@licenseseat/js 0.1.0 → 0.2.1

package/dist/index.js

@@ -1,1019 +1,345 @@
-var __defProp = Object.defineProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
+// src/LicenseSeat.js
+import * as ed from "@noble/ed25519";
+import { sha512 } from "@noble/hashes/sha512";
 
-// node_modules/@noble/ed25519/index.js
-var ed25519_exports = {};
-__export(ed25519_exports, {
-  CURVE: () => ed25519_CURVE,
-  ExtendedPoint: () => Point,
-  Point: () => Point,
-  etc: () => etc,
-  getPublicKey: () => getPublicKey,
-  getPublicKeyAsync: () => getPublicKeyAsync,
-  sign: () => sign,
-  signAsync: () => signAsync,
-  utils: () => utils,
-  verify: () => verify,
-  verifyAsync: () => verifyAsync
-});
-var ed25519_CURVE = {
-  p: 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffedn,
-  n: 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3edn,
-  h: 8n,
-  a: 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffecn,
-  d: 0x52036cee2b6ffe738cc740797779e89800700a4d4141d8ab75eb4dca135978a3n,
-  Gx: 0x216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51an,
-  Gy: 0x6666666666666666666666666666666666666666666666666666666666666658n
-};
-var { p: P, n: N, Gx, Gy, a: _a, d: _d } = ed25519_CURVE;
-var h = 8n;
-var L = 32;
-var L2 = 64;
-var err = (m = "") => {
-  throw new Error(m);
-};
-var isBig = (n) => typeof n === "bigint";
-var isStr = (s) => typeof s === "string";
-var isBytes = (a) => a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
-var abytes = (a, l) => !isBytes(a) || typeof l === "number" && l > 0 && a.length !== l ? err("Uint8Array expected") : a;
-var u8n = (len) => new Uint8Array(len);
-var u8fr = (buf) => Uint8Array.from(buf);
-var padh = (n, pad) => n.toString(16).padStart(pad, "0");
-var bytesToHex = (b) => Array.from(abytes(b)).map((e) => padh(e, 2)).join("");
-var C = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
-var _ch = (ch) => {
-  if (ch >= C._0 && ch <= C._9)
-    return ch - C._0;
-  if (ch >= C.A && ch <= C.F)
-    return ch - (C.A - 10);
-  if (ch >= C.a && ch <= C.f)
-    return ch - (C.a - 10);
-  return;
-};
-var hexToBytes = (hex) => {
-  const e = "hex invalid";
-  if (!isStr(hex))
-    return err(e);
-  const hl = hex.length;
-  const al = hl / 2;
-  if (hl % 2)
-    return err(e);
-  const array = u8n(al);
-  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
-    const n1 = _ch(hex.charCodeAt(hi));
-    const n2 = _ch(hex.charCodeAt(hi + 1));
-    if (n1 === void 0 || n2 === void 0)
-      return err(e);
-    array[ai] = n1 * 16 + n2;
-  }
-  return array;
-};
-var toU8 = (a, len) => abytes(isStr(a) ? hexToBytes(a) : u8fr(abytes(a)), len);
-var cr = () => globalThis?.crypto;
-var subtle = () => cr()?.subtle ?? err("crypto.subtle must be defined");
-var concatBytes = (...arrs) => {
-  const r = u8n(arrs.reduce((sum, a) => sum + abytes(a).length, 0));
-  let pad = 0;
-  arrs.forEach((a) => {
-    r.set(a, pad);
-    pad += a.length;
-  });
-  return r;
-};
-var randomBytes = (len = L) => {
-  const c = cr();
-  return c.getRandomValues(u8n(len));
-};
-var big = BigInt;
-var arange = (n, min, max, msg = "bad number: out of range") => isBig(n) && min <= n && n < max ? n : err(msg);
-var M = (a, b = P) => {
-  const r = a % b;
-  return r >= 0n ? r : b + r;
-};
-var modN = (a) => M(a, N);
-var invert = (num, md) => {
-  if (num === 0n || md <= 0n)
-    err("no inverse n=" + num + " mod=" + md);
-  let a = M(num, md), b = md, x = 0n, y = 1n, u = 1n, v = 0n;
-  while (a !== 0n) {
-    const q = b / a, r = b % a;
-    const m = x - u * q, n = y - v * q;
-    b = a, a = r, x = u, y = v, u = m, v = n;
-  }
-  return b === 1n ? M(x, md) : err("no inverse");
-};
-var callHash = (name) => {
-  const fn = etc[name];
-  if (typeof fn !== "function")
-    err("hashes." + name + " not set");
-  return fn;
-};
-var apoint = (p) => p instanceof Point ? p : err("Point expected");
-var B256 = 2n ** 256n;
-var Point = class _Point {
-  static BASE;
-  static ZERO;
-  ex;
-  ey;
-  ez;
-  et;
-  constructor(ex, ey, ez, et) {
-    const max = B256;
-    this.ex = arange(ex, 0n, max);
-    this.ey = arange(ey, 0n, max);
-    this.ez = arange(ez, 1n, max);
-    this.et = arange(et, 0n, max);
-    Object.freeze(this);
-  }
-  static fromAffine(p) {
-    return new _Point(p.x, p.y, 1n, M(p.x * p.y));
-  }
-  /** RFC8032 5.1.3: Uint8Array to Point. */
-  static fromBytes(hex, zip215 = false) {
-    const d = _d;
-    const normed = u8fr(abytes(hex, L));
-    const lastByte = hex[31];
-    normed[31] = lastByte & ~128;
-    const y = bytesToNumLE(normed);
-    const max = zip215 ? B256 : P;
-    arange(y, 0n, max);
-    const y2 = M(y * y);
-    const u = M(y2 - 1n);
-    const v = M(d * y2 + 1n);
-    let { isValid, value: x } = uvRatio(u, v);
-    if (!isValid)
-      err("bad point: y not sqrt");
-    const isXOdd = (x & 1n) === 1n;
-    const isLastByteOdd = (lastByte & 128) !== 0;
-    if (!zip215 && x === 0n && isLastByteOdd)
-      err("bad point: x==0, isLastByteOdd");
-    if (isLastByteOdd !== isXOdd)
-      x = M(-x);
-    return new _Point(x, y, 1n, M(x * y));
-  }
-  /** Checks if the point is valid and on-curve. */
-  assertValidity() {
-    const a = _a;
-    const d = _d;
-    const p = this;
-    if (p.is0())
-      throw new Error("bad point: ZERO");
-    const { ex: X, ey: Y, ez: Z, et: T } = p;
-    const X2 = M(X * X);
-    const Y2 = M(Y * Y);
-    const Z2 = M(Z * Z);
-    const Z4 = M(Z2 * Z2);
-    const aX2 = M(X2 * a);
-    const left = M(Z2 * M(aX2 + Y2));
-    const right = M(Z4 + M(d * M(X2 * Y2)));
-    if (left !== right)
-      throw new Error("bad point: equation left != right (1)");
-    const XY = M(X * Y);
-    const ZT = M(Z * T);
-    if (XY !== ZT)
-      throw new Error("bad point: equation left != right (2)");
-    return this;
-  }
-  /** Equality check: compare points P&Q. */
-  equals(other) {
-    const { ex: X1, ey: Y1, ez: Z1 } = this;
-    const { ex: X2, ey: Y2, ez: Z2 } = apoint(other);
-    const X1Z2 = M(X1 * Z2);
-    const X2Z1 = M(X2 * Z1);
-    const Y1Z2 = M(Y1 * Z2);
-    const Y2Z1 = M(Y2 * Z1);
-    return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;
-  }
-  is0() {
-    return this.equals(I);
-  }
-  /** Flip point over y coordinate. */
-  negate() {
-    return new _Point(M(-this.ex), this.ey, this.ez, M(-this.et));
-  }
-  /** Point doubling. Complete formula. Cost: `4M + 4S + 1*a + 6add + 1*2`. */
-  double() {
-    const { ex: X1, ey: Y1, ez: Z1 } = this;
-    const a = _a;
-    const A = M(X1 * X1);
-    const B = M(Y1 * Y1);
-    const C2 = M(2n * M(Z1 * Z1));
-    const D = M(a * A);
-    const x1y1 = X1 + Y1;
-    const E = M(M(x1y1 * x1y1) - A - B);
-    const G2 = D + B;
-    const F = G2 - C2;
-    const H = D - B;
-    const X3 = M(E * F);
-    const Y3 = M(G2 * H);
-    const T3 = M(E * H);
-    const Z3 = M(F * G2);
-    return new _Point(X3, Y3, Z3, T3);
+// src/cache.js
+var LicenseCache = class {
+  /**
+   * Create a LicenseCache instance
+   * @param {string} [prefix="licenseseat_"] - Prefix for all localStorage keys
+   */
+  constructor(prefix = "licenseseat_") {
+    this.prefix = prefix;
+    this.publicKeyCacheKey = this.prefix + "public_keys";
   }
-  /** Point addition. Complete formula. Cost: `8M + 1*k + 8add + 1*2`. */
-  add(other) {
-    const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this;
-    const { ex: X2, ey: Y2, ez: Z2, et: T2 } = apoint(other);
-    const a = _a;
-    const d = _d;
-    const A = M(X1 * X2);
-    const B = M(Y1 * Y2);
-    const C2 = M(T1 * d * T2);
-    const D = M(Z1 * Z2);
-    const E = M((X1 + Y1) * (X2 + Y2) - A - B);
-    const F = M(D - C2);
-    const G2 = M(D + C2);
-    const H = M(B - a * A);
-    const X3 = M(E * F);
-    const Y3 = M(G2 * H);
-    const T3 = M(E * H);
-    const Z3 = M(F * G2);
-    return new _Point(X3, Y3, Z3, T3);
+  /**
+   * Get the cached license data
+   * @returns {import('./types.js').CachedLicense|null} Cached license or null if not found
+   */
+  getLicense() {
+    try {
+      const data = localStorage.getItem(this.prefix + "license");
+      return data ? JSON.parse(data) : null;
+    } catch (e) {
+      console.error("Failed to read license cache:", e);
+      return null;
+    }
   }
   /**
-   * Point-by-scalar multiplication. Scalar must be in range 1 <= n < CURVE.n.
-   * Uses {@link wNAF} for base point.
-   * Uses fake point to mitigate side-channel leakage.
