@prodigio-io/sdk 1.0.5 → 2.0.0

package/dist/index.d.mts

@@ -2,6 +2,14 @@ interface ProdigioConfig {
     apiKey: string;
     baseUrl?: string;
 }
+interface ProdigioInitConfig {
+    key: string;
+    badgeToken?: string;
+    baseUrl?: string;
+    badge?: {
+        position?: 'bottom-right' | 'bottom-left';
+    };
+}
 interface SalaryRange {
     min: number;
     max: number;
@@ -108,6 +116,7 @@ declare class Prodigio {
         name: string;
         content: string;
     };
+    static init(config: ProdigioInitConfig): Promise<void>;
 }
 
-export { type Achievement, type Applicant, type ApplicationResult, type BadgeProps, type CVInfo, type Job, type ListJobsParams, type PoweredBy, Prodigio, type ProdigioConfig, ProdigioError, type SalaryRange, type SubmitApplicationParams, type UploadResult, Prodigio as default };
+export { type Achievement, type Applicant, type ApplicationResult, type BadgeProps, type CVInfo, type Job, type ListJobsParams, type PoweredBy, Prodigio, type ProdigioConfig, ProdigioError, type ProdigioInitConfig, type SalaryRange, type SubmitApplicationParams, type UploadResult, Prodigio as default };

package/dist/index.d.ts

@@ -2,6 +2,14 @@ interface ProdigioConfig {
     apiKey: string;
     baseUrl?: string;
 }
+interface ProdigioInitConfig {
+    key: string;
+    badgeToken?: string;
+    baseUrl?: string;
+    badge?: {
+        position?: 'bottom-right' | 'bottom-left';
+    };
+}
 interface SalaryRange {
     min: number;
     max: number;
@@ -108,6 +116,7 @@ declare class Prodigio {
         name: string;
         content: string;
     };
+    static init(config: ProdigioInitConfig): Promise<void>;
 }
 
-export { type Achievement, type Applicant, type ApplicationResult, type BadgeProps, type CVInfo, type Job, type ListJobsParams, type PoweredBy, Prodigio, type ProdigioConfig, ProdigioError, type SalaryRange, type SubmitApplicationParams, type UploadResult, Prodigio as default };
+export { type Achievement, type Applicant, type ApplicationResult, type BadgeProps, type CVInfo, type Job, type ListJobsParams, type PoweredBy, Prodigio, type ProdigioConfig, ProdigioError, type ProdigioInitConfig, type SalaryRange, type SubmitApplicationParams, type UploadResult, Prodigio as default };

package/dist/index.js

@@ -26,6 +26,17 @@ __export(index_exports, {
 });
 module.exports = __toCommonJS(index_exports);
 var DEFAULT_BASE_URL = "https://hire.prodigio.io";
+var BADGE_CACHE_KEY = "prodigio_badge_token";
+var GRACE_PERIOD_MS = 5 * 60 * 1e3;
+var PRODIGIO_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy85BNWaJVQQA/AFsz612
+I+3K94s6P7r9zoSUvxDhn2J1INyuc27EIcMOHHPDxChrzJGv6bozGbpexYSIIgQd
+ge9Ge9P/J+THQMdUmAbidfp/mR1i0vISaaBvKfFQfIGkuXpzbQB8eEV1s0jACMSd
+qRSKeJEKSKPf3OkWVhaWi4KxT9H14W6lJMBrE0ZaGbAog2HmG69f5+5JjvxU6TWR
+BojS5CYGvSvAIQGnsWm3Rz/HfZoPg1VRMRkGYCbLIVyV3XjLPo/VqBGuvjZSRTk+
+HW72H1ZvBsBnNSEKkOSp5r43Du3x2KUQdYyV7p0iIwMRnMq2enBEEb2qrrj7huln
+BQIDAQAB
+-----END PUBLIC KEY-----`;
 var ProdigioError = class extends Error {
   constructor(message, status, code) {
     super(message);
@@ -34,6 +45,124 @@ var ProdigioError = class extends Error {
     this.name = "ProdigioError";
   }
 };
+function pemToArrayBuffer(pem) {
+  const base64 = pem.replace(/-----BEGIN PUBLIC KEY-----/, "").replace(/-----END PUBLIC KEY-----/, "").replace(/\s/g, "");
+  const binary = atob(base64);
+  const buf = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) buf[i] = binary.charCodeAt(i);
+  return buf.buffer;
+}
+function base64urlToArrayBuffer(b64url) {
+  const b64 = b64url.replace(/-/g, "+").replace(/_/g, "/").padEnd(
+    b64url.length + (4 - b64url.length % 4) % 4,
+    "="
+  );
+  const binary = atob(b64);
+  const buf = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) buf[i] = binary.charCodeAt(i);
+  return buf.buffer;
+}
+async function verifyBadgeToken(token) {
+  try {
+    if (typeof crypto === "undefined" || !crypto.subtle) return null;
+    const parts = token.split(".");
+    if (parts.length !== 3) return null;
+    const [headerB64, payloadB64, sigB64] = parts;
