@monetize.software/sdk 3.0.0-alpha.0 → 3.0.0-alpha.10

package/dist/core.js

@@ -10,21 +10,21 @@ class R extends r {
     }), this.name = "QuotaExceededError", this.balances = t.balances, this.queryType = t.queryType, this.currentBalance = t.currentBalance;
   }
 }
-const g = "3.0.0-alpha.0";
-class k {
+const m = "3.0.0-alpha.0";
+class E {
   constructor(t) {
     this.opts = t;
   }
   async request(t, e = {}) {
-    const s = new URL(t, this.opts.apiOrigin).toString(), i = this.opts.fetch ?? fetch, n = new Headers(e.headers);
-    n.set("Accept", "application/json"), n.set("X-SDK-Version", g), n.set("X-Paywall-Id", this.opts.paywallId), this.opts.capabilities?.length && n.set("X-SDK-Capabilities", this.opts.capabilities.join(","));
+    const s = new URL(t, this.opts.apiOrigin).toString(), a = this.opts.fetch ?? fetch, n = new Headers(e.headers);
+    n.set("Accept", "application/json"), n.set("X-SDK-Version", m), n.set("X-Paywall-Id", this.opts.paywallId), this.opts.capabilities?.length && n.set("X-SDK-Capabilities", this.opts.capabilities.join(","));
     const o = await this.opts.getAuthToken?.();
     o && n.set("Authorization", `Bearer ${o}`);
     const u = typeof FormData < "u" && e.body instanceof FormData;
     e.body && !n.has("Content-Type") && !u && n.set("Content-Type", "application/json");
-    let l;
+    let d;
     try {
-      l = await i(s, {
+      d = await a(s, {
         ...e,
         headers: n,
         credentials: "omit"
@@ -32,20 +32,24 @@ class k {
     } catch (c) {
       throw (c && typeof c == "object" && "name" in c ? c.name : void 0) === "AbortError" ? new r("aborted", "Request aborted", { cause: c }) : new r("network_error", "Network request failed", { cause: c });
     }
-    const f = (l.headers.get("content-type") ?? "").includes("application/json") ? await l.json().catch(() => null) : null;
-    if (!l.ok) {
-      const c = f && typeof f == "object" && "code" in f && String(f.code) || `http_${l.status}`, w = f && typeof f == "object" && "message" in f && String(f.message) || l.statusText || "Request failed";
-      throw new r(c, w, { status: l.status, cause: f });
+    const y = (d.headers.get("content-type") ?? "").includes("application/json") ? await d.json().catch(() => null) : null;
+    if (!d.ok) {
+      const c = y && typeof y == "object" && "code" in y && String(y.code) || `http_${d.status}`, g = y && typeof y == "object" && "message" in y && String(y.message) || d.statusText || "Request failed";
+      throw new r(c, g, { status: d.status, cause: y });
     }
-    return f;
+    return y;
   }
 }
-const q = "https://appbox.space";
-class K {
+class D {
   constructor(t) {
     if (!t.paywallId)
       throw new r("invalid_config", "paywallId is required");
-    this.paywallId = t.paywallId, this.apiOrigin = t.apiOrigin ?? q, this.auth = t.auth, this.userId = t.userId, this.capabilities = t.capabilities, this.customFetch = t.fetch, this.onChargeSuccess = t.onChargeSuccess, this.onQuotaExceeded = t.onQuotaExceeded, t.userId && !t.auth && typeof window < "u" && typeof window.document < "u" && console.warn(
+    if (!t.apiOrigin)
+      throw new r(
+        "invalid_config",
+        "apiOrigin is required. Pass the paywall custom_domain configured in the platform."
+      );
+    this.paywallId = t.paywallId, this.apiOrigin = t.apiOrigin, this.auth = t.auth, this.userId = t.userId, this.capabilities = t.capabilities, this.customFetch = t.fetch, this.onChargeSuccess = t.onChargeSuccess, this.onQuotaExceeded = t.onQuotaExceeded, t.userId && !t.auth && typeof window < "u" && typeof window.document < "u" && console.warn(
       "[paywall] WARNING: ApiGatewayClient.userId set without auth in browser. Client can spoof userId. Use AuthClient + Bearer for trusted user.id."
     );
   }
@@ -55,19 +59,19 @@ class K {
       this.apiOrigin
     );
     s.searchParams.set("paywall_id", this.paywallId);
-    const i = new Headers(t.headers);
-    i.set("X-SDK-Version", g), i.set("X-Paywall-Id", this.paywallId), this.capabilities?.length && i.set("X-SDK-Capabilities", this.capabilities.join(","));
+    const a = new Headers(t.headers);
+    a.set("X-SDK-Version", m), a.set("X-Paywall-Id", this.paywallId), this.capabilities?.length && a.set("X-SDK-Capabilities", this.capabilities.join(","));
     const n = await this.auth?.getAccessToken();
-    n ? i.set("Authorization", `Bearer ${n}`) : this.userId && i.set("X-User-ID", this.userId);
-    const o = typeof FormData < "u" && t.body instanceof FormData, u = typeof Blob < "u" && t.body instanceof Blob, l = typeof ReadableStream < "u" && t.body instanceof ReadableStream, d = typeof t.body == "string";
+    n ? a.set("Authorization", `Bearer ${n}`) : this.userId && a.set("X-User-ID", this.userId);
+    const o = typeof FormData < "u" && t.body instanceof FormData, u = typeof Blob < "u" && t.body instanceof Blob, d = typeof ReadableStream < "u" && t.body instanceof ReadableStream, f = typeof t.body == "string";
     let h;
-    t.body === void 0 || t.body === null ? h = void 0 : o || u || l || d ? h = t.body : (h = JSON.stringify(t.body), i.has("Content-Type") || i.set("Content-Type", "application/json"));
-    const f = this.customFetch ?? fetch;
+    t.body === void 0 || t.body === null ? h = void 0 : o || u || d || f ? h = t.body : (h = JSON.stringify(t.body), a.has("Content-Type") || a.set("Content-Type", "application/json"));
+    const y = this.customFetch ?? fetch;
     let c;
     try {
-      c = await f(s.toString(), {
+      c = await y(s.toString(), {
         method: t.method ?? "POST",
-        headers: i,
+        headers: a,
         body: h,
         signal: t.signal,
         credentials: "omit"
@@ -77,32 +81,32 @@ class K {
       throw new r("network_error", `Network request failed: ${P}`, { cause: p });
     }
     if (c.status === 402) {
-      const p = await $(c);
+      const p = await q(c);
       throw this.onQuotaExceeded?.(p), p;
     }
     if (!c.ok) {
-      const p = await F(c.clone());
+      const p = await $(c.clone());
       throw new r(
         p ?? `http_${c.status}`,
         c.statusText || "Gateway request failed",
         { status: c.status }
       );
     }
-    const w = c.headers.get("X-Query-Type") ?? void 0;
-    return this.onChargeSuccess?.(w), c;
+    const g = c.headers.get("X-Query-Type") ?? void 0;
+    return this.onChargeSuccess?.(g), c;
   }
 }
-async function $(a) {
+async function q(i) {
   let t = {};
   try {
-    t = await a.json();
+    t = await i.json();
   } catch {
   }
   const e = t.details?.balances;
   let s = [];
   if (Array.isArray(e)) {
-    const i = e[0];
-    Array.isArray(i) ? s = i : i && Array.isArray(i.balances) && (s = i.balances);
+    const a = e[0];
+    Array.isArray(a) ? s = a : a && Array.isArray(a.balances) && (s = a.balances);
   }
   return new R({
     balances: s,
@@ -110,174 +114,179 @@ async function $(a) {
     currentBalance: t.details?.currentBalance ?? null
   });
 }
-async function F(a) {
-  if (!(a.headers.get("content-type") ?? "").includes("application/json")) return null;
+async function $(i) {
+  if (!(i.headers.get("content-type") ?? "").includes("application/json")) return null;
   try {
-    const e = await a.json();
+    const e = await i.json();
     return e.code || e.error || null;
   } catch {
     return null;
   }
 }
-function N() {
+function F() {
   return typeof chrome < "u" && !!chrome?.storage?.local && !!chrome?.runtime?.id;
 }
-const D = {
-  getItem(a) {
+const M = {
+  getItem(i) {
     return new Promise((t) => {
-      chrome.storage.local.get([a], (e) => {
-        const s = e[a];
+      chrome.storage.local.get([i], (e) => {
+        const s = e[i];
         t(typeof s == "string" ? s : null);
       });
     });
   },
-  setItem(a, t) {
+  setItem(i, t) {
     return new Promise((e) => {
-      chrome.storage.local.set({ [a]: t }, () => e());
+      chrome.storage.local.set({ [i]: t }, () => e());
     });
   },
-  removeItem(a) {
+  removeItem(i) {
     return new Promise((t) => {
-      chrome.storage.local.remove([a], () => t());
+      chrome.storage.local.remove([i], () => t());
     });
   },
-  watch(a, t) {
+  watch(i, t) {
     const e = chrome?.storage?.onChanged;
     if (!e) return () => {
     };
-    const s = (i, n) => {
+    const s = (a, n) => {
       if (n !== "local") return;
-      const o = i[a];
+      const o = a[i];
       o && t(typeof o.newValue == "string" ? o.newValue : null);
     };
     return e.addListener(s), () => e.removeListener(s);
   }
 }, x = {
-  async getItem(a) {
+  async getItem(i) {
     try {
-      return window.localStorage.getItem(a);
+      return window.localStorage.getItem(i);
     } catch {
       return null;
     }
   },
-  async setItem(a, t) {
+  async setItem(i, t) {
     try {
-      window.localStorage.setItem(a, t);
+      window.localStorage.setItem(i, t);
     } catch {
     }
   },
-  async removeItem(a) {
+  async removeItem(i) {
     try {
-      window.localStorage.removeItem(a);
+      window.localStorage.removeItem(i);
     } catch {
     }
   },
-  watch(a, t) {
+  watch(i, t) {
     if (typeof window > "u") return () => {
     };
     const e = (s) => {
-      s.storageArea === window.localStorage && s.key === a && t(s.newValue);
+      s.storageArea === window.localStorage && s.key === i && t(s.newValue);
     };
     return window.addEventListener("storage", e), () => window.removeEventListener("storage", e);
   }
-}, m = /* @__PURE__ */ new Map(), M = {
-  async getItem(a) {
-    return m.get(a) ?? null;
+}, I = /* @__PURE__ */ new Map(), J = {
+  async getItem(i) {
+    return I.get(i) ?? null;
   },
-  async setItem(a, t) {
-    m.set(a, t);
+  async setItem(i, t) {
+    I.set(i, t);
   },
-  async removeItem(a) {
-    m.delete(a);
+  async removeItem(i) {
+    I.delete(i);
   }
 };
-function O(a) {
-  return a || (N() ? D : typeof window < "u" && "localStorage" in window ? x : M);
+function L(i) {
+  return i || (F() ? M : typeof window < "u" && "localStorage" in window ? x : J);
 }
-const y = {
+const l = {
   visitorId: "pw-visitor-id",
-  lastLoginMethod: (a) => `pw-${a}-last-login-method`,
-  lastLoginEmail: (a) => `pw-${a}-last-login-email`,
+  lastLoginMethod: (i) => `pw-${i}-last-login-method`,
+  lastLoginEmail: (i) => `pw-${i}-last-login-email`,
   // last-known PaywallUser. Используется как offline-fallback на старте, пока
   // первый getUser() не вернётся. Ключ зависит от paywallId+identity hash —
   // переключение identity не должно отдавать чужой user.
