npm - @trymellon/js - Versions diffs - 1.1.3 - Mend

@trymellon/js 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (31) hide show

package/LICENSE +21 -0
package/README.MD +608 -0
package/dist/angular.cjs +3 -0
package/dist/angular.cjs.map +1 -0
package/dist/angular.d.cts +13 -0
package/dist/angular.d.ts +13 -0
package/dist/angular.js +3 -0
package/dist/angular.js.map +1 -0
package/dist/index.cjs +3 -0
package/dist/index.cjs.map +1 -0
package/dist/index.d.cts +421 -0
package/dist/index.d.ts +421 -0
package/dist/index.global.js +3 -0
package/dist/index.global.js.map +1 -0
package/dist/index.js +3 -0
package/dist/index.js.map +1 -0
package/dist/react.cjs +3 -0
package/dist/react.cjs.map +1 -0
package/dist/react.d.cts +25 -0
package/dist/react.d.ts +25 -0
package/dist/react.js +3 -0
package/dist/react.js.map +1 -0
package/dist/trymellon-Ca4kob_K.d.cts +364 -0
package/dist/trymellon-Ca4kob_K.d.ts +364 -0
package/dist/vue.cjs +3 -0
package/dist/vue.cjs.map +1 -0
package/dist/vue.d.cts +22 -0
package/dist/vue.d.ts +22 -0
package/dist/vue.js +3 -0
package/dist/vue.js.map +1 -0
package/package.json +121 -0

package/dist/angular.cjs ADDED Viewed

@@ -0,0 +1,3 @@
+"use client";
+"use strict";var Fe=Object.create;var C=Object.defineProperty;var Ee=Object.getOwnPropertyDescriptor;var Le=Object.getOwnPropertyNames;var Ke=Object.prototype.hasOwnProperty;var be=(e,r)=>(r=Symbol[e])?r:Symbol.for("Symbol."+e),F=e=>{throw TypeError(e)};var je=(e,r,t)=>r in e?C(e,r,{enumerable:!0,configurable:!0,writable:!0,value:t}):e[r]=t;var Re=(e,r)=>C(e,"name",{value:r,configurable:!0});var qe=(e,r)=>{for(var t in r)C(e,t,{get:r[t],enumerable:!0})},Ve=(e,r,t,n)=>{if(r&&typeof r=="object"||typeof r=="function")for(let s of Le(r))!Ke.call(e,s)&&s!==t&&C(e,s,{get:()=>r[s],enumerable:!(n=Ee(r,s))||n.enumerable});return e};var We=e=>Ve(C({},"__esModule",{value:!0}),e);var _e=e=>[,,,Fe(e?.[be("metadata")]??null)],Te=["class","method","getter","setter","accessor","field","value","get","set"],U=e=>e!==void 0&&typeof e!="function"?F("Function expected"):e,Be=(e,r,t,n,s)=>({kind:Te[e],name:r,metadata:n,addInitializer:i=>t._?F("Already initialized"):s.push(U(i||null))}),Ye=(e,r)=>je(r,be("metadata"),e[3]),ve=(e,r,t,n)=>{for(var s=0,i=e[r>>1],u=i&&i.length;s<u;s++)r&1?i[s].call(t):n=i[s].call(t,n);return n},Ae=(e,r,t,n,s,i)=>{var u,p,g,y,m,d=r&7,_=!!(r&8),R=!!(r&16),E=d>3?e.length+1:d?_?1:2:0,S=Te[d+5],N=d>3&&(e[E-1]=[]),z=e[E]||(e[E]=[]),A=d&&(!R&&!_&&(s=s.prototype),d<5&&(d>3||!R)&&Ee(d<4?s:{get[t](){return ye(this,i)},set[t](v){return he(this,i,v)}},t));d?R&&d<4&&Re(i,(d>2?"set ":d>1?"get ":"")+t):Re(s,t);for(var J=n.length-1;J>=0;J--)y=Be(d,t,g={},e[3],z),d&&(y.static=_,y.private=R,m=y.access={has:R?v=>He(s,v):v=>t in v},d^3&&(m.get=R?v=>(d^1?ye:Ge)(v,s,d^4?i:A.get):v=>v[t]),d>2&&(m.set=R?(v,Z)=>he(v,s,Z,d^4?i:A.set):(v,Z)=>v[t]=Z)),p=(0,n[J])(d?d<4?R?i:A[S]:d>4?void 0:{get:A.get,set:A.set}:s,y),g._=1,d^4||p===void 0?U(p)&&(d>4?N.unshift(p):d?R?i=p:A[S]=p:s=p):typeof p!="object"||p===null?F("Object expected"):(U(u=p.get)&&(A.get=u),U(u=p.set)&&(A.set=u),U(u=p.init)&&N.unshift(u));return d||Ye(e,s),A&&C(s,t,A),R?d^4?i:A:s};var Q=(e,r,t)=>r.has(e)||F("Cannot "+t),He=(e,r)=>Object(r)!==r?F('Cannot use the "in" operator on this value'):e.has(r),ye=(e,r,t)=>(Q(e,r,"read from private field"),t?t.call(e):r.get(e));var he=(e,r,t,n)=>(Q(e,r,"write to private field"),n?n.call(e,t):r.set(e,t),t),Ge=(e,r,t)=>(Q(e,r,"access private method"),t);var hr={};qe(hr,{TRYMELLON_CONFIG:()=>K,TryMellonService:()=>M,provideTryMellonConfig:()=>yr});module.exports=We(hr);var D=require("@angular/core");var h=e=>({ok:!0,value:e}),c=e=>({ok:!1,error:e});var j=class e extends Error{code;details;isTryMellonError=!0;constructor(r,t,n){super(t),this.name="TryMellonError",this.code=r,this.details=n,Error.captureStackTrace&&Error.captureStackTrace(this,e)}},$e={NOT_SUPPORTED:"WebAuthn is not supported in this environment",USER_CANCELLED:"User cancelled the operation",PASSKEY_NOT_FOUND:"Passkey not found",SESSION_EXPIRED:"Session has expired",NETWORK_FAILURE:"Network request failed",INVALID_ARGUMENT:"Invalid argument provided",TIMEOUT:"Operation timed out",ABORTED:"Operation was aborted",UNKNOWN_ERROR:"An unknown error occurred"};function b(e,r,t){return new j(e,r??