@alter-ai/connect 0.2.0 → 0.3.0

package/README.md

@@ -1,8 +1,10 @@
 # Alter Connect SDK
 
-A lightweight JavaScript SDK for embedding OAuth integrations into your application. Connect your users to Google, Slack, Microsoft, and more with just a few lines of code.
+A lightweight JavaScript SDK for embedding OAuth integrations into your application. The SDK opens a backend-served Connect UI in a popup — the backend handles auth, provider selection, branding, and OAuth, then sends results back via postMessage.
 
-## 🚀 Quick Start
+**~10KB minified | Zero dependencies | TypeScript included**
+
+## Quick Start
 
 ### 1. Install
 
@@ -18,26 +20,25 @@ Or use via CDN:
 
 ### 2. Get a Session Token from Your Backend
 
-Your backend creates a short-lived session token using your API key:
+Your backend creates a short-lived session token using the [Alter SDK](https://www.npmjs.com/package/@alter-ai/alter-sdk):
 
-```javascript
-// YOUR backend endpoint
-const response = await fetch('https://api.alterai.dev/oauth/connect/session', {
-  method: 'POST',
-  headers: {
-    'x-api-key': process.env.ALTER_API_KEY,  // Never expose this!
-    'Content-Type': 'application/json'
-  },
-  body: JSON.stringify({
-    end_user: {
-      id: 'user_123',
-      email: 'user@example.com'
-    },
-    allowed_providers: ['google', 'slack', 'microsoft']
-  })
+```typescript
+// YOUR backend (Node.js example using @alter-ai/alter-sdk)
+import { AlterVault, ActorType } from "@alter-ai/alter-sdk";
+
+const vault = new AlterVault({
+  apiKey: process.env.ALTER_API_KEY!,
+  actorType: ActorType.BACKEND_SERVICE,
+  actorIdentifier: "my-backend",
+});
+
+const session = await vault.createConnectSession({
+  endUser: { id: "user_123" },
+  allowedProviders: ["google", "slack", "github"],
+  returnUrl: "https://yourapp.com/callback",
 });
 
-const { session_token } = await response.json();
+const session_token = session.sessionToken;
 ```
 
 ### 3. Open the Connect UI
@@ -45,7 +46,7 @@ const { session_token } = await response.json();
 ```javascript
 import AlterConnect from '@alter-ai/connect';
 
-// Initialize SDK
+// Initialize SDK (no API key needed!)
 const alterConnect = AlterConnect.create();
 
 // Get session token from YOUR backend
@@ -54,19 +55,23 @@ const { session_token } = await fetch('/api/alter/session').then(r => r.json());
 // Open Connect UI
 await alterConnect.open({
   token: session_token,
-  onSuccess: (connection) => {
-    console.log('Connected!', connection);
-    // Save connection.connection_id to your database
+  onSuccess: (connections) => {
+    console.log('Connected!', connections);
+    // Save each connection.connection_id to your database
+    connections.forEach(conn => console.log(conn.provider, conn.connection_id));
   },
   onError: (error) => {
     console.error('Failed:', error);
+  },
+  onExit: () => {
+    console.log('User closed the window');
   }
 });
 ```
 
-That's it! The SDK handles the OAuth flow, popup windows, and all security.
+That's it! The SDK handles the OAuth flow, popup windows, mobile redirects, and all security.
 
-## 📖 Framework Examples
+## Framework Examples
 
 ### React
 
@@ -83,8 +88,8 @@ function ConnectButton() {
 
     await alterConnect.open({
       token: session_token,
-      onSuccess: (connection) => {
-        console.log('Connected!', connection);
+      onSuccess: (connections) => {
+        console.log('Connected!', connections);
       }
     });
   };
@@ -116,7 +121,7 @@ async function handleConnect() {
 
   await alterConnect.value.open({
     token: session_token,
-    onSuccess: (connection) => console.log('Connected!', connection)
+    onSuccess: (connections) => console.log('Connected!', connections)
   });
 }
 </script>
@@ -137,106 +142,13 @@ async function handleConnect() {
 
     await alterConnect.open({
       token: session_token,
-      onSuccess: (connection) => console.log('Connected!', connection)
+      onSuccess: (connections) => console.log('Connected!', connections)
     });
   });
 </script>
 ```
 