-   * @param n scalar by which point is multiplied
-   * @param safe safe mode guards against timing attacks; unsafe mode is faster
+   * Store license data in cache
+   * @param {import('./types.js').CachedLicense} data - License data to cache
+   * @returns {void}
    */
-  multiply(n, safe = true) {
-    if (!safe && (n === 0n || this.is0()))
-      return I;
-    arange(n, 1n, N);
-    if (n === 1n)
-      return this;
-    if (this.equals(G))
-      return wNAF(n).p;
-    let p = I;
-    let f = G;
-    for (let d = this; n > 0n; d = d.double(), n >>= 1n) {
-      if (n & 1n)
-        p = p.add(d);
-      else if (safe)
-        f = f.add(d);
+  setLicense(data) {
+    try {
+      localStorage.setItem(this.prefix + "license", JSON.stringify(data));
+    } catch (e) {
+      console.error("Failed to cache license:", e);
     }
-    return p;
   }
-  /** Convert point to 2d xy affine point. (X, Y, Z) ∋ (x=X/Z, y=Y/Z) */
-  toAffine() {
-    const { ex: x, ey: y, ez: z } = this;
-    if (this.equals(I))
-      return { x: 0n, y: 1n };
-    const iz = invert(z, P);
-    if (M(z * iz) !== 1n)
-      err("invalid inverse");
-    return { x: M(x * iz), y: M(y * iz) };
+  /**
+   * Update the validation data for the cached license
+   * @param {import('./types.js').ValidationResult} validationData - Validation result to store
+   * @returns {void}
+   */
+  updateValidation(validationData) {
+    const license = this.getLicense();
+    if (license) {
+      license.validation = validationData;
+      license.last_validated = (/* @__PURE__ */ new Date()).toISOString();
+      this.setLicense(license);
+    }
   }
-  toBytes() {
-    const { x, y } = this.assertValidity().toAffine();
-    const b = numTo32bLE(y);
-    b[31] |= x & 1n ? 128 : 0;
-    return b;
+  /**
+   * Get the device identifier from the cached license
+   * @returns {string|null} Device identifier or null if not found
+   */
+  getDeviceId() {
+    const license = this.getLicense();
+    return license ? license.device_identifier : null;
   }
-  toHex() {
-    return bytesToHex(this.toBytes());
+  /**
+   * Clear the cached license data
+   * @returns {void}
+   */
+  clearLicense() {
+    localStorage.removeItem(this.prefix + "license");
   }
-  // encode to hex string
-  clearCofactor() {
-    return this.multiply(big(h), false);
+  /**
+   * Get the cached offline license
+   * @returns {import('./types.js').SignedOfflineLicense|null} Offline license or null if not found
+   */
+  getOfflineLicense() {
+    try {
+      const data = localStorage.getItem(this.prefix + "offline_license");
+      return data ? JSON.parse(data) : null;
+    } catch (e) {
+      console.error("Failed to read offline license cache:", e);
+      return null;
+    }
   }
-  isSmallOrder() {
-    return this.clearCofactor().is0();
+  /**
+   * Store offline license data in cache
+   * @param {import('./types.js').SignedOfflineLicense} data - Signed offline license to cache
+   * @returns {void}
+   */
+  setOfflineLicense(data) {
+    try {
+      localStorage.setItem(
+        this.prefix + "offline_license",
+        JSON.stringify(data)
+      );
+    } catch (e) {
+      console.error("Failed to cache offline license:", e);
+    }
   }
-  isTorsionFree() {
-    let p = this.multiply(N / 2n, false).double();
-    if (N % 2n)
-      p = p.add(this);
-    return p.is0();
+  /**
+   * Clear the cached offline license
+   * @returns {void}
+   */
+  clearOfflineLicense() {
+    localStorage.removeItem(this.prefix + "offline_license");
   }
-  static fromHex(hex, zip215) {
-    return _Point.fromBytes(toU8(hex), zip215);
+  /**
+   * Get a cached public key by key ID
+   * @param {string} keyId - The key ID to look up
+   * @returns {string|null} Base64-encoded public key or null if not found
+   */
+  getPublicKey(keyId) {
+    try {
+      const cache = JSON.parse(
+        localStorage.getItem(this.publicKeyCacheKey) || "{}"
+      );
+      return cache[keyId] || null;
+    } catch (e) {
+      console.error("Failed to read public key cache:", e);
+      return null;
+    }
   }
-  get x() {
-    return this.toAffine().x;
+  /**
+   * Store a public key in cache
+   * @param {string} keyId - The key ID
+   * @param {string} publicKeyB64 - Base64-encoded public key
+   * @returns {void}
+   */
+  setPublicKey(keyId, publicKeyB64) {
+    try {
+      const cache = JSON.parse(
+        localStorage.getItem(this.publicKeyCacheKey) || "{}"
+      );
+      cache[keyId] = publicKeyB64;
+      localStorage.setItem(this.publicKeyCacheKey, JSON.stringify(cache));
+    } catch (e) {
+      console.error("Failed to cache public key:", e);
+    }
   }
-  get y() {
-    return this.toAffine().y;
+  /**
+   * Clear all LicenseSeat SDK data for this prefix
+   * @returns {void}
+   */
+  clear() {
+    Object.keys(localStorage).forEach((key) => {
+      if (key.startsWith(this.prefix)) {
+        localStorage.removeItem(key);
+      }
+    });
+    this.clearOfflineLicense();
+    localStorage.removeItem(this.prefix + "last_seen_ts");
   }
-  toRawBytes() {
-    return this.toBytes();
+  /**
+   * Get the last seen timestamp (for clock tamper detection)
+   * @returns {number|null} Unix timestamp in milliseconds or null if not set
+   */
+  getLastSeenTimestamp() {
+    const v = localStorage.getItem(this.prefix + "last_seen_ts");
+    return v ? parseInt(v, 10) : null;
   }
-};
-var G = new Point(Gx, Gy, 1n, M(Gx * Gy));
-var I = new Point(0n, 1n, 1n, 0n);
-Point.BASE = G;
-Point.ZERO = I;
-var numTo32bLE = (num) => hexToBytes(padh(arange(num, 0n, B256), L2)).reverse();
-var bytesToNumLE = (b) => big("0x" + bytesToHex(u8fr(abytes(b)).reverse()));
-var pow2 = (x, power) => {
-  let r = x;
-  while (power-- > 0n) {
-    r *= r;
-    r %= P;
+  /**
+   * Store the last seen timestamp
+   * @param {number} ts - Unix timestamp in milliseconds
+   * @returns {void}
+   */
+  setLastSeenTimestamp(ts) {
+    try {
+      localStorage.setItem(this.prefix + "last_seen_ts", String(ts));
+    } catch (e) {
+    }
   }
-  return r;
-};
-var pow_2_252_3 = (x) => {
-  const x2 = x * x % P;
-  const b2 = x2 * x % P;
-  const b4 = pow2(b2, 2n) * b2 % P;
-  const b5 = pow2(b4, 1n) * x % P;
-  const b10 = pow2(b5, 5n) * b5 % P;
-  const b20 = pow2(b10, 10n) * b10 % P;
-  const b40 = pow2(b20, 20n) * b20 % P;
-  const b80 = pow2(b40, 40n) * b40 % P;
-  const b160 = pow2(b80, 80n) * b80 % P;
-  const b240 = pow2(b160, 80n) * b80 % P;
-  const b250 = pow2(b240, 10n) * b10 % P;
-  const pow_p_5_8 = pow2(b250, 2n) * x % P;
-  return { pow_p_5_8, b2 };
-};
-var RM1 = 0x2b8324804fc1df0b2b4d00993dfbd7a72f431806ad2fe478c4ee1b274a0ea0b0n;
-var uvRatio = (u, v) => {
-  const v3 = M(v * v * v);
-  const v7 = M(v3 * v3 * v);
-  const pow = pow_2_252_3(u * v7).pow_p_5_8;
-  let x = M(u * v3 * pow);
-  const vx2 = M(v * x * x);
-  const root1 = x;
-  const root2 = M(x * RM1);
-  const useRoot1 = vx2 === u;
-  const useRoot2 = vx2 === M(-u);
-  const noRoot = vx2 === M(-u * RM1);
-  if (useRoot1)
-    x = root1;
-  if (useRoot2 || noRoot)
-    x = root2;
-  if ((M(x) & 1n) === 1n)
-    x = M(-x);
-  return { isValid: useRoot1 || useRoot2, value: x };
-};
-var modL_LE = (hash) => modN(bytesToNumLE(hash));
-var sha512a = (...m) => etc.sha512Async(...m);
-var sha512s = (...m) => callHash("sha512Sync")(...m);
-var hash2extK = (hashed) => {
-  const head = hashed.slice(0, L);
-  head[0] &= 248;
-  head[31] &= 127;
-  head[31] |= 64;
-  const prefix = hashed.slice(L, L2);
-  const scalar = modL_LE(head);
-  const point = G.multiply(scalar);
-  const pointBytes = point.toBytes();
-  return { head, prefix, scalar, point, pointBytes };
-};
-var getExtendedPublicKeyAsync = (priv) => sha512a(toU8(priv, L)).then(hash2extK);
-var getExtendedPublicKey = (priv) => hash2extK(sha512s(toU8(priv, L)));
-var getPublicKeyAsync = (priv) => getExtendedPublicKeyAsync(priv).then((p) => p.pointBytes);
-var getPublicKey = (priv) => getExtendedPublicKey(priv).pointBytes;
-var hashFinishA = (res) => sha512a(res.hashable).then(res.finish);
-var hashFinishS = (res) => res.finish(sha512s(res.hashable));
-var _sign = (e, rBytes, msg) => {
-  const { pointBytes: P2, scalar: s } = e;
-  const r = modL_LE(rBytes);
-  const R = G.multiply(r).toBytes();
-  const hashable = concatBytes(R, P2, msg);
-  const finish = (hashed) => {
-    const S = modN(r + modL_LE(hashed) * s);
-    return abytes(concatBytes(R, numTo32bLE(S)), L2);
-  };
-  return { hashable, finish };
-};
-var signAsync = async (msg, privKey) => {
-  const m = toU8(msg);
-  const e = await getExtendedPublicKeyAsync(privKey);
-  const rBytes = await sha512a(e.prefix, m);
-  return hashFinishA(_sign(e, rBytes, m));
-};
-var sign = (msg, privKey) => {
-  const m = toU8(msg);
-  const e = getExtendedPublicKey(privKey);
-  const rBytes = sha512s(e.prefix, m);
-  return hashFinishS(_sign(e, rBytes, m));
 };
-var veriOpts = { zip215: true };
-var _verify = (sig, msg, pub, opts = veriOpts) => {
-  sig = toU8(sig, L2);
-  msg = toU8(msg);
-  pub = toU8(pub, L);
-  const { zip215 } = opts;
-  let A;
-  let R;
-  let s;
-  let SB;
-  let hashable = Uint8Array.of();
-  try {
-    A = Point.fromHex(pub, zip215);
-    R = Point.fromHex(sig.slice(0, L), zip215);
-    s = bytesToNumLE(sig.slice(L, L2));
-    SB = G.multiply(s, false);
-    hashable = concatBytes(R.toBytes(), A.toBytes(), msg);
-  } catch (error) {
+
+// src/errors.js
+var APIError = class extends Error {
+  /**
+   * Create an APIError
+   * @param {string} message - Error message
+   * @param {number} status - HTTP status code (0 for network failures)
+   * @param {import('./types.js').APIErrorData} [data] - Additional error data from the API response
+   */
+  constructor(message, status, data) {
+    super(message);
+    this.name = "APIError";
+    this.status = status;
+    this.data = data;
   }
-  const finish = (hashed) => {
-    if (SB == null)
-      return false;
-    if (!zip215 && A.isSmallOrder())
-      return false;
-    const k = modL_LE(hashed);
-    const RkA = R.add(A.multiply(k, false));
-    return RkA.add(SB.negate()).clearCofactor().is0();
-  };
-  return { hashable, finish };
 };
-var verifyAsync = async (s, m, p, opts = veriOpts) => hashFinishA(_verify(s, m, p, opts));
-var verify = (s, m, p, opts = veriOpts) => hashFinishS(_verify(s, m, p, opts));
-var etc = {
-  sha512Async: async (...messages) => {
-    const s = subtle();
-    const m = concatBytes(...messages);
