@thavguard/arc-pay 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/README.md +20 -8
  2. package/dist/{arcpay-DAwTxM9e.d.cts → arcpay-Cxgei9TD.d.cts} +3 -34
  3. package/dist/{arcpay-DAwTxM9e.d.ts → arcpay-Cxgei9TD.d.ts} +3 -34
  4. package/dist/cdn/arcpay.global.js +3 -0
  5. package/dist/cdn/arcpay.global.js.map +1 -0
  6. package/dist/index.cjs +5 -84
  7. package/dist/index.cjs.map +1 -1
  8. package/dist/index.d.cts +3 -8
  9. package/dist/index.d.ts +3 -8
  10. package/dist/index.mjs +6 -79
  11. package/dist/index.mjs.map +1 -1
  12. package/dist/react/index.cjs +8 -61
  13. package/dist/react/index.cjs.map +1 -1
  14. package/dist/react/index.d.cts +3 -3
  15. package/dist/react/index.d.ts +3 -3
  16. package/dist/react/index.mjs +8 -61
  17. package/dist/react/index.mjs.map +1 -1
  18. package/dist/server/index.cjs +15 -1
  19. package/dist/server/index.cjs.map +1 -1
  20. package/dist/server/index.d.cts +30 -3
  21. package/dist/server/index.d.ts +30 -3
  22. package/dist/server/index.mjs +15 -1
  23. package/dist/server/index.mjs.map +1 -1
  24. package/package.json +7 -1
package/README.md CHANGED
@@ -13,15 +13,14 @@ npm install @thavguard/arc-pay
13
13
  ```ts
14
14
  import { ArcPay } from "@thavguard/arc-pay/js";
15
15
 
16
- const arcpay = await ArcPay.load("pk_test_...", {
17
- apiBase: "https://api.arcpay.space",
18
- });
16
+ const arcpay = await ArcPay.load("pk_test_...");
19
17
  const elements = arcpay.elements();
20
18
  ```
21
19
 
22
20
  `ArcPay.load()` takes the publishable key as the first argument. Sandbox/live is
23
- inferred from the key prefix (`pk_test_` or `pk_live_`); pass `apiBase` only when
24
- testing against a non-default API host.
21
+ inferred from the key prefix (`pk_test_` or `pk_live_`). Hosted Fields are served
22
+ from `https://sdk.arcpay.space` and tokenize against the Arc Pay public API
23
+ configured for that iframe app.
25
24
 
26
25
  ## React Bindings
27
26
 
@@ -56,9 +55,22 @@ may use either `Authorization: Bearer <pk_...>` or `X-Api-Key: pk_...` for
56
55
  `/payments/{id}/tokenize`.
57
56
 
58
57
  `@thavguard/arc-pay/server` intentionally does not expose `tokenizeCard()`.
59
- Tokenization belongs to Hosted Fields or direct browser calls with a
60
- publishable key. Keep `sk_*` keys on your backend for payment creation,
61
- execution, capture, void, and refund operations.
58
+ Tokenization belongs to Hosted Fields. Direct browser calls with a publishable
59
+ key are only for explicitly approved raw-card forms; those forms handle
60
+ cardholder data in the merchant environment and require the applicable PCI DSS
61
+ controls before live traffic. Keep `sk_*` keys on your backend for payment
62
+ creation, execution, capture, void, refund, saved-card charges, payment links,
63
+ and checkout sessions.
64
+
65
+ Mutating server-client methods require an explicit `{ idempotencyKey }`:
66
+ `createPayment`, `executePayment`, `capturePayment`, `voidPayment`,
67
+ `createRefund`, `chargeSavedCard`, `createLink`, and
68
+ `createCheckoutSession`. Missing idempotency raises `ArcPayError` with
69
+ `code="missing_idempotency_key"` before any HTTP request is sent.
70
+
71
+ The server client accepts an optional `apiBase` only for local or isolated test
72
+ environments. Production integrations should use the default
73
+ `https://api.arcpay.space/v1`; sandbox/live is selected by the key prefix.
62
74
 
63
75
  ## License
64
76
 
package/dist/{arcpay-DAwTxM9e.d.cts → arcpay-Cxgei9TD.d.cts} RENAMED
@@ -18,41 +18,11 @@ type ParentToIframe = {
18
18
  paymentId: string;
19
19
  idempotencyKey: string;
20
20
  };
21
- type IframeToParent = {
22
- type: "arcpay:ready";
23
- } | {
24
- type: "arcpay:rejected";
25
- reason: string;
26
- } | {
27
- type: "arcpay:change";
28
- field: FieldType;
29
- isValid: boolean;
30
- brand?: string;
31
- lastFour?: string;
32
- } | {
33
- type: "arcpay:tokenize-result";
34
- cardTokenId: string;
35
- cardMask: string;
36
- cardScheme: string;
37
- cardBin: string;
38
- expiresIn: number;
39
- expiresAt: string;
40
- } | {
41
- type: "arcpay:tokenize-error";
42
- errorType: string;
43
- code?: string;
44
- message: string;
45
- };
46
21
  interface StyleSubset {
47
22
  base: Record<string, string>;
48
23
  invalid?: Record<string, string>;
49
24
  focus?: Record<string, string>;
50
25
  }
51
- declare const postToIframe: (iframe: HTMLIFrameElement, message: ParentToIframe, targetOrigin: string) => void;
52
- declare const postToParent: (message: IframeToParent, targetOrigin: string) => void;
53
- declare const parseIncoming: <T extends {
54
- type: string;
55
- }>(event: MessageEvent, expectedOrigin: string) => T | null;
56
26
 
57
27
  interface ElementOptions {
58
28
  /** StyleSubset applied via arcpay:style postMessage. */
@@ -133,18 +103,17 @@ declare class Elements {
133
103
  }
134
104
 
135
105
  interface ArcPayLoadOptions {
136
- apiBase?: string;
106
+ readonly _reserved?: never;
137
107
  }
138
108
  interface ArcPayInstance {
139
109
  readonly publishableKey: string;
140
- readonly apiBase: string;
141
110
  readonly environment: Environment;
142
111
  elements: (opts?: ElementsOptions) => Elements;
143
112
  }
144
- declare function load(publishableKey: string, opts?: ArcPayLoadOptions): Promise<ArcPayInstance>;
113
+ declare function load(publishableKey: string): Promise<ArcPayInstance>;
145
114
  declare const ArcPay: {
146
115
  load: typeof load;
147
116
  __resetForTests: () => void;
148
117
  };
149
118
 
150
- export { ArcPay as A, Element as E, type FieldType as F, type IframeToParent as I, type ParentToIframe as P, type StyleSubset as S, type TokenizeResult as T, type ArcPayInstance as a, type ArcPayLoadOptions as b, type ElementContext as c, type ElementEvent as d, type ElementOptions as e, Elements as f, type ElementsOptions as g, type Environment as h, postToIframe as i, postToParent as j, parseIncoming as p };
119
+ export { ArcPay as A, type ElementEvent as E, type FieldType as F, type TokenizeResult as T, type ArcPayInstance as a, type ArcPayLoadOptions as b, type ElementOptions as c, Elements as d, type ElementsOptions as e, type Environment as f };
package/dist/{arcpay-DAwTxM9e.d.ts → arcpay-Cxgei9TD.d.ts} RENAMED
@@ -18,41 +18,11 @@ type ParentToIframe = {
18
18
  paymentId: string;
19
19
  idempotencyKey: string;
20
20
  };
21
- type IframeToParent = {
22
- type: "arcpay:ready";
23
- } | {
24
- type: "arcpay:rejected";
25
- reason: string;
26
- } | {
27
- type: "arcpay:change";
28
- field: FieldType;
29
- isValid: boolean;
30
- brand?: string;
31
- lastFour?: string;
32
- } | {
33
- type: "arcpay:tokenize-result";
34
- cardTokenId: string;
35
- cardMask: string;
36
- cardScheme: string;
37
- cardBin: string;
38
- expiresIn: number;
39
- expiresAt: string;
40
- } | {
41
- type: "arcpay:tokenize-error";
42
- errorType: string;
43
- code?: string;
44
- message: string;
45
- };
46
21
  interface StyleSubset {
47
22
  base: Record<string, string>;
48
23
  invalid?: Record<string, string>;
49
24
  focus?: Record<string, string>;
50
25
  }
51
- declare const postToIframe: (iframe: HTMLIFrameElement, message: ParentToIframe, targetOrigin: string) => void;
52
- declare const postToParent: (message: IframeToParent, targetOrigin: string) => void;
53
- declare const parseIncoming: <T extends {
54
- type: string;
55
- }>(event: MessageEvent, expectedOrigin: string) => T | null;
56
26
 
57
27
  interface ElementOptions {
58
28
  /** StyleSubset applied via arcpay:style postMessage. */
@@ -133,18 +103,17 @@ declare class Elements {
133
103
  }
134
104
 
135
105
  interface ArcPayLoadOptions {
136
- apiBase?: string;
106
+ readonly _reserved?: never;
137
107
  }
138
108
  interface ArcPayInstance {
139
109
  readonly publishableKey: string;
140
- readonly apiBase: string;
141
110
  readonly environment: Environment;
142
111
  elements: (opts?: ElementsOptions) => Elements;
143
112
  }
144
- declare function load(publishableKey: string, opts?: ArcPayLoadOptions): Promise<ArcPayInstance>;
113
+ declare function load(publishableKey: string): Promise<ArcPayInstance>;
145
114
  declare const ArcPay: {
146
115
  load: typeof load;
147
116
  __resetForTests: () => void;
148
117
  };
149
118
 
