npm - @bravely-studios/account-web - Versions diffs - 0.3.4 - Mend

@bravely-studios/account-web 0.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/LICENSE +10 -0
package/README.md +262 -0
package/dist/ActivationStateMachine.d.ts +50 -0
package/dist/ActivationStateMachine.d.ts.map +1 -0
package/dist/ActivationStateMachine.js +141 -0
package/dist/ActivationStateMachine.js.map +1 -0
package/dist/BravelyAccountManager.d.ts +156 -0
package/dist/BravelyAccountManager.d.ts.map +1 -0
package/dist/BravelyAccountManager.js +621 -0
package/dist/BravelyAccountManager.js.map +1 -0
package/dist/EntitlementCache.d.ts +50 -0
package/dist/EntitlementCache.d.ts.map +1 -0
package/dist/EntitlementCache.js +116 -0
package/dist/EntitlementCache.js.map +1 -0
package/dist/components/ActivationLadder.d.ts +78 -0
package/dist/components/ActivationLadder.d.ts.map +1 -0
package/dist/components/ActivationLadder.js +145 -0
package/dist/components/ActivationLadder.js.map +1 -0
package/dist/components/CrossAppCard.d.ts +48 -0
package/dist/components/CrossAppCard.d.ts.map +1 -0
package/dist/components/CrossAppCard.js +45 -0
package/dist/components/CrossAppCard.js.map +1 -0
package/dist/deprecation.d.ts +19 -0
package/dist/deprecation.d.ts.map +1 -0
package/dist/deprecation.js +83 -0
package/dist/deprecation.js.map +1 -0
package/dist/displayName.d.ts +15 -0
package/dist/displayName.d.ts.map +1 -0
package/dist/displayName.js +41 -0
package/dist/displayName.js.map +1 -0
package/dist/dpop.d.ts +30 -0
package/dist/dpop.d.ts.map +1 -0
package/dist/dpop.js +87 -0
package/dist/dpop.js.map +1 -0
package/dist/hooks/useActivationLaneFromUrl.d.ts +54 -0
package/dist/hooks/useActivationLaneFromUrl.d.ts.map +1 -0
package/dist/hooks/useActivationLaneFromUrl.js +105 -0
package/dist/hooks/useActivationLaneFromUrl.js.map +1 -0
package/dist/hooks/useFreshLaunchRestoration.d.ts +62 -0
package/dist/hooks/useFreshLaunchRestoration.d.ts.map +1 -0
package/dist/hooks/useFreshLaunchRestoration.js +135 -0
package/dist/hooks/useFreshLaunchRestoration.js.map +1 -0
package/dist/index.d.ts +16 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +15 -0
package/dist/index.js.map +1 -0
package/dist/oauth.d.ts +50 -0
package/dist/oauth.d.ts.map +1 -0
package/dist/oauth.js +107 -0
package/dist/oauth.js.map +1 -0
package/dist/storage.d.ts +48 -0
package/dist/storage.d.ts.map +1 -0
package/dist/storage.js +153 -0
package/dist/storage.js.map +1 -0
package/dist/types.d.ts +172 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +7 -0
package/dist/types.js.map +1 -0
package/package.json +61 -0

package/dist/oauth.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/** Base64url-encode a Uint8Array (RFC 4648 §5). No padding. */
+export declare function base64urlEncode(bytes: Uint8Array): string;
+/** Base64url-decode to a Uint8Array. */
+export declare function base64urlDecode(s: string): Uint8Array;
+/**
+ * Generate a cryptographically random `code_verifier`. RFC 7636 §4.1 requires
+ * 43-128 chars of `[A-Z][a-z][0-9]-._~`. We produce 43 chars from 32 random
+ * bytes via base64url, which is comfortably inside the range.
+ */
+export declare function generateCodeVerifier(): string;
+/**
+ * SHA-256 hash a `code_verifier` and base64url-encode the digest.
+ * That digest IS the `code_challenge` (RFC 7636 §4.2 — S256 method).
+ */
+export declare function generateCodeChallenge(verifier: string): Promise<string>;
+/** Cryptographically random opaque `state` parameter (CSRF defense). */
+export declare function generateState(): string;
+/** Build the `/oauth/authorize` URL with PKCE + state. */
+export declare function buildAuthorizeUrl(args: {
+    authority: string;
+    clientId: string;
+    redirectUri: string;
+    codeChallenge: string;
+    state: string;
+    scope: string;
+    loginHint?: string;
+    prompt?: "login" | "none" | "consent" | "select_account";
+}): string;
+/** Parse `?code=...&state=...` from a callback URL. */
+export declare function parseCallback(url: string): {
+    code: string;
+    state: string;
+} | null;
+/**
+ * Run the full PKCE-prep dance and return everything the caller needs to
+ * (a) redirect to `/oauth/authorize` and (b) finish the exchange when the
+ * browser comes back.
+ */
+export declare function preparePkce(args: {
+    authority: string;
+    clientId: string;
+    redirectUri: string;
+    scope: string;
+    loginHint?: string;
+}): Promise<{
+    verifier: string;
+    state: string;
+    authorizeUrl: string;
+}>;
+//# sourceMappingURL=oauth.d.ts.map

