@thavguard/arc-pay 0.1.13 → 0.1.15

package/README.md

@@ -75,28 +75,25 @@ return as navigation only; confirm the final status through webhooks or
 `GET /payments/{id}`.
 
 H2H card execution returns a standardized `next_action` when the buyer must do
-something in the browser. The SDK helper turns that action into the POST form
-descriptor you render in a hidden iframe or visible browser page:
+something in the browser. Use `runThreeDSBrowserFlow()` to run the 3DS Method
+hidden iframe, call your backend completion proxy, and submit any returned ACS
+challenge form:
 
 ```ts
-import {
-  buildThreeDSBrowserStep,
-  buildThreeDSMethodCompletion,
-  getThreeDSAction,
-} from "@thavguard/arc-pay/server";
+import { runThreeDSBrowserFlow } from "@thavguard/arc-pay/js";
 
 const result = await client.executePayment(paymentId, body, { idempotencyKey });
-const action = getThreeDSAction(result.next_action);
-
-if (action) {
-  const step = buildThreeDSBrowserStep(action);
-  // Render step.form using form.action, form.method, form.target, form.fields.
-  // For step.kind === "method", call completeThreeDSMethod from your backend
-  // after the hidden iframe finishes or times out.
-  const completeBody = buildThreeDSMethodCompletion(action, "Y");
-  const afterMethod = await client.completeThreeDSMethod(paymentId, completeBody);
-  // If afterMethod.next_action is a challenge, render the returned browser step.
-}
+await runThreeDSBrowserFlow(result.next_action, {
+  async completeThreeDSMethod(completion) {
+    const response = await fetch(`/api/payments/${paymentId}/complete-3ds-method`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(completion),
+    });
+    if (!response.ok) throw new Error("3DS Method completion failed");
+    return response.json();
+  },
+});
 ```
 
 Do not branch on bank-specific 3DS fields. Arc Pay normalizes 3DS 1.x and 2.x
@@ -104,8 +101,9 @@ into `next_action.three_ds.submit`.
 
 After the browser step redirects or the customer returns to your order page,
 use `waitForPaymentTerminal(paymentId)` or your own webhook/status loop. The
-helper polls `GET /payments/{id}` and stops at terminal Arc Pay statuses; it
-does not attempt to automate issuer ACS challenge pages.
+server helper polls `GET /payments/{id}` and stops at terminal Arc Pay statuses.
+The browser helper automates the merchant-owned handoff, but the issuer ACS page
+still belongs to the bank after the challenge form is submitted.
 
 For saved cards and subscriptions, create a setup intent with
 `createCardSetup()`, tokenize through Hosted Fields, execute the setup payment,

package/dist/{actions-BDRBji85.d.cts → actions-Bk3pXeI2.d.cts}

@@ -95,21 +95,51 @@ interface Refund {
     reason?: string;
     created_at: string;
 }
-interface ExecutePaymentRequest {
+type WalletInteractionAction = "redirect" | "deeplink" | "qr" | "sdk" | "phone_push";
+type WalletInteractionSurface = "merchant_web" | "merchant_app" | "native_app";
+interface WalletInteraction {
+    provider: PaymentMethod;
+    surface: WalletInteractionSurface;
+    action: WalletInteractionAction;
+    back_url?: string;
+    app_deep_link?: string;
+    phone?: string;
+}
+interface WalletAction {
+    provider: PaymentMethod;
+    action: WalletInteractionAction;
+    sdk?: string;
+    url?: string;
+    qr_url?: string;
+    qr_image_base64?: string;
+    qr_content_type?: "image/png" | "image/svg+xml";
+    bank_invoice_id?: string;
+    back_url?: string;
+    params?: Record<string, string>;
+}
+interface CardBrowserInfo {
+    accept_header: string;
+    language: string;
+    screen_width: number;
+    screen_height: number;
+    color_depth: 1 | 4 | 8 | 15 | 16 | 24 | 32 | 48;
+    timezone_offset_minutes: number;
+    java_enabled?: boolean;
+    user_agent: string;
+    window_size?: "01" | "02" | "03" | "04" | "05";
+}
+interface CardExecutePaymentRequest {
+    payment_method: "bank_card";
     card_token_id: string;
     payment_mode: "h2h";
-    browser_info: {
-        accept_header: string;
-        language: string;
-        screen_width: number;
-        screen_height: number;
-        color_depth: 1 | 4 | 8 | 15 | 16 | 24 | 32 | 48;
-        timezone_offset_minutes: number;
-        java_enabled?: boolean;
-        user_agent: string;
-        window_size?: "01" | "02" | "03" | "04" | "05";
-    };
+    browser_info: CardBrowserInfo;
+}
+interface WalletExecutePaymentRequest {
+    payment_method: Exclude<PaymentMethod, "bank_card">;
+    payment_mode: "h2h";
+    wallet_interaction: WalletInteraction;
 }
+type ExecutePaymentRequest = CardExecutePaymentRequest | WalletExecutePaymentRequest;
 interface ExecutePaymentResponse {
     payment_id: string;
     status: "authorized" | "captured" | "pending" | "pending_3ds" | "failed" | "declined";
@@ -117,6 +147,7 @@ interface ExecutePaymentResponse {
     payment_mode?: PaymentFlowMode;
     liability_shifted?: boolean;
     card_token_id?: string;
+    wallet_action?: WalletAction;
     next_action?: PaymentNextAction;
     decline_code?: string;
     decline_message?: string;
@@ -295,7 +326,7 @@ interface ListAvailablePaymentMethodsQuery {
 }
 
