@thavguard/arc-pay 0.1.9 → 0.1.11

package/dist/{actions-Jm7sVMtS.d.cts → actions-Bfk_e5uv.d.cts}

@@ -39,6 +39,16 @@ interface PaymentList {
     page: number;
     page_size: number;
 }
+type FiscalVatRate = "no_vat" | "vat0" | "vat10" | "vat110" | "vat120" | "vat20";
+interface FiscalItem {
+    name: string;
+    quantity: string;
+    unit_price: number;
+    vat_rate: FiscalVatRate;
+    payment_object: string;
+    payment_method: string;
+    measure: string;
+}
 interface CreatePaymentRequest {
     amount: number;
     currency: Currency;
@@ -53,6 +63,17 @@ interface CreatePaymentRequest {
     callback_url?: string;
     customer_email?: string;
     customer_phone?: string;
+    merchant_inn?: string;
+    metadata?: Record<string, string>;
+    fiscal_items?: FiscalItem[];
+}
+interface CreateCardSetupRequest {
+    currency: Currency;
+    customer_id: string;
+    external_id?: string;
+    success_url: string;
+    fail_url: string;
+    callback_url?: string;
     metadata?: Record<string, string>;
 }
 interface CaptureRequest {
@@ -100,6 +121,7 @@ interface ExecutePaymentResponse {
     qr_content_type?: "image/png" | "image/svg+xml" | string;
     qr_expires_at?: string;
     liability_shifted?: boolean;
+    card_token_id?: string;
     next_action?: PaymentNextAction;
     decline_code?: string;
     decline_message?: string;
@@ -130,12 +152,8 @@ interface ChargeSavedCardRequest {
     external_id?: string;
     description?: string;
     metadata?: Record<string, string>;
-    fiscal_items?: {
-        name: string;
-        quantity: number;
-        unit_price: number;
-        vat_rate: "no_vat" | "vat0" | "vat10" | "vat20";
-    }[];
+    merchant_inn?: string;
+    fiscal_items?: FiscalItem[];
 }
 interface CompleteThreeDSMethodRequest {
     completion_indicator: "Y" | "N" | "U";
@@ -276,6 +294,7 @@ interface ListAvailablePaymentMethodsQuery {
 }
 
 type ThreeDSAction = PaymentNextAction;
+type BrowserInfo = ExecutePaymentRequest["browser_info"];
 interface BrowserFormField {
     name: string;
     value: string;
@@ -286,10 +305,11 @@ interface BrowserPostForm {
     target: "hidden_iframe" | "browser";
     fields: BrowserFormField[];
 }
+declare const collectBrowserInfo: (acceptHeader?: string) => BrowserInfo;
 declare const getThreeDSAction: (nextAction?: PaymentNextAction) => PaymentNextAction | null;
 declare const isThreeDSMethodAction: (nextAction?: PaymentNextAction) => boolean;
 declare const isThreeDSChallengeAction: (nextAction?: PaymentNextAction) => boolean;
 declare const buildThreeDSBrowserForm: (nextAction: PaymentNextAction) => BrowserPostForm;
 declare const buildThreeDSAutoSubmitHtml: (nextAction: PaymentNextAction) => string;
 
-export { type AvailablePaymentMethod as A, type BrowserFormField as B, type CaptureRequest as C, type ExecutePaymentRequest as E, type Link as L, type Payment as P, type Refund as R, type ThreeDSAction as T, type VoidRequest as V, type BrowserPostForm as a, type ChargeSavedCardRequest as b, type CheckoutSession as c, type CompleteThreeDSMethodRequest as d, type CreateCheckoutSessionRequest as e, type CreateLinkRequest as f, type CreatePaymentRequest as g, type CreateRefundRequest as h, type ExecutePaymentResponse as i, type ListAvailablePaymentMethodsQuery as j, type ListPaymentsQuery as k, type PaymentFlowMode as l, type PaymentList as m, type PaymentMethod as n, type PaymentNextAction as o, buildThreeDSAutoSubmitHtml as p, buildThreeDSBrowserForm as q, getThreeDSAction as r, isThreeDSChallengeAction as s, isThreeDSMethodAction as t };
+export { type AvailablePaymentMethod as A, type BrowserFormField as B, type CaptureRequest as C, type ExecutePaymentRequest as E, type Link as L, type Payment as P, type Refund as R, type ThreeDSAction as T, type VoidRequest as V, type BrowserInfo as a, type BrowserPostForm as b, type ChargeSavedCardRequest as c, type CheckoutSession as d, type CompleteThreeDSMethodRequest as e, type CreateCardSetupRequest as f, type CreateCheckoutSessionRequest as g, type CreateLinkRequest as h, type CreatePaymentRequest as i, type CreateRefundRequest as j, type ExecutePaymentResponse as k, type ListAvailablePaymentMethodsQuery as l, type ListPaymentsQuery as m, type PaymentFlowMode as n, type PaymentList as o, type PaymentMethod as p, type PaymentNextAction as q, buildThreeDSAutoSubmitHtml as r, buildThreeDSBrowserForm as s, collectBrowserInfo as t, getThreeDSAction as u, isThreeDSChallengeAction as v, isThreeDSMethodAction as w };

package/dist/{actions-Jm7sVMtS.d.ts → actions-Bfk_e5uv.d.ts}

@@ -39,6 +39,16 @@ interface PaymentList {
     page: number;
     page_size: number;
 }
+type FiscalVatRate = "no_vat" | "vat0" | "vat10" | "vat110" | "vat120" | "vat20";
+interface FiscalItem {
+    name: string;
+    quantity: string;
+    unit_price: number;
+    vat_rate: FiscalVatRate;
+    payment_object: string;
+    payment_method: string;
+    measure: string;
+}
 interface CreatePaymentRequest {
     amount: number;
     currency: Currency;
@@ -53,6 +63,17 @@ interface CreatePaymentRequest {
     callback_url?: string;
     customer_email?: string;
     customer_phone?: string;
+    merchant_inn?: string;
+    metadata?: Record<string, string>;
+    fiscal_items?: FiscalItem[];
+}
+interface CreateCardSetupRequest {
+    currency: Currency;
+    customer_id: string;
+    external_id?: string;
+    success_url: string;
+    fail_url: string;
+    callback_url?: string;
     metadata?: Record<string, string>;
 }
 interface CaptureRequest {
@@ -100,6 +121,7 @@ interface ExecutePaymentResponse {
     qr_content_type?: "image/png" | "image/svg+xml" | string;
     qr_expires_at?: string;
     liability_shifted?: boolean;
+    card_token_id?: string;
     next_action?: PaymentNextAction;
     decline_code?: string;
     decline_message?: string;
@@ -130,12 +152,8 @@ interface ChargeSavedCardRequest {
     external_id?: string;
     description?: string;
     metadata?: Record<string, string>;
-    fiscal_items?: {
-        name: string;
-        quantity: number;
-        unit_price: number;
-        vat_rate: "no_vat" | "vat0" | "vat10" | "vat20";
-    }[];
+    merchant_inn?: string;
+    fiscal_items?: FiscalItem[];
 }
 interface CompleteThreeDSMethodRequest {
     completion_indicator: "Y" | "N" | "U";
@@ -276,6 +294,7 @@ interface ListAvailablePaymentMethodsQuery {
 }
 
 type ThreeDSAction = PaymentNextAction;
+type BrowserInfo = ExecutePaymentRequest["browser_info"];
 interface BrowserFormField {
     name: string;
     value: string;
@@ -286,10 +305,11 @@ interface BrowserPostForm {
     target: "hidden_iframe" | "browser";
     fields: BrowserFormField[];
 }
+declare const collectBrowserInfo: (acceptHeader?: string) => BrowserInfo;
 declare const getThreeDSAction: (nextAction?: PaymentNextAction) => PaymentNextAction | null;
 declare const isThreeDSMethodAction: (nextAction?: PaymentNextAction) => boolean;
 declare const isThreeDSChallengeAction: (nextAction?: PaymentNextAction) => boolean;
 declare const buildThreeDSBrowserForm: (nextAction: PaymentNextAction) => BrowserPostForm;
 declare const buildThreeDSAutoSubmitHtml: (nextAction: PaymentNextAction) => string;
 
-export { type AvailablePaymentMethod as A, type BrowserFormField as B, type CaptureRequest as C, type ExecutePaymentRequest as E, type Link as L, type Payment as P, type Refund as R, type ThreeDSAction as T, type VoidRequest as V, type BrowserPostForm as a, type ChargeSavedCardRequest as b, type CheckoutSession as c, type CompleteThreeDSMethodRequest as d, type CreateCheckoutSessionRequest as e, type CreateLinkRequest as f, type CreatePaymentRequest as g, type CreateRefundRequest as h, type ExecutePaymentResponse as i, type ListAvailablePaymentMethodsQuery as j, type ListPaymentsQuery as k, type PaymentFlowMode as l, type PaymentList as m, type PaymentMethod as n, type PaymentNextAction as o, buildThreeDSAutoSubmitHtml as p, buildThreeDSBrowserForm as q, getThreeDSAction as r, isThreeDSChallengeAction as s, isThreeDSMethodAction as t };
+export { type AvailablePaymentMethod as A, type BrowserFormField as B, type CaptureRequest as C, type ExecutePaymentRequest as E, type Link as L, type Payment as P, type Refund as R, type ThreeDSAction as T, type VoidRequest as V, type BrowserInfo as a, type BrowserPostForm as b, type ChargeSavedCardRequest as c, type CheckoutSession as d, type CompleteThreeDSMethodRequest as e, type CreateCardSetupRequest as f, type CreateCheckoutSessionRequest as g, type CreateLinkRequest as h, type CreatePaymentRequest as i, type CreateRefundRequest as j, type ExecutePaymentResponse as k, type ListAvailablePaymentMethodsQuery as l, type ListPaymentsQuery as m, type PaymentFlowMode as n, type PaymentList as o, type PaymentMethod as p, type PaymentNextAction as q, buildThreeDSAutoSubmitHtml as r, buildThreeDSBrowserForm as s, collectBrowserInfo as t, getThreeDSAction as u, isThreeDSChallengeAction as v, isThreeDSMethodAction as w };

