@alviere/core 0.8.1

package/dist/index.mjs

@@ -0,0 +1,2419 @@
+import { pki } from "node-forge";
+class Logger {
+  /**
+   * Logger constructor.
+   *
+   * @param isDebug This is what enables/disables our output messages
+   */
+  constructor(isDebug) {
+    this.logger = "CORE_LOGGER";
+    this.isDebug = isDebug;
+  }
+  /**
+   * This is the method to output a debug message to console.
+   *
+   * @param msg The message to output to console
+   */
+  debug(msg) {
+    if (this.isDebug) {
+      if (typeof console.debug !== "undefined") {
+        console.debug(msg);
+      } else {
+        console.log(msg);
+      }
+    }
+  }
+  /**
+   * This is the method to output a warning message to console.
+   *
+   * @param msg The message to output to console
+   */
+  warning(msg) {
+    if (this.isDebug) {
+      if (typeof console.warn !== "undefined") {
+        console.warn(msg);
+      } else {
+        console.log(msg);
+      }
+    }
+  }
+  /**
+   * Alias for warning() for consistency with console API
+   *
+   * @param msg The message to output to console
+   */
+  warn(msg) {
+    this.warning(msg);
+  }
+  /**
+   * This is the method to output an info message to console.
+   *
+   * @param msg The message to output to console
+   */
+  info(msg) {
+    if (this.isDebug) {
+      if (typeof console.info !== "undefined") {
+        console.info(msg);
+      } else {
+        console.log(msg);
+      }
+    }
+  }
+  /**
+   * This is the method to output an error message to console.
+   *
+   * @param msg The message to output to console
+   */
+  error(msg) {
+    if (this.isDebug) {
+      if (typeof console.error !== "undefined") {
+        console.error(msg);
+      } else {
+        console.log(msg);
+      }
+    }
+  }
+  /**
+   * Check if debug mode is enabled
+   */
+  isDebugEnabled() {
+    return this.isDebug;
+  }
+}
+const DEFAULT_CONFIG = {
+  domain: "https://api.dev.alviere.com",
+  access_token: "",
+  certificate: {
+    id: "",
+    public_key: ""
+  }
+};
+let runtimeConfig = { ...DEFAULT_CONFIG };
+function setRuntimeConfig(config) {
+  runtimeConfig = { ...runtimeConfig, ...config };
+}
+function getRuntimeConfig() {
+  return runtimeConfig;
+}
+function getEnvVar(key) {
+  if (typeof window !== "undefined" && window.VITE_DEBUG) {
+    const viteKey = `VITE_${key}`;
+    return window[viteKey];
+  }
+  return void 0;
+}
+function initializeFromEnvironment() {
+  if (runtimeConfig.domain && runtimeConfig.certificate) {
+    return;
+  }
+  const envConfig = {};
+  const envDomain = getEnvVar("ALVIERE_DOMAIN");
+  const envCertificate = getEnvVar("CERTIFICATE");
+  if (envDomain) envConfig.domain = envDomain;
+  if (envCertificate) {
+    try {
+      const cert = JSON.parse(envCertificate);
+      if (cert && typeof cert.id === "string" && typeof cert.public_key === "string") {
+        envConfig.certificate = { id: cert.id, public_key: cert.public_key };
+      }
+    } catch {
+    }
+  }
+  if (envConfig.domain || envConfig.certificate) {
+    setRuntimeConfig(envConfig);
+  }
+}
+const getALVIERE_DOMAIN = () => {
+  if (!runtimeConfig.domain) {
+    initializeFromEnvironment();
+  }
+  return runtimeConfig.domain;
+};
+const getRSA_PUB_KEY = () => {
+  if (!runtimeConfig.certificate) {
+    initializeFromEnvironment();
+  }
+  return runtimeConfig.certificate.public_key;
+};
+const getCERTIFICATE_ID = () => {
+  if (!runtimeConfig.certificate) {
+    initializeFromEnvironment();
+  }
+  return runtimeConfig.certificate.id;
+};
+const ALVIERE_DOMAIN = getALVIERE_DOMAIN();
+const RSA_PUB_KEY = getRSA_PUB_KEY();
+const CERTIFICATE_ID = getCERTIFICATE_ID();
+class Cryptor {
+  /**
+   *
+   */
+  constructor(logger) {
+    this.logger = logger;
+    this.rsa_key = getRSA_PUB_KEY();
+    this.key = this.generate_key();
+    this.nonce = this.generate_nonce();
+    this.logger?.debug("🔐 Cryptor initialized");
+  }
+  /**
+   *
+   * @param data
+   * @returns
+   */
+  async encrypt(data) {
+    const encoded = new TextEncoder().encode(JSON.stringify(data));
+    const alg = { name: "AES-GCM", iv: this.nonce };
+    const crypto_key = await this.import_key();
+    const cipher = await crypto.subtle.encrypt(alg, crypto_key, encoded);
+    const cipherStr = this.bufferToStr(cipher);
+    const cipherB64 = btoa(cipherStr);
+    const keyStr = this.bufferToStr(this.key);
+    const keyB64 = btoa(keyStr);
+    const nonceStr = this.bufferToStr(this.nonce);
+    const nonceB64 = btoa(nonceStr);
+    this.logger?.debug(`🔐 RSA_KEY: ${this.rsa_key.substring(0, 50)}...`);
+    const publicKey = pki.publicKeyFromPem(this.rsa_key);
+    const keyNonceCipher = publicKey.encrypt(keyB64 + "::" + nonceB64);
+    const keyNonceB64 = btoa(keyNonceCipher);
+    const encrypted_request = {
+      p: cipherB64,
+      // base64(AES-GCM(<sdk_envelope>))
+      k: keyNonceB64,
+      // base64(RSA(base64(SDK_KEY)::base64(<sdk_nonce>)))
+      i: getCERTIFICATE_ID()
+      // certificate id - configurable via environment variable
+    };
+    this.logger?.debug(
+      `🔐 ENCRYPTED_REQUEST: p=${encrypted_request.p.substring(0, 20)}..., i=${encrypted_request.i}`
+    );
+    return encrypted_request;
+  }
+  /**
+   *
+   * @param data
+   * @returns
+   */
+  async decrypt(data) {
+    const decrypted = await crypto.subtle.decrypt(
+      { name: "AES-GCM", iv: this.nonce },
+      await this.import_key(),
+      Uint8Array.from(atob(data.p), (c) => c.charCodeAt(0))
+    );
+    const decryptedText = new TextDecoder().decode(decrypted);
+    this.logger?.debug(`🔐 DECRYPTED: ${decryptedText}`);
+    return JSON.parse(decryptedText);
+  }
+  /**
+   *
+   * @returns
+   */
+  generate_key() {
+    return crypto.getRandomValues(new Uint8Array(32));
+  }
+  /**
+   *
+   * @returns
+   */
+  generate_nonce() {
+    return crypto.getRandomValues(new Uint8Array(12));
+  }
+  /**
+   *
+   * @returns
+   */
+  async import_key() {
+    return await crypto.subtle.importKey("raw", this.key, { name: "AES-GCM" }, true, [
+      "encrypt",
+      "decrypt"
+    ]);
+  }
+  /**
+   *
+   * @param data
+   * @returns
+   */
+  async rsa_encrypt(data) {
+    this.logger?.debug(`🔐 RSA_ENCRYPT: Data to encrypt: ${data.substring(0, 50)}...`);
+    this.logger?.debug(`🔐 RSA_KEY: ${this.rsa_key.substring(0, 50)}...`);
+    const publicKey = pki.publicKeyFromPem(this.rsa_key);
+    return btoa(publicKey.encrypt(data));
+  }
+  /**
+   *
+   * @param buf
+   */
+  bufferToStr(buf) {
+    const cb = Array.from(new Uint8Array(buf));
+    const cs = cb.map((byte) => String.fromCharCode(byte)).join("");
+    return cs;
+  }
+}
+class Validator {
+  /**
+   *
+   * @param logger
+   */
+  constructor(logger) {
+    this.logger = logger;
+  }
+  /**
+   *
+   * @param name
+   */
+  credit_card_name(name) {
+    this.logger.debug(`🔐 CREDIT_CARD_NAME: ${name}`);
+    if (!name || typeof name !== "string") {
+      return "Card holder name cannot be empty.";
+    }
+    if (name.trim().length === 0) {
+      return "Card holder name cannot be empty.";
+    }
+    return null;
+  }
+  /**
+   *
+   * @param number
+   */
+  credit_card_number(number) {
+    if (!number || typeof number !== "string") {
+      return "Please enter a valid card number.";
+    }
+    const visaRegEx = /^(?:4[0-9]{12}(?:[0-9]{3})?)$/;
+    const mastercardRegEx = /^(?:5[1-5][0-9]{14})$/;
+    const amexpRegEx = /^(?:3[47][0-9]{13})$/;
+    const discovRegEx = /^(?:6(?:011|5[0-9][0-9])[0-9]{12})$/;
+    if (visaRegEx.test(number.replace(/\s/g, ""))) {
+      return null;
+    } else if (mastercardRegEx.test(number.replace(/\s/g, ""))) {
+      return null;
+    } else if (amexpRegEx.test(number.replace(/\s/g, ""))) {
+      return null;
+    } else if (discovRegEx.test(number.replace(/\s/g, ""))) {
+      return null;
+    }
+    this.logger.debug("🔐 card number is not a recognized brand");
+    return "Please enter a valid card number.";
+  }
+  /**
+   *
+   * @param expiry
+   */
+  credit_card_expiry_date(expiry) {
+    if (!expiry || typeof expiry !== "string") {
+      return "Expiry date cannot be empty.";
+    }
+    if (expiry.trim().length === 0) {
+      return "Expiry date cannot be empty.";
+    }
+    const expiryRegEx = /^(0[1-9]|1[0-2])\/?([0-9]{4}|[0-9]{2})$/;
+    if (!expiryRegEx.test(expiry)) {
+      return "Please enter a valid expiry date.";
+    }
+    return null;
+  }
+  /**
+   *
+   * @param code
+   */
+  credit_card_sec_code(code) {
+    if (!code || typeof code !== "string") {
+      return "Security code cannot be empty.";
+    }
+    if (code.trim().length === 0) {
+      return "Security code cannot be empty.";
+    }
+    const secCodeRegEx = /^[0-9]{3,4}$/;
+    if (!secCodeRegEx.test(code)) {
+      return "Please enter a valid security code.";
+    }
+    return null;
+  }
+  /**
+   *
+   * @param zip
+   */
+  credit_card_zip_code(zip) {
+    if (!zip || typeof zip !== "string") {
+      return "Zip code cannot be empty.";
+    }
+    if (zip.trim().length === 0) {
+      return "Zip code cannot be empty.";
+    }
+    return null;
+  }
+  /**
+   *
+   * @param pin
+   */
+  credit_card_pin(pin) {
+    if (!pin || typeof pin !== "string") {
+      return "PIN cannot be empty.";
+    }
+    if (pin.trim().length === 0) {
+      return "PIN cannot be empty.";
+    }
+    const pinRegEx = /^[0-9]{4}$/;
+    if (!pinRegEx.test(pin)) {
+      return "Please enter a valid PIN.";
+    }
+    return null;
+  }
+  /**
+   *
+   * @param uuid
+   */
+  is_valid_uuid(uuid) {
+    if (!uuid || typeof uuid !== "string") {
+      return "UUID cannot be empty.";
+    }
+    if (uuid.trim().length === 0) {
+      return "UUID cannot be empty.";
+    }
+    const uuidRegEx = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+    if (!uuidRegEx.test(uuid)) {
+      return "Please enter a valid UUID.";
+    }
+    return null;
+  }
+  /**
+   * Validates that a field is not empty or null
+   * @param value - The value to validate
+   * @param fieldName - Optional field name for error message
+   */
+  required(value, fieldName) {
+    if (value === null || value === void 0 || typeof value === "string" && value.trim().length === 0) {
+      return fieldName ? `${fieldName} is required.` : "This field is required.";
