@komo-tech/embed-core 0.1.0

package/README.md

@@ -0,0 +1,54 @@
+# @komo-tech/embed-core
+
+Platform-neutral session core for Komo embeds. Owns identity exchange, memory-only session state, refresh scheduling, and typed events without binding to web or React Native runtime APIs.
+
+Copyright Komo Technologies. All rights reserved.
+
+## Usage
+
+```ts
+import {
+  FetchEmbedSessionClient,
+  KomoEmbedSessionManager
+} from '@komo-tech/embed-core';
+
+const session = new KomoEmbedSessionManager({
+  workspaceId: 'workspace-guid',
+  siteId: 'site-guid',
+  getIdentityToken: async () => ({
+    type: 'jwt',
+    token: await host.getJwt()
+  }),
+  client: new FetchEmbedSessionClient({
+    baseUrl: 'https://api.komo.tech',
+    fetch: hostFetch
+  })
+});
+
+const bearer = await session.getBearerToken();
+```
+
+Use email identity without `siteId`:
+
+```ts
+const session = new KomoEmbedSessionManager({
+  workspaceId: 'workspace-guid',
+  getIdentityToken: () => ({
+    type: 'email',
+    attributes: { email: 'person@example.com' }
+  }),
+  client
+});
+```
+
+Subscribe to events:
+
+```ts
+const unsubscribe = session.onAuthenticated(({ contactId, trustLevel }) => {
+  logger.info('Komo session authenticated', { contactId, trustLevel });
+});
+
+unsubscribe();
+session.dispose();
+```
+

package/dist/FetchEmbedSessionClient.d.ts

@@ -0,0 +1,39 @@
+import type { EmbedSessionClient, EmbedSessionExchangeRequest, EmbedSessionExchangeResponse, EmbedSessionRefreshRequest, EmbedSessionRefreshResponse, PortableAbortSignal } from './types.js';
+export type PortableHeadersInit = Record<string, string> | Array<[string, string]> | {
+    forEach(callback: (value: string, key: string) => void): void;
+};
+export interface PortableFetchRequestInit {
+    method?: string;
+    signal?: PortableAbortSignal;
+    body?: string;
+    headers?: Record<string, string>;
+}
+export interface PortableFetchResponse {
+    readonly ok: boolean;
+    readonly status: number;
+    text(): Promise<string>;
+}
+export type PortableFetch = (input: string, init?: PortableFetchRequestInit) => Promise<PortableFetchResponse>;
+export type RuntimeFetch = (input: string) => Promise<PortableFetchResponse>;
+export interface FetchEmbedSessionClientOptions {
+    baseUrl: string;
+    fetch?: PortableFetch | RuntimeFetch;
+    maxRetries?: number;
+    retryBaseDelayMs?: number;
+    headers?: PortableHeadersInit | (() => PortableHeadersInit);
+}
+export declare class FetchEmbedSessionClient implements EmbedSessionClient {
+    private readonly baseUrl;
+    private readonly fetchImpl;
+    private readonly maxRetries;
+    private readonly retryBaseDelayMs;
+    private readonly headers?;
+    constructor(options: FetchEmbedSessionClientOptions);
+    exchange(request: EmbedSessionExchangeRequest, signal?: PortableAbortSignal): Promise<EmbedSessionExchangeResponse>;
+    refresh(request: EmbedSessionRefreshRequest, signal?: PortableAbortSignal): Promise<EmbedSessionRefreshResponse>;
+    private exchangeOnce;
+    private refreshOnce;
+    private postSessionRequest;
+    private resolveHeaders;
+}
+//# sourceMappingURL=FetchEmbedSessionClient.d.ts.map

package/dist/FetchEmbedSessionClient.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"FetchEmbedSessionClient.d.ts","sourceRoot":"","sources":["../src/FetchEmbedSessionClient.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,kBAAkB,EAClB,2BAA2B,EAC3B,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,EAG3B,mBAAmB,EACpB,MAAM,YAAY,CAAC;AAEpB,MAAM,MAAM,mBAAmB,GAC3B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACtB,KAAK,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,GACvB;IACE,OAAO,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,GAAG,IAAI,CAAC;CAC/D,CAAC;AAEN,MAAM,WAAW,wBAAwB;IACvC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,IAAI,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;CACzB;AAED,MAAM,MAAM,aAAa,GAAG,CAC1B,KAAK,EAAE,MAAM,EACb,IAAI,CAAC,EAAE,wBAAwB,KAC5B,OAAO,CAAC,qBAAqB,CAAC,CAAC;AAEpC,MAAM,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,qBAAqB,CAAC,CAAC;AAE7E,MAAM,WAAW,8BAA8B;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,aAAa,GAAG,YAAY,CAAC;IACrC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,OAAO,CAAC,EAAE,mBAAmB,GAAG,CAAC,MAAM,mBAAmB,CAAC,CAAC;CAC7D;AAmJD,qBAAa,uBAAwB,YAAW,kBAAkB;IAChE,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAgB;IAC1C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAoD;gBAEjE,OAAO,EAAE,8BAA8B;IAY7C,QAAQ,CACZ,OAAO,EAAE,2BAA2B,EACpC,MAAM,CAAC,EAAE,mBAAmB,GAC3B,OAAO,CAAC,4BAA4B,CAAC;IA6BlC,OAAO,CACX,OAAO,EAAE,0BAA0B,EACnC,MAAM,CAAC,EAAE,mBAAmB,GAC3B,OAAO,CAAC,2BAA2B,CAAC;YA6BzB,YAAY;YAYZ,WAAW;YAYX,kBAAkB;IA6DhC,OAAO,CAAC,cAAc;CAsBvB"}

