@prodigio-io/sdk 1.0.4 → 2.0.0

package/dist/index.d.mts

@@ -2,6 +2,14 @@ interface ProdigioConfig {
     apiKey: string;
     baseUrl?: string;
 }
+interface ProdigioInitConfig {
+    key: string;
+    badgeToken?: string;
+    baseUrl?: string;
+    badge?: {
+        position?: 'bottom-right' | 'bottom-left';
+    };
+}
 interface SalaryRange {
     min: number;
     max: number;
@@ -102,11 +110,13 @@ declare class Prodigio {
     readonly applications: {
         submit: (params: SubmitApplicationParams) => Promise<ApplicationResult>;
     };
-    static badge(poweredBy: PoweredBy): BadgeProps;
+    static readonly POWERED_BY: PoweredBy;
+    static badge(poweredBy?: PoweredBy): BadgeProps;
     static meta(): {
         name: string;
         content: string;
     };
+    static init(config: ProdigioInitConfig): Promise<void>;
 }
 
-export { type Achievement, type Applicant, type ApplicationResult, type BadgeProps, type CVInfo, type Job, type ListJobsParams, type PoweredBy, Prodigio, type ProdigioConfig, ProdigioError, type SalaryRange, type SubmitApplicationParams, type UploadResult, Prodigio as default };
+export { type Achievement, type Applicant, type ApplicationResult, type BadgeProps, type CVInfo, type Job, type ListJobsParams, type PoweredBy, Prodigio, type ProdigioConfig, ProdigioError, type ProdigioInitConfig, type SalaryRange, type SubmitApplicationParams, type UploadResult, Prodigio as default };

package/dist/index.d.ts

@@ -2,6 +2,14 @@ interface ProdigioConfig {
     apiKey: string;
     baseUrl?: string;
 }
+interface ProdigioInitConfig {
+    key: string;
+    badgeToken?: string;
+    baseUrl?: string;
+    badge?: {
+        position?: 'bottom-right' | 'bottom-left';
+    };
+}
 interface SalaryRange {
     min: number;
     max: number;
@@ -102,11 +110,13 @@ declare class Prodigio {
     readonly applications: {
         submit: (params: SubmitApplicationParams) => Promise<ApplicationResult>;
     };
-    static badge(poweredBy: PoweredBy): BadgeProps;
+    static readonly POWERED_BY: PoweredBy;
+    static badge(poweredBy?: PoweredBy): BadgeProps;
     static meta(): {
         name: string;
         content: string;
     };
+    static init(config: ProdigioInitConfig): Promise<void>;
 }
 
-export { type Achievement, type Applicant, type ApplicationResult, type BadgeProps, type CVInfo, type Job, type ListJobsParams, type PoweredBy, Prodigio, type ProdigioConfig, ProdigioError, type SalaryRange, type SubmitApplicationParams, type UploadResult, Prodigio as default };
+export { type Achievement, type Applicant, type ApplicationResult, type BadgeProps, type CVInfo, type Job, type ListJobsParams, type PoweredBy, Prodigio, type ProdigioConfig, ProdigioError, type ProdigioInitConfig, type SalaryRange, type SubmitApplicationParams, type UploadResult, Prodigio as default };

package/dist/index.js

@@ -26,6 +26,17 @@ __export(index_exports, {
 });
 module.exports = __toCommonJS(index_exports);
 var DEFAULT_BASE_URL = "https://hire.prodigio.io";
+var BADGE_CACHE_KEY = "prodigio_badge_token";
+var GRACE_PERIOD_MS = 5 * 60 * 1e3;
+var PRODIGIO_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy85BNWaJVQQA/AFsz612
+I+3K94s6P7r9zoSUvxDhn2J1INyuc27EIcMOHHPDxChrzJGv6bozGbpexYSIIgQd
+ge9Ge9P/J+THQMdUmAbidfp/mR1i0vISaaBvKfFQfIGkuXpzbQB8eEV1s0jACMSd
+qRSKeJEKSKPf3OkWVhaWi4KxT9H14W6lJMBrE0ZaGbAog2HmG69f5+5JjvxU6TWR
+BojS5CYGvSvAIQGnsWm3Rz/HfZoPg1VRMRkGYCbLIVyV3XjLPo/VqBGuvjZSRTk+