package/dist/oauth.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAUA,+DAA+D;AAC/D,wBAAgB,eAAe,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAMzD;AAED,wCAAwC;AACxC,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,GAAG,UAAU,CAMrD;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAQ7C;AAED;;;GAGG;AACH,wBAAsB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAI7E;AAED,wEAAwE;AACxE,wBAAgB,aAAa,IAAI,MAAM,CAItC;AAED,0DAA0D;AAC1D,wBAAgB,iBAAiB,CAAC,IAAI,EAAE;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,gBAAgB,CAAC;CAC1D,GAAG,MAAM,CAYT;AAED,uDAAuD;AACvD,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAUjF;AAED;;;;GAIG;AACH,wBAAsB,WAAW,CAAC,IAAI,EAAE;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,CAcrE"}

package/dist/oauth.js ADDED Viewed

@@ -0,0 +1,107 @@
+// OAuth 2.1 + PKCE helpers (RFC 7636).
+//
+// PKCE flow:
+//   1. Generate a 64-byte random `code_verifier` (43-128 chars URL-safe).
+//   2. SHA-256 the verifier → base64url-encode → that is the `code_challenge`.
+//   3. Send the challenge with the authorize request.
+//   4. Send the verifier with the token request.
+//
+// Server enforces `code_challenge_method=S256` only (no `plain`).
+/** Base64url-encode a Uint8Array (RFC 4648 §5). No padding. */
+export function base64urlEncode(bytes) {
+    let binary = "";
+    for (let i = 0; i < bytes.length; i++)
+        binary += String.fromCharCode(bytes[i]);
+    // btoa lives in browsers + happy-dom + modern Node.
+    const b64 = btoa(binary);
+    return b64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
+}
+/** Base64url-decode to a Uint8Array. */
+export function base64urlDecode(s) {
+    const padded = s.replace(/-/g, "+").replace(/_/g, "/") + "=".repeat((4 - (s.length % 4)) % 4);
+    const binary = atob(padded);
+    const out = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++)
+        out[i] = binary.charCodeAt(i);
+    return out;
+}
+/**
+ * Generate a cryptographically random `code_verifier`. RFC 7636 §4.1 requires
+ * 43-128 chars of `[A-Z][a-z][0-9]-._~`. We produce 43 chars from 32 random
+ * bytes via base64url, which is comfortably inside the range.
+ */
+export function generateCodeVerifier() {
+    const bytes = new Uint8Array(32);
+    crypto.getRandomValues(bytes);
+    const verifier = base64urlEncode(bytes);
+    if (verifier.length < 43 || verifier.length > 128) {
+        throw new Error(`code_verifier length out of range: ${verifier.length}`);
+    }
+    return verifier;
+}
+/**
+ * SHA-256 hash a `code_verifier` and base64url-encode the digest.
+ * That digest IS the `code_challenge` (RFC 7636 §4.2 — S256 method).
+ */
+export async function generateCodeChallenge(verifier) {
+    const encoded = new TextEncoder().encode(verifier);
+    const digest = await crypto.subtle.digest("SHA-256", encoded);
+    return base64urlEncode(new Uint8Array(digest));
+}
+/** Cryptographically random opaque `state` parameter (CSRF defense). */
+export function generateState() {
+    const bytes = new Uint8Array(16);
+    crypto.getRandomValues(bytes);
+    return base64urlEncode(bytes);
+}
+/** Build the `/oauth/authorize` URL with PKCE + state. */
+export function buildAuthorizeUrl(args) {
+    const u = new URL("/oauth/authorize", args.authority);
+    u.searchParams.set("response_type", "code");
+    u.searchParams.set("client_id", args.clientId);
+    u.searchParams.set("redirect_uri", args.redirectUri);
+    u.searchParams.set("code_challenge", args.codeChallenge);
+    u.searchParams.set("code_challenge_method", "S256");
+    u.searchParams.set("state", args.state);
+    u.searchParams.set("scope", args.scope);
+    if (args.loginHint)
+        u.searchParams.set("login_hint", args.loginHint);
+    if (args.prompt)
+        u.searchParams.set("prompt", args.prompt);
+    return u.toString();
+}
+/** Parse `?code=...&state=...` from a callback URL. */
+export function parseCallback(url) {
+    try {
+        const u = new URL(url);
+        const code = u.searchParams.get("code");
+        const state = u.searchParams.get("state");
+        if (!code || !state)
+            return null;
+        return { code, state };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Run the full PKCE-prep dance and return everything the caller needs to
+ * (a) redirect to `/oauth/authorize` and (b) finish the exchange when the
+ * browser comes back.
+ */
+export async function preparePkce(args) {
+    const verifier = generateCodeVerifier();
+    const challenge = await generateCodeChallenge(verifier);
+    const state = generateState();
+    const authorizeUrl = buildAuthorizeUrl({
+        authority: args.authority,
+        clientId: args.clientId,
+        redirectUri: args.redirectUri,
+        codeChallenge: challenge,
+        state,
+        scope: args.scope,
+        loginHint: args.loginHint,
+    });
+    return { verifier, state, authorizeUrl };
+}
+//# sourceMappingURL=oauth.js.map