150
- export { ArcPay as A, Element as E, type FieldType as F, type IframeToParent as I, type ParentToIframe as P, type StyleSubset as S, type TokenizeResult as T, type ArcPayInstance as a, type ArcPayLoadOptions as b, type ElementContext as c, type ElementEvent as d, type ElementOptions as e, Elements as f, type ElementsOptions as g, type Environment as h, postToIframe as i, postToParent as j, parseIncoming as p };
119
+ export { ArcPay as A, type ElementEvent as E, type FieldType as F, type TokenizeResult as T, type ArcPayInstance as a, type ArcPayLoadOptions as b, type ElementOptions as c, Elements as d, type ElementsOptions as e, type Environment as f };
package/dist/cdn/arcpay.global.js ADDED
@@ -0,0 +1,3 @@
1
+ var ArcPay=(function(exports){'use strict';var n=class extends Error{constructor(t){super(t.message),this.name="ArcPayError",this.type=t.type,this.code=t.code,this.param=t.param,this.paymentId=t.paymentId,this.declineCode=t.declineCode,this.retryable=t.retryable,this.requestId=t.requestId;}},T=e=>e instanceof n&&e.type==="validation_error",I=e=>e instanceof n&&e.type==="authentication_error",P=e=>e instanceof n&&e.type==="authorization_error",A=e=>e instanceof n&&e.type==="state_error",z=e=>e instanceof n&&e.type==="rate_limit_error",S=e=>e instanceof n&&e.type==="api_error",R=e=>e instanceof n&&e.type==="network_error",M=e=>e instanceof n&&e.type==="challenge_aborted";var f=e=>e.startsWith("pk_test_")?"sandbox":"live",x=e=>{if(typeof e!="string"||e.length===0)throw new n({type:"validation_error",code:"invalid_publishable_key",message:"Publishable key must be a non-empty string",retryable:false});if(!e.startsWith("pk_test_")&&!e.startsWith("pk_live_"))throw new n({type:"validation_error",code:"invalid_publishable_key",message:"Publishable key must start with pk_test_ or pk_live_. Secret keys (sk_*) cannot be used in browser.",retryable:false})};var w="data-arcpay-sandbox-banner",_=()=>{if(typeof document=="undefined"||document.querySelector(`[${w}]`))return;let e=document.createElement("div");e.setAttribute(w,""),e.style.cssText="position:fixed;top:0;left:0;right:0;z-index:2147483647;background:#ffd166;color:#222;font:13px/1.4 system-ui,sans-serif;padding:6px 12px;display:flex;align-items:center;justify-content:center;box-shadow:0 1px 3px rgba(0,0,0,0.1);";let t=document.createElement("span");t.textContent="ARC PAY TEST MODE \u2014 payments are simulated",e.appendChild(t);let r=document.createElement("button");r.type="button",r.setAttribute("data-arcpay-banner-dismiss",""),r.textContent="\xD7",r.setAttribute("aria-label","Dismiss test mode banner"),r.style.cssText="margin-left:12px;background:transparent;border:0;font-size:18px;cursor:pointer;color:inherit;",r.addEventListener("click",()=>e.remove()),e.appendChild(r),document.body.appendChild(e);};var C="arcpay:",F=e=>typeof e=="object"&&e!==null&&"type"in e&&typeof e.type=="string"&&e.type.startsWith(C),u=(e,t,r)=>{if(r==="*")throw new n({type:"validation_error",code:"wildcard_origin_forbidden",message:"postToIframe: targetOrigin cannot be '*'",retryable:false});if(!e.contentWindow)throw new n({type:"validation_error",code:"iframe_not_loaded",message:"postToIframe: iframe.contentWindow is null (iframe not mounted)",retryable:false});e.contentWindow.postMessage(t,r);};var y=(e,t)=>e.origin!==t||!F(e.data)?null:e.data;var L=new Set(["position","transform","pointer-events","z-index","top","left","right","bottom","inset"]),g=e=>{let t={};for(let[r,o]of Object.entries(e)){let s=r.toLowerCase();L.has(s)||(t[r]=o);}return t},h=e=>{let t={base:g(e.base)};return e.invalid!==void 0&&(t.invalid=g(e.invalid)),e.focus!==void 0&&(t.focus=g(e.focus)),t};var m=class{constructor(t,r,o){this.field=t;this.options=r;this.context=o;this.iframe=null;this.listeners=new Set;this.status="pending";this.messageHandler=null;}mount(t){if(this.iframe)throw new n({type:"validation_error",code:"already_mounted",message:`Element ${this.field} is already mounted`,retryable:false});let r=typeof t=="string"?document.querySelector(t):t;if(!(r instanceof HTMLElement))throw new n({type:"validation_error",code:"mount_target_not_found",message:`mount target not found: ${String(t)}`,retryable:false});let o=document.createElement("iframe");o.src=`${this.context.iframeBase}/iframe/${this.field}`,o.style.cssText="border:0;width:100%;height:100%;display:block;",o.setAttribute("allow","payment"),o.setAttribute("data-arcpay-element",this.field),r.appendChild(o),this.iframe=o;let s=new URL(this.context.iframeBase).origin;this.messageHandler=a=>{var l;if(a.source!==((l=this.iframe)==null?void 0:l.contentWindow))return;let d=y(a,s);d&&this.handleMessage(d);},window.addEventListener("message",this.messageHandler),o.addEventListener("load",()=>{if(!this.iframe)return;let a={type:"arcpay:hello",origin:window.location.origin,publishableKey:this.context.publishableKey,channelId:this.context.channelId};u(this.iframe,a,s);},{once:true});}handleMessage(t){t.type==="arcpay:ready"?(this.status="ready",this.options.style&&this.send({type:"arcpay:style",payload:h(this.options.style)}),this.emit({type:"ready"})):t.type==="arcpay:rejected"?(this.status="error",this.emit({type:"error",reason:t.reason})):t.type==="arcpay:change"&&t.field===this.field&&this.emit({type:"change",isValid:t.isValid,brand:t.brand,lastFour:t.lastFour});}update(t){t.style&&this.send({type:"arcpay:style",payload:h(t.style)});}destroy(){this.iframe&&(this.iframe.remove(),this.iframe=null),this.messageHandler&&(window.removeEventListener("message",this.messageHandler),this.messageHandler=null),this.listeners.clear(),this.status="pending";}on(t,r){return this.listeners.add(r),()=>this.listeners.delete(r)}focus(){this.send({type:"arcpay:focus"});}clear(){this.send({type:"arcpay:clear"});}isReady(){return this.status==="ready"}getIframeContentWindow(){var t,r;return (r=(t=this.iframe)==null?void 0:t.contentWindow)!=null?r:null}send(t){if(!this.iframe)throw new n({type:"validation_error",code:"not_mounted",message:`Element ${this.field} is not mounted`,retryable:false});u(this.iframe,t,new URL(this.context.iframeBase).origin);}emit(t){for(let r of this.listeners)r(t);}};var B="https://sdk.arcpay.space",O=()=>{var e;if(!((e=globalThis.crypto)!=null&&e.randomUUID))throw new n({type:"validation_error",code:"crypto_unavailable",message:"crypto.randomUUID is required for Hosted Fields",retryable:false});return globalThis.crypto.randomUUID()},p=class{constructor(t){this.elementMap=new Map;this.tokenizeInFlight=false;var r;this.publishableKey=t.publishableKey,this.iframeBase=(r=t.iframeBase)!=null?r:B,this.channelId=O();}create(t,r={}){if(this.elementMap.has(t))throw new n({type:"validation_error",code:"duplicate_element",message:`Element for ${t} already created`,retryable:false});let o={iframeBase:this.iframeBase,publishableKey:this.publishableKey,channelId:this.channelId},s=new m(t,r,o);return this.elementMap.set(t,s),s}async tokenize(t,r){if(this.tokenizeInFlight)throw new n({type:"validation_error",code:"tokenize_in_progress",message:"A tokenize() call is already in progress for this Elements instance",retryable:false});let o=this.elementMap.get("cardNumber"),s=this.elementMap.get("cardExpiry"),a=this.elementMap.get("cardCvv");if(!o||!s||!a)throw new n({type:"validation_error",code:"incomplete_elements",message:"All three elements (cardNumber, cardExpiry, cardCvv) must be created and mounted before tokenize()",retryable:false});if(!o.isReady()||!s.isReady()||!a.isReady())throw new n({type:"validation_error",code:"elements_not_ready",message:"Wait for all elements to fire 'ready' event before tokenize()",retryable:false});this.tokenizeInFlight=true;try{return await this.doTokenize(o,t,r)}finally{this.tokenizeInFlight=false;}}doTokenize(t,r,o){let s=new URL(this.iframeBase).origin,a=t.getIframeContentWindow();return new Promise((d,l)=>{let E=window.setTimeout(()=>{window.removeEventListener("message",c),l(new n({type:"network_error",code:"tokenize_timeout",message:"tokenize() timed out after 30 seconds",retryable:true,paymentId:r}));},3e4),c=v=>{if(a!==null&&v.source!==a)return;let i=y(v,s);if(i){if(i.type==="arcpay:tokenize-result")clearTimeout(E),window.removeEventListener("message",c),d({cardTokenId:i.cardTokenId,cardMask:i.cardMask,cardScheme:i.cardScheme,cardBin:i.cardBin,expiresIn:i.expiresIn,expiresAt:i.expiresAt});else if(i.type==="arcpay:tokenize-error"){clearTimeout(E),window.removeEventListener("message",c);let k=i.errorType==="validation_error"||i.errorType==="api_error"?i.errorType:"api_error";l(new n({type:k,code:i.code,message:i.message,retryable:false,paymentId:r}));}}};window.addEventListener("message",c),t.send({type:"arcpay:tokenize",paymentId:r,idempotencyKey:o});})}destroy(){for(let t of this.elementMap.values())t.destroy();this.elementMap.clear();}};var W=x,b=new Map,K=e=>(f(e)==="sandbox"&&_(),{publishableKey:e,environment:f(e),elements:()=>new p({publishableKey:e})});function H(e){try{W(e);}catch(s){return Promise.reject(s)}let t=e,r=b.get(t);if(r)return r;let o=Promise.resolve(K(e));return b.set(t,o),o}var U=()=>{b.clear();},D={load:H,__resetForTests:U};var le="0.1.3";
2
+ exports.ArcPay=D;exports.ArcPayError=n;exports.Elements=p;exports.SDK_VERSION=le;exports.isApiError=S;exports.isAuthenticationError=I;exports.isAuthorizationError=P;exports.isChallengeAborted=M;exports.isNetworkError=R;exports.isRateLimitError=z;exports.isStateError=A;exports.isValidationError=T;return exports;})({});//# sourceMappingURL=arcpay.global.js.map
3
+ //# sourceMappingURL=arcpay.global.js.map