-  userState: (a, t) => `pw-${a}-${t}-user-v1`,
+  userState: (i, t) => `pw-${i}-${t}-user-v1`,
   // Persisted auth bundle (access_token, refresh_token, expires_at, user) для
   // одного пейвола. Ключ привязан к paywallId — мульти-пейвольное приложение
   // не пересекает сессии. Bump '-v1' на breaking shape change.
-  authSession: (a) => `pw-${a}-auth-v1`,
+  authSession: (i) => `pw-${i}-auth-v1`,
   // Refresh-token последнего анонимного юзера. Хранится отдельно от authSession,
   // потому что должен пережить signOut: после signOut() юзер может опять
   // зайти как тот же аноним — без капчи, через этот токен. signIn другим
   // методом (email/oauth) тоже его не трогает. Чистится только явным
   // signOut({forgetAnonymous: true}) или 401 от refresh-эндпоинта (значит
   // токен отозван, дальше держать бессмысленно).
-  anonRefreshToken: (a) => `pw-${a}-anon-rt-v1`,
+  anonRefreshToken: (i) => `pw-${i}-anon-rt-v1`,
   // Persisted bootstrap (settings/prices/offers/layout/locales/version) для
   // stale-while-revalidate. Не зависит от identity — layout одинаков для всех
   // юзеров одного пейвола; user-state живёт отдельно под `userState(...)`.
   // Bump '-v1' на breaking shape change.
-  bootstrap: (a) => `pw-${a}-bootstrap-v1`,
+  bootstrap: (i) => `pw-${i}-bootstrap-v1`,
   // Persisted balances (AI-провайдеры × tokenization_queries). Identity-bound,
   // т.к. balance считается per-Bearer-юзеру; при re-login ключ меняется и
   // чужие balances не видны. Меняются после оплаты (бэк) и API-вызовов
   // (оптимистично через `decrementBalanceLocal`).
-  balances: (a, t) => `pw-${a}-${t}-balances-v1`
+  balances: (i, t) => `pw-${i}-${t}-balances-v1`
 };
 function C() {
-  const a = typeof globalThis < "u" ? globalThis.crypto : void 0;
-  if (a && typeof a.randomUUID == "function") return a.randomUUID();
+  const i = typeof globalThis < "u" ? globalThis.crypto : void 0;
+  if (i && typeof i.randomUUID == "function") return i.randomUUID();
   const t = new Uint8Array(16);
-  if (a && typeof a.getRandomValues == "function")
-    a.getRandomValues(t);
+  if (i && typeof i.getRandomValues == "function")
+    i.getRandomValues(t);
   else
     for (let s = 0; s < 16; s++) t[s] = Math.floor(Math.random() * 256);
   t[6] = t[6] & 15 | 64, t[8] = t[8] & 63 | 128;
   const e = Array.from(t, (s) => s.toString(16).padStart(2, "0")).join("");
   return `${e.slice(0, 8)}-${e.slice(8, 12)}-${e.slice(12, 16)}-${e.slice(16, 20)}-${e.slice(20)}`;
 }
-async function I(a) {
+async function b(i) {
   try {
-    const e = await a.getItem(y.visitorId);
+    const e = await i.getItem(l.visitorId);
     if (e && typeof e == "string" && e.length >= 16) return e;
   } catch {
   }
   const t = C();
   try {
-    await a.setItem(y.visitorId, t);
+    await i.setItem(l.visitorId, t);
   } catch {
   }
   return t;
 }
-const J = 5e3, H = 30 * 6e4, v = 60 * 6e4, V = 5 * 6e4, _ = {
+const H = 5e3, V = 30 * 6e4, _ = 60 * 6e4, j = 5 * 6e4, v = {
   has_active_subscription: !1,
   purchases: [],
-  trial: null
+  trial: null,
+  had_previous_trial: !1
 };
-function B(a) {
-  return a && (a.email || a.userId || a.anonymousId) || "guest";
+function B(i) {
+  return i && (i.email || i.userId || i.anonymousId) || "guest";
 }
-function j(a, t) {
-  return a === t ? !0 : !a || !t ? !1 : JSON.stringify(a) === JSON.stringify(t);
+function X(i, t) {
+  return i === t ? !0 : !i || !t ? !1 : JSON.stringify(i) === JSON.stringify(t);
 }
-const X = 5e3, A = 5 * 6e4, z = 3e4;
-function G(a, t) {
-  if (a === t) return !0;
-  if (!a || !t || a.length !== t.length) return !1;
-  for (let e = 0; e < a.length; e++)
-    if (a[e].type !== t[e].type || a[e].count !== t[e].count) return !1;
+const G = 5e3, A = 5 * 6e4, z = 3e4;
+function Q(i, t) {
+  if (i === t) return !0;
+  if (!i || !t || i.length !== t.length) return !1;
+  for (let e = 0; e < i.length; e++)
+    if (i[e].type !== t[e].type || i[e].count !== t[e].count) return !1;
   return !0;
 }
-const Q = "https://appbox.space";
-class ut {
+class yt {
   constructor(t) {
-    if (this.cachedBootstrap = null, this.cachedBootstrapAt = 0, this.inflightBootstrap = null, this.bootstrapListeners = /* @__PURE__ */ new Set(), this.bootstrapStorageUnwatch = null, this.authUnsubscribe = null, this.cachedUser = null, this.cachedUserAt = 0, this.inflightUser = null, this.userListeners = /* @__PURE__ */ new Set(), this.visitorIdPromise = null, this.visitorId = null, this.inflightCheckouts = /* @__PURE__ */ new Map(), this.cachedBalances = null, this.cachedBalancesAt = 0, this.balancesStorageUnwatch = null, this.inflightBalances = null, this.balanceListeners = /* @__PURE__ */ new Set(), !t.paywallId)
+    if (this.cachedBootstrap = null, this.cachedBootstrapAt = 0, this.inflightBootstrap = null, this.bootstrapListeners = /* @__PURE__ */ new Set(), this.bootstrapStorageUnwatch = null, this.authUnsubscribe = null, this.cachedUser = null, this.cachedUserAt = 0, this.inflightUser = null, this.userListeners = /* @__PURE__ */ new Set(), this.visitorIdPromise = null, this.visitorId = null, this.inflightCheckouts = /* @__PURE__ */ new Map(), this.cachedBalances = null, this.cachedBalancesAt = 0, this.balancesStorageUnwatch = null, this.inflightBalances = null, this.balanceListeners = /* @__PURE__ */ new Set(), this.previewVersionCounter = 0, !t.paywallId)
       throw new r("invalid_config", "paywallId is required");
-    this.paywallId = t.paywallId, this.apiOrigin = t.apiOrigin ?? Q, this.capabilities = t.capabilities, this.auth = t.auth;
+    if (!t.apiOrigin)
+      throw new r(
+        "invalid_config",
+        'apiOrigin is required. Pass the paywall custom_domain configured in the platform (e.g. "https://pay.your-domain.com"). The legacy "appbox.space" fallback is not used in SDK 3.0.'
+      );
+    this.paywallId = t.paywallId, this.apiOrigin = t.apiOrigin, this.capabilities = t.capabilities, this.auth = t.auth, this.previewMode = t.preview === !0;
     const e = t.auth?.getCachedUser();
     this.identity = t.identity ?? (e ? T(e) : void 0), this.apiKey = t.apiKey, this.fetchImpl = t.fetch, t.apiKey && typeof window < "u" && typeof window.document < "u" && console.error(
       "[paywall] SECURITY: BillingClient.apiKey detected in browser context. This is a server-SDK key and exposes your account. Remove apiKey or move BillingClient to a trusted backend."
