npm - @tdfc/sunbreak-react - Versions diffs - 0.1.11 → 0.1.13 - Mend

@tdfc/sunbreak-react 0.1.11 → 0.1.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.mjs CHANGED Viewed

@@ -1,7 +1,7 @@
 import { createContext, useContext, useState, useRef, useMemo, useEffect, useCallback } from 'react';
 import { jsx } from 'react/jsx-runtime';
-var Qr=Object.defineProperty;var $t=e=>{throw TypeError(e)};var en=(e,t,r)=>t in e?Qr(e,t,{enumerable:true,configurable:true,writable:true,value:r}):e[t]=r;var M=(e,t,r)=>en(e,typeof t!="symbol"?t+"":t,r),Ot=(e,t,r)=>t.has(e)||$t("Cannot "+r);var h=(e,t,r)=>(Ot(e,t,"read from private field"),r?r.call(e):t.get(e)),U=(e,t,r)=>t.has(e)?$t("Cannot add the same private member more than once"):t instanceof WeakSet?t.add(e):t.set(e,r),N=(e,t,r,n)=>(Ot(e,t,"write to private field"),t.set(e,r),r);var Ae=async(e,t,r)=>{switch(e.name){case "custom":return {method:"provider_jwt",issuer:"custom",token:t,meta:r||{}};case "privy":return {method:"provider_jwt",issuer:"privy",token:t,meta:{app_id:e.appId}};case "dynamic":return e.expectedAud?{method:"provider_jwt",issuer:"dynamic",token:t,meta:{env_id:e.envId,expected_aud:e.expectedAud}}:{method:"provider_jwt",issuer:"dynamic",token:t,meta:{env_id:e.envId}};default:throw new Error(`Unknown adapter: ${e}`)}};var tn="sunbreak-kv",xe="kv",Be="sunbreak_dpop_meta_v1",T="sunbreak_dpop_key_v1",Ke="ES256",v="P-256",Ce=e=>`${Be}:${e}`,jt=()=>new Promise((e,t)=>{let r=indexedDB.open(tn,1);r.onupgradeneeded=()=>r.result.createObjectStore(xe),r.onsuccess=()=>e(r.result),r.onerror=()=>t(r.error);}),I=async e=>{try{let t=await jt();return await new Promise((r,n)=>{let a=t.transaction(xe,"readonly").objectStore(xe).get(e);a.onsuccess=()=>r(a.result),a.onerror=()=>n(a.error);})}catch{return}},E=async(e,t)=>{let r=await jt();await new Promise((n,o)=>{let i=r.transaction(xe,"readwrite").objectStore(xe).put(t,e);i.onsuccess=()=>n(),i.onerror=()=>o(i.error);});};var rn=e=>{let t=new URL(e);if(t.protocol!=="https:"&&t.hostname!=="localhost"&&t.hostname!=="127.0.0.1")throw new Error("Sunbreak: insecure base URL");return t.hash="",t.origin},nn=e=>e.replace(/\/+$/,""),ft=e=>{let t=nn(e);return rn(t)};function pt(e){let t=new URL(e.baseUrl),r=t.host,n=e.meta.lastHost??null,o=on(n);return e.setLastHost(o),t.host=`${o}.${r}`,t.origin}var on=e=>{for(let t=0;t<dt.length;t++){let r=dt[Math.floor(Math.random()*dt.length)].toLowerCase();if(r!==e)return r}return "alpha"},dt=["Alpha","Bravo","Charlie","Delta","Echo","Foxtrot","Golf","Hotel","India","Juliett","Kilo","Lima","Mike","November","Oscar","Papa","Quebec","Romeo","Sierra","Tango","Uniform","Victor","Whiskey","X-ray","Yankee","Zulu"];var F=(e,t)=>{let r={clientId:e.clientId,wallet:e.wallet,ifPolicyHash:e.meta.lastPolicyHash||void 0,ifPolicyProof:e.meta.lastPolicyProof||void 0,...t};Object.keys(r).forEach(o=>r[o]===void 0&&delete r[o]);let n=JSON.stringify(r);return btoa(n)};var an=new Set(["connection","keep-alive","proxy-authenticate","proxy-authorization","te","trailer","transfer-encoding","upgrade","via"]),sn=new Set(["user-agent","referer","origin","host","content-length","sec-fetch-site","sec-fetch-mode","sec-fetch-dest","sec-fetch-user","sec-ch-ua","sec-ch-ua-mobile","sec-ch-ua-platform","sec-ch-ua-platform-version","sec-ch-ua-full-version","sec-ch-ua-arch","sec-ch-ua-model","sec-ch-ua-bitness","cookie","set-cookie"]),cn=new Set(["dpop","x-sunbreak-meta"]),ln=64,Ut=2048,un=64;function ht(e){let t={};if(!e)return t;let r=e instanceof Headers?Array.from(e.entries()):Object.entries(e),n=0;for(let[o,a]of r){if(n>=un)break;if(o==null||a==null)continue;let i=String(o).toLowerCase().trim();if(!i||i.length>ln||an.has(i)||sn.has(i)||cn.has(i))continue;let c=String(a);c.length>Ut&&(c=c.slice(0,Ut)),t[i]=c,n++;}return t}var re=new TextEncoder,me=new TextDecoder;function Nt(...e){let t=e.reduce((o,{length:a})=>o+a,0),r=new Uint8Array(t),n=0;for(let o of e)r.set(o,n),n+=o.length;return r}function Ft(e){if(Uint8Array.prototype.toBase64)return e.toBase64();let t=32768,r=[];for(let n=0;n<e.length;n+=t)r.push(String.fromCharCode.apply(null,e.subarray(n,n+t)));return btoa(r.join(""))}function Bt(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(e);let t=atob(e),r=new Uint8Array(t.length);for(let n=0;n<t.length;n++)r[n]=t.charCodeAt(n);return r}function Gt(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(typeof e=="string"?e:me.decode(e),{alphabet:"base64url"});let t=e;t instanceof Uint8Array&&(t=me.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return Bt(t)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}}function Ge(e){let t=e;return typeof t=="string"&&(t=re.encode(t)),Uint8Array.prototype.toBase64?t.toBase64({alphabet:"base64url",omitPadding:true}):Ft(t).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}var le=class extends Error{constructor(r,n){super(r,n);M(this,"code","ERR_JOSE_GENERIC");this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor);}};M(le,"code","ERR_JOSE_GENERIC");var D=class extends le{constructor(){super(...arguments);M(this,"code","ERR_JOSE_NOT_SUPPORTED");}};M(D,"code","ERR_JOSE_NOT_SUPPORTED");var ne=class extends le{constructor(){super(...arguments);M(this,"code","ERR_JWS_INVALID");}};M(ne,"code","ERR_JWS_INVALID");var Te=class extends le{constructor(){super(...arguments);M(this,"code","ERR_JWT_INVALID");}};M(Te,"code","ERR_JWT_INVALID");var Vt,qt,yt=class extends(qt=le,Vt=Symbol.asyncIterator,qt){constructor(r="multiple matching keys found in the JSON Web Key Set",n){super(r,n);M(this,Vt);M(this,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");}};M(yt,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");function q(e,t="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`)}function we(e,t){return e.name===t}function mt(e){return parseInt(e.name.slice(4),10)}function pn(e){switch(e){case "ES256":return "P-256";case "ES384":return "P-384";case "ES512":return "P-521";default:throw new Error("unreachable")}}function hn(e,t){if(!e.usages.includes(t))throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`)}function zt(e,t,r){switch(t){case "HS256":case "HS384":case "HS512":{if(!we(e.algorithm,"HMAC"))throw q("HMAC");let n=parseInt(t.slice(2),10);if(mt(e.algorithm.hash)!==n)throw q(`SHA-${n}`,"algorithm.hash");break}case "RS256":case "RS384":case "RS512":{if(!we(e.algorithm,"RSASSA-PKCS1-v1_5"))throw q("RSASSA-PKCS1-v1_5");let n=parseInt(t.slice(2),10);if(mt(e.algorithm.hash)!==n)throw q(`SHA-${n}`,"algorithm.hash");break}case "PS256":case "PS384":case "PS512":{if(!we(e.algorithm,"RSA-PSS"))throw q("RSA-PSS");let n=parseInt(t.slice(2),10);if(mt(e.algorithm.hash)!==n)throw q(`SHA-${n}`,"algorithm.hash");break}case "Ed25519":case "EdDSA":{if(!we(e.algorithm,"Ed25519"))throw q("Ed25519");break}case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":{if(!we(e.algorithm,t))throw q(t);break}case "ES256":case "ES384":case "ES512":{if(!we(e.algorithm,"ECDSA"))throw q("ECDSA");let n=pn(t);if(e.algorithm.namedCurve!==n)throw q(n,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}hn(e,r);}function Xt(e,t,...r){if(r=r.filter(Boolean),r.length>2){let n=r.pop();e+=`one of type ${r.join(", ")}, or ${n}.`;}else r.length===2?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return t==null?e+=` Received ${t}`:typeof t=="function"&&t.name?e+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&t.constructor?.name&&(e+=` Received an instance of ${t.constructor.name}`),e}var Yt=(e,...t)=>Xt("Key must be ",e,...t);function wt(e,t,...r){return Xt(`Key for the ${e} algorithm must be `,t,...r)}function gt(e){return e?.[Symbol.toStringTag]==="CryptoKey"}function bt(e){return e?.[Symbol.toStringTag]==="KeyObject"}var St=e=>gt(e)||bt(e);var Zt=(...e)=>{let t=e.filter(Boolean);if(t.length===0||t.length===1)return  true;let r;for(let n of t){let o=Object.keys(n);if(!r||r.size===0){r=new Set(o);continue}for(let a of o){if(r.has(a))return  false;r.add(a);}}return  true};function yn(e){return typeof e=="object"&&e!==null}var Ve=e=>{if(!yn(e)||Object.prototype.toString.call(e)!=="[object Object]")return  false;if(Object.getPrototypeOf(e)===null)return  true;let t=e;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t};var Qt=(e,t)=>{if(e.startsWith("RS")||e.startsWith("PS")){let{modulusLength:r}=t.algorithm;if(typeof r!="number"||r<2048)throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`)}};function mn(e){let t,r;switch(e.kty){case "AKP":{switch(e.alg){case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":t={name:e.alg},r=e.priv?["sign"]:["verify"];break;default:throw new D('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "RSA":{switch(e.alg){case "PS256":case "PS384":case "PS512":t={name:"RSA-PSS",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case "RS256":case "RS384":case "RS512":t={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case "RSA-OAEP":case "RSA-OAEP-256":case "RSA-OAEP-384":case "RSA-OAEP-512":t={name:"RSA-OAEP",hash:`SHA-${parseInt(e.alg.slice(-3),10)||1}`},r=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new D('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "EC":{switch(e.alg){case "ES256":t={name:"ECDSA",namedCurve:"P-256"},r=e.d?["sign"]:["verify"];break;case "ES384":t={name:"ECDSA",namedCurve:"P-384"},r=e.d?["sign"]:["verify"];break;case "ES512":t={name:"ECDSA",namedCurve:"P-521"},r=e.d?["sign"]:["verify"];break;case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new D('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "OKP":{switch(e.alg){case "Ed25519":case "EdDSA":t={name:"Ed25519"},r=e.d?["sign"]:["verify"];break;case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":t={name:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new D('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}default:throw new D('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return {algorithm:t,keyUsages:r}}var er=async e=>{if(!e.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');let{algorithm:t,keyUsages:r}=mn(e),n={...e};return n.kty!=="AKP"&&delete n.alg,delete n.use,crypto.subtle.importKey("jwk",n,t,e.ext??!(e.d||e.priv),e.key_ops??r)};var tr=(e,t,r,n,o)=>{if(o.crit!==void 0&&n?.crit===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!n||n.crit===void 0)return new Set;if(!Array.isArray(n.crit)||n.crit.length===0||n.crit.some(i=>typeof i!="string"||i.length===0))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let a;r!==void 0?a=new Map([...Object.entries(r),...t.entries()]):a=t;for(let i of n.crit){if(!a.has(i))throw new D(`Extension Header Parameter "${i}" is not recognized`);if(o[i]===void 0)throw new e(`Extension Header Parameter "${i}" is missing`);if(a.get(i)&&n[i]===void 0)throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`)}return new Set(n.crit)};function Ie(e){return Ve(e)&&typeof e.kty=="string"}function rr(e){return e.kty!=="oct"&&(e.kty==="AKP"&&typeof e.priv=="string"||typeof e.d=="string")}function nr(e){return e.kty!=="oct"&&typeof e.d>"u"&&typeof e.priv>"u"}function or(e){return e.kty==="oct"&&typeof e.k=="string"}var ge,ar=async(e,t,r,n=false)=>{ge||(ge=new WeakMap);let o=ge.get(e);if(o?.[r])return o[r];let a=await er({...t,alg:r});return n&&Object.freeze(e),o?o[r]=a:ge.set(e,{[r]:a}),a},gn=(e,t)=>{ge||(ge=new WeakMap);let r=ge.get(e);if(r?.[t])return r[t];let n=e.type==="public",o=!!n,a;if(e.asymmetricKeyType==="x25519"){switch(t){case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}a=e.toCryptoKey(e.asymmetricKeyType,o,n?[]:["deriveBits"]);}if(e.asymmetricKeyType==="ed25519"){if(t!=="EdDSA"&&t!=="Ed25519")throw new TypeError("given KeyObject instance cannot be used for this algorithm");a=e.toCryptoKey(e.asymmetricKeyType,o,[n?"verify":"sign"]);}switch(e.asymmetricKeyType){case "ml-dsa-44":case "ml-dsa-65":case "ml-dsa-87":{if(t!==e.asymmetricKeyType.toUpperCase())throw new TypeError("given KeyObject instance cannot be used for this algorithm");a=e.toCryptoKey(e.asymmetricKeyType,o,[n?"verify":"sign"]);}}if(e.asymmetricKeyType==="rsa"){let i;switch(t){case "RSA-OAEP":i="SHA-1";break;case "RS256":case "PS256":case "RSA-OAEP-256":i="SHA-256";break;case "RS384":case "PS384":case "RSA-OAEP-384":i="SHA-384";break;case "RS512":case "PS512":case "RSA-OAEP-512":i="SHA-512";break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}if(t.startsWith("RSA-OAEP"))return e.toCryptoKey({name:"RSA-OAEP",hash:i},o,n?["encrypt"]:["decrypt"]);a=e.toCryptoKey({name:t.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:i},o,[n?"verify":"sign"]);}if(e.asymmetricKeyType==="ec"){let c=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get(e.asymmetricKeyDetails?.namedCurve);if(!c)throw new TypeError("given KeyObject instance cannot be used for this algorithm");t==="ES256"&&c==="P-256"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:c},o,[n?"verify":"sign"])),t==="ES384"&&c==="P-384"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:c},o,[n?"verify":"sign"])),t==="ES512"&&c==="P-521"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:c},o,[n?"verify":"sign"])),t.startsWith("ECDH-ES")&&(a=e.toCryptoKey({name:"ECDH",namedCurve:c},o,n?[]:["deriveBits"]));}if(!a)throw new TypeError("given KeyObject instance cannot be used for this algorithm");return r?r[t]=a:ge.set(e,{[t]:a}),a},ir=async(e,t)=>{if(e instanceof Uint8Array||gt(e))return e;if(bt(e)){if(e.type==="secret")return e.export();if("toCryptoKey"in e&&typeof e.toCryptoKey=="function")try{return gn(e,t)}catch(n){if(n instanceof TypeError)throw n}let r=e.export({format:"jwk"});return ar(e,r,t)}if(Ie(e))return e.k?Gt(e.k):ar(e,e,t,true);throw new Error("unreachable")};var be=e=>e?.[Symbol.toStringTag],Rt=(e,t,r)=>{if(t.use!==void 0){let n;switch(r){case "sign":case "verify":n="sig";break;case "encrypt":case "decrypt":n="enc";break}if(t.use!==n)throw new TypeError(`Invalid key for this operation, its "use" must be "${n}" when present`)}if(t.alg!==void 0&&t.alg!==e)throw new TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);if(Array.isArray(t.key_ops)){let n;switch(true){case(r==="sign"):case e==="dir":case e.includes("CBC-HS"):n=r;break;case e.startsWith("PBES2"):n="deriveBits";break;case /^A\d{3}(?:GCM)?(?:KW)?$/.test(e):!e.includes("GCM")&&e.endsWith("KW")?n="unwrapKey":n=r;break;case(r==="encrypt"):n="wrapKey";break;case r==="decrypt":n=e.startsWith("RSA")?"unwrapKey":"deriveBits";break}if(n&&t.key_ops?.includes?.(n)===false)throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${n}" when present`)}return  true},bn=(e,t,r)=>{if(!(t instanceof Uint8Array)){if(Ie(t)){if(or(t)&&Rt(e,t,r))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!St(t))throw new TypeError(wt(e,t,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if(t.type!=="secret")throw new TypeError(`${be(t)} instances for symmetric algorithms must be of type "secret"`)}},Sn=(e,t,r)=>{if(Ie(t))switch(r){case "decrypt":case "sign":if(rr(t)&&Rt(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a private JWK");case "encrypt":case "verify":if(nr(t)&&Rt(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a public JWK")}if(!St(t))throw new TypeError(wt(e,t,"CryptoKey","KeyObject","JSON Web Key"));if(t.type==="secret")throw new TypeError(`${be(t)} instances for asymmetric algorithms must not be of type "secret"`);if(t.type==="public")switch(r){case "sign":throw new TypeError(`${be(t)} instances for asymmetric algorithm signing must be of type "private"`);case "decrypt":throw new TypeError(`${be(t)} instances for asymmetric algorithm decryption must be of type "private"`);}if(t.type==="private")switch(r){case "verify":throw new TypeError(`${be(t)} instances for asymmetric algorithm verifying must be of type "public"`);case "encrypt":throw new TypeError(`${be(t)} instances for asymmetric algorithm encryption must be of type "public"`);}},sr=(e,t,r)=>{e.startsWith("HS")||e==="dir"||e.startsWith("PBES2")||/^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e)||/^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e)?bn(e,t,r):Sn(e,t,r);};var cr=(e,t)=>{let r=`SHA-${e.slice(-3)}`;switch(e){case "HS256":case "HS384":case "HS512":return {hash:r,name:"HMAC"};case "PS256":case "PS384":case "PS512":return {hash:r,name:"RSA-PSS",saltLength:parseInt(e.slice(-3),10)>>3};case "RS256":case "RS384":case "RS512":return {hash:r,name:"RSASSA-PKCS1-v1_5"};case "ES256":case "ES384":case "ES512":return {hash:r,name:"ECDSA",namedCurve:t.namedCurve};case "Ed25519":case "EdDSA":return {name:"Ed25519"};case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":return {name:e};default:throw new D(`alg ${e} is not supported either by JOSE or your javascript runtime`)}};var lr=async(e,t,r)=>{if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(Yt(t,"CryptoKey","KeyObject","JSON Web Key"));return crypto.subtle.importKey("raw",t,{hash:`SHA-${e.slice(-3)}`,name:"HMAC"},false,[r])}return zt(t,e,r),t};var ae=e=>Math.floor(e.getTime()/1e3);var Rn=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i,qe=e=>{let t=Rn.exec(e);if(!t||t[4]&&t[1])throw new TypeError("Invalid time period format");let r=parseFloat(t[2]),n=t[3].toLowerCase(),o;switch(n){case "sec":case "secs":case "second":case "seconds":case "s":o=Math.round(r);break;case "minute":case "minutes":case "min":case "mins":case "m":o=Math.round(r*60);break;case "hour":case "hours":case "hr":case "hrs":case "h":o=Math.round(r*3600);break;case "day":case "days":case "d":o=Math.round(r*86400);break;case "week":case "weeks":case "w":o=Math.round(r*604800);break;default:o=Math.round(r*31557600);break}return t[1]==="-"||t[4]==="ago"?