-    return u8n(await s.digest("SHA-512", m.buffer));
-  },
-  sha512Sync: void 0,
-  bytesToHex,
-  hexToBytes,
-  concatBytes,
-  mod: M,
-  invert,
-  randomBytes
-};
-var utils = {
-  getExtendedPublicKeyAsync,
-  getExtendedPublicKey,
-  randomPrivateKey: () => randomBytes(L),
-  precompute: (w = 8, p = G) => {
-    p.multiply(3n);
-    w;
-    return p;
+var ConfigurationError = class extends Error {
+  /**
+   * Create a ConfigurationError
+   * @param {string} message - Error message
+   */
+  constructor(message) {
+    super(message);
+    this.name = "ConfigurationError";
   }
-  // no-op
 };
-var W = 8;
-var scalarBits = 256;
-var pwindows = Math.ceil(scalarBits / W) + 1;
-var pwindowSize = 2 ** (W - 1);
-var precompute = () => {
-  const points = [];
-  let p = G;
-  let b = p;
-  for (let w = 0; w < pwindows; w++) {
-    b = p;
-    points.push(b);
-    for (let i = 1; i < pwindowSize; i++) {
-      b = b.add(p);
-      points.push(b);
-    }
-    p = b.double();
+var LicenseError = class extends Error {
+  /**
+   * Create a LicenseError
+   * @param {string} message - Error message
+   * @param {string} [code] - Machine-readable error code
+   */
+  constructor(message, code) {
+    super(message);
+    this.name = "LicenseError";
+    this.code = code;
   }
-  return points;
 };
-var Gpows = void 0;
-var ctneg = (cnd, p) => {
-  const n = p.negate();
-  return cnd ? n : p;
-};
-var wNAF = (n) => {
-  const comp = Gpows || (Gpows = precompute());
-  let p = I;
-  let f = G;
-  const pow_2_w = 2 ** W;
-  const maxNum = pow_2_w;
-  const mask = big(pow_2_w - 1);
-  const shiftBy = big(W);
-  for (let w = 0; w < pwindows; w++) {
-    let wbits = Number(n & mask);
-    n >>= shiftBy;
-    if (wbits > pwindowSize) {
-      wbits -= maxNum;
-      n += 1n;
-    }
-    const off = w * pwindowSize;
-    const offF = off;
-    const offP = off + Math.abs(wbits) - 1;
-    const isEven = w % 2 !== 0;
-    const isNeg = wbits < 0;
-    if (wbits === 0) {
-      f = f.add(ctneg(isEven, comp[offF]));
-    } else {
-      p = p.add(ctneg(isNeg, comp[offP]));
-    }
+var CryptoError = class extends Error {
+  /**
+   * Create a CryptoError
+   * @param {string} message - Error message
+   */
+  constructor(message) {
+    super(message);
+    this.name = "CryptoError";
   }
-  return { p, f };
 };
 
-// node_modules/@noble/hashes/esm/utils.js
-function isBytes2(a) {
-  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
-}
-function abytes2(b, ...lengths) {
-  if (!isBytes2(b))
-    throw new Error("Uint8Array expected");
-  if (lengths.length > 0 && !lengths.includes(b.length))
-    throw new Error("Uint8Array expected of length " + lengths + ", got length=" + b.length);
+// src/utils.js
+import CJSON from "canonical-json";
+function parseActiveEntitlements(payload = {}) {
+  const raw = payload.active_ents || payload.active_entitlements || [];
+  return raw.map((e) => ({
+    key: e.key,
+    expires_at: e.expires_at ?? null,
+    metadata: e.metadata ?? null
+  }));
 }
-function aexists(instance, checkFinished = true) {
-  if (instance.destroyed)
-    throw new Error("Hash instance has been destroyed");
-  if (checkFinished && instance.finished)
-    throw new Error("Hash#digest() has already been called");
-}
-function aoutput(out, instance) {
-  abytes2(out);
-  const min = instance.outputLen;
-  if (out.length < min) {
-    throw new Error("digestInto() expects output buffer of length at least " + min);
-  }
-}
-function clean(...arrays) {
-  for (let i = 0; i < arrays.length; i++) {
-    arrays[i].fill(0);
+function constantTimeEqual(a = "", b = "") {
+  if (a.length !== b.length)
+    return false;
+  let res = 0;
+  for (let i = 0; i < a.length; i++) {
+    res |= a.charCodeAt(i) ^ b.charCodeAt(i);
   }
+  return res === 0;
 }
-function createView(arr) {
-  return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
-}
-function utf8ToBytes(str2) {
-  if (typeof str2 !== "string")
-    throw new Error("string expected");
-  return new Uint8Array(new TextEncoder().encode(str2));
-}
-function toBytes(data) {
-  if (typeof data === "string")
-    data = utf8ToBytes(data);
-  abytes2(data);
-  return data;
-}
-var Hash = class {
-};
-function createHasher(hashCons) {
-  const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
-  const tmp = hashCons();
-  hashC.outputLen = tmp.outputLen;
-  hashC.blockLen = tmp.blockLen;
-  hashC.create = () => hashCons();
-  return hashC;
-}
-
-// node_modules/@noble/hashes/esm/_md.js
-function setBigUint64(view, byteOffset, value, isLE) {
-  if (typeof view.setBigUint64 === "function")
-    return view.setBigUint64(byteOffset, value, isLE);
-  const _32n2 = BigInt(32);
-  const _u32_max = BigInt(4294967295);
-  const wh = Number(value >> _32n2 & _u32_max);
-  const wl = Number(value & _u32_max);
-  const h2 = isLE ? 4 : 0;
-  const l = isLE ? 0 : 4;
-  view.setUint32(byteOffset + h2, wh, isLE);
-  view.setUint32(byteOffset + l, wl, isLE);
-}
-var HashMD = class extends Hash {
-  constructor(blockLen, outputLen, padOffset, isLE) {
-    super();
-    this.finished = false;
-    this.length = 0;
-    this.pos = 0;
-    this.destroyed = false;
-    this.blockLen = blockLen;
-    this.outputLen = outputLen;
-    this.padOffset = padOffset;
-    this.isLE = isLE;
-    this.buffer = new Uint8Array(blockLen);
-    this.view = createView(this.buffer);
-  }
-  update(data) {
-    aexists(this);
-    data = toBytes(data);
-    abytes2(data);
-    const { view, buffer, blockLen } = this;
-    const len = data.length;
-    for (let pos = 0; pos < len; ) {
-      const take = Math.min(blockLen - this.pos, len - pos);
-      if (take === blockLen) {
-        const dataView = createView(data);
-        for (; blockLen <= len - pos; pos += blockLen)
-          this.process(dataView, pos);
-        continue;
-      }
-      buffer.set(data.subarray(pos, pos + take), this.pos);
-      this.pos += take;
-      pos += take;
-      if (this.pos === blockLen) {
-        this.process(view, 0);
-        this.pos = 0;
-      }
-    }
-    this.length += data.length;
-    this.roundClean();
-    return this;
-  }
-  digestInto(out) {
-    aexists(this);
-    aoutput(out, this);
-    this.finished = true;
-    const { buffer, view, blockLen, isLE } = this;
-    let { pos } = this;
-    buffer[pos++] = 128;
-    clean(this.buffer.subarray(pos));
-    if (this.padOffset > blockLen - pos) {
-      this.process(view, 0);
-      pos = 0;
+function canonicalJsonStringify(obj) {
+  const stringify = typeof CJSON === "function" ? CJSON : CJSON && typeof CJSON === "object" ? (
+    /** @type {any} */
+    CJSON.stringify
+  ) : void 0;
+  if (!stringify || typeof stringify !== "function") {
+    console.warn(
+      "[LicenseSeat SDK] canonical-json library not loaded correctly. Falling back to basic JSON.stringify. Signature verification might be unreliable if server uses different canonicalization."
+    );
+    try {
+      const sortedObj = {};
+      Object.keys(obj).sort().forEach((key) => {
+        sortedObj[key] = obj[key];
+      });
+      return JSON.stringify(sortedObj);
+    } catch (e) {
+      return JSON.stringify(obj);
     }
-    for (let i = pos; i < blockLen; i++)
-      buffer[i] = 0;
-    setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);
-    this.process(view, 0);
-    const oview = createView(out);
-    const len = this.outputLen;
-    if (len % 4)
-      throw new Error("_sha2: outputLen should be aligned to 32bit");
-    const outLen = len / 4;
-    const state = this.get();
-    if (outLen > state.length)
-      throw new Error("_sha2: outputLen bigger than state");
-    for (let i = 0; i < outLen; i++)
-      oview.setUint32(4 * i, state[i], isLE);
-  }
-  digest() {
-    const { buffer, outputLen } = this;
-    this.digestInto(buffer);
-    const res = buffer.slice(0, outputLen);
-    this.destroy();
-    return res;
-  }
-  _cloneInto(to) {
-    to || (to = new this.constructor());
-    to.set(...this.get());
-    const { blockLen, buffer, length, finished, destroyed, pos } = this;
-    to.destroyed = destroyed;
-    to.finished = finished;
-    to.length = length;
-    to.pos = pos;
-    if (length % blockLen)
-      to.buffer.set(buffer);
-    return to;
-  }
-  clone() {
-    return this._cloneInto();
   }
-};
-var SHA512_IV = /* @__PURE__ */ Uint32Array.from([
-  1779033703,
-  4089235720,
-  3144134277,
-  2227873595,
-  1013904242,
-  4271175723,
-  2773480762,
-  1595750129,
-  1359893119,
-  2917565137,
-  2600822924,
-  725511199,
-  528734635,
-  4215389547,
-  1541459225,
-  327033209
-]);
-
-// node_modules/@noble/hashes/esm/_u64.js
-var U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
-var _32n = /* @__PURE__ */ BigInt(32);
-function fromBig(n, le = false) {
-  if (le)
-    return { h: Number(n & U32_MASK64), l: Number(n >> _32n & U32_MASK64) };
-  return { h: Number(n >> _32n & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };
+  return stringify(obj);
 }
-function split(lst, le = false) {
-  const len = lst.length;
-  let Ah = new Uint32Array(len);
-  let Al = new Uint32Array(len);
-  for (let i = 0; i < len; i++) {
-    const { h: h2, l } = fromBig(lst[i], le);
-    [Ah[i], Al[i]] = [h2, l];
+function base64UrlDecode(base64UrlString) {
+  let base64 = base64UrlString.replace(/-/g, "+").replace(/_/g, "/");
+  while (base64.length % 4) {
+    base64 += "=";
   }
-  return [Ah, Al];
+  const raw = window.atob(base64);
+  const outputArray = new Uint8Array(raw.length);
+  for (let i = 0; i < raw.length; ++i) {
+    outputArray[i] = raw.charCodeAt(i);
+  }
+  return outputArray;
 }
-var shrSH = (h2, _l, s) => h2 >>> s;
-var shrSL = (h2, l, s) => h2 << 32 - s | l >>> s;
-var rotrSH = (h2, l, s) => h2 >>> s | l << 32 - s;
-var rotrSL = (h2, l, s) => h2 << 32 - s | l >>> s;
-var rotrBH = (h2, l, s) => h2 << 64 - s | l >>> s - 32;
-var rotrBL = (h2, l, s) => h2 >>> s - 32 | l << 64 - s;
-function add(Ah, Al, Bh, Bl) {
-  const l = (Al >>> 0) + (Bl >>> 0);
-  return { h: Ah + Bh + (l / 2 ** 32 | 0) | 0, l: l | 0 };
+function hashCode(str) {
+  let hash = 0;
+  for (let i = 0; i < str.length; i++) {
+    const char = str.charCodeAt(i);
+    hash = (hash << 5) - hash + char;
+    hash = hash & hash;
+  }
+  return Math.abs(hash).toString(36);
 }
-var add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);
-var add3H = (low, Ah, Bh, Ch) => Ah + Bh + Ch + (low / 2 ** 32 | 0) | 0;
-var add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);