-    ), this.storage = O(t.storage), this.api = new k({
+    ), this.storage = L(t.storage), this.api = new E({
       apiOrigin: this.apiOrigin,
       paywallId: t.paywallId,
       capabilities: t.capabilities,
@@ -286,10 +295,10 @@ class ut {
       // делает lazy refresh, дедупит, на 401 возвращает null — тогда
       // Authorization-хедер просто не выставится.
       getAuthToken: t.auth ? () => t.auth.getAccessToken() : void 0
-    }), t.auth && (this.authUnsubscribe = t.auth.onAuthChange((s) => {
-      const i = s ? T(s.user) : void 0;
-      W(this.identity, i) || this.setIdentity(i);
-    })), this.hydrateUserFromStorage(), this.hydrateBootstrapFromStorage(), this.subscribeBootstrapStorage(), this.hydrateBalancesFromStorage(), this.subscribeBalancesStorage(), this.visitorIdPromise = I(this.storage).then((s) => (this.visitorId = s, s));
+    }), t.auth && (this.authUnsubscribe = t.auth.onAuthChange((s, a) => {
+      const n = a ? T(a.user) : void 0;
+      W(this.identity, n) || this.setIdentity(n);
+    })), this.hydrateUserFromStorage(), this.hydrateBootstrapFromStorage(), this.subscribeBootstrapStorage(), this.hydrateBalancesFromStorage(), this.subscribeBalancesStorage(), this.visitorIdPromise = b(this.storage).then((s) => (this.visitorId = s, s));
   }
   /**
    * Stable visitor_id (UUID v4). Первый вызов awaitит первичный резолв из
@@ -297,15 +306,15 @@ class ut {
    * EventTracker'ом для атрибуции аналитики.
    */
   async getVisitorId() {
-    return this.visitorId ? this.visitorId : (this.visitorIdPromise || (this.visitorIdPromise = I(this.storage).then((t) => (this.visitorId = t, t))), this.visitorIdPromise);
+    return this.visitorId ? this.visitorId : (this.visitorIdPromise || (this.visitorIdPromise = b(this.storage).then((t) => (this.visitorId = t, t))), this.visitorIdPromise);
   }
   /** Sync-доступ к visitor_id. null если ещё не зарезолвили (первые ms жизни). */
   getCachedVisitorId() {
     return this.visitorId;
   }
   setIdentity(t) {
-    this.identity = t, this.cachedUser = null, this.cachedUserAt = 0, this.inflightUser = null, this.cachedBalances = null, this.cachedBalancesAt = 0, this.inflightBalances = null, this.balancesStorageUnwatch && (this.balancesStorageUnwatch(), this.balancesStorageUnwatch = null), this.hydrateBalancesFromStorage(), this.subscribeBalancesStorage(), this.hydrateUserFromStorage(), t && this.getUser({ force: !0 }).catch(() => {
-    });
+    this.identity = t, this.cachedUser = null, this.cachedUserAt = 0, this.inflightUser = null, this.cachedBalances = null, this.cachedBalancesAt = 0, this.inflightBalances = null, this.balancesStorageUnwatch && (this.balancesStorageUnwatch(), this.balancesStorageUnwatch = null), this.hydrateBalancesFromStorage(), this.subscribeBalancesStorage(), this.hydrateUserFromStorage(), t ? this.getUser({ force: !0 }).catch(() => {
+    }) : (this.applyUser(v), this.applyBalances([]));
   }
   /**
    * Отписаться от auth-event'ов и сбросить listener'ы. Вызывать когда
@@ -325,9 +334,17 @@ class ut {
     return this.storage;
   }
   async bootstrap(t = !1) {
-    const e = typeof t == "boolean" ? { force: t } : t, s = Date.now(), i = this.cachedBootstrap && this.cachedBootstrapAt > 0 && s - this.cachedBootstrapAt < v;
-    return !e.force && i ? (s - this.cachedBootstrapAt > V && this.revalidateBootstrap(e.signal).catch(() => {
-    }), this.cachedBootstrap) : this.inflightBootstrap ? this.inflightBootstrap : (this.inflightBootstrap = this.fetchBootstrap({
+    const e = typeof t == "boolean" ? { force: t } : t;
+    if (this.previewMode) {
+      if (this.cachedBootstrap) return this.cachedBootstrap;
+      throw new r(
+        "invalid_config",
+        "BillingClient in preview mode but cachedBootstrap is not seeded. Call setBootstrap(bootstrap) before open()."
+      );
+    }
+    const s = Date.now(), a = this.cachedBootstrap && this.cachedBootstrapAt > 0 && s - this.cachedBootstrapAt < _;
+    return !e.force && a ? (s - this.cachedBootstrapAt > j && this.revalidateBootstrap(e.signal).catch(() => {
+    }), { ...this.cachedBootstrap, user: this.cachedUser ?? void 0 }) : this.inflightBootstrap ? this.inflightBootstrap : (this.inflightBootstrap = this.fetchBootstrap({
       ifVersion: e.force ? void 0 : this.cachedBootstrap?.version,
       signal: e.signal
     }).finally(() => {
@@ -345,6 +362,44 @@ class ut {
       this.bootstrapListeners.delete(t);
     };
   }
+  /**
+   * Заменить cachedBootstrap частичными или полными данными и эмитнуть всем
+   * подписчикам. Используется host'ом в preview-mode (редактор админки) для
+   * live-обновления открытой модалки без сетевого revalidate'а.
+   *
+   * Поведение:
+   *  - Без `cachedBootstrap` ожидаются как минимум `settings` + `prices` —
+   *    иначе PaywallRoot не сможет отрендерить тарифы и упадёт.
+   *  - С существующим кешем партиал мёрджится поверх: `settings` глубокий мёрдж
+   *    на 1 уровень (поля настроек), массивы `prices`/`offers` перезаписываются.
+   *  - Каждый вызов бампит `version` ("preview:<n>"), чтобы applyBootstrap'овая
+   *    проверка `versionChanged` всегда срабатывала и listener'ы дёргались.
+   *  - Persist в storage НЕ делаем — preview не должен утекать в другие вкладки.
+   *
+   * В non-preview режиме метод доступен, но это редкий путь (например, для
+   * тестов host'а) — production-код должен полагаться на bootstrap() + revalidate.
+   */
+  setBootstrap(t) {
+    const e = this.cachedBootstrap ?? {
+      settings: { id: this.paywallId, name: "" },
+      prices: [],
+      offers: []
+    }, s = {
+      ...e,
+      ...t,
+      settings: t.settings !== void 0 ? { ...e.settings, ...t.settings } : e.settings,
+      prices: t.prices !== void 0 ? t.prices : e.prices,
+      offers: t.offers !== void 0 ? t.offers : e.offers,
+      version: `preview:${++this.previewVersionCounter}`
+    };
+    s.layout || (s.layout = U(s.settings, s.prices)), w(s), this.cachedBootstrap = s, this.cachedBootstrapAt = Date.now();
+    for (const a of this.bootstrapListeners)
+      try {
+        a(s);
+      } catch (n) {
+        console.warn("[paywall] onBootstrapChange listener threw", n);
+      }
+  }
   // Network primitive — единая точка для force-запроса, revalidate'а и
   // первого холодного bootstrap'а. `ifVersion` шлёт server-side short-circuit:
   // если совпала — бэк отвечает `{unchanged: true, version, user}` и мы лишь
@@ -352,14 +407,14 @@ class ut {
   async fetchBootstrap(t) {
     const e = {};
     this.identity?.email && (e["X-User-Email"] = this.identity.email);
-    const s = t.ifVersion ? `/api/v1/paywall/${this.paywallId}/bootstrap?if_version=${encodeURIComponent(t.ifVersion)}` : `/api/v1/paywall/${this.paywallId}/bootstrap`, i = await this.api.request(s, {
+    const s = t.ifVersion ? `/api/v1/paywall/${this.paywallId}/bootstrap?if_version=${encodeURIComponent(t.ifVersion)}` : `/api/v1/paywall/${this.paywallId}/bootstrap`, a = await this.api.request(s, {
       ...Object.keys(e).length ? { headers: e } : {},
       signal: t.signal
     });
-    if ("unchanged" in i && i.unchanged)
-      return this.cachedBootstrap ? (this.cachedBootstrapAt = Date.now(), i.user && this.applyUser(i.user), this.cachedBootstrap) : this.fetchBootstrap({ signal: t.signal });
-    const n = i;
-    return n.layout || (n.layout = Y(n.settings, n.prices)), b(n), this.applyBootstrap(n, { persist: !0 }), n.user && this.applyUser(n.user), n;
+    if ("unchanged" in a && a.unchanged)
+      return this.cachedBootstrap ? (this.cachedBootstrapAt = Date.now(), a.user && this.applyUser(a.user), this.cachedBootstrap) : this.fetchBootstrap({ signal: t.signal });
+    const n = a;
+    return Y(n.settings.custom_domain, this.apiOrigin), n.layout || (n.layout = U(n.settings, n.prices)), w(n), this.applyBootstrap(n, { persist: !0 }), n.user && this.applyUser(n.user), n;
   }
   // Фоновый revalidate из stale-while-revalidate ветки. Дедуплицируется через
   // `inflightBootstrap`, чтобы параллельные revalidate'ы не пересекались.