package/dist/cdn/arcpay.global.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../src/core/errors.ts","../../src/core/env.ts","../../src/core/sandbox-banner.ts","../../src/elements/postmessage.ts","../../src/elements/style.ts","../../src/elements/element.ts","../../src/elements/elements.ts","../../src/core/arcpay.ts","../../src/index.ts"],"names":["ArcPayError","init","isValidationError","isAuthenticationError","isAuthorizationError","isStateError","isRateLimitError","isApiError","isNetworkError","isChallengeAborted","detectEnvironment","publishableKey","validatePublishableKey","key","BANNER_ATTR","showSandboxBanner","bar","text","dismiss","ARCPAY_TYPE_PREFIX","isArcpayMessage","data","postToIframe","iframe","message","targetOrigin","parseIncoming","event","expectedOrigin","FORBIDDEN_PROPERTIES","sanitizeBlock","block","out","value","normalizedKey","sanitizeStyle","style","result","Element","field","options","context","target","container","_a","hello","_event","callback","_b","listener","DEFAULT_IFRAME_BASE","createChannelId","Elements","opts","ctx","element","paymentId","idempotencyKey","cardNumber","cardExpiry","cardCvv","iframeOrigin","cardIframeWindow","resolve","reject","timer","onMessage","errType","el","cache","buildInstance","load","err","existing","promise","resetForTests","ArcPay","SDK_VERSION"],"mappings":"2CAqBO,IAAMA,EAAN,cAA0B,KAAM,CASrC,WAAA,CAAYC,EAAuB,CACjC,KAAA,CAAMA,CAAAA,CAAK,OAAO,EAClB,IAAA,CAAK,IAAA,CAAO,cACZ,IAAA,CAAK,IAAA,CAAOA,EAAK,IAAA,CACjB,IAAA,CAAK,IAAA,CAAOA,CAAAA,CAAK,KACjB,IAAA,CAAK,KAAA,CAAQA,CAAAA,CAAK,KAAA,CAClB,KAAK,SAAA,CAAYA,CAAAA,CAAK,SAAA,CACtB,IAAA,CAAK,YAAcA,CAAAA,CAAK,WAAA,CACxB,KAAK,SAAA,CAAYA,CAAAA,CAAK,UACtB,IAAA,CAAK,SAAA,CAAYA,CAAAA,CAAK,UACxB,CACF,CAAA,CAEaC,CAAAA,CAAqB,CAAA,EAChC,CAAA,YAAaF,GAAe,CAAA,CAAE,IAAA,GAAS,kBAAA,CAC5BG,CAAAA,CAAyB,GACpC,CAAA,YAAaH,CAAAA,EAAe,EAAE,IAAA,GAAS,sBAAA,CAC5BI,EAAwB,CAAA,EACnC,CAAA,YAAaJ,CAAAA,EAAe,CAAA,CAAE,OAAS,qBAAA,CAC5BK,CAAAA,CAAgB,GAC3B,CAAA,YAAaL,CAAAA,EAAe,EAAE,IAAA,GAAS,aAAA,CAC5BM,CAAAA,CAAoB,CAAA,EAC/B,aAAaN,CAAAA,EAAe,CAAA,CAAE,OAAS,kBAAA,CAC5BO,CAAAA,CAAc,GACzB,CAAA,YAAaP,CAAAA,EAAe,CAAA,CAAE,IAAA,GAAS,YAC5BQ,CAAAA,CAAkB,CAAA,EAC7B,CAAA,YAAaR,CAAAA,EAAe,EAAE,IAAA,GAAS,eAAA,CAC5BS,CAAAA,CAAsB,CAAA,EACjC,aAAaT,CAAAA,EAAe,CAAA,CAAE,OAAS,oBCtDlC,IAAMU,EAAqBC,CAAAA,EAChCA,CAAAA,CAAe,UAAA,CAAW,UAAU,EAAI,SAAA,CAAY,MAAA,CAEzCC,EAA0BC,CAAAA,EAAwC,CAC7E,GAAI,OAAOA,CAAAA,EAAQ,QAAA,EAAYA,CAAAA,CAAI,SAAW,CAAA,CAC5C,MAAM,IAAIb,CAAAA,CAAY,CACpB,KAAM,kBAAA,CACN,IAAA,CAAM,yBAAA,CACN,OAAA,CAAS,6CACT,SAAA,CAAW,KACb,CAAC,CAAA,CAEH,GAAI,CAACa,CAAAA,CAAI,UAAA,CAAW,UAAU,GAAK,CAACA,CAAAA,CAAI,WAAW,UAAU,CAAA,CAC3D,MAAM,IAAIb,CAAAA,CAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,yBAAA,CACN,QACE,qGAAA,CACF,SAAA,CAAW,KACb,CAAC,CAEL,CAAA,CCzBA,IAAMc,EAAc,4BAAA,CAEPC,CAAAA,CAAoB,IAAY,CAE3C,GADI,OAAO,QAAA,EAAa,WAAA,EACpB,QAAA,CAAS,aAAA,CAAc,IAAID,CAAW,CAAA,CAAA,CAAG,CAAA,CAAG,OAEhD,IAAME,CAAAA,CAAM,QAAA,CAAS,aAAA,CAAc,KAAK,EACxCA,CAAAA,CAAI,YAAA,CAAaF,EAAa,EAAE,CAAA,CAChCE,EAAI,KAAA,CAAM,OAAA,CACR,uOAAA,CAEF,IAAMC,EAAO,QAAA,CAAS,aAAA,CAAc,MAAM,CAAA,CAC1CA,EAAK,WAAA,CAAc,iDAAA,CACnBD,CAAAA,CAAI,WAAA,CAAYC,CAAI,CAAA,CAEpB,IAAMC,EAAU,QAAA,CAAS,aAAA,CAAc,QAAQ,CAAA,CAC/CA,CAAAA,CAAQ,IAAA,CAAO,QAAA,CACfA,EAAQ,YAAA,CAAa,4BAAA,CAA8B,EAAE,CAAA,CACrDA,EAAQ,WAAA,CAAc,MAAA,CACtBA,CAAAA,CAAQ,YAAA,CAAa,aAAc,0BAA0B,CAAA,CAC7DA,EAAQ,KAAA,CAAM,OAAA,CACZ,gGACFA,CAAAA,CAAQ,gBAAA,CAAiB,OAAA,CAAS,IAAMF,EAAI,MAAA,EAAQ,EACpDA,CAAAA,CAAI,WAAA,CAAYE,CAAO,CAAA,CAEvB,QAAA,CAAS,IAAA,CAAK,WAAA,CAAYF,CAAG,EAC/B,CAAA,CCcA,IAAMG,CAAAA,CAAqB,SAAA,CAErBC,EAAmBC,CAAAA,EACvB,OAAOA,CAAAA,EAAS,QAAA,EAChBA,IAAS,IAAA,EACT,MAAA,GAAUA,CAAAA,EACV,OAAQA,EAA2B,IAAA,EAAS,QAAA,EAC3CA,CAAAA,CAA0B,IAAA,CAAK,WAAWF,CAAkB,CAAA,CAElDG,EAAe,CAC1BC,CAAAA,CACAC,EACAC,CAAAA,GACS,CACT,GAAIA,CAAAA,GAAiB,IACnB,MAAM,IAAIzB,EAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,2BAAA,CACN,OAAA,CAAS,0CAAA,CACT,UAAW,KACb,CAAC,EAEH,GAAI,CAACuB,EAAO,aAAA,CACV,MAAM,IAAIvB,CAAAA,CAAY,CACpB,IAAA,CAAM,kBAAA,CACN,IAAA,CAAM,mBAAA,CACN,QAAS,iEAAA,CACT,SAAA,CAAW,KACb,CAAC,EAEHuB,CAAAA,CAAO,aAAA,CAAc,YAAYC,CAAAA,CAASC,CAAY,EACxD,CAAA,CASO,IAAMC,CAAAA,CAAgB,CAC3BC,EACAC,CAAAA,GAEID,CAAAA,CAAM,SAAWC,CAAAA,EACjB,CAACR,EAAgBO,CAAAA,CAAM,IAAI,CAAA,CAAU,IAAA,CAClCA,EAAM,IAAA,CC/Ef,IAAME,EAAuB,IAAI,GAAA,CAAI,CACnC,UAAA,CACA,WAAA,CACA,gBAAA,CACA,SAAA,CACA,MACA,MAAA,CACA,OAAA,CACA,QAAA,CACA,OACF,CAAC,CAAA,CAEKC,CAAAA,CAAiBC,CAAAA,EAA0D,CAC/E,IAAMC,CAAAA,CAA8B,GACpC,IAAA,GAAW,CAACnB,EAAKoB,CAAK,CAAA,GAAK,MAAA,CAAO,OAAA,CAAQF,CAAK,CAAA,CAAG,CAChD,IAAMG,CAAAA,CAAgBrB,EAAI,WAAA,EAAY,CAClCgB,CAAAA,CAAqB,GAAA,CAAIK,CAAa,CAAA,GAI1CF,CAAAA,CAAInB,CAAG,CAAA,CAAIoB,CAAAA,EACb,CACA,OAAOD,CACT,CAAA,CAEaG,CAAAA,CAAiBC,GAAoC,CAChE,IAAMC,CAAAA,CAAsB,CAAE,KAAMP,CAAAA,CAAcM,CAAAA,CAAM,IAAI,CAAE,EAC9D,OAAIA,CAAAA,CAAM,UAAY,MAAA,GAAWC,CAAAA,CAAO,QAAUP,CAAAA,CAAcM,CAAAA,CAAM,OAAO,CAAA,CAAA,CACzEA,EAAM,KAAA,GAAU,MAAA,GAAWC,EAAO,KAAA,CAAQP,CAAAA,CAAcM,EAAM,KAAK,CAAA,CAAA,CAChEC,CACT,CAAA,CCPO,IAAMC,CAAAA,CAAN,KAAc,CAMnB,WAAA,CACkBC,CAAAA,CACCC,EACAC,CAAAA,CACjB,CAHgB,IAAA,CAAA,KAAA,CAAAF,CAAAA,CACC,aAAAC,CAAAA,CACA,IAAA,CAAA,OAAA,CAAAC,CAAAA,CARnB,IAAA,CAAQ,OAAmC,IAAA,CAC3C,IAAA,CAAiB,SAAA,CAAY,IAAI,IACjC,IAAA,CAAQ,MAAA,CAAwC,UAChD,IAAA,CAAQ,cAAA,CAAqD,KAM1D,CAEH,KAAA,CAAMC,CAAAA,CAAoC,CACxC,GAAI,IAAA,CAAK,MAAA,CACP,MAAM,IAAI1C,CAAAA,CAAY,CACpB,IAAA,CAAM,kBAAA,CACN,IAAA,CAAM,iBAAA,CACN,QAAS,CAAA,QAAA,EAAW,IAAA,CAAK,KAAK,CAAA,mBAAA,CAAA,CAC9B,SAAA,CAAW,KACb,CAAC,CAAA,CAEH,IAAM2C,CAAAA,CAAY,OAAOD,CAAAA,EAAW,QAAA,CAAW,QAAA,CAAS,aAAA,CAAcA,CAAM,CAAA,CAAIA,CAAAA,CAChF,GAAI,EAAEC,aAAqB,WAAA,CAAA,CACzB,MAAM,IAAI3C,CAAAA,CAAY,CACpB,KAAM,kBAAA,CACN,IAAA,CAAM,wBAAA,CACN,OAAA,CAAS,2BAA2B,MAAA,CAAO0C,CAAM,CAAC,CAAA,CAAA,CAClD,SAAA,CAAW,KACb,CAAC,CAAA,CAGH,IAAMnB,CAAAA,CAAS,SAAS,aAAA,CAAc,QAAQ,EAC9CA,CAAAA,CAAO,GAAA,CAAM,GAAG,IAAA,CAAK,OAAA,CAAQ,UAAU,CAAA,QAAA,EAAW,KAAK,KAAK,CAAA,CAAA,CAC5DA,CAAAA,CAAO,KAAA,CAAM,QAAU,gDAAA,CACvBA,CAAAA,CAAO,YAAA,CAAa,OAAA,CAAS,SAAS,CAAA,CACtCA,CAAAA,CAAO,aAAa,qBAAA,CAAuB,IAAA,CAAK,KAAK,CAAA,CACrDoB,CAAAA,CAAU,WAAA,CAAYpB,CAAM,EAC5B,IAAA,CAAK,MAAA,CAASA,CAAAA,CAEd,IAAMK,EAAiB,IAAI,GAAA,CAAI,IAAA,CAAK,OAAA,CAAQ,UAAU,CAAA,CAAE,MAAA,CAExD,KAAK,cAAA,CAAkBD,CAAAA,EAAwB,CAvEnD,IAAAiB,CAAAA,CA2EM,GAAIjB,CAAAA,CAAM,WAAWiB,CAAAA,CAAA,IAAA,CAAK,MAAA,GAAL,IAAA,CAAA,MAAA,CAAAA,EAAa,aAAA,CAAA,CAAe,OAEjD,IAAMvB,CAAAA,CAAOK,EAA8BC,CAAAA,CAAOC,CAAc,EAC3DP,CAAAA,EACL,IAAA,CAAK,cAAcA,CAAI,EACzB,CAAA,CACA,MAAA,CAAO,iBAAiB,SAAA,CAAW,IAAA,CAAK,cAAc,CAAA,CAEtDE,CAAAA,CAAO,iBACL,MAAA,CACA,IAAM,CACJ,GAAI,CAAC,IAAA,CAAK,MAAA,CAAQ,OAClB,IAAMsB,CAAAA,CAAwB,CAC5B,IAAA,CAAM,cAAA,CACN,MAAA,CAAQ,MAAA,CAAO,SAAS,MAAA,CACxB,cAAA,CAAgB,IAAA,CAAK,OAAA,CAAQ,eAC7B,SAAA,CAAW,IAAA,CAAK,OAAA,CAAQ,SAC1B,EACAvB,CAAAA,CAAa,IAAA,CAAK,OAAQuB,CAAAA,CAAOjB,CAAc,EACjD,CAAA,CACA,CAAE,IAAA,CAAM,IAAK,CACf,EACF,CAEQ,cAAcP,CAAAA,CAA4B,CAC5CA,EAAK,IAAA,GAAS,cAAA,EAChB,IAAA,CAAK,MAAA,CAAS,QAEV,IAAA,CAAK,OAAA,CAAQ,OACf,IAAA,CAAK,IAAA,CAAK,CAAE,IAAA,CAAM,cAAA,CAAgB,OAAA,CAASc,CAAAA,CAAc,KAAK,OAAA,CAAQ,KAAK,CAAE,CAAC,EAEhF,IAAA,CAAK,IAAA,CAAK,CAAE,IAAA,CAAM,OAAQ,CAAC,CAAA,EAClBd,EAAK,IAAA,GAAS,iBAAA,EACvB,KAAK,MAAA,CAAS,OAAA,CACd,IAAA,CAAK,IAAA,CAAK,CAAE,IAAA,CAAM,OAAA,CAAS,OAAQA,CAAAA,CAAK,MAAO,CAAC,CAAA,EACvCA,CAAAA,CAAK,IAAA,GAAS,eAAA,EAAmBA,EAAK,KAAA,GAAU,IAAA,CAAK,OAC9D,IAAA,CAAK,IAAA,CAAK,CACR,IAAA,CAAM,QAAA,CACN,OAAA,CAASA,CAAAA,CAAK,QACd,KAAA,CAAOA,CAAAA,CAAK,KAAA,CACZ,QAAA,CAAUA,EAAK,QACjB,CAAC,EAGL,CAEA,OAAOmB,CAAAA,CAAwC,CACzCA,EAAQ,KAAA,EACV,IAAA,CAAK,KAAK,CAAE,IAAA,CAAM,cAAA,CAAgB,OAAA,CAASL,EAAcK,CAAAA,CAAQ,KAAK,CAAE,CAAC,EAE7E,CAEA,OAAA,EAAgB,CACV,IAAA,CAAK,SACP,IAAA,CAAK,MAAA,CAAO,QAAO,CACnB,IAAA,CAAK,OAAS,IAAA,CAAA,CAEZ,IAAA,CAAK,cAAA,GACP,MAAA,CAAO,oBAAoB,SAAA,CAAW,IAAA,CAAK,cAAc,CAAA,CACzD,KAAK,cAAA,CAAiB,IAAA,CAAA,CAExB,IAAA,CAAK,SAAA,CAAU,OAAM,CACrB,IAAA,CAAK,OAAS,UAChB,CAEA,GAAGM,CAAAA,CAAsCC,CAAAA,CAAgC,CACvE,OAAA,IAAA,CAAK,UAAU,GAAA,CAAIA,CAAQ,EACpB,IAAM,IAAA,CAAK,UAAU,MAAA,CAAOA,CAAQ,CAC7C,CAEA,OAAc,CACZ,IAAA,CAAK,KAAK,CAAE,IAAA,CAAM,cAAe,CAAC,EACpC,CAEA,KAAA,EAAc,CACZ,IAAA,CAAK,IAAA,CAAK,CAAE,IAAA,CAAM,cAAe,CAAC,EACpC,CAEA,OAAA,EAAmB,CACjB,OAAO,IAAA,CAAK,SAAW,OACzB,CAOA,wBAAwC,CAlK1C,IAAAH,CAAAA,CAAAI,CAAAA,CAmKI,QAAOA,CAAAA,CAAAA,CAAAJ,CAAAA,CAAA,KAAK,MAAA,GAAL,IAAA,CAAA,MAAA,CAAAA,EAAa,aAAA,GAAb,IAAA,CAAAI,CAAAA,CAA8B,IACvC,CAGA,IAAA,CAAKxB,CAAAA,CAA+B,CAClC,GAAI,CAAC,KAAK,MAAA,CACR,MAAM,IAAIxB,CAAAA,CAAY,CACpB,IAAA,CAAM,kBAAA,CACN,IAAA,CAAM,aAAA,CACN,QAAS,CAAA,QAAA,EAAW,IAAA,CAAK,KAAK,CAAA,eAAA,CAAA,CAC9B,UAAW,KACb,CAAC,EAEHsB,CAAAA,CAAa,IAAA,CAAK,OAAQE,CAAAA,CAAS,IAAI,GAAA,CAAI,IAAA,CAAK,QAAQ,UAAU,CAAA,CAAE,MAAM,EAC5E,CAEQ,KAAKG,CAAAA,CAA2B,CACtC,IAAA,IAAWsB,CAAAA,IAAY,KAAK,SAAA,CAC1BA,CAAAA,CAAStB,CAAK,EAElB,CACF,EC9KA,IAAMuB,CAAAA,CAAsB,0BAAA,CAEtBC,CAAAA,CAAkB,IAAc,CAZtC,IAAAP,CAAAA,CAaE,GAAI,GAACA,CAAAA,CAAA,UAAA,CAAW,MAAA,GAAX,IAAA,EAAAA,EAAmB,UAAA,CAAA,CACtB,MAAM,IAAI5C,CAAAA,CAAY,CACpB,KAAM,kBAAA,CACN,IAAA,CAAM,oBAAA,CACN,OAAA,CAAS,kDACT,SAAA,CAAW,KACb,CAAC,CAAA,CAEH,OAAO,UAAA,CAAW,MAAA,CAAO,UAAA,EAC3B,EAEaoD,CAAAA,CAAN,KAAe,CAOpB,WAAA,CAAYC,CAAAA,CAAuD,CANnE,IAAA,CAAiB,UAAA,CAAa,IAAI,GAAA,CAIlC,KAAQ,gBAAA,CAAmB,KAAA,CA7B7B,IAAAT,CAAAA,CAgCI,KAAK,cAAA,CAAiBS,CAAAA,CAAK,cAAA,CAC3B,IAAA,CAAK,YAAaT,CAAAA,CAAAS,CAAAA,CAAK,aAAL,IAAA,CAAAT,CAAAA,CAAmBM,EACrC,IAAA,CAAK,SAAA,CAAYC,CAAAA,GACnB,CAEA,MAAA,CAAOZ,CAAAA,CAAkBC,EAA0B,EAAC,CAAY,CAC9D,GAAI,IAAA,CAAK,UAAA,CAAW,GAAA,CAAID,CAAK,CAAA,CAC3B,MAAM,IAAIvC,CAAAA,CAAY,CACpB,KAAM,kBAAA,CACN,IAAA,CAAM,mBAAA,CACN,OAAA,CAAS,eAAeuC,CAAK,CAAA,gBAAA,CAAA,CAC7B,SAAA,CAAW,KACb,CAAC,CAAA,CAEH,IAAMe,CAAAA,CAAsB,CAC1B,WAAY,IAAA,CAAK,UAAA,CACjB,eAAgB,IAAA,CAAK,cAAA,CACrB,UAAW,IAAA,CAAK,SAClB,CAAA,CACMC,CAAAA,CAAU,IAAIjB,CAAAA,CAAQC,CAAAA,CAAOC,EAASc,CAAG,CAAA,CAC/C,YAAK,UAAA,CAAW,GAAA,CAAIf,CAAAA,CAAOgB,CAAO,EAC3BA,CACT,CAEA,MAAM,QAAA,CAASC,CAAAA,CAAmBC,EAAiD,CAEjF,GAAI,IAAA,CAAK,gBAAA,CACP,MAAM,IAAIzD,CAAAA,CAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,sBAAA,CACN,OAAA,CAAS,qEAAA,CACT,UAAW,KACb,CAAC,EAGH,IAAM0D,CAAAA,CAAa,KAAK,UAAA,CAAW,GAAA,CAAI,YAAY,CAAA,CAC7CC,EAAa,IAAA,CAAK,UAAA,CAAW,IAAI,YAAY,CAAA,CAC7CC,EAAU,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,SAAS,EAE7C,GAAI,CAACF,GAAc,CAACC,CAAAA,EAAc,CAACC,CAAAA,CACjC,MAAM,IAAI5D,CAAAA,CAAY,CACpB,IAAA,CAAM,kBAAA,CACN,IAAA,CAAM,qBAAA,CACN,QACE,oGAAA,CACF,SAAA,CAAW,KACb,CAAC,EAEH,GAAI,CAAC0D,EAAW,OAAA,EAAQ,EAAK,CAACC,CAAAA,CAAW,OAAA,EAAQ,EAAK,CAACC,EAAQ,OAAA,EAAQ,CACrE,MAAM,IAAI5D,EAAY,CACpB,IAAA,CAAM,kBAAA,CACN,IAAA,CAAM,qBACN,OAAA,CAAS,+DAAA,CACT,UAAW,KACb,CAAC,EAGH,IAAA,CAAK,gBAAA,CAAmB,IAAA,CACxB,GAAI,CACF,OAAO,MAAM,IAAA,CAAK,UAAA,CAAW0D,EAAYF,CAAAA,CAAWC,CAAc,CACpE,CAAA,OAAE,CACA,IAAA,CAAK,gBAAA,CAAmB,MAC1B,CACF,CAEQ,WACNC,CAAAA,CACAF,CAAAA,CACAC,CAAAA,CACyB,CACzB,IAAMI,CAAAA,CAAe,IAAI,IAAI,IAAA,CAAK,UAAU,EAAE,MAAA,CAGxCC,CAAAA,CAAmBJ,CAAAA,CAAW,sBAAA,GAEpC,OAAO,IAAI,QAAwB,CAACK,CAAAA,CAASC,IAAW,CAEtD,IAAMC,CAAAA,CAAQ,MAAA,CAAO,WAAW,IAAM,CACpC,MAAA,CAAO,mBAAA,CAAoB,UAAWC,CAAS,CAAA,CAC/CF,CAAAA,CACE,IAAIhE,EAAY,CACd,IAAA,CAAM,gBACN,IAAA,CAAM,kBAAA,CACN,QAAS,uCAAA,CACT,SAAA,CAAW,IAAA,CACX,SAAA,CAAAwD,CACF,CAAC,CACH,EACF,CAAA,CAAG,GAAM,EAEHU,CAAAA,CAAavC,CAAAA,EAAwB,CAEzC,GAAImC,IAAqB,IAAA,EAAQnC,CAAAA,CAAM,SAAWmC,CAAAA,CAAkB,OAEpE,IAAMzC,CAAAA,CAAOK,CAAAA,CAA8BC,CAAAA,CAAOkC,CAAY,EAC9D,GAAKxC,CAAAA,CAAAA,CAEL,GAAIA,CAAAA,CAAK,OAAS,wBAAA,CAChB,YAAA,CAAa4C,CAAK,CAAA,CAClB,OAAO,mBAAA,CAAoB,SAAA,CAAWC,CAAS,CAAA,CAC/CH,CAAAA,CAAQ,CACN,WAAA,CAAa1C,CAAAA,CAAK,WAAA,CAClB,QAAA,CAAUA,EAAK,QAAA,CACf,UAAA,CAAYA,EAAK,UAAA,CACjB,OAAA,CAASA,EAAK,OAAA,CACd,SAAA,CAAWA,CAAAA,CAAK,SAAA,CAChB,UAAWA,CAAAA,CAAK,SAClB,CAAC,CAAA,CAAA,KAAA,GACQA,CAAAA,CAAK,OAAS,uBAAA,CAAyB,CAChD,YAAA,CAAa4C,CAAK,EAClB,MAAA,CAAO,mBAAA,CAAoB,SAAA,CAAWC,CAAS,EAC/C,IAAMC,CAAAA,CACJ9C,CAAAA,CAAK,SAAA,GAAc,oBAAsBA,CAAAA,CAAK,SAAA,GAAc,YACxDA,CAAAA,CAAK,SAAA,CACL,YACN2C,CAAAA,CACE,IAAIhE,CAAAA,CAAY,CACd,KAAMmE,CAAAA,CACN,IAAA,CAAM9C,CAAAA,CAAK,IAAA,CACX,QAASA,CAAAA,CAAK,OAAA,CACd,SAAA,CAAW,KAAA,CACX,UAAAmC,CACF,CAAC,CACH,EACF,CAAA,CACF,EAEA,MAAA,CAAO,gBAAA,CAAiB,SAAA,CAAWU,CAAS,EAC5CR,CAAAA,CAAW,IAAA,CAAK,CAAE,IAAA,CAAM,kBAAmB,SAAA,CAAAF,CAAAA,CAAW,cAAA,CAAAC,CAAe,CAAC,EACxE,CAAC,CACH,CAEA,OAAA,EAAgB,CACd,IAAA,IAAWW,CAAAA,IAAM,IAAA,CAAK,UAAA,CAAW,QAAO,CACtCA,CAAAA,CAAG,SAAQ,CAEb,IAAA,CAAK,WAAW,KAAA,GAClB,CACF,EClKA,IAAMxD,CAAAA,CAAkEA,CAAAA,CAYlEyD,EAAQ,IAAI,GAAA,CAEZC,EAAiB3D,CAAAA,GACjBD,CAAAA,CAAkBC,CAAc,CAAA,GAAM,WACxCI,CAAAA,EAAkB,CAEb,CACL,cAAA,CAAAJ,EACA,WAAA,CAAaD,CAAAA,CAAkBC,CAAc,CAAA,CAC7C,SAAU,IAAM,IAAIyC,EAAS,CAAE,cAAA,CAAAzC,CAAe,CAAC,CACjD,CAAA,CAAA,CAGF,SAAS4D,EAAK5D,CAAAA,CAAiD,CAC7D,GAAI,CACFC,CAAAA,CAAuBD,CAAc,EACvC,CAAA,MAAS6D,CAAAA,CAAK,CACZ,OAAO,OAAA,CAAQ,MAAA,CAAOA,CAAG,CAC3B,CACA,IAAM3D,CAAAA,CAAMF,CAAAA,CACN8D,CAAAA,CAAWJ,CAAAA,CAAM,IAAIxD,CAAG,CAAA,CAC9B,GAAI4D,CAAAA,CAAU,OAAOA,CAAAA,CACrB,IAAMC,CAAAA,CAAU,OAAA,CAAQ,QAAQJ,CAAAA,CAAc3D,CAAc,CAAC,CAAA,CAC7D,OAAA0D,EAAM,GAAA,CAAIxD,CAAAA,CAAK6D,CAAO,CAAA,CACfA,CACT,CAEA,IAAMC,EAAgB,IAAY,CAChCN,EAAM,KAAA,GACR,CAAA,CAEaO,CAAAA,CAAS,CACpB,IAAA,CAAAL,CAAAA,CACA,gBAAiBI,CACnB,MCrCaE,EAAAA,CAAc","file":"arcpay.global.js","sourcesContent":["export