@arkyc/types 1.0.0

package/dist/audit.d.mts

@@ -0,0 +1,27 @@
+import { Id, IsoDateTime, Metadata } from "./common.mjs";
+
+//#region src/audit.d.ts
+/** Who performed an audited action. */
+type ActorType = 'user' | 'api_key' | 'system';
+/**
+ * An immutable audit log entry. Project scope is optional (some actions are
+ * organization-level only). Audit rows are append-only and carry no `updated_at`.
+ */
+interface AuditLog {
+  id: Id;
+  organization_id: Id;
+  project_id: Id | null;
+  actor_id: Id | null;
+  actor_type: ActorType;
+  /** Action key, e.g. `session.approved`, `api_key.created`. */
+  action: string;
+  entity_type: string;
+  entity_id: Id | null;
+  metadata: Metadata;
+  ip_address: string | null;
+  user_agent: string | null;
+  created_at: IsoDateTime;
+}
+//#endregion
+export { ActorType, AuditLog };
+//# sourceMappingURL=audit.d.mts.map

package/dist/audit.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.mts","names":[],"sources":["../src/audit.ts"],"mappings":";;;;KAGY,SAAA;AAAZ;;;;AAAA,UAMiB,QAAA;EACf,EAAA,EAAI,EAAA;EACJ,eAAA,EAAiB,EAAA;EACjB,UAAA,EAAY,EAAA;EACZ,QAAA,EAAU,EAAA;EACV,UAAA,EAAY,SAAA;EAFA;EAIZ,MAAA;EACA,WAAA;EACA,SAAA,EAAW,EAAA;EACX,QAAA,EAAU,QAAA;EACV,UAAA;EACA,UAAA;EACA,UAAA,EAAY,WAAA;AAAA"}

package/dist/common.d.mts

@@ -0,0 +1,36 @@
+//#region src/common.d.ts
+/**
+ * Shared primitive aliases used across Arkyc domain types.
+ *
+ * These are intentionally light: they document intent at call sites without
+ * adding runtime weight. IDs are strings (prefixed identifiers like
+ * `kyc_sess_…`, `organization_…`, `project_…`); timestamps are ISO-8601 strings.
+ */
+/** A unique identifier (typically a prefixed, URL-safe string). */
+type Id = string;
+/** An ISO-8601 date-time string, e.g. `2026-06-20T00:00:00.000Z`. */
+type IsoDateTime = string;
+/** An ISO-8601 date string (no time component), e.g. `1990-05-21`. */
+type IsoDate = string;
+/** Arbitrary, JSON-serialisable metadata attached to an entity. */
+type Metadata = Record<string, unknown>;
+/** Columns shared by every persisted entity. */
+interface Timestamps {
+  created_at: IsoDateTime;
+  updated_at: IsoDateTime;
+}
+/** A persisted entity: an `id` plus creation/update timestamps. */
+interface Entity extends Timestamps {
+  id: Id;
+}
+/** Scoping columns present on every organization-owned entity. */
+interface OrganizationScoped {
+  organization_id: Id;
+}
+/** Scoping columns present on every project-owned entity. */
+interface ProjectScoped extends OrganizationScoped {
+  project_id: Id;
+}
+//#endregion
+export { Entity, Id, IsoDate, IsoDateTime, Metadata, OrganizationScoped, ProjectScoped, Timestamps };
+//# sourceMappingURL=common.d.mts.map

package/dist/common.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.d.mts","names":[],"sources":["../src/common.ts"],"mappings":";;AASA;;;;AAAc;AAGd;;KAHY,EAAA;;KAGA,WAAA;AAGZ;AAAA,KAAY,OAAA;;KAGA,QAAA,GAAW,MAAM;AAHV;AAAA,UAMF,UAAA;EACf,UAAA,EAAY,WAAA;EACZ,UAAA,EAAY,WAAW;AAAA;AALI;AAAA,UASZ,MAAA,SAAe,UAAU;EACxC,EAAA,EAAI,EAAA;AAAA;;UAIW,kBAAA;EACf,eAAA,EAAiB,EAAE;AAAA;;UAIJ,aAAA,SAAsB,kBAAkB;EACvD,UAAA,EAAY,EAAA;AAAA"}

package/dist/index.d.mts

@@ -0,0 +1,16 @@
+import { Entity, Id, IsoDate, IsoDateTime, Metadata, OrganizationScoped, ProjectScoped, Timestamps } from "./common.mjs";
+import { PublicUser, User } from "./user.mjs";
+import { InvitationStatus, MembershipStatus, Organization, OrganizationInvitation, OrganizationMember, OrganizationSettings } from "./organization.mjs";
+import { AdminPermission, AdminPermissionGroup, AdminPermissionKey, AdminRoleSlug, AnyPermissionGroup, AnyPermissionKey, Permission, PermissionGroup, PermissionKey, Role, RolePermission, SystemRoleSlug, UserPermission } from "./rbac.mjs";
+import { CaptureModel, DEFAULT_GLOBAL_SETTINGS, GlobalSetting, GlobalSettings, RealtimeTransport } from "./settings.mjs";
+import { DecisionReason, LivenessChallenge, LivenessMode, VerificationDecision, VerificationSession, VerificationStatus } from "./verification.mjs";
+import { REALTIME_EVENT, RealtimeEventName, ReviewActionEvent, SessionTransitionEvent, parseRealtimeChannel, realtimeChannels } from "./realtime.mjs";
+import { ApiKey, ApiKeyWithSecret, Project, ProjectBranding, ProjectContext, ProjectEnvironment, ProjectHandoffSettings, ProjectMember, ProjectSettings, ProjectStatus, VerificationThresholds } from "./project.mjs";
+import { DocumentCapture, DocumentPortrait, DocumentType, FaceMatchCheck, FaceMatchResultData, LivenessCheck, LivenessResultData, OcrAuthenticity, OcrFields, OcrResult, OcrResultData, SpoofSignals } from "./providers.mjs";
+import { DEFAULT_WORKFLOW_CONFIG, WORKFLOW_STEP_KEYS, Workflow, WorkflowConfig, WorkflowOptions, WorkflowStep, WorkflowStepKey, workflowEnabledSteps, workflowEnables, workflowRunsOcr } from "./workflow.mjs";
+import { Review, ReviewAction, ReviewNote } from "./review.mjs";
+import { WebhookChecks, WebhookDelivery, WebhookDeliveryStatus, WebhookEndpoint, WebhookEndpointStatus, WebhookEvent, WebhookEventName } from "./webhook.mjs";
+import { ActorType, AuditLog } from "./audit.mjs";
+import { CreateSessionParams, SdkOptions, SessionResource } from "./sdk.mjs";
+import { WidgetMode, WidgetOptions, WidgetResult, WidgetStep } from "./widget.mjs";
+export { ActorType, AdminPermission, AdminPermissionGroup, AdminPermissionKey, AdminRoleSlug, AnyPermissionGroup, AnyPermissionKey, ApiKey, ApiKeyWithSecret, AuditLog, CaptureModel, CreateSessionParams, DEFAULT_GLOBAL_SETTINGS, DEFAULT_WORKFLOW_CONFIG, DecisionReason, DocumentCapture, DocumentPortrait, DocumentType, Entity, FaceMatchCheck, FaceMatchResultData, GlobalSetting, GlobalSettings, Id, InvitationStatus, IsoDate, IsoDateTime, LivenessChallenge, LivenessCheck, LivenessMode, LivenessResultData, MembershipStatus, Metadata, OcrAuthenticity, OcrFields, OcrResult, OcrResultData, Organization, OrganizationInvitation, OrganizationMember, OrganizationScoped, OrganizationSettings, Permission, PermissionGroup, PermissionKey, Project, ProjectBranding, ProjectContext, ProjectEnvironment, ProjectHandoffSettings, ProjectMember, ProjectScoped, ProjectSettings, ProjectStatus, PublicUser, REALTIME_EVENT, RealtimeEventName, RealtimeTransport, Review, ReviewAction, ReviewActionEvent, ReviewNote, Role, RolePermission, SdkOptions, SessionResource, SessionTransitionEvent, SpoofSignals, SystemRoleSlug, Timestamps, User, UserPermission, VerificationDecision, VerificationSession, VerificationStatus, VerificationThresholds, WORKFLOW_STEP_KEYS, WebhookChecks, WebhookDelivery, WebhookDeliveryStatus, WebhookEndpoint, WebhookEndpointStatus, WebhookEvent, WebhookEventName, WidgetMode, WidgetOptions, WidgetResult, WidgetStep, Workflow, WorkflowConfig, WorkflowOptions, WorkflowStep, WorkflowStepKey, parseRealtimeChannel, realtimeChannels, workflowEnabledSteps, workflowEnables, workflowRunsOcr };

package/dist/index.mjs

@@ -0,0 +1,4 @@
+import { DEFAULT_GLOBAL_SETTINGS } from "./settings.mjs";
+import { REALTIME_EVENT, parseRealtimeChannel, realtimeChannels } from "./realtime.mjs";
+import { DEFAULT_WORKFLOW_CONFIG, WORKFLOW_STEP_KEYS, workflowEnabledSteps, workflowEnables, workflowRunsOcr } from "./workflow.mjs";
+export { DEFAULT_GLOBAL_SETTINGS, DEFAULT_WORKFLOW_CONFIG, REALTIME_EVENT, WORKFLOW_STEP_KEYS, parseRealtimeChannel, realtimeChannels, workflowEnabledSteps, workflowEnables, workflowRunsOcr };

