@needle-tools/engine 5.1.0-alpha.4 → 5.1.0-alpha.6

package/src/engine/engine_license.ts

@@ -7,19 +7,33 @@ import { SSR } from "./engine_ssr.js";
 import type { IContext } from "./engine_types.js";
 import { getParam } from "./engine_utils.js";
 
-const debug = getParam("debuglicense");
+const debug = getParam("__debuglic__");
 
-const _licenseCheckResultChangedCallbacks: ((result: boolean) => void)[] = [];
+const qKUrR: ((result: boolean) => void)[] = [];
 
-// This is modified by a bundler (e.g. vite)
-// Do not edit manually
-let NEEDLE_ENGINE_LICENSE_TYPE: string = "basic";
-if (debug)
-    console.log("License Type: " + NEEDLE_ENGINE_LICENSE_TYPE)
+// DO NOT EDIT MANUALLY
+let EzdGPQg: string = "";
+// eslint-disable-next-line prefer-const
+let _$InwX: string = "";
+
+if (debug) {
+    console.log("License Type: " + EzdGPQg);
+    if (_$InwX) {
+        console.log("License JWT: " + _$InwX);
+        try {
+            const payload = JSON.parse(atob(_$InwX.split(".")[1].replace(/-/g, '+').replace(/_/g, '/')));
+            console.log("License JWT payload:", payload);
+        }
+        catch { console.log("License JWT payload: (failed to decode)"); }
+    }
+    else {
+        console.log("License JWT: (none)");
+    }
+}
 
 /** @internal */
-export function hasProLicense() {
-    switch (NEEDLE_ENGINE_LICENSE_TYPE) {
+export function _cxKhKwDL() {
+    switch (EzdGPQg) {
         case "pro":
         case "enterprise":
             return true;
@@ -28,8 +42,8 @@ export function hasProLicense() {
 }
 
 /** @internal */
-export function hasIndieLicense() {
-    switch (NEEDLE_ENGINE_LICENSE_TYPE) {
+export function __otwqOR() {
+    switch (EzdGPQg) {
         case "indie":
             return true;
     }
@@ -37,8 +51,8 @@ export function hasIndieLicense() {
 }
 
 /** @internal */
-export function hasEduLicense() {
-    switch (NEEDLE_ENGINE_LICENSE_TYPE) {
+export function __mPmwPS() {
+    switch (EzdGPQg) {
         case "edu":
             return true;
     }
@@ -46,20 +60,20 @@ export function hasEduLicense() {
 }
 
 /** @internal */
-export function hasCommercialLicense() {
-    return hasProLicense() || hasIndieLicense() || hasEduLicense();
+export function LynjGsV() {
+    return _cxKhKwDL() || __otwqOR() || __mPmwPS();
 }
 
 
 /** @internal */
-export function onLicenseCheckResultChanged(cb: (result: boolean) => void) {
-    if (hasProLicense() || hasIndieLicense() || hasEduLicense())
+export function $yRlAEF(cb: (result: boolean) => void) {
+    if (_cxKhKwDL() || __otwqOR() || __mPmwPS())
         return cb(true);
-    _licenseCheckResultChangedCallbacks.push(cb);
+    qKUrR.push(cb);
 }
 
-function invokeLicenseCheckResultChanged(result: boolean) {
-    for (const cb of _licenseCheckResultChangedCallbacks) {
+function cLH(result: boolean) {
+    for (const cb of qKUrR) {
         try {
             cb(result);
         }
@@ -70,6 +84,128 @@ function invokeLicenseCheckResultChanged(result: boolean) {
 }
 
