@omen.dog/sdk 1.0.0 → 1.1.0

package/dist/child-login.js

@@ -0,0 +1,335 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/child-login.ts
+var child_login_exports = {};
+__export(child_login_exports, {
+  ASK_GROWN_UP_STATES: () => ASK_GROWN_UP_STATES,
+  CHILD_LOGIN_STATES: () => CHILD_LOGIN_STATES,
+  ChildLogin: () => ChildLogin,
+  ENTRY_STATES: () => ENTRY_STATES,
+  deriveInitialState: () => deriveInitialState,
+  displayGroup: () => displayGroup,
+  reduce: () => reduce
+});
+module.exports = __toCommonJS(child_login_exports);
+
+// src/childLogin/rfc8628.js
+function mapPollResponse(httpStatus, body) {
+  body = body || {};
+  if (httpStatus >= 200 && httpStatus < 300 && body.access_token) {
+    return {
+      status: "approved",
+      tokens: {
+        access_token: body.access_token,
+        refresh_token: body.refresh_token,
+        token_type: body.token_type || "Bearer",
+        expires_in: typeof body.expires_in === "number" ? body.expires_in : void 0,
+        scope: body.scope
+      },
+      rebind: body.rebind || null,
+      deviceToken: body.device_token || null
+    };
+  }
+  switch (body.error) {
+    case "authorization_pending":
+      return { status: "pending" };
+    case "slow_down":
+      return { status: "slow_down" };
+    case "access_denied":
+      return { status: "denied" };
+    case "expired_token":
+      return { status: "expired" };
+    default:
+      return { status: "error", error: body.error || `http_${httpStatus}` };
+  }
+}
+var SLOW_DOWN_INCREMENT_SECONDS = 5;
+var MIN_POLL_INTERVAL_SECONDS = 1;
+function nextInterval(currentInterval, status) {
+  const base = Number.isFinite(currentInterval) && currentInterval >= MIN_POLL_INTERVAL_SECONDS ? currentInterval : MIN_POLL_INTERVAL_SECONDS;
+  if (status === "slow_down") return base + SLOW_DOWN_INCREMENT_SECONDS;
+  return base;
+}
+function isTerminalStatus(status) {
+  return status === "approved" || status === "denied" || status === "expired" || status === "error";
+}
+
+// src/childLogin/session.js
+var DEFAULT_ACCESS_TTL_SECONDS = 86400;
+var DEFAULT_SKEW_MS = 3e4;
+function seal(tokens, opts) {
+  if (!tokens || !tokens.access_token) {
+    throw new Error("seal(): tokens.access_token is required");
+  }
+  const now = opts && typeof opts.now === "number" ? opts.now : Date.now();
+  const ttlSeconds = typeof tokens.expires_in === "number" ? tokens.expires_in : DEFAULT_ACCESS_TTL_SECONDS;
+  const record = {
+    accessToken: tokens.access_token,
+    refreshToken: tokens.refresh_token || null,
+    scope: tokens.scope || "child",
+    accessExpiresAt: now + ttlSeconds * 1e3
+  };
+  const deviceToken = opts && opts.deviceToken || tokens.device_token || null;
+  if (deviceToken) record.deviceToken = deviceToken;
+  return record;
+}
+function accessExpired(record, opts) {
+  if (!record || typeof record.accessExpiresAt !== "number") return true;
+  const now = opts && typeof opts.now === "number" ? opts.now : Date.now();
+  const skew = opts && typeof opts.skewMs === "number" ? opts.skewMs : DEFAULT_SKEW_MS;
+  return now >= record.accessExpiresAt - skew;
+}
+
+// src/childLogin/webhook.js
+var import_node_crypto = require("crypto");
+function verifyWebhook(payload, signature, secret) {
+  if (typeof payload !== "string" || !signature || !secret) return false;
+  const expected = (0, import_node_crypto.createHmac)("sha256", secret).update(payload).digest("hex");
+  const a = Buffer.from(expected, "utf8");
+  const b = Buffer.from(String(signature), "utf8");
+  if (a.length !== b.length) return false;
+  return (0, import_node_crypto.timingSafeEqual)(a, b);
+}
+function parseChildLoginApproved(payload, signature, secret) {
+  if (!verifyWebhook(payload, signature, secret)) return null;
+  try {
+    return JSON.parse(payload);
+  } catch {
+    return null;
+  }
+}
+
+// src/childLogin/stateMachine.js
+var CHILD_LOGIN_STATES = [
