@incodetech/core 2.0.1 → 2.1.0-rc.0

package/dist/electronic-signature.esm.js

@@ -1,7 +1,8 @@
 import "./api-CESGtpbH.esm.js";
-import "./events-D6-e4vok.esm.js";
-import "./endpoints-CnN3SyDa.esm.js";
-import "./xstate.esm-B70JrNqo.esm.js";
-import { a as areAllConsented, i as QE_CONSENT_KEYS, n as electronicSignatureMachine, o as getConsentKeys, r as AE_CONSENT_KEYS, s as getDefaultConsentChecks, t as createElectronicSignatureManager } from "./electronicSignatureManager-D9OHzTpG.esm.js";
+import "./events-Dvvriq9l.esm.js";
+import "./endpoints-BeTK0Mlt.esm.js";
+import "./xstate.esm-C9wncMQa.esm.js";
+import "./apiError-B-j-gyDx.esm.js";
+import { a as areAllConsented, i as QE_CONSENT_KEYS, n as electronicSignatureMachine, o as getConsentKeys, r as AE_CONSENT_KEYS, s as getDefaultConsentChecks, t as createElectronicSignatureManager } from "./electronicSignatureManager-BaECdJ1u.esm.js";
 
 export { AE_CONSENT_KEYS, QE_CONSENT_KEYS, areAllConsented, createElectronicSignatureManager, electronicSignatureMachine, getConsentKeys, getDefaultConsentChecks };

package/dist/{electronicSignatureManager-D9OHzTpG.esm.js → electronicSignatureManager-BaECdJ1u.esm.js}

@@ -1,7 +1,8 @@
 import { t as api } from "./api-CESGtpbH.esm.js";
-import { n as eventModuleNames, o as createManagerInstrumentation } from "./events-D6-e4vok.esm.js";
-import { t as endpoints } from "./endpoints-CnN3SyDa.esm.js";
-import { a as fromPromise, c as createManager, r as assign, s as createActor, t as setup } from "./xstate.esm-B70JrNqo.esm.js";
+import { n as eventModuleNames, o as createManagerInstrumentation } from "./events-Dvvriq9l.esm.js";
+import { t as endpoints } from "./endpoints-BeTK0Mlt.esm.js";
+import { a as fromPromise, c as createManager, r as assign, s as createActor, t as setup } from "./xstate.esm-C9wncMQa.esm.js";
+import { n as toIncodeApiError, t as IncodeApiError } from "./apiError-B-j-gyDx.esm.js";
 
 //#region ../infra/src/http/externalFetch.ts
 async function externalFetch(config) {
@@ -27,12 +28,14 @@ function getSignEndpoint(variant) {
 }
 async function signDocument(documentRef, variant, signal) {
 	const endpoint = getSignEndpoint(variant);
-	const res = await api.post(endpoint, {
-		documentRef,
-		userConsented: true
-	}, { signal });
-	if (!res.ok) throw new Error(`POST ${endpoint} failed: ${res.status} ${res.statusText}`);
-	return res.data;
+	try {
+		return (await api.post(endpoint, {
+			documentRef,
+			userConsented: true
+		}, { signal })).data;
+	} catch (error) {
+		toIncodeApiError(endpoint, error);
+	}
 }
 async function generateUploadUrl(signal) {
 	const res = await api.post(endpoints.aesGenerateUploadUrl, {}, { signal });
@@ -55,11 +58,16 @@ const fetchUnsignedDocsActor = fromPromise(async ({ signal }) => fetchUnsignedDo
 const signDocumentsActor = fromPromise(async ({ input, signal }) => {
 	return (await Promise.all(input.documents.map((doc) => signDocument(doc.documentRef, input.variant, signal)))).map((r) => ({ signedDocumentUrl: r.signedDocumentUrl }));
 });
-const uploadDocumentActor = fromPromise(async ({ input, signal }) => {
+/**
+* Generates the upload destination. `POST /generateDocumentUploadUrl` creates a
+* server-side document, so this must run at most once per session — the machine
+* caches the result and reuses it across upload retries.
+*/
+const generateUploadUrlActor = fromPromise(async ({ signal }) => generateUploadUrl(signal));
+const uploadFileActor = fromPromise(async ({ input, signal }) => {
 	const fileData = input.getFileData();
 	if (!fileData) throw new Error("No file data available for upload");
-	const { preSignedUrl } = await generateUploadUrl(signal);
-	await uploadDocumentFile(preSignedUrl, fileData, signal);
+	await uploadDocumentFile(input.preSignedUrl, fileData, signal);
 });
 