package/dist/FetchEmbedSessionClient.js

@@ -0,0 +1,209 @@
+import { EmbedSessionExchangeError } from './errors.js';
+const exchangePath = '/api/v1/live/auth/sdk/session';
+const refreshPath = '/api/v1/live/auth/sdk/session/refresh';
+const retryableStatus = (status) => status >= 500 && status <= 599;
+const delay = (ms, signal) => new Promise((resolve, reject) => {
+    if (signal?.aborted) {
+        reject(new Error('Exchange request aborted'));
+        return;
+    }
+    const timeout = setTimeout(() => {
+        signal?.removeEventListener?.('abort', onAbort);
+        resolve();
+    }, ms);
+    const onAbort = () => {
+        clearTimeout(timeout);
+        reject(new Error('Exchange request aborted'));
+    };
+    signal?.addEventListener?.('abort', onAbort, { once: true });
+});
+const toUrl = (baseUrl, path) => {
+    const normalizedBase = baseUrl.endsWith('/') ? baseUrl.slice(0, -1) : baseUrl;
+    return `${normalizedBase}${path}`;
+};
+const toWireIdentity = (identity) => {
+    switch (identity.type) {
+        case 'jwt':
+            return { type: 'jwt', token: identity.token };
+        case 'email':
+            return { type: 'email', attributes: identity.attributes };
+        case 'oauth2':
+            return { type: 'oauth2', token: identity.token };
+        case 'custom':
+            return { ...identity };
+        case 'anonymous':
+            return { type: 'anonymous' };
+        default: {
+            const exhaustive = identity;
+            return exhaustive;
+        }
+    }
+};
+const toBody = (request) => ({
+    workspaceId: request.workspaceId,
+    ...(request.siteId ? { siteId: request.siteId } : {}),
+    identity: toWireIdentity(request.identity)
+});
+const toRefreshBody = (request) => ({
+    sessionToken: request.sessionToken
+});
+const isRecord = (input) => typeof input === 'object' && input !== null;
+const isExchangeResponse = (input) => {
+    if (!isRecord(input)) {
+        return false;
+    }
+    return (typeof input.sessionToken === 'string' &&
+        typeof input.expiresAt === 'string' &&
+        typeof input.contactId === 'string' &&
+        typeof input.trustLevel === 'string');
+};
+const parseJson = async (response, invalidJsonRetryable) => {
+    const text = await response.text();
+    if (text.length === 0) {
+        return null;
+    }
+    try {
+        return JSON.parse(text);
+    }
+    catch (error) {
+        throw new EmbedSessionExchangeError('Exchange response was not valid JSON', {
+            status: response.status,
+            retryable: invalidJsonRetryable,
+            cause: error
+        });
+    }
+};
+const isStructuredFailure = (envelope) => envelope.success === false ||
+    envelope.isError === true ||
+    envelope.result === 'Failed' ||
+    envelope.result === 128;
+const toExchangeError = (message, status, retryable, body) => {
+    const envelope = isRecord(body)
+        ? body
+        : undefined;
+    const failureReason = envelope?.failureReason;
+    const safeMessage = envelope?.errorMessage ?? message;
+    return new EmbedSessionExchangeError(safeMessage, {
+        status,
+        failureReason,
+        retryable
+    });
+};
+export class FetchEmbedSessionClient {
+    baseUrl;
+    fetchImpl;
+    maxRetries;
+    retryBaseDelayMs;
+    headers;
+    constructor(options) {
+        if (!options.fetch) {
+            throw new Error('FetchEmbedSessionClient requires injected fetch');
+        }
+        this.baseUrl = options.baseUrl;
+        this.fetchImpl = options.fetch;
+        this.maxRetries = options.maxRetries ?? 2;
+        this.retryBaseDelayMs = options.retryBaseDelayMs ?? 250;
+        this.headers = options.headers;
+    }
+    async exchange(request, signal) {
+        let attempt = 0;
+        while (true) {
+            try {
+                return await this.exchangeOnce(request, signal);
+            }
+            catch (error) {
+                const exchangeError = error instanceof EmbedSessionExchangeError
+                    ? error
+                    : new EmbedSessionExchangeError('Exchange request failed', {
+                        retryable: !signal?.aborted,
+                        cause: error
+                    });
+                if (!exchangeError.retryable ||
+                    attempt >= this.maxRetries ||
+                    signal?.aborted) {
+                    throw exchangeError;
+                }
+                attempt += 1;
+                await delay(this.retryBaseDelayMs * 2 ** (attempt - 1), signal);
+            }
+        }
+    }
+    async refresh(request, signal) {
+        let attempt = 0;
+        while (true) {
+            try {
+                return await this.refreshOnce(request, signal);
+            }
+            catch (error) {
+                const exchangeError = error instanceof EmbedSessionExchangeError
+                    ? error
+                    : new EmbedSessionExchangeError('Refresh request failed', {
+                        retryable: !signal?.aborted,
+                        cause: error
+                    });
+                if (!exchangeError.retryable ||
+                    attempt >= this.maxRetries ||
+                    signal?.aborted) {
+                    throw exchangeError;
+                }
+                attempt += 1;
+                await delay(this.retryBaseDelayMs * 2 ** (attempt - 1), signal);
+            }
+        }
+    }
+    async exchangeOnce(request, signal) {
+        return this.postSessionRequest(exchangePath, toBody(request), 'Exchange', signal);
+    }
+    async refreshOnce(request, signal) {
+        return this.postSessionRequest(refreshPath, toRefreshBody(request), 'Refresh', signal);
+    }
+    async postSessionRequest(path, requestBody, operation, signal) {
+        const response = await this.fetchImpl(toUrl(this.baseUrl, path), {
+            method: 'POST',
+            signal,
+            body: JSON.stringify(requestBody),
+            headers: {
+                'content-type': 'application/json',
+                accept: 'application/json',
+                ...this.resolveHeaders()
+            }
+        });
+        const body = await parseJson(response, retryableStatus(response.status));
+        if (!response.ok) {
+            throw toExchangeError(`${operation} request failed`, response.status, retryableStatus(response.status), body);
+        }
+        if (isRecord(body)) {
+            const envelope = body;
+            if (isStructuredFailure(envelope)) {
+                throw toExchangeError(`${operation} failed`, response.status, false, body);
+            }
+            if (isExchangeResponse(envelope.data)) {
+                return envelope.data;
+            }
+        }
+        if (isExchangeResponse(body)) {
+            return body;
+        }
+        throw new EmbedSessionExchangeError(`${operation} response shape was invalid`, {
+            status: response.status,
+            retryable: false
+        });
+    }
+    resolveHeaders() {
+        const headers = typeof this.headers === 'function' ? this.headers() : this.headers;
+        if (!headers) {
+            return {};
+        }
+        if (Array.isArray(headers)) {
+            return Object.fromEntries(headers);
+        }
+        if ('forEach' in headers) {
+            const normalized = {};
+            headers.forEach((value, key) => {
+                normalized[key] = value;
+            });
+            return normalized;
+        }
+        return headers;
+    }
+}