+  "trusted",
+  // this device is pre-authorised → one tap
+  "known",
+  // we know who she is (cached identity) → "ask a grown-up"
+  "cold",
+  // no hint → type a username
+  "pending",
+  // a grown-up has been asked; waiting (calm, no timer)
+  "approved",
+  // she's in
+  "denied",
+  // a grown-up said "not now"
+  "blocked",
+  // a grown-up blocked this app
+  "paused",
+  // her account is paused everywhere
+  "expired",
+  // the request timed out; let's try again
+  "offline"
+  // no connection; render her card from cache, can't log in
+];
+var ASK_GROWN_UP_STATES = ["denied", "blocked", "paused"];
+var ENTRY_STATES = ["trusted", "known", "cold"];
+function deriveInitialState(ctx) {
+  ctx = ctx || {};
+  if (ctx.online === false) return "offline";
+  if (ctx.trustedDevice) return "trusted";
+  if (ctx.identity) return "known";
+  return "cold";
+}
+var TERMINAL = {
+  approved: "approved",
+  denied: "denied",
+  blocked: "blocked",
+  paused: "paused",
+  expired: "expired",
+  offline: "offline"
+};
+function reduce(state, signal, ctx) {
+  if (signal in TERMINAL) return TERMINAL[signal];
+  if (signal === "reset") return deriveInitialState(ctx);
+  if (signal === "online") return state === "offline" ? deriveInitialState(ctx) : state;
+  if (ENTRY_STATES.includes(state) && (signal === "ask" || signal === "pending")) {
+    return "pending";
+  }
+  if (state === "pending" && (signal === "pending" || signal === "slow_down")) {
+    return "pending";
+  }
+  return state;
+}
+function displayGroup(state) {
+  if (ENTRY_STATES.includes(state)) return "ready";
+  if (state === "pending") return "waiting";
+  if (state === "approved") return "approved";
+  if (ASK_GROWN_UP_STATES.includes(state)) return "ask-grown-up";
+  if (state === "expired") return "expired";
+  return "offline";
+}
+
+// src/childLogin/index.ts
+var DEVICE_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
+var ChildLogin = class {
+  clientId;
+  clientSecret;
+  webhookSecret;
+  baseUrl;
+  constructor(options) {
+    if (!options?.clientId) throw new Error("ChildLogin: clientId is required");
+    this.clientId = options.clientId;
+    this.clientSecret = options.clientSecret;
+    this.webhookSecret = options.webhookSecret;
+    this.baseUrl = (options.baseUrl ?? "https://omen.dog").replace(/\/$/, "");
+  }
+  /** Start a child device-authorization grant. `scope:'child'` is always sent. */
+  async deviceStart(options = {}) {
+    const { status, body } = await this.post("/api/oauth/device", {
+      client_id: this.clientId,
+      scope: "child",
+      login_hint: options.loginHint,
+      device_id: options.deviceId,
+      device_name: options.deviceName,
+      device_token: options.deviceToken
+    });
+    if (status >= 400) throw oauthError(status, body);
+    return body;
+  }
+  /**
+   * Tell Omen which child is logging in. With `username` this is the cold-start
+   * path (no prior `login_hint`); without it, it re-pings the family for a known
+   * child. Always resolves `{ ok: true }` (enumeration-safe) on the cold path.
+   */
+  async notify(args) {
+    const { status, body } = await this.post("/api/oauth/device/notify", {
+      device_code: args.device_code,
+      username: args.username
+    });
+    if (status >= 400) throw oauthError(status, body);
+    return body;
+  }
+  /**
+   * Poll the token endpoint once. Returns a calm status union — `pending`,
+   * `slow_down`, `denied`, `expired`, `error`, or `approved` (with tokens,
+   * rebind blob and one-time device_token). Never throws on a normal RFC 8628
+   * polling response; only network failures reject.
+   */
+  async poll(deviceCode) {
+    const { status, body } = await this.post("/api/oauth/token", {
+      grant_type: DEVICE_GRANT_TYPE,
+      device_code: deviceCode,
+      client_id: this.clientId
+    });
+    return mapPollResponse(status, body);