-o:o};function ue(e,t){if(!Number.isFinite(t))throw new TypeError(`Invalid ${e} input`);return t}var x,ze=class{constructor(t){U(this,x);if(!Ve(t))throw new TypeError("JWT Claims Set MUST be an object");N(this,x,structuredClone(t));}data(){return re.encode(JSON.stringify(h(this,x)))}get iss(){return h(this,x).iss}set iss(t){h(this,x).iss=t;}get sub(){return h(this,x).sub}set sub(t){h(this,x).sub=t;}get aud(){return h(this,x).aud}set aud(t){h(this,x).aud=t;}set jti(t){h(this,x).jti=t;}set nbf(t){typeof t=="number"?h(this,x).nbf=ue("setNotBefore",t):t instanceof Date?h(this,x).nbf=ue("setNotBefore",ae(t)):h(this,x).nbf=ae(new Date)+qe(t);}set exp(t){typeof t=="number"?h(this,x).exp=ue("setExpirationTime",t):t instanceof Date?h(this,x).exp=ue("setExpirationTime",ae(t)):h(this,x).exp=ae(new Date)+qe(t);}set iat(t){typeof t>"u"?h(this,x).iat=ae(new Date):t instanceof Date?h(this,x).iat=ue("setIssuedAt",ae(t)):typeof t=="string"?h(this,x).iat=ue("setIssuedAt",ae(new Date)+qe(t)):h(this,x).iat=ue("setIssuedAt",t);}};x=new WeakMap;var ur=async(e,t,r)=>{let n=await lr(e,t,"sign");Qt(e,n);let o=await crypto.subtle.sign(cr(e,n.algorithm),n,r);return new Uint8Array(o)};var We,L,z,Xe=class{constructor(t){U(this,We);U(this,L);U(this,z);if(!(t instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");N(this,We,t);}setProtectedHeader(t){if(h(this,L))throw new TypeError("setProtectedHeader can only be called once");return N(this,L,t),this}setUnprotectedHeader(t){if(h(this,z))throw new TypeError("setUnprotectedHeader can only be called once");return N(this,z,t),this}async sign(t,r){if(!h(this,L)&&!h(this,z))throw new ne("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!Zt(h(this,L),h(this,z)))throw new ne("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let n={...h(this,L),...h(this,z)},o=tr(ne,new Map([["b64",true]]),r?.crit,h(this,L),n),a=true;if(o.has("b64")&&(a=h(this,L).b64,typeof a!="boolean"))throw new ne('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:i}=n;if(typeof i!="string"||!i)throw new ne('JWS "alg" (Algorithm) Header Parameter missing or invalid');sr(i,t,"sign");let c=h(this,We);a&&(c=re.encode(Ge(c)));let u;h(this,L)?u=re.encode(Ge(JSON.stringify(h(this,L)))):u=re.encode("");let s=Nt(u,re.encode("."),c),l=await ir(t,i),d=await ur(i,l,s),f={signature:Ge(d),payload:""};return a&&(f.payload=me.decode(c)),h(this,z)&&(f.header=h(this,z)),h(this,L)&&(f.protected=me.decode(u)),f}};We=new WeakMap,L=new WeakMap,z=new WeakMap;var Se,Ye=class{constructor(t){U(this,Se);N(this,Se,new Xe(t));}setProtectedHeader(t){return h(this,Se).setProtectedHeader(t),this}async sign(t,r){let n=await h(this,Se).sign(t,r);if(n.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return `${n.protected}.${n.payload}.${n.signature}`}};Se=new WeakMap;var ie,$,fe=class{constructor(t={}){U(this,ie);U(this,$);N(this,$,new ze(t));}setIssuer(t){return h(this,$).iss=t,this}setSubject(t){return h(this,$).sub=t,this}setAudience(t){return h(this,$).aud=t,this}setJti(t){return h(this,$).jti=t,this}setNotBefore(t){return h(this,$).nbf=t,this}setExpirationTime(t){return h(this,$).exp=t,this}setIssuedAt(t){return h(this,$).iat=t,this}setProtectedHeader(t){return N(this,ie,t),this}async sign(t,r){let n=new Ye(h(this,$).data());if(n.setProtectedHeader(h(this,ie)),Array.isArray(h(this,ie)?.crit)&&h(this,ie).crit.includes("b64")&&h(this,ie).b64===false)throw new Te("JWTs MUST NOT use unencoded payload");return n.sign(t,r)}};ie=new WeakMap,$=new WeakMap;var En=e=>btoa(String.fromCharCode(...new Uint8Array(e))).replaceAll("+","-").replaceAll("/","_").replaceAll("=",""),Ze=async e=>{let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return En(r)},B=async e=>{let{method:t,url:r,nonce:n,ath:o,privateKey:a,publicJwk:i}=e,c={htm:t.toUpperCase(),htu:r,jti:crypto.randomUUID(),iat:Math.floor(Date.now()/1e3)};return n&&(c.nonce=n),o&&(c.ath=o),await new fe(c).setProtectedHeader({alg:"ES256",typ:"dpop+jwt",jwk:i}).sign(a)};var _=async e=>{let t={crv:e.crv,kty:"EC",x:e.x,y:e.y},r=JSON.stringify(t),n=new TextEncoder().encode(r),o=await crypto.subtle.digest("SHA-256",n);return btoa(String.fromCharCode(...new Uint8Array(o))).replaceAll("+","-").replaceAll("/","_").replaceAll("=","")};async function de(e){let{rootPrivateKey:t,rootPublicJwk:r,childJkt:n,clientId:o,sid:a,ttlSec:i=300}=e,c=Math.floor(Date.now()/1e3),u=c+Math.max(60,Math.min(i,3600)),s={child_jkt:n,client_id:o,aud:"issuer",iat:c,exp:u,jti:crypto.randomUUID()};return a&&(s.sid=a),await new fe(s).setProtectedHeader({alg:"ES256",typ:"pode+jwt",jwk:r}).sign(t)}function Je(e,t=300){return e.replace(/<[^>]*>/g,"").slice(0,t)}async function De(e){let t=e.status,r=Array.from(e.headers.keys()).some(c=>c.toLowerCase().startsWith("x-amzn-waf")),n,o,a=e.headers.get("content-type")||"";if(a.includes("application/json"))try{let c=await e.clone().json();n=typeof c?.error=="string"?c.error:void 0,o=typeof c?.detail=="string"?c.detail:void 0;}catch{}let i=t===403&&!r&&!a.includes("application/json");return {status:t,code:n,detail:o,waf:r,alb403:i}}function pe(e,t){let r=new Error(e);return r.status=t.status,r.code=t.code,r.detail=t.detail,r.waf=t.waf,r.alb403=t.alb403,r}var Re={boundWallet:null,clientId:null,jkt:null,refreshId:null,lastPolicyHash:null,lastPolicyProof:null,lastHost:null,rootJkt:null},Et=createContext(void 0);function yr(e){try{return JSON.parse(localStorage.getItem(e)||"null")??Re}catch{return Re}}function vn(e,t){try{localStorage.setItem(e,JSON.stringify(t));}catch{}}var kt=({children:e,clientId:t})=>{let[r,n]=useState(Re),o=useRef(false),[a,i]=useState(false),c=useMemo(()=>Ce(t),[t]);useEffect(()=>{let p=true;return (async()=>{let y=await I(c)??await I(Be)??yr(c);p&&(n({...Re,...y}),o.current=true,i(true));})(),()=>{p=false;}},[c]),useEffect(()=>{o.current&&(async()=>(await E(c,r),vn(c,r)))();},[r,c]);let u=useCallback(p=>n(g=>({...g,refreshId:p})),[]),s=useCallback(p=>n(g=>({...g,lastPolicyHash:p})),[]),l=useCallback(p=>n(g=>({...g,lastPolicyProof:p})),[]),d=useCallback(p=>n(g=>({...g,lastHost:p})),[]),f=useCallback(p=>n(g=>({...g,rootJkt:p})),[]),w=async()=>{try{let p=localStorage.getItem(c);if(p){let g=JSON.parse(p);if(typeof g?.refreshId=="string"&&g.refreshId)return g.refreshId}}catch{}try{let p=await I(c);if(typeof p?.refreshId=="string"&&p.refreshId)return p.refreshId}catch{}return null},b=useCallback(p=>n(g=>({...g,boundWallet:p})),[]),R=useCallback(p=>n(g=>({...g,clientId:p})),[]),m=useCallback(p=>n(g=>({...g,jkt:p})),[]),k=useCallback(()=>n(Re),[]),S=useCallback(async()=>{let g=await I(c)??yr(c);n({...Re,...g});},[]),H=useMemo(()=>({meta:r,setBoundWallet:b,setClientId:R,setJkt:m,resetMeta:k,reload:S,setRefreshId:u,getRefreshId:w,ready:a,setLastPolicyHash:s,setLastPolicyProof:l,setLastHost:d,setRootJkt:f}),[r,b,R,m,k,S,a,u,w,s,l,d,f]);return jsx(Et.Provider,{value:H,children:e})};function Pt(){let e=useContext(Et);if(!e)throw new Error("useMeta must be used within <MetaProvider>");return e}var wr=`${T}:wrap`;async function Qe(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},!1,["sign","verify"]),t=`${T}:probe_safe`;await E(t,{fmt:"cryptokey",privKey:e.privateKey});let r=await I(t);return await E(t,void 0),!!(r&&r.privKey)}catch{return  false}}async function Kn(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},!0,["sign","verify"]),t=`${T}:probe`;await E(t,{fmt:"cryptokey",privKey:e.privateKey});let r=await I(t);return await E(t,void 0),!!(r&&r.privKey)}catch{return  false}}function ke(e){let t={...e};return delete t.d,t.kty="EC",t.crv=v,t.alg=Ke,t.use="sig",t}async function gr(){let e=await I(wr);if(!e){let t=new Uint8Array(32);crypto.getRandomValues(t),e=t.buffer,await E(wr,e);}return crypto.subtle.importKey("raw",e,{name:"AES-GCM",length:256},false,["encrypt","decrypt"])}async function vt(e){let t=await gr(),r=new Uint8Array(12);crypto.getRandomValues(r);let n=new TextEncoder().encode(JSON.stringify(e));return {encPrivJwk:await crypto.subtle.encrypt({name:"AES-GCM",iv:r},t,n),iv:r.buffer}}async function Cn(e,t){let r=await gr(),n=await crypto.subtle.decrypt({name:"AES-GCM",iv:t},r,e);return JSON.parse(new TextDecoder().decode(new Uint8Array(n)))}var At=()=>{let e=useRef(null),t=useRef(null),r=useCallback(async()=>{let u=await I(T);if(!u)return  false;if(u.fmt==="cryptokey"){let l=u;if(!l.privKey)return await E(T,void 0),false;let d=l.privKey;try{if(d.extractable&&await Qe()){let w=await crypto.subtle.exportKey("jwk",d),b=await crypto.subtle.importKey("jwk",w,{name:"ECDSA",namedCurve:v},!1,["sign"]),R={fmt:"cryptokey",privKey:b,pubJwk:ke(l.pubJwk)};await E(T,R),d=b;}}catch{}return e.current=d,t.current=ke(l.pubJwk),true}if(u.fmt==="encjwk"){let l=u;try{let d=await Cn(l.encPrivJwk,l.iv),f=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},!1,["sign"]);return e.current=f,t.current=ke(l.pubJwk),!0}catch{return await E(T,void 0),false}}let s=u;if(s&&s.d){let{d:l,...d}=s,f=ke(d),w=await Qe(),b=w||await Kn();if(b&&w){let S=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},false,["sign"]);return await E(T,{fmt:"cryptokey",privKey:S,pubJwk:f}),e.current=S,t.current=f,true}if(b){let S=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},true,["sign"]);return await E(T,{fmt:"cryptokey",privKey:S,pubJwk:f}),e.current=S,t.current=f,true}let{encPrivJwk:R,iv:m}=await vt(s);await E(T,{fmt:"encjwk",encPrivJwk:R,iv:m,pubJwk:f});let k=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},false,["sign"]);return e.current=k,t.current=f,true}return await E(T,void 0),false},[]),n=useCallback(async(u,s)=>{await E(T,{fmt:"cryptokey",privKey:u,pubJwk:s});},[]),o=useCallback(async(u,s)=>{let{encPrivJwk:l,iv:d}=await vt(u);await E(T,{fmt:"encjwk",encPrivJwk:l,iv:d,pubJwk:s});},[]),a=useCallback(async()=>{if(e.current&&t.current||await r())return;let u=await Qe(),s=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},true,["sign","verify"]),l=ke(await crypto.subtle.exportKey("jwk",s.publicKey)),d=await crypto.subtle.exportKey("jwk",s.privateKey);if(u){let f=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},false,["sign"]);await n(f,l),e.current=f,t.current=l;}else {await o(d,l);let f=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},false,["sign"]);e.current=f,t.current=l;}},[r,n,o]),i=useCallback(async()=>{let u=await Qe(),s=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},true,["sign","verify"]),l=ke(await crypto.subtle.exportKey("jwk",s.publicKey)),d=await crypto.subtle.exportKey("jwk",s.privateKey);if(u){let f=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},false,["sign"]);await E(T,{fmt:"cryptokey",privKey:f,pubJwk:l}),e.current=f,t.current=l;}else {let{encPrivJwk:f,iv:w}=await vt(d);await E(T,{fmt:"encjwk",encPrivJwk:f,iv:w,pubJwk:l});let b=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},false,["sign"]);e.current=b,t.current=l;}},[]),c=useCallback(async()=>{await E(T,void 0),e.current=null,t.current=null;},[]);return {ensureKeypair:a,rotate:i,clear:c,privRef:e,pubJwkRef:t}};var Y="sunbreak_root_key_v1",Sr=`${Y}:wrap`;async function Rr(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},!1,["sign","verify"]),t=`${Y}:probe_safe`;await E(t,{fmt:"cryptokey",privKey:e.privateKey,createdAt:Date.now(),pubJwk:{}});let r=await I(t);return await E(t,void 0),!!(r&&r.privKey)}catch{return  false}}function et(e){let t={...e};return delete t.d,t.kty="EC",t.crv=v,t.alg=Ke,t.use="sig",t}async function Er(){let e=await I(Sr);if(!e){let t=new Uint8Array(32);crypto.getRandomValues(t),e=t.buffer,await E(Sr,e);}return crypto.subtle.importKey("raw",e,{name:"AES-GCM",length:256},false,["encrypt","decrypt"])}async function Tn(e){let t=await Er(),r=new Uint8Array(12);crypto.getRandomValues(r);let n=new TextEncoder().encode(JSON.stringify(e));return {encPrivJwk:await crypto.subtle.encrypt({name:"AES-GCM",iv:r},t,n),iv:r.buffer}}async function In(e,t){let r=await Er(),n=await crypto.subtle.decrypt({name:"AES-GCM",iv:t},r,e);return JSON.parse(new TextDecoder().decode(new Uint8Array(n)))}var Kt=()=>{let e=useRef(null),t=useRef(null),r=useCallback(async()=>{let a=await I(Y);if(!a)return  false;if(a.fmt==="cryptokey"){let i=a;if(!i.privKey)return await E(Y,void 0),false;let c=i.privKey;try{if(c.extractable&&await Rr()){let s=await crypto.subtle.exportKey("jwk",c),l=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},!1,["sign"]),d={fmt:"cryptokey",privKey:l,pubJwk:et(i.pubJwk),createdAt:i.createdAt};await E(Y,d),c=l;}}catch{}return e.current=c,t.current=et(i.pubJwk),true}if(a.fmt==="encjwk"){let i=a;try{let c=await In(i.encPrivJwk,i.iv),u=await crypto.subtle.importKey("jwk",c,{name:"ECDSA",namedCurve:v},!1,["sign"]);return e.current=u,t.current=et(i.pubJwk),!0}catch{return await E(Y,void 0),false}}return await E(Y,void 0),false},[]),n=useCallback(async()=>{if(e.current&&t.current||await r())return;let a=await Rr(),i=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},true,["sign","verify"]),c=et(await crypto.subtle.exportKey("jwk",i.publicKey)),u=Date.now(),s=await crypto.subtle.exportKey("jwk",i.privateKey);if(a){let l=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},false,["sign"]);await E(Y,{fmt:"cryptokey",privKey:l,pubJwk:c,createdAt:u}),e.current=l,t.current=c;}else {let{encPrivJwk:l,iv:d}=await Tn(s);await E(Y,{fmt:"encjwk",encPrivJwk:l,iv:d,pubJwk:c,createdAt:u});let w=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},false,["sign"]);e.current=w,t.current=c;}},[r]),o=useCallback(async()=>{await E(Y,void 0),e.current=null,t.current=null;},[]);return {ensureRootKeypair:n,clear:o,rootPrivRef:e,rootPubJwkRef:t}};var Le=class e{constructor(t,r=false){this.colors={flow:"#00D9FF",state:"#00FF88",decision:"#FFB800",api:"#B388FF",guard:"#FFEA00",error:"#FF5252",warn:"#FF9100",info:"#90CAF9"};this.enabled=r,this.prefix=t?`[Sunbreak:${t.slice(0,8)}]`:"[Sunbreak]";}log(t,r,n){if(!this.enabled)return;let o=this.colors[t],a=new Date().toISOString().slice(11,23),i=this.getEmoji(t);console.log(`%c${i} ${this.prefix} [${a}] [${t.toUpperCase()}]%c ${r}`,`color: ${o}; font-weight: bold`,"color: inherit; font-weight: normal",n!==void 0?n:"");}getEmoji(t){switch(t){case "flow":return "\u{1F504}";case "state":return "\u{1F500}";case "decision":return "\u{1F914}";case "api":return "\u{1F4E1}";case "guard":return "\u{1F6E1}\uFE0F";case "error":return "\u274C";case "warn":return "\u26A0\uFE0F";case "info":return "\u2139\uFE0F";default:return "\u2022"}}flow(t,r,n){this.log("flow",`[${t.toUpperCase()}] ${r}`,n);}state(t,r,n,o){this.log("state",`${t} \u2192 ${r}: ${n}`,o);}decision(t,r,n,o){this.log("decision",`${t} = ${r?"\u2713 YES":"\u2717 NO"} (${n})`,o);}api(t,r,n){let o=n.status,i=o>=200&&o<300?"\u2713":"\u2717";this.log("api",`${i} ${t} ${r} \u2192 ${o}${n.error?` (${n.error})`:""}`,n.data);}guard(t,r,n,o){this.log("guard",`${t}: ${r?"\u2713 PASS":"\u2717 BLOCK"} (${n})`,o);}error(t,r){this.log("error",t,r);}warn(t,r){this.log("warn",t,r);}info(t,r){this.log("info",t,r);}group(t){this.enabled&&console.group(`${this.prefix} ${t}`);}groupEnd(){this.enabled&&console.groupEnd();}child(t){let r=new e(void 0,this.enabled);return r.prefix=`${this.prefix}[${t}]`,r}},Ct=null;function kr(){return Ct||(Ct=new Le(void 0,false)),Ct}var tt=class{constructor(t){this.currentState="unknown";this.previousState="unknown";this.logger=kr();this.hadSessionHistory=false;this.inActiveSession=false;t&&this.initialize(t);}initialize(t){if(this.currentState!=="unknown"){this.logger.info(`Skipping initialization - state already set to ${this.currentState}`);let n=!!(t.boundWallet||t.refreshId);this.hadSessionHistory=n;return}this.logger.group("\u{1F527} Initializing Session State Machine");let r=!!(t.boundWallet||t.refreshId);this.hadSessionHistory=r,this.logger.info("Initial context",{wallet:t.wallet,boundWallet:t.boundWallet,refreshId:t.refreshId?"present":"null",hasToken:t.hasToken,authenticated:t.authenticated,hasHistory:r}),t.authenticated&&t.hasToken?(this.transition("authenticated","Has valid token"),this.inActiveSession=true):r?this.transition("refreshable","Has session history"):this.transition("unregistered","No session history"),this.logger.groupEnd();}transition(t,r){if(this.currentState===t){this.logger.info(`State unchanged: ${t} (${r})`);return}this.previousState=this.currentState,this.currentState=t,this.logger.state(this.previousState,t,r);}getState(){return this.currentState}isInActiveSession(){return this.inActiveSession}markHadSession(){this.hadSessionHistory||(this.logger.info("Marked hadSessionHistory = true"),this.hadSessionHistory=true);}clearSessionHistory(){this.logger.info("Cleared session history"),this.hadSessionHistory=false,this.inActiveSession=false;}onProbeComplete(t){if(this.logger.flow("probe","Probe completed, determining initial state"),this.currentState!