@incodetech/core 2.0.1 → 2.1.0-rc.1

package/dist/sessionInitializer-DRB-hgbV.esm.js

@@ -0,0 +1,366 @@
+import { r as getToken, s as setToken, t as api } from "./api-CESGtpbH.esm.js";
+import { g as getAnalyticsBatcher, h as addEvent } from "./events-Dvvriq9l.esm.js";
+import { t as endpoints } from "./endpoints-BeTK0Mlt.esm.js";
+import { n as flushDeviceStatsQueue, r as resetDeviceStatsQueue } from "./stats-BMNUG1AU.esm.js";
+import { n as resetIpifyCache, r as BrowserEnvironmentProvider, t as IpifyProvider } from "./IpifyProvider-D4LWD15E.esm.js";
+import { i as UAParser, n as getThumbmarkId, r as getParsedUserAgent, t as isBrowserSimulation } from "./browserSimulation-B1dWiXp7.esm.js";
+
+//#region ../infra/src/providers/browser/BrowserInfoProvider.ts
+var BrowserInfoProvider = class {
+	checkWebRtcSupport() {
+		if (typeof window === "undefined") return false;
+		const hasRTCPeerConnection = "RTCPeerConnection" in window || "webkitRTCPeerConnection" in window || "mozRTCPeerConnection" in window;
+		const hasGetUserMedia = typeof navigator !== "undefined" && navigator.mediaDevices?.getUserMedia !== void 0;
+		return hasRTCPeerConnection && hasGetUserMedia;
+	}
+	getBrowserInfo() {
+		const userAgent = typeof navigator !== "undefined" ? navigator.userAgent : "";
+		const result = new UAParser(userAgent).getResult();
+		return {
+			userAgent,
+			isWebRtcSupported: this.checkWebRtcSupport(),
+			browser: {
+				name: result.browser.name,
+				version: result.browser.version
+			},
+			os: {
+				name: result.os.name,
+				version: result.os.version
+			},
+			device: {
+				model: result.device.model,
+				type: result.device.type,
+				vendor: result.device.vendor
+			},
+			engine: {
+				name: result.engine.name,
+				version: result.engine.version
+			},
+			cpu: { architecture: result.cpu.architecture }
+		};
+	}
+};
+
+//#endregion
+//#region ../infra/src/device/getDeviceData.ts
+const HIGH_ENTROPY_HINTS = new Set([
+	"model",
+	"platformVersion",
+	"fullVersionList",
+	"brands",
+	"platform"
+]);
+function getFallbackDeviceInfo() {
+	const parsed = getParsedUserAgent();
+	return {
+		device: { model: parsed.device.model },
+		os: {
+			name: parsed.os.name,
+			version: parsed.os.version
+		},
+		browser: {
+			name: parsed.browser.name,
+			version: parsed.browser.version
+		}
+	};
+}
+function sanitizeString(value) {
+	return value?.trim() || void 0;
+}
+function extractPrimaryBrandInfo(fullVersionList, brands) {
+	const primaryBrand = fullVersionList?.[0] || brands?.[0];
+	return {
+		name: sanitizeString(primaryBrand?.brand),
+		version: sanitizeString(primaryBrand?.version)
+	};
+}
+async function getHighEntropyDeviceInfo(userAgentData) {
+	const highEntropyValues = await userAgentData.getHighEntropyValues(Array.from(HIGH_ENTROPY_HINTS));
+	const { name: browserName, version: browserVersion } = extractPrimaryBrandInfo(highEntropyValues.fullVersionList, userAgentData.brands);
+	return {
+		device: { model: sanitizeString(highEntropyValues.model) },