-var add4H = (low, Ah, Bh, Ch, Dh) => Ah + Bh + Ch + Dh + (low / 2 ** 32 | 0) | 0;
-var add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);
-var add5H = (low, Ah, Bh, Ch, Dh, Eh) => Ah + Bh + Ch + Dh + Eh + (low / 2 ** 32 | 0) | 0;
-
-// node_modules/@noble/hashes/esm/sha2.js
-var K512 = /* @__PURE__ */ (() => split([
-  "0x428a2f98d728ae22",
-  "0x7137449123ef65cd",
-  "0xb5c0fbcfec4d3b2f",
-  "0xe9b5dba58189dbbc",
-  "0x3956c25bf348b538",
-  "0x59f111f1b605d019",
-  "0x923f82a4af194f9b",
-  "0xab1c5ed5da6d8118",
-  "0xd807aa98a3030242",
-  "0x12835b0145706fbe",
-  "0x243185be4ee4b28c",
-  "0x550c7dc3d5ffb4e2",
-  "0x72be5d74f27b896f",
-  "0x80deb1fe3b1696b1",
-  "0x9bdc06a725c71235",
-  "0xc19bf174cf692694",
-  "0xe49b69c19ef14ad2",
-  "0xefbe4786384f25e3",
-  "0x0fc19dc68b8cd5b5",
-  "0x240ca1cc77ac9c65",
-  "0x2de92c6f592b0275",
-  "0x4a7484aa6ea6e483",
-  "0x5cb0a9dcbd41fbd4",
-  "0x76f988da831153b5",
-  "0x983e5152ee66dfab",
-  "0xa831c66d2db43210",
-  "0xb00327c898fb213f",
-  "0xbf597fc7beef0ee4",
-  "0xc6e00bf33da88fc2",
-  "0xd5a79147930aa725",
-  "0x06ca6351e003826f",
-  "0x142929670a0e6e70",
-  "0x27b70a8546d22ffc",
-  "0x2e1b21385c26c926",
-  "0x4d2c6dfc5ac42aed",
-  "0x53380d139d95b3df",
-  "0x650a73548baf63de",
-  "0x766a0abb3c77b2a8",
-  "0x81c2c92e47edaee6",
-  "0x92722c851482353b",
-  "0xa2bfe8a14cf10364",
-  "0xa81a664bbc423001",
-  "0xc24b8b70d0f89791",
-  "0xc76c51a30654be30",
-  "0xd192e819d6ef5218",
-  "0xd69906245565a910",
-  "0xf40e35855771202a",
-  "0x106aa07032bbd1b8",
-  "0x19a4c116b8d2d0c8",
-  "0x1e376c085141ab53",
-  "0x2748774cdf8eeb99",
-  "0x34b0bcb5e19b48a8",
-  "0x391c0cb3c5c95a63",
-  "0x4ed8aa4ae3418acb",
-  "0x5b9cca4f7763e373",
-  "0x682e6ff3d6b2b8a3",
-  "0x748f82ee5defb2fc",
-  "0x78a5636f43172f60",
-  "0x84c87814a1f0ab72",
-  "0x8cc702081a6439ec",
-  "0x90befffa23631e28",
-  "0xa4506cebde82bde9",
-  "0xbef9a3f7b2c67915",
-  "0xc67178f2e372532b",
-  "0xca273eceea26619c",
-  "0xd186b8c721c0c207",
-  "0xeada7dd6cde0eb1e",
-  "0xf57d4f7fee6ed178",
-  "0x06f067aa72176fba",
-  "0x0a637dc5a2c898a6",
-  "0x113f9804bef90dae",
-  "0x1b710b35131c471b",
-  "0x28db77f523047d84",
-  "0x32caab7b40c72493",
-  "0x3c9ebe0a15c9bebc",
-  "0x431d67c49c100d4c",
-  "0x4cc5d4becb3e42b6",
-  "0x597f299cfc657e2a",
-  "0x5fcb6fab3ad6faec",
-  "0x6c44198c4a475817"
-].map((n) => BigInt(n))))();
-var SHA512_Kh = /* @__PURE__ */ (() => K512[0])();
-var SHA512_Kl = /* @__PURE__ */ (() => K512[1])();
-var SHA512_W_H = /* @__PURE__ */ new Uint32Array(80);
-var SHA512_W_L = /* @__PURE__ */ new Uint32Array(80);
-var SHA512 = class extends HashMD {
-  constructor(outputLen = 64) {
-    super(128, outputLen, 16, false);
-    this.Ah = SHA512_IV[0] | 0;
-    this.Al = SHA512_IV[1] | 0;
-    this.Bh = SHA512_IV[2] | 0;
-    this.Bl = SHA512_IV[3] | 0;
-    this.Ch = SHA512_IV[4] | 0;
-    this.Cl = SHA512_IV[5] | 0;
-    this.Dh = SHA512_IV[6] | 0;
-    this.Dl = SHA512_IV[7] | 0;
-    this.Eh = SHA512_IV[8] | 0;
-    this.El = SHA512_IV[9] | 0;
-    this.Fh = SHA512_IV[10] | 0;
-    this.Fl = SHA512_IV[11] | 0;
-    this.Gh = SHA512_IV[12] | 0;
-    this.Gl = SHA512_IV[13] | 0;
-    this.Hh = SHA512_IV[14] | 0;
-    this.Hl = SHA512_IV[15] | 0;
-  }
-  // prettier-ignore
-  get() {
-    const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;
-    return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl];
-  }
-  // prettier-ignore
-  set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) {
-    this.Ah = Ah | 0;
-    this.Al = Al | 0;
-    this.Bh = Bh | 0;
-    this.Bl = Bl | 0;
-    this.Ch = Ch | 0;
-    this.Cl = Cl | 0;
-    this.Dh = Dh | 0;
-    this.Dl = Dl | 0;
-    this.Eh = Eh | 0;
-    this.El = El | 0;
-    this.Fh = Fh | 0;
-    this.Fl = Fl | 0;
-    this.Gh = Gh | 0;
-    this.Gl = Gl | 0;
-    this.Hh = Hh | 0;
-    this.Hl = Hl | 0;
-  }
-  process(view, offset) {
-    for (let i = 0; i < 16; i++, offset += 4) {
-      SHA512_W_H[i] = view.getUint32(offset);
-      SHA512_W_L[i] = view.getUint32(offset += 4);
-    }
-    for (let i = 16; i < 80; i++) {
-      const W15h = SHA512_W_H[i - 15] | 0;
-      const W15l = SHA512_W_L[i - 15] | 0;
-      const s0h = rotrSH(W15h, W15l, 1) ^ rotrSH(W15h, W15l, 8) ^ shrSH(W15h, W15l, 7);
-      const s0l = rotrSL(W15h, W15l, 1) ^ rotrSL(W15h, W15l, 8) ^ shrSL(W15h, W15l, 7);
-      const W2h = SHA512_W_H[i - 2] | 0;
-      const W2l = SHA512_W_L[i - 2] | 0;
-      const s1h = rotrSH(W2h, W2l, 19) ^ rotrBH(W2h, W2l, 61) ^ shrSH(W2h, W2l, 6);
-      const s1l = rotrSL(W2h, W2l, 19) ^ rotrBL(W2h, W2l, 61) ^ shrSL(W2h, W2l, 6);
-      const SUMl = add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]);
-      const SUMh = add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]);
-      SHA512_W_H[i] = SUMh | 0;
-      SHA512_W_L[i] = SUMl | 0;
-    }
-    let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;
-    for (let i = 0; i < 80; i++) {
-      const sigma1h = rotrSH(Eh, El, 14) ^ rotrSH(Eh, El, 18) ^ rotrBH(Eh, El, 41);
-      const sigma1l = rotrSL(Eh, El, 14) ^ rotrSL(Eh, El, 18) ^ rotrBL(Eh, El, 41);
-      const CHIh = Eh & Fh ^ ~Eh & Gh;
-      const CHIl = El & Fl ^ ~El & Gl;
-      const T1ll = add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);
-      const T1h = add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]);
-      const T1l = T1ll | 0;
-      const sigma0h = rotrSH(Ah, Al, 28) ^ rotrBH(Ah, Al, 34) ^ rotrBH(Ah, Al, 39);
-      const sigma0l = rotrSL(Ah, Al, 28) ^ rotrBL(Ah, Al, 34) ^ rotrBL(Ah, Al, 39);
-      const MAJh = Ah & Bh ^ Ah & Ch ^ Bh & Ch;
-      const MAJl = Al & Bl ^ Al & Cl ^ Bl & Cl;
-      Hh = Gh | 0;
-      Hl = Gl | 0;
-      Gh = Fh | 0;
-      Gl = Fl | 0;
-      Fh = Eh | 0;
-      Fl = El | 0;
-      ({ h: Eh, l: El } = add(Dh | 0, Dl | 0, T1h | 0, T1l | 0));
-      Dh = Ch | 0;
-      Dl = Cl | 0;
-      Ch = Bh | 0;
-      Cl = Bl | 0;
-      Bh = Ah | 0;
-      Bl = Al | 0;
-      const All = add3L(T1l, sigma0l, MAJl);
-      Ah = add3H(All, T1h, sigma0h, MAJh);
-      Al = All | 0;
-    }
-    ({ h: Ah, l: Al } = add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0));
-    ({ h: Bh, l: Bl } = add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0));
-    ({ h: Ch, l: Cl } = add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0));
-    ({ h: Dh, l: Dl } = add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0));
-    ({ h: Eh, l: El } = add(this.Eh | 0, this.El | 0, Eh | 0, El | 0));
-    ({ h: Fh, l: Fl } = add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0));
-    ({ h: Gh, l: Gl } = add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0));
-    ({ h: Hh, l: Hl } = add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0));
-    this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl);
-  }
-  roundClean() {
-    clean(SHA512_W_H, SHA512_W_L);
-  }
-  destroy() {
-    clean(this.buffer);
-    this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+function getCanvasFingerprint() {
+  try {
+    const canvas = document.createElement("canvas");
+    const ctx = canvas.getContext("2d");
+    ctx.textBaseline = "top";
+    ctx.font = "14px Arial";
+    ctx.fillText("LicenseSeat SDK", 2, 2);
+    return canvas.toDataURL().slice(-50);
+  } catch (e) {
+    return "no-canvas";
   }
-};
-var sha512 = /* @__PURE__ */ createHasher(() => new SHA512());
-
-// node_modules/@noble/hashes/esm/sha512.js
-var sha5122 = sha512;
-
-// node_modules/canonical-json/stringify.js
-var gap = "";
-var indent = "";
-var rep;
-var cmp;
-var escapable = /[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;
-var meta = { "\b": "\\b", "	": "\\t", "\n": "\\n", "\f": "\\f", "\r": "\\r", '"': '\\"', "\\": "\\\\" };
-function quote(str2) {
-  escapable.lastIndex = 0;
-  return escapable.test(str2) ? '"' + str2.replace(escapable, (a) => meta[a] || "\\u" + ("0000" + a.charCodeAt(0).toString(16)).slice(-4)) + '"' : '"' + str2 + '"';
 }
-function str(key, holder) {
-  let value = holder[key];
-  if (value && typeof value === "object" && typeof value.toJSON === "function") {
-    value = value.toJSON(key);
-  }
-  if (typeof rep === "function") {
-    value = rep.call(holder, key, value);
-  }
-  switch (typeof value) {
-    case "string":
-      return quote(value);
-    case "number":
-      return isFinite(value) ? String(value) : "null";
-    case "boolean":
-    case "undefined":
-    case "object":
-      if (value === null)
-        return "null";
-      const mind = gap;
-      gap += indent;
-      const partial = [];
-      if (Array.isArray(value)) {
-        for (let i = 0; i < value.length; i++)
-          partial[i] = str(i, value) || "null";
-      } else {
-        const keys = Object.keys(value).sort(cmp);
-        for (const k of keys) {
-          if (Object.prototype.hasOwnProperty.call(value, k)) {
-            const v2 = str(k, value);
-            if (v2)
-              partial.push(quote(k) + (gap ? ": " : ":") + v2);
-          }
-        }
-      }
-      let v;
-      if (Array.isArray(value)) {
-        v = partial.length === 0 ? "[]" : gap ? "[\n" + gap + partial.join(",\n" + gap) + "\n" + mind + "]" : "[" + partial.join(",") + "]";
-      } else {
-        v = partial.length === 0 ? "{}" : gap ? "{\n" + gap + partial.join(",\n" + gap) + "\n" + mind + "}" : "{" + partial.join(",") + "}";
-      }
-      gap = mind;
-      return v;
-    default:
-      return String(value);
-  }
+function generateDeviceId() {
+  const nav = window.navigator;
+  const screen = window.screen;
+  const data = [
+    nav.userAgent,
+    nav.language,
+    screen.colorDepth,
+    screen.width + "x" + screen.height,
+    (/* @__PURE__ */ new Date()).getTimezoneOffset(),
+    nav.hardwareConcurrency,
+    getCanvasFingerprint()
+  ].join("|");
+  return `web-${hashCode(data)}-${Date.now().toString(36)}`;
 }
-function stringify(value, replacer, space, keyCompare) {
-  gap = "";
-  indent = "";
-  rep = replacer;
-  cmp = typeof keyCompare === "function" ? keyCompare : void 0;
-  if (typeof space === "number") {
-    indent = " ".repeat(space);
-  } else if (typeof space === "string") {
-    indent = space;
-  }
-  return str("", { "": value });
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function getCsrfToken() {
+  const token = document.querySelector('meta[name="csrf-token"]');
+  return token ? token.content : "";
 }
 
-// node_modules/canonical-json/index.js
-var canonical_json_default = stringify;
-
-// src/index.js