=="unknown"){this.logger.warn("Probe called but state is not UNKNOWN",{currentState:this.currentState});return}!!(t.boundWallet||t.refreshId)||this.hadSessionHistory?this.transition("refreshable","Session history found"):this.transition("unregistered","No session history");}onRegisterSuccess(t){this.logger.flow("register","Register succeeded"),this.transition("authenticated","Register succeeded"),this.inActiveSession=true,this.hadSessionHistory=true;}onRegisterFailure(t){this.logger.flow("register",`Register failed: ${t}`);}onRefreshSuccess(t){this.logger.flow("refresh","Refresh succeeded"),this.transition("authenticated","Refresh succeeded"),this.inActiveSession=true;}onRefreshExpired(){this.logger.flow("refresh","Refresh failed: session expired (missing refresh identifier)"),this.transition("expired","Session expired"),this.inActiveSession=false;}onRefreshFailure(t){this.logger.flow("refresh",`Refresh failed: ${t}`);}onTokenExpired(){this.logger.flow("token","Token expired"),this.currentState==="authenticated"&&this.transition("refreshable","Token expired");}onWalletChange(t,r,n){if(this.logger.flow("wallet",`Wallet changed: ${t||"null"} \u2192 ${r||"null"}`),!r){this.transition("unknown","Wallet disconnected"),this.inActiveSession=false;return}r.toLowerCase()===n.boundWallet?.toLowerCase()?(this.hadSessionHistory=true,this.transition("refreshable","Wallet reconnected with session history")):(this.transition("unregistered","Wallet changed to different address"),this.inActiveSession=false);}onWalletDisconnect(){this.logger.flow("wallet","Wallet disconnected"),this.transition("unknown","Wallet disconnected"),this.inActiveSession=false;}shouldAttemptProbe(){let t=this.currentState==="unknown";return this.logger.decision("Should attempt probe?",t,`State is ${this.currentState}`),t}shouldAttemptRefresh(t){if(this.currentState!=="refreshable"&&this.currentState!=="authenticated")return this.logger.decision("Should attempt refresh?",false,`State is ${this.currentState}, not REFRESHABLE or AUTHENTICATED`),false;if(!(t.boundWallet||t.wallet))return this.logger.decision("Should attempt refresh?",false,"No wallet available (neither boundWallet nor current wallet)"),false;if(t.wallet&&t.boundWallet&&t.wallet.toLowerCase()!==t.boundWallet.toLowerCase())return this.logger.decision("Should attempt refresh?",false,"Wallet mismatch"),false;if(t.hasToken&&t.tokenExpiry){let n=Math.floor(Date.now()/1e3);if(t.tokenExpiry-n>5&&this.currentState==="authenticated")return this.logger.decision("Should attempt refresh?",false,"Token still valid"),false}return this.logger.decision("Should attempt refresh?",true,`State is ${this.currentState}, token ${t.hasToken?"present":"missing"}`),true}shouldAttemptRegister(t){return this.inActiveSession?(this.logger.decision("Should attempt register?",false,"Already in active session - proof changes ignored"),false):this.currentState!=="unregistered"&&this.currentState!=="expired"?(this.logger.decision("Should attempt register?",false,`State is ${this.currentState}, not UNREGISTERED or EXPIRED`),false):t.wallet?t.hasProof?t.authenticated&&t.hasToken?(this.logger.decision("Should attempt register?",false,"Already authenticated"),false):(this.logger.decision("Should attempt register?",true,`State is ${this.currentState}, have wallet + proof`),true):(this.logger.decision("Should attempt register?",false,"No proof available"),false):(this.logger.decision("Should attempt register?",false,"No wallet connected"),false)}shouldWaitForInitialRefresh(t,r){return this.currentState!=="refreshable"||t?false:r.wallet&&r.boundWallet&&r.wallet.toLowerCase()===r.boundWallet.toLowerCase()?(this.logger.decision("Should wait for initial refresh?",true,"Returning user - let refresh attempt first"),true):false}getStateReport(t){return `
+var wn=Object.defineProperty;var Qt=e=>{throw TypeError(e)};var yn=(e,t,r)=>t in e?wn(e,t,{enumerable:true,configurable:true,writable:true,value:r}):e[t]=r;var O=(e,t,r)=>yn(e,typeof t!="symbol"?t+"":t,r),er=(e,t,r)=>t.has(e)||Qt("Cannot "+r);var m=(e,t,r)=>(er(e,t,"read from private field"),r?r.call(e):t.get(e)),F=(e,t,r)=>t.has(e)?Qt("Cannot add the same private member more than once"):t instanceof WeakSet?t.add(e):t.set(e,r),B=(e,t,r,n)=>(er(e,t,"write to private field"),t.set(e,r),r);var qe=e=>{let t=5381;for(let r=0;r<e.length;r++)t=t*33^e.charCodeAt(r);return (t>>>0).toString(16).padStart(8,"0")},xe=e=>{try{return e.method==="provider_jwt"?`${e.issuer}:${qe(e.token)}`:e.method==="siwe"||e.method==="eip191"?`${e.method}:${qe(e.signature)}`:e.method==="ed25519"?`ed25519:${qe(e.signatureBase64)}`:null}catch{return null}},Ce=async(e,t,r)=>{switch(e.name){case "custom":return {method:"provider_jwt",issuer:"custom",token:t,meta:r||{}};case "privy":return {method:"provider_jwt",issuer:"privy",token:t,meta:{app_id:e.appId}};case "dynamic":return e.expectedAud?{method:"provider_jwt",issuer:"dynamic",token:t,meta:{env_id:e.envId,expected_aud:e.expectedAud}}:{method:"provider_jwt",issuer:"dynamic",token:t,meta:{env_id:e.envId}};default:throw new Error(`Unknown adapter: ${e}`)}};var gn="sunbreak-kv",Ke="kv",ze="sunbreak_dpop_meta_v1",K="sunbreak_dpop_key_v1",Ie="ES256",E="P-256",Te=e=>`${ze}:${e}`,tr=()=>new Promise((e,t)=>{let r=indexedDB.open(gn,1);r.onupgradeneeded=()=>r.result.createObjectStore(Ke),r.onsuccess=()=>e(r.result),r.onerror=()=>t(r.error);}),I=async e=>{try{let t=await tr();return await new Promise((r,n)=>{let a=t.transaction(Ke,"readonly").objectStore(Ke).get(e);a.onsuccess=()=>r(a.result),a.onerror=()=>n(a.error);})}catch{return}},S=async(e,t)=>{let r=await tr();await new Promise((n,o)=>{let i=r.transaction(Ke,"readwrite").objectStore(Ke).put(t,e);i.onsuccess=()=>n(),i.onerror=()=>o(i.error);});};var bn=e=>{let t=new URL(e);if(t.protocol!=="https:"&&t.hostname!=="localhost"&&t.hostname!=="127.0.0.1")throw new Error("Sunbreak: insecure base URL");return t.hash="",t.origin},Sn=e=>e.replace(/\/+$/,""),mt=e=>{let t=Sn(e);return bn(t)};function yt(e){let t=new URL(e.baseUrl),r=t.host,n=e.meta.lastHost??null,o=Rn(n);return e.setLastHost(o),t.host=`${o}.${r}`,t.origin}var Rn=e=>{for(let t=0;t<wt.length;t++){let r=wt[Math.floor(Math.random()*wt.length)].toLowerCase();if(r!==e)return r}return "alpha"},wt=["Alpha","Bravo","Charlie","Delta","Echo","Foxtrot","Golf","Hotel","India","Juliett","Kilo","Lima","Mike","November","Oscar","Papa","Quebec","Romeo","Sierra","Tango","Uniform","Victor","Whiskey","X-ray","Yankee","Zulu"];var G=(e,t)=>{let r={clientId:e.clientId,wallet:e.wallet,ifPolicyHash:e.meta.lastPolicyHash||void 0,ifPolicyProof:e.meta.lastPolicyProof||void 0,...t};Object.keys(r).forEach(o=>r[o]===void 0&&delete r[o]);let n=JSON.stringify(r);return btoa(n)};var kn=new Set(["connection","keep-alive","proxy-authenticate","proxy-authorization","te","trailer","transfer-encoding","upgrade","via"]),En=new Set(["user-agent","referer","origin","host","content-length","sec-fetch-site","sec-fetch-mode","sec-fetch-dest","sec-fetch-user","sec-ch-ua","sec-ch-ua-mobile","sec-ch-ua-platform","sec-ch-ua-platform-version","sec-ch-ua-full-version","sec-ch-ua-arch","sec-ch-ua-model","sec-ch-ua-bitness","cookie","set-cookie"]),Pn=new Set(["dpop","x-sunbreak-meta"]),vn=64,rr=2048,An=64;function gt(e){let t={};if(!e)return t;let r=e instanceof Headers?Array.from(e.entries()):Object.entries(e),n=0;for(let[o,a]of r){if(n>=An)break;if(o==null||a==null)continue;let i=String(o).toLowerCase().trim();if(!i||i.length>vn||kn.has(i)||En.has(i)||Pn.has(i))continue;let s=String(a);s.length>rr&&(s=s.slice(0,rr)),t[i]=s,n++;}return t}var ne=new TextEncoder,ye=new TextDecoder;function nr(...e){let t=e.reduce((o,{length:a})=>o+a,0),r=new Uint8Array(t),n=0;for(let o of e)r.set(o,n),n+=o.length;return r}function or(e){if(Uint8Array.prototype.toBase64)return e.toBase64();let t=32768,r=[];for(let n=0;n<e.length;n+=t)r.push(String.fromCharCode.apply(null,e.subarray(n,n+t)));return btoa(r.join(""))}function ar(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(e);let t=atob(e),r=new Uint8Array(t.length);for(let n=0;n<t.length;n++)r[n]=t.charCodeAt(n);return r}function ir(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(typeof e=="string"?e:ye.decode(e),{alphabet:"base64url"});let t=e;t instanceof Uint8Array&&(t=ye.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return ar(t)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}}function Xe(e){let t=e;return typeof t=="string"&&(t=ne.encode(t)),Uint8Array.prototype.toBase64?t.toBase64({alphabet:"base64url",omitPadding:true}):or(t).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}var ue=class extends Error{constructor(r,n){super(r,n);O(this,"code","ERR_JOSE_GENERIC");this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor);}};O(ue,"code","ERR_JOSE_GENERIC");var L=class extends ue{constructor(){super(...arguments);O(this,"code","ERR_JOSE_NOT_SUPPORTED");}};O(L,"code","ERR_JOSE_NOT_SUPPORTED");var oe=class extends ue{constructor(){super(...arguments);O(this,"code","ERR_JWS_INVALID");}};O(oe,"code","ERR_JWS_INVALID");var We=class extends ue{constructor(){super(...arguments);O(this,"code","ERR_JWT_INVALID");}};O(We,"code","ERR_JWT_INVALID");var sr,cr,bt=class extends(cr=ue,sr=Symbol.asyncIterator,cr){constructor(r="multiple matching keys found in the JSON Web Key Set",n){super(r,n);O(this,sr);O(this,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");}};O(bt,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");function Y(e,t="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`)}function ge(e,t){return e.name===t}function St(e){return parseInt(e.name.slice(4),10)}function Kn(e){switch(e){case "ES256":return "P-256";case "ES384":return "P-384";case "ES512":return "P-521";default:throw new Error("unreachable")}}function In(e,t){if(!e.usages.includes(t))throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`)}function lr(e,t,r){switch(t){case "HS256":case "HS384":case "HS512":{if(!ge(e.algorithm,"HMAC"))throw Y("HMAC");let n=parseInt(t.slice(2),10);if(St(e.algorithm.hash)!==n)throw Y(`SHA-${n}`,"algorithm.hash");break}case "RS256":case "RS384":case "RS512":{if(!ge(e.algorithm,"RSASSA-PKCS1-v1_5"))throw Y("RSASSA-PKCS1-v1_5");let n=parseInt(t.slice(2),10);if(St(e.algorithm.hash)!==n)throw Y(`SHA-${n}`,"algorithm.hash");break}case "PS256":case "PS384":case "PS512":{if(!ge(e.algorithm,"RSA-PSS"))throw Y("RSA-PSS");let n=parseInt(t.slice(2),10);if(St(e.algorithm.hash)!==n)throw Y(`SHA-${n}`,"algorithm.hash");break}case "Ed25519":case "EdDSA":{if(!ge(e.algorithm,"Ed25519"))throw Y("Ed25519");break}case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":{if(!ge(e.algorithm,t))throw Y(t);break}case "ES256":case "ES384":case "ES512":{if(!ge(e.algorithm,"ECDSA"))throw Y("ECDSA");let n=Kn(t);if(e.algorithm.namedCurve!==n)throw Y(n,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}In(e,r);}function ur(e,t,...r){if(r=r.filter(Boolean),r.length>2){let n=r.pop();e+=`one of type ${r.join(", ")}, or ${n}.`;}else r.length===2?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return t==null?e+=` Received ${t}`:typeof t=="function"&&t.name?e+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&t.constructor?.name&&(e+=` Received an instance of ${t.constructor.name}`),e}var fr=(e,...t)=>ur("Key must be ",e,...t);function Rt(e,t,...r){return ur(`Key for the ${e} algorithm must be `,t,...r)}function kt(e){return e?.[Symbol.toStringTag]==="CryptoKey"}function Et(e){return e?.[Symbol.toStringTag]==="KeyObject"}var Pt=e=>kt(e)||Et(e);var dr=(...e)=>{let t=e.filter(Boolean);if(t.length===0||t.length===1)return  true;let r;for(let n of t){let o=Object.keys(n);if(!r||r.size===0){r=new Set(o);continue}for(let a of o){if(r.has(a))return  false;r.add(a);}}return  true};function Tn(e){return typeof e=="object"&&e!==null}var Ye=e=>{if(!Tn(e)||Object.prototype.toString.call(e)!=="[object Object]")return  false;if(Object.getPrototypeOf(e)===null)return  true;let t=e;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t};var pr=(e,t)=>{if(e.startsWith("RS")||e.startsWith("PS")){let{modulusLength:r}=t.algorithm;if(typeof r!="number"||r<2048)throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`)}};function Wn(e){let t,r;switch(e.kty){case "AKP":{switch(e.alg){case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":t={name:e.alg},r=e.priv?["sign"]:["verify"];break;default:throw new L('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "RSA":{switch(e.alg){case "PS256":case "PS384":case "PS512":t={name:"RSA-PSS",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case "RS256":case "RS384":case "RS512":t={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case "RSA-OAEP":case "RSA-OAEP-256":case "RSA-OAEP-384":case "RSA-OAEP-512":t={name:"RSA-OAEP",hash:`SHA-${parseInt(e.alg.slice(-3),10)||1}`},r=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new L('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "EC":{switch(e.alg){case "ES256":t={name:"ECDSA",namedCurve:"P-256"},r=e.d?["sign"]:["verify"];break;case "ES384":t={name:"ECDSA",namedCurve:"P-384"},r=e.d?["sign"]:["verify"];break;case "ES512":t={name:"ECDSA",namedCurve:"P-521"},r=e.d?["sign"]:["verify"];break;case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new L('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "OKP":{switch(e.alg){case "Ed25519":case "EdDSA":t={name:"Ed25519"},r=e.d?["sign"]:["verify"];break;case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":t={name:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new L('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}default:throw new L('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return {algorithm:t,keyUsages:r}}var hr=async e=>{if(!e.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');let{algorithm:t,keyUsages:r}=Wn(e),n={...e};return n.kty!=="AKP"&&delete n.alg,delete n.use,crypto.subtle.importKey("jwk",n,t,e.ext??!(e.d||e.priv),e.key_ops??r)};var mr=(e,t,r,n,o)=>{if(o.crit!==void 0&&n?.crit===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!n||n.crit===void 0)return new Set;if(!Array.isArray(n.crit)||n.crit.length===0||n.crit.some(i=>typeof i!="string"||i.length===0))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let a;r!==void 0?a=new Map([...Object.entries(r),...t.entries()]):a=t;for(let i of n.crit){if(!a.has(i))throw new L(`Extension Header Parameter "${i}" is not recognized`);if(o[i]===void 0)throw new e(`Extension Header Parameter "${i}" is missing`);if(a.get(i)&&n[i]===void 0)throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`)}return new Set(n.crit)};function Je(e){return Ye(e)&&typeof e.kty=="string"}function wr(e){return e.kty!=="oct"&&(e.kty==="AKP"&&typeof e.priv=="string"||typeof e.d=="string")}function yr(e){return e.kty!=="oct"&&typeof e.d>"u"&&typeof e.priv>"u"}function gr(e){return e.kty==="oct"&&typeof e.k=="string"}var be,br=async(e,t,r,n=false)=>{be||(be=new WeakMap);let o=be.get(e);if(o?.[r])return o[r];let a=await hr({...t,alg:r});return n&&Object.freeze(e),o?o[r]=a:be.set(e,{[r]:a}),a},Dn=(e,t)=>{be||(be=new WeakMap);let r=be.get(e);if(r?.[t])return r[t];let n=e.type==="public",o=!!n,a;if(e.asymmetricKeyType==="x25519"){switch(t){case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}a=e.toCryptoKey(e.asymmetricKeyType,o,n?[]:["deriveBits"]);}if(e.asymmetricKeyType==="ed25519"){if(t!=="EdDSA"&&t!=="Ed25519")throw new TypeError("given KeyObject instance cannot be used for this algorithm");a=e.toCryptoKey(e.asymmetricKeyType,o,[n?"verify":"sign"]);}switch(e.asymmetricKeyType){case "ml-dsa-44":case "ml-dsa-65":case "ml-dsa-87":{if(t!==e.asymmetricKeyType.toUpperCase())throw new TypeError("given KeyObject instance cannot be used for this algorithm");a=e.toCryptoKey(e.asymmetricKeyType,o,[n?"verify":"sign"]);}}if(e.asymmetricKeyType==="rsa"){let i;switch(t){case "RSA-OAEP":i="SHA-1";break;case "RS256":case "PS256":case "RSA-OAEP-256":i="SHA-256";break;case "RS384":case "PS384":case "RSA-OAEP-384":i="SHA-384";break;case "RS512":case "PS512":case "RSA-OAEP-512":i="SHA-512";break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}if(t.startsWith("RSA-OAEP"))return e.toCryptoKey({name:"RSA-OAEP",hash:i},o,n?["encrypt"]:["decrypt"]);a=e.toCryptoKey({name:t.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:i},o,[n?"verify":"sign"]);}if(e.asymmetricKeyType==="ec"){let s=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get(e.asymmetricKeyDetails?.namedCurve);if(!s)throw new TypeError("given KeyObject instance cannot be used for this algorithm");t==="ES256"&&s==="P-256"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:s},o,[n?"verify":"sign"])),t==="ES384"&&s==="P-384"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:s},o,[n?"verify":"sign"])),t==="ES512"&&s==="P-521"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:s},o,[n?"verify":"sign"])),t.startsWith("ECDH-ES")&&(a=e.toCryptoKey({name:"ECDH",namedCurve:s},o,n?