package/dist/cdn/arcpay.global.js

@@ -1,3 +1,3 @@
-var ArcPay=(function(exports){'use strict';var n=class extends Error{constructor(t){super(t.message),this.name="ArcPayError",this.type=t.type,this.code=t.code,this.param=t.param,this.paymentId=t.paymentId,this.declineCode=t.declineCode,this.retryable=t.retryable,this.requestId=t.requestId;}},F=e=>e instanceof n&&e.type==="validation_error",M=e=>e instanceof n&&e.type==="authentication_error",R=e=>e instanceof n&&e.type==="authorization_error",B=e=>e instanceof n&&e.type==="state_error",C=e=>e instanceof n&&e.type==="rate_limit_error",D=e=>e instanceof n&&e.type==="api_error",L=e=>e instanceof n&&e.type==="network_error",O=e=>e instanceof n&&e.type==="challenge_aborted";var h=e=>e.startsWith("pk_test_")?"sandbox":"live",_=e=>{if(typeof e!="string"||e.length===0)throw new n({type:"validation_error",code:"invalid_publishable_key",message:"Publishable key must be a non-empty string",retryable:false});if(!e.startsWith("pk_test_")&&!e.startsWith("pk_live_"))throw new n({type:"validation_error",code:"invalid_publishable_key",message:"Publishable key must start with pk_test_ or pk_live_. Secret keys (sk_*) cannot be used in browser.",retryable:false})};var T="data-arcpay-sandbox-banner",P=()=>{if(typeof document=="undefined"||document.querySelector(`[${T}]`))return;let e=document.createElement("div");e.setAttribute(T,""),e.style.cssText="position:fixed;top:0;left:0;right:0;z-index:2147483647;background:#ffd166;color:#222;font:13px/1.4 system-ui,sans-serif;padding:6px 12px;display:flex;align-items:center;justify-content:center;box-shadow:0 1px 3px rgba(0,0,0,0.1);";let t=document.createElement("span");t.textContent="ARC PAY TEST MODE \u2014 payments are simulated",e.appendChild(t);let r=document.createElement("button");r.type="button",r.setAttribute("data-arcpay-banner-dismiss",""),r.textContent="\xD7",r.setAttribute("aria-label","Dismiss test mode banner"),r.style.cssText="margin-left:12px;background:transparent;border:0;font-size:18px;cursor:pointer;color:inherit;",r.addEventListener("click",()=>e.remove()),e.appendChild(r),document.body.appendChild(e);};var N="arcpay:",H=e=>typeof e=="object"&&e!==null&&"type"in e&&typeof e.type=="string"&&e.type.startsWith(N),f=(e,t,r)=>{if(r==="*")throw new n({type:"validation_error",code:"wildcard_origin_forbidden",message:"postToIframe: targetOrigin cannot be '*'",retryable:false});if(!e.contentWindow)throw new n({type:"validation_error",code:"iframe_not_loaded",message:"postToIframe: iframe.contentWindow is null (iframe not mounted)",retryable:false});e.contentWindow.postMessage(t,r);};var m=(e,t)=>e.origin!==t||!H(e.data)?null:e.data;var W=new Set(["position","transform","pointer-events","z-index","top","left","right","bottom","inset"]),u=e=>{let t={};for(let[r,o]of Object.entries(e)){let s=r.toLowerCase();W.has(s)||(t[r]=o);}return t},g=e=>{let t={base:u(e.base)};return e.invalid!==void 0&&(t.invalid=u(e.invalid)),e.focus!==void 0&&(t.focus=u(e.focus)),t};var y=class{constructor(t,r,o){this.field=t;this.options=r;this.context=o;this.iframe=null;this.listeners=new Set;this.status="pending";this.messageHandler=null;}mount(t){if(this.iframe)throw new n({type:"validation_error",code:"already_mounted",message:`Element ${this.field} is already mounted`,retryable:false});let r=typeof t=="string"?document.querySelector(t):t;if(!(r instanceof HTMLElement))throw new n({type:"validation_error",code:"mount_target_not_found",message:`mount target not found: ${String(t)}`,retryable:false});let o=document.createElement("iframe");o.src=`${this.context.iframeBase}/iframe/${this.field}`,o.style.cssText="border:0;width:100%;height:100%;display:block;",o.setAttribute("allow","payment"),o.setAttribute("data-arcpay-element",this.field),r.appendChild(o),this.iframe=o;let s=new URL(this.context.iframeBase).origin;this.messageHandler=a=>{var l;if(a.source!==((l=this.iframe)==null?void 0:l.contentWindow))return;let p=m(a,s);p&&this.handleMessage(p);},window.addEventListener("message",this.messageHandler),o.addEventListener("load",()=>{if(!this.iframe)return;let a={type:"arcpay:hello",origin:window.location.origin,publishableKey:this.context.publishableKey,channelId:this.context.channelId};f(this.iframe,a,s);},{once:true});}handleMessage(t){t.type==="arcpay:ready"?(this.status="ready",this.options.style&&this.send({type:"arcpay:style",payload:g(this.options.style)}),this.emit({type:"ready"})):t.type==="arcpay:rejected"?(this.status="error",this.emit({type:"error",reason:t.reason})):t.type==="arcpay:change"&&t.field===this.field&&this.emit({type:"change",isValid:t.isValid,brand:t.brand,lastFour:t.lastFour});}update(t){t.style&&this.send({type:"arcpay:style",payload:g(t.style)});}destroy(){this.iframe&&(this.iframe.remove(),this.iframe=null),this.messageHandler&&(window.removeEventListener("message",this.messageHandler),this.messageHandler=null),this.listeners.clear(),this.status="pending";}on(t,r){return this.listeners.add(r),()=>this.listeners.delete(r)}focus(){this.send({type:"arcpay:focus"});}clear(){this.send({type:"arcpay:clear"});}isReady(){return this.status==="ready"}getIframeContentWindow(){var t,r;return (r=(t=this.iframe)==null?void 0:t.contentWindow)!=null?r:null}send(t){if(!this.iframe)throw new n({type:"validation_error",code:"not_mounted",message:`Element ${this.field} is not mounted`,retryable:false});f(this.iframe,t,new URL(this.context.iframeBase).origin);}emit(t){for(let r of this.listeners)r(t);}};var K="https://sdk.arcpay.space",$=()=>{var e;if(!((e=globalThis.crypto)!=null&&e.randomUUID))throw new n({type:"validation_error",code:"crypto_unavailable",message:"crypto.randomUUID is required for Hosted Fields",retryable:false});return globalThis.crypto.randomUUID()},d=class{constructor(t){this.elementMap=new Map;this.tokenizeInFlight=false;var r;this.publishableKey=t.publishableKey,this.iframeBase=(r=t.iframeBase)!=null?r:K,this.channelId=$();}create(t,r={}){if(this.elementMap.has(t))throw new n({type:"validation_error",code:"duplicate_element",message:`Element for ${t} already created`,retryable:false});let o={iframeBase:this.iframeBase,publishableKey:this.publishableKey,channelId:this.channelId},s=new y(t,r,o);return this.elementMap.set(t,s),s}async tokenize(t,r){if(this.tokenizeInFlight)throw new n({type:"validation_error",code:"tokenize_in_progress",message:"A tokenize() call is already in progress for this Elements instance",retryable:false});let o=this.elementMap.get("cardNumber"),s=this.elementMap.get("cardExpiry"),a=this.elementMap.get("cardCvv");if(!o||!s||!a)throw new n({type:"validation_error",code:"incomplete_elements",message:"All three elements (cardNumber, cardExpiry, cardCvv) must be created and mounted before tokenize()",retryable:false});if(!o.isReady()||!s.isReady()||!a.isReady())throw new n({type:"validation_error",code:"elements_not_ready",message:"Wait for all elements to fire 'ready' event before tokenize()",retryable:false});this.tokenizeInFlight=true;try{return await this.doTokenize(o,t,r)}finally{this.tokenizeInFlight=false;}}doTokenize(t,r,o){let s=new URL(this.iframeBase).origin,a=t.getIframeContentWindow();return new Promise((p,l)=>{let w=window.setTimeout(()=>{window.removeEventListener("message",c),l(new n({type:"network_error",code:"tokenize_timeout",message:"tokenize() timed out after 30 seconds",retryable:true,paymentId:r}));},3e4),c=x=>{if(a!==null&&x.source!==a)return;let i=m(x,s);if(i){if(i.type==="arcpay:tokenize-result")clearTimeout(w),window.removeEventListener("message",c),p({cardTokenId:i.cardTokenId,cardMask:i.cardMask,cardScheme:i.cardScheme,cardBin:i.cardBin,expiresIn:i.expiresIn,expiresAt:i.expiresAt});else if(i.type==="arcpay:tokenize-error"){clearTimeout(w),window.removeEventListener("message",c);let z=i.errorType==="validation_error"||i.errorType==="api_error"?i.errorType:"api_error";l(new n({type:z,code:i.code,message:i.message,retryable:false,paymentId:r}));}}};window.addEventListener("message",c),t.send({type:"arcpay:tokenize",paymentId:r,idempotencyKey:o});})}destroy(){for(let t of this.elementMap.values())t.destroy();this.elementMap.clear();}};var U=_,b=new Map,q=e=>(h(e)==="sandbox"&&P(),{publishableKey:e,environment:h(e),elements:()=>new d({publishableKey:e})});function V(e){try{U(e);}catch(s){return Promise.reject(s)}let t=e,r=b.get(t);if(r)return r;let o=Promise.resolve(q(e));return b.set(t,o),o}var j=()=>{b.clear();},Y={load:V,__resetForTests:j};var k=e=>e!=null?e:null,I=e=>(e==null?void 0:e.type)==="three_ds_method"&&e.three_ds.phase==="method",S=e=>(e==null?void 0:e.type)==="three_ds_challenge"&&e.three_ds.phase==="challenge",E=e=>({action:e.three_ds.submit.url,method:e.three_ds.submit.method,target:e.three_ds.submit.target,fields:e.three_ds.submit.fields}),v=e=>e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#39;"),A=e=>{let t=E(e),r=t.target==="hidden_iframe"?"arcpay-three-ds-method":"_self",o=t.fields.map(a=>`<input type="hidden" name="${v(a.name)}" value="${v(a.value)}">`).join("");return `<!doctype html><html><head><meta charset="utf-8"></head><body>${t.target==="hidden_iframe"?'<iframe name="arcpay-three-ds-method" title="3-D Secure method" hidden></iframe>':""}<form method="POST" action="${v(t.action)}" target="${r}">${o}</form><script>document.forms[0].submit();</script></body></html>`};var ge="0.1.9";
-exports.ArcPay=Y;exports.ArcPayError=n;exports.Elements=d;exports.SDK_VERSION=ge;exports.buildThreeDSAutoSubmitHtml=A;exports.buildThreeDSBrowserForm=E;exports.getThreeDSAction=k;exports.isApiError=D;exports.isAuthenticationError=M;exports.isAuthorizationError=R;exports.isChallengeAborted=O;exports.isNetworkError=L;exports.isRateLimitError=C;exports.isStateError=B;exports.isThreeDSChallengeAction=S;exports.isThreeDSMethodAction=I;exports.isValidationError=F;return exports;})({});//# sourceMappingURL=arcpay.global.js.map
+var ArcPay=(function(exports){'use strict';var n=class extends Error{constructor(t){super(t.message),this.name="ArcPayError",this.type=t.type,this.code=t.code,this.param=t.param,this.paymentId=t.paymentId,this.declineCode=t.declineCode,this.retryable=t.retryable,this.requestId=t.requestId;}},F=e=>e instanceof n&&e.type==="validation_error",R=e=>e instanceof n&&e.type==="authentication_error",C=e=>e instanceof n&&e.type==="authorization_error",D=e=>e instanceof n&&e.type==="state_error",M=e=>e instanceof n&&e.type==="rate_limit_error",L=e=>e instanceof n&&e.type==="api_error",O=e=>e instanceof n&&e.type==="network_error",N=e=>e instanceof n&&e.type==="challenge_aborted";var f=e=>e.startsWith("pk_test_")?"sandbox":"live",x=e=>{if(typeof e!="string"||e.length===0)throw new n({type:"validation_error",code:"invalid_publishable_key",message:"Publishable key must be a non-empty string",retryable:false});if(!e.startsWith("pk_test_")&&!e.startsWith("pk_live_"))throw new n({type:"validation_error",code:"invalid_publishable_key",message:"Publishable key must start with pk_test_ or pk_live_. Secret keys (sk_*) cannot be used in browser.",retryable:false})};var T="data-arcpay-sandbox-banner",I=()=>{if(typeof document=="undefined"||document.querySelector(`[${T}]`))return;let e=document.createElement("div");e.setAttribute(T,""),e.style.cssText="position:fixed;top:0;left:0;right:0;z-index:2147483647;background:#ffd166;color:#222;font:13px/1.4 system-ui,sans-serif;padding:6px 12px;display:flex;align-items:center;justify-content:center;box-shadow:0 1px 3px rgba(0,0,0,0.1);";let t=document.createElement("span");t.textContent="ARC PAY TEST MODE \u2014 payments are simulated",e.appendChild(t);let r=document.createElement("button");r.type="button",r.setAttribute("data-arcpay-banner-dismiss",""),r.textContent="\xD7",r.setAttribute("aria-label","Dismiss test mode banner"),r.style.cssText="margin-left:12px;background:transparent;border:0;font-size:18px;cursor:pointer;color:inherit;",r.addEventListener("click",()=>e.remove()),e.appendChild(r),document.body.appendChild(e);};var W="arcpay:",H=e=>typeof e=="object"&&e!==null&&"type"in e&&typeof e.type=="string"&&e.type.startsWith(W),h=(e,t,r)=>{if(r==="*")throw new n({type:"validation_error",code:"wildcard_origin_forbidden",message:"postToIframe: targetOrigin cannot be '*'",retryable:false});if(!e.contentWindow)throw new n({type:"validation_error",code:"iframe_not_loaded",message:"postToIframe: iframe.contentWindow is null (iframe not mounted)",retryable:false});e.contentWindow.postMessage(t,r);};var m=(e,t)=>e.origin!==t||!H(e.data)?null:e.data;var K=new Set(["position","transform","pointer-events","z-index","top","left","right","bottom","inset"]),u=e=>{let t={};for(let[r,o]of Object.entries(e)){let s=r.toLowerCase();K.has(s)||(t[r]=o);}return t},g=e=>{let t={base:u(e.base)};return e.invalid!==void 0&&(t.invalid=u(e.invalid)),e.focus!==void 0&&(t.focus=u(e.focus)),t};var y=class{constructor(t,r,o){this.field=t;this.options=r;this.context=o;this.iframe=null;this.listeners=new Set;this.status="pending";this.messageHandler=null;}mount(t){if(this.iframe)throw new n({type:"validation_error",code:"already_mounted",message:`Element ${this.field} is already mounted`,retryable:false});let r=typeof t=="string"?document.querySelector(t):t;if(!(r instanceof HTMLElement))throw new n({type:"validation_error",code:"mount_target_not_found",message:`mount target not found: ${String(t)}`,retryable:false});let o=document.createElement("iframe");o.src=`${this.context.iframeBase}/iframe/${this.field}`,o.style.cssText="border:0;width:100%;height:100%;display:block;",o.setAttribute("allow","payment"),o.setAttribute("data-arcpay-element",this.field),r.appendChild(o),this.iframe=o;let s=new URL(this.context.iframeBase).origin;this.messageHandler=a=>{var l;if(a.source!==((l=this.iframe)==null?void 0:l.contentWindow))return;let p=m(a,s);p&&this.handleMessage(p);},window.addEventListener("message",this.messageHandler),o.addEventListener("load",()=>{if(!this.iframe)return;let a={type:"arcpay:hello",origin:window.location.origin,publishableKey:this.context.publishableKey,channelId:this.context.channelId};h(this.iframe,a,s);},{once:true});}handleMessage(t){t.type==="arcpay:ready"?(this.status="ready",this.options.style&&this.send({type:"arcpay:style",payload:g(this.options.style)}),this.emit({type:"ready"})):t.type==="arcpay:rejected"?(this.status="error",this.emit({type:"error",reason:t.reason})):t.type==="arcpay:change"&&t.field===this.field&&this.emit({type:"change",isValid:t.isValid,brand:t.brand,lastFour:t.lastFour});}update(t){t.style&&this.send({type:"arcpay:style",payload:g(t.style)});}destroy(){this.iframe&&(this.iframe.remove(),this.iframe=null),this.messageHandler&&(window.removeEventListener("message",this.messageHandler),this.messageHandler=null),this.listeners.clear(),this.status="pending";}on(t,r){return this.listeners.add(r),()=>this.listeners.delete(r)}focus(){this.send({type:"arcpay:focus"});}clear(){this.send({type:"arcpay:clear"});}isReady(){return this.status==="ready"}getIframeContentWindow(){var t,r;return (r=(t=this.iframe)==null?void 0:t.contentWindow)!=null?r:null}send(t){if(!this.iframe)throw new n({type:"validation_error",code:"not_mounted",message:`Element ${this.field} is not mounted`,retryable:false});h(this.iframe,t,new URL(this.context.iframeBase).origin);}emit(t){for(let r of this.listeners)r(t);}};var $="https://sdk.arcpay.space",q=()=>{var e;if(!((e=globalThis.crypto)!=null&&e.randomUUID))throw new n({type:"validation_error",code:"crypto_unavailable",message:"crypto.randomUUID is required for Hosted Fields",retryable:false});return globalThis.crypto.randomUUID()},d=class{constructor(t){this.elementMap=new Map;this.tokenizeInFlight=false;var r;this.publishableKey=t.publishableKey,this.iframeBase=(r=t.iframeBase)!=null?r:$,this.channelId=q();}create(t,r={}){if(this.elementMap.has(t))throw new n({type:"validation_error",code:"duplicate_element",message:`Element for ${t} already created`,retryable:false});let o={iframeBase:this.iframeBase,publishableKey:this.publishableKey,channelId:this.channelId},s=new y(t,r,o);return this.elementMap.set(t,s),s}async tokenize(t,r){if(this.tokenizeInFlight)throw new n({type:"validation_error",code:"tokenize_in_progress",message:"A tokenize() call is already in progress for this Elements instance",retryable:false});let o=this.elementMap.get("cardNumber"),s=this.elementMap.get("cardExpiry"),a=this.elementMap.get("cardCvv");if(!o||!s||!a)throw new n({type:"validation_error",code:"incomplete_elements",message:"All three elements (cardNumber, cardExpiry, cardCvv) must be created and mounted before tokenize()",retryable:false});if(!o.isReady()||!s.isReady()||!a.isReady())throw new n({type:"validation_error",code:"elements_not_ready",message:"Wait for all elements to fire 'ready' event before tokenize()",retryable:false});this.tokenizeInFlight=true;try{return await this.doTokenize(o,t,r)}finally{this.tokenizeInFlight=false;}}doTokenize(t,r,o){let s=new URL(this.iframeBase).origin,a=t.getIframeContentWindow();return new Promise((p,l)=>{let E=window.setTimeout(()=>{window.removeEventListener("message",c),l(new n({type:"network_error",code:"tokenize_timeout",message:"tokenize() timed out after 30 seconds",retryable:true,paymentId:r}));},3e4),c=_=>{if(a!==null&&_.source!==a)return;let i=m(_,s);if(i){if(i.type==="arcpay:tokenize-result")clearTimeout(E),window.removeEventListener("message",c),p({cardTokenId:i.cardTokenId,cardMask:i.cardMask,cardScheme:i.cardScheme,cardBin:i.cardBin,expiresIn:i.expiresIn,expiresAt:i.expiresAt});else if(i.type==="arcpay:tokenize-error"){clearTimeout(E),window.removeEventListener("message",c);let B=i.errorType==="validation_error"||i.errorType==="api_error"?i.errorType:"api_error";l(new n({type:B,code:i.code,message:i.message,retryable:false,paymentId:r}));}}};window.addEventListener("message",c),t.send({type:"arcpay:tokenize",paymentId:r,idempotencyKey:o});})}destroy(){for(let t of this.elementMap.values())t.destroy();this.elementMap.clear();}};var U=x,b=new Map,j=e=>(f(e)==="sandbox"&&I(),{publishableKey:e,environment:f(e),elements:()=>new d({publishableKey:e})});function V(e){try{U(e);}catch(s){return Promise.reject(s)}let t=e,r=b.get(t);if(r)return r;let o=Promise.resolve(j(e));return b.set(t,o),o}var Y=()=>{b.clear();},X={load:V,__resetForTests:Y};var G=[1,4,8,15,16,24,32,48],J=e=>G.includes(e)?e:24,Q=e=>e>=1e3?"05":e>=600?"04":e>=500?"03":e>=390?"02":"01",P=(e="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")=>{if(typeof window=="undefined"||typeof navigator=="undefined"||typeof screen=="undefined")throw new Error("collectBrowserInfo must be called in a browser environment");return {accept_header:e,language:navigator.language||"en",screen_width:screen.width,screen_height:screen.height,color_depth:J(screen.colorDepth),timezone_offset_minutes:new Date().getTimezoneOffset(),java_enabled:false,user_agent:navigator.userAgent,window_size:Q(window.innerWidth||screen.width)}},k=e=>e!=null?e:null,S=e=>(e==null?void 0:e.type)==="three_ds_method"&&e.three_ds.phase==="method",A=e=>(e==null?void 0:e.type)==="three_ds_challenge"&&e.three_ds.phase==="challenge",v=e=>({action:e.three_ds.submit.url,method:e.three_ds.submit.method,target:e.three_ds.submit.target,fields:e.three_ds.submit.fields}),w=e=>e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#39;"),z=e=>{let t=v(e),r=t.target==="hidden_iframe"?"arcpay-three-ds-method":"_self",o=t.fields.map(a=>`<input type="hidden" name="${w(a.name)}" value="${w(a.value)}">`).join("");return `<!doctype html><html><head><meta charset="utf-8"></head><body>${t.target==="hidden_iframe"?'<iframe name="arcpay-three-ds-method" title="3-D Secure method" hidden></iframe>':""}<form method="POST" action="${w(t.action)}" target="${r}">${o}</form><script>document.forms[0].submit();</script></body></html>`};var Ee="0.1.11";
+exports.ArcPay=X;exports.ArcPayError=n;exports.Elements=d;exports.SDK_VERSION=Ee;exports.buildThreeDSAutoSubmitHtml=z;exports.buildThreeDSBrowserForm=v;exports.collectBrowserInfo=P;exports.getThreeDSAction=k;exports.isApiError=L;exports.isAuthenticationError=R;exports.isAuthorizationError=C;exports.isChallengeAborted=N;exports.isNetworkError=O;exports.isRateLimitError=M;exports.isStateError=D;exports.isThreeDSChallengeAction=A;exports.isThreeDSMethodAction=S;exports.isValidationError=F;return exports;})({});//# sourceMappingURL=arcpay.global.js.map
 //# sourceMappingURL=arcpay.global.js.map

