@incodetech/core 2.0.1 → 2.1.0-rc.0

package/dist/{selfieManager-D0lSgd-J.d.ts → selfieManager-dUbKRzOh.d.ts}

@@ -1,5 +1,5 @@
-import { t as Manager } from "./Manager-C8PrhBOx.js";
-import { c as SelfieActor, n as FaceCaptureManagerState, s as CreateSelfieActorOptions, t as FaceCaptureManager } from "./faceCaptureManagerFactory-yqtpxjnN.js";
+import { t as Manager } from "./Manager-BHn8wH8K.js";
+import { c as SelfieActor, n as FaceCaptureManagerState, s as CreateSelfieActorOptions, t as FaceCaptureManager } from "./faceCaptureManagerFactory-C_hRHx8a.js";
 
 //#region src/modules/selfie/selfieUploadService.d.ts
 type ProcessFaceImageType = 'selfie' | 'videoSelfie';
@@ -14,7 +14,7 @@ declare function processFace(imageType?: ProcessFaceImageType, signal?: AbortSig
 type SelfieState = FaceCaptureManagerState;
 declare function createSelfieManagerFromActor(actor: SelfieActor): Manager<FaceCaptureManagerState> & {
   load(): void;
-  nextStep(): void;
+  nextStep(): Promise<void>;
   requestPermission(): void;
   goToLearnMore(): void;
   back(): void;
@@ -54,7 +54,7 @@ declare function createSelfieManagerFromActor(actor: SelfieActor): Manager<FaceC
  */
 declare function createSelfieManager(options: CreateSelfieActorOptions): Manager<FaceCaptureManagerState> & {
   load(): void;
-  nextStep(): void;
+  nextStep(): Promise<void>;
   requestPermission(): void;
   goToLearnMore(): void;
   back(): void;

package/dist/{selfieStateMachine-D76whWEf.esm.js → selfieStateMachine-b4F2q9zw.esm.js}

@@ -1,6 +1,7 @@
-import { a as fromPromise, r as assign } from "./xstate.esm-B70JrNqo.esm.js";
-import { a as prepareOnDeviceFaceUpload, i as postOnDeviceFaceResults, n as defaultPrepareFaceUpload, r as isOnDeviceMode, t as faceCaptureMachine } from "./faceCaptureSetup-B3faSpYA.esm.js";
-import { f as processFace, m as FACE_ERROR_CODES, p as uploadSelfie } from "./recordingService-Ig2UgbLv.esm.js";
+import { a as fromPromise, r as assign } from "./xstate.esm-C9wncMQa.esm.js";
+import { a as defaultPrepareFaceUpload, c as prepareOnDeviceFaceUpload, h as uploadSelfie, m as processFace, o as isOnDeviceMode, s as postOnDeviceFaceResults } from "./recordingService-Bn9EdCmz.esm.js";
+import { t as FACE_ERROR_CODES } from "./types-DsnEVMhr.esm.js";
+import { t as faceCaptureMachine } from "./faceCaptureSetup-CtvHWd3x.esm.js";
 
 //#region src/modules/selfie/selfieErrorUtils.ts
 const FACE_ERROR_CODE_VALUES = Object.values(FACE_ERROR_CODES);
@@ -30,6 +31,7 @@ const _selfieMachine = faceCaptureMachine.provide({
 				faceCoordinates: ctx.faceCoordinates,
 				metadata: ctx.deepsightService?.getMetadata(),
 				recordingId: ctx.uploadRecordingId,
+				deepsightService: ctx.deepsightService ?? void 0,
 				signal
 			});
 		}),