 //#endregion
@@ -89,6 +97,26 @@ function areAllConsented(checks) {
 
 //#endregion
 //#region src/modules/electronic-signature/electronicSignatureStateMachine.ts
+/**
+* The `/process/sign` (and `/process/signQes`) endpoint can fail in many ways,
+* but only three of them are recoverable by retrying with the same payload:
+*   - HTTP 500 (transient backend failure)
+*   - HTTP 409 (signing conflict — typically resolves on retry)
+*   - HTTP 400 with a body message containing "Signature failed"
+*     (recoverable signing-pipeline error; other 400s mean the request itself
+*     is bad and a retry will fail identically).
+*
+* All other failures (auth, validation, network, etc.) are surfaced as a
+* terminal `failed` state so the host receives `onError` immediately instead
+* of being offered a Try Again that cannot succeed.
+*/
+function isRetryableSignError(error) {
+	if (!(error instanceof IncodeApiError)) return false;
+	if (error.httpStatus === 500) return true;
+	if (error.httpStatus === 409) return true;
+	if (error.httpStatus === 400 && error.message.includes("Signature failed")) return true;
+	return false;
+}
 const electronicSignatureMachine = setup({
 	types: {
 		context: {},
@@ -98,7 +126,8 @@ const electronicSignatureMachine = setup({
 	actors: {
 		fetchUnsignedDocs: fetchUnsignedDocsActor,
 		signDocuments: signDocumentsActor,
-		uploadDocument: uploadDocumentActor
+		generateUploadUrl: generateUploadUrlActor,
+		uploadFile: uploadFileActor
 	},
 	actions: {
 		setDocuments: assign(({ event }) => {
@@ -117,6 +146,10 @@ const electronicSignatureMachine = setup({
 				fileUrl
 			};
 		}),
+		setUploadUrl: assign(({ event }) => {
+			const { output } = event;
+			return { preSignedUrl: output.preSignedUrl };
+		}),
 		updateConsent: assign(({ context, event }) => {
 			const { name, checked } = event;
 			return { consentChecks: {
@@ -131,7 +164,7 @@ const electronicSignatureMachine = setup({
 		errorFromUpload: ({ context }) => context.errorSource === "upload",
 		errorFromSigning: ({ context }) => context.errorSource === "signing",
 		shouldUpload: ({ context }) => context.config.uploadDocument === true,
-		shouldDownload: ({ context }) => context.config.downloadDocument === true,
+		hasUploadUrl: ({ context }) => context.preSignedUrl !== null,
 		allConsented: ({ context }) => areAllConsented(context.consentChecks),
 		hasDocuments: ({ event }) => {
 			const { output } = event;
@@ -144,7 +177,8 @@ const electronicSignatureMachine = setup({
 		allSignedAndDownload: ({ context, event }) => {
 			const { output } = event;
 			return output.every((d) => !!d.signedDocumentUrl) && context.config.downloadDocument === true;
-		}
+		},
+		isRetryableSignError: ({ event }) => isRetryableSignError(event.error)
 	}
 }).createMachine({
 	id: "electronicSignature",
@@ -157,6 +191,7 @@ const electronicSignatureMachine = setup({
 		fileName: null,
 		fileSize: null,
 		fileUrl: null,
+		preSignedUrl: null,
 		consentChecks: getDefaultConsentChecks(input.config.variant ?? "ae"),
 		viewingDocumentUrl: null,
 		errorMessage: "",
@@ -183,13 +218,34 @@ const electronicSignatureMachine = setup({
 					fileUrl: () => null
 				})
 			},
-			CONFIRM_FILE: { target: "uploadingFile" },
+			CONFIRM_FILE: [{
+				target: "uploadingFile",
+				guard: "hasUploadUrl"
+			}, { target: "generatingUploadUrl" }],
 			CLOSE: { target: "closed" }
 		} },
+		generatingUploadUrl: { invoke: {
+			id: "generateUploadUrl",
+			src: "generateUploadUrl",
+			onDone: {
+				target: "uploadingFile",
+				actions: "setUploadUrl"
+			},
+			onError: {
+				target: "error",
+				actions: assign(({ event }) => ({
+					errorMessage: String(event.error ?? "aes.error"),
+					errorSource: "upload"
+				}))
+			}
+		} },
 		uploadingFile: { invoke: {
-			id: "uploadDocument",
-			src: "uploadDocument",
-			input: ({ context }) => ({ getFileData: context.getFileData }),
+			id: "uploadFile",
+			src: "uploadFile",
+			input: ({ context }) => ({
+				preSignedUrl: context.preSignedUrl,
+				getFileData: context.getFileData
+			}),
 			onDone: { target: "fetchingDocs" },
 			onError: {
 				target: "error",
@@ -257,13 +313,20 @@ const electronicSignatureMachine = setup({
 					})
 				}
 			],
-			onError: {
+			onError: [{
 				target: "error",
+				guard: "isRetryableSignError",
 				actions: assign(({ event }) => ({
 					errorMessage: String(event.error ?? "aes.error"),
 					errorSource: "signing"
 				}))
-			}
+			}, {
+				target: "failed",
+				actions: assign(({ event }) => ({
+					errorMessage: String(event.error ?? "aes.error"),
+					errorSource: "signing"
+				}))
+			}]
 		} },
 		success: { after: { 3e3: "finished" } },
 		successDownload: { on: {
@@ -302,7 +365,8 @@ const electronicSignatureMachine = setup({
 			CLOSE: { target: "closed" }
 		} },
 		finished: { type: "final" },
-		closed: { type: "final" }
+		closed: { type: "final" },
+		failed: { type: "final" }
 	}
 });
 