 
+// #region JWT
+
+// ECDSA P-256 public key for verifying license JWTs (verification-only, safe to ship)
+/* eslint-disable no-secrets/no-secrets -- public key, not a secret */
+const ACBIZP = {
+    kty: "EC",
+    crv: "P-256",
+    x: "A34nyKMjhQYVgzeE4tyLUYdx34TAKogDa7v7PRaO9Lg",
+    y: "JZI9IQavGCpGjEG_-pa0J-MHQYWJYINUM-MnvSu0TmE",
+} as const;
+/* eslint-enable no-secrets/no-secrets */
+
+/** Base64url decode (RFC 7515) */
+function base64urlDecode(str: string): Uint8Array {
+    const base64 = str.replace(/-/g, '+').replace(/_/g, '/');
+    const padded = base64 + '='.repeat((4 - base64.length % 4) % 4);
+    const binary = atob(padded);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}
+
+/**
+ * Verify a JWT license token and return the `type` claim if valid.
+ * Returns null if the JWT is missing, malformed, or has an invalid signature.
+ */
+async function IKPk(jwt: string): Promise<string | null> {
+    if (!jwt) return null;
+    try {
+        const parts = jwt.split(".");
+        if (parts.length !== 3) return null;
+
+        const [headerB64, payloadB64, signatureB64] = parts;
+
+        const key = await crypto.subtle.importKey(
+            "jwk",
+            ACBIZP,
+            { name: "ECDSA", namedCurve: "P-256" },
+            false,
+            ["verify"]
+        );
+
+        const signingInput = new TextEncoder().encode(`${headerB64}.${payloadB64}`);
+        const signature = base64urlDecode(signatureB64);
+
+        const valid = await crypto.subtle.verify(
+            { name: "ECDSA", hash: "SHA-256" },
+            key,
+            signature.buffer as ArrayBuffer,
+            signingInput
+        );
+
+        if (!valid) {
+            if (debug) console.warn("JWT: signature verification failed");
+            return null;
+        }
+
+        const payloadStr = new TextDecoder().decode(base64urlDecode(payloadB64));
+        const payload = JSON.parse(payloadStr);
+
+        if (typeof payload.type !== "string" || payload.type.length === 0) {
+            if (debug) console.warn("JWT: missing or invalid 'type' claim");
+            return null;
+        }
+
+        // Optional: check expiration if present (future-proof — server doesn't set this yet)
+        if (typeof payload.exp === "number") {
+            const nowSeconds = Math.floor(Date.now() / 1000);
+            if (nowSeconds > payload.exp) {
+                if (debug) console.warn("JWT: token has expired (exp=" + payload.exp + ", now=" + nowSeconds + ")");
+                return null;
+            }
+        }
+
+        // Optional: check audience/domain if present (future-proof — server doesn't set this yet)
+        if (payload.aud) {
+            const currentHost = typeof window !== "undefined" ? window.location.hostname : undefined;
+            if (currentHost) {
+                const allowed = Array.isArray(payload.aud) ? payload.aud : [payload.aud];
+                if (!allowed.some((a: string) => currentHost === a || currentHost.endsWith("." + a))) {
+                    if (debug) console.warn("JWT: domain '" + currentHost + "' not in allowed audience: " + allowed.join(", "));
+                    return null;
+                }
+            }
+        }
+
+        if (debug) console.log("JWT: verified license type: " + payload.type);
+        return payload.type;
+    }
+    catch (err) {
+        if (debug) console.error("JWT: verification error", err);
+        return null;
+    }
+}
+
+/** Verify the injected JWT and update the license type if valid.
+ * The engine ONLY trusts the JWT — the plain EzdGPQg string is ignored. */
+let _jwtVerificationPromise: Promise<void> | undefined = undefined;
+async function _EyK(): Promise<void> {
+    // NOTE: do NOT add an `if (!_$InwX) return` guard here.
+    // esbuild (Vite dependency pre-bundling) would see the variable as constant ""
+    // and tree-shake the entire JWT verification code path.
+    const jwt = _$InwX;
+    // Clear after reading — this reassignment also prevents esbuild from
+    // constant-folding the variable (it now has multiple assignment sites).
+    _$InwX = "";
+    const verifiedType = await IKPk(jwt);
+    if (verifiedType) {
+        EzdGPQg = verifiedType;
+        if (debug) console.log("License type set from verified JWT: " + verifiedType);
+        cLH(LynjGsV());
+    }
+    else {
+        EzdGPQg = "basic";
+        if (debug && jwt) console.warn("JWT verification failed — license reset to basic");
+    }
+}
+
+// #endregion JWT License Verification
+
 
 // #region Telemetry
 export namespace Telemetry {
@@ -135,7 +271,7 @@ export namespace Telemetry {
 
         const attribute = domElement?.getAttribute("no-telemetry");
         if (attribute === "" || attribute === "true" || attribute === "1") {
-            if (NEEDLE_ENGINE_LICENSE_TYPE === "pro" || NEEDLE_ENGINE_LICENSE_TYPE === "enterprise") {
+            if (EzdGPQg === "pro" || EzdGPQg === "enterprise") {
                 if (debug) console.debug("Telemetry is disabled via no-telemetry attribute");
                 return false;
             }
@@ -242,22 +378,32 @@ export namespace Telemetry {
 }
 