+  }
+  /**
+   * Poll until the grant reaches a terminal state, honouring `interval` and
+   * widening it by 5s on every `slow_down` (RFC 8628 §3.5). Prefer driving the
+   * flip from the `child.login.approved` webhook; use this as the fallback.
+   */
+  async pollUntil(deviceCode, options = {}) {
+    let interval = options.intervalSeconds ?? 5;
+    for (; ; ) {
+      if (options.signal?.aborted) throw new DOMException("Aborted", "AbortError");
+      const result = await this.poll(deviceCode);
+      if (isTerminalStatus(result.status)) return result;
+      options.onStatus?.(result.status);
+      interval = nextInterval(interval, result.status);
+      await sleep(interval * 1e3, options.signal);
+    }
+  }
+  /**
+   * Refresh a child access token. `scope:'child'` is preserved across rotation,
+   * and the old refresh token is single-use (Omen rotates it).
+   */
+  async refresh(refreshToken) {
+    const { status, body } = await this.post("/api/oauth/token", {
+      grant_type: "refresh_token",
+      refresh_token: refreshToken,
+      client_id: this.clientId,
+      client_secret: this.clientSecret
+    });
+    if (status >= 400) throw oauthError(status, body);
+    return body;
+  }
+  /** Fetch the consent-gated identity bundle with the child's access token. */
+  async childIdentity(accessToken) {
+    const res = await fetch(`${this.baseUrl}/api/oauth/child-identity`, {
+      headers: { Authorization: `Bearer ${accessToken}`, Accept: "application/json" }
+    });
+    const body = await res.json().catch(() => ({}));
+    if (!res.ok) throw oauthError(res.status, body);
+    return body;
+  }
+  /** Normalise a token grant into a record for your httpOnly session store. */
+  seal(tokens, opts) {
+    return seal(tokens, opts);
+  }
+  /** Whether a sealed session's access token needs a refresh before use. */
+  accessExpired(record, opts) {
+    return accessExpired(record, opts);
+  }
+  /** Verify a `child.login.approved` webhook signature (uses your `webhookSecret`). */
+  verifyWebhook(payload, signature, secret = this.webhookSecret) {
+    if (!secret) throw new Error("ChildLogin.verifyWebhook: no webhookSecret configured");
+    return verifyWebhook(payload, signature, secret);
+  }
+  /** Verify + parse a `child.login.approved` webhook. Returns null if the signature is invalid. */
+  parseApproval(payload, signature, secret = this.webhookSecret) {
+    if (!secret) throw new Error("ChildLogin.parseApproval: no webhookSecret configured");
+    return parseChildLoginApproved(payload, signature, secret);
+  }
+  async post(path, body) {
+    const clean = {};
+    for (const [k, v] of Object.entries(body)) if (v !== void 0) clean[k] = v;
+    const res = await fetch(`${this.baseUrl}${path}`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json", Accept: "application/json" },
+      body: JSON.stringify(clean)
+    });
+    const text = await res.text();
+    let json = {};
+    try {
+      json = text ? JSON.parse(text) : {};
+    } catch {
+      json = { error: "invalid_response", raw: text };
+    }
+    return { status: res.status, body: json };
+  }
+};
+function oauthError(status, body) {
+  const code = body?.error || `http_${status}`;
+  const err = new Error(body?.error_description || code);
+  err.status = status;
+  err.code = code;
+  return err;
+}
+function sleep(ms, signal) {
+  return new Promise((resolve, reject) => {
+    if (signal?.aborted) return reject(new DOMException("Aborted", "AbortError"));
+    const t = setTimeout(resolve, ms);
+    signal?.addEventListener("abort", () => {
+      clearTimeout(t);
+      reject(new DOMException("Aborted", "AbortError"));
+    }, { once: true });
+  });
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ASK_GROWN_UP_STATES,
+  CHILD_LOGIN_STATES,
+  ChildLogin,
+  ENTRY_STATES,
+  deriveInitialState,
+  displayGroup,
+  reduce
+});

