@ozura/elements 0.1.0-beta.1

package/dist/server/types/index.d.ts

@@ -0,0 +1,432 @@
+export interface ElementStyle {
+    color?: string;
+    fontSize?: string;
+    fontFamily?: string;
+    fontWeight?: string;
+    fontStyle?: string;
+    fontVariant?: string;
+    letterSpacing?: string;
+    lineHeight?: string;
+    textAlign?: string;
+    textDecoration?: string;
+    textShadow?: string;
+    textTransform?: string;
+    padding?: string;
+    paddingTop?: string;
+    paddingRight?: string;
+    paddingBottom?: string;
+    paddingLeft?: string;
+    backgroundColor?: string;
+    opacity?: string;
+    border?: string;
+    borderColor?: string;
+    borderWidth?: string;
+    borderStyle?: string;
+    borderRadius?: string;
+    borderTop?: string;
+    borderRight?: string;
+    borderBottom?: string;
+    borderLeft?: string;
+    borderTopColor?: string;
+    borderRightColor?: string;
+    borderBottomColor?: string;
+    borderLeftColor?: string;
+    borderTopWidth?: string;
+    borderRightWidth?: string;
+    borderBottomWidth?: string;
+    borderLeftWidth?: string;
+    borderTopStyle?: string;
+    borderRightStyle?: string;
+    borderBottomStyle?: string;
+    borderLeftStyle?: string;
+    borderTopLeftRadius?: string;
+    borderTopRightRadius?: string;
+    borderBottomLeftRadius?: string;
+    borderBottomRightRadius?: string;
+    boxShadow?: string;
+    outline?: string;
+    outlineColor?: string;
+    outlineWidth?: string;
+    outlineStyle?: string;
+    outlineOffset?: string;
+    cursor?: string;
+    caretColor?: string;
+    height?: string;
+    minHeight?: string;
+    maxHeight?: string;
+    transition?: string;
+    /** Index signature for forward-compatibility with future CSS properties. */
+    [key: string]: string | undefined;
+}
+export interface ElementStyleConfig {
+    /** Default styles applied to the input. */
+    base?: ElementStyle;
+    /** Styles applied when the input is focused. Merges on top of `base`. */
+    focus?: ElementStyle;
+    /** Styles applied when the input contains an invalid value (on blur). Merges on top of `base`. */
+    invalid?: ElementStyle;
+    /** Styles applied when the input contains a valid, complete value (on blur). Merges on top of `base`. */
+    complete?: ElementStyle;
+    /** Styles applied to the input's placeholder text (::placeholder pseudo-element). */
+    placeholder?: ElementStyle;
+}
+export interface ElementOptions {
+    style?: ElementStyleConfig;
+    placeholder?: string;
+    disabled?: boolean;
+    /** How long to wait (ms) for the iframe to load before emitting `loaderror`. Default: 10 000. */
+    loadTimeoutMs?: number;
+}
+export interface ElementChangeEvent {
+    empty: boolean;
+    complete: boolean;
+    valid: boolean;
+    /** Card brand — only present on cardNumber elements */
+    cardBrand?: string;
+    /** Parsed month (01-12) — only present on expirationDate elements */
+    month?: string;
+    /** Parsed 2-digit year — only present on expirationDate elements */
+    year?: string;
+    /** Human-readable error when valid is false and the field has been touched */
+    error?: string;
+}
+export type ElementType = 'cardNumber' | 'cvv' | 'expirationDate';
+/** Bank account element types. */
+export type BankElementType = 'accountNumber' | 'routingNumber';
+/** Load a font from a CSS stylesheet URL (e.g. Google Fonts). Must be HTTPS. */
+export interface CssFontSource {
+    cssSrc: string;
+}
+/** Load a custom font via @font-face. `src` must be a `url(https://...)` value. */
+export interface CustomFontSource {
+    family: string;
+    src: string;
+    weight?: string;
+    style?: string;
+    display?: string;
+    unicodeRange?: string;
+}
+export type FontSource = CssFontSource | CustomFontSource;
+export type OzTheme = 'default' | 'night' | 'flat';
+/**
+ * CSS variable-style overrides. Each key maps to a specific style property
+ * across all style states, so merchants can theme with a single flat object
+ * instead of manually building full `ElementStyleConfig` objects.