 
-export function initLicense() {
+export function _$AnFl() {
+
+    if(EzdGPQg === "") EzdGPQg = "basic";
+
+    // Start JWT verification — must be here (not top-level) to avoid tree-shaking
+    _jwtVerificationPromise = _EyK();
+
     Telemetry.init();
     ContextRegistry.registerCallback(ContextEvent.ContextRegistered, evt => {
-        showLicenseInfo(evt.context);
-        handleForbidden(evt.context);
-        setTimeout(() => sendUsageMessageToAnalyticsBackend(evt.context), 2000);
+        $vyRL(evt.context);
+        uZY(evt.context);
+        setTimeout(() => cEROvL(evt.context), 2000);
     });
 }
 
-export let runtimeLicenseCheckPromise: Promise<void> | undefined = undefined;
+export let _$oYJ: Promise<void> | undefined = undefined;
 let applicationIsForbidden = false;
 let applicationForbiddenText = "";
-async function checkLicense() {
+async function __lVbhf() {
     // Only perform the runtime license check once
-    if (runtimeLicenseCheckPromise) return runtimeLicenseCheckPromise;
-    if (NEEDLE_ENGINE_LICENSE_TYPE === "basic") {
+    if (_$oYJ) return _$oYJ;
+    // Wait for JWT verification to complete first (if running)
+    if (_jwtVerificationPromise) {
+        await _jwtVerificationPromise;
+    }
+    if (EzdGPQg === "basic") {
         try {
             const licenseUrl = "https://needle.tools/api/v1/needle-engine/check?location=" + encodeURIComponent(window.location.href) + "&version=" + VERSION + "&generator=" + encodeURIComponent(GENERATOR);
             const res = await fetch(licenseUrl, {
@@ -269,29 +415,29 @@ async function checkLicense() {
             if (res?.status === 200) {
                 applicationIsForbidden = false;
                 if (debug) console.log("License check succeeded");
-                NEEDLE_ENGINE_LICENSE_TYPE = "pro";
-                invokeLicenseCheckResultChanged(true);
+                EzdGPQg = "pro";
+                cLH(true);
             }
             else if (res?.status === 403) {
-                invokeLicenseCheckResultChanged(false);
+                cLH(false);
                 applicationIsForbidden = true;
                 applicationForbiddenText = await res.text();
             }
             else {
-                invokeLicenseCheckResultChanged(false);
+                cLH(false);
                 if (debug) console.log("License check failed with status " + res?.status);
             }
         }
         catch (err) {
-            invokeLicenseCheckResultChanged(false);
+            cLH(false);
             if (debug) console.error("License check failed", err);
         }
     }
-    else if (debug) console.log("Runtime license check is skipped because license is already applied as \"" + NEEDLE_ENGINE_LICENSE_TYPE + "\"");
+    else if (debug) console.log("Runtime license check is skipped because license is already applied as \"" + EzdGPQg + "\"");
 }
-runtimeLicenseCheckPromise = checkLicense();
+_$oYJ = __lVbhf();
 
-async function handleForbidden(ctx: IContext) {
+async function uZY(ctx: IContext) {
     function createForbiddenElement() {
         const div = document.createElement("div");
         div.className = "needle-forbidden";
@@ -356,40 +502,40 @@ async function handleForbidden(ctx: IContext) {
     }, 500)
 }
 
-async function showLicenseInfo(ctx: IContext) {
+async function $vyRL(ctx: IContext) {
     try {
-        if (!hasProLicense() && !hasIndieLicense()) {
-            return onNonCommercialVersionDetected(ctx);
+        if (!_cxKhKwDL() && !__otwqOR()) {
+            return LGWV(ctx);
         }
     }
     catch (err) {
         if (debug) console.log("License check failed", err)
-        return onNonCommercialVersionDetected(ctx)
+        return LGWV(ctx)
     }
-    if (debug) onNonCommercialVersionDetected(ctx)
+    if (debug) LGWV(ctx)
 }
 
 
 
-async function onNonCommercialVersionDetected(ctx: IContext) {
+async function LGWV(ctx: IContext) {
 