+HW72H1ZvBsBnNSEKkOSp5r43Du3x2KUQdYyV7p0iIwMRnMq2enBEEb2qrrj7huln
+BQIDAQAB
+-----END PUBLIC KEY-----`;
 var ProdigioError = class extends Error {
   constructor(message, status, code) {
     super(message);
@@ -34,7 +45,125 @@ var ProdigioError = class extends Error {
     this.name = "ProdigioError";
   }
 };
-var Prodigio = class {
+function pemToArrayBuffer(pem) {
+  const base64 = pem.replace(/-----BEGIN PUBLIC KEY-----/, "").replace(/-----END PUBLIC KEY-----/, "").replace(/\s/g, "");
+  const binary = atob(base64);
+  const buf = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) buf[i] = binary.charCodeAt(i);
+  return buf.buffer;
+}
+function base64urlToArrayBuffer(b64url) {
+  const b64 = b64url.replace(/-/g, "+").replace(/_/g, "/").padEnd(
+    b64url.length + (4 - b64url.length % 4) % 4,
+    "="
+  );
+  const binary = atob(b64);
+  const buf = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) buf[i] = binary.charCodeAt(i);
+  return buf.buffer;
+}
+async function verifyBadgeToken(token) {
+  try {
+    if (typeof crypto === "undefined" || !crypto.subtle) return null;
+    const parts = token.split(".");
+    if (parts.length !== 3) return null;
+    const [headerB64, payloadB64, sigB64] = parts;
+    const signingInput = `${headerB64}.${payloadB64}`;
+    const signature = base64urlToArrayBuffer(sigB64);
+    const keyData = pemToArrayBuffer(PRODIGIO_PUBLIC_KEY_PEM);
+    const publicKey = await crypto.subtle.importKey(
+      "spki",
+      keyData,
+      { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+      false,
+      ["verify"]
+    );
+    const encoder = new TextEncoder();
+    const valid = await crypto.subtle.verify(
+      "RSASSA-PKCS1-v1_5",
+      publicKey,
+      signature,
+      encoder.encode(signingInput)
+    );
+    if (!valid) return null;
+    const claims = JSON.parse(atob(payloadB64.replace(/-/g, "+").replace(/_/g, "/")));
+    if (claims.exp < Math.floor(Date.now() / 1e3)) return null;
+    return claims;
+  } catch {
+    return null;
+  }
+}
+var BADGE_ELEMENT_ID = "prodigio-badge-widget";
+function injectBadge(position = "bottom-right") {
+  if (typeof document === "undefined") return;
+  if (document.getElementById(BADGE_ELEMENT_ID)) return;
+  const side = position === "bottom-left" ? "left: 20px;" : "right: 20px;";
+  const el = document.createElement("a");
+  el.id = BADGE_ELEMENT_ID;
+  el.href = "https://prodigio.io";
+  el.target = "_blank";
+  el.rel = "noopener noreferrer";
+  el.setAttribute("data-prodigio-badge", "true");
+  el.setAttribute("aria-label", "Hiring powered by Prodigio");
+  el.style.cssText = `
+    position: fixed;
+    bottom: 20px;
+    ${side}
+    z-index: 2147483647;
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    padding: 6px 10px;
+    background: #ffffff;
+    border: 1px solid #e5e5e5;
+    border-radius: 20px;
+    box-shadow: 0 2px 8px rgba(0,0,0,0.08);
+    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
+    font-size: 11px;
+    font-weight: 500;
+    color: #666666;
+    text-decoration: none;
+    cursor: pointer;
+    transition: box-shadow 0.15s ease;
+  `;
+  el.innerHTML = `
+    <svg width="14" height="14" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+      <rect width="24" height="24" rx="6" fill="#3730A3"/>
+      <path d="M7 7h5.5a3.5 3.5 0 0 1 0 7H7V7z" fill="#fff"/>
