@arkyc/sdk 1.0.0

package/README.md

@@ -0,0 +1,56 @@
+# @arkyc/sdk
+
+TypeScript SDK for [Arkyc](../../README.md) — a typed server client for the
+Public Project API, webhook verification, and a browser widget launcher.
+
+## Install
+
+```bash
+npm install @arkyc/sdk
+```
+
+## Server
+
+```ts
+import { Arkyc } from '@arkyc/sdk'
+
+const arkyc = new Arkyc({ secretKey: process.env.ARKYC_SECRET_KEY! })
+
+// Open a verification session — returns the session and a one-time client token.
+const { session, clientToken } = await arkyc.sessions.create({
+  userReference: 'user_123',
+  metadata: { plan: 'pro' },
+})
+
+await arkyc.sessions.retrieve(session.id)
+await arkyc.sessions.cancel(session.id)
+```
+
+Non-2xx responses throw a typed `ArkycApiError` (`.status`, `.message`, `.errors`).
+Point at a non-default API with `new Arkyc({ secretKey, baseUrl })`.
+
+## Webhook verification
+
+```ts
+// In your webhook route, with the raw request body + headers:
+const ok = arkyc.webhooks.verify({
+  payload: rawBody,
+  secret: process.env.ARKYC_WEBHOOK_SECRET!,
+  signature: req.headers['x-arkyc-signature'],
+  timestamp: Number(req.headers['x-arkyc-timestamp']),
+})
+if (!ok) return res.status(400).end()
+```
+
+## Browser
+
+```ts
+import { ArkycWidget } from '@arkyc/sdk/browser'
+
+// `clientToken` comes from arkyc.sessions.create() on your server.
+ArkycWidget.open({
+  token: clientToken,
+  onComplete: (result) => console.log('done', result.status),
+  onError: (err) => console.error(err),
+})
+```

package/dist/Sessions.d.mts

@@ -0,0 +1,32 @@
+import { CreateSessionParams, CreatedSession, VerificationSession } from "./types.mjs";
+
+//#region src/Sessions.d.ts
+declare class Sessions {
+  private readonly request;
+  private readonly defaultWorkflowId;
+  constructor(request: (method: string, path: string, body?: unknown) => Promise<Record<string, unknown>>, defaultWorkflowId?: string | null);
+  /**
+   * Open a session and receive its one-time client token for the widget.
+   *
+   * @param params
+   * @returns
+   */
+  create(params?: CreateSessionParams): Promise<CreatedSession>;
+  /**
+   * Fetch a session by id.
+   *
+   * @param id
+   * @returns
+   */
+  retrieve(id: string): Promise<VerificationSession>;
+  /**
+   * Cancel a non-terminal session.
+   *
+   * @param id
+   * @returns
+   */
+  cancel(id: string): Promise<VerificationSession>;
+}
+//#endregion
+export { Sessions };
+//# sourceMappingURL=Sessions.d.mts.map

package/dist/Sessions.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Sessions.d.mts","names":[],"sources":["../src/Sessions.ts"],"mappings":";;;cAEa,QAAA;EAAA,iBAEQ,OAAA;EAAA,iBACA,iBAAA;cADA,OAAA,GAAU,MAAA,UAAgB,IAAA,UAAc,IAAA,eAAmB,OAAA,CAAQ,MAAA,oBACnE,iBAAA;;;;;;;EASb,MAAA,CAAO,MAAA,GAAQ,mBAAA,GAA2B,OAAA,CAAQ,cAAA;EAmB5B;;;;;;EAAtB,QAAA,CAAS,EAAA,WAAa,OAAA,CAAQ,mBAAA;;;;;;;EAY9B,MAAA,CAAO,EAAA,WAAa,OAAA,CAAQ,mBAAA;AAAA"}

package/dist/Sessions.mjs

@@ -0,0 +1,48 @@
+//#region src/Sessions.ts
+var Sessions = class {
+	request;
+	defaultWorkflowId;
+	constructor(request, defaultWorkflowId = null) {
+		this.request = request;
+		this.defaultWorkflowId = defaultWorkflowId;
+	}
+	/**
+	* Open a session and receive its one-time client token for the widget.
+	*
+	* @param params
+	* @returns
+	*/
+	async create(params = {}) {
+		const body = await this.request("POST", "/v1/sessions", {
+			user_reference: params.userReference ?? null,
+			metadata: params.metadata ?? null,
+			workflow_id: params.workflowId ?? this.defaultWorkflowId ?? null
+		});
+		return {
+			session: body.data,
+			clientToken: body.client_token
+		};
+	}
+	/**
+	* Fetch a session by id.
+	*
+	* @param id
+	* @returns
+	*/
+	async retrieve(id) {
+		return (await this.request("GET", `/v1/sessions/${encodeURIComponent(id)}`)).data;
+	}
+	/**
+	* Cancel a non-terminal session.
+	*
+	* @param id
+	* @returns
+	*/
+	async cancel(id) {
+		return (await this.request("POST", `/v1/sessions/${encodeURIComponent(id)}/cancel`)).data;
+	}
+};
+//#endregion
+export { Sessions };
+
+//# sourceMappingURL=Sessions.mjs.map