package/dist/session-DoVb-OcB.esm.js

@@ -0,0 +1,152 @@
+import { n as getApi } from "./api-CESGtpbH.esm.js";
+import { t as endpoints } from "./endpoints-BeTK0Mlt.esm.js";
+import { n as toIncodeApiError } from "./apiError-B-j-gyDx.esm.js";
+
+//#region src/internal/session/sessionService.ts
+/**
+* HTTP status codes the QR validation endpoint emits, keyed by their semantic
+* name. Hosts switch on these to render distinct messaging — `invalidQRuuid`
+* for an unknown/expired link, `onboardingUrlAlreadyUsed` for a one-time link
+* that has already been consumed.
+*/
+const QR_VALIDATION_ERROR_CODES = {
+	expiredUUID: 4026,
+	invalidQRuuid: 4081,
+	onboardingUrlAlreadyUsed: 4083
+};
+var QrValidationError = class extends Error {
+	constructor(status, statusText) {
+		super(`POST ${endpoints.qrValidateUuid} failed: ${status} ${statusText}`);
+		this.name = "QrValidationError";
+		this.status = status;
+		this.statusText = statusText;
+	}
+};
+/**
+* Creates a new onboarding session.
+*
+* @param apiKey - The API key from the Incode dashboard
+* @param options - Session creation options
+* @param signal - Optional AbortSignal for request cancellation
+* @returns The created session with token
+*
+* @example
+* ```ts
+* const session = await createSession('your-api-key', {
+*   configurationId: 'your-flow-id',
+*   language: 'en-US',
+* });
+* console.log(session.token); // Use this token for subsequent API calls
+* ```
+*/
+async function createSession(apiKey, options, signal) {
+	try {
+		return (await getApi().post(endpoints.createSession, {
+			configurationId: options.configurationId,
+			externalId: options.externalId,
+			externalCustomerId: options.externalCustomerId,
+			language: options.language ?? "en-US",
+			customFields: options.customFields,
+			uuid: options.uuid ?? null,
+			urlUuid: options.urlUuid ?? null,
+			interviewId: options.interviewId ?? null,
+			...options.loginHint != null && options.loginHint !== "" ? { loginHint: options.loginHint } : {}
+		}, {
+			headers: {
+				"x-api-key": apiKey,
+				"api-version": "1.0"
+			},
+			signal
+		})).data;
+	} catch (error) {
+		toIncodeApiError(endpoints.createSession, error);
+	}
+}
+/**
+* Validates and rotates a QR anti-phishing URL UUID before creating a session.
+*
+* This call is unauthenticated; the `{ onboardingId, urlUuid }` pair itself
+* acts as the credential. The server burns the incoming `urlUuid` and returns
+* a freshly minted one that must be used in the subsequent `createSession`
+* call.
+*
+* @param options - `{ onboardingId, urlUuid }` from the incoming URL
+* @param signal - Optional AbortSignal for request cancellation
+* @returns The refreshed `urlUuid` to use for the session
+* @throws {QrValidationError} When the server rejects the validation request.
+*/
+async function validateQrUuid(options, signal) {
+	try {
+		return (await getApi().post(endpoints.qrValidateUuid, {
+			onboardingId: options.onboardingId,
+			urlUuid: options.urlUuid
+		}, {
+			headers: { "api-version": "1.0" },
+			signal
+		})).data;
+	} catch (error) {
+		const httpError = error;
+		throw new QrValidationError(httpError.data?.status ?? httpError.status, httpError.statusText);
+	}
+}
+/**
+* One-shot QR phishing-resistance helper.
+*
+* When `urlUuid` is a non-empty string, burns the stale value via
+* `validateQrUuid`, invokes `onRefreshed` with the fresh value, and returns
+* it so callers can forward it into `createSession`. When `urlUuid` is
+* absent, returns `undefined` without making any network call.
+*
+* Consolidates the rotation + callback logic shared by Flow self-loading and
+* Workflow token-mode bootstraps.
+*
+* @throws {QrValidationError} When the server rejects the validation request.
+*/
+async function refreshQrUrlUuid(options, signal) {
+	if (typeof options.urlUuid !== "string" || options.urlUuid.length === 0) return;
+	const result = await validateQrUuid({
+		onboardingId: options.onboardingId ?? null,
+		urlUuid: options.urlUuid
+	}, signal);
+	options.onRefreshed?.(result.urlUuid);
+	return result.urlUuid;
+}
+/**
+* Validates and rotates a QR anti-phishing `urlUuid` (when present), then
+* creates a session bound to the refreshed value. When `urlUuid` is absent,
+* behaves identically to {@link createSession}.
+*
+* Use this when the host owns session creation and wants the SDK to handle
+* phishing-resistance rotation in a single call. For raw control, compose
+* `refreshQrUrlUuid` and `createSession` directly.
+*
+* @throws {QrValidationError} When the server rejects the QR validation step.
+*
+* @example
+* ```ts
+* const session = await bootstrapSession(apiKey, {
+*   configurationId,
+*   urlUuid,
+*   onUrlUuidRefreshed: (refreshed) => {
+*     const url = new URL(window.location.href);
+*     url.searchParams.set('url_uuid', refreshed);
+*     window.history.replaceState({}, '', url);
+*   },
+* });
+* ```
+*/
+async function bootstrapSession(apiKey, options, signal) {
+	const { onUrlUuidRefreshed, ...createSessionOptions } = options;
+	const refreshedUrlUuid = await refreshQrUrlUuid({
+		urlUuid: options.urlUuid,
+		onboardingId: options.uuid ?? null,
+		onRefreshed: onUrlUuidRefreshed
+	}, signal);
+	return createSession(apiKey, {
+		...createSessionOptions,
+		urlUuid: refreshedUrlUuid
+	}, signal);
+}
+
+//#endregion
+export { refreshQrUrlUuid as a, createSession as i, QrValidationError as n, validateQrUuid as o, bootstrapSession as r, QR_VALIDATION_ERROR_CODES as t };