$e[e],t)}function Xe(e){return e instanceof j||typeof e=="object"&&e!==null&&"isTryMellonError"in e&&e.isTryMellonError===!0}function ee(){return b("NOT_SUPPORTED")}function I(e,r){return b("INVALID_ARGUMENT",`Invalid argument: ${e} - ${r}`,{field:e,reason:r})}function Ie(e){return b("UNKNOWN_ERROR",`Failed to ${e} credential`,{operation:e})}function re(e){return b("NOT_SUPPORTED",`No base64 ${e==="encode"?"encoding":"decoding"} available`,{type:e})}function Se(e,r){try{let t=new URL(e);if(t.protocol!=="https:"&&t.protocol!=="http:")throw I(r,"must use http or https protocol")}catch(t){throw Xe(t)?t:I(r,"must be a valid URL")}}function q(e,r,t,n){if(e<t||e>n)throw I(r,`must be between ${t} and ${n}`)}function V(e,r){if(typeof e!="string"||e.length===0)throw I(r,"must be a non-empty string");if(!/^[A-Za-z0-9_-]+$/.test(e))throw I(r,"must be a valid base64url string")}var ze={NotAllowedError:"USER_CANCELLED",AbortError:"ABORTED",NotSupportedError:"NOT_SUPPORTED",SecurityError:"NOT_SUPPORTED",InvalidStateError:"UNKNOWN_ERROR",UnknownError:"UNKNOWN_ERROR"};function T(e){if(e instanceof DOMException){let r=e.name,t=e.message||"WebAuthn operation failed",n=ze[r]??"UNKNOWN_ERROR";return b(n,t,{originalError:e})}return e instanceof Error?b("UNKNOWN_ERROR",e.message,{originalError:e}):b("UNKNOWN_ERROR","An unknown error occurred",{originalError:e})}function f(e){return typeof e=="object"&&e!==null&&!Array.isArray(e)}function l(e){return typeof e=="string"}function P(e){return typeof e=="number"&&Number.isFinite(e)}function W(e){return typeof e=="boolean"}function w(e){return Array.isArray(e)}function o(e,r){return c(b("NETWORK_FAILURE",e,{...r,originalData:r?.originalData}))}function a(e,r){return e[r]}function te(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"session_id");if(!l(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});let t=a(e,"challenge");if(!f(t))return o("Invalid API response: challenge must be object",{field:"challenge",originalData:e});let n=a(t,"rp");if(!f(n)||!l(n.name)||!l(n.id))return o("Invalid API response: challenge.rp must have name and id strings",{originalData:e});let s=a(t,"user");if(!f(s)||!l(s.id)||!l(s.name)||!l(s.displayName))return o("Invalid API response: challenge.user must have id, name, displayName strings",{originalData:e});let i=a(t,"challenge");if(!l(i))return o("Invalid API response: challenge.challenge must be string",{originalData:e});let u=a(t,"pubKeyCredParams");if(!w(u))return o("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:e});for(let m of u)if(!f(m)||m.type!=="public-key"||!P(m.alg))return o("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:e});let p=t.timeout;if(p!==void 0&&!P(p))return o("Invalid API response: challenge.timeout must be number",{originalData:e});let g=t.excludeCredentials;if(g!==void 0){if(!w(g))return o("Invalid API response: excludeCredentials must be array",{originalData:e});for(let m of g)if(!f(m)||m.type!=="public-key"||!l(m.id))return o("Invalid API response: excludeCredentials items must have id and type",{originalData:e})}let y=t.authenticatorSelection;return y!==void 0&&!f(y)?o("Invalid API response: authenticatorSelection must be object",{originalData:e}):h({session_id:r,challenge:{rp:n,user:s,challenge:i,pubKeyCredParams:u,...p!==void 0&&{timeout:p},...g!==void 0&&{excludeCredentials:g},...y!