package/dist/organization.d.mts

@@ -0,0 +1,41 @@
+import { Entity, Id, IsoDateTime, Metadata, OrganizationScoped } from "./common.mjs";
+
+//#region src/organization.d.ts
+/** Membership lifecycle states for organization/project members. */
+type MembershipStatus = 'active' | 'invited' | 'suspended';
+/** Invitation lifecycle states. */
+type InvitationStatus = 'pending' | 'accepted' | 'expired' | 'revoked';
+/**
+ * An organization, business, or workspace using Arkyc. An organization owns projects,
+ * members, roles, API keys, sessions, webhooks, and audit logs.
+ */
+interface Organization extends Entity {
+  name: string;
+  slug: string;
+  logo_url: string | null;
+  settings: OrganizationSettings;
+}
+/** Organization-level configuration (free-form, with known optional keys). */
+interface OrganizationSettings extends Metadata {
+  /** Days to retain verification media before cleanup (Phase 15). */
+  retention_days?: number;
+}
+/** Links a {@link User} to a {@link Organization} with a role. */
+interface OrganizationMember extends Entity, OrganizationScoped {
+  user_id: Id;
+  role_id: Id;
+  status: MembershipStatus;
+  joined_at: IsoDateTime | null;
+}
+/** A pending invitation to join an organization with a given role. */
+interface OrganizationInvitation extends Entity, OrganizationScoped {
+  email: string;
+  role_id: Id;
+  /** Hash of the single-use invitation token; the raw token is emailed once. */
+  token_hash: string;
+  expires_at: IsoDateTime;
+  accepted_at: IsoDateTime | null;
+}
+//#endregion
+export { InvitationStatus, MembershipStatus, Organization, OrganizationInvitation, OrganizationMember, OrganizationSettings };
+//# sourceMappingURL=organization.d.mts.map

package/dist/organization.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"organization.d.mts","names":[],"sources":["../src/organization.ts"],"mappings":";;;;KAGY,gBAAA;AAAZ;AAAA,KAGY,gBAAA;;;AAHgB;AAG5B;UAMiB,YAAA,SAAqB,MAAM;EAC1C,IAAA;EACA,IAAA;EACA,QAAA;EACA,QAAA,EAAU,oBAAA;AAAA;;UAIK,oBAAA,SAA6B,QAAQ;EARhB;EAUpC,cAAc;AAAA;;UAIC,kBAAA,SAA2B,MAAA,EAAQ,kBAAA;EAClD,OAAA,EAAS,EAAA;EACT,OAAA,EAAS,EAAA;EACT,MAAA,EAAQ,gBAAA;EACR,SAAA,EAAW,WAAA;AAAA;;UAII,sBAAA,SAA+B,MAAA,EAAQ,kBAAA;EACtD,KAAA;EACA,OAAA,EAAS,EAAA;EAVyB;EAYlC,UAAA;EACA,UAAA,EAAY,WAAA;EACZ,WAAA,EAAa,WAAA;AAAA"}

package/dist/project.d.mts

@@ -0,0 +1,104 @@
+import { Entity, Id, IsoDateTime, Metadata, OrganizationScoped, ProjectScoped } from "./common.mjs";
+import { MembershipStatus } from "./organization.mjs";
+import { CaptureModel } from "./settings.mjs";
+
+//#region src/project.d.ts
+/** Deployment environment for a project. */
+type ProjectEnvironment = 'production' | 'staging' | 'development';
+/** Project lifecycle status. */
+type ProjectStatus = 'active' | 'paused' | 'archived';
+/**
+ * Per-project, configurable thresholds the decision engine compares scores
+ * against. Defaults live in `@arkyc/core`; projects may override any subset.
+ */
+interface VerificationThresholds {
+  documentQualityThreshold: number;
+  ocrConfidenceThreshold: number;
+  livenessThreshold: number;
+  faceMatchThreshold: number;
+}
+/** Visual branding applied to the widget for a project. */
+interface ProjectBranding {
+  logo_url?: string | null;
+  primary_color?: string;
+  border_radius?: number;
+  theme?: 'light' | 'dark';
+  /** Display name (company/product) shown in the widget header. */
+  name?: string | null;
+  /**
+   * Whether to show the project's name/logo in the widget header. Defaults to
+   * shown; set `false` for an unbranded (white-label) header.
+   */
+  show_branding?: boolean;
+}
+/**
+ * Cross-device handoff: a desktop user continues an in-progress verification on
+ * their phone by scanning a QR code.
+ * The QR is shown first on desktop.
+ */
+interface ProjectHandoffSettings {
+  /** Whether desktop users are offered the QR handoff to their phone. */
+  enabled?: boolean;
+  /**
+   * Whether a desktop user may instead continue on the desktop device. When
+   * `false`, a desktop user must scan to a phone (no "continue here"). Defaults true.
+   */
+  allow_desktop?: boolean;
+}
+/** Project-level configuration. */
+interface ProjectSettings extends Metadata {
+  thresholds?: Partial<VerificationThresholds>;
+  allowed_origins?: string[];
+  /** Maximum verification attempts before a session is hard-failed. */
+  max_retries?: number;
+  /** Overrides the global capture model for this project (Phase 17). */
+  capture_model?: CaptureModel;
+  /** Cross-device session handoff (QR). Off unless the project opts in. */
+  handoff?: ProjectHandoffSettings;
+}
+/**
+ * A specific application, environment, or product integration owned by a
+ * organization. Sessions, API keys, and webhooks are scoped to a project.
+ */
+interface Project extends Entity, OrganizationScoped {
+  name: string;
+  slug: string;
+  environment: ProjectEnvironment;
+  settings: ProjectSettings;
+  branding: ProjectBranding;
+  status: ProjectStatus;
+  has_ai_grant?: boolean;
+}
+/** Links a user to a project with a role (narrower tha organization membership). */
+interface ProjectMember extends Entity, ProjectScoped {
+  user_id: Id;
+  role_id: Id;
+  status: MembershipStatus;
+}
+/**
+ * A project API key. Only `key_prefix` is stored in clear; the secret is hashed
+ * (`key_hash`) and shown to the integrator exactly once at creation.
+ */
+interface ApiKey extends Entity, ProjectScoped {
+  name: string;
+  key_prefix: string;
+  key_hash: string;
+  last_used_at: IsoDateTime | null;
+  expires_at: IsoDateTime | null;
+  revoked_at: IsoDateTime | null;
+}
+/** An API key plus its one-time-visible secret, returned only at creation. */
+interface ApiKeyWithSecret {
+  api_key: ApiKey;
+  /** The full secret key, e.g. `sk_live_…`. Never persisted in clear. */
+  secret: string;
+}
+/** Resolves the organization + project + (optionally) acting user for a request. */
+interface ProjectContext {
+  organization_id: Id;
+  project_id: Id;
+  api_key_id?: Id;
+}
+//#endregion
+export { ApiKey, ApiKeyWithSecret, Project, ProjectBranding, ProjectContext, ProjectEnvironment, ProjectHandoffSettings, ProjectMember, ProjectSettings, ProjectStatus, VerificationThresholds };
+//# sourceMappingURL=project.d.mts.map

package/dist/project.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"project.d.mts","names":[],"sources":["../src/project.ts"],"mappings":";;;;;;KAMY,kBAAA;AAAZ;AAAA,KAGY,aAAA;;;AAHkB;AAG9B;UAMiB,sBAAA;EACf,wBAAA;EACA,sBAAA;EACA,iBAAA;EACA,kBAAA;AAAA;;UAIe,eAAA;EACf,QAAA;EACA,aAAA;EACA,aAAA;EACA,KAAA;EARkB;EAUlB,IAAA;EANe;;;;EAWf,aAAA;AAAA;;;;;;UAQe,sBAAA;EAAA;EAEf,OAAA;;;AAKa;AAIf;EAJE,aAAa;AAAA;;UAIE,eAAA,SAAwB,QAAA;EACvC,UAAA,GAAa,OAAA,CAAQ,sBAAA;EACrB,eAAA;EAFuC;EAIvC,WAAA;EAJ+C;EAM/C,aAAA,GAAgB,YAAA;EALhB;EAOA,OAAA,GAAU,sBAAA;AAAA;;;;;UAOK,OAAA,SAAgB,MAAA,EAAQ,kBAAA;EACvC,IAAA;EACA,IAAA;EACA,WAAA,EAAa,kBAAA;EACb,QAAA,EAAU,eAAA;EACV,QAAA,EAAU,eAAA;EACV,MAAA,EAAQ,aAAA;EACR,YAAA;AAAA;;UAIe,aAAA,SAAsB,MAAA,EAAQ,aAAA;EAC7C,OAAA,EAAS,EAAA;EACT,OAAA,EAAS,EAAA;EACT,MAAA,EAAQ,gBAAA;AAAA;;;;;UAOO,MAAA,SAAe,MAAA,EAAQ,aAAA;EACtC,IAAA;EACA,UAAA;EACA,QAAA;EACA,YAAA,EAAc,WAAA;EACd,UAAA,EAAY,WAAA;EACZ,UAAA,EAAY,WAAA;AAAA;;UAIG,gBAAA;EACf,OAAA,EAAS,MAAM;EArBA;EAuBf,MAAA;AAAA;;UAIe,cAAA;EACf,eAAA,EAAiB,EAAA;EACjB,UAAA,EAAY,EAAA;EACZ,UAAA,GAAa,EAAA;AAAA"}