@@ -319,7 +383,7 @@ function createElectronicSignatureActor(options) {
 //#region src/modules/electronic-signature/electronicSignatureManager.ts
 function mapState(snapshot) {
 	const { context } = snapshot;
-	if (snapshot.matches("idle") || snapshot.matches("fetchingDocs") || snapshot.matches("uploadingFile")) return { status: "loading" };
+	if (snapshot.matches("idle") || snapshot.matches("fetchingDocs") || snapshot.matches("generatingUploadUrl") || snapshot.matches("uploadingFile")) return { status: "loading" };
 	if (snapshot.matches("uploading")) return {
 		status: "uploading",
 		fileName: context.fileName
@@ -347,6 +411,10 @@ function mapState(snapshot) {
 		status: "error",
 		errorMessage: context.errorMessage
 	};
+	if (snapshot.matches("failed")) return {
+		status: "failed",
+		errorMessage: context.errorMessage
+	};
 	if (snapshot.matches("finished")) return { status: "finished" };
 	if (snapshot.matches("closed")) return { status: "closed" };
 	throw new Error(`Unhandled electronic-signature state: ${JSON.stringify(snapshot.value)}`);

package/dist/email.d.ts

@@ -1,4 +1,5 @@
-import "./Manager-C8PrhBOx.js";
-import "./Actor-CI32dTbG.js";
-import { a as emailMachine, n as EmailState, o as EmailConfig, r as createEmailManager, t as EmailManager } from "./emailManager-DIfnS5g1.js";
+import "./Manager-BHn8wH8K.js";
+import "./Actor-Y0_Fj-KL.js";
+import { n as EmailState, o as emailMachine, r as createEmailManager, s as EmailConfig, t as EmailManager } from "./emailManager-lAzDoQOs.js";
+import "./otp-DF5A0sFx.js";
 export { type EmailConfig, type EmailManager, type EmailState, createEmailManager, emailMachine };