package/dist/session.d.ts

@@ -1,7 +1,8 @@
-import "./camera-DBSxa6ML.js";
-import "./types-CFV9G_7j.js";
-import { a as RegulationTypes } from "./types-BP1m8VRw.js";
-import { n as GetFinishStatusFn, r as getFinishStatus, t as FinishStatus } from "./flowCompletionService-DhkT4SRY.js";
+import "./camera-SRBpPq2X.js";
+import "./types-Bj9hdFjU.js";
+import "./types-DvGZI7BF.js";
+import { a as RegulationTypes } from "./types-DOUhndhT.js";
+import { n as GetFinishStatusFn, r as getFinishStatus, t as FinishStatus } from "./flowCompletionService-BdR2cGgB.js";
 
 //#region src/internal/fingerprint/types.d.ts
 
@@ -39,6 +40,8 @@ type Session = {
   uuid?: string;
   regulationType?: string;
   showMandatoryConsent?: boolean;
+  endScreenTitle?: string;
+  endScreenText?: string;
 };
 type ValidateQrUuidOptions = {
   onboardingId: string | null;
@@ -149,6 +152,35 @@ declare function refreshQrUrlUuid(options: RefreshQrUrlUuidOptions, signal?: Abo
  */
 declare function bootstrapSession(apiKey: string, options: BootstrapSessionOptions, signal?: AbortSignal): Promise<Session>;
 //#endregion
+//#region src/internal/http/apiError.d.ts
+/**
+ * Incode API error.
+ *
+ * Wraps an HTTP failure so callers can branch on the Incode-specific status
+ * code (e.g. `4028` for "Flow is not activated") and surface the server's
+ * human-readable message to the user. The Incode backend returns these on
+ * HTTP `400` responses with a body shaped:
+ *
+ * ```json
+ * { "status": 4028, "error": "Flow is not activated.", "message": "...", "path": "/0/omni/start" }
+ * ```
+ *
+ * - `status` — prefers the body's Incode status code, falls back to the HTTP
+ *   status when the body doesn't carry one.
+ * - `httpStatus` — always the underlying HTTP status.
+ * - `cause` — the original `HttpError` (typically `FetchHttpError`) is
+ *   preserved on the standard ES `Error.cause` slot, so core consumers that
+ *   need `url` / `method` / `headers` / raw `data` can read them via
+ *   `err.cause`.
+ */
+declare class IncodeApiError extends Error {
+  readonly status: number;
+  readonly httpStatus: number;
+  readonly endpoint: string;
+  readonly cause?: unknown;
+  constructor(endpoint: string, status: number, httpStatus: number, message: string, cause?: unknown);
+}
+//#endregion
 //#region src/internal/featureConfig/types.d.ts
 type FeatureName = 'VIDEO_SELFIE_V2' | 'USE_CLIENT_GLARE' | 'USE_OPEN_VIDU' | 'DISABLE_IPIFY';
 type FeatureConfig = {
@@ -214,4 +246,4 @@ type SessionInitResult = {
  */
 declare function initializeSession(options?: SessionInitOptions): Promise<SessionInitResult>;
 //#endregion
-export { type BootstrapSessionOptions, type CreateSessionOptions, type FinishStatus, type GetFinishStatusFn, QR_VALIDATION_ERROR_CODES, QrValidationError, type QrValidationErrorCode, type QrValidationResult, type RefreshQrUrlUuidOptions, type Session, type SessionInitOptions, type SessionInitResult, type ValidateQrUuidOptions, bootstrapSession, createSession, getFinishStatus, initializeSession, refreshQrUrlUuid, validateQrUuid };
+export { type BootstrapSessionOptions, type CreateSessionOptions, type FinishStatus, type GetFinishStatusFn, IncodeApiError, QR_VALIDATION_ERROR_CODES, QrValidationError, type QrValidationErrorCode, type QrValidationResult, type RefreshQrUrlUuidOptions, type Session, type SessionInitOptions, type SessionInitResult, type ValidateQrUuidOptions, bootstrapSession, createSession, getFinishStatus, initializeSession, refreshQrUrlUuid, validateQrUuid };