package/dist/oauth.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth.js","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,EAAE;AACF,aAAa;AACb,0EAA0E;AAC1E,+EAA+E;AAC/E,sDAAsD;AACtD,iDAAiD;AACjD,EAAE;AACF,kEAAkE;AAElE,+DAA+D;AAC/D,MAAM,UAAU,eAAe,CAAC,KAAiB;IAC/C,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,oDAAoD;IACpD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,wCAAwC;AACxC,MAAM,UAAU,eAAe,CAAC,CAAS;IACvC,MAAM,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9F,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACtE,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,QAAQ,CAAC,MAAM,GAAG,EAAE,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,QAAgB;IAC1D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC9D,OAAO,eAAe,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,aAAa;IAC3B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,iBAAiB,CAAC,IASjC;IACC,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACtD,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC5C,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/C,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IACrD,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;IACzD,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;IACxC,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,SAAS;QAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACrE,IAAI,IAAI,CAAC,MAAM;QAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3D,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED,uDAAuD;AACvD,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,MAAM,IAAI,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACjC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAMjC;IACC,MAAM,QAAQ,GAAG,oBAAoB,EAAE,CAAC;IACxC,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,YAAY,GAAG,iBAAiB,CAAC;QACrC,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,aAAa,EAAE,SAAS;QACxB,KAAK;QACL,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,SAAS,EAAE,IAAI,CAAC,SAAS;KAC1B,CAAC,CAAC;IACH,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC;AAC3C,CAAC"}

package/dist/storage.d.ts ADDED Viewed

@@ -0,0 +1,48 @@
+export interface Storage {
+    /** Write a string value. */
+    set(key: string, value: string): Promise<void>;
+    /** Read a string value. Returns null if not set. */
+    get(key: string): Promise<string | null>;
+    /** Remove a key. */
+    remove(key: string): Promise<void>;
+    /** Clear every key namespaced under `bravely:*`. */
+    clear(): Promise<void>;
+}
+/** A no-op storage for SSR or first-render where DOM globals are missing. */
+declare function memoryStorage(): Storage;
+/**
+ * sessionStorage-backed adapter. Page-lifetime — best for BAS + PKCE verifier
+ * which are not meant to survive a tab close. The refresh_token gets stored
+ * separately via IndexedDB.
+ */
+declare function sessionStorageBacked(): Storage;
+/**
+ * IndexedDB-backed adapter for longer-lived state (refresh_token,
+ * entitlement cache). Wraps the verbose IDB API behind the same simple
+ * surface. No external dependency — small enough to inline.
+ */
+declare function indexedDbBacked(dbName?: string, storeName?: string): Storage;
+/**
+ * Composite storage: small/session keys land in sessionStorage; persistent
+ * keys (refresh_token, entitlement cache) land in IndexedDB. Falls back to
+ * an in-memory map if either subsystem is unavailable (SSR, tests).
+ */
+declare class CompositeStorage implements Storage {
+    private readonly session;
+    private readonly persistent;
+    /** Keys routed to persistent storage. Everything else lives in session. */
+    static readonly persistentKeys: Set<string>;
+    constructor(session: Storage, persistent: Storage);
+    private route;
+    set(k: string, v: string): Promise<void>;
+    get(k: string): Promise<string | null>;
+    remove(k: string): Promise<void>;
+    clear(): Promise<void>;
+}
+/**
+ * Returns the right storage adapter for the current environment. Host pages
+ * can override by passing `storage` into the manager config.
+ */
+export declare function defaultStorage(): Storage;
+export { CompositeStorage, memoryStorage, sessionStorageBacked, indexedDbBacked };
+//# sourceMappingURL=storage.d.ts.map