 type ThreeDSAction = PaymentNextAction;
-type BrowserInfo = ExecutePaymentRequest["browser_info"];
+type BrowserInfo = CardBrowserInfo;
 interface BrowserFormField {
     name: string;
     value: string;
@@ -313,6 +344,36 @@ interface ThreeDSBrowserStep {
     completionEndpoint?: string;
     threeDSServerTransId?: string;
 }
+interface MountedThreeDSForm {
+    form: HTMLFormElement;
+    iframe?: HTMLIFrameElement;
+    submit: () => void;
+    remove: () => void;
+}
+interface ThreeDSMountOptions {
+    document?: Document;
+    container?: HTMLElement;
+    challengeTarget?: string;
+    submitter?: (form: HTMLFormElement) => void;
+}
+interface RunThreeDSBrowserFlowOptions extends ThreeDSMountOptions {
+    completeThreeDSMethod: (completion: ReturnType<typeof buildThreeDSMethodCompletion>, nextAction: PaymentNextAction) => Promise<ExecutePaymentResponse>;
+    methodCompletionIndicator?: "Y" | "N" | "U";
+    methodTimeoutMs?: number;
+    signal?: AbortSignal;
+}
+type ThreeDSBrowserFlowResult = {
+    status: "no_action";
+    response?: ExecutePaymentResponse;
+} | {
+    status: "method_completed";
+    response: ExecutePaymentResponse;
+} | {
+    status: "challenge_submitted";
+    action: PaymentNextAction;
+    response?: ExecutePaymentResponse;
+    mounted: MountedThreeDSForm;
+};
 declare const collectBrowserInfo: (acceptHeader?: string) => BrowserInfo;
 declare const getThreeDSAction: (nextAction?: PaymentNextAction) => PaymentNextAction | null;
 declare const isThreeDSMethodAction: (nextAction?: PaymentNextAction) => boolean;
@@ -323,6 +384,8 @@ declare const buildThreeDSMethodCompletion: (nextAction: PaymentNextAction, comp
     completion_indicator: "Y" | "N" | "U";
     three_ds_server_trans_id: string;
 };
+declare const mountThreeDSBrowserForm: (nextAction: PaymentNextAction, options?: ThreeDSMountOptions) => MountedThreeDSForm;
+declare const runThreeDSBrowserFlow: (nextAction: PaymentNextAction | undefined, options: RunThreeDSBrowserFlowOptions) => Promise<ThreeDSBrowserFlowResult>;
 declare const buildThreeDSAutoSubmitHtml: (nextAction: PaymentNextAction) => string;
 
-export { type AvailablePaymentMethod as A, type BrowserFormField as B, type CaptureRequest as C, type ExecutePaymentRequest as E, type Link as L, type Payment as P, type Refund as R, type ThreeDSAction as T, type VoidRequest as V, type WaitForPaymentOptions as W, type BrowserInfo as a, type BrowserPostForm as b, type ChargeSavedCardRequest as c, type CheckoutSession as d, type CompleteThreeDSMethodRequest as e, type CreateCardSetupRequest as f, type CreateCheckoutSessionRequest as g, type CreateLinkRequest as h, type CreatePaymentRequest as i, type CreateRefundRequest as j, type ExecutePaymentResponse as k, type ListAvailablePaymentMethodsQuery as l, type ListPaymentsQuery as m, type PaymentFlowMode as n, type PaymentList as o, type PaymentMethod as p, type PaymentNextAction as q, type ThreeDSBrowserStep as r, buildThreeDSAutoSubmitHtml as s, buildThreeDSBrowserForm as t, buildThreeDSBrowserStep as u, buildThreeDSMethodCompletion as v, collectBrowserInfo as w, getThreeDSAction as x, isThreeDSChallengeAction as y, isThreeDSMethodAction as z };
+export { type AvailablePaymentMethod as A, type BrowserFormField as B, type CaptureRequest as C, getThreeDSAction as D, type ExecutePaymentRequest as E, isThreeDSChallengeAction as F, isThreeDSMethodAction as G, mountThreeDSBrowserForm as H, runThreeDSBrowserFlow as I, type Link as L, type MountedThreeDSForm as M, type Payment as P, type Refund as R, type ThreeDSAction as T, type VoidRequest as V, type WaitForPaymentOptions as W, type BrowserInfo as a, type BrowserPostForm as b, type ChargeSavedCardRequest as c, type CheckoutSession as d, type CompleteThreeDSMethodRequest as e, type CreateCardSetupRequest as f, type CreateCheckoutSessionRequest as g, type CreateLinkRequest as h, type CreatePaymentRequest as i, type CreateRefundRequest as j, type ExecutePaymentResponse as k, type ListAvailablePaymentMethodsQuery as l, type ListPaymentsQuery as m, type PaymentFlowMode as n, type PaymentList as o, type PaymentMethod as p, type PaymentNextAction as q, type RunThreeDSBrowserFlowOptions as r, type ThreeDSBrowserFlowResult as s, type ThreeDSBrowserStep as t, type ThreeDSMountOptions as u, buildThreeDSAutoSubmitHtml as v, buildThreeDSBrowserForm as w, buildThreeDSBrowserStep as x, buildThreeDSMethodCompletion as y, collectBrowserInfo as z };