-var LicenseSeatSDK = class _LicenseSeatSDK {
+// src/LicenseSeat.js
+var DEFAULT_CONFIG = {
+  apiBaseUrl: "https://licenseseat.com/api",
+  storagePrefix: "licenseseat_",
+  autoValidateInterval: 36e5,
+  // 1 hour
+  networkRecheckInterval: 3e4,
+  // 30 seconds
+  maxRetries: 3,
+  retryDelay: 1e3,
+  apiKey: null,
+  debug: false,
+  offlineLicenseRefreshInterval: 1e3 * 60 * 60 * 72,
+  // 72 hours
+  offlineFallbackEnabled: false,
+  // default false (strict mode, matches Swift SDK)
+  maxOfflineDays: 0,
+  // 0 = disabled
+  maxClockSkewMs: 5 * 60 * 1e3,
+  // 5 minutes
+  autoInitialize: true
+};
+var LicenseSeatSDK = class {
+  /**
+   * Create a new LicenseSeat SDK instance
+   * @param {import('./types.js').LicenseSeatConfig} [config={}] - Configuration options
+   */
   constructor(config = {}) {
     this.config = {
-      apiBaseUrl: config.apiBaseUrl || "/api",
-      storagePrefix: config.storagePrefix || "licenseseat_",
-      autoValidateInterval: config.autoValidateInterval || 36e5,
-      // 1 hour default
-      networkRecheckInterval: config.networkRecheckInterval || 3e4,
-      // 30s while offline
-      maxRetries: config.maxRetries || 3,
-      retryDelay: config.retryDelay || 1e3,
-      apiKey: config.apiKey || null,
-      // Store apiKey
-      debug: config.debug || false,
-      offlineLicenseRefreshInterval: config.offlineLicenseRefreshInterval || 1e3 * 60 * 60 * 72,
-      // 72h
-      offlineFallbackEnabled: config.offlineFallbackEnabled !== false,
-      // default true
-      maxOfflineDays: config.maxOfflineDays || 0,
-      // 0 = disabled
-      maxClockSkewMs: config.maxClockSkewMs || 5 * 60 * 1e3,
-      // 5 minutes
+      ...DEFAULT_CONFIG,
       ...config
     };
     this.eventListeners = {};
@@ -1024,15 +350,25 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
     this.connectivityTimer = null;
     this.offlineRefreshTimer = null;
     this.lastOfflineValidation = null;
-    if (ed25519_exports && etc && sha5122) {
-      etc.sha512Sync = (...m) => sha5122(etc.concatBytes(...m));
+    this.syncingOfflineAssets = false;
+    this.destroyed = false;
+    if (ed && ed.etc && sha512) {
+      ed.etc.sha512Sync = (...m) => sha512(ed.etc.concatBytes(...m));
     } else {
       console.error(
         "[LicenseSeat SDK] Noble-ed25519 or Noble-hashes not loaded correctly. Sync crypto methods may fail."
       );
     }
-    this.initialize();
+    if (this.config.autoInitialize) {
+      this.initialize();
+    }
   }
+  /**
+   * Initialize the SDK
+   * Loads cached license and starts auto-validation if configured.
+   * Called automatically unless autoInitialize is set to false.
+   * @returns {void}
+   */
   initialize() {
     this.log("LicenseSeat SDK initialized", this.config);
     const cachedLicense = this.cache.getLicense();
@@ -1054,17 +390,15 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
       }
       if (this.config.apiKey) {
         this.startAutoValidation(cachedLicense.license_key);
-      }
-      if (this.config.apiKey) {
-        this.validateLicense(cachedLicense.license_key).catch((err2) => {
-          this.log("Background validation failed:", err2);
-          if (err2 instanceof APIError && (err2.status === 401 || err2.status === 501)) {
+        this.validateLicense(cachedLicense.license_key).catch((err) => {
+          this.log("Background validation failed:", err);
+          if (err instanceof APIError && (err.status === 401 || err.status === 501)) {
             this.log(
               "Authentication issue during validation, using cached license data"
             );
             this.emit("validation:auth-failed", {
               licenseKey: cachedLicense.license_key,
-              error: err2,
+              error: err,
               cached: true
             });
           }
@@ -1075,14 +409,12 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
   /**
    * Activate a license
    * @param {string} licenseKey - The license key to activate
-   * @param {Object} options - Activation options
-   * @param {string} [options.deviceIdentifier] - Optional custom device ID.
-   * @param {string} [options.softwareReleaseDate] - Optional ISO8601 date string for version-aware activation.
-   * @param {Object} [options.metadata] - Optional metadata.
-   * @returns {Promise<Object>} Activation result
+   * @param {import('./types.js').ActivationOptions} [options={}] - Activation options
+   * @returns {Promise<import('./types.js').CachedLicense>} Activation result with cached license data
+   * @throws {APIError} When the API request fails
    */
   async activate(licenseKey, options = {}) {
-    const deviceId = options.deviceIdentifier || this.generateDeviceId();
+    const deviceId = options.deviceIdentifier || generateDeviceId();
     const payload = {
       license_key: licenseKey,
       device_identifier: deviceId,
@@ -1118,12 +450,14 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
   }
   /**
    * Deactivate the current license
-   * @returns {Promise<Object>} Deactivation result
+   * @returns {Promise<Object>} Deactivation result from the API
+   * @throws {LicenseError} When no active license is found
+   * @throws {APIError} When the API request fails
    */
   async deactivate() {
     const cachedLicense = this.cache.getLicense();
     if (!cachedLicense) {
-      throw new Error("No active license found");
+      throw new LicenseError("No active license found", "no_license");
     }
     try {
       this.emit("deactivation:start", cachedLicense);
@@ -1147,13 +481,14 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
   /**
    * Validate a license
    * @param {string} licenseKey - License key to validate
-   * @param {Object} options - Validation options
-   * @returns {Promise<Object>} Validation result
+   * @param {import('./types.js').ValidationOptions} [options={}] - Validation options
+   * @returns {Promise<import('./types.js').ValidationResult>} Validation result
+   * @throws {APIError} When the API request fails and offline fallback is not available
    */
   async validateLicense(licenseKey, options = {}) {
     try {
       this.emit("validation:start", { licenseKey });
-      const response = await this.apiCall("/licenses/validate", {
+      const rawResponse = await this.apiCall("/licenses/validate", {
         method: "POST",
         body: {
           license_key: licenseKey,
@@ -1161,7 +496,14 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
           product_slug: options.productSlug
         }
       });
+      const response = {
+        valid: rawResponse.valid,
+        ...rawResponse.license || {}
+      };
       const cachedLicense = this.cache.getLicense();
+      if ((!response.active_entitlements || response.active_entitlements.length === 0) && cachedLicense?.validation?.active_entitlements?.length) {
+        response.active_entitlements = cachedLicense.validation.active_entitlements;
+      }
       if (cachedLicense && cachedLicense.license_key === licenseKey) {
         this.cache.updateValidation(response);
       }
@@ -1173,36 +515,6 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
         this.stopAutoValidation();
         this.currentAutoLicenseKey = null;
       }
-      const isNetworkFailure = response instanceof TypeError && response.message.includes("fetch") || response instanceof APIError && [0, 408].includes(response.status);
-      if (this.config.offlineFallbackEnabled && isNetworkFailure) {
-        const offlineResult = await this.verifyCachedOffline();
-        const duplicateSuccess = offlineResult.valid && this.lastOfflineValidation?.valid === true;
-        const cachedLicense2 = this.cache.getLicense();
-        if (cachedLicense2 && cachedLicense2.license_key === licenseKey) {
-          this.cache.updateValidation(offlineResult);
-        }
-        if (offlineResult.valid) {
-          if (!duplicateSuccess) {
-            this.emit("validation:offline-success", offlineResult);
-          }
-          this.lastOfflineValidation = offlineResult;
-          return offlineResult;
-        } else {
-          this.emit("validation:offline-failed", offlineResult);
-          this.stopAutoValidation();
-          this.currentAutoLicenseKey = null;
-        }
-      }
-      if (response instanceof APIError && response.data) {
-        const cachedLicense2 = this.cache.getLicense();
-        if (cachedLicense2 && cachedLicense2.license_key === licenseKey) {
-          const invalidValidation = {
-            valid: false,
-            ...response.data
-          };
-          this.cache.updateValidation(invalidValidation);
-        }
-      }
       this.cache.setLastSeenTimestamp(Date.now());
       return response;
     } catch (error) {
@@ -1226,11 +538,7 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
       if (error instanceof APIError && error.data) {
         const cachedLicense = this.cache.getLicense();
         if (cachedLicense && cachedLicense.license_key === licenseKey) {
-          const invalidValidation = {
-            valid: false,
-            ...error.data
-          };
-          this.cache.updateValidation(invalidValidation);
+          this.cache.updateValidation({ valid: false, ...error.data });
         }
         if (![0, 408, 429].includes(error.status)) {
           this.stopAutoValidation();
@@ -1241,9 +549,9 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
     }
   }
   /**
-   * Check if a specific entitlement is active
-   * @param {string} entitlementKey - The entitlement to check
-   * @returns {Object} Entitlement status
+   * Check if a specific entitlement is active (detailed version)
+   * @param {string} entitlementKey - The entitlement key to check
+   * @returns {import('./types.js').EntitlementCheckResult} Entitlement status with details
    */
   checkEntitlement(entitlementKey) {
     const license = this.cache.getLicense();
@@ -1269,23 +577,32 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
     return { active: true, entitlement };
   }
   /**
-   * Get offline license data for backup.
-   * This fetches the *signed* offline license data from the server.
-   * @returns {Promise<Object>} Signed offline license data (JSON structure with payload and signature).
+   * Check if a specific entitlement is active (simple boolean version)
+   * This is a convenience method that returns a simple boolean.
+   * Use checkEntitlement() for detailed status information.