@@ -379,9 +434,9 @@ class ut {
   applyBootstrap(t, { persist: e }) {
     const s = !this.cachedBootstrap || this.cachedBootstrap.version !== t.version;
     if (this.cachedBootstrap = t, this.cachedBootstrapAt = Date.now(), e && this.persistBootstrap(t), s)
-      for (const i of this.bootstrapListeners)
+      for (const a of this.bootstrapListeners)
         try {
-          i(t);
+          a(t);
         } catch (n) {
           console.warn("[paywall] onBootstrapChange listener threw", n);
         }
@@ -389,16 +444,16 @@ class ut {
   async hydrateBootstrapFromStorage() {
     if (!this.cachedBootstrap)
       try {
-        const t = await this.storage.getItem(y.bootstrap(this.paywallId));
+        const t = await this.storage.getItem(l.bootstrap(this.paywallId));
         if (!t) return;
         const e = JSON.parse(t);
-        if (!e?.bootstrap || Date.now() - e.at > v || this.cachedBootstrap) return;
-        b(e.bootstrap), this.cachedBootstrap = e.bootstrap, this.cachedBootstrapAt = e.at;
+        if (!e?.bootstrap || Date.now() - e.at > _ || this.cachedBootstrap) return;
+        w(e.bootstrap), this.cachedBootstrap = e.bootstrap, this.cachedBootstrapAt = e.at;
         for (const s of this.bootstrapListeners)
           try {
             s(e.bootstrap);
-          } catch (i) {
-            console.warn("[paywall] onBootstrapChange listener threw", i);
+          } catch (a) {
+            console.warn("[paywall] onBootstrapChange listener threw", a);
           }
       } catch {
       }
@@ -408,7 +463,7 @@ class ut {
       try {
         const { user: e, ...s } = t;
         await this.storage.setItem(
-          y.bootstrap(this.paywallId),
+          l.bootstrap(this.paywallId),
           JSON.stringify({ at: Date.now(), bootstrap: s })
         );
       } catch {
@@ -419,7 +474,7 @@ class ut {
   // no-op, всё работает как раньше через сеть.
   subscribeBootstrapStorage() {
     typeof this.storage.watch == "function" && (this.bootstrapStorageUnwatch = this.storage.watch(
-      y.bootstrap(this.paywallId),
+      l.bootstrap(this.paywallId),
       (t) => {
         if (t)
           try {
@@ -429,7 +484,7 @@ class ut {
               this.cachedBootstrapAt = e.at;
               return;
             }
-            b(e.bootstrap), this.applyBootstrap(e.bootstrap, { persist: !1 });
+            w(e.bootstrap), this.applyBootstrap(e.bootstrap, { persist: !1 });
           } catch {
           }
       }
@@ -457,6 +512,15 @@ class ut {
   getCachedPrices() {
     return this.cachedBootstrap?.prices ?? null;
   }
+  /** Sync-снимок офферов из последнего bootstrap'а. null = bootstrap ещё не
+   *  загружали, пустой массив = бэк отдал пейвол без офферов. Бэк уже
+   *  применил серверный таргетинг (target_countries / target_emails /
+   *  targeting_mode из offer_settings) — наружу выезжает только то, что
+   *  применимо к текущему юзеру. Клиентская сторона остаётся ответственной
+   *  за price_id-matching и countdown (см. core/offer.ts → resolveOffer). */
+  getCachedOffers() {
+    return this.cachedBootstrap?.offers ?? null;
+  }
   /**
    * Снимок того, какой язык SDK сейчас считает «языком юзера». Полезно для
    * синхронизации i18n хоста с тем, что фактически показывает пейвол — чтобы
@@ -476,7 +540,7 @@ class ut {
    * есть `navigator.language`.
    */
   getUserLanguage() {
-    const t = typeof navigator < "u" && navigator.language ? navigator.language : null, e = this.cachedBootstrap?.settings.locale_default ?? null, s = this.cachedBootstrap ? E(this.cachedBootstrap) : null;
+    const t = typeof navigator < "u" && navigator.language ? navigator.language : null, e = this.cachedBootstrap?.settings.locale_default ?? null, s = this.cachedBootstrap ? N(this.cachedBootstrap) : null;
     return { tag: s ?? t ?? e, applied: s, browserLanguage: t, countryLanguage: e };
   }
   /**
@@ -488,10 +552,10 @@ class ut {
    * - Без identity возвращает empty-state (сервер тоже так делает).
    */
   async getUser({ force: t = !1, signal: e } = {}) {
-    return !t && this.cachedUser && Date.now() - this.cachedUserAt < J ? this.cachedUser : this.inflightUser ? this.inflightUser : (this.inflightUser = (async () => {
+    return !t && this.cachedUser && Date.now() - this.cachedUserAt < H ? this.cachedUser : this.inflightUser ? this.inflightUser : (this.inflightUser = (async () => {
       try {
         if (!this.identity?.email)
-          return this.applyUser(_), _;
+          return this.applyUser(v), v;
         const s = await this.api.request(
           `/api/v1/paywall/${this.paywallId}/user-state`,
           { headers: { "X-User-Email": this.identity.email }, signal: e }
@@ -523,16 +587,16 @@ class ut {
     this.userListeners.add(t);
     const s = e.immediate ?? "microtask";
     if (this.cachedUser && s !== "none") {
-      const i = this.cachedUser;
+      const a = this.cachedUser;
       if (s === "sync")
         try {
-          t(i);
+          t(a);
         } catch (n) {
           console.warn("[paywall] onUserChange initial sync threw", n);
         }
       else
         queueMicrotask(() => {
-          this.userListeners.has(t) && t(i);
+          this.userListeners.has(t) && t(a);
         });
     }
     return () => {
@@ -544,19 +608,19 @@ class ut {
     return this.cachedUser;
   }
   applyUser(t) {
-    const e = !j(this.cachedUser, t);
+    const e = !X(this.cachedUser, t);
     if (this.cachedUser = t, this.cachedUserAt = Date.now(), e) {
       this.persistUser(t);
       for (const s of this.userListeners)
         try {
           s(t);
-        } catch (i) {
-          console.warn("[paywall] onUserChange listener threw", i);
+        } catch (a) {
+          console.warn("[paywall] onUserChange listener threw", a);
         }
     }
   }
   storageKey() {
-    return y.userState(this.paywallId, B(this.identity));
+    return l.userState(this.paywallId, B(this.identity));
   }
   async hydrateUserFromStorage() {
     if (!this.cachedUser)
@@ -564,7 +628,7 @@ class ut {
         const t = await this.storage.getItem(this.storageKey());
         if (!t) return;
         const e = JSON.parse(t);
-        if (!e?.user || Date.now() - e.at > H || this.cachedUser) return;
+        if (!e?.user || Date.now() - e.at > V || this.cachedUser) return;
         this.applyUser(e.user);
       } catch {
       }
@@ -592,8 +656,8 @@ class ut {
    * по `currentBalance` в QuotaExceededError или `balances.length`.
    */
   async getBalances({ force: t = !1, signal: e } = {}) {
-    const s = Date.now(), i = this.cachedBalances ? s - this.cachedBalancesAt : 1 / 0;
-    return !t && this.cachedBalances && (i < X || i < z) ? this.cachedBalances : !t && this.cachedBalances && i < A ? (this.fetchBalances({ signal: e }).catch(() => {
+    const s = Date.now(), a = this.cachedBalances ? s - this.cachedBalancesAt : 1 / 0;
+    return !t && this.cachedBalances && (a < G || a < z) ? this.cachedBalances : !t && this.cachedBalances && a < A ? (this.fetchBalances({ signal: e }).catch(() => {
     }), this.cachedBalances) : this.inflightBalances ? this.inflightBalances : this.fetchBalances({ signal: e });
   }
   // Network primitive — единая точка для force/stale-revalidate/cold-start.
@@ -624,16 +688,16 @@ class ut {
     this.balanceListeners.add(t);
     const s = e.immediate ?? "microtask";
     if (this.cachedBalances && s !== "none") {
-      const i = this.cachedBalances;
+      const a = this.cachedBalances;
       if (s === "sync")
         try {
-          t(i);
+          t(a);
         } catch (n) {
           console.warn("[paywall] onBalanceChange initial sync threw", n);
         }
       else
         queueMicrotask(() => {
-          this.balanceListeners.has(t) && t(i);
+          this.balanceListeners.has(t) && t(a);
         });
     }
     return () => {
@@ -662,10 +726,10 @@ class ut {
     if (!this.cachedBalances) return;
     const e = this.cachedBalances.findIndex((n) => n.type === t);
     if (e < 0 || this.cachedBalances[e].count <= 0) return;
-    const i = this.cachedBalances.map(
+    const a = this.cachedBalances.map(
       (n, o) => o === e ? { ...n, count: n.count - 1 } : n
     );
-    this.applyBalances(i);
+    this.applyBalances(a);
   }
   /** Принудительный re-fetch — типичный вызов после QuotaExceededError, чтобы
    *  UI получил актуальный balance=0 и нарисовал upgrade-prompt. */
@@ -684,7 +748,7 @@ class ut {
    */
   createApiGatewayClient(t = {}) {
     const e = t.onChargeSuccess, s = t.onQuotaExceeded;
-    return new K({
+    return new D({
       paywallId: this.paywallId,
       apiOrigin: this.apiOrigin,
       auth: this.auth,
@@ -692,26 +756,26 @@ class ut {
       capabilities: this.capabilities,
       fetch: this.fetchImpl,
       ...t,
-      onChargeSuccess: (i) => {
-        this.decrementBalanceLocal(i), e?.(i);
+      onChargeSuccess: (a) => {
+        this.decrementBalanceLocal(a), e?.(a);
       },
-      onQuotaExceeded: (i) => {
-        this.refreshBalances(), s?.(i);
+      onQuotaExceeded: (a) => {
+        this.refreshBalances(), s?.(a);
       }
     });
   }
   applyBalances(t, { persist: e = !0 } = {}) {
-    const s = !G(this.cachedBalances, t);
+    const s = !Q(this.cachedBalances, t);
     if (this.cachedBalances = t, this.cachedBalancesAt = Date.now(), e && this.persistBalances(t), s)
-      for (const i of this.balanceListeners)
+      for (const a of this.balanceListeners)
         try {
-          i(t);
+          a(t);
         } catch (n) {
           console.warn("[paywall] onBalanceChange listener threw", n);
         }
   }
   balancesStorageKey() {
-    return y.balances(this.paywallId, B(this.identity));
+    return l.balances(this.paywallId, B(this.identity));
   }
   async hydrateBalancesFromStorage() {
     if (!this.cachedBalances)
@@ -724,8 +788,8 @@ class ut {
         for (const s of this.balanceListeners)
           try {
             s(e.balances);
-          } catch (i) {
-            console.warn("[paywall] onBalanceChange listener threw", i);
+          } catch (a) {
+            console.warn("[paywall] onBalanceChange listener threw", a);
           }
       } catch {
       }
@@ -768,7 +832,7 @@ class ut {
       "Idempotency-Key": t.idempotencyKey ?? C()
     };
     this.apiKey && (n["X-Api-Key"] = this.apiKey);
-    const o = this.cachedBootstrap?.settings, u = t.successUrl ?? o?.success_redirect_url ?? void 0, l = t.shopUrl ?? o?.checkout_shop_url ?? void 0, d = this.api.request(`/api/v1/paywall/${this.paywallId}/start-checkout`, {
+    const o = this.cachedBootstrap?.settings, u = t.successUrl ?? o?.success_redirect_url ?? void 0, d = t.shopUrl ?? o?.checkout_shop_url ?? void 0, f = this.api.request(`/api/v1/paywall/${this.paywallId}/start-checkout`, {
       method: "POST",
       headers: n,
       signal: t.signal,
@@ -777,7 +841,7 @@ class ut {
         priceId: Number(t.priceId),
         successUrl: u,
         errorUrl: t.errorUrl,
-        shopUrl: l,
+        shopUrl: d,
         productName: o?.checkout_product_name ?? void 0,
         trial_days: t.trialDays,
         ignoreActivePurchase: t.ignoreActivePurchase ? !0 : void 0,
@@ -790,10 +854,10 @@ class ut {
         { status: 409, cause: h.cause }
       ) : h;
     });
-    return this.inflightCheckouts.set(e, d), d.finally(() => {
-      this.inflightCheckouts.get(e) === d && this.inflightCheckouts.delete(e);
+    return this.inflightCheckouts.set(e, f), f.finally(() => {
+      this.inflightCheckouts.get(e) === f && this.inflightCheckouts.delete(e);
     }).catch(() => {
-    }), d;
+    }), f;
   }
   /**
    * URL Stripe/Paddle/Chargebee customer portal — место, где залогиненный
@@ -840,43 +904,65 @@ class ut {
    * `/api/v1/paywall/[id]/user` без unstable_cache, потому что list для UI
    * должен быть свежим после cancel-а.