package/dist/{actions-BDRBji85.d.ts → actions-Bk3pXeI2.d.ts}

@@ -95,21 +95,51 @@ interface Refund {
     reason?: string;
     created_at: string;
 }
-interface ExecutePaymentRequest {
+type WalletInteractionAction = "redirect" | "deeplink" | "qr" | "sdk" | "phone_push";
+type WalletInteractionSurface = "merchant_web" | "merchant_app" | "native_app";
+interface WalletInteraction {
+    provider: PaymentMethod;
+    surface: WalletInteractionSurface;
+    action: WalletInteractionAction;
+    back_url?: string;
+    app_deep_link?: string;
+    phone?: string;
+}
+interface WalletAction {
+    provider: PaymentMethod;
+    action: WalletInteractionAction;
+    sdk?: string;
+    url?: string;
+    qr_url?: string;
+    qr_image_base64?: string;
+    qr_content_type?: "image/png" | "image/svg+xml";
+    bank_invoice_id?: string;
+    back_url?: string;
+    params?: Record<string, string>;
+}
+interface CardBrowserInfo {
+    accept_header: string;
+    language: string;
+    screen_width: number;
+    screen_height: number;
+    color_depth: 1 | 4 | 8 | 15 | 16 | 24 | 32 | 48;
+    timezone_offset_minutes: number;
+    java_enabled?: boolean;
+    user_agent: string;
+    window_size?: "01" | "02" | "03" | "04" | "05";
+}
+interface CardExecutePaymentRequest {
+    payment_method: "bank_card";
     card_token_id: string;
     payment_mode: "h2h";
-    browser_info: {
-        accept_header: string;
-        language: string;
-        screen_width: number;
-        screen_height: number;
-        color_depth: 1 | 4 | 8 | 15 | 16 | 24 | 32 | 48;
-        timezone_offset_minutes: number;
-        java_enabled?: boolean;
-        user_agent: string;
-        window_size?: "01" | "02" | "03" | "04" | "05";
-    };
+    browser_info: CardBrowserInfo;
+}
+interface WalletExecutePaymentRequest {
+    payment_method: Exclude<PaymentMethod, "bank_card">;
+    payment_mode: "h2h";
+    wallet_interaction: WalletInteraction;
 }
+type ExecutePaymentRequest = CardExecutePaymentRequest | WalletExecutePaymentRequest;
 interface ExecutePaymentResponse {
     payment_id: string;
     status: "authorized" | "captured" | "pending" | "pending_3ds" | "failed" | "declined";
@@ -117,6 +147,7 @@ interface ExecutePaymentResponse {
     payment_mode?: PaymentFlowMode;
     liability_shifted?: boolean;
     card_token_id?: string;
+    wallet_action?: WalletAction;
     next_action?: PaymentNextAction;
     decline_code?: string;
     decline_message?: string;
@@ -295,7 +326,7 @@ interface ListAvailablePaymentMethodsQuery {
 }
 
 type ThreeDSAction = PaymentNextAction;
-type BrowserInfo = ExecutePaymentRequest["browser_info"];
+type BrowserInfo = CardBrowserInfo;
 interface BrowserFormField {
     name: string;
     value: string;
@@ -313,6 +344,36 @@ interface ThreeDSBrowserStep {
     completionEndpoint?: string;
     threeDSServerTransId?: string;
 }
+interface MountedThreeDSForm {
+    form: HTMLFormElement;
+    iframe?: HTMLIFrameElement;
+    submit: () => void;
+    remove: () => void;
+}
+interface ThreeDSMountOptions {
+    document?: Document;
+    container?: HTMLElement;
+    challengeTarget?: string;
+    submitter?: (form: HTMLFormElement) => void;
+}
+interface RunThreeDSBrowserFlowOptions extends ThreeDSMountOptions {
+    completeThreeDSMethod: (completion: ReturnType<typeof buildThreeDSMethodCompletion>, nextAction: PaymentNextAction) => Promise<ExecutePaymentResponse>;
+    methodCompletionIndicator?: "Y" | "N" | "U";
+    methodTimeoutMs?: number;
+    signal?: AbortSignal;
+}
+type ThreeDSBrowserFlowResult = {
+    status: "no_action";
+    response?: ExecutePaymentResponse;
+} | {
+    status: "method_completed";
+    response: ExecutePaymentResponse;
+} | {
+    status: "challenge_submitted";
+    action: PaymentNextAction;
+    response?: ExecutePaymentResponse;
+    mounted: MountedThreeDSForm;
+};
 declare const collectBrowserInfo: (acceptHeader?: string) => BrowserInfo;
 declare const getThreeDSAction: (nextAction?: PaymentNextAction) => PaymentNextAction | null;
 declare const isThreeDSMethodAction: (nextAction?: PaymentNextAction) => boolean;
@@ -323,6 +384,8 @@ declare const buildThreeDSMethodCompletion: (nextAction: PaymentNextAction, comp
     completion_indicator: "Y" | "N" | "U";
     three_ds_server_trans_id: string;
 };
+declare const mountThreeDSBrowserForm: (nextAction: PaymentNextAction, options?: ThreeDSMountOptions) => MountedThreeDSForm;
+declare const runThreeDSBrowserFlow: (nextAction: PaymentNextAction | undefined, options: RunThreeDSBrowserFlowOptions) => Promise<ThreeDSBrowserFlowResult>;
 declare const buildThreeDSAutoSubmitHtml: (nextAction: PaymentNextAction) => string;
 
-export { type AvailablePaymentMethod as A, type BrowserFormField as B, type CaptureRequest as C, type ExecutePaymentRequest as E, type Link as L, type Payment as P, type Refund as R, type ThreeDSAction as T, type VoidRequest as V, type WaitForPaymentOptions as W, type BrowserInfo as a, type BrowserPostForm as b, type ChargeSavedCardRequest as c, type CheckoutSession as d, type CompleteThreeDSMethodRequest as e, type CreateCardSetupRequest as f, type CreateCheckoutSessionRequest as g, type CreateLinkRequest as h, type CreatePaymentRequest as i, type CreateRefundRequest as j, type ExecutePaymentResponse as k, type ListAvailablePaymentMethodsQuery as l, type ListPaymentsQuery as m, type PaymentFlowMode as n, type PaymentList as o, type PaymentMethod as p, type PaymentNextAction as q, type ThreeDSBrowserStep as r, buildThreeDSAutoSubmitHtml as s, buildThreeDSBrowserForm as t, buildThreeDSBrowserStep as u, buildThreeDSMethodCompletion as v, collectBrowserInfo as w, getThreeDSAction as x, isThreeDSChallengeAction as y, isThreeDSMethodAction as z };
+export { type AvailablePaymentMethod as A, type BrowserFormField as B, type CaptureRequest as C, getThreeDSAction as D, type ExecutePaymentRequest as E, isThreeDSChallengeAction as F, isThreeDSMethodAction as G, mountThreeDSBrowserForm as H, runThreeDSBrowserFlow as I, type Link as L, type MountedThreeDSForm as M, type Payment as P, type Refund as R, type ThreeDSAction as T, type VoidRequest as V, type WaitForPaymentOptions as W, type BrowserInfo as a, type BrowserPostForm as b, type ChargeSavedCardRequest as c, type CheckoutSession as d, type CompleteThreeDSMethodRequest as e, type CreateCardSetupRequest as f, type CreateCheckoutSessionRequest as g, type CreateLinkRequest as h, type CreatePaymentRequest as i, type CreateRefundRequest as j, type ExecutePaymentResponse as k, type ListAvailablePaymentMethodsQuery as l, type ListPaymentsQuery as m, type PaymentFlowMode as n, type PaymentList as o, type PaymentMethod as p, type PaymentNextAction as q, type RunThreeDSBrowserFlowOptions as r, type ThreeDSBrowserFlowResult as s, type ThreeDSBrowserStep as t, type ThreeDSMountOptions as u, buildThreeDSAutoSubmitHtml as v, buildThreeDSBrowserForm as w, buildThreeDSBrowserStep as x, buildThreeDSMethodCompletion as y, collectBrowserInfo as z };