+   * @param {string} entitlementKey - The entitlement key to check
+   * @returns {boolean} True if the entitlement is active, false otherwise
+   */
+  hasEntitlement(entitlementKey) {
+    return this.checkEntitlement(entitlementKey).active;
+  }
+  /**
+   * Get offline license data from the server
+   * @returns {Promise<import('./types.js').SignedOfflineLicense>} Signed offline license data
+   * @throws {LicenseError} When no active license is found
+   * @throws {APIError} When the API request fails
    */
   async getOfflineLicense() {
     const license = this.cache.getLicense();
     if (!license || !license.license_key) {
       const errorMsg = "No active license key found in cache to fetch offline license.";
       this.emit("sdk:error", { message: errorMsg });
-      throw new Error(errorMsg);
+      throw new LicenseError(errorMsg, "no_license");
     }
     try {
       this.emit("offlineLicense:fetching", { licenseKey: license.license_key });
       const path = `/licenses/${license.license_key}/offline_license`;
-      const response = await this.apiCall(path, {
-        method: "POST"
-      });
+      const response = await this.apiCall(path, { method: "POST" });
       this.emit("offlineLicense:fetched", {
         licenseKey: license.license_key,
         data: response
@@ -1304,10 +621,10 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
     }
   }
   /**
-   * Fetches a public key for a given key ID (kid) from the server.
-   * Assumes an endpoint like /api/public_key/:keyId which returns { key_id: "...", public_key_b64: "..." }
-   * @param {string} keyId - The Key ID (kid) for which to fetch the public key.
-   * @returns {Promise<string>} Base64 encoded public key.
+   * Fetch a public key from the server by key ID
+   * @param {string} keyId - The Key ID (kid) for which to fetch the public key
+   * @returns {Promise<string>} Base64-encoded public key
+   * @throws {Error} When keyId is not provided or the key is not found
    */
   async getPublicKey(keyId) {
     if (!keyId) {
@@ -1332,14 +649,12 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
     }
   }
   /**
-   * Verifies a signed offline license object client-side.
-   * IMPORTANT: This method requires a JavaScript Ed25519 library (e.g., tweetnacl, noble-ed25519).
-   * The actual crypto verification logic needs to be implemented using such a library.
-   *
-   * @param {Object} signedLicenseData - The signed license data object, typically { payload: Object, signature_b64u: string, kid: string }.
-   * @param {string} publicKeyB64 - The Base64 encoded public Ed25519 key to verify the signature.
-   * @returns {Promise<boolean>} True if verification is successful, false otherwise.
-   * @throws {Error} if crypto library is not available or inputs are invalid.
+   * Verify a signed offline license client-side using Ed25519
+   * @param {import('./types.js').SignedOfflineLicense} signedLicenseData - The signed license data
+   * @param {string} publicKeyB64 - Base64-encoded public Ed25519 key
+   * @returns {Promise<boolean>} True if verification is successful
+   * @throws {CryptoError} When crypto library is not available
+   * @throws {Error} When inputs are invalid
    */
   async verifyOfflineLicense(signedLicenseData, publicKeyB64) {
     this.log("Attempting to verify offline license client-side.");
@@ -1349,32 +664,19 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
     if (!publicKeyB64) {
       throw new Error("Public key (Base64 encoded) is required.");
     }
-    if (!ed25519_exports || !verify || !etc.sha512Sync) {
-      console.error(
-        "Noble-ed25519 not properly initialized or sha512Sync not set. Please check imports and setup."
-      );
-      this.emit("sdk:error", {
-        message: "Client-side verification crypto library (noble-ed25519) not available or configured."
-      });
-      throw new Error(
+    if (!ed || !ed.verify || !ed.etc.sha512Sync) {
+      const err = new CryptoError(
         "noble-ed25519 crypto library not available/configured for offline verification."
       );
+      this.emit("sdk:error", { message: err.message });
+      throw err;
     }
     try {
-      const payloadString = this.canonicalJsonStringify(
-        signedLicenseData.payload
-      );
+      const payloadString = canonicalJsonStringify(signedLicenseData.payload);
       const messageBytes = new TextEncoder().encode(payloadString);
-      const publicKeyBytes = this.base64UrlDecode(publicKeyB64);
-      const signatureBytes = this.base64UrlDecode(
-        signedLicenseData.signature_b64u
-      );
-      const isValid = verify(
-        signatureBytes,
-        // signature first for noble-ed25519
-        messageBytes,
-        publicKeyBytes
-      );
+      const publicKeyBytes = base64UrlDecode(publicKeyB64);
+      const signatureBytes = base64UrlDecode(signedLicenseData.signature_b64u);
+      const isValid = ed.verify(signatureBytes, messageBytes, publicKeyBytes);
       if (isValid) {
         this.log(
           "Offline license signature VERIFIED successfully client-side."
@@ -1399,47 +701,163 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
     }
   }
   /**
-   * Generates a canonical JSON string from an object (keys sorted).
-   * This is crucial for consistent signature verification.
-   * @param {Object} obj - The object to stringify.
-   * @returns {string} Canonical JSON string.
+   * Get current license status
+   * @returns {import('./types.js').LicenseStatus} Current license status
    */
-  canonicalJsonStringify(obj) {
-    if (!canonical_json_default || typeof canonical_json_default.stringify !== "function") {
-      console.warn(
-        "[LicenseSeat SDK] canonical-json library not loaded correctly. Falling back to basic JSON.stringify. Signature verification might be unreliable if server uses different canonicalization."
-      );
-      try {
-        const sortedObj = {};
-        Object.keys(obj).sort().forEach((key) => {
-          sortedObj[key] = obj[key];
-        });
-        return JSON.stringify(sortedObj);
-      } catch (e) {
-        return JSON.stringify(obj);
+  getStatus() {
+    const license = this.cache.getLicense();
+    if (!license) {
+      return { status: "inactive", message: "No license activated" };
+    }
+    const validation = license.validation;
+    if (!validation) {
+      return { status: "pending", message: "License pending validation" };
+    }
+    if (!validation.valid) {
+      if (validation.offline) {
+        return {
+          status: "offline-invalid",
+          message: validation.reason_code || "License invalid (offline)"
+        };
       }
+      return {
+        status: "invalid",
+        message: validation.reason || "License invalid"
+      };
+    }
+    if (validation.offline) {
+      return {
+        status: "offline-valid",
+        license: license.license_key,
+        device: license.device_identifier,
+        activated_at: license.activated_at,
+        last_validated: license.last_validated,
+        entitlements: validation.active_entitlements || []
+      };
+    }
+    return {
+      status: "active",
+      license: license.license_key,
+      device: license.device_identifier,
+      activated_at: license.activated_at,
+      last_validated: license.last_validated,
+      entitlements: validation.active_entitlements || []
+    };
+  }
+  /**
+   * Test server authentication
+   * Useful for verifying API key/session is valid.
+   * @returns {Promise<Object>} Result from the server
+   * @throws {Error} When API key is not configured
+   * @throws {APIError} When authentication fails
+   */
+  async testAuth() {
+    if (!this.config.apiKey) {
+      const err = new Error("API key is required for auth test");
+      this.emit("auth_test:error", { error: err });
+      throw err;
+    }
+    try {
+      this.emit("auth_test:start");
+      const response = await this.apiCall("/auth_test", { method: "GET" });
+      this.emit("auth_test:success", response);
+      return response;
+    } catch (error) {
+      this.emit("auth_test:error", { error });
+      throw error;
+    }
+  }
+  /**
+   * Clear all data and reset SDK state
+   * @returns {void}
+   */
+  reset() {
+    this.stopAutoValidation();
+    this.stopConnectivityPolling();
+    if (this.offlineRefreshTimer) {
+      clearInterval(this.offlineRefreshTimer);
+      this.offlineRefreshTimer = null;
+    }
+    this.cache.clear();
+    this.lastOfflineValidation = null;
+    this.currentAutoLicenseKey = null;
+    this.emit("sdk:reset");
+  }
+  /**
+   * Destroy the SDK instance and release all resources
+   * Call this when you no longer need the SDK to prevent memory leaks.
+   * After calling destroy(), the SDK instance should not be used.
+   * @returns {void}
+   */
+  destroy() {
+    this.destroyed = true;
+    this.stopAutoValidation();
+    this.stopConnectivityPolling();
+    if (this.offlineRefreshTimer) {
+      clearInterval(this.offlineRefreshTimer);
+      this.offlineRefreshTimer = null;
+    }
+    this.eventListeners = {};
+    this.cache.clear();
+    this.lastOfflineValidation = null;
+    this.currentAutoLicenseKey = null;
+    this.emit("sdk:destroyed");
+  }
+  // ============================================================
+  // Event Handling
+  // ============================================================
+  /**
+   * Subscribe to an event
+   * @param {string} event - Event name
+   * @param {import('./types.js').EventCallback} callback - Event handler
+   * @returns {import('./types.js').EventUnsubscribe} Unsubscribe function
+   */
+  on(event, callback) {
+    if (!this.eventListeners[event]) {
+      this.eventListeners[event] = [];
     }
-    return canonical_json_default.stringify(obj);
+    this.eventListeners[event].push(callback);
+    return () => this.off(event, callback);
   }
   /**
-   * Decodes a Base64URL string to a Uint8Array.
-   * @param {string} base64UrlString - The Base64URL encoded string.
