fix(wallets): throw typed InvalidSignerError when removeSigner API call fails

[devin-ai-integration]

Description

When removeSigner receives an error response from the API ("error" in response), it threw new Error("Failed to remove signer: " + JSON.stringify(response)) — a generic Error that consumers can't pattern-match by type, even though the response data was technically preserved in the stringified message.

The addSigner method already throws InvalidSignerError for its API error case. This change makes removeSigner consistent by also throwing InvalidSignerError with:

• response.message as the error message (human-readable)
• Full response JSON as details (machine-inspectable via CrossmintSDKError.details)

Same masking pattern fixed for OTP validation (#1886), get-status (#1896), export-signer (#1897), and addSigner chain failure (#1898).

Test plan

• Existing test suite passes (337 tests)
• Lint passes (Biome auto-formatted)
• No new error class — reuses existing InvalidSignerError for consistency with addSigner

Package updates

• @crossmint/wallets-sdk — patch changeset added (fix-removesigner-typed-error.md)

Link to Devin session: https://crossmint.devinenterprise.com/sessions/7bd8230602444a8a94498384e0aac02d
Requested by: @xmint-guille

[devin-ai-integration]

Original prompt from Guille

@skills:cse spotpay reported the following, investigate when this could happen and how should we improve our error client side:
During wallet recovery, complete-onboarding returns OTP validation failed, but the app surfaces it as:
"Crossmint signer returned an internal error"

This happens in the wallet recovery/addSigner path, likely when registering the device signer after auth is required. Logs show:

• wallet.recover.start
• complete-onboarding request
• complete-onboarding: OTP validation failed
• wallet.addSigner threw
• wallet.recover threw
• Error in verifyOtp
• Crossmint signer returned an internal error

The SDK should preserve the underlying auth/OTP failure reason instead of collapsing it into an internal signer error. Also distinguish true user cancellation from failed OTP / recovery errors.
ATTACHMENT:"https://crossmint.devinenterprise.com/attachments/76cc8351-35a7-4370-9a64-206aa1191469/CleanShot+2026-06-02+at+14.08.27%402x.png"

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR that start with 'DevinAI' or '@devin'.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment, CI, and merge conflict monitoring

[changeset-bot]

🦋 Changeset detected

Latest commit: 0c98887

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 9 packages

Name	Type
@crossmint/wallets-sdk	Patch
@crossmint/wallets-quickstart-devkit	Patch
@crossmint/wallets-playground-react	Patch
@crossmint/client-sdk-react-base	Patch
@crossmint/client-sdk-react-native-ui	Patch
@crossmint/client-sdk-react-ui	Patch
@crossmint/wallets-playground-expo	Patch
@crossmint/auth-ssr-nextjs-demo	Patch
@crossmint/client-sdk-nextjs-starter	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[greptile-apps]

_{Reviews (1): Last reviewed commit: "fix(wallets): throw typed InvalidSignerE..." | Re-trigger Greptile}

[greptile-apps]

_{Reviews (2): Last reviewed commit: "fix(wallets): fix TS2339 - safely access..." | Re-trigger Greptile}

[albertoelias-crossmint]

but why would this error be thrown? because a signer is invalid or something else?