     // if the engine loads faster than the license check, we need to capture the ready event here
     let isReady = false;
     ctx.domElement.addEventListener("ready", () => isReady = true);
 
-    await runtimeLicenseCheckPromise?.catch(() => { });
+    await _$oYJ?.catch(() => { });
 
 
-    if (hasProLicense() || hasIndieLicense()) return;
-    if (hasCommercialLicense() === false) logNonCommercialUse();
+    if (_cxKhKwDL() || __otwqOR()) return;
+    if (LynjGsV() === false) _kYgJQd();
 
     // check if the engine is already ready (meaning has finished loading)
     if (isReady) {
-        insertNonCommercialUseHint(ctx);
+        _$XDPaPw(ctx);
     }
     else {
         ctx.domElement.addEventListener("ready", () => {
-            insertNonCommercialUseHint(ctx);
+            _$XDPaPw(ctx);
         });
     }
 }
@@ -397,7 +543,7 @@ async function onNonCommercialVersionDetected(ctx: IContext) {
 // const licenseElementIdentifier = "needle-license-element";
 // const licenseDuration = 10000;
 // const licenseDelay = 1200;
-function insertNonCommercialUseHint(ctx: IContext) {
+function _$XDPaPw(ctx: IContext) {
 
     const style = `
         position: relative;
@@ -410,7 +556,7 @@ function insertNonCommercialUseHint(ctx: IContext) {
         padding: 10px;
         padding-left: 30px;
     `;
-    if (NEEDLE_ENGINE_LICENSE_TYPE === "edu") {
+    if (EzdGPQg === "edu") {
         if (navigator.webdriver) {
             console.log("This project is supported by Needle for Education – https://needle.tools");
         }
@@ -467,7 +613,7 @@ function insertNonCommercialUseHint(ctx: IContext) {
         }
     }, 1000);
 
-    if (hasEduLicense()) {
+    if (__mPmwPS()) {
         const removeDelay = 20_000;
         setTimeout(() => {
             clearInterval(interval);
@@ -476,7 +622,7 @@ function insertNonCommercialUseHint(ctx: IContext) {
             const intervalInMinutes = 5;
             setTimeout(() => {
                 if (ctx.domElement.parentNode)
-                    insertNonCommercialUseHint(ctx);
+                    _$XDPaPw(ctx);
             }, 1000 * 60 * intervalInMinutes)
         }, removeDelay);
     }
@@ -487,7 +633,7 @@ function insertNonCommercialUseHint(ctx: IContext) {
 const base64Logo = "data:image/webp;base64,UklGRrABAABXRUJQVlA4WAoAAAAQAAAAHwAAHwAAQUxQSKEAAAARN6CmbSM4WR7vdARON11EBDq3fLiNbVtVzpMCPlKAEzsx0Y/x+Ovuv4dn0EFE/ydAvz6YggXzgh5sVgXM/zOC/4sii7qgGvB5N7hmuQYwkvazWAu1JPW41FXSHq6pnaQWvqYH18Fc0j1hO/BFTtIeSBlJi5w6qIIO7IOrwhFsB2Yxukif0FTRLpXswHR8MxbslKe9VZsn/Ub5C7YFOpqSTABWUDgg6AAAAFAGAJ0BKiAAIAA+7VyoTqmkpCI3+qgBMB2JbACdMt69DwMIQBLhkTO6XwY00UEDK6cNIDnuNibPf0EgAP7Y1myuiQHLDsF/0h5unrGh6WAbv7aegg2ZMd3uRKfT/3SJztcaujYfTvMXspfCTmYcoO6a+vhC3ss4M8uM58t4siiu59I4aOl59e9Sr6xoxYlHf2v+NnBNpJYeJf8jABQAId/PXuBkLEFkiCucgSGEcfhvajql/j3reCGl0M5/9gQWy7ayNPs+wlvIxFnNfSlfuND4CZOCyxOHhRqOmHN4ULHo3tCSrUNvgAA=";
 
 let lastLogTime = 0;
-async function logNonCommercialUse(_logo?: string) {
+async function _kYgJQd(_logo?: string) {
     const now = Date.now();
     if (now - lastLogTime < 2000) return;
     lastLogTime = now;
@@ -520,7 +666,7 @@ async function logNonCommercialUse(_logo?: string) {
 }
 