package/dist/cdn/arcpay.global.js

@@ -1,3 +1,3 @@
-var ArcPay=(function(exports){'use strict';var n=class extends Error{constructor(t){super(t.message),this.name="ArcPayError",this.type=t.type,this.code=t.code,this.param=t.param,this.paymentId=t.paymentId,this.declineCode=t.declineCode,this.retryable=t.retryable,this.requestId=t.requestId;}},C=e=>e instanceof n&&e.type==="validation_error",M=e=>e instanceof n&&e.type==="authentication_error",R=e=>e instanceof n&&e.type==="authorization_error",L=e=>e instanceof n&&e.type==="state_error",N=e=>e instanceof n&&e.type==="rate_limit_error",O=e=>e instanceof n&&e.type==="api_error",W=e=>e instanceof n&&e.type==="network_error",H=e=>e instanceof n&&e.type==="challenge_aborted";var f=e=>e.startsWith("pk_test_")?"sandbox":"live",S=e=>{if(typeof e!="string"||e.length===0)throw new n({type:"validation_error",code:"invalid_publishable_key",message:"Publishable key must be a non-empty string",retryable:false});if(!e.startsWith("pk_test_")&&!e.startsWith("pk_live_"))throw new n({type:"validation_error",code:"invalid_publishable_key",message:"Publishable key must start with pk_test_ or pk_live_. Secret keys (sk_*) cannot be used in browser.",retryable:false})};var I="data-arcpay-sandbox-banner",P=()=>{if(typeof document=="undefined"||document.querySelector(`[${I}]`))return;let e=document.createElement("div");e.setAttribute(I,""),e.style.cssText="position:fixed;top:0;left:0;right:0;z-index:2147483647;background:#ffd166;color:#222;font:13px/1.4 system-ui,sans-serif;padding:6px 12px;display:flex;align-items:center;justify-content:center;box-shadow:0 1px 3px rgba(0,0,0,0.1);";let t=document.createElement("span");t.textContent="ARC PAY TEST MODE \u2014 payments are simulated",e.appendChild(t);let r=document.createElement("button");r.type="button",r.setAttribute("data-arcpay-banner-dismiss",""),r.textContent="\xD7",r.setAttribute("aria-label","Dismiss test mode banner"),r.style.cssText="margin-left:12px;background:transparent;border:0;font-size:18px;cursor:pointer;color:inherit;",r.addEventListener("click",()=>e.remove()),e.appendChild(r),document.body.appendChild(e);};var K="arcpay:",$=e=>typeof e=="object"&&e!==null&&"type"in e&&typeof e.type=="string"&&e.type.startsWith(K),u=(e,t,r)=>{if(r==="*")throw new n({type:"validation_error",code:"wildcard_origin_forbidden",message:"postToIframe: targetOrigin cannot be '*'",retryable:false});if(!e.contentWindow)throw new n({type:"validation_error",code:"iframe_not_loaded",message:"postToIframe: iframe.contentWindow is null (iframe not mounted)",retryable:false});e.contentWindow.postMessage(t,r);};var m=(e,t)=>e.origin!==t||!$(e.data)?null:e.data;var q=new Set(["position","transform","pointer-events","z-index","top","left","right","bottom","inset"]),g=e=>{let t={};for(let[r,o]of Object.entries(e)){let s=r.toLowerCase();q.has(s)||(t[r]=o);}return t},b=e=>{let t={base:g(e.base)};return e.invalid!==void 0&&(t.invalid=g(e.invalid)),e.focus!==void 0&&(t.focus=g(e.focus)),t};var y=class{constructor(t,r,o){this.field=t;this.options=r;this.context=o;this.iframe=null;this.listeners=new Set;this.status="pending";this.messageHandler=null;}mount(t){if(this.iframe)throw new n({type:"validation_error",code:"already_mounted",message:`Element ${this.field} is already mounted`,retryable:false});let r=typeof t=="string"?document.querySelector(t):t;if(!(r instanceof HTMLElement))throw new n({type:"validation_error",code:"mount_target_not_found",message:`mount target not found: ${String(t)}`,retryable:false});let o=document.createElement("iframe");o.src=`${this.context.iframeBase}/iframe/${this.field}`,o.style.cssText="border:0;width:100%;height:100%;display:block;",o.setAttribute("allow","payment"),o.setAttribute("data-arcpay-element",this.field),r.appendChild(o),this.iframe=o;let s=new URL(this.context.iframeBase).origin;this.messageHandler=a=>{var l;if(a.source!==((l=this.iframe)==null?void 0:l.contentWindow))return;let p=m(a,s);p&&this.handleMessage(p);},window.addEventListener("message",this.messageHandler),o.addEventListener("load",()=>{if(!this.iframe)return;let a={type:"arcpay:hello",origin:window.location.origin,publishableKey:this.context.publishableKey,channelId:this.context.channelId};u(this.iframe,a,s);},{once:true});}handleMessage(t){t.type==="arcpay:ready"?(this.status="ready",this.options.style&&this.send({type:"arcpay:style",payload:b(this.options.style)}),this.emit({type:"ready"})):t.type==="arcpay:rejected"?