@ozura/elements 1.0.2-next.9 → 1.1.0-next.21

package/dist/react/index.cjs.js

@@ -357,7 +357,7 @@ class OzElement {
      * (useful when integrating with React refs).
      */
     mount(target) {
-        var _a;
+        var _a, _b;
         if (this._destroyed)
             throw new OzError('Cannot mount a destroyed element.');
         if (this.iframe)
@@ -374,7 +374,13 @@ class OzElement {
         iframe.setAttribute('scrolling', 'no');
         iframe.setAttribute('allowtransparency', 'true');
         iframe.style.cssText = 'border:none;width:100%;height:46px;display:block;overflow:hidden;';
-        iframe.title = `Secure ${this.elementType} input`;
+        iframe.title = `Secure ${(_a = {
+            cardNumber: 'card number',
+            expirationDate: 'expiration date',
+            cvv: 'CVV',
+            accountNumber: 'account number',
+            routingNumber: 'routing number',
+        }[this.elementType]) !== null && _a !== void 0 ? _a : this.elementType} input`;
         // Note: the `sandbox` attribute is intentionally NOT set. Field values are
         // delivered to the tokenizer iframe via a MessageChannel port (transferred
         // in OZ_BEGIN_COLLECT), so no window.parent named-frame lookup is needed.
@@ -388,7 +394,7 @@ class OzElement {
         container.appendChild(iframe);
         this.iframe = iframe;
         this._frameWindow = iframe.contentWindow;
-        const timeout = (_a = this.options.loadTimeoutMs) !== null && _a !== void 0 ? _a : 10000;
+        const timeout = (_b = this.options.loadTimeoutMs) !== null && _b !== void 0 ? _b : 10000;
         this._loadTimer = setTimeout(() => {
             if (!this._ready && !this._destroyed) {
                 this.emit('loaderror', { elementType: this.elementType, error: `${this.elementType} iframe failed to load within ${timeout}ms` });
@@ -873,7 +879,7 @@ class OzVault {
      * @internal
      */
     constructor(options, waxKey, tokenizationSessionId) {
-        var _a, _b, _c;
+        var _a, _b, _c, _d;
         this.elements = new Map();
         this.elementsByType = new Map();
         this.bankElementsByType = new Map();
@@ -886,6 +892,9 @@ class OzVault {
         this.tokenizerReady = false;
         this._tokenizing = null;
         this._destroyed = false;
+        // Incremented every time reset() cancels an active tokenization so that
+        // any in-flight wax-key refresh retry can detect it was superseded.
+        this._resetCount = 0;
         // Tracks successful tokenizations against the per-key call budget so the SDK
         // can proactively refresh the wax key after it has been consumed rather than
         // waiting for the next createToken() call to fail.
@@ -905,13 +914,14 @@ class OzVault {
         this.resolvedAppearance = resolveAppearance(options.appearance);
         this.vaultId = `vault-${uuid()}`;
         this._maxTokenizeCalls = (_b = options.maxTokenizeCalls) !== null && _b !== void 0 ? _b : 3;
+        this._debug = (_c = options.debug) !== null && _c !== void 0 ? _c : false;
         this.boundHandleMessage = this.handleMessage.bind(this);
         window.addEventListener('message', this.boundHandleMessage);
         this.boundHandleVisibility = this.handleVisibilityChange.bind(this);
         document.addEventListener('visibilitychange', this.boundHandleVisibility);
         this.mountTokenizerFrame();
         if (options.onLoadError) {
-            const timeout = (_c = options.loadTimeoutMs) !== null && _c !== void 0 ? _c : 10000;
+            const timeout = (_d = options.loadTimeoutMs) !== null && _d !== void 0 ? _d : 10000;
             this.loadErrorTimeoutId = setTimeout(() => {
                 this.loadErrorTimeoutId = null;
                 if (!this._destroyed && !this.tokenizerReady) {
@@ -921,6 +931,7 @@ class OzVault {
         }
         this._onWaxRefresh = options.onWaxRefresh;
         this._onReady = options.onReady;
+        this.log('vault created', { vaultId: this.vaultId, frameBaseUrl: this.frameBaseUrl, maxTokenizeCalls: this._maxTokenizeCalls });
     }
     /**
      * Creates and returns a ready `OzVault` instance.
