npm - @snapkyc-ooru/consent-handoff-react - Versions diffs - 0.1.0 → 0.1.1 - Mend

@snapkyc-ooru/consent-handoff-react 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +257 -103
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -1,158 +1,312 @@
-# @snapkyc/consent-handoff-react
+# @snapkyc-ooru/consent-handoff-react
-React + TypeScript SDK for the **integrations agreement → transaction initiate → QR _or_ intent → status polling** flow. `API_ORIGIN` is fixed in [`src/config.ts`](src/config.ts) (currently `http://127.0.0.1:8000`). Relying parties pass a single **`integrationToken`** (`Authorization: Token …`). See [`docs/HTTP_CONTRACT.md`](docs/HTTP_CONTRACT.md) for route assumptions.
+> **KYC consent & identity handoff flow for React** — agreement → consent → QR / deeplink → polling → verified.
+[![npm version](https://img.shields.io/npm/v/@snapkyc-ooru/consent-handoff-react)](https://www.npmjs.com/package/@snapkyc-ooru/consent-handoff-react)
+[![license: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
+[![peer: React ≥ 17](https://img.shields.io/badge/peer-React%20%E2%89%A5%2017-61dafb)](https://reactjs.org)
+---
+## What is this?
+`@snapkyc-ooru/consent-handoff-react` is a plug-and-play React + TypeScript SDK that orchestrates the full **SnapKYC identity-verification handoff** inside your product — without you needing to manage a single API call or UI state machine.
+Drop in a single component (or call one function) and your users move through:
+```
+Integration agreement  →  Purpose consent  →  QR code / app deeplink
+        →  Live status polling  →  Verification summary
+```
+Your backend mints a short-lived **`integrationToken`**; the SDK handles everything else.
+---
 ## Install
 ```bash
-npm install @snapkyc/consent-handoff-react react react-dom
+npm install @snapkyc-ooru/consent-handoff-react react react-dom
 ```
+**Peer dependencies:** React `>= 17`, react-dom `>= 17`
+---
 ## Styles
+Import the bundled stylesheet once — typically in your app root or entry file:
 ```tsx
-import "@snapkyc/consent-handoff-react/styles.css";
+import "@snapkyc-ooru/consent-handoff-react/styles.css";
 ```
-Design tokens are scoped to the SDK root (`.snap-consent-handoff`). If you previously overrode appearance by targeting **`:root`**, switch to the **`theme` prop** (see below) or to selectors under `.snap-consent-handoff` so you do not affect the host application.
+> All design tokens are scoped to `.snap-consent-handoff`. Override them via the `theme` prop rather than targeting `:root` in your host app.
-## Theme (optional)
+---
-Pass **`theme`** with any subset of fields; the rest use the built-in warm default palette (orange primary, cream accents, light canvas). Changing **`primary`** alone updates accents and the default active border color unless you set **`borderActive`** explicitly.
+## The 5-step flow
-| Field | Role |
-|-------|------|
-| `primary` | Brand color — primary buttons, checkboxes, selected borders |
-| `onPrimary` | Text on primary buttons |
-| `canvas` | Sheet / panel background |
-| `surface` | Default “card” surfaces (e.g. unselected purpose rows) |
-| `surfaceMuted` | Agreement notice and selected purpose row background |
-| `text` / `textMuted` | Body and secondary text |
-| `border` / `borderActive` | Default and emphasized borders |
-| `modalOverlay` | Scrim behind the modal |
-| `danger` | Error text |
-| `success` | Success verification icon and status checkmarks |
-| `successStatusSurface` | Success screen status summary card background |
-| `successPurposesSurface` | Success screen “Confirmed purposes” panel background |
-| `successAccordionBorder` | Demographic accordion borders |
-| `radius` | Corner radius string (e.g. `"12px"`) |
-| `fontFamily` | UI font stack |
-| `gap`, `maxWidth`, `modalZ` | Layout tokens |
+| Step | Screen |
+|------|--------|
+| 1 | **Agreement** — integration notice card; optional custom `title` |
+| 2 | **Consent** — purpose checkboxes with **Cancel** / **I Agree** |
+| 3 | **Handoff** — QR scan *or* app deeplink (auto-detects iOS/Android) |
+| 4 | **Polling** — live status until terminal result |
+| 5 | **Success** — status strip, confirmed purposes, demographic accordions; **Done** |
-```tsx
-import {
-  SnapConsentHandoffFlow,
-  DEFAULT_SNAP_CONSENT_THEME,
-  type SnapConsentHandoffTheme,
-} from "@snapkyc/consent-handoff-react";
+Dismiss controls (**×**, **Cancel**, **Done**) all call `onRequestClose` and cleanly abort any in-flight work.