+ */
+export interface AppearanceVariables {
+    /** Input text color. Maps to `base.color`. */
+    colorText?: string;
+    /** Input background color. Maps to `base.backgroundColor`. */
+    colorBackground?: string;
+    /** Primary accent color. Maps to `focus.caretColor` and `focus.color`. */
+    colorPrimary?: string;
+    /** Error/invalid state text color. Maps to `invalid.color`. */
+    colorDanger?: string;
+    /** Success/complete state text color. Maps to `complete.color`. */
+    colorSuccess?: string;
+    /** Placeholder text color. Maps to `placeholder.color`. */
+    colorPlaceholder?: string;
+    /** Font family. Maps to `base.fontFamily`. */
+    fontFamily?: string;
+    /** Font size. Maps to `base.fontSize`. */
+    fontSize?: string;
+    /** Font weight. Maps to `base.fontWeight`. */
+    fontWeight?: string;
+    /** Letter spacing. Maps to `base.letterSpacing`. */
+    letterSpacing?: string;
+    /** Line height. Maps to `base.lineHeight`. */
+    lineHeight?: string;
+    /** Inner padding. Maps to `base.padding`. */
+    padding?: string;
+}
+/**
+ * Global appearance configuration. Applied to all elements created by this vault.
+ * Per-element `style` overrides take precedence over appearance settings.
+ */
+export interface Appearance {
+    /** Preset theme. Applies a complete set of default styles. */
+    theme?: OzTheme;
+    /** Variable overrides. Merged on top of the theme defaults. */
+    variables?: AppearanceVariables;
+}
+export interface VaultOptions {
+    /** Base URL of the vault API. Defaults to the Ozura production vault. */
+    apiUrl?: string;
+    /** System pub key required for tokenization. Obtain from Ozura admin.
+     *  Sent as the `X-Pub-Key` header on tokenize requests. */
+    pubKey: string;
+    /** Base URL where the Ozura frame HTML/JS assets are served from.
+     *  Defaults to the production CDN. Override for local development. */
+    frameBaseUrl?: string;
+    /**
+     * Custom fonts to inject into element iframes. Accepts Google Fonts URLs
+     * or @font-face declarations. Fonts are loaded inside each iframe so they
+     * render in the card input fields.
+     *
+     * @example
+     * // Google Fonts
+     * fonts: [{ cssSrc: 'https://fonts.googleapis.com/css2?family=Inter:wght@400;500&display=swap' }]
+     *
+     * @example
+     * // Custom @font-face
+     * fonts: [{ family: 'MyFont', src: 'url(https://cdn.example.com/myfont.woff2)', weight: '400' }]
+     */
+    fonts?: FontSource[];
+    /**
+     * Called if the tokenizer iframe fails to signal ready within `loadTimeoutMs`.
+     * Use this to show a fallback UI (e.g. "Unable to load payment fields").
+     */
+    onLoadError?: () => void;
+    /** How long to wait (ms) for the tokenizer iframe before calling `onLoadError`. Default: 10 000. */
+    loadTimeoutMs?: number;
+    /**
+     * Global appearance configuration. Applies preset themes and/or variable
+     * overrides to all elements created by this vault. Per-element `style`
+     * overrides take precedence.
+     *
+     * @example
+     * appearance: { theme: 'night' }
+     *
+     * @example
+     * appearance: {
+     *   theme: 'flat',
+     *   variables: { colorPrimary: '#6366f1', fontFamily: '"Inter", sans-serif' },
+     * }
+     */
+    appearance?: Appearance;
+}
+/** Billing address. All string fields are validated to 1–50 characters. */
+export interface BillingAddress {
+    line1: string;
+    /** Optional. Omitted entirely from cardSale if blank (schema enforces minLength 1 if present). */
+    line2?: string;
+    city: string;
+    /** For US and CA: normalized to the 2-letter abbreviation (e.g. "California" → "CA"). */
+    state: string;
+    zip: string;
+    /** ISO 3166-1 alpha-2, e.g. "US", "CA", "GB". */
+    country: string;
+}
+/**
+ * Cardholder billing details validated against the Ozura cardSale API schema.
+ * Mirrors the `billing_details` object in Stripe's createPaymentMethod API.
+ *
+ * Pass to `vault.createToken({ billing })` — the SDK validates all fields and
