@keverdjs/fraud-sdk-react 2.0.0 → 3.0.0

package/dist/index.js

@@ -1,5 +1,6 @@
 'use strict';
 
+var fraudSdk = require('@keverdjs/fraud-sdk');
 var react = require('react');
 var jsxRuntime = require('react/jsx-runtime');
 
@@ -633,8 +634,6 @@ var KeverdBehavioralCollector = class {
     }, 0);
   }
 };
-
-// src/core/keverd-sdk.ts
 var KeverdSDK = class {
   constructor() {
     this.config = null;
@@ -653,9 +652,6 @@ var KeverdSDK = class {
       }
       return;
     }
-    if (!config.apiKey) {
-      throw new Error("Keverd SDK: apiKey is required");
-    }
     this.config = {
       debug: false,
       ...config
@@ -666,8 +662,6 @@ var KeverdSDK = class {
     if (this.config.debug) {
       console.log("[Keverd SDK] Initialized successfully");
     }
-    this.startSession().catch(() => {
-    });
   }
   /**
    * Get visitor data (fingerprint and risk assessment)
@@ -689,7 +683,8 @@ var KeverdSDK = class {
         session: sessionInfo,
         behavioral: behavioralData
       };
-      const response = await this.sendFingerprintRequest(request, options);
+      const privacySignals = this.collectPrivacySignals();
+      const response = await this.sendFingerprintRequest(request, options, privacySignals);
       return this.transformResponse(response);
     } catch (error) {
       const keverdError = {
@@ -702,39 +697,69 @@ var KeverdSDK = class {
       throw keverdError;
     }
   }
+  /**
+   * Verify user identity during login attempts.
+   *
+   * This is a thin wrapper around the core web SDK `verifyLogin`, so it sends
+   * the same enhanced signals and structured login context as the vanilla SDK.
+   */
+  async verifyLogin(options) {
+    if (!this.isInitialized || !this.config) {
+      throw new Error("Keverd SDK not initialized. Call init() first.");
+    }
+    if (!this.config.apiKey) {
+      throw new Error("Keverd SDK: apiKey is required for verifyLogin");
+    }
+    fraudSdk.Keverd.init({
+      apiKey: this.config.apiKey,
+      userId: this.config.userId,
+      endpoint: this.getDefaultEndpoint(),
+      debug: this.config.debug || false
+    });
+    return fraudSdk.Keverd.verifyLogin(options);
+  }
+  /**
+   * Extract origin and referrer from browser
+   */
+  getOriginHeaders() {
+    if (typeof window === "undefined") {
+      return {};
+    }
+    const origin = window.location.origin || void 0;
+    const referrer = document.referrer || void 0;
+    return { origin, referrer };
+  }
   /**
    * Send fingerprint request to backend
    */
-  async sendFingerprintRequest(request, options) {
+  async sendFingerprintRequest(request, options, privacySignals) {
     if (!this.config) {
       throw new Error("SDK not initialized");
     }
-    const url = `${this.getDefaultEndpoint()}/fingerprint/score`;
+    const url = `${this.getDefaultEndpoint()}/v2/fingerprint`;
     const headers = {
       "Content-Type": "application/json",
       "X-SDK-Source": "react"
       // Identify SDK source for backend analytics
     };
+    const { origin, referrer } = this.getOriginHeaders();
+    if (origin) {
+      headers["X-Origin-URL"] = origin;
+    }
+    if (referrer) {
+      headers["X-Referrer-URL"] = referrer;
+    }
     const apiKey = this.config.apiKey;
     if (apiKey) {
       headers["x-keverd-key"] = apiKey;
       headers["X-API-KEY"] = apiKey;
       headers["Authorization"] = `Bearer ${apiKey}`;
     }
-    if (options?.tag === "sandbox") {
-      headers["X-Sandbox"] = "true";
-    }
-    const requestBody = {
-      ...request,
-      session: {
-        ...request.session || {},
-        sessionId: this.sessionId || request.session?.sessionId
-      }
-    };
+    const signalsPayload = this.buildV2SignalsPayload(request, privacySignals);
     const response = await fetch(url, {
       method: "POST",
       headers,
-      body: JSON.stringify(requestBody)