package/dist/Sessions.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"Sessions.mjs","names":[],"sources":["../src/Sessions.ts"],"sourcesContent":["import type { CreateSessionParams, CreatedSession, VerificationSession } from './types'\n\nexport class Sessions {\n  constructor(\n    private readonly request: (method: string, path: string, body?: unknown) => Promise<Record<string, unknown>>,\n    private readonly defaultWorkflowId: string | null = null,\n  ) {}\n\n  /**\n   * Open a session and receive its one-time client token for the widget.\n   *\n   * @param params\n   * @returns\n   */\n  async create(params: CreateSessionParams = {}): Promise<CreatedSession> {\n    const body = await this.request('POST', '/v1/sessions', {\n      user_reference: params.userReference ?? null,\n      metadata: params.metadata ?? null,\n      workflow_id: params.workflowId ?? this.defaultWorkflowId ?? null,\n    })\n\n    return {\n      session: body.data as VerificationSession,\n      clientToken: body.client_token as string,\n    }\n  }\n\n  /**\n   * Fetch a session by id.\n   *\n   * @param id\n   * @returns\n   */\n  async retrieve(id: string): Promise<VerificationSession> {\n    const body = await this.request('GET', `/v1/sessions/${encodeURIComponent(id)}`)\n\n    return body.data as VerificationSession\n  }\n\n  /**\n   * Cancel a non-terminal session.\n   *\n   * @param id\n   * @returns\n   */\n  async cancel(id: string): Promise<VerificationSession> {\n    const body = await this.request('POST', `/v1/sessions/${encodeURIComponent(id)}/cancel`)\n\n    return body.data as VerificationSession\n  }\n}\n"],"mappings":";AAEA,IAAa,WAAb,MAAsB;CAED;CACA;CAFnB,YACE,SACA,oBAAoD,MACpD;EAFiB,KAAA,UAAA;EACA,KAAA,oBAAA;CAChB;;;;;;;CAQH,MAAM,OAAO,SAA8B,CAAC,GAA4B;EACtE,MAAM,OAAO,MAAM,KAAK,QAAQ,QAAQ,gBAAgB;GACtD,gBAAgB,OAAO,iBAAiB;GACxC,UAAU,OAAO,YAAY;GAC7B,aAAa,OAAO,cAAc,KAAK,qBAAqB;EAC9D,CAAC;EAED,OAAO;GACL,SAAS,KAAK;GACd,aAAa,KAAK;EACpB;CACF;;;;;;;CAQA,MAAM,SAAS,IAA0C;EAGvD,QAAO,MAFY,KAAK,QAAQ,OAAO,gBAAgB,mBAAmB,EAAE,GAAG,EAAA,CAEnE;CACd;;;;;;;CAQA,MAAM,OAAO,IAA0C;EAGrD,QAAO,MAFY,KAAK,QAAQ,QAAQ,gBAAgB,mBAAmB,EAAE,EAAE,QAAQ,EAAA,CAE3E;CACd;AACF"}

package/dist/Webhooks.d.mts

@@ -0,0 +1,15 @@
+import { VerifyWebhookInput } from "@arkyc/webhooks";
+
+//#region src/Webhooks.d.ts
+declare class Webhooks {
+  /**
+   * Verify a received webhook signature against the endpoint's signing secret.
+   *
+   * @param input
+   * @returns
+   */
+  verify(input: VerifyWebhookInput): boolean;
+}
+//#endregion
+export { Webhooks };
+//# sourceMappingURL=Webhooks.d.mts.map

package/dist/Webhooks.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Webhooks.d.mts","names":[],"sources":["../src/Webhooks.ts"],"mappings":";;;cAEa,QAAA;;AAAb;;;;;EAOE,MAAA,CAAO,KAAA,EAAO,kBAAkB;AAAA"}

package/dist/Webhooks.mjs

@@ -0,0 +1,17 @@
+import { WebhookSigner } from "@arkyc/webhooks";
+//#region src/Webhooks.ts
+var Webhooks = class {
+	/**
+	* Verify a received webhook signature against the endpoint's signing secret.
+	*
+	* @param input
+	* @returns
+	*/
+	verify(input) {
+		return WebhookSigner.verify(input);
+	}
+};
+//#endregion
+export { Webhooks };
+
+//# sourceMappingURL=Webhooks.mjs.map

package/dist/Webhooks.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"Webhooks.mjs","names":[],"sources":["../src/Webhooks.ts"],"sourcesContent":["import { WebhookSigner, type VerifyWebhookInput } from '@arkyc/webhooks'\n\nexport class Webhooks {\n  /**\n   * Verify a received webhook signature against the endpoint's signing secret.\n   *\n   * @param input\n   * @returns\n   */\n  verify(input: VerifyWebhookInput): boolean {\n    return WebhookSigner.verify(input)\n  }\n}\n"],"mappings":";;AAEA,IAAa,WAAb,MAAsB;;;;;;;CAOpB,OAAO,OAAoC;EACzC,OAAO,cAAc,OAAO,KAAK;CACnC;AACF"}