package/dist/storage.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../src/storage.ts"],"names":[],"mappings":"AAeA,MAAM,WAAW,OAAO;IACtB,4BAA4B;IAC5B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,oDAAoD;IACpD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,oBAAoB;IACpB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnC,oDAAoD;IACpD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB;AAID,6EAA6E;AAC7E,iBAAS,aAAa,IAAI,OAAO,CAgBhC;AAED;;;;GAIG;AACH,iBAAS,oBAAoB,IAAI,OAAO,CAoBvC;AAED;;;;GAIG;AACH,iBAAS,eAAe,CAAC,MAAM,SAAoB,EAAE,SAAS,SAAO,GAAG,OAAO,CAsC9E;AAED;;;;GAIG;AACH,cAAM,gBAAiB,YAAW,OAAO;IACvC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAU;IACrC,2EAA2E;IAC3E,MAAM,CAAC,QAAQ,CAAC,cAAc,cAI3B;gBAES,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO;IAKjD,OAAO,CAAC,KAAK;IAIP,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAGxC,GAAG,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAGtC,MAAM,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAGhC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7B;AAED;;;GAGG;AACH,wBAAgB,cAAc,IAAI,OAAO,CAOxC;AAED,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,oBAAoB,EAAE,eAAe,EAAE,CAAC"}

package/dist/storage.js ADDED Viewed

@@ -0,0 +1,153 @@
+// Storage abstraction. Lets the manager keep BAS, refresh_token, PKCE
+// verifier, and the entitlement cache without baking in any one backing
+// store.
+//
+// Priority order (Gate 1):
+//   1. ServiceWorker-controlled store via postMessage → not implemented yet;
+//      host pages will replace `defaultStorage()` with their own SW adapter.
+//   2. sessionStorage for short-lived data (BAS, PKCE verifier) — wipes on
+//      tab close (good).
+//   3. IndexedDB for the refresh_token + entitlement cache — survives reload
+//      but no cross-origin leak.
+//
+// For Gate 2 the refresh_token will be DPoP-bound and the IndexedDB row will
+// carry the JKT thumbprint of the non-extractable key it is bound to.
+const NAMESPACE = "bravely:";
+/** A no-op storage for SSR or first-render where DOM globals are missing. */
+function memoryStorage() {
+    const m = new Map();
+    return {
+        async set(k, v) {
+            m.set(k, v);
+        },
+        async get(k) {
+            return m.get(k) ?? null;
+        },
+        async remove(k) {
+            m.delete(k);
+        },
+        async clear() {
+            m.clear();
+        },
+    };
+}
+/**
+ * sessionStorage-backed adapter. Page-lifetime — best for BAS + PKCE verifier
+ * which are not meant to survive a tab close. The refresh_token gets stored
+ * separately via IndexedDB.
+ */
+function sessionStorageBacked() {
+    return {
+        async set(k, v) {
+            sessionStorage.setItem(NAMESPACE + k, v);
+        },
+        async get(k) {
+            return sessionStorage.getItem(NAMESPACE + k);
+        },
+        async remove(k) {
+            sessionStorage.removeItem(NAMESPACE + k);
+        },
+        async clear() {
+            const keys = [];
+            for (let i = 0; i < sessionStorage.length; i++) {
+                const key = sessionStorage.key(i);
+                if (key && key.startsWith(NAMESPACE))
+                    keys.push(key);
+            }
+            for (const key of keys)
+                sessionStorage.removeItem(key);
+        },
+    };
+}
+/**
+ * IndexedDB-backed adapter for longer-lived state (refresh_token,
+ * entitlement cache). Wraps the verbose IDB API behind the same simple
+ * surface. No external dependency — small enough to inline.
+ */
+function indexedDbBacked(dbName = "bravely-account", storeName = "kv") {
+    const openDb = () => new Promise((resolve, reject) => {
+        const req = indexedDB.open(dbName, 1);
+        req.onupgradeneeded = () => {
+            const db = req.result;
+            if (!db.objectStoreNames.contains(storeName))
+                db.createObjectStore(storeName);
+        };
+        req.onsuccess = () => resolve(req.result);
+        req.onerror = () => reject(req.error);
+    });
+    const tx = async (mode, fn) => {
+        const db = await openDb();
+        return new Promise((resolve, reject) => {
+            const t = db.transaction(storeName, mode);
+            const store = t.objectStore(storeName);
+            const req = fn(store);
+            t.oncomplete = () => resolve(req ? req.result : undefined);
+            t.onerror = () => reject(t.error);
+        });
+    };
+    return {
+        async set(k, v) {
+            await tx("readwrite", (s) => s.put(v, NAMESPACE + k));
+        },
+        async get(k) {
+            const value = (await tx("readonly", (s) => s.get(NAMESPACE + k))) ?? null;
+            return typeof value === "string" ? value : null;
+        },
+        async remove(k) {
+            await tx("readwrite", (s) => s.delete(NAMESPACE + k));
+        },
+        async clear() {
+            await tx("readwrite", (s) => s.clear());
+        },
+    };
+}
+/**
+ * Composite storage: small/session keys land in sessionStorage; persistent
+ * keys (refresh_token, entitlement cache) land in IndexedDB. Falls back to
+ * an in-memory map if either subsystem is unavailable (SSR, tests).
+ */
+class CompositeStorage {
+    session;
+    persistent;
+    /** Keys routed to persistent storage. Everything else lives in session. */
+    static persistentKeys = new Set([
+        "refresh_token",
+        "entitlement_cache",
+        "dpop_jkt_thumbprint",
+    ]);
+    constructor(session, persistent) {
+        this.session = session;
+        this.persistent = persistent;
+    }
+    route(k) {
+        return CompositeStorage.persistentKeys.has(k) ? this.persistent : this.session;
+    }
+    async set(k, v) {
+        await this.route(k).set(k, v);
+    }
+    async get(k) {
+        return this.route(k).get(k);
+    }
+    async remove(k) {
+        await this.route(k).remove(k);
+    }
+    async clear() {
+        await Promise.all([this.session.clear(), this.persistent.clear()]);
+    }
+}
+/**
+ * Returns the right storage adapter for the current environment. Host pages
+ * can override by passing `storage` into the manager config.
+ */
+export function defaultStorage() {
+    // happy-dom / browser path
+    const hasSession = typeof globalThis !== "undefined" && typeof globalThis.sessionStorage !== "undefined";
+    const hasIdb = typeof globalThis !== "undefined" && typeof globalThis.indexedDB !== "undefined";
+    if (hasSession && hasIdb)
+        return new CompositeStorage(sessionStorageBacked(), indexedDbBacked());
+    if (hasSession)
+        return new CompositeStorage(sessionStorageBacked(), memoryStorage());
+    return memoryStorage();
+}
+export { CompositeStorage, memoryStorage, sessionStorageBacked, indexedDbBacked };
+//# sourceMappingURL=storage.js.map