@@ -990,6 +1001,7 @@ class OzVault {
         if (vault.tokenizerReady) {
             vault.sendToTokenizer({ type: 'OZ_INIT', frameId: '__tokenizer__', waxKey });
         }
+        vault.log('wax key received — vault ready');
         return vault;
     }
     /**
@@ -1131,8 +1143,13 @@ class OzVault {
         const readyBankElements = [accountEl, routingEl];
         this._tokenizing = 'bank';
         const requestId = `req-${uuid()}`;
+        this.log('createBankToken() called');
         return new Promise((resolve, reject) => {
-            const cleanup = () => { this._tokenizing = null; };
+            const resetCountAtStart = this._resetCount;
+            const cleanup = () => {
+                if (this._resetCount === resetCountAtStart)
+                    this._tokenizing = null;
+            };
             this.bankTokenizeResolvers.set(requestId, {
                 resolve: (v) => { cleanup(); resolve(v); },
                 reject: (e) => { cleanup(); reject(e); },
@@ -1143,6 +1160,7 @@ class OzVault {
             });
             try {
                 const bankChannels = readyBankElements.map(() => new MessageChannel());
+                const bankTokenizeStartMs = Date.now();
                 this.sendToTokenizer({
                     type: 'OZ_BANK_TOKENIZE',
                     requestId,
@@ -1153,6 +1171,7 @@ class OzVault {
                     lastName: options.lastName.trim(),
                     fieldCount: readyBankElements.length,
                 }, bankChannels.map(ch => ch.port1));
+                this.log('OZ_BANK_TOKENIZE sent', { requestIdPrefix: `${requestId.slice(0, 12)}...`, fieldCount: readyBankElements.length });
                 readyBankElements.forEach((el, i) => el.beginCollect(requestId, bankChannels[i].port2));
                 const bankTimeoutId = setTimeout(() => {
                     if (this.bankTokenizeResolvers.has(requestId)) {
@@ -1163,8 +1182,10 @@ class OzVault {
                     }
                 }, 30000);
                 const bankPendingEntry = this.bankTokenizeResolvers.get(requestId);
-                if (bankPendingEntry)
+                if (bankPendingEntry) {
                     bankPendingEntry.timeoutId = bankTimeoutId;
+                    bankPendingEntry.tokenizeStartMs = bankTokenizeStartMs;
+                }
             }
             catch (err) {
                 this.bankTokenizeResolvers.delete(requestId);
@@ -1235,8 +1256,15 @@ class OzVault {
         }
         this._tokenizing = 'card';
         const requestId = `req-${uuid()}`;
+        this.log('createToken() called');
         return new Promise((resolve, reject) => {
-            const cleanup = () => { this._tokenizing = null; };
+            // Capture the reset generation so cleanup() only zeros _tokenizing when it
+            // still belongs to this invocation — not a newer one that started after a reset.
+            const resetCountAtStart = this._resetCount;
+            const cleanup = () => {
+                if (this._resetCount === resetCountAtStart)
+                    this._tokenizing = null;
+            };
             this.tokenizeResolvers.set(requestId, {
                 resolve: (v) => { cleanup(); resolve(v); },
                 reject: (e) => { cleanup(); reject(e); },
@@ -1249,6 +1277,7 @@ class OzVault {
             try {
                 // Tell tokenizer frame to expect N field values, then tokenize
                 const cardChannels = readyElements.map(() => new MessageChannel());
+                const tokenizeStartMs = Date.now();
                 this.sendToTokenizer({
                     type: 'OZ_TOKENIZE',
                     requestId,
@@ -1259,6 +1288,11 @@ class OzVault {
                     lastName,
                     fieldCount: readyElements.length,
                 }, cardChannels.map(ch => ch.port1));
+                this.log('OZ_TOKENIZE sent', { requestIdPrefix: `${requestId.slice(0, 12)}...`, fieldCount: readyElements.length });
+                // Store start time for elapsed-ms logging on result
+                const cardEntry = this.tokenizeResolvers.get(requestId);
+                if (cardEntry)
+                    cardEntry.tokenizeStartMs = tokenizeStartMs;
                 // Tell each ready element frame to send its raw value to the tokenizer
                 readyElements.forEach((el, i) => el.beginCollect(requestId, cardChannels[i].port2));
                 const cardTimeoutId = setTimeout(() => {
@@ -1280,6 +1314,63 @@ class OzVault {
             }
         });
     }
+    /**
+     * Clears all mounted element fields without tearing down the vault.