-## 🎨 Branding & Customization
-
-**Branding is now managed through the Developer Portal** and automatically applied to the Connect UI at runtime.
-
-### Managing Branding (Developer Portal)
-
-Configure your app's branding through the Developer Portal API:
-
-#### Initial Setup or Complete Rebrand (PUT)
-
-Use PUT for initial branding setup or to completely replace existing branding:
-
-```javascript
-// Create or fully replace branding
-await fetch('https://api.alterai.dev/api/v1/developer/apps/{app_id}/branding', {
-  method: 'PUT',
-  headers: {
-    'Authorization': `Bearer ${DEVELOPER_TOKEN}`,
-    'Content-Type': 'application/json'
-  },
-  body: JSON.stringify({
-    logo_url: 'https://your-domain.com/logo.png',  // Required
-    colors: {                                        // Required
-      primary: '#6366f1',
-      text: '#1f2937',
-      background: '#ffffff'
-    },
-    font_family: 'Inter, sans-serif'  // Optional
-  })
-});
-```
-
-#### Partial Updates (PATCH)
-
-Use PATCH to update specific branding fields:
-
-```javascript
-// Update only font (logo + colors preserved)
-await fetch('https://api.alterai.dev/api/v1/developer/apps/{app_id}/branding', {
-  method: 'PATCH',
-  headers: {
-    'Authorization': `Bearer ${DEVELOPER_TOKEN}`,
-    'Content-Type': 'application/json'
-  },
-  body: JSON.stringify({
-    font_family: 'Roboto, sans-serif'
-  })
-});
-
-// Update logo + colors (font preserved)
-await fetch('https://api.alterai.dev/api/v1/developer/apps/{app_id}/branding', {
-  method: 'PATCH',
-  headers: {
-    'Authorization': `Bearer ${DEVELOPER_TOKEN}`,
-    'Content-Type': 'application/json'
-  },
-  body: JSON.stringify({
-    logo_url: 'https://your-domain.com/new-logo.png',
-    colors: {
-      primary: '#ff0000',
-      text: '#000000',
-      background: '#ffffff'
-    }
-  })
-});
-```
-
-**Important Rules:**
-- **PUT:** Requires `logo_url` and `colors`. Font is optional. Replaces all existing branding.
-- **PATCH:** Requires existing branding (use PUT first). If updating logo or colors, both must be provided together. Font can be updated independently.
-- **DELETE:** Removes all branding and reverts to Alter defaults.
-
-### How It Works
-
-1. **Configure branding** in the Developer Portal
-2. **SDK fetches branding** automatically when `alterConnect.open()` is called
-3. **Branding is applied** instantly to the Connect UI
-4. **No redeployment needed** - changes take effect immediately
-
-### Fallback Behavior
-
-If no branding is configured or the API call fails, the SDK gracefully falls back to Alter's default branding.
-
-### SDK Configuration Options
-
-For local development or debugging, you can still configure some options:
-
-```javascript
-const alterConnect = AlterConnect.create({
-  debug: true  // Enable console logging
-});
-```
-
-## 📚 API Reference
+## API Reference
 
 ### `AlterConnect.create(config?)`
 
@@ -244,57 +156,61 @@ Creates a new SDK instance.
 
 ```javascript
 const alterConnect = AlterConnect.create({
-  debug: false
+  debug: true  // Enable console logging (default: false)
 });
 ```
 
-**Config Options:**
-
 | Option | Type | Description | Default |
 |--------|------|-------------|---------|
 | `debug` | `boolean` | Enable debug logging | `false` |
 
-**Note:** Branding (colors, fonts, logo) is now managed through the Developer Portal and fetched automatically at runtime.
+**Note:** Visual customization (colors, fonts, logo) is configured via the Developer Portal branding settings. The backend-served Connect UI applies your branding automatically.
 
 ---
 
 ### `alterConnect.open(options)`
 
-Opens the Connect UI modal.
+Opens the Connect UI. On desktop, opens a centered popup window (500x700px). On mobile, uses a full-page redirect flow.
 
 ```javascript
 await alterConnect.open({
   token: 'sess_abc123...',
-  onSuccess: (connection) => { /* ... */ },
+  // baseURL is auto-detected; override only for custom deployments
+  onSuccess: (connections) => { /* ... */ },
   onError: (error) => { /* ... */ },
-  onExit: () => { /* ... */ }
+  onExit: () => { /* ... */ },
+  onEvent: (eventName, metadata) => { /* ... */ }
 });
 ```
 
-**Options:**
-
 | Parameter | Type | Required | Description |
 |-----------|------|----------|-------------|
-| `token` | `string` | ✅ Yes | Session token from your backend |
+| `token` | `string` | Yes | Session token from your backend |
 | `baseURL` | `string` | No | Alter API URL (usually auto-detected) |
-| `onSuccess` | `function` | ✅ Yes | Called when connection succeeds |
+| `onSuccess` | `function` | Yes | Called with array of connections on success |
 | `onError` | `function` | No | Called when connection fails |
-| `onExit` | `function` | No | Called when user closes modal |
+| `onExit` | `function` | No | Called when user closes popup |
 | `onEvent` | `function` | No | Called for analytics events |
 
-**Connection Object (onSuccess):**
+**Connections Array (onSuccess):**
+
+`onSuccess` receives an array of `Connection` objects (multi-provider flow):
 
 ```typescript
+// Each connection in the array:
 {
   connection_id: string;        // Unique ID - store this!
   provider: string;             // e.g., 'google', 'slack'
   provider_name: string;        // e.g., 'Google', 'Slack'
   account_identifier: string;   // e.g., 'user@gmail.com'
   timestamp: string;            // ISO 8601 timestamp
-  operation: 'creation' | 'reauth';
-  scopes: string[];            // Granted OAuth scopes
+  operation: 'creation' | 'reauth' | 'grant';
+  scopes: string[];             // Granted OAuth scopes
   status: 'active' | 'pending' | 'error';
-  metadata?: object;           // Additional provider data
+  metadata?: {
+    account_display_name?: string;
+    account_email?: string;
+  };
 }
 ```
 
@@ -330,6 +246,22 @@ alterConnect.destroy();
 
 ---
 
+### `alterConnect.on(event, handler)`
+
+Register an event listener. Returns an unsubscribe function.
+
+```javascript
+const unsubscribe = alterConnect.on('success', (connection) => {
+  console.log('Connected:', connection);
+});
+
+// Later: unsubscribe();
+```
+
+**Events:** `success`, `error`, `exit`, `close`, `event`
+
+---
+
 ### `alterConnect.isOpen()`
 
 Checks if the Connect UI is currently open.
@@ -340,8 +272,6 @@ if (alterConnect.isOpen()) {
 }
 ```
 
-**Returns:** `boolean`
-
 ---
 
 ### `alterConnect.getVersion()`
@@ -349,14 +279,37 @@ if (alterConnect.isOpen()) {
 Gets the SDK version.
 