+      <path d="M7 14h6a3 3 0 0 1 0 6H7v-6z" fill="#fff" opacity="0.6"/>
+    </svg>
+    <span>Hiring by Prodigio</span>
+  `;
+  el.addEventListener("mouseenter", () => {
+    el.style.boxShadow = "0 4px 12px rgba(0,0,0,0.12)";
+  });
+  el.addEventListener("mouseleave", () => {
+    el.style.boxShadow = "0 2px 8px rgba(0,0,0,0.08)";
+  });
+  document.body.appendChild(el);
+}
+function removeBadge() {
+  var _a;
+  if (typeof document === "undefined") return;
+  (_a = document.getElementById(BADGE_ELEMENT_ID)) == null ? void 0 : _a.remove();
+}
+function cacheToken(apiKey, token, badgeExemptUntil, configVersion) {
+  try {
+    const entry = { token, badgeExemptUntil, configVersion, cachedAt: Date.now() };
+    localStorage.setItem(`${BADGE_CACHE_KEY}_${apiKey}`, JSON.stringify(entry));
+  } catch {
+  }
+}
+function getCachedToken(apiKey) {
+  try {
+    const raw = localStorage.getItem(`${BADGE_CACHE_KEY}_${apiKey}`);
+    if (!raw) return null;
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+var _Prodigio = class _Prodigio {
   constructor(config) {
     // ── Jobs ──────────────────────────────────────────────────────────────────
     this.jobs = {
@@ -44,9 +173,7 @@ var Prodigio = class {
         if (params == null ? void 0 : params.department) p.department = params.department;
         return this.get("/api/jobs", p);
       },
-      get: (jobId) => {
-        return this.get(`/api/jobs/${jobId}`);
-      }
+      get: (jobId) => this.get(`/api/jobs/${jobId}`)
     };
     // ── Uploads ───────────────────────────────────────────────────────────────
     this.upload = {
@@ -63,9 +190,7 @@ var Prodigio = class {
     };
     // ── Applications ──────────────────────────────────────────────────────────
     this.applications = {
-      submit: (params) => {
-        return this.post("/api/applications", params);
-      }
+      submit: (params) => this.post("/api/applications", params)
     };
     var _a;
     if (typeof config === "string") {
@@ -96,10 +221,7 @@ var Prodigio = class {
     var _a;
     const res = await fetch(`${this.baseUrl}${path}`, {
       method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "x-api-key": this.apiKey
-      },
+      headers: { "Content-Type": "application/json", "x-api-key": this.apiKey },
       body: JSON.stringify(body)
     });
     if (!res.ok) {
@@ -112,34 +234,97 @@ var Prodigio = class {
     var _a;
     const url = new URL(`${this.baseUrl}${path}`);
     url.searchParams.set("key", this.apiKey);
-    const res = await fetch(url.toString(), {
-      method: "POST",
-      body: formData
-    });
+    const res = await fetch(url.toString(), { method: "POST", body: formData });
     if (!res.ok) {
       const body = await res.json().catch(() => ({}));
       throw new ProdigioError((_a = body.error) != null ? _a : `Upload failed: ${res.status}`, res.status);
     }
     return res.json();
   }
-  // ── Badge ─────────────────────────────────────────────────────────────────
-  // Returns props to spread onto your <a> element.
   static badge(poweredBy) {
+    const pb = poweredBy != null ? poweredBy : _Prodigio.POWERED_BY;
     return {
-      href: poweredBy.url,
+      href: pb.url,
       "data-prodigio-badge": "true",
       target: "_blank",
       rel: "noopener noreferrer",
-      text: poweredBy.text
+      text: pb.text
     };
   }
-  // Returns the <meta> tag props for server-rendered compliance verification.