package/dist/KomoEmbedSessionManager.d.ts

@@ -0,0 +1,103 @@
+import { type EmbedCoreEvents } from './events.js';
+import type { TimerScheduler } from './RefreshScheduler.js';
+import type { EmbedCoreLogger, EmbedSessionClient, EmbedSessionState, EmbedTrustLevel, IdentityResult, PlatformLifecycle } from './types.js';
+export interface KomoEmbedSessionManagerOptions {
+    workspaceId?: string;
+    siteId?: string;
+    getIdentityToken?: () => Promise<IdentityResult | null> | IdentityResult | null;
+    client: EmbedSessionClient;
+    lifecycle?: PlatformLifecycle;
+    clock?: Pick<typeof Date, 'now'>;
+    refreshWindowMs?: number;
+    refreshJitterMs?: number;
+    timerScheduler?: TimerScheduler;
+    logger?: Pick<EmbedCoreLogger, 'debug' | 'info' | 'warn' | 'error'>;
+}
+export interface CurrentSession {
+    state: EmbedSessionState;
+    sessionToken?: string;
+    expiresAt?: Date;
+    contactId?: string;
+    trustLevel?: EmbedTrustLevel;
+}
+export declare class KomoEmbedSessionManager {
+    private readonly workspaceId?;
+    private readonly siteId?;
+    private readonly getIdentityToken?;
+    private readonly client;
+    private readonly clock;
+    private readonly refreshWindowMs;
+    private readonly refreshJitterMs;
+    private readonly timerScheduler;
+    private readonly logger?;
+    private readonly eventEmitter;
+    private readonly lifecycleUnsubscribers;
+    private currentSession;
+    private pendingExchange?;
+    private pendingRefresh?;
+    private refreshTimer?;
+    private isLoggedOut;
+    private isDisposed;
+    private exchangeVersion;
+    constructor(options: KomoEmbedSessionManagerOptions);
+    /**
+     * Returns an immutable snapshot of the current embed session state.
+     */
+    getCurrentSession(): CurrentSession;
+    /**
+     * Returns a usable bearer token, refreshing or exchanging identity when needed.
+     * Returns null when auth is not configured, logged out, or disposed.
+     */
+    getBearerToken(): Promise<string | null>;
+    /**
+     * Exchanges current host identity for an embed session and updates manager state.
+     */
+    identifyContact(): Promise<CurrentSession>;
+    /**
+     * Clears the current session and prevents automatic re-authentication until
+     * identifyContact is called again.
+     */
+    logout(): void;
+    /**
+     * Stops timers, removes lifecycle listeners, clears event subscribers, and
+     * ignores pending async exchange or refresh results.
+     */
+    dispose(): void;
+    /**
+     * Subscribes to successful authenticated-session changes.
+     */
+    onAuthenticated(callback: (payload: EmbedCoreEvents['authenticated']) => void): () => void;
+    /**
+     * Subscribes to session expiry events caused by logout or refresh failure.
+     */
+    onSessionExpired(callback: (payload: EmbedCoreEvents['sessionExpired']) => void): () => void;
+    /**
+     * Subscribes to contact identity changes after exchange or merge.
+     */
+    onIdentityChanged(callback: (payload: EmbedCoreEvents['identityChanged']) => void): () => void;
+    /**
+     * Subscribes to coarse session state transitions.
+     */
+    onStateChanged(callback: (payload: EmbedCoreEvents['stateChanged']) => void): () => void;
+    /**
+     * True when the current session token can be reused without a refresh.
+     * Tokens inside the refresh window are treated as unusable so callers get a
+     * freshly exchanged token before expiry.
+     */
+    private hasUsableToken;
+    /**
+     * True when the current session token has expired.
+     */
+    private hasExpiredToken;
+    private exchangeIdentity;
+    private doExchangeIdentity;
+    private refreshSession;
+    private doRefreshSession;
+    private applySessionResponse;
+    private shouldFallbackToExchange;
+    private setSession;
+    private scheduleRefresh;
+    private cancelRefreshTimer;
+    private refreshFromLifecycle;
+}
+//# sourceMappingURL=KomoEmbedSessionManager.d.ts.map

package/dist/KomoEmbedSessionManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"KomoEmbedSessionManager.d.ts","sourceRoot":"","sources":["../src/KomoEmbedSessionManager.ts"],"names":[],"mappings":"AACA,OAAO,EAAqB,KAAK,eAAe,EAAE,MAAM,aAAa,CAAC;AAGtE,OAAO,KAAK,EAAe,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACzE,OAAO,KAAK,EACV,eAAe,EACf,kBAAkB,EAGlB,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,iBAAiB,EAClB,MAAM,YAAY,CAAC;AAEpB,MAAM,WAAW,8BAA8B;IAC7C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gBAAgB,CAAC,EAAE,MACf,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,GAC9B,cAAc,GACd,IAAI,CAAC;IACT,MAAM,EAAE,kBAAkB,CAAC;IAC3B,SAAS,CAAC,EAAE,iBAAiB,CAAC;IAC9B,KAAK,CAAC,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,KAAK,CAAC,CAAC;IACjC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,MAAM,CAAC,EAAE,IAAI,CAAC,eAAe,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,CAAC;CACrE;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,iBAAiB,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,eAAe,CAAC;CAC9B;AAuBD,qBAAa,uBAAuB;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAGzB;IACT,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAqB;IAC5C,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA2B;IACjD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAChD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAGtB;IACF,OAAO,CAAC,QAAQ,CAAC,YAAY,CAA4C;IACzE,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAyB;IAEhE,OAAO,CAAC,cAAc,CAAgD;IACtE,OAAO,CAAC,eAAe,CAAC,CAA0B;IAClD,OAAO,CAAC,cAAc,CAAC,CAA0B;IACjD,OAAO,CAAC,YAAY,CAAC,CAAc;IACnC,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,eAAe,CAAK;gBAEhB,OAAO,EAAE,8BAA8B;IA4BnD;;OAEG;IACH,iBAAiB,IAAI,cAAc;IAInC;;;OAGG;IACG,cAAc,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAuB9C;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,cAAc,CAAC;IAShD;;;OAGG;IACH,MAAM,IAAI,IAAI;IAcd;;;OAGG;IACH,OAAO,IAAI,IAAI;IAkBf;;OAEG;IACH,eAAe,CACb,QAAQ,EAAE,CAAC,OAAO,EAAE,eAAe,CAAC,eAAe,CAAC,KAAK,IAAI;IAK/D;;OAEG;IACH,gBAAgB,CACd,QAAQ,EAAE,CAAC,OAAO,EAAE,eAAe,CAAC,gBAAgB,CAAC,KAAK,IAAI;IAKhE;;OAEG;IACH,iBAAiB,CACf,QAAQ,EAAE,CAAC,OAAO,EAAE,eAAe,CAAC,iBAAiB,CAAC,KAAK,IAAI;IAKjE;;OAEG;IACH,cAAc,CAAC,QAAQ,EAAE,CAAC,OAAO,EAAE,eAAe,CAAC,cAAc,CAAC,KAAK,IAAI;IAI3E;;;;OAIG;IACH,OAAO,CAAC,cAAc;IAWtB;;OAEG;IACH,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,gBAAgB;YAqBV,kBAAkB;IA6EhC,OAAO,CAAC,cAAc;YAoBR,gBAAgB;IA+C9B,OAAO,CAAC,oBAAoB;IAuC5B,OAAO,CAAC,wBAAwB;IAQhC,OAAO,CAAC,UAAU;IAYlB,OAAO,CAAC,eAAe;IA6BvB,OAAO,CAAC,kBAAkB;IAK1B,OAAO,CAAC,oBAAoB;CAS7B"}