    *
-   * Auth: Bearer обязателен (через AuthClient). Без Bearer — 401 от бэка,
-   * пробрасываем как PaywallError('http_401'). Гость → пустой список.
+   * Auth (два пути):
+   *  - Bearer (через AuthClient) — user.id резолвится из сессии, identity
+   *    в query игнорируется.
+   *  - `apiKey` + `identity.email`/`identity.userId` — server-SDK путь для
+   *    интеграций со своей авторизацией. Бэк проверяет, что identity линкована
+   *    к этому пейволу (защита от cross-paywall lookup).
+   * Без auth и без apiKey+identity — `identity_required`.
    */
   async listPurchases(t = {}) {
-    if (!this.auth)
+    const e = !!(this.identity?.email || this.identity?.userId);
+    if (!this.auth && !(this.apiKey && e))
       throw new r(
-        "auth_required",
-        "listPurchases requires AuthClient (Bearer auth)"
+        "identity_required",
+        "listPurchases requires AuthClient (Bearer) or apiKey + identity.email/userId"
       );
-    return (await this.api.request(`/api/v1/paywall/${this.paywallId}/user`, {
+    const s = {};
+    this.apiKey && (s["X-Api-Key"] = this.apiKey);
+    const a = new URLSearchParams();
+    this.apiKey && this.identity?.email && a.set("email", this.identity.email), this.apiKey && this.identity?.userId && a.set("user_id", this.identity.userId);
+    const n = a.toString(), o = n ? `/api/v1/paywall/${this.paywallId}/user?${n}` : `/api/v1/paywall/${this.paywallId}/user`;
+    return (await this.api.request(o, {
       method: "GET",
+      headers: s,
       signal: t.signal
     })).purchases ?? [];
   }
   /**
-   * Отменить подписку. Бэк проверит что subscription принадлежит auth-юзеру
-   * и сделает cancel у acquiring'а (Stripe/Paddle/Chargebee). По умолчанию
-   * cancel в конце текущего периода — юзер сохраняет access до renewal date'ы.
+   * Отменить подписку. Бэк проверит, что subscription принадлежит юзеру
+   * (Bearer-путь — из сессии; apiKey-путь — из identity), и сделает cancel у
+   * acquiring'а (Stripe/Paddle/Chargebee/Overpay). По умолчанию cancel в
+   * конце текущего периода — юзер сохраняет access до renewal date'ы.
    *
-   * `reason` обязательна (валидация на бэке). Удобно собрать через select
-   * причин в host-UI, как в legacy customer portal'е.
+   * `reason` обязательна (валидация на бэке).
    *
-   * Auth: Bearer обязателен.
+   * Auth (два пути):
+   *  - Bearer (через AuthClient) — стандартный путь для UI customer-portal'a.
+   *  - `apiKey` + `identity.email`/`identity.userId` — для self-service UI на
+   *    бэке клиента со своей авторизацией. Бэк дополнительно фильтрует
+   *    subscription по paywall_id, чтобы owner пейвола A не отменил подписку
+   *    пейвола B.
    */
   async cancelSubscription(t) {
-    if (!this.auth)
+    const e = !!(this.identity?.email || this.identity?.userId);
+    if (!this.auth && !(this.apiKey && e))
       throw new r(
-        "auth_required",
-        "cancelSubscription requires AuthClient (Bearer auth)"
+        "identity_required",
+        "cancelSubscription requires AuthClient (Bearer) or apiKey + identity.email/userId"
       );
-    return this.api.request("/api/paywall/cancel-subscription", {
+    const s = {};
+    this.apiKey && (s["X-Api-Key"] = this.apiKey);
+    const a = {
+      subscriptionId: t.subscriptionId,
+      paywallId: this.paywallId,
+      cancellationReason: t.reason
+    };
+    return this.apiKey && this.identity?.email && (a.email = this.identity.email), this.apiKey && this.identity?.userId && (a.userId = this.identity.userId), this.api.request("/api/paywall/cancel-subscription", {
       method: "POST",
-      body: JSON.stringify({
-        subscriptionId: t.subscriptionId,
-        paywallId: this.paywallId,
-        cancellationReason: t.reason
-      }),
+      headers: s,
+      body: JSON.stringify(a),
       signal: t.signal
     });
   }
@@ -909,80 +995,108 @@ class ut {
     });
   }
 }
-function T(a) {
-  return { email: a.email, userId: a.id };
+function T(i) {
+  return { email: i.email, userId: i.id };
 }
-function W(a, t) {
-  return a === t ? !0 : !a || !t ? !1 : a.email === t.email && a.userId === t.userId && a.anonymousId === t.anonymousId;
+function W(i, t) {
+  return i === t ? !0 : !i || !t ? !1 : i.email === t.email && i.userId === t.userId && i.anonymousId === t.anonymousId;
 }
-function Y(a, t) {
+function O(i) {
+  if (!i) return null;
+  const t = i.trim();
+  if (!t) return null;
+  try {
+    return new URL(t.includes("://") ? t : `https://${t}`).origin;
+  } catch {
+    return null;
+  }
+}
+function Y(i, t) {
+  const e = O(i);
+  if (!(!e || O(t) === e))
+    throw new r(
+      "invalid_config",
+      `apiOrigin mismatch: SDK initialized with "${t}" but paywall is configured with custom_domain "${i}". Use the custom_domain from the platform paywall settings.`
+    );
+}
+function U(i, t) {
   return {
     type: "modal",
     blocks: [
-      { type: "heading", text: a.name || "Upgrade", level: 1 },
+      // offer_banner НЕ в default layout — PaywallRoot рендерит его как
+      // top-tab над dialog'ом (rounded-top, negative margin), за пределами
+      // scrollable area. Блок остаётся в registry для opt-in inline-вариантa.