-  // Add to your page <head> — this is the most reliable detection method.
-  // Next.js: export const metadata = { other: { 'prodigio-badge': 'true' } }
   static meta() {
     return { name: "prodigio-badge", content: "true" };
   }
+  // ── init() — v2 badge auto-injection ─────────────────────────────────────
+  static async init(config) {
+    var _a;
+    if (typeof window === "undefined") return;
+    const { key, badgeToken, baseUrl = DEFAULT_BASE_URL, badge: badgeConfig } = config;
+    const position = (_a = badgeConfig == null ? void 0 : badgeConfig.position) != null ? _a : "bottom-right";
+    const hostname = window.location.hostname;
+    const cached = getCachedToken(key);
+    let bestToken = null;
+    let bestTokenRaw = null;
+    const [initClaims, cachedClaims] = await Promise.all([
+      badgeToken ? verifyBadgeToken(badgeToken) : Promise.resolve(null),
+      cached ? verifyBadgeToken(cached.token) : Promise.resolve(null)
+    ]);
+    if (initClaims && cachedClaims) {
+      if (new Date(initClaims.badgeExemptUntil) >= new Date(cachedClaims.badgeExemptUntil)) {
+        bestToken = initClaims;
+        bestTokenRaw = badgeToken;
+      } else {
+        bestToken = cachedClaims;
+        bestTokenRaw = cached.token;
+      }
+    } else if (initClaims) {
+      bestToken = initClaims;
+      bestTokenRaw = badgeToken;
+    } else if (cachedClaims) {
+      bestToken = cachedClaims;
+      bestTokenRaw = cached.token;
+    }
+    const domainAllowed = bestToken ? bestToken.allowedDomains.length === 0 || bestToken.allowedDomains.includes(hostname) : true;
+    const isExempt = bestToken !== null && !bestToken.badgeRequired && domainAllowed;
+    if (isExempt) {
+      removeBadge();
+    } else if (!bestToken && cached) {
+      const cacheAge = Date.now() - cached.cachedAt;
+      if (cacheAge < GRACE_PERIOD_MS) {
+        removeBadge();
+      } else {
+        injectBadge(position);
+      }
+    } else {
+      injectBadge(position);
+    }
+    setTimeout(async () => {
+      var _a2, _b;
+      try {
+        const res = await fetch(`${baseUrl}/api/sdk/config?key=${encodeURIComponent(key)}`);
+        if (!res.ok) return;
+        const data = await res.json();
+        if (data.badgeRequired) {
+          injectBadge(position);
+          return;
+        }
+        if (data.badgeToken) {
+          const refreshedClaims = await verifyBadgeToken(data.badgeToken);
+          if (refreshedClaims && !refreshedClaims.badgeRequired) {
+            cacheToken(key, data.badgeToken, (_a2 = data.badgeExemptUntil) != null ? _a2 : "", (_b = data.configVersion) != null ? _b : 1);
+            removeBadge();
+          }
+        }
+      } catch {
+      }
+    }, 0);
+  }
+};
+// ── Badge (static helpers) ────────────────────────────────────────────────
+_Prodigio.POWERED_BY = {
+  text: "Hiring powered by Prodigio",
+  url: "https://prodigio.io"
 };
+var Prodigio = _Prodigio;
 var index_default = Prodigio;
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {

package/dist/index.mjs

@@ -1,5 +1,16 @@
 // src/index.ts
 var DEFAULT_BASE_URL = "https://hire.prodigio.io";
+var BADGE_CACHE_KEY = "prodigio_badge_token";
+var GRACE_PERIOD_MS = 5 * 60 * 1e3;
+var PRODIGIO_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy85BNWaJVQQA/AFsz612
+I+3K94s6P7r9zoSUvxDhn2J1INyuc27EIcMOHHPDxChrzJGv6bozGbpexYSIIgQd
+ge9Ge9P/J+THQMdUmAbidfp/mR1i0vISaaBvKfFQfIGkuXpzbQB8eEV1s0jACMSd