type ArcPayErrorType =\n | \"validation_error\"\n | \"authentication_error\"\n | \"authorization_error\"\n | \"state_error\"\n | \"rate_limit_error\"\n | \"api_error\"\n | \"network_error\"\n | \"challenge_aborted\";\n\nexport interface ArcPayErrorInit {\n type: ArcPayErrorType;\n message: string;\n code?: string;\n param?: string;\n paymentId?: string;\n declineCode?: string;\n retryable: boolean;\n requestId?: string;\n}\n\nexport class ArcPayError extends Error {\n readonly type: ArcPayErrorType;\n readonly code?: string;\n readonly param?: string;\n readonly paymentId?: string;\n readonly declineCode?: string;\n readonly retryable: boolean;\n readonly requestId?: string;\n\n constructor(init: ArcPayErrorInit) {\n super(init.message);\n this.name = \"ArcPayError\";\n this.type = init.type;\n this.code = init.code;\n this.param = init.param;\n this.paymentId = init.paymentId;\n this.declineCode = init.declineCode;\n this.retryable = init.retryable;\n this.requestId = init.requestId;\n }\n}\n\nexport const isValidationError = (e: unknown): e is ArcPayError =>\n e instanceof ArcPayError && e.type === \"validation_error\";\nexport const isAuthenticationError = (e: unknown): e is ArcPayError =>\n e instanceof ArcPayError && e.type === \"authentication_error\";\nexport const isAuthorizationError = (e: unknown): e is ArcPayError =>\n e instanceof ArcPayError && e.type === \"authorization_error\";\nexport const isStateError = (e: unknown): e is ArcPayError =>\n e instanceof ArcPayError && e.type === \"state_error\";\nexport const isRateLimitError = (e: unknown): e is ArcPayError =>\n e instanceof ArcPayError && e.type === \"rate_limit_error\";\nexport const isApiError = (e: unknown): e is ArcPayError =>\n e instanceof ArcPayError && e.type === \"api_error\";\nexport const isNetworkError = (e: unknown): e is ArcPayError =>\n e instanceof ArcPayError && e.type === \"network_error\";\nexport const isChallengeAborted = (e: unknown): e is ArcPayError =>\n e instanceof ArcPayError && e.type === \"challenge_aborted\";\n","import { ArcPayError } from \"./errors\";\n\nexport type Environment = \"sandbox\" | \"live\";\n\nexport const detectEnvironment = (publishableKey: string): Environment =>\n publishableKey.startsWith(\"pk_test_\") ? \"sandbox\" : \"live\";\n\nexport const validatePublishableKey = (key: unknown): asserts key is string => {\n if (typeof key !== \"string\" || key.length === 0) {\n throw new ArcPayError({\n type: \"validation_error\",\n code: \"invalid_publishable_key\",\n message: \"Publishable key must be a non-empty string\",\n retryable: false,\n });\n }\n if (!key.startsWith(\"pk_test_\") && !key.startsWith(\"pk_live_\")) {\n throw new ArcPayError({\n type: \"validation_error\",\n code: \"invalid_publishable_key\",\n message:\n \"Publishable key must start with pk_test_ or pk_live_. Secret keys (sk_*) cannot be used in browser.\",\n retryable: false,\n });\n }\n};\n","const BANNER_ATTR = \"data-arcpay-sandbox-banner\";\n\nexport const showSandboxBanner = (): void => {\n if (typeof document === \"undefined\") return;\n if (document.querySelector(`[${BANNER_ATTR}]`)) return;\n\n const bar = document.createElement(\"div\");\n bar.setAttribute(BANNER_ATTR, \"\");\n bar.style.cssText =\n \"position:fixed;top:0;left:0;right:0;z-index:2147483647;background:#ffd166;color:#222;font:13px/1.4 system-ui,sans-serif;padding:6px 12px;display:flex;align-items:center;justify-content:center;box-shadow:0 1px 3px rgba(0,0,0,0.1);\";\n\n const text = document.createElement(\"span\");\n text.textContent = \"ARC PAY TEST MODE — payments are simulated\";\n bar.appendChild(text);\n\n const dismiss = document.createElement(\"button\");\n dismiss.type = \"button\";\n dismiss.setAttribute(\"data-arcpay-banner-dismiss\", \"\");\n dismiss.textContent = \"×\";\n dismiss.setAttribute(\"aria-label\", \"Dismiss test mode banner\");\n dismiss.style.cssText =\n \"margin-left:12px;background:transparent;border:0;font-size:18px;cursor:pointer;color:inherit;\";\n dismiss.addEventListener(\"click\", () => bar.remove());\n bar.appendChild(dismiss);\n\n document.body.appendChild(bar);\n};\n","import { ArcPayError } from \"../core/errors\";\n\nexport type FieldType = \"cardNumber\" | \"cardExpiry\" | \"cardCvv\";\n\n// Parent → iframe\nexport type ParentToIframe =\n | { type: \"arcpay:hello\"; origin: string; publishableKey: string; channelId: string }\n | { type: \"arcpay:style\"; payload: StyleSubset }\n | { type: \"arcpay:focus\" }\n | { type: \"arcpay:clear\" }\n | { type: \"arcpay:tokenize\"; paymentId: string; idempotencyKey: string };\n\n// iframe → parent\nexport type IframeToParent =\n | { type: \"arcpay:ready\" }\n | { type: \"arcpay:rejected\"; reason: string }\n | {\n type: \"arcpay:change\";\n field: FieldType;\n isValid: boolean;\n brand?: string;\n lastFour?: string;\n }\n | {\n type: \"arcpay:tokenize-result\";\n cardTokenId: string;\n cardMask: string;\n cardScheme: string;\n cardBin: string;\n expiresIn: number;\n expiresAt: string;\n }\n | { type: \"arcpay:tokenize-error\"; errorType: string; code?: string; message: string };\n\nexport interface StyleSubset {\n base: Record<string, string>;\n invalid?: Record<string, string>;\n focus?: Record<string, string>;\n}\n\nconst ARCPAY_TYPE_PREFIX = \"arcpay:\";\n\nconst isArcpayMessage = (data: unknown): data is { type: string } =>\n typeof data === \"object\" &&\n data !== null &&\n \"type\" in data &&\n typeof (data as { type: unknown }).type === \"string\" &&\n (data as { type: string }).type.startsWith(ARCPAY_TYPE_PREFIX);\n\nexport const postToIframe = (\n iframe: HTMLIFrameElement,\n message: ParentToIframe,\n targetOrigin: string,\n): void => {\n if (targetOrigin === \"*\") {\n throw new ArcPayError({\n type: \"validation_error\",\n code: \"wildcard_origin_forbidden\",\n message: \"postToIframe: targetOrigin cannot be '*'\",\n retryable: false,\n });\n }\n if (!iframe.contentWindow) {\n throw new ArcPayError({\n type: \"validation_error\",\n code: \"iframe_not_loaded\",\n message: \"postToIframe: iframe.contentWindow is null (iframe not mounted)\",\n retryable: false,\n });\n }\n iframe.contentWindow.postMessage(message, targetOrigin);\n};\n\nexport const postToParent = (message: IframeToParent, targetOrigin: string): void => {\n if (targetOrigin === \"*\") {\n throw new Error(\"postToParent: targetOrigin cannot be '*'\");\n }\n window.parent.postMessage(message, targetOrigin);\n};\n\nexport const parseIncoming = <T extends { type: string }>(\n event: MessageEvent,\n expectedOrigin: string,\n): T | null => {\n if (event.origin !== expectedOrigin) return null;\n if (!isArcpayMessage(event.data)) return null;\n return event.data as T;\n};\n","import type { StyleSubset } from \"./postmessage\";\n\n// Spec calls out position:fixed, transform, pointer-events:none as forbidden.\n// We extend to cover the full clickjacking attack surface: any positioning\n// (fixed/absolute/sticky), transform, all pointer-events values, z-index, and\n// inset properties (top/left/right/bottom/inset). The legitimate use cases\n// for these in a 1-line input field are zero, so blanket drop.\nconst FORBIDDEN_PROPERTIES = new Set([\n \"position\",\n \"transform\",\n \"pointer-events\",\n \"z-index\",\n \"top\",\n \"left\",\n \"right\",\n \"bottom\",\n \"inset\",\n]);\n\nconst sanitizeBlock = (block: Record<string, string>): Record<string, string> => {\n const out: Record<string, string> = {};\n for (const [key, value] of Object.entries(block)) {\n const normalizedKey = key.toLowerCase();\n if (FORBIDDEN_PROPERTIES.has(normalizedKey)) {\n // Defense against position/transform-based clickjacking. Silently drop.\n continue;\n }\n out[key] = value;\n }\n return out;\n};\n\nexport const sanitizeStyle = (style: StyleSubset): StyleSubset => {\n const result: StyleSubset = { base: sanitizeBlock(style.base) };\n if (style.invalid !== undefined) result.invalid = sanitizeBlock(style.invalid);\n if (style.focus !== undefined) result.focus = sanitizeBlock(style.focus);\n return result;\n};\n","import { ArcPayError } from \"../core/errors\";\nimport {\n type FieldType,\n type ParentToIframe,\n type IframeToParent,\n type StyleSubset,\n postToIframe,\n parseIncoming,\n} from \"./postmessage\";\nimport { sanitizeStyle } from \"./style\";\n\nexport interface ElementOptions {\n /** StyleSubset applied via arcpay:style postMessage. */\n style?: StyleSubset;\n placeholder?: string;\n}\n\nexport type ElementEvent =\n | { type: \"ready\" }\n | { type: \"change\"; isValid: boolean; brand?: string; lastFour?: string }\n | { type: \"error\"; reason: string };\n\ntype Listener = (event: ElementEvent) => void;\n\nexport interface ElementContext {\n iframeBase: string;\n publishableKey: string;\n channelId: string;\n}\n\nexport class Element {\n private iframe: HTMLIFrameElement | null = null;\n private readonly listeners = new Set<Listener>();\n private status: \"pending\" | \"ready\" | \"error\" = \"pending\";\n private messageHandler: ((e: MessageEvent) => void) | null = null;\n\n constructor(\n public readonly field: FieldType,\n private readonly options: ElementOptions,\n private readonly context: ElementContext,\n ) {}\n\n mount(target: string | HTMLElement): void {\n if (this.iframe) {\n throw new ArcPayError({\n type: \"validation_error\",\n code: \"already_mounted\",\n message: `Element ${this.field} is already mounted`,\n retryable: false,\n });\n }\n const container = typeof target === \"string\" ? document.querySelector(target) : target;\n if (!(container instanceof HTMLElement)) {\n throw new ArcPayError({\n type: \"validation_error\",\n code: \"mount_target_not_found\",\n message: `mount target not found: ${String(target)}`,\n retryable: false,\n });\n }\n\n const iframe = document.createElement(\"iframe\");\n iframe.src = `${this.context.iframeBase}/iframe/${this.field}`;\n iframe.style.cssText = \"border:0;width:100%;height:100%;display:block;\";\n iframe.setAttribute(\"allow\", \"payment\");\n iframe.setAttribute(\"data-arcpay-element\", this.field);\n container.appendChild(iframe);\n this.iframe = iframe;\n\n const expectedOrigin = new URL(this.context.iframeBase).origin;\n\n this.messageHandler = (event: MessageEvent) => {\n // C1: source guard — only accept messages from this element's own iframe.\n // Without this, any iframe at the same origin (e.g. cardExpiry, cardCvv)\n // could trigger handlers on cardNumber and vice-versa.