package/dist/storage.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"storage.js","sourceRoot":"","sources":["../src/storage.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,wEAAwE;AACxE,SAAS;AACT,EAAE;AACF,2BAA2B;AAC3B,6EAA6E;AAC7E,6EAA6E;AAC7E,2EAA2E;AAC3E,yBAAyB;AACzB,6EAA6E;AAC7E,iCAAiC;AACjC,EAAE;AACF,6EAA6E;AAC7E,sEAAsE;AAatE,MAAM,SAAS,GAAG,UAAU,CAAC;AAE7B,6EAA6E;AAC7E,SAAS,aAAa;IACpB,MAAM,CAAC,GAAG,IAAI,GAAG,EAAkB,CAAC;IACpC,OAAO;QACL,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACZ,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACd,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,CAAC;YACT,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAC1B,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,CAAC;YACZ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACd,CAAC;QACD,KAAK,CAAC,KAAK;YACT,CAAC,CAAC,KAAK,EAAE,CAAC;QACZ,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB;IAC3B,OAAO;QACL,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACZ,cAAc,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3C,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,CAAC;YACT,OAAO,cAAc,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;QAC/C,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,CAAC;YACZ,cAAc,CAAC,UAAU,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;QAC3C,CAAC;QACD,KAAK,CAAC,KAAK;YACT,MAAM,IAAI,GAAa,EAAE,CAAC;YAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC/C,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAClC,IAAI,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC;oBAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACvD,CAAC;YACD,KAAK,MAAM,GAAG,IAAI,IAAI;gBAAE,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzD,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,eAAe,CAAC,MAAM,GAAG,iBAAiB,EAAE,SAAS,GAAG,IAAI;IACnE,MAAM,MAAM,GAAG,GAAyB,EAAE,CACxC,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC9B,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACtC,GAAG,CAAC,eAAe,GAAG,GAAG,EAAE;YACzB,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;YACtB,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAChF,CAAC,CAAC;QACF,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC1C,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEL,MAAM,EAAE,GAAG,KAAK,EAAK,IAAwB,EAAE,EAAmD,EAAqB,EAAE;QACvH,MAAM,EAAE,GAAG,MAAM,MAAM,EAAE,CAAC;QAC1B,OAAO,IAAI,OAAO,CAAW,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC/C,MAAM,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAC1C,MAAM,KAAK,GAAG,CAAC,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACvC,MAAM,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;YACtB,CAAC,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YAC3D,CAAC,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;IAEF,OAAO;QACL,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACZ,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,CAAC;YACT,MAAM,KAAK,GAAG,CAAC,MAAM,EAAE,CAAS,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;YAClF,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAClD,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,CAAC;YACZ,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,KAAK,CAAC,KAAK;YACT,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QAC1C,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,gBAAgB;IACH,OAAO,CAAU;IACjB,UAAU,CAAU;IACrC,2EAA2E;IAC3E,MAAM,CAAU,cAAc,GAAG,IAAI,GAAG,CAAC;QACvC,eAAe;QACf,mBAAmB;QACnB,qBAAqB;KACtB,CAAC,CAAC;IAEH,YAAY,OAAgB,EAAE,UAAmB;QAC/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAEO,KAAK,CAAC,CAAS;QACrB,OAAO,gBAAgB,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;IACjF,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,CAAS,EAAE,CAAS;QAC5B,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAChC,CAAC;IACD,KAAK,CAAC,GAAG,CAAC,CAAS;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,KAAK,CAAC,MAAM,CAAC,CAAS;QACpB,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAChC,CAAC;IACD,KAAK,CAAC,KAAK;QACT,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACrE,CAAC;;AAGH;;;GAGG;AACH,MAAM,UAAU,cAAc;IAC5B,2BAA2B;IAC3B,MAAM,UAAU,GAAG,OAAO,UAAU,KAAK,WAAW,IAAI,OAAO,UAAU,CAAC,cAAc,KAAK,WAAW,CAAC;IACzG,MAAM,MAAM,GAAG,OAAO,UAAU,KAAK,WAAW,IAAI,OAAO,UAAU,CAAC,SAAS,KAAK,WAAW,CAAC;IAChG,IAAI,UAAU,IAAI,MAAM;QAAE,OAAO,IAAI,gBAAgB,CAAC,oBAAoB,EAAE,EAAE,eAAe,EAAE,CAAC,CAAC;IACjG,IAAI,UAAU;QAAE,OAAO,IAAI,gBAAgB,CAAC,oBAAoB,EAAE,EAAE,aAAa,EAAE,CAAC,CAAC;IACrF,OAAO,aAAa,EAAE,CAAC;AACzB,CAAC;AAED,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,oBAAoB,EAAE,eAAe,EAAE,CAAC"}