+qRSKeJEKSKPf3OkWVhaWi4KxT9H14W6lJMBrE0ZaGbAog2HmG69f5+5JjvxU6TWR
+BojS5CYGvSvAIQGnsWm3Rz/HfZoPg1VRMRkGYCbLIVyV3XjLPo/VqBGuvjZSRTk+
+HW72H1ZvBsBnNSEKkOSp5r43Du3x2KUQdYyV7p0iIwMRnMq2enBEEb2qrrj7huln
+BQIDAQAB
+-----END PUBLIC KEY-----`;
 var ProdigioError = class extends Error {
   constructor(message, status, code) {
     super(message);
@@ -8,7 +19,125 @@ var ProdigioError = class extends Error {
     this.name = "ProdigioError";
   }
 };
-var Prodigio = class {
+function pemToArrayBuffer(pem) {
+  const base64 = pem.replace(/-----BEGIN PUBLIC KEY-----/, "").replace(/-----END PUBLIC KEY-----/, "").replace(/\s/g, "");
+  const binary = atob(base64);
+  const buf = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) buf[i] = binary.charCodeAt(i);
+  return buf.buffer;
+}
+function base64urlToArrayBuffer(b64url) {
+  const b64 = b64url.replace(/-/g, "+").replace(/_/g, "/").padEnd(
+    b64url.length + (4 - b64url.length % 4) % 4,
+    "="
+  );
+  const binary = atob(b64);
+  const buf = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) buf[i] = binary.charCodeAt(i);
+  return buf.buffer;
+}
+async function verifyBadgeToken(token) {
+  try {
+    if (typeof crypto === "undefined" || !crypto.subtle) return null;
+    const parts = token.split(".");
+    if (parts.length !== 3) return null;
+    const [headerB64, payloadB64, sigB64] = parts;
+    const signingInput = `${headerB64}.${payloadB64}`;
+    const signature = base64urlToArrayBuffer(sigB64);
+    const keyData = pemToArrayBuffer(PRODIGIO_PUBLIC_KEY_PEM);
+    const publicKey = await crypto.subtle.importKey(
+      "spki",
+      keyData,
+      { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+      false,
+      ["verify"]
+    );
+    const encoder = new TextEncoder();
+    const valid = await crypto.subtle.verify(
+      "RSASSA-PKCS1-v1_5",
+      publicKey,
+      signature,
+      encoder.encode(signingInput)
+    );
+    if (!valid) return null;
+    const claims = JSON.parse(atob(payloadB64.replace(/-/g, "+").replace(/_/g, "/")));
+    if (claims.exp < Math.floor(Date.now() / 1e3)) return null;
+    return claims;
+  } catch {
+    return null;
+  }
+}
+var BADGE_ELEMENT_ID = "prodigio-badge-widget";
+function injectBadge(position = "bottom-right") {
+  if (typeof document === "undefined") return;
+  if (document.getElementById(BADGE_ELEMENT_ID)) return;
+  const side = position === "bottom-left" ? "left: 20px;" : "right: 20px;";
+  const el = document.createElement("a");
+  el.id = BADGE_ELEMENT_ID;
+  el.href = "https://prodigio.io";
+  el.target = "_blank";
+  el.rel = "noopener noreferrer";
+  el.setAttribute("data-prodigio-badge", "true");
+  el.setAttribute("aria-label", "Hiring powered by Prodigio");
+  el.style.cssText = `
+    position: fixed;
+    bottom: 20px;
+    ${side}
+    z-index: 2147483647;
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    padding: 6px 10px;
+    background: #ffffff;
+    border: 1px solid #e5e5e5;
+    border-radius: 20px;
+    box-shadow: 0 2px 8px rgba(0,0,0,0.08);
+    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
+    font-size: 11px;
+    font-weight: 500;
+    color: #666666;
+    text-decoration: none;
+    cursor: pointer;
+    transition: box-shadow 0.15s ease;
+  `;
+  el.innerHTML = `
+    <svg width="14" height="14" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+      <rect width="24" height="24" rx="6" fill="#3730A3"/>
+      <path d="M7 7h5.5a3.5 3.5 0 0 1 0 7H7V7z" fill="#fff"/>