[]:["deriveBits"]));}if(!a)throw new TypeError("given KeyObject instance cannot be used for this algorithm");return r?r[t]=a:be.set(e,{[t]:a}),a},Sr=async(e,t)=>{if(e instanceof Uint8Array||kt(e))return e;if(Et(e)){if(e.type==="secret")return e.export();if("toCryptoKey"in e&&typeof e.toCryptoKey=="function")try{return Dn(e,t)}catch(n){if(n instanceof TypeError)throw n}let r=e.export({format:"jwk"});return br(e,r,t)}if(Je(e))return e.k?ir(e.k):br(e,e,t,true);throw new Error("unreachable")};var Se=e=>e?.[Symbol.toStringTag],vt=(e,t,r)=>{if(t.use!==void 0){let n;switch(r){case "sign":case "verify":n="sig";break;case "encrypt":case "decrypt":n="enc";break}if(t.use!==n)throw new TypeError(`Invalid key for this operation, its "use" must be "${n}" when present`)}if(t.alg!==void 0&&t.alg!==e)throw new TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);if(Array.isArray(t.key_ops)){let n;switch(true){case(r==="sign"):case e==="dir":case e.includes("CBC-HS"):n=r;break;case e.startsWith("PBES2"):n="deriveBits";break;case /^A\d{3}(?:GCM)?(?:KW)?$/.test(e):!e.includes("GCM")&&e.endsWith("KW")?n="unwrapKey":n=r;break;case(r==="encrypt"):n="wrapKey";break;case r==="decrypt":n=e.startsWith("RSA")?"unwrapKey":"deriveBits";break}if(n&&t.key_ops?.includes?.(n)===false)throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${n}" when present`)}return  true},_n=(e,t,r)=>{if(!(t instanceof Uint8Array)){if(Je(t)){if(gr(t)&&vt(e,t,r))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!Pt(t))throw new TypeError(Rt(e,t,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if(t.type!=="secret")throw new TypeError(`${Se(t)} instances for symmetric algorithms must be of type "secret"`)}},Ln=(e,t,r)=>{if(Je(t))switch(r){case "decrypt":case "sign":if(wr(t)&&vt(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a private JWK");case "encrypt":case "verify":if(yr(t)&&vt(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a public JWK")}if(!Pt(t))throw new TypeError(Rt(e,t,"CryptoKey","KeyObject","JSON Web Key"));if(t.type==="secret")throw new TypeError(`${Se(t)} instances for asymmetric algorithms must not be of type "secret"`);if(t.type==="public")switch(r){case "sign":throw new TypeError(`${Se(t)} instances for asymmetric algorithm signing must be of type "private"`);case "decrypt":throw new TypeError(`${Se(t)} instances for asymmetric algorithm decryption must be of type "private"`);}if(t.type==="private")switch(r){case "verify":throw new TypeError(`${Se(t)} instances for asymmetric algorithm verifying must be of type "public"`);case "encrypt":throw new TypeError(`${Se(t)} instances for asymmetric algorithm encryption must be of type "public"`);}},Rr=(e,t,r)=>{e.startsWith("HS")||e==="dir"||e.startsWith("PBES2")||/^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e)||/^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e)?_n(e,t,r):Ln(e,t,r);};var kr=(e,t)=>{let r=`SHA-${e.slice(-3)}`;switch(e){case "HS256":case "HS384":case "HS512":return {hash:r,name:"HMAC"};case "PS256":case "PS384":case "PS512":return {hash:r,name:"RSA-PSS",saltLength:parseInt(e.slice(-3),10)>>3};case "RS256":case "RS384":case "RS512":return {hash:r,name:"RSASSA-PKCS1-v1_5"};case "ES256":case "ES384":case "ES512":return {hash:r,name:"ECDSA",namedCurve:t.namedCurve};case "Ed25519":case "EdDSA":return {name:"Ed25519"};case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":return {name:e};default:throw new L(`alg ${e} is not supported either by JOSE or your javascript runtime`)}};var Er=async(e,t,r)=>{if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(fr(t,"CryptoKey","KeyObject","JSON Web Key"));return crypto.subtle.importKey("raw",t,{hash:`SHA-${e.slice(-3)}`,name:"HMAC"},false,[r])}return lr(t,e,r),t};var ie=e=>Math.floor(e.getTime()/1e3);var Mn=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i,Ze=e=>{let t=Mn.exec(e);if(!t||t[4]&&t[1])throw new TypeError("Invalid time period format");let r=parseFloat(t[2]),n=t[3].toLowerCase(),o;switch(n){case "sec":case "secs":case "second":case "seconds":case "s":o=Math.round(r);break;case "minute":case "minutes":case "min":case "mins":case "m":o=Math.round(r*60);break;case "hour":case "hours":case "hr":case "hrs":case "h":o=Math.round(r*3600);break;case "day":case "days":case "d":o=Math.round(r*86400);break;case "week":case "weeks":case "w":o=Math.round(r*604800);break;default:o=Math.round(r*31557600);break}return t[1]==="-"||t[4]==="ago"?-o:o};function fe(e,t){if(!Number.isFinite(t))throw new TypeError(`Invalid ${e} input`);return t}var v,Qe=class{constructor(t){F(this,v);if(!Ye(t))throw new TypeError("JWT Claims Set MUST be an object");B(this,v,structuredClone(t));}data(){return ne.encode(JSON.stringify(m(this,v)))}get iss(){return m(this,v).iss}set iss(t){m(this,v).iss=t;}get sub(){return m(this,v).sub}set sub(t){m(this,v).sub=t;}get aud(){return m(this,v).aud}set aud(t){m(this,v).aud=t;}set jti(t){m(this,v).jti=t;}set nbf(t){typeof t=="number"?m(this,v).nbf=fe("setNotBefore",t):t instanceof Date?m(this,v).nbf=fe("setNotBefore",ie(t)):m(this,v).nbf=ie(new Date)+Ze(t);}set exp(t){typeof t=="number"?m(this,v).exp=fe("setExpirationTime",t):t instanceof Date?m(this,v).exp=fe("setExpirationTime",ie(t)):m(this,v).exp=ie(new Date)+Ze(t);}set iat(t){typeof t>"u"?m(this,v).iat=ie(new Date):t instanceof Date?m(this,v).iat=fe("setIssuedAt",ie(t)):typeof t=="string"?m(this,v).iat=fe("setIssuedAt",ie(new Date)+Ze(t)):m(this,v).iat=fe("setIssuedAt",t);}};v=new WeakMap;var Pr=async(e,t,r)=>{let n=await Er(e,t,"sign");pr(e,n);let o=await crypto.subtle.sign(kr(e,n.algorithm),n,r);return new Uint8Array(o)};var De,M,Z,et=class{constructor(t){F(this,De);F(this,M);F(this,Z);if(!(t instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");B(this,De,t);}setProtectedHeader(t){if(m(this,M))throw new TypeError("setProtectedHeader can only be called once");return B(this,M,t),this}setUnprotectedHeader(t){if(m(this,Z))throw new TypeError("setUnprotectedHeader can only be called once");return B(this,Z,t),this}async sign(t,r){if(!m(this,M)&&!m(this,Z))throw new oe("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!dr(m(this,M),m(this,Z)))throw new oe("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let n={...m(this,M),...m(this,Z)},o=mr(oe,new Map([["b64",true]]),r?.crit,m(this,M),n),a=true;if(o.has("b64")&&(a=m(this,M).b64,typeof a!="boolean"))throw new oe('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:i}=n;if(typeof i!="string"||!i)throw new oe('JWS "alg" (Algorithm) Header Parameter missing or invalid');Rr(i,t,"sign");let s=m(this,De);a&&(s=ne.encode(Xe(s)));let u;m(this,M)?u=ne.encode(Xe(JSON.stringify(m(this,M)))):u=ne.encode("");let l=nr(u,ne.encode("."),s),c=await Sr(t,i),p=await Pr(i,c,l),d={signature:Xe(p),payload:""};return a&&(d.payload=ye.decode(s)),m(this,Z)&&(d.header=m(this,Z)),m(this,M)&&(d.protected=ye.decode(u)),d}};De=new WeakMap,M=new WeakMap,Z=new WeakMap;var Re,tt=class{constructor(t){F(this,Re);B(this,Re,new et(t));}setProtectedHeader(t){return m(this,Re).setProtectedHeader(t),this}async sign(t,r){let n=await m(this,Re).sign(t,r);if(n.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return `${n.protected}.${n.payload}.${n.signature}`}};Re=new WeakMap;var se,j,de=class{constructor(t={}){F(this,se);F(this,j);B(this,j,new Qe(t));}setIssuer(t){return m(this,j).iss=t,this}setSubject(t){return m(this,j).sub=t,this}setAudience(t){return m(this,j).aud=t,this}setJti(t){return m(this,j).jti=t,this}setNotBefore(t){return m(this,j).nbf=t,this}setExpirationTime(t){return m(this,j).exp=t,this}setIssuedAt(t){return m(this,j).iat=t,this}setProtectedHeader(t){return B(this,se,t),this}async sign(t,r){let n=new tt(m(this,j).data());if(n.setProtectedHeader(m(this,se)),Array.isArray(m(this,se)?.crit)&&m(this,se).crit.includes("b64")&&m(this,se).b64===false)throw new We("JWTs MUST NOT use unencoded payload");return n.sign(t,r)}};se=new WeakMap,j=new WeakMap;var Hn=e=>btoa(String.fromCharCode(...new Uint8Array(e))).replaceAll("+","-").replaceAll("/","_").replaceAll("=",""),rt=async e=>{let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Hn(r)},V=async e=>{let{method:t,url:r,nonce:n,ath:o,privateKey:a,publicJwk:i}=e,s={htm:t.toUpperCase(),htu:r,jti:crypto.randomUUID(),iat:Math.floor(Date.now()/1e3)};return n&&(s.nonce=n),o&&(s.ath=o),await new de(s).setProtectedHeader({alg:"ES256",typ:"dpop+jwt",jwk:i}).sign(a)};var H=async e=>{let t={crv:e.crv,kty:"EC",x:e.x,y:e.y},r=JSON.stringify(t),n=new TextEncoder().encode(r),o=await crypto.subtle.digest("SHA-256",n);return btoa(String.fromCharCode(...new Uint8Array(o))).replaceAll("+","-").replaceAll("/","_").replaceAll("=","")};async function pe(e){let{rootPrivateKey:t,rootPublicJwk:r,childJkt:n,clientId:o,sid:a,ttlSec:i=300}=e,s=Math.floor(Date.now()/1e3),u=s+Math.max(60,Math.min(i,3600)),l={child_jkt:n,client_id:o,aud:"issuer",iat:s,exp:u,jti:crypto.randomUUID()};return a&&(l.sid=a),await new de(l).setProtectedHeader({alg:"ES256",typ:"pode+jwt",jwk:r}).sign(t)}function _e(e,t=300){return e.replace(/<[^>]*>/g,"").slice(0,t)}async function Le(e){let t=e.status,r=Array.from(e.headers.keys()).some(s=>s.toLowerCase().startsWith("x-amzn-waf")),n,o,a=e.headers.get("content-type")||"";if(a.includes("application/json"))try{let s=await e.clone().json();n=typeof s?.error=="string"?s.error:void 0,o=typeof s?.detail=="string"?s.detail:void 0;}catch{}let i=t===403&&!r&&!a.includes("application/json");return {status:t,code:n,detail:o,waf:r,alb403:i}}function he(e,t){let r=new Error(e);return r.status=t.status,r.code=t.code,r.detail=t.detail,r.waf=t.waf,r.alb403=t.alb403,r}var At=e=>/^0x[a-fA-F0-9]{40}$/.test(e),$=(e,t)=>!e||!t?false:At(e)&&At(t)?e.toLowerCase()===t.toLowerCase():e===t;var ke={boundWallet:null,clientId:null,jkt:null,refreshId:null,lastPolicyHash:null,lastPolicyProof:null,lastHost:null,rootJkt:null,registeredProofId:null},xt=createContext(void 0);function Kr(e){try{return JSON.parse(localStorage.getItem(e)||"null")??ke}catch{return ke}}function jn(e,t){try{localStorage.setItem(e,JSON.stringify(t));}catch{}}var Ct=({children:e,clientId:t})=>{let[r,n]=useState(ke),o=useRef(false),[a,i]=useState(false),s=useMemo(()=>Te(t),[t]);useEffect(()=>{let h=true;return (async()=>{let y=await I(s)??await I(ze)??Kr(s);h&&(n({...ke,...y}),o.current=true,i(true));})(),()=>{h=false;}},[s]),useEffect(()=>{o.current&&(async()=>(await S(s,r),jn(s,r)))();},[r,s]);let u=useCallback(h=>n(f=>({...f,refreshId:h})),[]),l=useCallback(h=>n(f=>({...f,lastPolicyHash:h})),[]),c=useCallback(h=>n(f=>({...f,lastPolicyProof:h})),[]),p=useCallback(h=>n(f=>({...f,lastHost:h})),[]),d=useCallback(h=>n(f=>({...f,rootJkt:h})),[]),g=useCallback(h=>n(f=>({...f,registeredProofId:h})),[]),R=async()=>{try{let h=localStorage.getItem(s);if(h){let f=JSON.parse(h);if(typeof f?.refreshId=="string"&&f.refreshId)return f.refreshId}}catch{}try{let h=await I(s);if(typeof h?.refreshId=="string"&&h.refreshId)return h.refreshId}catch{}return null},x=useCallback(h=>n(f=>({...f,boundWallet:h})),[]),w=useCallback(h=>n(f=>({...f,clientId:h})),[]),k=useCallback(h=>n(f=>({...f,jkt:h})),[]),b=useCallback(()=>n(ke),[]),W=useCallback(async()=>{let f=await I(s)??Kr(s);n({...ke,...f});},[]),_=useMemo(()=>({meta:r,setBoundWallet:x,setClientId:w,setJkt:k,resetMeta:b,reload:W,setRefreshId:u,getRefreshId:R,ready:a,setLastPolicyHash:l,setLastPolicyProof:c,setLastHost:p,setRootJkt:d,setRegisteredProofId:g}),[r,x,w,k,b,W,a,u,R,l,c,p,d,g]);return jsx(xt.Provider,{value:_,children:e})};function Kt(){let e=useContext(xt);if(!e)throw new Error("useMeta must be used within <MetaProvider>");return e}var Tr=`${K}:wrap`;async function nt(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},!1,["sign","verify"]),t=`${K}:probe_safe`;await S(t,{fmt:"cryptokey",privKey:e.privateKey});let r=await I(t);return await S(t,void 0),!!(r&&r.privKey)}catch{return  false}}async function Fn(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},!0,["sign","verify"]),t=`${K}:probe`;await S(t,{fmt:"cryptokey",privKey:e.privateKey});let r=await I(t);return await S(t,void 0),!!(r&&r.privKey)}catch{return  false}}function Pe(e){let{d:t,...r}=e;return {...r,kty:"EC",crv:E,alg:Ie,use:"sig"}}async function Wr(){let e=await I(Tr);if(!e){let t=new Uint8Array(32);crypto.getRandomValues(t),e=t.buffer,await S(Tr,e);}return crypto.subtle.importKey("raw",e,{name:"AES-GCM",length:256},false,["encrypt","decrypt"])}async function It(e){let t=await Wr(),r=new Uint8Array(12);crypto.getRandomValues(r);let n=new TextEncoder().encode(JSON.stringify(e));return {encPrivJwk:await crypto.subtle.encrypt({name:"AES-GCM",iv:r},t,n),iv:r.buffer}}async function Bn(e,t){let r=await Wr(),n=await crypto.subtle.decrypt({name:"AES-GCM",iv:t},r,e);return JSON.parse(new TextDecoder().decode(new Uint8Array(n)))}var Tt=()=>{let e=useRef(null),t=useRef(null),r=useCallback(async()=>{let u=await I(K);if(!u)return  false;if(u.fmt==="cryptokey"){let c=u;if(!c.privKey)return await S(K,void 0),false;let p=c.privKey;try{if(p.extractable&&await nt()){let g=await crypto.subtle.exportKey("jwk",p),R=await crypto.subtle.importKey("jwk",g,{name:"ECDSA",namedCurve:E},!1,["sign"]),x={fmt:"cryptokey",privKey:R,pubJwk:Pe(c.pubJwk)};await S(K,x),p=R;}}catch{}return e.current=p,t.current=Pe(c.pubJwk),true}if(u.fmt==="encjwk"){let c=u;try{let p=await Bn(c.encPrivJwk,c.iv),d=await crypto.subtle.importKey("jwk",p,{name:"ECDSA",namedCurve:E},!1,["sign"]);return e.current=d,t.current=Pe(c.pubJwk),!0}catch{return await S(K,void 0),false}}let l=u;if(l&&l.d){let{d:c,...p}=l,d=Pe(p),g=await nt(),R=g||await Fn();if(R&&g){let b=await crypto.subtle.importKey("jwk",l,{name:"ECDSA",namedCurve:E},false,["sign"]);return await S(K,{fmt:"cryptokey",privKey:b,pubJwk:d}),e.current=b,t.current=d,true}if(R){let b=await crypto.subtle.importKey("jwk",l,{name:"ECDSA",namedCurve:E},true,["sign"]);return await S(K,{fmt:"cryptokey",privKey:b,pubJwk:d}),e.current=b,t.current=d,true}let{encPrivJwk:x,iv:w}=await It(l);await S(K,{fmt:"encjwk",encPrivJwk:x,iv:w,pubJwk:d});let k=await crypto.subtle.importKey("jwk",l,{name:"ECDSA",namedCurve:E},false,["sign"]);return e.current=k,t.current=d,true}return await S(K,void 0),false},[]),n=useCallback(async(u,l)=>{await S(K,{fmt:"cryptokey",privKey:u,pubJwk:l});},[]),o=useCallback(async(u,l)=>{let{encPrivJwk:c,iv:p}=await It(u);await S(K,{fmt:"encjwk",encPrivJwk:c,iv:p,pubJwk:l});},[]),a=useCallback(async()=>{if(e.current&&t.current||await r())return;let u=await nt(),l=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},true,["sign","verify"]),c=Pe(await crypto.subtle.exportKey("jwk",l.publicKey)),p=await crypto.subtle.exportKey("jwk",l.privateKey);if(u){let d=await crypto.subtle.importKey("jwk",p,{name:"ECDSA",namedCurve:E},false,["sign"]);await n(d,c),e.current=d,t.current=c;}else {await o(p,c);let d=await crypto.subtle.importKey("jwk",p,{name:"ECDSA",namedCurve:E},false,["sign"]);e.current=d,t.current=c;}},[r,n,o]),i=useCallback(async()=>{let u=await nt(),l=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},true,["sign","verify"]),c=Pe(await crypto.subtle.exportKey("jwk",l.publicKey)),p=await crypto.subtle.exportKey("jwk",l.privateKey);if(u){let d=await crypto.subtle.importKey("jwk",p,{name:"ECDSA",namedCurve:E},false,["sign"]);await S(K,{fmt:"cryptokey",privKey:d,pubJwk:c}),e.current=d,t.current=c;}else {let{encPrivJwk:d,iv:g}=await It(p);await S(K,{fmt:"encjwk",encPrivJwk:d,iv:g,pubJwk:c});let R=await crypto.subtle.importKey("jwk",p,{name:"ECDSA",namedCurve:E},false,["sign"]);e.current=R,t.current=c;}},[]),s=useCallback(async()=>{await S(K,void 0),e.current=null,t.current=null;},[]);return {ensureKeypair:a,rotate:i,clear:s,privRef:e,pubJwkRef:t}};var Q="sunbreak_root_key_v1",Dr=`${Q}:wrap`;async function _r(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},!1,["sign","verify"]),t=`${Q}:probe_safe`;await S(t,{fmt:"cryptokey",privKey:e.privateKey,createdAt:Date.now(),pubJwk:{}});let r=await I(t);return await S(t,void 0),!!