+     *
+     * Call this after a failed payment (e.g. card declined) to let the customer
+     * re-enter their details. The vault instance, tokenizer iframe, wax key, and
+     * tokenization budget counter are all preserved — no network calls are made.
+     *
+     * **Wax key session model:** by design, one wax key covers the full checkout
+     * session. The default `max_tokenize_calls: 3` supports two declined attempts
+     * and one final attempt on the same key. Do not call `vault.destroy()` and
+     * recreate the vault between declines — that unnecessarily re-mints the key
+     * and discards the remaining budget.
+     *
+     * @example
+     * try {
+     *   const { token, cvcSession } = await vault.createToken({ billing });
+     *   await chargeCard(token, cvcSession);
+     * } catch (err) {
+     *   vault.reset();       // clear fields; let customer re-enter
+     *   showError(err.message);
+     * }
+     */
+    reset() {
+        if (this._destroyed)
+            return;
+        const cancelling = Boolean(this._tokenizing);
+        this.log('reset() called', { tokenizing: this._tokenizing, cancelling });
+        if (this._tokenizing) {
+            this._tokenizing = null;
+            this._resetCount++;
+            this.tokenizeResolvers.forEach(({ reject, timeoutId }, requestId) => {
+                if (timeoutId != null)
+                    clearTimeout(timeoutId);
+                this.sendToTokenizer({ type: 'OZ_TOKENIZE_CANCEL', requestId });
+                reject(new OzError('Vault was reset while tokenization was in progress.'));
+            });
+            this.tokenizeResolvers.clear();
+            this.bankTokenizeResolvers.forEach(({ reject, timeoutId }, requestId) => {
+                if (timeoutId != null)
+                    clearTimeout(timeoutId);
+                this.sendToTokenizer({ type: 'OZ_TOKENIZE_CANCEL', requestId });
+                reject(new OzError('Vault was reset while tokenization was in progress.'));
+            });
+            this.bankTokenizeResolvers.clear();
+        }
+        // Clear field values in all mounted element iframes
+        this.elementsByType.forEach(el => el.clear());
+        this.bankElementsByType.forEach(el => el.clear());
+        // Reset per-element completion state so auto-advance starts fresh on re-entry
+        for (const frameId of this.completionState.keys()) {
+            this.completionState.set(frameId, false);
+        }
+        // NOTE: _tokenizeSuccessCount is intentionally NOT reset.
+        // It reflects real server-side wax key budget consumption. Zeroing it
+        // would desync the proactive refresh logic from the vault's state and
+        // risk triggering a mid-session re-mint on what should be a clean retry.
+    }
     /**
      * Tears down the vault: removes all element iframes, the tokenizer iframe,
      * and the global message listener. Call this when the checkout component
@@ -1290,6 +1381,7 @@ class OzVault {
         if (this._destroyed)
             return;
         this._destroyed = true;
+        this.log('destroy() called');
         window.removeEventListener('message', this.boundHandleMessage);
         document.removeEventListener('visibilitychange', this.boundHandleVisibility);
         if (this._pendingMount) {
@@ -1344,13 +1436,17 @@ class OzVault {
         const REFRESH_THRESHOLD_MS = 20 * 60 * 1000; // 20 minutes
         if (document.hidden) {
             this._hiddenAt = Date.now();
+            this.log('tab hidden');
         }
         else {
-            if (this._hiddenAt !== null &&
-                Date.now() - this._hiddenAt >= REFRESH_THRESHOLD_MS &&
-                this._storedFetchWaxKey &&
+            const hiddenMs = this._hiddenAt !== null ? Date.now() - this._hiddenAt : 0;
+            const willRefresh = (this._hiddenAt !== null &&
+                hiddenMs >= REFRESH_THRESHOLD_MS &&
+                Boolean(this._storedFetchWaxKey) &&
                 !this._tokenizing &&
-                !this._waxRefreshing) {
+                !this._waxRefreshing);
+            this.log('tab visible', { hiddenMs, willRefresh });
+            if (willRefresh) {
                 this.refreshWaxKey().catch((err) => {
                     // Proactive refresh failure is non-fatal — the reactive path on the
                     // next createToken() call will handle it, including the auth retry.