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,172 @@
+/** The 9 utility app identifiers. Hard-coded from the AppSlug enum in the spec. */
+export type AppSlug = "diskaroo" | "markdly" | "printscreenly" | "prodjectly" | "saycopypaste" | "scry" | "stickily" | "terminaltags" | "todoingly";
+/** Per-app entitlement record. Matches `Entitlement` schema. */
+export interface Entitlement {
+    /** Public-safe identifier (e.g. `diskaroo_pro`, `bravely_premium`). Never the internal `entlXXX` RC id. */
+    lookup_key: string;
+    expires_at: string | null;
+    will_renew: boolean;
+    product_id?: string | null;
+    store?: "paddle" | "app_store" | "play_store" | "promotional" | null;
+}
+/** OAuth 2.1 token response from `/oauth/token`. */
+export interface OAuthTokenResponse {
+    /** The Bravely App Session (`bas_...`). Treat as opaque. */
+    access_token: string;
+    token_type: "DPoP" | "Bearer";
+    expires_in: number;
+    refresh_token: string | null;
+    scope: string;
+    issued_at: string;
+    active_entitlements?: Entitlement[];
+    bravely_account_id: string;
+    email: string;
+    app_slug: AppSlug;
+    platform?: string | null;
+    expires_at: string;
+    /** Server-published lib version policy (Track E10). Read into the deprecation handler. */
+    bravely_lib_version?: LibVersionPolicy;
+}
+/** Bravely App Session refresh response from `/api/app-sessions/refresh`. */
+export interface BasResponse {
+    ok: true;
+    bas: string;
+    session_token?: string;
+    refresh_token?: string;
+    expires_in?: number;
+    expires_at: string;
+    bravely_account_id: string;
+    email: string;
+    app_slug: AppSlug;
+    platform?: string | null;
+    active_entitlements?: Entitlement[];
+    app_data_token?: string;
+    app_data_token_expires_at?: string;
+}
+/** Entitlement snapshot from `/api/entitlements?app=<slug>`. */
+export interface EntitlementSnapshot {
+    bravely_account_id: string;
+    app_slug: AppSlug;
+    active_entitlements: string[];
+    active: boolean;
+    override: {
+        active: boolean;
+        reason: string | null;
+        expires_at: string | null;
+    };
+    trial: {
+        active: boolean;
+        expires_at: string | null;
+    };
+    subscription: {
+        active: boolean;
+        platform: string | null;
+        expires_at: string | null;
+    };
+    fetched_at: string;
+    cache_ttl_seconds?: number;
+}
+/** Lib version policy carried on BAS exchange / OAuth token responses. */
+export interface LibVersionPolicy {
+    /** Highest known good version. */
+    current: string;
+    /** Below this version the lib must hard-upgrade. */
+    min_version: string;
+    /** Reason for any forced upgrade. */
+    reason?: string;
+}
+/** Parsed `Bravely-Deprecation: endpoint; ...` directive. */
+export interface DeprecationEndpoint {
+    kind: "endpoint";
+    endpoint?: string;
+    expires?: string;
+    replacement?: string;
+    reason?: string;
+}
+/** Parsed `Bravely-Deprecation: client; ...` directive. */
+export interface DeprecationClient {
+    kind: "client";
+    minVersion?: string;
+    current?: string;
+    reason?: string;
+}
+export type DeprecationDirective = DeprecationEndpoint | DeprecationClient;
+/**
+ * Top-level state of the Bravely Account in the host page. Drives UI render
+ * via `onStateChange` subscribers.
+ */
+export type BravelyAccountState = {
+    kind: "signed_out";
+} | {
+    kind: "signing_in";
+    pending: boolean;
+} | {
+    kind: "signed_in";
+    ba_id: string;
+    email: string;
+    bas: string;
+    entitlements: Entitlement[];
+} | {
+    kind: "failed";
+    error: string;
+};
+export type CheckoutPlan = "monthly" | "annual" | "lifetime";
+/** Response from `POST /api/paddle-portal`. */
+export interface PaddlePortalSession {
+    ok: true;
+    url: string;
+    expires_at: string;
+    bravely_account_id: string;
+    app_slug: AppSlug | null;
+}
+/** Subset of activation state machine state names (full machine in ActivationStateMachine.ts). */
+export type ActivationStateName = "idle" | "restoring_session" | "verifying_entitlement" | "entitlement_cached_valid" | "entitlement_fresh_valid" | "entitlement_none" | "post_checkout_activation" | "fresh_launch_restoration" | "pending_user_action" | "failed";
+export interface ActivationState {
+    name: ActivationStateName;
+    enteredAt: Date;
+    /** True iff the state has a spinner / elapsed-time indicator. */
+    busy: boolean;
+}
+/**
+ * Configuration for `BravelyAccountManager`. The `authority` and `appSlug`
+ * are required; everything else falls back to sane defaults.
+ */
+export interface ManagerConfig {
+    /** Authorization server origin. Production: `https://auth.bravely.dev`. */
+    authority: string;