(r&&r.privKey)}catch{return  false}}function ot(e){let{d:t,...r}=e;return {...r,kty:"EC",crv:E,alg:Ie,use:"sig"}}async function Lr(){let e=await I(Dr);if(!e){let t=new Uint8Array(32);crypto.getRandomValues(t),e=t.buffer,await S(Dr,e);}return crypto.subtle.importKey("raw",e,{name:"AES-GCM",length:256},false,["encrypt","decrypt"])}async function Gn(e){let t=await Lr(),r=new Uint8Array(12);crypto.getRandomValues(r);let n=new TextEncoder().encode(JSON.stringify(e));return {encPrivJwk:await crypto.subtle.encrypt({name:"AES-GCM",iv:r},t,n),iv:r.buffer}}async function Vn(e,t){let r=await Lr(),n=await crypto.subtle.decrypt({name:"AES-GCM",iv:t},r,e);return JSON.parse(new TextDecoder().decode(new Uint8Array(n)))}var Jt=()=>{let e=useRef(null),t=useRef(null),r=useCallback(async()=>{let a=await I(Q);if(!a)return  false;if(a.fmt==="cryptokey"){let i=a;if(!i.privKey)return await S(Q,void 0),false;let s=i.privKey;try{if(s.extractable&&await _r()){let l=await crypto.subtle.exportKey("jwk",s),c=await crypto.subtle.importKey("jwk",l,{name:"ECDSA",namedCurve:E},!1,["sign"]),p={fmt:"cryptokey",privKey:c,pubJwk:ot(i.pubJwk),createdAt:i.createdAt};await S(Q,p),s=c;}}catch{}return e.current=s,t.current=ot(i.pubJwk),true}if(a.fmt==="encjwk"){let i=a;try{let s=await Vn(i.encPrivJwk,i.iv),u=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:E},!1,["sign"]);return e.current=u,t.current=ot(i.pubJwk),!0}catch{return await S(Q,void 0),false}}return await S(Q,void 0),false},[]),n=useCallback(async()=>{if(e.current&&t.current||await r())return;let a=await _r(),i=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},true,["sign","verify"]),s=ot(await crypto.subtle.exportKey("jwk",i.publicKey)),u=Date.now(),l=await crypto.subtle.exportKey("jwk",i.privateKey);if(a){let c=await crypto.subtle.importKey("jwk",l,{name:"ECDSA",namedCurve:E},false,["sign"]);await S(Q,{fmt:"cryptokey",privKey:c,pubJwk:s,createdAt:u}),e.current=c,t.current=s;}else {let{encPrivJwk:c,iv:p}=await Gn(l);await S(Q,{fmt:"encjwk",encPrivJwk:c,iv:p,pubJwk:s,createdAt:u});let g=await crypto.subtle.importKey("jwk",l,{name:"ECDSA",namedCurve:E},false,["sign"]);e.current=g,t.current=s;}},[r]),o=useCallback(async()=>{await S(Q,void 0),e.current=null,t.current=null;},[]);return {ensureRootKeypair:n,clear:o,rootPrivRef:e,rootPubJwkRef:t}};var Me=class e{constructor(t,r=false){this.colors={flow:"#00D9FF",state:"#00FF88",decision:"#FFB800",api:"#B388FF",guard:"#FFEA00",error:"#FF5252",warn:"#FF9100",info:"#90CAF9"};this.enabled=r,this.prefix=t?`[Sunbreak:${t.slice(0,8)}]`:"[Sunbreak]";}log(t,r,n){if(!this.enabled)return;let o=this.colors[t],a=new Date().toISOString().slice(11,23),i=this.getEmoji(t);console.log(`%c${i} ${this.prefix} [${a}] [${t.toUpperCase()}]%c ${r}`,`color: ${o}; font-weight: bold`,"color: inherit; font-weight: normal",n!==void 0?n:"");}getEmoji(t){switch(t){case "flow":return "\u{1F504}";case "state":return "\u{1F500}";case "decision":return "\u{1F914}";case "api":return "\u{1F4E1}";case "guard":return "\u{1F6E1}\uFE0F";case "error":return "\u274C";case "warn":return "\u26A0\uFE0F";case "info":return "\u2139\uFE0F";default:return "\u2022"}}flow(t,r,n){this.log("flow",`[${t.toUpperCase()}] ${r}`,n);}state(t,r,n,o){this.log("state",`${t} \u2192 ${r}: ${n}`,o);}decision(t,r,n,o){this.log("decision",`${t} = ${r?"\u2713 YES":"\u2717 NO"} (${n})`,o);}api(t,r,n){let o=n.status,i=o>=200&&o<300?"\u2713":"\u2717";this.log("api",`${i} ${t} ${r} \u2192 ${o}${n.error?` (${n.error})`:""}`,n.data);}guard(t,r,n,o){this.log("guard",`${t}: ${r?"\u2713 PASS":"\u2717 BLOCK"} (${n})`,o);}error(t,r){this.log("error",t,r);}warn(t,r){this.log("warn",t,r);}info(t,r){this.log("info",t,r);}group(t){this.enabled&&console.group(`${this.prefix} ${t}`);}groupEnd(){this.enabled&&console.groupEnd();}child(t){let r=new e(void 0,this.enabled);return r.prefix=`${this.prefix}[${t}]`,r}},Dt=null;function Mr(){return Dt||(Dt=new Me(void 0,false)),Dt}var He=class{constructor(t){this.currentState="unknown";this.previousState="unknown";this.logger=Mr();this.hadSessionHistory=false;this.inActiveSession=false;t&&this.initialize(t);}initialize(t){if(this.currentState!=="unknown"){this.logger.info(`Skipping initialization - state already set to ${this.currentState}`);let n=!!(t.boundWallet||t.refreshId);this.hadSessionHistory=n;return}this.logger.group("\u{1F527} Initializing Session State Machine");let r=!!(t.boundWallet||t.refreshId);this.hadSessionHistory=r,this.logger.info("Initial context",{wallet:t.wallet,boundWallet:t.boundWallet,refreshId:t.refreshId?"present":"null",hasToken:t.hasToken,authenticated:t.authenticated,hasHistory:r}),t.authenticated&&t.hasToken?(this.transition("authenticated","Has valid token"),this.inActiveSession=true):r?this.transition("refreshable","Has session history"):this.transition("unregistered","No session history"),this.logger.groupEnd();}transition(t,r){if(this.currentState===t){this.logger.info(`State unchanged: ${t} (${r})`);return}this.previousState=this.currentState,this.currentState=t,this.logger.state(this.previousState,t,r);}getState(){return this.currentState}isInActiveSession(){return this.inActiveSession}markHadSession(){this.hadSessionHistory||(this.logger.info("Marked hadSessionHistory = true"),this.hadSessionHistory=true);}clearSessionHistory(){this.logger.info("Cleared session history"),this.hadSessionHistory=false,this.inActiveSession=false;}onNewCredentialsReceived(){this.inActiveSession&&(this.logger.info("New credentials received while in active session - allowing re-registration"),this.inActiveSession=false,this.transition("unregistered","New credentials received"));}onProbeComplete(t){if(this.logger.flow("probe","Probe completed, determining initial state"),this.currentState!=="unknown"){this.logger.warn("Probe called but state is not UNKNOWN",{currentState:this.currentState});return}!!(t.boundWallet||t.refreshId)||this.hadSessionHistory?this.transition("refreshable","Session history found"):this.transition("unregistered","No session history");}onRegisterSuccess(t){this.logger.flow("register","Register succeeded"),this.transition("authenticated","Register succeeded"),this.inActiveSession=true,this.hadSessionHistory=true;}onRegisterFailure(t){this.logger.flow("register",`Register failed: ${t}`);}onRefreshSuccess(t){this.logger.flow("refresh","Refresh succeeded"),this.transition("authenticated","Refresh succeeded"),this.inActiveSession=true;}onRefreshExpired(){this.logger.flow("refresh","Refresh failed: session expired (missing refresh identifier)"),this.transition("expired","Session expired"),this.inActiveSession=false;}onRefreshFailure(t){this.logger.flow("refresh",`Refresh failed: ${t}`);}onTokenExpired(){this.logger.flow("token","Token expired"),this.currentState==="authenticated"&&this.transition("refreshable","Token expired");}onWalletChange(t,r,n){if(this.logger.flow("wallet",`Wallet changed: ${t||"null"} \u2192 ${r||"null"}`),!r){this.transition("unknown","Wallet disconnected"),this.inActiveSession=false;return}r.toLowerCase()===n.boundWallet?.toLowerCase()?(this.hadSessionHistory=true,this.transition("refreshable","Wallet reconnected with session history")):(this.transition("unregistered","Wallet changed to different address"),this.inActiveSession=false);}onWalletDisconnect(){this.logger.flow("wallet","Wallet disconnected"),this.transition("unknown","Wallet disconnected"),this.inActiveSession=false;}shouldAttemptProbe(){let t=this.currentState==="unknown";return this.logger.decision("Should attempt probe?",t,`State is ${this.currentState}`),t}shouldAttemptRefresh(t){if(this.currentState!=="refreshable"&&this.currentState!=="authenticated")return this.logger.decision("Should attempt refresh?",false,`State is ${this.currentState}, not REFRESHABLE or AUTHENTICATED`),false;if(!(t.boundWallet||t.wallet))return this.logger.decision("Should attempt refresh?",false,"No wallet available (neither boundWallet nor current wallet)"),false;if(t.wallet&&t.boundWallet&&t.wallet.toLowerCase()!==t.boundWallet.toLowerCase())return this.logger.decision("Should attempt refresh?",false,"Wallet mismatch"),false;if(t.hasToken&&t.tokenExpiry){let n=Math.floor(Date.now()/1e3);if(t.tokenExpiry-n>5&&this.currentState==="authenticated")return this.logger.decision("Should attempt refresh?",false,"Token still valid"),false}return this.logger.decision("Should attempt refresh?",true,`State is ${this.currentState}, token ${t.hasToken?"present":"missing"}`),true}shouldAttemptRegister(t){return this.inActiveSession?(this.logger.decision("Should attempt register?",false,"Already in active session - proof changes ignored"),false):this.currentState!=="unregistered"&&this.currentState!=="expired"?(this.logger.decision("Should attempt register?",false,`State is ${this.currentState}, not UNREGISTERED or EXPIRED`),false):t.wallet?t.hasProof?t.authenticated&&t.hasToken?(this.logger.decision("Should attempt register?",false,"Already authenticated"),false):(this.logger.decision("Should attempt register?",true,`State is ${this.currentState}, have wallet + proof`),true):(this.logger.decision("Should attempt register?",false,"No proof available"),false):(this.logger.decision("Should attempt register?",false,"No wallet connected"),false)}shouldWaitForInitialRefresh(t,r){return this.currentState!=="refreshable"||t?false:r.wallet&&r.boundWallet&&r.wallet.toLowerCase()===r.boundWallet.toLowerCase()?(this.logger.decision("Should wait for initial refresh?",true,"Returning user - let refresh attempt first"),true):false}getStateReport(t){return `
 \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
 \u2502  Session State Machine Report          \u2502
 \u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524
@@ -17,6 +17,6 @@ var Qr=Object.defineProperty;var $t=e=>{throw TypeError(e)};var en=(e,t,r)=>t in
 \u2502 Authenticated:    ${String(t.authenticated).padEnd(20)} \u2502
 \u2502 Has Proof:        ${String(t.hasProof).padEnd(20)} \u2502
 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518
-    `.trim()}};var Wn=()=>crypto.randomUUID(),Pr=e=>{let{clientId:t,wallet:r,base:n="https://api.tdfc.com",fetchImpl:o,timeoutMs:a=15e3,proof:i=null,providerAdapter:c,refreshDeps:u=[],debug:s}=e,l=ft(n),d=typeof window<"u"?(o??fetch).bind(window):o??fetch,{meta:f,setBoundWallet:w,setJkt:b,setRefreshId:R,getRefreshId:m,setLastPolicyHash:k,setLastPolicyProof:S,setLastHost:H,setRootJkt:p,ready:g}=Pt(),{ensureRootKeypair:y,rootPrivRef:P,rootPubJwkRef:C}=Kt(),O=useCallback(async()=>{await y();try{if(!f.rootJkt&&C.current){let te=await _(C.current);p(te);}}catch{}},[y,f.rootJkt,C]),{ensureKeypair:ve,rotate:K,privRef:$e,pubJwkRef:Oe}=At(),[Jt,J]=useState(false),[V,j]=useState(0),[ee,se]=useState(null),[oe,nt]=useState(null),[ot,at]=useState(null),[Wr,Jr]=useState(null),Dr=useRef(null),Lr=useRef(null),_r=useRef(null),Hr=useRef(null),Mr=useRef(null),$r=useRef(null),Or=useRef(null),jr=useRef(false),Ur=useRef(false),Nr=useRef(void 0),je=useRef(false),it=useRef(false),Dt=useRef(null),ce=useRef(null);ce.current||(ce.current=new Promise(te=>{Dt.current=te;}));let st=useRef(null),Fr=useRef(i),Br=useRef(null),ye=useRef(null);if(!ye.current){let te=s??false;ye.current=new Le(t,te);}let Lt=s??false;ye.current&&ye.current.enabled!==Lt&&(ye.current.enabled=Lt);let ct=useRef(null);ct.current||(ct.current=new tt);let Ue=useRef(null),_t=useRef(null),Ne=useRef(null),Ht=()=>Date.now(),Gr=()=>(Ne.current??0)>0&&Ne.current<Ht(),lt=useCallback((te,Zr=15e3)=>{let Mt=Wn();return Ue.current=Mt,_t.current=te,Ne.current=Ht()+Math.max(1e3,Zr),Mt},[]),Vr=useCallback(()=>((!Ue.current||Gr())&&lt("adhoc",1e4),Ue.current),[lt]),ut=useRef(null),Fe=useRef(null);Fe.current||(Fe.current=new Promise(te=>{ut.current=te;}));let qr=useCallback(async()=>{!je.current&&Fe.current&&await Fe.current;},[]),zr=useCallback(()=>{je.current||(je.current=true,ut.current?.(),ut.current=null);},[]),Xr=useCallback(async()=>{!it.current&&ce.current&&await ce.current;},[]),Yr=useCallback(async()=>{!it.current&&ce.current&&await ce.current,st.current&&await st.current;},[]);return {clientId:t,wallet:r,baseUrl:l,fetchImpl:d,timeoutMs:a,providerAdapter:c,refreshDeps:u,ensureKeypair:ve,rotate:K,ensureRootKeypair:O,rootPrivRef:P,rootPubJwkRef:C,privRef:$e,pubJwkRef:Oe,meta:f,setBoundWallet:w,setJkt:b,setRefreshId:R,accessTokenRef:_r,tokenExpRef:Hr,authenticated:Jt,setAuthenticated:J,loadingCount:V,setLoadingCount:j,error:ee,setError:se,allowed:oe,setAllowed:nt,sessionExpiry:ot,setSessionExpiry:at,sessionData:Wr,setSessionData:Jr,authWalletRef:Lr,refreshLock:Mr,registerLock:$r,sessionLock:Or,didInitialRefresh:jr,didInitialSession:Ur,prevWalletRef:Nr,initResolvedRef:it,initReady:ce,initResolveRef:Dt,rotateLock:st,waitReady:Xr,awaitKeyStable:Yr,proofRef:Fr,registerCooldownUntilRef:Dr,reqIdRef:Ue,flowLabelRef:_t,flowExpireRef:Ne,beginFlow:lt,currentReqId:Vr,awaitProbe:qr,markProbed:zr,hasProbedRef:je,getRefreshId:m,setLastPolicyHash:k,setLastPolicyProof:S,setLastHost:H,setRootJkt:p,metaReady:g,probeLock:Br,stateMachine:ct.current,logger:ye.current}};var G=e=>e.accessTokenRef.current??null,Z=e=>{let t=e.privRef.current;if(!t)throw new Error("Sunbreak: private key not initialized");return t},W=e=>{let t=e.pubJwkRef.current;if(!t)throw new Error("Sunbreak: public JWK not initialized");return t};var Jn=(e,t)=>`${e.toUpperCase()} ${t}`;async function _e(e,t,r,n){if(!t)return e.logger.guard("register",false,"No wallet provided"),false;e.logger.flow("register","Starting register flow",{wallet:t});let o=_e._nonceCacheRef||(_e._nonceCacheRef={map:new Map});try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe(),await e.ensureKeypair(),e.setError(null),e.beginFlow("register",2e4);let a;try{if(await e.ensureRootKeypair(),e.rootPrivRef.current&&e.rootPubJwkRef.current){if(!e.meta.rootJkt)try{let y=await _(e.rootPubJwkRef.current);e.setRootJkt?.(y);}catch{}let p=await _(W(e)),g=await e.getRefreshId();a=await de({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:p,clientId:e.clientId,sid:g||void 0,ttlSec:300});}}catch(p){e.logger.warn("Failed to create PODE for register",p);}let i=e.currentReqId(),c="/auth/register",u=`${e.baseUrl}${c}`,s=new URL(e.baseUrl).origin,l="POST",d=`${s}${c}`,f=Jn(l,d),w=o.map.get(f),b=await B({method:l,url:d,nonce:w,privateKey:Z(e),publicJwk:W(e)}),R=async p=>e.fetchImpl(u,{method:l,headers:{"content-type":"application/json","x-sunbreak-meta":F(e,{reqId:i,pode:a||void 0}),...p},credentials:"include",body:JSON.stringify({wallet:t,proof:r})}),m=await R({DPoP:b}),k=p=>{let g=p.headers.get("dpop-nonce");g&&o.map.set(f,g);};if(m.status===401){e.logger.info("Register got 401, retrying with nonce");let p=m.headers.get("www-authenticate"),y=(p&&p.match(/dpop-nonce="([^"]+)"/i))?.[1];if(y){o.map.set(f,y);let P=await B({method:l,url:d,nonce:y,privateKey:Z(e),publicJwk:W(e)});m=await R({DPoP:P});}}if(k(m),e.logger.api(l,c,{status:m.status}),!m.ok){let p=await De(m);if((m.headers.get("content-type")||"").includes("application/json")){let y;try{y=await m.clone().json();}catch{}let P=Je(y&&(y.error||y.message||y.detail)||`HTTP ${m.status}`);throw pe(P,p)}else {let y=p.waf?"Blocked by WAF (403)":p.alb403?"Blocked at origin (ALB 403)":`HTTP ${m.status}`;throw pe(y,p)}}let S=await m.json();e.logger.info("Register succeeded",{expiresIn:S.expiresIn,hasRefreshId:!!S.refreshId}),e.accessTokenRef.current=S.access,e.authWalletRef.current=t.toLowerCase(),e.setAuthenticated(!0);try{let p=Math.floor(Date.now()/1e3);e.tokenExpRef.current=p+(S.expiresIn??0);}catch{}e.didInitialRefresh.current=!0,e.setBoundWallet(t),e.setLastPolicyHash(null),e.setLastPolicyProof(null);try{e.setJkt(await _(W(e)));}catch{}try{let p={...e.meta,boundWallet:t,clientId:e.meta.clientId??e.clientId,jkt:e.meta.jkt??null,refreshId:S.refreshId??null};e.setRefreshId(S.refreshId??null);let g=Ce(e.clientId);await E(g,p);try{localStorage.setItem(g,JSON.stringify(p));}catch{}}catch{}let H={wallet:t,boundWallet:t,refreshId:S.refreshId??null,hasToken:!0,tokenExpiry:e.tokenExpRef.current,hasProof:!0,authenticated:!0};return e.stateMachine.onRegisterSuccess(H),!0}catch(a){let i=Number(a?.status||0),c=String(a?.code||"").toLowerCase(),u=String(a?.message||"").toLowerCase(),s=Math.floor(Math.random()*1e3);e.logger.error("Register failed",{status:i,code:c,msg:u}),e.stateMachine.onRegisterFailure(`${c||u||"Unknown error"}`);let l=c==="session_exists"||c==="already_authenticated"||u.includes("already")&&(u.includes("session")||u.includes("authenticated")),d=(i===401||i===403)&&c==="replay";if((l||d)&&n?.refreshFallback&&(!e.meta.boundWallet||e.meta.boundWallet.toLowerCase()===t.toLowerCase())){e.logger.info("Register failed with recoverable error, attempting refresh fallback",{code:c,isSessionExists:l,isReplay:d});try{if(await n.refreshFallback())return e.logger.info("Refresh fallback succeeded after register failure"),e.meta.boundWallet||e.setBoundWallet(t),!0}catch(w){e.logger.warn("Refresh fallback failed",w);}}if(d){if(e.providerAdapter)try{let f=await e.providerAdapter.getToken()??null;if(f)return await e.awaitKeyStable(),await e.ensureKeypair(),await e.rotate(),e.proofRef.current=await Ae(e.providerAdapter,f),e.registerCooldownUntilRef.current=Date.now()+5e3+s,!1}catch{}else return e.proofRef.current=null,e.setError("Proof replayed; please sign a fresh proof."),e.registerCooldownUntilRef.current=Date.now()+1e4+s,false;return e.registerCooldownUntilRef.current=Date.now()+8e3+s,false}if(l)return e.setError("Session already exists. Try refreshing the page."),e.registerCooldownUntilRef.current=Date.now()+3e3+s,false;if(i===403&&(a?.waf||a?.alb403))return e.setError(u||"Forbidden at edge/origin"),e.registerCooldownUntilRef.current=Date.now()+3e4+s,false;if(i===403)return e.setError(c||u||"Forbidden"),e.registerCooldownUntilRef.current=Date.now()+15e3+s,false;if(i===429||i===503){e.setError(c||u||"Rate limited / unavailable");let f=i===429?5e3:8e3;return e.registerCooldownUntilRef.current=Date.now()+f+s,false}return e.setError(c||u||"Register failed"),e.registerCooldownUntilRef.current=Date.now()+5e3+s,false}}var Dn=(e,t)=>`${e.toUpperCase()} ${t}`;function He(e){if(e.refreshLock.current)return e.logger.guard("refreshLock",false,"Refresh already in progress"),e.refreshLock.current;if(e.registerLock.current){e.logger.guard("registerLock",false,"Registration in progress, waiting");let t=e.registerLock.current.then(()=>{if(e.authenticated&&G(e))return  true;if(G(e)){let n=e.tokenExpRef.current,o=Math.floor(Date.now()/1e3);if(!!n&&n-o>5)return  true}return  false});return e.refreshLock.current=t.finally(()=>{e.refreshLock.current=null;}),e.refreshLock.current}return e.logger.flow("refresh","Starting refresh flow"),e.refreshLock.current=(async()=>{try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe();let t=e.meta.boundWallet||e.wallet;if(!t)return e.logger.warn("No wallet available for refresh (neither boundWallet nor current wallet)"),!1;if(e.wallet&&e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return e.logger.warn("Wallet mismatch during refresh",{current:e.wallet,bound:e.meta.boundWallet}),e.accessTokenRef.current=null,e.setAuthenticated(!1),!1;let r=G(e);if(r){let y=e.tokenExpRef.current,P=Math.floor(Date.now()/1e3);if(!!r&&!!y&&y-P>5)return e.logger.info("Token still valid, skipping refresh"),!0}e.beginFlow("refresh",15e3);let n=e.currentReqId();await e.ensureKeypair();let o;try{if(await e.ensureRootKeypair(),e.rootPrivRef.current&&e.rootPubJwkRef.current){if(!e.meta.rootJkt)try{let C=await _(e.rootPubJwkRef.current);e.setRootJkt?.