(this.status="error",this.emit({type:"error",reason:t.reason})):t.type==="arcpay:change"&&t.field===this.field&&this.emit({type:"change",isValid:t.isValid,brand:t.brand,lastFour:t.lastFour});}update(t){t.style&&this.send({type:"arcpay:style",payload:b(t.style)});}destroy(){this.iframe&&(this.iframe.remove(),this.iframe=null),this.messageHandler&&(window.removeEventListener("message",this.messageHandler),this.messageHandler=null),this.listeners.clear(),this.status="pending";}on(t,r){return this.listeners.add(r),()=>this.listeners.delete(r)}focus(){this.send({type:"arcpay:focus"});}clear(){this.send({type:"arcpay:clear"});}isReady(){return this.status==="ready"}getIframeContentWindow(){var t,r;return (r=(t=this.iframe)==null?void 0:t.contentWindow)!=null?r:null}send(t){if(!this.iframe)throw new n({type:"validation_error",code:"not_mounted",message:`Element ${this.field} is not mounted`,retryable:false});u(this.iframe,t,new URL(this.context.iframeBase).origin);}emit(t){for(let r of this.listeners)r(t);}};var U="https://sdk.arcpay.space",V=()=>{var e;if(!((e=globalThis.crypto)!=null&&e.randomUUID))throw new n({type:"validation_error",code:"crypto_unavailable",message:"crypto.randomUUID is required for Hosted Fields",retryable:false});return globalThis.crypto.randomUUID()},d=class{constructor(t){this.elementMap=new Map;this.tokenizeInFlight=false;var r;this.publishableKey=t.publishableKey,this.iframeBase=(r=t.iframeBase)!=null?r:U,this.channelId=V();}create(t,r={}){if(this.elementMap.has(t))throw new n({type:"validation_error",code:"duplicate_element",message:`Element for ${t} already created`,retryable:false});let o={iframeBase:this.iframeBase,publishableKey:this.publishableKey,channelId:this.channelId},s=new y(t,r,o);return this.elementMap.set(t,s),s}async tokenize(t,r){if(this.tokenizeInFlight)throw new n({type:"validation_error",code:"tokenize_in_progress",message:"A tokenize() call is already in progress for this Elements instance",retryable:false});let o=this.elementMap.get("cardNumber"),s=this.elementMap.get("cardExpiry"),a=this.elementMap.get("cardCvv");if(!o||!s||!a)throw new n({type:"validation_error",code:"incomplete_elements",message:"All three elements (cardNumber, cardExpiry, cardCvv) must be created and mounted before tokenize()",retryable:false});if(!o.isReady()||!s.isReady()||!a.isReady())throw new n({type:"validation_error",code:"elements_not_ready",message:"Wait for all elements to fire 'ready' event before tokenize()",retryable:false});this.tokenizeInFlight=true;try{return await this.doTokenize(o,t,r)}finally{this.tokenizeInFlight=false;}}doTokenize(t,r,o){let s=new URL(this.iframeBase).origin,a=t.getIframeContentWindow();return new Promise((p,l)=>{let x=window.setTimeout(()=>{window.removeEventListener("message",c),l(new n({type:"network_error",code:"tokenize_timeout",message:"tokenize() timed out after 30 seconds",retryable:true,paymentId:r}));},3e4),c=T=>{if(a!==null&&T.source!==a)return;let i=m(T,s);if(i){if(i.type==="arcpay:tokenize-result")clearTimeout(x),window.removeEventListener("message",c),p({cardTokenId:i.cardTokenId,cardMask:i.cardMask,cardScheme:i.cardScheme,cardBin:i.cardBin,expiresIn:i.expiresIn,expiresAt:i.expiresAt});else if(i.type==="arcpay:tokenize-error"){clearTimeout(x),window.removeEventListener("message",c);let F=i.errorType==="validation_error"||i.errorType==="api_error"?i.errorType:"api_error";l(new n({type:F,code:i.code,message:i.message,retryable:false,paymentId:r}));}}};window.addEventListener("message",c),t.send({type:"arcpay:tokenize",paymentId:r,idempotencyKey:o});})}destroy(){for(let t of this.elementMap.values())t.destroy();this.elementMap.clear();}};var j=S,_=new Map,Y=e=>(f(e)==="sandbox"&&P(),{publishableKey:e,environment:f(e),elements:()=>new d({publishableKey:e})});function X(e){try{j(e);}catch(s){return Promise.reject(s)}let t=e,r=_.get(t);if(r)return r;let o=Promise.resolve(Y(e));return _.set(t,o),o}var G=()=>{_.clear();},J={load:X,__resetForTests:G};var Q=[1,4,8,15,16,24,32,48],Z=e=>Q.includes(e)?e:24,ee=e=>e>=1e3?"05":e>=600?"04":e>=500?"03":e>=390?"02":"01",k=(e="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")=>{if(typeof window=="undefined"||typeof navigator=="undefined"||typeof screen=="undefined")throw new Error("collectBrowserInfo must be called in a browser environment");return {accept_header:e,language:navigator.language||"en",screen_width:screen.width,screen_height:screen.height,color_depth:Z(screen.colorDepth),timezone_offset_minutes:new Date().getTimezoneOffset(),java_enabled:false,user_agent:navigator.userAgent,window_size:ee(window.innerWidth||screen.width)}},v=e=>e!=null?e:null,E=e=>(e==null?void 0:e.type)==="three_ds_method"&&e.three_ds.phase==="method",A=e=>(e==null?void 0:e.type)==="three_ds_challenge"&&e.three_ds.phase==="challenge",h=e=>({action:e.three_ds.submit.url,method:e.three_ds.submit.method,target:e.three_ds.submit.target,fields:e.three_ds.submit.fields}),B=e=>{let t=v(e);return t?