@tonconnect/sdk 3.3.0-beta.0 → 3.3.0-beta.1

package/lib/cjs/index.cjs

@@ -6,7 +6,7 @@ var protocol = require('@tonconnect/protocol');
 require('@tonconnect/isomorphic-eventsource');
 require('@tonconnect/isomorphic-fetch');
 
-/*! *****************************************************************************
+/******************************************************************************
 Copyright (c) Microsoft Corporation.
 
 Permission to use, copy, modify, and/or distribute this software for any
@@ -20,6 +20,8 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
 OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 PERFORMANCE OF THIS SOFTWARE.
 ***************************************************************************** */
+/* global Reflect, Promise, SuppressedError, Symbol, Iterator */
+
 
 function __rest(s, e) {
     var t = {};
@@ -41,20 +43,25 @@ function __awaiter(thisArg, _arguments, P, generator) {
         function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
-}
+}
+
+typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) {
+    var e = new Error(message);
+    return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
+};
 
 /**
  * Base class for TonConnect errors. You can check if the error was triggered by the @tonconnect/sdk using `err instanceof TonConnectError`.
  */
 class TonConnectError extends Error {
+    get info() {
+        return '';
+    }
     constructor(message, options) {
         super(message, options);
         this.message = `${TonConnectError.prefix} ${this.constructor.name}${this.info ? ': ' + this.info : ''}${message ? '\n' + message : ''}`;
         Object.setPrototypeOf(this, TonConnectError.prototype);
     }
-    get info() {
-        return '';
-    }
 }
 TonConnectError.prefix = '[TON_CONNECT_SDK_ERROR]';
 
@@ -445,8 +452,8 @@ function createAbortController(signal) {
  * @param {CallForSuccessOptions} [options] - optional configuration options
  */
 function callForSuccess(fn, options) {
-    var _a, _b;
     return __awaiter(this, void 0, void 0, function* () {
+        var _a, _b;
         const attempts = (_a = options === null || options === void 0 ? void 0 : options.attempts) !== null && _a !== void 0 ? _a : 10;
         const delayMs = (_b = options === null || options === void 0 ? void 0 : options.delayMs) !== null && _b !== void 0 ? _b : 200;
         const abortController = createAbortController(options === null || options === void 0 ? void 0 : options.signal);
@@ -617,6 +624,18 @@ function timeout(fn, options) {
 }
 
 class BridgeGateway {
+    get isReady() {
+        const eventSource = this.eventSource.current();
+        return (eventSource === null || eventSource === void 0 ? void 0 : eventSource.readyState) === EventSource.OPEN;
+    }
+    get isClosed() {
+        const eventSource = this.eventSource.current();
+        return (eventSource === null || eventSource === void 0 ? void 0 : eventSource.readyState) !== EventSource.OPEN;
+    }
+    get isConnecting() {
+        const eventSource = this.eventSource.current();
+        return (eventSource === null || eventSource === void 0 ? void 0 : eventSource.readyState) === EventSource.CONNECTING;
+    }
     constructor(storage, bridgeUrl, sessionId, listener, errorsListener) {
         this.bridgeUrl = bridgeUrl;
         this.sessionId = sessionId;
@@ -645,26 +664,14 @@ class BridgeGateway {
         }));
         this.bridgeGatewayStorage = new HttpBridgeGatewayStorage(storage, bridgeUrl);
     }
-    get isReady() {
-        const eventSource = this.eventSource.current();
-        return (eventSource === null || eventSource === void 0 ? void 0 : eventSource.readyState) === EventSource.OPEN;
-    }
-    get isClosed() {
-        const eventSource = this.eventSource.current();
-        return (eventSource === null || eventSource === void 0 ? void 0 : eventSource.readyState) !== EventSource.OPEN;
-    }
-    get isConnecting() {
-        const eventSource = this.eventSource.current();
-        return (eventSource === null || eventSource === void 0 ? void 0 : eventSource.readyState) === EventSource.CONNECTING;
-    }
     registerSession(options) {
         return __awaiter(this, void 0, void 0, function* () {
             yield this.eventSource.create(options === null || options === void 0 ? void 0 : options.signal, options === null || options === void 0 ? void 0 : options.openingDeadlineMS);
         });
     }
     send(message, receiver, topic, ttlOrOptions) {
-        var _a;
         return __awaiter(this, void 0, void 0, function* () {
+            var _a;
             // TODO: remove deprecated method
             const options = {};
             if (typeof ttlOrOptions === 'number') {
@@ -1013,6 +1020,16 @@ class BridgeConnectionStorage {
 const PROTOCOL_VERSION = 2;
 
 class BridgeProvider {
+    static fromStorage(storage) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const bridgeConnectionStorage = new BridgeConnectionStorage(storage);
+            const connection = yield bridgeConnectionStorage.getHttpConnection();
+            if (isPendingConnectionHttp(connection)) {
+                return new BridgeProvider(storage, connection.connectionSource);
+            }
+            return new BridgeProvider(storage, { bridgeUrl: connection.session.bridgeUrl });
+        });
+    }
     constructor(storage, walletConnectionSource) {
         this.storage = storage;
         this.walletConnectionSource = walletConnectionSource;
@@ -1027,16 +1044,6 @@ class BridgeProvider {
         this.defaultRetryTimeoutMS = 2000;
         this.connectionStorage = new BridgeConnectionStorage(storage);
     }
-    static fromStorage(storage) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const bridgeConnectionStorage = new BridgeConnectionStorage(storage);
-            const connection = yield bridgeConnectionStorage.getHttpConnection();
-            if (isPendingConnectionHttp(connection)) {
-                return new BridgeProvider(storage, connection.connectionSource);
-            }
-            return new BridgeProvider(storage, { bridgeUrl: connection.session.bridgeUrl });
-        });
-    }
     connect(message, options) {
         var _a;
         const abortController = createAbortController(options === null || options === void 0 ? void 0 : options.signal);
@@ -1079,8 +1086,8 @@ class BridgeProvider {
         return this.generateUniversalLink(universalLink, message);
     }
     restoreConnection(options) {
-        var _a, _b;
         return __awaiter(this, void 0, void 0, function* () {
+            var _a, _b;
             const abortController = createAbortController(options === null || options === void 0 ? void 0 : options.signal);
             (_a = this.abortController) === null || _a === void 0 ? void 0 : _a.abort();
             this.abortController = abortController;
@@ -1426,15 +1433,15 @@ function isJSBridgeWithMetadata(value) {
  * Uses as a fallback for localStorage in Safari's private mode.