package/dist/cdn/arcpay.global.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/core/errors.ts","../../src/core/env.ts","../../src/core/sandbox-banner.ts","../../src/elements/postmessage.ts","../../src/elements/style.ts","../../src/elements/element.ts","../../src/elements/elements.ts","../../src/core/arcpay.ts","../../src/three-ds/actions.ts","../../src/index.ts"],"names":["ArcPayError","init","isValidationError","isAuthenticationError","isAuthorizationError","isStateError","isRateLimitError","isApiError","isNetworkError","isChallengeAborted","detectEnvironment","publishableKey","validatePublishableKey","key","BANNER_ATTR","showSandboxBanner","bar","text","dismiss","ARCPAY_TYPE_PREFIX","isArcpayMessage","data","postToIframe","iframe","message","targetOrigin","parseIncoming","event","expectedOrigin","FORBIDDEN_PROPERTIES","sanitizeBlock","block","out","value","normalizedKey","sanitizeStyle","style","result","Element","field","options","context","target","container","_a","hello","_event","callback","_b","listener","DEFAULT_IFRAME_BASE","createChannelId","Elements","opts","ctx","element","paymentId","idempotencyKey","cardNumber","cardExpiry","cardCvv","iframeOrigin","cardIframeWindow","resolve","reject","timer","onMessage","errType","el","cache","buildInstance","load","err","existing","promise","resetForTests","ArcPay","getThreeDSAction","nextAction","isThreeDSMethodAction","isThreeDSChallengeAction","buildThreeDSBrowserForm","htmlEscape","buildThreeDSAutoSubmitHtml","form","inputs","SDK_VERSION"],"mappings":"2CAqBO,IAAMA,EAAN,cAA0B,KAAM,CASrC,WAAA,CAAYC,CAAAA,CAAuB,CACjC,KAAA,CAAMA,CAAAA,CAAK,OAAO,CAAA,CAClB,IAAA,CAAK,KAAO,aAAA,CACZ,IAAA,CAAK,KAAOA,CAAAA,CAAK,IAAA,CACjB,KAAK,IAAA,CAAOA,CAAAA,CAAK,IAAA,CACjB,IAAA,CAAK,MAAQA,CAAAA,CAAK,KAAA,CAClB,KAAK,SAAA,CAAYA,CAAAA,CAAK,UACtB,IAAA,CAAK,WAAA,CAAcA,EAAK,WAAA,CACxB,IAAA,CAAK,UAAYA,CAAAA,CAAK,SAAA,CACtB,KAAK,SAAA,CAAYA,CAAAA,CAAK,UACxB,CACF,CAAA,CAEaC,CAAAA,CAAqB,CAAA,EAChC,aAAaF,CAAAA,EAAe,CAAA,CAAE,OAAS,kBAAA,CAC5BG,CAAAA,CAAyB,GACpC,CAAA,YAAaH,CAAAA,EAAe,EAAE,IAAA,GAAS,sBAAA,CAC5BI,EAAwB,CAAA,EACnC,CAAA,YAAaJ,GAAe,CAAA,CAAE,IAAA,GAAS,sBAC5BK,CAAAA,CAAgB,CAAA,EAC3B,aAAaL,CAAAA,EAAe,CAAA,CAAE,OAAS,aAAA,CAC5BM,CAAAA,CAAoB,GAC/B,CAAA,YAAaN,CAAAA,EAAe,EAAE,IAAA,GAAS,kBAAA,CAC5BO,EAAc,CAAA,EACzB,CAAA,YAAaP,GAAe,CAAA,CAAE,IAAA,GAAS,YAC5BQ,CAAAA,CAAkB,CAAA,EAC7B,aAAaR,CAAAA,EAAe,CAAA,CAAE,IAAA,GAAS,eAAA,CAC5BS,EAAsB,CAAA,EACjC,CAAA,YAAaT,GAAe,CAAA,CAAE,IAAA,GAAS,oBCtDlC,IAAMU,CAAAA,CAAqBC,GAChCA,CAAAA,CAAe,UAAA,CAAW,UAAU,CAAA,CAAI,SAAA,CAAY,OAEzCC,CAAAA,CAA0BC,CAAAA,EAAwC,CAC7E,GAAI,OAAOA,GAAQ,QAAA,EAAYA,CAAAA,CAAI,SAAW,CAAA,CAC5C,MAAM,IAAIb,CAAAA,CAAY,CACpB,KAAM,kBAAA,CACN,IAAA,CAAM,0BACN,OAAA,CAAS,4CAAA,CACT,UAAW,KACb,CAAC,EAEH,GAAI,CAACa,EAAI,UAAA,CAAW,UAAU,CAAA,EAAK,CAACA,EAAI,UAAA,CAAW,UAAU,EAC3D,MAAM,IAAIb,EAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,yBAAA,CACN,QACE,qGAAA,CACF,SAAA,CAAW,KACb,CAAC,CAEL,ECzBA,IAAMc,CAAAA,CAAc,6BAEPC,CAAAA,CAAoB,IAAY,CAE3C,GADI,OAAO,UAAa,WAAA,EACpB,QAAA,CAAS,cAAc,CAAA,CAAA,EAAID,CAAW,GAAG,CAAA,CAAG,OAEhD,IAAME,CAAAA,CAAM,QAAA,CAAS,cAAc,KAAK,CAAA,CACxCA,EAAI,YAAA,CAAaF,CAAAA,CAAa,EAAE,CAAA,CAChCE,EAAI,KAAA,CAAM,OAAA,CACR,wOAEF,IAAMC,CAAAA,CAAO,SAAS,aAAA,CAAc,MAAM,EAC1CA,CAAAA,CAAK,WAAA,CAAc,kDACnBD,CAAAA,CAAI,WAAA,CAAYC,CAAI,CAAA,CAEpB,IAAMC,EAAU,QAAA,CAAS,aAAA,CAAc,QAAQ,CAAA,CAC/CA,EAAQ,IAAA,CAAO,QAAA,CACfA,EAAQ,YAAA,CAAa,4BAAA,CAA8B,EAAE,CAAA,CACrDA,CAAAA,CAAQ,YAAc,MAAA,CACtBA,CAAAA,CAAQ,aAAa,YAAA,CAAc,0BAA0B,EAC7DA,CAAAA,CAAQ,KAAA,CAAM,QACZ,+FAAA,CACFA,CAAAA,CAAQ,gBAAA,CAAiB,OAAA,CAAS,IAAMF,CAAAA,CAAI,MAAA,EAAQ,CAAA,CACpDA,CAAAA,CAAI,YAAYE,CAAO,CAAA,CAEvB,SAAS,IAAA,CAAK,WAAA,CAAYF,CAAG,EAC/B,CAAA,CCcA,IAAMG,CAAAA,CAAqB,SAAA,CAErBC,EAAmBC,CAAAA,EACvB,OAAOA,GAAS,QAAA,EAChBA,CAAAA,GAAS,MACT,MAAA,GAAUA,CAAAA,EACV,OAAQA,CAAAA,CAA2B,IAAA,EAAS,UAC3CA,CAAAA,CAA0B,IAAA,CAAK,WAAWF,CAAkB,CAAA,CAElDG,EAAe,CAC1BC,CAAAA,CACAC,EACAC,CAAAA,GACS,CACT,GAAIA,CAAAA,GAAiB,GAAA,CACnB,MAAM,IAAIzB,EAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,2BAAA,CACN,QAAS,0CAAA,CACT,SAAA,CAAW,KACb,CAAC,CAAA,CAEH,GAAI,CAACuB,CAAAA,CAAO,cACV,MAAM,IAAIvB,EAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,mBAAA,CACN,QAAS,iEAAA,CACT,SAAA,CAAW,KACb,CAAC,CAAA,CAEHuB,EAAO,aAAA,CAAc,WAAA,CAAYC,EAASC,CAAY,EACxD,EASO,IAAMC,CAAAA,CAAgB,CAC3BC,CAAAA,CACAC,CAAAA,GAEID,EAAM,MAAA,GAAWC,CAAAA,EACjB,CAACR,CAAAA,CAAgBO,EAAM,IAAI,CAAA,CAAU,KAClCA,CAAAA,CAAM,IAAA,CC/Ef,IAAME,CAAAA,CAAuB,IAAI,IAAI,CACnC,UAAA,CACA,YACA,gBAAA,CACA,SAAA,CACA,MACA,MAAA,CACA,OAAA,CACA,SACA,OACF,CAAC,EAEKC,CAAAA,CAAiBC,CAAAA,EAA0D,CAC/E,IAAMC,CAAAA,CAA8B,EAAC,CACrC,IAAA,GAAW,CAACnB,CAAAA,CAAKoB,CAAK,IAAK,MAAA,CAAO,OAAA,CAAQF,CAAK,CAAA,CAAG,CAChD,IAAMG,CAAAA,CAAgBrB,CAAAA,CAAI,aAAY,CAClCgB,CAAAA,CAAqB,GAAA,CAAIK,CAAa,IAI1CF,CAAAA,CAAInB,CAAG,EAAIoB,CAAAA,EACb,CACA,OAAOD,CACT,CAAA,CAEaG,EAAiBC,CAAAA,EAAoC,CAChE,IAAMC,CAAAA,CAAsB,CAAE,KAAMP,CAAAA,CAAcM,CAAAA,CAAM,IAAI,CAAE,CAAA,CAC9D,OAAIA,CAAAA,CAAM,UAAY,MAAA,GAAWC,CAAAA,CAAO,QAAUP,CAAAA,CAAcM,CAAAA,CAAM,OAAO,CAAA,CAAA,CACzEA,CAAAA,CAAM,QAAU,MAAA,GAAWC,CAAAA,CAAO,MAAQP,CAAAA,CAAcM,CAAAA,CAAM,KAAK,CAAA,CAAA,CAChEC,CACT,ECPO,IAAMC,CAAAA,CAAN,KAAc,CAMnB,YACkBC,CAAAA,CACCC,CAAAA,CACAC,EACjB,CAHgB,IAAA,CAAA,KAAA,CAAAF,EACC,IAAA,CAAA,OAAA,CAAAC,CAAAA,CACA,aAAAC,CAAAA,CARnB,IAAA,CAAQ,OAAmC,IAAA,CAC3C,IAAA,CAAiB,UAAY,IAAI,GAAA,CACjC,KAAQ,MAAA,CAAwC,SAAA,CAChD,KAAQ,cAAA,CAAqD,KAM1D,CAEH,KAAA,CAAMC,CAAAA,CAAoC,CACxC,GAAI,IAAA,CAAK,OACP,MAAM,IAAI1C,EAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,iBAAA,CACN,QAAS,CAAA,QAAA,EAAW,IAAA,CAAK,KAAK,CAAA,mBAAA,CAAA,CAC9B,SAAA,CAAW,KACb,CAAC,EAEH,IAAM2C,CAAAA,CAAY,OAAOD,CAAAA,EAAW,QAAA,CAAW,SAAS,aAAA,CAAcA,CAAM,EAAIA,CAAAA,CAChF,GAAI,EAAEC,CAAAA,YAAqB,WAAA,CAAA,CACzB,MAAM,IAAI3C,CAAAA,CAAY,CACpB,IAAA,CAAM,kBAAA,CACN,KAAM,wBAAA,CACN,OAAA,CAAS,2BAA2B,MAAA,CAAO0C,CAAM,CAAC,CAAA,CAAA,CAClD,SAAA,CAAW,KACb,CAAC,CAAA,CAGH,IAAMnB,CAAAA,CAAS,QAAA,CAAS,cAAc,QAAQ,CAAA,CAC9CA,EAAO,GAAA,CAAM,CAAA,EAAG,KAAK,OAAA,CAAQ,UAAU,CAAA,QAAA,EAAW,IAAA,CAAK,KAAK,CAAA,CAAA,CAC5DA,CAAAA,CAAO,MAAM,OAAA,CAAU,gDAAA,CACvBA,EAAO,YAAA,CAAa,OAAA,CAAS,SAAS,CAAA,CACtCA,CAAAA,CAAO,aAAa,qBAAA,CAAuB,IAAA,CAAK,KAAK,CAAA,CACrDoB,CAAAA,CAAU,YAAYpB,CAAM,CAAA,CAC5B,KAAK,MAAA,CAASA,CAAAA,CAEd,IAAMK,CAAAA,CAAiB,IAAI,IAAI,IAAA,CAAK,OAAA,CAAQ,UAAU,CAAA,CAAE,MAAA,CAExD,KAAK,cAAA,CAAkBD,CAAAA,EAAwB,CAvEnD,IAAAiB,CAAAA,CA2EM,GAAIjB,CAAAA,CAAM,MAAA,IAAA,CAAWiB,EAAA,IAAA,CAAK,MAAA,GAAL,IAAA,CAAA,MAAA,CAAAA,CAAAA,CAAa,eAAe,OAEjD,IAAMvB,EAAOK,CAAAA,CAA8BC,CAAAA,CAAOC,CAAc,CAAA,CAC3DP,CAAAA,EACL,KAAK,aAAA,CAAcA,CAAI,EACzB,CAAA,CACA,MAAA,CAAO,iBAAiB,SAAA,CAAW,IAAA,CAAK,cAAc,CAAA,CAEtDE,CAAAA,CAAO,gBAAA,CACL,MAAA,CACA,IAAM,CACJ,GAAI,CAAC,IAAA,CAAK,MAAA,CAAQ,OAClB,IAAMsB,CAAAA,CAAwB,CAC5B,IAAA,CAAM,cAAA,CACN,OAAQ,MAAA,CAAO,QAAA,CAAS,OACxB,cAAA,CAAgB,IAAA,CAAK,QAAQ,cAAA,CAC7B,SAAA,CAAW,IAAA,CAAK,OAAA,CAAQ,SAC1B,CAAA,CACAvB,CAAAA,CAAa,KAAK,MAAA,CAAQuB,CAAAA,CAAOjB,CAAc,EACjD,CAAA,CACA,CAAE,IAAA,CAAM,IAAK,CACf,EACF,CAEQ,cAAcP,CAAAA,CAA4B,CAC5CA,EAAK,IAAA,GAAS,cAAA,EAChB,KAAK,MAAA,CAAS,OAAA,CAEV,KAAK,OAAA,CAAQ,KAAA,EACf,KAAK,IAAA,CAAK,CAAE,KAAM,cAAA,CAAgB,OAAA,CAASc,EAAc,IAAA,CAAK,OAAA,CAAQ,KAAK,CAAE,CAAC,EAEhF,IAAA,CAAK,IAAA,CAAK,CAAE,IAAA,CAAM,OAAQ,CAAC,CAAA,EAClBd,EAAK,IAAA,GAAS,iBAAA,EACvB,KAAK,MAAA,CAAS,OAAA,CACd,KAAK,IAAA,CAAK,CAAE,KAAM,OAAA,CAAS,MAAA,CAAQA,EAAK,MAAO,CAAC,GACvCA,CAAAA,CAAK,IAAA,GAAS,iBAAmBA,CAAAA,CAAK,KAAA,GAAU,KAAK,KAAA,EAC9D,IAAA,CAAK,KAAK,CACR,IAAA,CAAM,SACN,OAAA,CAASA,CAAAA,CAAK,QACd,KAAA,CAAOA,CAAAA,CAAK,MACZ,QAAA,CAAUA,CAAAA,CAAK,QACjB,CAAC,EAGL,CAEA,MAAA,CAAOmB,CAAAA,CAAwC,CACzCA,CAAAA,CAAQ,KAAA,EACV,IAAA,CAAK,IAAA,CAAK,CAAE,IAAA,CAAM,cAAA,CAAgB,QAASL,CAAAA,CAAcK,CAAAA,CAAQ,KAAK,CAAE,CAAC,EAE7E,CAEA,OAAA,EAAgB,CACV,IAAA,CAAK,MAAA,GACP,KAAK,MAAA,CAAO,MAAA,GACZ,IAAA,CAAK,MAAA,CAAS,MAEZ,IAAA,CAAK,cAAA,GACP,OAAO,mBAAA,CAAoB,SAAA,CAAW,KAAK,cAAc,CAAA,CACzD,KAAK,cAAA,CAAiB,IAAA,CAAA,CAExB,KAAK,SAAA,CAAU,KAAA,GACf,IAAA,CAAK,MAAA,CAAS,UAChB,CAEA,EAAA,CAAGM,EAAsCC,CAAAA,CAAgC,CACvE,OAAA,IAAA,CAAK,SAAA,CAAU,IAAIA,CAAQ,CAAA,CACpB,IAAM,IAAA,CAAK,SAAA,CAAU,OAAOA,CAAQ,CAC7C,CAEA,KAAA,EAAc,CACZ,KAAK,IAAA,CAAK,CAAE,KAAM,cAAe,CAAC,EACpC,CAEA,KAAA,EAAc,CACZ,IAAA,CAAK,KAAK,CAAE,IAAA,CAAM,cAAe,CAAC,EACpC,CAEA,OAAA,EAAmB,CACjB,OAAO,IAAA,CAAK,MAAA,GAAW,OACzB,CAOA,sBAAA,EAAwC,CAlK1C,IAAAH,CAAAA,CAAAI,EAmKI,OAAA,CAAOA,CAAAA,CAAAA,CAAAJ,CAAAA,CAAA,IAAA,CAAK,SAAL,IAAA,CAAA,MAAA,CAAAA,CAAAA,CAAa,gBAAb,IAAA,CAAAI,CAAAA,CAA8B,IACvC,CAGA,IAAA,CAAKxB,EAA+B,CAClC,GAAI,CAAC,IAAA,CAAK,MAAA,CACR,MAAM,IAAIxB,CAAAA,CAAY,CACpB,IAAA,CAAM,kBAAA,CACN,KAAM,aAAA,CACN,OAAA,CAAS,WAAW,IAAA,CAAK,KAAK,kBAC9B,SAAA,CAAW,KACb,CAAC,CAAA,CAEHsB,CAAAA,CAAa,KAAK,MAAA,CAAQE,CAAAA,CAAS,IAAI,GAAA,CAAI,IAAA,CAAK,QAAQ,UAAU,CAAA,CAAE,MAAM,EAC5E,CAEQ,IAAA,CAAKG,CAAAA,CAA2B,CACtC,IAAA,IAAWsB,CAAAA,IAAY,KAAK,SAAA,CAC1BA,CAAAA,CAAStB,CAAK,EAElB,CACF,EC9KA,IAAMuB,CAAAA,CAAsB,2BAEtBC,CAAAA,CAAkB,IAAc,CAZtC,IAAAP,CAAAA,CAaE,GAAI,EAAA,CAACA,CAAAA,CAAA,WAAW,MAAA,GAAX,IAAA,EAAAA,EAAmB,UAAA,CAAA,CACtB,MAAM,IAAI5C,CAAAA,CAAY,CACpB,KAAM,kBAAA,CACN,IAAA,CAAM,qBACN,OAAA,CAAS,iDAAA,CACT,UAAW,KACb,CAAC,EAEH,OAAO,UAAA,CAAW,OAAO,UAAA,EAC3B,CAAA,CAEaoD,CAAAA,CAAN,KAAe,CAOpB,WAAA,CAAYC,EAAuD,CANnE,IAAA,CAAiB,WAAa,IAAI,GAAA,CAIlC,KAAQ,gBAAA,CAAmB,KAAA,CA7B7B,IAAAT,CAAAA,CAgCI,IAAA,CAAK,eAAiBS,CAAAA,CAAK,cAAA,CAC3B,KAAK,UAAA,CAAA,CAAaT,CAAAA,CAAAS,EAAK,UAAA,GAAL,IAAA,CAAAT,EAAmBM,CAAAA,CACrC,IAAA,CAAK,UAAYC,CAAAA,GACnB,CAEA,MAAA,CAAOZ,CAAAA,CAAkBC,EAA0B,EAAC,CAAY,CAC9D,GAAI,IAAA,CAAK,WAAW,GAAA,CAAID,CAAK,EAC3B,MAAM,IAAIvC,CAAAA,CAAY,CACpB,KAAM,kBAAA,CACN,IAAA,CAAM,oBACN,OAAA,CAAS,CAAA,YAAA,EAAeuC,CAAK,CAAA,gBAAA,CAAA,CAC7B,SAAA,CAAW,KACb,CAAC,CAAA,CAEH,IAAMe,CAAAA,CAAsB,CAC1B,WAAY,IAAA,CAAK,UAAA,CACjB,eAAgB,IAAA,CAAK,cAAA,CACrB,SAAA,CAAW,IAAA,CAAK,SAClB,CAAA,CACMC,CAAAA,CAAU,IAAIjB,CAAAA,CAAQC,CAAAA,CAAOC,EAASc,CAAG,CAAA,CAC/C,YAAK,UAAA,CAAW,GAAA,CAAIf,EAAOgB,CAAO,CAAA,CAC3BA,CACT,CAEA,MAAM,SAASC,CAAAA,CAAmBC,CAAAA,CAAiD,CAEjF,GAAI,KAAK,gBAAA,CACP,MAAM,IAAIzD,CAAAA,CAAY,CACpB,KAAM,kBAAA,CACN,IAAA,CAAM,uBACN,OAAA,CAAS,qEAAA,CACT,UAAW,KACb,CAAC,EAGH,IAAM0D,CAAAA,CAAa,KAAK,UAAA,CAAW,GAAA,CAAI,YAAY,CAAA,CAC7CC,CAAAA,CAAa,KAAK,UAAA,CAAW,GAAA,CAAI,YAAY,CAAA,CAC7CC,CAAAA,CAAU,KAAK,UAAA,CAAW,GAAA,CAAI,SAAS,CAAA,CAE7C,GAAI,CAACF,CAAAA,EAAc,CAACC,GAAc,CAACC,CAAAA,CACjC,MAAM,IAAI5D,CAAAA,CAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,qBAAA,CACN,QACE,oGAAA,CACF,SAAA,CAAW,KACb,CAAC,CAAA,CAEH,GAAI,CAAC0D,CAAAA,CAAW,SAAQ,EAAK,CAACC,EAAW,OAAA,EAAQ,EAAK,CAACC,CAAAA,CAAQ,OAAA,GAC7D,MAAM,IAAI5D,EAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,oBAAA,CACN,QAAS,+DAAA,CACT,SAAA,CAAW,KACb,CAAC,CAAA,CAGH,KAAK,gBAAA,CAAmB,IAAA,CACxB,GAAI,CACF,OAAO,MAAM,IAAA,CAAK,UAAA,CAAW0D,CAAAA,CAAYF,CAAAA,CAAWC,CAAc,CACpE,CAAA,OAAE,CACA,IAAA,CAAK,gBAAA,CAAmB,MAC1B,CACF,CAEQ,WACNC,CAAAA,CACAF,CAAAA,CACAC,EACyB,CACzB,IAAMI,EAAe,IAAI,GAAA,CAAI,KAAK,UAAU,CAAA,CAAE,OAGxCC,CAAAA,CAAmBJ,CAAAA,CAAW,wBAAuB,CAE3D,OAAO,IAAI,OAAA,CAAwB,CAACK,EAASC,CAAAA,GAAW,CAEtD,IAAMC,CAAAA,CAAQ,MAAA,CAAO,WAAW,IAAM,CACpC,OAAO,mBAAA,CAAoB,SAAA,CAAWC,CAAS,CAAA,CAC/CF,CAAAA,CACE,IAAIhE,CAAAA,CAAY,CACd,IAAA,CAAM,eAAA,CACN,KAAM,kBAAA,CACN,OAAA,CAAS,wCACT,SAAA,CAAW,IAAA,CACX,UAAAwD,CACF,CAAC,CACH,EACF,CAAA,CAAG,GAAM,CAAA,CAEHU,CAAAA,CAAavC,GAAwB,CAEzC,GAAImC,CAAAA,GAAqB,IAAA,EAAQnC,EAAM,MAAA,GAAWmC,CAAAA,CAAkB,OAEpE,IAAMzC,CAAAA,CAAOK,EAA8BC,CAAAA,CAAOkC,CAAY,EAC9D,GAAKxC,CAAAA,CAAAA,CAEL,GAAIA,CAAAA,CAAK,IAAA,GAAS,yBAChB,YAAA,CAAa4C,CAAK,EAClB,MAAA,CAAO,mBAAA,CAAoB,SAAA,CAAWC,CAAS,EAC/CH,CAAAA,CAAQ,CACN,YAAa1C,CAAAA,CAAK,WAAA,CAClB,SAAUA,CAAAA,CAAK,QAAA,CACf,WAAYA,CAAAA,CAAK,UAAA,CACjB,QAASA,CAAAA,CAAK,OAAA,CACd,UAAWA,CAAAA,CAAK,SAAA,CAChB,UAAWA,CAAAA,CAAK,SAClB,CAAC,CAAA,CAAA,KAAA,GACQA,CAAAA,CAAK,OAAS,uBAAA,CAAyB,CAChD,aAAa4C,CAAK,CAAA,CAClB,OAAO,mBAAA,CAAoB,SAAA,CAAWC,CAAS,CAAA,CAC/C,IAAMC,EACJ9C,CAAAA,CAAK,SAAA,GAAc,oBAAsBA,CAAAA,CAAK,SAAA,GAAc,YACxDA,CAAAA,CAAK,SAAA,CACL,WAAA,CACN2C,CAAAA,CACE,IAAIhE,CAAAA,CAAY,CACd,KAAMmE,CAAAA,CACN,IAAA,CAAM9C,EAAK,IAAA,CACX,OAAA,CAASA,EAAK,OAAA,CACd,SAAA,CAAW,MACX,SAAA,CAAAmC,CACF,CAAC,CACH,EACF,EACF,CAAA,CAEA,MAAA,CAAO,iBAAiB,SAAA,CAAWU,CAAS,EAC5CR,CAAAA,CAAW,IAAA,CAAK,CAAE,IAAA,CAAM,iBAAA,CAAmB,UAAAF,CAAAA,CAAW,cAAA,CAAAC,CAAe,CAAC,EACxE,CAAC,CACH,CAEA,SAAgB,CACd,IAAA,IAAWW,KAAM,IAAA,CAAK,UAAA,CAAW,MAAA,EAAO,CACtCA,EAAG,OAAA,EAAQ,CAEb,KAAK,UAAA,CAAW,KAAA,GAClB,CACF,EClKA,IAAMxD,CAAAA,CAAkEA,CAAAA,CAYlEyD,EAAQ,IAAI,GAAA,CAEZC,EAAiB3D,CAAAA,GACjBD,CAAAA,CAAkBC,CAAc,CAAA,GAAM,SAAA,EACxCI,GAAkB,CAEb,CACL,eAAAJ,CAAAA,CACA,WAAA,CAAaD,EAAkBC,CAAc,CAAA,CAC7C,SAAU,IAAM,IAAIyC,EAAS,CAAE,cAAA,CAAAzC,CAAe,CAAC,CACjD,GAGF,SAAS4D,CAAAA,CAAK5D,EAAiD,CAC7D,GAAI,CACFC,CAAAA,CAAuBD,CAAc,EACvC,CAAA,MAAS6D,EAAK,CACZ,OAAO,QAAQ,MAAA,CAAOA,CAAG,CAC3B,CACA,IAAM3D,EAAMF,CAAAA,CACN8D,CAAAA,CAAWJ,EAAM,GAAA,CAAIxD,CAAG,EAC9B,GAAI4D,CAAAA,CAAU,OAAOA,CAAAA,CACrB,IAAMC,CAAAA,CAAU,OAAA,CAAQ,QAAQJ,CAAAA,CAAc3D,CAAc,CAAC,CAAA,CAC7D,OAAA0D,EAAM,GAAA,CAAIxD,CAAAA,CAAK6D,CAAO,CAAA,CACfA,CACT,CAEA,IAAMC,CAAAA,CAAgB,IAAY,CAChCN,CAAAA,CAAM,KAAA,GACR,EAEaO,CAAAA,CAAS,CACpB,KAAAL,CAAAA,CACA,eAAA,CAAiBI,CACnB,ECtCO,IAAME,EAAoBC,CAAAA,EACxBA,CAAAA,EAAA,KAAAA,CAAAA,CAAc,IAAA,CAGVC,EAAyBD,CAAAA,EAAAA,CAC7BA,CAAAA,EAAA,YAAAA,CAAAA,CAAY,IAAA,IAAS,mBAAqBA,CAAAA,CAAW,QAAA,CAAS,QAAU,QAAA,CAGpEE,CAAAA,CAA4BF,IAChCA,CAAAA,EAAA,IAAA,CAAA,MAAA,CAAAA,EAAY,IAAA,IAAS,oBAAA,EAAwBA,EAAW,QAAA,CAAS,KAAA,GAAU,YAGvEG,CAAAA,CAA2BH,CAAAA,GAAoD,CAC1F,MAAA,CAAQA,CAAAA,CAAW,SAAS,MAAA,CAAO,GAAA,CACnC,MAAA,CAAQA,CAAAA,CAAW,SAAS,MAAA,CAAO,MAAA,CACnC,OAAQA,CAAAA,CAAW,QAAA,CAAS,OAAO,MAAA,CACnC,MAAA,CAAQA,EAAW,QAAA,CAAS,MAAA,CAAO,MACrC,CAAA,CAAA,CAEMI,CAAAA,CAAcjD,GAClBA,CAAAA,CACG,OAAA,CAAQ,KAAM,OAAO,CAAA,CACrB,QAAQ,IAAA,CAAM,MAAM,EACpB,OAAA,CAAQ,IAAA,CAAM,MAAM,CAAA,CACpB,OAAA,CAAQ,KAAM,QAAQ,CAAA,CACtB,QAAQ,IAAA,CAAM,OAAO,EAEbkD,CAAAA,CAA8BL,CAAAA,EAA0C,CACnF,IAAMM,CAAAA,CAAOH,EAAwBH,CAAU,CAAA,CACzCpC,CAAAA,CAAS0C,CAAAA,CAAK,SAAW,eAAA,CAAkB,wBAAA,CAA2B,QACtEC,CAAAA,CAASD,CAAAA,CAAK,OACjB,GAAA,CACE7C,CAAAA,EACC,8BAA8B2C,CAAAA,CAAW3C,CAAAA,CAAM,IAAI,CAAC,CAAA,SAAA,EAAY2C,EAAW3C,CAAAA,CAAM,KAAK,CAAC,CAAA,EAAA,CAC3F,CAAA,CACC,KAAK,EAAE,CAAA,CAKV,OAAO,CAAA,8DAAA,EAHL6C,CAAAA,CAAK,SAAW,eAAA,CACZ,kFAAA,CACA,EACwE,CAAA,4BAAA,EAA+BF,CAAAA,CAAWE,EAAK,MAAM,CAAC,aAAa1C,CAAM,CAAA,EAAA,EAAK2C,CAAM,CAAA,iEAAA,CACpK,MChCaC,EAAAA,CAAc","file":"arcpay.global.js","sourcesContent":["export type ArcPayErrorType =\n  | \"validation_error\"\n  | \"authentication_error\"\n  | \"authorization_error\"\n  | \"state_error\"\n  | \"rate_limit_error\"\n  | \"api_error\"\n  | \"network_error\"\n  | \"challenge_aborted\";\n\nexport interface ArcPayErrorInit {\n  type: ArcPayErrorType;\n  message: string;\n  code?: string;\n  param?: string;\n  paymentId?: string;\n  declineCode?: string;\n  retryable: boolean;\n  requestId?: string;\n}\n\nexport class ArcPayError extends Error {\n  readonly type: ArcPayErrorType;\n  readonly code?: string;\n  readonly param?: string;\n  readonly paymentId?: string;\n  readonly declineCode?: string;\n  readonly retryable: boolean;\n  readonly requestId?: string;\n\n  constructor(init: ArcPayErrorInit) {\n    super(init.message);\n    this.name = \"ArcPayError\";\n    this.type = init.type;\n    this.code = init.code;\n    this.param = init.param;\n    this.paymentId = init.paymentId;\n    this.declineCode = init.declineCode;\n    this.retryable = init.retryable;\n    this.requestId = init.requestId;\n  }\n}\n\nexport const isValidationError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"validation_error\";\nexport const isAuthenticationError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"authentication_error\";\nexport const isAuthorizationError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"authorization_error\";\nexport const isStateError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"state_error\";\nexport const isRateLimitError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"rate_limit_error\";\nexport const isApiError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"api_error\";\nexport const isNetworkError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"network_error\";\nexport const isChallengeAborted = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"challenge_aborted\";\n","import { ArcPayError } from \"./errors\";\n\nexport type Environment = \"sandbox\" | \"live\";\n\nexport const detectEnvironment = (publishableKey: string): Environment =>\n  publishableKey.startsWith(\"pk_test_\") ? \"sandbox\" : \"live\";\n\nexport const validatePublishableKey = (key: unknown): asserts key is string => {\n  if (typeof key !