+      body: JSON.stringify({ signals: signalsPayload })
     });
     if (!response.ok) {
       const errorText = await response.text().catch(() => "Unknown error");
@@ -755,25 +780,345 @@ var KeverdSDK = class {
    * Transform API response to visitor data format
    */
   transformResponse(response) {
+    const fingerprintId = response.device_id || response.fingerprint;
+    if (fingerprintId) {
+      const similarity = typeof response.similarity === "number" ? response.similarity : 0;
+      const score = Number((1 - similarity).toFixed(3));
+      const riskScore = Math.round(score * 100);
+      const reasons = [];
+      if (response.is_new) reasons.push("new_device");
+      if (response.is_drifted) reasons.push("device_drifted");
+      if (reasons.length === 0) reasons.push("known_device_match");
+      const requestId = response.requestId || response.event_id || fingerprintId;
+      const historyCount = response.history_count ?? response.times_seen ?? 1;
+      return {
+        visitorId: fingerprintId,
+        riskScore,
+        score,
+        action: this.actionFromRisk(riskScore),
+        reasons,
+        sessionId: this.sessionId || fingerprintId,
+        requestId,
+        confidence: similarity,
+        extendedResult: {
+          fingerprint: fingerprintId,
+          eventId: requestId,
+          similarity,
+          isNew: response.is_new ?? false,
+          isDrifted: response.is_drifted ?? false,
+          visitCount: historyCount,
+          historyCount,
+          firstSeen: response.first_seen,
+          lastSeen: response.last_seen || (/* @__PURE__ */ new Date()).toISOString(),
+          browser: {
+            name: this._detectBrowser(),
+            version: void 0
+          },
+          network: {
+            anonymizer: "Unknown"
+          }
+        }
+      };
+    }
     return {
-      visitorId: response.requestId,
-      riskScore: response.risk_score,
-      score: response.score,
-      action: response.action,
+      visitorId: response.requestId || this.sessionId || this.generateSessionId(),
+      riskScore: response.risk_score ?? 0,
+      score: response.score ?? 0,
+      action: response.action ?? "allow",
       reasons: response.reason || [],
-      sessionId: response.session_id,
-      requestId: response.requestId,
+      sessionId: response.session_id || this.sessionId || this.generateSessionId(),
+      requestId: response.requestId || this.sessionId || this.generateSessionId(),
       simSwapEngine: response.sim_swap_engine,
-      confidence: 1 - response.score
-      // Inverse of risk score as confidence
+      confidence: response.confidence ?? 1 - (response.score ?? 0),
+      // Prefer backend confidence when present
+      deviceMatch: response.device_match,
+      fraudProbability: response.fraud_probability,
+      recommendedAction: response.recommended_action,
+      adaptiveResponse: response.adaptive_response ? {
+        recommendedAction: response.adaptive_response.recommended_action,
+        challenges: Array.isArray(response.adaptive_response.challenges) ? response.adaptive_response.challenges : void 0,
+        reason: response.adaptive_response.reason,
+        confidence: response.adaptive_response.confidence
+      } : void 0
+    };
+  }
+  buildV2SignalsPayload(request, privacySignals) {
+    const behavioral = request.behavioral || {};
+    const device = request.device;
+    const session = request.session || {};
+    const webgl = this.getWebGLInfo();
+    const browserInfo = this.parseBrowserInfo();
+    const osInfo = this.parseOsInfo();
+    const audioHash = this.computeSimpleHash(
+      `${navigator.userAgent}|${navigator.language}|${device.fingerprint}`
+    );
+    const detectedFonts = this.detectBasicFonts();
+    const screenWidth = Number(device.screenWidth ?? window.screen.width);