  */
 class InMemoryStorage {
-    constructor() {
-        this.storage = {};
-    }
     static getInstance() {
         if (!InMemoryStorage.instance) {
             InMemoryStorage.instance = new InMemoryStorage();
         }
         return InMemoryStorage.instance;
     }
+    constructor() {
+        this.storage = {};
+    }
     get length() {
         return Object.keys(this.storage).length;
     }
@@ -1529,19 +1536,6 @@ function isNodeJs() {
 }
 
 class InjectedProvider {
-    constructor(storage, injectedWalletKey) {
-        this.injectedWalletKey = injectedWalletKey;
-        this.type = 'injected';
-        this.unsubscribeCallback = null;
-        this.listenSubscriptions = false;
-        this.listeners = [];
-        const window = InjectedProvider.window;
-        if (!InjectedProvider.isWindowContainsWallet(window, injectedWalletKey)) {
-            throw new WalletNotInjectedError();
-        }
-        this.connectionStorage = new BridgeConnectionStorage(storage);
-        this.injectedWallet = window[injectedWalletKey].tonconnect;
-    }
     static fromStorage(storage) {
         return __awaiter(this, void 0, void 0, function* () {
             const bridgeConnectionStorage = new BridgeConnectionStorage(storage);
@@ -1583,6 +1577,19 @@ class InjectedProvider {
             typeof window[injectedWalletKey] === 'object' &&
             'tonconnect' in window[injectedWalletKey]);
     }
+    constructor(storage, injectedWalletKey) {
+        this.injectedWalletKey = injectedWalletKey;
+        this.type = 'injected';
+        this.unsubscribeCallback = null;
+        this.listenSubscriptions = false;
+        this.listeners = [];
+        const window = InjectedProvider.window;
+        if (!InjectedProvider.isWindowContainsWallet(window, injectedWalletKey)) {
+            throw new WalletNotInjectedError();
+        }
+        this.connectionStorage = new BridgeConnectionStorage(storage);
+        this.injectedWallet = window[injectedWalletKey].tonconnect;
+    }
     connect(message) {
         this._connect(PROTOCOL_VERSION, message);
     }
@@ -1644,8 +1651,8 @@ class InjectedProvider {
         return () => (this.listeners = this.listeners.filter(listener => listener !== eventsCallback));
     }
     sendRequest(request, optionsOrOnRequestSent) {
-        var _a;
         return __awaiter(this, void 0, void 0, function* () {
+            var _a;
             // TODO: remove deprecated method
             const options = {};
             if (typeof optionsOrOnRequestSent === 'function') {
@@ -2084,13 +2091,132 @@ const FALLBACK_WALLETS_LIST = [
     }
 ];
 
+let qaModeEnabled = false;
+let bannerObserver = null;
+function enableQaMode() {
+    qaModeEnabled = true;
+    console.warn('🚨 QA Mode enabled - validation is disabled. This is unsafe for production!');
+    showQaModeBanner();
+    startBannerObserver();
+    addQaModeStyles();
+}
+function isQaModeEnabled() {
+    return qaModeEnabled;
+}
+function logValidationError(message) {
+    if (isQaModeEnabled()) {
+        console.error(`[QA Mode] Validation failed: ${message}`);
+    }
+}
+function showQaModeBanner() {
+    if (typeof window === 'undefined')
+        return;
+    const existingBanner = document.getElementById('ton-connect-qa-banner');
+    if (existingBanner)
+        return;
+    const banner = document.createElement('div');
+    banner.id = 'ton-connect-qa-banner';
+    banner.style.cssText = `
+        position: fixed;
+        top: 0;
+        left: 0;
+        right: 0;
+        background: linear-gradient(90deg, #ff6b6b, #ff8e8e);
+        color: white;
+        padding: 12px 20px;
+        text-align: center;
+        font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+        font-weight: 600;
+        font-size: 14px;
+        z-index: 999999;
+        box-shadow: 0 2px 8px rgba(0,0,0,0.2);
+        animation: slideDown 0.3s ease-out;
+        user-select: none;
+        pointer-events: none;
+    `;
+    banner.innerHTML = `
+        🚨 QA Mode Active - Validation Disabled (Unsafe for Production)
+    `;
+    // Add CSS animation
+    const style = document.createElement('style');
+    style.textContent = `
+        @keyframes slideDown {
+            from { transform: translateY(-100%); }
+            to { transform: translateY(0); }
+        }
+    `;
+    document.head.appendChild(style);
+    document.body.appendChild(banner);
+    addQaModeStyles();
+}
+function addQaModeStyles() {
+    if (typeof window === 'undefined')
+        return;
+    const existingStyle = document.getElementById('ton-connect-qa-mode-styles');
+    if (existingStyle)