+    /** This app's slug — used as the OAuth `client_id`. */
+    appSlug: AppSlug;
+    /** Client app version (semver). Sent on every BAS exchange. */
+    clientVersion: string;
+    /** Lib name. Defaults to `bravely-account-web`. */
+    libName?: string;
+    /** Lib version. Defaults to this package's version. */
+    libVersion?: string;
+    /** Identity API origin. Defaults to `https://identity.bravely.dev`. */
+    identityOrigin?: string;
+    /** Override the OAuth redirect URI. Defaults to `${location.origin}/auth/callback`. */
+    redirectUri?: string;
+    /** OAuth scope string. Defaults to `bravely.account bravely.entitlements`. */
+    scope?: string;
+    /** Optional storage adapter override (testing). */
+    storage?: import("./storage.js").Storage;
+}
+/** RFC 9449 DPoP proof carrier (Gate 2). For Gate 1 this is null/unused. */
+export interface DPoPProof {
+    proof: string | null;
+    jktThumbprint: string | null;
+}
+/** Cached entitlement record persisted via the storage abstraction. */
+export interface CachedEntitlements {
+    entitlements: Entitlement[];
+    cachedAt: string;
+    /** RFC 7638 JWK thumbprint of the DPoP key the cache is bound to (Gate 2). Null for Gate 1. */
+    dpopJktThumbprint: string | null;
+    /** HMAC over the JSON body. Gate 2 server-signed; null for Gate 1. */
+    signature: string | null;
+}
+export interface ClientKilledErrorDetails {
+    replacement?: string;
+    reason?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAMA,mFAAmF;AACnF,MAAM,MAAM,OAAO,GACf,UAAU,GACV,SAAS,GACT,eAAe,GACf,YAAY,GACZ,cAAc,GACd,MAAM,GACN,UAAU,GACV,cAAc,GACd,WAAW,CAAC;AAEhB,gEAAgE;AAChE,MAAM,WAAW,WAAW;IAC1B,2GAA2G;IAC3G,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,KAAK,CAAC,EAAE,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,aAAa,GAAG,IAAI,CAAC;CACtE;AAED,oDAAoD;AACpD,MAAM,WAAW,kBAAkB;IACjC,4DAA4D;IAC5D,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,GAAG,QAAQ,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,mBAAmB,CAAC,EAAE,WAAW,EAAE,CAAC;IACpC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,0FAA0F;IAC1F,mBAAmB,CAAC,EAAE,gBAAgB,CAAC;CACxC;AAED,6EAA6E;AAC7E,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,IAAI,CAAC;IACT,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,mBAAmB,CAAC,EAAE,WAAW,EAAE,CAAC;IACpC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,yBAAyB,CAAC,EAAE,MAAM,CAAC;CACpC;AAED,gEAAgE;AAChE,MAAM,WAAW,mBAAmB;IAClC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,OAAO,CAAC;IAClB,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;IAChF,KAAK,EAAE;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;IACtD,YAAY,EAAE;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;IACtF,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,0EAA0E;AAC1E,MAAM,WAAW,gBAAgB;IAC/B,kCAAkC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,oDAAoD;IACpD,WAAW,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,6DAA6D;AAC7D,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,UAAU,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,2DAA2D;AAC3D,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,QAAQ,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,oBAAoB,GAAG,mBAAmB,GAAG,iBAAiB,CAAC;AAE3E;;;GAGG;AACH,MAAM,MAAM,mBAAmB,GAC3B;IAAE,IAAI,EAAE,YAAY,CAAA;CAAE,GACtB;IAAE,IAAI,EAAE,YAAY,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,GACxC;IACE,IAAI,EAAE,WAAW,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,YAAY,EAAE,WAAW,EAAE,CAAC;CAC7B,GACD;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtC,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,QAAQ,GAAG,UAAU,CAAC;AAE7D,+CAA+C;AAC/C,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,IAAI,CAAC;IACT,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,OAAO,GAAG,IAAI,CAAC;CAC1B;AAED,kGAAkG;AAClG,MAAM,MAAM,mBAAmB,GAC3B,MAAM,GACN,mBAAmB,GACnB,uBAAuB,GACvB,0BAA0B,GAC1B,yBAAyB,GACzB,kBAAkB,GAClB,0BAA0B,GAC1B,0BAA0B,GAC1B,qBAAqB,GACrB,QAAQ,CAAC;AAEb,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,mBAAmB,CAAC;IAC1B,SAAS,EAAE,IAAI,CAAC;IAChB,iEAAiE;IACjE,IAAI,EAAE,OAAO,CAAC;CACf;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,2EAA2E;IAC3E,SAAS,EAAE,MAAM,CAAC;IAClB,uDAAuD;IACvD,OAAO,EAAE,OAAO,CAAC;IACjB,+DAA+D;IAC/D,aAAa,EAAE,MAAM,CAAC;IACtB,mDAAmD;IACnD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,uFAAuF;IACvF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,8EAA8E;IAC9E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mDAAmD;IACnD,OAAO,CAAC,EAAE,OAAO,cAAc,EAAE,OAAO,CAAC;CAC1C;AAED,4EAA4E;AAC5E,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED,uEAAuE;AACvE,MAAM,WAAW,kBAAkB;IACjC,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,+FAA+F;IAC/F,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,sEAAsE;IACtE,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB"}

