContext.txBlockHash,\n          ...(vrfIntentDigestB64u ? { intentDigest: vrfIntentDigestB64u } : {}),\n          ...(sessionPolicyDigest32 ? { sessionPolicyDigest32 } : {}),\n        },\n        request.requestId,\n      );\n      uiVrfChallengeForUi = uiVrfChallenge;\n    }\n\n    // 3) UI confirm\n    const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallengeForUi });\n    if (!confirmed) {\n      return session.confirmAndCloseModal({\n        requestId: request.requestId,\n        intentDigest: getIntentDigest(request),\n        confirmed: false,\n        error: uiError,\n      });\n    }\n\n    // 4) Warm session: dispense WrapKeySeed and skip WebAuthn\n    if (signingAuthMode === 'warmSession') {\n      try {\n        await adapters.vrf.dispenseSessionKey({ sessionId: request.requestId, uses: usesNeeded });\n      } catch (err: unknown) {\n        const msg = String((toError(err))?.message || err || '');\n        return session.confirmAndCloseModal({\n          requestId: request.requestId,\n          intentDigest: getIntentDigest(request),\n          confirmed: false,\n          error: msg || 'Failed to dispense warm session key',\n        });\n      }\n\n      session.confirmAndCloseModal({\n        requestId: request.requestId,\n        intentDigest: getIntentDigest(request),\n        confirmed: true,\n        transactionContext,\n      });\n      return;\n    }\n\n    // 5) JIT refresh VRF + ctx (best-effort)\n    try {\n      const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);\n      uiVrfChallenge = refreshed.vrfChallenge;\n      transactionContext = refreshed.transactionContext;\n      session.updateUI({ vrfChallenge: uiVrfChallenge });\n    } catch (e) {\n      console.debug('[SigningFlow] VRF JIT refresh skipped', e);\n    }\n\n    // 6) Collect authentication credential\n    if (!uiVrfChallenge) {\n      throw new Error('Missing vrfChallenge for WebAuthn signing flow');\n    }\n    const serializedCredential = await adapters.webauthn.collectAuthenticationCredentialWithPRF({\n      nearAccountId,\n      vrfChallenge: uiVrfChallenge,\n    });\n\n    // 5c) Derive WrapKeySeed inside the VRF worker and deliver it to the signer worker via\n    // the reserved WrapKeySeed MessagePort. Main thread only sees wrapKeySalt metadata.\n    let contractId: string | undefined;\n    let nearRpcUrl: string | undefined;\n    try {\n      // Ensure VRF session is active and bound to the same account we are signing for.\n      const vrfStatus = await adapters.vrf.checkVrfStatus();\n      if (!vrfStatus.active) {\n        throw new Error('VRF keypair not active in memory. VRF session may have expired or was not properly initialized. Please refresh and try again.');\n      }\n      if (!vrfStatus.nearAccountId || String(vrfStatus.nearAccountId) !