+        return;
+    const style = document.createElement('style');
+    style.id = 'ton-connect-qa-mode-styles';
+    style.textContent = `
+        body.qa-mode-active {
+            padding-top: 48px !important;
+        }
+        
+        body.qa-mode-active header {
+            margin-top: 48px !important;
+        }
+        
+        body.qa-mode-active .qa-mode-control {
+            top: 128px !important;
+        }
+    `;
+    document.head.appendChild(style);
+    document.body.classList.add('qa-mode-active');
+}
+function startBannerObserver() {
+    if (typeof window === 'undefined' || bannerObserver)
+        return;
+    bannerObserver = new MutationObserver((mutations) => {
+        mutations.forEach((mutation) => {
+            if (mutation.type === 'childList') {
+                mutation.removedNodes.forEach((node) => {
+                    if (node.nodeType === Node.ELEMENT_NODE) {
+                        const element = node;
+                        if (element.id === 'ton-connect-qa-banner' && qaModeEnabled) {
+                            console.warn('QA Mode banner was removed, restoring...');
+                            setTimeout(() => showQaModeBanner(), 100);
+                        }
+                        else if (element.id === 'ton-connect-qa-mode-styles' && qaModeEnabled) {
+                            console.warn('QA Mode styles were removed, restoring...');
+                            setTimeout(() => addQaModeStyles(), 100);
+                        }
+                    }
+                });
+            }
+        });
+    });
+    bannerObserver.observe(document.body, {
+        childList: true,
+        subtree: false
+    });
+    bannerObserver.observe(document.head, {
+        childList: true,
+        subtree: false
+    });
+}
+
 class WalletsListManager {
     constructor(options) {
         var _a;
         this.walletsListCache = null;
         this.walletsListCacheCreationTimestamp = null;
-        this.walletsListSource =
-            (_a = options === null || options === void 0 ? void 0 : options.walletsListSource) !== null && _a !== void 0 ? _a : 'https://raw.githubusercontent.com/ton-blockchain/wallets-list/main/wallets-v2.json';
+        if (isQaModeEnabled()) {
+            this.walletsListSource = 'https://raw.githubusercontent.com/ton-connect/wallets-list-staging/refs/heads/main/wallets-v2.json';
+        }
+        else {
+            this.walletsListSource =
+                (_a = options === null || options === void 0 ? void 0 : options.walletsListSource) !== null && _a !== void 0 ? _a : 'https://raw.githubusercontent.com/ton-blockchain/wallets-list/main/wallets-v2.json';
+        }
         this.cacheTTLMs = options === null || options === void 0 ? void 0 : options.cacheTTLMs;
     }
     getWallets() {
@@ -2517,8 +2643,8 @@ class BrowserEventDispatcher {
      * @returns A promise that resolves when the event has been dispatched.
      */
     dispatchEvent(eventName, eventDetails) {
-        var _a;
         return __awaiter(this, void 0, void 0, function* () {
+            var _a;
             const event = new CustomEvent(eventName, { detail: eventDetails });
             (_a = this.window) === null || _a === void 0 ? void 0 : _a.dispatchEvent(event);
         });
@@ -2531,8 +2657,8 @@ class BrowserEventDispatcher {
      * @returns A function that removes the listener.
      */
     addEventListener(eventName, listener, options) {
-        var _a;
         return __awaiter(this, void 0, void 0, function* () {
+            var _a;
             (_a = this.window) === null || _a === void 0 ? void 0 : _a.addEventListener(eventName, listener, options);
             return () => {
                 var _a;
@@ -2570,6 +2696,15 @@ class BrowserEventDispatcher {
  * @internal
  */
 class TonConnectTracker {
+    /**
+     * Version of the library.
+     */
+    get version() {
+        return createVersionInfo({
+            ton_connect_sdk_lib: this.tonConnectSdkVersion,
+            ton_connect_ui_lib: this.tonConnectUiVersion
+        });
+    }
     constructor(options) {
         var _a;
         /**
@@ -2585,15 +2720,6 @@ class TonConnectTracker {
         this.tonConnectSdkVersion = options.tonConnectSdkVersion;
         this.init().catch();
     }
-    /**
-     * Version of the library.
-     */
-    get version() {
-        return createVersionInfo({
-            ton_connect_sdk_lib: this.tonConnectSdkVersion,
-            ton_connect_ui_lib: this.tonConnectUiVersion
-        });
-    }
     /**
      * Called once when the tracker is created and request version other libraries.