+    const signingInput = `${headerB64}.${payloadB64}`;
+    const signature = base64urlToArrayBuffer(sigB64);
+    const keyData = pemToArrayBuffer(PRODIGIO_PUBLIC_KEY_PEM);
+    const publicKey = await crypto.subtle.importKey(
+      "spki",
+      keyData,
+      { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+      false,
+      ["verify"]
+    );
+    const encoder = new TextEncoder();
+    const valid = await crypto.subtle.verify(
+      "RSASSA-PKCS1-v1_5",
+      publicKey,
+      signature,
+      encoder.encode(signingInput)
+    );
+    if (!valid) return null;
+    const claims = JSON.parse(atob(payloadB64.replace(/-/g, "+").replace(/_/g, "/")));
+    if (claims.exp < Math.floor(Date.now() / 1e3)) return null;
+    return claims;
+  } catch {
+    return null;
+  }
+}
+var BADGE_ELEMENT_ID = "prodigio-badge-widget";
+function injectBadge(position = "bottom-right") {
+  if (typeof document === "undefined") return;
+  if (document.getElementById(BADGE_ELEMENT_ID)) return;
+  const side = position === "bottom-left" ? "left: 20px;" : "right: 20px;";
+  const el = document.createElement("a");
+  el.id = BADGE_ELEMENT_ID;
+  el.href = "https://prodigio.io";
+  el.target = "_blank";
+  el.rel = "noopener noreferrer";
+  el.setAttribute("data-prodigio-badge", "true");
+  el.setAttribute("aria-label", "Hiring powered by Prodigio");
+  el.style.cssText = `
+    position: fixed;
+    bottom: 20px;
+    ${side}
+    z-index: 2147483647;
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    padding: 6px 10px;
+    background: #ffffff;
+    border: 1px solid #e5e5e5;
+    border-radius: 20px;
+    box-shadow: 0 2px 8px rgba(0,0,0,0.08);
+    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
+    font-size: 11px;
+    font-weight: 500;
+    color: #666666;
+    text-decoration: none;
+    cursor: pointer;
+    transition: box-shadow 0.15s ease;
+  `;
+  el.innerHTML = `
+    <svg width="14" height="14" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+      <rect width="24" height="24" rx="6" fill="#3730A3"/>
+      <path d="M7 7h5.5a3.5 3.5 0 0 1 0 7H7V7z" fill="#fff"/>
+      <path d="M7 14h6a3 3 0 0 1 0 6H7v-6z" fill="#fff" opacity="0.6"/>
+    </svg>
+    <span>Hiring by Prodigio</span>
+  `;
+  el.addEventListener("mouseenter", () => {
+    el.style.boxShadow = "0 4px 12px rgba(0,0,0,0.12)";
+  });
+  el.addEventListener("mouseleave", () => {
+    el.style.boxShadow = "0 2px 8px rgba(0,0,0,0.08)";
+  });
+  document.body.appendChild(el);
+}
+function removeBadge() {
+  var _a;
+  if (typeof document === "undefined") return;
+  (_a = document.getElementById(BADGE_ELEMENT_ID)) == null ? void 0 : _a.remove();
+}
+function cacheToken(apiKey, token, badgeExemptUntil, configVersion) {
+  try {
+    const entry = { token, badgeExemptUntil, configVersion, cachedAt: Date.now() };
+    localStorage.setItem(`${BADGE_CACHE_KEY}_${apiKey}`, JSON.stringify(entry));
+  } catch {
+  }
+}
+function getCachedToken(apiKey) {
+  try {
+    const raw = localStorage.getItem(`${BADGE_CACHE_KEY}_${apiKey}`);
+    if (!raw) return null;
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
 var _Prodigio = class _Prodigio {
   constructor(config) {
     // ── Jobs ──────────────────────────────────────────────────────────────────
@@ -44,9 +173,7 @@ var _Prodigio = class _Prodigio {
         if (params == null ? void 0 : params.department) p.department = params.department;
         return this.get("/api/jobs", p);
       },
-      get: (jobId) => {
-        return this.get(`/api/jobs/${jobId}`);
-      }
+      get: (jobId) => this.get(`/api/jobs/${jobId}`)
     };
     // ── Uploads ───────────────────────────────────────────────────────────────
     this.upload = {
@@ -63,9 +190,7 @@ var _Prodigio = class _Prodigio {
     };
     // ── Applications ──────────────────────────────────────────────────────────
     this.applications = {
-      submit: (params) => {
-        return this.post("/api/applications", params);
-      }