+    }
+    return null;
+  }
+  /**
+   * Validates email address format
+   * @param email - The email to validate
+   */
+  email(email) {
+    if (!email || typeof email !== "string") {
+      return "Please enter a valid email address.";
+    }
+    const trimmed = email.trim();
+    if (trimmed.includes("..")) {
+      return "Please enter a valid email address.";
+    }
+    const emailRegEx = /^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)+$/;
+    if (!emailRegEx.test(trimmed)) {
+      return "Please enter a valid email address.";
+    }
+    return null;
+  }
+  /**
+   * Validates phone number format
+   * @param phone - The phone number to validate
+   */
+  phone(phone) {
+    if (!phone || typeof phone !== "string") {
+      return "Please enter a valid phone number.";
+    }
+    if (!phone.startsWith("+")) {
+      return "Phone number must start with country code (e.g., +1)";
+    }
+    const afterPlus = phone.substring(1);
+    const countryCodeMatch = afterPlus.match(/^(\d{1,3})/);
+    if (!countryCodeMatch) {
+      return "Invalid country code format";
+    }
+    const countryCode = countryCodeMatch[1];
+    const phoneNumber = afterPlus.substring(countryCode.length);
+    if (phoneNumber.length < 7) {
+      return "Phone number too short";
+    }
+    const totalDigits = countryCode.length + phoneNumber.length;
+    if (totalDigits < 10 || totalDigits > 15) {
+      return "Phone number must be between 10 and 15 digits total";
+    }
+    return null;
+  }
+  /**
+   * Validates date format and calendar validity
+   * @param date - The date string to validate
+   * @param format - The expected date format (default: 'YYYY-MM-DD')
+   */
+  date(date, format = "YYYY-MM-DD") {
+    if (!date || typeof date !== "string") {
+      return "Please enter a valid date.";
+    }
+    const dateRegex = /^([0-9]{4})-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])$/;
+    if (!dateRegex.test(date)) {
+      return "Please enter a valid date in YYYY-MM-DD format";
+    }
+    const [, yearStr, monthStr, dayStr] = date.match(dateRegex) || [];
+    const year = parseInt(yearStr);
+    const month = parseInt(monthStr);
+    const day = parseInt(dayStr);
+    if (!this.isValidCalendarDate(year, month, day)) {
+      return "Invalid date - this date does not exist";
+    }
+    const dateObj = new Date(date);
+    const now = /* @__PURE__ */ new Date();
+    const minDate = /* @__PURE__ */ new Date("1900-01-01");
+    if (dateObj > now) {
+      return "Date cannot be in the future";
+    }
+    if (dateObj < minDate) {
+      return "Date cannot be before 1900";
+    }
+    return null;
+  }
+  /**
+   * Helper function to validate calendar dates
+   * @param year - The year
+   * @param month - The month (1-12)
+   * @param day - The day (1-31)
+   */
+  isValidCalendarDate(year, month, day) {
+    const date = new Date(year, month - 1, day);
+    return date.getFullYear() === year && date.getMonth() === month - 1 && date.getDate() === day;
+  }
+  /**
+   * Validates minimum length
+   * @param value - The value to validate
+   * @param minLength - Minimum required length
+   * @param fieldName - Optional field name for error message
+   */
+  min_length(value, minLength, fieldName) {
+    if (!value || typeof value !== "string") {
+      return fieldName ? `${fieldName} is required.` : "This field is required.";
+    }
+    if (value.length < minLength) {
+      return fieldName ? `${fieldName} must be at least ${minLength} characters long.` : `Must be at least ${minLength} characters long.`;
+    }
+    return null;
+  }
+  /**
+   * Validates maximum length
+   * @param value - The value to validate
+   * @param maxLength - Maximum allowed length
+   * @param fieldName - Optional field name for error message
+   */
+  max_length(value, maxLength, fieldName) {
+    if (value && typeof value === "string" && value.length > maxLength) {
+      return fieldName ? `${fieldName} must be no more than ${maxLength} characters long.` : `Must be no more than ${maxLength} characters long.`;
+    }
+    return null;
+  }
+  /**
+   * Validates against a custom pattern
+   * @param value - The value to validate
+   * @param pattern - RegExp pattern to match
+   * @param errorMessage - Custom error message
+   */
+  pattern(value, pattern, errorMessage) {
+    if (!value || typeof value !== "string") {
+      return errorMessage || "Please enter a valid value.";
+    }
+    if (!pattern.test(value)) {
+      return errorMessage || "Please enter a valid value.";
+    }
+    return null;
+  }
+  /**
+   * Validates that a value contains only numbers
+   * @param value - The value to validate
+   * @param fieldName - Optional field name for error message
+   */
+  numeric(value, fieldName) {
+    if (!value || typeof value !== "string") {
+      return fieldName ? `${fieldName} is required.` : "This field is required.";
+    }
+    if (!/^\d+$/.test(value.trim())) {
+      return fieldName ? `${fieldName} must contain only numbers.` : "Must contain only numbers.";
+    }
+    return null;
+  }
+  /**
+   * Validates that a value contains only letters
+   * @param value - The value to validate
+   * @param fieldName - Optional field name for error message
+   */
+  alphabetic(value, fieldName) {
+    if (!value || typeof value !== "string") {
+      return fieldName ? `${fieldName} is required.` : "This field is required.";
+    }
+    if (!/^[a-zA-Z\s]+$/.test(value.trim())) {
+      return fieldName ? `${fieldName} must contain only letters and spaces.` : "Must contain only letters and spaces.";
+    }
+    return null;
+  }
+  /**
+   * Validates that a value contains only letters and numbers
+   * @param value - The value to validate
+   * @param fieldName - Optional field name for error message
+   */
+  alphanumeric(value, fieldName) {
+    if (!value || typeof value !== "string") {
+      return fieldName ? `${fieldName} is required.` : "This field is required.";
+    }
+    if (!/^[a-zA-Z0-9\s]+$/.test(value.trim())) {
+      return fieldName ? `${fieldName} must contain only letters, numbers, and spaces.` : "Must contain only letters, numbers, and spaces.";
+    }
+    return null;
+  }
+  /**
+   * Validates URL format
+   * @param url - The URL to validate
+   */
+  url(url) {
+    if (!url || typeof url !== "string") {
+      return "Please enter a valid URL.";
+    }
+    const trimmed = url.trim();
+    try {
+      const urlObj = new URL(trimmed);
+      if (urlObj.hostname === "" || urlObj.hostname.startsWith(".") || urlObj.hostname.endsWith(".")) {
+        return "Please enter a valid URL.";
+      }
+      return null;
+    } catch {
+      return "Please enter a valid URL.";
+    }
+  }
+  /**
+   * Validates postal code based on country
+   * @param code - The postal code to validate
+   * @param country - Country code (default: US)
+   */
+  postal_code(code, country = "US") {
+    if (!code || typeof code !== "string") {
+      return "Please enter a valid postal code.";
+    }
+    const cleanCode = code.trim();
+    switch (country.toUpperCase()) {
+      case "US":
+        if (!/^\d{5}(-\d{4})?$/.test(cleanCode)) {
+          return "Please enter a valid US ZIP code (e.g., 12345 or 12345-6789).";
+        }
+        break;
+      case "CA":
+        if (!/^[A-Za-z]\d[A-Za-z] \d[A-Za-z]\d$/.test(cleanCode)) {
+          return "Please enter a valid Canadian postal code (e.g., A1A 1A1).";
+        }
+        break;
+      case "UK":
+      case "GB":
+        if (!/^[A-Za-z]{1,2}\d[A-Za-z\d]?\s\d[A-Za-z]{2}$/.test(cleanCode)) {
+          return "Please enter a valid UK postal code (e.g., SW1A 1AA).";
+        }
+        break;
+      default:
+        if (!/^[A-Za-z0-9\s-]{3,10}$/.test(cleanCode)) {
+          return "Please enter a valid postal code.";
+        }
+    }
+    return null;
+  }
+}
+class AlcoreApiError extends Error {
+  constructor(errorCode, errorDescription, statusCode) {
+    super(`Alcore API Error ${errorCode}: ${errorDescription}`);
+    this.name = "AlcoreApiError";
+    this.errorCode = errorCode;
+    this.errorDescription = errorDescription;
+    this.statusCode = statusCode;
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, AlcoreApiError);
+    }
+  }
+  /**
+   * Check if error matches a specific error code
+   */
+  isErrorCode(code) {
+    return this.errorCode === code;
+  }
+  /**
+   * Check if error matches any of the provided error codes
+   */
+  isAnyErrorCode(codes) {
+    return codes.includes(this.errorCode);
+  }
+}
+const AlcoreErrorCodes = {
+  ALVIERE_CORE_NOT_INITIALIZED: "000000",
+  // Authentication errors (100xxx)
+  UNPROCESSABLE_ENCRYPTED_DATA: "100011",
+  WRONG_ENCRYPTED_ENDPOINT: "100012",
+  UNDECRYPTABLE_DATA_AT_ENDPOINT: "100013",
+  DECRYPTED_DATA_UNUSABLE_AT_ENDPOINT: "100014",
+  WRONG_DECRYPTED_ENDPOINT: "100015",
+  WRONG_VERSION_OR_ENDPOINT: "100016",
+  OPERATION_HALTED: "100017",
+  INVALID_REQUEST_PAYLOAD: "100300",
+  INVALID_REQUEST_PAYLOAD_FIELD: "100301",
+  INVALID_PATH_PARAMETER: "100302",
+  INVALID_HEADER: "100303",
+  INVALID_QUERY_PARAMETER: "100304",
+  INVALID_JWT: "100305",
+  AUTH_FAILED: "100306",
+  SESSION_NOT_FOUND: "110000",
+  PARENT_ACCOUNT_NOT_FOUND: "110001",
+  NOT_FOUND: "110002",
+  ACCOUNT_TYPE_NOT_SUPPORTED: "110004",
+  UNDERLYING_API_ERROR: "115000",
+  ACCOUNT_STATUS_NOT_ACTIVE: "115001",
+  ACCOUNT_CHILD_FORBIDDEN: "320129",
+  PARENT_ACCOUNT_NOT_ALLOWED: "320104"
+  // Add more error codes as you discover them from the API
+};
+const AlcoreErrorMessages = {
+  [AlcoreErrorCodes.INVALID_JWT]: "Invalid authentication token. Please log in again.",
+  [AlcoreErrorCodes.AUTH_FAILED]: "Authentication failed. Please check your credentials and try again.",
+  [AlcoreErrorCodes.SESSION_NOT_FOUND]: "Session not found. Please log in again.",
+  [AlcoreErrorCodes.PARENT_ACCOUNT_NOT_FOUND]: "Parent account not found.",
+  [AlcoreErrorCodes.NOT_FOUND]: "Resource not found.",
+  [AlcoreErrorCodes.ACCOUNT_TYPE_NOT_SUPPORTED]: "Account type not supported.",
+  [AlcoreErrorCodes.INVALID_REQUEST_PAYLOAD]: "Invalid request payload. Please check your request and try again.",
+  [AlcoreErrorCodes.INVALID_REQUEST_PAYLOAD_FIELD]: "Invalid request payload field. Please check your request and try again.",