 ```javascript
-console.log(alterConnect.getVersion()); // "0.1.0"
+console.log(alterConnect.getVersion()); // "0.2.0"
 ```
 
-**Returns:** `string`
+## Mobile Support
 
-## 🔒 Security Architecture
+The SDK automatically detects mobile devices and switches to an optimized flow:
 
-The SDK uses a **Plaid-style token architecture** for security:
+| Device | Flow | How It Works |
+|--------|------|-------------|
+| Desktop | Popup | Opens centered popup (500x700px), communicates via postMessage |
+| Phone (<=480px) | Redirect | Full-page redirect, returns via URL params |
+| Tablet (portrait) | Redirect | Full-page redirect for better UX |
+| Tablet (landscape) | Popup | Uses popup flow like desktop |
+
+No code changes needed — the SDK handles device detection automatically.
+
+For mobile redirect flow, include a `return_url` when creating the session:
+
+```javascript
+// Backend session creation with mobile support
+body: JSON.stringify({
+  end_user: { id: 'user_123', email: 'user@example.com' },
+  allowed_providers: ['google', 'slack'],
+  allowed_origin: 'https://yourapp.com',  // For desktop popup (postMessage)
+  return_url: 'https://yourapp.com/'      // For mobile redirect (return destination)
+})
+```
+
+## Security Architecture
+
+The SDK uses a **Plaid-style token architecture**:
 
 ```
 Frontend (Public)          Backend (Secure)           Alter API
@@ -375,140 +328,63 @@ Frontend (Public)          Backend (Secure)           Alter API
      │  4. { session_token }    │                        │
      │<─────────────────────────│                        │
      │                          │                        │
-     │  5. SDK.open({ token })  │                        │
-     │──────────────────────────┼───────────────────────>│
-     │                          │  6. OAuth flow         │
-     │<─────────────────────────┴────────────────────────│
-     │  7. onSuccess(connection)│                        │
+     │  5. SDK opens popup to backend Connect UI         │
+     │───────────────────────────────────────────────────>│
+     │                          │                        │
+     │     6. Backend handles auth + OAuth               │
+     │                          │                        │
+     │  7. postMessage(connection)                       │
+     │<──────────────────────────────────────────────────│
+     │  8. onSuccess(connections) │                        │
 ```
 
 **Key Security Features:**
 
-✅ **API keys never touch frontend** - Only backend has API key
-✅ **Session tokens are short-lived** - Expire after 10 minutes
-✅ **Session tokens are single-use** - Can only create one connection
-✅ **Session tokens are scoped** - Locked to specific user & providers
-✅ **No secrets in browser** - SDK is purely a UI component
+- **API keys never touch frontend** - Only backend has API key
+- **Session tokens are short-lived** - Expire after 10 minutes
+- **Session tokens are single-use** - Can only create one connection
+- **Session tokens are scoped** - Locked to specific user & providers
+- **No secrets in browser** - SDK is purely a popup launcher + callback listener
 
-## 💡 Smart UX
+## Smart UX
 
 ### Single Provider Flow
 
-When only 1 provider is allowed, the SDK **skips the selection UI** and opens OAuth directly:
+When only 1 provider is allowed, the Connect UI **skips the selection screen** and opens OAuth directly:
 
 ```javascript
-// Backend
-allowed_providers: ['google']
-
-// SDK behavior: Opens Google OAuth immediately (no modal)
+// Backend: allowed_providers: ['google']
+// Result: Opens Google OAuth immediately (no selection screen)
 ```
 
 ### Multiple Provider Flow
 
-When 2+ providers are allowed, the SDK shows a **provider selection modal**:
-
-```javascript
-// Backend
-allowed_providers: ['google', 'slack', 'microsoft']
-
-// SDK behavior: Shows modal with provider grid
-```
-
-## 🎯 Common Patterns
-
-### Save Connection to Your Database
-
-```javascript
-await alterConnect.open({
-  token: sessionToken,
-  onSuccess: async (connection) => {
-    // Save to YOUR database
-    await fetch('/api/connections', {
-      method: 'POST',
-      body: JSON.stringify({
-        connection_id: connection.connection_id,
-        user_id: currentUserId,
-        provider: connection.provider
-      })
-    });
-  }
-});
-```
-
-### Validate Provider Type
-
-```javascript
-await alterConnect.open({
-  token: sessionToken,
-  onSuccess: async (connection) => {
-    // Ensure user connected the right provider
-    if (connection.provider !== 'google') {
-      alert('Please connect your Gmail account');
-      return;
-    }
-
-    await saveConnection(connection);
-  }
-});
-```
-
-### Validate Email Domain
-
-```javascript
-await alterConnect.open({
-  token: sessionToken,
-  onSuccess: async (connection) => {
-    // Ensure user connected a work email
-    if (!connection.account_identifier.endsWith('@company.com')) {
-      alert('Please connect your @company.com work email');
-      return;
-    }
-
-    await saveConnection(connection);
-  }
-});
-```
-
-### Handle Errors Gracefully
+When 2+ providers are allowed, the Connect UI shows a **provider selection screen**:
 
 ```javascript
-await alterConnect.open({
-  token: sessionToken,
-  onSuccess: (connection) => {
-    console.log('Connected!', connection);
-  },
-  onError: (error) => {
-    if (error.code === 'popup_blocked') {
-      alert('Please allow popups for this site');
-    } else if (error.code === 'session_expired') {
-      alert('Session expired. Please try again.');
-    } else {
-      alert(`Connection failed: ${error.message}`);
-    }
-  },
-  onExit: () => {
-    console.log('User cancelled');
-  }
-});
+// Backend: allowed_providers: ['google', 'slack', 'github']
+// Result: Shows provider selection, user picks one
 ```
 
-## 📦 TypeScript Support
+## TypeScript Support
 
 Full TypeScript definitions included:
 