-const brand: Partial<SnapConsentHandoffTheme> = {
-  primary: "#0f766e",
-  borderActive: "#0f766e",
-  surfaceMuted: "#f0fdfa",
-};
+---
-<SnapConsentHandoffFlow {...props} theme={brand} />;
-```
+## Quick start
-`DEFAULT_SNAP_CONSENT_THEME` and `resolveSnapConsentTheme` are exported if you need to merge or inspect defaults in app code.
+### Option A — Imperative modal (recommended)
-## Imperative opener (recommended for modals)
+Mounts outside your React tree on `document.body`. Ideal for portals, dashboards, or any flow that should not disrupt your existing layout.
 ```tsx
-import { openSnapConsentHandoffFlow } from "@snapkyc/consent-handoff-react";
-import "@snapkyc/consent-handoff-react/styles.css";
-const { dispose } = openSnapConsentHandoffFlow({
-  integrationToken,
-  rpContext: { reference_id: user.id, session_id },
-  /** Select exactly one post-initiation path — never both */
-  handoffMode: "qr", // or "intent"
-  /** Optional tweaks */
-  pollIntervalMs: 1500,
-  pollDeadlineMs: 120_000,
-  onFlowEvent(e) {},
-  onSuccess(result) {},
-  onError(err) {},
-});
-// On route change / unmount caller context
-dispose();
+import { useCallback, useRef } from "react";
+import {
+  openSnapConsentHandoffFlow,
+  type CompletionResult,
+  type FlowEvent,
+} from "@snapkyc-ooru/consent-handoff-react";
+import "@snapkyc-ooru/consent-handoff-react/styles.css";
+function VerifyButton() {
+  const disposeRef = useRef<(() => void) | null>(null);
+  const startVerification = useCallback(async () => {
+    const integrationToken = await fetchTokenFromYourBackend(); // short-lived token
+    disposeRef.current?.();
+    disposeRef.current = openSnapConsentHandoffFlow({
+      integrationToken,
+      rpContext: {
+        reference_id: "user-or-order-id",
+        session_id: "optional-correlation-id",
+      },
+      handoffMode: "qr", // or "intent"
+      title: "Loan Application KYC Verification",
+      pollIntervalMs: 1500,
+      pollDeadlineMs: 120_000,
+      theme: {
+        primary: "#0f766e",
+        borderActive: "#0f766e",
+        surfaceMuted: "#f0fdfa",
+      },
+      onFlowEvent(evt: FlowEvent) {
+        console.log("phase →", evt);
+        // agreement-loading | agreement-ready | txn-created
+        // polling | completed | failed | cancelled
+      },
+      onSuccess(result: CompletionResult) {
+        // result.txn_id  — transaction identifier
+        // result.status  — terminal status string
+        // result.raw     — full API payload (demographics, purposes, evidence)
+      },
+      onError(err) {
+        console.error(err);
+      },
+    }).dispose;
+  }, []);
+  return (
+    <button type="button" onClick={() => void startVerification()}>
+      Verify identity
+    </button>
+  );
+}
 ```
-`openSnapConsentQrFlow` is a **deprecated alias** of the same function.
+**Important:** store the returned `dispose` reference and call it on component unmount or navigation. The modal's built-in dismiss buttons do this automatically when using `openSnapConsentHandoffFlow`.
-### Intent platform detection
+> `openSnapConsentQrFlow` is a **deprecated alias** — use `openSnapConsentHandoffFlow` going forward.
-With `handoffMode: "intent"`, the SDK infers **`android`** vs **`ios`** from the browser UA. If ambiguous (typical desktop browser), users pick **Continue with Android** or **Continue with iPhone/iPad**. For automated tests only, set `_dangerouslyForceIntentPlatform`.
+---
-## Declarative
+### Option B — Declarative component
-On the consent step, the primary action is labelled **I Agree** (with **Cancel** beside it to dismiss). After a successful verification, **Done** dismisses the flow the same way as the modal close control.
+Embed the flow inline inside a wizard step, settings page, or your own modal shell.