@@ -1360,6 +1456,56 @@ class OzVault {
             this._hiddenAt = null;
         }
     }
+    // ─── Debug ───────────────────────────────────────────────────────────────
+    /**
+     * Emits a `[OzVault]`-prefixed entry to `console.log`. No-op when `debug` is
+     * not set. Never called with sensitive values — callers use presence flags only.
+     */
+    log(message, data) {
+        if (!this._debug)
+            return;
+        if (data !== undefined) {
+            console.log(`[OzVault] ${message}`, data);
+        }
+        else {
+            console.log(`[OzVault] ${message}`);
+        }
+    }
+    /**
+     * Returns a plain-object snapshot of the vault's current internal state.
+     * Safe to attach to bug reports — no wax keys, tokens, or billing data included.
+     *
+     * Available on all vault instances regardless of whether `debug` was enabled.
+     *
+     * @example
+     * console.log(vault.debugState());
+     * // {
+     * //   vaultId: 'vault-abc123',
+     * //   isReady: true,
+     * //   tokenizing: null,
+     * //   destroyed: false,
+     * //   waxKeyPresent: true,
+     * //   elements: ['cardNumber', 'expirationDate', 'cvv'],
+     * //   ...
+     * // }
+     */
+    debugState() {
+        return {
+            vaultId: this.vaultId,
+            isReady: this.tokenizerReady,
+            tokenizing: this._tokenizing,
+            destroyed: this._destroyed,
+            waxKeyPresent: Boolean(this.waxKey),
+            tokenizeSuccessCount: this._tokenizeSuccessCount,
+            maxTokenizeCalls: this._maxTokenizeCalls,
+            resetCount: this._resetCount,
+            elements: [...this.elementsByType.keys()],
+            bankElements: [...this.bankElementsByType.keys()],
+            completionState: Object.fromEntries([...this.completionState.entries()].map(([id, v]) => [id.slice(0, 8), v])),
+            pendingTokenizations: this.tokenizeResolvers.size,
+            pendingBankTokenizations: this.bankTokenizeResolvers.size,
+        };
+    }
     mountTokenizerFrame() {
         const mount = () => {
             this._pendingMount = null;
@@ -1371,6 +1517,7 @@ class OzVault {
             iframe.src = `${this.frameBaseUrl}/frame/tokenizer-frame.html#vaultId=${encodeURIComponent(this.vaultId)}${parentOrigin ? `&parentOrigin=${encodeURIComponent(parentOrigin)}` : ''}`;
             document.body.appendChild(iframe);
             this.tokenizerFrame = iframe;
+            this.log('mounting tokenizer iframe');
         };
         if (document.readyState === 'loading') {
             this._pendingMount = mount;
@@ -1411,6 +1558,7 @@ class OzVault {
                             `SDK expects v${PROTOCOL_VERSION}, frame reported v${typeof msg.__ozVersion === 'number' ? msg.__ozVersion : '(none)'}. ` +
                             'Deploy the matching frame assets to elements.ozura.com and purge the Azure CDN cache.');
                     }
+                    this.log('element iframe ready', { type: el.type, frameIdPrefix: frameId.slice(0, 8) });
                 }
                 // Intercept OZ_CHANGE before forwarding — handle auto-advance and CVV sync
                 if (msg.type === 'OZ_CHANGE') {
@@ -1434,6 +1582,7 @@ class OzVault {
         // Require valid too — avoids advancing at 13 digits for unknown-brand cards
         // where isComplete() fires before the user has finished typing.