 ```typescript
-import AlterConnect, { Connection, AlterError } from '@alter-ai/connect';
+import AlterConnect, {
+  AlterConnectConfig,
+  Connection,
+  AlterError
+} from '@alter-ai/connect';
 
-const alterConnect = AlterConnect.create({
-  customization: { colors: { primary: '#6366f1' } }
-});
+const alterConnect = AlterConnect.create({ debug: true });
 
 await alterConnect.open({
   token: sessionToken,
-  onSuccess: (connection: Connection) => {
-    // TypeScript knows all properties
+  onSuccess: (connections: Connection[]) => {
     console.log(connection.connection_id);
     console.log(connection.provider);
+    console.log(connection.scopes);
   },
   onError: (error: AlterError) => {
     console.error(error.code, error.message);
@@ -516,21 +392,24 @@ await alterConnect.open({
 });
 ```
 
-## 🌐 Browser Support
+## Bundle Size
+
+| Format | Size | Gzipped |
+|--------|------|---------|
+| **CJS** | ~10KB | ~3.5KB |
+| **ESM** | ~10KB | ~3.4KB |
+| **UMD** | ~11KB | ~3.5KB |
+
+Zero runtime dependencies.
+
+## Browser Support
 
 - Chrome/Edge 90+
 - Firefox 88+
 - Safari 14+
 - Mobile browsers (iOS Safari 14+, Chrome Mobile)
 
-## 📊 Bundle Size
-
-- **UMD:** 21KB minified
-- **ESM:** 21KB minified
-- **CJS:** 21KB minified
-- **Zero runtime dependencies**
-
-## 🐛 Troubleshooting
+## Troubleshooting
 
 ### Popup Blocked
 
@@ -539,13 +418,13 @@ await alterConnect.open({
 **Solution:** Ensure `alterConnect.open()` is called directly from a user interaction (click event):
 
 ```javascript
-// ❌ Bad - may be blocked
+// Bad - may be blocked
 button.addEventListener('click', async () => {
   const token = await fetchToken(); // Async delay
   alterConnect.open({ token }); // May be blocked
 });
 
-// ✅ Good - no async delay before open()
+// Good - no async delay before open()
 button.addEventListener('click', () => {
   fetchToken().then(token => {
     alterConnect.open({ token }); // Called synchronously
@@ -565,13 +444,12 @@ button.addEventListener('click', () => {
 
 **Solution:** Session tokens should be created from your **backend**, not frontend. The SDK handles all frontend API calls.
 
-## 🤝 Support
+## Support
 
 - **Documentation:** [https://docs.alterai.dev](https://docs.alterai.dev)
-- **API Reference:** [https://api.alterai.dev/docs](https://api.alterai.dev/docs)
-- **Issues:** [GitHub Issues](https://github.com/alter-ai/alter-vault/issues)
+- **Issues:** [GitHub Issues](https://github.com/AlterAIDev/Alter-Vault/issues)
 - **Email:** support@alterai.dev
 