+#### Inline (embedded)
 ```tsx
-import { SnapConsentHandoffFlow } from "@snapkyc/consent-handoff-react";
-import "@snapkyc/consent-handoff-react/styles.css";
+import { useState } from "react";
+import {
+  SnapConsentHandoffFlow,
+  type CompletionResult,
+} from "@snapkyc-ooru/consent-handoff-react";
+import "@snapkyc-ooru/consent-handoff-react/styles.css";
+export function KycStep({ token }: { token: string }) {
+  const [hidden, setHidden] = useState(false);
+  if (hidden) return null;
+  return (
+    <SnapConsentHandoffFlow
+      integrationToken={token}
+      rpContext={{ reference_id: "USER-123", session_id: "sess-abc" }}
+      handoffMode="intent"
+      displayMode="inline"
+      title="Loan Application KYC Verification"
+      acceptLanguage="en"
+      theme={{ primary: "#0f766e" }}
+      onSuccess={(result: CompletionResult) => {
+        // result.raw contains demographics, purposes, evidence
+      }}
+      onRequestClose={() => setHidden(true)}
+    />
+  );
+}
+```
+#### Inside your own modal shell
+```tsx
 <SnapConsentHandoffFlow
   integrationToken={token}
-  rpContext={{ reference_id, session_id }}
-  handoffMode="intent"
-  displayMode="inline"
-/>;
+  rpContext={{ reference_id: "USER-123" }}
+  handoffMode="qr"
+  displayMode="modal"
+  onRequestClose={() => setShowModal(false)}
+/>
 ```
-## Props (summary)
+| `displayMode` | Behaviour |
+|---------------|-----------|
+| `"modal"` (default) | SDK renders its own scrim + header **×** |
+| `"inline"` | Borderless sheet; no scrim — sits inside your layout |
-| Prop | Purpose |
-|------|---------|
-| `integrationToken` | Sent as `Authorization: Token …` on every request |
-| `rpContext.reference_id` | Sent as `rp_context.ref_id` on `POST …/transactions/initiate` |
-| `handoffMode` | `"qr"` → `POST …/generate-qr` (PNG). `"intent"` → `POST …/generate-intent?platform=` |
-| `agreementId?` | Reserved; agreement is implied by the integration token |
-| `acceptLanguage?` | `Accept-Language` + preference for `agreement_text` locale |
-| `qrRequestBody?` | QR overrides (`size`; `txn_id` is set by the SDK) |
-| `pollIntervalMs` / `pollDeadlineMs` | Polling behaviour after handoff |
-| `theme?` | Partial palette / layout overrides (see **Theme**) |
-| `onRequestClose?` | Called when the user closes the modal (**×**), taps **Cancel** on the consent step, or taps **Done** after success. With `openSnapConsentHandoffFlow`, this is wired to `dispose()`. If omitted (e.g. inline embed), the SDK hides its own UI after those actions. |
+---
-## Credential hygiene
+## Handoff modes
-`integrationToken` is a bearer credential in the browser. Prefer short-lived minted tokens from your backend rather than embedding long-lived secrets in static bundles.
+| `handoffMode` | What happens after I Agree |
+|---------------|---------------------------|
+| `"qr"` | Generates a **PNG QR code** (`POST …/generate-qr`). User scans with the authorised app. |
+| `"intent"` | Generates an **app deeplink** (`POST …/generate-intent?platform=`). User opens native app directly. |
-## Publishing / environments
+**Platform detection for `"intent"` mode:** iOS and Android are inferred from the user agent on mobile. On ambiguous desktop UAs the user is shown a picker — **Continue with Android** or **Continue with iPhone / iPad**.
-Bump `API_ORIGIN` when cutting staging/production builds (fork your publish pipeline per environment or maintain separate semver lines).
+> **QA only:** `_dangerouslyForceIntentPlatform: "android" | "ios"` bypasses detection. Do not use in production.
-### npm: `E404` — “Scope not found” (`@snapkyc/...`)
+---
-Scoped packages like **`@snapkyc/consent-handoff-react`** can only be published if the **scope exists on npm** and **your logged-in user is allowed to publish** to it.
+## Callbacks
-**Option A — use the `snapkyc` org (intended for SnapKYC)**
+| Callback | Fires when |
+|----------|-----------|
+| `onFlowEvent(evt)` | On every phase transition (see event names below) |
+| `onSuccess(result)` | Terminal success — receives `{ txn_id?, status, raw }` |
+| `onError(err)` | Agreement load failure or unrecoverable error |
+| `onRequestClose()` | User dismissed via **×**, **Cancel**, or **Done** |
-1. An org owner creates **[`snapkyc` on npm](https://www.npmjs.com/org/create)** (if it does not exist yet).
-2. They invite your npm user with a role that can **publish** (e.g. member with publish, or owner).
-3. You accept the invite, then run `npm login` and `npm publish --access public` again.
+### `FlowEvent` values
-**Option B — publish under your own scope**
+```
+agreement-loading  →  agreement-ready  →  txn-initiating  →  txn-created
+  →  handoff-loading  →  handoff-ready  →  polling  →  completed | failed | cancelled
+```
-1. Change the `"name"` field in `package.json` to a scope you control, e.g. `"@<your-npm-username>/consent-handoff-react"`.
-2. Bump the version if you already published under another name, then `npm publish --access public`.