+  [AlcoreErrorCodes.INVALID_PATH_PARAMETER]: "Invalid path parameter. Please check your request and try again.",
+  [AlcoreErrorCodes.INVALID_HEADER]: "Invalid header. Please check your request and try again.",
+  [AlcoreErrorCodes.INVALID_QUERY_PARAMETER]: "Invalid query parameter. Please check your request and try again.",
+  [AlcoreErrorCodes.UNPROCESSABLE_ENCRYPTED_DATA]: "Unprocessable encrypted data. Please check your request and try again.",
+  [AlcoreErrorCodes.WRONG_ENCRYPTED_ENDPOINT]: "Wrong encrypted endpoint. Please check your request and try again.",
+  [AlcoreErrorCodes.UNDECRYPTABLE_DATA_AT_ENDPOINT]: "Undecryptable data at endpoint. Please check your request and try again.",
+  [AlcoreErrorCodes.DECRYPTED_DATA_UNUSABLE_AT_ENDPOINT]: "Decrypted data unusable at endpoint. Please check your request and try again.",
+  [AlcoreErrorCodes.WRONG_DECRYPTED_ENDPOINT]: "Wrong decrypted endpoint. Please check your request and try again.",
+  [AlcoreErrorCodes.WRONG_VERSION_OR_ENDPOINT]: "Wrong version or endpoint. Please check your request and try again.",
+  [AlcoreErrorCodes.OPERATION_HALTED]: "Operation halted. Please check your request and try again.",
+  [AlcoreErrorCodes.UNDERLYING_API_ERROR]: "Underlying API Error. ",
+  [AlcoreErrorCodes.ACCOUNT_STATUS_NOT_ACTIVE]: "Account status not active. Please check your request and try again.",
+  [AlcoreErrorCodes.ACCOUNT_CHILD_FORBIDDEN]: "Used Account can't be used to create a child account.",
+  [AlcoreErrorCodes.PARENT_ACCOUNT_NOT_ALLOWED]: "Parent account not allowed. Please check your request and try again."
+};
+function getErrorMessage(errorCode) {
+  return AlcoreErrorMessages[errorCode] || "An unexpected error occurred. Please try again.";
+}
+const CriticalErrorCodes = [
+  AlcoreErrorCodes.INVALID_JWT,
+  AlcoreErrorCodes.AUTH_FAILED,
+  AlcoreErrorCodes.SESSION_NOT_FOUND,
+  AlcoreErrorCodes.UNPROCESSABLE_ENCRYPTED_DATA,
+  AlcoreErrorCodes.WRONG_ENCRYPTED_ENDPOINT,
+  AlcoreErrorCodes.UNDECRYPTABLE_DATA_AT_ENDPOINT,
+  AlcoreErrorCodes.OPERATION_HALTED,
+  AlcoreErrorCodes.ALVIERE_CORE_NOT_INITIALIZED,
+  AlcoreErrorCodes.UNDERLYING_API_ERROR,
+  AlcoreErrorCodes.ACCOUNT_STATUS_NOT_ACTIVE,
+  AlcoreErrorCodes.ACCOUNT_CHILD_FORBIDDEN,
+  AlcoreErrorCodes.PARENT_ACCOUNT_NOT_ALLOWED
+];
+function isCriticalError(errorCode) {
+  return CriticalErrorCodes.includes(errorCode);
+}
+class AlcoreBase {
+  /**
+   *
+   * @param jwt
+   * @param cryptor
+   * @param logger
+   */
+  constructor(jwt, cryptor, logger) {
+    this.endpoint = "/alcore";
+    this.jwt = jwt;
+    this.cryptor = cryptor;
+    this.domain = getALVIERE_DOMAIN();
+    this.logger = logger;
+    this.logger.debug(`🔐 AlcoreBase initialized with domain: ${this.domain}`);
+  }
+  /**
+   * send
+   */
+  async send(method, endpoint, payload) {
+    const request = {
+      method,
+      endpoint,
+      payload: JSON.stringify(payload)
+    };
+    this.logger.debug("🌐 AlcoreBase: Preparing to send request");
+    this.logger.debug("🌐 Method: " + method);
+    this.logger.debug("🌐 Endpoint: " + endpoint);
+    this.logger.debug("🌐 Domain: " + (this.domain || "undefined"));
+    this.logger.debug("🌐 JWT Token: " + (this.jwt ? "✅ Present" : "❌ Missing"));
+    this.logger.debug("🌐 Payload size: " + JSON.stringify(payload).length + " chars");
+    this.logger.debug(this.jwt);
+    this.logger.debug("DATA TO SEND before encrypt");
+    this.logger.debug(payload);
+    let encryptedData;
+    try {
+      encryptedData = await this.cryptor.encrypt(request);
+      this.logger.debug("🔐 Encryption successful");
+    } catch (encryptError) {
+      this.logger.debug(
+        "❌ Encryption failed: " + (encryptError instanceof Error ? encryptError.message : "Unknown error")
+      );
+      throw encryptError;
+    }
+    this.logger.debug("BASE GATEWAY: posting to " + this.endpoint);
+    this.logger.debug(encryptedData);
+    const url = this.domain + this.endpoint;
+    this.logger.debug("🌐 Full URL: " + url);
+    try {
+      const response = await fetch(url, {
+        method: "post",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: "Bearer " + this.jwt,
+          Version: "2021-11-18"
+        },
+        body: JSON.stringify(encryptedData)
+      });
+      this.logger.debug(
+        "🌐 Response received - Status: " + response.status + " " + response.statusText
+      );
+      this.logger.debug("🌐 Response OK: " + response.ok);
+      if (!response.ok) {
+        let error = await response.json();
+        if (error.p) {
+          error = await this.decrypt(error);
+        }
+        this.logger.debug(
+          "❌ API Error - Code: " + error.error_code + ", Description: " + error.error_description
+        );
+        throw new AlcoreApiError(
+          response.status === 500 ? AlcoreErrorCodes.UNDERLYING_API_ERROR : error.error_code,
+          AlcoreErrorMessages[error.error_code],
+          response.status
+        );
+      }
+      return response;
+    } catch (fetchError) {
+      this.logger.debug(
+        "❌ Fetch failed: " + (fetchError instanceof Error ? fetchError.message : "Unknown error")
+      );
+      throw fetchError;
+    }
+  }
+  /**
+   *
+   * @param data
+   */
+  async decrypt(data) {
+    return this.cryptor.decrypt(data);
+  }
+}
+function getSanitizedBody(data) {
+  const body = {};
+  for (const key in data) {
+    if (Object.prototype.hasOwnProperty.call(data, key)) {
+      const value = data[key];
+      if (!["", null, void 0].includes(value)) {
+        body[key] = value;
+      }
+    }
+  }
+  return body;
+}
+function throwIfApiError(decrypted) {
+  if (decrypted && typeof decrypted === "object" && ("error_code" in decrypted || "error_description" in decrypted)) {
+    const errorMessage = decrypted.error_description || "Unknown API error";
+    const errorCode = decrypted.error_code || "UNKNOWN";
+    throw new Error(`${errorCode}: ${errorMessage}`);
+  }
+  return decrypted;
+}
+function decodeJWTPayload(jwt) {
+  try {
+    const parts = jwt.split(".");
+    if (parts.length !== 3) {
+      return null;
+    }
+    const payload = parts[1];
+    const decoded = atob(payload.replace(/-/g, "+").replace(/_/g, "/"));
+    return JSON.parse(decoded);
+  } catch (error) {
+    console.warn("Failed to decode JWT payload:", error);
+    return null;
+  }
+}
+function extractAlviereConfigFromJWT(jwt) {
+  const payload = decodeJWTPayload(jwt);
+  if (!payload) {
+    return {};
+  }
+  return {
+    domain: payload.api_domain || "https://api.dev.alviere.com"
+  };
+}
+function extractAccountUuidFromJWT(jwt) {
+  const payload = decodeJWTPayload(jwt);
+  if (!payload) {
+    return null;
+  }
+  return payload.sub || null;
+}
+function isJWTExpired(jwt) {
+  const payload = decodeJWTPayload(jwt);
+  if (!payload || !payload.exp) {
+    return true;
+  }
+  const now = Math.floor(Date.now() / 1e3);
+  return payload.exp < now;
+}
+function getJWTExpiration(jwt) {
+  const payload = decodeJWTPayload(jwt);
+  if (!payload || !payload.exp) {
+    return null;
+  }
+  return new Date(payload.exp * 1e3);
+}
+class PaymentsGateway extends AlcoreBase {
+  /**
+   *
+   * @param jwt
+   * @param cryptor
+   */
+  constructor(jwt, cryptor, logger) {
+    super(jwt, cryptor, logger);
+  }
+  async add_card(accountUuid, data) {
+    const endpoint = `/accounts/${accountUuid}/payment-methods/cards`;
+    const response = await this.send("POST", endpoint, data);
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async add_bank_account(accountUuid, data) {
+    const endpoint = `/accounts/${accountUuid}/payment-methods/bank-accounts`;
+    const response = await this.send("POST", endpoint, data);
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async get_bank_accounts(accountUuid) {
+    const endpoint = `/accounts/${accountUuid}/payment-methods/bank-accounts`;
+    const response = await this.send("GET", endpoint, {});
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async delete_bank_account(accountUuid, uuid) {
+    const endpoint = `/accounts/${accountUuid}/payment-methods/bank-accounts/${uuid}`;
+    const response = await this.send("DELETE", endpoint, {});
+    return throwIfApiError(response);
+  }
+}
+class WalletsGateway extends AlcoreBase {
+  constructor(jwt, cryptor, logger) {
+    super(jwt, cryptor, logger);
+  }
+  async listWallets(accountUuid, params) {
+    const query = params ? "?" + new URLSearchParams(
+      Object.entries(params).filter(([_, v]) => v !== void 0)
+    ) : "";
+    const endpoint = `/accounts/${accountUuid}/wallets${query}`;
+    const response = await this.send("GET", endpoint, {});
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  // async getWallet(accountUuid: string, walletUuid: string): Promise<WalletResponse> {
+  //   throw new Error('getWallet not implemented');
+  // }
+  async loadFunds(walletUuid, data) {
+    const endpoint = `/wallets/${walletUuid}/load`;
+    const response = await this.send("POST", endpoint, data);
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  // async withdrawFunds(walletUuid: string, data: WithdrawFundsRequest): Promise<WalletTransactionResponse> {
+  //   throw new Error('withdrawFunds not implemented');
+  // }
+  // async sendFunds(walletUuid: string, data: SendFundsRequest): Promise<WalletTransactionResponse> {
+  //   throw new Error('sendFunds not implemented');
+  // }
+  // async transferFunds(walletUuid: string, data: TransferFundsRequest): Promise<WalletTransactionResponse> {
+  //   throw new Error('transferFunds not implemented');
+  // }
+  // async creditFunds(walletUuid: string, data: CreditFundsRequest): Promise<WalletTransactionResponse> {
+  //   throw new Error('creditFunds not implemented');
+  // }
+  // async creditPromoFunds(walletUuid: string, data: PromoFundsRequest): Promise<WalletTransactionResponse> {
+  //   throw new Error('creditPromoFunds not implemented');
+  // }
+  // async getWalletStatement(walletUuid: string, monthYear: string, scope?: 'DEBITS' | 'CREDITS' | 'FEES' | 'ALL'): Promise<WalletStatementResponse> {
+  //   throw new Error('getWalletStatement not implemented');
+  // }
+}
+class PaymentInstrumentsGateway extends AlcoreBase {