package/dist/providers.d.mts

@@ -0,0 +1,121 @@
+import { Entity, Id, IsoDate, ProjectScoped } from "./common.mjs";
+
+//#region src/providers.d.ts
+/** Supported identity document categories. */
+type DocumentType = 'passport' | 'id_card' | 'drivers_license' | 'residence_permit';
+/** Structured identity fields extracted from a document via OCR. */
+interface OcrFields {
+  firstName?: string;
+  lastName?: string;
+  fullName?: string;
+  dateOfBirth?: IsoDate;
+  documentNumber?: string;
+  expiryDate?: IsoDate;
+  nationality?: string;
+}
+/**
+ * Best-effort, image-only authenticity read from an OCR driver capable of it
+ * (the `ai` vision driver). Advisory anti-spoofing signals — a flagged document
+ * is routed to manual review, never auto-rejected on the model's say-so.
+ */
+interface OcrAuthenticity {
+  /** False when any tamper/replay signal fired. */
+  genuine: boolean;
+  /** Model's authenticity confidence in [0, 1]: 1 = clearly an original, 0 = clearly fake/replayed. */
+  confidence: number;
+  /** Looks like a photo of a screen (moiré, screen glare/banding, bezel) — a replay attack. */
+  screenReplay: boolean;
+  /** Looks like a photo/scan of a printout or photocopy rather than the physical document. */
+  photocopy: boolean;
+  /** Signs of digital editing (mismatched fonts, misaligned/recoloured text, cloned regions, edited photo/dates). */
+  digitalTampering: boolean;
+  /** Signs of physical tampering (substituted photo, peeled laminate, scratched/overwritten fields). */
+  physicalTampering: boolean;
+  /** Brief human-readable observations supporting the flags. */
+  observations: string[];
+}
+/** The shape returned by any OCR driver. */
+interface OcrResultData {
+  fields: OcrFields;
+  /** Overall extraction confidence in [0, 1]. */
+  confidence: number;
+  /** Best-effort authenticity assessment, when the driver supports it. */
+  authenticity?: OcrAuthenticity;
+  /** Raw provider payload, retained for audit/debugging. */
+  raw?: unknown;
+}
+/** Anti-spoofing signals surfaced by a liveness driver. */
+interface SpoofSignals {
+  screenReplay?: boolean;
+  printedPhoto?: boolean;
+  maskDetected?: boolean;
+  multipleFaces?: boolean;
+  faceNotCentered?: boolean;
+  poorLighting?: boolean;
+}
+/** The shape returned by any passive-liveness driver. */
+interface LivenessResultData {
+  passed: boolean;
+  /** Liveness confidence in [0, 1]. */
+  score: number;
+  spoofSignals: SpoofSignals;
+  raw?: unknown;
+}
+/** The shape returned by any face-match driver. */
+interface FaceMatchResultData {
+  passed: boolean;
+  /** Similarity between document portrait and selfie in [0, 1]. */
+  similarityScore: number;
+  /** Driver confidence in the comparison, in [0, 1]. */
+  confidence: number;
+  raw?: unknown;
+}
+/** A captured identity document (front and optional back) for a session. */
+interface DocumentCapture extends Entity, ProjectScoped {
+  session_id: Id;
+  country: string | null;
+  document_type: DocumentType | null;
+  front_image_path: string | null;
+  back_image_path: string | null;
+  quality_score: number | null;
+}
+/** Persisted OCR output for a document capture. */
+interface OcrResult extends Entity, ProjectScoped {
+  session_id: Id;
+  document_capture_id: Id;
+  fields: OcrFields;
+  confidence: number;
+  raw_response: unknown;
+}
+/** The portrait region extracted from a document, used for face matching. */
+interface DocumentPortrait extends Entity, ProjectScoped {
+  session_id: Id;
+  document_capture_id: Id;
+  portrait_image_path: string;
+  detection_confidence: number;
+}
+/** Persisted passive-liveness result for a session. */
+interface LivenessCheck extends Entity, ProjectScoped {
+  session_id: Id;
+  selfie_image_path: string | null;
+  video_path: string | null;
+  score: number;
+  passed: boolean;
+  spoof_signals: SpoofSignals;
+  provider: string;
+  raw_response: unknown;
+}
+/** Persisted face-match result comparing document portrait to selfie. */
+interface FaceMatchCheck extends Entity, ProjectScoped {
+  session_id: Id;
+  id_portrait_image_path: string | null;
+  selfie_image_path: string | null;
+  similarity_score: number;
+  confidence: number;
+  passed: boolean;
+  provider: string;
+  raw_response: unknown;
+}
+//#endregion
+export { DocumentCapture, DocumentPortrait, DocumentType, FaceMatchCheck, FaceMatchResultData, LivenessCheck, LivenessResultData, OcrAuthenticity, OcrFields, OcrResult, OcrResultData, SpoofSignals };
+//# sourceMappingURL=providers.d.mts.map

package/dist/providers.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"providers.d.mts","names":[],"sources":["../src/providers.ts"],"mappings":";;;;KAGY,YAAA;AAAZ;AAAA,UAGiB,SAAA;EACf,SAAA;EACA,QAAA;EACA,QAAA;EACA,WAAA,GAAc,OAAA;EACd,cAAA;EACA,UAAA,GAAa,OAAO;EACpB,WAAA;AAAA;;;;;;UAQe,eAAA;EATF;EAWb,OAAA;EAVW;EAYX,UAAA;EAJe;EAMf,YAAA;;EAEA,SAAA;EANA;EAQA,gBAAA;EAJA;EAMA,iBAAA;EAFA;EAIA,YAAA;AAAA;;UAIe,aAAA;EACf,MAAA,EAAQ,SAAA;EADoB;EAG5B,UAAA;EAE8B;EAA9B,YAAA,GAAe,eAAe;EAJtB;EAMR,GAAA;AAAA;;UAIe,YAAA;EACf,YAAA;EACA,YAAA;EACA,YAAA;EACA,aAAA;EACA,eAAA;EACA,YAAA;AAAA;;UAIe,kBAAA;EACf,MAAA;EANA;EAQA,KAAA;EACA,YAAA,EAAc,YAAY;EAC1B,GAAA;AAAA;;UAIe,mBAAA;EACf,MAAA;EATA;EAWA,eAAA;EARA;EAUA,UAAA;EACA,GAAA;AAAA;AAVG;AAAA,UAcY,eAAA,SAAwB,MAAA,EAAQ,aAAA;EAC/C,UAAA,EAAY,EAAA;EACZ,OAAA;EACA,aAAA,EAAe,YAAA;EACf,gBAAA;EACA,eAAA;EACA,aAAA;AAAA;;UAIe,SAAA,SAAkB,MAAA,EAAQ,aAAA;EACzC,UAAA,EAAY,EAAA;EACZ,mBAAA,EAAqB,EAAA;EACrB,MAAA,EAAQ,SAAA;EACR,UAAA;EACA,YAAA;AAAA;;UAIe,gBAAA,SAAyB,MAAA,EAAQ,aAAA;EAChD,UAAA,EAAY,EAAA;EACZ,mBAAA,EAAqB,EAAA;EACrB,mBAAA;EACA,oBAAA;AAAA;;UAIe,aAAA,SAAsB,MAAA,EAAQ,aAAA;EAC7C,UAAA,EAAY,EAAA;EACZ,iBAAA;EACA,UAAA;EACA,KAAA;EACA,MAAA;EACA,aAAA,EAAe,YAAA;EACf,QAAA;EACA,YAAA;AAAA;;UAIe,cAAA,SAAuB,MAAA,EAAQ,aAAA;EAC9C,UAAA,EAAY,EAAA;EACZ,sBAAA;EACA,iBAAA;EACA,gBAAA;EACA,UAAA;EACA,MAAA;EACA,QAAA;EACA,YAAA;AAAA"}