-   * @returns {Uint8Array}
+   * Unsubscribe from an event
+   * @param {string} event - Event name
+   * @param {import('./types.js').EventCallback} callback - Event handler to remove
+   * @returns {void}
    */
-  base64UrlDecode(base64UrlString) {
-    let base64 = base64UrlString.replace(/-/g, "+").replace(/_/g, "/");
-    while (base64.length % 4) {
-      base64 += "=";
+  off(event, callback) {
+    if (this.eventListeners[event]) {
+      this.eventListeners[event] = this.eventListeners[event].filter(
+        (cb) => cb !== callback
+      );
     }
-    const raw = window.atob(base64);
-    const outputArray = new Uint8Array(raw.length);
-    for (let i = 0; i < raw.length; ++i) {
-      outputArray[i] = raw.charCodeAt(i);
+  }
+  /**
+   * Emit an event
+   * @param {string} event - Event name
+   * @param {*} data - Event data
+   * @returns {void}
+   * @private
+   */
+  emit(event, data) {
+    this.log(`Event: ${event}`, data);
+    if (this.eventListeners[event]) {
+      this.eventListeners[event].forEach((callback) => {
+        try {
+          callback(data);
+        } catch (error) {
+          console.error(`Error in event listener for ${event}:`, error);
+        }
+      });
     }
-    return outputArray;
   }
+  // ============================================================
+  // Auto-Validation & Connectivity
+  // ============================================================
   /**
    * Start automatic license validation
+   * @param {string} licenseKey - License key to validate
+   * @returns {void}
    * @private
    */
   startAutoValidation(licenseKey) {
@@ -1447,24 +865,22 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
     this.currentAutoLicenseKey = licenseKey;
     const validationInterval = this.config.autoValidateInterval;
     const performAndReschedule = () => {
-      this.validateLicense(licenseKey).catch((err2) => {
-        this.log("Auto-validation failed:", err2);
-        this.emit("validation:auto-failed", { licenseKey, error: err2 });
+      this.validateLicense(licenseKey).catch((err) => {
+        this.log("Auto-validation failed:", err);
+        this.emit("validation:auto-failed", { licenseKey, error: err });
       });
       this.emit("autovalidation:cycle", {
         nextRunAt: new Date(Date.now() + validationInterval)
       });
     };
-    this.validationTimer = setInterval(
-      performAndReschedule,
-      validationInterval
-    );
+    this.validationTimer = setInterval(performAndReschedule, validationInterval);
     this.emit("autovalidation:cycle", {
       nextRunAt: new Date(Date.now() + validationInterval)
     });
   }
   /**
    * Stop automatic validation
+   * @returns {void}
    * @private
    */
   stopAutoValidation() {
@@ -1475,54 +891,222 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
     }
   }
   /**
-   * Generate a unique device identifier
+   * Start connectivity polling (when offline)
+   * @returns {void}
+   * @private
+   */
+  startConnectivityPolling() {
+    if (this.connectivityTimer)
+      return;
+    const heartbeat = async () => {
+      try {
+        await fetch(`${this.config.apiBaseUrl}/heartbeat`, {
+          method: "GET",
+          credentials: "omit"
+        });
+        if (!this.online) {
+          this.online = true;
+          this.emit("network:online");
+          if (this.currentAutoLicenseKey && !this.validationTimer) {
+            this.startAutoValidation(this.currentAutoLicenseKey);
+          }
+          this.syncOfflineAssets();
+        }
+        this.stopConnectivityPolling();
+      } catch (err) {
+      }
+    };
+    this.connectivityTimer = setInterval(
+      heartbeat,
+      this.config.networkRecheckInterval
+    );
+  }
+  /**
+   * Stop connectivity polling
+   * @returns {void}
+   * @private
+   */
+  stopConnectivityPolling() {
+    if (this.connectivityTimer) {
+      clearInterval(this.connectivityTimer);
+      this.connectivityTimer = null;
+    }
+  }
+  // ============================================================
+  // Offline License Management
+  // ============================================================
+  /**
+   * Fetch and cache offline license and public key
+   * Uses a lock to prevent concurrent calls from causing race conditions
+   * @returns {Promise<void>}
+   * @private
+   */
+  async syncOfflineAssets() {
+    if (this.syncingOfflineAssets || this.destroyed) {
+      this.log("Skipping syncOfflineAssets: already syncing or destroyed");
+      return;
+    }
+    this.syncingOfflineAssets = true;
+    try {
+      const offline = await this.getOfflineLicense();
+      this.cache.setOfflineLicense(offline);
+      const kid = offline.kid || offline.payload?.kid;
+      if (kid) {
+        const existingKey = this.cache.getPublicKey(kid);
+        if (!existingKey) {
+          const pub = await this.getPublicKey(kid);
+          this.cache.setPublicKey(kid, pub);
+        }
+      }
+      this.emit("offlineLicense:ready", {
+        kid: offline.kid || offline.payload?.kid,
+        exp_at: offline.payload?.exp_at
+      });
+      const res = await this.quickVerifyCachedOfflineLocal();
+      if (res) {
+        this.cache.updateValidation(res);
+        this.emit(
+          res.valid ? "validation:offline-success" : "validation:offline-failed",
+          res
+        );
+      }
+    } catch (err) {
+      this.log("Failed to sync offline assets:", err);
+    } finally {
+      this.syncingOfflineAssets = false;
+    }
+  }
+  /**
+   * Schedule periodic offline license refresh
+   * @returns {void}
    * @private
    */
-  generateDeviceId() {
-    const nav = window.navigator;
-    const screen = window.screen;
-    const data = [
-      nav.userAgent,
-      nav.language,
-      screen.colorDepth,
-      screen.width + "x" + screen.height,
-      (/* @__PURE__ */ new Date()).getTimezoneOffset(),
-      nav.hardwareConcurrency,
-      this.getCanvasFingerprint()
-    ].join("|");
-    return `web-${this.hashCode(data)}-${Date.now().toString(36)}`;
+  scheduleOfflineRefresh() {
+    if (this.offlineRefreshTimer)
+      clearInterval(this.offlineRefreshTimer);
+    this.offlineRefreshTimer = setInterval(
+      () => this.syncOfflineAssets(),
+      this.config.offlineLicenseRefreshInterval
+    );
   }
   /**
-   * Get canvas fingerprint for device ID
+   * Verify cached offline license
+   * @returns {Promise<import('./types.js').ValidationResult>}
    * @private
    */
-  getCanvasFingerprint() {
+  async verifyCachedOffline() {
+    const signed = this.cache.getOfflineLicense();
+    if (!signed) {
+      return { valid: false, offline: true, reason_code: "no_offline_license" };
+    }
+    const kid = signed.kid || signed.payload?.kid;
+    let pub = kid ? this.cache.getPublicKey(kid) : null;
+    if (!pub) {
+      try {
+        pub = await this.getPublicKey(kid);
+        this.cache.setPublicKey(kid, pub);
+      } catch (e) {
+        return { valid: false, offline: true, reason_code: "no_public_key" };
+      }
+    }
     try {
-      const canvas = document.createElement("canvas");
-      const ctx = canvas.getContext("2d");
-      ctx.textBaseline = "top";
-      ctx.font = "14px Arial";
-      ctx.fillText("LicenseSeat SDK", 2, 2);
-      return canvas.toDataURL().slice(-50);
+      const ok = await this.verifyOfflineLicense(signed, pub);
+      if (!ok) {
+        return { valid: false, offline: true, reason_code: "signature_invalid" };
+      }
+      const payload = signed.payload || {};
+      const cached = this.cache.getLicense();
+      if (!cached || !constantTimeEqual(payload.lic_k || "", cached.license_key || "")) {
+        return { valid: false, offline: true, reason_code: "license_mismatch" };
+      }
+      const now = Date.now();
+      const expAt = payload.exp_at ? Date.parse(payload.exp_at) : null;
+      if (expAt && expAt < now) {
+        return { valid: false, offline: true, reason_code: "expired" };
+      }
+      if (!expAt && this.config.maxOfflineDays > 0) {
+        const pivot = cached.last_validated || cached.activated_at;
+        if (pivot) {
+          const ageMs = now - new Date(pivot).getTime();
+          if (ageMs > this.config.maxOfflineDays * 24 * 60 * 60 * 1e3) {
+            return {
+              valid: false,
+              offline: true,
+              reason_code: "grace_period_expired"
+            };
+          }
+        }
+      }
+      const lastSeen = this.cache.getLastSeenTimestamp();
+      if (lastSeen && now + this.config.maxClockSkewMs < lastSeen) {
+        return { valid: false, offline: true, reason_code: "clock_tamper" };
+      }
+      this.cache.setLastSeenTimestamp(now);
+      const active = parseActiveEntitlements(payload);
+      return {
+        valid: true,
+        offline: true,
+        ...active.length ? { active_entitlements: active } : {}
+      };
     } catch (e) {
-      return "no-canvas";
+      return { valid: false, offline: true, reason_code: "verification_error" };
     }
   }
   /**
-   * Simple hash function
+   * Quick offline verification using only local data (no network)
+   * Performs signature verification plus basic validity checks (expiry, license key match)
+   * @returns {Promise<import('./types.js').ValidationResult|null>}
    * @private
    */
-  hashCode(str2) {
-    let hash = 0;
-    for (let i = 0; i < str2.length; i++) {
-      const char = str2.charCodeAt(i);
-      hash = (hash << 5) - hash + char;
-      hash = hash & hash;
+  async quickVerifyCachedOfflineLocal() {
+    const signed = this.cache.getOfflineLicense();
+    if (!signed)
+      return null;
+    const kid = signed.kid || signed.payload?.kid;
+    const pub = kid ? this.cache.getPublicKey(kid) : null;
+    if (!pub)
+      return null;
+    try {
+      const ok = await this.verifyOfflineLicense(signed, pub);
+      if (!ok) {
+        return { valid: false, offline: true, reason_code: "signature_invalid" };
+      }
+      const payload = signed.payload || {};
+      const cached = this.cache.getLicense();
+      if (!cached || !constantTimeEqual(payload.lic_k || "", cached.license_key || "")) {
+        return { valid: false, offline: true, reason_code: "license_mismatch" };
+      }
+      const now = Date.now();
+      const expAt = payload.exp_at ? Date.parse(payload.exp_at) : null;
+      if (expAt && expAt < now) {
+        return { valid: false, offline: true, reason_code: "expired" };
+      }
+      const lastSeen = this.cache.getLastSeenTimestamp();
+      if (lastSeen && now + this.config.maxClockSkewMs < lastSeen) {
+        return { valid: false, offline: true, reason_code: "clock_tamper" };
+      }
+      const active = parseActiveEntitlements(payload);
+      return {
+        valid: true,
+        offline: true,
+        ...active.length ? { active_entitlements: active } : {}
+      };
+    } catch (_) {
+      return { valid: false, offline: true, reason_code: "verification_error" };
     }
-    return Math.abs(hash).toString(36);
   }
+  // ============================================================
+  // API Communication
+  // ============================================================
   /**
-   * Make API call with retry logic
+   * Make an API call with retry logic
+   * @param {string} endpoint - API endpoint (will be appended to apiBaseUrl)
+   * @param {Object} [options={}] - Fetch options
+   * @param {string} [options.method="GET"] - HTTP method
+   * @param {Object} [options.body] - Request body (will be JSON-stringified)
+   * @param {Object} [options.headers] - Additional headers
+   * @returns {Promise<Object>} API response data
+   * @throws {APIError} When the request fails after all retries
    * @private
    */
   async apiCall(endpoint, options = {}) {
@@ -1545,10 +1129,8 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
         const response = await fetch(url, {
           method: options.method || "GET",
           headers,
-          // Use prepared headers
           body: options.body ? JSON.stringify(options.body) : void 0,
           credentials: "omit"
-          // Do NOT send cookies (session-agnostic)
         });
         const data = await response.json();
         if (!response.ok) {
@@ -1583,7 +1165,7 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
             `Retry attempt ${attempt + 1} after ${delay}ms for error:`,
             error.message
           );
-          await this.sleep(delay);
+          await sleep(delay);
         } else {
           throw error;
         }
@@ -1593,6 +1175,8 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
   }
   /**
    * Determine if an error should be retried
+   * @param {Error} error - The error to check
+   * @returns {boolean} True if the error should trigger a retry
    * @private
    */
   shouldRetryError(error) {
@@ -1611,404 +1195,69 @@ var LicenseSeatSDK = class _LicenseSeatSDK {
     }
     return false;
   }
+  // ============================================================
+  // Utilities
+  // ============================================================
   /**
-   * Event handling
+   * Get CSRF token from meta tag
+   * @returns {string} CSRF token or empty string
    */
-  on(event, callback) {
-    if (!this.eventListeners[event]) {
-      this.eventListeners[event] = [];
-    }
-    this.eventListeners[event].push(callback);
-    return () => this.off(event, callback);
-  }
-  off(event, callback) {
-    if (this.eventListeners[event]) {
-      this.eventListeners[event] = this.eventListeners[event].filter(
-        (cb) => cb !== callback
-      );
-    }
-  }
-  emit(event, data) {
-    this.log(`Event: ${event}`, data);
-    if (this.eventListeners[event]) {
-      this.eventListeners[event].forEach((callback) => {
-        try {
-          callback(data);
-        } catch (error) {
-          console.error(`Error in event listener for ${event}:`, error);
-        }
-      });
-    }
+  getCsrfToken() {
+    return getCsrfToken();
   }
   /**
-   * Utilities
+   * Log a message (if debug mode is enabled)
+   * @param {...*} args - Arguments to log
+   * @returns {void}
+   * @private
    */
-  getCsrfToken() {
-    const token = document.querySelector('meta[name="csrf-token"]');
-    return token ? token.content : "";
-  }
-  sleep(ms) {
-    return new Promise((resolve) => setTimeout(resolve, ms));
-  }
   log(...args) {
     if (this.config.debug) {
       console.log("[LicenseSeat SDK]", ...args);
     }
   }
-  /**
-   * Test server authentication by calling a simple endpoint that requires auth.
-   * Useful for verifying API key/session is valid.