package/dist/email.esm.js

@@ -1,9 +1,10 @@
 import "./BrowserTimerProvider-DhNc_x02.esm.js";
 import "./api-CESGtpbH.esm.js";
-import "./events-D6-e4vok.esm.js";
-import "./endpoints-CnN3SyDa.esm.js";
-import "./xstate.esm-B70JrNqo.esm.js";
-import { t as emailMachine } from "./emailStateMachine-DOf4j58N.esm.js";
-import { t as createEmailManager } from "./emailManager-wAV0LE-H.esm.js";
+import "./events-Dvvriq9l.esm.js";
+import "./endpoints-BeTK0Mlt.esm.js";
+import "./xstate.esm-C9wncMQa.esm.js";
+import { t as emailMachine } from "./emailStateMachine-CxTOMAjC.esm.js";
+import "./otp-CGMdUzBC.esm.js";
+import { t as createEmailManager } from "./emailManager--D5G3ChB.esm.js";
 
 export { createEmailManager, emailMachine };

package/dist/{emailManager-wAV0LE-H.esm.js → emailManager--D5G3ChB.esm.js}

@@ -1,6 +1,7 @@
-import { n as eventModuleNames, o as createManagerInstrumentation } from "./events-D6-e4vok.esm.js";
-import { c as createManager, s as createActor } from "./xstate.esm-B70JrNqo.esm.js";
-import { t as emailMachine } from "./emailStateMachine-DOf4j58N.esm.js";
+import { n as eventModuleNames, o as createManagerInstrumentation } from "./events-Dvvriq9l.esm.js";
+import { c as createManager, s as createActor } from "./xstate.esm-C9wncMQa.esm.js";
+import { t as emailMachine } from "./emailStateMachine-CxTOMAjC.esm.js";
+import { t as OTP_CODE_LENGTH } from "./otp-CGMdUzBC.esm.js";
 
 //#region src/modules/email/emailActor.ts
 function createEmailActor(options) {
@@ -105,28 +106,44 @@ function mapState(snapshot) {
 		status: "inputting",
 		prefilledEmail: context.prefilledEmail,
 		emailError: context.emailError,
+		validationErrors: context.validationErrors,
+		isValid: Object.keys(context.validationErrors ?? {}).length === 0,
 		otpVerification: context.config.otpVerification
 	};
 	if (typedSnapshot.matches("submitting")) return { status: "submitting" };
-	if (typedSnapshot.matches("resendingOtp")) return { status: "resendingOtp" };
+	if (typedSnapshot.matches("resendingOtp")) return {
+		status: "resendingOtp",
+		otpCode: context.otpCode,
+		otpLength: OTP_CODE_LENGTH
+	};
 	if (typedSnapshot.matches("sendingInitialOtp")) return { status: "sendingInitialOtp" };
 	if (typedSnapshot.matches("awaitingOtp")) return {
 		status: "awaitingOtp",
 		resendTimer: context.resendTimer,
 		canResend: !context.resendTimerActive,
-		attemptsRemaining: context.attemptsRemaining
+		attemptsRemaining: context.attemptsRemaining,
+		otpCode: context.otpCode,
+		otpLength: OTP_CODE_LENGTH,
+		otpValidationErrors: context.otpValidationErrors,
+		isOtpValid: Object.keys(context.otpValidationErrors ?? {}).length === 0
 	};
 	if (typedSnapshot.matches("verifyingOtp")) return {
 		status: "verifyingOtp",
 		resendTimer: context.resendTimer,
-		canResend: !context.resendTimerActive
+		canResend: !context.resendTimerActive,
+		otpCode: context.otpCode,
+		otpLength: OTP_CODE_LENGTH
 	};
 	if (typedSnapshot.matches("otpError")) return {
 		status: "otpError",
 		otpError: context.otpError ?? "Invalid OTP code",
 		attemptsRemaining: context.attemptsRemaining,
 		resendTimer: context.resendTimer,
-		canResend: !context.resendTimerActive
+		canResend: !context.resendTimerActive,
+		otpCode: context.otpCode,
+		otpLength: OTP_CODE_LENGTH,
+		otpValidationErrors: context.otpValidationErrors,
+		isOtpValid: Object.keys(context.otpValidationErrors ?? {}).length === 0
 	};
 	if (typedSnapshot.matches("finished")) return { status: "finished" };
 	if (typedSnapshot.matches("error")) return {
@@ -147,6 +164,9 @@ function createApi({ actor, trackElementClicked }) {
 				isValid
 			});
 		},
+		validateEmail() {
+			actor.send({ type: "VALIDATE_EMAIL" });
+		},
 		submit() {
 			trackElementClicked?.("submit");
 			actor.send({ type: "SUBMIT" });
@@ -157,6 +177,9 @@ function createApi({ actor, trackElementClicked }) {
 				code
 			});
 		},
+		validateOtp() {
+			actor.send({ type: "VALIDATE_OTP" });
+		},
 		submitOtp(code) {
 			trackElementClicked?.("submitOtp");
 			actor.send({