-## 📄 License
+## License
 
 MIT License - See [LICENSE](LICENSE) file for details

package/dist/alter-connect.cjs.js

@@ -1,2 +1,2 @@
-"use strict";function e(e,...t){e.debug&&console.log("[Alter Connect]",...t)}Object.defineProperty(exports,"__esModule",{value:!0});class t{constructor(){this.events=new Map}on(e,t){return this.events.has(e)||this.events.set(e,new Set),this.events.get(e).add(t),()=>this.off(e,t)}off(e,t){const s=this.events.get(e);s&&s.delete(t)}emit(e,...t){const s=this.events.get(e);s&&s.forEach(s=>{try{s(...t)}catch(t){console.error(`[Alter Connect] Error in event handler for '${e}':`,t)}})}removeAllListeners(e){e?this.events.delete(e):this.events.clear()}}class s{constructor(){this.state={isOpen:!1,sessionToken:null,error:null},this.listeners=new Set}getState(){return{...this.state}}get(e){return this.state[e]}setState(e){this.state={...this.state,...e},this.notifyListeners()}subscribe(e){return this.listeners.add(e),()=>{this.listeners.delete(e)}}clearListeners(){this.listeners.clear()}notifyListeners(){const e=this.getState();this.listeners.forEach(t=>{try{t(e)}catch(e){console.error("[Alter Connect] Error in state listener:",e)}})}}function i(){const e=navigator.userAgent||navigator.vendor||window.opera,t=/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(e),s="ontouchstart"in window||navigator.maxTouchPoints>0||navigator.msMaxTouchPoints>0,i=window.innerWidth<=768;return t||s&&i}function n(){return i()&&window.innerWidth<=480?"phone":i()&&window.innerWidth>480&&window.innerWidth<=1024?"tablet":"desktop"}function o(e){return"reauth"===e?"reauth":"creation"}function r(e){return"pending"===e?"pending":"error"===e?"error":"active"}function a(e){sessionStorage.removeItem("alter_oauth_state");try{const t=new URL(e);window.history.replaceState({},document.title,t.pathname+t.search+t.hash)}catch{window.history.replaceState({},document.title,window.location.pathname)}}class c{constructor(e){this.popup=null,this.pollInterval=null,this.messageListener=null,this.settled=!1,this.options={baseURL:e.baseURL,onSuccess:e.onSuccess,onError:e.onError,onCancel:e.onCancel,popupWidth:e.popupWidth||500,popupHeight:e.popupHeight||700,debug:e.debug||!1};try{this.expectedOrigin=new URL(e.baseURL).origin}catch{throw new Error(`Invalid baseURL: "${e.baseURL}". Must be a full URL with protocol (e.g., "https://api.alterai.dev").`)}}startOAuth(e){!function(){const e=n();return"phone"===e||"tablet"===e&&window.innerHeight>window.innerWidth}()?(this.log("Using popup flow for desktop"),this.openPopup(e)):(this.log("Using redirect flow for mobile device"),this.startRedirectFlow(e))}startRedirectFlow(e){this.log("Starting redirect flow:",e);const t={timestamp:Date.now(),returnUrl:window.location.href};try{sessionStorage.setItem("alter_oauth_state",JSON.stringify(t))}catch(e){return this.log("Failed to save state:",e),void this.options.onError({code:"redirect_error",message:"Failed to start OAuth flow: could not save session state",details:{error:e}})}window.location.href=e}static checkOAuthReturn(e,t){const s=sessionStorage.getItem("alter_oauth_state");if(!s)return!1;try{const i=JSON.parse(s);if(Date.now()-i.timestamp>3e5)return sessionStorage.removeItem("alter_oauth_state"),!1;const n=new URLSearchParams(window.location.search),c=n.get("alter_connect_success"),h=n.get("alter_connect_error");if("true"===c){const s=n.get("connection_id"),c=n.get("provider"),h=n.get("account_identifier");if(!s||!c||!h)return a(i.returnUrl),t({code:"invalid_response",message:"OAuth redirect returned incomplete connection data"}),!0;const l={connection_id:s,provider:c,provider_name:n.get("provider_name")||c,account_identifier:h,timestamp:n.get("timestamp")||(new Date).toISOString(),operation:o(n.get("operation")),scopes:n.get("scopes")?.split(",")||[],status:r(n.get("status"))};return a(i.returnUrl),e(l),!0}if(h){const e={code:n.get("error_code")||"oauth_error",message:n.get("error_description")||"OAuth authorization failed"};return a(i.returnUrl),t(e),!0}return!1}catch(e){return console.error("[OAuth Handler] Failed to check OAuth return:",e),sessionStorage.removeItem("alter_oauth_state"),!1}}openPopup(e){const t=window.screenX+(window.outerWidth-this.options.popupWidth)/2,s=window.screenY+(window.outerHeight-this.options.popupHeight)/2,i=[`width=${this.options.popupWidth}`,`height=${this.options.popupHeight}`,`left=${t}`,`top=${s}`,"resizable=yes","scrollbars=yes","status=yes"].join(",");this.log("Opening OAuth popup:",e),this.popup=window.open(e,"alter_oauth_popup",i),this.popup?(this.startPolling(),this.setupMessageListener()):this.options.onError({code:"popup_blocked",message:"Popup was blocked by browser. Please allow popups for this site."})}close(){this.log("Closing OAuth handler"),this.popup&&!this.popup.closed&&this.popup.close(),this.popup=null,null!==this.pollInterval&&(clearInterval(this.pollInterval),this.pollInterval=null),this.messageListener&&(window.removeEventListener("message",this.messageListener),this.messageListener=null)}startPolling(){this.pollInterval=window.setInterval(()=>{this.settled||this.popup&&!this.popup.closed||(this.log("Popup closed by user"),this.settled=!0,this.close(),this.options.onCancel())},500)}setupMessageListener(){this.messageListener=e=>{if(this.settled)return;if(e.origin!