==void 0&&{authenticatorSelection:y}}})}function ne(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"session_id");if(!l(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});let t=a(e,"challenge");if(!f(t))return o("Invalid API response: challenge must be object",{field:"challenge",originalData:e});let n=a(t,"challenge"),s=a(t,"rpId"),i=t.allowCredentials;if(!l(n))return o("Invalid API response: challenge.challenge must be string",{originalData:e});if(!l(s))return o("Invalid API response: challenge.rpId must be string",{originalData:e});if(i!==void 0&&!w(i))return o("Invalid API response: allowCredentials must be array",{originalData:e});if(i){for(let g of i)if(!f(g)||g.type!=="public-key"||!l(g.id))return o("Invalid API response: allowCredentials items must have id and type",{originalData:e})}let u=t.timeout;if(u!==void 0&&!P(u))return o("Invalid API response: challenge.timeout must be number",{originalData:e});let p=t.userVerification;return p!==void 0&&!["required","preferred","discouraged"].includes(String(p))?o("Invalid API response: userVerification must be required|preferred|discouraged",{originalData:e}):h({session_id:r,challenge:{challenge:n,rpId:s,allowCredentials:i??[],...u!==void 0&&{timeout:u},...p!==void 0&&{userVerification:p}}})}function se(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"credential_id"),t=a(e,"status"),n=a(e,"session_token"),s=a(e,"user");if(!l(r))return o("Invalid API response: credential_id must be string",{field:"credential_id",originalData:e});if(!l(t))return o("Invalid API response: status must be string",{field:"status",originalData:e});if(!l(n))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});if(!f(s))return o("Invalid API response: user must be object",{field:"user",originalData:e});let i=a(s,"user_id"),u=a(s,"external_user_id");if(!l(i)||!l(u))return o("Invalid API response: user must have user_id and external_user_id strings",{originalData:e});let p=s.email,g=s.metadata;return p!==void 0&&!l(p)?o("Invalid API response: user.email must be string",{originalData:e}):g!==void 0&&(typeof g!="object"||g===null)?o("Invalid API response: user.metadata must be object",{originalData:e}):h({credential_id:r,status:t,session_token:n,user:{user_id:i,external_user_id:u,...p!==void 0&&{email:p},...g!==void 0&&{metadata:g}}})}function ie(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"authenticated"),t=a(e,"session_token"),n=a(e,"user"),s=a(e,"signals");if(!W(r))return o("Invalid API response: authenticated must be boolean",{field:"authenticated",originalData:e});if(!l(t))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});if(!f(n))return o("Invalid API response: user must be object",{field:"user",originalData:e});let i=a(n,"user_id"),u=a(n,"external_user_id");return!l(i)||!l(u)?o("Invalid API response: user must have user_id and external_user_id strings",{originalData:e}):s!==void 0&&!f(s)?o("Invalid API response: signals must be object",{originalData:e}):h({authenticated:r,session_token:t,user:{user_id:i,external_user_id:u,...n.email!==void 0&&{email:n.email},...n.metadata!==void 0&&{metadata:n.metadata}},signals:s})}function oe(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"valid"),t=a(e,"user_id"),n=a(e,"external_user_id"),s=a(e,"tenant_id"),i=a(e,"app_id");return W(r)?l(t)?l(n)?l(s)?l(i)?h({valid:r,user_id:t,external_user_id:n,tenant_id:s,app_id:i}):o("Invalid API response: app_id must be string",{field:"app_id",originalData:e}):o("Invalid API response: tenant_id must be string",{field:"tenant_id",originalData:e}):o("Invalid API response: external_user_id must be string",{field:"external_user_id",originalData:e}):o("Invalid API response: user_id must be string",{field:"user_id",originalData:e}):o("Invalid API response: valid must be boolean",{field:"valid",originalData:e})}function ae(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"sessionToken");return l(r)?h({sessionToken:r}):o("Invalid API response: sessionToken must be string",{field:"sessionToken",originalData:e})}var Je=["pending_passkey","pending_data","completed"],Ze=["pending_data","completed"];function le(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"session_id"),t=a(e,"onboarding_url"),n=a(e,"expires_in");return