package/dist/rbac.d.mts

@@ -0,0 +1,80 @@
+import { Entity, Id, OrganizationScoped } from "./common.mjs";
+
+//#region src/rbac.d.ts
+/**
+ * The full catalogue of permission strings recognised by Arkyc.
+ *
+ * Permissions are grouped by domain (`<group>.<action>`). Effective access for
+ * a user is the union of their role permissions and any directly-assigned
+ * permissions (see `@arkyc/permissions`).
+ */
+type PermissionKey = 'organizations.view' | 'organizations.update' | 'organizations.delete' | 'members.view' | 'members.invite' | 'members.update' | 'members.remove' | 'projects.view' | 'projects.create' | 'projects.update' | 'projects.delete' | 'api_keys.view' | 'api_keys.create' | 'api_keys.revoke' | 'webhooks.view' | 'webhooks.create' | 'webhooks.update' | 'webhooks.delete' | 'webhooks.test' | 'workflows.view' | 'workflows.create' | 'workflows.update' | 'workflows.delete' | 'sessions.view' | 'sessions.create' | 'sessions.cancel' | 'sessions.retry' | 'sessions.export' | 'reviews.view' | 'reviews.assign' | 'reviews.approve' | 'reviews.reject' | 'reviews.request_retry' | 'reviews.note' | 'audit_logs.view' | 'settings.view' | 'settings.update' | 'billing.view' | 'billing.update';
+/** The domain groups permissions are organised under. */
+type PermissionGroup = 'organizations' | 'members' | 'projects' | 'api_keys' | 'webhooks' | 'workflows' | 'sessions' | 'reviews' | 'audit_logs' | 'settings' | 'billing';
+/** The built-in system roles seeded for every organization. */
+type SystemRoleSlug = 'owner' | 'admin' | 'reviewer' | 'developer' | 'readonly';
+/**
+ * Platform-scope permission strings, distinct from organization {@link PermissionKey}.
+ * These gate the super-admin surface above organizations and are only ever granted
+ * through {@link AdminPermission} (never an organization role). Rows carry `admin: true`.
+ */
+type AdminPermissionKey = 'admin.organizations.view' | 'admin.organizations.manage' | 'admin.users.view' | 'admin.users.manage' | 'admin.settings.view' | 'admin.settings.update' | 'admin.audit.view' | 'admin.billing.view' | 'admin.billing.update' | 'admin.ai_processing.view' | 'admin.ai_processing.manage';
+/** The domain groups platform-admin permissions are organised under. */
+type AdminPermissionGroup = 'admin.organizations' | 'admin.users' | 'admin.settings' | 'admin.audit' | 'admin.billing' | 'admin.ai_processing';
+/** Any permission string, organization- or platform-scope. */
+type AnyPermissionKey = PermissionKey | AdminPermissionKey;
+/** Any permission group, organization- or platform-scope. */
+type AnyPermissionGroup = PermissionGroup | AdminPermissionGroup;
+/** The built-in platform-admin role slug. */
+type AdminRoleSlug = 'platform-owner';
+/** A permission definition row. Permissions are global (not organization-scoped). */
+interface Permission extends Entity {
+  /** The permission string, e.g. `sessions.view` or `admin.settings.view`. */
+  name: AnyPermissionKey;
+  description: string | null;
+  group: AnyPermissionGroup;
+  /** Platform-scope permission (gates the super-admin surface). */
+  admin: boolean;
+}
+/**
+ * A role within an organization. System roles (`is_system`) are seeded and cannot be
+ * deleted; organizations may also define custom roles.
+ */
+interface Role extends Entity {
+  /** Null for platform-admin roles (`admin: true`); set for organization roles. */
+  organization_id: Id | null;
+  name: string;
+  slug: string;
+  description: string | null;
+  is_system: boolean;
+  /** Platform-admin role (not organization-scoped). */
+  admin: boolean;
+}
+/** Join row granting a {@link Permission} to a {@link Role}. */
+interface RolePermission extends Entity {
+  role_id: Id;
+  permission_id: Id;
+}
+/**
+ * A permission assigned directly to a user, on top of their role permissions.
+ * `project_id` is null for organization-level grants, set for project-level grants.
+ */
+interface UserPermission extends Entity, OrganizationScoped {
+  project_id: Id | null;
+  user_id: Id;
+  permission_id: Id;
+}
+/**
+ * A platform-admin grant to a user. Mirrors {@link UserPermission} but without
+ * organization/project scope. A row is EITHER a role grant (`role_id` set) or a direct
+ * permission grant (`permission_id` set). Effective admin access is the union of
+ * both, resolved by `@arkyc/permissions`.
+ */
+interface AdminPermission extends Entity {
+  user_id: Id;
+  permission_id: Id | null;
+  role_id: Id | null;
+}
+//#endregion
+export { AdminPermission, AdminPermissionGroup, AdminPermissionKey, AdminRoleSlug, AnyPermissionGroup, AnyPermissionKey, Permission, PermissionGroup, PermissionKey, Role, RolePermission, SystemRoleSlug, UserPermission };
+//# sourceMappingURL=rbac.d.mts.map

package/dist/rbac.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac.d.mts","names":[],"sources":["../src/rbac.ts"],"mappings":";;;;;AASA;;;;AAAyB;KAAb,aAAA;;KA0CA,eAAA;;KAcA,cAAA;AAAZ;;;;AAA0B;AAA1B,KAOY,kBAAA;;KAcA,oBAAA;;KASA,gBAAA,GAAmB,aAAA,GAAgB,kBAAkB;AATjE;AAAA,KAYY,kBAAA,GAAqB,eAAA,GAAkB,oBAAoB;;KAG3D,aAAA;AAfoB;AAAA,UAkBf,UAAA,SAAmB,MAAA;EATR;EAW1B,IAAA,EAAM,gBAAA;EACN,WAAA;EACA,KAAA,EAAO,kBAAA;EAVG;EAYV,KAAA;AAAA;;AAZqE;AAGvE;;UAgBiB,IAAA,SAAa,MAAM;EAhBX;EAkBvB,eAAA,EAAiB,EAAA;EACjB,IAAA;EACA,IAAA;EACA,WAAA;EACA,SAAA;EAfO;EAiBP,KAAA;AAAA;;UAIe,cAAA,SAAuB,MAAA;EACtC,OAAA,EAAS,EAAA;EACT,aAAA,EAAe,EAAA;AAAA;;;;;UAOA,cAAA,SAAuB,MAAA,EAAQ,kBAAA;EAC9C,UAAA,EAAY,EAAA;EACZ,OAAA,EAAS,EAAA;EACT,aAAA,EAAe,EAAA;AAAA;;;;;;;UASA,eAAA,SAAwB,MAAA;EACvC,OAAA,EAAS,EAAA;EACT,aAAA,EAAe,EAAA;EACf,OAAA,EAAS,EAAA;AAAA"}

package/dist/realtime.d.mts

@@ -0,0 +1,56 @@
+import { Id } from "./common.mjs";
+import { VerificationStatus } from "./verification.mjs";
+
+//#region src/realtime.d.ts
+/**
+ * Realtime transport contracts (Phase 16). Pure, dependency-free helpers shared
+ * by the API (server publish) and the dashboard/widget (client subscribe), so
+ * channel and event names never drift between them.
+ */
+/** Events the API broadcasts. Clients react by invalidating their caches. */
+declare const REALTIME_EVENT: {
+  /** A verification session changed status (the `transitionTo` choke point). */readonly sessionTransition: "session.transition"; /** A reviewer acted on a session (assign/note/suspicious/decision/retry). */
+  readonly reviewAction: "review.action";
+};
+type RealtimeEventName = (typeof REALTIME_EVENT)[keyof typeof REALTIME_EVENT];
+/**
+ * Private channel name builders. All channels are `private-` (Pusher protocol),
+ * so a subscription must be authorized server-side against the caller's scope.
+ */
+declare const realtimeChannels: {
+  /** Everything in an organization. */organization: (organizationId: Id) => string; /** Everything in a project. */
+  project: (organizationId: Id, projectId: Id) => string; /** A single verification session (used by the widget via client token). */
+  session: (sessionId: Id) => string;
+};
+/** Parse a private channel name back into its scope, or null if unrecognized. */
+declare function parseRealtimeChannel(channel: string): {
+  kind: 'organization';
+  organizationId: string;
+} | {
+  kind: 'project';
+  organizationId: string;
+  projectId: string;
+} | {
+  kind: 'session';
+  sessionId: string;
+} | null;
+/** Payload for {@link REALTIME_EVENT.sessionTransition}. */
+interface SessionTransitionEvent {
+  session_id: Id;
+  organization_id: Id;
+  project_id: Id | null;
+  status: VerificationStatus;
+  previous_status: VerificationStatus | null;
+}
+/** Payload for {@link REALTIME_EVENT.reviewAction}. */
+interface ReviewActionEvent {
+  session_id: Id;
+  organization_id: Id;
+  project_id: Id | null;
+  /** The audit action, e.g. `review.assigned`, `review.note`, `review.approved`. */
+  action: string;
+  actor_id: Id | null;
+}
+//#endregion
+export { REALTIME_EVENT, RealtimeEventName, ReviewActionEvent, SessionTransitionEvent, parseRealtimeChannel, realtimeChannels };
+//# sourceMappingURL=realtime.d.mts.map

package/dist/realtime.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"realtime.d.mts","names":[],"sources":["../src/realtime.ts"],"mappings":";;;;;;AAUA;;;;cAAa,cAAA;EAOD,uFAFF,iBAAA;WAAA,YAAA;AAAA;AAAA,KAEE,iBAAA,WAA4B,cAAA,eAA6B,cAAc;;;;;cAMtE,gBAAA;EAMU,oEAJU,EAAA,aAIR;4BAFG,EAAA,EAAE,SAAA,EAAa,EAAA,aAFV;uBAIV,EAAA;AAAA;;iBAIP,oBAAA,CACd,OAAA;EAEI,IAAA;EAAsB,cAAA;AAAA;EACtB,IAAA;EAAiB,cAAA;EAAwB,SAAA;AAAA;EACzC,IAAA;EAAiB,SAAA;AAAA;;UAYN,sBAAA;EACf,UAAA,EAAY,EAAA;EACZ,eAAA,EAAiB,EAAA;EACjB,UAAA,EAAY,EAAA;EACZ,MAAA,EAAQ,kBAAA;EACR,eAAA,EAAiB,kBAAA;AAAA;;UAIF,iBAAA;EACf,UAAA,EAAY,EAAA;EACZ,eAAA,EAAiB,EAAA;EACjB,UAAA,EAAY,EAAA;;EAEZ,MAAA;EACA,QAAA,EAAU,EAAA;AAAA"}

