@thavguard/arc-pay 0.1.1 → 0.1.2

package/dist/index.d.cts

@@ -1,5 +1,4 @@
-import { S as StyleSubset } from './arcpay-DAwTxM9e.cjs';
-export { A as ArcPay, a as ArcPayInstance, b as ArcPayLoadOptions, E as Element, c as ElementContext, d as ElementEvent, e as ElementOptions, f as Elements, g as ElementsOptions, h as Environment, F as FieldType, I as IframeToParent, P as ParentToIframe, T as TokenizeResult, p as parseIncoming, i as postToIframe, j as postToParent } from './arcpay-DAwTxM9e.cjs';
+export { A as ArcPay, a as ArcPayInstance, b as ArcPayLoadOptions, E as ElementEvent, c as ElementOptions, d as Elements, e as ElementsOptions, f as Environment, F as FieldType, T as TokenizeResult } from './arcpay-Cxgei9TD.cjs';
 
 type ArcPayErrorType = "validation_error" | "authentication_error" | "authorization_error" | "state_error" | "rate_limit_error" | "api_error" | "network_error" | "challenge_aborted";
 interface ArcPayErrorInit {
@@ -33,10 +32,6 @@ declare const isChallengeAborted: (e: unknown) => e is ArcPayError;
 
 type CardScheme = "visa" | "mastercard" | "amex" | "discover" | "mir" | "jcb" | "unionpay" | "unknown";
 
-declare const sanitizeStyle: (style: StyleSubset) => StyleSubset;
+declare const SDK_VERSION = "0.1.2";
 
-declare const luhnCheck: (pan: string) => boolean;
-
-declare const SDK_VERSION = "0.1.0";
-
-export { ArcPayError, type ArcPayErrorType, type CardScheme, SDK_VERSION, StyleSubset, isApiError, isAuthenticationError, isAuthorizationError, isChallengeAborted, isNetworkError, isRateLimitError, isStateError, isValidationError, luhnCheck, sanitizeStyle };
+export { ArcPayError, type ArcPayErrorType, type CardScheme, SDK_VERSION, isApiError, isAuthenticationError, isAuthorizationError, isChallengeAborted, isNetworkError, isRateLimitError, isStateError, isValidationError };

package/dist/index.d.ts

@@ -1,5 +1,4 @@
-import { S as StyleSubset } from './arcpay-DAwTxM9e.js';
-export { A as ArcPay, a as ArcPayInstance, b as ArcPayLoadOptions, E as Element, c as ElementContext, d as ElementEvent, e as ElementOptions, f as Elements, g as ElementsOptions, h as Environment, F as FieldType, I as IframeToParent, P as ParentToIframe, T as TokenizeResult, p as parseIncoming, i as postToIframe, j as postToParent } from './arcpay-DAwTxM9e.js';
+export { A as ArcPay, a as ArcPayInstance, b as ArcPayLoadOptions, E as ElementEvent, c as ElementOptions, d as Elements, e as ElementsOptions, f as Environment, F as FieldType, T as TokenizeResult } from './arcpay-Cxgei9TD.js';
 
 type ArcPayErrorType = "validation_error" | "authentication_error" | "authorization_error" | "state_error" | "rate_limit_error" | "api_error" | "network_error" | "challenge_aborted";
 interface ArcPayErrorInit {
@@ -33,10 +32,6 @@ declare const isChallengeAborted: (e: unknown) => e is ArcPayError;
 
 type CardScheme = "visa" | "mastercard" | "amex" | "discover" | "mir" | "jcb" | "unionpay" | "unknown";
 
-declare const sanitizeStyle: (style: StyleSubset) => StyleSubset;
+declare const SDK_VERSION = "0.1.2";
 
-declare const luhnCheck: (pan: string) => boolean;
-
-declare const SDK_VERSION = "0.1.0";
-
-export { ArcPayError, type ArcPayErrorType, type CardScheme, SDK_VERSION, StyleSubset, isApiError, isAuthenticationError, isAuthorizationError, isChallengeAborted, isNetworkError, isRateLimitError, isStateError, isValidationError, luhnCheck, sanitizeStyle };
+export { ArcPayError, type ArcPayErrorType, type CardScheme, SDK_VERSION, isApiError, isAuthenticationError, isAuthorizationError, isChallengeAborted, isNetworkError, isRateLimitError, isStateError, isValidationError };

package/dist/index.mjs

@@ -21,49 +21,6 @@ var isApiError = (e) => e instanceof ArcPayError && e.type === "api_error";
 var isNetworkError = (e) => e instanceof ArcPayError && e.type === "network_error";
 var isChallengeAborted = (e) => e instanceof ArcPayError && e.type === "challenge_aborted";
 
-// src/core/csp.ts
-var readCspContent = () => {
-  var _a;
-  if (typeof document === "undefined") return null;
-  const meta = document.head.querySelector(
-    'meta[http-equiv="Content-Security-Policy"]'
-  );
-  return (_a = meta == null ? void 0 : meta.getAttribute("content")) != null ? _a : null;
-};
-var extractDirective = (csp, name) => {
-  const lower = csp.toLowerCase();
-  const idx = lower.indexOf(`${name} `);
-  if (idx === -1) return null;
-  const rest = csp.slice(idx + name.length + 1);
-  const end = rest.indexOf(";");
-  return (end === -1 ? rest : rest.slice(0, end)).trim();
-};
-var directiveAllowsHost = (directive, host) => {
-  const tokens = directive.split(/\s+/).filter(Boolean);
-  if (tokens.includes("*")) return true;
-  return tokens.some((t) => {
-    if (t === host) return true;
-    if (t.startsWith("https://*")) {
-      const suffix = t.slice("https://*".length);
-      return host.endsWith(suffix);
-    }
-    return false;
-  });
-};
-var verifyCspAllowsApiBase = (apiBase) => {
-  const csp = readCspContent();
-  if (!csp) return;
-  const directive = extractDirective(csp, "connect-src");
-  if (!directive) return;
-  if (directiveAllowsHost(directive, apiBase)) return;
-  throw new ArcPayError({
-    type: "validation_error",
-    code: "csp_blocks_api",
-    message: `CSP connect-src directive does not allow ${apiBase}. Add it to your Content-Security-Policy header.`,
-    retryable: false
-  });
-};
-
 // src/core/env.ts
 var detectEnvironment = (publishableKey) => publishableKey.startsWith("pk_test_") ? "sandbox" : "live";
 var validatePublishableKey = (key) => {
@@ -129,12 +86,6 @@ var postToIframe = (iframe, message, targetOrigin) => {
   }
   iframe.contentWindow.postMessage(message, targetOrigin);
 };
-var postToParent = (message, targetOrigin) => {
-  if (targetOrigin === "*") {
-    throw new Error("postToParent: targetOrigin cannot be '*'");
-  }
-  window.parent.postMessage(message, targetOrigin);
-};
 var parseIncoming = (event, expectedOrigin) => {
   if (event.origin !== expectedOrigin) return null;
   if (!isArcpayMessage(event.data)) return null;
@@ -444,33 +395,27 @@ var Elements = class {
 
 // src/core/arcpay.ts
 var validatePublishableKey2 = validatePublishableKey;
-var DEFAULT_API_BASE = "https://api.arcpay.space";
 var cache = /* @__PURE__ */ new Map();
-var buildInstance = (publishableKey, opts) => {
-  var _a;
-  const apiBase = (_a = opts.apiBase) != null ? _a : DEFAULT_API_BASE;
-  verifyCspAllowsApiBase(apiBase);
+var buildInstance = (publishableKey) => {
   if (detectEnvironment(publishableKey) === "sandbox") {
     showSandboxBanner();
   }
   return {
     publishableKey,
-    apiBase,
     environment: detectEnvironment(publishableKey),
     elements: () => new Elements({ publishableKey })
   };
 };
-function load(publishableKey, opts = {}) {
-  var _a;
+function load(publishableKey) {
   try {
     validatePublishableKey2(publishableKey);
   } catch (err) {
     return Promise.reject(err);
   }
-  const key = `${publishableKey}|${(_a = opts.apiBase) != null ? _a : DEFAULT_API_BASE}`;
+  const key = publishableKey;
   const existing = cache.get(key);
   if (existing) return existing;
-  const promise = Promise.resolve(buildInstance(publishableKey, opts));
+  const promise = Promise.resolve(buildInstance(publishableKey));
   cache.set(key, promise);
   return promise;
 }
@@ -482,27 +427,9 @@ var ArcPay = {
   __resetForTests: resetForTests
 };
 
-// src/tokenize/luhn.ts
-var luhnCheck = (pan) => {
-  if (!/^\d+$/.test(pan)) return false;
-  if (/^0+$/.test(pan)) return false;
-  let sum = 0;
-  let alternate = false;
-  for (let i = pan.length - 1; i >= 0; i--) {
-    let n = pan.charCodeAt(i) - 48;
-    if (alternate) {
-      n *= 2;
-      if (n > 9) n -= 9;
-    }
-    sum += n;
-    alternate = !alternate;
-  }
-  return sum % 10 === 0;
-};
-
 // src/index.ts
-var SDK_VERSION = "0.1.0";
+var SDK_VERSION = "0.1.2";
 