+    const screenHeight = Number(device.screenHeight ?? window.screen.height);
+    const maxTouchPoints = Number(navigator.maxTouchPoints || 0);
+    const touchSupport = maxTouchPoints > 0 || "ontouchstart" in window;
+    const memory = Number(navigator.deviceMemory || 0);
+    const concurrency = Number(navigator.hardwareConcurrency || 0);
+    const plugins = Array.from(navigator.plugins || []).map((plugin) => plugin.name).filter(Boolean).slice(0, 20);
+    const storageFlags = this.getStorageFlags();
+    const isIncognitoByStorage = !storageFlags.local_storage && !storageFlags.session_storage && !storageFlags.cookies;
+    const isIncognito = (privacySignals?.isIncognito ?? false) || isIncognitoByStorage;
+    const payload = {
+      hardware: {
+        ...memory > 0 ? { memory, device_memory: memory } : {},
+        concurrency,
+        screen_width: Number.isFinite(screenWidth) ? screenWidth : window.screen.width,
+        screen_height: Number.isFinite(screenHeight) ? screenHeight : window.screen.height,
+        color_depth: window.screen.colorDepth,
+        device_pixel_ratio: window.devicePixelRatio || 1,
+        touch_support: touchSupport,
+        max_touch_points: maxTouchPoints,
+        platform: navigator.platform || "unknown",
+        architecture: navigator.platform || "unknown",
+        device: device.device,
+        timezone: device.timezone,
+        languages: Array.isArray(navigator.languages) ? navigator.languages : [navigator.language],
+        gpu: {
+          renderer: webgl.renderer !== "unknown" ? webgl.renderer : "extraction-failed",
+          vendor: webgl.vendor !== "unknown" ? webgl.vendor : "extraction-failed",
+          version: webgl.version || void 0,
+          shading_language_version: webgl.shadingLanguageVersion || void 0
+        }
+      },
+      graphics: {
+        vendor: webgl.vendor,
+        renderer: webgl.renderer,
+        canvas_hash: device.fingerprint,
+        canvas: {
+          hash_webgl: this.computeSimpleHash(`${webgl.vendor}|${webgl.renderer}|${webgl.version || ""}`),
+          hash_winding: this.computeSimpleHash(`${device.fingerprint}|winding`),
+          hash_2d: this.computeSimpleHash(`${device.fingerprint}|2d`),
+          hash_text: this.computeSimpleHash(`${device.fingerprint}|text`)
+        },
+        webgl: {
+          vendor: webgl.vendor,
+          renderer: webgl.renderer,
+          version: webgl.version || void 0,
+          shading_language_version: webgl.shadingLanguageVersion || void 0
+        }
+      },
+      audio: {
+        fingerprint: audioHash,
+        audio_hash: audioHash,
+        available: true,
+        sample_rate: 44100,
+        codecs: this.getAudioCodecs()
+      },
+      behavioral: {
+        mouse_speed: behavioral.swipe_velocity ?? 0,
+        languages: Array.isArray(navigator.languages) ? navigator.languages : [navigator.language],
+        timezone: device.timezone
+      },
+      software: {
+        os: osInfo.os,
+        browser: browserInfo.browser,
+        version: browserInfo.version,
+        platform: navigator.platform,
+        ua: navigator.userAgent,
+        fonts: detectedFonts.slice(0, 20),
+        plugins,
+        storage_flags: storageFlags,
+        do_not_track: navigator.doNotTrack ?? null
+      },
+      network: {
+        ip_isp: "unknown",
+        vpn: privacySignals?.isVPN ?? false,
+        vpn_detected: privacySignals?.isVPN ?? false,
+        proxy: false,
+        tor: false
+      },
+      session: {
+        incognito: isIncognito,
+        session_id: this.sessionId || session.sessionId || request.userId || this.generateSessionId(),
+        bot: privacySignals?.isAutomated ?? false,
+        automation: privacySignals?.isAutomated ?? false,
+        hasAdBlocker: privacySignals?.hasAdBlocker ?? false,
+        has_ad_blocker: privacySignals?.hasAdBlocker ?? false