      */
@@ -2794,36 +2920,377 @@ class TonConnectTracker {
     }
 }
 
-const tonConnectSdkVersion = "3.3.0-beta.0";
+const tonConnectSdkVersion = "3.3.0-beta.1";
 
-class TonConnect {
-    constructor(options) {
-        this.walletsList = new WalletsListManager();
-        this._wallet = null;
-        this.provider = null;
-        this.statusChangeSubscriptions = [];
-        this.statusChangeErrorSubscriptions = [];
-        this.dappSettings = {
-            manifestUrl: (options === null || options === void 0 ? void 0 : options.manifestUrl) || getWebPageManifest(),
-            storage: (options === null || options === void 0 ? void 0 : options.storage) || new DefaultStorage()
-        };
-        this.walletsRequiredFeatures = options === null || options === void 0 ? void 0 : options.walletsRequiredFeatures;
-        this.walletsList = new WalletsListManager({
-            walletsListSource: options === null || options === void 0 ? void 0 : options.walletsListSource,
-            cacheTTLMs: options === null || options === void 0 ? void 0 : options.walletsListCacheTTLMs
-        });
-        this.tracker = new TonConnectTracker({
-            eventDispatcher: options === null || options === void 0 ? void 0 : options.eventDispatcher,
-            tonConnectSdkVersion: tonConnectSdkVersion
-        });
-        if (!this.dappSettings.manifestUrl) {
-            throw new DappMetadataError('Dapp tonconnect-manifest.json must be specified if window.location.origin is undefined. See more https://github.com/ton-connect/docs/blob/main/requests-responses.md#app-manifest');
+const noBounceableTag = 0x51;
+const testOnlyTag = 0x80;
+/**
+ * Converts raw TON address to no-bounceable user-friendly format. [See details]{@link https://ton.org/docs/learn/overviews/addresses#user-friendly-address}
+ * @param hexAddress raw TON address formatted as "0:<hex string without 0x>".
+ * @param [testOnly=false] convert address to test-only form. [See details]{@link https://ton.org/docs/learn/overviews/addresses#user-friendly-address}
+ */
+function toUserFriendlyAddress(hexAddress, testOnly = false) {
+    const { wc, hex } = parseHexAddress(hexAddress);
+    let tag = noBounceableTag;
+    if (testOnly) {
+        tag |= testOnlyTag;
+    }
+    const addr = new Int8Array(34);
+    addr[0] = tag;
+    addr[1] = wc;
+    addr.set(hex, 2);
+    const addressWithChecksum = new Uint8Array(36);
+    addressWithChecksum.set(addr);
+    addressWithChecksum.set(crc16(addr), 34);
+    let addressBase64 = protocol.Base64.encode(addressWithChecksum);
+    return addressBase64.replace(/\+/g, '-').replace(/\//g, '_');
+}
+/**
+ * Validates if the address is in user-friendly format by attempting to parse it.
+ * @param address address to validate
+ * @returns true if the address is valid user-friendly format, false otherwise
+ */
+function isValidUserFriendlyAddress(address) {
+    try {
+        parseUserFriendlyAddress(address);
+        return true;
+    }
+    catch (_a) {
+        return false;
+    }
+}
+/**
+ * Validates if the address is in raw hex format (e.g., "0:1234..." or "-1:1234...").
+ * @param address address to validate
+ * @returns true if the address is valid raw format, false otherwise
+ */
+function isValidRawAddress(address) {
+    try {
+        parseHexAddress(address);
+        return true;
+    }
+    catch (_a) {
+        return false;
+    }
+}
+/**
+ * Parses user-friendly address and returns its components.