package/dist/child-login.mjs

@@ -0,0 +1,18 @@
+import {
+  ASK_GROWN_UP_STATES,
+  CHILD_LOGIN_STATES,
+  ChildLogin,
+  ENTRY_STATES,
+  deriveInitialState,
+  displayGroup,
+  reduce
+} from "./chunk-7L3ANE2V.mjs";
+export {
+  ASK_GROWN_UP_STATES,
+  CHILD_LOGIN_STATES,
+  ChildLogin,
+  ENTRY_STATES,
+  deriveInitialState,
+  displayGroup,
+  reduce
+};

package/dist/chunk-7L3ANE2V.mjs

@@ -0,0 +1,303 @@
+// src/childLogin/stateMachine.js
+var CHILD_LOGIN_STATES = [
+  "trusted",
+  // this device is pre-authorised → one tap
+  "known",
+  // we know who she is (cached identity) → "ask a grown-up"
+  "cold",
+  // no hint → type a username
+  "pending",
+  // a grown-up has been asked; waiting (calm, no timer)
+  "approved",
+  // she's in
+  "denied",
+  // a grown-up said "not now"
+  "blocked",
+  // a grown-up blocked this app
+  "paused",
+  // her account is paused everywhere
+  "expired",
+  // the request timed out; let's try again
+  "offline"
+  // no connection; render her card from cache, can't log in
+];
+var ASK_GROWN_UP_STATES = ["denied", "blocked", "paused"];
+var ENTRY_STATES = ["trusted", "known", "cold"];
+function deriveInitialState(ctx) {
+  ctx = ctx || {};
+  if (ctx.online === false) return "offline";
+  if (ctx.trustedDevice) return "trusted";
+  if (ctx.identity) return "known";
+  return "cold";
+}
+var TERMINAL = {
+  approved: "approved",
+  denied: "denied",
+  blocked: "blocked",
+  paused: "paused",
+  expired: "expired",
+  offline: "offline"
+};
+function reduce(state, signal, ctx) {
+  if (signal in TERMINAL) return TERMINAL[signal];
+  if (signal === "reset") return deriveInitialState(ctx);
+  if (signal === "online") return state === "offline" ? deriveInitialState(ctx) : state;
+  if (ENTRY_STATES.includes(state) && (signal === "ask" || signal === "pending")) {
+    return "pending";
+  }
+  if (state === "pending" && (signal === "pending" || signal === "slow_down")) {
+    return "pending";
+  }
+  return state;
+}
+function displayGroup(state) {
+  if (ENTRY_STATES.includes(state)) return "ready";
+  if (state === "pending") return "waiting";
+  if (state === "approved") return "approved";
+  if (ASK_GROWN_UP_STATES.includes(state)) return "ask-grown-up";
+  if (state === "expired") return "expired";
+  return "offline";
+}
+
+// src/childLogin/rfc8628.js
+function mapPollResponse(httpStatus, body) {
+  body = body || {};
+  if (httpStatus >= 200 && httpStatus < 300 && body.access_token) {
+    return {
+      status: "approved",
+      tokens: {
+        access_token: body.access_token,
+        refresh_token: body.refresh_token,
+        token_type: body.token_type || "Bearer",
+        expires_in: typeof body.expires_in === "number" ? body.expires_in : void 0,
+        scope: body.scope
+      },
+      rebind: body.rebind || null,
+      deviceToken: body.device_token || null
+    };
+  }
+  switch (body.error) {
+    case "authorization_pending":
+      return { status: "pending" };
+    case "slow_down":
+      return { status: "slow_down" };
+    case "access_denied":
+      return { status: "denied" };
+    case "expired_token":
+      return { status: "expired" };
+    default:
+      return { status: "error", error: body.error || `http_${httpStatus}` };
+  }
+}
+var SLOW_DOWN_INCREMENT_SECONDS = 5;
+var MIN_POLL_INTERVAL_SECONDS = 1;
+function nextInterval(currentInterval, status) {
+  const base = Number.isFinite(currentInterval) && currentInterval >= MIN_POLL_INTERVAL_SECONDS ? currentInterval : MIN_POLL_INTERVAL_SECONDS;
+  if (status === "slow_down") return base + SLOW_DOWN_INCREMENT_SECONDS;
+  return base;
+}
+function isTerminalStatus(status) {
+  return status === "approved" || status === "denied" || status === "expired" || status === "error";
+}
+
+// src/childLogin/session.js
+var DEFAULT_ACCESS_TTL_SECONDS = 86400;
+var DEFAULT_SKEW_MS = 3e4;
+function seal(tokens, opts) {
+  if (!tokens || !tokens.access_token) {
+    throw new Error("seal(): tokens.access_token is required");
+  }
+  const now = opts && typeof opts.now === "number" ? opts.now : Date.now();