(C);}catch{}let y=await _(W(e)),P=await e.getRefreshId();o=await de({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:y,clientId:e.clientId,sid:P||void 0,ttlSec:300});}}catch(y){e.logger.warn("Failed to create PODE for refresh",y);}let a="/auth/refresh",i=`${e.baseUrl}${a}`,c=new URL(e.baseUrl).origin,u="POST",s=`${c}${a}`,l=Dn(u,s),d=He._nonceCacheRef||(He._nonceCacheRef={map:new Map}),f=async y=>await B({method:u,url:s,nonce:y,privateKey:Z(e),publicJwk:W(e)}),w=await e.getRefreshId(),b={"x-sunbreak-meta":F(e,{reqId:n,refreshId:w||void 0,pode:o||void 0,wallet:t}),"content-type":"application/json"},R=async y=>e.fetchImpl(i,{method:u,headers:{DPoP:y,...b},credentials:"include",body:"{}"}),m=y=>{let P=y.headers.get("dpop-nonce");P&&d.map.set(l,P);},k=await R(await f(d.map.get(l)));if(k.status===401){e.logger.info("Refresh got 401, retrying with nonce");let y=k.headers.get("www-authenticate"),C=(y&&y.match(/dpop-nonce="([^"]+)"/i))?.[1];C&&(d.map.set(l,C),k=await R(await f(C)));}if(m(k),e.logger.api(u,a,{status:k.status}),!k.ok){try{if((k.headers.get("content-type")||"").includes("application/json")){let P=await k.clone().json().catch(()=>{}),C=P&&(P.error||P.code||P.message)||"",O=String(C).toLowerCase();if(O.includes("missing")&&O.includes("refresh")){e.logger.warn("Refresh session expired (missing refresh identifier)"),e.stateMachine.onRefreshExpired();try{e.setRefreshId?.(null);}catch{}e.accessTokenRef.current=null,e.setAuthenticated(!1);}else e.logger.warn("Refresh failed",{error:C}),e.stateMachine.onRefreshFailure(String(C));}}catch{}return !1}let S=await k.json();e.logger.info("Refresh succeeded",{expiresIn:S.expiresIn,hasRefreshId:!!S.refreshId}),e.accessTokenRef.current=S.access,e.setAuthenticated(!0);let H=(e.wallet&&(!e.meta.boundWallet||e.meta.boundWallet===e.wallet)?e.wallet:e.meta.boundWallet)||null;e.authWalletRef.current=H?H.toLowerCase():null;try{let y=Math.floor(Date.now()/1e3);e.tokenExpRef.current=y+(S.expiresIn??0);}catch{}try{e.setJkt(await _(W(e)));}catch{}S.refreshId&&e.setRefreshId(S.refreshId);let p=y=>!y||y==="null"||y==="undefined"?null:y,g={wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:p(S.refreshId??e.meta.refreshId??null),hasToken:!0,tokenExpiry:e.tokenExpRef.current,hasProof:!!e.proofRef.current,authenticated:!0};return e.stateMachine.onRefreshSuccess(g),!0}finally{e.refreshLock.current=null;}})(),e.refreshLock.current}var Ln=(e,t)=>`${e.toUpperCase()} ${t}`,Tt=new Map,Me;try{let e=globalThis;Me=e.__sunbreak_page_probe_guard??(e.__sunbreak_page_probe_guard=new Set);}catch{Me=new Set;}var _n=e=>{try{let t=new URL(e.baseUrl).origin;return `${e.clientId}::${t}`}catch{return `${e.clientId}::${e.baseUrl}`}};async function vr(e){let t=_n(e);if(e.probeLock.current){e.logger.guard("probeLock",false,"Probe already in progress, waiting"),await e.probeLock.current,e.markProbed();return}if(e.hasProbedRef.current){e.logger.guard("hasProbedRef",false,"Already probed in this session"),e.markProbed();return}if(Me.has(t)){e.logger.guard("pageProbeGuard",false,"Already probed for this page load"),e.markProbed();return}Me.add(t),e.logger.flow("probe","Starting probe flow",{clientId:e.clientId,pageKey:t});let r=(async()=>{let n=new URL(e.baseUrl).origin;try{if(await e.awaitKeyStable(),await e.ensureKeypair(),!e.rootPrivRef.current)try{await e.ensureRootKeypair();}catch{}let o;if(e.rootPrivRef.current&&e.rootPubJwkRef.current)try{let m=await _(W(e));o=await de({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:m,clientId:e.clientId,ttlSec:300});}catch(m){e.logger.warn("Failed to create PODE for probe",m);}let a="POST",i="/auth/probe",c=`${e.baseUrl}${i}`,u=`${n}${i}`,s=Ln(a,u),l=async m=>B({method:a,url:u,nonce:m,privateKey:Z(e),publicJwk:W(e)}),d=async m=>e.fetchImpl(c,{method:a,headers:{DPoP:m,"x-sunbreak-meta":F(e,{pode:o}),"content-type":"application/json"},credentials:"include",body:"{}"}),f=m=>{let k=m.headers.get("dpop-nonce");k&&Tt.set(s,k);},w=await d(await l(Tt.get(s)));if(f(w),w.status===401){e.logger.info("Probe got 401, retrying with nonce from www-authenticate");let m=w.headers.get("www-authenticate"),S=(m&&m.match(/dpop-nonce="([^"]+)"/i))?.[1];S&&(Tt.set(s,S),w=await d(await l(S)),f(w));}e.logger.api(a,i,{status:w.status});let b=m=>!m||m==="null"||m==="undefined"?null:m,R={wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:b(e.meta.refreshId),hasToken:!!e.accessTokenRef.current,tokenExpiry:e.tokenExpRef.current||null,hasProof:!!e.proofRef.current,authenticated:e.authenticated};e.stateMachine.onProbeComplete(R);}catch(o){e.logger.error("Probe failed",o);try{Me.delete(t);}catch{}}finally{e.markProbed(),e.logger.flow("probe","Probe flow completed");}})();e.probeLock.current=r;try{await r;}finally{e.probeLock.current=null;}}var Ar=e=>{let t=useCallback(()=>He(e),[e]),r=useCallback(async()=>{let o=Date.now(),a=e.registerCooldownUntilRef.current??0;if(o<a){e.logger.guard("registerCooldown",false,"Cooldown active");return}if(!e.wallet){e.logger.guard("attemptRegister",false,"No wallet");return}if(!e.initResolvedRef.current){e.logger.guard("attemptRegister",false,"Not initialized");return}if(e.refreshLock.current){e.logger.guard("attemptRegister",false,"Refresh in progress");return}if(e.registerLock.current){e.logger.guard("attemptRegister",false,"Register already in progress");return}let i=s=>!s||s==="null"||s==="undefined"?null:s,c={wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:i(e.meta.refreshId),hasToken:!!G(e),tokenExpiry:e.tokenExpRef.current||null,hasProof:!!e.proofRef.current,authenticated:e.authenticated};if(!e.stateMachine.shouldAttemptRegister(c)){e.logger.guard("attemptRegister",false,`State machine blocked (state: ${e.stateMachine.getState()}, inActiveSession: ${e.stateMachine.isInActiveSession()})`);return}let u=e.proofRef.current;if(!u){e.logger.guard("attemptRegister",false,"No proof available");return}e.logger.guard("attemptRegister",true,"All guards passed, proceeding"),await e.awaitKeyStable(),e.registerLock.current=(async()=>{try{await _e(e,e.wallet,u,{refreshFallback:async()=>{e.logger.info("Attempting refresh as fallback after register failure");let l=!!e.meta.boundWallet;!l&&e.wallet&&e.setBoundWallet(e.wallet);try{return await He(e)}catch{return l||e.setBoundWallet(null),!1}}})&&(e.didInitialSession.current=!0);}catch(s){e.setError(s?.message||String(s)||"Register failed");}finally{e.registerLock.current=null;}})();},[e]),n=useCallback(async o=>{let a=()=>(e.registerCooldownUntilRef.current??0)>Date.now();if(!e.providerAdapter||a())return;let i=await Ae(e.providerAdapter,o);e.proofRef.current=i;},[e]);return {refresh:t,register:(o,a,i)=>_e(e,o,a,i),attemptRegister:r,setProofFromAdapterToken:n}};var Hn=(e,t)=>`${e.toUpperCase()} ${t}`,Mn=(e,t)=>!!e&&!!t&&e.toLowerCase()===t.toLowerCase();async function rt(e,t,r,n,o,a={}){e.setLoadingCount(s=>s+1),e.setError(null);let i=n.startsWith("/api/session"),c=new AbortController,u=setTimeout(()=>c.abort(),e.timeoutMs);try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe(),await e.ensureKeypair();let l=`${i?pt(e):e.baseUrl}${n.startsWith("/")?"":"/"}${n}`,f=`${new URL(e.baseUrl).origin}${n.startsWith("/")?"":"/"}${n}`,w=Hn(r,f),b=n.startsWith("/auth/"),R=!1,m=!1,k=e.currentReqId(),S=rt._nonceCacheRef||(rt._nonceCacheRef={map:new Map}),H=J=>{let V=J.headers.get("dpop-nonce");V&&S.map.set(w,V);},p=!!e.wallet&&!!e.authWalletRef.current&&e.wallet.toLowerCase()!==e.authWalletRef.current.toLowerCase(),g=()=>b||!e.wallet?!1:!!(e.authenticated||Mn(e.wallet,e.meta.boundWallet)||typeof e.meta.refreshId=="string"&&e.meta.refreshId),y,P,C=async()=>{if(b||p)return;try{let se=G(e),oe=e.tokenExpRef.current,nt=Math.floor(Date.now()/1e3),ot=!!oe&&oe-nt<=60;if(se){if(ot&&!await t().catch(()=>!1))return}else if(!g()||!await t().catch(()=>!1))return}catch{}let J=G(e);if(!J)return;let V=await Ze(J),j=S.map.get(w),ee=await B({method:r,url:f,nonce:j,ath:V,privateKey:Z(e),publicJwk:W(e)});y=`Bearer ${e.accessTokenRef.current}`,P=ee;};await C();let O={"content-type":"application/json","x-sunbreak-auth":y||"","x-sunbreak-meta":F(e,{reqId:k,auth:y,ifPolicyHash:e.meta.lastPolicyHash||void 0,ifPolicyProof:e.meta.lastPolicyProof||void 0}),...ht(a.headers)};P&&(O.DPoP=P);let ve=async()=>e.fetchImpl(l,{...a,method:r,headers:O,body:o!==void 0?JSON.stringify(o):void 0,credentials:"include",signal:c.signal}),K=await ve(),$e=K.headers.get("x-sunbreak-policy-hash"),Oe=K.headers.get("x-sunbreak-policy-proof");if($e&&e.setLastPolicyHash($e),Oe&&e.setLastPolicyProof(Oe),H(K),K.status===401&&!b){let J=G(e),V=K.headers.get("www-authenticate"),ee=(V&&V.match(/dpop-nonce="([^"]+)"/i))?.[1];if(!p&&ee&&J&&!m){m=!0,S.map.set(w,ee);let se=await Ze(J),oe=await B({method:r,url:f,nonce:ee,ath:se,privateKey:Z(e),publicJwk:W(e)});y=`Bearer ${e.accessTokenRef.current}`,P=oe,O["x-sunbreak-meta"]=F(e,{reqId:k,auth:y}),O.DPoP=P,K=await ve(),H(K);}if(K.status===401&&!R&&(R=!0,!p&&g())){let se=await t(),oe=G(e);se&&oe&&!p&&(await C(),O["x-sunbreak-meta"]=F(e,{reqId:k,auth:y}),P&&(O.DPoP=P),K=await ve(),H(K));}if(K.status===401)throw new Error("Unauthorized")}if(!K.ok){let J=await De(K);if((K.headers.get("content-type")||"").includes("application/json")){let j=await K.json().catch(()=>{}),ee=Je(j&&(j.error||j.message||j.detail)||`HTTP ${K.status}`);throw pe(ee,J)}else {let j=J.waf?"Blocked by WAF (403)":J.alb403?"Blocked at origin (ALB 403)":`HTTP ${K.status}`;throw pe(j,J)}}return (K.headers.get("content-type")||"").includes("application/json")?await K.json():void 0}finally{clearTimeout(u),e.setLoadingCount(s=>Math.max(0,s-1));}}var xr=(e,t)=>useCallback(async(r,n,o,a={})=>rt(e,t,r,n,o,a),[e,t]);async function Kr(e,t){let r=await t("GET","/api/session");if(r){e.setAllowed(!!r.allowed),e.setSessionData(r),e.setSessionExpiry(r.expiry??null);let n=r?.wallet;typeof n=="string"&&n&&e.setBoundWallet(n.toLowerCase());}return r}var Cr=(e,t)=>({session:useCallback(async()=>{if(e.wallet&&!(e.meta.boundWallet&&e.wallet!==e.meta.boundWallet))return e.sessionLock.current||(e.sessionLock.current=(async()=>{try{return await Kr(e,t)}catch(n){throw e.logger.error("Session request failed",n),n}finally{e.sessionLock.current=null;}})()),e.sessionLock.current},[e,t])});var Tr=(e,t)=>{let{refresh:r,session:n,attemptRegister:o,setProofFromAdapterToken:a,proofProp:i}=t,c=()=>(e.registerCooldownUntilRef.current??0)>Date.now(),u=()=>{let s=l=>!l||l==="null"||l==="undefined"?null:l;return {wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:s(e.meta.refreshId),hasToken:!!e.accessTokenRef.current,tokenExpiry:e.tokenExpRef.current||null,hasProof:!!e.proofRef.current,authenticated:e.authenticated}};useEffect(()=>{if(!e.metaReady)return;let s=true;return (async()=>{try{if(await e.waitReady(),!s||(await e.awaitKeyStable(),!s)||(await e.ensureRootKeypair(),!s))return;let l=u();e.stateMachine.initialize(l),await vr(e);}catch(l){if(!s)return;e.logger.error("Probe initialization failed",l);}})(),()=>{s=false;}},[e.metaReady]),useEffect(()=>{let s=e.prevWalletRef.current;if(e.prevWalletRef.current=e.wallet,e.wallet!==s&&(e.didInitialRefresh.current=false),!e.wallet){e.logger.flow("wallet","Wallet disconnected"),e.stateMachine.onWalletDisconnect(),e.setAllowed(null),e.setSessionExpiry(null),e.setSessionData(null),e.setAuthenticated(false),e.accessTokenRef.current=null,e.proofRef.current=null,e.setError(null),e.didInitialSession.current=false,e.authWalletRef.current=null,e.setLastPolicyHash(null),e.setLastPolicyProof(null),e.didInitialRefresh.current=false;return}if(s&&e.wallet&&s!==e.wallet){e.logger.flow("wallet",`Wallet changed: ${s} \u2192 ${e.wallet}`);let l=u();e.stateMachine.onWalletChange(s,e.wallet,l),e.proofRef.current=null,e.accessTokenRef.current=null,e.setAuthenticated(false),e.didInitialSession.current=false,e.authWalletRef.current=null,e.setLastPolicyHash(null),e.setLastPolicyProof(null),e.rotateLock.current=(async()=>{await e.rotate();})().catch(()=>{}).finally(()=>{e.rotateLock.current=null;});}if(!s&&e.wallet){if(e.logger.flow("wallet",`Wallet connected: ${e.wallet}`),e.didInitialSession.current=false,!e.metaReady){e.logger.info("Wallet connected but meta not ready, deferring state machine update");return}let l=u();e.stateMachine.onWalletChange(null,e.wallet,l);}},[e.wallet,e.metaReady]),useEffect(()=>{if(!e.providerAdapter||c()||!e.metaReady||!e.wallet)return;if(e.stateMachine.isInActiveSession()){e.logger.decision("Provider adapter should trigger register?",false,"Already in active session");return}if(e.authenticated){e.logger.decision("Provider adapter should trigger register?",false,"Already authenticated");return}let s=u();if(e.stateMachine.shouldWaitForInitialRefresh(e.didInitialRefresh.current,s)){e.logger.decision("Provider adapter should wait for initial refresh?",true,"Returning user - refresh first");return}e.logger.decision("Provider adapter should trigger register?",true,`Fetching token (state: ${e.stateMachine.getState()})`);let l=false;return (async()=>{try{let d=e.providerAdapter.getToken(),f=new Promise((b,R)=>setTimeout(()=>R(new Error("Provider adapter timeout (30s)")),3e4)),w=await Promise.race([d,f]).catch(b=>(e.logger.warn("Provider adapter getToken failed",b),null))??null;if(await e.awaitKeyStable(),l||!w)return;try{let b=w.split(".");if(b[1]){let R=JSON.parse(atob(b[1]));e.logger.info("Provider adapter: got token",{wallet:e.wallet,jwtSub:R.sub,jwtWallet:R.wallet||R.linked_accounts?.[0]?.address,jwtExp:R.exp,jwtIat:R.iat});}}catch{e.logger.info("Provider adapter: got token (could not decode)");}await a(w),await o();}catch(d){e.logger.error("Provider adapter flow failed",d);}})(),()=>{l=true;}},[e.providerAdapter,e.wallet,e.meta.boundWallet,e.metaReady,e.registerCooldownUntilRef,e.didInitialRefresh,e.authenticated,...e.refreshDeps]),useEffect(()=>{if(typeof i<"u"&&(e.proofRef.current=i??null,i&&e.logger.info("Proof prop updated",{hasProof:!!i})),!e.metaReady)return;let s=u();if(!e.stateMachine.shouldAttemptRegister(s)){e.logger.decision("Proof prop should trigger register?",false,`State machine says no (state: ${e.stateMachine.getState()}, inActiveSession: ${e.stateMachine.isInActiveSession()})`);return}if(e.stateMachine.shouldWaitForInitialRefresh(e.didInitialRefresh.current,s)){e.logger.decision("Proof prop should wait for initial refresh?",true,"Returning user - refresh first");return}let l=!!e.wallet,d=!!e.proofRef.current;l&&d&&e.initResolvedRef.current&&!c()&&(e.logger.info("Proof prop conditions met, attempting register"),o());},[i,e.wallet,e.authenticated,e.meta.boundWallet,e.metaReady,e.providerAdapter,e.initResolvedRef,e.didInitialRefresh,o]),useEffect(()=>{if(!e.metaReady||e.didInitialRefresh.current)return;let s=true;return (async()=>{try{await e.waitReady(),await e.awaitProbe();let l=u();if(e.accessTokenRef.current||e.authenticated){e.logger.info("Already authenticated, skipping initial refresh"),e.didInitialRefresh.current=!0,e.wallet&&!e.didInitialSession.current&&(e.didInitialSession.current=!0,await n());return}if(!e.stateMachine.shouldAttemptRefresh(l)){e.logger.decision("Should attempt initial refresh?",!1,`State: ${e.stateMachine.getState()}`),e.didInitialRefresh.current=!0;return}e.logger.decision("Should attempt initial refresh?",!0,`State: ${e.stateMachine.getState()}`),e.didInitialRefresh.current=!0;let f=await r();if(!s)return;e.setAuthenticated(f),f&&e.wallet&&!e.didInitialSession.current&&(e.didInitialSession.current=!0,await n());}catch(l){if(!s)return;e.didInitialRefresh.current=true,e.setAuthenticated(false),e.setError(l?.message||String(l)||"Unknown error");}})(),()=>{s=false;}},[e.wallet,e.meta.boundWallet,e.meta.refreshId,e.metaReady,e.didInitialRefresh,r,n]),useEffect(()=>{e.initResolvedRef.current||(async()=>{if(await e.ensureKeypair(),!e.wallet){e.initResolvedRef.current=true,e.initResolveRef.current?.