-export { ArcPay, ArcPayError, Element, Elements, SDK_VERSION, isApiError, isAuthenticationError, isAuthorizationError, isChallengeAborted, isNetworkError, isRateLimitError, isStateError, isValidationError, luhnCheck, parseIncoming, postToIframe, postToParent, sanitizeStyle };
+export { ArcPay, ArcPayError, Elements, SDK_VERSION, isApiError, isAuthenticationError, isAuthorizationError, isChallengeAborted, isNetworkError, isRateLimitError, isStateError, isValidationError };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/core/errors.ts","../src/core/csp.ts","../src/core/env.ts","../src/core/sandbox-banner.ts","../src/elements/postmessage.ts","../src/elements/style.ts","../src/elements/element.ts","../src/elements/elements.ts","../src/core/arcpay.ts","../src/tokenize/luhn.ts","../src/index.ts"],"names":["validatePublishableKey"],"mappings":";AAqBO,IAAM,WAAA,GAAN,cAA0B,KAAA,CAAM;AAAA,EASrC,YAAY,IAAA,EAAuB;AACjC,IAAA,KAAA,CAAM,KAAK,OAAO,CAAA;AAClB,IAAA,IAAA,CAAK,IAAA,GAAO,aAAA;AACZ,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AACjB,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AACjB,IAAA,IAAA,CAAK,QAAQ,IAAA,CAAK,KAAA;AAClB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACtB,IAAA,IAAA,CAAK,cAAc,IAAA,CAAK,WAAA;AACxB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACtB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AAAA,EACxB;AACF;AAEO,IAAM,oBAAoB,CAAC,CAAA,KAChC,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;AAClC,IAAM,wBAAwB,CAAC,CAAA,KACpC,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;AAClC,IAAM,uBAAuB,CAAC,CAAA,KACnC,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;AAClC,IAAM,eAAe,CAAC,CAAA,KAC3B,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;AAClC,IAAM,mBAAmB,CAAC,CAAA,KAC/B,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;AAClC,IAAM,aAAa,CAAC,CAAA,KACzB,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;AAClC,IAAM,iBAAiB,CAAC,CAAA,KAC7B,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;AAClC,IAAM,qBAAqB,CAAC,CAAA,KACjC,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;;;ACxDzC,IAAM,iBAAiB,MAAqB;AAF5C,EAAA,IAAA,EAAA;AAGE,EAAA,IAAI,OAAO,QAAA,KAAa,WAAA,EAAa,OAAO,IAAA;AAC5C,EAAA,MAAM,IAAA,GAAO,SAAS,IAAA,CAAK,aAAA;AAAA,IACzB;AAAA,GACF;AACA,EAAA,OAAA,CAAO,EAAA,GAAA,IAAA,IAAA,IAAA,GAAA,MAAA,GAAA,IAAA,CAAM,YAAA,CAAa,SAAA,CAAA,KAAnB,IAAA,GAAA,EAAA,GAAiC,IAAA;AAC1C,CAAA;AAEA,IAAM,gBAAA,GAAmB,CAAC,GAAA,EAAa,IAAA,KAAgC;AACrE,EAAA,MAAM,KAAA,GAAQ,IAAI,WAAA,EAAY;AAC9B,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,OAAA,CAAQ,CAAA,EAAG,IAAI,CAAA,CAAA,CAAG,CAAA;AACpC,EAAA,IAAI,GAAA,KAAQ,IAAI,OAAO,IAAA;AACvB,EAAA,MAAM,OAAO,GAAA,CAAI,KAAA,CAAM,GAAA,GAAM,IAAA,CAAK,SAAS,CAAC,CAAA;AAC5C,EAAA,MAAM,GAAA,GAAM,IAAA,CAAK,OAAA,CAAQ,GAAG,CAAA;AAC5B,EAAA,OAAA,CAAQ,GAAA,KAAQ,KAAK,IAAA,GAAO,IAAA,CAAK,MAAM,CAAA,EAAG,GAAG,GAAG,IAAA,EAAK;AACvD,CAAA;AAEA,IAAM,mBAAA,GAAsB,CAAC,SAAA,EAAmB,IAAA,KAA0B;AACxE,EAAA,MAAM,SAAS,SAAA,CAAU,KAAA,CAAM,KAAK,CAAA,CAAE,OAAO,OAAO,CAAA;AACpD,EAAA,IAAI,MAAA,CAAO,QAAA,CAAS,GAAG,CAAA,EAAG,OAAO,IAAA;AACjC,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAAA,KAAM;AACxB,IAAA,IAAI,CAAA,KAAM,MAAM,OAAO,IAAA;AACvB,IAAA,IAAI,CAAA,CAAE,UAAA,CAAW,WAAW,CAAA,EAAG;AAC7B,MAAA,MAAM,MAAA,GAAS,CAAA,CAAE,KAAA,CAAM,WAAA,CAAY,MAAM,CAAA;AACzC,MAAA,OAAO,IAAA,CAAK,SAAS,MAAM,CAAA;AAAA,IAC7B;AACA,IAAA,OAAO,KAAA;AAAA,EACT,CAAC,CAAA;AACH,CAAA;AAEO,IAAM,sBAAA,GAAyB,CAAC,OAAA,KAA0B;AAC/D,EAAA,MAAM,MAAM,cAAA,EAAe;AAC3B,EAAA,IAAI,CAAC,GAAA,EAAK;AACV,EAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,GAAA,EAAK,aAAa,CAAA;AACrD,EAAA,IAAI,CAAC,SAAA,EAAW;AAChB,EAAA,IAAI,mBAAA,CAAoB,SAAA,EAAW,OAAO,CAAA,EAAG;AAC7C,EAAA,MAAM,IAAI,WAAA,CAAY;AAAA,IACpB,IAAA,EAAM,kBAAA;AAAA,IACN,IAAA,EAAM,gBAAA;AAAA,IACN,OAAA,EAAS,4CAA4C,OAAO,CAAA,gDAAA,CAAA;AAAA,IAC5D,SAAA,EAAW;AAAA,GACZ,CAAA;AACH,CAAA;;;ACxCO,IAAM,oBAAoB,CAAC,cAAA,KAChC,eAAe,UAAA,CAAW,UAAU,IAAI,SAAA,GAAY,MAAA;AAE/C,IAAM,sBAAA,GAAyB,CAAC,GAAA,KAAwC;AAC7E,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,GAAA,CAAI,WAAW,CAAA,EAAG;AAC/C,IAAA,MAAM,IAAI,WAAA,CAAY;AAAA,MACpB,IAAA,EAAM,kBAAA;AAAA,MACN,IAAA,EAAM,yBAAA;AAAA,MACN,OAAA,EAAS,4CAAA;AAAA,MACT,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA,EACH;AACA,EAAA,IAAI,CAAC,IAAI,UAAA,CAAW,UAAU,KAAK,CAAC,GAAA,CAAI,UAAA,CAAW,UAAU,CAAA,EAAG;AAC9D,IAAA,MAAM,IAAI,WAAA,CAAY;AAAA,MACpB,IAAA,EAAM,kBAAA;AAAA,MACN,IAAA,EAAM,yBAAA;AAAA,MACN,OAAA,EACE,qGAAA;AAAA,MACF,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA,EACH;AACF,CAAA;;;ACzBA,IAAM,WAAA,GAAc,4BAAA;AAEb,IAAM,oBAAoB,MAAY;AAC3C,EAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,EAAA,IAAI,QAAA,CAAS,aAAA,CAAc,CAAA,CAAA,EAAI,WAAW,GAAG,CAAA,EAAG;AAEhD,EAAA,MAAM,GAAA,GAAM,QAAA,CAAS,aAAA,CAAc,KAAK,CAAA;AACxC,EAAA,GAAA,CAAI,YAAA,CAAa,aAAa,EAAE,CAAA;AAChC,EAAA,GAAA,CAAI,MAAM,OAAA,GACR,uOAAA;AAEF,EAAA,MAAM,IAAA,GAAO,QAAA,CAAS,aAAA,CAAc,MAAM,CAAA;AAC1C,EAAA,IAAA,CAAK,WAAA,GAAc,iDAAA;AACnB,EAAA,GAAA,CAAI,YAAY,IAAI,CAAA;AAEpB,EAAA,MAAM,OAAA,GAAU,QAAA,CAAS,aAAA,CAAc,QAAQ,CAAA;AAC/C,EAAA,OAAA,CAAQ,IAAA,GAAO,QAAA;AACf,EAAA,OAAA,CAAQ,YAAA,CAAa,8BAA8B,EAAE,CAAA;AACrD,EAAA,OAAA,CAAQ,WAAA,GAAc,MAAA;AACtB,EAAA,OAAA,CAAQ,YAAA,CAAa,cAAc,0BAA0B,CAAA;AAC7D,EAAA,OAAA,CAAQ,MAAM,OAAA,GACZ,+FAAA;AACF,EAAA,OAAA,CAAQ,gBAAA,CAAiB,OAAA,EAAS,MAAM,GAAA,CAAI,QAAQ,CAAA;AACpD,EAAA,GAAA,CAAI,YAAY,OAAO,CAAA;AAEvB,EAAA,QAAA,CAAS,IAAA,CAAK,YAAY,GAAG,CAAA;AAC/B,CAAA;;;ACcA,IAAM,kBAAA,GAAqB,SAAA;AAE3B,IAAM,kBAAkB,CAAC,IAAA,KACvB,OAAO,IAAA,KAAS,YAChB,IAAA,KAAS,IAAA,IACT,MAAA,IAAU,IAAA,IACV,OAAQ,IAAA,CAA2B,IAAA,KAAS,YAC3C,IAAA,CAA0B,IAAA,CAAK,WAAW,kBAAkB,CAAA;AAExD,IAAM,YAAA,GAAe,CAC1B,MAAA,EACA,OAAA,EACA,YAAA,KACS;AACT,EAAA,IAAI,iBAAiB,GAAA,EAAK;AACxB,IAAA,MAAM,IAAI,WAAA,CAAY;AAAA,MACpB,IAAA,EAAM,kBAAA;AAAA,MACN,IAAA,EAAM,2BAAA;AAAA,MACN,OAAA,EAAS,0CAAA;AAAA,MACT,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA,EACH;AACA,EAAA,IAAI,CAAC,OAAO,aAAA,EAAe;AACzB,IAAA,MAAM,IAAI,WAAA,CAAY;AAAA,MACpB,IAAA,EAAM,kBAAA;AAAA,MACN,IAAA,EAAM,mBAAA;AAAA,MACN,OAAA,EAAS,iEAAA;AAAA,MACT,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA,EACH;AACA,EAAA,MAAA,CAAO,aAAA,CAAc,WAAA,CAAY,OAAA,EAAS,YAAY,CAAA;AACxD;AAEO,IAAM,YAAA,GAAe,CAAC,OAAA,EAAyB,YAAA,KAA+B;AACnF,EAAA,IAAI,iBAAiB,GAAA,EAAK;AACxB,IAAA,MAAM,IAAI,MAAM,0CAA0C,CAAA;AAAA,EAC5D;AACA,EAAA,MAAA,CAAO,MAAA,CAAO,WAAA,CAAY,OAAA,EAAS,YAAY,CAAA;AACjD;AAEO,IAAM,aAAA,GAAgB,CAC3B,KAAA,EACA,cAAA,KACa;AACb,EAAA,IAAI,KAAA,CAAM,MAAA,KAAW,cAAA,EAAgB,OAAO,IAAA;AAC5C,EAAA,IAAI,CAAC,eAAA,CAAgB,KAAA,CAAM,IAAI,GAAG,OAAO,IAAA;AACzC,EAAA,OAAO,KAAA,CAAM,IAAA;AACf;;;AChFA,IAAM,oBAAA,uBAA2B,GAAA,CAAI;AAAA,EACnC,UAAA;AAAA,EACA,WAAA;AAAA,EACA,gBAAA;AAAA,EACA,SAAA;AAAA,EACA,KAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EACA,QAAA;AAAA,EACA;AACF,CAAC,CAAA;AAED,IAAM,aAAA,GAAgB,CAAC,KAAA,KAA0D;AAC/E,EAAA,MAAM,MAA8B,EAAC;AACrC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AAChD,IAAA,MAAM,aAAA,GAAgB,IAAI,WAAA,EAAY;AACtC,IAAA,IAAI,oBAAA,CAAqB,GAAA,CAAI,aAAa,CAAA,EAAG;AAE3C,MAAA;AAAA,IACF;AACA,IAAA,GAAA,CAAI,GAAG,CAAA,GAAI,KAAA;AAAA,EACb;AACA,EAAA,OAAO,GAAA;AACT,CAAA;AAEO,IAAM,aAAA,GAAgB,CAAC,KAAA,KAAoC;AAChE,EAAA,MAAM,SAAsB,EAAE,IAAA,EAAM,aAAA,CAAc,KAAA,CAAM,IAAI,CAAA,EAAE;AAC9D,EAAA,IAAI,MAAM,OAAA,KAAY,MAAA,SAAkB,OAAA,GAAU,aAAA,CAAc,MAAM,OAAO,CAAA;AAC7E,EAAA,IAAI,MAAM,KAAA,KAAU,MAAA,SAAkB,KAAA,GAAQ,aAAA,CAAc,MAAM,KAAK,CAAA;AACvE,EAAA,OAAO,MAAA;AACT;;;ACPO,IAAM,UAAN,MAAc;AAAA,EAMnB,WAAA,CACkB,KAAA,EACC,OAAA,EACA,OAAA,EACjB;AAHgB,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AACC,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AARnB,IAAA,IAAA,CAAQ,MAAA,GAAmC,IAAA;AAC3C,IAAA,IAAA,CAAiB,SAAA,uBAAgB,GAAA,EAAc;AAC/C,IAAA,IAAA,CAAQ,MAAA,GAAwC,SAAA;AAChD,IAAA,IAAA,CAAQ,cAAA,GAAqD,IAAA;AAAA,EAM1D;AAAA,EAEH,MAAM,MAAA,EAAoC;AACxC,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,MAAM,IAAI,WAAA,CAAY;AAAA,QACpB,IAAA,EAAM,kBAAA;AAAA,QACN,IAAA,EAAM,iBAAA;AAAA,QACN,OAAA,EAAS,CAAA,QAAA,EAAW,IAAA,CAAK,KAAK,CAAA,mBAAA,CAAA;AAAA,QAC9B,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AACA,IAAA,MAAM,YAAY,OAAO,MAAA,KAAW,WAAW,QAAA,CAAS,aAAA,CAAc,MAAM,CAAA,GAAI,MAAA;AAChF,IAAA,IAAI,EAAE,qBAAqB,WAAA,CAAA,EAAc;AACvC,MAAA,MAAM,IAAI,WAAA,CAAY;AAAA,QACpB,IAAA,EAAM,kBAAA;AAAA,QACN,IAAA,EAAM,wBAAA;AAAA,QACN,OAAA,EAAS,CAAA,wBAAA,EAA2B,MAAA,CAAO,MAAM,CAAC,CAAA,CAAA;AAAA,QAClD,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,MAAA,GAAS,QAAA,CAAS,aAAA,CAAc,QAAQ,CAAA;AAC9C,IAAA,MAAA,CAAO,MAAM,CAAA,EAAG,IAAA,CAAK,QAAQ,UAAU,CAAA,QAAA,EAAW,KAAK,KAAK,CAAA,CAAA;AAC5D,IAAA,MAAA,CAAO,MAAM,OAAA,GAAU,gDAAA;AACvB,IAAA,MAAA,CAAO,YAAA,CAAa,SAAS,SAAS,CAAA;AACtC,IAAA,MAAA,CAAO,YAAA,CAAa,qBAAA,EAAuB,IAAA,CAAK,KAAK,CAAA;AACrD,IAAA,SAAA,CAAU,YAAY,MAAM,CAAA;AAC5B,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,MAAM,iBAAiB,IAAI,GAAA,CAAI,IAAA,CAAK,OAAA,CAAQ,UAAU,CAAA,CAAE,MAAA;AAExD,IAAA,IAAA,CAAK,cAAA,GAAiB,CAAC,KAAA,KAAwB;AAvEnD,MAAA,IAAA,EAAA;AA2EM,MAAA,IAAI,KAAA,CAAM,MAAA,MAAA,CAAW,EAAA,GAAA,IAAA,CAAK,MAAA,KAAL,mBAAa,aAAA,CAAA,EAAe;AAEjD,MAAA,MAAM,IAAA,GAAO,aAAA,CAA8B,KAAA,EAAO,cAAc,CAAA;AAChE,MAAA,IAAI,CAAC,IAAA,EAAM;AACX,MAAA,IAAA,CAAK,cAAc,IAAI,CAAA;AAAA,IACzB,CAAA;AACA,IAAA,MAAA,CAAO,gBAAA,CAAiB,SAAA,EAAW,IAAA,CAAK,cAAc,CAAA;AAEtD,IAAA,MAAA,CAAO,gBAAA;AAAA,MACL,MAAA;AAAA,MACA,MAAM;AACJ,QAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAClB,QAAA,MAAM,KAAA,GAAwB;AAAA,UAC5B,IAAA,EAAM,cAAA;AAAA,UACN,MAAA,EAAQ,OAAO,QAAA,CAAS,MAAA;AAAA,UACxB,cAAA,EAAgB,KAAK,OAAA,CAAQ,cAAA;AAAA,UAC7B,SAAA,EAAW,KAAK,OAAA,CAAQ;AAAA,SAC1B;AACA,QAAA,YAAA,CAAa,IAAA,CAAK,MAAA,EAAQ,KAAA,EAAO,cAAc,CAAA;AAAA,MACjD,CAAA;AAAA,MACA,EAAE,MAAM,IAAA;AAAK,KACf;AAAA,EACF;AAAA,EAEQ,cAAc,IAAA,EAA4B;AAChD,IAAA,IAAI,IAAA,CAAK,SAAS,cAAA,EAAgB;AAChC,MAAA,IAAA,CAAK,MAAA,GAAS,OAAA;AAEd,MAAA,IAAI,IAAA,CAAK,QAAQ,KAAA,EAAO;AACtB,QAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,cAAA,EAAgB,OAAA,EAAS,cAAc,IAAA,CAAK,OAAA,CAAQ,KAAK,CAAA,EAAG,CAAA;AAAA,MAChF;AACA,MAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,OAAA,EAAS,CAAA;AAAA,IAC7B,CAAA,MAAA,IAAW,IAAA,CAAK,IAAA,KAAS,iBAAA,EAAmB;AAC1C,MAAA,IAAA,CAAK,MAAA,GAAS,OAAA;AACd,MAAA,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,SAAS,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA;AAAA,IAClD,WAAW,IAAA,CAAK,IAAA,KAAS,mBAAmB,IAAA,CAAK,KAAA,KAAU,KAAK,KAAA,EAAO;AACrE,MAAA,IAAA,CAAK,IAAA,CAAK;AAAA,QACR,IAAA,EAAM,QAAA;AAAA,QACN,SAAS,IAAA,CAAK,OAAA;AAAA,QACd,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,UAAU,IAAA,CAAK;AAAA,OAChB,CAAA;AAAA,IACH;AAAA,EAEF;AAAA,EAEA,OAAO,OAAA,EAAwC;AAC7C,IAAA,IAAI,QAAQ,KAAA,EAAO;AACjB,MAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,cAAA,EAAgB,SAAS,aAAA,CAAc,OAAA,CAAQ,KAAK,CAAA,EAAG,CAAA;AAAA,IAC3E;AAAA,EACF;AAAA,EAEA,OAAA,GAAgB;AACd,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,IAAA,CAAK,OAAO,MAAA,EAAO;AACnB,MAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AAAA,IAChB;AACA,IAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,MAAA,MAAA,CAAO,mBAAA,CAAoB,SAAA,EAAW,IAAA,CAAK,cAAc,CAAA;AACzD,MAAA,IAAA,CAAK,cAAA,GAAiB,IAAA;AAAA,IACxB;AACA,IAAA,IAAA,CAAK,UAAU,KAAA,EAAM;AACrB,IAAA,IAAA,CAAK,MAAA,GAAS,SAAA;AAAA,EAChB;AAAA,EAEA,EAAA,CAAG,QAAsC,QAAA,EAAgC;AACvE,IAAA,IAAA,CAAK,SAAA,CAAU,IAAI,QAAQ,CAAA;AAC3B,IAAA,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,QAAQ,CAAA;AAAA,EAC7C;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,cAAA,EAAgB,CAAA;AAAA,EACpC;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,cAAA,EAAgB,CAAA;AAAA,EACpC;AAAA,EAEA,OAAA,GAAmB;AACjB,IAAA,OAAO,KAAK,MAAA,KAAW,OAAA;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,sBAAA,GAAwC;AAlK1C,IAAA,IAAA,EAAA,EAAA,EAAA;AAmKI,IAAA,OAAA,CAAO,EAAA,GAAA,CAAA,EAAA,GAAA,IAAA,CAAK,MAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAa,aAAA,KAAb,IAAA,GAAA,EAAA,GAA8B,IAAA;AAAA,EACvC;AAAA;AAAA,EAGA,KAAK,OAAA,EAA+B;AAClC,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,WAAA,CAAY;AAAA,QACpB,IAAA,EAAM,kBAAA;AAAA,QACN,IAAA,EAAM,aAAA;AAAA,QACN,OAAA,EAAS,CAAA,QAAA,EAAW,IAAA,CAAK,KAAK,CAAA,eAAA,CAAA;AAAA,QAC9B,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AACA,IAAA,YAAA,CAAa,IAAA,CAAK,QAAQ,OAAA,EAAS,IAAI,IAAI,IAAA,CAAK,OAAA,CAAQ,UAAU,CAAA,CAAE,MAAM,CAAA;AAAA,EAC5E;AAAA,EAEQ,KAAK,KAAA,EAA2B;AACtC,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,QAAA,CAAS,KAAK,CAAA;AAAA,IAChB;AAAA,EACF;AACF;;;AC9KA,IAAM,mBAAA,GAAsB,0BAAA;AAE5B,IAAM,kBAAkB,MAAc;AAZtC,EAAA,IAAA,EAAA;AAaE,EAAA,IAAI,EAAA,CAAC,EAAA,GAAA,UAAA,CAAW,MAAA,KAAX,IAAA,GAAA,MAAA,GAAA,EAAA,CAAmB,UAAA,CAAA,EAAY;AAClC,IAAA,MAAM,IAAI,WAAA,CAAY;AAAA,MACpB,IAAA,EAAM,kBAAA;AAAA,MACN,IAAA,EAAM,oBAAA;AAAA,MACN,OAAA,EAAS,iDAAA;AAAA,MACT,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA,EACH;AACA,EAAA,OAAO,UAAA,CAAW,OAAO,UAAA,EAAW;AACtC,CAAA;AAEO,IAAM,WAAN,MAAe;AAAA,EAOpB,YAAY,IAAA,EAAuD;AANnE,IAAA,IAAA,CAAiB,UAAA,uBAAiB,GAAA,EAAwB;AAI1D,IAAA,IAAA,CAAQ,gBAAA,GAAmB,KAAA;AA7B7B,IAAA,IAAA,EAAA;AAgCI,IAAA,IAAA,CAAK,iBAAiB,IAAA,CAAK,cAAA;AAC3B,IAAA,IAAA,CAAK,UAAA,GAAA,CAAa,EAAA,GAAA,IAAA,CAAK,UAAA,KAAL,IAAA,GAAA,EAAA,GAAmB,mBAAA;AACrC,IAAA,IAAA,CAAK,YAAY,eAAA,EAAgB;AAAA,EACnC;AAAA,EAEA,MAAA,CAAO,KAAA,EAAkB,OAAA,GAA0B,EAAC,EAAY;AAC9D,IAAA,IAAI,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,KAAK,CAAA,EAAG;AAC9B,MAAA,MAAM,IAAI,WAAA,CAAY;AAAA,QACpB,IAAA,EAAM,kBAAA;AAAA,QACN,IAAA,EAAM,mBAAA;AAAA,QACN,OAAA,EAAS,eAAe,KAAK,CAAA,gBAAA,CAAA;AAAA,QAC7B,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AACA,IAAA,MAAM,GAAA,GAAsB;AAAA,MAC1B,YAAY,IAAA,CAAK,UAAA;AAAA,MACjB,gBAAgB,IAAA,CAAK,cAAA;AAAA,MACrB,WAAW,IAAA,CAAK;AAAA,KAClB;AACA,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,KAAA,EAAO,SAAS,GAAG,CAAA;AAC/C,IAAA,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