package/dist/browser.d.mts

@@ -0,0 +1,27 @@
+import { OpenWidgetOptions, WidgetHandle } from "./types.mjs";
+
+//#region src/browser.d.ts
+/**
+ * @arkyc/sdk/browser
+ *
+ * Browser launcher for the Arkyc verification widget. Opens the hosted widget
+ * in an overlay iframe and relays completion via `postMessage`.
+ *
+ * ```ts
+ * import { ArkycWidget } from '@arkyc/sdk/browser'
+ * ArkycWidget.open({ token: clientToken, onComplete: (r) => console.log(r.status) })
+ * ```
+ */
+declare class ArkycWidget {
+  private static DEFAULT_WIDGET_URL;
+  /**
+   * Open the verification widget for a client token. Returns a close handle.
+   *
+   * @param options
+   * @returns
+   */
+  static open(options: OpenWidgetOptions): WidgetHandle;
+}
+//#endregion
+export { ArkycWidget };
+//# sourceMappingURL=browser.d.mts.map

package/dist/browser.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser.d.mts","names":[],"sources":["../src/browser.ts"],"mappings":";;;;;AAaA;;;;;;;;;cAAa,WAAA;EAAA,eACI,kBAAA;;;;;;;SAQR,IAAA,CAAK,OAAA,EAAS,iBAAA,GAAoB,YAAY;AAAA"}

package/dist/browser.mjs

@@ -0,0 +1,77 @@
+//#region src/browser.ts
+/**
+* @arkyc/sdk/browser
+*
+* Browser launcher for the Arkyc verification widget. Opens the hosted widget
+* in an overlay iframe and relays completion via `postMessage`.
+*
+* ```ts
+* import { ArkycWidget } from '@arkyc/sdk/browser'
+* ArkycWidget.open({ token: clientToken, onComplete: (r) => console.log(r.status) })
+* ```
+*/
+var ArkycWidget = class ArkycWidget {
+	static DEFAULT_WIDGET_URL = "https://verify.arkyc.dev";
+	/**
+	* Open the verification widget for a client token. Returns a close handle.
+	*
+	* @param options
+	* @returns
+	*/
+	static open(options) {
+		if (!options.token) throw new Error("ArkycWidget.open requires a client `token`.");
+		const doc = options.doc ?? globalThis.document;
+		const win = options.win ?? globalThis.window;
+		if (!doc || !win) throw new Error("ArkycWidget.open must run in a browser environment.");
+		const src = `${(options.widgetUrl ?? ArkycWidget.DEFAULT_WIDGET_URL).replace(/\/$/, "")}?token=${encodeURIComponent(options.token)}`;
+		const overlay = doc.createElement("div");
+		overlay.setAttribute("data-arkyc-widget", "");
+		overlay.style.cssText = "position:fixed;inset:0;z-index:2147483647;background:rgba(0,0,0,0.6);display:flex;align-items:center;justify-content:center;";
+		const iframe = doc.createElement("iframe");
+		iframe.src = src;
+		iframe.allow = "camera; microphone";
+		iframe.style.cssText = "width:100%;max-width:480px;height:100%;max-height:720px;border:0;border-radius:12px;background:#fff;";
+		overlay.appendChild(iframe);
+		const listeners = /* @__PURE__ */ new Map();
+		const emit = (name, payload) => {
+			options.onEvent?.({
+				name,
+				data: payload
+			});
+			listeners.get(name)?.forEach((listener) => listener(payload));
+		};
+		const close = () => {
+			win.removeEventListener("message", onMessage);
+			overlay.remove();
+			options.onClose?.();
+		};
+		const onMessage = (event) => {
+			const data = event.data;
+			if (!data || typeof data.type !== "string" || !data.type.startsWith("arkyc:")) return;
+			if (data.type === "arkyc:event") {
+				if (typeof data.name === "string") emit(data.name, data.data);
+			} else if (data.type === "arkyc:complete") {
+				options.onComplete?.(data.payload ?? { status: "completed" });
+				close();
+			} else if (data.type === "arkyc:error") {
+				options.onError?.(data.error);
+				close();
+			} else if (data.type === "arkyc:close") close();
+		};
+		win.addEventListener("message", onMessage);
+		(doc.body ?? doc.documentElement).appendChild(overlay);
+		return {
+			close,
+			on: (event, listener) => {
+				const set = listeners.get(event) ?? /* @__PURE__ */ new Set();
+				set.add(listener);
+				listeners.set(event, set);
+				return () => set.delete(listener);
+			}
+		};
+	}
+};
+//#endregion
+export { ArkycWidget };
+
+//# sourceMappingURL=browser.mjs.map