package/dist/KomoEmbedSessionManager.js

@@ -0,0 +1,377 @@
+import { EmbedSessionExchangeError } from './errors.js';
+import { TypedEventEmitter } from './events.js';
+import { validateIdentityResult } from './identity.js';
+import { DefaultTimerScheduler } from './RefreshScheduler.js';
+const defaultRefreshWindowMs = 60_000;
+const cloneSession = (session) => ({
+    ...session,
+    ...(session.expiresAt ? { expiresAt: new Date(session.expiresAt) } : {})
+});
+const parseExpiresAt = (expiresAt) => {
+    const date = new Date(expiresAt);
+    if (Number.isNaN(date.getTime())) {
+        throw new EmbedSessionExchangeError('Session response expiresAt is invalid', {
+            retryable: false
+        });
+    }
+    return date;
+};
+export class KomoEmbedSessionManager {
+    workspaceId;
+    siteId;
+    getIdentityToken;
+    client;
+    clock;
+    refreshWindowMs;
+    refreshJitterMs;
+    timerScheduler;
+    logger;
+    eventEmitter = new TypedEventEmitter();
+    lifecycleUnsubscribers = [];
+    currentSession = { state: 'UNAUTHENTICATED' };
+    pendingExchange;
+    pendingRefresh;
+    refreshTimer;
+    isLoggedOut = false;
+    isDisposed = false;
+    exchangeVersion = 0;
+    constructor(options) {
+        this.workspaceId = options.workspaceId;
+        this.siteId = options.siteId;
+        this.getIdentityToken = options.getIdentityToken;
+        this.client = options.client;
+        this.clock = options.clock ?? Date;
+        this.refreshWindowMs = options.refreshWindowMs ?? defaultRefreshWindowMs;
+        this.refreshJitterMs = options.refreshJitterMs ?? 0;
+        this.timerScheduler = options.timerScheduler ?? new DefaultTimerScheduler();
+        this.logger = options.logger;
+        if (options.lifecycle) {
+            this.lifecycleUnsubscribers.push(options.lifecycle.onForeground(() => {
+                this.refreshFromLifecycle();
+            }));
+            if (options.lifecycle.onBFCacheRestore) {
+                this.lifecycleUnsubscribers.push(options.lifecycle.onBFCacheRestore(() => {
+                    this.refreshFromLifecycle();
+                }));
+            }
+        }
+    }
+    /**
+     * Returns an immutable snapshot of the current embed session state.
+     */
+    getCurrentSession() {
+        return cloneSession(this.currentSession);
+    }
+    /**
+     * Returns a usable bearer token, refreshing or exchanging identity when needed.
+     * Returns null when auth is not configured, logged out, or disposed.
+     */
+    async getBearerToken() {
+        if (this.isDisposed || this.isLoggedOut || !this.getIdentityToken) {
+            return null;
+        }
+        if (this.hasUsableToken()) {
+            return this.currentSession.sessionToken ?? null;
+        }
+        if (this.pendingExchange) {
+            const session = await this.pendingExchange;
+            return session.sessionToken ?? null;
+        }
+        if (!this.hasExpiredToken()) {
+            const session = await this.refreshSession();
+            return session.sessionToken ?? null;
+        }
+        const session = await this.exchangeIdentity();
+        return session.sessionToken ?? null;
+    }
+    /**
+     * Exchanges current host identity for an embed session and updates manager state.
+     */
+    async identifyContact() {
+        if (this.isDisposed) {
+            return this.getCurrentSession();
+        }
+        this.isLoggedOut = false;
+        return this.exchangeIdentity();
+    }
+    /**
+     * Clears the current session and prevents automatic re-authentication until
+     * identifyContact is called again.
+     */
+    logout() {
+        const hadToken = Boolean(this.currentSession.sessionToken);
+        this.exchangeVersion += 1;
+        this.pendingExchange = undefined;
+        this.pendingRefresh = undefined;
+        this.isLoggedOut = true;
+        this.cancelRefreshTimer();
+        this.setSession({ state: 'LOGGED_OUT' });
+        if (hadToken) {
+            this.eventEmitter.emit('sessionExpired', { reason: 'logged_out' });
+        }
+    }
+    /**
+     * Stops timers, removes lifecycle listeners, clears event subscribers, and
+     * ignores pending async exchange or refresh results.
+     */
+    dispose() {
+        if (this.isDisposed) {
+            return;
+        }
+        this.isDisposed = true;
+        this.exchangeVersion += 1;
+        this.pendingExchange = undefined;
+        this.pendingRefresh = undefined;
+        this.cancelRefreshTimer();
+        for (const unsubscribe of this.lifecycleUnsubscribers.splice(0)) {
+            unsubscribe();
+        }
+        this.eventEmitter.clear();
+    }
+    /**
+     * Subscribes to successful authenticated-session changes.
+     */
+    onAuthenticated(callback) {
+        return this.eventEmitter.on('authenticated', callback);
+    }
+    /**
+     * Subscribes to session expiry events caused by logout or refresh failure.
+     */
+    onSessionExpired(callback) {
+        return this.eventEmitter.on('sessionExpired', callback);
+    }
+    /**
+     * Subscribes to contact identity changes after exchange or merge.
+     */
+    onIdentityChanged(callback) {
+        return this.eventEmitter.on('identityChanged', callback);
+    }
+    /**
+     * Subscribes to coarse session state transitions.
+     */
+    onStateChanged(callback) {
+        return this.eventEmitter.on('stateChanged', callback);
+    }
+    /**
+     * True when the current session token can be reused without a refresh.
+     * Tokens inside the refresh window are treated as unusable so callers get a
+     * freshly exchanged token before expiry.
+     */
+    hasUsableToken() {
+        if (!this.currentSession.sessionToken || !this.currentSession.expiresAt) {
+            return false;
+        }
+        return (this.currentSession.expiresAt.getTime() - this.clock.now() >
+            this.refreshWindowMs);
+    }
+    /**
+     * True when the current session token has expired.
+     */
+    hasExpiredToken() {
+        if (!this.currentSession.sessionToken || !this.currentSession.expiresAt) {
+            return false;
+        }
+        return this.currentSession.expiresAt.getTime() <= this.clock.now();
+    }
+    exchangeIdentity() {
+        if (this.isDisposed) {
+            return Promise.resolve(this.getCurrentSession());
+        }
+        if (this.pendingExchange) {
+            return this.pendingExchange;
+        }
+        this.pendingRefresh = undefined;
+        const version = ++this.exchangeVersion;
+        const pendingExchange = this.doExchangeIdentity(version).finally(() => {
+            if (this.exchangeVersion === version) {
+                this.pendingExchange = undefined;
+            }
+        });
+        this.pendingExchange = pendingExchange;
+        return pendingExchange;
+    }
+    async doExchangeIdentity(version) {
+        if (!this.getIdentityToken) {
+            return this.getCurrentSession();
+        }
+        const previousSession = this.getCurrentSession();