+ * returns normalized values in `TokenResponse.billing` ready for the cardSale call.
+ */
+export interface BillingDetails {
+    /** 1–50 characters. Required for cardSale. */
+    firstName: string;
+    /** 1–50 characters. Required for cardSale. Must be non-empty. */
+    lastName: string;
+    /** Valid email address, max 50 characters. */
+    email?: string;
+    /** E.164 format, e.g. "+15551234567". Max 50 characters. */
+    phone?: string;
+    address?: BillingAddress;
+}
+export interface TokenizeOptions {
+    /**
+     * Billing details — validated, normalized, and returned in TokenResponse.billing
+     * ready to be passed directly to the cardSale API.
+     *
+     * If provided, firstName and lastName inside billing take precedence over
+     * the top-level firstName/lastName params below.
+     */
+    billing?: BillingDetails;
+    /** @deprecated Pass firstName inside `billing` instead. */
+    firstName?: string;
+    /** @deprecated Pass lastName inside `billing` instead. */
+    lastName?: string;
+}
+/** Options for `vault.createBankToken()`. */
+export interface BankTokenizeOptions {
+    /** Account holder first name. Required. */
+    firstName: string;
+    /** Account holder last name. Required. */
+    lastName: string;
+}
+/** Non-sensitive bank account metadata returned alongside the token. */
+export interface BankAccountMetadata {
+    /** Last 4 digits of the account number. */
+    last4: string;
+    /** US routing number (9 digits). */
+    routingNumber: string;
+}
+/** Non-sensitive card metadata returned alongside the token. */
+export interface CardMetadata {
+    /** Last 4 digits of the card number. */
+    last4: string;
+    /** Detected card brand (e.g. "visa", "mastercard", "amex"). */
+    brand: string;
+    /** 2-digit expiry month (e.g. "09"). */
+    expMonth: string;
+    /** 4-digit expiry year (e.g. "2027"). */
+    expYear: string;
+}
+export interface TokenResponse {
+    token: string;
+    cvcSession?: string;
+    /** Non-sensitive card metadata — available immediately without a cardSale call. */
+    card?: CardMetadata;
+    /**
+     * Validated, normalized billing details — ready to spread into a cardSale request.
+     * Only present when billing was passed to createToken().
+     */
+    billing?: BillingDetails;
+}
+/**
+ * Returned by `vault.createBankToken()` after successful ACH tokenization.
+ * The token can be passed to any ACH-capable payment processor.
+ * Note: OzuraPay does not currently support bank account payments.
+ */
+export interface BankTokenResponse {
+    /** Vault token representing the bank account. Use with your ACH processor. */
+    token: string;
+    /** Non-sensitive bank account metadata. */
+    bank?: BankAccountMetadata;
+}
+/**
+ * Full request body for the Ozura Pay API cardSale endpoint.
+ * All string fields are 1–50 characters. billingAddress2 is optional (omit if blank).
+ *
+ * Headers required:
+ *   x-api-key: <merchantApiKey>
+ *   vault-api-key: <vaultApiKey>  (same key passed to OzVault)
+ */
+export interface CardSaleRequest {
+    /** Processor to use. If omitted, the Pay API auto-selects (Elavon → Nuvei → Worldpay). */
+    processor?: 'elavon' | 'nuvei' | 'worldpay';
+    merchantId: string;
+    /** Decimal string, e.g. "49.00". */
+    amount: string;
+    /** ISO 4217, e.g. "USD". */
+    currency: string;
+    /** From TokenResponse.token */
+    ozuraCardToken: string;
+    /** From TokenResponse.cvcSession */
+    ozuraCvcSession: string;
+    billingFirstName: string;
+    billingLastName: string;
+    billingEmail: string;
+    /** E.164 format, max 50 chars. */
+    billingPhone: string;
+    billingAddress1: string;
+    /** Omit entirely if blank — schema enforces minLength 1 if present. */
+    billingAddress2?: string;
+    billingCity: string;
+    /** 2-letter state/province code. */
+    billingState: string;
+    billingZipcode: string;
+    /** ISO 3166-1 alpha-2. */
+    billingCountry: string;
+    /** Fetch from your server — use an internal route, not api.ipify.org (ad-blockers block it). */