();return}e.meta.boundWallet&&e.meta.boundWallet!==e.wallet&&(e.rotateLock.current=(async()=>{e.accessTokenRef.current=null,e.setAuthenticated(false);})().catch(()=>{}).finally(()=>{e.rotateLock.current=null;}),e.rotateLock.current&&await e.rotateLock.current),e.initResolvedRef.current=true,e.initResolveRef.current?.();})();},[e]),useEffect(()=>{(async()=>{if(e.authenticated&&e.wallet&&!(e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)&&!e.didInitialSession.current){e.didInitialSession.current=true;try{e.logger.flow("session","Calling session after authentication"),await n();}catch(s){e.setError(s?.message||String(s));}}})();},[e.authenticated,e.wallet,e.meta.boundWallet,n]),useEffect(()=>{e.wallet&&e.authWalletRef.current&&e.wallet.toLowerCase()!==e.authWalletRef.current.toLowerCase()&&(e.logger.warn("Wallet mismatch detected, clearing auth",{current:e.wallet,authWallet:e.authWalletRef.current}),e.accessTokenRef.current=null,e.setAuthenticated(false));},[e.wallet,e.authWalletRef.current]),useEffect(()=>{let l=()=>{if(!e.authenticated||!e.wallet||e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return  false;let w=e.tokenExpRef.current;if(!w)return  false;let b=Math.floor(Date.now()/1e3);return w-b<=30},d=async()=>{try{l()&&(e.logger.info("Token expiring soon, refreshing on focus"),await r());}catch{}},f=async()=>{document.visibilityState==="visible"&&await d();};return window.addEventListener("focus",d),document.addEventListener("visibilitychange",f),()=>{window.removeEventListener("focus",d),document.removeEventListener("visibilitychange",f);}},[e,r]),useEffect(()=>{let d=()=>{let b=Math.floor(Date.now()/1e3),R=e.tokenExpRef.current,m=e.sessionExpiry,k=!!R&&R-b<=30&&R-b>0,S=!!m&&m-b<=3600&&m-b>0;return {tokenSoon:k,sessionSoon:S}},f=async()=>{try{if(!e.authenticated||!e.wallet||e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return;let{tokenSoon:b,sessionSoon:R}=d();(b||R)&&(e.logger.info("Refreshing on focus",{tokenSoon:b,sessionSoon:R}),await r()&&R&&await n());}catch{}},w=async()=>{document.visibilityState==="visible"&&await f();};return window.addEventListener("focus",f),document.addEventListener("visibilitychange",w),()=>{window.removeEventListener("focus",f),document.removeEventListener("visibilitychange",w);}},[e,e.sessionExpiry,r,n]);};var Ir=createContext(void 0),Fn=e=>{let t=Pr(e),{refresh:r,attemptRegister:n,setProofFromAdapterToken:o}=Ar(t),a=xr(t,r),{session:i}=Cr(t,a);Tr(t,{refresh:r,session:i,attemptRegister:n,setProofFromAdapterToken:o,proofProp:e.proof});let c=useMemo(()=>({get:(u,s)=>a("GET",u,void 0,s),post:(u,s,l)=>a("POST",u,s,l),session:i,refresh:r,authenticated:t.authenticated,loading:t.loadingCount>0,error:t.error,allowed:t.allowed,sessionExpiry:t.sessionExpiry,sessionData:t.sessionData,wallet:t.wallet}),[a,i,r,t.authenticated,t.loadingCount,t.error,t.allowed,t.sessionExpiry,t.sessionData,t.wallet]);return jsx(Ir.Provider,{value:c,children:e.children})},Bn=e=>jsx(kt,{clientId:e.clientId,children:jsx(Fn,{...e})}),Gn=()=>{let e=useContext(Ir);if(!e)throw new Error("useSunbreak must be used within a SunbreakProvider");return e};
+    `.trim()}};var qn=()=>crypto.randomUUID(),Hr=e=>{let{clientId:t,wallet:r,base:n="https://api.sunbreak.com",fetchImpl:o,timeoutMs:a=15e3,proof:i=null,providerAdapter:s,refreshDeps:u=[],debug:l}=e,c=mt(n),p=typeof window<"u"?(o??fetch).bind(window):o??fetch,{meta:d,setBoundWallet:g,setJkt:R,setRefreshId:x,getRefreshId:w,setLastPolicyHash:k,setLastPolicyProof:b,setLastHost:W,setRootJkt:_,setRegisteredProofId:h,ready:f}=Kt(),{ensureRootKeypair:y,rootPrivRef:C,rootPubJwkRef:J}=Jt(),Ae=useCallback(async()=>{await y();try{if(!d.rootJkt&&J.current){let re=await H(J.current);_(re);}}catch{}},[y,d.rootJkt,J]),{ensureKeypair:A,rotate:Ne,privRef:Ue,pubJwkRef:Vt}=Tt(),[D,X]=useState(false),[U,te]=useState(0),[ce,ae]=useState(null),[st,ct]=useState(null),[lt,Vr]=useState(null),[qr,zr]=useState(null),Xr=useRef(null),Yr=useRef(null),Zr=useRef(null),Qr=useRef(null),en=useRef(null),tn=useRef(null),rn=useRef(null),nn=useRef(false),on=useRef(false),an=useRef(void 0),Fe=useRef(false),ut=useRef(false),qt=useRef(null),le=useRef(null);le.current||(le.current=new Promise(re=>{qt.current=re;}));let ft=useRef(null),sn=useRef(i),cn=useRef(null),we=useRef(null);if(!we.current){let re=l??false;we.current=new Me(t,re);}let zt=l??false;we.current&&we.current.enabled!==zt&&(we.current.enabled=zt);let dt=useRef(null);dt.current||(dt.current=new He);let Be=useRef(null),Xt=useRef(null),Ge=useRef(null),Yt=()=>Date.now(),ln=()=>(Ge.current??0)>0&&Ge.current<Yt(),pt=useCallback((re,mn=15e3)=>{let Zt=qn();return Be.current=Zt,Xt.current=re,Ge.current=Yt()+Math.max(1e3,mn),Zt},[]),un=useCallback(()=>((!Be.current||ln())&&pt("adhoc",1e4),Be.current),[pt]),ht=useRef(null),Ve=useRef(null);Ve.current||(Ve.current=new Promise(re=>{ht.current=re;}));let fn=useCallback(async()=>{!Fe.current&&Ve.current&&await Ve.current;},[]),dn=useCallback(()=>{Fe.current||(Fe.current=true,ht.current?.(),ht.current=null);},[]),pn=useCallback(async()=>{!ut.current&&le.current&&await le.current;},[]),hn=useCallback(async()=>{!ut.current&&le.current&&await le.current,ft.current&&await ft.current;},[]);return {clientId:t,wallet:r,baseUrl:c,fetchImpl:p,timeoutMs:a,providerAdapter:s,refreshDeps:u,ensureKeypair:A,rotate:Ne,ensureRootKeypair:Ae,rootPrivRef:C,rootPubJwkRef:J,privRef:Ue,pubJwkRef:Vt,meta:d,setBoundWallet:g,setJkt:R,setRefreshId:x,accessTokenRef:Zr,tokenExpRef:Qr,authenticated:D,setAuthenticated:X,loadingCount:U,setLoadingCount:te,error:ce,setError:ae,allowed:st,setAllowed:ct,sessionExpiry:lt,setSessionExpiry:Vr,sessionData:qr,setSessionData:zr,authWalletRef:Yr,refreshLock:en,registerLock:tn,sessionLock:rn,didInitialRefresh:nn,didInitialSession:on,prevWalletRef:an,initResolvedRef:ut,initReady:le,initResolveRef:qt,rotateLock:ft,waitReady:pn,awaitKeyStable:hn,proofRef:sn,registerCooldownUntilRef:Xr,reqIdRef:Be,flowLabelRef:Xt,flowExpireRef:Ge,beginFlow:pt,currentReqId:un,awaitProbe:fn,markProbed:dn,hasProbedRef:Fe,getRefreshId:w,setLastPolicyHash:k,setLastPolicyProof:b,setLastHost:W,setRootJkt:_,setRegisteredProofId:h,metaReady:f,probeLock:cn,stateMachine:dt.current,logger:we.current}};var z=e=>e.accessTokenRef.current??null,ee=e=>{let t=e.privRef.current;if(!t)throw new Error("Sunbreak: private key not initialized");return t},T=e=>{let t=e.pubJwkRef.current;if(!t)throw new Error("Sunbreak: public JWK not initialized");return t};var zn=(e,t)=>`${e.toUpperCase()} ${t}`;async function $e(e,t,r,n){if(!t)return e.logger.guard("register",false,"No wallet provided"),false;e.logger.flow("register","Starting register flow",{wallet:t});let o=$e._nonceCacheRef||($e._nonceCacheRef={map:new Map});try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe(),await e.ensureKeypair(),e.setError(null),e.beginFlow("register",2e4);let a;try{if(await e.ensureRootKeypair(),e.rootPrivRef.current&&e.rootPubJwkRef.current){if(!e.meta.rootJkt)try{let y=await H(e.rootPubJwkRef.current);e.setRootJkt?.(y);}catch{}let h=await H(T(e)),f=await e.getRefreshId();a=await pe({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:h,clientId:e.clientId,sid:f||void 0,ttlSec:300});}}catch(h){e.logger.warn("Failed to create PODE for register",h);}let i=e.currentReqId(),s="/auth/register",u=`${e.baseUrl}${s}`,l=new URL(e.baseUrl).origin,c="POST",p=`${l}${s}`,d=zn(c,p),g=o.map.get(d),R=await V({method:c,url:p,nonce:g,privateKey:ee(e),publicJwk:T(e)}),x=async h=>e.fetchImpl(u,{method:c,headers:{"content-type":"application/json","x-sunbreak-meta":G(e,{reqId:i,pode:a||void 0}),...h},credentials:"include",body:JSON.stringify({wallet:t,proof:r})}),w=await x({DPoP:R}),k=h=>{let f=h.headers.get("dpop-nonce");f&&o.map.set(d,f);};if(w.status===401){e.logger.info("Register got 401, retrying with nonce");let h=w.headers.get("www-authenticate"),y=(h&&h.match(/dpop-nonce="([^"]+)"/i))?.[1];if(y){o.map.set(d,y);let C=await V({method:c,url:p,nonce:y,privateKey:ee(e),publicJwk:T(e)});w=await x({DPoP:C});}}if(k(w),e.logger.api(c,s,{status:w.status}),!w.ok){let h=await Le(w);if((w.headers.get("content-type")||"").includes("application/json")){let y;try{y=await w.clone().json();}catch{}let C=_e(y&&(y.error||y.message||y.detail)||`HTTP ${w.status}`);throw he(C,h)}else {let y=h.waf?"Blocked by WAF (403)":h.alb403?"Blocked at origin (ALB 403)":`HTTP ${w.status}`;throw he(y,h)}}let b=await w.json();e.logger.info("Register succeeded",{expiresIn:b.expiresIn,hasRefreshId:!!b.refreshId}),e.accessTokenRef.current=b.access,e.authWalletRef.current=t.toLowerCase(),e.setAuthenticated(!0);try{let h=Math.floor(Date.now()/1e3);e.tokenExpRef.current=h+(b.expiresIn??0);}catch{}e.didInitialRefresh.current=!0,e.setBoundWallet(t),e.setLastPolicyHash(null),e.setLastPolicyProof(null);try{e.setJkt(await H(T(e)));}catch{}let W=xe(r);e.setRegisteredProofId(W);try{let h={...e.meta,boundWallet:t,clientId:e.meta.clientId??e.clientId,jkt:e.meta.jkt??null,refreshId:b.refreshId??null,registeredProofId:W};e.setRefreshId(b.refreshId??null);let f=Te(e.clientId);await S(f,h);try{localStorage.setItem(f,JSON.stringify(h));}catch(y){e.logger.warn("Failed to persist meta to localStorage",y);}}catch(h){e.logger.warn("Failed to persist session metadata",h);}let _={wallet:t,boundWallet:t,refreshId:b.refreshId??null,hasToken:!0,tokenExpiry:e.tokenExpRef.current,hasProof:!0,authenticated:!0};return e.stateMachine.onRegisterSuccess(_),!0}catch(a){let i=a,s=Number(i?.status||0),u=String(i?.code||"").toLowerCase(),l=String(i?.message||"").toLowerCase(),c=Math.floor(Math.random()*1e3);e.logger.error("Register failed",{status:s,code:u,msg:l}),e.stateMachine.onRegisterFailure(`${u||l||"Unknown error"}`);let p=u==="session_exists"||u==="already_authenticated"||l.includes("already")&&(l.includes("session")||l.includes("authenticated")),d=(s===401||s===403)&&u==="replay";if((p||d)&&n?.refreshFallback&&(!e.meta.boundWallet||e.meta.boundWallet.toLowerCase()===t.toLowerCase())){e.logger.info("Register failed with recoverable error, attempting refresh fallback",{code:u,isSessionExists:p,isReplay:d});try{if(await n.refreshFallback())return e.logger.info("Refresh fallback succeeded after register failure"),e.meta.boundWallet||e.setBoundWallet(t),!0}catch(R){e.logger.warn("Refresh fallback failed",R);}}if(d){if(e.providerAdapter)try{let g=await e.providerAdapter.getToken()??null;if(g)return await e.awaitKeyStable(),await e.ensureKeypair(),await e.rotate(),e.proofRef.current=await Ce(e.providerAdapter,g),e.registerCooldownUntilRef.current=Date.now()+5e3+c,!1}catch{}else return e.proofRef.current=null,e.setError("Proof replayed; please sign a fresh proof."),e.registerCooldownUntilRef.current=Date.now()+1e4+c,false;return e.registerCooldownUntilRef.current=Date.now()+8e3+c,false}if(p)return e.setError("Session already exists. Try refreshing the page."),e.registerCooldownUntilRef.current=Date.now()+3e3+c,false;if(s===403&&(i?.waf||i?.alb403))return e.setError(l||"Forbidden at edge/origin"),e.registerCooldownUntilRef.current=Date.now()+3e4+c,false;if(s===403)return e.setError(u||l||"Forbidden"),e.registerCooldownUntilRef.current=Date.now()+15e3+c,false;if(s===429||s===503){e.setError(u||l||"Rate limited / unavailable");let g=s===429?5e3:8e3;return e.registerCooldownUntilRef.current=Date.now()+g+c,false}return e.setError(u||l||"Register failed"),e.registerCooldownUntilRef.current=Date.now()+5e3+c,false}}var Xn=(e,t)=>`${e.toUpperCase()} ${t}`;function Oe(e){if(e.refreshLock.current)return e.logger.guard("refreshLock",false,"Refresh already in progress"),e.refreshLock.current;if(e.registerLock.current){e.logger.guard("registerLock",false,"Registration in progress, waiting");let t=e.registerLock.current.then(()=>{if(e.authenticated&&z(e))return  true;if(z(e)){let n=e.tokenExpRef.current,o=Math.floor(Date.now()/1e3);if(!!n&&n-o>5)return  true}return  false});return e.refreshLock.current=t.finally(()=>{e.refreshLock.current=null;}),e.refreshLock.current}return e.logger.flow("refresh","Starting refresh flow"),e.refreshLock.current=(async()=>{try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe();let t=e.meta.boundWallet||e.wallet;if(!t)return e.logger.warn("No wallet available for refresh (neither boundWallet nor current wallet)"),!1;if(e.wallet&&e.meta.boundWallet&&!$(e.wallet,e.meta.boundWallet))return e.logger.warn("Wallet mismatch during refresh",{current:e.wallet,bound:e.meta.boundWallet}),e.accessTokenRef.current=null,e.setAuthenticated(!1),!1;let r=z(e);if(r){let f=e.tokenExpRef.current,y=Math.floor(Date.now()/1e3);if(!!r&&!!f&&f-y>5)return e.logger.info("Token still valid, skipping refresh"),!0}e.beginFlow("refresh",15e3);let n=e.currentReqId();await e.ensureKeypair();let o;try{if(await e.ensureRootKeypair(),e.rootPrivRef.current&&e.rootPubJwkRef.current){if(!e.meta.rootJkt)try{let C=await H(e.rootPubJwkRef.current);e.setRootJkt?.(C);}catch{}let f=await H(T(e)),y=await e.getRefreshId();o=await pe({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:f,clientId:e.clientId,sid:y||void 0,ttlSec:300});}}catch(f){e.logger.warn("Failed to create PODE for refresh",f);}let a="/auth/refresh",i=`${e.baseUrl}${a}`,s=new URL(e.baseUrl).origin,u="POST",l=`${s}${a}`,c=Xn(u,l),p=Oe._nonceCacheRef||(Oe._nonceCacheRef={map:new Map}),d=async f=>await V({method:u,url:l,nonce:f,privateKey:ee(e),publicJwk:T(e)}),g=await e.getRefreshId(),R={"x-sunbreak-meta":G(e,{reqId:n,refreshId:g||void 0,pode:o||void 0,wallet:t}),"content-type":"application/json"},x=async f=>e.fetchImpl(i,{method:u,headers:{DPoP:f,...R},credentials:"include",body:"{}"}),w=f=>{let y=f.headers.get("dpop-nonce");y&&p.map.set(c,y);},k=await x(await d(p.map.get(c)));if(k.status===401){e.logger.info("Refresh got 401, retrying with nonce");let f=k.headers.get("www-authenticate"),C=(f&&f.match(/dpop-nonce="([^"]+)"/i))?.[1];C&&(p.map.set(c,C),k=await x(await d(C)));}if(w(k),e.logger.api(u,a,{status:k.status}),!k.ok){try{if((k.headers.get("content-type")||"").includes("application/json")){let y=await k.clone().json().catch(()=>{}),C=y&&(y.error||y.code||y.message)||"",J=String(C).toLowerCase();if(J.includes("missing")&&J.includes("refresh")){e.logger.warn("Refresh session expired (missing refresh identifier)"),e.stateMachine.onRefreshExpired();try{e.setRefreshId?.(null);}catch{}e.accessTokenRef.current=null,e.setAuthenticated(!1);}else e.logger.warn("Refresh failed",{error:C}),e.stateMachine.onRefreshFailure(String(C));}}catch{}return !1}let b=await k.json();e.logger.info("Refresh succeeded",{expiresIn:b.expiresIn,hasRefreshId:!!b.refreshId}),e.accessTokenRef.current=b.access,e.setAuthenticated(!0);let W=(e.wallet&&(!e.meta.boundWallet||e.meta.boundWallet===e.wallet)?e.wallet:e.meta.boundWallet)||null;e.authWalletRef.current=W?W.toLowerCase():null;try{let f=Math.floor(Date.now()/1e3);e.tokenExpRef.current=f+(b.expiresIn??0);}catch{}try{e.setJkt(await H(T(e)));}catch{}b.refreshId&&e.setRefreshId(b.refreshId);let _=f=>!f||f==="null"||f==="undefined"?null:f,h={wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:_(b.refreshId??e.meta.refreshId??null),hasToken:!0,tokenExpiry:e.tokenExpRef.current,hasProof:!!e.proofRef.current,authenticated:!0};return e.stateMachine.onRefreshSuccess(h),!0}finally{e.refreshLock.current=null;}})(),e.refreshLock.current}var Yn=(e,t)=>`${e.toUpperCase()} ${t}`,_t=new Map,je;try{let e=globalThis;je=e.__sunbreak_page_probe_guard??(e.