package/dist/session.esm.js

@@ -1,9 +1,14 @@
 import "./api-CESGtpbH.esm.js";
-import "./events-D6-e4vok.esm.js";
-import "./endpoints-CnN3SyDa.esm.js";
-import { c as QrValidationError, d as refreshQrUrlUuid, f as validateQrUuid, l as bootstrapSession, r as initializeSession, s as QR_VALIDATION_ERROR_CODES, u as createSession } from "./session-CrkWAs-q.esm.js";
-import "./IpifyProvider-D7jx52AL.esm.js";
-import "./browserSimulation-gxD8cSpM.esm.js";
-import { t as getFinishStatus } from "./flowCompletionService-P54yzGvA.esm.js";
+import "./events-Dvvriq9l.esm.js";
+import "./endpoints-BeTK0Mlt.esm.js";
+import "./stats-BMNUG1AU.esm.js";
+import "./IpifyProvider-D4LWD15E.esm.js";
+import "./browserSimulation-B1dWiXp7.esm.js";
+import { r as initializeSession } from "./sessionInitializer-B8H5MsXM.esm.js";
+import "./platform-SKvEfCBh.esm.js";
+import "./getBrowser-C8DP7oTB.esm.js";
+import { t as IncodeApiError } from "./apiError-B-j-gyDx.esm.js";
+import { a as refreshQrUrlUuid, i as createSession, n as QrValidationError, o as validateQrUuid, r as bootstrapSession, t as QR_VALIDATION_ERROR_CODES } from "./session-DoVb-OcB.esm.js";
+import { t as getFinishStatus } from "./flowCompletionService-DdGojV9K.esm.js";
 
-export { QR_VALIDATION_ERROR_CODES, QrValidationError, bootstrapSession, createSession, getFinishStatus, initializeSession, refreshQrUrlUuid, validateQrUuid };
+export { IncodeApiError, QR_VALIDATION_ERROR_CODES, QrValidationError, bootstrapSession, createSession, getFinishStatus, initializeSession, refreshQrUrlUuid, validateQrUuid };