package/dist/browser.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser.mjs","names":[],"sources":["../src/browser.ts"],"sourcesContent":["import type { OpenWidgetOptions, WidgetEventListener, WidgetHandle, WidgetResult } from './types'\n\n/**\n * @arkyc/sdk/browser\n *\n * Browser launcher for the Arkyc verification widget. Opens the hosted widget\n * in an overlay iframe and relays completion via `postMessage`.\n *\n * ```ts\n * import { ArkycWidget } from '@arkyc/sdk/browser'\n * ArkycWidget.open({ token: clientToken, onComplete: (r) => console.log(r.status) })\n * ```\n */\nexport class ArkycWidget {\n  private static DEFAULT_WIDGET_URL = 'https://verify.arkyc.dev'\n\n  /**\n   * Open the verification widget for a client token. Returns a close handle.\n   *\n   * @param options\n   * @returns\n   */\n  static open(options: OpenWidgetOptions): WidgetHandle {\n    if (!options.token) throw new Error('ArkycWidget.open requires a client `token`.')\n\n    const doc = options.doc ?? globalThis.document\n    const win = options.win ?? globalThis.window\n    if (!doc || !win) throw new Error('ArkycWidget.open must run in a browser environment.')\n\n    const widgetUrl = (options.widgetUrl ?? ArkycWidget.DEFAULT_WIDGET_URL).replace(/\\/$/, '')\n    const src = `${widgetUrl}?token=${encodeURIComponent(options.token)}`\n\n    const overlay = doc.createElement('div')\n    overlay.setAttribute('data-arkyc-widget', '')\n    overlay.style.cssText =\n      'position:fixed;inset:0;z-index:2147483647;background:rgba(0,0,0,0.6);display:flex;align-items:center;justify-content:center;'\n\n    const iframe = doc.createElement('iframe')\n    iframe.src = src\n    iframe.allow = 'camera; microphone'\n    iframe.style.cssText =\n      'width:100%;max-width:480px;height:100%;max-height:720px;border:0;border-radius:12px;background:#fff;'\n    overlay.appendChild(iframe)\n\n    // Named event listeners registered via the returned handle's `on`.\n    const listeners = new Map<string, Set<WidgetEventListener>>()\n    const emit = (name: string, payload?: unknown): void => {\n      options.onEvent?.({ name, data: payload })\n      listeners.get(name)?.forEach((listener) => listener(payload))\n    }\n\n    const close = (): void => {\n      win.removeEventListener('message', onMessage)\n      overlay.remove()\n      options.onClose?.()\n    }\n\n    const onMessage = (event: MessageEvent): void => {\n      const data = event.data as {\n        type?: string\n        payload?: WidgetResult\n        error?: unknown\n        name?: string\n        data?: unknown\n      } | null\n      if (!data || typeof data.type !== 'string' || !data.type.startsWith('arkyc:')) return\n\n      if (data.type === 'arkyc:event') {\n        // The widget's event firehose, forwarded across the iframe.\n        if (typeof data.name === 'string') emit(data.name, data.data)\n      } else if (data.type === 'arkyc:complete') {\n        options.onComplete?.(data.payload ?? { status: 'completed' })\n        close()\n      } else if (data.type === 'arkyc:error') {\n        options.onError?.(data.error)\n        close()\n      } else if (data.type === 'arkyc:close') {\n        close()\n      }\n    }\n\n    win.addEventListener('message', onMessage)\n    ;(doc.body ?? doc.documentElement).appendChild(overlay)\n\n    return {\n      close,\n      on: (event, listener) => {\n        const set = listeners.get(event) ?? new Set<WidgetEventListener>()\n        set.add(listener)\n        listeners.set(event, set)\n\n        return () => set.delete(listener)\n      },\n    }\n  }\n}\n"],"mappings":";;;;;;;;;;;;AAaA,IAAa,cAAb,MAAa,YAAY;CACvB,OAAe,qBAAqB;;;;;;;CAQpC,OAAO,KAAK,SAA0C;EACpD,IAAI,CAAC,QAAQ,OAAO,MAAM,IAAI,MAAM,6CAA6C;EAEjF,MAAM,MAAM,QAAQ,OAAO,WAAW;EACtC,MAAM,MAAM,QAAQ,OAAO,WAAW;EACtC,IAAI,CAAC,OAAO,CAAC,KAAK,MAAM,IAAI,MAAM,qDAAqD;EAGvF,MAAM,MAAM,IADO,QAAQ,aAAa,YAAY,mBAAA,CAAoB,QAAQ,OAAO,EAChE,EAAE,SAAS,mBAAmB,QAAQ,KAAK;EAElE,MAAM,UAAU,IAAI,cAAc,KAAK;EACvC,QAAQ,aAAa,qBAAqB,EAAE;EAC5C,QAAQ,MAAM,UACZ;EAEF,MAAM,SAAS,IAAI,cAAc,QAAQ;EACzC,OAAO,MAAM;EACb,OAAO,QAAQ;EACf,OAAO,MAAM,UACX;EACF,QAAQ,YAAY,MAAM;EAG1B,MAAM,4BAAY,IAAI,IAAsC;EAC5D,MAAM,QAAQ,MAAc,YAA4B;GACtD,QAAQ,UAAU;IAAE;IAAM,MAAM;GAAQ,CAAC;GACzC,UAAU,IAAI,IAAI,CAAC,EAAE,SAAS,aAAa,SAAS,OAAO,CAAC;EAC9D;EAEA,MAAM,cAAoB;GACxB,IAAI,oBAAoB,WAAW,SAAS;GAC5C,QAAQ,OAAO;GACf,QAAQ,UAAU;EACpB;EAEA,MAAM,aAAa,UAA8B;GAC/C,MAAM,OAAO,MAAM;GAOnB,IAAI,CAAC,QAAQ,OAAO,KAAK,SAAS,YAAY,CAAC,KAAK,KAAK,WAAW,QAAQ,GAAG;GAE/E,IAAI,KAAK,SAAS;QAEZ,OAAO,KAAK,SAAS,UAAU,KAAK,KAAK,MAAM,KAAK,IAAI;GAAA,OACvD,IAAI,KAAK,SAAS,kBAAkB;IACzC,QAAQ,aAAa,KAAK,WAAW,EAAE,QAAQ,YAAY,CAAC;IAC5D,MAAM;GACR,OAAO,IAAI,KAAK,SAAS,eAAe;IACtC,QAAQ,UAAU,KAAK,KAAK;IAC5B,MAAM;GACR,OAAO,IAAI,KAAK,SAAS,eACvB,MAAM;EAEV;EAEA,IAAI,iBAAiB,WAAW,SAAS;EACxC,CAAC,IAAI,QAAQ,IAAI,gBAAA,CAAiB,YAAY,OAAO;EAEtD,OAAO;GACL;GACA,KAAK,OAAO,aAAa;IACvB,MAAM,MAAM,UAAU,IAAI,KAAK,qBAAK,IAAI,IAAyB;IACjE,IAAI,IAAI,QAAQ;IAChB,UAAU,IAAI,OAAO,GAAG;IAExB,aAAa,IAAI,OAAO,QAAQ;GAClC;EACF;CACF;AACF"}