__sunbreak_page_probe_guard=new Set);}catch{je=new Set;}var Zn=e=>{try{let t=new URL(e.baseUrl).origin;return `${e.clientId}::${t}`}catch{return `${e.clientId}::${e.baseUrl}`}};async function $r(e){let t=Zn(e);if(e.probeLock.current){e.logger.guard("probeLock",false,"Probe already in progress, waiting"),await e.probeLock.current,e.markProbed();return}if(e.hasProbedRef.current){e.logger.guard("hasProbedRef",false,"Already probed in this session"),e.markProbed();return}if(je.has(t)){e.logger.guard("pageProbeGuard",false,"Already probed for this page load"),e.markProbed();return}je.add(t),e.logger.flow("probe","Starting probe flow",{clientId:e.clientId,pageKey:t});let r=(async()=>{let n=new URL(e.baseUrl).origin;try{if(await e.awaitKeyStable(),await e.ensureKeypair(),!e.rootPrivRef.current)try{await e.ensureRootKeypair();}catch{}let o;if(e.rootPrivRef.current&&e.rootPubJwkRef.current)try{let w=await H(T(e));o=await pe({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:w,clientId:e.clientId,ttlSec:300});}catch(w){e.logger.warn("Failed to create PODE for probe",w);}let a="POST",i="/auth/probe",s=`${e.baseUrl}${i}`,u=`${n}${i}`,l=Yn(a,u),c=async w=>V({method:a,url:u,nonce:w,privateKey:ee(e),publicJwk:T(e)}),p=async w=>e.fetchImpl(s,{method:a,headers:{DPoP:w,"x-sunbreak-meta":G(e,{pode:o}),"content-type":"application/json"},credentials:"include",body:"{}"}),d=w=>{let k=w.headers.get("dpop-nonce");k&&_t.set(l,k);},g=await p(await c(_t.get(l)));if(d(g),g.status===401){e.logger.info("Probe got 401, retrying with nonce from www-authenticate");let w=g.headers.get("www-authenticate"),b=(w&&w.match(/dpop-nonce="([^"]+)"/i))?.[1];b&&(_t.set(l,b),g=await p(await c(b)),d(g));}e.logger.api(a,i,{status:g.status});let R=w=>!w||w==="null"||w==="undefined"?null:w,x={wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:R(e.meta.refreshId),hasToken:!!e.accessTokenRef.current,tokenExpiry:e.tokenExpRef.current||null,hasProof:!!e.proofRef.current,authenticated:e.authenticated};e.stateMachine.onProbeComplete(x);}catch(o){e.logger.error("Probe failed",o);try{je.delete(t);}catch{}}finally{e.markProbed(),e.logger.flow("probe","Probe flow completed");}})();e.probeLock.current=r;try{await r;}finally{e.probeLock.current=null;}}var Or=e=>{let t=useCallback(()=>Oe(e),[e]),r=useCallback(async()=>{let o=Date.now(),a=e.registerCooldownUntilRef.current??0;if(o<a){e.logger.guard("registerCooldown",false,"Cooldown active");return}if(!e.wallet){e.logger.guard("attemptRegister",false,"No wallet");return}if(!e.initResolvedRef.current){e.logger.guard("attemptRegister",false,"Not initialized");return}if(e.refreshLock.current){e.logger.guard("attemptRegister",false,"Refresh in progress");return}if(e.registerLock.current){e.logger.guard("attemptRegister",false,"Register already in progress");return}let i=c=>!c||c==="null"||c==="undefined"?null:c,s={wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:i(e.meta.refreshId),hasToken:!!z(e),tokenExpiry:e.tokenExpRef.current||null,hasProof:!!e.proofRef.current,authenticated:e.authenticated};if(!e.stateMachine.shouldAttemptRegister(s)){e.logger.guard("attemptRegister",false,`State machine blocked (state: ${e.stateMachine.getState()}, inActiveSession: ${e.stateMachine.isInActiveSession()})`);return}let u=e.proofRef.current;if(!u){e.logger.guard("attemptRegister",false,"No proof available");return}e.logger.guard("attemptRegister",true,"All guards passed, proceeding");let l=(async()=>{try{await e.awaitKeyStable(),await $e(e,e.wallet,u,{refreshFallback:async()=>{e.logger.info("Attempting refresh as fallback after register failure");let c=!!e.meta.boundWallet;!c&&e.wallet&&e.setBoundWallet(e.wallet);try{return await Oe(e)}catch{return c||e.setBoundWallet(null),!1}}});}catch(c){let p=c;e.setError(p?.message||String(c)||"Register failed");}finally{e.registerLock.current=null;}})();e.registerLock.current=l;},[e]),n=useCallback(async o=>{let a=()=>(e.registerCooldownUntilRef.current??0)>Date.now();if(!e.providerAdapter||a())return;let i=await Ce(e.providerAdapter,o);e.proofRef.current=i;},[e]);return {refresh:t,register:(o,a,i)=>$e(e,o,a,i),attemptRegister:r,setProofFromAdapterToken:n}};var Qn=(e,t)=>`${e.toUpperCase()} ${t}`,eo=(e,t)=>!!e&&!!t&&e.toLowerCase()===t.toLowerCase();async function at(e,t,r,n,o,a={}){e.setLoadingCount(l=>l+1),e.setError(null);let i=n.startsWith("/api/session"),s=new AbortController,u=setTimeout(()=>s.abort(),e.timeoutMs);try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe(),await e.ensureKeypair();let c=`${i?yt(e):e.baseUrl}${n.startsWith("/")?"":"/"}${n}`,d=`${new URL(e.baseUrl).origin}${n.startsWith("/")?"":"/"}${n}`,g=Qn(r,d),R=n.startsWith("/auth/"),x=!1,w=!1,k=e.currentReqId(),b=at._nonceCacheRef||(at._nonceCacheRef={map:new Map}),W=D=>{let X=D.headers.get("dpop-nonce");X&&b.map.set(g,X);},_=!!e.wallet&&!!e.authWalletRef.current&&e.wallet.toLowerCase()!==e.authWalletRef.current.toLowerCase(),h=()=>R||!e.wallet?!1:!!(e.authenticated||eo(e.wallet,e.meta.boundWallet)||typeof e.meta.refreshId=="string"&&e.meta.refreshId),f,y,C=async()=>{if(R||_)return;try{let ce=z(e),ae=e.tokenExpRef.current,st=Math.floor(Date.now()/1e3),ct=!!ae&&ae-st<=60;if(ce){if(ct&&!await t().catch(()=>!1))return}else if(!h()||!await t().catch(()=>!1))return}catch{}let D=z(e);if(!D)return;let X=await rt(D),U=b.map.get(g),te=await V({method:r,url:d,nonce:U,ath:X,privateKey:ee(e),publicJwk:T(e)});f=`Bearer ${e.accessTokenRef.current}`,y=te;};await C();let J={"content-type":"application/json","x-sunbreak-auth":f||"","x-sunbreak-meta":G(e,{reqId:k,auth:f,ifPolicyHash:e.meta.lastPolicyHash||void 0,ifPolicyProof:e.meta.lastPolicyProof||void 0}),...gt(a.headers)};y&&(J.DPoP=y);let Ae=async()=>e.fetchImpl(c,{...a,method:r,headers:J,body:o!==void 0?JSON.stringify(o):void 0,credentials:"include",signal:s.signal}),A=await Ae(),Ne=A.headers.get("x-sunbreak-policy-hash"),Ue=A.headers.get("x-sunbreak-policy-proof");if(Ne&&e.setLastPolicyHash(Ne),Ue&&e.setLastPolicyProof(Ue),W(A),A.status===401&&!R){let D=z(e),X=A.headers.get("www-authenticate"),te=(X&&X.match(/dpop-nonce="([^"]+)"/i))?.[1];if(!_&&te&&D&&!w){w=!0,b.map.set(g,te);let ce=await rt(D),ae=await V({method:r,url:d,nonce:te,ath:ce,privateKey:ee(e),publicJwk:T(e)});f=`Bearer ${e.accessTokenRef.current}`,y=ae,J["x-sunbreak-meta"]=G(e,{reqId:k,auth:f}),J.DPoP=y,A=await Ae(),W(A);}if(A.status===401&&!x&&(x=!0,!_&&h())){let ce=await t(),ae=z(e);ce&&ae&&!_&&(await C(),J["x-sunbreak-meta"]=G(e,{reqId:k,auth:f}),y&&(J.DPoP=y),A=await Ae(),W(A));}if(A.status===401)throw new Error("Unauthorized")}if(!A.ok){let D=await Le(A);if((A.headers.get("content-type")||"").includes("application/json")){let U=await A.json().catch(()=>{}),te=_e(U&&(U.error||U.message||U.detail)||`HTTP ${A.status}`);throw he(te,D)}else {let U=D.waf?"Blocked by WAF (403)":D.alb403?"Blocked at origin (ALB 403)":`HTTP ${A.status}`;throw he(U,D)}}return (A.headers.get("content-type")||"").includes("application/json")?await A.json():void 0}finally{clearTimeout(u),e.setLoadingCount(l=>Math.max(0,l-1));}}var jr=(e,t)=>useCallback(async(r,n,o,a={})=>at(e,t,r,n,o,a),[e,t]);async function Nr(e,t){let r=await t("GET","/api/session");if(r){e.setAllowed(!!r.allowed),e.setSessionData(r),e.setSessionExpiry(r.expiry??null);let n=r?.wallet;typeof n=="string"&&n&&e.setBoundWallet(n.toLowerCase());}return r}var Ur=(e,t)=>({session:useCallback(async()=>{if(e.wallet&&!(e.meta.boundWallet&&!$(e.wallet,e.meta.boundWallet)))return e.sessionLock.current||(e.sessionLock.current=(async()=>{try{return await Nr(e,t)}catch(n){throw e.logger.error("Session request failed",n),n}finally{e.sessionLock.current=null;}})()),e.sessionLock.current},[e,t])});var it=e=>(e.registerCooldownUntilRef.current??0)>Date.now(),Fr=e=>{if(!e)return null;let t=e.indexOf(":");return t>0?e.slice(0,t):null},no=e=>!e||e==="null"||e==="undefined"?null:e,N=e=>({wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:no(e.meta.refreshId),hasToken:!!e.accessTokenRef.current,tokenExpiry:e.tokenExpRef.current||null,hasProof:!!e.proofRef.current,authenticated:e.authenticated});var Mt=e=>{useEffect(()=>{if(!e.metaReady)return;let t=true;return (async()=>{try{if(await e.waitReady(),!t||(await e.awaitKeyStable(),!t)||(await e.ensureRootKeypair(),!t))return;let r=N(e);e.stateMachine.initialize(r),await $r(e);}catch(r){if(!t)return;e.logger.error("Probe initialization failed",r);}})(),()=>{t=false;}},[e.metaReady]);};var Ht=e=>{useEffect(()=>{let t=e.prevWalletRef.current;if(e.prevWalletRef.current=e.wallet,e.wallet!==t&&e.hasProbedRef.current&&!e.refreshLock.current&&(e.didInitialRefresh.current=false),!e.wallet){e.logger.flow("wallet","Wallet disconnected"),e.stateMachine.onWalletDisconnect(),e.setAllowed(null),e.setSessionExpiry(null),e.setSessionData(null),e.setAuthenticated(false),e.accessTokenRef.current=null,e.proofRef.current=null,e.setError(null),e.didInitialSession.current=false,e.authWalletRef.current=null,e.setLastPolicyHash(null),e.setLastPolicyProof(null),e.hasProbedRef.current&&!e.refreshLock.current&&(e.didInitialRefresh.current=false);return}if(t&&e.wallet&&t!==e.wallet){e.logger.flow("wallet",`Wallet changed: ${t} \u2192 ${e.wallet}`);let r=N(e);e.stateMachine.onWalletChange(t,e.wallet,r),e.proofRef.current=null,e.accessTokenRef.current=null,e.setAuthenticated(false),e.didInitialSession.current=false,e.authWalletRef.current=null,e.setLastPolicyHash(null),e.setLastPolicyProof(null),e.rotateLock.current=(async()=>{await e.rotate();})().catch(()=>{}).finally(()=>{e.rotateLock.current=null;});}if(!t&&e.wallet){if(e.logger.flow("wallet",`Wallet connected: ${e.wallet}`),e.didInitialSession.current=false,!e.metaReady){e.logger.info("Wallet connected but meta not ready, deferring state machine update");return}let r=N(e);e.stateMachine.onWalletChange(null,e.wallet,r);}},[e.wallet,e.metaReady]);};var $t=(e,t)=>{let{attemptRegister:r,setProofFromAdapterToken:n}=t;useEffect(()=>{if(!e.providerAdapter||it(e)||!e.metaReady||!e.wallet)return;let o=N(e);if(e.stateMachine.isInActiveSession()){e.logger.decision("Provider adapter should trigger register?",false,`Already in active session (state: ${e.stateMachine.getState()})`);return}if(e.stateMachine.shouldWaitForInitialRefresh(e.didInitialRefresh.current,o)){e.logger.decision("Provider adapter should wait for initial refresh?",true,"Returning user - refresh first");return}e.logger.decision("Provider adapter should trigger register?",true,`Fetching token (state: ${e.stateMachine.getState()})`);let a=false;return (async()=>{try{let i=e.providerAdapter.getToken(),s=new Promise((l,c)=>setTimeout(()=>c(new Error("Provider adapter timeout (30s)")),3e4)),u=await Promise.race([i,s]).catch(l=>(e.logger.warn("Provider adapter getToken failed",l),null))??null;if(await e.awaitKeyStable(),a||!u)return;try{let l=u.split(".");if(l[1]){let c=JSON.parse(atob(l[1]));e.logger.info("Provider adapter: got token",{wallet:e.wallet,jwtSub:c.sub,jwtWallet:c.wallet||c.linked_accounts?.[0]?.address,jwtExp:c.exp,jwtIat:c.iat});}}catch{e.logger.info("Provider adapter: got token (could not decode)");}await n(u),await r();}catch(i){e.logger.error("Provider adapter flow failed",i);}})(),()=>{a=true;}},[e.providerAdapter,e.wallet,e.meta.boundWallet,e.metaReady,e.registerCooldownUntilRef,e.didInitialRefresh,...e.refreshDeps]);};var Ot=(e,t)=>{let{proofProp:r,attemptRegister:n}=t;useEffect(()=>{if(typeof r<"u"&&(e.proofRef.current=r??null,r&&e.logger.info("Proof prop updated",{hasProof:!!r})),!e.metaReady)return;let o=N(e),a=!!e.wallet,i=!!e.proofRef.current,s=false,u=e.proofRef.current?.method,l=u==="siwe"||u==="eip191";if(i&&e.stateMachine.isInActiveSession())if(l){let p=xe(e.proofRef.current),d=e.meta.registeredProofId;if(p&&d){let g=Fr(d),R=g==="siwe"||g==="eip191";if(R&&p!==d)e.logger.info("Proof prop: SIWE/EIP191 credentials changed, allowing re-registration",{old:d,new:p}),e.stateMachine.onNewCredentialsReceived(),e.accessTokenRef.current=null,e.setAuthenticated(false),e.didInitialSession.current=false,s=true;else if(R){e.logger.decision("Proof prop should trigger register?",false,"Already authenticated with same SIWE/EIP191 credentials");return}else e.logger.info("Proof prop: switching from provider JWT to SIWE/EIP191, allowing re-registration",{old:d,new:p}),e.stateMachine.onNewCredentialsReceived(),e.accessTokenRef.current=null,e.setAuthenticated(false),e.didInitialSession.current=false,s=true;}}else {e.logger.decision("Proof prop should trigger register?",false,`Already in active session, no credential change detection for ${u}`);return}let c=s?N(e):o;if(!e.stateMachine.shouldAttemptRegister(c)){e.logger.decision("Proof prop should trigger register?",false,`State machine says no (state: ${e.stateMachine.getState()}, inActiveSession: ${e.stateMachine.isInActiveSession()})`);return}if(e.stateMachine.shouldWaitForInitialRefresh(e.didInitialRefresh.current,c)){e.logger.decision("Proof prop should wait for initial refresh?",true,"Returning user - refresh first");return}a&&i&&e.initResolvedRef.current&&!it(e)&&(e.logger.info("Proof prop conditions met, attempting register"),n());},[r,e.wallet,e.authenticated,e.meta.boundWallet,e.meta.registeredProofId,e.metaReady,e.providerAdapter,e.initResolvedRef,e.didInitialRefresh,n]);};var jt=(e,t)=>{let{refresh:r,session:n}=t;useEffect(()=>{if(!e.metaReady||e.didInitialRefresh.current)return;e.didInitialRefresh.current=true;let o=true;return (async()=>{try{await e.waitReady(),await e.awaitProbe();let a=N(e);if(e.accessTokenRef.current||e.authenticated){e.logger.info("Already authenticated, skipping initial refresh"),e.wallet&&!e.didInitialSession.current&&(e.didInitialSession.current=!0,await n());return}if(!e.stateMachine.shouldAttemptRefresh(a)){e.logger.decision("Should attempt initial refresh?",!1,`State: ${e.stateMachine.getState()}`);return}e.logger.decision("Should attempt initial refresh?",!0,`State: ${e.stateMachine.getState()}`);let s=await r();if(!o)return;e.setAuthenticated(s),s&&e.wallet&&!e.didInitialSession.current&&(e.didInitialSession.current=!0,await n());}catch(a){if(!o)return;let i=a;e.setAuthenticated(false),e.setError(i?.message||String(a)||"Unknown error");}})(),()=>{o=false;}},[e.wallet,e.meta.boundWallet,e.meta.refreshId,e.metaReady,e.didInitialRefresh,r,n]);};var Nt=e=>{useEffect(()=>{e.initResolvedRef.current||(async()=>{if(await e.ensureKeypair(),!e.wallet){e.initResolvedRef.current=true,e.initResolveRef.current?.();return}e.meta.boundWallet&&!$(e.meta.boundWallet,e.wallet)&&(e.rotateLock.current=(async()=>{e.accessTokenRef.current=null,e.setAuthenticated(false);})().catch(()=>{}).finally(()=>{e.rotateLock.current=null;}),e.rotateLock.current&&await e.rotateLock.current),e.initResolvedRef.current=true,e.initResolveRef.current?.();})();},[e]);};var Ut=(e,t)=>{let{session:r}=t;useEffect(()=>{(async()=>{if(e.authenticated&&e.wallet&&e.accessTokenRef.current&&!(e.meta.boundWallet&&!$(e.wallet,e.meta.boundWallet))&&!e.didInitialSession.current){e.didInitialSession.current=true;try{e.logger.flow("session","Calling session after authentication"),await r();}catch(n){let o=n;e.setError(o?.message||String(n));}}})();},[e.authenticated,e.wallet,e.meta.boundWallet,r]);};var Ft=e=>{useEffect(()=>{e.wallet&&e.authWalletRef.current&&!$(e.wallet,e.authWalletRef.current)&&(e.logger.warn("Wallet mismatch detected, clearing auth",{current:e.wallet,authWallet:e.authWalletRef.current}),e.accessTokenRef.current=null,e.setAuthenticated(false));},[e.wallet,e.authWalletRef.current]);};var Bt=(e,t)=>{let{refresh:r,session:n}=t;useEffect(()=>{let i=()=>{let l=Math.floor(Date.now()/1e3),c=e.tokenExpRef.current,p=e.sessionExpiry,d=!!c&&c-l<=30&&c-l>0,g=!!p&&p-l<=3600&&p-l>0;return {tokenSoon:d,sessionSoon:g}},s=async()=>{try{if(!e.authenticated||!e.wallet||e.meta.boundWallet&&!$(e.wallet,e.meta.boundWallet))return;let{tokenSoon:l,sessionSoon:c}=i();(l||c)&&(e.logger.info("Refreshing on focus",{tokenSoon:l,sessionSoon:c}),await r()&&c&&await n());}catch{}},u=async()=>{document.visibilityState==="visible"&&await s();};return window.addEventListener("focus",s),document.addEventListener("visibilitychange",u),()=>{window.removeEventListener("focus",s),document.removeEventListener("visibilitychange",u);}},[e,e.sessionExpiry,r,n]);};var Br=(e,t)=>{let{refresh:r,session:n,attemptRegister:o,setProofFromAdapterToken:a,proofProp:i}=t;Mt(e),Ht(e),$t(e,{attemptRegister:o,setProofFromAdapterToken:a}),Ot(e,{proofProp:i,attemptRegister:o}),jt(e,{refresh:r,session:n}),Nt(e),Ut(e,{session:n}),Ft(e),Bt(e,{refresh:r,session:n});};var Gr=createContext(void 0),yo=e=>{let t=Hr(e),{refresh:r,attemptRegister:n,setProofFromAdapterToken:o}=Or(t),a=jr(t,r),{session:i}=Ur(t,a);Br(t,{refresh:r,session:i,attemptRegister:n,setProofFromAdapterToken:o,proofProp:e.proof});let s=useMemo(()=>({get:(u,l)=>a("GET",u,void 0,l),post:(u,l,c)=>a("POST",u,l,c),session:i,refresh:r,authenticated:t.authenticated,loading:t.loadingCount>0,error:t.error,allowed:t.allowed,sessionExpiry:t.sessionExpiry,sessionData:t.sessionData,wallet:t.wallet}),[a,i,r,t.authenticated,t.loadingCount,t.error,t.allowed,t.sessionExpiry,t.sessionData,t.wallet]);return jsx(Gr.Provider,{value:s,children:e.children})},go=e=>jsx(Ct,{clientId:e.clientId,children:jsx(yo,{...e})}),bo=()=>{let e=useContext(Gr);if(!e)throw new Error("useSunbreak must be used within a SunbreakProvider");return e};
-export { Bn as SunbreakProvider, Gn as useSunbreak };
+export { go as SunbreakProvider, bo as useSunbreak };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tdfc/sunbreak-react",
-  "version": "0.1.11",
+  "version": "0.1.13",
   "description": "SDK for connecting to the Sunbreak API",
   "license": "UNLICENSED",
   "repository": "github:thedigitalfinancecompany/sunbreak-react",