,KAAA,EAAO,OAAO,CAAA;AAClC,IAAA,OAAO,OAAA;AAAA,EACT;AAAA,EAEA,MAAM,QAAA,CAAS,SAAA,EAAmB,cAAA,EAAiD;AAEjF,IAAA,IAAI,KAAK,gBAAA,EAAkB;AACzB,MAAA,MAAM,IAAI,WAAA,CAAY;AAAA,QACpB,IAAA,EAAM,kBAAA;AAAA,QACN,IAAA,EAAM,sBAAA;AAAA,QACN,OAAA,EAAS,qEAAA;AAAA,QACT,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,YAAY,CAAA;AACnD,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,YAAY,CAAA;AACnD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,SAAS,CAAA;AAE7C,IAAA,IAAI,CAAC,UAAA,IAAc,CAAC,UAAA,IAAc,CAAC,OAAA,EAAS;AAC1C,MAAA,MAAM,IAAI,WAAA,CAAY;AAAA,QACpB,IAAA,EAAM,kBAAA;AAAA,QACN,IAAA,EAAM,qBAAA;AAAA,QACN,OAAA,EACE,oGAAA;AAAA,QACF,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AACA,IAAA,IAAI,CAAC,UAAA,CAAW,OAAA,EAAQ,IAAK,CAAC,UAAA,CAAW,OAAA,EAAQ,IAAK,CAAC,OAAA,CAAQ,OAAA,EAAQ,EAAG;AACxE,MAAA,MAAM,IAAI,WAAA,CAAY;AAAA,QACpB,IAAA,EAAM,kBAAA;AAAA,QACN,IAAA,EAAM,oBAAA;AAAA,QACN,OAAA,EAAS,+DAAA;AAAA,QACT,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AAEA,IAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AACxB,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,IAAA,CAAK,UAAA,CAAW,UAAA,EAAY,WAAW,cAAc,CAAA;AAAA,IACpE,CAAA,SAAE;AACA,MAAA,IAAA,CAAK,gBAAA,GAAmB,KAAA;AAAA,IAC1B;AAAA,EACF;AAAA,EAEQ,UAAA,CACN,UAAA,EACA,SAAA,EACA,cAAA,EACyB;AACzB,IAAA,MAAM,YAAA,GAAe,IAAI,GAAA,CAAI,IAAA,CAAK,UAAU,CAAA,CAAE,MAAA;AAG9C,IAAA,MAAM,gBAAA,GAAmB,WAAW,sBAAA,EAAuB;AAE3D,IAAA,OAAO,IAAI,OAAA,CAAwB,CAAC,OAAA,EAAS,MAAA,KAAW;AAEtD,MAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,UAAA,CAAW,MAAM;AACpC,QAAA,MAAA,CAAO,mBAAA,CAAoB,WAAW,SAAS,CAAA;AAC/C,QAAA,MAAA;AAAA,UACE,IAAI,WAAA,CAAY;AAAA,YACd,IAAA,EAAM,eAAA;AAAA,YACN,IAAA,EAAM,kBAAA;AAAA,YACN,OAAA,EAAS,uCAAA;AAAA,YACT,SAAA,EAAW,IAAA;AAAA,YACX;AAAA,WACD;AAAA,SACH;AAAA,MACF,GAAG,GAAM,CAAA;AAET,MAAA,MAAM,SAAA,GAAY,CAAC,KAAA,KAAwB;AAEzC,QAAA,IAAI,gBAAA,KAAqB,IAAA,IAAQ,KAAA,CAAM,MAAA,KAAW,gBAAA,EAAkB;AAEpE,QAAA,MAAM,IAAA,GAAO,aAAA,CAA8B,KAAA,EAAO,YAAY,CAAA;AAC9D,QAAA,IAAI,CAAC,IAAA,EAAM;AAEX,QAAA,IAAI,IAAA,CAAK,SAAS,wBAAA,EAA0B;AAC1C,UAAA,YAAA,CAAa,KAAK,CAAA;AAClB,UAAA,MAAA,CAAO,mBAAA,CAAoB,WAAW,SAAS,CAAA;AAC/C,UAAA,OAAA,CAAQ;AAAA,YACN,aAAa,IAAA,CAAK,WAAA;AAAA,YAClB,UAAU,IAAA,CAAK,QAAA;AAAA,YACf,YAAY,IAAA,CAAK,UAAA;AAAA,YACjB,SAAS,IAAA,CAAK,OAAA;AAAA,YACd,WAAW,IAAA,CAAK,SAAA;AAAA,YAChB,WAAW,IAAA,CAAK;AAAA,WACjB,CAAA;AAAA,QACH,CAAA,MAAA,IAAW,IAAA,CAAK,IAAA,KAAS,uBAAA,EAAyB;AAChD,UAAA,YAAA,CAAa,KAAK,CAAA;AAClB,UAAA,MAAA,CAAO,mBAAA,CAAoB,WAAW,SAAS,CAAA;AAC/C,UAAA,MAAM,OAAA,GACJ,KAAK,SAAA,KAAc,kBAAA,IAAsB,KAAK,SAAA,KAAc,WAAA,GACxD,KAAK,SAAA,GACL,WAAA;AACN,UAAA,MAAA;AAAA,YACE,IAAI,WAAA,CAAY;AAAA,cACd,IAAA,EAAM,OAAA;AAAA,cACN,MAAM,IAAA,CAAK,IAAA;AAAA,cACX,SAAS,IAAA,CAAK,OAAA;AAAA,cACd,SAAA,EAAW,KAAA;AAAA,cACX;AAAA,aACD;AAAA,WACH;AAAA,QACF;AAAA,MACF,CAAA;AAEA,MAAA,MAAA,CAAO,gBAAA,CAAiB,WAAW,SAAS,CAAA;AAC5C,MAAA,UAAA,CAAW,KAAK,EAAE,IAAA,EAAM,iBAAA,EAAmB,SAAA,EAAW,gBAAgB,CAAA;AAAA,IACxE,CAAC,CAAA;AAAA,EACH;AAAA,EAEA,OAAA,GAAgB;AACd,IAAA,KAAA,MAAW,EAAA,IAAM,IAAA,CAAK,UAAA,CAAW,MAAA,EAAO,EAAG;AACzC,MAAA,EAAA,CAAG,OAAA,EAAQ;AAAA,IACb;AACA,IAAA,IAAA,CAAK,WAAW,KAAA,EAAM;AAAA,EACxB;AACF;;;ACjKA,IAAMA,uBAAAA,GAAkE,sBAAA;AAMxE,IAAM,gBAAA,GAAmB,0BAAA;AASzB,IAAM,KAAA,uBAAY,GAAA,EAAqC;AAEvD,IAAM,aAAA,GAAgB,CAAC,cAAA,EAAwB,IAAA,KAA4C;AA1B3F,EAAA,IAAA,EAAA;AA2BE,EAAA,MAAM,OAAA,GAAA,CAAU,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,EAAA,GAAgB,gBAAA;AAChC,EAAA,sBAAA,CAAuB,OAAO,CAAA;AAC9B,EAAA,IAAI,iBAAA,CAAkB,cAAc,CAAA,KAAM,SAAA,EAAW;AACnD,IAAA,iBAAA,EAAkB;AAAA,EACpB;AACA,EAAA,OAAO;AAAA,IACL,cAAA;AAAA,IACA,OAAA;AAAA,IACA,WAAA,EAAa,kBAAkB,cAAc,CAAA;AAAA,IAC7C,UAAU,MAAM,IAAI,QAAA,CAAS,EAAE,gBAAgB;AAAA,GACjD;AACF,CAAA;AAEA,SAAS,IAAA,CAAK,cAAA,EAAwB,IAAA,GAA0B,EAAC,EAA4B;AAxC7F,EAAA,IAAA,EAAA;AAyCE,EAAA,IAAI;AACF,IAAAA,wBAAuB,cAAc,CAAA;AAAA,EACvC,SAAS,GAAA,EAAK;AACZ,IAAA,OAAO,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,EAC3B;AACA,EAAA,MAAM,MAAM,CAAA,EAAG,cAAc,KAAI,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,YAAgB,gBAAgB,CAAA,CAAA;AACjE,EAAA,MAAM,QAAA,GAAW,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAC9B,EAAA,IAAI,UAAU,OAAO,QAAA;AACrB,EAAA,MAAM,UAAU,OAAA,CAAQ,OAAA,CAAQ,aAAA,CAAc,cAAA,EAAgB,IAAI,CAAC,CAAA;AACnE,EAAA,KAAA,CAAM,GAAA,CAAI,KAAK,OAAO,CAAA;AACtB,EAAA,OAAO,OAAA;AACT;AAEA,IAAM,gBAAgB,MAAY;AAChC,EAAA,KAAA,CAAM,KAAA,EAAM;AACd,CAAA;AAEO,IAAM,MAAA,GAAS;AAAA,EACpB,IAAA;AAAA,EACA,eAAA,EAAiB;AACnB;;;AC7DO,IAAM,SAAA,GAAY,CAAC,GAAA,KAAyB;AACjD,EAAA,IAAI,CAAC,OAAA,CAAQ,IAAA,CAAK,GAAG,GAAG,OAAO,KAAA;AAC/B,EAAA,IAAI,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA,EAAG,OAAO,KAAA;AAC7B,EAAA,IAAI,GAAA,GAAM,CAAA;AACV,EAAA,IAAI,SAAA,GAAY,KAAA;AAChB,EAAA,KAAA,IAAS,IAAI,GAAA,CAAI,MAAA,GAAS,CAAA,EAAG,CAAA,IAAK,GAAG,CAAA,EAAA,EAAK;AACxC,IAAA,IAAI,CAAA,GAAI,GAAA,CAAI,UAAA,CAAW,CAAC,CAAA,GAAI,EAAA;AAC5B,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,CAAA,IAAK,CAAA;AACL,MAAA,IAAI,CAAA,GAAI,GAAG,CAAA,IAAK,CAAA;AAAA,IAClB;AACA,IAAA,GAAA,IAAO,CAAA;AACP,IAAA,SAAA,GAAY,CAAC,SAAA;AAAA,EACf;AACA,EAAA,OAAO,MAAM,EAAA,KAAO,CAAA;AACtB;;;ACEO,IAAM,WAAA,GAAc","file":"index.mjs","sourcesContent":["export type ArcPayErrorType =\n  | \"validation_error\"\n  | \"authentication_error\"\n  | \"authorization_error\"\n  | \"state_error\"\n  | \"rate_limit_error\"\n  | \"api_error\"\n  | \"network_error\"\n  | \"challenge_aborted\";\n\nexport interface ArcPayErrorInit {\n  type: ArcPayErrorType;\n  message: string;\n  code?: string;\n  param?: string;\n  paymentId?: string;\n  declineCode?: string;\n  retryable: boolean;\n  requestId?: string;\n}\n\nexport class ArcPayError extends Error {\n  readonly type: ArcPayErrorType;\n  readonly code?: string;\n  readonly param?: string;\n  readonly paymentId?: string;\n  readonly declineCode?: string;\n  readonly retryable: boolean;\n  readonly requestId?: string;\n\n  constructor(init: ArcPayErrorInit) {\n    super(init.message);\n    this.name = \"ArcPayError\";\n    this.type = init.type;\n    this.code = init.code;\n    this.param = init.param;\n    this.paymentId = init.paymentId;\n    this.declineCode = init.declineCode;\n    this.retryable = init.retryable;\n    this.requestId = init.requestId;\n  }\n}\n\nexport const isValidationError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"validation_error\";\nexport const isAuthenticationError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"authentication_error\";\nexport const isAuthorizationError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"authorization_error\";\nexport const isStateError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"state_error\";\nexport const isRateLimitError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"rate_limit_error\";\nexport const isApiError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"api_error\";\nexport const isNetworkError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"network_error\";\nexport const isChallengeAborted = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"challenge_aborted\";\n","import { ArcPayError } from \"./errors\";\n\nconst readCspContent = (): string | null => {\n  if (typeof document === \"undefined\") return null;\n  const meta = document.head.querySelector<HTMLMetaElement>(\n    'meta[http-equiv=\"Content-Security-Policy\"]',\n  );\n  return meta?.getAttribute(\"content\") ?? null;\n};\n\nconst extractDirective = (csp: string, name: string): string | null => {\n  const lower = csp.toLowerCase();\n  const idx = lower.indexOf(`${name} `);\n  if (idx === -1) return null;\n  const rest = csp.slice(idx + name.length + 1);\n  const end = rest.indexOf(\";\");\n  return (end === -1 ? rest : rest.slice(0, end)).trim();\n};\n\nconst directiveAllowsHost = (directive: string, host: string): boolean => {\n  const tokens = directive.split(/\\s+/).filter(Boolean);\n  if (tokens.includes(\"*\")) return true;\n  return tokens.some((t) => {\n    if (t === host) return true;\n    if (t.startsWith(\"https://*\")) {\n      const suffix = t.slice(\"https://*\".length);\n      return host.endsWith(suffix);\n    }\n    return false;\n  });\n};\n\nexport const verifyCspAllowsApiBase = (apiBase: string): void => {\n  const csp = readCspContent();\n  if (!csp) return;\n  const directive = extractDirective(csp, \"connect-src\");\n  if (!directive) return;\n  if (directiveAllowsHost(directive, apiBase)) return;\n  throw new ArcPayError({\n    type: \"validation_error\",\n    code: \"csp_blocks_api\",\n    message: `CSP connect-src directive does not allow ${apiBase}. Add it to your Content-Security-Policy header.`,\n    retryable: false,\n  });\n};\n","import { ArcPayError } from \"./errors\";\n\nexport type Environment = \"sandbox\" | \"live\";\n\nexport const detectEnvironment = (publishableKey: string): Environment =>\n  publishableKey.startsWith(\"pk_test_\") ? \"sandbox\" : \"live\";\n\nexport const validatePublishableKey = (key: unknown): asserts key is string => {\n  if (typeof key !== \"string\" || key.length === 0) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"invalid_publishable_key\",\n      message: \"Publishable key must be a non-empty string\",\n      retryable: false,\n    });\n  }\n  if (!key.startsWith(\"pk_test_\") && !key.startsWith(\"pk_live_\")) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"invalid_publishable_key\",\n      message:\n        \"Publishable key must start with pk_test_ or pk_live_. Secret keys (sk_*) cannot be used in browser.\",\n      retryable: false,\n    });\n  }\n};\n","const BANNER_ATTR = \"data-arcpay-sandbox-banner\";\n\nexport const showSandboxBanner = (): void => {\n  if (typeof document === \"undefined\") return;\n  if (document.querySelector(`[${BANNER_ATTR}]`)) return;\n\n  const bar = document.createElement(\"div\");\n  bar.setAttribute(BANNER_ATTR, \"\");\n  bar.style.cssText =\n    \"position:fixed;top:0;left:0;right:0;z-index:2147483647;background:#ffd166;color:#222;font:13px/1.4 system-ui,sans-serif;padding:6px 12px;display:flex;align-items:center;justify-content:center;box-shadow:0 1px 3px rgba(0,0,0,0.1);\";\n\n  const text = document.createElement(\"span\");\n  text.textContent = \"ARC PAY TEST MODE — payments are simulated\";\n  bar.appendChild(text);\n\n  const dismiss = document.createElement(\"button\");\n  dismiss.type = \"button\";\n  dismiss.setAttribute(\"data-arcpay-banner-dismiss\", \"\");\n  dismiss.textContent = \"×\";\n  dismiss.setAttribute(\"aria-label\", \"Dismiss test mode banner\");\n  dismiss.style.cssText =\n    \"margin-left:12px;background:transparent;border:0;font-size:18px;cursor:pointer;color:inherit;\";\n  dismiss.addEventListener(\"click\", () => bar.remove());\n  bar.appendChild(dismiss);\n\n  document.body.appendChild(bar);\n};\n","import { ArcPayError } from \"../core/errors\";\n\nexport type FieldType = \"cardNumber\" | \"cardExpiry\" | \"cardCvv\";\n\n// Parent → iframe\nexport type ParentToIframe =\n  | { type: \"arcpay:hello\"; origin: string; publishableKey: string; channelId: string }\n  | { type: \"arcpay:style\"; payload: StyleSubset }\n  | { type: \"arcpay:focus\" }\n  | { type: \"arcpay:clear\" }\n  | { type: \"arcpay:tokenize\"; paymentId: string; idempotencyKey: string };\n\n// iframe → parent\nexport type IframeToParent =\n  | { type: \"arcpay:ready\" }\n  | { type: \"arcpay:rejected\"; reason: string }\n  | {\n      type: \"arcpay:change\";\n      field: FieldType;\n      isValid: boolean;\n      brand?: string;\n      lastFour?: string;\n    }\n  | {\n      type: \"arcpay:tokenize-result\";\n      cardTokenId: string;\n      cardMask: string;\n      cardScheme: string;\n      cardBin: string;\n      expiresIn: number;\n      expiresAt: string;\n    }\n  | { type: \"arcpay:tokenize-error\"; errorType: string; code?: string; message: string };\n\nexport interface StyleSubset {\n  base: Record<string, string>;\n  invalid?: Record<string, string>;\n  focus?: Record<string, string>;\n}\n\nconst ARCPAY_TYPE_PREFIX = \"arcpay:\";\n\nconst isArcpayMessage = (data: unknown): data is { type: string } =>\n  typeof data === \"object\" &&\n  data !== null &&\n  \"type\" in data &&\n  typeof (data as { type: unknown }).type === \"string\" &&\n  (data as { type: string }).type.startsWith(ARCPAY_TYPE_PREFIX);\n\nexport const postToIframe = (\n  iframe: HTMLIFrameElement,\n  message: ParentToIframe,\n  targetOrigin: string,\n): void => {\n  if (targetOrigin === \"*\") {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"wildcard_origin_forbidden\",\n      message: \"postToIframe: targetOrigin cannot be '*'\",\n      retryable: false,\n    });\n  }\n  if (!iframe.contentWindow) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"iframe_not_loaded\",\n      message: \"postToIframe: iframe.contentWindow is null (iframe not mounted)\",\n      retryable: false,\n    });\n  }\n  iframe.contentWindow.postMessage(message, targetOrigin);\n};\n\nexport const postToParent = (message: IframeToParent, targetOrigin: string): void => {\n  if (targetOrigin === \"*\") {\n    throw new Error(\"postToParent: targetOrigin cannot be '*'\");\n  }\n  window.parent.postMessage(message, targetOrigin);\n};\n\nexport const parseIncoming = <T extends { type: string }>(\n  event: MessageEvent,\n  expectedOrigin: string,\n): T | null => {\n  if (event.origin !== expectedOrigin) return null;\n  if (!isArcpayMessage(event.data)) return null;\n  return event.data as T;\n};\n","import type { StyleSubset } from \"./postmessage\";\n\n// Spec calls out position:fixed, transform, pointer-events:none as forbidden.