package/dist/realtime.mjs

@@ -0,0 +1,49 @@
+//#region src/realtime.ts
+/**
+* Realtime transport contracts (Phase 16). Pure, dependency-free helpers shared
+* by the API (server publish) and the dashboard/widget (client subscribe), so
+* channel and event names never drift between them.
+*/
+/** Events the API broadcasts. Clients react by invalidating their caches. */
+const REALTIME_EVENT = {
+	/** A verification session changed status (the `transitionTo` choke point). */
+	sessionTransition: "session.transition",
+	/** A reviewer acted on a session (assign/note/suspicious/decision/retry). */
+	reviewAction: "review.action"
+};
+/**
+* Private channel name builders. All channels are `private-` (Pusher protocol),
+* so a subscription must be authorized server-side against the caller's scope.
+*/
+const realtimeChannels = {
+	/** Everything in an organization. */
+	organization: (organizationId) => `private-organization-${organizationId}`,
+	/** Everything in a project. */
+	project: (organizationId, projectId) => `private-organization-${organizationId}-project-${projectId}`,
+	/** A single verification session (used by the widget via client token). */
+	session: (sessionId) => `private-session-${sessionId}`
+};
+/** Parse a private channel name back into its scope, or null if unrecognized. */
+function parseRealtimeChannel(channel) {
+	const project = /^private-organization-(.+)-project-(.+)$/.exec(channel);
+	if (project) return {
+		kind: "project",
+		organizationId: project[1],
+		projectId: project[2]
+	};
+	const organization = /^private-organization-(.+)$/.exec(channel);
+	if (organization) return {
+		kind: "organization",
+		organizationId: organization[1]
+	};
+	const session = /^private-session-(.+)$/.exec(channel);
+	if (session) return {
+		kind: "session",
+		sessionId: session[1]
+	};
+	return null;
+}
+//#endregion
+export { REALTIME_EVENT, parseRealtimeChannel, realtimeChannels };
+
+//# sourceMappingURL=realtime.mjs.map

package/dist/realtime.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"realtime.mjs","names":[],"sources":["../src/realtime.ts"],"sourcesContent":["import type { Id } from './common'\nimport type { VerificationStatus } from './verification'\n\n/**\n * Realtime transport contracts (Phase 16). Pure, dependency-free helpers shared\n * by the API (server publish) and the dashboard/widget (client subscribe), so\n * channel and event names never drift between them.\n */\n\n/** Events the API broadcasts. Clients react by invalidating their caches. */\nexport const REALTIME_EVENT = {\n  /** A verification session changed status (the `transitionTo` choke point). */\n  sessionTransition: 'session.transition',\n  /** A reviewer acted on a session (assign/note/suspicious/decision/retry). */\n  reviewAction: 'review.action',\n} as const\n\nexport type RealtimeEventName = (typeof REALTIME_EVENT)[keyof typeof REALTIME_EVENT]\n\n/**\n * Private channel name builders. All channels are `private-` (Pusher protocol),\n * so a subscription must be authorized server-side against the caller's scope.\n */\nexport const realtimeChannels = {\n  /** Everything in an organization. */\n  organization: (organizationId: Id): string => `private-organization-${organizationId}`,\n  /** Everything in a project. */\n  project: (organizationId: Id, projectId: Id): string => `private-organization-${organizationId}-project-${projectId}`,\n  /** A single verification session (used by the widget via client token). */\n  session: (sessionId: Id): string => `private-session-${sessionId}`,\n}\n\n/** Parse a private channel name back into its scope, or null if unrecognized. */\nexport function parseRealtimeChannel(\n  channel: string,\n):\n  | { kind: 'organization'; organizationId: string }\n  | { kind: 'project'; organizationId: string; projectId: string }\n  | { kind: 'session'; sessionId: string }\n  | null {\n  const project = /^private-organization-(.+)-project-(.+)$/.exec(channel)\n  if (project) return { kind: 'project', organizationId: project[1]!, projectId: project[2]! }\n  const organization = /^private-organization-(.+)$/.exec(channel)\n  if (organization) return { kind: 'organization', organizationId: organization[1]! }\n  const session = /^private-session-(.+)$/.exec(channel)\n  if (session) return { kind: 'session', sessionId: session[1]! }\n  return null\n}\n\n/** Payload for {@link REALTIME_EVENT.sessionTransition}. */\nexport interface SessionTransitionEvent {\n  session_id: Id\n  organization_id: Id\n  project_id: Id | null\n  status: VerificationStatus\n  previous_status: VerificationStatus | null\n}\n\n/** Payload for {@link REALTIME_EVENT.reviewAction}. */\nexport interface ReviewActionEvent {\n  session_id: Id\n  organization_id: Id\n  project_id: Id | null\n  /** The audit action, e.g. `review.assigned`, `review.note`, `review.approved`. */\n  action: string\n  actor_id: Id | null\n}\n"],"mappings":";;;;;;;AAUA,MAAa,iBAAiB;;CAE5B,mBAAmB;;CAEnB,cAAc;AAChB;;;;;AAQA,MAAa,mBAAmB;;CAE9B,eAAe,mBAA+B,wBAAwB;;CAEtE,UAAU,gBAAoB,cAA0B,wBAAwB,eAAe,WAAW;;CAE1G,UAAU,cAA0B,mBAAmB;AACzD;;AAGA,SAAgB,qBACd,SAKO;CACP,MAAM,UAAU,2CAA2C,KAAK,OAAO;CACvE,IAAI,SAAS,OAAO;EAAE,MAAM;EAAW,gBAAgB,QAAQ;EAAK,WAAW,QAAQ;CAAI;CAC3F,MAAM,eAAe,8BAA8B,KAAK,OAAO;CAC/D,IAAI,cAAc,OAAO;EAAE,MAAM;EAAgB,gBAAgB,aAAa;CAAI;CAClF,MAAM,UAAU,yBAAyB,KAAK,OAAO;CACrD,IAAI,SAAS,OAAO;EAAE,MAAM;EAAW,WAAW,QAAQ;CAAI;CAC9D,OAAO;AACT"}

package/dist/review.d.mts

@@ -0,0 +1,27 @@
+import { Entity, Id, ProjectScoped } from "./common.mjs";
+import { VerificationStatus } from "./verification.mjs";
+
+//#region src/review.d.ts
+/** Actions a human reviewer can take on a session. */
+type ReviewAction = 'approve' | 'reject' | 'request_document_retry' | 'request_selfie_retry' | 'request_full_retry' | 'mark_suspicious' | 'note';
+/**
+ * An audited review action recording a status transition performed by a
+ * reviewer (or the system) on a session.
+ */
+interface Review extends Entity, ProjectScoped {
+  session_id: Id;
+  reviewer_id: Id | null;
+  previous_status: VerificationStatus;
+  new_status: VerificationStatus;
+  reason: string | null;
+  note: string | null;
+}
+/** A free-standing reviewer note attached to a session. */
+interface ReviewNote extends Entity, ProjectScoped {
+  session_id: Id;
+  reviewer_id: Id;
+  note: string;
+}
+//#endregion
+export { Review, ReviewAction, ReviewNote };
+//# sourceMappingURL=review.d.mts.map

package/dist/review.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"review.d.mts","names":[],"sources":["../src/review.ts"],"mappings":";;;;;KAIY,YAAA;AAAZ;;;;AAAA,UAaiB,MAAA,SAAe,MAAA,EAAQ,aAAA;EACtC,UAAA,EAAY,EAAA;EACZ,WAAA,EAAa,EAAA;EACb,eAAA,EAAiB,kBAAA;EACjB,UAAA,EAAY,kBAAA;EACZ,MAAA;EACA,IAAA;AAAA;;UAIe,UAAA,SAAmB,MAAA,EAAQ,aAAA;EAC1C,UAAA,EAAY,EAAA;EACZ,WAAA,EAAa,EAAA;EACb,IAAA;AAAA"}

package/dist/sdk.d.mts

@@ -0,0 +1,34 @@
+import { Metadata } from "./common.mjs";
+import { VerificationDecision, VerificationStatus } from "./verification.mjs";
+
+//#region src/sdk.d.ts
+/** Options for constructing the server SDK client (`new Arkyc(...)`). */
+interface SdkOptions {
+  /** Project secret key, e.g. `sk_live_…`. */
+  secretKey: string;
+  /** API base URL; defaults to the hosted Arkyc API. */
+  baseUrl?: string;
+  /** Request timeout in milliseconds. */
+  timeoutMs?: number;
+}
+/** Parameters for creating a verification session from a backend. */
+interface CreateSessionParams {
+  userReference?: string;
+  metadata?: Metadata;
+  /** Optional override for how long the session/client token stays valid. */
+  expiresInSeconds?: number;
+}
+/** The session representation returned by the SDK/public API. */
+interface SessionResource {
+  id: string;
+  status: VerificationStatus;
+  user_reference: string | null;
+  decision: VerificationDecision | null;
+  /** Short-lived client token for launching the widget (create response only). */
+  client_token?: string;
+  expires_at: string;
+  created_at: string;
+}
+//#endregion
+export { CreateSessionParams, SdkOptions, SessionResource };
+//# sourceMappingURL=sdk.d.mts.map

package/dist/sdk.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sdk.d.mts","names":[],"sources":["../src/sdk.ts"],"mappings":";;;;;UAIiB,UAAA;EAAA;EAEf,SAAA;;EAEA,OAAA;EAFA;EAIA,SAAA;AAAA;;UAIe,mBAAA;EACf,aAAA;EACA,QAAA,GAAW,QAAQ;;EAEnB,gBAAA;AAAA;;UAIe,eAAA;EACf,EAAA;EACA,MAAA,EAAQ,kBAAA;EACR,cAAA;EACA,QAAA,EAAU,oBAAoB;EAJA;EAM9B,YAAA;EACA,UAAA;EACA,UAAA;AAAA"}