\n if (event.source !== this.iframe?.contentWindow) return;\n // C4: use parseIncoming for origin + arcpay: prefix guard.\n const data = parseIncoming<IframeToParent>(event, expectedOrigin);\n if (!data) return;\n this.handleMessage(data);\n };\n window.addEventListener(\"message\", this.messageHandler);\n\n iframe.addEventListener(\n \"load\",\n () => {\n if (!this.iframe) return;\n const hello: ParentToIframe = {\n type: \"arcpay:hello\",\n origin: window.location.origin,\n publishableKey: this.context.publishableKey,\n channelId: this.context.channelId,\n };\n postToIframe(this.iframe, hello, expectedOrigin);\n },\n { once: true },\n );\n }\n\n private handleMessage(data: IframeToParent): void {\n if (data.type === \"arcpay:ready\") {\n this.status = \"ready\";\n // Apply initial style if provided at construction time.\n if (this.options.style) {\n this.send({ type: \"arcpay:style\", payload: sanitizeStyle(this.options.style) });\n }\n this.emit({ type: \"ready\" });\n } else if (data.type === \"arcpay:rejected\") {\n this.status = \"error\";\n this.emit({ type: \"error\", reason: data.reason });\n } else if (data.type === \"arcpay:change\" && data.field === this.field) {\n this.emit({\n type: \"change\",\n isValid: data.isValid,\n brand: data.brand,\n lastFour: data.lastFour,\n });\n }\n // arcpay:tokenize-result / arcpay:tokenize-error handled by Elements factory (Task 9).\n }\n\n update(options: { style?: StyleSubset }): void {\n if (options.style) {\n this.send({ type: \"arcpay:style\", payload: sanitizeStyle(options.style) });\n }\n }\n\n destroy(): void {\n if (this.iframe) {\n this.iframe.remove();\n this.iframe = null;\n }\n if (this.messageHandler) {\n window.removeEventListener(\"message\", this.messageHandler);\n this.messageHandler = null;\n }\n this.listeners.clear();\n this.status = \"pending\";\n }\n\n on(_event: \"ready\" | \"change\" | \"error\", callback: Listener): () => void {\n this.listeners.add(callback);\n return () => this.listeners.delete(callback);\n }\n\n focus(): void {\n this.send({ type: \"arcpay:focus\" });\n }\n\n clear(): void {\n this.send({ type: \"arcpay:clear\" });\n }\n\n isReady(): boolean {\n return this.status === \"ready\";\n }\n\n /**\n * Internal: returns the iframe's contentWindow for source-filtering in\n * Elements.doTokenize(). Returns null when the iframe is not yet mounted\n * or when jsdom has not yet populated contentWindow (test environment).\n */\n getIframeContentWindow(): Window | null {\n return this.iframe?.contentWindow ?? null;\n }\n\n /** Internal: used by Elements factory to send tokenize commands. */\n send(message: ParentToIframe): void {\n if (!this.iframe) {\n throw new ArcPayError({\n type: \"validation_error\",\n code: \"not_mounted\",\n message: `Element ${this.field} is not mounted`,\n retryable: false,\n });\n }\n postToIframe(this.iframe, message, new URL(this.context.iframeBase).origin);\n }\n\n private emit(event: ElementEvent): void {\n for (const listener of this.listeners) {\n listener(event);\n }\n }\n}\n","import { ArcPayError } from \"../core/errors\";\nimport { Element, type ElementContext, type ElementOptions } from \"./element\";\nimport type { FieldType, IframeToParent } from \"./postmessage\";\nimport { parseIncoming } from \"./postmessage\";\nimport type { TokenizeResult } from \"../tokenize/tokenize\";\n\nexport type { TokenizeResult };\n\nexport type ElementsOptions = Record<string, never>;\n\nconst DEFAULT_IFRAME_BASE = \"https://sdk.arcpay.space\";\n\nconst createChannelId = (): string => {\n if (!globalThis.crypto?.randomUUID) {\n throw new ArcPayError({\n type: \"validation_error\",\n code: \"crypto_unavailable\",\n message: \"crypto.randomUUID is required for Hosted Fields\",\n retryable: false,\n });\n }\n return globalThis.crypto.randomUUID();\n};\n\nexport class Elements {\n private readonly elementMap = new Map<FieldType, Element>();\n private readonly iframeBase: string;\n private readonly publishableKey: string;\n private readonly channelId: string;\n private tokenizeInFlight = false;\n\n constructor(opts: { publishableKey: string; iframeBase?: string }) {\n this.publishableKey = opts.publishableKey;\n this.iframeBase = opts.iframeBase ?? DEFAULT_IFRAME_BASE;\n this.channelId = createChannelId();\n }\n\n create(field: FieldType, options: ElementOptions = {}): Element {\n if (this.elementMap.has(field)) {\n throw new ArcPayError({\n type: \"validation_error\",\n code: \"duplicate_element\",\n message: `Element for ${field} already created`,\n retryable: false,\n });\n }\n const ctx: ElementContext = {\n iframeBase: this.iframeBase,\n publishableKey: this.publishableKey,\n channelId: this.channelId,\n };\n const element = new Element(field, options, ctx);\n this.elementMap.set(field, element);\n return element;\n }\n\n async tokenize(paymentId: string, idempotencyKey: string): Promise<TokenizeResult> {\n // C2: concurrent-call guard — only one tokenize() may be in-flight at a time.\n if (this.tokenizeInFlight) {\n throw new ArcPayError({\n type: \"validation_error\",\n code: \"tokenize_in_progress\",\n message: \"A tokenize() call is already in progress for this Elements instance\",\n retryable: false,\n });\n }\n\n const cardNumber = this.elementMap.get(\"cardNumber\");\n const cardExpiry = this.elementMap.get(\"cardExpiry\");\n const cardCvv = this.elementMap.get(\"cardCvv\");\n\n if (!cardNumber || !cardExpiry || !cardCvv) {\n throw new ArcPayError({\n type: \"validation_error\",\n code: \"incomplete_elements\",\n message:\n \"All three elements (cardNumber, cardExpiry, cardCvv) must be created and mounted before tokenize()\",\n retryable: false,\n });\n }\n if (!cardNumber.isReady() || !cardExpiry.isReady() || !cardCvv.isReady()) {\n throw new ArcPayError({\n type: \"validation_error\",\n code: \"elements_not_ready\",\n message: \"Wait for all elements to fire 'ready' event before tokenize()\",\n retryable: false,\n });\n }\n\n this.tokenizeInFlight = true;\n try {\n return await this.doTokenize(cardNumber, paymentId, idempotencyKey);\n } finally {\n this.tokenizeInFlight = false;\n }\n }\n\n private doTokenize(\n cardNumber: Element,\n paymentId: string,\n idempotencyKey: string,\n ): Promise<TokenizeResult> {\n const iframeOrigin = new URL(this.iframeBase).origin;\n // C1: obtain reference to the cardNumber iframe's contentWindow before\n // registering the listener so we can filter by source.\n const cardIframeWindow = cardNumber.getIframeContentWindow();\n\n return new Promise<TokenizeResult>((resolve, reject) => {\n // C3: 30-second timeout — rejects and cleans up if no result arrives.\n const timer = window.setTimeout(() => {\n window.removeEventListener(\"message\", onMessage);\n reject(\n new ArcPayError({\n type: \"network_error\",\n code: \"tokenize_timeout\",\n message: \"tokenize() timed out after 30 seconds\",\n retryable: true,\n paymentId,\n }),\n );\n }, 30_000);\n\n const onMessage = (event: MessageEvent) => {\n // C1: source guard — only accept messages from the cardNumber iframe.\n if (cardIframeWindow !== null && event.source !== cardIframeWindow) return;\n // C4: use parseIncoming for origin + arcpay: prefix guard.\n const data = parseIncoming<IframeToParent>(event, iframeOrigin);\n if (!data) return;\n\n if (data.type === \"arcpay:tokenize-result\") {\n clearTimeout(timer);\n window.removeEventListener(\"message\", onMessage);\n resolve({\n cardTokenId: data.cardTokenId,\n cardMask: data.cardMask,\n cardScheme: data.cardScheme,\n cardBin: data.cardBin,\n expiresIn: data.expiresIn,\n expiresAt: data.expiresAt,\n });\n } else if (data.type === \"arcpay:tokenize-error\") {\n clearTimeout(timer);\n window.removeEventListener(\"message\", onMessage);\n const errType =\n data.errorType === \"validation_error\" || data.errorType === \"api_error\"\n ? data.errorType\n : \"api_error\";\n reject(\n new ArcPayError({\n type: errType,\n code: data.code,\n message: data.message,\n retryable: false,\n paymentId,\n }),\n );\n }\n };\n\n window.addEventListener(\"message\", onMessage);\n cardNumber.send({ type: \"arcpay:tokenize\", paymentId, idempotencyKey });\n });\n }\n\n destroy(): void {\n for (const el of this.elementMap.values()) {\n el.destroy();\n }\n this.elementMap.clear();\n }\n}\n","import {\n detectEnvironment,\n type Environment,\n validatePublishableKey as _validatePublishableKey,\n} from \"./env\";\nimport { showSandboxBanner } from \"./sandbox-banner\";\nimport { Elements, type ElementsOptions } from \"../elements/elements\";\n\nconst validatePublishableKey: (key: unknown) => asserts key is string = _validatePublishableKey;\n\nexport interface ArcPayLoadOptions {\n readonly _reserved?: never;\n}\n\nexport interface ArcPayInstance {\n readonly publishableKey: string;\n readonly environment: Environment;\n elements: (opts?: ElementsOptions) => Elements;\n}\n\nconst cache = new Map<string, Promise<ArcPayInstance>>();\n\nconst buildInstance = (publishableKey: string): ArcPayInstance => {\n if (detectEnvironment(publishableKey) === \"sandbox\") {\n showSandboxBanner();\n }\n return {\n publishableKey,\n environment: detectEnvironment(publishableKey),\n elements: () => new Elements({ publishableKey }),\n };\n};\n\nfunction load(publishableKey: string): Promise<ArcPayInstance> {\n try {\n validatePublishableKey(publishableKey);\n } catch (err) {\n return Promise.reject(err);\n }\n const key = publishableKey;\n const existing = cache.get(key);\n if (existing) return existing;\n const promise = Promise.resolve(buildInstance(publishableKey));\n cache.set(key, promise);\n return promise;\n}\n\nconst resetForTests = (): void => {\n cache.clear();\n};\n\nexport const ArcPay = {\n load,\n __resetForTests: resetForTests,\n};\n","export { ArcPay } from \"./core/arcpay\";\nexport type { ArcPayInstance, ArcPayLoadOptions } from \"./core/arcpay\";\nexport {\n ArcPayError,\n isValidationError,\n isAuthenticationError,\n isAuthorizationError,\n isStateError,\n isRateLimitError,\n isApiError,\n isNetworkError,\n isChallengeAborted,\n} from \"./core/errors\";\nexport type { ArcPayErrorType } from \"./core/errors\";\nexport type { Environment } from \"./core/env\";\nexport type { TokenizeResult } from \"./tokenize/tokenize\";\nexport type { CardScheme } from \"./tokenize/scheme\";\nexport const SDK_VERSION = \"0.1.3\";\n\nexport type { FieldType } from \"./elements/postmessage\";\nexport type { ElementOptions, ElementEvent } from \"./elements/element\";\nexport { Elements } from \"./elements/elements\";\nexport type { ElementsOptions } from \"./elements/elements\";\n"]}
package/dist/index.cjs CHANGED
@@ -23,49 +23,6 @@ var isApiError = (e) => e instanceof ArcPayError && e.type === "api_error";
23
23
  var isNetworkError = (e) => e instanceof ArcPayError && e.type === "network_error";
24
24
  var isChallengeAborted = (e) => e instanceof ArcPayError && e.type === "challenge_aborted";
25
25
 