+      },
+      confidence: 0.9
+    };
+    const persistenceScore = this.calculatePersistenceScore(payload);
+    const fallback = persistenceScore < 0.7;
+    payload._metadata = {
+      fallback,
+      fallback_reason: fallback ? "incognito_restrictions" : void 0,
+      sdk_version: "2.0.0",
+      persistence_score: persistenceScore,
+      collected_at: Date.now()
+    };
+    if (fallback) {
+      return {
+        hardware: payload.hardware,
+        graphics: {
+          canvas: {
+            hash_webgl: payload.graphics?.canvas?.hash_webgl,
+            hash_winding: payload.graphics?.canvas?.hash_winding
+          },
+          webgl: {
+            vendor: payload.graphics?.webgl?.vendor,
+            renderer: payload.graphics?.webgl?.renderer
+          }
+        },
+        session: payload.session,
+        _metadata: payload._metadata
+      };
+    }
+    return payload;
+  }
+  getWebGLInfo() {
+    try {
+      const canvas = document.createElement("canvas");
+      const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
+      if (!gl) {
+        return { vendor: "unknown", renderer: "unknown" };
+      }
+      const debugInfo = gl.getExtension("WEBGL_debug_renderer_info");
+      if (debugInfo) {
+        return {
+          vendor: String(gl.getParameter(debugInfo.UNMASKED_VENDOR_WEBGL) || "unknown"),
+          renderer: String(gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) || "unknown"),
+          version: String(gl.getParameter(gl.VERSION) || "unknown"),
+          shadingLanguageVersion: String(gl.getParameter(gl.SHADING_LANGUAGE_VERSION) || "unknown")
+        };
+      }
+      return {
+        vendor: String(gl.getParameter(gl.VENDOR) || "unknown"),
+        renderer: String(gl.getParameter(gl.RENDERER) || "unknown"),
+        version: String(gl.getParameter(gl.VERSION) || "unknown"),
+        shadingLanguageVersion: String(gl.getParameter(gl.SHADING_LANGUAGE_VERSION) || "unknown")
+      };
+    } catch {
+      return { vendor: "unknown", renderer: "unknown" };
+    }
+  }
+  parseBrowserInfo() {
+    const ua = navigator.userAgent;
+    const browser = this._detectBrowser();
+    const versionMatch = ua.match(/Chrome\/([\d.]+)/) || ua.match(/Firefox\/([\d.]+)/) || ua.match(/Version\/([\d.]+)/) || ua.match(/Edg\/([\d.]+)/);
+    return { browser, version: versionMatch?.[1] || "unknown" };
+  }
+  parseOsInfo() {
+    const ua = navigator.userAgent;
+    if (ua.includes("Mac OS X")) return { os: "Mac OS X" };
+    if (ua.includes("Windows")) return { os: "Windows" };
+    if (ua.includes("Android")) return { os: "Android" };
+    if (ua.includes("iPhone") || ua.includes("iPad")) return { os: "iOS" };
+    if (ua.includes("Linux")) return { os: "Linux" };
+    return { os: "unknown" };
+  }
+  detectBasicFonts() {
+    const commonFonts = ["Arial", "Helvetica", "Verdana", "Times New Roman", "Courier New"];
+    return commonFonts.slice(0, 3);
+  }
+  calculatePersistenceScore(payload) {
+    let score = 0;
+    if (payload.hardware?.gpu?.renderer && payload.hardware.gpu.renderer !== "extraction-failed") score += 0.25;
+    if (payload.hardware?.screen_width && payload.hardware?.screen_height) score += 0.15;
+    if ((payload.hardware?.concurrency || 0) > 0) score += 0.1;
+    if (payload.graphics?.webgl?.renderer || payload.graphics?.webgl?.vendor) score += 0.2;
+    if (payload.graphics?.canvas?.hash_webgl) score += 0.15;
+    if (payload.audio?.fingerprint) score += 0.1;
+    if ((payload.software?.fonts || []).length > 0) score += 0.03;
+    if ((payload.software?.plugins || []).length > 0) score += 0.02;
+    return Number(Math.min(1, score).toFixed(2));
+  }
+  getStorageFlags() {
+    return {
+      local_storage: this.isApiAvailable(() => window.localStorage),
+      session_storage: this.isApiAvailable(() => window.sessionStorage),