 
-async function sendUsageMessageToAnalyticsBackend(context: IContext) {
+async function cEROvL(context: IContext) {
     // We can't send beacons from cross-origin isolated pages
     if (window.crossOriginIsolated) return;
 
@@ -535,7 +681,7 @@ async function sendUsageMessageToAnalyticsBackend(context: IContext) {
 
             // current url without query parameters
             const currentUrl = window.location.href.split("?")[0];
-            const license = NEEDLE_ENGINE_LICENSE_TYPE;
+            const license = EzdGPQg;
 
             const beaconData = {
                 license,

package/src/engine/engine_networking_blob.ts

@@ -1,7 +1,7 @@
 import { FileLoader } from "three";
 
 import { showBalloonWarning } from "./debug/index.js";
-import { hasCommercialLicense } from "./engine_license.js";
+import { LynjGsV } from "./engine_license.js";
 import { delay } from "./engine_utils.js";
 import { md5AsBytes, md5Hex, sha256Base64 } from "./engine_utils_hash.js";
 
@@ -45,7 +45,7 @@ export namespace BlobStorage {
      */
     export function canUpload(info: { filesize: number }) {
         const sizeInMB = info.filesize / 1024 / 1024;
-        if (hasCommercialLicense()) {
+        if (LynjGsV()) {
             return sizeInMB < maxSizeInMB;
         }
         return sizeInMB < maxFreeSizeInMB;
@@ -100,7 +100,7 @@ export namespace BlobStorage {
             console.warn(`Your file is too large for uploading (${filesizeInMB.toFixed(1)}MB). Max allowed size is ${maxSizeInMB}MB`);
             return null;
         }
-        else if (!hasCommercialLicense() && filesizeInMB > maxFreeSizeInMB) {
+        else if (!LynjGsV() && filesizeInMB > maxFreeSizeInMB) {
             if (opts?.silent !== true) showBalloonWarning(`File is too large for uploading. Please get a <a href=\"https://needle.tools/pricing\" target=\"_blank\">commercial license</a> to upload files larger than 5MB`);
             console.warn(`Your file is too large for uploading (${filesizeInMB.toFixed(1)}MB). Max size is 5MB for non-commercial users. Please get a commercial license at https://needle.tools/pricing for larger files (up to 50MB)`);
             return null;

package/src/engine/engine_physics_rapier.ts

@@ -402,11 +402,16 @@ export class RapierPhysics implements IPhysicsEngine {
         filterGroups?: number,
         /** Return false to ignore this collider */
         filterPredicate?: (c: ICollider) => boolean,
-        /** When enabled the hit object's layer will be tested. If layer 2 is enabled the object will be ignored (Layer 2 == IgnoreRaycast) 
+        /** When enabled the hit object's layer will be tested. If layer 2 is enabled the object will be ignored (Layer 2 == IgnoreRaycast)
          * If not set the raycast will ignore objects in the IgnoreRaycast layer (default: true)
-         * @default undefined 
+         * @default undefined
         */
-        useIgnoreRaycastLayer?: boolean
+        useIgnoreRaycastLayer?: boolean,
+        /** When true, trigger/sensor colliders will be included in the raycast results.
+         * By default trigger colliders are skipped.
+         * @default false
+         */
+        includeTriggers?: boolean,
     })
         : null | { point: Vector3, collider: ICollider } {
 
@@ -428,6 +433,8 @@ export class RapierPhysics implements IPhysicsEngine {
 
         const hit = this.world?.castRay(ray, maxDistance, solid, options?.queryFilterFlags, options?.filterGroups, undefined, undefined, (c) => {
             const component = c[$componentKey];
+            // Skip trigger/sensor colliders unless explicitly included
+            if (options?.includeTriggers !== true && component?.isTrigger) return false;
             if (options?.filterPredicate) return options.filterPredicate(component);
             if (options?.useIgnoreRaycastLayer !== false) {
                 // ignore objects in the IgnoreRaycast=2 layer
@@ -453,11 +460,16 @@ export class RapierPhysics implements IPhysicsEngine {
         filterGroups?: number,
         /** Return false to ignore this collider */
         filterPredicate?: (c: ICollider) => boolean,
-        /** When enabled the hit object's layer will be tested. If layer 2 is enabled the object will be ignored (Layer 2 == IgnoreRaycast) 
+        /** When enabled the hit object's layer will be tested. If layer 2 is enabled the object will be ignored (Layer 2 == IgnoreRaycast)
          * If not set the raycast will ignore objects in the IgnoreRaycast layer (default: true)
-         * @default undefined 
+         * @default undefined
         */
-        useIgnoreRaycastLayer?: boolean
+        useIgnoreRaycastLayer?: boolean,
+        /** When true, trigger/sensor colliders will be included in the raycast results.
+         * By default trigger colliders are skipped.
+         * @default false
+         */
+        includeTriggers?: boolean,
     })
         : null | { point: Vector3, normal: Vector3, collider: ICollider } {
 