package/dist/client.d.mts

@@ -0,0 +1,43 @@
+import { ArkycOptions } from "./types.mjs";
+import { Sessions } from "./Sessions.mjs";
+import { Webhooks } from "./Webhooks.mjs";
+
+//#region src/client.d.ts
+/**
+ * Arkyc server SDK. Authenticates with a project secret key and wraps the
+ * Public Project API.
+ *
+ * ```ts
+ * const arkyc = new Arkyc({ secretKey: process.env.ARKYC_SECRET_KEY!, workflowId: 'wf_…' })
+ * const { session, clientToken } = await arkyc.sessions.create({ userReference: 'user_123' })
+ * ```
+ */
+declare class Arkyc {
+  private static DEFAULT_BASE_URL;
+  private readonly secretKey;
+  private readonly baseUrl;
+  private readonly fetchImpl;
+  private readonly workflowId;
+  /**
+   * Verification session operations. `request` is bound so it keeps `this`
+   * (and thus `fetchImpl`) when invoked from the Sessions helper.
+   */
+  readonly sessions: Sessions;
+  /**
+   * Webhook helpers.
+   */
+  readonly webhooks: Webhooks;
+  constructor(options: ArkycOptions);
+  /**
+   * Issue an authenticated request and unwrap the `{ status, data, … }` envelope.
+   *
+   * @param method
+   * @param path
+   * @param body
+   * @returns
+   */
+  private request;
+}
+//#endregion
+export { Arkyc };
+//# sourceMappingURL=client.d.mts.map

package/dist/client.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.mts","names":[],"sources":["../src/client.ts"],"mappings":";;;;;;;AAcA;;;;;;;cAAa,KAAA;EAAA,eACI,gBAAA;EAAA,iBACE,SAAA;EAAA,iBACA,OAAA;EAAA,iBACA,SAAA;EAAA,iBACA,UAAA;EAMR;;;;EAAA,SAAA,QAAA,EAAU,QAAA;EAOE;;;EAAA,SAFZ,QAAA,EAAQ,QAAA;cAEL,OAAA,EAAS,YAAA;;;;;;;;;UAoBP,OAAA;AAAA"}

package/dist/client.mjs

@@ -0,0 +1,62 @@
+import { ArkycApiError } from "./errors.mjs";
+import { Sessions } from "./Sessions.mjs";
+import { Webhooks } from "./Webhooks.mjs";
+//#region src/client.ts
+/**
+* Arkyc server SDK. Authenticates with a project secret key and wraps the
+* Public Project API.
+*
+* ```ts
+* const arkyc = new Arkyc({ secretKey: process.env.ARKYC_SECRET_KEY!, workflowId: 'wf_…' })
+* const { session, clientToken } = await arkyc.sessions.create({ userReference: 'user_123' })
+* ```
+*/
+var Arkyc = class Arkyc {
+	static DEFAULT_BASE_URL = "https://api.arkyc.dev";
+	secretKey;
+	baseUrl;
+	fetchImpl;
+	workflowId;
+	/**
+	* Verification session operations. `request` is bound so it keeps `this`
+	* (and thus `fetchImpl`) when invoked from the Sessions helper.
+	*/
+	sessions;
+	/**
+	* Webhook helpers.
+	*/
+	webhooks = new Webhooks();
+	constructor(options) {
+		if (!options.secretKey) throw new Error("Arkyc requires a `secretKey`.");
+		this.secretKey = options.secretKey;
+		this.baseUrl = (options.baseUrl ?? Arkyc.DEFAULT_BASE_URL).replace(/\/$/, "");
+		this.fetchImpl = options.fetch ?? globalThis.fetch;
+		this.workflowId = options.workflowId ?? null;
+		this.sessions = new Sessions(this.request.bind(this), this.workflowId);
+	}
+	/**
+	* Issue an authenticated request and unwrap the `{ status, data, … }` envelope.
+	*
+	* @param method
+	* @param path
+	* @param body
+	* @returns
+	*/
+	async request(method, path, body) {
+		const response = await this.fetchImpl(`${this.baseUrl}/api${path}`, {
+			method,
+			headers: {
+				authorization: `Bearer ${this.secretKey}`,
+				...body !== void 0 ? { "content-type": "application/json" } : {}
+			},
+			body: body !== void 0 ? JSON.stringify(body) : void 0
+		});
+		const json = await response.json().catch(() => ({}));
+		if (!response.ok) throw new ArkycApiError(json.message ?? `Arkyc request failed with status ${response.status}`, response.status, json.errors);
+		return json;
+	}
+};
+//#endregion
+export { Arkyc };
+
+//# sourceMappingURL=client.mjs.map