l(r)?l(t)?P(n)?h({session_id:r,onboarding_url:t,expires_in:n}):o("Invalid API response: expires_in must be number",{field:"expires_in",originalData:e}):o("Invalid API response: onboarding_url must be string",{field:"onboarding_url",originalData:e}):o("Invalid API response: session_id must be string",{field:"session_id",originalData:e})}function ue(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"status"),t=a(e,"onboarding_url"),n=a(e,"expires_in");return!l(r)||!Je.includes(r)?o("Invalid API response: status must be pending_passkey|pending_data|completed",{field:"status",originalData:e}):l(t)?P(n)?h({status:r,onboarding_url:t,expires_in:n}):o("Invalid API response: expires_in must be number",{originalData:e}):o("Invalid API response: onboarding_url must be string",{originalData:e})}function pe(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"session_id"),t=a(e,"status"),n=a(e,"onboarding_url");if(!l(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});if(t!=="pending_passkey")return o("Invalid API response: status must be pending_passkey",{field:"status",originalData:e});if(!l(n))return o("Invalid API response: onboarding_url must be string",{originalData:e});let s=e.challenge,i;if(s!==void 0){let u=Qe(s);if(!u.ok)return u;i=u.value}return h({session_id:r,status:"pending_passkey",onboarding_url:n,...i!==void 0&&{challenge:i}})}function Qe(e){if(!f(e))return o("Invalid API response: challenge must be object",{originalData:e});let r=a(e,"rp"),t=a(e,"user"),n=a(e,"challenge"),s=a(e,"pubKeyCredParams");if(!f(r)||!l(r.name)||!l(r.id))return o("Invalid API response: challenge.rp must have name and id",{originalData:e});if(!f(t)||!l(t.id)||!l(t.name)||!l(t.displayName))return o("Invalid API response: challenge.user must have id, name, displayName",{originalData:e});if(!l(n))return o("Invalid API response: challenge.challenge must be string",{originalData:e});if(!w(s))return o("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:e});for(let i of s)if(!f(i)||i.type!=="public-key"||!P(i.alg))return o("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:e});return h({rp:r,user:t,challenge:n,pubKeyCredParams:s})}function de(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"session_id"),t=a(e,"status"),n=a(e,"user_id"),s=a(e,"tenant_id");return l(r)?!l(t)||!Ze.includes(t)?o("Invalid API response: status must be pending_data|completed",{originalData:e}):l(n)?l(s)?h({session_id:r,status:t,user_id:n,tenant_id:s}):o("Invalid API response: tenant_id must be string",{originalData:e}):o("Invalid API response: user_id must be string",{originalData:e}):o("Invalid API response: session_id must be string",{originalData:e})}function ce(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"session_id"),t=a(e,"status"),n=a(e,"user_id"),s=a(e,"tenant_id"),i=a(e,"session_token");return l(r)?t!=="completed"?o("Invalid API response: status must be completed",{originalData:e}):!l(n)||!l(s)||!l(i)?o("Invalid API response: user_id, tenant_id, session_token must be strings",{originalData:e}):h({session_id:r,status:"completed",user_id:n,tenant_id:s,session_token:i}):o("Invalid API response: session_id must be string",{originalData:e})}var B=class{constructor(r,t,n={}){this.httpClient=r;this.baseUrl=t;this.defaultHeaders=n}mergeHeaders(r){return{...this.defaultHeaders,...r}}async post(r,t,n){let s=`${this.baseUrl}${r}`,i=await this.httpClient.post(s,t,this.mergeHeaders());return i.ok?n(i.value):c(i.error)}async get(r,t,n){let s=`${this.baseUrl}${r}`,i=await this.httpClient.get(s,this.mergeHeaders(n));return i.ok?t(i.value):c(i.error)}async startRegister(r){return this.post("/v1/passkeys/register/start",r,te)}async startAuth(r){return this.post("/v1/passkeys/auth/start",r,ne)}async finishRegister(r){return this.post("/v1/passkeys/register/finish",r,se)}async finishAuth(r){return this.post("/v1/passkeys/auth/finish",r,ie)}async