{kind:t.three_ds.phase,protocolVersion:t.three_ds.version,form:h(t),completionEndpoint:t.three_ds.completion_endpoint,threeDSServerTransId:t.three_ds.three_ds_server_trans_id}:null},z=(e,t="Y")=>{if(!E(e)||!e.three_ds.three_ds_server_trans_id)throw new Error("nextAction must be a three_ds_method action with three_ds_server_trans_id");return {completion_indicator:t,three_ds_server_trans_id:e.three_ds.three_ds_server_trans_id}},w=e=>e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#39;"),D=e=>{let t=h(e),r=t.target==="hidden_iframe"?"arcpay-three-ds-method":"_self",o=t.fields.map(a=>`<input type="hidden" name="${w(a.name)}" value="${w(a.value)}">`).join("");return `<!doctype html><html><head><meta charset="utf-8"></head><body>${t.target==="hidden_iframe"?'<iframe name="arcpay-three-ds-method" title="3-D Secure method" hidden></iframe>':""}<form method="POST" action="${w(t.action)}" target="${r}">${o}</form><script>document.forms[0].submit();</script></body></html>`};var xe="0.1.13";
-exports.ArcPay=J;exports.ArcPayError=n;exports.Elements=d;exports.SDK_VERSION=xe;exports.buildThreeDSAutoSubmitHtml=D;exports.buildThreeDSBrowserForm=h;exports.buildThreeDSBrowserStep=B;exports.buildThreeDSMethodCompletion=z;exports.collectBrowserInfo=k;exports.getThreeDSAction=v;exports.isApiError=O;exports.isAuthenticationError=M;exports.isAuthorizationError=R;exports.isChallengeAborted=H;exports.isNetworkError=W;exports.isRateLimitError=N;exports.isStateError=L;exports.isThreeDSChallengeAction=A;exports.isThreeDSMethodAction=E;exports.isValidationError=C;return exports;})({});//# sourceMappingURL=arcpay.global.js.map
+var ArcPay=(function(exports){'use strict';var s=class extends Error{constructor(t){super(t.message),this.name="ArcPayError",this.type=t.type,this.code=t.code,this.param=t.param,this.paymentId=t.paymentId,this.declineCode=t.declineCode,this.retryable=t.retryable,this.requestId=t.requestId;}},C=e=>e instanceof s&&e.type==="validation_error",L=e=>e instanceof s&&e.type==="authentication_error",O=e=>e instanceof s&&e.type==="authorization_error",N=e=>e instanceof s&&e.type==="state_error",H=e=>e instanceof s&&e.type==="rate_limit_error",W=e=>e instanceof s&&e.type==="api_error",U=e=>e instanceof s&&e.type==="network_error",$=e=>e instanceof s&&e.type==="challenge_aborted";var T=e=>e.startsWith("pk_test_")?"sandbox":"live",D=e=>{if(typeof e!="string"||e.length===0)throw new s({type:"validation_error",code:"invalid_publishable_key",message:"Publishable key must be a non-empty string",retryable:false});if(!e.startsWith("pk_test_")&&!e.startsWith("pk_live_"))throw new s({type:"validation_error",code:"invalid_publishable_key",message:"Publishable key must start with pk_test_ or pk_live_. Secret keys (sk_*) cannot be used in browser.",retryable:false})};var k="data-arcpay-sandbox-banner",A=()=>{if(typeof document=="undefined"||document.querySelector(`[${k}]`))return;let e=document.createElement("div");e.setAttribute(k,""),e.style.cssText="position:fixed;top:0;left:0;right:0;z-index:2147483647;background:#ffd166;color:#222;font:13px/1.4 system-ui,sans-serif;padding:6px 12px;display:flex;align-items:center;justify-content:center;box-shadow:0 1px 3px rgba(0,0,0,0.1);";let t=document.createElement("span");t.textContent="ARC PAY TEST MODE \u2014 payments are simulated",e.appendChild(t);let r=document.createElement("button");r.type="button",r.setAttribute("data-arcpay-banner-dismiss",""),r.textContent="\xD7",r.setAttribute("aria-label","Dismiss test mode banner"),r.style.cssText="margin-left:12px;background:transparent;border:0;font-size:18px;cursor:pointer;color:inherit;",r.addEventListener("click",()=>e.remove()),e.appendChild(r),document.body.appendChild(e);};var K="arcpay:",q=e=>typeof e=="object"&&e!==null&&"type"in e&&typeof e.type=="string"&&e.type.startsWith(K),v=(e,t,r)=>{if(r==="*")throw new s({type:"validation_error",code:"wildcard_origin_forbidden",message:"postToIframe: targetOrigin cannot be '*'",retryable:false});if(!e.contentWindow)throw new s({type:"validation_error",code:"iframe_not_loaded",message:"postToIframe: iframe.contentWindow is null (iframe not mounted)",retryable:false});e.contentWindow.postMessage(t,r);};var f=(e,t)=>e.origin!==t||!q(e.data)?null:e.data;var V=new Set(["position","transform","pointer-events","z-index","top","left","right","bottom","inset"]),E=e=>{let t={};for(let[r,n]of Object.entries(e)){let i=r.toLowerCase();V.has(i)||(t[r]=n);}return t},x=e=>{let t={base:E(e.base)};return e.invalid!==void 0&&(t.invalid=E(e.invalid)),e.focus!==void 0&&(t.focus=E(e.focus)),t};var g=class{constructor(t,r,n){this.field=t;this.options=r;this.context=n;this.iframe=null;this.listeners=new Set;this.status="pending";this.messageHandler=null;}mount(t){if(this.iframe)throw new s({type:"validation_error",code:"already_mounted",message:`Element ${this.field} is already mounted`,retryable:false});let r=typeof t=="string"?document.querySelector(t):t;if(!