+        this.setSession({ ...this.currentSession, state: 'AUTHENTICATING' });
+        try {
+            const identity = await this.getIdentityToken();
+            if (!identity) {
+                this.cancelRefreshTimer();
+                this.setSession({ state: 'UNAUTHENTICATED' });
+                return this.getCurrentSession();
+            }
+            if (this.exchangeVersion !== version ||
+                this.isLoggedOut ||
+                this.isDisposed) {
+                return this.getCurrentSession();
+            }
+            const validationErrors = validateIdentityResult({
+                workspaceId: this.workspaceId,
+                siteId: this.siteId,
+                identity
+            });
+            if (validationErrors.length > 0) {
+                throw new EmbedSessionExchangeError(validationErrors.map((error) => error.message).join('; '), {
+                    retryable: false
+                });
+            }
+            const response = await this.client.exchange({
+                workspaceId: this.workspaceId,
+                ...(this.siteId ? { siteId: this.siteId } : {}),
+                identity
+            });
+            if (this.exchangeVersion !== version ||
+                this.isLoggedOut ||
+                this.isDisposed) {
+                return this.getCurrentSession();
+            }
+            this.applySessionResponse(response, previousSession);
+            return this.getCurrentSession();
+        }
+        catch (error) {
+            if (this.exchangeVersion !== version ||
+                this.isLoggedOut ||
+                this.isDisposed) {
+                return this.getCurrentSession();
+            }
+            this.cancelRefreshTimer();
+            this.setSession({ state: 'FAILED' });
+            if (previousSession.sessionToken) {
+                this.eventEmitter.emit('sessionExpired', { reason: 'refresh_failed' });
+            }
+            this.logger?.warn('Komo embed session exchange failed');
+            throw error;
+        }
+    }
+    refreshSession() {
+        if (this.isDisposed) {
+            return Promise.resolve(this.getCurrentSession());
+        }
+        if (this.pendingRefresh) {
+            return this.pendingRefresh;
+        }
+        const version = this.exchangeVersion;
+        const pendingRefresh = this.doRefreshSession(version).finally(() => {
+            if (this.exchangeVersion === version) {
+                this.pendingRefresh = undefined;
+            }
+        });
+        this.pendingRefresh = pendingRefresh;
+        return pendingRefresh;
+    }
+    async doRefreshSession(version) {
+        const previousSession = this.getCurrentSession();
+        const sessionToken = previousSession.sessionToken;
+        if (!sessionToken) {
+            return this.exchangeIdentity();
+        }
+        try {
+            const response = await this.client.refresh({ sessionToken });
+            if (this.exchangeVersion !== version ||
+                this.isLoggedOut ||
+                this.isDisposed) {
+                return this.getCurrentSession();
+            }
+            this.applySessionResponse(response, previousSession);
+            return this.getCurrentSession();
+        }
+        catch (error) {
+            if (this.exchangeVersion !== version ||
+                this.isLoggedOut ||
+                this.isDisposed) {
+                return this.getCurrentSession();
+            }
+            if (this.shouldFallbackToExchange(error)) {
+                return this.exchangeIdentity();
+            }
+            this.cancelRefreshTimer();
+            this.setSession({
+                state: 'FAILED',
+                contactId: previousSession.contactId,
+                trustLevel: previousSession.trustLevel
+            });
+            this.eventEmitter.emit('sessionExpired', { reason: 'refresh_failed' });
+            this.logger?.warn('Komo embed session refresh failed');
+            throw error;
+        }
+    }
+    applySessionResponse(response, previousSession) {
+        const nextState = response.trustLevel === 'Anonymous' ? 'ANONYMOUS' : 'AUTHENTICATED';
+        const nextSession = {
+            state: nextState,
+            sessionToken: response.sessionToken,
+            expiresAt: parseExpiresAt(response.expiresAt),
+            contactId: response.contactId,
+            trustLevel: response.trustLevel
+        };
+        const previousContactId = previousSession.contactId;
+        this.setSession(nextSession);
+        this.scheduleRefresh();
+        if (nextState === 'AUTHENTICATED' &&
+            (previousSession.state !== 'AUTHENTICATED' ||
+                previousContactId !== response.contactId ||
+                previousSession.trustLevel !== response.trustLevel)) {
+            this.eventEmitter.emit('authenticated', {
+                contactId: response.contactId,
+                trustLevel: response.trustLevel
+            });
+        }
+        if (previousContactId !== response.contactId) {
+            this.eventEmitter.emit('identityChanged', {
+                previousContactId,
+                contactId: response.contactId,
+                reason: response.mergedFromContactId ? 'merge' : 'exchange'
+            });
+        }
+    }
+    shouldFallbackToExchange(error) {
+        return (error instanceof EmbedSessionExchangeError &&
+            (error.failureReason === 'TokenExpired' ||
+                error.failureReason === 'TokenInvalid'));
+    }
+    setSession(nextSession) {
+        const previousState = this.currentSession.state;
+        this.currentSession = cloneSession(nextSession);
+        if (previousState !== nextSession.state) {
+            this.eventEmitter.emit('stateChanged', {
+                previousState,
+                state: nextSession.state
+            });
+        }
+    }
+    scheduleRefresh() {
+        this.cancelRefreshTimer();
+        if (this.isDisposed ||
+            this.isLoggedOut ||
+            this.currentSession.state === 'FAILED' ||
+            !this.currentSession.sessionToken ||
+            !this.currentSession.expiresAt ||
+            !this.getIdentityToken) {
+            return;
+        }
+        const delayMs = Math.max(0, this.currentSession.expiresAt.getTime() -
+            this.clock.now() -
+            this.refreshWindowMs -
+            this.refreshJitterMs);
+        this.refreshTimer = this.timerScheduler.set(delayMs, () => {
+            this.getBearerToken().catch(() => {
+                this.logger?.warn('Komo embed session refresh failed');
+            });
+        });
+    }
+    cancelRefreshTimer() {
+        this.refreshTimer?.cancel();
+        this.refreshTimer = undefined;
+    }
+    refreshFromLifecycle() {
+        if (this.isLoggedOut || !this.currentSession.sessionToken) {
+            return;
+        }
+        this.getBearerToken().catch(() => {
+            this.logger?.warn('Komo embed session lifecycle refresh failed');
+        });
+    }
+}