-   * @returns {Promise<Object>} Result from the server
-   */
-  async testAuth() {
-    if (!this.config.apiKey) {
-      const err2 = new Error("API key is required for auth test");
-      this.emit("auth_test:error", { error: err2 });
-      throw err2;
-    }
-    try {
-      this.emit("auth_test:start");
-      const response = await this.apiCall("/auth_test", { method: "GET" });
-      this.emit("auth_test:success", response);
-      return response;
-    } catch (error) {
-      this.emit("auth_test:error", { error });
-      throw error;
-    }
-  }
-  /**
-   * Get current license status
-   */
-  getStatus() {
-    const license = this.cache.getLicense();
-    if (!license) {
-      return { status: "inactive", message: "No license activated" };
-    }
-    const validation = license.validation;
-    if (!validation) {
-      return { status: "pending", message: "License pending validation" };
-    }
-    if (!validation.valid) {
-      if (validation.offline) {
-        return {
-          status: "offline-invalid",
-          message: validation.reason_code || "License invalid (offline)"
-        };
-      }
-      return {
-        status: "invalid",
-        message: validation.reason || "License invalid"
-      };
-    }
-    if (validation.offline) {
-      return {
-        status: "offline-valid",
-        license: license.license_key,
-        device: license.device_identifier,
-        activated_at: license.activated_at,
-        last_validated: license.last_validated,
-        entitlements: validation.active_entitlements || []
-      };
-    }
-    return {
-      status: "active",
-      license: license.license_key,
-      device: license.device_identifier,
-      activated_at: license.activated_at,
-      last_validated: license.last_validated,
-      entitlements: validation.active_entitlements || []
-    };
-  }
-  /**
-   * Clear all data and reset
-   */
-  reset() {
-    this.stopAutoValidation();
-    this.cache.clear();
-    this.lastOfflineValidation = null;
-    this.emit("sdk:reset");
-  }
-  startConnectivityPolling() {
-    if (this.connectivityTimer)
-      return;
-    const heartbeat = async () => {
-      try {
-        await fetch(`${this.config.apiBaseUrl}/heartbeat`, {
-          method: "GET",
-          credentials: "omit"
-        });
-        if (!this.online) {
-          this.online = true;
-          this.emit("network:online");
-          if (this.currentAutoLicenseKey && !this.validationTimer) {
-            this.startAutoValidation(this.currentAutoLicenseKey);
-          }
-          this.syncOfflineAssets();
-        }
-        this.stopConnectivityPolling();
-      } catch (err2) {
-      }
-    };
-    this.connectivityTimer = setInterval(
-      heartbeat,
-      this.config.networkRecheckInterval
-    );
-  }
-  stopConnectivityPolling() {
-    if (this.connectivityTimer) {
-      clearInterval(this.connectivityTimer);
-      this.connectivityTimer = null;
-    }
-  }
-  /**
-   * Fetch & cache offline license + public key so we can verify while offline.
-   * Runs in background; errors are logged but not thrown.
-   * @private
-   */
-  async syncOfflineAssets() {
-    try {
-      const offline = await this.getOfflineLicense();
-      this.cache.setOfflineLicense(offline);
-      const kid = offline.kid || offline.payload?.kid;
-      if (kid) {
-        const existingKey = this.cache.getPublicKey(kid);
-        if (!existingKey) {
-          const pub = await this.getPublicKey(kid);
-          this.cache.setPublicKey(kid, pub);
-        }
-      }
-      this.emit("offlineLicense:ready", {
-        kid: offline.kid || offline.payload?.kid,
-        exp_at: offline.payload?.exp_at
-      });
-    } catch (err2) {
-      this.log("Failed to sync offline assets:", err2);
-    }
-  }
-  /**
-   * Verify cached offline license & return synthetic validation object.
-   * @private
-   */
-  async verifyCachedOffline() {
-    const signed = this.cache.getOfflineLicense();
-    if (!signed) {
-      return { valid: false, offline: true, reason_code: "no_offline_license" };
-    }
-    const kid = signed.kid || signed.payload?.kid;
-    let pub = kid ? this.cache.getPublicKey(kid) : null;
-    if (!pub) {
-      try {
-        pub = await this.getPublicKey(kid);
-        this.cache.setPublicKey(kid, pub);
-      } catch (e) {
-        return { valid: false, offline: true, reason_code: "no_public_key" };
-      }
-    }
-    try {
-      const ok = await this.verifyOfflineLicense(signed, pub);
-      if (!ok) {
-        return {
-          valid: false,
-          offline: true,
-          reason_code: "signature_invalid"
-        };
-      }
-      const payload = signed.payload || {};
-      const cached = this.cache.getLicense();
-      if (!cached || !_LicenseSeatSDK.constantTimeEqual(
-        payload.lic_k || "",
-        cached.license_key || ""
-      )) {
-        return { valid: false, offline: true, reason_code: "license_mismatch" };
-      }
-      const now = Date.now();
-      const expAt = payload.exp_at ? Date.parse(payload.exp_at) : null;
-      if (expAt && expAt < now) {
-        return { valid: false, offline: true, reason_code: "expired" };
-      }
-      if (!expAt && this.config.maxOfflineDays > 0) {
-        const pivot = cached.last_validated || cached.activated_at;
-        if (pivot) {
-          const ageMs = now - new Date(pivot).getTime();
-          if (ageMs > this.config.maxOfflineDays * 24 * 60 * 60 * 1e3) {
-            return {
-              valid: false,
-              offline: true,
-              reason_code: "grace_period_expired"
-            };
-          }
-        }
-      }
-      const lastSeen = this.cache.getLastSeenTimestamp();
-      if (lastSeen && now + this.config.maxClockSkewMs < lastSeen) {
-        return { valid: false, offline: true, reason_code: "clock_tamper" };
-      }
-      this.cache.setLastSeenTimestamp(now);
-      return { valid: true, offline: true };
-    } catch (e) {
-      return { valid: false, offline: true, reason_code: "verification_error" };
-    }
-  }
-  scheduleOfflineRefresh() {
-    if (this.offlineRefreshTimer)
-      clearInterval(this.offlineRefreshTimer);
-    this.offlineRefreshTimer = setInterval(
-      () => this.syncOfflineAssets(),
-      this.config.offlineLicenseRefreshInterval
-    );
-  }
-  // --- Utility: constant-time string comparison to mitigate timing attacks ---
-  static constantTimeEqual(a = "", b = "") {
-    if (a.length !== b.length)
-      return false;
-    let res = 0;
-    for (let i = 0; i < a.length; i++) {
-      res |= a.charCodeAt(i) ^ b.charCodeAt(i);
-    }
-    return res === 0;
-  }
-  /**
-   * Attempt to verify cached offline license using only local data (no network).
-   * Returns validation-like object or null if not possible.
-   * @private
-   */
-  async quickVerifyCachedOfflineLocal() {
-    const signed = this.cache.getOfflineLicense();
-    if (!signed)
-      return null;
-    const kid = signed.kid || signed.payload?.kid;
-    const pub = kid ? this.cache.getPublicKey(kid) : null;
-    if (!pub)
-      return null;
-    try {
-      const ok = await this.verifyOfflineLicense(signed, pub);
-      return ok ? { valid: true, offline: true } : { valid: false, offline: true, reason_code: "signature_invalid" };
-    } catch (_) {
-      return { valid: false, offline: true, reason_code: "verification_error" };
-    }
-  }
 };
-var LicenseCache = class {
-  constructor(prefix = "licenseseat_") {
-    this.prefix = prefix;
-    this.publicKeyCacheKey = this.prefix + "public_keys";
+var sharedInstance = null;
+function getSharedInstance(config) {
+  if (!sharedInstance) {
+    sharedInstance = new LicenseSeatSDK(config);
   }
-  getLicense() {
-    try {
-      const data = localStorage.getItem(this.prefix + "license");
-      return data ? JSON.parse(data) : null;
-    } catch (e) {
-      console.error("Failed to read license cache:", e);
-      return null;
-    }
-  }
-  setLicense(data) {
-    try {
-      localStorage.setItem(this.prefix + "license", JSON.stringify(data));
-    } catch (e) {
-      console.error("Failed to cache license:", e);
-    }
-  }
-  updateValidation(validationData) {
-    const license = this.getLicense();
-    if (license) {
-      license.validation = validationData;
-      license.last_validated = (/* @__PURE__ */ new Date()).toISOString();
-      this.setLicense(license);
-    }
-  }
-  getDeviceId() {
-    const license = this.getLicense();
-    return license ? license.device_identifier : null;
-  }
-  clearLicense() {
-    localStorage.removeItem(this.prefix + "license");
-  }
-  // --- Offline license helpers ---
-  getOfflineLicense() {
-    try {
-      const data = localStorage.getItem(this.prefix + "offline_license");
-      return data ? JSON.parse(data) : null;
-    } catch (e) {
-      console.error("Failed to read offline license cache:", e);
-      return null;
-    }
-  }
-  setOfflineLicense(data) {
-    try {
-      localStorage.setItem(
-        this.prefix + "offline_license",
-        JSON.stringify(data)
-      );
-    } catch (e) {
-      console.error("Failed to cache offline license:", e);
-    }
-  }
-  clearOfflineLicense() {
-    localStorage.removeItem(this.prefix + "offline_license");
-  }
-  // Methods for caching public keys
-  getPublicKey(keyId) {
-    try {
-      const cache = JSON.parse(
-        localStorage.getItem(this.publicKeyCacheKey) || "{}"
-      );
-      return cache[keyId] || null;
-    } catch (e) {
-      console.error("Failed to read public key cache:", e);
-      return null;
-    }
-  }
-  setPublicKey(keyId, publicKeyB64) {
-    try {
-      const cache = JSON.parse(
-        localStorage.getItem(this.publicKeyCacheKey) || "{}"
-      );
-      cache[keyId] = publicKeyB64;
-      localStorage.setItem(this.publicKeyCacheKey, JSON.stringify(cache));
-    } catch (e) {
-      console.error("Failed to cache public key:", e);
-    }
-  }
-  // Clears *all* LicenseSeat SDK data for this prefix.
-  clear() {
-    Object.keys(localStorage).forEach((key) => {
-      if (key.startsWith(this.prefix)) {
-        localStorage.removeItem(key);
-      }
-    });
-    this.clearOfflineLicense();
-    localStorage.removeItem(this.prefix + "last_seen_ts");
-  }
-  // --- Time baseline helpers ---
-  getLastSeenTimestamp() {
-    const v = localStorage.getItem(this.prefix + "last_seen_ts");
-    return v ? parseInt(v, 10) : null;
-  }
-  setLastSeenTimestamp(ts) {
-    try {
-      localStorage.setItem(this.prefix + "last_seen_ts", String(ts));
-    } catch (e) {
-    }
+  return sharedInstance;
+}
+function configure(config, force = false) {
+  if (sharedInstance && !force) {
+    console.warn(
+      "[LicenseSeat SDK] Already configured. Call configure with force=true to reconfigure."
+    );
+    return sharedInstance;
   }
-};
-var APIError = class extends Error {
-  constructor(message, status, data) {
-    super(message);
-    this.name = "APIError";
-    this.status = status;
-    this.data = data;
+  sharedInstance = new LicenseSeatSDK(config);
+  return sharedInstance;
+}
+function resetSharedInstance() {
+  if (sharedInstance) {
+    sharedInstance.reset();
+    sharedInstance = null;
   }
-};
+}
+
+// src/index.js
 var src_default = LicenseSeatSDK;
 export {
-  src_default as default
+  APIError,
+  ConfigurationError,
+  CryptoError,
+  LicenseCache,
+  LicenseError,
+  LicenseSeatSDK,
+  base64UrlDecode,
+  canonicalJsonStringify,
+  configure,
+  constantTimeEqual,
+  src_default as default,
+  generateDeviceId,
+  getCsrfToken,
+  getSharedInstance,
+  parseActiveEntitlements,
+  resetSharedInstance
 };
-/*! Bundled license information:
-
-@noble/ed25519/index.js:
-  (*! noble-ed25519 - MIT License (c) 2019 Paul Miller (paulmillr.com) *)
-
-@noble/hashes/esm/utils.js:
-  (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
-*/