validateSession(r){return this.get("/v1/sessions/validate",oe,{Authorization:`Bearer ${r}`})}async startEmailFallback(r){let t=`${this.baseUrl}/v1/fallback/email/start`,n=await this.httpClient.post(t,{userId:r},this.mergeHeaders());return n.ok?h(void 0):c(n.error)}async verifyEmailCode(r,t){return this.post("/v1/fallback/email/verify",{userId:r,code:t},ae)}async startOnboarding(r){return this.post("/onboarding/start",r,le)}async getOnboardingStatus(r){return this.get(`/onboarding/${r}/status`,ue)}async getOnboardingRegister(r){return this.get(`/onboarding/${r}/register`,pe)}async registerOnboardingPasskey(r,t){return this.post(`/onboarding/${r}/register-passkey`,t,de)}async completeOnboarding(r,t){return this.post(`/onboarding/${r}/complete`,t,ce)}};var er=3e4;function rr(){return typeof crypto<"u"&&typeof crypto.randomUUID=="function"?crypto.randomUUID():`${Date.now()}-${Math.random().toString(36).slice(2,11)}`}function Oe(e,r){let t=r*Math.pow(2,e);return Math.min(t,er)}function tr(e,r){return e!=="GET"?!1:r>=500||r===429}var Y=class{constructor(r,t=0,n=1e3,s){this.timeoutMs=r;this.maxRetries=t;this.retryDelayMs=n;this.logger=s}async get(r,t){return this.request(r,{method:"GET",headers:t})}async post(r,t,n){return this.request(r,{method:"POST",body:JSON.stringify(t),headers:{"Content-Type":"application/json",...n}})}async request(r,t){let n=(t.method??"GET").toUpperCase(),s=rr(),i=new Headers(t.headers);i.set("X-Request-Id",s),this.logger&&this.logger.debug("request",{requestId:s,url:r,method:n});let u;for(let p=0;p<=this.maxRetries;p++)try{let g=new AbortController,y=setTimeout(()=>g.abort(),this.timeoutMs),m=await fetch(r,{...t,headers:i,signal:g.signal});if(clearTimeout(y),!m.ok){let _;try{_=await m.json()}catch{}let R=_,E=R?.message??m.statusText,S=R?.error??"NETWORK_FAILURE",N=b(S,E,{requestId:s,status:m.status,statusText:m.statusText,data:_});if(tr(n,m.status)&&p<this.maxRetries){u=N,await new Promise(z=>setTimeout(z,Oe(p,this.retryDelayMs)));continue}return c(N)}let d=await m.json();return h(d)}catch(g){if(u=g,n==="GET"&&p<this.maxRetries)await new Promise(m=>setTimeout(m,Oe(p,this.retryDelayMs)));else break}return u instanceof Error&&u.name==="AbortError"?c(b("TIMEOUT","Request timed out",{requestId:s})):c(b("NETWORK_FAILURE",u instanceof Error?u.message:"Request failed",{requestId:s,cause:u}))}};function k(){try{return!(typeof navigator>"u"||!navigator.credentials||typeof PublicKeyCredential>"u")}catch{return!1}}async function nr(){try{return!k()||typeof PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable!="function"?!1:await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()}catch{return!1}}async function Pe(){let e=k(),r=await nr();return{isPasskeySupported:e,platformAuthenticatorAvailable:r,recommendedFlow:e?"passkey":"fallback"}}function O(e){let r=new Uint8Array(e),t="";for(let s=0;s<r.length;s++)t+=String.fromCharCode(r[s]??0);let n="";if(typeof btoa<"u")n=btoa(t);else if(typeof Buffer<"u")n=Buffer.from(t,"binary").toString("base64");else throw re("encode");return n.replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function sr(e){let r=e.replace(/-/g,"+").replace(/_/g,"/"),t=r.length%4;t!==0&&(r+="=".repeat(4-t));let n="";if(typeof atob<"u")n=atob(r);else if(typeof Buffer<"u")n=Buffer.from(r,"base64").toString("binary");else throw re("decode");let s=new Uint8Array(n.length);for(let i=0;i<n.length;i++)s[i]=n.charCodeAt(i);return s}function x(e){let r=sr(e),t=new ArrayBuffer(r.length);return new Uint8Array(t).set(r),t}function L(e,r="create"){if(!e||typeof e!="object"||!("id"in e)||!("rawId"in e)||!("response"in e))throw Ie(r)}function ke(e){return e!==null&&typeof e=="object"&&"clientDataJSON"in e&&e.clientDataJSON instanceof ArrayBuffer}function H(e){if(!e.response)throw b("UNKNOWN_ERROR","Credential response is missing",{credential:e});let r=e.response;if(!ke(r))throw b("UNKNOWN_ERROR","Invalid credential response structure",{response:r});if(!