+      submit: (params) => this.post("/api/applications", params)
     };
     var _a;
     if (typeof config === "string") {
@@ -96,10 +221,7 @@ var _Prodigio = class _Prodigio {
     var _a;
     const res = await fetch(`${this.baseUrl}${path}`, {
       method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "x-api-key": this.apiKey
-      },
+      headers: { "Content-Type": "application/json", "x-api-key": this.apiKey },
       body: JSON.stringify(body)
     });
     if (!res.ok) {
@@ -112,10 +234,7 @@ var _Prodigio = class _Prodigio {
     var _a;
     const url = new URL(`${this.baseUrl}${path}`);
     url.searchParams.set("key", this.apiKey);
-    const res = await fetch(url.toString(), {
-      method: "POST",
-      body: formData
-    });
+    const res = await fetch(url.toString(), { method: "POST", body: formData });
     if (!res.ok) {
       const body = await res.json().catch(() => ({}));
       throw new ProdigioError((_a = body.error) != null ? _a : `Upload failed: ${res.status}`, res.status);
@@ -132,16 +251,75 @@ var _Prodigio = class _Prodigio {
       text: pb.text
     };
   }
-  // Returns the <meta> tag props for server-rendered compliance verification.
-  // Add to your page <head> — this is the most reliable detection method.
-  // Next.js: export const metadata = { other: { 'prodigio-badge': 'true' } }
   static meta() {
     return { name: "prodigio-badge", content: "true" };
   }
+  // ── init() — v2 badge auto-injection ─────────────────────────────────────
+  static async init(config) {
+    var _a;
+    if (typeof window === "undefined") return;
+    const { key, badgeToken, baseUrl = DEFAULT_BASE_URL, badge: badgeConfig } = config;
+    const position = (_a = badgeConfig == null ? void 0 : badgeConfig.position) != null ? _a : "bottom-right";
+    const hostname = window.location.hostname;
+    const cached = getCachedToken(key);
+    let bestToken = null;
+    let bestTokenRaw = null;
+    const [initClaims, cachedClaims] = await Promise.all([
+      badgeToken ? verifyBadgeToken(badgeToken) : Promise.resolve(null),
+      cached ? verifyBadgeToken(cached.token) : Promise.resolve(null)
+    ]);
+    if (initClaims && cachedClaims) {
+      if (new Date(initClaims.badgeExemptUntil) >= new Date(cachedClaims.badgeExemptUntil)) {
+        bestToken = initClaims;
+        bestTokenRaw = badgeToken;
+      } else {
+        bestToken = cachedClaims;
+        bestTokenRaw = cached.token;
+      }
+    } else if (initClaims) {
+      bestToken = initClaims;
+      bestTokenRaw = badgeToken;
+    } else if (cachedClaims) {
+      bestToken = cachedClaims;
+      bestTokenRaw = cached.token;
+    }
+    const domainAllowed = bestToken ? bestToken.allowedDomains.length === 0 || bestToken.allowedDomains.includes(hostname) : true;
+    const isExempt = bestToken !== null && !bestToken.badgeRequired && domainAllowed;
+    if (isExempt) {
+      removeBadge();
+    } else if (!bestToken && cached) {
+      const cacheAge = Date.now() - cached.cachedAt;
+      if (cacheAge < GRACE_PERIOD_MS) {
+        removeBadge();
+      } else {
+        injectBadge(position);
+      }
+    } else {
+      injectBadge(position);
+    }
+    setTimeout(async () => {
+      var _a2, _b;
+      try {
+        const res = await fetch(`${baseUrl}/api/sdk/config?key=${encodeURIComponent(key)}`);
+        if (!res.ok) return;
+        const data = await res.json();
+        if (data.badgeRequired) {
+          injectBadge(position);
+          return;
+        }
+        if (data.badgeToken) {
+          const refreshedClaims = await verifyBadgeToken(data.badgeToken);
+          if (refreshedClaims && !refreshedClaims.badgeRequired) {
+            cacheToken(key, data.badgeToken, (_a2 = data.badgeExemptUntil) != null ? _a2 : "", (_b = data.configVersion) != null ? _b : 1);
+            removeBadge();
+          }
+        }
+      } catch {
+      }
+    }, 0);
+  }
 };
-// ── Badge ─────────────────────────────────────────────────────────────────
-// Returns props to spread onto your <a> element.