+		os: {
+			name: sanitizeString(highEntropyValues.platform),
+			version: sanitizeString(highEntropyValues.platformVersion)
+		},
+		browser: {
+			name: browserName,
+			version: browserVersion
+		}
+	};
+}
+const checkForUnbrandedBrowser = (browser) => {
+	const userAgent = typeof navigator !== "undefined" ? navigator.userAgent : "";
+	const fallback = getFallbackDeviceInfo();
+	if (!userAgent) return browser;
+	try {
+		return {
+			...browser,
+			name: fallback.browser.name,
+			version: fallback.browser.version
+		};
+	} catch {
+		return {
+			...browser,
+			name: "Unknown",
+			version: "Unknown"
+		};
+	}
+};
+function mergeDeviceInfo(fallback, enhanced) {
+	return {
+		device: { model: enhanced.device?.model || fallback.device.model },
+		os: {
+			name: enhanced.os?.name || fallback.os.name,
+			version: enhanced.os?.version || fallback.os.version
+		},
+		browser: checkForUnbrandedBrowser({
+			name: enhanced.browser?.name || fallback.browser.name,
+			version: enhanced.browser?.version || fallback.browser.version
+		})
+	};
+}
+function isUserAgentClientHintsSupported(navigator$1) {
+	return Boolean(navigator$1.userAgentData?.getHighEntropyValues && typeof navigator$1.userAgentData.getHighEntropyValues === "function");
+}
+async function getDeviceFingerprintInfo() {
+	if (typeof navigator === "undefined") return {
+		device: {},
+		os: {},
+		browser: {}
+	};
+	const customNavigator = navigator;
+	const fallbackInfo = getFallbackDeviceInfo();
+	if (!isUserAgentClientHintsSupported(customNavigator)) return fallbackInfo;
+	try {
+		return mergeDeviceInfo(fallbackInfo, await getHighEntropyDeviceInfo(customNavigator.userAgentData));
+	} catch {
+		return fallbackInfo;
+	}
+}
+
+//#endregion
+//#region ../infra/src/providers/browser/FingerprintProvider.ts
+var FingerprintProvider = class {
+	constructor(ipLookup) {
+		this.ipLookup = ipLookup;
+	}
+	async getFingerprint(disableIpify = false) {
+		const visitorId = await getThumbmarkId();
+		const [deviceInfo, ip] = await Promise.all([getDeviceFingerprintInfo(), disableIpify ? Promise.resolve("") : this.ipLookup.getIp()]);
+		return {
+			visitorId,
+			ip,
+			deviceInfo
+		};
+	}
+};
+
+//#endregion
+//#region src/internal/featureConfig/featureConfigService.ts
+let cachedFeatures$1 = null;
+/**
+* Checks if a feature is enabled in the feature config.
+*/
+function isFeatureEnabled(feature, features) {
+	return features?.find((f) => f.feature === feature)?.enabled ?? false;
+}
+/**
+* Fetches feature configuration from the backend.
+* Results are cached for the session lifetime.
+*/
+async function fetchFeatureConfig(signal) {
+	if (cachedFeatures$1) return cachedFeatures$1;
+	const response = await api.get(endpoints.featureConfig, { signal });
+	if (!response.ok) throw new Error(`Failed to fetch feature config: ${response.status} ${response.statusText}`);
+	cachedFeatures$1 = response.data;
+	return cachedFeatures$1;
+}
+/**
+* Resets the cached feature config (useful for testing).
