@incodetech/core 2.0.1 → 2.1.0-rc.1

package/dist/selfie.esm.js

@@ -1,27 +1,31 @@
-import "./BaseWasmProvider-C_DLEI40.esm.js";
-import { t as WasmUtilProvider } from "./WasmUtilProvider-j98OJf-S.esm.js";
+import { t as WasmUtilProvider } from "./WasmUtilProvider-BKWm8rSA.esm.js";
 import "./api-CESGtpbH.esm.js";
-import { n as eventModuleNames } from "./events-D6-e4vok.esm.js";
-import "./endpoints-CnN3SyDa.esm.js";
-import "./browserSimulation-gxD8cSpM.esm.js";
-import { a as fromPromise, r as assign, s as createActor } from "./xstate.esm-B70JrNqo.esm.js";
-import { t as createFaceCaptureManagerFromActor } from "./faceCaptureManagerFactory-Dh2PdGlF.esm.js";
-import { t as BrowserStorageProvider } from "./BrowserStorageProvider-CuOW1Er2.esm.js";
-import { t as faceCaptureMachine } from "./faceCaptureSetup-B3faSpYA.esm.js";
-import "./ITimerCapability-C67ZRskg.esm.js";
-import "./camera-PA2Ljri3.esm.js";
-import "./deepsightService-O74l4Y__.esm.js";
-import { f as processFace } from "./recordingService-Ig2UgbLv.esm.js";
-import "./platform-CfrjKhmi.esm.js";
-import "./backCameraStream-DMdMeGk2.esm.js";
-import "./getBrowser-BSXUTWXw.esm.js";
-import "./stats-CIfiPzb1.esm.js";
-import "./getDeviceClass-BSntT9_j.esm.js";
-import "./MotionSensorProvider-4v7xkqAp.esm.js";
-import "./permissionServices-D_i6nzEw.esm.js";
-import { t as selfieMachine } from "./selfieStateMachine-D76whWEf.esm.js";
-import { t as createSelfieManager } from "./selfieManager-Duisl7qN.esm.js";
-import { t as invokeOnCaptureCallback } from "./invokeOnCaptureCallback-rc6kBHo5.esm.js";
+import { n as eventModuleNames } from "./events-Dvvriq9l.esm.js";
+import "./endpoints-BeTK0Mlt.esm.js";
+import "./stats-BMNUG1AU.esm.js";
+import "./browserSimulation-B1dWiXp7.esm.js";
+import "./platform-SKvEfCBh.esm.js";
+import "./getBrowser-C8DP7oTB.esm.js";
+import { a as fromPromise, r as assign, s as createActor } from "./xstate.esm-C9wncMQa.esm.js";
+import { t as BrowserStorageProvider } from "./BrowserStorageProvider-BpJM-gIl.esm.js";
+import "./MotionSensorProvider-Bx7Mpzt0.esm.js";
+import "./permissionServices-Doec4X5L.esm.js";
+import "./camera-DJWm3V4g.esm.js";
+import { t as createFaceCaptureManagerFromActor } from "./faceCaptureManagerFactory-ej2j1LMr.esm.js";
+import { m as processFace } from "./recordingService-yRw7hfzU.esm.js";
+import "./ITimerCapability-CB0I1Uf2.esm.js";
+import "./canvas-SKcRBxsk.esm.js";
+import "./backCameraStream-D7Wo4Nbx.esm.js";
+import "./deepsightService-CrHmvx8X.esm.js";
+import "./getDeviceClass-C0olyNFS.esm.js";
+import "./getDeviceClass-C8Do2qYu.esm.js";
+import "./types-DsnEVMhr.esm.js";
+import "./StreamCanvasCapture-ImiDQdVA.esm.js";
+import "./permissionGuards-D0wGddy7.esm.js";
+import { t as faceCaptureMachine } from "./faceCaptureSetup-B9t6bYze.esm.js";
+import { t as selfieMachine } from "./selfieStateMachine-Bv99bZJE.esm.js";
+import { t as createSelfieManager } from "./selfieManager-BNuTIGAz.esm.js";
+import { t as invokeOnCaptureCallback } from "./invokeOnCaptureCallback-ygByVdnn.esm.js";
 
 //#region src/modules/selfie/selfieCaptureOnlyStateMachine.ts
 /**
@@ -88,13 +92,38 @@ const selfieCaptureOnlyMachine = _selfieCaptureOnlyMachine;
 