-// poweredBy is optional — defaults to Prodigio's built-in attribution.
+// ── Badge (static helpers) ────────────────────────────────────────────────
 _Prodigio.POWERED_BY = {
   text: "Hiring powered by Prodigio",
   url: "https://prodigio.io"

package/dist/index.mjs

@@ -1,5 +1,16 @@
 // src/index.ts
 var DEFAULT_BASE_URL = "https://hire.prodigio.io";
+var BADGE_CACHE_KEY = "prodigio_badge_token";
+var GRACE_PERIOD_MS = 5 * 60 * 1e3;
+var PRODIGIO_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy85BNWaJVQQA/AFsz612
+I+3K94s6P7r9zoSUvxDhn2J1INyuc27EIcMOHHPDxChrzJGv6bozGbpexYSIIgQd
+ge9Ge9P/J+THQMdUmAbidfp/mR1i0vISaaBvKfFQfIGkuXpzbQB8eEV1s0jACMSd
+qRSKeJEKSKPf3OkWVhaWi4KxT9H14W6lJMBrE0ZaGbAog2HmG69f5+5JjvxU6TWR
+BojS5CYGvSvAIQGnsWm3Rz/HfZoPg1VRMRkGYCbLIVyV3XjLPo/VqBGuvjZSRTk+
+HW72H1ZvBsBnNSEKkOSp5r43Du3x2KUQdYyV7p0iIwMRnMq2enBEEb2qrrj7huln
+BQIDAQAB
+-----END PUBLIC KEY-----`;
 var ProdigioError = class extends Error {
   constructor(message, status, code) {
     super(message);
@@ -8,6 +19,124 @@ var ProdigioError = class extends Error {
     this.name = "ProdigioError";
   }
 };
+function pemToArrayBuffer(pem) {
+  const base64 = pem.replace(/-----BEGIN PUBLIC KEY-----/, "").replace(/-----END PUBLIC KEY-----/, "").replace(/\s/g, "");
+  const binary = atob(base64);
+  const buf = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) buf[i] = binary.charCodeAt(i);
+  return buf.buffer;
+}
+function base64urlToArrayBuffer(b64url) {
+  const b64 = b64url.replace(/-/g, "+").replace(/_/g, "/").padEnd(
+    b64url.length + (4 - b64url.length % 4) % 4,
+    "="
+  );
+  const binary = atob(b64);
+  const buf = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) buf[i] = binary.charCodeAt(i);
+  return buf.buffer;
+}
+async function verifyBadgeToken(token) {
+  try {
+    if (typeof crypto === "undefined" || !crypto.subtle) return null;
+    const parts = token.split(".");
+    if (parts.length !== 3) return null;
+    const [headerB64, payloadB64, sigB64] = parts;
+    const signingInput = `${headerB64}.${payloadB64}`;
+    const signature = base64urlToArrayBuffer(sigB64);
+    const keyData = pemToArrayBuffer(PRODIGIO_PUBLIC_KEY_PEM);
+    const publicKey = await crypto.subtle.importKey(
+      "spki",
+      keyData,
+      { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+      false,
+      ["verify"]
+    );
+    const encoder = new TextEncoder();
+    const valid = await crypto.subtle.verify(
+      "RSASSA-PKCS1-v1_5",
+      publicKey,
+      signature,
+      encoder.encode(signingInput)
+    );
+    if (!valid) return null;
+    const claims = JSON.parse(atob(payloadB64.replace(/-/g, "+").replace(/_/g, "/")));
+    if (claims.exp < Math.floor(Date.now() / 1e3)) return null;
+    return claims;
+  } catch {
+    return null;
+  }
+}
+var BADGE_ELEMENT_ID = "prodigio-badge-widget";
+function injectBadge(position = "bottom-right") {
+  if (typeof document === "undefined") return;
+  if (document.getElementById(BADGE_ELEMENT_ID)) return;
+  const side = position === "bottom-left" ? "left: 20px;" : "right: 20px;";
+  const el = document.createElement("a");
+  el.id = BADGE_ELEMENT_ID;
+  el.href = "https://prodigio.io";
+  el.target = "_blank";
+  el.rel = "noopener noreferrer";
+  el.setAttribute("data-prodigio-badge", "true");
+  el.setAttribute("aria-label", "Hiring powered by Prodigio");
+  el.style.cssText = `
+    position: fixed;
+    bottom: 20px;
+    ${side}
+    z-index: 2147483647;
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    padding: 6px 10px;
+    background: #ffffff;
+    border: 1px solid #e5e5e5;