+  constructor(jwt, cryptor, logger) {
+    super(jwt, cryptor, logger);
+  }
+  async createPaymentInstrument(data) {
+    const endpoint = "/payments/payment-instruments";
+    const response = await this.send("POST", endpoint, data);
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async getPaymentInstrument(paymentInstrumentUuid) {
+    const endpoint = `/payments/payment-instruments/${paymentInstrumentUuid}`;
+    const response = await this.send("GET", endpoint, {});
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async deletePaymentInstrument(paymentInstrumentUuid) {
+    const endpoint = `/payments/payment-instruments/${paymentInstrumentUuid}`;
+    await this.send("DELETE", endpoint, {});
+  }
+  async debitFunds(data) {
+    const endpoint = "/payments/debit";
+    const response = await this.send("POST", endpoint, data);
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async listCards(accountUuid, params) {
+    const query = params ? "?" + new URLSearchParams(Object.entries(params).filter(([_, v]) => v !== void 0)) : "";
+    const endpoint = `/accounts/${accountUuid}/payment-methods/cards${query}`;
+    const response = await this.send("GET", endpoint, {});
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+}
+class AccountsGateway extends AlcoreBase {
+  constructor(jwt, cryptor, logger) {
+    super(jwt, cryptor, logger);
+    this.logger.debug("🔐 AccountsGateway initialized");
+  }
+  async createAccount(data) {
+    const endpoint = "/accounts";
+    const response = await this.send("POST", endpoint, data);
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async getAccount(accountUuid) {
+    const endpoint = `/accounts/${accountUuid}`;
+    const response = await this.send("GET", endpoint, {});
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async updateAccount(accountUuid, data) {
+    const endpoint = `/accounts/${accountUuid}`;
+    const response = await this.send("PUT", endpoint, data);
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async deleteAccount(accountUuid) {
+    const endpoint = `/accounts/${accountUuid}`;
+    await this.send("DELETE", endpoint, {});
+  }
+  async listAccounts(params) {
+    const query = params ? "?" + new URLSearchParams(Object.entries(params).filter(([_, v]) => v !== void 0)) : "";
+    const endpoint = `/accounts${query}`;
+    const response = await this.send("GET", endpoint, {});
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async activateAccount(accountUuid) {
+    const endpoint = `/accounts/${accountUuid}/activate`;
+    await this.send("POST", endpoint, {});
+  }
+  async deactivateAccount(accountUuid) {
+    const endpoint = `/accounts/${accountUuid}/deactivate`;
+    await this.send("POST", endpoint, {});
+  }
+  async manageOnboarding(accountUuid, action) {
+    const endpoint = `/accounts/${accountUuid}/onboarding`;
+    await this.send("POST", endpoint, { action });
+  }
+  async createAddress(accountUuid, data) {
+    const endpoint = `/accounts/${accountUuid}/addresses`;
+    const response = await this.send("POST", endpoint, data);
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async getAddresses(accountUuid, params) {
+    const query = params ? "?" + new URLSearchParams(Object.entries(params).filter(([_, v]) => v !== void 0)) : "";
+    const endpoint = `/accounts/${accountUuid}/addresses${query}`;
+    const response = await this.send("GET", endpoint, {});
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async updateAddress(accountUuid, addressUuid, data) {
+    const endpoint = `/accounts/${accountUuid}/addresses/${addressUuid}`;
+    const response = await this.send("PUT", endpoint, data);
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async deleteAddress(accountUuid, addressUuid) {
+    const endpoint = `/accounts/${accountUuid}/addresses/${addressUuid}`;
+    await this.send("DELETE", endpoint, {});
+  }
+  async createDossier(accountUuid, data) {
+    const endpoint = `/accounts/${accountUuid}/dossiers`;
+    const response = await this.send("POST", endpoint, data);
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async getDossiers(accountUuid, params) {
+    const query = params ? "?" + new URLSearchParams(Object.entries(params).filter(([_, v]) => v !== void 0)) : "";
+    const endpoint = `/accounts/${accountUuid}/dossiers${query}`;
+    const response = await this.send("GET", endpoint, {});
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async getDossier(accountUuid, dossierUuid) {
+    const endpoint = `/accounts/${accountUuid}/dossiers/${dossierUuid}`;
+    const response = await this.send("GET", endpoint, {});
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async updateDossier(accountUuid, dossierUuid, data) {
+    const endpoint = `/accounts/${accountUuid}/dossiers/${dossierUuid}`;
+    const response = await this.send("PUT", endpoint, data);
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async replaceDossier(accountUuid, dossierUuid, data) {
+    const endpoint = `/accounts/${accountUuid}/dossiers/${dossierUuid}`;
+    const response = await this.send("PATCH", endpoint, data);
+    const encrypted = await response.json();
+    const decrypted = await this.decrypt(encrypted);
+    return throwIfApiError(decrypted);
+  }
+  async deleteDossier(accountUuid, dossierUuid) {
+    const endpoint = `/accounts/${accountUuid}/dossiers/${dossierUuid}`;
+    await this.send("DELETE", endpoint, {});
+  }
+}
+class AuthGateway extends AlcoreBase {
+  constructor(jwt, cryptor, logger) {
+    super(jwt, cryptor, logger);
+    this.logger.debug(`🔐 AuthGateway initialized`);
+  }
+  /**
+   * Generate scoped JWT for specific account (JWT downgrade)
+   * Exchanges business-level JWT for consumer-level JWT
+   * Uses AlcoreBase.send() to follow the same pattern as all other gateways:
+   * - Endpoint passed in encrypted payload
+   * - Request sent to /alcore (not /alcore/v3/auth)
+   * - Middleware handles routing
+   *
+   * @param data - Request containing account_uuid to scope to
+   * @returns New scoped JWT token
+   */
+  async generateScopedToken(data) {
+    this.logger.debug("🔐 AuthGateway: Generating scoped token");
+    this.logger.debug("🌐 Endpoint: /v3/auth");
+    this.logger.debug("🌐 Account UUID: " + data.account_uuid);
+    const response = await this.send("POST", "/v3/auth", data);
+    const decryptedResponse = await this.decrypt(await response.json());
+    this.logger.debug("✅ Scoped token generated successfully");
+    return decryptedResponse;
+  }
+}
+class WalletsApiService {
+  constructor(gateway) {
+    this.gateway = gateway;
+  }
+  async listWallets(accountUuid, params) {
+    return this.gateway.listWallets(accountUuid, params);
+  }
+  async loadFunds(walletUuid, params) {
+    return this.gateway.loadFunds(walletUuid, params);
+  }
+}
+class PaymentInstrumentsApiService {
+  constructor(gateway) {
+    this.gateway = gateway;
+  }
+  async createPaymentInstrument(data) {
+    return this.gateway.createPaymentInstrument(data);
+  }
+  async getPaymentInstrument(paymentInstrumentUuid) {
+    return this.gateway.getPaymentInstrument(paymentInstrumentUuid);
+  }
+  async deletePaymentInstrument(paymentInstrumentUuid) {
+    return this.gateway.deletePaymentInstrument(paymentInstrumentUuid);
+  }
+  async debitFunds(data) {
+    return this.gateway.debitFunds(data);
+  }
+  async listCards(accountUuid, params) {
+    return this.gateway.listCards(accountUuid, params);
+  }
+}
+class AccountsApiService {
+  constructor(gateway) {
+    this.gateway = gateway;
+  }
+  async createAccount(data) {
+    return this.gateway.createAccount(data);
+  }
+  async getAccount(accountUuid) {
+    return this.gateway.getAccount(accountUuid);
+  }
+  async updateAccount(accountUuid, data) {
+    return this.gateway.updateAccount(accountUuid, data);
+  }
+  async deleteAccount(accountUuid) {
+    return this.gateway.deleteAccount(accountUuid);
+  }
+  async listAccounts(params) {
+    return this.gateway.listAccounts(params);
+  }
+  async activateAccount(accountUuid) {
+    return this.gateway.activateAccount(accountUuid);
+  }
+  async deactivateAccount(accountUuid) {
+    return this.gateway.deactivateAccount(accountUuid);
+  }
+  async manageOnboarding(accountUuid, action) {
+    return this.gateway.manageOnboarding(accountUuid, action);
+  }
+  async createAddress(accountUuid, data) {
+    return this.gateway.createAddress(accountUuid, data);
+  }
+  async getAddresses(accountUuid, params) {
+    return this.gateway.getAddresses(accountUuid, params);
+  }
+  async updateAddress(accountUuid, addressUuid, data) {
+    return this.gateway.updateAddress(accountUuid, addressUuid, data);
+  }
+  async deleteAddress(accountUuid, addressUuid) {
+    return this.gateway.deleteAddress(accountUuid, addressUuid);
+  }
+  async createDossier(accountUuid, data) {
+    return this.gateway.createDossier(accountUuid, data);
+  }
+  async getDossiers(accountUuid, params) {
+    return this.gateway.getDossiers(accountUuid, params);
+  }
+  async getDossier(accountUuid, dossierUuid) {
+    return this.gateway.getDossier(accountUuid, dossierUuid);
+  }
+  async updateDossier(accountUuid, dossierUuid, data) {
+    return this.gateway.updateDossier(accountUuid, dossierUuid, data);
+  }
+  async replaceDossier(accountUuid, dossierUuid, data) {
+    return this.gateway.replaceDossier(accountUuid, dossierUuid, data);
+  }
+  async deleteDossier(accountUuid, dossierUuid) {
+    return this.gateway.deleteDossier(accountUuid, dossierUuid);
+  }
+}
+class PaymentProcessor {
+  constructor(gateway, logger) {
+    this.gateway = gateway;
+    this.logger = logger;
+  }
+  /**
+   * Process an add card request through the gateway
+   */
+  async processAddCard(accountUuid, request) {
+    this.logger.debug("PaymentProcessor: Starting add card processing");
+    this.logger.debug("PaymentProcessor: Request data: " + JSON.stringify(request, null, 2));
+    try {
+      const result = await this.gateway.add_card(accountUuid, request);
+      this.logger.debug("PaymentProcessor: Add card processing completed successfully");
+      return result;
+    } catch (error) {
+      this.logger.debug("PaymentProcessor: Add card processing failed");