\n// We extend to cover the full clickjacking attack surface: any positioning\n// (fixed/absolute/sticky), transform, all pointer-events values, z-index, and\n// inset properties (top/left/right/bottom/inset). The legitimate use cases\n// for these in a 1-line input field are zero, so blanket drop.\nconst FORBIDDEN_PROPERTIES = new Set([\n  \"position\",\n  \"transform\",\n  \"pointer-events\",\n  \"z-index\",\n  \"top\",\n  \"left\",\n  \"right\",\n  \"bottom\",\n  \"inset\",\n]);\n\nconst sanitizeBlock = (block: Record<string, string>): Record<string, string> => {\n  const out: Record<string, string> = {};\n  for (const [key, value] of Object.entries(block)) {\n    const normalizedKey = key.toLowerCase();\n    if (FORBIDDEN_PROPERTIES.has(normalizedKey)) {\n      // Defense against position/transform-based clickjacking. Silently drop.\n      continue;\n    }\n    out[key] = value;\n  }\n  return out;\n};\n\nexport const sanitizeStyle = (style: StyleSubset): StyleSubset => {\n  const result: StyleSubset = { base: sanitizeBlock(style.base) };\n  if (style.invalid !== undefined) result.invalid = sanitizeBlock(style.invalid);\n  if (style.focus !== undefined) result.focus = sanitizeBlock(style.focus);\n  return result;\n};\n","import { ArcPayError } from \"../core/errors\";\nimport {\n  type FieldType,\n  type ParentToIframe,\n  type IframeToParent,\n  type StyleSubset,\n  postToIframe,\n  parseIncoming,\n} from \"./postmessage\";\nimport { sanitizeStyle } from \"./style\";\n\nexport interface ElementOptions {\n  /** StyleSubset applied via arcpay:style postMessage. */\n  style?: StyleSubset;\n  placeholder?: string;\n}\n\nexport type ElementEvent =\n  | { type: \"ready\" }\n  | { type: \"change\"; isValid: boolean; brand?: string; lastFour?: string }\n  | { type: \"error\"; reason: string };\n\ntype Listener = (event: ElementEvent) => void;\n\nexport interface ElementContext {\n  iframeBase: string;\n  publishableKey: string;\n  channelId: string;\n}\n\nexport class Element {\n  private iframe: HTMLIFrameElement | null = null;\n  private readonly listeners = new Set<Listener>();\n  private status: \"pending\" | \"ready\" | \"error\" = \"pending\";\n  private messageHandler: ((e: MessageEvent) => void) | null = null;\n\n  constructor(\n    public readonly field: FieldType,\n    private readonly options: ElementOptions,\n    private readonly context: ElementContext,\n  ) {}\n\n  mount(target: string | HTMLElement): void {\n    if (this.iframe) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"already_mounted\",\n        message: `Element ${this.field} is already mounted`,\n        retryable: false,\n      });\n    }\n    const container = typeof target === \"string\" ? document.querySelector(target) : target;\n    if (!(container instanceof HTMLElement)) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"mount_target_not_found\",\n        message: `mount target not found: ${String(target)}`,\n        retryable: false,\n      });\n    }\n\n    const iframe = document.createElement(\"iframe\");\n    iframe.src = `${this.context.iframeBase}/iframe/${this.field}`;\n    iframe.style.cssText = \"border:0;width:100%;height:100%;display:block;\";\n    iframe.setAttribute(\"allow\", \"payment\");\n    iframe.setAttribute(\"data-arcpay-element\", this.field);\n    container.appendChild(iframe);\n    this.iframe = iframe;\n\n    const expectedOrigin = new URL(this.context.iframeBase).origin;\n\n    this.messageHandler = (event: MessageEvent) => {\n      // C1: source guard — only accept messages from this element's own iframe.\n      // Without this, any iframe at the same origin (e.g. cardExpiry, cardCvv)\n      // could trigger handlers on cardNumber and vice-versa.\n      if (event.source !== this.iframe?.contentWindow) return;\n      // C4: use parseIncoming for origin + arcpay: prefix guard.\n      const data = parseIncoming<IframeToParent>(event, expectedOrigin);\n      if (!data) return;\n      this.handleMessage(data);\n    };\n    window.addEventListener(\"message\", this.messageHandler);\n\n    iframe.addEventListener(\n      \"load\",\n      () => {\n        if (!this.iframe) return;\n        const hello: ParentToIframe = {\n          type: \"arcpay:hello\",\n          origin: window.location.origin,\n          publishableKey: this.context.publishableKey,\n          channelId: this.context.channelId,\n        };\n        postToIframe(this.iframe, hello, expectedOrigin);\n      },\n      { once: true },\n    );\n  }\n\n  private handleMessage(data: IframeToParent): void {\n    if (data.type === \"arcpay:ready\") {\n      this.status = \"ready\";\n      // Apply initial style if provided at construction time.\n      if (this.options.style) {\n        this.send({ type: \"arcpay:style\", payload: sanitizeStyle(this.options.style) });\n      }\n      this.emit({ type: \"ready\" });\n    } else if (data.type === \"arcpay:rejected\") {\n      this.status = \"error\";\n      this.emit({ type: \"error\", reason: data.reason });\n    } else if (data.type === \"arcpay:change\" && data.field === this.field) {\n      this.emit({\n        type: \"change\",\n        isValid: data.isValid,\n        brand: data.brand,\n        lastFour: data.lastFour,\n      });\n    }\n    // arcpay:tokenize-result / arcpay:tokenize-error handled by Elements factory (Task 9).\n  }\n\n  update(options: { style?: StyleSubset }): void {\n    if (options.style) {\n      this.send({ type: \"arcpay:style\", payload: sanitizeStyle(options.style) });\n    }\n  }\n\n  destroy(): void {\n    if (this.iframe) {\n      this.iframe.remove();\n      this.iframe = null;\n    }\n    if (this.messageHandler) {\n      window.removeEventListener(\"message\", this.messageHandler);\n      this.messageHandler = null;\n    }\n    this.listeners.clear();\n    this.status = \"pending\";\n  }\n\n  on(_event: \"ready\" | \"change\" | \"error\", callback: Listener): () => void {\n    this.listeners.add(callback);\n    return () => this.listeners.delete(callback);\n  }\n\n  focus(): void {\n    this.send({ type: \"arcpay:focus\" });\n  }\n\n  clear(): void {\n    this.send({ type: \"arcpay:clear\" });\n  }\n\n  isReady(): boolean {\n    return this.status === \"ready\";\n  }\n\n  /**\n   * Internal: returns the iframe's contentWindow for source-filtering in\n   * Elements.doTokenize(). Returns null when the iframe is not yet mounted\n   * or when jsdom has not yet populated contentWindow (test environment).\n   */\n  getIframeContentWindow(): Window | null {\n    return this.iframe?.contentWindow ?? null;\n  }\n\n  /** Internal: used by Elements factory to send tokenize commands. */\n  send(message: ParentToIframe): void {\n    if (!this.iframe) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"not_mounted\",\n        message: `Element ${this.field} is not mounted`,\n        retryable: false,\n      });\n    }\n    postToIframe(this.iframe, message, new URL(this.context.iframeBase).origin);\n  }\n\n  private emit(event: ElementEvent): void {\n    for (const listener of this.listeners) {\n      listener(event);\n    }\n  }\n}\n","import { ArcPayError } from \"../core/errors\";\nimport { Element, type ElementContext, type ElementOptions } from \"./element\";\nimport type { FieldType, IframeToParent } from \"./postmessage\";\nimport { parseIncoming } from \"./postmessage\";\nimport type { TokenizeResult } from \"../tokenize/tokenize\";\n\nexport type { TokenizeResult };\n\nexport type ElementsOptions = Record<string, never>;\n\nconst DEFAULT_IFRAME_BASE = \"https://sdk.arcpay.space\";\n\nconst createChannelId = (): string => {\n  if (!globalThis.crypto?.randomUUID) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"crypto_unavailable\",\n      message: \"crypto.randomUUID is required for Hosted Fields\",\n      retryable: false,\n    });\n  }\n  return globalThis.crypto.randomUUID();\n};\n\nexport class Elements {\n  private readonly elementMap = new Map<FieldType, Element>();\n  private readonly iframeBase: string;\n  private readonly publishableKey: string;\n  private readonly channelId: string;\n  private tokenizeInFlight = false;\n\n  constructor(opts: { publishableKey: string; iframeBase?: string }) {\n    this.publishableKey = opts.publishableKey;\n    this.iframeBase = opts.iframeBase ?? DEFAULT_IFRAME_BASE;\n    this.channelId = createChannelId();\n  }\n\n  create(field: FieldType, options: ElementOptions = {}): Element {\n    if (this.elementMap.has(field)) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"duplicate_element\",\n        message: `Element for ${field} already created`,\n        retryable: false,\n      });\n    }\n    const ctx: ElementContext = {\n      iframeBase: this.iframeBase,\n      publishableKey: this.publishableKey,\n      channelId: this.channelId,\n    };\n    const element = new Element(field, options, ctx);\n    this.elementMap.set(field, element);\n    return element;\n  }\n\n  async tokenize(paymentId: string, idempotencyKey: string): Promise<TokenizeResult> {\n    // C2: concurrent-call guard — only one tokenize() may be in-flight at a time.\n    if (this.tokenizeInFlight) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"tokenize_in_progress\",\n        message: \"A tokenize() call is already in progress for this Elements instance\",\n        retryable: false,\n      });\n    }\n\n    const cardNumber = this.elementMap.get(\"cardNumber\");\n    const cardExpiry = this.elementMap.get(\"cardExpiry\");\n    const cardCvv = this.elementMap.get(\"cardCvv\");\n\n    if (!cardNumber || !cardExpiry || !cardCvv) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"incomplete_elements\",\n        message:\n          \"All three elements (cardNumber, cardExpiry, cardCvv) must be created and mounted before tokenize()\",\n        retryable: false,\n      });\n    }\n    if (!cardNumber.isReady() || !cardExpiry.isReady() || !cardCvv.isReady()) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"elements_not_ready\",\n        message: \"Wait for all elements to fire 'ready' event before tokenize()\",\n        retryable: false,\n      });\n    }\n\n    this.tokenizeInFlight = true;\n    try {\n      return await this.doTokenize(cardNumber, paymentId, idempotencyKey);\n    } finally {\n      this.tokenizeInFlight = false;\n    }\n  }\n\n  private doTokenize(\n    cardNumber: Element,\n    paymentId: string,\n    idempotencyKey: string,\n  ): Promise<TokenizeResult> {\n    const iframeOrigin = new URL(this.iframeBase).origin;\n    // C1: obtain reference to the cardNumber iframe's contentWindow before\n    // registering the listener so we can filter by source.\n    const cardIframeWindow = cardNumber.getIframeContentWindow();\n\n    return new Promise<TokenizeResult>((resolve, reject) => {\n      // C3: 30-second timeout — rejects and cleans up if no result arrives.\n      const timer = window.setTimeout(() => {\n        window.removeEventListener(\"message\", onMessage);\n        reject(\n          new ArcPayError({\n            type: \"network_error\",\n            code: \"tokenize_timeout\",\n            message: \"tokenize() timed out after 30 seconds\",\n            retryable: true,\n            paymentId,\n          }),\n        );\n      }, 30_000);\n\n      const onMessage = (event: MessageEvent) => {\n        // C1: source guard — only accept messages from the cardNumber iframe.\n        if (cardIframeWindow !== null && event.source !== cardIframeWindow) return;\n        // C4: use parseIncoming for origin + arcpay: prefix guard.\n        const data = parseIncoming<IframeToParent>(event, iframeOrigin);\n        if (!data) return;\n\n        if (data.type === \"arcpay:tokenize-result\") {\n          clearTimeout(timer);\n          window.removeEventListener(\"message\", onMessage);\n          resolve({\n            cardTokenId: data.cardTokenId,\n            cardMask: data.cardMask,\n            cardScheme: data.cardScheme,\n            cardBin: data.cardBin,\n            expiresIn: data.expiresIn,\n            expiresAt: data.expiresAt,\n          });\n        } else if (data.type === \"arcpay:tokenize-error\") {\n          clearTimeout(timer);\n          window.removeEventListener(\"message\", onMessage);\n          const errType =\n            data.errorType === \"validation_error\" || data.errorType === \"api_error\"\n              ? data.errorType\n              : \"api_error\";\n          reject(\n            new ArcPayError({\n              type: errType,\n              code: data.code,\n              message: data.message,\n              retryable: false,\n              paymentId,\n            }),\n          );\n        }\n      };\n\n      window.addEventListener(\"message\", onMessage);\n      cardNumber.send({ type: \"arcpay:tokenize\", paymentId, idempotencyKey });\n    });\n  }\n\n  destroy(): void {\n    for (const el of this.elementMap.values()) {\n      el.destroy();\n    }\n    this.elementMap.clear();\n  }\n}\n","import { verifyCspAllowsApiBase } from \"./csp\";\nimport {\n  detectEnvironment,\n  type Environment,\n  validatePublishableKey as _validatePublishableKey,\n} from \"./env\";\nimport { showSandboxBanner } from \"./sandbox-banner\";\nimport { Elements, type ElementsOptions } from \"../elements/elements\";\n\nconst validatePublishableKey: (key: unknown) => asserts key is string = _validatePublishableKey;\n\nexport interface ArcPayLoadOptions {\n  apiBase?: string;\n}\n\nconst DEFAULT_API_BASE = \"https://api.arcpay.space\";\n\nexport interface ArcPayInstance {\n  readonly publishableKey: string;\n  readonly apiBase: string;\n  readonly environment: Environment;\n  elements: (opts?: ElementsOptions) => Elements;\n}\n\nconst cache = new Map<string, Promise<ArcPayInstance>>();\n\nconst buildInstance = (publishableKey: string, opts: ArcPayLoadOptions): ArcPayInstance => {\n  const apiBase = opts.apiBase ?? DEFAULT_API_BASE;\n  verifyCspAllowsApiBase(apiBase);\n  if (detectEnvironment(publishableKey) === \"sandbox\") {\n    showSandboxBanner();\n  }\n  return {\n    publishableKey,\n    apiBase,\n    environment: detectEnvironment(publishableKey),\n    elements: () => new Elements({ publishableKey }),\n  };\n};\n\nfunction load(publishableKey: string, opts: ArcPayLoadOptions = {}): Promise<ArcPayInstance> {\n  try {\n    validatePublishableKey(publishableKey);\n  } catch (err) {\n    return Promise.reject(err);\n  }\n  const key = `${publishableKey}|${opts.apiBase ?? DEFAULT_API_BASE}`;\n  const existing = cache.get(key);\n  if (existing) return existing;\n  const promise = Promise.resolve(buildInstance(publishableKey, opts));\n  cache.set(key, promise);\n  return promise;\n}\n\nconst resetForTests = (): void => {\n  cache.clear();\n};\n\nexport const ArcPay = {\n  load,\n  __resetForTests: resetForTests,\n};\n","export const luhnCheck = (pan: string): boolean => {\n  if (!