+*/
+function resetFeatureConfigCache() {
+	cachedFeatures$1 = null;
+}
+
+//#endregion
+//#region src/internal/version/sdkVersion.ts
+const SDK_VERSION = "2.1.0-rc.1";
+
+//#endregion
+//#region src/internal/fingerprint/fingerprintService.ts
+function formatOsVersion(os) {
+	return `${os.name || "Unknown"} ${os.version || ""}`.trim();
+}
+function formatBrowser(browser) {
+	if (!browser.name || !browser.version) return "Unknown";
+	return `${browser.name} ${browser.version}`;
+}
+async function submitDeviceFingerprint(options = {}, dependencies) {
+	const { disableIpify = false, hostingApp, signal } = options;
+	const fingerprint = await dependencies.fingerprintProvider.getFingerprint(disableIpify);
+	const hasLiedBrowser = isBrowserSimulation(dependencies.browserEnv);
+	const payload = {
+		hash: fingerprint.visitorId || "",
+		ip: fingerprint.ip || "",
+		deviceType: "WEBAPP",
+		data: JSON.stringify(fingerprint),
+		osVersion: formatOsVersion(fingerprint.deviceInfo.os),
+		deviceModel: fingerprint.deviceInfo.device.model || "",
+		browser: formatBrowser(fingerprint.deviceInfo.browser),
+		hasLiedBrowser,
+		sdkVersion: SDK_VERSION,
+		hostingApp: hostingApp ?? "Web SDK"
+	};
+	const response = await api.post(endpoints.deviceFingerprint, payload, { signal });
+	if (!response.ok) throw new Error(`Failed to submit fingerprint: ${response.status} ${response.statusText}`);
+	return response.data;
+}
+
+//#endregion
+//#region src/internal/session/sessionInitializer.ts
+let sessionInitialized = false;
+let cachedFeatures = null;
+let cachedDisableIpify = false;
+let clientIpLookupEnabled = true;
+function setClientIpLookupEnabled(enabled) {
+	clientIpLookupEnabled = enabled;
+}
+function resolveDisableIpify(serverDisableIpify) {
+	return !clientIpLookupEnabled || serverDisableIpify;
+}
+let cachedFingerprintSuccess = false;
+let cachedFingerprintResult;
+let sessionInitPromise = null;
+/**
+* Activates a session by setting the auth token on the HTTP client and
+* preloading session-scoped state.
+*
+* Performs:
+* 1. Sets the token (and clears stale session-init cache if the token changed)
+* 2. Fetches feature configuration from backend
+* 3. Submits device fingerprint
+* 4. Starts the analytics batcher so buffered events are flushed
+*
+* Results are cached per token. Calling again with the same token returns the
+* cached result; calling with a different token re-initializes from scratch.
+*
+* @param options - Session activation options (`token` required)
+* @returns Session initialization result with feature config
+*
+* @example
+* ```ts
+* await setup({ apiURL: 'https://api.incode.com' });
+* const session = await createSession('api-key', options);
+* const { features } = await initializeSession({ token: session.token });
+*
+* // Check feature flags
+* if (isFeatureEnabled('DISABLE_IPIFY', features.features)) {
+*   // Handle disabled ipify
+* }
+* ```
+*/
+async function initializeSession(options = {}) {
+	const { token, hostingApp, signal } = options;
+	if (token !== void 0 && token !== getToken()) {
+		setToken(token);
+		resetSessionInit();
+	}
+	if (sessionInitialized && cachedFeatures) return {
+		features: cachedFeatures,
+		disableIpify: cachedDisableIpify,
+		fingerprintSuccess: cachedFingerprintSuccess,
+		fingerprintResult: cachedFingerprintResult
+	};
+	if (sessionInitPromise) return sessionInitPromise;
+	sessionInitPromise = (async () => {
+		let features;
+		let serverDisableIpify = false;
+		try {
+			features = await fetchFeatureConfig(signal);
+			serverDisableIpify = isFeatureEnabled("DISABLE_IPIFY", features.features);
+		} catch {
+			features = { sessionIdentifier: "" };
+		}
+		const disableIpify = resolveDisableIpify(serverDisableIpify);
+		let fingerprintSuccess = false;
+		let fingerprintResult;
+		try {
+			const fingerprintProvider = new FingerprintProvider(new IpifyProvider());
+			const browserEnv = new BrowserEnvironmentProvider();
+			fingerprintResult = await submitDeviceFingerprint({
+				disableIpify,
+				hostingApp,
+				signal
+			}, {
+				fingerprintProvider,
+				browserEnv
+			});
+			fingerprintSuccess = true;
+			flushDeviceStatsQueue();
+		} catch (error) {
+			console.warn("Failed to submit device fingerprint:", error);
+		}
+		try {
+			const browserInfo = new BrowserInfoProvider().getBrowserInfo();
+			addEvent({
+				code: "browser",
+				payload: {
+					userAgent: browserInfo.userAgent,
+					isWebRtcSupported: browserInfo.isWebRtcSupported,
+					browser: browserInfo.browser,
+					os: browserInfo.os,
+					device: browserInfo.device,
+					engine: browserInfo.engine,
+					cpu: browserInfo.cpu
+				}
+			});
+		} catch (error) {
+			console.warn("Failed to send browser info event:", error);
+		}
+		sessionInitialized = true;
+		cachedFeatures = features;
+		cachedDisableIpify = disableIpify;
+		cachedFingerprintSuccess = fingerprintSuccess;
+		cachedFingerprintResult = fingerprintResult;
+		return {
+			features,
+			disableIpify,
+			fingerprintSuccess,
+			fingerprintResult
+		};
+	})().finally(() => {
+		sessionInitPromise = null;
+		getAnalyticsBatcher()?.start();
+	});
+	return sessionInitPromise;
+}
+/**
+* Gets the cached disableIpify flag.