package/dist/types.js ADDED Viewed

@@ -0,0 +1,7 @@
+// Bravely Identity API types. Mirrors the OpenAPI 3.1 spec at
+// bravely-commerce-router/openapi.yaml. Keep aligned by hand — the spec is
+// small enough that codegen is more friction than the lib is worth.
+//
+// API version baseline: 1.2.1 (adds Paddle customer-portal session minting).
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,2EAA2E;AAC3E,oEAAoE;AACpE,EAAE;AACF,6EAA6E"}

package/package.json ADDED Viewed

@@ -0,0 +1,61 @@
+{
+  "name": "@bravely-studios/account-web",
+  "version": "0.3.4",
+  "description": "Bravely Account web facade: OAuth 2.1 + PKCE sign-in, BAS lifecycle, entitlement cache, activation state machine, C-ux M2/M3/M4 components. Used by all 9 utility web variants + bravely.dev.",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist/",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "lint": "tsc --noEmit",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "npm run build && npm run test"
+  },
+  "devDependencies": {
+    "@testing-library/react": "^16.3.2",
+    "@types/react": "^19.2.14",
+    "@types/react-dom": "^19.2.3",
+    "@vitest/coverage-v8": "^3.2.4",
+    "fast-check": "^4.7.0",
+    "happy-dom": "^20.9.0",
+    "react": "^19.2.6",
+    "react-dom": "^19.2.6",
+    "typescript": "^5.6.0",
+    "vitest": "^3.2.4"
+  },
+  "peerDependencies": {
+    "react": ">=18.0.0"
+  },
+  "peerDependenciesMeta": {
+    "react": {
+      "optional": true
+    }
+  },
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org/",
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Bravely-Studios/bravely-account-web.git"
+  },
+  "author": "Jeff Schiesser <jeff@bravely.dev>",
+  "license": "LicenseRef-Bravely-Studios-Proprietary",
+  "engines": {
+    "node": ">=20"
+  }
+}