+ * @param address user-friendly address
+ * @returns parsed address components
+ */
+function parseUserFriendlyAddress(address) {
+    const base64 = address.replace(/-/g, '+').replace(/_/g, '/');
+    let decoded;
+    try {
+        decoded = protocol.Base64.decode(base64).toUint8Array();
+    }
+    catch (_a) {
+        throw new WrongAddressError(`Invalid base64 encoding in address: ${address}`);
+    }
+    if (decoded.length !== 36) {
+        throw new WrongAddressError(`Invalid address length: ${address}`);
+    }
+    const addr = decoded.slice(0, 34);
+    const checksum = decoded.slice(34);
+    const calculatedChecksum = crc16(addr);
+    if (!checksum.every((byte, i) => byte === calculatedChecksum[i])) {
+        throw new WrongAddressError(`Invalid checksum in address: ${address}`);
+    }
+    const tag = addr[0];
+    const wc = addr[1];
+    const hex = addr.slice(2);
+    if (wc !== 0 && wc !== -1) {
+        throw new WrongAddressError(`Invalid workchain: ${wc}`);
+    }
+    const testOnly = (tag & testOnlyTag) !== 0;
+    const isBounceable = (tag & 0x40) !== 0;
+    return {
+        wc,
+        hex: Array.from(hex).map(b => b.toString(16).padStart(2, '0')).join(''),
+        testOnly,
+        isBounceable
+    };
+}
+function parseHexAddress(hexAddress) {
+    if (!hexAddress.includes(':')) {
+        throw new WrongAddressError(`Wrong address ${hexAddress}. Address must include ":".`);
+    }
+    const parts = hexAddress.split(':');
+    if (parts.length !== 2) {
+        throw new WrongAddressError(`Wrong address ${hexAddress}. Address must include ":" only once.`);
+    }
+    const wc = parseInt(parts[0]);
+    if (wc !== 0 && wc !== -1) {
+        throw new WrongAddressError(`Wrong address ${hexAddress}. WC must be eq 0 or -1, but ${wc} received.`);
+    }
+    const hex = parts[1];
+    if ((hex === null || hex === void 0 ? void 0 : hex.length) !== 64) {
+        throw new WrongAddressError(`Wrong address ${hexAddress}. Hex part must be 64bytes length, but ${hex === null || hex === void 0 ? void 0 : hex.length} received.`);
+    }
+    return {
+        wc,
+        hex: hexToBytes(hex)
+    };
+}
+function crc16(data) {
+    const poly = 0x1021;
+    let reg = 0;
+    const message = new Uint8Array(data.length + 2);
+    message.set(data);
+    for (let byte of message) {
+        let mask = 0x80;
+        while (mask > 0) {
+            reg <<= 1;
+            if (byte & mask) {
+                reg += 1;
+            }
+            mask >>= 1;
+            if (reg > 0xffff) {
+                reg &= 0xffff;
+                reg ^= poly;
+            }
         }
-        this.bridgeConnectionStorage = new BridgeConnectionStorage(this.dappSettings.storage);
-        if (!(options === null || options === void 0 ? void 0 : options.disableAutoPauseConnection)) {
-            this.addWindowFocusAndBlurSubscriptions();
+    }
+    return new Uint8Array([Math.floor(reg / 256), reg % 256]);
+}
+const toByteMap = {};
+for (let ord = 0; ord <= 0xff; ord++) {
+    let s = ord.toString(16);
+    if (s.length < 2) {
+        s = '0' + s;
+    }
+    toByteMap[s] = ord;
+}
+function hexToBytes(hex) {
+    hex = hex.toLowerCase();
+    const length2 = hex.length;
+    if (length2 % 2 !== 0) {
+        throw new ParseHexError('Hex string must have length a multiple of 2: ' + hex);
+    }
+    const length = length2 / 2;
+    const result = new Uint8Array(length);
+    for (let i = 0; i < length; i++) {
+        const doubled = i * 2;
+        const hexSubstring = hex.substring(doubled, doubled + 2);
+        if (!toByteMap.hasOwnProperty(hexSubstring)) {
+            throw new ParseHexError('Invalid hex character: ' + hexSubstring);
+        }
+        result[i] = toByteMap[hexSubstring];
+    }
+    return result;
+}
+
+const BASE64_REGEX = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/;
+const BOC_PREFIX = 'te6cc';
+const INTEGER_REGEX = /^-?\d+$/;
+const POSITIVE_INTEGER_REGEX = /^\d+$/;
+function isValidNumber(value) {
+    return typeof value === 'number' && !isNaN(value);
+}
+function isValidString(value) {
+    return typeof value === 'string' && value.length > 0;
+}
+function isValidBoc(value) {
+    return typeof value === 'string' && BASE64_REGEX.test(value) && value.startsWith(BOC_PREFIX);
+}
+function isValidObject(value) {
+    return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+function isValidArray(value) {
+    return Array.isArray(value);
+}
+function hasExtraProperties(obj, allowedKeys) {
+    return Object.keys(obj).some(key => !allowedKeys.includes(key));
+}
+function validateSendTransactionRequest(data) {
+    console.log('[Validation Debug] validateSendTransactionRequest called');
+    console.log('[Validation Debug] isQaModeEnabled():', isQaModeEnabled());
+    if (!isValidObject(data)) {
+        const error = "Request must be an object";
+        logValidationError(error);
+        const shouldReturnNull = isQaModeEnabled();
+        console.log('[Validation Debug] Should return null:', shouldReturnNull);
+        return shouldReturnNull ? null : error;
+    }
+    const allowedKeys = ['validUntil', 'network', 'from', 'messages'];
+    if (hasExtraProperties(data, allowedKeys)) {
+        const error = "Request contains extra properties";
+        logValidationError(error);
+        return isQaModeEnabled() ? null : error;
+    }
+    if (!isValidNumber(data.validUntil)) {
+        const error = "Incorrect 'validUntil'";
+        logValidationError(error);
+        return isQaModeEnabled() ? null : error;
+    }
+    const now = Math.floor(Date.now() / 1000);
+    const fiveMinutesFromNow = now + 300;
+    if (data.validUntil > fiveMinutesFromNow) {
+        console.warn(`validUntil (${data.validUntil}) is more than 5 minutes from now (${now})`);
+    }
+    if (data.network !== undefined) {