+      { type: "heading", text: i.name || "Upgrade", level: 1 },
       { type: "price_grid", priceIds: t.map((e) => e.id) },
-      { type: "cta_button", label: "Continue", action: "checkout" }
+      { type: "cta_button", action: "checkout" },
+      { type: "guarantee_badge" },
+      { type: "current_session" }
     ]
   };
 }
-function E(a) {
-  const t = a.locales;
+function N(i) {
+  const t = i.locales;
   if (!t) return null;
   const e = [];
   if (typeof navigator < "u") {
     navigator.language && e.push(navigator.language);
-    const i = navigator.language?.split("-")[0];
-    i && i !== navigator.language && e.push(i);
+    const a = navigator.language?.split("-")[0];
+    a && a !== navigator.language && e.push(a);
   }
-  const s = a.settings.locale_default;
+  const s = i.settings.locale_default;
   s && e.push(s);
-  for (const i of e)
-    if (i && Object.prototype.hasOwnProperty.call(t, i)) return i;
+  for (const a of e)
+    if (a && Object.prototype.hasOwnProperty.call(t, a)) return a;
   return null;
 }
-function b(a) {
-  const t = E(a);
+function w(i) {
+  const t = N(i);
   if (!t) return;
-  const e = a.locales?.[t];
-  e && (e.layout && (a.layout = e.layout), e.prices && (a.prices = a.prices.map((s) => {
-    const i = e.prices?.[s.id];
-    if (!i) return s;
+  const e = i.locales?.[t];
+  e && (e.layout && (i.layout = e.layout), e.prices && (i.prices = i.prices.map((s) => {
+    const a = e.prices?.[s.id];
+    if (!a) return s;
     const n = { ...s };
-    return "label" in i && (n.label = i.label ?? null), "description" in i && (n.description = i.description ?? null), n;
+    return "label" in a && (n.label = a.label ?? null), "description" in a && (n.description = a.description ?? null), n;
   })));
 }
-function L(a) {
-  const t = new Uint8Array(a), e = typeof globalThis < "u" ? globalThis.crypto : void 0;
+function K(i) {
+  const t = new Uint8Array(i), e = typeof globalThis < "u" ? globalThis.crypto : void 0;
   if (e && typeof e.getRandomValues == "function")
     e.getRandomValues(t);
   else
-    for (let s = 0; s < a; s++) t[s] = Math.floor(Math.random() * 256);
+    for (let s = 0; s < i; s++) t[s] = Math.floor(Math.random() * 256);
   return t;
 }
-function S(a) {
+function S(i) {
   let t = "";
-  for (let e = 0; e < a.length; e++) t += String.fromCharCode(a[e]);
+  for (let e = 0; e < i.length; e++) t += String.fromCharCode(i[e]);
   return btoa(t).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
 function Z() {
-  return S(L(64));
+  return S(K(64));
 }
-async function tt(a) {
-  const t = new TextEncoder().encode(a), e = globalThis.crypto;
+async function tt(i) {
+  const t = new TextEncoder().encode(i), e = globalThis.crypto;
   if (!e?.subtle?.digest)
     throw new Error("crypto.subtle is required for PKCE");
   const s = await e.subtle.digest("SHA-256", t);
   return S(new Uint8Array(s));
 }
 function et() {
-  return S(L(16));
+  return S(K(16));
 }
-const st = "https://appbox.space", it = 6e4, at = 600 * 1e3;
-class dt {
+const st = 6e4, it = 600 * 1e3;
+class pt {
   constructor(t) {
     if (this.session = null, this.inflightRefresh = null, this.inflightAnonSignin = null, this.listeners = /* @__PURE__ */ new Set(), this.storageUnwatch = null, this.destroyed = !1, this.oauthFlows = /* @__PURE__ */ new Map(), !t.paywallId)
       throw new r("invalid_config", "paywallId is required");
-    this.paywallId = t.paywallId, this.apiOrigin = t.apiOrigin ?? st, this.storage = O(t.storage), this.api = new k({
+    if (!t.apiOrigin)
+      throw new r(
+        "invalid_config",
+        "apiOrigin is required. Pass the paywall custom_domain configured in the platform."
+      );
+    this.paywallId = t.paywallId, this.apiOrigin = t.apiOrigin, this.storage = L(t.storage), this.api = new E({
       apiOrigin: this.apiOrigin,
       paywallId: t.paywallId,
       fetch: t.fetch
@@ -1008,14 +1122,15 @@ class dt {
   async applyExternalSession(t) {
     if (!this.destroyed && (await this.hydrated, !this.destroyed)) {
       if (t == null) {
-        this.session && this.setSession(null, { skipPersist: !0 });
+        this.session && this.setSession(null, { skipPersist: !0, event: "SIGNED_OUT" });
         return;
       }
       try {
         const e = JSON.parse(t);
         if (!e || typeof e.access_token != "string" || typeof e.refresh_token != "string" || typeof e.expires_at != "number" || !e.user)
           return;
-        this.setSession(e, { skipPersist: !0 });
+        const s = !this.session || this.session.user.id !== e.user.id ? "SIGNED_IN" : "TOKEN_REFRESHED";
+        this.setSession(e, { skipPersist: !0, event: s });
       } catch {
       }
     }
@@ -1059,7 +1174,7 @@ class dt {
     await this.hydrated;
     const e = await this.readVisitorId(), s = {};
     t.idempotencyKey && (s["Idempotency-Key"] = t.idempotencyKey);
-    const i = await this.api.request(
+    const a = await this.api.request(
       `/api/v1/paywall/${this.paywallId}/auth/email/signin`,
       {
         method: "POST",
@@ -1071,8 +1186,8 @@ class dt {
           user_meta: t.userMeta
         })
       }
-    ), n = this.toSession(i, i.user);
-    return this.setSession(n), n;
+    ), n = this.toSession(a, a.user);
+    return this.setSession(n, { event: "SIGNED_IN" }), this.recordLastLogin("email", t.email), n;
   }
   /**
    * Signup. Если в Supabase включён email confirm — сервер возвращает
@@ -1084,7 +1199,7 @@ class dt {
     await this.hydrated;
     const e = await this.readVisitorId(), s = {};
     t.idempotencyKey && (s["Idempotency-Key"] = t.idempotencyKey);
-    const i = await this.api.request(
+    const a = await this.api.request(
       `/api/v1/paywall/${this.paywallId}/auth/email/signup`,
       {
         method: "POST",
@@ -1097,10 +1212,10 @@ class dt {
         })
       }
     );
-    if (i.status === "confirmation_required")
-      return { kind: "confirmation_required", user: i.user };
-    const n = this.toSession(i, i.user);
-    return this.setSession(n), { kind: "signed_in", session: n };
+    if (a.status === "confirmation_required")
+      return this.recordLastLogin("email", t.email), { kind: "confirmation_required", user: a.user };
+    const n = this.toSession(a, a.user);
+    return this.setSession(n, { event: "SIGNED_IN" }), this.recordLastLogin("email", t.email), { kind: "signed_in", session: n };
   }
   /**
    * Повторная отправка confirmation-email после signUp с включённым
@@ -1163,8 +1278,8 @@ class dt {
           user_meta: t.userMeta
         })
       }
-    ), i = this.toSession(s, s.user);
-    return this.setSession(i), i;
+    ), a = this.toSession(s, s.user), n = t.type === "recovery" ? "PASSWORD_RECOVERY" : "SIGNED_IN";
+    return this.setSession(a, { event: n }), a;
   }
   /**
    * Запрос recovery email. Бэк всегда ok, чтобы не палить enumeration.
@@ -1223,10 +1338,8 @@ class dt {
    * когда сервер начнёт возвращать challenge_required в риск-сценариях,
    * SDK сможет передать proof-of-something обратно без breaking change.
    *
-   * `forceCaptcha: true` пропускает шаги 1-2 и сразу делает /signin (создаёт
-   * нового anon-юзера). Используется в switch-account flow. Имя поля исторически
-   * остаётся `forceCaptcha`, хотя капчи там больше нет — менять имя ломает
-   * host-сигнатуру; смысл «принудительно новая anon-сессия» сохранён.
+   * `forceNewAnon: true` пропускает шаги 1-2 и сразу делает /signin (создаёт
+   * нового anon-юзера). Используется в switch-account flow.
    *
    * Параллельные вызовы дедуплицируются через `inflightAnonSignin` — два
    * click'а на «Войти как гость» не создадут двух anon-юзеров (два /signup =
@@ -1235,9 +1348,9 @@ class dt {
   async signInAnonymously(t = {}) {
     if (this.inflightAnonSignin) return this.inflightAnonSignin;
     this.inflightAnonSignin = (async () => {
-      if (await this.hydrated, !t.forceCaptcha && this.session?.user.is_anonymous === !0)
+      if (await this.hydrated, !t.forceNewAnon && this.session?.user.is_anonymous === !0)
         return this.session;
-      if (!t.forceCaptcha) {
+      if (!t.forceNewAnon) {
         const o = await this.resumeAnonymous();
         if (o) return o;
       }
@@ -1251,12 +1364,12 @@ class dt {
             user_meta: t.userMeta
           })
         }
-      ), i = {
+      ), a = {
         ...s.user,
         email: s.user.email ?? null,
         is_anonymous: !0
-      }, n = this.toSession(s, i);
-      return this.setSession(n), await this.writeAnonRefreshToken(n.refresh_token), n;
+      }, n = this.toSession(s, a);
+      return this.setSession(n, { event: "SIGNED_IN" }), await this.writeAnonRefreshToken(n.refresh_token), n;
     })();
     try {
       return await this.inflightAnonSignin;
@@ -1277,8 +1390,8 @@ class dt {
       const e = await this.api.request(
         `/api/v1/paywall/${this.paywallId}/auth/refresh`,
         { method: "POST", body: JSON.stringify({ refresh_token: t }) }
-      ), s = this.session?.user.is_anonymous === !0 ? this.session.user : { id: "", email: null, is_anonymous: !0 }, i = this.toSession(e, s);
-      return this.setSession(i), await this.writeAnonRefreshToken(i.refresh_token), i;
+      ), s = this.session?.user.is_anonymous === !0 ? this.session.user : { id: "", email: null, is_anonymous: !0 }, a = this.toSession(e, s);