package/dist/settings.d.mts

@@ -0,0 +1,47 @@
+import { Entity } from "./common.mjs";
+
+//#region src/settings.d.ts
+/**
+ * Realtime transport for verification events (Phase 16). `pusher` covers both
+ * hosted Pusher Channels (default, via a cluster) and self-hosted soketi (opt-in,
+ * via a host) — they share the Pusher protocol. `polling` carries no push
+ * transport: clients poll the session endpoint instead (a universal fallback that
+ * needs no infrastructure). `off` disables live updates entirely.
+ */
+type RealtimeTransport = 'pusher' | 'firebase' | 'polling' | 'off';
+/**
+ * Which capture/liveness flow the widget offers (Phase 17). `passive` = the
+ * current selfie flow; `active` = guided active-liveness challenges; `both` =
+ * offer active, falling back to passive on failure/unsupported devices.
+ */
+type CaptureModel = 'passive' | 'active' | 'both';
+/**
+ * Platform-wide settings, managed by platform admins on the `/admin` surface and
+ * read by the app at runtime. A single typed record (see {@link GlobalSetting}),
+ * always merged over {@link DEFAULT_GLOBAL_SETTINGS} so every key is present.
+ */
+interface GlobalSettings {
+  /** Branding/basics for the whole platform. */
+  platform: {
+    name: string;
+    support_email: string | null; /** Whether new organization sign-ups are accepted. */
+    signups_enabled: boolean;
+  };
+  /** Realtime delivery configuration (consumed in Phase 16). */
+  realtime: {
+    transport: RealtimeTransport;
+  };
+  /** Default capture/liveness flow offered to widgets (Phase 17). */
+  capture: {
+    model: CaptureModel;
+  };
+}
+/** The persisted singleton row backing {@link GlobalSettings}. */
+interface GlobalSetting extends Entity {
+  settings: GlobalSettings;
+}
+/** Defaults applied when a settings key is unset. */
+declare const DEFAULT_GLOBAL_SETTINGS: GlobalSettings;
+//#endregion
+export { CaptureModel, DEFAULT_GLOBAL_SETTINGS, GlobalSetting, GlobalSettings, RealtimeTransport };
+//# sourceMappingURL=settings.d.mts.map

package/dist/settings.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"settings.d.mts","names":[],"sources":["../src/settings.ts"],"mappings":";;;;;AASA;;;;AAA6B;KAAjB,iBAAA;;;;AAOY;AAOxB;KAPY,YAAA;;;;;;UAOK,cAAA;EASf;EAPA,QAAA;IACE,IAAA;IACA,aAAA,iBAUA;IARA,eAAA;EAAA;EAQmB;EALrB,QAAA;IACE,SAAA,EAAW,iBAAA;EAAA;EAS8B;EAN3C,OAAA;IACE,KAAA,EAAO,YAAY;EAAA;AAAA;AAMG;AAAA,UADT,aAAA,SAAsB,MAAM;EAC3C,QAAA,EAAU,cAAA;AAAA;;cAIC,uBAAA,EAAyB,cAYrC"}

package/dist/settings.mjs

@@ -0,0 +1,15 @@
+//#region src/settings.ts
+/** Defaults applied when a settings key is unset. */
+const DEFAULT_GLOBAL_SETTINGS = {
+	platform: {
+		name: "Arkyc",
+		support_email: null,
+		signups_enabled: true
+	},
+	realtime: { transport: "off" },
+	capture: { model: "passive" }
+};
+//#endregion
+export { DEFAULT_GLOBAL_SETTINGS };
+
+//# sourceMappingURL=settings.mjs.map

package/dist/settings.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"settings.mjs","names":[],"sources":["../src/settings.ts"],"sourcesContent":["import type { Entity } from './common'\n\n/**\n * Realtime transport for verification events (Phase 16). `pusher` covers both\n * hosted Pusher Channels (default, via a cluster) and self-hosted soketi (opt-in,\n * via a host) — they share the Pusher protocol. `polling` carries no push\n * transport: clients poll the session endpoint instead (a universal fallback that\n * needs no infrastructure). `off` disables live updates entirely.\n */\nexport type RealtimeTransport = 'pusher' | 'firebase' | 'polling' | 'off'\n\n/**\n * Which capture/liveness flow the widget offers (Phase 17). `passive` = the\n * current selfie flow; `active` = guided active-liveness challenges; `both` =\n * offer active, falling back to passive on failure/unsupported devices.\n */\nexport type CaptureModel = 'passive' | 'active' | 'both'\n\n/**\n * Platform-wide settings, managed by platform admins on the `/admin` surface and\n * read by the app at runtime. A single typed record (see {@link GlobalSetting}),\n * always merged over {@link DEFAULT_GLOBAL_SETTINGS} so every key is present.\n */\nexport interface GlobalSettings {\n  /** Branding/basics for the whole platform. */\n  platform: {\n    name: string\n    support_email: string | null\n    /** Whether new organization sign-ups are accepted. */\n    signups_enabled: boolean\n  }\n  /** Realtime delivery configuration (consumed in Phase 16). */\n  realtime: {\n    transport: RealtimeTransport\n  }\n  /** Default capture/liveness flow offered to widgets (Phase 17). */\n  capture: {\n    model: CaptureModel\n  }\n}\n\n/** The persisted singleton row backing {@link GlobalSettings}. */\nexport interface GlobalSetting extends Entity {\n  settings: GlobalSettings\n}\n\n/** Defaults applied when a settings key is unset. */\nexport const DEFAULT_GLOBAL_SETTINGS: GlobalSettings = {\n  platform: {\n    name: 'Arkyc',\n    support_email: null,\n    signups_enabled: true,\n  },\n  realtime: {\n    transport: 'off',\n  },\n  capture: {\n    model: 'passive',\n  },\n}\n"],"mappings":";;AA+CA,MAAa,0BAA0C;CACrD,UAAU;EACR,MAAM;EACN,eAAe;EACf,iBAAiB;CACnB;CACA,UAAU,EACR,WAAW,MACb;CACA,SAAS,EACP,OAAO,UACT;AACF"}

package/dist/user.d.mts

@@ -0,0 +1,17 @@
+import { Entity, IsoDateTime } from "./common.mjs";
+
+//#region src/user.d.ts
+/** A platform user account. Users belong to one or more organizations via membership. */
+interface User extends Entity {
+  name: string;
+  email: string;
+  /** Never serialised to clients; present on the DB row only. */
+  password_hash?: string;
+  avatar_url: string | null;
+  last_login_at: IsoDateTime | null;
+}
+/** A user shape safe to expose to clients (no credential material). */
+type PublicUser = Omit<User, 'password_hash'>;
+//#endregion
+export { PublicUser, User };
+//# sourceMappingURL=user.d.mts.map

package/dist/user.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.d.mts","names":[],"sources":["../src/user.ts"],"mappings":";;;;UAGiB,IAAA,SAAa,MAAM;EAClC,IAAA;EACA,KAAA;;EAEA,aAAA;EACA,UAAA;EACA,aAAA,EAAe,WAAA;AAAA;;KAIL,UAAA,GAAa,IAAI,CAAC,IAAA"}

package/dist/verification.d.mts

@@ -0,0 +1,44 @@
+import { Entity, Id, IsoDateTime, Metadata, ProjectScoped } from "./common.mjs";
+
+//#region src/verification.d.ts
+/** The lifecycle state of a verification session. */
+type VerificationStatus = 'pending' | 'started' | 'document_submitted' | 'liveness_submitted' | 'processing' | 'requires_review' | 'approved' | 'rejected' | 'expired' | 'cancelled';
+/** The outcome of the decision engine (or a manual review). */
+type VerificationDecision = 'approved' | 'requires_review' | 'rejected';
+/** Whether liveness is checked passively (a selfie) or actively (a challenge video). */
+type LivenessMode = 'passive' | 'active';
+/**
+ * A single active-liveness challenge the user is prompted to perform. The server
+ * issues a randomized sequence per session; the widget records the user doing
+ * them and submits the sequence it performed for the driver to validate.
+ */
+type LivenessChallenge = 'turn_left' | 'turn_right' | 'blink' | 'smile' | 'nod' | 'move_closer';
+/** Why a session reached its decision. */
+type DecisionReason = 'AUTO_APPROVED' | 'LOW_DOCUMENT_QUALITY' | 'OCR_LOW_CONFIDENCE' | 'DOCUMENT_EXPIRED' | 'LIVENESS_FAILED' | 'LIVENESS_LOW_CONFIDENCE' | 'FACE_MATCH_FAILED' | 'FACE_MATCH_LOW_CONFIDENCE' | 'MULTIPLE_FACES_DETECTED' | 'MANUAL_APPROVAL' | 'MANUAL_REJECTION' | 'RETRY_REQUESTED';
+/**
+ * A verification session: the full lifecycle of one verification flow, owned by
+ * a project (and organization). Created from an integrator's backend, driven by the
+ * widget, decided automatically and/or by a human reviewer.
+ */
+interface VerificationSession extends Entity, ProjectScoped {
+  /** Integrator's own reference for the end user being verified. */
+  user_reference: string | null;
+  /** Person's name extracted from the document (OCR), when available. */
+  name?: string | null;
+  status: VerificationStatus;
+  auto_decision: VerificationDecision | null;
+  final_decision: VerificationDecision | null;
+  decision_reason: DecisionReason | null;
+  /** Aggregate risk score in [0, 1]; higher means riskier. */
+  risk_score: number | null;
+  /** Hash of the short-lived client token issued to the widget. */
+  client_token_hash: string | null;
+  expires_at: IsoDateTime;
+  completed_at: IsoDateTime | null;
+  reviewed_at: IsoDateTime | null;
+  reviewed_by: Id | null;
+  metadata: Metadata;
+}
+//#endregion
+export { DecisionReason, LivenessChallenge, LivenessMode, VerificationDecision, VerificationSession, VerificationStatus };
+//# sourceMappingURL=verification.d.mts.map