+  const ttlSeconds = typeof tokens.expires_in === "number" ? tokens.expires_in : DEFAULT_ACCESS_TTL_SECONDS;
+  const record = {
+    accessToken: tokens.access_token,
+    refreshToken: tokens.refresh_token || null,
+    scope: tokens.scope || "child",
+    accessExpiresAt: now + ttlSeconds * 1e3
+  };
+  const deviceToken = opts && opts.deviceToken || tokens.device_token || null;
+  if (deviceToken) record.deviceToken = deviceToken;
+  return record;
+}
+function accessExpired(record, opts) {
+  if (!record || typeof record.accessExpiresAt !== "number") return true;
+  const now = opts && typeof opts.now === "number" ? opts.now : Date.now();
+  const skew = opts && typeof opts.skewMs === "number" ? opts.skewMs : DEFAULT_SKEW_MS;
+  return now >= record.accessExpiresAt - skew;
+}
+
+// src/childLogin/webhook.js
+import { createHmac, timingSafeEqual } from "crypto";
+function verifyWebhook(payload, signature, secret) {
+  if (typeof payload !== "string" || !signature || !secret) return false;
+  const expected = createHmac("sha256", secret).update(payload).digest("hex");
+  const a = Buffer.from(expected, "utf8");
+  const b = Buffer.from(String(signature), "utf8");
+  if (a.length !== b.length) return false;
+  return timingSafeEqual(a, b);
+}
+function parseChildLoginApproved(payload, signature, secret) {
+  if (!verifyWebhook(payload, signature, secret)) return null;
+  try {
+    return JSON.parse(payload);
+  } catch {
+    return null;
+  }
+}
+
+// src/childLogin/index.ts
+var DEVICE_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
+var ChildLogin = class {
+  clientId;
+  clientSecret;
+  webhookSecret;
+  baseUrl;
+  constructor(options) {
+    if (!options?.clientId) throw new Error("ChildLogin: clientId is required");
+    this.clientId = options.clientId;
+    this.clientSecret = options.clientSecret;
+    this.webhookSecret = options.webhookSecret;
+    this.baseUrl = (options.baseUrl ?? "https://omen.dog").replace(/\/$/, "");
+  }
+  /** Start a child device-authorization grant. `scope:'child'` is always sent. */
+  async deviceStart(options = {}) {
+    const { status, body } = await this.post("/api/oauth/device", {
+      client_id: this.clientId,
+      scope: "child",
+      login_hint: options.loginHint,
+      device_id: options.deviceId,
+      device_name: options.deviceName,
+      device_token: options.deviceToken
+    });
+    if (status >= 400) throw oauthError(status, body);
+    return body;
+  }
+  /**
+   * Tell Omen which child is logging in. With `username` this is the cold-start
+   * path (no prior `login_hint`); without it, it re-pings the family for a known
+   * child. Always resolves `{ ok: true }` (enumeration-safe) on the cold path.
+   */
+  async notify(args) {
+    const { status, body } = await this.post("/api/oauth/device/notify", {
+      device_code: args.device_code,
+      username: args.username
+    });
+    if (status >= 400) throw oauthError(status, body);
+    return body;
+  }
+  /**
+   * Poll the token endpoint once. Returns a calm status union — `pending`,
+   * `slow_down`, `denied`, `expired`, `error`, or `approved` (with tokens,
+   * rebind blob and one-time device_token). Never throws on a normal RFC 8628
+   * polling response; only network failures reject.
+   */
+  async poll(deviceCode) {
+    const { status, body } = await this.post("/api/oauth/token", {
+      grant_type: DEVICE_GRANT_TYPE,
+      device_code: deviceCode,
+      client_id: this.clientId
+    });
+    return mapPollResponse(status, body);
+  }
+  /**
+   * Poll until the grant reaches a terminal state, honouring `interval` and
+   * widening it by 5s on every `slow_down` (RFC 8628 §3.5). Prefer driving the
+   * flip from the `child.login.approved` webhook; use this as the fallback.
+   */
+  async pollUntil(deviceCode, options = {}) {
+    let interval = options.intervalSeconds ?? 5;
+    for (; ; ) {
+      if (options.signal?.aborted) throw new DOMException("Aborted", "AbortError");
+      const result = await this.poll(deviceCode);
+      if (isTerminalStatus(result.status)) return result;
+      options.onStatus?.(result.status);