+    clientIpAddress: string;
+    salesTaxExempt: boolean;
+    /** Defaults to "0.00". Range 0–3. */
+    surchargePercent?: string;
+    /** Defaults to "0.00". */
+    tipAmount?: string;
+}
+/**
+ * The `data` object inside a successful cardSale API response.
+ *
+ * Store `transactionId` in your database immediately after receiving this —
+ * it is required for refunds and idempotency checks.
+ */
+export interface CardSaleResponseData {
+    /** Unique transaction reference — store this in your database. */
+    transactionId: string;
+    /** Amount charged, decimal string, e.g. "49.00". */
+    amount: string;
+    /** ISO 4217 currency code, e.g. "USD". */
+    currency: string;
+    /** Surcharge amount applied, e.g. "0.00". */
+    surchargeAmount: string;
+    /** Sales tax calculated by the Pay API based on billing address. */
+    salesTaxAmount?: string;
+    /** Tip amount applied, e.g. "0.00". */
+    tipAmount: string;
+    /** Last four digits of the card number. */
+    cardLastFour: string;
+    /** First six digits of the card number (BIN). */
+    cardBin?: string;
+    /** Expiry month as 2-digit string, e.g. "09". */
+    cardExpMonth: string;
+    /** Expiry year as 4-digit string, e.g. "2027". */
+    cardExpYear: string;
+    /** Card brand returned by processor, e.g. "visa", "mastercard", "amex". */
+    cardBrand: string;
+    /** Whether the card is a credit card (vs debit). */
+    isCreditCard?: boolean;
+    /** ISO 8601 transaction timestamp. */
+    transDate: string;
+    /** Merchant ID echoed back from the request. */
+    ozuraMerchantId: string;
+    /** Client IP address echoed back. */
+    clientIpAddress?: string;
+    /** Billing fields echoed back — useful for receipts. */
+    billingFirstName: string;
+    billingLastName: string;
+    billingEmail: string;
+    billingPhone: string;
+    billingAddress1: string;
+    billingAddress2?: string;
+    billingCity: string;
+    billingState: string;
+    billingZipcode: string;
+    billingCountry: string;
+}
+/**
+ * Full response envelope from the Ozura Pay API cardSale endpoint.
+ *
+ * On success:  `{ success: true,  data: CardSaleResponseData }`
+ * On failure:  HTTP 4xx/5xx with `{ error: string }` — pass `error` to
+ *              `normalizeCardSaleError()` to get a user-facing message.
+ */
+export interface CardSaleApiResponse {
+    success: boolean;
+    data: CardSaleResponseData;
+}
+/** Query params for GET /api/v1/transQuery. */
+export interface TransactionQueryParams {
+    merchantId: string;
+    /** Fetch a specific transaction. */
+    transactionId?: string;
+    /** Date range start, format "YYYY-MM-DD HH:MM:SS". */
+    dateFrom?: string;
+    /** Date range end, format "YYYY-MM-DD HH:MM:SS". */
+    dateTo?: string;
+    /** Filter by type, e.g. "sale", "refund". */
+    transactionType?: string;
+    /** 1-based page number. Default: 1. */
+    page?: number;
+    /** Results per page. Default: 50, max: 100. */
+    limit?: number;
+    /** Comma-separated field names to return. */
+    fields?: string;
+    sortBy?: string;
+    sortOrder?: 'asc' | 'desc';
+}
+export interface TransactionQueryPagination {
+    currentPage: number;
+    totalPages: number;
+    totalCount: number;
+    limit: number;
+    hasNextPage: boolean;
+    hasPrevPage: boolean;
+    nextPage: number | null;
+    prevPage: number | null;
+}
+export interface TransactionQueryResponse {
+    success: boolean;
+    data: CardSaleResponseData[];
+    pagination: TransactionQueryPagination;
+}
+export type OzMessageType = 'OZ_FRAME_READY' | 'OZ_INIT' | 'OZ_UPDATE' | 'OZ_CLEAR' | 'OZ_CHANGE' | 'OZ_FOCUS' | 'OZ_BLUR' | 'OZ_RESIZE' | 'OZ_SET_TOKENIZER_NAME' | 'OZ_BEGIN_COLLECT' | 'OZ_FIELD_VALUE' | 'OZ_TOKENIZE' | 'OZ_TOKEN_RESULT' | 'OZ_TOKEN_ERROR' | 'OZ_FOCUS_REQUEST' | 'OZ_BLUR_REQUEST' | 'OZ_SET_CVV_LENGTH' | 'OZ_BANK_TOKENIZE' | 'OZ_BANK_TOKEN_RESULT';
+export interface OzMessage {
+    __oz: true;
+    vaultId: string;
+    type: OzMessageType;
+    [key: string]: unknown;
+}