+        if (!isValidString(data.network) || !/^[\d-]+$/.test(data.network)) {
+            const error = "Invalid 'network' format";
+            logValidationError(error);
+            return isQaModeEnabled() ? null : error;
+        }
+    }
+    if (data.from !== undefined) {
+        if (!isValidString(data.from) || !isValidRawAddress(data.from)) {
+            const error = "Invalid 'from' address format";
+            logValidationError(error);
+            return isQaModeEnabled() ? null : error;
         }
     }
+    if (!isValidArray(data.messages) || data.messages.length === 0) {
+        const error = "'messages' is required";
+        logValidationError(error);
+        return isQaModeEnabled() ? null : error;
+    }
+    for (let i = 0; i < data.messages.length; i++) {
+        const message = data.messages[i];
+        const messageError = validateTransactionMessage(message, i);
+        if (messageError) {
+            return messageError;
+        }
+    }
+    return null;
+}
+function validateTransactionMessage(message, index) {
+    if (!isValidObject(message)) {
+        return `Message at index ${index} must be an object`;
+    }
+    const allowedKeys = ['address', 'amount', 'stateInit', 'payload', 'extraCurrency'];
+    if (hasExtraProperties(message, allowedKeys)) {
+        return `Message at index ${index} contains extra properties`;
+    }
+    if (!isValidString(message.address)) {
+        return `'address' is required in message at index ${index}`;
+    }
+    if (!isValidUserFriendlyAddress(message.address)) {
+        return `Wrong 'address' format in message at index ${index}`;
+    }
+    if (!isValidString(message.amount)) {
+        return `'amount' is required in message at index ${index}`;
+    }
+    if (!/^[0-9]+$/.test(message.amount)) {
+        return `Incorrect 'amount' in message at index ${index}`;
+    }
+    if (message.stateInit !== undefined) {
+        if (!isValidString(message.stateInit) || !isValidBoc(message.stateInit)) {
+            return `Invalid 'stateInit' in message at index ${index}`;
+        }
+    }
+    if (message.payload !== undefined) {
+        if (!isValidString(message.payload) || !isValidBoc(message.payload)) {
+            return `Invalid 'payload' in message at index ${index}`;
+        }
+    }
+    if (message.extraCurrency !== undefined) {
+        if (!isValidObject(message.extraCurrency)) {
+            return `Invalid 'extraCurrency' in message at index ${index}`;
+        }
+        for (const [key, value] of Object.entries(message.extraCurrency)) {
+            if (!INTEGER_REGEX.test(key) || typeof value !== 'string' || !POSITIVE_INTEGER_REGEX.test(value)) {
+                return `Invalid 'extraCurrency' format in message at index ${index}`;
+            }
+        }
+    }
+    return null;
+}
+function validateConnectAdditionalRequest(data) {
+    if (!isValidObject(data)) {
+        return "Request must be an object";
+    }
+    const allowedKeys = ['tonProof'];
+    if (hasExtraProperties(data, allowedKeys)) {
+        return "Request contains extra properties";
+    }
+    if (data.tonProof !== undefined && !isValidString(data.tonProof)) {
+        return "Invalid 'tonProof'";
+    }
+    return null;
+}
+function validateSignDataPayload(data) {
+    if (!isValidObject(data)) {
+        return "Payload must be an object";
+    }
+    if (!isValidString(data.type)) {
+        return "'type' is required";
+    }
+    switch (data.type) {
+        case 'text':
+            return validateSignDataPayloadText(data);
+        case 'binary':
+            return validateSignDataPayloadBinary(data);
+        case 'cell':
+            return validateSignDataPayloadCell(data);
+        default:
+            return "Invalid 'type' value";
+    }
+}
+function validateSignDataPayloadText(data) {
+    const allowedKeys = ['type', 'text', 'network', 'from'];
+    if (hasExtraProperties(data, allowedKeys)) {
+        return "Text payload contains extra properties";
+    }
+    if (!isValidString(data.text)) {
+        return "'text' is required";
+    }
+    if (data.network !== undefined) {
+        if (!isValidString(data.network) || !/^\d+$/.test(data.network)) {
+            return "Invalid 'network' format";
+        }
+    }
+    if (data.from !== undefined && !isValidString(data.from)) {
+        return "Invalid 'from'";
+    }
+    return null;
+}
+function validateSignDataPayloadBinary(data) {
+    const allowedKeys = ['type', 'bytes', 'network', 'from'];
+    if (hasExtraProperties(data, allowedKeys)) {
+        return "Binary payload contains extra properties";
+    }
+    if (!isValidString(data.bytes)) {
+        return "'bytes' is required";
+    }
+    if (data.network !== undefined) {
+        if (!isValidString(data.network) || !/^\d+$/.test(data.network)) {
+            return "Invalid 'network' format";
+        }
+    }
+    if (data.from !== undefined && !isValidString(data.from)) {
+        return "Invalid 'from'";
+    }
+    return null;
+}
+function validateSignDataPayloadCell(data) {
+    const allowedKeys = ['type', 'schema', 'cell', 'network', 'from'];
+    if (hasExtraProperties(data, allowedKeys)) {
+        return "Cell payload contains extra properties";
+    }
+    if (!isValidString(data.schema)) {
+        return "'schema' is required";
+    }
+    if (!isValidString(data.cell)) {
+        return "'cell' is required";
+    }
+    if (!isValidBoc(data.cell)) {
+        return "Invalid 'cell' format (must be valid base64)";
+    }
+    if (data.network !== undefined) {
+        if (!isValidString(data.network) || !/^\d+$/.test(data.network)) {
+            return "Invalid 'network' format";
+        }
+    }
+    if (data.from !== undefined && !isValidString(data.from)) {
+        return "Invalid 'from'";
+    }
+    return null;
+}
+
+class TonConnect {
     /**
      * Returns available wallets list.