26
- // src/core/csp.ts
27
- var readCspContent = () => {
28
- var _a;
29
- if (typeof document === "undefined") return null;
30
- const meta = document.head.querySelector(
31
- 'meta[http-equiv="Content-Security-Policy"]'
32
- );
33
- return (_a = meta == null ? void 0 : meta.getAttribute("content")) != null ? _a : null;
34
- };
35
- var extractDirective = (csp, name) => {
36
- const lower = csp.toLowerCase();
37
- const idx = lower.indexOf(`${name} `);
38
- if (idx === -1) return null;
39
- const rest = csp.slice(idx + name.length + 1);
40
- const end = rest.indexOf(";");
41
- return (end === -1 ? rest : rest.slice(0, end)).trim();
42
- };
43
- var directiveAllowsHost = (directive, host) => {
44
- const tokens = directive.split(/\s+/).filter(Boolean);
45
- if (tokens.includes("*")) return true;
46
- return tokens.some((t) => {
47
- if (t === host) return true;
48
- if (t.startsWith("https://*")) {
49
- const suffix = t.slice("https://*".length);
50
- return host.endsWith(suffix);
51
- }
52
- return false;
53
- });
54
- };
55
- var verifyCspAllowsApiBase = (apiBase) => {
56
- const csp = readCspContent();
57
- if (!csp) return;
58
- const directive = extractDirective(csp, "connect-src");
59
- if (!directive) return;
60
- if (directiveAllowsHost(directive, apiBase)) return;
61
- throw new ArcPayError({
62
- type: "validation_error",
63
- code: "csp_blocks_api",
64
- message: `CSP connect-src directive does not allow ${apiBase}. Add it to your Content-Security-Policy header.`,
65
- retryable: false
66
- });
67
- };
68
-
69
26
  // src/core/env.ts
70
27
  var detectEnvironment = (publishableKey) => publishableKey.startsWith("pk_test_") ? "sandbox" : "live";
71
28
  var validatePublishableKey = (key) => {
@@ -131,12 +88,6 @@ var postToIframe = (iframe, message, targetOrigin) => {
131
88
  }
132
89
  iframe.contentWindow.postMessage(message, targetOrigin);
133
90
  };
134
- var postToParent = (message, targetOrigin) => {
135
- if (targetOrigin === "*") {
136
- throw new Error("postToParent: targetOrigin cannot be '*'");
137
- }
138
- window.parent.postMessage(message, targetOrigin);
139
- };
140
91
  var parseIncoming = (event, expectedOrigin) => {
141
92
  if (event.origin !== expectedOrigin) return null;
142
93
  if (!isArcpayMessage(event.data)) return null;
@@ -446,33 +397,27 @@ var Elements = class {
446
397
 