package/dist/client.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.mjs","names":[],"sources":["../src/client.ts"],"sourcesContent":["import { ArkycApiError } from './errors'\nimport type { ArkycOptions } from './types'\nimport { Sessions } from './Sessions'\nimport { Webhooks } from './Webhooks'\n\n/**\n * Arkyc server SDK. Authenticates with a project secret key and wraps the\n * Public Project API.\n *\n * ```ts\n * const arkyc = new Arkyc({ secretKey: process.env.ARKYC_SECRET_KEY!, workflowId: 'wf_…' })\n * const { session, clientToken } = await arkyc.sessions.create({ userReference: 'user_123' })\n * ```\n */\nexport class Arkyc {\n  private static DEFAULT_BASE_URL = 'https://api.arkyc.dev'\n  private readonly secretKey: string\n  private readonly baseUrl: string\n  private readonly fetchImpl: typeof fetch\n  private readonly workflowId: string | null\n\n  /**\n   * Verification session operations. `request` is bound so it keeps `this`\n   * (and thus `fetchImpl`) when invoked from the Sessions helper.\n   */\n  readonly sessions: Sessions\n\n  /**\n   * Webhook helpers.\n   */\n  readonly webhooks = new Webhooks()\n\n  constructor(options: ArkycOptions) {\n    if (!options.secretKey) throw new Error('Arkyc requires a `secretKey`.')\n\n    this.secretKey = options.secretKey\n    this.baseUrl = (options.baseUrl ?? Arkyc.DEFAULT_BASE_URL).replace(/\\/$/, '')\n    this.fetchImpl = options.fetch ?? globalThis.fetch\n    // Optional default workflow applied to every session this client opens,\n    // overridable per `sessions.create({ workflowId })`.\n    this.workflowId = options.workflowId ?? null\n    this.sessions = new Sessions(this.request.bind(this), this.workflowId)\n  }\n\n  /**\n   * Issue an authenticated request and unwrap the `{ status, data, … }` envelope.\n   *\n   * @param method\n   * @param path\n   * @param body\n   * @returns\n   */\n  private async request(method: string, path: string, body?: unknown): Promise<Record<string, unknown>> {\n    const response = await this.fetchImpl(`${this.baseUrl}/api${path}`, {\n      method,\n      headers: {\n        authorization: `Bearer ${this.secretKey}`,\n        ...(body !== undefined ? { 'content-type': 'application/json' } : {}),\n      },\n      body: body !== undefined ? JSON.stringify(body) : undefined,\n    })\n\n    const json = (await response.json().catch(() => ({}))) as Record<string, unknown>\n    if (!response.ok) {\n      throw new ArkycApiError(\n        (json.message as string) ?? `Arkyc request failed with status ${response.status}`,\n        response.status,\n        json.errors as Record<string, string[] | string> | undefined,\n      )\n    }\n\n    return json\n  }\n}\n"],"mappings":";;;;;;;;;;;;;AAcA,IAAa,QAAb,MAAa,MAAM;CACjB,OAAe,mBAAmB;CAClC;CACA;CACA;CACA;;;;;CAMA;;;;CAKA,WAAoB,IAAI,SAAS;CAEjC,YAAY,SAAuB;EACjC,IAAI,CAAC,QAAQ,WAAW,MAAM,IAAI,MAAM,+BAA+B;EAEvE,KAAK,YAAY,QAAQ;EACzB,KAAK,WAAW,QAAQ,WAAW,MAAM,iBAAA,CAAkB,QAAQ,OAAO,EAAE;EAC5E,KAAK,YAAY,QAAQ,SAAS,WAAW;EAG7C,KAAK,aAAa,QAAQ,cAAc;EACxC,KAAK,WAAW,IAAI,SAAS,KAAK,QAAQ,KAAK,IAAI,GAAG,KAAK,UAAU;CACvE;;;;;;;;;CAUA,MAAc,QAAQ,QAAgB,MAAc,MAAkD;EACpG,MAAM,WAAW,MAAM,KAAK,UAAU,GAAG,KAAK,QAAQ,MAAM,QAAQ;GAClE;GACA,SAAS;IACP,eAAe,UAAU,KAAK;IAC9B,GAAI,SAAS,KAAA,IAAY,EAAE,gBAAgB,mBAAmB,IAAI,CAAC;GACrE;GACA,MAAM,SAAS,KAAA,IAAY,KAAK,UAAU,IAAI,IAAI,KAAA;EACpD,CAAC;EAED,MAAM,OAAQ,MAAM,SAAS,KAAK,CAAC,CAAC,aAAa,CAAC,EAAE;EACpD,IAAI,CAAC,SAAS,IACZ,MAAM,IAAI,cACP,KAAK,WAAsB,oCAAoC,SAAS,UACzE,SAAS,QACT,KAAK,MACP;EAGF,OAAO;CACT;AACF"}