      */
@@ -2853,6 +3320,33 @@ class TonConnect {
         this._wallet = value;
         this.statusChangeSubscriptions.forEach(callback => callback(this._wallet));
     }
+    constructor(options) {
+        this.walletsList = new WalletsListManager();
+        this._wallet = null;
+        this.provider = null;
+        this.statusChangeSubscriptions = [];
+        this.statusChangeErrorSubscriptions = [];
+        this.dappSettings = {
+            manifestUrl: (options === null || options === void 0 ? void 0 : options.manifestUrl) || getWebPageManifest(),
+            storage: (options === null || options === void 0 ? void 0 : options.storage) || new DefaultStorage()
+        };
+        this.walletsRequiredFeatures = options === null || options === void 0 ? void 0 : options.walletsRequiredFeatures;
+        this.walletsList = new WalletsListManager({
+            walletsListSource: options === null || options === void 0 ? void 0 : options.walletsListSource,
+            cacheTTLMs: options === null || options === void 0 ? void 0 : options.walletsListCacheTTLMs
+        });
+        this.tracker = new TonConnectTracker({
+            eventDispatcher: options === null || options === void 0 ? void 0 : options.eventDispatcher,
+            tonConnectSdkVersion: tonConnectSdkVersion
+        });
+        if (!this.dappSettings.manifestUrl) {
+            throw new DappMetadataError('Dapp tonconnect-manifest.json must be specified if window.location.origin is undefined. See more https://github.com/ton-connect/docs/blob/main/requests-responses.md#app-manifest');
+        }
+        this.bridgeConnectionStorage = new BridgeConnectionStorage(this.dappSettings.storage);
+        if (!(options === null || options === void 0 ? void 0 : options.disableAutoPauseConnection)) {
+            this.addWindowFocusAndBlurSubscriptions();
+        }
+    }
     /**
      * Returns available wallets list.
      */
@@ -2892,6 +3386,17 @@ class TonConnect {
             options.openingDeadlineMS = requestOrOptions === null || requestOrOptions === void 0 ? void 0 : requestOrOptions.openingDeadlineMS;
             options.signal = requestOrOptions === null || requestOrOptions === void 0 ? void 0 : requestOrOptions.signal;
         }
+        if (options.request) {
+            const validationError = validateConnectAdditionalRequest(options.request);
+            if (validationError) {
+                if (isQaModeEnabled()) {
+                    console.error('ConnectAdditionalRequest validation failed: ' + validationError);
+                }
+                else {
+                    throw new TonConnectError('ConnectAdditionalRequest validation failed: ' + validationError);
+                }
+            }
+        }
         if (this.connected) {
             throw new WalletAlreadyConnectedError();
         }
@@ -2918,8 +3423,8 @@ class TonConnect {
      * Try to restore existing session and reconnect to the corresponding wallet. Call it immediately when your app is loaded.
      */
     restoreConnection(options) {
-        var _a, _b;
         return __awaiter(this, void 0, void 0, function* () {
+            var _a, _b;
             this.tracker.trackConnectionRestoringStarted();
             const abortController = createAbortController(options === null || options === void 0 ? void 0 : options.signal);
             (_a = this.abortController) === null || _a === void 0 ? void 0 : _a.abort();
@@ -3014,6 +3519,16 @@ class TonConnect {
                 options.onRequestSent = optionsOrOnRequestSent === null || optionsOrOnRequestSent === void 0 ? void 0 : optionsOrOnRequestSent.onRequestSent;
                 options.signal = optionsOrOnRequestSent === null || optionsOrOnRequestSent === void 0 ? void 0 : optionsOrOnRequestSent.signal;
             }
+            // Validate transaction
+            const validationError = validateSendTransactionRequest(transaction);
+            if (validationError) {
+                if (isQaModeEnabled()) {
+                    console.error('SendTransactionRequest validation failed: ' + validationError);
+                }
+                else {
+                    throw new TonConnectError('SendTransactionRequest validation failed: ' + validationError);
+                }
+            }
             const abortController = createAbortController(options === null || options === void 0 ? void 0 : options.signal);
             if (abortController.signal.aborted) {
                 throw new TonConnectError('Transaction sending was aborted');
@@ -3049,6 +3564,16 @@ class TonConnect {
             if (abortController.signal.aborted) {
                 throw new TonConnectError('data sending was aborted');
             }
+            // Validate sign data
+            const validationError = validateSignDataPayload(data);
+            if (validationError) {
+                if (isQaModeEnabled()) {
+                    console.error('SignDataPayload validation failed: ' + validationError);
+                }
+                else {
+                    throw new TonConnectError('SignDataPayload validation failed: ' + validationError);
+                }
+            }
             this.checkConnection();
             checkSignDataSupport(this.wallet.device.features, { requiredTypes: [data.type] });
             this.tracker.trackDataSentForSignature(this.wallet, data);
@@ -3069,8 +3594,8 @@ class TonConnect {
      * Disconnect form thw connected wallet and drop current session.