+      return this.setSession(a, { event: "SIGNED_IN" }), await this.writeAnonRefreshToken(a.refresh_token), a;
     } catch (e) {
       if (e instanceof r && e.status === 401)
         return await this.clearAnonRefreshToken(), null;
@@ -1315,7 +1428,7 @@ class dt {
       Authorization: `Bearer ${e}`
     };
     t.idempotencyKey && (s["Idempotency-Key"] = t.idempotencyKey);
-    const i = await this.api.request(
+    const a = await this.api.request(
       `/api/v1/paywall/${this.paywallId}/auth/anonymous/upgrade`,
       {
         method: "POST",
@@ -1327,8 +1440,8 @@ class dt {
         })
       }
     );
-    if (i.status === "confirmation_required")
-      return { kind: "confirmation_required", email: i.email };
+    if (a.status === "confirmation_required")
+      return { kind: "confirmation_required", email: a.email };
     const n = this.session;
     if (!n)
       throw new r(
@@ -1337,11 +1450,11 @@ class dt {
       );
     const o = {
       ...n.user,
-      id: i.user.id,
-      email: i.user.email,
-      is_anonymous: i.user.is_anonymous ?? !1
+      id: a.user.id,
+      email: a.user.email,
+      is_anonymous: a.user.is_anonymous ?? !1
     }, u = { ...n, user: o };
-    return this.setSession(u), await this.clearAnonRefreshToken(), { kind: "updated", session: u };
+    return this.setSession(u, { event: "USER_UPDATED" }), await this.clearAnonRefreshToken(), { kind: "updated", session: u };
   }
   /**
    * OAuth signin через popup с PKCE. Жизненный цикл:
@@ -1370,14 +1483,14 @@ class dt {
       provider: t.provider,
       scopes: t.scopes,
       userMeta: t.userMeta
-    }), i = this.openPopup(e, `pw-oauth-${s}`);
-    if (!i)
+    }), a = this.openPopup(e, `pw-oauth-${s}`);
+    if (!a)
       throw this.oauthFlows.delete(s), new r(
         "popup_blocked",
         "browser blocked auth popup — call from a user gesture"
       );
     t.onPopupOpened?.();
-    const n = await ot(i, s);
+    const n = await rt(a, s);
     if (this.destroyed)
       throw this.oauthFlows.delete(s), new r("aborted", "AuthClient destroyed mid-flow");
     return this.completeOAuthFlow({ state: s, code: n });
@@ -1398,7 +1511,7 @@ class dt {
    */
   async startOAuthFlow(t) {
     await this.hydrated, this.gcOAuthFlows();
-    const e = Z(), s = await tt(e), i = et(), n = {}, o = await this.getAccessToken().catch(() => null);
+    const e = Z(), s = await tt(e), a = et(), n = {}, o = await this.getAccessToken().catch(() => null);
     o && (n.Authorization = `Bearer ${o}`);
     const { authorize_url: u } = await this.api.request(
       `/api/v1/paywall/${this.paywallId}/auth/oauth/init`,
@@ -1413,11 +1526,12 @@ class dt {
         })
       }
     );
-    return this.oauthFlows.set(i, {
+    return this.oauthFlows.set(a, {
       verifier: e,
       userMeta: t.userMeta,
+      provider: t.provider,
       startedAt: Date.now()
-    }), { authorize_url: u, state: i };
+    }), this.recordLastLoginMethod(t.provider), { authorize_url: u, state: a };
   }
   /**
    * Шаг 2 OAuth split-API: обменивает code (полученный из popup) на session,
@@ -1437,7 +1551,7 @@ class dt {
         "OAuth flow not found — start with startOAuthFlow first or check TTL"
       );
     this.oauthFlows.delete(t.state);
-    const s = await this.readVisitorId(), i = await this.api.request(
+    const s = await this.readVisitorId(), a = await this.api.request(
       `/api/v1/paywall/${this.paywallId}/auth/oauth/exchange`,
       {
         method: "POST",
@@ -1451,11 +1565,11 @@ class dt {
     );
     if (this.destroyed)
       throw new r("aborted", "AuthClient destroyed mid-flow");
-    const n = this.toSession(i, i.user);
-    return this.setSession(n), n;
+    const n = this.toSession(a, a.user);
+    return this.setSession(n, { event: "SIGNED_IN" }), n.user.email && this.recordLastLoginEmail(n.user.email), n;
   }
   gcOAuthFlows() {
-    const t = Date.now() - at;
+    const t = Date.now() - it;
     for (const [e, s] of this.oauthFlows)
       s.startedAt < t && this.oauthFlows.delete(e);
   }
@@ -1480,11 +1594,11 @@ class dt {
             method: "POST",
             body: JSON.stringify({ refresh_token: t })
           }
-        ), i = this.toSession(s, e);
-        return this.setSession(i), e.is_anonymous === !0 && await this.writeAnonRefreshToken(i.refresh_token), i;
+        ), a = this.toSession(s, e);
+        return this.setSession(a, { event: "TOKEN_REFRESHED" }), e.is_anonymous === !0 && await this.writeAnonRefreshToken(a.refresh_token), a;
       } catch (s) {
         if (s instanceof r && s.status === 401)
-          return e.is_anonymous === !0 && await this.clearAnonRefreshToken(), this.setSession(null), null;
+          return e.is_anonymous === !0 && await this.clearAnonRefreshToken(), this.setSession(null, { event: "SIGNED_OUT" }), null;
         throw s;
       } finally {
         this.inflightRefresh = null;
@@ -1517,7 +1631,7 @@ class dt {
         method: "POST",
         headers: { Authorization: `Bearer ${t}` }
       }
-    ), this.setSession(null);
+    ), this.setSession(null, { event: "SIGNED_OUT" });
   }
   /**
    * Signout: чистит локальную session СРАЗУ (UX — мгновенный logout без
@@ -1537,7 +1651,7 @@ class dt {
   async signOut(t = {}) {
     await this.hydrated;
     const e = this.session?.access_token, s = this.session?.user.is_anonymous === !0;
-    if (this.setSession(null), t.forgetAnonymous && await this.clearAnonRefreshToken(), !!e && !(s && !t.forgetAnonymous))
+    if (this.setSession(null, { event: "SIGNED_OUT" }), t.forgetAnonymous && await this.clearAnonRefreshToken(), !!e && !(s && !t.forgetAnonymous))
       try {
         await this.api.request(
           `/api/v1/paywall/${this.paywallId}/auth/signout`,
@@ -1551,22 +1665,35 @@ class dt {
   }
   /**
    * Подписка на изменения session: signin/signup/refresh/signOut/expired-401.
-   * Колбек вызывается с текущим snapshot через microtask (если session есть)
-   * + на каждое реальное изменение. Возвращает unsubscribe.
+   *
+   * Гарантированный контракт: ПЕРВЫЙ callback каждому subscriber'у — всегда
+   * `event = 'INITIAL_SESSION'`, дёргается асинхронно после resolve hydrate'а
+   * (даже если session=null — listener получает explicit «нет сессии», а не
+   * молчание). Все последующие callback'и — реальные переходы с конкретным
+   * event'ом (SIGNED_IN / SIGNED_OUT / TOKEN_REFRESHED / USER_UPDATED /
+   * PASSWORD_RECOVERY).
+   *
+   * Это позволяет listener'у безопасно делать «only on real signin» побочные
+   * эффекты (force refetch balances и т.п.) через `event === 'SIGNED_IN'`,
+   * не путая их с восстановлением из storage.
+   *
+   * Возвращает unsubscribe.
    */
   onAuthChange(t) {
-    if (this.listeners.add(t), this.session) {
+    return this.listeners.add(t), this.hydrated.then(() => {
+      if (this.destroyed || !this.listeners.has(t)) return;
       const e = this.session;
-      queueMicrotask(() => {
-        this.listeners.has(t) && t(e);
-      });
-    }
-    return () => {
+      try {
+        t("INITIAL_SESSION", e);
+      } catch (s) {
+        console.warn("[paywall] onAuthChange INITIAL_SESSION threw", s);
+      }
+    }), () => {
       this.listeners.delete(t);
     };
   }
   isFresh(t) {
-    return t.expires_at - Date.now() > it;
+    return t.expires_at - Date.now() > st;
   }
   toSession(t, e) {
     const s = t.expires_at != null ? t.expires_at * 1e3 : Date.now() + t.expires_in * 1e3;
@@ -1577,21 +1704,21 @@ class dt {
       user: e
     };
   }
-  setSession(t, e = {}) {
+  setSession(t, e) {
     if (this.destroyed) return;
     const s = this.session;
-    this.session = t, e.skipPersist || this.persist(), ht(s, t) || this.emit();
+    this.session = t, e.skipPersist || this.persist(), ht(s, t) || this.emit(e.event);
   }
-  emit() {
-    for (const t of this.listeners)
+  emit(t) {
+    for (const e of this.listeners)
       try {
-        t(this.session);
-      } catch (e) {
-        console.warn("[paywall] onAuthChange listener threw", e);
+        e(t, this.session);
+      } catch (s) {
+        console.warn("[paywall] onAuthChange listener threw", s);
       }
   }
   storageKey() {
-    return y.authSession(this.paywallId);
+    return l.authSession(this.paywallId);
   }
   async hydrate() {
     try {
@@ -1600,7 +1727,7 @@ class dt {
       const e = JSON.parse(t);
       if (!e || typeof e.access_token != "string" || typeof e.refresh_token != "string" || typeof e.expires_at != "number" || !e.user)
         return;
-      this.session = e, this.emit();
+      this.session = e;
     } catch {
     }
   }
@@ -1614,7 +1741,7 @@ class dt {
       const e = JSON.parse(t);
       if (!e || typeof e.access_token != "string" || typeof e.refresh_token != "string" || typeof e.expires_at != "number" || !e.user)
         return;
-      this.setSession(e, { skipPersist: !0 });
+      this.setSession(e, { skipPersist: !0, event: "SIGNED_IN" });
     } catch {
     }
   }
@@ -1645,7 +1772,7 @@ class dt {
   }
   async readAnonRefreshToken() {
     try {
-      const t = await this.storage.getItem(y.anonRefreshToken(this.paywallId));
+      const t = await this.storage.getItem(l.anonRefreshToken(this.paywallId));
       return typeof t == "string" && t.length > 0 ? t : null;