+* Returns false if session hasn't been initialized.
+*/
+function getDisableIpify() {
+	if (!clientIpLookupEnabled) return true;
+	return cachedDisableIpify;
+}
+function getSessionFingerprintResult() {
+	return cachedFingerprintResult;
+}
+/**
+* Resets session initialization state.
+* Useful for testing or when starting a new session.
+*/
+function resetSessionInit() {
+	sessionInitialized = false;
+	cachedFeatures = null;
+	cachedDisableIpify = false;
+	cachedFingerprintSuccess = false;
+	cachedFingerprintResult = void 0;
+	sessionInitPromise = null;
+	resetFeatureConfigCache();
+	resetIpifyCache();
+	resetDeviceStatsQueue();
+}
+
+//#endregion
+export { setClientIpLookupEnabled as a, resetSessionInit as i, getSessionFingerprintResult as n, FingerprintProvider as o, initializeSession as r, getDeviceFingerprintInfo as s, getDisableIpify as t };

package/dist/{setup-C5AITV8m.d.ts → setup-BwCluiw3.d.ts}

@@ -1,4 +1,4 @@
-import { n as WasmPipeline } from "./warmup-CEcppFiS.js";
+import { n as WasmPipeline } from "./warmup-Dg8Lh-50.js";
 
 //#region src/setup.d.ts
 
@@ -6,6 +6,17 @@ import { n as WasmPipeline } from "./warmup-CEcppFiS.js";
  * WASM warmup configuration. Path fields are optional; omitted values resolve to the Incode CDN defaults.
  */
 type WasmConfig = {
+  /**
+   * Self-hosted WASM root directory. Resolves standard ml-wasm-kit filenames
+   * under this path (`webLib.wasm`, `webLib.js`, `models/`, etc.). Pin a
+   * specific version folder when self-hosting so SDK updates do not change
+   * which binaries your app loads until you update this path.
+   *
+   * Example: `https://my-cdn.example.com/ml-wasm-kit-release/v2.13.21`
+   *
+   * Individual path fields override values derived from `basePath`.
+   */
+  basePath?: string;
   /** Path to the WASM binary */
   wasmPath?: string;
   /** Path to the SIMD-optimized WASM binary (optional) */
@@ -26,6 +37,14 @@ type WasmConfig = {
    * If not provided, models are expected in a 'models' subdirectory relative to the WASM binary.
    */
   modelsBasePath?: string;
+  /**
+   * Enables the WASM module's verbose debug logging/console output.
+   *
+   * Defaults to `false` — the SDK forces WASM into production mode, so the
+   * native module stays quiet. Set to `true` only when you need the WASM
+   * diagnostics while debugging.
+   */
+  showLogs?: boolean;
 };
 /**
  * Object form of the `encryption` option for {@link SetupOptions}. Reach for
@@ -92,6 +111,18 @@ type SetupOptions = {
    * handshake at `setup()`. Coordinate with your Incode account team before
    * flipping this on.
    *
+   * **API key transmission.** E2EE requests must identify the tenant in one
+   * of two ways:
+   * - Append `/0` to the `apiURL` (e.g. `https://<e2ee-host>/0`) — the
+   *   trailing `/0` instructs the server to derive the API key from the
+   *   session JWT. Use this whenever a session token is in play.