@@ -478,6 +490,8 @@ export class RapierPhysics implements IPhysicsEngine {
 
         const hit = this.world?.castRayAndGetNormal(ray, maxDistance, solid, options?.queryFilterFlags, options?.filterGroups, undefined, undefined, (c) => {
             const component = c[$componentKey];
+            // Skip trigger/sensor colliders unless explicitly included
+            if (options?.includeTriggers !== true && component?.isTrigger) return false;
             if (options?.filterPredicate) return options.filterPredicate(component);
             if (options?.useIgnoreRaycastLayer !== false) {
                 // ignore objects in the IgnoreRaycast=2 layer

package/src/engine/engine_types.ts

@@ -521,20 +521,25 @@ export interface IPhysicsEngine {
         /** True if you want to also hit objects when the raycast starts from inside a collider */
         solid?: boolean,
         queryFilterFlags?: QueryFilterFlags,
-        /** 
-         * Raycast filter groups. Groups are used to apply the collision group rules for the scene query. 
-         * The scene query will only consider hits with colliders with collision groups compatible with 
+        /**
+         * Raycast filter groups. Groups are used to apply the collision group rules for the scene query.
+         * The scene query will only consider hits with colliders with collision groups compatible with
          * this collision group (using the bitwise test described in the collision groups section).
-         * For example membership 0x0001 and filter 0x0002 should be 0x00010002 
+         * For example membership 0x0001 and filter 0x0002 should be 0x00010002
          * @see https://rapier.rs/docs/user_guides/javascript/colliders#collision-groups-and-solver-groups
          */
         filterGroups?: number,
-        /** 
+        /**
          * Predicate to filter colliders in raycast results
          * @param collider The collider being tested
          * @returns False to ignore this collider, true to include it
          */
-        filterPredicate?: (collider: ICollider) => boolean
+        filterPredicate?: (collider: ICollider) => boolean,
+        /** When true, trigger/sensor colliders will be included in the raycast results.
+         * By default trigger colliders are skipped.
+         * @default false
+         */
+        includeTriggers?: boolean,
     }): RaycastResult;
 
     /**
@@ -549,20 +554,25 @@ export interface IPhysicsEngine {
         /** True if you want to also hit objects when the raycast starts from inside a collider */
         solid?: boolean,
         queryFilterFlags?: QueryFilterFlags,
-        /** 
-         * Raycast filter groups. Groups are used to apply the collision group rules for the scene query. 
-         * The scene query will only consider hits with colliders with collision groups compatible with 
+        /**
+         * Raycast filter groups. Groups are used to apply the collision group rules for the scene query.
+         * The scene query will only consider hits with colliders with collision groups compatible with
          * this collision group (using the bitwise test described in the collision groups section).
-         * For example membership 0x0001 and filter 0x0002 should be 0x00010002 
+         * For example membership 0x0001 and filter 0x0002 should be 0x00010002
          * @see https://rapier.rs/docs/user_guides/javascript/colliders#collision-groups-and-solver-groups
          */
         filterGroups?: number,
-        /** 
+        /**
          * Predicate to filter colliders in raycast results
          * @param collider The collider being tested
          * @returns False to ignore this collider, true to include it
          */
-        filterPredicate?: (collider: ICollider) => boolean
+        filterPredicate?: (collider: ICollider) => boolean,
+        /** When true, trigger/sensor colliders will be included in the raycast results.
+         * By default trigger colliders are skipped.
+         * @default false
+         */
+        includeTriggers?: boolean,
     }): RaycastResult;
 