 //#endregion
 //#region src/modules/selfie/selfieCaptureOnlyActor.ts
+/**
+* Defaults the capture-only flow applies for every {@link SelfieConfig} option
+* the integrator doesn't set. Capture-only doesn't talk to a backend, so the
+* face validations and recording all default off and liveness defaults to the
+* lightest on-device mode. The integrator overrides only what they care about —
+* `onCapture` is the one field they must supply.
+*/
+const DEFAULT_SELFIE_CAPTURE_ONLY_CONFIG = {
+	showTutorial: true,
+	showPreview: false,
+	assistedOnboarding: false,
+	enableFaceRecording: false,
+	validateLenses: false,
+	validateFaceMask: false,
+	validateHeadCover: false,
+	validateClosedEyes: false,
+	validateBrightness: false,
+	deepsightLiveness: "SINGLE_FRAME",
+	captureAttempts: 3,
+	ds: false,
+	autoCaptureTimeout: 1e4
+};
 function createSelfieCaptureOnlyActor(options) {
 	const dependencies = options.dependencies ?? {
 		storage: new BrowserStorageProvider(),
 		getWasmUtil: () => WasmUtilProvider.getInstance()
 	};
 	return createActor(selfieCaptureOnlyMachine, { input: {
-		config: options.config,
+		config: {
+			...DEFAULT_SELFIE_CAPTURE_ONLY_CONFIG,
+			...options.config
+		},
 		dependencies
 	} }).start();
 }

package/dist/{selfieManager-Duisl7qN.esm.js → selfieManager-BNuTIGAz.esm.js}

@@ -1,9 +1,9 @@
-import { t as WasmUtilProvider } from "./WasmUtilProvider-j98OJf-S.esm.js";
-import { n as eventModuleNames } from "./events-D6-e4vok.esm.js";
-import { s as createActor } from "./xstate.esm-B70JrNqo.esm.js";
-import { t as createFaceCaptureManagerFromActor } from "./faceCaptureManagerFactory-Dh2PdGlF.esm.js";
-import { t as BrowserStorageProvider } from "./BrowserStorageProvider-CuOW1Er2.esm.js";
-import { t as selfieMachine } from "./selfieStateMachine-D76whWEf.esm.js";
+import { t as WasmUtilProvider } from "./WasmUtilProvider-BKWm8rSA.esm.js";
+import { n as eventModuleNames } from "./events-Dvvriq9l.esm.js";
+import { s as createActor } from "./xstate.esm-C9wncMQa.esm.js";
+import { t as BrowserStorageProvider } from "./BrowserStorageProvider-BpJM-gIl.esm.js";
+import { t as createFaceCaptureManagerFromActor } from "./faceCaptureManagerFactory-ej2j1LMr.esm.js";
+import { t as selfieMachine } from "./selfieStateMachine-Bv99bZJE.esm.js";
 
 //#region src/modules/selfie/selfieActor.ts
 function createSelfieActor(options) {

package/dist/{selfieManager-D0lSgd-J.d.ts → selfieManager-C2y_t6DG.d.ts}

@@ -1,5 +1,5 @@
-import { t as Manager } from "./Manager-C8PrhBOx.js";
-import { c as SelfieActor, n as FaceCaptureManagerState, s as CreateSelfieActorOptions, t as FaceCaptureManager } from "./faceCaptureManagerFactory-yqtpxjnN.js";
+import { t as Manager } from "./Manager-BHn8wH8K.js";
+import { c as SelfieActor, n as FaceCaptureManagerState, s as CreateSelfieActorOptions, t as FaceCaptureManager } from "./faceCaptureManagerFactory-CjdBUS6s.js";
 
 //#region src/modules/selfie/selfieUploadService.d.ts
 type ProcessFaceImageType = 'selfie' | 'videoSelfie';
@@ -14,7 +14,7 @@ declare function processFace(imageType?: ProcessFaceImageType, signal?: AbortSig
 type SelfieState = FaceCaptureManagerState;
 declare function createSelfieManagerFromActor(actor: SelfieActor): Manager<FaceCaptureManagerState> & {
   load(): void;
-  nextStep(): void;
+  nextStep(): Promise<void>;
   requestPermission(): void;
   goToLearnMore(): void;
   back(): void;
@@ -54,7 +54,7 @@ declare function createSelfieManagerFromActor(actor: SelfieActor): Manager<FaceC
  */
 declare function createSelfieManager(options: CreateSelfieActorOptions): Manager<FaceCaptureManagerState> & {
   load(): void;
-  nextStep(): void;
+  nextStep(): Promise<void>;
   requestPermission(): void;
   goToLearnMore(): void;
   back(): void;

package/dist/{selfieStateMachine-D76whWEf.esm.js → selfieStateMachine-Bv99bZJE.esm.js}