/^\\d+$/.test(pan)) return false;\n  if (/^0+$/.test(pan)) return false;\n  let sum = 0;\n  let alternate = false;\n  for (let i = pan.length - 1; i >= 0; i--) {\n    let n = pan.charCodeAt(i) - 48;\n    if (alternate) {\n      n *= 2;\n      if (n > 9) n -= 9;\n    }\n    sum += n;\n    alternate = !alternate;\n  }\n  return sum % 10 === 0;\n};\n","export { ArcPay } from \"./core/arcpay\";\nexport type { ArcPayInstance, ArcPayLoadOptions } from \"./core/arcpay\";\nexport {\n  ArcPayError,\n  isValidationError,\n  isAuthenticationError,\n  isAuthorizationError,\n  isStateError,\n  isRateLimitError,\n  isApiError,\n  isNetworkError,\n  isChallengeAborted,\n} from \"./core/errors\";\nexport type { ArcPayErrorType } from \"./core/errors\";\nexport type { Environment } from \"./core/env\";\nexport type { TokenizeResult } from \"./tokenize/tokenize\";\nexport type { CardScheme } from \"./tokenize/scheme\";\nexport const SDK_VERSION = \"0.1.0\";\n\n// Hosted Fields postMessage protocol\nexport type {\n  FieldType,\n  ParentToIframe,\n  IframeToParent,\n  StyleSubset,\n} from \"./elements/postmessage\";\nexport { postToIframe, postToParent, parseIncoming } from \"./elements/postmessage\";\n\n// Style sanitizer — also used by elements iframe app (defense-in-depth on receipt)\nexport { sanitizeStyle } from \"./elements/style\";\n\n// Hosted Fields — Element class + Elements factory\nexport { Element } from \"./elements/element\";\nexport type { ElementOptions, ElementEvent, ElementContext } from \"./elements/element\";\nexport { Elements } from \"./elements/elements\";\nexport type { ElementsOptions } from \"./elements/elements\";\n\n// Luhn check (used by elements app for card-number validation)\nexport { luhnCheck } from \"./tokenize/luhn\";\n"]}
+{"version":3,"sources":["../src/core/errors.ts","../src/core/env.ts","../src/core/sandbox-banner.ts","../src/elements/postmessage.ts","../src/elements/style.ts","../src/elements/element.ts","../src/elements/elements.ts","../src/core/arcpay.ts","../src/index.ts"],"names":["validatePublishableKey"],"mappings":";AAqBO,IAAM,WAAA,GAAN,cAA0B,KAAA,CAAM;AAAA,EASrC,YAAY,IAAA,EAAuB;AACjC,IAAA,KAAA,CAAM,KAAK,OAAO,CAAA;AAClB,IAAA,IAAA,CAAK,IAAA,GAAO,aAAA;AACZ,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AACjB,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AACjB,IAAA,IAAA,CAAK,QAAQ,IAAA,CAAK,KAAA;AAClB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACtB,IAAA,IAAA,CAAK,cAAc,IAAA,CAAK,WAAA;AACxB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACtB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AAAA,EACxB;AACF;AAEO,IAAM,oBAAoB,CAAC,CAAA,KAChC,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;AAClC,IAAM,wBAAwB,CAAC,CAAA,KACpC,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;AAClC,IAAM,uBAAuB,CAAC,CAAA,KACnC,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;AAClC,IAAM,eAAe,CAAC,CAAA,KAC3B,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;AAClC,IAAM,mBAAmB,CAAC,CAAA,KAC/B,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;AAClC,IAAM,aAAa,CAAC,CAAA,KACzB,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;AAClC,IAAM,iBAAiB,CAAC,CAAA,KAC7B,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;AAClC,IAAM,qBAAqB,CAAC,CAAA,KACjC,CAAA,YAAa,WAAA,IAAe,EAAE,IAAA,KAAS;;;ACtDlC,IAAM,oBAAoB,CAAC,cAAA,KAChC,eAAe,UAAA,CAAW,UAAU,IAAI,SAAA,GAAY,MAAA;AAE/C,IAAM,sBAAA,GAAyB,CAAC,GAAA,KAAwC;AAC7E,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,GAAA,CAAI,WAAW,CAAA,EAAG;AAC/C,IAAA,MAAM,IAAI,WAAA,CAAY;AAAA,MACpB,IAAA,EAAM,kBAAA;AAAA,MACN,IAAA,EAAM,yBAAA;AAAA,MACN,OAAA,EAAS,4CAAA;AAAA,MACT,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA,EACH;AACA,EAAA,IAAI,CAAC,IAAI,UAAA,CAAW,UAAU,KAAK,CAAC,GAAA,CAAI,UAAA,CAAW,UAAU,CAAA,EAAG;AAC9D,IAAA,MAAM,IAAI,WAAA,CAAY;AAAA,MACpB,IAAA,EAAM,kBAAA;AAAA,MACN,IAAA,EAAM,yBAAA;AAAA,MACN,OAAA,EACE,qGAAA;AAAA,MACF,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA,EACH;AACF,CAAA;;;ACzBA,IAAM,WAAA,GAAc,4BAAA;AAEb,IAAM,oBAAoB,MAAY;AAC3C,EAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,EAAA,IAAI,QAAA,CAAS,aAAA,CAAc,CAAA,CAAA,EAAI,WAAW,GAAG,CAAA,EAAG;AAEhD,EAAA,MAAM,GAAA,GAAM,QAAA,CAAS,aAAA,CAAc,KAAK,CAAA;AACxC,EAAA,GAAA,CAAI,YAAA,CAAa,aAAa,EAAE,CAAA;AAChC,EAAA,GAAA,CAAI,MAAM,OAAA,GACR,uOAAA;AAEF,EAAA,MAAM,IAAA,GAAO,QAAA,CAAS,aAAA,CAAc,MAAM,CAAA;AAC1C,EAAA,IAAA,CAAK,WAAA,GAAc,iDAAA;AACnB,EAAA,GAAA,CAAI,YAAY,IAAI,CAAA;AAEpB,EAAA,MAAM,OAAA,GAAU,QAAA,CAAS,aAAA,CAAc,QAAQ,CAAA;AAC/C,EAAA,OAAA,CAAQ,IAAA,GAAO,QAAA;AACf,EAAA,OAAA,CAAQ,YAAA,CAAa,8BAA8B,EAAE,CAAA;AACrD,EAAA,OAAA,CAAQ,WAAA,GAAc,MAAA;AACtB,EAAA,OAAA,CAAQ,YAAA,CAAa,cAAc,0BAA0B,CAAA;AAC7D,EAAA,OAAA,CAAQ,MAAM,OAAA,GACZ,+FAAA;AACF,EAAA,OAAA,CAAQ,gBAAA,CAAiB,OAAA,EAAS,MAAM,GAAA,CAAI,QAAQ,CAAA;AACpD,EAAA,GAAA,CAAI,YAAY,OAAO,CAAA;AAEvB,EAAA,QAAA,CAAS,IAAA,CAAK,YAAY,GAAG,CAAA;AAC/B,CAAA;;;ACcA,IAAM,kBAAA,GAAqB,SAAA;AAE3B,IAAM,kBAAkB,CAAC,IAAA,KACvB,OAAO,IAAA,KAAS,YAChB,IAAA,KAAS,IAAA,IACT,MAAA,IAAU,IAAA,IACV,OAAQ,IAAA,CAA2B,IAAA,KAAS,YAC3C,IAAA,CAA0B,IAAA,CAAK,WAAW,kBAAkB,CAAA;AAExD,IAAM,YAAA,GAAe,CAC1B,MAAA,EACA,OAAA,EACA,YAAA,KACS;AACT,EAAA,IAAI,iBAAiB,GAAA,EAAK;AACxB,IAAA,MAAM,IAAI,WAAA,CAAY;AAAA,MACpB,IAAA,EAAM,kBAAA;AAAA,MACN,IAAA,EAAM,2BAAA;AAAA,MACN,OAAA,EAAS,0CAAA;AAAA,MACT,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA,EACH;AACA,EAAA,IAAI,CAAC,OAAO,aAAA,EAAe;AACzB,IAAA,MAAM,IAAI,WAAA,CAAY;AAAA,MACpB,IAAA,EAAM,kBAAA;AAAA,MACN,IAAA,EAAM,mBAAA;AAAA,MACN,OAAA,EAAS,iEAAA;AAAA,MACT,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA,EACH;AACA,EAAA,MAAA,CAAO,aAAA,CAAc,WAAA,CAAY,OAAA,EAAS,YAAY,CAAA;AACxD,CAAA;AASO,IAAM,aAAA,GAAgB,CAC3B,KAAA,EACA,cAAA,KACa;AACb,EAAA,IAAI,KAAA,CAAM,MAAA,KAAW,cAAA,EAAgB,OAAO,IAAA;AAC5C,EAAA,IAAI,CAAC,eAAA,CAAgB,KAAA,CAAM,IAAI,GAAG,OAAO,IAAA;AACzC,EAAA,OAAO,KAAA,CAAM,IAAA;AACf,CAAA;;;AChFA,IAAM,oBAAA,uBAA2B,GAAA,CAAI;AAAA,EACnC,UAAA;AAAA,EACA,WAAA;AAAA,EACA,gBAAA;AAAA,EACA,SAAA;AAAA,EACA,KAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EACA,QAAA;AAAA,EACA;AACF,CAAC,CAAA;AAED,IAAM,aAAA,GAAgB,CAAC,KAAA,KAA0D;AAC/E,EAAA,MAAM,MAA8B,EAAC;AACrC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AAChD,IAAA,MAAM,aAAA,GAAgB,IAAI,WAAA,EAAY;AACtC,IAAA,IAAI,oBAAA,CAAqB,GAAA,CAAI,aAAa,CAAA,EAAG;AAE3C,MAAA;AAAA,IACF;AACA,IAAA,GAAA,CAAI,GAAG,CAAA,GAAI,KAAA;AAAA,EACb;AACA,EAAA,OAAO,GAAA;AACT,CAAA;AAEO,IAAM,aAAA,GAAgB,CAAC,KAAA,KAAoC;AAChE,EAAA,MAAM,SAAsB,EAAE,IAAA,EAAM,aAAA,CAAc,KAAA,CAAM,IAAI,CAAA,EAAE;AAC9D,EAAA,IAAI,MAAM,OAAA,KAAY,MAAA,SAAkB,OAAA,GAAU,aAAA,CAAc,MAAM,OAAO,CAAA;AAC7E,EAAA,IAAI,MAAM,KAAA,KAAU,MAAA,SAAkB,KAAA,GAAQ,aAAA,CAAc,MAAM,KAAK,CAAA;AACvE,EAAA,OAAO,MAAA;AACT,CAAA;;;ACPO,IAAM,UAAN,MAAc;AAAA,EAMnB,WAAA,CACkB,KAAA,EACC,OAAA,EACA,OAAA,EACjB;AAHgB,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AACC,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AARnB,IAAA,IAAA,CAAQ,MAAA,GAAmC,IAAA;AAC3C,IAAA,IAAA,CAAiB,SAAA,uBAAgB,GAAA,EAAc;AAC/C,IAAA,IAAA,CAAQ,MAAA,GAAwC,SAAA;AAChD,IAAA,IAAA,CAAQ,cAAA,GAAqD,IAAA;AAAA,EAM1D;AAAA,EAEH,MAAM,MAAA,EAAoC;AACxC,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,MAAM,IAAI,WAAA,CAAY;AAAA,QACpB,IAAA,EAAM,kBAAA;AAAA,QACN,IAAA,EAAM,iBAAA;AAAA,QACN,OAAA,EAAS,CAAA,QAAA,EAAW,IAAA,CAAK,KAAK,CAAA,mBAAA,CAAA;AAAA,QAC9B,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AACA,IAAA,MAAM,YAAY,OAAO,MAAA,KAAW,WAAW,QAAA,CAAS,aAAA,CAAc,MAAM,CAAA,GAAI,MAAA;AAChF,IAAA,IAAI,EAAE,qBAAqB,WAAA,CAAA,EAAc;AACvC,MAAA,MAAM,IAAI,WAAA,CAAY;AAAA,QACpB,IAAA,EAAM,kBAAA;AAAA,QACN,IAAA,EAAM,wBAAA;AAAA,QACN,OAAA,EAAS,CAAA,wBAAA,EAA2B,MAAA,CAAO,MAAM,CAAC,CAAA,CAAA;AAAA,QAClD,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,MAAA,GAAS,QAAA,CAAS,aAAA,CAAc,QAAQ,CAAA;AAC9C,IAAA,MAAA,CAAO,MAAM,CAAA,EAAG,IAAA,CAAK,QAAQ,UAAU,CAAA,QAAA,EAAW,KAAK,KAAK,CAAA,CAAA;AAC5D,IAAA,MAAA,CAAO,MAAM,OAAA,GAAU,gDAAA;AACvB,IAAA,MAAA,CAAO,YAAA,CAAa,SAAS,SAAS,CAAA;AACtC,IAAA,MAAA,CAAO,YAAA,CAAa,qBAAA,EAAuB,IAAA,CAAK,KAAK,CAAA;AACrD,IAAA,SAAA,CAAU,YAAY,MAAM,CAAA;AAC5B,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,MAAM,iBAAiB,IAAI,GAAA,CAAI,IAAA,CAAK,OAAA,CAAQ,UAAU,CAAA,CAAE,MAAA;AAExD,IAAA,IAAA,CAAK,cAAA,GAAiB,CAAC,KAAA,KAAwB;AAvEnD,MAAA,IAAA,EAAA;AA2EM,MAAA,IAAI,KAAA,CAAM,MAAA,MAAA,CAAW,EAAA,GAAA,IAAA,CAAK,MAAA,KAAL,mBAAa,aAAA,CAAA,EAAe;AAEjD,MAAA,MAAM,IAAA,GAAO,aAAA,CAA8B,KAAA,EAAO,cAAc,CAAA;AAChE,MAAA,IAAI,CAAC,IAAA,EAAM;AACX,MAAA,IAAA,CAAK,cAAc,IAAI,CAAA;AAAA,IACzB,CAAA;AACA,IAAA,MAAA,CAAO,gBAAA,CAAiB,SAAA,EAAW,IAAA,CAAK,cAAc,CAAA;AAEtD,IAAA,MAAA,CAAO,gBAAA;AAAA,MACL,MAAA;AAAA,MACA,MAAM;AACJ,QAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAClB,QAAA,MAAM,KAAA,GAAwB;AAAA,UAC5B,IAAA,EAAM,cAAA;AAAA,UACN,MAAA,EAAQ,OAAO,QAAA,CAAS,MAAA;AAAA,UACxB,cAAA,EAAgB,KAAK,OAAA,CAAQ,cAAA;AAAA,UAC7B,SAAA,EAAW,KAAK,OAAA,CAAQ;AAAA,SAC1B;AACA,QAAA,YAAA,CAAa,IAAA,CAAK,MAAA,EAAQ,KAAA,EAAO,cAAc,CAAA;AAAA,MACjD,CAAA;AAAA,MACA,EAAE,MAAM,IAAA;AAAK,KACf;AAAA,EACF;AAAA,EAEQ,cAAc,IAAA,EAA4B;AAChD,IAAA,IAAI,IAAA,CAAK,SAAS,cAAA,EAAgB;AAChC,MAAA,IAAA,CAAK,MAAA,GAAS,OAAA;AAEd,MAAA,IAAI,IAAA,CAAK,QAAQ,KAAA,EAAO;AACtB,QAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,cAAA,EAAgB,OAAA,EAAS,cAAc,IAAA,CAAK,OAAA,CAAQ,KAAK,CAAA,EAAG,CAAA;AAAA,MAChF;AACA,MAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,OAAA,EAAS,CAAA;AAAA,IAC7B,CAAA,MAAA,IAAW,IAAA,CAAK,IAAA,KAAS,iBAAA,EAAmB;AAC1C,MAAA,IAAA,CAAK,MAAA,GAAS,OAAA;AACd,MAAA,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,SAAS,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA;AAAA,IAClD,WAAW,IAAA,CAAK,IAAA,KAAS,mBAAmB,IAAA,CAAK,KAAA,KAAU,KAAK,KAAA,EAAO;AACrE,MAAA,IAAA,CAAK,IAAA,CAAK;AAAA,QACR,IAAA,EAAM,QAAA;AAAA,QACN,SAAS,IAAA,CAAK,OAAA;AAAA,QACd,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,UAAU,IAAA,CAAK;AAAA,OAChB,CAAA;AAAA,IACH;AAAA,EAEF;AAAA,EAEA,OAAO,OAAA,EAAwC;AAC7C,IAAA,IAAI,QAAQ,KAAA,EAAO;AACjB,MAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,cAAA,EAAgB,SAAS,aAAA,CAAc,OAAA,CAAQ,KAAK,CAAA,EAAG,CAAA;AAAA,IAC3E;AAAA,EACF;AAAA,EAEA,OAAA,GAAgB;AACd,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,IAAA,CAAK,OAAO,MAAA,EAAO;AACnB,MAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AAAA,IAChB;AACA,IAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,MAAA,MAAA,CAAO,mBAAA,CAAoB,SAAA,EAAW,IAAA,CAAK,cAAc,CAAA;AACzD,MAAA,IAAA,CAAK,cAAA,GAAiB,IAAA;AAAA,IACxB;AACA,IAAA,IAAA,CAAK,UAAU,KAAA,EAAM;AACrB,IAAA,IAAA,CAAK,MAAA,GAAS,SAAA;AAAA,EAChB;AAAA,EAEA,EAAA,CAAG,QAAsC,QAAA,EAAgC;AACvE,IAAA,IAAA,CAAK,SAAA,CAAU,IAAI,QAAQ,CAAA;AAC3B,IAAA,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,QAAQ,CAAA;AAAA,EAC7C;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,cAAA,EAAgB,CAAA;AAAA,EACpC;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,cAAA,EAAgB,CAAA;AAAA,EACpC;AAAA,EAEA,OAAA,GAAmB;AACjB,IAAA,OAAO,KAAK,MAAA,KAAW,OAAA;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,sBAAA,GAAwC;AAlK1C,IAAA,IAAA,EAAA,EAAA,EAAA;AAmKI,IAAA,OAAA,CAAO,EAAA,GAAA,CAAA,EAAA,GAAA,IAAA,CAAK,MAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAa,aAAA,KAAb,IAAA,GAAA,EAAA,GAA8B,IAAA;AAAA,EACvC;AAAA;AAAA,EAGA,KAAK,OAAA,EAA+B;AAClC,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,WAAA,CAAY;AAAA,QACpB,IAAA,EAAM,kBAAA;AAAA,QACN,IAAA,EAAM,aAAA;AAAA,QACN,OAAA,EAAS,CAAA,QAAA,EAAW,IAAA,CAAK,KAAK,CAAA,eAAA,CAAA;AAAA,QAC9B,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AACA,IAAA,YAAA,CAAa,IAAA,CAAK,QAAQ,OAAA,EAAS,IAAI,IAAI,IAAA,CAAK,OAAA,CAAQ,UAAU,CAAA,CAAE,MAAM,CAAA;AAAA,EAC5E;AAAA,EAEQ,KAAK,KAAA,EAA2B;AACtC,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,QAAA,CAAS,KAAK,CAAA;AAAA,IAChB;AAAA,EACF;AACF,CAAA;;;AC9KA,IAAM,mBAAA,GAAsB,0BAAA;AAE5B,IAAM,kBAAkB,MAAc;AAZtC,EAAA,IAAA,EAAA;AAaE,EAAA,IAAI,EAAA,CAAC,EAAA,GAAA,UAAA,CAAW,MAAA,KAAX,IAAA,GAAA,MAAA,GAAA,EAAA,CAAmB,UAAA,CAAA,EAAY;AAClC,IAAA,MAAM,IAAI,WAAA,CAAY;AAAA,MACpB,IAAA,EAAM,kBAAA;AAAA,MACN,IAAA,EAAM,oBAAA;AAAA,MACN,OAAA,EAAS,iDAAA;AAAA,MACT,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA,EACH;AACA,EAAA,OAAO,UAAA,CAAW,OAAO,UAAA,EAAW;AACtC,CAAA;AAEO,IAAM,WAAN,MAAe;AAAA,EAOpB,YAAY,IAAA,EAAuD;AANnE,IAAA,IAAA,CAAiB,UAAA,uBAAiB,GAAA,EAAwB;AAI1D,IAAA,IAAA,CAAQ,gBAAA,GAAmB,KAAA;AA7B7B,IAAA,IAAA,EAAA;AAgCI,IAAA,IAAA,CAAK,iBAAiB,IAAA,CAAK,cAAA;AAC3B,IAAA,IAAA,CAAK,UAAA,GAAA,CAAa,EAAA,GAAA,IAAA,CAAK,UAAA,KAAL,IAAA,GAAA,EAAA,GAAmB,mBAAA;AACrC,IAAA,IAAA,CAAK,YAAY,eAAA,EAAgB;AAAA,EACnC;AAAA,EAEA,MAAA,CAAO,KAAA,EAAkB,OAAA,GAA0B,EAAC,EAAY;AAC9D,IAAA,IAAI,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,KAAK,CAAA,EAAG;AAC9B,MAAA,MAAM,IAAI,WAAA,CAAY;AAAA,QACpB,IAAA,EAAM,kBAAA;AAAA,QACN,IAAA,EAAM,mBAAA;AAAA,QACN,OAAA,EAAS,eAAe,KAAK,CAAA,gBAAA,CAAA;AAAA,QAC7B,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AACA,IAAA,MAAM,GAAA,GAAsB;AAAA,MAC1B,YAAY,IAAA,CAAK,UAAA;AAAA,MACjB,gBAAgB,IAAA,CAAK,cAAA;AAAA,MACrB,WAAW,IAAA,CAAK;AAAA,KAClB;AACA,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,KAAA,EAAO,SAAS,GAAG,CAAA;AAC/C,IAAA,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,KAAA,EAAO,OAAO,CAAA;AAClC,IAAA,OAAO,OAAA;AAAA,EACT;AAAA,EAEA,MAAM,QAAA,CAAS,SAAA,EAAmB,cAAA,EAAiD;AAEjF,IAAA,IAAI,KAAK,gBAAA,EAAkB;AACzB,MAAA,MAAM,IAAI,WAAA,CAAY;AAAA,QACpB,IAAA,EAAM,kBAAA;AAAA,QACN,IAAA,EAAM,sBAAA;AAAA,QACN,OAAA,EAAS,qEAAA;AAAA,QACT,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,YAAY,CAAA;AACnD,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,YAAY,CAAA;AACnD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,SAAS,CAAA;AAE7C,IAAA,IAAI,CAAC,UAAA,IAAc,CAAC,UAAA,IAAc,CAAC,OAAA,EAAS;AAC1C,MAAA,MAAM,IAAI,WAAA,CAAY;AAAA,QACpB,IAAA,EAAM,kBAAA;AAAA,QACN,IAAA,EAAM,qBAAA;AAAA,QACN,OAAA,EACE,oGAAA;AAAA,QACF,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AACA,IAAA,IAAI,CAAC,UAAA,CAAW,OAAA,EAAQ,IAAK,CAAC,UAAA,CAAW,OAAA,EAAQ,IAAK,CAAC,OAAA,CAAQ,OAAA,EAAQ,EAAG;AACxE,MAAA,MAAM,IAAI,WAAA,CAAY;AAAA,QACpB,IAAA,EAAM,kBAAA;AAAA,QACN,IAAA,EAAM,oBAAA;AAAA,QACN,OAAA,EAAS,+DAAA;AAAA,QACT,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AAEA,IAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AACxB,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,IAAA,CAAK,UAAA,CAAW,UAAA,EAAY,WAAW,cAAc,CAAA;AAAA,IACpE,CAAA,SAAE;AACA,MAAA,IAAA,CAAK,gBAAA,GAAmB,KAAA;AAAA,IAC1B;AAAA,EACF;AAAA,EAEQ,UAAA,CACN,UAAA,EACA,SAAA,EACA,cAAA,EACyB;AACzB,IAAA,MAAM,YAAA,GAAe,IAAI,GAAA,CAAI,IAAA,CAAK,UAAU,CAAA,CAAE,MAAA;AAG9C,IAAA,MAAM,gBAAA,GAAmB,WAAW,sBAAA,EAAuB;AAE3D,IAAA,OAAO,IAAI,OAAA,CAAwB,CAAC,OAAA,EAAS,MAAA,KAAW;AAEtD,MAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,UAAA,CAAW,MAAM;AACpC,QAAA,MAAA,CAAO,mBAAA,CAAoB,WAAW,SAAS,CAAA;AAC/C,QAAA,MAAA;AAAA,UACE,IAAI,WAAA,CAAY;AAAA,YACd,IAAA,EAAM,eAAA;AAAA,YACN,IAAA,EAAM,kBAAA;AAAA,YACN,OAAA,EAAS,uCAAA;AAAA,YACT,SAAA,EAAW,IAAA;AAAA,YACX;AAAA,WACD;AAAA,SACH;AAAA,MACF,GAAG,GAAM,CAAA;AAET,MAAA,MAAM,SAAA,GAAY,CAAC,KAAA,KAAwB;AAEzC,QAAA,IAAI,gBAAA,KAAqB,IAAA,IAAQ,KAAA,CAAM,MAAA,KAAW,gBAAA,EAAkB;AAEpE,QAAA,MAAM,IAAA,GAAO,aAAA,CAA8B,KAAA,EAAO,YAAY,CAAA;AAC9D,QAAA,IAAI,CAAC,IAAA,EAAM;AAEX,QAAA,IAAI,IAAA,CAAK,SAAS,wBAAA,EAA0B;AAC1C,UAAA,YAAA,CAAa,KAAK,CAAA;AAClB,UAAA,MAAA,CAAO,mBAAA,CAAoB,WAAW,SAAS,CAAA;AAC/C,UAAA,OAAA,CAAQ;AAAA,YACN,aAAa,IAAA,CAAK,WAAA;AAAA,YAClB,UAAU,IAAA,CAAK,QAAA;AAAA,YACf,YAAY,IAAA,CAAK,UAAA;AAAA,YACjB,SAAS,IAAA,CAAK,OAAA;AAAA,YACd,WAAW,IAAA,CAAK,SAAA;AAAA,YAChB,WAAW,IAAA,CAAK;AAAA,WACjB,CAAA;AAAA,QACH,CAAA,MAAA,IAAW,IAAA,CAAK,IAAA,KAAS,uBAAA,EAAyB;AAChD,UAAA,YAAA,CAAa,KAAK,CAAA;AAClB,UAAA,MAAA,CAAO,mBAAA,CAAoB,WAAW,SAAS,CAAA;AAC/C,UAAA,MAAM,OAAA,GACJ,KAAK,SAAA,KAAc,kBAAA,IAAsB,KAAK,SAAA,KAAc,WAAA,GACxD,KAAK,SAAA,GACL,WAAA;AACN,UAAA,MAAA;AAAA,YACE,IAAI,WAAA,CAAY;AAAA,cACd,IAAA,EAAM,OAAA;AAAA,cACN,MAAM,IAAA,CAAK,IAAA;AAAA,cACX,SAAS,IAAA,CAAK,OAAA;AAAA,cACd,SAAA,EAAW,KAAA;AAAA,cACX;AAAA,aACD;AAAA,WACH;AAAA,QACF;AAAA,MACF,CAAA;AAEA,MAAA,MAAA,CAAO,gBAAA,CAAiB,WAAW,SAAS,CAAA;AAC5C,MAAA,UAAA,CAAW,KAAK,EAAE,IAAA,EAAM,iBAAA,EAAmB,SAAA,EAAW,gBAAgB,CAAA;AAAA,IACxE,CAAC,CAAA;AAAA,EACH;AAAA,EAEA,OAAA,GAAgB;AACd,IAAA,KAAA,MAAW,EAAA,IAAM,IAAA,CAAK,UAAA,CAAW,MAAA,EAAO,EAAG;AACzC,MAAA,EAAA,CAAG,OAAA,EAAQ;AAAA,IACb;AACA,IAAA,IAAA,CAAK,WAAW,KAAA,EAAM;AAAA,EACxB;AACF;;;AClKA,IAAMA,uBAAAA,GAAkE,sBAAA;AAYxE,IAAM,KAAA,uBAAY,GAAA,EAAqC;AAEvD,IAAM,aAAA,GAAgB,CAAC,cAAA,KAA2C;AAChE,EAAA,IAAI,iBAAA,CAAkB,cAAc,CAAA,KAAM,SAAA,EAAW;AACnD,IAAA,iBAAA,EAAkB;AAAA,EACpB;AACA,EAAA,OAAO;AAAA,IACL,cAAA;AAAA,IACA,WAAA,EAAa,kBAAkB,cAAc,CAAA;AAAA,IAC7C,UAAU,MAAM,IAAI,QAAA,CAAS,EAAE,gBAAgB;AAAA,GACjD;AACF,CAAA;AAEA,SAAS,KAAK,cAAA,EAAiD;AAC7D,EAAA,IAAI;AACF,IAAAA,wBAAuB,cAAc,CAAA;AAAA,EACvC,SAAS,GAAA,EAAK;AACZ,IAAA,OAAO,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,EAC3B;AACA,EAAA,MAAM,GAAA,GAAM,cAAA;AACZ,EAAA,MAAM,QAAA,GAAW,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAC9B,EAAA,IAAI,UAAU,OAAO,QAAA;AACrB,EAAA,MAAM,OAAA,GAAU,OAAA,CAAQ,OAAA,CAAQ,aAAA,CAAc,cAAc,CAAC,CAAA;AAC7D,EAAA,KAAA,CAAM,GAAA,CAAI,KAAK,OAAO,CAAA;AACtB,EAAA,OAAO,OAAA;AACT;AAEA,IAAM,gBAAgB,MAAY;AAChC,EAAA,KAAA,CAAM,KAAA,EAAM;AACd,CAAA;AAEO,IAAM,MAAA,GAAS;AAAA,EACpB,IAAA;AAAA,EACA,eAAA,EAAiB;AACnB;;;ACrCO,IAAM,WAAA,GAAc","file":"index.mjs","sourcesContent":["export type ArcPayErrorType =\n  | \"validation_error\"\n  | \"authentication_error\"\n  | \"authorization_error\"\n  | \"state_error\"\n  | \"rate_limit_error\"\n  | \"api_error\"\n  | \"network_error\"\n  | \"challenge_aborted\";\n\nexport interface ArcPayErrorInit {\n  type: ArcPayErrorType;\n  message: string;\n  code?: string;\n  param?: string;\n  paymentId?: string;\n  declineCode?: string;\n  retryable: boolean;\n  requestId?: string;\n}\n\nexport class ArcPayError extends Error {\n  readonly type: ArcPayErrorType;\n  readonly code?: string;\n  readonly param?: string;\n  readonly paymentId?: string;\n  readonly declineCode?: string;\n  readonly retryable: boolean;\n  readonly requestId?: string;\n\n  constructor(init: ArcPayErrorInit) {\n    super(init.message);\n    this.name = \"ArcPayError\";\n    this.type = init.type;\n    this.code = init.code;\n    this.param = init.param;\n    this.paymentId = init.paymentId;\n    this.declineCode = init.declineCode;\n    this.retryable = init.retryable;\n    this.requestId = init.requestId;\n  }\n}\n\nexport const isValidationError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"validation_error\";\nexport const isAuthenticationError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"authentication_error\";\nexport const isAuthorizationError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"authorization_error\";\nexport const isStateError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"state_error\";\nexport const isRateLimitError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"rate_limit_error\";\nexport const isApiError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"api_error\";\nexport const isNetworkError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"network_error\";\nexport const isChallengeAborted = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"challenge_aborted\";\n","import { ArcPayError } from \"./errors\";\n\nexport type Environment = \"sandbox\" | \"live\";\n\nexport const detectEnvironment = (publishableKey: string): Environment =>\n  publishableKey.startsWith(\"pk_test_\") ? \"sandbox\" : \"live\";\n\nexport const validatePublishableKey = (key: unknown): asserts key is string => {\n  if (typeof key !== \"string\" || key.length === 0) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"invalid_publishable_key\",\n      message: \"Publishable key must be a non-empty string\",\n      retryable: false,\n    });\n  }\n  if (!key.startsWith(\"pk_test_\") && !key.startsWith(\"pk_live_\")) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"invalid_publishable_key\",\n      message:\n        \"Publishable key must start with pk_test_ or pk_live_. Secret keys (sk_*) cannot be used in browser.\",\n      retryable: false,\n    });\n  }\n};\n","const BANNER_ATTR = \"data-arcpay-sandbox-banner\";\n\nexport const showSandboxBanner = (): void => {\n  if (typeof document === \"undefined\") return;\n  if (document.querySelector(`[${BANNER_ATTR}]`)) return;\n\n  const bar = document.createElement(\"div\");\n  bar.setAttribute(BANNER_ATTR, \"\");\n  bar.style.cssText =\n    \"position:fixed;top:0;left:0;right:0;z-index:2147483647;background:#ffd166;color:#222;font:13px/1.4 system-ui,sans-serif;padding:6px 12px;display:flex;align-items:center;justify-content:center;box-shadow:0 1px 3px rgba(0,0,0,0.1);\";\n\n  const text = document.createElement(\"span\");\n  text.textContent = \"ARC PAY TEST MODE — payments are simulated\";\n  bar.appendChild(text);\n\n  const dismiss = document.createElement(\"button\");\n  dismiss.type = \"button\";\n  dismiss.setAttribute(\"data-arcpay-banner-dismiss\", \"\");\n  dismiss.textContent = \"×\";\n  dismiss.setAttribute(\"aria-label\", \"Dismiss test mode banner\");\n  dismiss.style.cssText =\n    \"margin-left:12px;background:transparent;border:0;font-size:18px;cursor:pointer;color:inherit;\";\n  dismiss.addEventListener(\"click\", () => bar.remove());\n  bar.appendChild(dismiss);\n\n  document.body.appendChild(bar);\n};\n","import { ArcPayError } from \"../core/errors\";\n\nexport type FieldType = \"cardNumber\" | \"cardExpiry\" | \"cardCvv\";\n\n// Parent → iframe\nexport type ParentToIframe =\n  | { type: \"arcpay:hello\"; origin: string; publishableKey: string; channelId: string }\n  | { type: \"arcpay:style\"; payload: StyleSubset }\n  | { type: \"arcpay:focus\" }\n  | { type: \"arcpay:clear\" }\n  | { type: \"arcpay:tokenize\"; paymentId: string; idempotencyKey: string };\n\n// iframe → parent\nexport type IframeToParent =\n  | { type: \"arcpay:ready\" }\n  | { type: \"arcpay:rejected\"; reason: string }\n  | {\n      type: \"arcpay:change\";\n      field: FieldType;\n      isValid: boolean;\n      brand?: string;\n      lastFour?: string;\n    }\n  | {\n      type: \"arcpay:tokenize-result\";\n      cardTokenId: string;\n      cardMask: string;\n      cardScheme: string;\n      cardBin: string;\n      expiresIn: number;\n      expiresAt: string;\n    }\n  | { type: \"arcpay:tokenize-error\"; errorType: string; code?: string; message: string };\n\nexport interface StyleSubset {\n  base: Record<string, string>;\n  invalid?: Record<string, string>;\n  focus?: Record<string, string>;\n}\n\nconst ARCPAY_TYPE_PREFIX = \"arcpay:\";\n\nconst isArcpayMessage = (data: unknown): data is { type: string } =>\n  typeof data === \"object\" &&\n  data !== null &&\n  \"type\" in data &&\n  typeof (data as { type: unknown }).type === \"string\" &&\n  (data as { type: string }).type.startsWith(ARCPAY_TYPE_PREFIX);\n\nexport const postToIframe = (\n  iframe: HTMLIFrameElement,\n  message: ParentToIframe,\n  targetOrigin: string,\n): void => {\n  if (targetOrigin === \"*\") {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"wildcard_origin_forbidden\",\n      message: \"postToIframe: targetOrigin cannot be '*'\",\n      retryable: false,\n    });\n  }\n  if (!iframe.contentWindow) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"iframe_not_loaded\",\n      message: \"postToIframe: iframe.contentWindow is null (iframe not mounted)\",\n      retryable: false,\n    });\n  }\n  iframe.contentWindow.postMessage(message, targetOrigin);\n};\n\nexport const postToParent = (message: IframeToParent, targetOrigin: string): void => {\n  if (targetOrigin === \"*\") {\n    throw new Error(\"postToParent: targetOrigin cannot be '*'\");\n  }\n  window.parent.postMessage(message, targetOrigin);\n};\n\nexport const parseIncoming = <T extends { type: string }>(\n  event: MessageEvent,\n  expectedOrigin: string,\n): T | null => {\n  if (event.origin !== expectedOrigin) return null;\n  if (!isArcpayMessage(event.data)) return null;\n  return event.data as T;\n};\n","import type { StyleSubset } from \"./postmessage\";\n\n// Spec calls out position:fixed, transform, pointer-events:none as forbidden.\n// We extend to cover the full clickjacking attack surface: any positioning\n// (fixed/absolute/sticky), transform, all pointer-events values, z-index, and\n// inset properties (top/left/right/bottom/inset). The legitimate use cases\n// for these in a 1-line input field are zero, so blanket drop.\nconst FORBIDDEN_PROPERTIES = new Set([\n  \"position\",\n  \"transform\",\n  \"pointer-events\",\n  \"z-index\",\n  \"top\",\n  \"left\",\n  \"right\",\n  \"bottom\",\n  \"inset\",\n]);\n\nconst sanitizeBlock = (block: Record<string, string>): Record<string, string> => {\n  const out: Record<string, string> = {};\n  for (const [key, value] of Object.entries(block)) {\n    const normalizedKey = key.toLowerCase();\n    if (FORBIDDEN_PROPERTIES.has(normalizedKey)) {\n      // Defense against position/transform-based clickjacking. Silently drop.\n      continue;\n    }\n    out[key] = value;\n  }\n  return out;\n};\n\nexport const sanitizeStyle = (style: StyleSubset): StyleSubset => {\n  const result: StyleSubset = { base: sanitizeBlock(style.base) };\n  if (style.invalid !== undefined) result.invalid = sanitizeBlock(style.invalid);\n  if (style.focus !