== \"string\" || key.length === 0) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"invalid_publishable_key\",\n      message: \"Publishable key must be a non-empty string\",\n      retryable: false,\n    });\n  }\n  if (!key.startsWith(\"pk_test_\") && !key.startsWith(\"pk_live_\")) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"invalid_publishable_key\",\n      message:\n        \"Publishable key must start with pk_test_ or pk_live_. Secret keys (sk_*) cannot be used in browser.\",\n      retryable: false,\n    });\n  }\n};\n","const BANNER_ATTR = \"data-arcpay-sandbox-banner\";\n\nexport const showSandboxBanner = (): void => {\n  if (typeof document === \"undefined\") return;\n  if (document.querySelector(`[${BANNER_ATTR}]`)) return;\n\n  const bar = document.createElement(\"div\");\n  bar.setAttribute(BANNER_ATTR, \"\");\n  bar.style.cssText =\n    \"position:fixed;top:0;left:0;right:0;z-index:2147483647;background:#ffd166;color:#222;font:13px/1.4 system-ui,sans-serif;padding:6px 12px;display:flex;align-items:center;justify-content:center;box-shadow:0 1px 3px rgba(0,0,0,0.1);\";\n\n  const text = document.createElement(\"span\");\n  text.textContent = \"ARC PAY TEST MODE — payments are simulated\";\n  bar.appendChild(text);\n\n  const dismiss = document.createElement(\"button\");\n  dismiss.type = \"button\";\n  dismiss.setAttribute(\"data-arcpay-banner-dismiss\", \"\");\n  dismiss.textContent = \"×\";\n  dismiss.setAttribute(\"aria-label\", \"Dismiss test mode banner\");\n  dismiss.style.cssText =\n    \"margin-left:12px;background:transparent;border:0;font-size:18px;cursor:pointer;color:inherit;\";\n  dismiss.addEventListener(\"click\", () => bar.remove());\n  bar.appendChild(dismiss);\n\n  document.body.appendChild(bar);\n};\n","import { ArcPayError } from \"../core/errors\";\n\nexport type FieldType = \"cardNumber\" | \"cardExpiry\" | \"cardCvv\";\n\n// Parent → iframe\nexport type ParentToIframe =\n  | { type: \"arcpay:hello\"; origin: string; publishableKey: string; channelId: string }\n  | { type: \"arcpay:style\"; payload: StyleSubset }\n  | { type: \"arcpay:focus\" }\n  | { type: \"arcpay:clear\" }\n  | { type: \"arcpay:tokenize\"; paymentId: string; idempotencyKey: string };\n\n// iframe → parent\nexport type IframeToParent =\n  | { type: \"arcpay:ready\" }\n  | { type: \"arcpay:rejected\"; reason: string }\n  | {\n      type: \"arcpay:change\";\n      field: FieldType;\n      isValid: boolean;\n      brand?: string;\n      lastFour?: string;\n    }\n  | {\n      type: \"arcpay:tokenize-result\";\n      cardTokenId: string;\n      cardMask: string;\n      cardScheme: string;\n      cardBin: string;\n      expiresIn: number;\n      expiresAt: string;\n    }\n  | { type: \"arcpay:tokenize-error\"; errorType: string; code?: string; message: string };\n\nexport interface StyleSubset {\n  base: Record<string, string>;\n  invalid?: Record<string, string>;\n  focus?: Record<string, string>;\n}\n\nconst ARCPAY_TYPE_PREFIX = \"arcpay:\";\n\nconst isArcpayMessage = (data: unknown): data is { type: string } =>\n  typeof data === \"object\" &&\n  data !== null &&\n  \"type\" in data &&\n  typeof (data as { type: unknown }).type === \"string\" &&\n  (data as { type: string }).type.startsWith(ARCPAY_TYPE_PREFIX);\n\nexport const postToIframe = (\n  iframe: HTMLIFrameElement,\n  message: ParentToIframe,\n  targetOrigin: string,\n): void => {\n  if (targetOrigin === \"*\") {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"wildcard_origin_forbidden\",\n      message: \"postToIframe: targetOrigin cannot be '*'\",\n      retryable: false,\n    });\n  }\n  if (!iframe.contentWindow) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"iframe_not_loaded\",\n      message: \"postToIframe: iframe.contentWindow is null (iframe not mounted)\",\n      retryable: false,\n    });\n  }\n  iframe.contentWindow.postMessage(message, targetOrigin);\n};\n\nexport const postToParent = (message: IframeToParent, targetOrigin: string): void => {\n  if (targetOrigin === \"*\") {\n    throw new Error(\"postToParent: targetOrigin cannot be '*'\");\n  }\n  window.parent.postMessage(message, targetOrigin);\n};\n\nexport const parseIncoming = <T extends { type: string }>(\n  event: MessageEvent,\n  expectedOrigin: string,\n): T | null => {\n  if (event.origin !== expectedOrigin) return null;\n  if (!isArcpayMessage(event.data)) return null;\n  return event.data as T;\n};\n","import type { StyleSubset } from \"./postmessage\";\n\n// Spec calls out position:fixed, transform, pointer-events:none as forbidden.\n// We extend to cover the full clickjacking attack surface: any positioning\n// (fixed/absolute/sticky), transform, all pointer-events values, z-index, and\n// inset properties (top/left/right/bottom/inset). The legitimate use cases\n// for these in a 1-line input field are zero, so blanket drop.\nconst FORBIDDEN_PROPERTIES = new Set([\n  \"position\",\n  \"transform\",\n  \"pointer-events\",\n  \"z-index\",\n  \"top\",\n  \"left\",\n  \"right\",\n  \"bottom\",\n  \"inset\",\n]);\n\nconst sanitizeBlock = (block: Record<string, string>): Record<string, string> => {\n  const out: Record<string, string> = {};\n  for (const [key, value] of Object.entries(block)) {\n    const normalizedKey = key.toLowerCase();\n    if (FORBIDDEN_PROPERTIES.has(normalizedKey)) {\n      // Defense against position/transform-based clickjacking. Silently drop.\n      continue;\n    }\n    out[key] = value;\n  }\n  return out;\n};\n\nexport const sanitizeStyle = (style: StyleSubset): StyleSubset => {\n  const result: StyleSubset = { base: sanitizeBlock(style.base) };\n  if (style.invalid !== undefined) result.invalid = sanitizeBlock(style.invalid);\n  if (style.focus !== undefined) result.focus = sanitizeBlock(style.focus);\n  return result;\n};\n","import { ArcPayError } from \"../core/errors\";\nimport {\n  type FieldType,\n  type ParentToIframe,\n  type IframeToParent,\n  type StyleSubset,\n  postToIframe,\n  parseIncoming,\n} from \"./postmessage\";\nimport { sanitizeStyle } from \"./style\";\n\nexport interface ElementOptions {\n  /** StyleSubset applied via arcpay:style postMessage. */\n  style?: StyleSubset;\n  placeholder?: string;\n}\n\nexport type ElementEvent =\n  | { type: \"ready\" }\n  | { type: \"change\"; isValid: boolean; brand?: string; lastFour?: string }\n  | { type: \"error\"; reason: string };\n\ntype Listener = (event: ElementEvent) => void;\n\nexport interface ElementContext {\n  iframeBase: string;\n  publishableKey: string;\n  channelId: string;\n}\n\nexport class Element {\n  private iframe: HTMLIFrameElement | null = null;\n  private readonly listeners = new Set<Listener>();\n  private status: \"pending\" | \"ready\" | \"error\" = \"pending\";\n  private messageHandler: ((e: MessageEvent) => void) | null = null;\n\n  constructor(\n    public readonly field: FieldType,\n    private readonly options: ElementOptions,\n    private readonly context: ElementContext,\n  ) {}\n\n  mount(target: string | HTMLElement): void {\n    if (this.iframe) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"already_mounted\",\n        message: `Element ${this.field} is already mounted`,\n        retryable: false,\n      });\n    }\n    const container = typeof target === \"string\" ? document.querySelector(target) : target;\n    if (!(container instanceof HTMLElement)) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"mount_target_not_found\",\n        message: `mount target not found: ${String(target)}`,\n        retryable: false,\n      });\n    }\n\n    const iframe = document.createElement(\"iframe\");\n    iframe.src = `${this.context.iframeBase}/iframe/${this.field}`;\n    iframe.style.cssText = \"border:0;width:100%;height:100%;display:block;\";\n    iframe.setAttribute(\"allow\", \"payment\");\n    iframe.setAttribute(\"data-arcpay-element\", this.field);\n    container.appendChild(iframe);\n    this.iframe = iframe;\n\n    const expectedOrigin = new URL(this.context.iframeBase).origin;\n\n    this.messageHandler = (event: MessageEvent) => {\n      // C1: source guard — only accept messages from this element's own iframe.\n      // Without this, any iframe at the same origin (e.g. cardExpiry, cardCvv)\n      // could trigger handlers on cardNumber and vice-versa.\n      if (event.source !== this.iframe?.contentWindow) return;\n      // C4: use parseIncoming for origin + arcpay: prefix guard.\n      const data = parseIncoming<IframeToParent>(event, expectedOrigin);\n      if (!data) return;\n      this.handleMessage(data);\n    };\n    window.addEventListener(\"message\", this.messageHandler);\n\n    iframe.addEventListener(\n      \"load\",\n      () => {\n        if (!this.iframe) return;\n        const hello: ParentToIframe = {\n          type: \"arcpay:hello\",\n          origin: window.location.origin,\n          publishableKey: this.context.publishableKey,\n          channelId: this.context.channelId,\n        };\n        postToIframe(this.iframe, hello, expectedOrigin);\n      },\n      { once: true },\n    );\n  }\n\n  private handleMessage(data: IframeToParent): void {\n    if (data.type === \"arcpay:ready\") {\n      this.status = \"ready\";\n      // Apply initial style if provided at construction time.\n      if (this.options.style) {\n        this.send({ type: \"arcpay:style\", payload: sanitizeStyle(this.options.style) });\n      }\n      this.emit({ type: \"ready\" });\n    } else if (data.type === \"arcpay:rejected\") {\n      this.status = \"error\";\n      this.emit({ type: \"error\", reason: data.reason });\n    } else if (data.type === \"arcpay:change\" && data.field === this.field) {\n      this.emit({\n        type: \"change\",\n        isValid: data.isValid,\n        brand: data.brand,\n        lastFour: data.lastFour,\n      });\n    }\n    // arcpay:tokenize-result / arcpay:tokenize-error handled by Elements factory (Task 9).\n  }\n\n  update(options: { style?: StyleSubset }): void {\n    if (options.style) {\n      this.send({ type: \"arcpay:style\", payload: sanitizeStyle(options.style) });\n    }\n  }\n\n  destroy(): void {\n    if (this.iframe) {\n      this.iframe.remove();\n      this.iframe = null;\n    }\n    if (this.messageHandler) {\n      window.removeEventListener(\"message\", this.messageHandler);\n      this.messageHandler = null;\n    }\n    this.listeners.clear();\n    this.status = \"pending\";\n  }\n\n  on(_event: \"ready\" | \"change\" | \"error\", callback: Listener): () => void {\n    this.listeners.add(callback);\n    return () => this.listeners.delete(callback);\n  }\n\n  focus(): void {\n    this.send({ type: \"arcpay:focus\" });\n  }\n\n  clear(): void {\n    this.send({ type: \"arcpay:clear\" });\n  }\n\n  isReady(): boolean {\n    return this.status === \"ready\";\n  }\n\n  /**\n   * Internal: returns the iframe's contentWindow for source-filtering in\n   * Elements.doTokenize(). Returns null when the iframe is not yet mounted\n   * or when jsdom has not yet populated contentWindow (test environment).\n   */\n  getIframeContentWindow(): Window | null {\n    return this.iframe?.contentWindow ?? null;\n  }\n\n  /** Internal: used by Elements factory to send tokenize commands. */\n  send(message: ParentToIframe): void {\n    if (!this.iframe) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"not_mounted\",\n        message: `Element ${this.field} is not mounted`,\n        retryable: false,\n      });\n    }\n    postToIframe(this.iframe, message, new URL(this.context.iframeBase).origin);\n  }\n\n  private emit(event: ElementEvent): void {\n    for (const listener of this.listeners) {\n      listener(event);\n    }\n  }\n}\n","import { ArcPayError } from \"../core/errors\";\nimport { Element, type ElementContext, type ElementOptions } from \"./element\";\nimport type { FieldType, IframeToParent } from \"./postmessage\";\nimport { parseIncoming } from \"./postmessage\";\nimport type { TokenizeResult } from \"../tokenize/tokenize\";\n\nexport type { TokenizeResult };\n\nexport type ElementsOptions = Record<string, never>;\n\nconst DEFAULT_IFRAME_BASE = \"https://sdk.arcpay.space\";\n\nconst createChannelId = (): string => {\n  if (!globalThis.crypto?.randomUUID) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"crypto_unavailable\",\n      message: \"crypto.randomUUID is required for Hosted Fields\",\n      retryable: false,\n    });\n  }\n  return globalThis.crypto.randomUUID();\n};\n\nexport class Elements {\n  private readonly elementMap = new Map<FieldType, Element>();\n  private readonly iframeBase: string;\n  private readonly publishableKey: string;\n  private readonly channelId: string;\n  private tokenizeInFlight = false;\n\n  constructor(opts: { publishableKey: string; iframeBase?: string }) {\n    this.publishableKey = opts.publishableKey;\n    this.iframeBase = opts.iframeBase ?? DEFAULT_IFRAME_BASE;\n    this.channelId = createChannelId();\n  }\n\n  create(field: FieldType, options: ElementOptions = {}): Element {\n    if (this.elementMap.has(field)) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"duplicate_element\",\n        message: `Element for ${field} already created`,\n        retryable: false,\n      });\n    }\n    const ctx: ElementContext = {\n      iframeBase: this.iframeBase,\n      publishableKey: this.publishableKey,\n      channelId: this.channelId,\n    };\n    const element = new Element(field, options, ctx);\n    this.elementMap.set(field, element);\n    return element;\n  }\n\n  async tokenize(paymentId: string, idempotencyKey: string): Promise<TokenizeResult> {\n    // C2: concurrent-call guard — only one tokenize() may be in-flight at a time.\n    if (this.tokenizeInFlight) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"tokenize_in_progress\",\n        message: \"A tokenize() call is already in progress for this Elements instance\",\n        retryable: false,\n      });\n    }\n\n    const cardNumber = this.elementMap.get(\"cardNumber\");\n    const cardExpiry = this.elementMap.get(\"cardExpiry\");\n    const cardCvv = this.elementMap.get(\"cardCvv\");\n\n    if (!cardNumber || !cardExpiry || !cardCvv) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"incomplete_elements\",\n        message:\n          \"All three elements (cardNumber, cardExpiry, cardCvv) must be created and mounted before tokenize()\",\n        retryable: false,\n      });\n    }\n    if (!cardNumber.isReady() || !cardExpiry.isReady() || !cardCvv.isReady()) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"elements_not_ready\",\n        message: \"Wait for all elements to fire 'ready' event before tokenize()\",\n        retryable: false,\n      });\n    }\n\n    this.tokenizeInFlight = true;\n    try {\n      return await this.doTokenize(cardNumber, paymentId, idempotencyKey);\n    } finally {\n      this.tokenizeInFlight = false;\n    }\n  }\n\n  private doTokenize(\n    cardNumber: Element,\n    paymentId: string,\n    idempotencyKey: string,\n  ): Promise<TokenizeResult> {\n    const iframeOrigin = new URL(this.iframeBase).origin;\n    // C1: obtain reference to the cardNumber iframe's contentWindow before\n    // registering the listener so we can filter by source.\n    const cardIframeWindow = cardNumber.getIframeContentWindow();\n\n    return new Promise<TokenizeResult>((resolve, reject) => {\n      // C3: 30-second timeout — rejects and cleans up if no result arrives.