+   * - Pass `customHeaders: { 'x-api-key': '<api key>' }` — required when
+   *   the `apiURL` does not include `/0` (sessionless setup, or any flow
+   *   that supplies the API key in the header instead of via JWT).
+   *
+   * Without one of these the server cannot identify the tenant and
+   * post-handshake requests fail.
+   *
    * Accepts:
    * - `true` → enabled with the default OAEP MGF1 hash (`'sha1'`).
    * - `false` (or omitted) → disabled.
@@ -122,6 +153,27 @@ type SetupOptions = {
   encryption?: boolean | EncryptionOptions;
   /** Optional hosting app identifier for fingerprint tracking */
   hostingApp?: string;
+  /**
+   * Disables the third-party public-IP lookup (`api.ipify.org`) used to
+   * enrich fingerprint and deepsight payloads. When `false`, the SDK uses
+   * an empty IP string and never hits ipify.
+   *
+   * OR'd with the server-side `DISABLE_IPIFY` feature flag. Default: `true`
+   * (lookup enabled).
+   */
+  ipLookup?: boolean;
+  /**
+   * Disables the browser devtools detector for local development. When `true`,
+   * the detector is **not** started, so devtools no longer gets repeatedly
+   * paused on the detector's `debugger` statements.
+   *
+   * Leave this `false` (default) in production: the detector feeds an
+   * anti-fraud signal and should stay on for real users.
+   *
+   * Note: WASM console logging is controlled separately via `wasm.showLogs`
+   * (off by default).
+   */
+  devMode?: boolean;
 };
 /**
  * Initializes the SDK with the provided configuration.
@@ -165,13 +217,12 @@ type SetupOptions = {
  * });
  * ```
  *
- * @example Self-hosted / custom version (full or partial path overrides)
+ * @example Self-hosted WASM (pin a version folder on your CDN)
  * ```ts
  * await setup({
  *   apiURL: 'https://api.incode.com',
  *   wasm: {
- *     wasmPath: '/my-cdn/webLib.wasm',
- *     glueCodePath: '/my-cdn/webLib.js',
+ *     basePath: 'https://my-cdn.example.com/ml-wasm-kit-release/v2.13.21',
  *   },
  * });
  * ```
@@ -197,16 +248,45 @@ type SetupOptions = {
  *
  * @example Enable end-to-end encryption at boot (defaults to MGF1 = SHA-1)
  * ```ts
- * await setup({ apiURL: 'https://api.incode.com', encryption: true });
+ * // `/0` lets the server read the API key from the session JWT.
+ * await setup({
+ *   apiURL: 'https://your-e2ee-api.incodesmile.com/0',
+ *   encryption: true,
+ * });
  * ```
  *
  * @example Enable encryption with the SHA-256 MGF1 padding
  * ```ts
  * await setup({
- *   apiURL: 'https://api.incode.com',
+ *   apiURL: 'https://your-e2ee-api.incodesmile.com/0',
  *   encryption: { mgf1: 'sha256' },
  * });
  * ```
+ *
+ * @example E2EE without the `/0` suffix — pass the API key explicitly
+ * ```ts
+ * await setup({
+ *   apiURL: 'https://your-e2ee-api.incodesmile.com',
+ *   encryption: true,
+ *   customHeaders: { 'x-api-key': process.env.INCODE_API_KEY },
+ * });
+ * ```
+ * @example Disable third-party IP lookup
+ * ```ts
+ * await setup({
+ *   apiURL: 'https://api.incode.com',
+ *   ipLookup: false,
+ * });
+ * ```
+ *
+ * @example Local development: silence the devtools detector and surface WASM logs
+ * ```ts
+ * await setup({
+ *   apiURL: 'https://api.incode.com',
+ *   wasm: { showLogs: true }, // WASM logs are off by default
+ *   devMode: true, // skip the devtools detector (don't ship this in prod)
+ * });
+ * ```
  */
 declare function setup(options: SetupOptions): Promise<void>;
 /**