fix: wallet SDK OAuth popup handoff

[coffeexcoin]

Summary

Updates @abstract-foundation/wallet-sdk so AGW auth methods do not try to run Google OAuth inside the embedded iframe when the wallet session is missing or unknown.

The SDK now reads authenticated from the wallet-host ready payload. If the user is already authenticated, wallet_connect, eth_requestAccounts, and wallet_requestPermissions can stay in iframe mode. Otherwise the SDK opens /popup from the dApp click, passes the dApp origin in the popup URL, and listens for a wallet-host __internal { type: "authenticated" } signal before switching back to iframe and replaying the pending connect request.

Why

Google OAuth rejects embedded iframe/browser contexts, which caused the current wallet SDK demo login flow to navigate into an iframe-hosted OAuth error. Auth needs a top-level popup, while already-authenticated connect and later confirmation requests can still use the iframe UX.

Validation

• pnpm install --frozen-lockfile --ignore-scripts
• pnpm --filter @abstract-foundation/wallet-sdk test
• pnpm --filter @abstract-foundation/wallet-sdk typecheck
• pnpm exec biome check packages/wallet-sdk/src/core/Dialog.ts packages/wallet-sdk/src/core/Messenger.ts packages/wallet-sdk/src/core/UserAgent.ts packages/wallet-sdk/src/core/Wallet.ts packages/wallet-sdk/test/src/Dialog.test.ts packages/wallet-sdk/test/src/Wallet.test.ts examples/wallet-sdk-nextjs/src/components/Demo.tsx

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agw-wallet-sdk-demo	Ready	Preview, Comment	May 9, 2026 2:59pm

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
agw-nextjs	Ignored		May 9, 2026 2:59pm
mpp-demo	Ignored		May 9, 2026 2:59pm

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.