+      indexed_db: this.isApiAvailable(() => window.indexedDB),
+      cookies: navigator.cookieEnabled === true
+    };
+  }
+  isApiAvailable(accessor) {
+    try {
+      return typeof accessor() !== "undefined";
+    } catch {
+      return false;
+    }
+  }
+  getAudioCodecs() {
+    const audio = document.createElement("audio");
+    return {
+      mp3: audio.canPlayType("audio/mpeg"),
+      ogg: audio.canPlayType("audio/ogg"),
+      aac: audio.canPlayType("audio/aac"),
+      opus: audio.canPlayType("audio/ogg; codecs=opus")
+    };
+  }
+  collectPrivacySignals() {
+    const isIncognito = this.isStorageUnavailable();
+    return {
+      isIncognito,
+      isVPN: false,
+      isAutomated: navigator.webdriver === true,
+      hasAdBlocker: this.detectAdBlocker()
     };
   }
+  isStorageUnavailable() {
+    try {
+      const hasLocal = typeof window.localStorage !== "undefined";
+      const hasSession = typeof window.sessionStorage !== "undefined";
+      const cookies = navigator.cookieEnabled === true;
+      return !hasLocal && !hasSession && !cookies;
+    } catch {
+      return true;
+    }
+  }
+  detectAdBlocker() {
+    try {
+      const bait = document.createElement("div");
+      bait.className = "adsbox";
+      bait.style.position = "absolute";
+      bait.style.left = "-9999px";
+      document.body.appendChild(bait);
+      const blocked = bait.offsetHeight === 0 || bait.offsetWidth === 0;
+      document.body.removeChild(bait);
+      return blocked;
+    } catch {
+      return false;
+    }
+  }
+  computeSimpleHash(value) {
+    let hash = 0;
+    for (let i = 0; i < value.length; i++) {
+      hash = (hash << 5) - hash + value.charCodeAt(i) | 0;
+    }
+    return Math.abs(hash).toString(16);
+  }
+  actionFromRisk(riskScore) {
+    if (riskScore >= 85) return "block";
+    if (riskScore >= 65) return "hard_challenge";
+    if (riskScore >= 40) return "soft_challenge";
+    return "allow";
+  }
   /**
-   * Get default endpoint
+   * Resolve endpoint: config > env > production default.
    */
   getDefaultEndpoint() {
+    const configuredEndpoint = this.normalizeEndpoint(this.config?.endpoint);
+    if (configuredEndpoint) {
+      return configuredEndpoint;
+    }
+    const envEndpoint = this.normalizeEndpoint(
+      typeof globalThis !== "undefined" ? globalThis?.process?.env?.NEXT_PUBLIC_API_URL : void 0
+    );
+    if (envEndpoint) {
+      return envEndpoint;
+    }
     return "https://api.keverd.com";
   }
+  normalizeEndpoint(value) {
+    if (!value) return void 0;
+    const trimmed = value.trim();
+    if (!trimmed) return void 0;
+    return trimmed.replace(/\/+$/, "");
+  }
   /**
    * Generate a session ID
    */
@@ -975,9 +1320,6 @@ var KeverdSDK = class {
    * Destroy the SDK instance
    */
   async destroy() {
-    if (this.sessionId) {
-      await this.endSession();
-    }
     const wasDebug = this.config?.debug;
     this.behavioralCollector.stop();
     this.isInitialized = false;
@@ -1001,15 +1343,19 @@ var KeverdSDK = class {
   }
 };
 var KeverdContext = react.createContext(null);
-function KeverdProvider({ loadOptions, children }) {
+function KeverdProvider({ apiKey, endpoint, debug, loadOptions, children }) {
   const sdkRef = react.useRef(new KeverdSDK());
   const [isReady, setIsReady] = react.useState(false);
   react.useEffect(() => {
     const sdk = sdkRef.current;
     if (!sdk.isReady()) {
+      const resolvedApiKey = apiKey ?? loadOptions?.apiKey;
+      const resolvedEndpoint = endpoint ?? loadOptions?.endpoint;
+      const resolvedDebug = debug ?? loadOptions?.debug ?? false;
       sdk.init({
-        apiKey: loadOptions.apiKey,
-        debug: loadOptions.debug || false
+        apiKey: resolvedApiKey,
+        endpoint: resolvedEndpoint,
+        debug: resolvedDebug
       });
       setIsReady(true);