package/dist/verification.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verification.d.mts","names":[],"sources":["../src/verification.ts"],"mappings":";;;;KAGY,kBAAA;AAAZ;AAAA,KAaY,oBAAA;;KAGA,YAAA;AAhBkB;AAa9B;;;;AAb8B,KAuBlB,iBAAA;AAPZ;AAAA,KAUY,cAAA;;;AAVY;AAOxB;;UAsBiB,mBAAA,SAA4B,MAAA,EAAQ,aAAA;EAtBxB;EAwB3B,cAAA;EArBU;EAuBV,IAAA;EACA,MAAA,EAAQ,kBAAA;EACR,aAAA,EAAe,oBAAA;EACf,cAAA,EAAgB,oBAAA;EAChB,eAAA,EAAiB,cAAA;EARkB;EAUnC,UAAA;EALQ;EAOR,iBAAA;EACA,UAAA,EAAY,WAAA;EACZ,YAAA,EAAc,WAAA;EACd,WAAA,EAAa,WAAA;EACb,WAAA,EAAa,EAAA;EACb,QAAA,EAAU,QAAA;AAAA"}

package/dist/webhook.d.mts

@@ -0,0 +1,63 @@
+import { Entity, Id, IsoDateTime, ProjectScoped } from "./common.mjs";
+import { DecisionReason, VerificationStatus } from "./verification.mjs";
+
+//#region src/webhook.d.ts
+/** The set of webhook event names Arkyc can deliver. */
+type WebhookEventName = 'verification.started' | 'verification.document_submitted' | 'verification.processing' | 'verification.requires_review' | 'verification.approved' | 'verification.rejected' | 'verification.completed' | 'verification.expired' | 'verification.cancelled';
+/** Per-check summary included in a webhook payload. */
+interface WebhookChecks {
+  document?: {
+    quality_score: number;
+    ocr_confidence: number;
+    expired: boolean; /** Which parser produced the OCR fields: the MRZ, a custom parser, or the generic scraper. */
+    ocr_parse_stage?: 'mrz' | 'custom' | 'generic';
+  };
+  liveness?: {
+    passed: boolean;
+    score: number;
+  };
+  face_match?: {
+    passed: boolean;
+    similarity_score: number;
+  };
+}
+/** The JSON body delivered to a webhook endpoint. */
+interface WebhookEvent {
+  event: WebhookEventName;
+  session_id: Id;
+  organization_id: Id;
+  project_id: Id;
+  user_reference: string | null;
+  status: VerificationStatus;
+  checks: WebhookChecks;
+  decision_reason: DecisionReason | null;
+  /** Signed, time-limited URLs for captured assets, served inline as images (when any exist). */
+  assets: Record<string, string> | null;
+  created_at: IsoDateTime;
+}
+/** Webhook endpoint lifecycle status. */
+type WebhookEndpointStatus = 'active' | 'disabled';
+/** A configured webhook endpoint for a project. */
+interface WebhookEndpoint extends Entity, ProjectScoped {
+  url: string;
+  /** Hash of the signing secret; the raw secret is shown once at creation. */
+  secret_hash: string;
+  events: WebhookEventName[];
+  status: WebhookEndpointStatus;
+}
+/** Delivery attempt state for a webhook. */
+type WebhookDeliveryStatus = 'pending' | 'delivered' | 'failed';
+/** A record of a webhook delivery (and its retries). */
+interface WebhookDelivery extends Entity, ProjectScoped {
+  webhook_endpoint_id: Id;
+  event: WebhookEventName;
+  payload: WebhookEvent;
+  status: WebhookDeliveryStatus;
+  response_status: number | null;
+  response_body: string | null;
+  attempts: number;
+  next_retry_at: IsoDateTime | null;
+}
+//#endregion
+export { WebhookChecks, WebhookDelivery, WebhookDeliveryStatus, WebhookEndpoint, WebhookEndpointStatus, WebhookEvent, WebhookEventName };
+//# sourceMappingURL=webhook.d.mts.map

package/dist/webhook.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhook.d.mts","names":[],"sources":["../src/webhook.ts"],"mappings":";;;;;KAIY,gBAAA;AAAZ;AAAA,UAYiB,aAAA;EACf,QAAA;IACE,aAAA;IACA,cAAA;IACA,OAAA,WAJ0B;IAM1B,eAAA;EAAA;EAEF,QAAA;IACE,MAAA;IACA,KAAA;EAAA;EAEF,UAAA;IACE,MAAA;IACA,gBAAA;EAAA;AAAA;;UAKa,YAAA;EACf,KAAA,EAAO,gBAAA;EACP,UAAA,EAAY,EAAA;EACZ,eAAA,EAAiB,EAAA;EACjB,UAAA,EAAY,EAAA;EACZ,cAAA;EACA,MAAA,EAAQ,kBAAA;EACR,MAAA,EAAQ,aAAA;EACR,eAAA,EAAiB,cAAA;EAJL;EAMZ,MAAA,EAAQ,MAAA;EACR,UAAA,EAAY,WAAA;AAAA;;KAIF,qBAAA;;UAGK,eAAA,SAAwB,MAAA,EAAQ,aAAA;EAC/C,GAAA;EAlBO;EAoBP,WAAA;EACA,MAAA,EAAQ,gBAAA;EACR,MAAA,EAAQ,qBAAA;AAAA;;KAIE,qBAAA;;UAGK,eAAA,SAAwB,MAAA,EAAQ,aAAA;EAC/C,mBAAA,EAAqB,EAAA;EACrB,KAAA,EAAO,gBAAA;EACP,OAAA,EAAS,YAAA;EACT,MAAA,EAAQ,qBAAA;EACR,eAAA;EACA,aAAA;EACA,QAAA;EACA,aAAA,EAAe,WAAA;AAAA"}

package/dist/widget.d.mts

@@ -0,0 +1,29 @@
+import { VerificationDecision, VerificationStatus } from "./verification.mjs";
+import { ProjectBranding } from "./project.mjs";
+
+//#region src/widget.d.ts
+/** How the widget mounts into the host page. */
+type WidgetMode = 'overlay' | 'inline' | 'hosted';
+/** The screens of the widget verification flow, in order. */
+type WidgetStep = 'welcome' | 'document_selection' | 'front_capture' | 'back_capture' | 'ocr_processing' | 'active_liveness' | 'selfie_capture' | 'passive_liveness' | 'face_match' | 'processing' | 'result';
+/** The result handed to the widget's `onComplete` callback. */
+interface WidgetResult {
+  status: VerificationStatus;
+  decision: VerificationDecision | null;
+}
+/** Options for launching/mounting the embeddable widget. */
+interface WidgetOptions {
+  /** Short-lived client token minted by the backend for this session. */
+  token: string;
+  mode?: WidgetMode;
+  /** Element (or selector) to mount into when `mode` is `inline`. */
+  container?: string | HTMLElement;
+  branding?: ProjectBranding;
+  baseUrl?: string;
+  onComplete?: (result: WidgetResult) => void;
+  onError?: (error: Error) => void;
+  onClose?: () => void;
+}
+//#endregion
+export { WidgetMode, WidgetOptions, WidgetResult, WidgetStep };
+//# sourceMappingURL=widget.d.mts.map

package/dist/widget.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"widget.d.mts","names":[],"sources":["../src/widget.ts"],"mappings":";;;;;KAIY,UAAA;AAAZ;AAAA,KAGY,UAAA;;UAcK,YAAA;EACf,MAAA,EAAQ,kBAAA;EACR,QAAA,EAAU,oBAAoB;AAAA;;UAIf,aAAA;EApBK;EAsBpB,KAAA;EACA,IAAA,GAAO,UAAA;;EAEP,SAAA,YAAqB,WAAA;EACrB,QAAA,GAAW,eAAA;EACX,OAAA;EACA,UAAA,IAAc,MAAA,EAAQ,YAAA;EACtB,OAAA,IAAW,KAAA,EAAO,KAAA;EAClB,OAAA;AAAA"}

package/dist/workflow.d.mts

@@ -0,0 +1,59 @@
+import { Id, IsoDateTime } from "./common.mjs";
+
+//#region src/workflow.d.ts
+/**
+ * Workflows (Phase 19).
+ *
+ * An organization-scoped, reusable recipe that determines the order of the
+ * coarse verification stages, lets each be turned off, and can skip OCR parsing
+ * (capture-only). Workflows are optional: a session created without one runs the
+ * default pipeline (document → liveness → face match, OCR on). A workflow's
+ * config is snapshotted onto each session at creation, so editing it never
+ * disturbs sessions already in flight.
+ */
+/** A coarse verification stage a workflow can order and toggle. */
+type WorkflowStepKey = 'document' | 'liveness' | 'face_match';
+/** The canonical stage order used as the default and to normalise stored steps. */
+declare const WORKFLOW_STEP_KEYS: readonly WorkflowStepKey[];
+/** One stage within a workflow, in pipeline order, on or off. */
+interface WorkflowStep {
+  key: WorkflowStepKey;
+  enabled: boolean;
+}
+/** Workflow-wide toggles. */
+interface WorkflowOptions {
+  /**
+   * Skip OCR parsing — capture the document image but don't extract fields.
+   * Useful when Arkyc is only used for data capture and the assets are handed
+   * to a third party. Disables the document portrait too, so face match can't run.
+   */
+  skip_ocr: boolean;
+}
+/** The portable config of a workflow: ordered stages + options. */
+interface WorkflowConfig {
+  steps: WorkflowStep[];
+  options: WorkflowOptions;
+}
+/** A saved, organization-scoped workflow. */
+interface Workflow extends WorkflowConfig {
+  id: Id;
+  organization_id: Id;
+  name: string;
+  created_at: IsoDateTime;
+  updated_at: IsoDateTime;
+}
+/** The default pipeline applied when a session has no workflow. */
+declare const DEFAULT_WORKFLOW_CONFIG: WorkflowConfig;
+/**
+ * Whether a stage runs under a config. A `null` config means "no workflow" — the
+ * default pipeline, where every stage runs. Within a real config, a stage that is
+ * absent or `enabled: false` does not run.
+ */
+declare function workflowEnables(config: WorkflowConfig | null | undefined, key: WorkflowStepKey): boolean;
+/** Whether OCR parsing should run: the document stage is on and `skip_ocr` is off. */
+declare function workflowRunsOcr(config: WorkflowConfig | null | undefined): boolean;
+/** The enabled stages in pipeline order (used by the widget to sequence its steps). */
+declare function workflowEnabledSteps(config: WorkflowConfig | null | undefined): WorkflowStepKey[];
+//#endregion
+export { DEFAULT_WORKFLOW_CONFIG, WORKFLOW_STEP_KEYS, Workflow, WorkflowConfig, WorkflowOptions, WorkflowStep, WorkflowStepKey, workflowEnabledSteps, workflowEnables, workflowRunsOcr };
+//# sourceMappingURL=workflow.d.mts.map