("attestationObject"in r))throw b("UNKNOWN_ERROR","Invalid credential response structure for register: attestationObject is missing",{response:r});let t=r.clientDataJSON,n=r.attestationObject;return{id:e.id,rawId:O(e.rawId),response:{clientDataJSON:O(t),attestationObject:O(n)},type:"public-key"}}function Me(e){if(!e.response)throw b("UNKNOWN_ERROR","Credential response is missing",{credential:e});let r=e.response;if(!ke(r))throw b("UNKNOWN_ERROR","Invalid credential response structure",{response:r});if(!("authenticatorData"in r)||!("signature"in r))throw b("UNKNOWN_ERROR","Invalid credential response structure for auth: authenticatorData or signature is missing",{response:r});let t=r.clientDataJSON,n=r.authenticatorData,s=r.signature,i=r.userHandle;return{id:e.id,rawId:O(e.rawId),response:{authenticatorData:O(n),clientDataJSON:O(t),signature:O(s),...i&&{userHandle:O(i)}},type:"public-key"}}function ge(e,r){try{V(e.challenge,"challenge"),V(e.user.id,"user.id");let t=x(e.challenge),n=x(e.user.id),s={userVerification:"preferred"};e.authenticatorSelection&&(s={...e.authenticatorSelection}),r&&(s={...s,authenticatorAttachment:r});let i={rp:{id:e.rp.id,name:e.rp.name},user:{id:n,name:e.user.name,displayName:e.user.displayName},challenge:t,pubKeyCredParams:e.pubKeyCredParams,...e.timeout!==void 0&&{timeout:e.timeout},attestation:"none",authenticatorSelection:s,...e.excludeCredentials&&{excludeCredentials:e.excludeCredentials.map(u=>({id:x(u.id),type:u.type,...u.transports&&{transports:u.transports}}))}};return h({publicKey:i})}catch(t){return c(T(t))}}function ir(e,r){try{V(e.challenge,"challenge");let t=x(e.challenge);return h({publicKey:{challenge:t,rpId:e.rpId,...e.timeout!==void 0&&{timeout:e.timeout},userVerification:e.userVerification??"preferred",...e.allowCredentials&&{allowCredentials:e.allowCredentials.map(n=>({id:x(n.id),type:n.type,...n.transports&&{transports:n.transports}}))}},...r!==void 0&&{mediation:r}})}catch(t){return c(T(t))}}async function Ce(e,r,t){t.emit("start",{type:"start",operation:"register"});try{let n=e.externalUserId??e.external_user_id;if(!n||typeof n!="string"||n.trim()==="")return c(I("external_user_id","must be provided (use externalUserId or external_user_id)"));if(!k())return c(ee());let s=await r.startRegister({external_user_id:n.trim()});if(!s.ok)return t.emit("error",{type:"error",error:s.error}),c(s.error);let i=s.value,u=i.session_id,p=ge(i.challenge,e.authenticatorType);if(!p.ok)return t.emit("error",{type:"error",error:p.error}),c(p.error);let g=p.value;e.signal&&(g.signal=e.signal);let y;try{y=await navigator.credentials.create(g)}catch(R){let E=T(R);return t.emit("error",{type:"error",error:E}),c(E)}try{L(y,"create")}catch(R){let E=T(R);return t.emit("error",{type:"error",error:E}),c(E)}let m;try{m=H(y)}catch(R){let E=T(R);return t.emit("error",{type:"error",error:E}),c(E)}let d=await r.finishRegister({session_id:u,credential:m});if(!d.ok)return t.emit("error",{type:"error",error:d.error}),c(d.error);let _=d.value;return t.emit("success",{type:"success",operation:"register"}),h({success:!0,credential_id:_.credential_id,status:_.status,session_token:_.session_token,user:_.user})}catch(n){let s=T(n);return t.emit("error",{type:"error",error:s}),c(s)}}async function we(e,r,t){t.emit("start",{type:"start",operation:"authenticate"});try{let n=e.externalUserId??e.external_user_id;if(!n||typeof n!