==this.expectedOrigin)return void this.log("Rejected message from unexpected origin:",e.origin,"(expected:",this.expectedOrigin+")");this.log("Received message from",e.origin);const t=e.data;if(t&&"object"==typeof t)if("alter_connect_success"===t.type){this.log("OAuth success");const e=function(e){return e.connection_id&&"string"==typeof e.connection_id?e.provider&&"string"==typeof e.provider?e.account_identifier&&"string"==typeof e.account_identifier?e.timestamp&&"string"==typeof e.timestamp?null:"Missing or invalid timestamp":"Missing or invalid account_identifier":"Missing or invalid provider":"Missing or invalid connection_id"}(t);if(e)return this.log("Invalid connection payload:",e),this.settled=!0,this.close(),void this.options.onError({code:"invalid_response",message:`Server returned incomplete connection data: ${e}`});const s={connection_id:t.connection_id,provider:t.provider,provider_name:t.provider_name||t.provider,account_identifier:t.account_identifier,timestamp:t.timestamp,operation:o(t.operation),scopes:Array.isArray(t.scopes)?t.scopes:[],status:r(t.status),metadata:t.metadata};this.settled=!0,this.close(),this.options.onSuccess(s)}else if("alter_connect_error"===t.type){this.log("OAuth error");const e={code:t.error||"oauth_error",message:t.error_description||"OAuth authorization failed",details:t};this.settled=!0,this.close(),this.options.onError(e)}},window.addEventListener("message",this.messageListener)}log(...e){this.options.debug&&console.log("[OAuth Handler]",...e)}}const h="0.2.0";class l{constructor(i={}){this._oauthHandler=null,this._baseURL="https://api.alterai.dev",this._perOpenCleanups=[],this.config=function(e){return{debug:e.debug??!1}}(i),this.eventEmitter=new t,this.stateManager=new s,this._isInitialized=!0,e(this.config,"Alter Connect SDK initialized",{version:h}),this.checkRedirectReturn()}checkRedirectReturn(){c.checkOAuthReturn(t=>{e(this.config,"OAuth redirect return - success:",t),this.eventEmitter.emit("success",t)},t=>{e(this.config,"OAuth redirect return - error:",t),this.eventEmitter.emit("error",t)})&&e(this.config,"OAuth redirect return detected and handled")}static create(e){return new l(e)}async open(t){if(!this._isInitialized)throw this.createError("sdk_destroyed","Cannot call open() - SDK instance has been destroyed");if(e(this.config,"Opening Connect UI"),!t.token||"string"!=typeof t.token)throw this.createError("invalid_options","Session token is required. Create one from your backend using POST /oauth/connect/session");if(!t.onSuccess||"function"!=typeof t.onSuccess)throw this.createError("invalid_options","onSuccess callback is required");if(this.isOpen())return void e(this.config,"Connect UI is already open");this._baseURL=t.baseURL||"https://api.alterai.dev",this._oauthHandler=new c({baseURL:this._baseURL,onSuccess:t=>{e(this.config,"OAuth success:",t),this.handleOAuthSuccess(t)},onError:t=>{e(this.config,"OAuth error:",t),this.handleOAuthError(t)},onCancel:()=>{e(this.config,"OAuth cancelled (popup closed)"),this.handleOAuthCancel()},popupWidth:500,popupHeight:700,debug:this.config.debug}),this.stateManager.setState({isOpen:!0,error:null,sessionToken:t.token}),this.registerEventHandlers(t);const s=`${this._baseURL}/oauth/connect#session=${encodeURIComponent(t.token)}`;e(this.config,"Connect URL:",s),this._oauthHandler.startOAuth(s),t.onEvent&&t.onEvent("connect_opened",{timestamp:(new Date).toISOString()}),e(this.config,"Connect UI opened successfully")}close(){if(!this._isInitialized)throw this.createError("sdk_destroyed","Cannot call close() - SDK instance has been destroyed");e(this.config,"Closing Connect UI"),this._oauthHandler&&(this._oauthHandler.close(),this._oauthHandler=null),this._perOpenCleanups.forEach(e=>e()),this._perOpenCleanups=[],this.stateManager.setState({isOpen:!1}),this.eventEmitter.emit("close")}destroy(){this._isInitialized&&(e(this.config,"Destroying SDK instance"),this._oauthHandler&&(this._oauthHandler.close(),this._oauthHandler=null),this.stateManager.get("isOpen")&&this.stateManager.setState({isOpen:!1}),this.eventEmitter.removeAllListeners(),this.stateManager.clearListeners(),this._isInitialized=!1)}on(e,t){if(!this._isInitialized)throw this.createError("sdk_destroyed","Cannot call on() - SDK instance has been destroyed");return this.eventEmitter.on(e,t)}off(e,t){if(!this._isInitialized)throw this.createError("sdk_destroyed","Cannot call off() - SDK instance has been destroyed");this.eventEmitter.off(e,t)}isOpen(){if(!this._isInitialized)throw this.createError("sdk_destroyed","Cannot call isOpen() - SDK instance has been destroyed");return this.stateManager.get("isOpen")}getVersion(){return h}cleanupHandler(){this._oauthHandler=null}handleOAuthSuccess(e){this.cleanupHandler(),this.eventEmitter.emit("success",e)}handleOAuthError(e){this.cleanupHandler(),this.stateManager.setState({error:e}),this.eventEmitter.emit("error",e)}handleOAuthCancel(){this.cleanupHandler(),this.eventEmitter.emit("exit")}registerEventHandlers(e){e.onSuccess&&this._perOpenCleanups.push(this.eventEmitter.on("success",t=>{e.onSuccess(t),this.close()})),e.onExit&&this._perOpenCleanups.push(this.eventEmitter.on("exit",()=>{e.onExit(),this.close()})),this._perOpenCleanups.push(this.eventEmitter.on("error",t=>{e.onError&&e.onError(t),this.close()})),e.onEvent&&this._perOpenCleanups.push(this.eventEmitter.on("event",(t,s)=>{e.onEvent(t,s)}))}createError(e,t,s){const i=new Error(t);return i.code=e,i.details=s,i}}exports.default=l;