\n      const timer = window.setTimeout(() => {\n        window.removeEventListener(\"message\", onMessage);\n        reject(\n          new ArcPayError({\n            type: \"network_error\",\n            code: \"tokenize_timeout\",\n            message: \"tokenize() timed out after 30 seconds\",\n            retryable: true,\n            paymentId,\n          }),\n        );\n      }, 30_000);\n\n      const onMessage = (event: MessageEvent) => {\n        // C1: source guard — only accept messages from the cardNumber iframe.\n        if (cardIframeWindow !== null && event.source !== cardIframeWindow) return;\n        // C4: use parseIncoming for origin + arcpay: prefix guard.\n        const data = parseIncoming<IframeToParent>(event, iframeOrigin);\n        if (!data) return;\n\n        if (data.type === \"arcpay:tokenize-result\") {\n          clearTimeout(timer);\n          window.removeEventListener(\"message\", onMessage);\n          resolve({\n            cardTokenId: data.cardTokenId,\n            cardMask: data.cardMask,\n            cardScheme: data.cardScheme,\n            cardBin: data.cardBin,\n            expiresIn: data.expiresIn,\n            expiresAt: data.expiresAt,\n          });\n        } else if (data.type === \"arcpay:tokenize-error\") {\n          clearTimeout(timer);\n          window.removeEventListener(\"message\", onMessage);\n          const errType =\n            data.errorType === \"validation_error\" || data.errorType === \"api_error\"\n              ? data.errorType\n              : \"api_error\";\n          reject(\n            new ArcPayError({\n              type: errType,\n              code: data.code,\n              message: data.message,\n              retryable: false,\n              paymentId,\n            }),\n          );\n        }\n      };\n\n      window.addEventListener(\"message\", onMessage);\n      cardNumber.send({ type: \"arcpay:tokenize\", paymentId, idempotencyKey });\n    });\n  }\n\n  destroy(): void {\n    for (const el of this.elementMap.values()) {\n      el.destroy();\n    }\n    this.elementMap.clear();\n  }\n}\n","import {\n  detectEnvironment,\n  type Environment,\n  validatePublishableKey as _validatePublishableKey,\n} from \"./env\";\nimport { showSandboxBanner } from \"./sandbox-banner\";\nimport { Elements, type ElementsOptions } from \"../elements/elements\";\n\nconst validatePublishableKey: (key: unknown) => asserts key is string = _validatePublishableKey;\n\nexport interface ArcPayLoadOptions {\n  readonly _reserved?: never;\n}\n\nexport interface ArcPayInstance {\n  readonly publishableKey: string;\n  readonly environment: Environment;\n  elements: (opts?: ElementsOptions) => Elements;\n}\n\nconst cache = new Map<string, Promise<ArcPayInstance>>();\n\nconst buildInstance = (publishableKey: string): ArcPayInstance => {\n  if (detectEnvironment(publishableKey) === \"sandbox\") {\n    showSandboxBanner();\n  }\n  return {\n    publishableKey,\n    environment: detectEnvironment(publishableKey),\n    elements: () => new Elements({ publishableKey }),\n  };\n};\n\nfunction load(publishableKey: string): Promise<ArcPayInstance> {\n  try {\n    validatePublishableKey(publishableKey);\n  } catch (err) {\n    return Promise.reject(err);\n  }\n  const key = publishableKey;\n  const existing = cache.get(key);\n  if (existing) return existing;\n  const promise = Promise.resolve(buildInstance(publishableKey));\n  cache.set(key, promise);\n  return promise;\n}\n\nconst resetForTests = (): void => {\n  cache.clear();\n};\n\nexport const ArcPay = {\n  load,\n  __resetForTests: resetForTests,\n};\n","import type { PaymentNextAction } from \"../server/types\";\n\nexport type ThreeDSAction = PaymentNextAction;\n\nexport interface BrowserFormField {\n  name: string;\n  value: string;\n}\n\nexport interface BrowserPostForm {\n  action: string;\n  method: \"POST\";\n  target: \"hidden_iframe\" | \"browser\";\n  fields: BrowserFormField[];\n}\n\nexport const getThreeDSAction = (nextAction?: PaymentNextAction): PaymentNextAction | null => {\n  return nextAction ?? null;\n};\n\nexport const isThreeDSMethodAction = (nextAction?: PaymentNextAction): boolean => {\n  return nextAction?.type === \"three_ds_method\" && nextAction.three_ds.phase === \"method\";\n};\n\nexport const isThreeDSChallengeAction = (nextAction?: PaymentNextAction): boolean => {\n  return nextAction?.type === \"three_ds_challenge\" && nextAction.three_ds.phase === \"challenge\";\n};\n\nexport const buildThreeDSBrowserForm = (nextAction: PaymentNextAction): BrowserPostForm => ({\n  action: nextAction.three_ds.submit.url,\n  method: nextAction.three_ds.submit.method,\n  target: nextAction.three_ds.submit.target,\n  fields: nextAction.three_ds.submit.fields,\n});\n\nconst htmlEscape = (value: string): string =>\n  value\n    .replace(/&/g, \"&amp;\")\n    .replace(/</g, \"&lt;\")\n    .replace(/>/g, \"&gt;\")\n    .replace(/\"/g, \"&quot;\")\n    .replace(/'/g, \"&#39;\");\n\nexport const buildThreeDSAutoSubmitHtml = (nextAction: PaymentNextAction): string => {\n  const form = buildThreeDSBrowserForm(nextAction);\n  const target = form.target === \"hidden_iframe\" ? \"arcpay-three-ds-method\" : \"_self\";\n  const inputs = form.fields\n    .map(\n      (field) =>\n        `<input type=\"hidden\" name=\"${htmlEscape(field.name)}\" value=\"${htmlEscape(field.value)}\">`,\n    )\n    .join(\"\");\n  const iframe =\n    form.target === \"hidden_iframe\"\n      ? '<iframe name=\"arcpay-three-ds-method\" title=\"3-D Secure method\" hidden></iframe>'\n      : \"\";\n  return `<!doctype html><html><head><meta charset=\"utf-8\"></head><body>${iframe}<form method=\"POST\" action=\"${htmlEscape(form.action)}\" target=\"${target}\">${inputs}</form><script>document.forms[0].submit();</script></body></html>`;\n};\n","export { ArcPay } from \"./core/arcpay\";\nexport type { ArcPayInstance, ArcPayLoadOptions } from \"./core/arcpay\";\nexport {\n  ArcPayError,\n  isValidationError,\n  isAuthenticationError,\n  isAuthorizationError,\n  isStateError,\n  isRateLimitError,\n  isApiError,\n  isNetworkError,\n  isChallengeAborted,\n} from \"./core/errors\";\nexport type { ArcPayErrorType } from \"./core/errors\";\nexport type { Environment } from \"./core/env\";\nexport type { TokenizeResult } from \"./tokenize/tokenize\";\nexport type { CardScheme } from \"./tokenize/scheme\";\nexport {\n  buildThreeDSAutoSubmitHtml,\n  buildThreeDSBrowserForm,\n  getThreeDSAction,\n  isThreeDSChallengeAction,\n  isThreeDSMethodAction,\n} from \"./three-ds\";\nexport type { BrowserFormField, BrowserPostForm, ThreeDSAction } from \"./three-ds\";\nexport const SDK_VERSION = \"0.1.9\";\n\nexport type { FieldType } from \"./elements/postmessage\";\nexport type { ElementOptions, ElementEvent } from \"./elements/element\";\nexport { Elements } from \"./elements/elements\";\nexport type { ElementsOptions } from \"./elements/elements\";\n"]}
+{"version":3,"sources":["../../src/core/errors.ts","../../src/core/env.ts","../../src/core/sandbox-banner.ts","../../src/elements/postmessage.ts","../../src/elements/style.ts","../../src/elements/element.ts","../../src/elements/elements.ts","../../src/core/arcpay.ts","../../src/three-ds/actions.ts","../../src/index.ts"],"names":["ArcPayError","init","isValidationError","isAuthenticationError","isAuthorizationError","isStateError","isRateLimitError","isApiError","isNetworkError","isChallengeAborted","detectEnvironment","publishableKey","validatePublishableKey","key","BANNER_ATTR","showSandboxBanner","bar","text","dismiss","ARCPAY_TYPE_PREFIX","isArcpayMessage","data","postToIframe","iframe","message","targetOrigin","parseIncoming","event","expectedOrigin","FORBIDDEN_PROPERTIES","sanitizeBlock","block","out","value","normalizedKey","sanitizeStyle","style","result","Element","field","options","context","target","container","_a","hello","_event","callback","_b","listener","DEFAULT_IFRAME_BASE","createChannelId","Elements","opts","ctx","element","paymentId","idempotencyKey","cardNumber","cardExpiry","cardCvv","iframeOrigin","cardIframeWindow","resolve","reject","timer","onMessage","errType","el","cache","buildInstance","load","err","existing","promise","resetForTests","ArcPay","supportedColorDepths","normalizeColorDepth","resolveWindowSize","width","collectBrowserInfo","acceptHeader","getThreeDSAction","nextAction","isThreeDSMethodAction","isThreeDSChallengeAction","buildThreeDSBrowserForm","htmlEscape","buildThreeDSAutoSubmitHtml","form","inputs","SDK_VERSION"],"mappings":"2CAqBO,IAAMA,CAAAA,CAAN,cAA0B,KAAM,CASrC,YAAYC,CAAAA,CAAuB,CACjC,MAAMA,CAAAA,CAAK,OAAO,EAClB,IAAA,CAAK,IAAA,CAAO,cACZ,IAAA,CAAK,IAAA,CAAOA,EAAK,IAAA,CACjB,IAAA,CAAK,KAAOA,CAAAA,CAAK,IAAA,CACjB,KAAK,KAAA,CAAQA,CAAAA,CAAK,MAClB,IAAA,CAAK,SAAA,CAAYA,EAAK,SAAA,CACtB,IAAA,CAAK,YAAcA,CAAAA,CAAK,WAAA,CACxB,KAAK,SAAA,CAAYA,CAAAA,CAAK,UACtB,IAAA,CAAK,SAAA,CAAYA,EAAK,UACxB,CACF,CAAA,CAEaC,CAAAA,CAAqB,CAAA,EAChC,CAAA,YAAaF,GAAe,CAAA,CAAE,IAAA,GAAS,mBAC5BG,CAAAA,CAAyB,CAAA,EACpC,aAAaH,CAAAA,EAAe,CAAA,CAAE,OAAS,sBAAA,CAC5BI,CAAAA,CAAwB,GACnC,CAAA,YAAaJ,CAAAA,EAAe,EAAE,IAAA,GAAS,qBAAA,CAC5BK,EAAgB,CAAA,EAC3B,CAAA,YAAaL,CAAAA,EAAe,CAAA,CAAE,IAAA,GAAS,aAAA,CAC5BM,EAAoB,CAAA,EAC/B,CAAA,YAAaN,GAAe,CAAA,CAAE,IAAA,GAAS,mBAC5BO,CAAAA,CAAc,CAAA,EACzB,aAAaP,CAAAA,EAAe,CAAA,CAAE,OAAS,WAAA,CAC5BQ,CAAAA,CAAkB,GAC7B,CAAA,YAAaR,CAAAA,EAAe,EAAE,IAAA,GAAS,eAAA,CAC5BS,CAAAA,CAAsB,CAAA,EACjC,CAAA,YAAaT,CAAAA,EAAe,EAAE,IAAA,GAAS,oBCtDlC,IAAMU,CAAAA,CAAqBC,CAAAA,EAChCA,EAAe,UAAA,CAAW,UAAU,EAAI,SAAA,CAAY,MAAA,CAEzCC,EAA0BC,CAAAA,EAAwC,CAC7E,GAAI,OAAOA,CAAAA,EAAQ,UAAYA,CAAAA,CAAI,MAAA,GAAW,EAC5C,MAAM,IAAIb,EAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,yBAAA,CACN,QAAS,4CAAA,CACT,SAAA,CAAW,KACb,CAAC,CAAA,CAEH,GAAI,CAACa,CAAAA,CAAI,WAAW,UAAU,CAAA,EAAK,CAACA,CAAAA,CAAI,UAAA,CAAW,UAAU,CAAA,CAC3D,MAAM,IAAIb,EAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,yBAAA,CACN,QACE,qGAAA,CACF,SAAA,CAAW,KACb,CAAC,CAEL,ECzBA,IAAMc,CAAAA,CAAc,6BAEPC,CAAAA,CAAoB,IAAY,CAE3C,GADI,OAAO,QAAA,EAAa,WAAA,EACpB,QAAA,CAAS,aAAA,CAAc,IAAID,CAAW,CAAA,CAAA,CAAG,EAAG,OAEhD,IAAME,EAAM,QAAA,CAAS,aAAA,CAAc,KAAK,CAAA,CACxCA,CAAAA,CAAI,aAAaF,CAAAA,CAAa,EAAE,EAChCE,CAAAA,CAAI,KAAA,CAAM,QACR,uOAAA,CAEF,IAAMC,CAAAA,CAAO,QAAA,CAAS,aAAA,CAAc,MAAM,EAC1CA,CAAAA,CAAK,WAAA,CAAc,kDACnBD,CAAAA,CAAI,WAAA,CAAYC,CAAI,CAAA,CAEpB,IAAMC,EAAU,QAAA,CAAS,aAAA,CAAc,QAAQ,CAAA,CAC/CA,CAAAA,CAAQ,KAAO,QAAA,CACfA,CAAAA,CAAQ,aAAa,4BAAA,CAA8B,EAAE,EACrDA,CAAAA,CAAQ,WAAA,CAAc,OACtBA,CAAAA,CAAQ,YAAA,CAAa,aAAc,0BAA0B,CAAA,CAC7DA,EAAQ,KAAA,CAAM,OAAA,CACZ,gGACFA,CAAAA,CAAQ,gBAAA,CAAiB,QAAS,IAAMF,CAAAA,CAAI,QAAQ,CAAA,CACpDA,EAAI,WAAA,CAAYE,CAAO,CAAA,CAEvB,QAAA,CAAS,IAAA,CAAK,WAAA,CAAYF,CAAG,EAC/B,CAAA,CCcA,IAAMG,CAAAA,CAAqB,SAAA,CAErBC,EAAmBC,CAAAA,EACvB,OAAOA,GAAS,QAAA,EAChBA,CAAAA,GAAS,MACT,MAAA,GAAUA,CAAAA,EACV,OAAQA,CAAAA,CAA2B,IAAA,EAAS,UAC3CA,CAAAA,CAA0B,IAAA,CAAK,UAAA,CAAWF,CAAkB,CAAA,CAElDG,CAAAA,CAAe,CAC1BC,CAAAA,CACAC,CAAAA,CACAC,IACS,CACT,GAAIA,IAAiB,GAAA,CACnB,MAAM,IAAIzB,CAAAA,CAAY,CACpB,KAAM,kBAAA,CACN,IAAA,CAAM,4BACN,OAAA,CAAS,0CAAA,CACT,UAAW,KACb,CAAC,CAAA,CAEH,GAAI,CAACuB,CAAAA,CAAO,cACV,MAAM,IAAIvB,EAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,mBAAA,CACN,QAAS,iEAAA,CACT,SAAA,CAAW,KACb,CAAC,CAAA,CAEHuB,EAAO,aAAA,CAAc,WAAA,CAAYC,EAASC,CAAY,EACxD,CAAA,CASO,IAAMC,CAAAA,CAAgB,CAC3BC,EACAC,CAAAA,GAEID,CAAAA,CAAM,SAAWC,CAAAA,EACjB,CAACR,EAAgBO,CAAAA,CAAM,IAAI,EAAU,IAAA,CAClCA,CAAAA,CAAM,KC/Ef,IAAME,CAAAA,CAAuB,IAAI,GAAA,CAAI,CACnC,WACA,WAAA,CACA,gBAAA,CACA,SAAA,CACA,KAAA,CACA,MAAA,CACA,OAAA,CACA,SACA,OACF,CAAC,EAEKC,CAAAA,CAAiBC,CAAAA,EAA0D,CAC/E,IAAMC,CAAAA,CAA8B,EAAC,CACrC,IAAA,GAAW,CAACnB,CAAAA,CAAKoB,CAAK,IAAK,MAAA,CAAO,OAAA,CAAQF,CAAK,CAAA,CAAG,CAChD,IAAMG,CAAAA,CAAgBrB,CAAAA,CAAI,WAAA,GACtBgB,CAAAA,CAAqB,GAAA,CAAIK,CAAa,CAAA,GAI1CF,CAAAA,CAAInB,CAAG,CAAA,CAAIoB,CAAAA,EACb,CACA,OAAOD,CACT,EAEaG,CAAAA,CAAiBC,CAAAA,EAAoC,CAChE,IAAMC,CAAAA,CAAsB,CAAE,IAAA,CAAMP,CAAAA,CAAcM,CAAAA,CAAM,IAAI,CAAE,CAAA,CAC9D,OAAIA,CAAAA,CAAM,OAAA,GAAY,SAAWC,CAAAA,CAAO,OAAA,CAAUP,EAAcM,CAAAA,CAAM,OAAO,GACzEA,CAAAA,CAAM,KAAA,GAAU,SAAWC,CAAAA,CAAO,KAAA,CAAQP,EAAcM,CAAAA,CAAM,KAAK,GAChEC,CACT,CAAA,CCPO,IAAMC,CAAAA,CAAN,KAAc,CAMnB,WAAA,CACkBC,CAAAA,CACCC,EACAC,CAAAA,CACjB,CAHgB,WAAAF,CAAAA,CACC,IAAA,CAAA,OAAA,CAAAC,EACA,IAAA,CAAA,OAAA,CAAAC,CAAAA,CARnB,KAAQ,MAAA,CAAmC,IAAA,CAC3C,KAAiB,SAAA,CAAY,IAAI,IACjC,IAAA,CAAQ,MAAA,CAAwC,SAAA,CAChD,IAAA,CAAQ,cAAA,CAAqD,KAM1D,CAEH,KAAA,CAAMC,CAAAA,CAAoC,CACxC,GAAI,IAAA,CAAK,OACP,MAAM,IAAI1C,EAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,iBAAA,CACN,QAAS,CAAA,QAAA,EAAW,IAAA,CAAK,KAAK,CAAA,mBAAA,CAAA,CAC9B,SAAA,CAAW,KACb,CAAC,CAAA,CAEH,IAAM2C,EAAY,OAAOD,CAAAA,EAAW,SAAW,QAAA,CAAS,aAAA,CAAcA,CAAM,CAAA,CAAIA,CAAAA,CAChF,GAAI,EAAEC,CAAAA,YAAqB,aACzB,MAAM,IAAI3C,EAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,wBAAA,CACN,OAAA,CAAS,CAAA,wBAAA,EAA2B,MAAA,CAAO0C,CAAM,CAAC,CAAA,CAAA,CAClD,SAAA,CAAW,KACb,CAAC,CAAA,CAGH,IAAMnB,CAAAA,CAAS,QAAA,CAAS,cAAc,QAAQ,CAAA,CAC9CA,EAAO,GAAA,CAAM,CAAA,EAAG,KAAK,OAAA,CAAQ,UAAU,WAAW,IAAA,CAAK,KAAK,GAC5DA,CAAAA,CAAO,KAAA,CAAM,QAAU,gDAAA,CACvBA,CAAAA,CAAO,aAAa,OAAA,CAAS,SAAS,EACtCA,CAAAA,CAAO,YAAA,CAAa,sBAAuB,IAAA,CAAK,KAAK,EACrDoB,CAAAA,CAAU,WAAA,CAAYpB,CAAM,CAAA,CAC5B,IAAA,CAAK,OAASA,CAAAA,CAEd,IAAMK,CAAAA,CAAiB,IAAI,GAAA,CAAI,IAAA,CAAK,QAAQ,UAAU,CAAA,CAAE,OAExD,IAAA,CAAK,cAAA,CAAkBD,GAAwB,CAvEnD,IAAAiB,EA2EM,GAAIjB,CAAAA,CAAM,WAAWiB,CAAAA,CAAA,IAAA,CAAK,SAAL,IAAA,CAAA,MAAA,CAAAA,CAAAA,CAAa,eAAe,OAEjD,IAAMvB,CAAAA,CAAOK,CAAAA,CAA8BC,CAAAA,CAAOC,CAAc,EAC3DP,CAAAA,EACL,IAAA,CAAK,cAAcA,CAAI,EACzB,EACA,MAAA,CAAO,gBAAA,CAAiB,UAAW,IAAA,CAAK,cAAc,EAEtDE,CAAAA,CAAO,gBAAA,CACL,OACA,IAAM,CACJ,GAAI,CAAC,IAAA,CAAK,MAAA,CAAQ,OAClB,IAAMsB,CAAAA,CAAwB,CAC5B,IAAA,CAAM,cAAA,CACN,OAAQ,MAAA,CAAO,QAAA,CAAS,OACxB,cAAA,CAAgB,IAAA,CAAK,QAAQ,cAAA,CAC7B,SAAA,CAAW,KAAK,OAAA,CAAQ,SAC1B,EACAvB,CAAAA,CAAa,IAAA,CAAK,OAAQuB,CAAAA,CAAOjB,CAAc,EACjD,CAAA,CACA,CAAE,KAAM,IAAK,CACf,EACF,CAEQ,aAAA,CAAcP,EAA4B,CAC5CA,CAAAA,CAAK,OAAS,cAAA,EAChB,IAAA,CAAK,OAAS,OAAA,CAEV,IAAA,CAAK,QAAQ,KAAA,EACf,IAAA,CAAK,KAAK,CAAE,IAAA,CAAM,cAAA,CAAgB,OAAA,CAASc,CAAAA,CAAc,IAAA,CAAK,QAAQ,KAAK,CAAE,CAAC,CAAA,CAEhF,IAAA,CAAK,KAAK,CAAE,IAAA,CAAM,OAAQ,CAAC,CAAA,EAClBd,EAAK,IAAA,GAAS,iBAAA,EACvB,KAAK,MAAA,CAAS,OAAA,CACd,KAAK,IAAA,CAAK,CAAE,IAAA,CAAM,OAAA,CAAS,MAAA,CAAQA,CAAAA,CAAK,MAAO,CAAC,CAAA,EACvCA,EAAK,IAAA,GAAS,eAAA,EAAmBA,EAAK,KAAA,GAAU,IAAA,CAAK,OAC9D,IAAA,CAAK,IAAA,CAAK,CACR,IAAA,CAAM,QAAA,CACN,QAASA,CAAAA,CAAK,OAAA,CACd,MAAOA,CAAAA,CAAK,KAAA,CACZ,QAAA,CAAUA,CAAAA,CAAK,QACjB,CAAC,EAGL,CAEA,MAAA,CAAOmB,EAAwC,CACzCA,CAAAA,CAAQ,OACV,IAAA,CAAK,IAAA,CAAK,CAAE,IAAA,CAAM,cAAA,CAAgB,QAASL,CAAAA,CAAcK,CAAAA,CAAQ,KAAK,CAAE,CAAC,EAE7E,CAEA,OAAA,EAAgB,CACV,IAAA,CAAK,MAAA,GACP,IAAA,CAAK,OAAO,MAAA,EAAO,CACnB,KAAK,MAAA,CAAS,IAAA,CAAA,CAEZ,KAAK,cAAA,GACP,MAAA,CAAO,oBAAoB,SAAA,CAAW,IAAA,CAAK,cAAc,CAAA,CACzD,IAAA,CAAK,eAAiB,IAAA,CAAA,CAExB,IAAA,CAAK,UAAU,KAAA,EAAM,CACrB,IAAA,CAAK,MAAA,CAAS,UAChB,CAEA,GAAGM,CAAAA,CAAsCC,CAAAA,CAAgC,CACvE,OAAA,IAAA,CAAK,SAAA,CAAU,IAAIA,CAAQ,CAAA,CACpB,IAAM,IAAA,CAAK,SAAA,CAAU,OAAOA,CAAQ,CAC7C,CAEA,KAAA,EAAc,CACZ,KAAK,IAAA,CAAK,CAAE,IAAA,CAAM,cAAe,CAAC,EACpC,CAEA,KAAA,EAAc,CACZ,KAAK,IAAA,CAAK,CAAE,KAAM,cAAe,CAAC,EACpC,CAEA,OAAA,EAAmB,CACjB,OAAO,IAAA,CAAK,SAAW,OACzB,CAOA,wBAAwC,CAlK1C,IAAAH,CAAAA,CAAAI,CAAAA,CAmKI,OAAA,CAAOA,CAAAA,CAAAA,CAAAJ,EAAA,IAAA,CAAK,MAAA,GAAL,YAAAA,CAAAA,CAAa,aAAA,GAAb,KAAAI,CAAAA,CAA8B,IACvC,CAGA,IAAA,CAAKxB,CAAAA,CAA+B,CAClC,GAAI,CAAC,KAAK,MAAA,CACR,MAAM,IAAIxB,CAAAA,CAAY,CACpB,KAAM,kBAAA,CACN,IAAA,CAAM,cACN,OAAA,CAAS,CAAA,QAAA,EAAW,KAAK,KAAK,CAAA,eAAA,CAAA,CAC9B,UAAW,KACb,CAAC,EAEHsB,CAAAA,CAAa,IAAA,CAAK,OAAQE,CAAAA,CAAS,IAAI,IAAI,IAAA,CAAK,OAAA,CAAQ,UAAU,CAAA,CAAE,MAAM,EAC5E,CAEQ,IAAA,CAAKG,CAAAA,CAA2B,CACtC,IAAA,IAAWsB,CAAAA,IAAY,KAAK,SAAA,CAC1BA,CAAAA,CAAStB,CAAK,EAElB,CACF,EC9KA,IAAMuB,CAAAA,CAAsB,2BAEtBC,CAAAA,CAAkB,IAAc,CAZtC,IAAAP,CAAAA,CAaE,GAAI,EAAA,CAACA,CAAAA,CAAA,UAAA,CAAW,MAAA,GAAX,IAAA,EAAAA,CAAAA,CAAmB,YACtB,MAAM,IAAI5C,EAAY,CACpB,IAAA,CAAM,mBACN,IAAA,CAAM,oBAAA,CACN,QAAS,iDAAA,CACT,SAAA,CAAW,KACb,CAAC,CAAA,CAEH,OAAO,UAAA,CAAW,MAAA,CAAO,YAC3B,CAAA,CAEaoD,CAAAA,CAAN,KAAe,CAOpB,WAAA,CAAYC,EAAuD,CANnE,IAAA,CAAiB,WAAa,IAAI,GAAA,CAIlC,KAAQ,gBAAA,CAAmB,KAAA,CA7B7B,IAAAT,CAAAA,CAgCI,IAAA,CAAK,eAAiBS,CAAAA,CAAK,cAAA,CAC3B,KAAK,UAAA,CAAA,CAAaT,CAAAA,CAAAS,EAAK,UAAA,GAAL,IAAA,CAAAT,EAAmBM,CAAAA,CACrC,IAAA,CAAK,UAAYC,CAAAA,GACnB,CAEA,MAAA,CAAOZ,CAAAA,CAAkBC,EAA0B,EAAC,CAAY,CAC9D,GAAI,IAAA,CAAK,WAAW,GAAA,CAAID,CAAK,EAC3B,MAAM,IAAIvC,EAAY,CACpB,IAAA,CAAM,kBAAA,CACN,IAAA,CAAM,mBAAA,CACN,OAAA,CAAS,eAAeuC,CAAK,CAAA,gBAAA,CAAA,CAC7B,UAAW,KACb,CAAC,EAEH,IAAMe,CAAAA,CAAsB,CAC1B,UAAA,CAAY,IAAA,CAAK,WACjB,cAAA,CAAgB,IAAA,CAAK,eACrB,SAAA,CAAW,IAAA,CAAK,SAClB,CAAA,CACMC,CAAAA,CAAU,IAAIjB,CAAAA,CAAQC,CAAAA,CAAOC,CAAAA,CAASc,CAAG,CAAA,CAC/C,OAAA,IAAA,CAAK,WAAW,GAAA,CAAIf,CAAAA,CAAOgB,CAAO,CAAA,CAC3BA,CACT,CAEA,MAAM,QAAA,CAASC,EAAmBC,CAAAA,CAAiD,CAEjF,GAAI,IAAA,CAAK,gBAAA,CACP,MAAM,IAAIzD,CAAAA,CAAY,CACpB,IAAA,CAAM,kBAAA,CACN,IAAA,CAAM,uBACN,OAAA,CAAS,qEAAA,CACT,UAAW,KACb,CAAC,EAGH,IAAM0D,CAAAA,CAAa,KAAK,UAAA,CAAW,GAAA,CAAI,YAAY,CAAA,CAC7CC,CAAAA,CAAa,KAAK,UAAA,CAAW,GAAA,CAAI,YAAY,CAAA,CAC7CC,CAAAA,CAAU,KAAK,UAAA,CAAW,GAAA,CAAI,SAAS,CAAA,CAE7C,GAAI,CAACF,CAAAA,EAAc,CAACC,GAAc,CAACC,CAAAA,CACjC,MAAM,IAAI5D,CAAAA,CAAY,CACpB,IAAA,CAAM,kBAAA,CACN,KAAM,qBAAA,CACN,OAAA,CACE,qGACF,SAAA,CAAW,KACb,CAAC,CAAA,CAEH,GAAI,CAAC0D,EAAW,OAAA,EAAQ,EAAK,CAACC,CAAAA,CAAW,OAAA,IAAa,CAACC,CAAAA,CAAQ,SAAQ,CACrE,MAAM,IAAI5D,CAAAA,CAAY,CACpB,KAAM,kBAAA,CACN,IAAA,CAAM,qBACN,OAAA,CAAS,+DAAA,CACT,SAAA,CAAW,KACb,CAAC,CAAA,CAGH,KAAK,gBAAA,CAAmB,IAAA,CACxB,GAAI,CACF,OAAO,MAAM,IAAA,CAAK,UAAA,CAAW0D,EAAYF,CAAAA,CAAWC,CAAc,CACpE,CAAA,OAAE,CACA,KAAK,gBAAA,CAAmB,MAC1B,CACF,CAEQ,UAAA,CACNC,CAAAA,CACAF,CAAAA,CACAC,CAAAA,CACyB,CACzB,IAAMI,CAAAA,CAAe,IAAI,IAAI,IAAA,CAAK,UAAU,EAAE,MAAA,CAGxCC,CAAAA,CAAmBJ,EAAW,sBAAA,EAAuB,CAE3D,OAAO,IAAI,OAAA,CAAwB,CAACK,CAAAA,CAASC,CAAAA,GAAW,CAEtD,IAAMC,CAAAA,CAAQ,MAAA,CAAO,UAAA,CAAW,IAAM,CACpC,OAAO,mBAAA,CAAoB,SAAA,CAAWC,CAAS,CAAA,CAC/CF,CAAAA,CACE,IAAIhE,CAAAA,CAAY,CACd,KAAM,eAAA,CACN,IAAA,CAAM,mBACN,OAAA,CAAS,uCAAA,CACT,UAAW,IAAA,CACX,SAAA,CAAAwD,CACF,CAAC,CACH,EACF,CAAA,CAAG,GAAM,CAAA,CAEHU,EAAavC,CAAAA,EAAwB,CAEzC,GAAImC,CAAAA,GAAqB,IAAA,EAAQnC,EAAM,MAAA,GAAWmC,CAAAA,CAAkB,OAEpE,IAAMzC,CAAAA,CAAOK,EAA8BC,CAAAA,CAAOkC,CAAY,EAC9D,GAAKxC,CAAAA,CAAAA,CAEL,GAAIA,CAAAA,CAAK,IAAA,GAAS,wBAAA,CAChB,YAAA,CAAa4C,CAAK,CAAA,CAClB,OAAO,mBAAA,CAAoB,SAAA,CAAWC,CAAS,CAAA,CAC/CH,CAAAA,CAAQ,CACN,WAAA,CAAa1C,CAAAA,CAAK,YAClB,QAAA,CAAUA,CAAAA,CAAK,SACf,UAAA,CAAYA,CAAAA,CAAK,WACjB,OAAA,CAASA,CAAAA,CAAK,QACd,SAAA,CAAWA,CAAAA,CAAK,SAAA,CAChB,SAAA,CAAWA,CAAAA,CAAK,SAClB,CAAC,CAAA,CAAA,KAAA,GACQA,CAAAA,CAAK,OAAS,uBAAA,CAAyB,CAChD,aAAa4C,CAAK,CAAA,CAClB,OAAO,mBAAA,CAAoB,SAAA,CAAWC,CAAS,CAAA,CAC/C,IAAMC,EACJ9C,CAAAA,CAAK,SAAA,GAAc,oBAAsBA,CAAAA,CAAK,SAAA,GAAc,YACxDA,CAAAA,CAAK,SAAA,CACL,YACN2C,CAAAA,CACE,IAAIhE,EAAY,CACd,IAAA,CAAMmE,EACN,IAAA,CAAM9C,CAAAA,CAAK,KACX,OAAA,CAASA,CAAAA,CAAK,QACd,SAAA,CAAW,KAAA,CACX,UAAAmC,CACF,CAAC,CACH,EACF,CAAA,CACF,CAAA,CAEA,MAAA,CAAO,gBAAA,CAAiB,SAAA,CAAWU,CAAS,CAAA,CAC5CR,CAAAA,CAAW,KAAK,CAAE,IAAA,CAAM,kBAAmB,SAAA,CAAAF,CAAAA,CAAW,eAAAC,CAAe,CAAC,EACxE,CAAC,CACH,CAEA,OAAA,EAAgB,CACd,QAAWW,CAAAA,IAAM,IAAA,CAAK,UAAA,CAAW,MAAA,EAAO,CACtCA,CAAAA,CAAG,SAAQ,CAEb,IAAA,CAAK,WAAW,KAAA,GAClB,CACF,EClKA,IAAMxD,EAAkEA,CAAAA,CAYlEyD,CAAAA,CAAQ,IAAI,GAAA,CAEZC,CAAAA,CAAiB3D,IACjBD,CAAAA,CAAkBC,CAAc,IAAM,SAAA,EACxCI,CAAAA,EAAkB,CAEb,CACL,cAAA,CAAAJ,CAAAA,CACA,YAAaD,CAAAA,CAAkBC,CAAc,EAC7C,QAAA,CAAU,IAAM,IAAIyC,CAAAA,CAAS,CAAE,eAAAzC,CAAe,CAAC,CACjD,CAAA,CAAA,CAGF,SAAS4D,EAAK5D,CAAAA,CAAiD,CAC7D,GAAI,CACFC,CAAAA,CAAuBD,CAAc,EACvC,CAAA,MAAS6D,CAAAA,CAAK,CACZ,OAAO,OAAA,CAAQ,OAAOA,CAAG,CAC3B,CACA,IAAM3D,CAAAA,CAAMF,EACN8D,CAAAA,CAAWJ,CAAAA,CAAM,IAAIxD,CAAG,CAAA,CAC9B,GAAI4D,CAAAA,CAAU,OAAOA,EACrB,IAAMC,CAAAA,CAAU,OAAA,CAAQ,OAAA,CAAQJ,CAAAA,CAAc3D,CAAc,CAAC,CAAA,CAC7D,OAAA0D,EAAM,GAAA,CAAIxD,CAAAA,CAAK6D,CAAO,CAAA,CACfA,CACT,CAEA,IAAMC,CAAAA,CAAgB,IAAY,CAChCN,CAAAA,CAAM,QACR,CAAA,CAEaO,EAAS,CACpB,IAAA,CAAAL,CAAAA,CACA,eAAA,CAAiBI,CACnB,MCpCME,CAAAA,CAAuB,CAAC,EAAG,CAAA,CAAG,CAAA,CAAG,GAAI,EAAA,CAAI,EAAA,CAAI,GAAI,EAAE,CAAA,CAEnDC,EAAuB7C,CAAAA,EAC3B4C,CAAAA,CAAqB,SAAS5C,CAAmC,CAAA,CAC5DA,EACD,EAAA,CAEA8C,CAAAA,CAAqBC,CAAAA,EACrBA,CAAAA,EAAS,GAAA,CAAa,IAAA,CACtBA,GAAS,GAAA,CAAY,IAAA,CACrBA,GAAS,GAAA,CAAY,IAAA,CACrBA,GAAS,GAAA,CAAY,IAAA,CAClB,KAGIC,CAAAA,CAAqB,CAChCC,EAAe,iEAAA,GACC,CAChB,GACE,OAAO,MAAA,EAAW,aAClB,OAAO,SAAA,EAAc,aACrB,OAAO,MAAA,EAAW,YAElB,MAAM,IAAI,MAAM,4DAA4D,CAAA,CAE9E,OAAO,CACL,aAAA,CAAeA,EACf,QAAA,CAAU,SAAA,CAAU,UAAY,IAAA,CAChC,YAAA,CAAc,OAAO,KAAA,CACrB,aAAA,CAAe,OAAO,MAAA,CACtB,WAAA,CAAaJ,CAAAA,CAAoB,MAAA,CAAO,UAAU,CAAA,CAClD,wBAAyB,IAAI,IAAA,GAAO,iBAAA,EAAkB,CACtD,aAAc,KAAA,CACd,UAAA,CAAY,UAAU,SAAA,CACtB,WAAA,CAAaC,EAAkB,MAAA,CAAO,UAAA,EAAc,OAAO,KAAK,CAClE,CACF,CAAA,CAEaI,CAAAA,CAAoBC,CAAAA,EACxBA,CAAAA,EAAA,IAAA,CAAAA,CAAAA,CAAc,KAGVC,CAAAA,CAAyBD,CAAAA,EAAAA,CAC7BA,GAAA,IAAA,CAAA,MAAA,CAAAA,CAAAA,CAAY,QAAS,iBAAA,EAAqBA,CAAAA,CAAW,SAAS,KAAA,GAAU,QAAA,CAGpEE,EAA4BF,CAAAA,EAAAA,CAChCA,CAAAA,EAAA,YAAAA,CAAAA,CAAY,IAAA,IAAS,sBAAwBA,CAAAA,CAAW,QAAA,CAAS,KAAA,GAAU,WAAA,CAGvEG,CAAAA,CAA2BH,CAAAA,GAAoD,CAC1F,MAAA,CAAQA,CAAAA,CAAW,SAAS,MAAA,CAAO,GAAA,CACnC,OAAQA,CAAAA,CAAW,QAAA,CAAS,OAAO,MAAA,CACnC,MAAA,CAAQA,EAAW,QAAA,CAAS,MAAA,CAAO,OACnC,MAAA,CAAQA,CAAAA,CAAW,SAAS,MAAA,CAAO,MACrC,CAAA,CAAA,CAEMI,CAAAA,CAAcvD,CAAAA,EAClBA,CAAAA,CACG,QAAQ,IAAA,CAAM,OAAO,EACrB,OAAA,CAAQ,IAAA,CAAM,MAAM,CAAA,CACpB,OAAA,CAAQ,KAAM,MAAM,CAAA,CACpB,QAAQ,IAAA,CAAM,QAAQ,EACtB,OAAA,CAAQ,IAAA,CAAM,OAAO,CAAA,CAEbwD,CAAAA,CAA8BL,CAAAA,EAA0C,CACnF,IAAMM,CAAAA,CAAOH,EAAwBH,CAAU,CAAA,CACzC1C,EAASgD,CAAAA,CAAK,MAAA,GAAW,gBAAkB,wBAAA,CAA2B,OAAA,CACtEC,EAASD,CAAAA,CAAK,MAAA,CACjB,IACEnD,CAAAA,EACC,CAAA,2BAAA,EAA8BiD,EAAWjD,CAAAA,CAAM,IAAI,CAAC,CAAA,SAAA,EAAYiD,CAAAA,CAAWjD,CAAAA,CAAM,KAAK,CAAC,CAAA,EAAA,CAC3F,EACC,IAAA,CAAK,EAAE,EAKV,OAAO,CAAA,8DAAA,EAHLmD,EAAK,MAAA,GAAW,eAAA,CACZ,mFACA,EACwE,CAAA,4BAAA,EAA+BF,EAAWE,CAAAA,CAAK,MAAM,CAAC,CAAA,UAAA,EAAahD,CAAM,KAAKiD,CAAM,CAAA,iEAAA,CACpK,ECvEO,IAAMC,EAAAA,CAAc","file":"arcpay.global.js","sourcesContent":["export type ArcPayErrorType =\n  | \"validation_error\"\n  | \"authentication_error\"\n  | \"authorization_error\"\n  | \"state_error\"\n  | \"rate_limit_error\"\n  | \"api_error\"\n  | \"network_error\"\n  | \"challenge_aborted\";\n\nexport interface ArcPayErrorInit {\n  type: ArcPayErrorType;\n  message: string;\n  code?: string;\n  param?: string;\n  paymentId?: string;\n  declineCode?: string;\n  retryable: boolean;\n  requestId?: string;\n}\n\nexport class ArcPayError extends Error {\n  readonly type: ArcPayErrorType;\n  readonly code?: string;\n  readonly param?: string;\n  readonly paymentId?: string;\n  readonly declineCode?: string;\n  readonly retryable: boolean;\n  readonly requestId?: string;\n\n  constructor(init: ArcPayErrorInit) {\n    super(init.message);\n    this.name = \"ArcPayError\";\n    this.type = init.type;\n    this.code = init.code;\n    this.param = init.param;\n    this.paymentId = init.paymentId;\n    this.declineCode = init.declineCode;\n    this.retryable = init.retryable;\n    this.requestId = init.requestId;\n  }\n}\n\nexport const isValidationError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"validation_error\";\nexport const isAuthenticationError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"authentication_error\";\nexport const isAuthorizationError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"authorization_error\";\nexport const isStateError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"state_error\";\nexport const isRateLimitError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"rate_limit_error\";\nexport const isApiError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"api_error\";\nexport const isNetworkError = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"network_error\";\nexport const isChallengeAborted = (e: unknown): e is ArcPayError =>\n  e instanceof ArcPayError && e.type === \"challenge_aborted\";\n","import { ArcPayError } from \"./errors\";\n\nexport type Environment = \"sandbox\" | \"live\";\n\nexport const detectEnvironment = (publishableKey: string): Environment =>\n  publishableKey.startsWith(\"pk_test_\") ? \"sandbox\" : \"live\";\n\nexport const validatePublishableKey = (key: unknown): asserts key is string => {\n  if (typeof key !== \"string\" || key.length === 0) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"invalid_publishable_key\",\n      message: \"Publishable key must be a non-empty string\",\n      retryable: false,\n    });\n  }\n  if (!key.startsWith(\"pk_test_\") && !key.startsWith(\"pk_live_\")) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"invalid_publishable_key\",\n      message:\n        \"Publishable key must start with pk_test_ or pk_live_. Secret keys (sk_*) cannot be used in browser.\",\n      retryable: false,\n    });\n  }\n};\n","const BANNER_ATTR = \"data-arcpay-sandbox-banner\";\n\nexport const showSandboxBanner = (): void => {\n  if (typeof document === \"undefined\") return;\n  if (document.querySelector(`[${BANNER_ATTR}]`)) return;\n\n  const bar = document.createElement(\"div\");\n  bar.setAttribute(BANNER_ATTR, \"\");\n  bar.style.cssText =\n    \"position:fixed;top:0;left:0;right:0;z-index:2147483647;background:#ffd166;color:#222;font:13px/1.4 system-ui,sans-serif;padding:6px 12px;display:flex;align-items:center;justify-content:center;box-shadow:0 1px 3px rgba(0,0,0,0.1);\";\n\n  const text = document.createElement(\"span\");\n  text.textContent = \"ARC PAY TEST MODE — payments are simulated\";\n  bar.appendChild(text);\n\n  const dismiss = document.createElement(\"button\");\n  dismiss.type = \"button\";\n  dismiss.setAttribute(\"data-arcpay-banner-dismiss\", \"\");\n  dismiss.textContent = \"×\";\n  dismiss.setAttribute(\"aria-label\", \"Dismiss test mode banner\");\n  dismiss.style.cssText =\n    \"margin-left:12px;background:transparent;border:0;font-size:18px;cursor:pointer;color:inherit;\";\n  dismiss.addEventListener(\"click\", () => bar.remove());\n  bar.appendChild(dismiss);\n\n  document.body.appendChild(bar);\n};\n","import { ArcPayError } from \"../core/errors\";\n\nexport type FieldType = \"cardNumber\" | \"cardExpiry\" | \"cardCvv\";\n\n// Parent → iframe\nexport type ParentToIframe =\n  | { type: \"arcpay:hello\"; origin: string; publishableKey: string; channelId: string }\n  | { type: \"arcpay:style\"; payload: StyleSubset }\n  | { type: \"arcpay:focus\" }\n  | { type: \"arcpay:clear\" }\n  | { type: \"arcpay:tokenize\"; paymentId: string; idempotencyKey: string };\n\n// iframe → parent\nexport type IframeToParent =\n  | { type: \"arcpay:ready\" }\n  | { type: \"arcpay:rejected\"; reason: string }\n  | {\n      type: \"arcpay:change\";\n      field: FieldType;\n      isValid: boolean;\n      brand?: string;\n      lastFour?: string;\n    }\n  | {\n      type: \"arcpay:tokenize-result\";\n      cardTokenId: string;\n      cardMask: string;\n      cardScheme: string;\n      cardBin: string;\n      expiresIn: number;\n      expiresAt: string;\n    }\n  | { type: \"arcpay:tokenize-error\"; errorType: string; code?: string; message: string };\n\nexport interface StyleSubset {\n  base: Record<string, string>;\n  invalid?: Record<string, string>;\n  focus?: Record<string, string>;\n}\n\nconst ARCPAY_TYPE_PREFIX = \"arcpay:\";\n\nconst isArcpayMessage = (data: unknown): data is { type: string } =>\n  typeof data === \"object\" &&\n  data !== null &&\n  \"type\" in data &&\n  typeof (data as { type: unknown }).type === \"string\" &&\n  (data as { type: string }).type.startsWith(ARCPAY_TYPE_PREFIX);\n\nexport const postToIframe = (\n  iframe: HTMLIFrameElement,\n  message: ParentToIframe,\n  targetOrigin: string,\n): void => {\n  if (targetOrigin === \"*\") {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"wildcard_origin_forbidden\",\n      message: \"postToIframe: targetOrigin cannot be '*'\",\n      retryable: false,\n    });\n  }\n  if (!iframe.contentWindow) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"iframe_not_loaded\",\n      message: \"postToIframe: iframe.contentWindow is null (iframe not mounted)\",\n      retryable: false,\n    });\n  }\n  iframe.contentWindow.postMessage(message, targetOrigin);\n};\n\nexport const postToParent = (message: IframeToParent, targetOrigin: string): void => {\n  if (targetOrigin === \"*\") {\n    throw new Error(\"postToParent: targetOrigin cannot be '*'\");\n  }\n  window.parent.postMessage(message, targetOrigin);\n};\n\nexport const parseIncoming = <T extends { type: string }>(\n  event: MessageEvent,\n  expectedOrigin: string,\n): T | null => {\n  if (event.origin !== expectedOrigin) return null;\n  if (!isArcpayMessage(event.data)) return null;\n  return event.data as T;\n};\n","import type { StyleSubset } from \"./postmessage\";\n\n// Spec calls out position:fixed, transform, pointer-events:none as forbidden.\n// We extend to cover the full clickjacking attack surface: any positioning\n// (fixed/absolute/sticky), transform, all pointer-events values, z-index, and\n// inset properties (top/left/right/bottom/inset). The legitimate use cases\n// for these in a 1-line input field are zero, so blanket drop.\nconst FORBIDDEN_PROPERTIES = new Set([\n  \"position\",\n  \"transform\",\n  \"pointer-events\",\n  \"z-index\",\n  \"top\",\n  \"left\",\n  \"right\",\n  \"bottom\",\n  \"inset\",\n]);\n\nconst sanitizeBlock = (block: Record<string, string>): Record<string, string> => {\n  const out: Record<string, string> = {};\n  for (const [key, value] of Object.entries(block)) {\n    const normalizedKey = key.toLowerCase();\n    if (FORBIDDEN_PROPERTIES.has(normalizedKey)) {\n      // Defense against position/transform-based clickjacking. Silently drop.\n      continue;\n    }\n    out[key] = value;\n  }\n  return out;\n};\n\nexport const sanitizeStyle = (style: StyleSubset): StyleSubset => {\n  const result: StyleSubset = { base: sanitizeBlock(style.base) };\n  if (style.invalid !== undefined) result.invalid = sanitizeBlock(style.invalid);\n  if (style.focus !== undefined) result.focus = sanitizeBlock(style.focus);\n  return result;\n};\n","import { ArcPayError } from \"../core/errors\";\nimport {\n  type FieldType,\n  type ParentToIframe,\n  type IframeToParent,\n  type StyleSubset,\n  postToIframe,\n  parseIncoming,\n} from \"./postmessage\";\nimport { sanitizeStyle } from \"./style\";\n\nexport interface ElementOptions {\n  /** StyleSubset applied via arcpay:style postMessage. */\n  style?: StyleSubset;\n  placeholder?: string;\n}\n\nexport type ElementEvent =\n  | { type: \"ready\" }\n  | { type: \"change\"; isValid: boolean; brand?: string; lastFour?: string }\n  | { type: \"error\"; reason: string };\n\ntype Listener = (event: ElementEvent) => void;\n\nexport interface ElementContext {\n  iframeBase: string;\n  publishableKey: string;\n  channelId: string;\n}\n\nexport class Element {\n  private iframe: HTMLIFrameElement | null = null;\n  private readonly listeners = new Set<Listener>();\n  private status: \"pending\" | \"ready\" | \"error\" = \"pending\";\n  private messageHandler: ((e: MessageEvent) => void) | null = null;\n\n  constructor(\n    public readonly field: FieldType,\n    private readonly options: ElementOptions,\n    private readonly context: ElementContext,\n  ) {}\n\n  mount(target: string | HTMLElement): void {\n    if (this.iframe) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"already_mounted\",\n        message: `Element ${this.field} is already mounted`,\n        retryable: false,\n      });\n    }\n    const container = typeof target === \"string\" ? document.querySelector(target) : target;\n    if (!(container instanceof HTMLElement)) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"mount_target_not_found\",\n        message: `mount target not found: ${String(target)}`,\n        retryable: false,\n      });\n    }\n\n    const iframe = document.createElement(\"iframe\");\n    iframe.src = `${this.context.iframeBase}/iframe/${this.field}`;\n    iframe.style.cssText = \"border:0;width:100%;height:100%;display:block;\";\n    iframe.setAttribute(\"allow\", \"payment\");\n    iframe.setAttribute(\"data-arcpay-element\", this.field);\n    container.appendChild(iframe);\n    this.iframe = iframe;\n\n    const expectedOrigin = new URL(this.context.iframeBase).origin;\n\n    this.messageHandler = (event: MessageEvent) => {\n      // C1: source guard — only accept messages from this element's own iframe.