(r instanceof HTMLElement))throw new s({type:"validation_error",code:"mount_target_not_found",message:`mount target not found: ${String(t)}`,retryable:false});let n=document.createElement("iframe");n.src=`${this.context.iframeBase}/iframe/${this.field}`,n.style.cssText="border:0;width:100%;height:100%;display:block;",n.setAttribute("allow","payment"),n.setAttribute("data-arcpay-element",this.field),r.appendChild(n),this.iframe=n;let i=new URL(this.context.iframeBase).origin;this.messageHandler=o=>{var l;if(o.source!==((l=this.iframe)==null?void 0:l.contentWindow))return;let m=f(o,i);m&&this.handleMessage(m);},window.addEventListener("message",this.messageHandler),n.addEventListener("load",()=>{if(!this.iframe)return;let o={type:"arcpay:hello",origin:window.location.origin,publishableKey:this.context.publishableKey,channelId:this.context.channelId};v(this.iframe,o,i);},{once:true});}handleMessage(t){t.type==="arcpay:ready"?(this.status="ready",this.options.style&&this.send({type:"arcpay:style",payload:x(this.options.style)}),this.emit({type:"ready"})):t.type==="arcpay:rejected"?(this.status="error",this.emit({type:"error",reason:t.reason})):t.type==="arcpay:change"&&t.field===this.field&&this.emit({type:"change",isValid:t.isValid,brand:t.brand,lastFour:t.lastFour});}update(t){t.style&&this.send({type:"arcpay:style",payload:x(t.style)});}destroy(){this.iframe&&(this.iframe.remove(),this.iframe=null),this.messageHandler&&(window.removeEventListener("message",this.messageHandler),this.messageHandler=null),this.listeners.clear(),this.status="pending";}on(t,r){return this.listeners.add(r),()=>this.listeners.delete(r)}focus(){this.send({type:"arcpay:focus"});}clear(){this.send({type:"arcpay:clear"});}isReady(){return this.status==="ready"}getIframeContentWindow(){var t,r;return (r=(t=this.iframe)==null?void 0:t.contentWindow)!=null?r:null}send(t){if(!this.iframe)throw new s({type:"validation_error",code:"not_mounted",message:`Element ${this.field} is not mounted`,retryable:false});v(this.iframe,t,new URL(this.context.iframeBase).origin);}emit(t){for(let r of this.listeners)r(t);}};var Y="https://sdk.arcpay.space",j=()=>{var e;if(!((e=globalThis.crypto)!=null&&e.randomUUID))throw new s({type:"validation_error",code:"crypto_unavailable",message:"crypto.randomUUID is required for Hosted Fields",retryable:false});return globalThis.crypto.randomUUID()},u=class{constructor(t){this.elementMap=new Map;this.tokenizeInFlight=false;var r;this.publishableKey=t.publishableKey,this.iframeBase=(r=t.iframeBase)!=null?r:Y,this.channelId=j();}create(t,r={}){if(this.elementMap.has(t))throw new s({type:"validation_error",code:"duplicate_element",message:`Element for ${t} already created`,retryable:false});let n={iframeBase:this.iframeBase,publishableKey:this.publishableKey,channelId:this.channelId},i=new g(t,r,n);return this.elementMap.set(t,i),i}async tokenize(t,r){if(this.tokenizeInFlight)throw new s({type:"validation_error",code:"tokenize_in_progress",message:"A tokenize() call is already in progress for this Elements instance",retryable:false});let n=this.elementMap.get("cardNumber"),i=this.elementMap.get("cardExpiry"),o=this.elementMap.get("cardCvv");if(!n||!i||!o)throw new s({type:"validation_error",code:"incomplete_elements",message:"All three elements (cardNumber, cardExpiry, cardCvv) must be created and mounted before tokenize()",retryable:false});if(!n.isReady()||!i.isReady()||!o.isReady())throw new s({type:"validation_error",code:"elements_not_ready",message:"Wait for all elements to fire 'ready' event before tokenize()",retryable:false});this.tokenizeInFlight=true;try{return await this.doTokenize(n,t,r)}finally{this.tokenizeInFlight=false;}}doTokenize(t,r,n){let i=new URL(this.iframeBase).origin,o=t.getIframeContentWindow();return new Promise((m,l)=>{let d=window.setTimeout(()=>{window.removeEventListener("message",c),l(new s({type:"network_error",code:"tokenize_timeout",message:"tokenize() timed out after 30 seconds",retryable:true,paymentId:r}));},3e4),c=p=>{if(o!==null&&p.source!==o)return;let a=f(p,i);if(a){if(a.type==="arcpay:tokenize-result")clearTimeout(d),window.removeEventListener("message",c),m({cardTokenId:a.cardTokenId,cardMask:a.cardMask,cardScheme:a.cardScheme,cardBin:a.cardBin,expiresIn:a.expiresIn,expiresAt:a.expiresAt});else if(a.type==="arcpay:tokenize-error"){clearTimeout(d),window.removeEventListener("message",c);let R=a.errorType==="validation_error"||a.errorType==="api_error"?a.errorType:"api_error";l(new s({type:R,code:a.code,message:a.message,retryable:false,paymentId:r}));}}};window.addEventListener("message",c),t.send({type:"arcpay:tokenize",paymentId:r,idempotencyKey:n});})}destroy(){for(let t of this.elementMap.values())t.destroy();this.elementMap.clear();}};var X=D,S=new Map,G=e=>(T(e)==="sandbox"&&A(),{publishableKey:e,environment:T(e),elements:()=>new u({publishableKey:e})});function J(e){try{X(e);}catch(i){return Promise.reject(i)}let