package/dist/errors.d.mts

@@ -0,0 +1,14 @@
+//#region src/errors.d.ts
+/**
+ * Error thrown when the Arkyc API returns a non-2xx response.
+ */
+declare class ArkycApiError extends Error {
+  /** HTTP status code. */
+  readonly status: number;
+  /** Field-level validation errors, when present (422). */
+  readonly errors?: Record<string, string[] | string>;
+  constructor(message: string, status: number, errors?: Record<string, string[] | string>);
+}
+//#endregion
+export { ArkycApiError };
+//# sourceMappingURL=errors.d.mts.map

package/dist/errors.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.mts","names":[],"sources":["../src/errors.ts"],"mappings":";;AAGA;;cAAa,aAAA,SAAsB,KAAA;EAIf;EAAA,SAFT,MAAA;EAFwB;EAAA,SAIxB,MAAA,GAAS,MAAA;cAEN,OAAA,UAAiB,MAAA,UAAgB,MAAA,GAAS,MAAA;AAAA"}

package/dist/errors.mjs

@@ -0,0 +1,20 @@
+//#region src/errors.ts
+/**
+* Error thrown when the Arkyc API returns a non-2xx response.
+*/
+var ArkycApiError = class extends Error {
+	/** HTTP status code. */
+	status;
+	/** Field-level validation errors, when present (422). */
+	errors;
+	constructor(message, status, errors) {
+		super(message);
+		this.name = "ArkycApiError";
+		this.status = status;
+		this.errors = errors;
+	}
+};
+//#endregion
+export { ArkycApiError };
+
+//# sourceMappingURL=errors.mjs.map

package/dist/errors.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.mjs","names":[],"sources":["../src/errors.ts"],"sourcesContent":["/**\n * Error thrown when the Arkyc API returns a non-2xx response.\n */\nexport class ArkycApiError extends Error {\n  /** HTTP status code. */\n  readonly status: number\n  /** Field-level validation errors, when present (422). */\n  readonly errors?: Record<string, string[] | string>\n\n  constructor(message: string, status: number, errors?: Record<string, string[] | string>) {\n    super(message)\n    this.name = 'ArkycApiError'\n    this.status = status\n    this.errors = errors\n  }\n}\n"],"mappings":";;;;AAGA,IAAa,gBAAb,cAAmC,MAAM;;CAEvC;;CAEA;CAEA,YAAY,SAAiB,QAAgB,QAA4C;EACvF,MAAM,OAAO;EACb,KAAK,OAAO;EACZ,KAAK,SAAS;EACd,KAAK,SAAS;CAChB;AACF"}

package/dist/index.d.mts

@@ -0,0 +1,7 @@
+import { ArkycOptions, CreateSessionParams, CreatedSession, VerificationSession } from "./types.mjs";
+import { Sessions } from "./Sessions.mjs";
+import { Webhooks } from "./Webhooks.mjs";
+import { Arkyc } from "./client.mjs";
+import { ArkycApiError } from "./errors.mjs";
+import { VerifyWebhookInput, WebhookSigner } from "@arkyc/webhooks";
+export { Arkyc, ArkycApiError, type ArkycOptions, type CreateSessionParams, type CreatedSession, Sessions, type VerificationSession, type VerifyWebhookInput, WebhookSigner, Webhooks };

package/dist/index.mjs

@@ -0,0 +1,6 @@
+import { ArkycApiError } from "./errors.mjs";
+import { Sessions } from "./Sessions.mjs";
+import { Webhooks } from "./Webhooks.mjs";
+import { Arkyc } from "./client.mjs";
+import { WebhookSigner } from "@arkyc/webhooks";
+export { Arkyc, ArkycApiError, Sessions, WebhookSigner, Webhooks };