         const justCompleted = complete && valid && !wasComplete;
+        this.log('field changed', { type: el.type, complete, valid, justCompleted });
         // Sync CVV length when card brand changes
         if (el.type === 'cardNumber') {
             const brand = msg.cardBrand;
@@ -1445,15 +1594,17 @@ class OzVault {
         // Auto-advance focus on completion
         if (justCompleted) {
             if (el.type === 'cardNumber') {
+                this.log('auto-advance', { from: 'cardNumber', to: 'expirationDate' });
                 (_b = this.elementsByType.get('expirationDate')) === null || _b === void 0 ? void 0 : _b.focus();
             }
             else if (el.type === 'expirationDate') {
+                this.log('auto-advance', { from: 'expirationDate', to: 'cvv' });
                 (_c = this.elementsByType.get('cvv')) === null || _c === void 0 ? void 0 : _c.focus();
             }
         }
     }
     handleTokenizerMessage(msg) {
-        var _a, _b, _c;
+        var _a, _b, _c, _d;
         switch (msg.type) {
             case 'OZ_FRAME_READY':
                 if (msg.__ozVersion !== PROTOCOL_VERSION) {
@@ -1473,6 +1624,7 @@ class OzVault {
                 // sent again from create() once the key is available.
                 this.sendToTokenizer(Object.assign({ type: 'OZ_INIT', frameId: '__tokenizer__' }, (this.waxKey ? { waxKey: this.waxKey } : {})));
                 (_c = this._onReady) === null || _c === void 0 ? void 0 : _c.call(this);
+                this.log('tokenizer iframe ready', { protocolVersion: (_d = msg.__ozVersion) !== null && _d !== void 0 ? _d : null });
                 break;
             case 'OZ_TOKEN_RESULT': {
                 if (typeof msg.requestId !== 'string' || !msg.requestId) {
@@ -1497,11 +1649,18 @@ class OzVault {
                     }
                     pending.resolve(Object.assign(Object.assign({ token,
                         cvcSession }, (card ? { card } : {})), (pending.billing ? { billing: pending.billing } : {})));
+                    this.log('token received', {
+                        elapsedMs: pending.tokenizeStartMs != null ? Date.now() - pending.tokenizeStartMs : null,
+                        tokenPresent: true,
+                        cvcSessionPresent: true,
+                        cardMetadataPresent: Boolean(card),
+                    });
                     // Increment the per-key success counter and proactively refresh once
                     // the budget is exhausted so the next createToken() call uses a fresh
                     // key without waiting for a vault rejection.
                     this._tokenizeSuccessCount++;
                     if (this._tokenizeSuccessCount >= this._maxTokenizeCalls) {
+                        this.log('proactive wax key refresh triggered', { tokenizeSuccessCount: this._tokenizeSuccessCount, maxTokenizeCalls: this._maxTokenizeCalls });
                         this.refreshWaxKey().catch((err) => {
                             console.warn('[OzVault] Post-budget wax key refresh failed:', err instanceof Error ? err.message : err);
                         });
@@ -1521,14 +1680,25 @@ class OzVault {
                     this.tokenizeResolvers.delete(msg.requestId);
                     if (pending.timeoutId != null)
                         clearTimeout(pending.timeoutId);
+                    const willRefresh = this.isRefreshableAuthError(errorCode, raw) && !pending.retried && Boolean(this._storedFetchWaxKey);
+                    this.log('token error', { errorCode, willRefresh });
                     // Auto-refresh: if the wax key expired or was consumed and we haven't
                     // already retried for this request, transparently re-mint and retry.
-                    if (this.isRefreshableAuthError(errorCode, raw) && !pending.retried && this._storedFetchWaxKey) {
+                    if (willRefresh) {
+                        const resetCountAtRetry = this._resetCount;
                         this.refreshWaxKey().then(() => {
                             if (this._destroyed) {
                                 pending.reject(new OzError('Vault destroyed during wax key refresh.'));
                                 return;
                             }
+                            if (this._resetCount !== resetCountAtRetry) {
+                                // reset() was called while the wax key was refreshing — the fields
+                                // have been cleared and _tokenizing was zeroed. Reject the original
+                                // promise so it doesn't stay pending, and bail out without starting
+                                // a new retry (which would tokenize against empty fields).