t=e,r=S.get(t);if(r)return r;let n=Promise.resolve(G(e));return S.set(t,n),n}var Q=()=>{S.clear();},Z={load:J,__resetForTests:Q};var ee=[1,4,8,15,16,24,32,48],te=e=>ee.includes(e)?e:24,re=e=>e>=1e3?"05":e>=600?"04":e>=500?"03":e>=390?"02":"01",F=(e="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")=>{if(typeof window=="undefined"||typeof navigator=="undefined"||typeof screen=="undefined")throw new Error("collectBrowserInfo must be called in a browser environment");return {accept_header:e,language:navigator.language||"en",screen_width:screen.width,screen_height:screen.height,color_depth:te(screen.colorDepth),timezone_offset_minutes:new Date().getTimezoneOffset(),java_enabled:false,user_agent:navigator.userAgent,window_size:re(window.innerWidth||screen.width)}},b=e=>e!=null?e:null,_=e=>(e==null?void 0:e.type)==="three_ds_method"&&e.three_ds.phase==="method",w=e=>(e==null?void 0:e.type)==="three_ds_challenge"&&e.three_ds.phase==="challenge",h=e=>({action:e.three_ds.submit.url,method:e.three_ds.submit.method,target:e.three_ds.submit.target,fields:e.three_ds.submit.fields}),B=e=>{let t=b(e);return t?{kind:t.three_ds.phase,protocolVersion:t.three_ds.version,form:h(t),completionEndpoint:t.three_ds.completion_endpoint,threeDSServerTransId:t.three_ds.three_ds_server_trans_id}:null},I=(e,t="Y")=>{if(!_(e)||!e.three_ds.three_ds_server_trans_id)throw new Error("nextAction must be a three_ds_method action with three_ds_server_trans_id");return {completion_indicator:t,three_ds_server_trans_id:e.three_ds.three_ds_server_trans_id}},oe=e=>{if(e)return e;if(typeof document=="undefined")throw new Error("3DS browser helpers must be called in a browser environment");return document},ne=e=>{e.submit();},y=(e,t={})=>{var d,c;let r=oe(t.document),n=(d=t.container)!=null?d:r.body,i=h(e),o=r.createElement("form"),m=i.target==="hidden_iframe"?`arcpay-three-ds-method-${Math.random().toString(36).slice(2)}`:(c=t.challengeTarget)!=null?c:"_self",l;o.method=i.method,o.action=i.action,o.target=m,o.hidden=true;for(let p of i.fields){let a=r.createElement("input");a.type="hidden",a.name=p.name,a.value=p.value,o.append(a);}return i.target==="hidden_iframe"&&(l=r.createElement("iframe"),l.name=m,l.title="3-D Secure method",l.hidden=true,n.append(l)),n.append(o),{form:o,iframe:l,submit:()=>{var p;return ((p=t.submitter)!=null?p:ne)(o)},remove:()=>{o.remove(),l==null||l.remove();}}},se=(e,t,r)=>new Promise((n,i)=>{if(!e.iframe){n("loaded");return}if(r!=null&&r.aborted){i(new DOMException("The operation was aborted","AbortError"));return}let o=false,m=()=>{var a;(a=e.iframe)==null||a.removeEventListener("load",d),r==null||r.removeEventListener("abort",c),clearTimeout(p);},l=a=>{o||(o=true,m(),n(a));},d=()=>l("loaded"),c=()=>{o||(o=true,m(),i(new DOMException("The operation was aborted","AbortError")));},p=setTimeout(()=>l("timeout"),t);e.iframe.addEventListener("load",d,{once:true}),r==null||r.addEventListener("abort",c,{once:true});}),M=async(e,t)=>{var n,i;if(!e)return {status:"no_action"};if(w(e)){let o=y(e,t);return o.submit(),{status:"challenge_submitted",action:e,mounted:o}}if(!_(e))return {status:"no_action"};let r=y(e,t);try{r.submit();let o=await se(r,(n=t.methodTimeoutMs)!=null?n:1e4,t.signal),m=(i=t.methodCompletionIndicator)!=null?i:o==="loaded"?"Y":"N",l=await t.completeThreeDSMethod(I(e,m),e),d=b(l.next_action);if(d&&w(d)){let c=y(d,t);return c.submit(),{status:"challenge_submitted",action:d,response:l,mounted:c}}return {status:"method_completed",response:l}}finally{r.remove();}},P=e=>e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#39;"),z=e=>{let t=h(e),r=t.target==="hidden_iframe"?"arcpay-three-ds-method":"_self",n=t.fields.map(o=>`<input type="hidden" name="${P(o.name)}" value="${P(o.value)}">`).join("");return `<!doctype html><html><head><meta charset="utf-8"></head><body>${t.target==="hidden_iframe"?'<iframe name="arcpay-three-ds-method" title="3-D Secure method" hidden></iframe>':""}<form method="POST" action="${P(t.action)}" target="${r}">${n}</form><script>document.forms[0].submit();</script></body></html>`};var De="0.1.15";
+exports.ArcPay=Z;exports.ArcPayError=s;exports.Elements=u;exports.SDK_VERSION=De;exports.buildThreeDSAutoSubmitHtml=z;exports.buildThreeDSBrowserForm=h;exports.buildThreeDSBrowserStep=B;exports.buildThreeDSMethodCompletion=I;exports.collectBrowserInfo=F;exports.getThreeDSAction=b;exports.isApiError=W;exports.isAuthenticationError=L;exports.isAuthorizationError=O;exports.isChallengeAborted=$;exports.isNetworkError=U;exports.isRateLimitError=H;exports.isStateError=N;exports.isThreeDSChallengeAction=w;exports.isThreeDSMethodAction=_;exports.isValidationError=C;exports.mountThreeDSBrowserForm=y;exports.runThreeDSBrowserFlow=M;return exports;})({});//# sourceMappingURL=arcpay.global.js.map
 //# sourceMappingURL=arcpay.global.js.map