+      interval = nextInterval(interval, result.status);
+      await sleep(interval * 1e3, options.signal);
+    }
+  }
+  /**
+   * Refresh a child access token. `scope:'child'` is preserved across rotation,
+   * and the old refresh token is single-use (Omen rotates it).
+   */
+  async refresh(refreshToken) {
+    const { status, body } = await this.post("/api/oauth/token", {
+      grant_type: "refresh_token",
+      refresh_token: refreshToken,
+      client_id: this.clientId,
+      client_secret: this.clientSecret
+    });
+    if (status >= 400) throw oauthError(status, body);
+    return body;
+  }
+  /** Fetch the consent-gated identity bundle with the child's access token. */
+  async childIdentity(accessToken) {
+    const res = await fetch(`${this.baseUrl}/api/oauth/child-identity`, {
+      headers: { Authorization: `Bearer ${accessToken}`, Accept: "application/json" }
+    });
+    const body = await res.json().catch(() => ({}));
+    if (!res.ok) throw oauthError(res.status, body);
+    return body;
+  }
+  /** Normalise a token grant into a record for your httpOnly session store. */
+  seal(tokens, opts) {
+    return seal(tokens, opts);
+  }
+  /** Whether a sealed session's access token needs a refresh before use. */
+  accessExpired(record, opts) {
+    return accessExpired(record, opts);
+  }
+  /** Verify a `child.login.approved` webhook signature (uses your `webhookSecret`). */
+  verifyWebhook(payload, signature, secret = this.webhookSecret) {
+    if (!secret) throw new Error("ChildLogin.verifyWebhook: no webhookSecret configured");
+    return verifyWebhook(payload, signature, secret);
+  }
+  /** Verify + parse a `child.login.approved` webhook. Returns null if the signature is invalid. */
+  parseApproval(payload, signature, secret = this.webhookSecret) {
+    if (!secret) throw new Error("ChildLogin.parseApproval: no webhookSecret configured");
+    return parseChildLoginApproved(payload, signature, secret);
+  }
+  async post(path, body) {
+    const clean = {};
+    for (const [k, v] of Object.entries(body)) if (v !== void 0) clean[k] = v;
+    const res = await fetch(`${this.baseUrl}${path}`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json", Accept: "application/json" },
+      body: JSON.stringify(clean)
+    });
+    const text = await res.text();
+    let json = {};
+    try {
+      json = text ? JSON.parse(text) : {};
+    } catch {
+      json = { error: "invalid_response", raw: text };
+    }
+    return { status: res.status, body: json };
+  }
+};
+function oauthError(status, body) {
+  const code = body?.error || `http_${status}`;
+  const err = new Error(body?.error_description || code);
+  err.status = status;
+  err.code = code;
+  return err;
+}
+function sleep(ms, signal) {
+  return new Promise((resolve, reject) => {
+    if (signal?.aborted) return reject(new DOMException("Aborted", "AbortError"));
+    const t = setTimeout(resolve, ms);
+    signal?.addEventListener("abort", () => {
+      clearTimeout(t);
+      reject(new DOMException("Aborted", "AbortError"));
+    }, { once: true });
+  });
+}
+
+export {
+  CHILD_LOGIN_STATES,
+  ASK_GROWN_UP_STATES,
+  ENTRY_STATES,
+  deriveInitialState,
+  reduce,
+  displayGroup,
+  ChildLogin
+};

package/dist/creation.d.ts

@@ -87,8 +87,8 @@ interface OmenSDK {
   invite(friendId: string): Promise<void>;
   presence(text: string | null): void;
 
-  // Companion
-  companion(): Promise<{ name: string; mood: string; traits: string[] } | null>;
+  // Daemon
+  daemon(): Promise<{ name: string; mood: string; traits: string[] } | null>;
 
   // Input
   input: OmenInputAPI;
@@ -110,7 +110,7 @@ interface OmenSDK {
   vibrate(type: 'light' | 'medium' | 'heavy' | 'success' | 'error'): void;
 
   // Feature detection
-  has(feature: 'storage' | 'collections' | 'economy' | 'identity' | 'input' | 'social' | 'companion' | 'moderation' | 'leaderboard'): boolean;
+  has(feature: 'storage' | 'collections' | 'economy' | 'identity' | 'input' | 'social' | 'daemon' | 'moderation' | 'leaderboard'): boolean;
 }
 
 declare const omen: OmenSDK;