+      this.logger.debug("PaymentProcessor: Error details: " + JSON.stringify(error));
+      throw error;
+    }
+  }
+  /**
+   * Validate that a request has all required fields before processing
+   */
+  validateRequest(request) {
+    const requiredFields = [
+      "external_id",
+      "pan",
+      "exp_year",
+      "exp_month",
+      "postal_code",
+      "security_code"
+    ];
+    for (const field of requiredFields) {
+      if (!request[field]) {
+        throw new Error(`Missing required field: ${field}`);
+      }
+    }
+    this.logger.debug("PaymentProcessor: Request validation passed");
+  }
+  /**
+   * Process payment with pre-validation
+   */
+  async processAddCardWithValidation(accountUuid, request) {
+    this.logger.debug("PaymentProcessor: Starting add card processing with validation");
+    this.validateRequest(request);
+    return await this.processAddCard(accountUuid, request);
+  }
+  /**
+   * Process an add bank account request through the gateway
+   */
+  async processAddBankAccount(accountUuid, request) {
+    this.logger.debug("PaymentProcessor: Starting add bank account processing");
+    this.logger.debug("PaymentProcessor: Request data: " + JSON.stringify(request, null, 2));
+    try {
+      const result = await this.gateway.add_bank_account(accountUuid, request);
+      this.logger.debug("PaymentProcessor: Add bank account processing completed successfully");
+      return result;
+    } catch (error) {
+      this.logger.debug("PaymentProcessor: Add bank account processing failed");
+      this.logger.debug("PaymentProcessor: Error details: " + JSON.stringify(error));
+      throw error;
+    }
+  }
+  /**
+   * Validate that a bank account request has all required fields before processing
+   */
+  validateBankAccountRequest(request) {
+    const requiredFields = [
+      "external_id",
+      "country",
+      "currency",
+      "bank_account_details"
+    ];
+    for (const field of requiredFields) {
+      if (!request[field]) {
+        throw new Error(`Missing required field: ${field}`);
+      }
+    }
+    this.logger.debug("PaymentProcessor: Bank account request validation passed");
+  }
+  /**
+   * Process bank account addition with pre-validation
+   */
+  async processAddBankAccountWithValidation(accountUuid, request) {
+    this.logger.debug("PaymentProcessor: Starting add bank account processing with validation");
+    this.validateBankAccountRequest(request);
+    return await this.processAddBankAccount(accountUuid, request);
+  }
+  async processGetBankAccounts(accountUuid) {
+    this.logger.debug("PaymentProcessor: Starting get bank accounts processing");
+    try {
+      const result = await this.gateway.get_bank_accounts(accountUuid);
+      this.logger.debug("PaymentProcessor: Get bank accounts processing completed successfully");
+      return result;
+    } catch (error) {
+      this.logger.debug("PaymentProcessor: Get bank accounts processing failed");
+      this.logger.debug("PaymentProcessor: Error details: " + JSON.stringify(error));
+      throw error;
+    }
+  }
+  async processDeleteBankAccount(accountUuid, uuid) {
+    this.logger.debug("PaymentProcessor: Starting delete bank account processing");
+    try {
+      const result = await this.gateway.delete_bank_account(accountUuid, uuid);
+      this.logger.debug("PaymentProcessor: Delete bank account processing completed successfully");
+      return result;
+    } catch (error) {
+      this.logger.debug("PaymentProcessor: Delete bank account processing failed");
+      this.logger.debug("PaymentProcessor: Error details: " + JSON.stringify(error));
+      throw error;
+    }
+  }
+}
+function NewAddCardRequest(params) {
+  const { external_id, name, pan, expiry, code, zip } = params;
+  const expiryParts = expiry.split("/");
+  const month = expiryParts[0];
+  const year = expiryParts[1];
+  let data = {
+    external_id,
+    pan,
+    exp_year: year,
+    exp_month: month,
+    security_code: code,
+    postal_code: zip,
+    name_on_card: name
+  };
+  data = getSanitizedBody(data);
+  return data;
+}
+function NewPaymentInstrumentRequest(accountUuid, paymentInstrumentType, cardDetails, externalId, metadata) {
+  return {
+    account_uuid: accountUuid,
+    external_id: externalId,
+    payment_instrument_type: paymentInstrumentType,
+    payment_instrument_details: {
+      card: cardDetails
+    },
+    metadata
+  };
+}
+function NewCardInstrumentFromForm(pan, expiry, securityCode, nameOnCard, addressLine1, city, state, postal_code, country, addressLine2, phoneNumber, emailAddress) {
+  const expiryParts = expiry.split("/");
+  const exp_month = expiryParts[0];
+  const exp_year = expiryParts[1];
+  return {
+    pan: pan.replace(/\s/g, ""),
+    // Remove spaces
+    exp_month,
+    exp_year,
+    security_code: securityCode,
+    name_on_card: nameOnCard,
+    phone_number: phoneNumber,
+    email_address: emailAddress,
+    billing_address: {
+      line_1: addressLine1,
+      line_2: addressLine2,
+      city,
+      state,
+      postal_code,
+      country
+    }
+  };
+}
+function NewDebitFundsRequest(walletUuid, externalId, amount, currency, merchantDetails, authType = "AUTHCAP", paymentInstrumentUuid, paymentInstrument, description, threeDSOptions, metadata) {
+  return {
+    wallet_uuid: walletUuid,
+    external_id: externalId,
+    amount,
+    currency,
+    auth_type: authType,
+    payment_instrument_uuid: paymentInstrumentUuid,
+    payment_instrument: paymentInstrument,
+    description,
+    merchant_details: merchantDetails,
+    "3ds_options": threeDSOptions,
+    metadata
+  };
+}
+function createDefaultMerchantDetails() {
+  return {
+    name: "Demo Merchant Store",
+    merchant_id: "DEMO_MERCHANT_001"
+  };
+}
+function NewAddBankAccountRequest(params) {
+  const { external_id, country, currency, bank_account_details, metadata } = params;
+  let data = {
+    external_id,
+    country,
+    currency,
+    bank_account_details,
+    metadata
+  };
+  data = getSanitizedBody(data);
+  return data;
+}
+function NewLoadFundsRequest(params) {
+  const data = {
+    payment_method_uuid: params.payment_method_uuid,
+    amount: params.amount,
+    external_id: params.external_id,
+    service_fees: params.service_fees,
+    transaction_options: params.transaction_options,
+    metadata: params.metadata
+  };
+  return getSanitizedBody(data);
+}
+function NewWithdrawFundsRequest(params) {
+  const data = {
+    payment_method_uuid: params.payment_method_uuid,
+    amount: params.amount,
+    external_id: params.external_id,
+    service_fees: params.service_fees,
+    transaction_options: params.transaction_options,
+    metadata: params.metadata
+  };
+  return getSanitizedBody(data);
+}
+function NewSendFundsRequest(params) {
+  const data = {
+    destination_wallet_uuid: params.destination_wallet_uuid,
+    external_id: params.external_id,
+    amount: params.amount,
+    service_fees: params.service_fees,
+    description: params.description,
+    metadata: params.metadata
+  };
+  return getSanitizedBody(data);
+}
+function NewTransferFundsRequest(params) {
+  const data = {
+    beneficiary_uuid: params.beneficiary_uuid,
+    payout_method_uuid: params.payout_method_uuid,
+    amount: params.amount,
+    service_fees: params.service_fees,
+    description: params.description,
+    external_id: params.external_id,
+    metadata: params.metadata
+  };
+  return getSanitizedBody(data);
+}
+function NewCreditFundsRequest(params) {
+  const data = {
+    amount: params.amount,
+    currency: params.currency,
+    external_id: params.external_id,
+    vault_name: params.vault_name,
+    metadata: params.metadata
+  };
+  return getSanitizedBody(data);
+}
+function NewPromoFundsRequest(params) {
+  const data = {
+    amount: params.amount,
+    external_id: params.external_id,
+    description: params.description,
+    metadata: params.metadata
+  };
+  return getSanitizedBody(data);
+}
+function NewAccountRequest(params) {
+  const data = {
+    external_id: params.external_id,
+    account_type: params.account_type,
+    profile: params.profile,
+    information: params.information,
+    primary_address: params.primary_address,
+    business_account_uuid: params.business_account_uuid,
+    parent_account_uuid: params.parent_account_uuid,
+    metadata: params.metadata
+  };
+  return getSanitizedBody(data);
+}
+function NewAddressRequest(params) {
+  const data = {
+    label: params.label,
+    line_1: params.line_1,
+    line_2: params.line_2,
+    city: params.city,
+    state: params.state,
+    postal_code: params.postal_code,
+    country: params.country,
+    primary: params.primary,
+    external_id: params.external_id
+  };
+  return getSanitizedBody(data);
+}
+function NewGenerateMobileTokenRequest(params) {
+  const data = {
+    account_uuid: params.account_uuid,
+    with_plaid_sdk_token: params.with_plaid_sdk_token
+  };
+  return getSanitizedBody(data);
+}
+function NewGeneratePlaidTokenRequest(params) {
+  const data = {
+    account_uuid: params.account_uuid,
+    platform: params.platform,
+    payment_method_uuid: params.payment_method_uuid
+  };
+  return getSanitizedBody(data);
+}
+function NewGenerateWebSessionRequest(params) {
+  const data = {
+    account_uuid: params.account_uuid
+  };
+  return getSanitizedBody(data);
+}
+function NewGeneratePdsTokenRequest(params) {
+  const data = {
+    wallet_uuid: params.wallet_uuid
+  };
+  return getSanitizedBody(data);
+}
+function NewGenerateScopedTokenRequest(params) {
+  return {
+    account_uuid: params.account_uuid
+  };
+}
+function NewDossierRequest(params) {
+  const data = {
+    external_id: params.external_id,
+    documents: params.documents,
+    metadata: params.metadata
+  };
+  return getSanitizedBody(data);
+}
+function NewDossierReplaceRequest(params) {
+  const data = {
+    external_id: params.external_id,
+    documents: params.documents,
+    metadata: params.metadata
+  };
+  return getSanitizedBody(data);
+}
+class BaseFieldPlugin {
+  constructor() {
+    this.eventListeners = /* @__PURE__ */ new Map();
+    this.configs = /* @__PURE__ */ new Map();
+  }
+  /**
+   * Default sanitization - remove leading/trailing whitespace
+   */
+  sanitize(value, config) {