+### Post-success helpers
-**Option C — unscoped package**
+```ts
+import {
+  normalizeTxnStatusPayload,
+  extractDemographicData,
+  demographicAccordionSections,
+} from "@snapkyc-ooru/consent-handoff-react";
+```
-Use a unique unscoped name (e.g. `snapkyc-consent-handoff-react`) in `"name"` if you do not use npm orgs. Check name availability on [npmjs.com](https://www.npmjs.com/).
+---
-After any rename, update install instructions and all `import` paths for consumers.
+## Theme
-## Develop
+All overrides are optional. Unspecified keys fall back to the built-in warm default (orange primary, cream accents). Setting `primary` alone automatically sets `borderActive` unless you override it separately.
-```bash
-npm install
-npm test
-npm run build
+```tsx
+import {
+  DEFAULT_SNAP_CONSENT_THEME,
+  resolveSnapConsentTheme,
+  type SnapConsentHandoffTheme,
+} from "@snapkyc-ooru/consent-handoff-react";
+const brand: Partial<SnapConsentHandoffTheme> = {
+  primary: "#0f766e",
+  surfaceMuted: "#f0fdfa",
+};
+<SnapConsentHandoffFlow {...props} theme={brand} />;
 ```
+| Token | Controls |
+|-------|----------|
+| `primary` | Brand accent — **I Agree** / **Done**, checkboxes, active borders |
+| `onPrimary` | Text on primary buttons |
+| `canvas` | Sheet background |
+| `surface` / `surfaceMuted` | Card surfaces (unselected / selected rows, notice) |
+| `text` / `textMuted` | Body and secondary text |
+| `border` / `borderActive` | Default and emphasized borders |
+| `modalOverlay` | Modal scrim |
+| `danger` | Error text |
+| `success` | Success hero and status checkmarks |
+| `successStatusSurface` | Status summary card on success |
+| `successPurposesSurface` | Confirmed purposes panel |
+| `successAccordionBorder` | Demographic accordion borders |
+| `radius` / `fontFamily` / `gap` / `maxWidth` / `modalZ` | Layout and typography |
+---
+## Props reference
+### Required props
+| Prop | Type | Description |
+|------|------|-------------|
+| `integrationToken` | `string` | `Authorization: Token …` sent on every SDK request |
+| `rpContext.reference_id` | `string` | Sent as `rp_context.ref_id` when initiating a transaction |
+| `handoffMode` | `"qr" \| "intent"` | Handoff delivery mechanism |
+### Optional props
+| Prop | Type | Default | Description |
+|------|------|---------|-------------|
+| `rpContext.session_id` | `string` | — | Optional correlation metadata for your backend |
+| `acceptLanguage` | `string` | — | `Accept-Language` header + agreement locale preference |
+| `agreementId` | `string` | — | Reserved; agreement is implied by the integration token |
+| `qrRequestBody` | `{ size?: number }` | — | Extra QR params; `txn_id` is always injected by SDK |
+| `pollIntervalMs` | `number` | `1500` | Polling interval in milliseconds |
+| `pollDeadlineMs` | `number` | `120000` | Polling timeout in milliseconds |
+| `displayMode` | `"modal" \| "inline"` | `"modal"` | Modal (with scrim) or inline sheet |
+| `title` | `string` | Agreement name | Dialog heading |
+| `theme` | `Partial<SnapConsentHandoffTheme>` | Built-in warm default | Visual overrides |
+| `intentPlatformOverride` | `"android" \| "ios"` | — | Force platform when already known |
+| `userAgent` | `string` | — | Override UA for tests or SSR |
+| `onFlowEvent` | `(evt: FlowEvent) => void` | — | Phase transition callback |
+| `onSuccess` | `(result: CompletionResult) => void` | — | Terminal success callback |
+| `onError` | `(err: unknown) => void` | — | Error callback |
+| `onRequestClose` | `() => void` | — | Dismiss callback (required for host-controlled hide) |
+---
+## Security — credential hygiene
+`integrationToken` is a **bearer credential that lives in the browser.** Follow these rules:
+- ✅ Mint **short-lived tokens** on your backend after the user is authenticated
+- ✅ Deliver the token to the client just before calling `openSnapConsentHandoffFlow`
+- ❌ Never embed long-lived secrets in static bundles or environment variables shipped to the browser
+---
+## HTTP contract
+All route assumptions are documented in [`docs/HTTP_CONTRACT.md`](docs/HTTP_CONTRACT.md).
+---
 ## License
-MIT
+[MIT](LICENSE)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@snapkyc-ooru/consent-handoff-react",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "React SDK: agreement consent flow with QR or intent handoff + txn polling.",
   "license": "MIT",
   "type": "module",