     /**

package/src/engine/engine_utils_qrcode.ts

@@ -4,7 +4,7 @@ import { Quaternion, Vector2, Vector3, Vector4 } from "three";
 
 import { needleLogoOnlySVG } from "./assets/index.js";
 import { isDevEnvironment } from "./debug/debug.js";
-import { hasCommercialLicense } from "./engine_license.js";
+import { LynjGsV } from "./engine_license.js";
 import { InternalAttributeUtils } from "./engine_utils_attributes.js";
 import type { NeedleEngineWebComponent } from "./webcomponents/needle-engine.js";
 
@@ -135,7 +135,7 @@ async function internalRenderQRCodeOverlays(canvas: HTMLCanvasElement, args: { s
         console.debug("[QR Code] No web component found")
     }
 
-    const canUseCustomLogo = hasCommercialLicense();
+    const canUseCustomLogo = LynjGsV();
 
     // Query logo src from needle-engine attribute.
     // For any supported attribute it's possible to use "falsey" values (e.g. "0" or "false" to disable the logo in the QR code)

package/src/engine/webcomponents/needle menu/needle-menu-spatial.ts

@@ -2,7 +2,7 @@ import { Mesh, Object3D, TextureLoader, Vector4 } from "three";
 import ThreeMeshUI from "three-mesh-ui";
 
 import { addNewComponent } from "../../engine_components.js";
-import { hasProLicense } from "../../engine_license.js";
+import { _cxKhKwDL } from "../../engine_license.js";
 import { OneEuroFilterXYZ } from "../../engine_math.js";
 import type { Context } from "../../engine_setup.js";
 import { lookAtObject } from "../../engine_three_utils.js";
@@ -321,7 +321,7 @@ export class NeedleSpatialMenu {
         }
         if (this.menu) {
             const index = this.menu.children.indexOf(this._poweredByNeedleElement as any);
-            if (!this._showNeedleLogo && hasProLicense()) {
+            if (!this._showNeedleLogo && _cxKhKwDL()) {
                 if (index >= 0) {
                     this._poweredByNeedleElement.removeFromParent();
                     this.markDirty();

package/src/engine/webcomponents/needle menu/needle-menu.ts

@@ -1,6 +1,6 @@
 import { showBalloonMessage } from "../../debug/debug.js";
 import type { Context } from "../../engine_context.js";
-import { hasCommercialLicense, onLicenseCheckResultChanged, Telemetry } from "../../engine_license.js";
+import { LynjGsV, $yRlAEF, Telemetry } from "../../engine_license.js";
 import { isLocalNetwork } from "../../engine_networking_utils.js";
 import { HTMLElementBase } from "../../engine_ssr.js";
 import { DeviceUtilities, getParam } from "../../engine_utils.js";
@@ -778,8 +778,8 @@ export class NeedleMenuElement extends HTMLElementBase {
         try {
             // if the user has a license then we CAN hide the needle logo
             // calling this method immediately will cause an issue with vite bundling tho
-            window.requestAnimationFrame(() => onLicenseCheckResultChanged(res => {
-                if (res == true && hasCommercialLicense() && !debugNonCommercial) {
+            window.requestAnimationFrame(() => $yRlAEF(res => {
+                if (res == true && LynjGsV() && !debugNonCommercial) {
                     let visible = this._userRequestedLogoVisible;
                     if (visible === undefined) visible = false;
                     this.___onSetLogoVisible(visible);
@@ -830,7 +830,7 @@ export class NeedleMenuElement extends HTMLElementBase {
                 // ensure the menu is not hidden or removed
                 const requiredParent = this?.parentNode;
                 if (this.style.display != "flex" || this.style.visibility != "visible" || this.style.opacity != "1" || requiredParent != this._domElement?.shadowRoot) {
-                    if (!hasCommercialLicense()) {
+                    if (!LynjGsV()) {
                         const change = changeEventCounter++;
                         // if a user doesn't have a local pro license *but* for development the menu is hidden then we show a warning
                         if (isLocalNetwork() && this._userRequestedMenuVisible === false) {
@@ -918,7 +918,7 @@ export class NeedleMenuElement extends HTMLElementBase {
     showNeedleLogo(visible: boolean) {
         this._userRequestedLogoVisible = visible;
         if (!visible) {
-            if (!hasCommercialLicense() || debugNonCommercial) {
+            if (!LynjGsV() || debugNonCommercial) {
                 console.warn("[Needle Engine] You need a PRO license to hide the Needle Engine logo in production.");
                 const localNetwork = isLocalNetwork()
                 if (!localNetwork) return;