+    return value.trim();
+  }
+  /**
+   * Default raw value - just remove formatting spaces
+   */
+  getRawValue(formattedValue, config) {
+    return formattedValue.replace(/\s/g, "");
+  }
+  /**
+   * Mount plugin to DOM element with event listeners
+   */
+  mount(element, config) {
+    const finalConfig = { ...this.getDefaultConfig(), ...config };
+    this.configs.set(element, finalConfig);
+    const listeners = /* @__PURE__ */ new Map();
+    this.eventListeners.set(element, listeners);
+    if (element instanceof HTMLInputElement) {
+      this.setupInputElement(element, finalConfig);
+    }
+    this.onMount?.(element, finalConfig);
+  }
+  /**
+   * Unmount plugin from DOM element
+   */
+  unmount(element) {
+    const listeners = this.eventListeners.get(element);
+    if (listeners) {
+      listeners.forEach((listener, event) => {
+        element.removeEventListener(event, listener);
+      });
+      this.eventListeners.delete(element);
+    }
+    this.configs.delete(element);
+    this.onUnmount?.(element);
+  }
+  /**
+   * Setup event listeners for input elements
+   */
+  setupInputElement(input, config) {
+    const listeners = this.eventListeners.get(input);
+    if (config.formatOnType) {
+      const inputListener = (e) => {
+        const target = e.target;
+        const result = this.format(target.value, config);
+        if (result.formattedValue !== target.value) {
+          target.value = result.formattedValue;
+          if (result.cursorPosition !== void 0) {
+            target.setSelectionRange(result.cursorPosition, result.cursorPosition);
+          }
+        }
+      };
+      input.addEventListener("input", inputListener);
+      listeners.set("input", inputListener);
+    }
+    if (config.validateOnBlur) {
+      const blurListener = (e) => {
+        const target = e.target;
+        const validation = this.validate(target.value, config);
+        this.displayValidation(target, validation, config);
+      };
+      input.addEventListener("blur", blurListener);
+      listeners.set("blur", blurListener);
+    }
+    if (config.validateOnType) {
+      const validateListener = (e) => {
+        const target = e.target;
+        const validation = this.validate(target.value, config);
+        this.displayValidation(target, validation, config);
+      };
+      input.addEventListener("input", validateListener);
+      listeners.set("input-validate", validateListener);
+    }
+    if (config.placeholder) input.placeholder = config.placeholder;
+    if (config.maxLength) input.maxLength = config.maxLength;
+    if (config.ariaLabel) input.setAttribute("aria-label", config.ariaLabel);
+    if (config.ariaDescribedBy) input.setAttribute("aria-describedby", config.ariaDescribedBy);
+  }
+  /**
+   * Display validation results on the element
+   */
+  displayValidation(element, result, config) {
+    if (!config.showErrorsInline) return;
+    if (config.errorClassName) element.classList.remove(config.errorClassName);
+    if (config.successClassName) element.classList.remove(config.successClassName);
+    if (result.isValid && config.successClassName) {
+      element.classList.add(config.successClassName);
+    } else if (!result.isValid && config.errorClassName) {
+      element.classList.add(config.errorClassName);
+    }
+    this.updateErrorMessage(element, result.error);
+  }
+  /**
+   * Update error message display
+   */
+  updateErrorMessage(element, error) {
+    let errorElement = element.parentElement?.querySelector(".alviere-field-error");
+    if (error) {
+      if (!errorElement) {
+        errorElement = document.createElement("div");
+        errorElement.className = "alviere-field-error";
+        element.parentElement?.appendChild(errorElement);
+      }
+      errorElement.textContent = error;
+      errorElement.style.display = "block";
+    } else if (errorElement) {
+      errorElement.style.display = "none";
+    }
+  }
+  /**
+   * Get default configuration for this plugin
+   */
+  getDefaultConfig() {
+    return {
+      validateOnBlur: true,
+      formatOnType: true,
+      showErrorsInline: true,
+      errorClassName: "alviere-field-error",
+      successClassName: "alviere-field-success"
+    };
+  }
+}
+const CARD_TYPES = {
+  visa: {
+    name: "Visa",
+    pattern: /^4/,
+    gaps: [4, 8, 12],
+    lengths: [13, 16, 19],
+    code: { name: "CVV", size: 3 }
+  },
+  mastercard: {
+    name: "Mastercard",
+    pattern: /^(5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)/,
+    gaps: [4, 8, 12],
+    lengths: [16],
+    code: { name: "CVC", size: 3 }
+  },
+  amex: {
+    name: "American Express",
+    pattern: /^3[47]/,
+    gaps: [4, 10],
+    lengths: [15],
+    code: { name: "CID", size: 4 }
+  },
+  diners: {
+    name: "Diners Club",
+    pattern: /^3[0689]/,
+    gaps: [4, 10],
+    lengths: [14],
+    code: { name: "CVV", size: 3 }
+  },
+  discover: {
+    name: "Discover",
+    pattern: /^6([045]|22)/,
+    gaps: [4, 8, 12],
+    lengths: [16, 19],
+    code: { name: "CID", size: 3 }
+  },
+  jcb: {
+    name: "JCB",
+    pattern: /^35/,
+    gaps: [4, 8, 12],
+    lengths: [16],
+    code: { name: "CVV", size: 3 }
+  }
+};
+class CardNumberPlugin extends BaseFieldPlugin {
+  constructor() {
+    super(...arguments);
+    this.name = "card-number";
+    this.version = "1.0.0";
+    this.description = "Credit card number formatting and validation";
+    this.currentCardType = null;
+  }
+  /**
+   * Validate card number using Luhn algorithm and card type patterns
+   */
+  validate(value, config) {
+    const sanitized = this.sanitize(value);
+    if (!sanitized) {
+      return { isValid: false, error: "Card number is required" };
+    }
+    if (!/^\d+$/.test(sanitized)) {
+      return { isValid: false, error: "Card number must contain only digits" };
+    }
+    const cardType = this.detectCardType(sanitized);
+    this.currentCardType = cardType;
+    if (!cardType) {
+      return { isValid: false, error: "Invalid card number format" };
+    }
+    if (!cardType.lengths.includes(sanitized.length)) {
+      const expectedLengths = cardType.lengths.join(" or ");
+      return {
+        isValid: false,
+        error: `${cardType.name} card numbers must be ${expectedLengths} digits long`
+      };
+    }
+    if (!this.luhnCheck(sanitized)) {
+      return { isValid: false, error: "Invalid card number" };
+    }
+    if (config?.customValidation) {
+      const customError = config.customValidation(value);
+      if (customError) {
+        return { isValid: false, error: customError };
+      }
+    }
+    return {
+      isValid: true,
+      suggestions: [`${cardType.name} ending in ${sanitized.slice(-4)}`]
+    };
+  }
+  /**
+   * Format card number with appropriate spacing based on card type
+   */
+  format(value, config) {
+    const sanitized = this.sanitize(value);
+    const cardType = this.detectCardType(sanitized) || CARD_TYPES.visa;
+    let formatted = "";
+    let spacesAdded = 0;
+    for (let i = 0; i < sanitized.length; i++) {
+      if (cardType.gaps.includes(i)) {
+        formatted += " ";
+        spacesAdded++;
+      }
+      formatted += sanitized[i];
+    }
+    const cursorPosition = sanitized.length + spacesAdded;
+    return {
+      formattedValue: formatted,
+      cursorPosition
+    };
+  }
+  /**
+   * Remove all non-digit characters
+   */
+  sanitize(value, config) {
+    return value.replace(/\D/g, "");
+  }
+  /**
+   * Get raw value without formatting spaces
+   */
+  getRawValue(formattedValue, config) {
+    return this.sanitize(formattedValue);
+  }
+  /**
+   * Check if this plugin can handle the field type
+   */
+  canHandle(fieldType) {
+    return ["card-number", "cardNumber", "pan", "credit-card"].includes(fieldType);
+  }
+  /**
+   * Get plugin-specific default configuration
+   */
+  getDefaultConfig() {
+    return {
+      ...super.getDefaultConfig(),
+      validateOnType: true,
+      formatOnType: true,
+      placeholder: "1234 5678 9012 3456",
+      maxLength: 23,
+      // Max formatted length for 19-digit cards with spaces
+      ariaLabel: "Credit card number"
+    };
+  }
+  /**
+   * Detect card type based on number pattern
+   */
+  detectCardType(cardNumber) {
+    for (const [key, cardType] of Object.entries(CARD_TYPES)) {
+      if (cardType.pattern.test(cardNumber)) {
+        return cardType;
+      }
+    }
+    return null;
+  }
+  /**
+   * Get the detected card type
+   */
+  getCardType() {
+    return this.currentCardType;
+  }
+  /**
+   * Validate card number using Luhn algorithm
+   */
+  luhnCheck(cardNumber) {
+    let sum = 0;
+    let isEven = false;
+    for (let i = cardNumber.length - 1; i >= 0; i--) {
+      let digit = parseInt(cardNumber.charAt(i), 10);
+      if (isEven) {
+        digit *= 2;
+        if (digit > 9) {
+          digit -= 9;
+        }
+      }
+      sum += digit;
+      isEven = !isEven;
+    }
+    return sum % 10 === 0;
+  }
+  /**
+   * Enhanced mount with card type detection
+   */
+  onMount(element, config) {
+    if (element instanceof HTMLInputElement) {
+      const cardTypeListener = (e) => {
+        const target = e.target;
+        const sanitized = this.sanitize(target.value);
+        const cardType = this.detectCardType(sanitized);
+        if (cardType !== this.currentCardType) {
+          this.currentCardType = cardType;
+          element.dispatchEvent(new CustomEvent("cardTypeChange", {
+            detail: { cardType, element },
+            bubbles: true
+            // Allow event to bubble up to document
+          }));
+        }
+        if (cardType) {
+          const maxFormattedLength = Math.max(...cardType.lengths) + cardType.gaps.length;
+          target.maxLength = maxFormattedLength;
+        }
+      };
+      element.addEventListener("input", cardTypeListener);
+      const listeners = this.eventListeners.get(element);
+      if (listeners) {
+        listeners.set("cardTypeDetection", cardTypeListener);
+      }
+    }
+  }
+}
+class FieldPluginRegistry {
+  constructor(config = {}) {
+    this.plugins = /* @__PURE__ */ new Map();
+    this.fieldTypeCache = /* @__PURE__ */ new Map();
+    this.config = {
+      autoRegisterBuiltins: true,