== undefined) result.focus = sanitizeBlock(style.focus);\n  return result;\n};\n","import { ArcPayError } from \"../core/errors\";\nimport {\n  type FieldType,\n  type ParentToIframe,\n  type IframeToParent,\n  type StyleSubset,\n  postToIframe,\n  parseIncoming,\n} from \"./postmessage\";\nimport { sanitizeStyle } from \"./style\";\n\nexport interface ElementOptions {\n  /** StyleSubset applied via arcpay:style postMessage. */\n  style?: StyleSubset;\n  placeholder?: string;\n}\n\nexport type ElementEvent =\n  | { type: \"ready\" }\n  | { type: \"change\"; isValid: boolean; brand?: string; lastFour?: string }\n  | { type: \"error\"; reason: string };\n\ntype Listener = (event: ElementEvent) => void;\n\nexport interface ElementContext {\n  iframeBase: string;\n  publishableKey: string;\n  channelId: string;\n}\n\nexport class Element {\n  private iframe: HTMLIFrameElement | null = null;\n  private readonly listeners = new Set<Listener>();\n  private status: \"pending\" | \"ready\" | \"error\" = \"pending\";\n  private messageHandler: ((e: MessageEvent) => void) | null = null;\n\n  constructor(\n    public readonly field: FieldType,\n    private readonly options: ElementOptions,\n    private readonly context: ElementContext,\n  ) {}\n\n  mount(target: string | HTMLElement): void {\n    if (this.iframe) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"already_mounted\",\n        message: `Element ${this.field} is already mounted`,\n        retryable: false,\n      });\n    }\n    const container = typeof target === \"string\" ? document.querySelector(target) : target;\n    if (!(container instanceof HTMLElement)) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"mount_target_not_found\",\n        message: `mount target not found: ${String(target)}`,\n        retryable: false,\n      });\n    }\n\n    const iframe = document.createElement(\"iframe\");\n    iframe.src = `${this.context.iframeBase}/iframe/${this.field}`;\n    iframe.style.cssText = \"border:0;width:100%;height:100%;display:block;\";\n    iframe.setAttribute(\"allow\", \"payment\");\n    iframe.setAttribute(\"data-arcpay-element\", this.field);\n    container.appendChild(iframe);\n    this.iframe = iframe;\n\n    const expectedOrigin = new URL(this.context.iframeBase).origin;\n\n    this.messageHandler = (event: MessageEvent) => {\n      // C1: source guard — only accept messages from this element's own iframe.\n      // Without this, any iframe at the same origin (e.g. cardExpiry, cardCvv)\n      // could trigger handlers on cardNumber and vice-versa.\n      if (event.source !== this.iframe?.contentWindow) return;\n      // C4: use parseIncoming for origin + arcpay: prefix guard.\n      const data = parseIncoming<IframeToParent>(event, expectedOrigin);\n      if (!data) return;\n      this.handleMessage(data);\n    };\n    window.addEventListener(\"message\", this.messageHandler);\n\n    iframe.addEventListener(\n      \"load\",\n      () => {\n        if (!this.iframe) return;\n        const hello: ParentToIframe = {\n          type: \"arcpay:hello\",\n          origin: window.location.origin,\n          publishableKey: this.context.publishableKey,\n          channelId: this.context.channelId,\n        };\n        postToIframe(this.iframe, hello, expectedOrigin);\n      },\n      { once: true },\n    );\n  }\n\n  private handleMessage(data: IframeToParent): void {\n    if (data.type === \"arcpay:ready\") {\n      this.status = \"ready\";\n      // Apply initial style if provided at construction time.\n      if (this.options.style) {\n        this.send({ type: \"arcpay:style\", payload: sanitizeStyle(this.options.style) });\n      }\n      this.emit({ type: \"ready\" });\n    } else if (data.type === \"arcpay:rejected\") {\n      this.status = \"error\";\n      this.emit({ type: \"error\", reason: data.reason });\n    } else if (data.type === \"arcpay:change\" && data.field === this.field) {\n      this.emit({\n        type: \"change\",\n        isValid: data.isValid,\n        brand: data.brand,\n        lastFour: data.lastFour,\n      });\n    }\n    // arcpay:tokenize-result / arcpay:tokenize-error handled by Elements factory (Task 9).\n  }\n\n  update(options: { style?: StyleSubset }): void {\n    if (options.style) {\n      this.send({ type: \"arcpay:style\", payload: sanitizeStyle(options.style) });\n    }\n  }\n\n  destroy(): void {\n    if (this.iframe) {\n      this.iframe.remove();\n      this.iframe = null;\n    }\n    if (this.messageHandler) {\n      window.removeEventListener(\"message\", this.messageHandler);\n      this.messageHandler = null;\n    }\n    this.listeners.clear();\n    this.status = \"pending\";\n  }\n\n  on(_event: \"ready\" | \"change\" | \"error\", callback: Listener): () => void {\n    this.listeners.add(callback);\n    return () => this.listeners.delete(callback);\n  }\n\n  focus(): void {\n    this.send({ type: \"arcpay:focus\" });\n  }\n\n  clear(): void {\n    this.send({ type: \"arcpay:clear\" });\n  }\n\n  isReady(): boolean {\n    return this.status === \"ready\";\n  }\n\n  /**\n   * Internal: returns the iframe's contentWindow for source-filtering in\n   * Elements.doTokenize(). Returns null when the iframe is not yet mounted\n   * or when jsdom has not yet populated contentWindow (test environment).\n   */\n  getIframeContentWindow(): Window | null {\n    return this.iframe?.contentWindow ?? null;\n  }\n\n  /** Internal: used by Elements factory to send tokenize commands. */\n  send(message: ParentToIframe): void {\n    if (!this.iframe) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"not_mounted\",\n        message: `Element ${this.field} is not mounted`,\n        retryable: false,\n      });\n    }\n    postToIframe(this.iframe, message, new URL(this.context.iframeBase).origin);\n  }\n\n  private emit(event: ElementEvent): void {\n    for (const listener of this.listeners) {\n      listener(event);\n    }\n  }\n}\n","import { ArcPayError } from \"../core/errors\";\nimport { Element, type ElementContext, type ElementOptions } from \"./element\";\nimport type { FieldType, IframeToParent } from \"./postmessage\";\nimport { parseIncoming } from \"./postmessage\";\nimport type { TokenizeResult } from \"../tokenize/tokenize\";\n\nexport type { TokenizeResult };\n\nexport type ElementsOptions = Record<string, never>;\n\nconst DEFAULT_IFRAME_BASE = \"https://sdk.arcpay.space\";\n\nconst createChannelId = (): string => {\n  if (!globalThis.crypto?.randomUUID) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"crypto_unavailable\",\n      message: \"crypto.randomUUID is required for Hosted Fields\",\n      retryable: false,\n    });\n  }\n  return globalThis.crypto.randomUUID();\n};\n\nexport class Elements {\n  private readonly elementMap = new Map<FieldType, Element>();\n  private readonly iframeBase: string;\n  private readonly publishableKey: string;\n  private readonly channelId: string;\n  private tokenizeInFlight = false;\n\n  constructor(opts: { publishableKey: string; iframeBase?: string }) {\n    this.publishableKey = opts.publishableKey;\n    this.iframeBase = opts.iframeBase ?? DEFAULT_IFRAME_BASE;\n    this.channelId = createChannelId();\n  }\n\n  create(field: FieldType, options: ElementOptions = {}): Element {\n    if (this.elementMap.has(field)) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"duplicate_element\",\n        message: `Element for ${field} already created`,\n        retryable: false,\n      });\n    }\n    const ctx: ElementContext = {\n      iframeBase: this.iframeBase,\n      publishableKey: this.publishableKey,\n      channelId: this.channelId,\n    };\n    const element = new Element(field, options, ctx);\n    this.elementMap.set(field, element);\n    return element;\n  }\n\n  async tokenize(paymentId: string, idempotencyKey: string): Promise<TokenizeResult> {\n    // C2: concurrent-call guard — only one tokenize() may be in-flight at a time.\n    if (this.tokenizeInFlight) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"tokenize_in_progress\",\n        message: \"A tokenize() call is already in progress for this Elements instance\",\n        retryable: false,\n      });\n    }\n\n    const cardNumber = this.elementMap.get(\"cardNumber\");\n    const cardExpiry = this.elementMap.get(\"cardExpiry\");\n    const cardCvv = this.elementMap.get(\"cardCvv\");\n\n    if (!cardNumber || !cardExpiry || !cardCvv) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"incomplete_elements\",\n        message:\n          \"All three elements (cardNumber, cardExpiry, cardCvv) must be created and mounted before tokenize()\",\n        retryable: false,\n      });\n    }\n    if (!cardNumber.isReady() || !cardExpiry.isReady() || !cardCvv.isReady()) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"elements_not_ready\",\n        message: \"Wait for all elements to fire 'ready' event before tokenize()\",\n        retryable: false,\n      });\n    }\n\n    this.tokenizeInFlight = true;\n    try {\n      return await this.doTokenize(cardNumber, paymentId, idempotencyKey);\n    } finally {\n      this.tokenizeInFlight = false;\n    }\n  }\n\n  private doTokenize(\n    cardNumber: Element,\n    paymentId: string,\n    idempotencyKey: string,\n  ): Promise<TokenizeResult> {\n    const iframeOrigin = new URL(this.iframeBase).origin;\n    // C1: obtain reference to the cardNumber iframe's contentWindow before\n    // registering the listener so we can filter by source.\n    const cardIframeWindow = cardNumber.getIframeContentWindow();\n\n    return new Promise<TokenizeResult>((resolve, reject) => {\n      // C3: 30-second timeout — rejects and cleans up if no result arrives.\n      const timer = window.setTimeout(() => {\n        window.removeEventListener(\"message\", onMessage);\n        reject(\n          new ArcPayError({\n            type: \"network_error\",\n            code: \"tokenize_timeout\",\n            message: \"tokenize() timed out after 30 seconds\",\n            retryable: true,\n            paymentId,\n          }),\n        );\n      }, 30_000);\n\n      const onMessage = (event: MessageEvent) => {\n        // C1: source guard — only accept messages from the cardNumber iframe.\n        if (cardIframeWindow !== null && event.source !== cardIframeWindow) return;\n        // C4: use parseIncoming for origin + arcpay: prefix guard.\n        const data = parseIncoming<IframeToParent>(event, iframeOrigin);\n        if (!data) return;\n\n        if (data.type === \"arcpay:tokenize-result\") {\n          clearTimeout(timer);\n          window.removeEventListener(\"message\", onMessage);\n          resolve({\n            cardTokenId: data.cardTokenId,\n            cardMask: data.cardMask,\n            cardScheme: data.cardScheme,\n            cardBin: data.cardBin,\n            expiresIn: data.expiresIn,\n            expiresAt: data.expiresAt,\n          });\n        } else if (data.type === \"arcpay:tokenize-error\") {\n          clearTimeout(timer);\n          window.removeEventListener(\"message\", onMessage);\n          const errType =\n            data.errorType === \"validation_error\" || data.errorType === \"api_error\"\n              ? data.errorType\n              : \"api_error\";\n          reject(\n            new ArcPayError({\n              type: errType,\n              code: data.code,\n              message: data.message,\n              retryable: false,\n              paymentId,\n            }),\n          );\n        }\n      };\n\n      window.addEventListener(\"message\", onMessage);\n      cardNumber.send({ type: \"arcpay:tokenize\", paymentId, idempotencyKey });\n    });\n  }\n\n  destroy(): void {\n    for (const el of this.elementMap.values()) {\n      el.destroy();\n    }\n    this.elementMap.clear();\n  }\n}\n","import {\n  detectEnvironment,\n  type Environment,\n  validatePublishableKey as _validatePublishableKey,\n} from \"./env\";\nimport { showSandboxBanner } from \"./sandbox-banner\";\nimport { Elements, type ElementsOptions } from \"../elements/elements\";\n\nconst validatePublishableKey: (key: unknown) => asserts key is string = _validatePublishableKey;\n\nexport interface ArcPayLoadOptions {\n  readonly _reserved?: never;\n}\n\nexport interface ArcPayInstance {\n  readonly publishableKey: string;\n  readonly environment: Environment;\n  elements: (opts?: ElementsOptions) => Elements;\n}\n\nconst cache = new Map<string, Promise<ArcPayInstance>>();\n\nconst buildInstance = (publishableKey: string): ArcPayInstance => {\n  if (detectEnvironment(publishableKey) === \"sandbox\") {\n    showSandboxBanner();\n  }\n  return {\n    publishableKey,\n    environment: detectEnvironment(publishableKey),\n    elements: () => new Elements({ publishableKey }),\n  };\n};\n\nfunction load(publishableKey: string): Promise<ArcPayInstance> {\n  try {\n    validatePublishableKey(publishableKey);\n  } catch (err) {\n    return Promise.reject(err);\n  }\n  const key = publishableKey;\n  const existing = cache.get(key);\n  if (existing) return existing;\n  const promise = Promise.resolve(buildInstance(publishableKey));\n  cache.set(key, promise);\n  return promise;\n}\n\nconst resetForTests = (): void => {\n  cache.clear();\n};\n\nexport const ArcPay = {\n  load,\n  __resetForTests: resetForTests,\n};\n","export { ArcPay } from \"./core/arcpay\";\nexport type { ArcPayInstance, ArcPayLoadOptions } from \"./core/arcpay\";\nexport {\n  ArcPayError,\n  isValidationError,\n  isAuthenticationError,\n  isAuthorizationError,\n  isStateError,\n  isRateLimitError,\n  isApiError,\n  isNetworkError,\n  isChallengeAborted,\n} from \"./core/errors\";\nexport type { ArcPayErrorType } from \"./core/errors\";\nexport type { Environment } from \"./core/env\";\nexport type { TokenizeResult } from \"./tokenize/tokenize\";\nexport type { CardScheme } from \"./tokenize/scheme\";\nexport const SDK_VERSION = \"0.1.2\";\n\nexport type { FieldType } from \"./elements/postmessage\";\nexport type { ElementOptions, ElementEvent } from \"./elements/element\";\nexport { Elements } from \"./elements/elements\";\nexport type { ElementsOptions } from \"./elements/elements\";\n"]}