@@ -1,6 +1,7 @@
-import { a as fromPromise, r as assign } from "./xstate.esm-B70JrNqo.esm.js";
-import { a as prepareOnDeviceFaceUpload, i as postOnDeviceFaceResults, n as defaultPrepareFaceUpload, r as isOnDeviceMode, t as faceCaptureMachine } from "./faceCaptureSetup-B3faSpYA.esm.js";
-import { f as processFace, m as FACE_ERROR_CODES, p as uploadSelfie } from "./recordingService-Ig2UgbLv.esm.js";
+import { a as fromPromise, r as assign } from "./xstate.esm-C9wncMQa.esm.js";
+import { a as defaultPrepareFaceUpload, c as prepareOnDeviceFaceUpload, h as uploadSelfie, m as processFace, o as isOnDeviceMode, s as postOnDeviceFaceResults } from "./recordingService-yRw7hfzU.esm.js";
+import { t as FACE_ERROR_CODES } from "./types-DsnEVMhr.esm.js";
+import { t as faceCaptureMachine } from "./faceCaptureSetup-B9t6bYze.esm.js";
 
 //#region src/modules/selfie/selfieErrorUtils.ts
 const FACE_ERROR_CODE_VALUES = Object.values(FACE_ERROR_CODES);
@@ -30,6 +31,7 @@ const _selfieMachine = faceCaptureMachine.provide({
 				faceCoordinates: ctx.faceCoordinates,
 				metadata: ctx.deepsightService?.getMetadata(),
 				recordingId: ctx.uploadRecordingId,
+				deepsightService: ctx.deepsightService ?? void 0,
 				signal
 			});
 		}),