+      enablePluginValidation: true,
+      ...config
+    };
+    this.logger = config.logger;
+    if (this.config.autoRegisterBuiltins) {
+      this.registerBuiltinPlugins();
+    }
+    this.logger?.debug("🔐 FieldPluginRegistry initialized");
+  }
+  /**
+   * Register a field plugin
+   */
+  register(plugin) {
+    if (this.config.enablePluginValidation) {
+      this.validatePlugin(plugin);
+    }
+    this.plugins.set(plugin.name, plugin);
+    this.fieldTypeCache.clear();
+    this.logger?.debug(`FieldPluginRegistry: Registered plugin '${plugin.name}' v${plugin.version}`);
+  }
+  /**
+   * Unregister a field plugin
+   */
+  unregister(pluginName) {
+    const removed = this.plugins.delete(pluginName);
+    if (removed) {
+      this.fieldTypeCache.clear();
+      this.logger?.debug(`FieldPluginRegistry: Unregistered plugin '${pluginName}'`);
+    }
+    return removed;
+  }
+  /**
+   * Get a plugin by name
+   */
+  getPlugin(pluginName) {
+    return this.plugins.get(pluginName);
+  }
+  /**
+   * Get plugin for a specific field type (with caching)
+   */
+  getPluginForFieldType(fieldType) {
+    if (this.fieldTypeCache.has(fieldType)) {
+      return this.fieldTypeCache.get(fieldType);
+    }
+    for (const plugin of this.plugins.values()) {
+      if (plugin.canHandle(fieldType)) {
+        this.fieldTypeCache.set(fieldType, plugin);
+        return plugin;
+      }
+    }
+    const textPlugin = this.plugins.get("text");
+    if (textPlugin) {
+      this.fieldTypeCache.set(fieldType, textPlugin);
+      return textPlugin;
+    }
+    return void 0;
+  }
+  /**
+   * Get all registered plugins
+   */
+  getAllPlugins() {
+    return Array.from(this.plugins.values());
+  }
+  /**
+   * Get plugin names
+   */
+  getPluginNames() {
+    return Array.from(this.plugins.keys());
+  }
+  /**
+   * Check if a plugin is registered
+   */
+  hasPlugin(pluginName) {
+    return this.plugins.has(pluginName);
+  }
+  /**
+   * Get supported field types across all plugins
+   */
+  getSupportedFieldTypes() {
+    const fieldTypes = /* @__PURE__ */ new Set();
+    const commonFieldTypes = [
+      "card-number",
+      "cardNumber",
+      "pan",
+      "expiry",
+      "expiry-date",
+      "expiryDate",
+      "cvv",
+      "cvc",
+      "code",
+      "zip",
+      "zip-code",
+      "postal-code",
+      "text",
+      "name",
+      "cardholder-name"
+    ];
+    for (const fieldType of commonFieldTypes) {
+      if (this.getPluginForFieldType(fieldType)) {
+        fieldTypes.add(fieldType);
+      }
+    }
+    return Array.from(fieldTypes);
+  }
+  /**
+   * Create and mount a plugin for an element
+   */
+  mountPlugin(element, fieldType, config) {
+    const plugin = this.getPluginForFieldType(fieldType);
+    if (!plugin) {
+      this.logger?.warn(`FieldPluginRegistry: No plugin found for field type '${fieldType}'`);
+      return null;
+    }
+    try {
+      plugin.mount(element, config);
+      this.logger?.debug(`FieldPluginRegistry: Mounted '${plugin.name}' plugin on element for field type '${fieldType}'`);
+      return plugin;
+    } catch (error) {
+      this.logger?.error(`FieldPluginRegistry: Failed to mount plugin '${plugin.name}': ${error instanceof Error ? error.message : String(error)}`);
+      return null;
+    }
+  }
+  /**
+   * Unmount plugin from an element
+   */
+  unmountPlugin(element, fieldType) {
+    const plugin = this.getPluginForFieldType(fieldType);
+    if (!plugin) {
+      return false;
+    }
+    try {
+      plugin.unmount(element);
+      this.logger?.debug(`FieldPluginRegistry: Unmounted '${plugin.name}' plugin from element`);
+      return true;
+    } catch (error) {
+      this.logger?.error(`FieldPluginRegistry: Failed to unmount plugin '${plugin.name}': ${error instanceof Error ? error.message : String(error)}`);
+      return false;
+    }
+  }
+  /**
+   * Get plugin registry statistics
+   */
+  getStats() {
+    return {
+      totalPlugins: this.plugins.size,
+      pluginNames: this.getPluginNames(),
+      supportedFieldTypes: this.getSupportedFieldTypes(),
+      cacheSize: this.fieldTypeCache.size
+    };
+  }
+  /**
+   * Clear all caches
+   */
+  clearCaches() {
+    this.fieldTypeCache.clear();
+  }
+  /**
+   * Register all built-in plugins
+   *
+   * Note: ALL plugins are currently disabled as they have no active consumers.
+   * - ui-svelte implements its own card handling in CardPanInput.svelte
+   * - CardNumberPlugin was only used in its own tests
+   * - Other plugins (ExpiryDatePlugin, CVVPlugin, TextPlugin, ZipCodePlugin) were never activated
+   *
+   * The plugin system remains as a future architecture option if needed.
+   *
+   * To re-enable plugins in the future:
+   * 1. Uncomment the imports at the top of this file
+   * 2. Add plugin instances to the builtinPlugins array below
+   * 3. Ensure tests exist for the plugins
+   * 4. Update vitest.config.ts to remove them from coverage exclusions
+   * 5. Update consuming code to actually use the plugins
+   */
+  registerBuiltinPlugins() {
+    const builtinPlugins = [
+      // All plugins disabled - no active consumers
+      // new CardNumberPlugin(),
+      // new ExpiryDatePlugin(),
+      // new CVVPlugin(),
+      // new TextPlugin(),
+      // new ZipCodePlugin()
+    ];
+    for (const plugin of builtinPlugins) {
+      this.register(plugin);
+    }
+  }
+  /**
+   * Validate plugin before registration
+   */
+  validatePlugin(plugin) {
+    if (!plugin.name || typeof plugin.name !== "string") {
+      throw new Error("Plugin must have a valid name");
+    }
+    if (!plugin.version || typeof plugin.version !== "string") {
+      throw new Error("Plugin must have a valid version");
+    }
+    if (typeof plugin.validate !== "function") {
+      throw new Error("Plugin must implement validate method");
+    }
+    if (typeof plugin.format !== "function") {
+      throw new Error("Plugin must implement format method");
+    }
+    if (typeof plugin.sanitize !== "function") {
+      throw new Error("Plugin must implement sanitize method");
+    }
+    if (typeof plugin.canHandle !== "function") {
+      throw new Error("Plugin must implement canHandle method");
+    }
+    if (typeof plugin.mount !== "function") {
+      throw new Error("Plugin must implement mount method");
+    }
+    if (typeof plugin.unmount !== "function") {
+      throw new Error("Plugin must implement unmount method");
+    }
+    if (this.plugins.has(plugin.name)) {
+      this.logger?.warn(`FieldPluginRegistry: Plugin '${plugin.name}' is already registered and will be replaced`);
+    }
+  }
+}
+class AlviereCore {
+  constructor(config = {}) {
+    this.authToken = "";
+    this.business_uuid = "";
+    this.account_uuid = "";
+    this.cryptor = null;
+    this.gateways = /* @__PURE__ */ new Map();
+    this.jwt = config.jwt || "";
+    this.debug = config.debug || false;
+    this.publicCertificate = config.publicCertificate || "";
+    this.publicCertificateId = config.publicCertificateId || "";
+    this.business_uuid = config.business_uuid || "";
+    this.logger = new Logger(this.debug);
+    this.logger.debug(`🔐 AlviereCore constructor called with config: ${JSON.stringify(config)}`);
+    if (this.jwt) {
+      const jwtConfig = extractAlviereConfigFromJWT(this.jwt);
+      if (config.jwt) {
+        setRuntimeConfig({
+          ...jwtConfig,
+          certificate: { id: this.publicCertificateId, public_key: this.publicCertificate }
+        });
+      }
+      const extractedAccountUuid = extractAccountUuidFromJWT(this.jwt);
+      if (extractedAccountUuid) {
+        this.account_uuid = extractedAccountUuid;
+        this.logger.debug(`🔐 Extracted account_uuid from JWT sub field: ${this.account_uuid}`);
+      } else {
+        this.logger.debug("⚠️ No account_uuid found in JWT sub field");
+      }
+      this.authToken = this.jwt;
+      this.logger.debug("🔐 Using JWT as auth token for API authentication");
+    }
+    if (config.alviere) {
+      setRuntimeConfig(config.alviere);
+    }
+  }
+  // Update configuration
+  configure(config) {
+    const jwtChanged = config.jwt && config.jwt !== this.jwt;
+    if (config.jwt) {
+      this.jwt = config.jwt;
+      const jwtConfig = extractAlviereConfigFromJWT(config.jwt);
+      if (jwtConfig.domain) {
+        setRuntimeConfig(jwtConfig);
+      }
+      const extractedAccountUuid = extractAccountUuidFromJWT(config.jwt);
+      this.logger.debug(`🔐 Extracted account_uuid from JWT sub field: ${extractedAccountUuid}`);
+      if (extractedAccountUuid) {
+        this.account_uuid = extractedAccountUuid;
+        this.logger.debug(`🔐 Updated account_uuid from JWT sub field: ${this.account_uuid}`);
+      } else {
+        this.logger.debug("⚠️ No account_uuid found in new JWT sub field");
+      }
+      this.authToken = this.jwt;
+      this.logger.debug("🔐 Updated JWT as auth token for API authentication");
+    }
+    if (config.business_uuid !== void 0) {
+      this.business_uuid = config.business_uuid;
+      this.logger.debug(`🔐 Updated business_uuid: ${this.business_uuid}`);
+    }
+    if (typeof config.debug === "boolean" && config.debug !== this.debug) {
+      this.debug = config.debug;
+      this.logger = new Logger(this.debug);
+      this.logger.debug("🔐 Debug mode changed to: " + this.debug);
+    }
+    if (jwtChanged) {
+      this.logger.debug("🔐 JWT changed - clearing gateway cache and cryptor");
+      this.gateways.clear();
+      this.cryptor = null;
+    }
+    if (config.alviere) {
+      setRuntimeConfig(config.alviere);
+    }
+    return this;
+  }
+  /**
+   * Get or create Cryptor instance (lazy initialization with validation)
+   * This ensures we only create Cryptor when it's actually needed and we have a valid RSA key
+   * @throws Error if RSA public key is not available
+   */
+  getOrCreateCryptor() {
+    if (!this.cryptor) {
+      const rsaKey = getRSA_PUB_KEY();
+      if (!rsaKey || rsaKey.trim() === "") {
+        throw new Error(
+          '🔐 Cryptor initialization failed: RSA public key not available. Please ensure JWT is configured with a valid RSA key before attempting encryption operations. Call alviereCore.configure({ jwt: "your-jwt-with-rsa-key" }) first.'