package/dist/server/utils/appearance.d.ts

@@ -0,0 +1,13 @@
+import type { Appearance, ElementStyleConfig } from '../types';
+/**
+ * Resolves an `Appearance` config into a flat `ElementStyleConfig`.
+ * Resolution order: theme defaults → variable overrides.
+ * The returned config is then used as the "base appearance" that
+ * per-element `style` overrides merge on top of.
+ */
+export declare function resolveAppearance(appearance?: Appearance): ElementStyleConfig | undefined;
+/**
+ * Merges a resolved appearance with per-element style overrides.
+ * Element styles always win over appearance styles.
+ */
+export declare function mergeAppearanceWithElementStyle(appearance: ElementStyleConfig | undefined, elementStyle: ElementStyleConfig | undefined): ElementStyleConfig | undefined;

package/dist/server/utils/billingUtils.d.ts

@@ -0,0 +1,60 @@
+/**
+ * billingUtils.ts — billing detail validation and normalization.
+ *
+ * Mirrors the validation in checkout/page.tsx (pre-flight checks before cardSale)
+ * so that billing data passed to createToken() is guaranteed schema-compliant and
+ * ready to forward directly to the Ozura Pay API cardSale endpoint.
+ *
+ * All string fields enforced to 1–50 characters (cardSale schema constraint).
+ * State is normalized to 2-letter abbreviation for US and CA.
+ * Phone must be E.164 format (matches checkout's formatPhoneForAPI output).
+ */
+import { BillingDetails } from '../types';
+/** Returns true when the email is syntactically valid and ≤50 characters. */
+export declare function validateEmail(email: string): boolean;
+/**
+ * Validates E.164 phone format: starts with +, 1–3 digit country code,
+ * followed by 7–12 digits, total ≤50 characters.
+ *
+ * Matches the output of checkout's formatPhoneForAPI() function.
+ * Examples: "+15551234567", "+447911123456", "+61412345678"
+ */
+export declare function validateE164Phone(phone: string): boolean;
+/** Returns true when the string is non-empty and ≤50 characters (cardSale schema). */
+export declare function isValidBillingField(value: string): boolean;
+/**
+ * Converts a full US state or Canadian province name to its 2-letter abbreviation.
+ * If already a valid abbreviation (case-insensitive), returns it uppercased.
+ * For non-US/CA countries, returns the input uppercased unchanged.
+ *
+ * Matches checkout's convertStateToAbbreviation() behaviour exactly.
+ */
+export declare function normalizeState(state: string, country: string): string;
+/**
+ * Validates a postal/ZIP code against country-specific format rules.
+ * For countries without a specific pattern, falls back to generic 1–50 char check.
+ */
+export declare function validatePostalCode(zip: string, country: string): {
+    valid: boolean;
+    error?: string;
+};
+export interface BillingValidationResult {
+    valid: boolean;
+    /** One entry per failing field, each suitable for display in a thrown OzError message. */
+    errors: string[];
+    /** Trimmed and normalized billing details — state converted, address2 omitted if blank. */
+    normalized: BillingDetails;
+}
+/**
+ * Validates and normalizes billing details against the Ozura cardSale API schema.
+ *
+ * Rules applied (same as checkout's pre-flight validation in page.tsx):
+ * - firstName, lastName: required, 1–50 chars
+ * - email: optional; if provided, must be valid format and ≤50 chars
+ * - phone: optional; if provided, must be E.164 and ≤50 chars
+ * - address fields: if address is provided, line1/city/state/zip/country are
+ *   required (1–50 chars each); line2 is optional and omitted from normalized
+ *   output if blank (cardSale schema: minLength 1 if present)
+ * - state: normalized to 2-letter abbreviation for US and CA
+ */
+export declare function validateBilling(billing: BillingDetails): BillingValidationResult;

package/dist/server/utils/cardUtils.d.ts

@@ -0,0 +1,37 @@
+/**
+ * cardUtils.ts — pure card validation and formatting helpers.
+ *
+ * These functions contain no DOM or browser dependencies and are shared
+ * between the element frame runtime and the test suite.
+ */
+/** Returns true when the digit string passes the Luhn checksum. */
+export declare function luhn(digits: string): boolean;
+export type CardBrand = 'visa' | 'mastercard' | 'amex' | 'dinersclub' | 'discover' | 'jcb' | 'unknown';
+/** Detects the card brand from the leading digits. Returns 'unknown' for no match. */
+export declare function detectBrand(num: string): CardBrand;
+/** Maximum digit length allowed for a given brand. */
+export declare function getCardMaxLength(brand: CardBrand | string): number;
+/**
+ * Formats raw card digits into the display string for the given brand.
+ * Amex: 4-6-5 grouping. All others: groups of 4.
+ */
+export declare function formatCard(digits: string, brand: CardBrand | string): string;
+export interface CardValidationResult {
+    complete: boolean;
+    valid: boolean;
+    error?: string;
+}
+export declare function validateCardNumber(digits: string, brand: CardBrand | string): CardValidationResult;
+export interface ExpiryValidationResult {
+    complete: boolean;
+    valid: boolean;
+    month?: string;
+    year?: string;
+    error?: string;
+}
+/**
+ * Validates a raw 4-digit MMYY string (as stored by the element frame).
+ * Month is clamped to 01–12 at input time, so only past-date and
+ * incomplete checks are needed here.
+ */
+export declare function validateExpiry(rawMMYY: string): ExpiryValidationResult;