package/dist/types.d.mts

@@ -0,0 +1,97 @@
+import { DecisionReason, Metadata, VerificationDecision, VerificationStatus, WorkflowConfig } from "@arkyc/types";
+
+//#region src/types.d.ts
+/** A verification session as returned by the public API (snake_case JSON). */
+interface VerificationSession {
+  id: string;
+  project_id: string;
+  user_reference: string | null;
+  status: VerificationStatus;
+  auto_decision: VerificationDecision | null;
+  final_decision: VerificationDecision | null;
+  decision_reason: DecisionReason | null;
+  risk_score: number | null;
+  assigned_to: string | null;
+  /** The workflow applied to this session, if any (its ID), and the frozen config. */
+  workflow_id: string | null;
+  workflow: WorkflowConfig | null;
+  /** Signed, time-limited URLs for captured assets, served inline as images (present on retrieve). */
+  assets?: Record<string, string> | null;
+  expires_at: string;
+  completed_at: string | null;
+  created_at: string;
+}
+/** Parameters for opening a verification session. */
+interface CreateSessionParams {
+  /** Your reference for the user being verified. */
+  userReference?: string | null;
+  /** Arbitrary metadata stored with the session. */
+  metadata?: Metadata | null;
+  /** Workflow to apply, overriding the client's default `workflowId` for this session. */
+  workflowId?: string | null;
+}
+/** A freshly opened session plus its one-time client token for the widget. */
+interface CreatedSession {
+  session: VerificationSession;
+  clientToken: string;
+}
+/** Configuration for the server SDK client. */
+interface ArkycOptions {
+  /** Project secret API key (`sk_…`). */
+  secretKey: string;
+  /** API base URL (default `https://api.arkyc.dev`). */
+  baseUrl?: string;
+  /**
+   * Optional workflow applied to every session this client opens (the workflow's
+   * ID, from the dashboard). Overridable per `sessions.create({ workflowId })`.
+   */
+  workflowId?: string | null;
+  /** Custom fetch implementation (defaults to global `fetch`). */
+  fetch?: typeof fetch;
+}
+/** Payload delivered when the widget flow completes. */
+interface WidgetResult {
+  status: string;
+  [key: string]: unknown;
+}
+/** A widget event delivered to {@link OpenWidgetOptions.onEvent} / `handle.on`. */
+interface WidgetEvent {
+  /** Event name, e.g. `session.transition`, `complete`, `error`, `close`. */
+  name: string;
+  /** Event payload (shape depends on `name`). */
+  data?: unknown;
+}
+/** Subscribe to a named widget event; returns an unsubscribe function. */
+type WidgetEventListener = (data: unknown) => void;
+/** Options for {@link ArkycWidget.open}. */
+interface OpenWidgetOptions {
+  /** The session's client token (from `arkyc.sessions.create`). */
+  token: string;
+  /** Hosted widget origin (default `https://verify.arkyc.dev`). */
+  widgetUrl?: string;
+  onComplete?: (result: WidgetResult) => void;
+  onError?: (error: unknown) => void;
+  onClose?: () => void;
+  /**
+   * Firehose for live session events (`session.transition`) and lifecycle events
+   * (`complete` / `error` / `close`), delivered from the hosted widget over
+   * `postMessage`. Also subscribable per-name via {@link WidgetHandle.on}.
+   */
+  onEvent?: (event: WidgetEvent) => void;
+  /** Injectable for testing; defaults to the global `document`. */
+  doc?: Document;
+  /** Injectable for testing; defaults to the global `window`. */
+  win?: Window;
+}
+/** A handle to the open widget. */
+interface WidgetHandle {
+  close: () => void;
+  /**
+   * Subscribe to a named widget event (e.g. `session.transition`, `complete`).
+   * Returns an unsubscribe function.
+   */
+  on: (event: string, listener: WidgetEventListener) => () => void;
+}
+//#endregion
+export { ArkycOptions, CreateSessionParams, CreatedSession, OpenWidgetOptions, VerificationSession, WidgetHandle };
+//# sourceMappingURL=types.d.mts.map

package/dist/types.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.mts","names":[],"sources":["../src/types.ts"],"mappings":";;;;UAGiB,mBAAA;EACf,EAAA;EACA,UAAA;EACA,cAAA;EACA,MAAA,EAAQ,kBAAA;EACR,aAAA,EAAe,oBAAA;EACf,cAAA,EAAgB,oBAAA;EAChB,eAAA,EAAiB,cAAA;EACjB,UAAA;EACA,WAAA;EAKe;EAHf,WAAA;EACA,QAAA,EAAU,cAAA;EAVV;EAYA,MAAA,GAAS,MAAA;EACT,UAAA;EACA,YAAA;EACA,UAAA;AAAA;;UAIe,mBAAA;EAdf;EAgBA,aAAA;EAfA;EAiBA,QAAA,GAAW,QAAQ;EAdnB;EAgBA,UAAA;AAAA;;UAIe,cAAA;EACf,OAAA,EAAS,mBAAmB;EAC5B,WAAA;AAAA;;UAIe,YAAA;EAhBA;EAkBf,SAAA;;EAEA,OAAA;EAlBA;;;;EAuBA,UAAA;EAnBU;EAqBV,KAAA,UAAe,KAAK;AAAA;;UAIL,YAAA;EACf,MAAA;EAAA,CACC,GAAW;AAAA;;UAIG,WAAA;EArBA;EAuBf,IAAA;;EAEA,IAAI;AAAA;;KAIM,mBAAA,IAAuB,IAAa;;UAG/B,iBAAA;EArBK;EAuBpB,KAAA;EAnBe;EAqBf,SAAA;EACA,UAAA,IAAc,MAAA,EAAQ,YAAA;EACtB,OAAA,IAAW,KAAA;EACX,OAAA;EAlBe;;;;AAIX;EAoBJ,OAAA,IAAW,KAAA,EAAO,WAAA;EAhBW;EAkB7B,GAAA,GAAM,QAAA;EAlBwC;EAoB9C,GAAA,GAAM,MAAA;AAAA;;UAIS,YAAA;EACf,KAAA;EATkB;;;;EAclB,EAAA,GAAK,KAAA,UAAe,QAAA,EAAU,mBAAmB;AAAA"}

package/package.json

@@ -0,0 +1,34 @@
+{
+  "name": "@arkyc/sdk",
+  "version": "1.0.0",
+  "description": "Arkyc TypeScript SDK (server + browser)",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.mjs",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.mts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.mts",
+      "import": "./dist/index.mjs"
+    },
+    "./browser": {
+      "types": "./dist/browser.d.mts",
+      "import": "./dist/browser.mjs"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "@arkyc/types": "^1.0.0",
+    "@arkyc/webhooks": "^1.0.0",
+    "@arkyc/core": "^1.0.0"
+  },
+  "scripts": {
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "lint": "eslint src",
+    "clean": "rm -rf dist"
+  }
+}