+        );
+      }
+      this.logger.debug("🔐 Creating Cryptor instance with RSA key");
+      this.cryptor = new Cryptor(this.logger);
+    }
+    return this.cryptor;
+  }
+  // Create payment gateway (cached and reused)
+  createPaymentsGateway() {
+    if (!this.gateways.has("payments")) {
+      this.gateways.set(
+        "payments",
+        new PaymentsGateway(this.authToken, this.getOrCreateCryptor(), this.logger)
+      );
+    }
+    return this.gateways.get("payments");
+  }
+  // Create payments service (reuses cached gateway and shared logger)
+  createPaymentsService() {
+    const gateway = this.createPaymentsGateway();
+    return new PaymentProcessor(gateway, this.logger);
+  }
+  // Create wallet services (reuses cached gateway)
+  createWalletsService() {
+    if (!this.gateways.has("wallets")) {
+      this.gateways.set(
+        "wallets",
+        new WalletsGateway(this.authToken, this.getOrCreateCryptor(), this.logger)
+      );
+    }
+    return new WalletsApiService(this.gateways.get("wallets"));
+  }
+  // Create payment instruments service (reuses cached gateway)
+  createPaymentInstrumentsService() {
+    if (!this.gateways.has("paymentInstruments")) {
+      this.gateways.set(
+        "paymentInstruments",
+        new PaymentInstrumentsGateway(this.authToken, this.getOrCreateCryptor(), this.logger)
+      );
+    }
+    return new PaymentInstrumentsApiService(this.gateways.get("paymentInstruments"));
+  }
+  // Create accounts service (reuses cached gateway)
+  createAccountsService() {
+    if (!this.gateways.has("accounts")) {
+      this.gateways.set(
+        "accounts",
+        new AccountsGateway(this.authToken, this.getOrCreateCryptor(), this.logger)
+      );
+    }
+    return new AccountsApiService(this.gateways.get("accounts"));
+  }
+  // Create auth gateway (reuses cached gateway)
+  createAuthGateway() {
+    if (!this.gateways.has("auth")) {
+      if (!this.cryptor) {
+        throw new Error("Cryptor not initialized. Cannot create AuthGateway.");
+      }
+      this.gateways.set("auth", new AuthGateway(this.authToken, this.cryptor, this.logger));
+    }
+    return this.gateways.get("auth");
+  }
+  /**
+   * Generate scoped JWT for specific account (JWT downgrade)
+   * Exchanges the current business-level JWT for a consumer-level JWT
+   *
+   * @param accountUuid - The account UUID to scope the JWT to
+   * @param autoUpdate - If true, automatically updates the SDK with the new JWT (default: true)
+   * @returns The new scoped JWT token
+   */
+  async generateScopedToken(accountUuid, autoUpdate = true) {
+    this.logger.debug(`🔐 Generating scoped token for account: ${accountUuid}`);
+    this.logger.debug(`🔐 Auto-update: ${autoUpdate}`);
+    const authGateway = this.createAuthGateway();
+    const response = await authGateway.generateScopedToken({ account_uuid: accountUuid });
+    this.logger.debug("✅ Scoped token generated successfully");
+    if (autoUpdate && response.access_token) {
+      this.logger.debug("🔄 Auto-updating SDK with new scoped token");
+      this.configure({ jwt: response.access_token });
+    }
+    return response.access_token;
+  }
+  // Get shared instances (for advanced usage)
+  getLogger() {
+    return this.logger;
+  }
+  /**
+   * Get Cryptor instance (lazy initialized with validation)
+   * @throws Error if RSA public key is not available
+   */
+  getCryptor() {
+    return this.getOrCreateCryptor();
+  }
+  // Clear gateway cache (useful for testing or manual cache invalidation)
+  clearCache() {
+    this.gateways.clear();
+  }
+  /**
+   * Get the account UUID extracted from JWT's sub field
+   * @returns The account UUID, or empty string if not available
+   */
+  getAccountUuid() {
+    return this.account_uuid;
+  }
+  /**
+   * Get the business UUID from configuration
+   * @returns The business UUID, or empty string if not configured
+   */
+  getBusinessUuid() {
+    return this.business_uuid;
+  }
+  /**
+   * Determine if the user is accessing the SDK for the first time
+   * Returns true if account_uuid matches business_uuid (user authenticated as business)
+   * Returns false if they differ (JWT already scoped to a specific payee/consumer)
+   *
+   * @returns true if first-time user, false otherwise
+   */
+  isFirstTimeUser() {
+    if (!this.account_uuid || !this.business_uuid) {
+      this.logger.debug(
+        "🔐 Cannot determine first-time user status: missing account_uuid or business_uuid"
+      );
+      return false;
+    }
+    const isFirstTime = this.account_uuid === this.business_uuid;
+    this.logger.debug(
+      `🔐 First-time user check: ${isFirstTime} (account: ${this.account_uuid}, business: ${this.business_uuid})`
+    );
+    return isFirstTime;
+  }
+  /**
+   * Determine if the JWT is scoped to a specific payee/consumer
+   * Returns true if account_uuid differs from business_uuid
+   * Returns false if they match or if either is missing
+   *
+   * @returns true if scoped to payee, false otherwise
+   */
+  isScopedToPayee() {
+    if (!this.account_uuid || !this.business_uuid) {
+      return false;
+    }
+    return this.account_uuid !== this.business_uuid;
+  }
+  // Static utility methods
+  static createValidator(debug = false) {
+    const logger = new Logger(debug);
+    return new Validator(logger);
+  }
+  static createLogger(debug = false) {
+    return new Logger(debug);
+  }
+  static createCryptor(logger) {
+    return new Cryptor(logger);
+  }
+}
+export {
+  ALVIERE_DOMAIN,
+  AccountsApiService,
+  AccountsGateway,
+  AlcoreApiError,
+  AlcoreErrorCodes,
+  AlcoreErrorMessages,
+  AlviereCore,
+  AuthGateway,
+  BaseFieldPlugin,
+  CERTIFICATE_ID,
+  CardNumberPlugin,
+  CriticalErrorCodes,
+  Cryptor,
+  DEFAULT_CONFIG,
+  FieldPluginRegistry,
+  Logger,
+  NewAccountRequest,
+  NewAddBankAccountRequest,
+  NewAddCardRequest,
+  NewAddressRequest,
+  NewCardInstrumentFromForm,
+  NewCreditFundsRequest,
+  NewDebitFundsRequest,
+  NewDossierReplaceRequest,
+  NewDossierRequest,
+  NewGenerateMobileTokenRequest,
+  NewGeneratePdsTokenRequest,
+  NewGeneratePlaidTokenRequest,
+  NewGenerateScopedTokenRequest,
+  NewGenerateWebSessionRequest,
+  NewLoadFundsRequest,
+  NewPaymentInstrumentRequest,
+  NewPromoFundsRequest,
+  NewSendFundsRequest,
+  NewTransferFundsRequest,
+  NewWithdrawFundsRequest,
+  PaymentInstrumentsApiService,
+  PaymentInstrumentsGateway,
+  PaymentProcessor,
+  PaymentsGateway,
+  RSA_PUB_KEY,
+  Validator,
+  WalletsApiService,
+  WalletsGateway,
+  createDefaultMerchantDetails,
+  decodeJWTPayload,
+  AlviereCore as default,
+  extractAccountUuidFromJWT,
+  extractAlviereConfigFromJWT,
+  getALVIERE_DOMAIN,
+  getCERTIFICATE_ID,
+  getErrorMessage,
+  getJWTExpiration,
+  getRSA_PUB_KEY,
+  getRuntimeConfig,
+  getSanitizedBody,
+  initializeFromEnvironment,
+  isCriticalError,
+  isJWTExpired,
+  setRuntimeConfig,
+  throwIfApiError
+};
+//# sourceMappingURL=index.mjs.map