447
398
  // src/core/arcpay.ts
448
399
  var validatePublishableKey2 = validatePublishableKey;
449
- var DEFAULT_API_BASE = "https://api.arcpay.space";
450
400
  var cache = /* @__PURE__ */ new Map();
451
- var buildInstance = (publishableKey, opts) => {
452
- var _a;
453
- const apiBase = (_a = opts.apiBase) != null ? _a : DEFAULT_API_BASE;
454
- verifyCspAllowsApiBase(apiBase);
401
+ var buildInstance = (publishableKey) => {
455
402
  if (detectEnvironment(publishableKey) === "sandbox") {
456
403
  showSandboxBanner();
457
404
  }
458
405
  return {
459
406
  publishableKey,
460
- apiBase,
461
407
  environment: detectEnvironment(publishableKey),
462
408
  elements: () => new Elements({ publishableKey })
463
409
  };
464
410
  };
465
- function load(publishableKey, opts = {}) {
466
- var _a;
411
+ function load(publishableKey) {
467
412
  try {
468
413
  validatePublishableKey2(publishableKey);
469
414
  } catch (err) {
470
415
  return Promise.reject(err);
471
416
  }
472
- const key = `${publishableKey}|${(_a = opts.apiBase) != null ? _a : DEFAULT_API_BASE}`;
417
+ const key = publishableKey;
473
418
  const existing = cache.get(key);
474
419
  if (existing) return existing;
475
- const promise = Promise.resolve(buildInstance(publishableKey, opts));
420
+ const promise = Promise.resolve(buildInstance(publishableKey));
476
421
  cache.set(key, promise);
477
422
  return promise;
478
423
  }
@@ -484,30 +429,11 @@ var ArcPay = {
484
429
  __resetForTests: resetForTests
485
430
  };
486
431
 