package/dist/RefreshScheduler.d.ts

@@ -0,0 +1,10 @@
+export interface TimerHandle {
+    cancel(): void;
+}
+export interface TimerScheduler {
+    set(delayMs: number, callback: () => void): TimerHandle;
+}
+export declare class DefaultTimerScheduler implements TimerScheduler {
+    set(delayMs: number, callback: () => void): TimerHandle;
+}
+//# sourceMappingURL=RefreshScheduler.d.ts.map

package/dist/RefreshScheduler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"RefreshScheduler.d.ts","sourceRoot":"","sources":["../src/RefreshScheduler.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,WAAW;IAC1B,MAAM,IAAI,IAAI,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,IAAI,GAAG,WAAW,CAAC;CACzD;AAED,qBAAa,qBAAsB,YAAW,cAAc;IAC1D,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,IAAI,GAAG,WAAW;CASxD"}

package/dist/RefreshScheduler.js

@@ -0,0 +1,10 @@
+export class DefaultTimerScheduler {
+    set(delayMs, callback) {
+        const timeout = setTimeout(callback, Math.max(0, delayMs));
+        return {
+            cancel: () => {
+                clearTimeout(timeout);
+            }
+        };
+    }
+}

package/dist/errors.d.ts

@@ -0,0 +1,15 @@
+import type { ExchangeFailureReason } from './types.js';
+interface EmbedSessionExchangeErrorOptions {
+    status?: number;
+    failureReason?: ExchangeFailureReason;
+    retryable: boolean;
+    cause?: unknown;
+}
+export declare class EmbedSessionExchangeError extends Error {
+    readonly status?: number;
+    readonly failureReason?: ExchangeFailureReason;
+    readonly retryable: boolean;
+    constructor(message: string, options: EmbedSessionExchangeErrorOptions);
+}
+export {};
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAExD,UAAU,gCAAgC;IACxC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,qBAAqB,CAAC;IACtC,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,qBAAa,yBAA0B,SAAQ,KAAK;IAClD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,aAAa,CAAC,EAAE,qBAAqB,CAAC;IAC/C,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;gBAEhB,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,gCAAgC;CAOvE"}

package/dist/errors.js

@@ -0,0 +1,12 @@
+export class EmbedSessionExchangeError extends Error {
+    status;
+    failureReason;
+    retryable;
+    constructor(message, options) {
+        super(message, { cause: options.cause });
+        this.name = 'EmbedSessionExchangeError';
+        this.status = options.status;
+        this.failureReason = options.failureReason;
+        this.retryable = options.retryable;
+    }
+}

package/dist/events.d.ts

@@ -0,0 +1,28 @@
+import type { EmbedSessionState, EmbedTrustLevel } from './types.js';
+export type EmbedCoreEvents = {
+    authenticated: {
+        contactId: string;
+        trustLevel: EmbedTrustLevel;
+    };
+    sessionExpired: {
+        reason: 'expired' | 'refresh_failed' | 'logged_out';
+    };
+    identityChanged: {
+        previousContactId?: string;
+        contactId: string;
+        reason: 'exchange' | 'merge';
+    };
+    stateChanged: {
+        previousState: EmbedSessionState;
+        state: EmbedSessionState;
+    };
+};
+type EventCallback<Payload> = (payload: Payload) => void;
+export declare class TypedEventEmitter<Events extends Record<string, unknown>> {
+    private readonly listeners;
+    on<EventName extends keyof Events>(eventName: EventName, callback: EventCallback<Events[EventName]>): () => void;
+    emit<EventName extends keyof Events>(eventName: EventName, payload: Events[EventName]): void;
+    clear(): void;
+}
+export {};
+//# sourceMappingURL=events.d.ts.map

package/dist/events.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"events.d.ts","sourceRoot":"","sources":["../src/events.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAErE,MAAM,MAAM,eAAe,GAAG;IAC5B,aAAa,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,eAAe,CAAA;KAAE,CAAC;IAClE,cAAc,EAAE;QAAE,MAAM,EAAE,SAAS,GAAG,gBAAgB,GAAG,YAAY,CAAA;KAAE,CAAC;IACxE,eAAe,EAAE;QACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC;KAC9B,CAAC;IACF,YAAY,EAAE;QAAE,aAAa,EAAE,iBAAiB,CAAC;QAAC,KAAK,EAAE,iBAAiB,CAAA;KAAE,CAAC;CAC9E,CAAC;AAEF,KAAK,aAAa,CAAC,OAAO,IAAI,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,CAAC;AAMzD,qBAAa,iBAAiB,CAAC,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACnE,OAAO,CAAC,QAAQ,CAAC,SAAS,CAGtB;IAEJ,EAAE,CAAC,SAAS,SAAS,MAAM,MAAM,EAC/B,SAAS,EAAE,SAAS,EACpB,QAAQ,EAAE,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,GACzC,MAAM,IAAI;IAcb,IAAI,CAAC,SAAS,SAAS,MAAM,MAAM,EACjC,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,GACzB,IAAI;IAWP,KAAK,IAAI,IAAI;CAGd"}