     }
@@ -1020,7 +1366,7 @@ function KeverdProvider({ loadOptions, children }) {
         setIsReady(false);
       }
     };
-  }, []);
+  }, [apiKey, endpoint, debug, loadOptions]);
   const contextValue = {
     sdk: sdkRef.current,
     isReady
@@ -1087,11 +1433,112 @@ function useKeverdVisitorData(options) {
     getData
   };
 }
+function useKeverd() {
+  const { isLoading, error, data, getData } = useKeverdVisitorData({ immediate: true });
+  react.useEffect(() => {
+    if (typeof window === "undefined") return;
+    if (data?.visitorId) {
+      window.__KEVERD_DEVICE_ID__ = data.visitorId;
+    }
+  }, [data?.visitorId]);
+  const refresh = async () => {
+    await getData({ ignoreCache: true });
+  };
+  return react.useMemo(
+    () => ({
+      deviceId: data?.visitorId || null,
+      riskScore: typeof data?.riskScore === "number" ? data.riskScore : null,
+      isLoading,
+      error,
+      refresh
+    }),
+    [data?.visitorId, data?.riskScore, isLoading, error]
+  );
+}
+
+// src/utils/identifiers.ts
+function bufferToHex(buffer) {
+  const bytes = new Uint8Array(buffer);
+  let hex = "";
+  for (let i = 0; i < bytes.length; i++) {
+    hex += bytes[i].toString(16).padStart(2, "0");
+  }
+  return hex;
+}
+function fallbackHash(input) {
+  let hash = 0;
+  for (let i = 0; i < input.length; i++) {
+    hash = (hash << 5) - hash + input.charCodeAt(i);
+    hash |= 0;
+  }
+  return Math.abs(hash).toString(16);
+}
+async function hashLoginIdentifier(identifier, options) {
+  if (!identifier) {
+    throw new Error("[Keverd SDK] identifier is required for hashing");
+  }
+  const salt = options?.salt ?? "";
+  const normalized = (salt + identifier).toLowerCase();
+  const prefix = options?.prefix ?? "sha256";
+  try {
+    if (typeof window !== "undefined" && window.crypto?.subtle) {
+      const encoder = new TextEncoder();
+      const digest = await window.crypto.subtle.digest("SHA-256", encoder.encode(normalized));
+      return `${prefix}:${bufferToHex(digest)}`;
+    }
+  } catch {
+  }
+  return `${prefix}:${fallbackHash(normalized)}`;
+}
+async function buildLoginContextFromIdentifier(options) {
+  const identifierHash = await hashLoginIdentifier(options.identifier, {
+    salt: options.salt
+  });
+  return {
+    identifierHash,
+    result: options.result,
+    failureReason: options.failureReason,
+    authMethod: options.authMethod,
+    mfaUsed: options.mfaUsed,
+    attemptId: options.attemptId
+  };
+}
+
+// src/utils/adaptive.ts
+function handleAdaptiveResponse(response, handlers) {
+  const anyResp = response;
+  const adaptive = anyResp.adaptive_response || {};
+  const recommendedAction = anyResp.recommended_action || adaptive.recommended_action || response.action;
+  const challenges = Array.isArray(adaptive.challenges) ? adaptive.challenges : [];
+  switch (recommendedAction) {
+    case "allow":
+      handlers.onAllow?.(response);
+      break;
+    case "soft_challenge":
+      handlers.onSoftChallenge?.(response);
+      break;
+    case "hard_challenge":
+      handlers.onHardChallenge?.(response);
+      break;
+    case "block":
+      handlers.onBlock?.(response);
+      break;
+    default:
+      handlers.onUnknown?.(response);
+  }
+  if (challenges.length) {
+    handlers.onChallenges?.(response, challenges);
+  }
+}
 
 exports.KeverdBehavioralCollector = KeverdBehavioralCollector;
 exports.KeverdDeviceCollector = KeverdDeviceCollector;
 exports.KeverdProvider = KeverdProvider;
 exports.KeverdSDK = KeverdSDK;
+exports.buildLoginContextFromIdentifier = buildLoginContextFromIdentifier;
+exports.handleAdaptiveResponse = handleAdaptiveResponse;
+exports.hashLoginIdentifier = hashLoginIdentifier;
+exports.useKeverd = useKeverd;
 exports.useKeverdContext = useKeverdContext;
 exports.useKeverdVisitorData = useKeverdVisitorData;
 //# sourceMappingURL=index.js.map