487
- // src/tokenize/luhn.ts
488
- var luhnCheck = (pan) => {
489
- if (!/^\d+$/.test(pan)) return false;
490
- if (/^0+$/.test(pan)) return false;
491
- let sum = 0;
492
- let alternate = false;
493
- for (let i = pan.length - 1; i >= 0; i--) {
494
- let n = pan.charCodeAt(i) - 48;
495
- if (alternate) {
496
- n *= 2;
497
- if (n > 9) n -= 9;
498
- }
499
- sum += n;
500
- alternate = !alternate;
501
- }
502
- return sum % 10 === 0;
503
- };
504
-
505
432
  // src/index.ts
506
- var SDK_VERSION = "0.1.0";
433
+ var SDK_VERSION = "0.1.3";
507
434
 
508
435
  exports.ArcPay = ArcPay;
509
436
  exports.ArcPayError = ArcPayError;
510
- exports.Element = Element;
511
437
  exports.Elements = Elements;
512
438
  exports.SDK_VERSION = SDK_VERSION;
513
439
  exports.isApiError = isApiError;
@@ -518,10 +444,5 @@ exports.isNetworkError = isNetworkError;
518
444
  exports.isRateLimitError = isRateLimitError;
519
445
  exports.isStateError = isStateError;
520
446
  exports.isValidationError = isValidationError;
521
- exports.luhnCheck = luhnCheck;
522
- exports.parseIncoming = parseIncoming;
523
- exports.postToIframe = postToIframe;
524
- exports.postToParent = postToParent;
525
- exports.sanitizeStyle = sanitizeStyle;
526
447
  //# sourceMappingURL=index.cjs.map
527
448
  //# sourceMappingURL=index.cjs.map