package/dist/session-DoVb-OcB.esm.js

@@ -0,0 +1,152 @@
+import { n as getApi } from "./api-CESGtpbH.esm.js";
+import { t as endpoints } from "./endpoints-BeTK0Mlt.esm.js";
+import { n as toIncodeApiError } from "./apiError-B-j-gyDx.esm.js";
+
+//#region src/internal/session/sessionService.ts
+/**
+* HTTP status codes the QR validation endpoint emits, keyed by their semantic
+* name. Hosts switch on these to render distinct messaging — `invalidQRuuid`
+* for an unknown/expired link, `onboardingUrlAlreadyUsed` for a one-time link
+* that has already been consumed.
+*/
+const QR_VALIDATION_ERROR_CODES = {
+	expiredUUID: 4026,
+	invalidQRuuid: 4081,
+	onboardingUrlAlreadyUsed: 4083
+};
+var QrValidationError = class extends Error {
+	constructor(status, statusText) {
+		super(`POST ${endpoints.qrValidateUuid} failed: ${status} ${statusText}`);
+		this.name = "QrValidationError";
+		this.status = status;
+		this.statusText = statusText;
+	}
+};
+/**
+* Creates a new onboarding session.
+*
+* @param apiKey - The API key from the Incode dashboard
+* @param options - Session creation options
+* @param signal - Optional AbortSignal for request cancellation
+* @returns The created session with token
+*
+* @example
+* ```ts
+* const session = await createSession('your-api-key', {
+*   configurationId: 'your-flow-id',
+*   language: 'en-US',
+* });
+* console.log(session.token); // Use this token for subsequent API calls
+* ```
+*/
+async function createSession(apiKey, options, signal) {
+	try {
+		return (await getApi().post(endpoints.createSession, {
+			configurationId: options.configurationId,
+			externalId: options.externalId,
+			externalCustomerId: options.externalCustomerId,
+			language: options.language ?? "en-US",
+			customFields: options.customFields,
+			uuid: options.uuid ?? null,
+			urlUuid: options.urlUuid ?? null,
+			interviewId: options.interviewId ?? null,
+			...options.loginHint != null && options.loginHint !== "" ? { loginHint: options.loginHint } : {}
+		}, {
+			headers: {
+				"x-api-key": apiKey,
+				"api-version": "1.0"
+			},
+			signal
+		})).data;
+	} catch (error) {
+		toIncodeApiError(endpoints.createSession, error);
+	}
+}
+/**
+* Validates and rotates a QR anti-phishing URL UUID before creating a session.
+*
+* This call is unauthenticated; the `{ onboardingId, urlUuid }` pair itself
+* acts as the credential. The server burns the incoming `urlUuid` and returns
+* a freshly minted one that must be used in the subsequent `createSession`
+* call.
+*
+* @param options - `{ onboardingId, urlUuid }` from the incoming URL
+* @param signal - Optional AbortSignal for request cancellation
+* @returns The refreshed `urlUuid` to use for the session
+* @throws {QrValidationError} When the server rejects the validation request.
+*/
+async function validateQrUuid(options, signal) {
+	try {
+		return (await getApi().post(endpoints.qrValidateUuid, {
+			onboardingId: options.onboardingId,
+			urlUuid: options.urlUuid
+		}, {
+			headers: { "api-version": "1.0" },
+			signal
+		})).data;
+	} catch (error) {
+		const httpError = error;
+		throw new QrValidationError(httpError.data?.status ?? httpError.status, httpError.statusText);
+	}
+}
+/**
+* One-shot QR phishing-resistance helper.
+*
+* When `urlUuid` is a non-empty string, burns the stale value via
+* `validateQrUuid`, invokes `onRefreshed` with the fresh value, and returns
+* it so callers can forward it into `createSession`. When `urlUuid` is
+* absent, returns `undefined` without making any network call.
+*
+* Consolidates the rotation + callback logic shared by Flow self-loading and
+* Workflow token-mode bootstraps.
+*
+* @throws {QrValidationError} When the server rejects the validation request.
+*/
+async function refreshQrUrlUuid(options, signal) {
+	if (typeof options.urlUuid !== "string" || options.urlUuid.length === 0) return;
+	const result = await validateQrUuid({
+		onboardingId: options.onboardingId ?? null,
+		urlUuid: options.urlUuid
+	}, signal);
+	options.onRefreshed?.(result.urlUuid);
+	return result.urlUuid;
+}
+/**
+* Validates and rotates a QR anti-phishing `urlUuid` (when present), then
+* creates a session bound to the refreshed value. When `urlUuid` is absent,
+* behaves identically to {@link createSession}.
+*
+* Use this when the host owns session creation and wants the SDK to handle
+* phishing-resistance rotation in a single call. For raw control, compose
+* `refreshQrUrlUuid` and `createSession` directly.
+*
+* @throws {QrValidationError} When the server rejects the QR validation step.
+*
+* @example
+* ```ts
+* const session = await bootstrapSession(apiKey, {
+*   configurationId,
+*   urlUuid,
+*   onUrlUuidRefreshed: (refreshed) => {
+*     const url = new URL(window.location.href);
+*     url.searchParams.set('url_uuid', refreshed);
+*     window.history.replaceState({}, '', url);
+*   },
+* });
+* ```
+*/
+async function bootstrapSession(apiKey, options, signal) {
+	const { onUrlUuidRefreshed, ...createSessionOptions } = options;
+	const refreshedUrlUuid = await refreshQrUrlUuid({
+		urlUuid: options.urlUuid,
+		onboardingId: options.uuid ?? null,
+		onRefreshed: onUrlUuidRefreshed
+	}, signal);
+	return createSession(apiKey, {
+		...createSessionOptions,
+		urlUuid: refreshedUrlUuid
+	}, signal);
+}
+
+//#endregion
+export { refreshQrUrlUuid as a, createSession as i, QrValidationError as n, validateQrUuid as o, bootstrapSession as r, QR_VALIDATION_ERROR_CODES as t };

package/dist/session.d.ts

@@ -1,7 +1,8 @@
-import "./camera-DBSxa6ML.js";
-import "./types-CFV9G_7j.js";
-import { a as RegulationTypes } from "./types-BP1m8VRw.js";
-import { n as GetFinishStatusFn, r as getFinishStatus, t as FinishStatus } from "./flowCompletionService-DhkT4SRY.js";
+import "./camera-SRBpPq2X.js";
+import "./types-Bj9hdFjU.js";
+import "./types-DvGZI7BF.js";
+import { a as RegulationTypes } from "./types-DOUhndhT.js";
+import { n as GetFinishStatusFn, r as getFinishStatus, t as FinishStatus } from "./flowCompletionService-BdR2cGgB.js";
 