package/dist/{emailManager-DIfnS5g1.d.ts → emailManager-lAzDoQOs.d.ts}

@@ -1,5 +1,6 @@
-import { t as Manager } from "./Manager-C8PrhBOx.js";
-import { t as ActorRefFrom } from "./Actor-CI32dTbG.js";
+import { t as Manager } from "./Manager-BHn8wH8K.js";
+import { t as ActorRefFrom } from "./Actor-Y0_Fj-KL.js";
+import { t as OtpValidationErrors } from "./otp-DF5A0sFx.js";
 
 //#region src/modules/email/types.d.ts
 
@@ -49,6 +50,9 @@ type EmailConfig = {
    */
   maxOtpAttempts?: number;
 };
+type EmailValidationErrors = {
+  email?: string;
+};
 //#endregion
 //#region src/modules/email/emailStateMachine.d.ts
 
@@ -73,13 +77,17 @@ type EmailLoadingPrefillState = {
 /**
  * Ready for email input - use `setEmail()` and `submit()`
  * @property prefilledEmail - Pre-populated email address (if prefill enabled)
- * @property emailError - Validation error message if email was rejected
+ * @property emailError - Server-side validation error message if email was rejected
+ * @property validationErrors - Client-side validation errors (e.g. invalid/empty email). Surfaced on blur and submit.
+ * @property isValid - True iff `validationErrors` is empty. Optimistic semantic: starts true on initial render.
  * @property otpVerification - Whether OTP email verification is enabled (from module config). When omitted, treat as `false`.
  */
 type EmailInputtingState = {
   status: 'inputting';
   prefilledEmail?: string;
   emailError?: string;
+  validationErrors?: EmailValidationErrors;
+  isValid: boolean;
   otpVerification?: boolean;
 };
 /** Email address is being submitted to the backend */
@@ -89,6 +97,10 @@ type EmailSubmittingState = {
 /** OTP is being sent to the email address */
 type EmailResendingOtpState = {
   status: 'resendingOtp';
+  /** The OTP code entered so far (controlled-input value, kept visible while disabled) */
+  otpCode: string;
+  /** Expected OTP length (owned by Core) */
+  otpLength: number;
 };
 /** OTP is being sent initialy to the email address */
 type EmailSendingInitialOtpState = {
@@ -99,22 +111,34 @@ type EmailSendingInitialOtpState = {
  * @property resendTimer - Seconds remaining before resend is allowed
  * @property canResend - Whether the resend button should be enabled
  * @property attemptsRemaining - Number of OTP verification attempts left
+ * @property otpCode - The OTP code entered so far (controlled-input value)
+ * @property otpLength - Expected OTP length (owned by Core; the UI should not hardcode it)
+ * @property otpValidationErrors - Client-side OTP errors (e.g. incomplete code). Surfaced on blur and submit.
+ * @property isOtpValid - True iff `otpValidationErrors` is empty. Optimistic semantic: starts true.
  */
 type EmailAwaitingOtpState = {
   status: 'awaitingOtp';
   resendTimer: number;
   canResend: boolean;
   attemptsRemaining: number;
+  otpCode: string;
+  otpLength: number;
+  otpValidationErrors?: OtpValidationErrors;
+  isOtpValid: boolean;
 };
 /**
  * OTP code is being verified against the backend
  * @property resendTimer - Seconds remaining on resend cooldown (unchanged while verifying)
  * @property canResend - Whether resend is allowed (cooldown finished)
+ * @property otpCode - The code being verified (controlled-input value, kept visible while disabled)
+ * @property otpLength - Expected OTP length (owned by Core)
  */
 type EmailVerifyingOtpState = {
   status: 'verifyingOtp';
   resendTimer: number;
   canResend: boolean;
+  otpCode: string;
+  otpLength: number;
 };
 /**
  * OTP verification failed - user can retry with `submitOtp()`
@@ -122,6 +146,10 @@ type EmailVerifyingOtpState = {
  * @property attemptsRemaining - Number of remaining attempts before lockout
  * @property resendTimer - Seconds remaining on resend cooldown (same as awaiting OTP)
  * @property canResend - Whether resend is allowed (cooldown finished)
+ * @property otpCode - The OTP code entered so far (controlled-input value)
+ * @property otpLength - Expected OTP length (owned by Core)
+ * @property otpValidationErrors - Client-side OTP errors (e.g. incomplete code). Server `otpError` takes precedence in the UI.
+ * @property isOtpValid - True iff `otpValidationErrors` is empty. Optimistic semantic: starts true.
  */
 type EmailOtpErrorState = {
   status: 'otpError';