== String(toAccountId(nearAccountId))) {\n        throw new Error('VRF session is active but bound to a different account than the one being signed. Please log in again on this device.');\n      }\n\n      const deviceNumber = await getLastLoggedInDeviceNumber(toAccountId(nearAccountId), ctx.indexedDB.clientDB);\n      const keyMaterial = await ctx.indexedDB.nearKeysDB.getLocalKeyMaterial(nearAccountId, deviceNumber);\n      if (!keyMaterial) {\n        throw new Error(`No key material found for account ${nearAccountId} device ${deviceNumber}`);\n      }\n      const wrapKeySalt = keyMaterial.wrapKeySalt;\n      if (!wrapKeySalt) {\n        throw new Error('Missing wrapKeySalt in vault; re-register to upgrade vault format.');\n      }\n\n      // Extract contract verification context when available.\n      // - SIGN_TRANSACTION: use per-request rpcCall (already normalized by caller).\n      // - SIGN_NEP413_MESSAGE: allow per-request override; fall back to PASSKEY_MANAGER_DEFAULT_CONFIGS.\n      if (request.type === SecureConfirmationType.SIGN_TRANSACTION) {\n        const payload = getSignTransactionPayload(request);\n        contractId = payload?.rpcCall?.contractId;\n        nearRpcUrl = payload?.rpcCall?.nearRpcUrl;\n      } else if (request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE) {\n        const payload = request.payload;\n        contractId = payload.contractId || PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;\n        nearRpcUrl = payload.nearRpcUrl || PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl;\n      }\n\n      await adapters.vrf.mintSessionKeysAndSendToSigner({\n        sessionId: request.requestId,\n        wrapKeySalt,\n        contractId,\n        nearRpcUrl,\n        credential: serializedCredential,\n      });\n\t    } catch (err) {\n\t      console.error('[SigningFlow] WrapKeySeed derivation failed:', err);\n\t      throw err; // Don't silently ignore - propagate the error\n\t    }\n\n    // 6) Respond; keep nonces reserved for worker to use\n    session.confirmAndCloseModal({\n      requestId: request.requestId,\n      intentDigest: getIntentDigest(request),\n      confirmed: true,\n      credential: serializedCredential,\n      // prfOutput intentionally omitted to keep signer PRF-free\n      // WrapKeySeed travels only over the dedicated VRF→Signer MessagePort; do not echo in the main-thread envelope\n      vrfChallenge: uiVrfChallenge,\n      transactionContext,\n    });\n  } catch (err: unknown) {\n    // Treat TouchID/FaceID cancellation and related errors as a negative decision\n    const cancelled = isUserCancelledSecureConfirm(err);\n    const msg = String((toError(err))?.message || err || '');\n    if (cancelled) {\n      window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '*');\n    }\n    const isWrongPasskeyError = /multiple passkeys \\(devicenumbers\\) for account/i.test(msg);\n    return session.confirmAndCloseModal({\n      requestId: request.requestId,\n      intentDigest: getIntentDigest(request),\n      confirmed: false,\n      error: cancelled\n        ? ERROR_MESSAGES.cancelled\n        : (isWrongPasskeyError ? msg : (msg || ERROR_MESSAGES.collectCredentialsFailed)),\n    });\n  }\n}\n"],"mappings":";;;;;;;AAyBA,SAAS,mBAAmB,SAAuD;AACjF,KAAI,QAAQ,SAAS,uBAAuB,iBAC1C,QAAO,0BAA0B,SAAS,mBAAmB;AAE/D,KAAI,QAAQ,SAAS,uBAAuB,oBAC1C,QAAO,QAAQ,QAAQ,mBAAmB;AAE5C,QAAO;;AAGT,eAAsB,6BACpB,KACA,SACA,QACA,MACe;CACf,MAAM,EAAE,oBAAoB,uBAAuB;CACnD,MAAM,WAAW,4BAA4B;CAC7C,MAAM,UAAU,qBAAqB;EACnC;EACA;EACA;EACA;EACA;;CAEF,MAAM,gBAAgB,iBAAiB;AACvC,KAAI;EACF,MAAM,kBAAkB,mBAAmB;EAC3C,MAAM,aAAa,WAAW;EAC9B,MAAM,sBAAsB,QAAQ,SAAS,uBAAuB,mBAChE,gBAAgB,WAChB,QAAQ,SAAS,uBAAuB,sBACtC,MAAM,gCAAgC;GACtC;GACA,WAAW,QAAQ,QAAQ;GAC3B,SAAS,QAAQ,QAAQ;OAEzB;EACN,MAAM,wBAAwB,QAAQ,QAAQ;EAG9C,MAAM,UAAU,MAAM,SAAS,KAAK,iBAAiB;GAAE;GAAe,SAAS;GAAY,eAAe;;AAC1G,MAAI,CAAC,QAAQ,oBAAoB;AAE/B,WAAQ,MAAM,yCAAyC;IAAE,OAAO,QAAQ;IAAO,SAAS,QAAQ;;AAChG,UAAO,QAAQ,qBAAqB;IAClC,WAAW,QAAQ;IACnB,cAAc,gBAAgB;IAC9B,WAAW;IACX,OAAO,QAAQ,UAAU,GAAG,eAAe,cAAc,IAAI,QAAQ,YAAY,eAAe;;;AAGpG,UAAQ,kBAAkB,QAAQ;EAClC,IAAIA,qBAAyC,QAAQ;EAKrD,MAAM,OAAO,SAAS,IAAI;EAC1B,IAAIC;EACJ,IAAIC,sBAAyD,OACzD;GACE,QAAQ;GACR;GACA,aAAa,mBAAmB;GAChC,WAAW,mBAAmB;MAEhC;AAGJ,MAAI,oBAAoB,YAAY;AAClC,oBAAiB,MAAM,SAAS,IAAI,+BAClC;IACE,QAAQ;IACR;IACA,aAAa,mBAAmB;IAChC,WAAW,mBAAmB;IAC9B,GAAI,sBAAsB,EAAE,cAAc,wBAAwB;IAClE,GAAI,wBAAwB,EAAE,0BAA0B;MAE1D,QAAQ;AAEV,yBAAsB;;EAIxB,MAAM,EAAE,WAAW,OAAO,YAAY,MAAM,QAAQ,WAAW,EAAE,cAAc;AAC/E,MAAI,CAAC,UACH,QAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAc,gBAAgB;GAC9B,WAAW;GACX,OAAO;;AAKX,MAAI,oBAAoB,eAAe;AACrC,OAAI;AACF,UAAM,SAAS,IAAI,mBAAmB;KAAE,WAAW,QAAQ;KAAW,MAAM;;YACrEC,KAAc;IACrB,MAAM,MAAM,OAAQ,QAAQ,MAAO,WAAW,OAAO;AACrD,WAAO,QAAQ,qBAAqB;KAClC,WAAW,QAAQ;KACnB,cAAc,gBAAgB;KAC9B,WAAW;KACX,OAAO,OAAO;;;AAIlB,WAAQ,qBAAqB;IAC3B,WAAW,QAAQ;IACnB,cAAc,gBAAgB;IAC9B,WAAW;IACX;;AAEF;;AAIF,MAAI;GACF,MAAM,YAAY,MAAM,SAAS,IAAI,yBAAyB,SAAS;AACvE,oBAAiB,UAAU;AAC3B,wBAAqB,UAAU;AAC/B,WAAQ,SAAS,EAAE,cAAc;WAC1B,GAAG;AACV,WAAQ,MAAM,yCAAyC;;AAIzD,MAAI,CAAC,eACH,OAAM,IAAI,MAAM;EAElB,MAAM,uBAAuB,MAAM,SAAS,SAAS,uCAAuC;GAC1F;GACA,cAAc;;EAKhB,IAAIC;EACJ,IAAIC;AACJ,MAAI;GAEF,MAAM,YAAY,MAAM,SAAS,IAAI;AACrC,OAAI,CAAC,UAAU,OACb,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,UAAU,iBAAiB,OAAO,UAAU,mBAAmB,OAAO,YAAY,gBACrF,OAAM,IAAI,MAAM;GAGlB,MAAM,eAAe,MAAM,4BAA4B,YAAY,gBAAgB,IAAI,UAAU;GACjG,MAAM,cAAc,MAAM,IAAI,UAAU,WAAW,oBAAoB,eAAe;AACtF,OAAI,CAAC,YACH,OAAM,IAAI,MAAM,qCAAqC,cAAc,UAAU;GAE/E,MAAM,cAAc,YAAY;AAChC,OAAI,CAAC,YACH,OAAM,IAAI,MAAM;AAMlB,OAAI,QAAQ,SAAS,uBAAuB,kBAAkB;IAC5D,MAAM,UAAU,0BAA0B;AAC1C,iBAAa,SAAS,SAAS;AAC/B,iBAAa,SAAS,SAAS;cACtB,QAAQ,SAAS,uBAAuB,qBAAqB;IACtE,MAAM,UAAU,QAAQ;AACxB,iBAAa,QAAQ,cAAc,gCAAgC;AACnE,iBAAa,QAAQ,cAAc,gCAAgC;;AAGrE,SAAM,SAAS,IAAI,+BAA+B;IAChD,WAAW,QAAQ;IACnB;IACA;IACA;IACA,YAAY;;WAEN,KAAK;AACZ,WAAQ,MAAM,gDAAgD;AAC9D,SAAM;;AAIT,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAc,gBAAgB;GAC9B,WAAW;GACX,YAAY;GAGZ,cAAc;GACd;;UAEKF,KAAc;EAErB,MAAM,YAAY,6BAA6B;EAC/C,MAAM,MAAM,OAAQ,QAAQ,MAAO,WAAW,OAAO;AACrD,MAAI,UACF,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;EAE3D,MAAM,sBAAsB,mDAAmD,KAAK;AACpF,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAc,gBAAgB;GAC9B,WAAW;GACX,OAAO,YACH,eAAe,YACd,sBAAsB,MAAO,OAAO,eAAe"}