\n      // Without this, any iframe at the same origin (e.g. cardExpiry, cardCvv)\n      // could trigger handlers on cardNumber and vice-versa.\n      if (event.source !== this.iframe?.contentWindow) return;\n      // C4: use parseIncoming for origin + arcpay: prefix guard.\n      const data = parseIncoming<IframeToParent>(event, expectedOrigin);\n      if (!data) return;\n      this.handleMessage(data);\n    };\n    window.addEventListener(\"message\", this.messageHandler);\n\n    iframe.addEventListener(\n      \"load\",\n      () => {\n        if (!this.iframe) return;\n        const hello: ParentToIframe = {\n          type: \"arcpay:hello\",\n          origin: window.location.origin,\n          publishableKey: this.context.publishableKey,\n          channelId: this.context.channelId,\n        };\n        postToIframe(this.iframe, hello, expectedOrigin);\n      },\n      { once: true },\n    );\n  }\n\n  private handleMessage(data: IframeToParent): void {\n    if (data.type === \"arcpay:ready\") {\n      this.status = \"ready\";\n      // Apply initial style if provided at construction time.\n      if (this.options.style) {\n        this.send({ type: \"arcpay:style\", payload: sanitizeStyle(this.options.style) });\n      }\n      this.emit({ type: \"ready\" });\n    } else if (data.type === \"arcpay:rejected\") {\n      this.status = \"error\";\n      this.emit({ type: \"error\", reason: data.reason });\n    } else if (data.type === \"arcpay:change\" && data.field === this.field) {\n      this.emit({\n        type: \"change\",\n        isValid: data.isValid,\n        brand: data.brand,\n        lastFour: data.lastFour,\n      });\n    }\n    // arcpay:tokenize-result / arcpay:tokenize-error handled by Elements factory (Task 9).\n  }\n\n  update(options: { style?: StyleSubset }): void {\n    if (options.style) {\n      this.send({ type: \"arcpay:style\", payload: sanitizeStyle(options.style) });\n    }\n  }\n\n  destroy(): void {\n    if (this.iframe) {\n      this.iframe.remove();\n      this.iframe = null;\n    }\n    if (this.messageHandler) {\n      window.removeEventListener(\"message\", this.messageHandler);\n      this.messageHandler = null;\n    }\n    this.listeners.clear();\n    this.status = \"pending\";\n  }\n\n  on(_event: \"ready\" | \"change\" | \"error\", callback: Listener): () => void {\n    this.listeners.add(callback);\n    return () => this.listeners.delete(callback);\n  }\n\n  focus(): void {\n    this.send({ type: \"arcpay:focus\" });\n  }\n\n  clear(): void {\n    this.send({ type: \"arcpay:clear\" });\n  }\n\n  isReady(): boolean {\n    return this.status === \"ready\";\n  }\n\n  /**\n   * Internal: returns the iframe's contentWindow for source-filtering in\n   * Elements.doTokenize(). Returns null when the iframe is not yet mounted\n   * or when jsdom has not yet populated contentWindow (test environment).\n   */\n  getIframeContentWindow(): Window | null {\n    return this.iframe?.contentWindow ?? null;\n  }\n\n  /** Internal: used by Elements factory to send tokenize commands. */\n  send(message: ParentToIframe): void {\n    if (!this.iframe) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"not_mounted\",\n        message: `Element ${this.field} is not mounted`,\n        retryable: false,\n      });\n    }\n    postToIframe(this.iframe, message, new URL(this.context.iframeBase).origin);\n  }\n\n  private emit(event: ElementEvent): void {\n    for (const listener of this.listeners) {\n      listener(event);\n    }\n  }\n}\n","import { ArcPayError } from \"../core/errors\";\nimport { Element, type ElementContext, type ElementOptions } from \"./element\";\nimport type { FieldType, IframeToParent } from \"./postmessage\";\nimport { parseIncoming } from \"./postmessage\";\nimport type { TokenizeResult } from \"../tokenize/tokenize\";\n\nexport type { TokenizeResult };\n\nexport type ElementsOptions = Record<string, never>;\n\nconst DEFAULT_IFRAME_BASE = \"https://sdk.arcpay.space\";\n\nconst createChannelId = (): string => {\n  if (!globalThis.crypto?.randomUUID) {\n    throw new ArcPayError({\n      type: \"validation_error\",\n      code: \"crypto_unavailable\",\n      message: \"crypto.randomUUID is required for Hosted Fields\",\n      retryable: false,\n    });\n  }\n  return globalThis.crypto.randomUUID();\n};\n\nexport class Elements {\n  private readonly elementMap = new Map<FieldType, Element>();\n  private readonly iframeBase: string;\n  private readonly publishableKey: string;\n  private readonly channelId: string;\n  private tokenizeInFlight = false;\n\n  constructor(opts: { publishableKey: string; iframeBase?: string }) {\n    this.publishableKey = opts.publishableKey;\n    this.iframeBase = opts.iframeBase ?? DEFAULT_IFRAME_BASE;\n    this.channelId = createChannelId();\n  }\n\n  create(field: FieldType, options: ElementOptions = {}): Element {\n    if (this.elementMap.has(field)) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"duplicate_element\",\n        message: `Element for ${field} already created`,\n        retryable: false,\n      });\n    }\n    const ctx: ElementContext = {\n      iframeBase: this.iframeBase,\n      publishableKey: this.publishableKey,\n      channelId: this.channelId,\n    };\n    const element = new Element(field, options, ctx);\n    this.elementMap.set(field, element);\n    return element;\n  }\n\n  async tokenize(paymentId: string, idempotencyKey: string): Promise<TokenizeResult> {\n    // C2: concurrent-call guard — only one tokenize() may be in-flight at a time.\n    if (this.tokenizeInFlight) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"tokenize_in_progress\",\n        message: \"A tokenize() call is already in progress for this Elements instance\",\n        retryable: false,\n      });\n    }\n\n    const cardNumber = this.elementMap.get(\"cardNumber\");\n    const cardExpiry = this.elementMap.get(\"cardExpiry\");\n    const cardCvv = this.elementMap.get(\"cardCvv\");\n\n    if (!cardNumber || !cardExpiry || !cardCvv) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"incomplete_elements\",\n        message:\n          \"All three elements (cardNumber, cardExpiry, cardCvv) must be created and mounted before tokenize()\",\n        retryable: false,\n      });\n    }\n    if (!cardNumber.isReady() || !cardExpiry.isReady() || !cardCvv.isReady()) {\n      throw new ArcPayError({\n        type: \"validation_error\",\n        code: \"elements_not_ready\",\n        message: \"Wait for all elements to fire 'ready' event before tokenize()\",\n        retryable: false,\n      });\n    }\n\n    this.tokenizeInFlight = true;\n    try {\n      return await this.doTokenize(cardNumber, paymentId, idempotencyKey);\n    } finally {\n      this.tokenizeInFlight = false;\n    }\n  }\n\n  private doTokenize(\n    cardNumber: Element,\n    paymentId: string,\n    idempotencyKey: string,\n  ): Promise<TokenizeResult> {\n    const iframeOrigin = new URL(this.iframeBase).origin;\n    // C1: obtain reference to the cardNumber iframe's contentWindow before\n    // registering the listener so we can filter by source.\n    const cardIframeWindow = cardNumber.getIframeContentWindow();\n\n    return new Promise<TokenizeResult>((resolve, reject) => {\n      // C3: 30-second timeout — rejects and cleans up if no result arrives.\n      const timer = window.setTimeout(() => {\n        window.removeEventListener(\"message\", onMessage);\n        reject(\n          new ArcPayError({\n            type: \"network_error\",\n            code: \"tokenize_timeout\",\n            message: \"tokenize() timed out after 30 seconds\",\n            retryable: true,\n            paymentId,\n          }),\n        );\n      }, 30_000);\n\n      const onMessage = (event: MessageEvent) => {\n        // C1: source guard — only accept messages from the cardNumber iframe.\n        if (cardIframeWindow !== null && event.source !== cardIframeWindow) return;\n        // C4: use parseIncoming for origin + arcpay: prefix guard.\n        const data = parseIncoming<IframeToParent>(event, iframeOrigin);\n        if (!data) return;\n\n        if (data.type === \"arcpay:tokenize-result\") {\n          clearTimeout(timer);\n          window.removeEventListener(\"message\", onMessage);\n          resolve({\n            cardTokenId: data.cardTokenId,\n            cardMask: data.cardMask,\n            cardScheme: data.cardScheme,\n            cardBin: data.cardBin,\n            expiresIn: data.expiresIn,\n            expiresAt: data.expiresAt,\n          });\n        } else if (data.type === \"arcpay:tokenize-error\") {\n          clearTimeout(timer);\n          window.removeEventListener(\"message\", onMessage);\n          const errType =\n            data.errorType === \"validation_error\" || data.errorType === \"api_error\"\n              ? data.errorType\n              : \"api_error\";\n          reject(\n            new ArcPayError({\n              type: errType,\n              code: data.code,\n              message: data.message,\n              retryable: false,\n              paymentId,\n            }),\n          );\n        }\n      };\n\n      window.addEventListener(\"message\", onMessage);\n      cardNumber.send({ type: \"arcpay:tokenize\", paymentId, idempotencyKey });\n    });\n  }\n\n  destroy(): void {\n    for (const el of this.elementMap.values()) {\n      el.destroy();\n    }\n    this.elementMap.clear();\n  }\n}\n","import {\n  detectEnvironment,\n  type Environment,\n  validatePublishableKey as _validatePublishableKey,\n} from \"./env\";\nimport { showSandboxBanner } from \"./sandbox-banner\";\nimport { Elements, type ElementsOptions } from \"../elements/elements\";\n\nconst validatePublishableKey: (key: unknown) => asserts key is string = _validatePublishableKey;\n\nexport interface ArcPayLoadOptions {\n  readonly _reserved?: never;\n}\n\nexport interface ArcPayInstance {\n  readonly publishableKey: string;\n  readonly environment: Environment;\n  elements: (opts?: ElementsOptions) => Elements;\n}\n\nconst cache = new Map<string, Promise<ArcPayInstance>>();\n\nconst buildInstance = (publishableKey: string): ArcPayInstance => {\n  if (detectEnvironment(publishableKey) === \"sandbox\") {\n    showSandboxBanner();\n  }\n  return {\n    publishableKey,\n    environment: detectEnvironment(publishableKey),\n    elements: () => new Elements({ publishableKey }),\n  };\n};\n\nfunction load(publishableKey: string): Promise<ArcPayInstance> {\n  try {\n    validatePublishableKey(publishableKey);\n  } catch (err) {\n    return Promise.reject(err);\n  }\n  const key = publishableKey;\n  const existing = cache.get(key);\n  if (existing) return existing;\n  const promise = Promise.resolve(buildInstance(publishableKey));\n  cache.set(key, promise);\n  return promise;\n}\n\nconst resetForTests = (): void => {\n  cache.clear();\n};\n\nexport const ArcPay = {\n  load,\n  __resetForTests: resetForTests,\n};\n","import type { PaymentNextAction } from \"../server/types\";\nimport type { ExecutePaymentRequest } from \"../server/types\";\n\nexport type ThreeDSAction = PaymentNextAction;\nexport type BrowserInfo = ExecutePaymentRequest[\"browser_info\"];\n\nexport interface BrowserFormField {\n  name: string;\n  value: string;\n}\n\nexport interface BrowserPostForm {\n  action: string;\n  method: \"POST\";\n  target: \"hidden_iframe\" | \"browser\";\n  fields: BrowserFormField[];\n}\n\nconst supportedColorDepths = [1, 4, 8, 15, 16, 24, 32, 48] as const;\n\nconst normalizeColorDepth = (value: number): BrowserInfo[\"color_depth\"] =>\n  supportedColorDepths.includes(value as BrowserInfo[\"color_depth\"])\n    ? (value as BrowserInfo[\"color_depth\"])\n    : 24;\n\nconst resolveWindowSize = (width: number): NonNullable<BrowserInfo[\"window_size\"]> => {\n  if (width >= 1000) return \"05\";\n  if (width >= 600) return \"04\";\n  if (width >= 500) return \"03\";\n  if (width >= 390) return \"02\";\n  return \"01\";\n};\n\nexport const collectBrowserInfo = (\n  acceptHeader = \"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\",\n): BrowserInfo => {\n  if (\n    typeof window === \"undefined\" ||\n    typeof navigator === \"undefined\" ||\n    typeof screen === \"undefined\"\n  ) {\n    throw new Error(\"collectBrowserInfo must be called in a browser environment\");\n  }\n  return {\n    accept_header: acceptHeader,\n    language: navigator.language || \"en\",\n    screen_width: screen.width,\n    screen_height: screen.height,\n    color_depth: normalizeColorDepth(screen.colorDepth),\n    timezone_offset_minutes: new Date().getTimezoneOffset(),\n    java_enabled: false,\n    user_agent: navigator.userAgent,\n    window_size: resolveWindowSize(window.innerWidth || screen.width),\n  };\n};\n\nexport const getThreeDSAction = (nextAction?: PaymentNextAction): PaymentNextAction | null => {\n  return nextAction ?? null;\n};\n\nexport const isThreeDSMethodAction = (nextAction?: PaymentNextAction): boolean => {\n  return nextAction?.type === \"three_ds_method\" && nextAction.three_ds.phase === \"method\";\n};\n\nexport const isThreeDSChallengeAction = (nextAction?: PaymentNextAction): boolean => {\n  return nextAction?.type === \"three_ds_challenge\" && nextAction.three_ds.phase === \"challenge\";\n};\n\nexport const buildThreeDSBrowserForm = (nextAction: PaymentNextAction): BrowserPostForm => ({\n  action: nextAction.three_ds.submit.url,\n  method: nextAction.three_ds.submit.method,\n  target: nextAction.three_ds.submit.target,\n  fields: nextAction.three_ds.submit.fields,\n});\n\nconst htmlEscape = (value: string): string =>\n  value\n    .replace(/&/g, \"&amp;\")\n    .replace(/</g, \"&lt;\")\n    .replace(/>/g, \"&gt;\")\n    .replace(/\"/g, \"&quot;\")\n    .replace(/'/g, \"&#39;\");\n\nexport const buildThreeDSAutoSubmitHtml = (nextAction: PaymentNextAction): string => {\n  const form = buildThreeDSBrowserForm(nextAction);\n  const target = form.target === \"hidden_iframe\" ? \"arcpay-three-ds-method\" : \"_self\";\n  const inputs = form.fields\n    .map(\n      (field) =>\n        `<input type=\"hidden\" name=\"${htmlEscape(field.name)}\" value=\"${htmlEscape(field.value)}\">`,\n    )\n    .join(\"\");\n  const iframe =\n    form.target === \"hidden_iframe\"\n      ? '<iframe name=\"arcpay-three-ds-method\" title=\"3-D Secure method\" hidden></iframe>'\n      : \"\";\n  return `<!doctype html><html><head><meta charset=\"utf-8\"></head><body>${iframe}<form method=\"POST\" action=\"${htmlEscape(form.action)}\" target=\"${target}\">${inputs}</form><script>document.forms[0].submit();</script></body></html>`;\n};\n","export { ArcPay } from \"./core/arcpay\";\nexport type { ArcPayInstance, ArcPayLoadOptions } from \"./core/arcpay\";\nexport {\n  ArcPayError,\n  isValidationError,\n  isAuthenticationError,\n  isAuthorizationError,\n  isStateError,\n  isRateLimitError,\n  isApiError,\n  isNetworkError,\n  isChallengeAborted,\n} from \"./core/errors\";\nexport type { ArcPayErrorType } from \"./core/errors\";\nexport type { Environment } from \"./core/env\";\nexport type { TokenizeResult } from \"./tokenize/tokenize\";\nexport type { CardScheme } from \"./tokenize/scheme\";\nexport {\n  buildThreeDSAutoSubmitHtml,\n  buildThreeDSBrowserForm,\n  collectBrowserInfo,\n  getThreeDSAction,\n  isThreeDSChallengeAction,\n  isThreeDSMethodAction,\n} from \"./three-ds\";\nexport type { BrowserFormField, BrowserInfo, BrowserPostForm, ThreeDSAction } from \"./three-ds\";\nexport const SDK_VERSION = \"0.1.11\";\n\nexport type { FieldType } from \"./elements/postmessage\";\nexport type { ElementOptions, ElementEvent } from \"./elements/element\";\nexport { Elements } from \"./elements/elements\";\nexport type { ElementsOptions } from \"./elements/elements\";\n"]}