      */
     disconnect(options) {
-        var _a;
         return __awaiter(this, void 0, void 0, function* () {
+            var _a;
             if (!this.connected) {
                 throw new WalletNotConnectedError();
             }
@@ -3266,98 +3791,6 @@ TonConnect.isWalletInjected = (walletJSKey) => InjectedProvider.isWalletInjected
  */
 TonConnect.isInsideWalletBrowser = (walletJSKey) => InjectedProvider.isInsideWalletBrowser(walletJSKey);
 
-const noBounceableTag = 0x51;
-const testOnlyTag = 0x80;
-/**
- * Converts raw TON address to no-bounceable user-friendly format. [See details]{@link https://ton.org/docs/learn/overviews/addresses#user-friendly-address}
- * @param hexAddress raw TON address formatted as "0:<hex string without 0x>".
- * @param [testOnly=false] convert address to test-only form. [See details]{@link https://ton.org/docs/learn/overviews/addresses#user-friendly-address}
- */
-function toUserFriendlyAddress(hexAddress, testOnly = false) {
-    const { wc, hex } = parseHexAddress(hexAddress);
-    let tag = noBounceableTag;
-    if (testOnly) {
-        tag |= testOnlyTag;
-    }
-    const addr = new Int8Array(34);
-    addr[0] = tag;
-    addr[1] = wc;
-    addr.set(hex, 2);
-    const addressWithChecksum = new Uint8Array(36);
-    addressWithChecksum.set(addr);
-    addressWithChecksum.set(crc16(addr), 34);
-    let addressBase64 = protocol.Base64.encode(addressWithChecksum);
-    return addressBase64.replace(/\+/g, '-').replace(/\//g, '_');
-}
-function parseHexAddress(hexAddress) {
-    if (!hexAddress.includes(':')) {
-        throw new WrongAddressError(`Wrong address ${hexAddress}. Address must include ":".`);
-    }
-    const parts = hexAddress.split(':');
-    if (parts.length !== 2) {
-        throw new WrongAddressError(`Wrong address ${hexAddress}. Address must include ":" only once.`);
-    }
-    const wc = parseInt(parts[0]);
-    if (wc !== 0 && wc !== -1) {
-        throw new WrongAddressError(`Wrong address ${hexAddress}. WC must be eq 0 or -1, but ${wc} received.`);
-    }
-    const hex = parts[1];
-    if ((hex === null || hex === void 0 ? void 0 : hex.length) !== 64) {
-        throw new WrongAddressError(`Wrong address ${hexAddress}. Hex part must be 64bytes length, but ${hex === null || hex === void 0 ? void 0 : hex.length} received.`);
-    }
-    return {
-        wc,
-        hex: hexToBytes(hex)
-    };
-}
-function crc16(data) {
-    const poly = 0x1021;
-    let reg = 0;
-    const message = new Uint8Array(data.length + 2);
-    message.set(data);
-    for (let byte of message) {
-        let mask = 0x80;
-        while (mask > 0) {
-            reg <<= 1;
-            if (byte & mask) {
-                reg += 1;
-            }
-            mask >>= 1;
-            if (reg > 0xffff) {
-                reg &= 0xffff;
-                reg ^= poly;
-            }
-        }
-    }
-    return new Uint8Array([Math.floor(reg / 256), reg % 256]);
-}
-const toByteMap = {};
-for (let ord = 0; ord <= 0xff; ord++) {
-    let s = ord.toString(16);
-    if (s.length < 2) {
-        s = '0' + s;
-    }
-    toByteMap[s] = ord;
-}
-function hexToBytes(hex) {
-    hex = hex.toLowerCase();
-    const length2 = hex.length;
-    if (length2 % 2 !== 0) {
-        throw new ParseHexError('Hex string must have length a multiple of 2: ' + hex);
-    }
-    const length = length2 / 2;
-    const result = new Uint8Array(length);
-    for (let i = 0; i < length; i++) {
-        const doubled = i * 2;
-        const hexSubstring = hex.substring(doubled, doubled + 2);
-        if (!toByteMap.hasOwnProperty(hexSubstring)) {
-            throw new ParseHexError('Invalid hex character: ' + hexSubstring);
-        }
-        result[i] = toByteMap[hexSubstring];
-    }
-    return result;
-}
-
 Object.defineProperty(exports, 'CHAIN', {
     enumerable: true,
     get: function () { return protocol.CHAIN; }
@@ -3413,7 +3846,9 @@ exports.createTransactionSignedEvent = createTransactionSignedEvent;
 exports.createTransactionSigningFailedEvent = createTransactionSigningFailedEvent;
 exports.createVersionInfo = createVersionInfo;
 exports.default = TonConnect;
+exports.enableQaMode = enableQaMode;
 exports.encodeTelegramUrlParameters = encodeTelegramUrlParameters;
+exports.isQaModeEnabled = isQaModeEnabled;
 exports.isTelegramUrl = isTelegramUrl;
 exports.isWalletInfoCurrentlyEmbedded = isWalletInfoCurrentlyEmbedded;
 exports.isWalletInfoCurrentlyInjected = isWalletInfoCurrentlyInjected;