+"use strict";function e(e,...t){e.debug&&console.log("[Alter Connect]",...t)}Object.defineProperty(exports,"__esModule",{value:!0});class t{constructor(){this.events=new Map}on(e,t){return this.events.has(e)||this.events.set(e,new Set),this.events.get(e).add(t),()=>this.off(e,t)}off(e,t){const i=this.events.get(e);i&&i.delete(t)}emit(e,...t){const i=this.events.get(e);i&&i.forEach(i=>{try{i(...t)}catch(t){console.error(`[Alter Connect] Error in event handler for '${e}':`,t)}})}removeAllListeners(e){e?this.events.delete(e):this.events.clear()}}class i{constructor(){this.state={isOpen:!1,sessionToken:null,error:null},this.listeners=new Set}getState(){return{...this.state}}get(e){return this.state[e]}setState(e){this.state={...this.state,...e},this.notifyListeners()}subscribe(e){return this.listeners.add(e),()=>{this.listeners.delete(e)}}clearListeners(){this.listeners.clear()}notifyListeners(){const e=this.getState();this.listeners.forEach(t=>{try{t(e)}catch(e){console.error("[Alter Connect] Error in state listener:",e)}})}}function s(){const e=navigator.userAgent||navigator.vendor||window.opera,t=/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(e),i="ontouchstart"in window||navigator.maxTouchPoints>0||navigator.msMaxTouchPoints>0,s=window.innerWidth<=768;return t||i&&s}function n(){return s()&&window.innerWidth<=480?"phone":s()&&window.innerWidth>480&&window.innerWidth<=1024?"tablet":"desktop"}function o(e){return"reauth"===e?"reauth":"grant"===e?"grant":"creation"}function r(e){return"pending"===e?"pending":"error"===e?"error":"active"}function a(e){sessionStorage.removeItem("alter_oauth_state");try{const t=new URL(e);window.history.replaceState({},document.title,t.pathname+t.search+t.hash)}catch{window.history.replaceState({},document.title,window.location.pathname)}}class c{constructor(e){this.popup=null,this.pollInterval=null,this.messageListener=null,this.settled=!1,this.options={baseURL:e.baseURL,onSuccess:e.onSuccess,onError:e.onError,onCancel:e.onCancel,popupWidth:e.popupWidth||500,popupHeight:e.popupHeight||700,debug:e.debug||!1,expectedOrigin:e.expectedOrigin||""};try{this.expectedOrigin=new URL(e.baseURL).origin}catch{throw new Error(`Invalid baseURL: "${e.baseURL}". Must be a full URL with protocol (e.g., "https://api.alterai.dev").`)}}startOAuth(e){if(!this.options.expectedOrigin)try{const t=new URL(e);this.options.expectedOrigin=t.origin,this.log("Derived expected origin:",this.options.expectedOrigin)}catch{return this.log("Failed to parse OAuth URL for origin validation:",e),void this.options.onError({code:"invalid_oauth_url",message:"Failed to determine origin from OAuth URL. Cannot proceed securely."})}!function(){const e=n();return"phone"===e||"tablet"===e&&window.innerHeight>window.innerWidth}()?(this.log("Using popup flow for desktop"),this.openPopup(e)):(this.log("Using redirect flow for mobile device"),this.startRedirectFlow(e))}startRedirectFlow(e){this.log("Starting redirect flow:",e);const t={timestamp:Date.now(),returnUrl:window.location.href};try{sessionStorage.setItem("alter_oauth_state",JSON.stringify(t))}catch(e){return this.log("Failed to save state:",e),void this.options.onError({code:"redirect_error",message:"Failed to start OAuth flow: could not save session state",details:{error:e}})}window.location.href=e}static checkOAuthReturn(e,t){const i=sessionStorage.getItem("alter_oauth_state");if(!i)return!1;try{const s=JSON.parse(i);if(Date.now()-s.timestamp>3e5)return sessionStorage.removeItem("alter_oauth_state"),!1;const n=new URLSearchParams(window.location.search),c=n.get("alter_connect_success"),h=n.get("alter_connect_error");if("true"===c){const i=n.get("connection_id"),c=n.get("provider"),h=n.get("account_identifier");if(!i||!c||!h)return a(s.returnUrl),t({code:"invalid_response",message:"OAuth redirect returned incomplete connection data"}),!0;const l={connection_id:i,provider:c,provider_name:n.get("provider_name")||c,account_identifier:h,timestamp:n.get("timestamp")||(new Date).toISOString(),operation:o(n.get("operation")),scopes:n.get("scopes")?.split(",")||[],status:r(n.get("status"))};return a(s.returnUrl),e([l]),!0}if(h){const e={code:n.get("error_code")||"oauth_error",message:n.get("error_description")||"OAuth authorization failed"};return a(s.returnUrl),t(e),!0}return!1}catch(e){return console.error("[OAuth Handler] Failed to check OAuth return:",e),sessionStorage.removeItem("alter_oauth_state"),!1}}openPopup(e){const t=window.screenX+(window.outerWidth-this.options.popupWidth)/2,i=window.screenY+(window.outerHeight-this.options.popupHeight)/2,s=[`width=${this.options.popupWidth}`,`height=${this.options.popupHeight}`,`left=${t}`,`top=${i}`,"resizable=yes","scrollbars=yes","status=yes"].join(",");this.log("Opening OAuth popup:",e),this.popup=window.open(e,"alter_oauth_popup",s),this.popup?(this.startPolling(),this.setupMessageListener()):this.options.onError({code:"popup_blocked",message:"Popup was blocked by browser. Please allow popups for this site."})}close(){this.log("Closing OAuth handler"),this.popup&&!this.popup.closed&&this.popup.close(),this.popup=null,null!==this.pollInterval&&(clearInterval(this.pollInterval),this.pollInterval=null),this.messageListener&&(window.removeEventListener("message",this.messageListener),this.messageListener=null)}startPolling(){this.pollInterval=window.setInterval(()=>{this.settled||this.popup&&!this.popup.closed||(this.log("Popup closed by user"),this.settled=!0,this.close(),this.options.onCancel())},500)}setupMessageListener(){this.messageListener=e=>{if(this.settled)return;if(e.origin!==this.expectedOrigin)return void this.log("Rejected message from unexpected origin:",e.origin,"(expected:",this.expectedOrigin+")");this.log("Received message from",e.origin);const t=e.data;if(t&&"object"==typeof t)if("alter_connect_success"===t.type){if(this.log("OAuth success"),Array.isArray(t.connections)){this.log("Multi-provider success:",t.connections.length,"connections");const e=[];for(const i of t.connections)i.connection_id&&i.provider?e.push({connection_id:i.connection_id,provider:i.provider,provider_name:i.provider_name||i.provider,account_identifier:i.account_identifier||"",timestamp:i.timestamp||(new Date).toISOString(),operation:o(i.operation),scopes:Array.isArray(i.scopes)?i.scopes:[],status:r(i.status),metadata:i.metadata}):this.log("Skipping invalid connection item:",i);return 0===e.length?