package/dist/workflow.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"workflow.d.mts","names":[],"sources":["../src/workflow.ts"],"mappings":";;;;;AAcA;;;;AAA2B;AAG3B;;;;KAHY,eAAA;AAMZ;AAAA,cAHa,kBAAA,WAA6B,eAAe;;UAGxC,YAAA;EACf,GAAA,EAAK,eAAe;EACpB,OAAA;AAAA;;UAIe,eAAA;EAAA;;;;AAMP;EAAR,QAAQ;AAAA;;UAIO,cAAA;EACf,KAAA,EAAO,YAAA;EACP,OAAA,EAAS,eAAe;AAAA;;UAIT,QAAA,SAAiB,cAAA;EAChC,EAAA,EAAI,EAAA;EACJ,eAAA,EAAiB,EAAA;EACjB,IAAA;EACA,UAAA,EAAY,WAAA;EACZ,UAAA,EAAY,WAAA;AAAA;;cAID,uBAAA,EAAyB,cAOrC;;;;;;iBAOe,eAAA,CAAgB,MAAA,EAAQ,cAAA,qBAAmC,GAAA,EAAK,eAAe;;iBAO/E,eAAA,CAAgB,MAAyC,EAAjC,cAAc;;iBAOtC,oBAAA,CAAqB,MAAA,EAAQ,cAAA,sBAAoC,eAAe"}

package/dist/workflow.mjs

@@ -0,0 +1,48 @@
+//#region src/workflow.ts
+/** The canonical stage order used as the default and to normalise stored steps. */
+const WORKFLOW_STEP_KEYS = [
+	"document",
+	"liveness",
+	"face_match"
+];
+/** The default pipeline applied when a session has no workflow. */
+const DEFAULT_WORKFLOW_CONFIG = {
+	steps: [
+		{
+			key: "document",
+			enabled: true
+		},
+		{
+			key: "liveness",
+			enabled: true
+		},
+		{
+			key: "face_match",
+			enabled: true
+		}
+	],
+	options: { skip_ocr: false }
+};
+/**
+* Whether a stage runs under a config. A `null` config means "no workflow" — the
+* default pipeline, where every stage runs. Within a real config, a stage that is
+* absent or `enabled: false` does not run.
+*/
+function workflowEnables(config, key) {
+	if (!config) return true;
+	return config.steps.some((step) => step.key === key && step.enabled);
+}
+/** Whether OCR parsing should run: the document stage is on and `skip_ocr` is off. */
+function workflowRunsOcr(config) {
+	if (!config) return true;
+	return workflowEnables(config, "document") && !config.options.skip_ocr;
+}
+/** The enabled stages in pipeline order (used by the widget to sequence its steps). */
+function workflowEnabledSteps(config) {
+	if (!config) return [...WORKFLOW_STEP_KEYS];
+	return config.steps.filter((step) => step.enabled).map((step) => step.key);
+}
+//#endregion
+export { DEFAULT_WORKFLOW_CONFIG, WORKFLOW_STEP_KEYS, workflowEnabledSteps, workflowEnables, workflowRunsOcr };
+
+//# sourceMappingURL=workflow.mjs.map

package/dist/workflow.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"workflow.mjs","names":[],"sources":["../src/workflow.ts"],"sourcesContent":["import type { Id, IsoDateTime } from './common'\n\n/**\n * Workflows (Phase 19).\n *\n * An organization-scoped, reusable recipe that determines the order of the\n * coarse verification stages, lets each be turned off, and can skip OCR parsing\n * (capture-only). Workflows are optional: a session created without one runs the\n * default pipeline (document → liveness → face match, OCR on). A workflow's\n * config is snapshotted onto each session at creation, so editing it never\n * disturbs sessions already in flight.\n */\n\n/** A coarse verification stage a workflow can order and toggle. */\nexport type WorkflowStepKey = 'document' | 'liveness' | 'face_match'\n\n/** The canonical stage order used as the default and to normalise stored steps. */\nexport const WORKFLOW_STEP_KEYS: readonly WorkflowStepKey[] = ['document', 'liveness', 'face_match']\n\n/** One stage within a workflow, in pipeline order, on or off. */\nexport interface WorkflowStep {\n  key: WorkflowStepKey\n  enabled: boolean\n}\n\n/** Workflow-wide toggles. */\nexport interface WorkflowOptions {\n  /**\n   * Skip OCR parsing — capture the document image but don't extract fields.\n   * Useful when Arkyc is only used for data capture and the assets are handed\n   * to a third party. Disables the document portrait too, so face match can't run.\n   */\n  skip_ocr: boolean\n}\n\n/** The portable config of a workflow: ordered stages + options. */\nexport interface WorkflowConfig {\n  steps: WorkflowStep[]\n  options: WorkflowOptions\n}\n\n/** A saved, organization-scoped workflow. */\nexport interface Workflow extends WorkflowConfig {\n  id: Id\n  organization_id: Id\n  name: string\n  created_at: IsoDateTime\n  updated_at: IsoDateTime\n}\n\n/** The default pipeline applied when a session has no workflow. */\nexport const DEFAULT_WORKFLOW_CONFIG: WorkflowConfig = {\n  steps: [\n    { key: 'document', enabled: true },\n    { key: 'liveness', enabled: true },\n    { key: 'face_match', enabled: true },\n  ],\n  options: { skip_ocr: false },\n}\n\n/**\n * Whether a stage runs under a config. A `null` config means \"no workflow\" — the\n * default pipeline, where every stage runs. Within a real config, a stage that is\n * absent or `enabled: false` does not run.\n */\nexport function workflowEnables(config: WorkflowConfig | null | undefined, key: WorkflowStepKey): boolean {\n  if (!config) return true\n\n  return config.steps.some((step) => step.key === key && step.enabled)\n}\n\n/** Whether OCR parsing should run: the document stage is on and `skip_ocr` is off. */\nexport function workflowRunsOcr(config: WorkflowConfig | null | undefined): boolean {\n  if (!config) return true\n\n  return workflowEnables(config, 'document') && !config.options.skip_ocr\n}\n\n/** The enabled stages in pipeline order (used by the widget to sequence its steps). */\nexport function workflowEnabledSteps(config: WorkflowConfig | null | undefined): WorkflowStepKey[] {\n  if (!config) return [...WORKFLOW_STEP_KEYS]\n\n  return config.steps.filter((step) => step.enabled).map((step) => step.key)\n}\n"],"mappings":";;AAiBA,MAAa,qBAAiD;CAAC;CAAY;CAAY;AAAY;;AAkCnG,MAAa,0BAA0C;CACrD,OAAO;EACL;GAAE,KAAK;GAAY,SAAS;EAAK;EACjC;GAAE,KAAK;GAAY,SAAS;EAAK;EACjC;GAAE,KAAK;GAAc,SAAS;EAAK;CACrC;CACA,SAAS,EAAE,UAAU,MAAM;AAC7B;;;;;;AAOA,SAAgB,gBAAgB,QAA2C,KAA+B;CACxG,IAAI,CAAC,QAAQ,OAAO;CAEpB,OAAO,OAAO,MAAM,MAAM,SAAS,KAAK,QAAQ,OAAO,KAAK,OAAO;AACrE;;AAGA,SAAgB,gBAAgB,QAAoD;CAClF,IAAI,CAAC,QAAQ,OAAO;CAEpB,OAAO,gBAAgB,QAAQ,UAAU,KAAK,CAAC,OAAO,QAAQ;AAChE;;AAGA,SAAgB,qBAAqB,QAA8D;CACjG,IAAI,CAAC,QAAQ,OAAO,CAAC,GAAG,kBAAkB;CAE1C,OAAO,OAAO,MAAM,QAAQ,SAAS,KAAK,OAAO,CAAC,CAAC,KAAK,SAAS,KAAK,GAAG;AAC3E"}

package/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "@arkyc/types",
+  "version": "1.0.0",
+  "description": "Shared domain types and contracts for Arkyc",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.mjs",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.mts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.mts",
+      "import": "./dist/index.mjs"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "lint": "eslint src",
+    "clean": "rm -rf dist"
+  }
+}