package/dist/events.js

@@ -0,0 +1,26 @@
+export class TypedEventEmitter {
+    listeners = new Map();
+    on(eventName, callback) {
+        const listeners = this.listeners.get(eventName) ?? new Set();
+        listeners.add(callback);
+        this.listeners.set(eventName, listeners);
+        return () => {
+            listeners.delete(callback);
+            if (listeners.size === 0) {
+                this.listeners.delete(eventName);
+            }
+        };
+    }
+    emit(eventName, payload) {
+        const listeners = this.listeners.get(eventName);
+        if (!listeners) {
+            return;
+        }
+        for (const listener of listeners) {
+            listener(payload);
+        }
+    }
+    clear() {
+        this.listeners.clear();
+    }
+}

package/dist/identity.d.ts

@@ -0,0 +1,13 @@
+import type { IdentityResult } from './types.js';
+export interface IdentityValidationError {
+    code: 'missing_workspace_id' | 'missing_site_id' | 'missing_required_field';
+    message: string;
+}
+interface ValidateIdentityResultInput {
+    workspaceId?: string;
+    siteId?: string;
+    identity: IdentityResult;
+}
+export declare const validateIdentityResult: ({ workspaceId, siteId, identity }: ValidateIdentityResultInput) => IdentityValidationError[];
+export {};
+//# sourceMappingURL=identity.d.ts.map

package/dist/identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../src/identity.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,sBAAsB,GAAG,iBAAiB,GAAG,wBAAwB,CAAC;IAC5E,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,UAAU,2BAA2B;IACnC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,cAAc,CAAC;CAC1B;AAaD,eAAO,MAAM,sBAAsB,GAAI,mCAIpC,2BAA2B,KAAG,uBAAuB,EA0CvD,CAAC"}

package/dist/identity.js

@@ -0,0 +1,46 @@
+const hasText = (value) => typeof value === 'string' && value.trim().length > 0;
+const hasAttributes = (attributes) => Object.keys(attributes).length > 0;
+const missingField = (field) => ({
+    code: 'missing_required_field',
+    message: `Missing required identity field: ${field}`
+});
+export const validateIdentityResult = ({ workspaceId, siteId, identity }) => {
+    const errors = [];
+    if (!hasText(workspaceId)) {
+        errors.push({
+            code: 'missing_workspace_id',
+            message: 'workspaceId is required'
+        });
+    }
+    switch (identity.type) {
+        case 'jwt':
+            if (!hasText(siteId)) {
+                errors.push({
+                    code: 'missing_site_id',
+                    message: 'siteId is required for jwt identity exchange'
+                });
+            }
+            if (!hasText(identity.token)) {
+                errors.push(missingField('token'));
+            }
+            break;
+        case 'email':
+            if (!hasAttributes(identity.attributes)) {
+                errors.push(missingField('attributes'));
+            }
+            break;
+        case 'oauth2':
+            if (!hasText(identity.token)) {
+                errors.push(missingField('token'));
+            }
+            break;
+        case 'custom':
+            if (!hasText(identity.provider)) {
+                errors.push(missingField('provider'));
+            }
+            break;
+        case 'anonymous':
+            break;
+    }
+    return errors;
+};

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+export type { EmbedAuthType, EmbedCustomProvider, EmbedSessionClient, EmbedSessionExchangeRequest, EmbedSessionExchangeResponse, EmbedSessionRefreshRequest, EmbedSessionRefreshResponse, EmbedSessionState, EmbedTrustLevel, ExchangeFailureReason, EmbedCoreLogger, IdentityResult, PlatformLifecycle, PortableAbortSignal } from './types.js';
+export type { IdentityValidationError } from './identity.js';
+export { validateIdentityResult } from './identity.js';
+export { EmbedSessionExchangeError } from './errors.js';
+export type { EmbedCoreEvents } from './events.js';
+export type { FetchEmbedSessionClientOptions, PortableFetch, PortableFetchRequestInit, PortableFetchResponse, PortableHeadersInit, RuntimeFetch } from './FetchEmbedSessionClient.js';
+export { FetchEmbedSessionClient } from './FetchEmbedSessionClient.js';
+export type { CurrentSession, KomoEmbedSessionManagerOptions } from './KomoEmbedSessionManager.js';
+export { KomoEmbedSessionManager } from './KomoEmbedSessionManager.js';
+export type { TimerHandle, TimerScheduler } from './RefreshScheduler.js';
+export { DefaultTimerScheduler } from './RefreshScheduler.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,aAAa,EACb,mBAAmB,EACnB,kBAAkB,EAClB,2BAA2B,EAC3B,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,EAC3B,iBAAiB,EACjB,eAAe,EACf,qBAAqB,EACrB,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,mBAAmB,EACpB,MAAM,YAAY,CAAC;AACpB,YAAY,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AAC7D,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AACxD,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnD,YAAY,EACV,8BAA8B,EAC9B,aAAa,EACb,wBAAwB,EACxB,qBAAqB,EACrB,mBAAmB,EACnB,YAAY,EACb,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,YAAY,EACV,cAAc,EACd,8BAA8B,EAC/B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,YAAY,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACzE,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/index.js

@@ -0,0 +1,5 @@
+export { validateIdentityResult } from './identity.js';
+export { EmbedSessionExchangeError } from './errors.js';
+export { FetchEmbedSessionClient } from './FetchEmbedSessionClient.js';
+export { KomoEmbedSessionManager } from './KomoEmbedSessionManager.js';
+export { DefaultTimerScheduler } from './RefreshScheduler.js';