+                                pending.reject(new OzError('Vault was reset while tokenization was in progress.'));
+                                return;
+                            }
                             const newRequestId = `req-${uuid()}`;
                             // _tokenizing is still 'card' (cleanup() hasn't been called yet)
                             this.tokenizeResolvers.set(newRequestId, Object.assign(Object.assign({}, pending), { retried: true }));
@@ -1575,11 +1745,16 @@ class OzVault {
                     if (bankPending.timeoutId != null)
                         clearTimeout(bankPending.timeoutId);
                     if (this.isRefreshableAuthError(errorCode, raw) && !bankPending.retried && this._storedFetchWaxKey) {
+                        const resetCountAtRetry = this._resetCount;
                         this.refreshWaxKey().then(() => {
                             if (this._destroyed) {
                                 bankPending.reject(new OzError('Vault destroyed during wax key refresh.'));
                                 return;
                             }
+                            if (this._resetCount !== resetCountAtRetry) {
+                                bankPending.reject(new OzError('Vault was reset while tokenization was in progress.'));
+                                return;
+                            }
                             const newRequestId = `req-${uuid()}`;
                             this.bankTokenizeResolvers.set(newRequestId, Object.assign(Object.assign({}, bankPending), { retried: true }));
                             try {
@@ -1637,9 +1812,15 @@ class OzVault {
                     }
                     const bank = isBankAccountMetadata(msg.bank) ? msg.bank : undefined;
                     pending.resolve(Object.assign({ token }, (bank ? { bank } : {})));
+                    this.log('bank token received', {
+                        elapsedMs: pending.tokenizeStartMs != null ? Date.now() - pending.tokenizeStartMs : null,
+                        tokenPresent: true,
+                        bankMetadataPresent: Boolean(bank),
+                    });
                     // Same proactive refresh logic as card tokenization.
                     this._tokenizeSuccessCount++;
                     if (this._tokenizeSuccessCount >= this._maxTokenizeCalls) {
+                        this.log('proactive wax key refresh triggered', { tokenizeSuccessCount: this._tokenizeSuccessCount, maxTokenizeCalls: this._maxTokenizeCalls });
                         this.refreshWaxKey().catch((err) => {
                             console.warn('[OzVault] Post-budget wax key refresh failed:', err instanceof Error ? err.message : err);
                         });
@@ -1695,6 +1876,7 @@ class OzVault {
         }
         const newSessionId = uuid();
         (_a = this._onWaxRefresh) === null || _a === void 0 ? void 0 : _a.call(this);
+        this.log('wax key refresh started');
         this._waxRefreshing = this._storedFetchWaxKey(newSessionId)
             .then(newWaxKey => {
             if (typeof newWaxKey !== 'string' || !newWaxKey.trim()) {
@@ -1708,6 +1890,11 @@ class OzVault {
             if (!this._destroyed && this.tokenizerReady) {
                 this.sendToTokenizer({ type: 'OZ_INIT', frameId: '__tokenizer__', waxKey: newWaxKey });
             }
+            this.log('wax key refresh succeeded');
+        })
+            .catch((err) => {
+            this.log('wax key refresh failed', { error: err instanceof Error ? err.message : String(err) });
+            throw err;
         })
             .finally(() => {
             this._waxRefreshing = null;
@@ -1815,7 +2002,7 @@ const OzContext = react.createContext({
  * All `<OzCardNumber />`, `<OzExpiry />`, and `<OzCvv />` children must be
  * rendered inside this provider.