     } catch {
       return null;
@@ -1654,7 +1781,7 @@ class dt {
   async writeAnonRefreshToken(t) {
     try {
       await this.storage.setItem(
-        y.anonRefreshToken(this.paywallId),
+        l.anonRefreshToken(this.paywallId),
         t
       );
     } catch {
@@ -1663,11 +1790,41 @@ class dt {
   async clearAnonRefreshToken() {
     try {
       await this.storage.removeItem(
-        y.anonRefreshToken(this.paywallId)
+        l.anonRefreshToken(this.paywallId)
       );
     } catch {
     }
   }
+  /**
+   * Last-used auth method + email — для UI бейджа "Last used" и pre-fill'а
+   * email-инпута. Storage paywall-scoped, поэтому переключение между
+   * пейволами на одном host'е не пересекает данные. Чтение всегда возвращает
+   * объект — отсутствующие поля = null. */
+  async getLastLogin() {
+    try {
+      const [t, e] = await Promise.all([
+        this.storage.getItem(l.lastLoginMethod(this.paywallId)),
+        this.storage.getItem(l.lastLoginEmail(this.paywallId))
+      ]);
+      return !t || !ot(t) ? null : { method: t, email: typeof e == "string" && e ? e : null };
+    } catch {
+      return null;
+    }
+  }
+  /** Запись method и email атомарно (для email/password flows — оба известны
+   *  на момент signin/signup'а). OAuth-flows используют раздельные
+   *  recordLastLoginMethod (до popup) и recordLastLoginEmail (после exchange). */
+  recordLastLogin(t, e) {
+    this.recordLastLoginMethod(t), e && this.recordLastLoginEmail(e);
+  }
+  recordLastLoginMethod(t) {
+    this.storage.setItem(l.lastLoginMethod(this.paywallId), t).catch(() => {
+    });
+  }
+  recordLastLoginEmail(t) {
+    this.storage.setItem(l.lastLoginEmail(this.paywallId), t).catch(() => {
+    });
+  }
   /**
    * Читает stable visitor_id из storage если он там уже есть. НЕ генерит:
    * AuthClient может быть инстанцирован раньше BillingClient, а синтетический
@@ -1677,34 +1834,34 @@ class dt {
    */
   async readVisitorId() {
     try {
-      const t = await this.storage.getItem(y.visitorId);
+      const t = await this.storage.getItem(l.visitorId);
       return typeof t == "string" && t.length >= 16 ? t : void 0;
     } catch {
       return;
     }
   }
 }
-const nt = 5 * 6e4, rt = 500;
-function ot(a, t) {
+const at = 5 * 6e4, nt = 500;
+function rt(i, t) {
   return new Promise((e, s) => {
-    let i = !1;
+    let a = !1;
     const n = () => {
-      i = !0, window.removeEventListener("message", o), clearInterval(u), clearTimeout(l);
-    }, o = (d) => {
-      if (i) return;
-      const h = d.data;
+      a = !0, window.removeEventListener("message", o), clearInterval(u), clearTimeout(d);
+    }, o = (f) => {
+      if (a) return;
+      const h = f.data;
       if (!(!h || h.type !== "pw-oauth") && h.messageId === t) {
         if (h.status === "success" && h.code) {
           n();
           try {
-            a.close();
+            i.close();
           } catch {
           }
           e(h.code);
         } else if (h.status === "error") {
           n();
           try {
-            a.close();
+            i.close();
           } catch {
           }
           s(
@@ -1716,32 +1873,35 @@ function ot(a, t) {
         }
       }
     }, u = setInterval(() => {
-      if (i) return;
-      let d;
+      if (a) return;
+      let f;
       try {
-        d = a.closed;
+        f = i.closed;
       } catch {
         return;
       }
-      d && (n(), s(new r("oauth_cancelled", "auth popup was closed")));
-    }, rt), l = setTimeout(() => {
-      if (!i) {
+      f && (n(), s(new r("oauth_cancelled", "auth popup was closed")));
+    }, nt), d = setTimeout(() => {
+      if (!a) {
         n();
         try {
-          a.close();
+          i.close();
         } catch {
         }
         s(new r("oauth_timeout", "OAuth flow timed out"));
       }
-    }, nt);
+    }, at);
     window.addEventListener("message", o);
   });
 }
-function ht(a, t) {
-  return a === t ? !0 : !a || !t ? !1 : a.access_token === t.access_token && a.refresh_token === t.refresh_token && a.expires_at === t.expires_at && a.user.id === t.user.id && a.user.email === t.user.email;
+function ot(i) {
+  return i === "google" || i === "apple" || i === "github" || i === "facebook" || i === "email";
 }
-const ct = 1500, lt = 20, U = 200;
-class ft {
+function ht(i, t) {
+  return i === t ? !0 : !i || !t ? !1 : i.access_token === t.access_token && i.refresh_token === t.refresh_token && i.expires_at === t.expires_at && i.user.id === t.user.id && i.user.email === t.user.email;
+}
+const ct = 1500, lt = 20, k = 200;
+class gt {
   constructor(t) {
     this.buffer = [], this.flushTimer = null, this.destroyed = !1, this.unloadHandler = null, this.visibilityHandler = null, this.opts = t, this.isEnabled() && this.attachUnloadHandlers();
   }
@@ -1756,7 +1916,7 @@ class ft {
       this.flush();
       return;
     }
-    this.buffer.length > U && (this.buffer = this.buffer.slice(-U)), this.scheduleFlush();
+    this.buffer.length > k && (this.buffer = this.buffer.slice(-k)), this.scheduleFlush();
   }
   scheduleFlush() {
     if (this.flushTimer || this.destroyed) return;
@@ -1771,7 +1931,7 @@ class ft {
     const t = this.buffer;
     this.buffer = [];
     try {
-      const e = await this.opts.getVisitorId(), s = this.opts.getUserId?.() ?? null, i = JSON.stringify({ events: t }), n = this.opts.fetch ?? (typeof fetch < "u" ? fetch : void 0);
+      const e = await this.opts.getVisitorId(), s = this.opts.getUserId?.() ?? null, a = JSON.stringify({ events: t }), n = this.opts.fetch ?? (typeof fetch < "u" ? fetch : void 0);
       if (!n) return;
       await n(this.opts.endpoint, {
         method: "POST",
@@ -1779,7 +1939,7 @@ class ft {
         keepalive: !0,
         // если страница закроется в этот момент — браузер всё равно дотянет
         headers: this.buildHeaders(e, s),
-        body: i
+        body: a
       });
     } catch {
     }
@@ -1799,12 +1959,12 @@ class ft {
       this.buffer.unshift(...t), this.flush();
       return;
     }
-    const i = JSON.stringify({
+    const a = JSON.stringify({
       events: t,
       // body-level дубликаты для beacon-flow, читаются сервером как fallback.
       visitor_id: e,
       user_id: s,
-      sdk_version: g,
+      sdk_version: m,
       paywall_id: this.opts.paywallId,
       capabilities: this.opts.capabilities?.join(",") ?? ""
     }), n = this.opts.sendBeacon ?? (typeof navigator < "u" && typeof navigator.sendBeacon == "function" ? navigator.sendBeacon.bind(navigator) : null);
@@ -1813,7 +1973,7 @@ class ft {
       return;
     }
     try {
-      n(this.opts.endpoint, i) || (this.buffer.unshift(...t), this.flush());
+      n(this.opts.endpoint, a) || (this.buffer.unshift(...t), this.flush());
     } catch {
       this.buffer.unshift(...t), this.flush();
     }
@@ -1821,7 +1981,7 @@ class ft {
   buildHeaders(t, e) {
     const s = {
       "Content-Type": "application/json",
-      "X-SDK-Version": g,
+      "X-SDK-Version": m,
       "X-Paywall-Id": this.opts.paywallId,
       "X-Visitor-Id": t
     };
@@ -1839,18 +1999,64 @@ class ft {
     this.destroyed || (this.destroyed = !0, this.flushTimer && (clearTimeout(this.flushTimer), this.flushTimer = null), this.flush(), this.detachUnloadHandlers());
   }
 }
+function ut(i) {
+  return `pw-offer-${i}-start`;
+}
+function wt(i, t) {
+  if (!i || i.length === 0) return null;
+  const e = i.find(
+    (a) => a.price_id === t && (a.discount_percent ?? 0) > 0
+  );
+  return e || (i.find(
+    (a) => a.price_id == null && (a.discount_percent ?? 0) > 0
+  ) ?? null);
+}
+function mt(i, t = {}) {
+  const e = i.discount_percent ?? 0;
+  if (e <= 0) return null;
+  const s = t.now ?? Date.now(), a = dt(i, t.readStart), n = ft(i, a), o = a !== null ? Math.max(0, a - s) : null;
+  return a !== null && a <= s ? null : { offer: i, discountPercent: e, remainingMs: o, totalMs: n, expiresAt: a };
+}
+function dt(i, t) {
+  if (i.expires_at) {
+    const e = Date.parse(i.expires_at);
+    return Number.isFinite(e) ? e : null;
+  }
+  if (i.duration_minutes && i.duration_minutes > 0 && t) {
+    const e = t(i.id);
+    if (!e) return null;
+    const s = Date.parse(e);
+    return Number.isFinite(s) ? s + i.duration_minutes * 6e4 : null;
+  }
+  return null;
+}
+function ft(i, t) {
+  return i.duration_minutes && i.duration_minutes > 0 ? i.duration_minutes * 6e4 : t !== null ? t - Date.now() : null;
+}
+function It(i) {
+  if (typeof window > "u") return null;
+  try {
+    return window.localStorage.getItem(ut(i));
+  } catch {
+    return null;
+  }
+}
 export {
-  k as ApiClient,
-  K as ApiGatewayClient,
-  dt as AuthClient,
-  ut as BillingClient,
-  ft as EventTracker,
+  E as ApiClient,
+  D as ApiGatewayClient,
+  pt as AuthClient,
+  yt as BillingClient,
+  gt as EventTracker,
   r as PaywallError,
   R as QuotaExceededError,
-  g as SDK_VERSION,
-  y as STORAGE_KEYS,
-  O as createStorage,
-  I as ensureVisitorId,
-  C as generateVisitorId
+  m as SDK_VERSION,
+  l as STORAGE_KEYS,
+  L as createStorage,
+  b as ensureVisitorId,
+  wt as findApplicableOffer,
+  C as generateVisitorId,
+  ut as offerStartStorageKey,
+  It as readBrowserOfferStart,
+  mt as resolveOffer
 };
 //# sourceMappingURL=core.js.map