+      <path d="M7 14h6a3 3 0 0 1 0 6H7v-6z" fill="#fff" opacity="0.6"/>
+    </svg>
+    <span>Hiring by Prodigio</span>
+  `;
+  el.addEventListener("mouseenter", () => {
+    el.style.boxShadow = "0 4px 12px rgba(0,0,0,0.12)";
+  });
+  el.addEventListener("mouseleave", () => {
+    el.style.boxShadow = "0 2px 8px rgba(0,0,0,0.08)";
+  });
+  document.body.appendChild(el);
+}
+function removeBadge() {
+  var _a;
+  if (typeof document === "undefined") return;
+  (_a = document.getElementById(BADGE_ELEMENT_ID)) == null ? void 0 : _a.remove();
+}
+function cacheToken(apiKey, token, badgeExemptUntil, configVersion) {
+  try {
+    const entry = { token, badgeExemptUntil, configVersion, cachedAt: Date.now() };
+    localStorage.setItem(`${BADGE_CACHE_KEY}_${apiKey}`, JSON.stringify(entry));
+  } catch {
+  }
+}
+function getCachedToken(apiKey) {
+  try {
+    const raw = localStorage.getItem(`${BADGE_CACHE_KEY}_${apiKey}`);
+    if (!raw) return null;
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+var _Prodigio = class _Prodigio {
   constructor(config) {
     // ── Jobs ──────────────────────────────────────────────────────────────────
     this.jobs = {
@@ -18,9 +147,7 @@ var Prodigio = class {
         if (params == null ? void 0 : params.department) p.department = params.department;
         return this.get("/api/jobs", p);
       },
-      get: (jobId) => {
-        return this.get(`/api/jobs/${jobId}`);
-      }
+      get: (jobId) => this.get(`/api/jobs/${jobId}`)
     };
     // ── Uploads ───────────────────────────────────────────────────────────────
     this.upload = {
@@ -37,9 +164,7 @@ var Prodigio = class {
     };
     // ── Applications ──────────────────────────────────────────────────────────
     this.applications = {
-      submit: (params) => {
-        return this.post("/api/applications", params);
-      }
+      submit: (params) => this.post("/api/applications", params)
     };
     var _a;
     if (typeof config === "string") {
@@ -70,10 +195,7 @@ var Prodigio = class {
     var _a;
     const res = await fetch(`${this.baseUrl}${path}`, {
       method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "x-api-key": this.apiKey
-      },
+      headers: { "Content-Type": "application/json", "x-api-key": this.apiKey },
       body: JSON.stringify(body)
     });
     if (!res.ok) {
@@ -86,34 +208,97 @@ var Prodigio = class {
     var _a;
     const url = new URL(`${this.baseUrl}${path}`);
     url.searchParams.set("key", this.apiKey);
-    const res = await fetch(url.toString(), {
-      method: "POST",
-      body: formData
-    });
+    const res = await fetch(url.toString(), { method: "POST", body: formData });
     if (!res.ok) {
       const body = await res.json().catch(() => ({}));
       throw new ProdigioError((_a = body.error) != null ? _a : `Upload failed: ${res.status}`, res.status);
     }
     return res.json();
   }
-  // ── Badge ─────────────────────────────────────────────────────────────────
-  // Returns props to spread onto your <a> element.
   static badge(poweredBy) {
+    const pb = poweredBy != null ? poweredBy : _Prodigio.POWERED_BY;
     return {
-      href: poweredBy.url,
+      href: pb.url,
       "data-prodigio-badge": "true",
       target: "_blank",
       rel: "noopener noreferrer",
-      text: poweredBy.text
+      text: pb.text
     };
   }
-  // Returns the <meta> tag props for server-rendered compliance verification.