+    border-radius: 20px;
+    box-shadow: 0 2px 8px rgba(0,0,0,0.08);
+    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
+    font-size: 11px;
+    font-weight: 500;
+    color: #666666;
+    text-decoration: none;
+    cursor: pointer;
+    transition: box-shadow 0.15s ease;
+  `;
+  el.innerHTML = `
+    <svg width="14" height="14" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+      <rect width="24" height="24" rx="6" fill="#3730A3"/>
+      <path d="M7 7h5.5a3.5 3.5 0 0 1 0 7H7V7z" fill="#fff"/>
+      <path d="M7 14h6a3 3 0 0 1 0 6H7v-6z" fill="#fff" opacity="0.6"/>
+    </svg>
+    <span>Hiring by Prodigio</span>
+  `;
+  el.addEventListener("mouseenter", () => {
+    el.style.boxShadow = "0 4px 12px rgba(0,0,0,0.12)";
+  });
+  el.addEventListener("mouseleave", () => {
+    el.style.boxShadow = "0 2px 8px rgba(0,0,0,0.08)";
+  });
+  document.body.appendChild(el);
+}
+function removeBadge() {
+  var _a;
+  if (typeof document === "undefined") return;
+  (_a = document.getElementById(BADGE_ELEMENT_ID)) == null ? void 0 : _a.remove();
+}
+function cacheToken(apiKey, token, badgeExemptUntil, configVersion) {
+  try {
+    const entry = { token, badgeExemptUntil, configVersion, cachedAt: Date.now() };
+    localStorage.setItem(`${BADGE_CACHE_KEY}_${apiKey}`, JSON.stringify(entry));
+  } catch {
+  }
+}
+function getCachedToken(apiKey) {
+  try {
+    const raw = localStorage.getItem(`${BADGE_CACHE_KEY}_${apiKey}`);
+    if (!raw) return null;
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
 var _Prodigio = class _Prodigio {
   constructor(config) {
     // ── Jobs ──────────────────────────────────────────────────────────────────
@@ -18,9 +147,7 @@ var _Prodigio = class _Prodigio {
         if (params == null ? void 0 : params.department) p.department = params.department;
         return this.get("/api/jobs", p);
       },
-      get: (jobId) => {
-        return this.get(`/api/jobs/${jobId}`);
-      }
+      get: (jobId) => this.get(`/api/jobs/${jobId}`)
     };
     // ── Uploads ───────────────────────────────────────────────────────────────
     this.upload = {
@@ -37,9 +164,7 @@ var _Prodigio = class _Prodigio {
     };
     // ── Applications ──────────────────────────────────────────────────────────
     this.applications = {
-      submit: (params) => {
-        return this.post("/api/applications", params);
-      }
+      submit: (params) => this.post("/api/applications", params)
     };
     var _a;
     if (typeof config === "string") {
@@ -70,10 +195,7 @@ var _Prodigio = class _Prodigio {
     var _a;
     const res = await fetch(`${this.baseUrl}${path}`, {
       method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "x-api-key": this.apiKey
-      },
+      headers: { "Content-Type": "application/json", "x-api-key": this.apiKey },
       body: JSON.stringify(body)
     });
     if (!res.ok) {
@@ -86,10 +208,7 @@ var _Prodigio = class _Prodigio {
     var _a;
     const url = new URL(`${this.baseUrl}${path}`);
     url.searchParams.set("key", this.apiKey);
-    const res = await fetch(url.toString(), {
-      method: "POST",
-      body: formData
-    });
+    const res = await fetch(url.toString(), { method: "POST", body: formData });
     if (!res.ok) {
       const body = await res.json().catch(() => ({}));
       throw new ProdigioError((_a = body.error) != null ? _a : `Upload failed: ${res.status}`, res.status);
@@ -106,16 +225,75 @@ var _Prodigio = class _Prodigio {
       text: pb.text
     };
   }
-  // Returns the <meta> tag props for server-rendered compliance verification.