package/dist/sessionInitializer-B8H5MsXM.esm.js

@@ -0,0 +1,366 @@
+import { r as getToken, s as setToken, t as api } from "./api-CESGtpbH.esm.js";
+import { g as getAnalyticsBatcher, h as addEvent } from "./events-Dvvriq9l.esm.js";
+import { t as endpoints } from "./endpoints-BeTK0Mlt.esm.js";
+import { n as flushDeviceStatsQueue, r as resetDeviceStatsQueue } from "./stats-BMNUG1AU.esm.js";
+import { n as resetIpifyCache, r as BrowserEnvironmentProvider, t as IpifyProvider } from "./IpifyProvider-D4LWD15E.esm.js";
+import { i as UAParser, n as getThumbmarkId, r as getParsedUserAgent, t as isBrowserSimulation } from "./browserSimulation-B1dWiXp7.esm.js";
+
+//#region ../infra/src/providers/browser/BrowserInfoProvider.ts
+var BrowserInfoProvider = class {
+	checkWebRtcSupport() {
+		if (typeof window === "undefined") return false;
+		const hasRTCPeerConnection = "RTCPeerConnection" in window || "webkitRTCPeerConnection" in window || "mozRTCPeerConnection" in window;
+		const hasGetUserMedia = typeof navigator !== "undefined" && navigator.mediaDevices?.getUserMedia !== void 0;
+		return hasRTCPeerConnection && hasGetUserMedia;
+	}
+	getBrowserInfo() {
+		const userAgent = typeof navigator !== "undefined" ? navigator.userAgent : "";
+		const result = new UAParser(userAgent).getResult();
+		return {
+			userAgent,
+			isWebRtcSupported: this.checkWebRtcSupport(),
+			browser: {
+				name: result.browser.name,
+				version: result.browser.version
+			},
+			os: {
+				name: result.os.name,
+				version: result.os.version
+			},
+			device: {
+				model: result.device.model,
+				type: result.device.type,
+				vendor: result.device.vendor
+			},
+			engine: {
+				name: result.engine.name,
+				version: result.engine.version
+			},
+			cpu: { architecture: result.cpu.architecture }
+		};
+	}
+};
+
+//#endregion
+//#region ../infra/src/device/getDeviceData.ts
+const HIGH_ENTROPY_HINTS = new Set([
+	"model",
+	"platformVersion",
+	"fullVersionList",
+	"brands",
+	"platform"
+]);
+function getFallbackDeviceInfo() {
+	const parsed = getParsedUserAgent();
+	return {
+		device: { model: parsed.device.model },
+		os: {
+			name: parsed.os.name,
+			version: parsed.os.version
+		},
+		browser: {
+			name: parsed.browser.name,
+			version: parsed.browser.version
+		}
+	};
+}
+function sanitizeString(value) {
+	return value?.trim() || void 0;
+}
+function extractPrimaryBrandInfo(fullVersionList, brands) {
+	const primaryBrand = fullVersionList?.[0] || brands?.[0];
+	return {
+		name: sanitizeString(primaryBrand?.brand),
+		version: sanitizeString(primaryBrand?.version)
+	};
+}
+async function getHighEntropyDeviceInfo(userAgentData) {
+	const highEntropyValues = await userAgentData.getHighEntropyValues(Array.from(HIGH_ENTROPY_HINTS));
+	const { name: browserName, version: browserVersion } = extractPrimaryBrandInfo(highEntropyValues.fullVersionList, userAgentData.brands);
+	return {
+		device: { model: sanitizeString(highEntropyValues.model) },
+		os: {
+			name: sanitizeString(highEntropyValues.platform),
+			version: sanitizeString(highEntropyValues.platformVersion)
+		},
+		browser: {
+			name: browserName,
+			version: browserVersion
+		}
+	};
+}
+const checkForUnbrandedBrowser = (browser) => {
+	const userAgent = typeof navigator !== "undefined" ? navigator.userAgent : "";
+	const fallback = getFallbackDeviceInfo();
+	if (!userAgent) return browser;
+	try {
+		return {
+			...browser,
+			name: fallback.browser.name,
+			version: fallback.browser.version
+		};
+	} catch {
+		return {
+			...browser,
+			name: "Unknown",
+			version: "Unknown"
+		};
+	}
+};
+function mergeDeviceInfo(fallback, enhanced) {
+	return {
+		device: { model: enhanced.device?.model || fallback.device.model },
+		os: {
+			name: enhanced.os?.name || fallback.os.name,
+			version: enhanced.os?.version || fallback.os.version
+		},
+		browser: checkForUnbrandedBrowser({
+			name: enhanced.browser?.name || fallback.browser.name,
+			version: enhanced.browser?.version || fallback.browser.version