package/dist/react/index.cjs

@@ -38,49 +38,6 @@ var ArcPayError = class extends Error {
   }
 };
 
-// src/core/csp.ts
-var readCspContent = () => {
-  var _a;
-  if (typeof document === "undefined") return null;
-  const meta = document.head.querySelector(
-    'meta[http-equiv="Content-Security-Policy"]'
-  );
-  return (_a = meta == null ? void 0 : meta.getAttribute("content")) != null ? _a : null;
-};
-var extractDirective = (csp, name) => {
-  const lower = csp.toLowerCase();
-  const idx = lower.indexOf(`${name} `);
-  if (idx === -1) return null;
-  const rest = csp.slice(idx + name.length + 1);
-  const end = rest.indexOf(";");
-  return (end === -1 ? rest : rest.slice(0, end)).trim();
-};
-var directiveAllowsHost = (directive, host) => {
-  const tokens = directive.split(/\s+/).filter(Boolean);
-  if (tokens.includes("*")) return true;
-  return tokens.some((t) => {
-    if (t === host) return true;
-    if (t.startsWith("https://*")) {
-      const suffix = t.slice("https://*".length);
-      return host.endsWith(suffix);
-    }
-    return false;
-  });
-};
-var verifyCspAllowsApiBase = (apiBase) => {
-  const csp = readCspContent();
-  if (!csp) return;
-  const directive = extractDirective(csp, "connect-src");
-  if (!directive) return;
-  if (directiveAllowsHost(directive, apiBase)) return;
-  throw new ArcPayError({
-    type: "validation_error",
-    code: "csp_blocks_api",
-    message: `CSP connect-src directive does not allow ${apiBase}. Add it to your Content-Security-Policy header.`,
-    retryable: false
-  });
-};
-
 // src/core/env.ts
 var detectEnvironment = (publishableKey) => publishableKey.startsWith("pk_test_") ? "sandbox" : "live";
 var validatePublishableKey = (key) => {
@@ -455,33 +412,27 @@ var Elements = class {
 
 // src/core/arcpay.ts
 var validatePublishableKey2 = validatePublishableKey;
-var DEFAULT_API_BASE = "https://api.arcpay.space";
 var cache = /* @__PURE__ */ new Map();
-var buildInstance = (publishableKey, opts) => {
-  var _a;
-  const apiBase = (_a = opts.apiBase) != null ? _a : DEFAULT_API_BASE;
-  verifyCspAllowsApiBase(apiBase);
+var buildInstance = (publishableKey) => {
   if (detectEnvironment(publishableKey) === "sandbox") {
     showSandboxBanner();
   }
   return {
     publishableKey,
-    apiBase,
     environment: detectEnvironment(publishableKey),
     elements: () => new Elements({ publishableKey })
   };
 };
-function load(publishableKey, opts = {}) {
-  var _a;
+function load(publishableKey) {
   try {
     validatePublishableKey2(publishableKey);
   } catch (err) {
     return Promise.reject(err);
   }
-  const key = `${publishableKey}|${(_a = opts.apiBase) != null ? _a : DEFAULT_API_BASE}`;
+  const key = publishableKey;
   const existing = cache.get(key);
   if (existing) return existing;
-  const promise = Promise.resolve(buildInstance(publishableKey, opts));
+  const promise = Promise.resolve(buildInstance(publishableKey));
   cache.set(key, promise);
   return promise;
 }
@@ -493,11 +444,7 @@ var ArcPay = {
   __resetForTests: resetForTests
 };
 var Ctx = React__namespace.createContext(null);
-var ArcPayProvider = ({
-  publishableKey,
-  apiBase,
-  children
-}) => {
+var ArcPayProvider = ({ publishableKey, children }) => {
   const [state, setState] = React__namespace.useState({
     status: "loading",
     instance: null,
@@ -505,7 +452,7 @@ var ArcPayProvider = ({
   });
   React__namespace.useEffect(() => {
     let canceled = false;
-    ArcPay.load(publishableKey, { apiBase }).then((instance) => {
+    ArcPay.load(publishableKey).then((instance) => {
       if (!canceled) setState({ status: "ready", instance, error: null });
     }).catch((error) => {
       if (!canceled)
@@ -518,7 +465,7 @@ var ArcPayProvider = ({
     return () => {
       canceled = true;
     };
-  }, [publishableKey, apiBase]);
+  }, [publishableKey]);
   return /* @__PURE__ */ jsxRuntime.jsx(Ctx.Provider, { value: state, children });
 };
 var ArcPayContext = Ctx;
@@ -529,7 +476,7 @@ var useArcPay = () => {
 };
 
 // src/react/index.ts
-var REACT_WRAPPER_VERSION = "0.1.0";
+var REACT_WRAPPER_VERSION = "0.1.2";
 
 exports.ArcPayContext = ArcPayContext;
 exports.ArcPayProvider = ArcPayProvider;