 //#region src/internal/fingerprint/types.d.ts
 
@@ -39,6 +40,8 @@ type Session = {
   uuid?: string;
   regulationType?: string;
   showMandatoryConsent?: boolean;
+  endScreenTitle?: string;
+  endScreenText?: string;
 };
 type ValidateQrUuidOptions = {
   onboardingId: string | null;
@@ -149,6 +152,35 @@ declare function refreshQrUrlUuid(options: RefreshQrUrlUuidOptions, signal?: Abo
  */
 declare function bootstrapSession(apiKey: string, options: BootstrapSessionOptions, signal?: AbortSignal): Promise<Session>;
 //#endregion
+//#region src/internal/http/apiError.d.ts
+/**
+ * Incode API error.
+ *
+ * Wraps an HTTP failure so callers can branch on the Incode-specific status
+ * code (e.g. `4028` for "Flow is not activated") and surface the server's
+ * human-readable message to the user. The Incode backend returns these on
+ * HTTP `400` responses with a body shaped:
+ *
+ * ```json
+ * { "status": 4028, "error": "Flow is not activated.", "message": "...", "path": "/0/omni/start" }
+ * ```
+ *
+ * - `status` — prefers the body's Incode status code, falls back to the HTTP
+ *   status when the body doesn't carry one.
+ * - `httpStatus` — always the underlying HTTP status.
+ * - `cause` — the original `HttpError` (typically `FetchHttpError`) is
+ *   preserved on the standard ES `Error.cause` slot, so core consumers that
+ *   need `url` / `method` / `headers` / raw `data` can read them via
+ *   `err.cause`.
+ */
+declare class IncodeApiError extends Error {
+  readonly status: number;
+  readonly httpStatus: number;
+  readonly endpoint: string;
+  readonly cause?: unknown;
+  constructor(endpoint: string, status: number, httpStatus: number, message: string, cause?: unknown);
+}
+//#endregion
 //#region src/internal/featureConfig/types.d.ts
 type FeatureName = 'VIDEO_SELFIE_V2' | 'USE_CLIENT_GLARE' | 'USE_OPEN_VIDU' | 'DISABLE_IPIFY';
 type FeatureConfig = {
@@ -214,4 +246,4 @@ type SessionInitResult = {
  */
 declare function initializeSession(options?: SessionInitOptions): Promise<SessionInitResult>;
 //#endregion
-export { type BootstrapSessionOptions, type CreateSessionOptions, type FinishStatus, type GetFinishStatusFn, QR_VALIDATION_ERROR_CODES, QrValidationError, type QrValidationErrorCode, type QrValidationResult, type RefreshQrUrlUuidOptions, type Session, type SessionInitOptions, type SessionInitResult, type ValidateQrUuidOptions, bootstrapSession, createSession, getFinishStatus, initializeSession, refreshQrUrlUuid, validateQrUuid };
+export { type BootstrapSessionOptions, type CreateSessionOptions, type FinishStatus, type GetFinishStatusFn, IncodeApiError, QR_VALIDATION_ERROR_CODES, QrValidationError, type QrValidationErrorCode, type QrValidationResult, type RefreshQrUrlUuidOptions, type Session, type SessionInitOptions, type SessionInitResult, type ValidateQrUuidOptions, bootstrapSession, createSession, getFinishStatus, initializeSession, refreshQrUrlUuid, validateQrUuid };

package/dist/session.esm.js

@@ -1,9 +1,14 @@
 import "./api-CESGtpbH.esm.js";
-import "./events-D6-e4vok.esm.js";
-import "./endpoints-CnN3SyDa.esm.js";
-import { c as QrValidationError, d as refreshQrUrlUuid, f as validateQrUuid, l as bootstrapSession, r as initializeSession, s as QR_VALIDATION_ERROR_CODES, u as createSession } from "./session-CrkWAs-q.esm.js";
-import "./IpifyProvider-D7jx52AL.esm.js";
-import "./browserSimulation-gxD8cSpM.esm.js";
-import { t as getFinishStatus } from "./flowCompletionService-P54yzGvA.esm.js";
+import "./events-Dvvriq9l.esm.js";
+import "./endpoints-BeTK0Mlt.esm.js";
+import "./stats-BMNUG1AU.esm.js";
+import "./IpifyProvider-D4LWD15E.esm.js";
+import "./browserSimulation-B1dWiXp7.esm.js";
+import { r as initializeSession } from "./sessionInitializer-DRB-hgbV.esm.js";
+import "./platform-SKvEfCBh.esm.js";
+import "./getBrowser-C8DP7oTB.esm.js";
+import { t as IncodeApiError } from "./apiError-B-j-gyDx.esm.js";
+import { a as refreshQrUrlUuid, i as createSession, n as QrValidationError, o as validateQrUuid, r as bootstrapSession, t as QR_VALIDATION_ERROR_CODES } from "./session-DoVb-OcB.esm.js";
+import { t as getFinishStatus } from "./flowCompletionService-DdGojV9K.esm.js";
 
-export { QR_VALIDATION_ERROR_CODES, QrValidationError, bootstrapSession, createSession, getFinishStatus, initializeSession, refreshQrUrlUuid, validateQrUuid };
+export { IncodeApiError, QR_VALIDATION_ERROR_CODES, QrValidationError, bootstrapSession, createSession, getFinishStatus, initializeSession, refreshQrUrlUuid, validateQrUuid };