+		})
+	};
+}
+function isUserAgentClientHintsSupported(navigator$1) {
+	return Boolean(navigator$1.userAgentData?.getHighEntropyValues && typeof navigator$1.userAgentData.getHighEntropyValues === "function");
+}
+async function getDeviceFingerprintInfo() {
+	if (typeof navigator === "undefined") return {
+		device: {},
+		os: {},
+		browser: {}
+	};
+	const customNavigator = navigator;
+	const fallbackInfo = getFallbackDeviceInfo();
+	if (!isUserAgentClientHintsSupported(customNavigator)) return fallbackInfo;
+	try {
+		return mergeDeviceInfo(fallbackInfo, await getHighEntropyDeviceInfo(customNavigator.userAgentData));
+	} catch {
+		return fallbackInfo;
+	}
+}
+
+//#endregion
+//#region ../infra/src/providers/browser/FingerprintProvider.ts
+var FingerprintProvider = class {
+	constructor(ipLookup) {
+		this.ipLookup = ipLookup;
+	}
+	async getFingerprint(disableIpify = false) {
+		const visitorId = await getThumbmarkId();
+		const [deviceInfo, ip] = await Promise.all([getDeviceFingerprintInfo(), disableIpify ? Promise.resolve("") : this.ipLookup.getIp()]);
+		return {
+			visitorId,
+			ip,
+			deviceInfo
+		};
+	}
+};
+
+//#endregion
+//#region src/internal/featureConfig/featureConfigService.ts
+let cachedFeatures$1 = null;
+/**
+* Checks if a feature is enabled in the feature config.
+*/
+function isFeatureEnabled(feature, features) {
+	return features?.find((f) => f.feature === feature)?.enabled ?? false;
+}
+/**
+* Fetches feature configuration from the backend.
+* Results are cached for the session lifetime.
+*/
+async function fetchFeatureConfig(signal) {
+	if (cachedFeatures$1) return cachedFeatures$1;
+	const response = await api.get(endpoints.featureConfig, { signal });
+	if (!response.ok) throw new Error(`Failed to fetch feature config: ${response.status} ${response.statusText}`);
+	cachedFeatures$1 = response.data;
+	return cachedFeatures$1;
+}
+/**
+* Resets the cached feature config (useful for testing).
+*/
+function resetFeatureConfigCache() {
+	cachedFeatures$1 = null;
+}
+
+//#endregion
+//#region src/internal/version/sdkVersion.ts
+const SDK_VERSION = "2.1.0-rc.0";
+
+//#endregion
+//#region src/internal/fingerprint/fingerprintService.ts
+function formatOsVersion(os) {
+	return `${os.name || "Unknown"} ${os.version || ""}`.trim();
+}
+function formatBrowser(browser) {
+	if (!browser.name || !browser.version) return "Unknown";
+	return `${browser.name} ${browser.version}`;
+}
+async function submitDeviceFingerprint(options = {}, dependencies) {
+	const { disableIpify = false, hostingApp, signal } = options;
+	const fingerprint = await dependencies.fingerprintProvider.getFingerprint(disableIpify);
+	const hasLiedBrowser = isBrowserSimulation(dependencies.browserEnv);
+	const payload = {
+		hash: fingerprint.visitorId || "",
+		ip: fingerprint.ip || "",
+		deviceType: "WEBAPP",
+		data: JSON.stringify(fingerprint),
+		osVersion: formatOsVersion(fingerprint.deviceInfo.os),
+		deviceModel: fingerprint.deviceInfo.device.model || "",
+		browser: formatBrowser(fingerprint.deviceInfo.browser),
+		hasLiedBrowser,
+		sdkVersion: SDK_VERSION,
+		hostingApp: hostingApp ?? "Web SDK"
+	};
+	const response = await api.post(endpoints.deviceFingerprint, payload, { signal });
+	if (!response.ok) throw new Error(`Failed to submit fingerprint: ${response.status} ${response.statusText}`);
+	return response.data;
+}
+
+//#endregion
+//#region src/internal/session/sessionInitializer.ts
+let sessionInitialized = false;
+let cachedFeatures = null;
+let cachedDisableIpify = false;
+let clientIpLookupEnabled = true;
+function setClientIpLookupEnabled(enabled) {
+	clientIpLookupEnabled = enabled;
+}
+function resolveDisableIpify(serverDisableIpify) {
+	return !clientIpLookupEnabled || serverDisableIpify;
+}
+let cachedFingerprintSuccess = false;
+let cachedFingerprintResult;
+let sessionInitPromise = null;
+/**
+* Activates a session by setting the auth token on the HTTP client and
+* preloading session-scoped state.
+*
+* Performs:
+* 1. Sets the token (and clears stale session-init cache if the token changed)
+* 2. Fetches feature configuration from backend
+* 3. Submits device fingerprint
+* 4. Starts the analytics batcher so buffered events are flushed
+*
+* Results are cached per token. Calling again with the same token returns the
+* cached result; calling with a different token re-initializes from scratch.
+*
+* @param options - Session activation options (`token` required)
+* @returns Session initialization result with feature config
+*
+* @example
+* ```ts
+* await setup({ apiURL: 'https://api.incode.com' });
+* const session = await createSession('api-key', options);
+* const { features } = await initializeSession({ token: session.token });
+*
+* // Check feature flags
+* if (isFeatureEnabled('DISABLE_IPIFY', features.features)) {
+*   // Handle disabled ipify
+* }
+* ```
+*/
+async function initializeSession(options = {}) {
+	const { token, hostingApp, signal } = options;
+	if (token !== void 0 && token !== getToken()) {
+		setToken(token);
+		resetSessionInit();
+	}
+	if (sessionInitialized && cachedFeatures) return {
+		features: cachedFeatures,
+		disableIpify: cachedDisableIpify,
+		fingerprintSuccess: cachedFingerprintSuccess,
+		fingerprintResult: cachedFingerprintResult
+	};
+	if (sessionInitPromise) return sessionInitPromise;
+	sessionInitPromise = (async () => {
+		let features;
+		let serverDisableIpify = false;
+		try {
+			features = await fetchFeatureConfig(signal);
+			serverDisableIpify = isFeatureEnabled("DISABLE_IPIFY", features.features);
+		} catch {
+			features = { sessionIdentifier: "" };
+		}
+		const disableIpify = resolveDisableIpify(serverDisableIpify);
+		let fingerprintSuccess = false;
+		let fingerprintResult;
+		try {
+			const fingerprintProvider = new FingerprintProvider(new IpifyProvider());
+			const browserEnv = new BrowserEnvironmentProvider();
+			fingerprintResult = await submitDeviceFingerprint({
+				disableIpify,
+				hostingApp,
+				signal
+			}, {
+				fingerprintProvider,
+				browserEnv
+			});
+			fingerprintSuccess = true;
+			flushDeviceStatsQueue();
+		} catch (error) {
+			console.warn("Failed to submit device fingerprint:", error);
+		}
+		try {
+			const browserInfo = new BrowserInfoProvider().getBrowserInfo();
+			addEvent({
+				code: "browser",
+				payload: {
+					userAgent: browserInfo.userAgent,
+					isWebRtcSupported: browserInfo.isWebRtcSupported,
+					browser: browserInfo.browser,
+					os: browserInfo.os,
+					device: browserInfo.device,
+					engine: browserInfo.engine,
+					cpu: browserInfo.cpu
+				}
+			});
+		} catch (error) {
+			console.warn("Failed to send browser info event:", error);
+		}
+		sessionInitialized = true;
+		cachedFeatures = features;
+		cachedDisableIpify = disableIpify;
+		cachedFingerprintSuccess = fingerprintSuccess;
+		cachedFingerprintResult = fingerprintResult;
+		return {
+			features,
+			disableIpify,
+			fingerprintSuccess,
+			fingerprintResult
+		};
+	})().finally(() => {
+		sessionInitPromise = null;
+		getAnalyticsBatcher()?.start();
+	});
+	return sessionInitPromise;
+}
+/**
+* Gets the cached disableIpify flag.
+* Returns false if session hasn't been initialized.
+*/
+function getDisableIpify() {
+	if (!clientIpLookupEnabled) return true;
+	return cachedDisableIpify;
+}
+function getSessionFingerprintResult() {
+	return cachedFingerprintResult;
+}
+/**
+* Resets session initialization state.
+* Useful for testing or when starting a new session.
+*/
+function resetSessionInit() {
+	sessionInitialized = false;
+	cachedFeatures = null;
+	cachedDisableIpify = false;
+	cachedFingerprintSuccess = false;
+	cachedFingerprintResult = void 0;
+	sessionInitPromise = null;
+	resetFeatureConfigCache();
+	resetIpifyCache();
+	resetDeviceStatsQueue();
+}
+
+//#endregion
+export { setClientIpLookupEnabled as a, resetSessionInit as i, getSessionFingerprintResult as n, FingerprintProvider as o, initializeSession as r, getDeviceFingerprintInfo as s, getDisableIpify as t };