="string"||n.trim()==="")return c(I("external_user_id","must be provided (use externalUserId or external_user_id)"));if(!k())return c(ee());let s=await r.startAuth({external_user_id:n.trim()});if(!s.ok)return t.emit("error",{type:"error",error:s.error}),c(s.error);let i=s.value,u=i.session_id,p=ir(i.challenge,e.mediation);if(!p.ok)return t.emit("error",{type:"error",error:p.error}),c(p.error);let g=p.value;e.signal&&(g.signal=e.signal);let y;try{y=await navigator.credentials.get(g)}catch(R){let E=T(R);return t.emit("error",{type:"error",error:E}),c(E)}try{L(y,"get")}catch(R){let E=T(R);return t.emit("error",{type:"error",error:E}),c(E)}let m;try{m=Me(y)}catch(R){let E=T(R);return t.emit("error",{type:"error",error:E}),c(E)}let d=await r.finishAuth({session_id:u,credential:m});if(!d.ok)return t.emit("error",{type:"error",error:d.error}),c(d.error);let _=d.value;return t.emit("success",{type:"success",operation:"authenticate"}),h({authenticated:_.authenticated,session_token:_.session_token,user:_.user,signals:_.signals})}catch(n){let s=T(n);return t.emit("error",{type:"error",error:s}),c(s)}}var or=2e3,ar=60,G=class{constructor(r){this.apiClient=r}async startFlow(r){let t=await this.apiClient.startOnboarding({user_role:r.user_role});if(!t.ok)return c(t.error);let{session_id:n}=t.value;for(let s=0;s<ar;s++){await new Promise(g=>setTimeout(g,or));let i=await this.apiClient.getOnboardingStatus(n);if(!i.ok)return c(i.error);let u=i.value.status,p=i.value.onboarding_url;if(u==="pending_passkey"){let g=await this.apiClient.getOnboardingRegister(n);if(!g.ok)return c(g.error);let y=g.value;if(!y.challenge)return c(b("NOT_SUPPORTED","Onboarding requires user action - complete passkey registration at the provided onboarding_url",{onboarding_url:p}));let m=ge(y.challenge);if(!m.ok)return c(m.error);let d;try{d=await navigator.credentials.create(m.value)}catch(S){return c(T(S))}try{L(d,"create")}catch(S){return c(T(S))}let _;try{_=H(d)}catch(S){return c(T(S))}let R=await this.apiClient.registerOnboardingPasskey(n,{credential:_,challenge:y.challenge.challenge});return R.ok?await this.apiClient.completeOnboarding(n,{company_name:r.company_name}):c(R.error)}if(u==="completed")return await this.apiClient.completeOnboarding(n,{company_name:r.company_name})}return c(b("TIMEOUT","Onboarding timed out"))}};var $=class{handlers;constructor(){this.handlers=new Map}on(r,t){let n=this.handlers.get(r);return n||(n=new Set,this.handlers.set(r,n)),n.add(t),()=>{this.off(r,t)}}off(r,t){let n=this.handlers.get(r);n&&(n.delete(t),n.size===0&&this.handlers.delete(r))}emit(r,t){let n=this.handlers.get(r);n&&n.forEach(s=>{try{s(t)}catch{}})}removeAllListeners(){this.handlers.clear()}};var xe="https://api.trymellonauth.com",De="https://api.trymellonauth.com/v1/telemetry";function Ne(e){return{async send(r){let t=JSON.stringify(r);if(typeof navigator<"u"&&typeof navigator.sendBeacon=="function"){navigator.sendBeacon(e,t);return}typeof fetch<"u"&&await fetch(e,{method:"POST",body:t,headers:{"Content-Type":"application/json"},keepalive:!0})}}}function me(e,r){return{event:e,latencyMs:r,ok:!0}}var X=class{apiClient;eventEmitter;telemetrySender;onboarding;constructor(r){let t=r.appId,n=r.publishableKey;if(!t||typeof t!="string"||t.trim()==="")throw I("appId","must be a non-empty string");if(!n||typeof n!="string"||n.trim()==="")throw I("publishableKey","must be a non-empty string");let s=r.apiBaseUrl??xe;Se(s,"apiBaseUrl");let i=r.timeoutMs??3e4;q(i,"timeoutMs",1e3,3e5),r.maxRetries!==void 0&&q(r.maxRetries,"maxRetries",0,10),r.retryDelayMs!==void 0&&q(r.retryDelayMs,"retryDelayMs",100,1e4);let u=r.maxRetries??3,p=r.retryDelayMs??1e3,g=new Y(i,u,p,r.logger),y={"X-App-Id":t.trim(),Authorization:`Bearer ${n.trim()}`};this.apiClient=new B(g,s,y),this.onboarding=new G(this.apiClient),this.eventEmitter=new $,r.enableTelemetry&&(this.telemetrySender=r.telemetrySender??Ne(r.telemetryEndpoint??De))}static isSupported(){return k()}async register(r){let t=Date.now(),n=await Ce(r,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(me("register",Date.now()-t)).catch(()=>{}),n}async authenticate(r){let t=Date.now(),n=await we(r,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(me("authenticate",Date.now()-t)).catch(()=>{}),n}async validateSession(r){return this.apiClient.validateSession(r)}async getStatus(){return Pe()}on(r,t){return this.eventEmitter.on(r,t)}version(){return"1.1.3"}fallback={email:{start:async