package/dist/types/frame/elementFrame.d.ts

@@ -0,0 +1,8 @@
+/**
+ * elementFrame.ts — runs inside an <iframe> served from Ozura's domain.
+ *
+ * Renders a single card or bank input, manages formatting/validation, and
+ * communicates with the host SDK via postMessage. Raw values NEVER leave this
+ * file except when sent directly to the tokenizer frame (same-origin).
+ */
+export {};

package/dist/types/frame/tokenizerFrame.d.ts

@@ -0,0 +1,13 @@
+/**
+ * tokenizerFrame.ts — runs inside a hidden <iframe> served from Ozura's domain.
+ *
+ * Collects raw card field values sent by element frames (same-origin),
+ * assembles the vault tokenization payload, and POSTs it directly to the
+ * vault API. The merchant page never sees raw card data.
+ */
+/**
+ * Returns true when the given URL's origin is in the compile-time allowlist.
+ * For localhost entries, any port is accepted (dev-server port varies).
+ * Exported for unit testing only — not part of the public SDK API.
+ */
+export declare function isAllowedVaultOrigin(apiUrl: string): boolean;

package/dist/types/sdk/OzElement.d.ts

@@ -0,0 +1,65 @@
+import { ElementType, BankElementType, ElementOptions, ElementStyleConfig, FontSource, OzMessage } from '../types';
+type AnyElementType = ElementType | BankElementType;
+type ElementEvent = 'ready' | 'change' | 'focus' | 'blur' | 'loaderror';
+type ElementCallback = (payload?: unknown) => void;
+/**
+ * A proxy for one Ozura iframe element. Merchants interact with this object;
+ * it never holds raw card data — all sensitive values live in the iframe.
+ */
+export declare class OzElement {
+    private elementType;
+    private options;
+    private vaultId;
+    readonly frameId: string;
+    private frameBaseUrl;
+    private frameOrigin;
+    private fonts;
+    private appearanceStyle;
+    private iframe;
+    private _frameWindow;
+    private _ready;
+    private _destroyed;
+    private _loadTimer;
+    private pendingMessages;
+    private handlers;
+    constructor(elementType: AnyElementType, options: ElementOptions, vaultId: string, frameBaseUrl: string, fonts?: FontSource[], appearanceStyle?: ElementStyleConfig);
+    /** The element type this proxy represents. */
+    get type(): AnyElementType;
+    /** True once the element iframe has loaded and signalled ready. */
+    get isReady(): boolean;
+    /**
+     * Mounts the element iframe into a container.
+     * Accepts either a CSS selector string or a direct HTMLElement reference
+     * (useful when integrating with React refs).
+     */
+    mount(target: string | HTMLElement): void;
+    on(event: ElementEvent, callback: ElementCallback): this;
+    off(event: ElementEvent, callback: ElementCallback): this;
+    once(event: ElementEvent, callback: ElementCallback): this;
+    update(options: Partial<ElementOptions>): void;
+    clear(): void;
+    /**
+     * Removes the iframe from the DOM and resets internal state.
+     * Called automatically by `OzVault.destroy()`. Safe to call manually
+     * for partial teardown (e.g. swapping payment method in a SPA).
+     */
+    unmount(): void;
+    /** Programmatically focus this element's input. Used internally for auto-advance. */
+    focus(): void;
+    /** Programmatically blur this element's input. */
+    blur(): void;
+    /**
+     * Permanently destroys this element: unmounts it, clears all event handlers,
+     * and prevents future use. Distinct from `unmount()` which allows re-mounting.
+     */
+    destroy(): void;
+    setTokenizerName(tokenizerName: string): void;
+    beginCollect(requestId: string): void;
+    /** Tell a CVV element how many digits to expect. Called automatically when card brand changes. */
+    setCvvLength(length: number): void;
+    handleMessage(msg: OzMessage): void;
+    private emit;
+    private post;
+    private send;
+}
+export {};