  */
-function OzElements({ fetchWaxKey, pubKey, frameBaseUrl, fonts, onLoadError, loadTimeoutMs, onWaxRefresh, onReady, appearance, maxTokenizeCalls, children }) {
+function OzElements({ fetchWaxKey, pubKey, frameBaseUrl, fonts, onLoadError, loadTimeoutMs, onWaxRefresh, onReady, appearance, maxTokenizeCalls, debug, children }) {
     const [vault, setVault] = react.useState(null);
     const [initError, setInitError] = react.useState(null);
     const [mountedCount, setMountedCount] = react.useState(0);
@@ -1882,7 +2069,7 @@ function OzElements({ fetchWaxKey, pubKey, frameBaseUrl, fonts, onLoadError, loa
                 var _a;
                 Promise.resolve().then(() => setTokenizeCount(0));
                 (_a = onWaxRefreshRef.current) === null || _a === void 0 ? void 0 : _a.call(onWaxRefreshRef);
-            } }), (onReadyRef.current ? { onReady: () => { var _a; return (_a = onReadyRef.current) === null || _a === void 0 ? void 0 : _a.call(onReadyRef); } } : {})), (maxTokenizeCalls !== undefined ? { maxTokenizeCalls } : {})), abortController.signal).then(v => {
+            }, onReady: () => { var _a; return (_a = onReadyRef.current) === null || _a === void 0 ? void 0 : _a.call(onReadyRef); } }), (maxTokenizeCalls !== undefined ? { maxTokenizeCalls } : {})), (debug ? { debug: true } : {})), abortController.signal).then(v => {
             if (cancelled) {
                 v.destroy();
                 return;
@@ -1915,7 +2102,7 @@ function OzElements({ fetchWaxKey, pubKey, frameBaseUrl, fonts, onLoadError, loa
             setVault(null);
             setInitError(null);
         };
-    }, [pubKey, frameBaseUrl, loadTimeoutMs, appearanceKey, fontsKey, maxTokenizeCalls]);
+    }, [pubKey, frameBaseUrl, loadTimeoutMs, appearanceKey, fontsKey, maxTokenizeCalls, debug]);
     const notifyMount = react.useCallback(() => setMountedCount(n => n + 1), []);
     const notifyReady = react.useCallback(() => setReadyCount(n => n + 1), []);
     const notifyUnmount = react.useCallback(() => {
@@ -1948,8 +2135,11 @@ function useOzElements() {
         notifyTokenize();
         return result;
     }, [vault, notifyTokenize]);
+    const reset = react.useCallback(() => {
+        vault === null || vault === void 0 ? void 0 : vault.reset();
+    }, [vault]);
     const ready = vault !== null && vault.isReady && mountedCount > 0 && readyCount >= mountedCount;
-    return { createToken, createBankToken, ready, initError, tokenizeCount };
+    return { createToken, createBankToken, reset, ready, initError, tokenizeCount };
 }
 const SKELETON_STYLE = {
     height: 46,
@@ -2055,7 +2245,7 @@ const OzCvv = (props) => jsxRuntime.jsx(OzFieldBase, Object.assign({ type: "cvv"
  *  - Per-field ready tracking: creates one stable handler per named field; fires the
  *    `onReady` callback once all `fieldNames.length` fields have reported ready
  *  - Error state
- *  - Layout helpers: `gapStr`, `resolvedLabelStyle`, `renderLabel`
+ *  - Layout helpers: `gapStr`, `renderLabel`
  *
  * @internal — not exported; used only by OzCard and OzBankCard.
  */
@@ -2107,7 +2297,7 @@ function useCardBase({ vault, fieldNames, onChange, onReady, onFocus, onBlur, ga
     const gapStr = typeof gap === 'string' ? gap : `${gap}px`;
     const resolvedLabelStyle = react.useMemo(() => (labelStyle ? Object.assign(Object.assign({}, DEFAULT_LABEL_STYLE), labelStyle) : DEFAULT_LABEL_STYLE), [labelStyle]);
     const renderLabel = react.useCallback((text) => renderFieldLabel(text, labelClassName, resolvedLabelStyle), [labelClassName, resolvedLabelStyle]);
-    return { onChangeRef, onFocusRef, onBlurRef, readyHandlers, error, setError, gapStr, resolvedLabelStyle, renderLabel };
+    return { onChangeRef, onFocusRef, onBlurRef, readyHandlers, error, setError, gapStr, renderLabel };
 }
 const DEFAULT_ERROR_STYLE = {
     color: '#dc2626',