-  // Add to your page <head> — this is the most reliable detection method.
-  // Next.js: export const metadata = { other: { 'prodigio-badge': 'true' } }
   static meta() {
     return { name: "prodigio-badge", content: "true" };
   }
+  // ── init() — v2 badge auto-injection ─────────────────────────────────────
+  static async init(config) {
+    var _a;
+    if (typeof window === "undefined") return;
+    const { key, badgeToken, baseUrl = DEFAULT_BASE_URL, badge: badgeConfig } = config;
+    const position = (_a = badgeConfig == null ? void 0 : badgeConfig.position) != null ? _a : "bottom-right";
+    const hostname = window.location.hostname;
+    const cached = getCachedToken(key);
+    let bestToken = null;
+    let bestTokenRaw = null;
+    const [initClaims, cachedClaims] = await Promise.all([
+      badgeToken ? verifyBadgeToken(badgeToken) : Promise.resolve(null),
+      cached ? verifyBadgeToken(cached.token) : Promise.resolve(null)
+    ]);
+    if (initClaims && cachedClaims) {
+      if (new Date(initClaims.badgeExemptUntil) >= new Date(cachedClaims.badgeExemptUntil)) {
+        bestToken = initClaims;
+        bestTokenRaw = badgeToken;
+      } else {
+        bestToken = cachedClaims;
+        bestTokenRaw = cached.token;
+      }
+    } else if (initClaims) {
+      bestToken = initClaims;
+      bestTokenRaw = badgeToken;
+    } else if (cachedClaims) {
+      bestToken = cachedClaims;
+      bestTokenRaw = cached.token;
+    }
+    const domainAllowed = bestToken ? bestToken.allowedDomains.length === 0 || bestToken.allowedDomains.includes(hostname) : true;
+    const isExempt = bestToken !== null && !bestToken.badgeRequired && domainAllowed;
+    if (isExempt) {
+      removeBadge();
+    } else if (!bestToken && cached) {
+      const cacheAge = Date.now() - cached.cachedAt;
+      if (cacheAge < GRACE_PERIOD_MS) {
+        removeBadge();
+      } else {
+        injectBadge(position);
+      }
+    } else {
+      injectBadge(position);
+    }
+    setTimeout(async () => {
+      var _a2, _b;
+      try {
+        const res = await fetch(`${baseUrl}/api/sdk/config?key=${encodeURIComponent(key)}`);
+        if (!res.ok) return;
+        const data = await res.json();
+        if (data.badgeRequired) {
+          injectBadge(position);
+          return;
+        }
+        if (data.badgeToken) {
+          const refreshedClaims = await verifyBadgeToken(data.badgeToken);
+          if (refreshedClaims && !refreshedClaims.badgeRequired) {
+            cacheToken(key, data.badgeToken, (_a2 = data.badgeExemptUntil) != null ? _a2 : "", (_b = data.configVersion) != null ? _b : 1);
+            removeBadge();
+          }
+        }
+      } catch {
+      }
+    }, 0);
+  }
+};
+// ── Badge (static helpers) ────────────────────────────────────────────────
+_Prodigio.POWERED_BY = {
+  text: "Hiring powered by Prodigio",
+  url: "https://prodigio.io"
 };
+var Prodigio = _Prodigio;
 var index_default = Prodigio;
 export {
   Prodigio,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prodigio-io/sdk",
-  "version": "1.0.4",
+  "version": "2.0.0",
   "description": "Official JavaScript SDK for the Prodigio hiring API",
   "main": "dist/index.js",
   "module": "dist/index.mjs",