@@ -129,6 +157,10 @@ type EmailOtpErrorState = {
   attemptsRemaining: number;
   resendTimer: number;
   canResend: boolean;
+  otpCode: string;
+  otpLength: number;
+  otpValidationErrors?: OtpValidationErrors;
+  isOtpValid: boolean;
 };
 /** Email verification completed successfully */
 type EmailFinishedState = {
@@ -218,10 +250,16 @@ declare function createEmailManager(options: CreateEmailActorOptions): Manager<E
    * ```
    */
   setEmail(email: string, isValid: boolean): void;
+  /**
+   * Validates the current email address (e.g., on blur).
+   * Populates or clears `validationErrors.email` on the 'inputting' state.
+   */
+  validateEmail(): void;
   /**
    * Submits the email address for verification.
-   * Requires a valid email address to be set via `setEmail()`.
-   * Transitions to 'submitting', then to 'sendingInitialOtp' or 'success' (if no OTP).
+   * Runs full validation first: if the email is empty or invalid, populates
+   * `validationErrors` and stays on 'inputting'; otherwise transitions to
+   * 'submitting', then to 'sendingInitialOtp' or 'finished' (if no OTP).
    */
   submit(): void;
   /**
@@ -231,6 +269,12 @@ declare function createEmailManager(options: CreateEmailActorOptions): Manager<E
    * @param code - The OTP code entered by the user
    */
   setOtpCode(code: string): void;
+  /**
+   * Validates the current OTP code (e.g. on blur), without submitting.
+   * Populates or clears `otpValidationErrors.otp` on the 'awaitingOtp' /
+   * 'otpError' states (incomplete code → `isOtpValid` becomes false).
+   */
+  validateOtp(): void;
   /**
    * Sets and submits the OTP code in one call.
    * Should be called when state is 'awaitingOtp' or 'otpError'.
@@ -286,10 +330,16 @@ declare function createEmailManagerFromActor(actor: EmailActor): Manager<EmailSt
    * ```
    */
   setEmail(email: string, isValid: boolean): void;
+  /**
+   * Validates the current email address (e.g., on blur).
+   * Populates or clears `validationErrors.email` on the 'inputting' state.
+   */
+  validateEmail(): void;
   /**
    * Submits the email address for verification.
-   * Requires a valid email address to be set via `setEmail()`.
-   * Transitions to 'submitting', then to 'sendingInitialOtp' or 'success' (if no OTP).
+   * Runs full validation first: if the email is empty or invalid, populates
+   * `validationErrors` and stays on 'inputting'; otherwise transitions to
+   * 'submitting', then to 'sendingInitialOtp' or 'finished' (if no OTP).
    */
   submit(): void;
   /**
@@ -299,6 +349,12 @@ declare function createEmailManagerFromActor(actor: EmailActor): Manager<EmailSt
    * @param code - The OTP code entered by the user
    */
   setOtpCode(code: string): void;
+  /**
+   * Validates the current OTP code (e.g. on blur), without submitting.
+   * Populates or clears `otpValidationErrors.otp` on the 'awaitingOtp' /
+   * 'otpError' states (incomplete code → `isOtpValid` becomes false).
+   */
+  validateOtp(): void;
   /**
    * Sets and submits the OTP code in one call.
    * Should be called when state is 'awaitingOtp' or 'otpError'.
@@ -340,8 +396,10 @@ declare function createEmailManagerFromActor(actor: EmailActor): Manager<EmailSt
  * @property stop - Stops the manager and cleans up resources
  * @property load - Initializes the verification flow
  * @property setEmail - Sets the email address
+ * @property validateEmail - Validates the current email (e.g. on blur)
  * @property submit - Submits the email address
  * @property setOtpCode - Sets OTP code without submitting
+ * @property validateOtp - Validates the current OTP (e.g. on blur)
  * @property submitOtp - Sets and submits OTP code
  * @property resendOtp - Requests new OTP code
  * @property back - Returns to email input from OTP screen
@@ -349,4 +407,4 @@ declare function createEmailManagerFromActor(actor: EmailActor): Manager<EmailSt
  */
 type EmailManager = ReturnType<typeof createEmailManager>;
 //#endregion
-export { emailMachine as a, createEmailManagerFromActor as i, EmailState as n, EmailConfig as o, createEmailManager as r, EmailManager as t };
+export { EmailActor as a, createEmailManagerFromActor as i, EmailState as n, emailMachine as o, createEmailManager as r, EmailConfig as s, EmailManager as t };