(this.settled=!0,this.close(),void this.options.onError({code:"invalid_response",message:"Server returned empty connections array"})):(this.settled=!0,this.close(),void this.options.onSuccess(e))}const e=function(e){return e.connection_id&&"string"==typeof e.connection_id?e.provider&&"string"==typeof e.provider?e.account_identifier&&"string"==typeof e.account_identifier?e.timestamp&&"string"==typeof e.timestamp?null:"Missing or invalid timestamp":"Missing or invalid account_identifier":"Missing or invalid provider":"Missing or invalid connection_id"}(t);if(e)return this.log("Invalid connection payload:",e),this.settled=!0,this.close(),void this.options.onError({code:"invalid_response",message:`Server returned incomplete connection data: ${e}`});const i={connection_id:t.connection_id,provider:t.provider,provider_name:t.provider_name||t.provider,account_identifier:t.account_identifier,timestamp:t.timestamp,operation:o(t.operation),scopes:Array.isArray(t.scopes)?t.scopes:[],status:r(t.status),metadata:t.metadata};this.settled=!0,this.close(),this.options.onSuccess([i])}else if("alter_connect_error"===t.type){this.log("OAuth error");const e={code:t.error||"oauth_error",message:t.error_description||"OAuth authorization failed",details:t};this.settled=!0,this.close(),this.options.onError(e)}},window.addEventListener("message",this.messageListener)}log(...e){this.options.debug&&console.log("[OAuth Handler]",...e)}}const h="0.2.0";class l{constructor(s={}){this._oauthHandler=null,this._baseURL="https://api.alterai.dev",this._perOpenCleanups=[],this.config=function(e){return{debug:e.debug??!1}}(s),this.eventEmitter=new t,this.stateManager=new i,this._isInitialized=!0,e(this.config,"Alter Connect SDK initialized",{version:h}),this.checkRedirectReturn()}checkRedirectReturn(){c.checkOAuthReturn(t=>{e(this.config,"OAuth redirect return - success:",t),this.eventEmitter.emit("success",t)},t=>{e(this.config,"OAuth redirect return - error:",t),this.eventEmitter.emit("error",t)})&&e(this.config,"OAuth redirect return detected and handled")}static create(e){return new l(e)}async open(t){if(!this._isInitialized)throw this.createError("sdk_destroyed","Cannot call open() - SDK instance has been destroyed");if(e(this.config,"Opening Connect UI"),!t.token||"string"!=typeof t.token)throw this.createError("invalid_options","Session token is required. Create one from your backend using POST /sdk/oauth/connect/session");if(!t.onSuccess||"function"!=typeof t.onSuccess)throw this.createError("invalid_options","onSuccess callback is required");if(this.isOpen())return void e(this.config,"Connect UI is already open");this._baseURL=t.baseURL||"https://api.alterai.dev",this._oauthHandler=new c({baseURL:this._baseURL,onSuccess:t=>{e(this.config,"OAuth success:",t),this.handleOAuthSuccess(t)},onError:t=>{e(this.config,"OAuth error:",t),this.handleOAuthError(t)},onCancel:()=>{e(this.config,"OAuth cancelled (popup closed)"),this.handleOAuthCancel()},popupWidth:500,popupHeight:700,debug:this.config.debug}),this.stateManager.setState({isOpen:!0,error:null,sessionToken:t.token}),this.registerEventHandlers(t);const i=`${this._baseURL}/sdk/oauth/connect#session=${encodeURIComponent(t.token)}`;e(this.config,"Connect URL:",i),this._oauthHandler.startOAuth(i),t.onEvent&&t.onEvent("connect_opened",{timestamp:(new Date).toISOString()}),e(this.config,"Connect UI opened successfully")}close(){if(!this._isInitialized)throw this.createError("sdk_destroyed","Cannot call close() - SDK instance has been destroyed");e(this.config,"Closing Connect UI"),this._oauthHandler&&(this._oauthHandler.close(),this._oauthHandler=null),this._perOpenCleanups.forEach(e=>e()),this._perOpenCleanups=[],this.stateManager.setState({isOpen:!1}),this.eventEmitter.emit("close")}destroy(){this._isInitialized&&(e(this.config,"Destroying SDK instance"),this._oauthHandler&&(this._oauthHandler.close(),this._oauthHandler=null),this.stateManager.get("isOpen")&&this.stateManager.setState({isOpen:!1}),this.eventEmitter.removeAllListeners(),this.stateManager.clearListeners(),this._isInitialized=!1)}on(e,t){if(!this._isInitialized)throw this.createError("sdk_destroyed","Cannot call on() - SDK instance has been destroyed");return this.eventEmitter.on(e,t)}off(e,t){if(!this._isInitialized)throw this.createError("sdk_destroyed","Cannot call off() - SDK instance has been destroyed");this.eventEmitter.off(e,t)}isOpen(){if(!this._isInitialized)throw this.createError("sdk_destroyed","Cannot call isOpen() - SDK instance has been destroyed");return this.stateManager.get("isOpen")}getVersion(){return h}cleanupHandler(){this._oauthHandler=null}handleOAuthSuccess(e){this.cleanupHandler(),this.eventEmitter.emit("success",e)}handleOAuthError(e){this.cleanupHandler(),this.stateManager.setState({error:e}),this.eventEmitter.emit("error",e)}handleOAuthCancel(){this.cleanupHandler(),this.eventEmitter.emit("exit")}registerEventHandlers(e){e.onSuccess&&this._perOpenCleanups.push(this.eventEmitter.on("success",t=>{e.onSuccess(t),this.close()})),e.onExit&&this._perOpenCleanups.push(this.eventEmitter.on("exit",()=>{e.onExit(),this.close()})),this._perOpenCleanups.push(this.eventEmitter.on("error",t=>{e.onError&&e.onError(t),this.close()})),e.onEvent&&this._perOpenCleanups.push(this.eventEmitter.on("event",(t,i)=>{e.onEvent(t,i)}))}createError(e,t,i){const s=new Error(t);return s.code=e,s.details=i,s}}exports.default=l;
 //# sourceMappingURL=alter-connect.cjs.js.map