package/dist/types.d.ts

@@ -0,0 +1,64 @@
+export type EmbedAuthType = 'jwt' | 'email' | 'oauth2' | 'custom' | 'anonymous';
+export type EmbedCustomProvider = string;
+export type EmbedTrustLevel = 'Anonymous' | 'Identified' | 'Verified';
+export interface PortableAbortSignal {
+    readonly aborted: boolean;
+    addEventListener?(type: 'abort', listener: () => void, options?: {
+        once?: boolean;
+    }): void;
+    removeEventListener?(type: 'abort', listener: () => void): void;
+}
+export interface EmbedCoreLogger {
+    debug(message: string, ...data: unknown[]): void;
+    info(message: string, ...data: unknown[]): void;
+    warn(message: string, ...data: unknown[]): void;
+    error(message: string, ...data: unknown[]): void;
+}
+export type EmbedSessionState = 'UNAUTHENTICATED' | 'AUTHENTICATING' | 'AUTHENTICATED' | 'ANONYMOUS' | 'FAILED' | 'LOGGED_OUT';
+export type IdentityResult = {
+    type: 'jwt';
+    token: string;
+} | {
+    type: 'email';
+    attributes: Record<string, string>;
+} | {
+    type: 'oauth2';
+    token: string;
+} | ({
+    type: 'custom';
+    provider: EmbedCustomProvider;
+} & Record<string, unknown>) | {
+    type: 'anonymous';
+};
+export interface EmbedSessionExchangeRequest {
+    workspaceId: string;
+    siteId?: string;
+    identity: IdentityResult;
+}
+export interface EmbedSessionExchangeResponse {
+    sessionToken: string;
+    expiresAt: string;
+    contactId: string;
+    trustLevel: EmbedTrustLevel;
+    mergedFromContactId?: string;
+}
+export interface EmbedSessionRefreshRequest {
+    sessionToken: string;
+}
+export interface EmbedSessionRefreshResponse {
+    sessionToken: string;
+    expiresAt: string;
+    contactId: string;
+    trustLevel: EmbedTrustLevel;
+    mergedFromContactId?: string;
+}
+export type ExchangeFailureReason = 'WorkspaceNotFound' | 'SiteNotFound' | 'TypeNotPermitted' | 'TokenInvalid' | 'AttendeeNotFound' | 'UpstreamUnavailable' | 'OAuth2NotSupported' | 'ContactResolutionFailed' | 'TokenExpired' | 'InternalError';
+export interface EmbedSessionClient {
+    exchange(request: EmbedSessionExchangeRequest, signal?: PortableAbortSignal): Promise<EmbedSessionExchangeResponse>;
+    refresh(request: EmbedSessionRefreshRequest, signal?: PortableAbortSignal): Promise<EmbedSessionRefreshResponse>;
+}
+export interface PlatformLifecycle {
+    onForeground(callback: () => void): () => void;
+    onBFCacheRestore?(callback: () => void): () => void;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,WAAW,CAAC;AAEhF,MAAM,MAAM,mBAAmB,GAAG,MAAM,CAAC;AAEzC,MAAM,MAAM,eAAe,GAAG,WAAW,GAAG,YAAY,GAAG,UAAU,CAAC;AAEtE,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,gBAAgB,CAAC,CACf,IAAI,EAAE,OAAO,EACb,QAAQ,EAAE,MAAM,IAAI,EACpB,OAAO,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,OAAO,CAAA;KAAE,GAC3B,IAAI,CAAC;IACR,mBAAmB,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,GAAG,IAAI,CAAC;CACjE;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACjD,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAChD,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAChD,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;CAClD;AAED,MAAM,MAAM,iBAAiB,GACzB,iBAAiB,GACjB,gBAAgB,GAChB,eAAe,GACf,WAAW,GACX,QAAQ,GACR,YAAY,CAAC;AAEjB,MAAM,MAAM,cAAc,GACtB;IAAE,IAAI,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAC9B;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAAE,GACrD;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GACjC,CAAC;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,QAAQ,EAAE,mBAAmB,CAAA;CAAE,GAAG,MAAM,CACzD,MAAM,EACN,OAAO,CACR,CAAC,GACF;IAAE,IAAI,EAAE,WAAW,CAAA;CAAE,CAAC;AAE1B,MAAM,WAAW,2BAA2B;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,cAAc,CAAC;CAC1B;AAED,MAAM,WAAW,4BAA4B;IAC3C,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,eAAe,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,0BAA0B;IACzC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,2BAA2B;IAC1C,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,eAAe,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,MAAM,qBAAqB,GAC7B,mBAAmB,GACnB,cAAc,GACd,kBAAkB,GAClB,cAAc,GACd,kBAAkB,GAClB,qBAAqB,GACrB,oBAAoB,GACpB,yBAAyB,GACzB,cAAc,GACd,eAAe,CAAC;AAEpB,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CACN,OAAO,EAAE,2BAA2B,EACpC,MAAM,CAAC,EAAE,mBAAmB,GAC3B,OAAO,CAAC,4BAA4B,CAAC,CAAC;IAEzC,OAAO,CACL,OAAO,EAAE,0BAA0B,EACnC,MAAM,CAAC,EAAE,mBAAmB,GAC3B,OAAO,CAAC,2BAA2B,CAAC,CAAC;CACzC;AAED,MAAM,WAAW,iBAAiB;IAChC,YAAY,CAAC,QAAQ,EAAE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC;IAC/C,gBAAgB,CAAC,CAAC,QAAQ,EAAE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC;CACrD"}

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "@komo-tech/embed-core",
+  "version": "0.1.0",
+  "private": false,
+  "description": "Platform-neutral session core for Komo embeds.",
+  "license": "UNLICENSED",
+  "homepage": "https://developers.komo.tech/embedding",
+  "bugs": {
+    "email": "support@komo.tech"
+  },
+  "author": "Komo <support@komo.tech> (https://www.komo.tech/)",
+  "repository": "https://www.komo.tech/",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "type": "module",
+  "sideEffects": false,
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "default": "./dist/index.js"
+    }
+  },
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "devDependencies": {
+    "@types/node": "^25.6.0",
+    "@vitest/coverage-v8": "4.1.0",
+    "oxfmt": "^0.46.0",
+    "oxlint": "^1.61.0",
+    "oxlint-tsgolint": "^0.21.1",
+    "typescript": "5.9.3",
+    "vitest": "4.1.0",
+    "@komo-tech/oxlint-config": "0.0.0",
+    "@komo-tech/typescript-config": "0.0.0"
+  },
+  "scripts": {
+    "build": "pnpm run clean:dist && tsc -p tsconfig.build.json",
+    "clean": "rm -rf dist node_modules",
+    "clean:dist": "rm -rf dist",
+    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput",
+    "format": "oxfmt src || true",
+    "format:check": "oxfmt --check src || true",
+    "lint": "oxlint --type-aware --type-check",
+    "lint:ci": "oxlint --type-aware --type-check --quiet --format=github",
+    "lint:errors": "oxlint --type-aware --type-check --quiet",
+    "lint:fix": "oxlint --type-aware --fix",
+    "test": "vitest run",
+    "test:ci": "vitest run --coverage --reporter=github-actions --reporter=junit --reporter=default --outputFile.junit=./test-reports/test-embed-core.xml"
+  }
+}