package/dist/{emailStateMachine-DOf4j58N.esm.js → emailStateMachine-CxTOMAjC.esm.js}

@@ -1,7 +1,8 @@
 import { t as BrowserTimerProvider } from "./BrowserTimerProvider-DhNc_x02.esm.js";
 import { t as api } from "./api-CESGtpbH.esm.js";
-import { t as endpoints } from "./endpoints-CnN3SyDa.esm.js";
-import { a as fromPromise, i as fromCallback, r as assign, t as setup } from "./xstate.esm-B70JrNqo.esm.js";
+import { t as endpoints } from "./endpoints-BeTK0Mlt.esm.js";
+import { a as fromPromise, i as fromCallback, r as assign, t as setup } from "./xstate.esm-C9wncMQa.esm.js";
+import { n as computeOtpValidationErrors, r as isOtpComplete } from "./otp-CGMdUzBC.esm.js";
 
 //#region src/modules/email/emailServices.ts
 function getEmailServerFailureReason(error, invalidStatus) {
@@ -41,6 +42,10 @@ function getErrorMessage(error) {
 	if (error instanceof Error) return error.message;
 	return String(error);
 }
+function computeEmailValidationErrors(context) {
+	if (context.email.trim().length === 0 || !context.isValid) return { email: "invalidEmail" };
+	return {};
+}
 const RESEND_TIMER_SECONDS = 30;
 const emailMachine = setup({
 	types: {
@@ -86,17 +91,31 @@ const emailMachine = setup({
 			return {
 				email: e.email,
 				isValid: e.isValid,
-				emailError: void 0
+				emailError: void 0,
+				validationErrors: void 0
 			};
 		}),
+		validateEmailField: assign(({ context }) => {
+			const errors = computeEmailValidationErrors(context);
+			return { validationErrors: errors.email ? errors : void 0 };
+		}),
+		computeValidationResult: assign(({ context }) => {
+			const errors = computeEmailValidationErrors(context);
+			return { validationErrors: errors.email ? errors : void 0 };
+		}),
 		setEmailError: assign(({ event }) => ({ emailError: getErrorMessage(event.error) })),
 		setError: assign(({ event }) => ({ error: getErrorMessage(event.error) })),
 		clearError: assign({ error: () => void 0 }),
 		clearEmailError: assign({ emailError: () => void 0 }),
 		setOtpCode: assign(({ event }) => ({
 			otpCode: event.code,
-			otpError: void 0
+			otpError: void 0,
+			otpValidationErrors: void 0
 		})),
+		validateOtpField: assign(({ context }) => {
+			const errors = computeOtpValidationErrors(context.otpCode);
+			return { otpValidationErrors: errors.otp ? errors : void 0 };
+		}),
 		setOtpError: assign(({ context, event }) => ({
 			otpError: getErrorMessage(event.error),
 			attemptsRemaining: context.attemptsRemaining - 1
@@ -104,7 +123,8 @@ const emailMachine = setup({
 		setOtpRequestError: assign(({ event }) => ({ otpError: getErrorMessage(event.error) })),
 		clearOtpError: assign({
 			otpError: () => void 0,
-			otpCode: () => ""