-  // Add to your page <head> — this is the most reliable detection method.
-  // Next.js: export const metadata = { other: { 'prodigio-badge': 'true' } }
   static meta() {
     return { name: "prodigio-badge", content: "true" };
   }
+  // ── init() — v2 badge auto-injection ─────────────────────────────────────
+  static async init(config) {
+    var _a;
+    if (typeof window === "undefined") return;
+    const { key, badgeToken, baseUrl = DEFAULT_BASE_URL, badge: badgeConfig } = config;
+    const position = (_a = badgeConfig == null ? void 0 : badgeConfig.position) != null ? _a : "bottom-right";
+    const hostname = window.location.hostname;
+    const cached = getCachedToken(key);
+    let bestToken = null;
+    let bestTokenRaw = null;
+    const [initClaims, cachedClaims] = await Promise.all([
+      badgeToken ? verifyBadgeToken(badgeToken) : Promise.resolve(null),
+      cached ? verifyBadgeToken(cached.token) : Promise.resolve(null)
+    ]);
+    if (initClaims && cachedClaims) {
+      if (new Date(initClaims.badgeExemptUntil) >= new Date(cachedClaims.badgeExemptUntil)) {
+        bestToken = initClaims;
+        bestTokenRaw = badgeToken;
+      } else {
+        bestToken = cachedClaims;
+        bestTokenRaw = cached.token;
+      }
+    } else if (initClaims) {
+      bestToken = initClaims;
+      bestTokenRaw = badgeToken;
+    } else if (cachedClaims) {
+      bestToken = cachedClaims;
+      bestTokenRaw = cached.token;
+    }
+    const domainAllowed = bestToken ? bestToken.allowedDomains.length === 0 || bestToken.allowedDomains.includes(hostname) : true;
+    const isExempt = bestToken !== null && !bestToken.badgeRequired && domainAllowed;
+    if (isExempt) {
+      removeBadge();
+    } else if (!bestToken && cached) {
+      const cacheAge = Date.now() - cached.cachedAt;
+      if (cacheAge < GRACE_PERIOD_MS) {
+        removeBadge();
+      } else {
+        injectBadge(position);
+      }
+    } else {
+      injectBadge(position);
+    }
+    setTimeout(async () => {
+      var _a2, _b;
+      try {
+        const res = await fetch(`${baseUrl}/api/sdk/config?key=${encodeURIComponent(key)}`);
+        if (!res.ok) return;
+        const data = await res.json();
+        if (data.badgeRequired) {
+          injectBadge(position);
+          return;
+        }
+        if (data.badgeToken) {
+          const refreshedClaims = await verifyBadgeToken(data.badgeToken);
+          if (refreshedClaims && !refreshedClaims.badgeRequired) {
+            cacheToken(key, data.badgeToken, (_a2 = data.badgeExemptUntil) != null ? _a2 : "", (_b = data.configVersion) != null ? _b : 1);
+            removeBadge();
+          }
+        }
+      } catch {
+      }
+    }, 0);
+  }
 };
-// ── Badge ─────────────────────────────────────────────────────────────────
-// Returns props to spread onto your <a> element.
-// poweredBy is optional — defaults to Prodigio's built-in attribution.
+// ── Badge (static helpers) ────────────────────────────────────────────────
 _Prodigio.POWERED_BY = {
   text: "Hiring powered by Prodigio",
   url: "https://prodigio.io"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prodigio-io/sdk",
-  "version": "1.0.5",
+  "version": "2.0.0",
   "description": "Official JavaScript SDK for the Prodigio hiring API",
   "main": "dist/index.js",
   "module": "dist/index.mjs",