package/dist/index.cjs

@@ -430,6 +430,31 @@ var ArcPay = {
 };
 
 // src/three-ds/actions.ts
+var supportedColorDepths = [1, 4, 8, 15, 16, 24, 32, 48];
+var normalizeColorDepth = (value) => supportedColorDepths.includes(value) ? value : 24;
+var resolveWindowSize = (width) => {
+  if (width >= 1e3) return "05";
+  if (width >= 600) return "04";
+  if (width >= 500) return "03";
+  if (width >= 390) return "02";
+  return "01";
+};
+var collectBrowserInfo = (acceptHeader = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8") => {
+  if (typeof window === "undefined" || typeof navigator === "undefined" || typeof screen === "undefined") {
+    throw new Error("collectBrowserInfo must be called in a browser environment");
+  }
+  return {
+    accept_header: acceptHeader,
+    language: navigator.language || "en",
+    screen_width: screen.width,
+    screen_height: screen.height,
+    color_depth: normalizeColorDepth(screen.colorDepth),
+    timezone_offset_minutes: (/* @__PURE__ */ new Date()).getTimezoneOffset(),
+    java_enabled: false,
+    user_agent: navigator.userAgent,
+    window_size: resolveWindowSize(window.innerWidth || screen.width)
+  };
+};
 var getThreeDSAction = (nextAction) => {
   return nextAction != null ? nextAction : null;
 };
@@ -457,7 +482,7 @@ var buildThreeDSAutoSubmitHtml = (nextAction) => {
 };
 
 // src/index.ts
-var SDK_VERSION = "0.1.9";
+var SDK_VERSION = "0.1.11";
 
 exports.ArcPay = ArcPay;
 exports.ArcPayError = ArcPayError;
@@ -465,6 +490,7 @@ exports.Elements = Elements;
 exports.SDK_VERSION = SDK_VERSION;
 exports.buildThreeDSAutoSubmitHtml = buildThreeDSAutoSubmitHtml;
 exports.buildThreeDSBrowserForm = buildThreeDSBrowserForm;
+exports.collectBrowserInfo = collectBrowserInfo;
 exports.getThreeDSAction = getThreeDSAction;
 exports.isApiError = isApiError;
 exports.isAuthenticationError = isAuthenticationError;