+			otpCode: () => "",
+			otpValidationErrors: () => void 0
 		}),
 		startResendTimer: assign({
 			resendTimer: () => RESEND_TIMER_SECONDS,
@@ -122,10 +142,12 @@ const emailMachine = setup({
 			email: "",
 			isValid: false,
 			emailError: void 0,
+			validationErrors: void 0,
 			prefilledEmail: void 0,
 			error: void 0,
 			otpCode: "",
 			otpError: void 0,
+			otpValidationErrors: void 0,
 			attemptsRemaining: context.config.maxOtpAttempts ?? 3,
 			resendTimer: 0,
 			resendTimerActive: false
@@ -134,8 +156,9 @@ const emailMachine = setup({
 	guards: {
 		hasPrefill: ({ context }) => context.config.prefill === true,
 		hasOtpVerification: ({ context }) => context.config.otpVerification,
-		isValidEmail: ({ context }) => context.isValid,
+		hasNoValidationErrors: ({ context }) => !context.validationErrors || Object.keys(context.validationErrors).length === 0,
 		hasAttemptsRemaining: ({ context }) => context.attemptsRemaining > 1,
+		hasCompleteOtp: ({ context }) => isOtpComplete(context.otpCode),
 		canResend: ({ context }) => !context.resendTimerActive
 	}
 }).createMachine({
@@ -146,10 +169,12 @@ const emailMachine = setup({
 		email: "",
 		isValid: false,
 		emailError: void 0,
+		validationErrors: void 0,
 		prefilledEmail: void 0,
 		error: void 0,
 		otpCode: "",
 		otpError: void 0,
+		otpValidationErrors: void 0,
 		attemptsRemaining: input.config.maxOtpAttempts ?? 3,
 		resendTimer: 0,
 		resendTimerActive: false
@@ -170,12 +195,17 @@ const emailMachine = setup({
 		} },
 		inputting: { on: {
 			EMAIL_CHANGED: { actions: "setEmail" },
-			SUBMIT: {
+			VALIDATE_EMAIL: { actions: "validateEmailField" },
+			SUBMIT: { target: "validatingSubmit" }
+		} },
+		validatingSubmit: {
+			entry: "computeValidationResult",
+			always: [{
+				guard: "hasNoValidationErrors",
 				target: "submitting",
-				guard: "isValidEmail",
 				actions: "clearEmailError"
-			}
-		} },
+			}, { target: "inputting" }]
+		},
 		submitting: { invoke: {
 			id: "submitEmail",
 			src: "submitEmail",
@@ -222,7 +252,11 @@ const emailMachine = setup({
 			on: {
 				TICK: { actions: "tickResendTimer" },
 				OTP_CHANGED: { actions: "setOtpCode" },
-				VERIFY_OTP: { target: "verifyingOtp" },
+				VALIDATE_OTP: { actions: "validateOtpField" },
+				VERIFY_OTP: [{
+					guard: "hasCompleteOtp",
+					target: "verifyingOtp"
+				}, { actions: "validateOtpField" }],
 				RESEND_OTP: {
 					target: "resendingOtp",
 					guard: "canResend"
@@ -273,6 +307,7 @@ const emailMachine = setup({
 					target: "awaitingOtp",
 					actions: "setOtpCode"
 				},
+				VALIDATE_OTP: { actions: "validateOtpField" },
 				RESEND_OTP: {
 					target: "resendingOtp",
 					guard: "canResend"