r=>this.apiClient.startEmailFallback(r.userId),verify:async r=>this.apiClient.verifyEmailCode(r.userId,r.code)}}};var K=new D.InjectionToken("TRYMELLON_CONFIG"),Ue,fe;Ue=[(0,D.Injectable)({providedIn:"root"})];var M=class{config=(0,D.inject)(K,{optional:!0});_client=null;get client(){if(this._client==null){if(this.config==null)throw new Error("TryMellonService: provide TRYMELLON_CONFIG (e.g. via provideTryMellonConfig(config))");this._client=new X(this.config)}return this._client}};fe=_e(null),M=Ae(fe,0,"TryMellonService",Ue,M),ve(fe,1,M);function yr(e){return{provide:K,useValue:e}}0&&(module.exports={TRYMELLON_CONFIG,TryMellonService,provideTryMellonConfig});
+//# sourceMappingURL=angular.cjs.map

package/dist/angular.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/angular/index.ts","../src/angular/trymellon.service.ts","../src/utils/result.ts","../src/errors.ts","../src/core/validators/helpers.ts","../src/core/validators/register-auth.ts","../src/core/validators/session.ts","../src/core/validators/email.ts","../src/core/validators/onboarding.ts","../src/core/api.ts","../src/core/fetch-client.ts","../src/utils/support.ts","../src/utils/base64url.ts","../src/utils/validation.ts","../src/core/webauthn-utils.ts","../src/core/webauthn.ts","../src/core/onboarding-manager.ts","../src/core/events.ts","../src/core/constants.ts","../src/core/adapters/telemetry-sender.ts","../src/core/ports/telemetry.ts","../src/core/trymellon.ts"],"sourcesContent":["import type { Provider } from '@angular/core';\nimport type { TryMellonConfig } from '../types';\nimport { TRYMELLON_CONFIG } from './trymellon.service';\n\nexport { TryMellonService, TRYMELLON_CONFIG } from './trymellon.service';\n\nexport function provideTryMellonConfig(config: TryMellonConfig): Provider {\n return { provide: TRYMELLON_CONFIG, useValue: config } as Provider;\n}\n","import { Injectable, InjectionToken, inject } from '@angular/core';\nimport { TryMellon } from '../core/trymellon';\nimport type { TryMellonConfig } from '../types';\n\nexport const TRYMELLON_CONFIG = new InjectionToken<TryMellonConfig>('TRYMELLON_CONFIG');\n\n@Injectable({ providedIn: 'root' })\nexport class TryMellonService {\n private readonly config = inject(TRYMELLON_CONFIG, { optional: true });\n private _client: TryMellon | null = null;\n\n get client(): TryMellon {\n if (this._client == null) {\n if (this.config == null) {\n throw new Error(\n 'TryMellonService: provide TRYMELLON_CONFIG (e.g. via provideTryMellonConfig(config))'\n );\n }\n this._client = new TryMellon(this.config);\n }\n return this._client;\n }\n}\n","export type Result<T, E> = { ok: true; value: T } | { ok: false; error: E };\n\nexport const ok = <T>(value: T): Result<T, never> => ({ ok: true, value });\nexport const err = <E>(error: E): Result<never, E> => ({ ok: false, error });\n\nexport function map<T, E, U>(result: Result<T, E>, mapper: (value: T) => U): Result<U, E> {\n if (result.ok) {\n return ok(mapper(result.value));\n }\n return result;\n}\n\nexport function mapErr<T, E, F>(result: Result<T, E>, mapper: (error: E) => F): Result<T, F> {\n if (!result.ok) {\n return err(mapper(result.error));\n }\n return result;\n}\n\nexport function unwrap<T, E>(result: Result<T, E>): T {\n if (result.ok) {\n return result.value;\n }\n throw result.error;\n}\n","export type TryMellonErrorCode =\n | 'NOT_SUPPORTED'\n | 'USER_CANCELLED'\n | 'PASSKEY_NOT_FOUND'\n | 'SESSION_EXPIRED'\n | 'NETWORK_FAILURE'\n | 'INVALID_ARGUMENT'\n | 'TIMEOUT'\n | 'ABORTED'\n | 'UNKNOWN_ERROR';\n\nexport class TryMellonError extends Error {\n readonly code: TryMellonErrorCode;\n readonly details?: unknown;\n readonly isTryMellonError = true;\n\n constructor(code: TryMellonErrorCode, message: string, details?: unknown) {\n super(message);\n this.name = 'TryMellonError';\n this.code = code;\n this.details = details;\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, TryMellonError);\n }\n }\n}\n\nconst DEFAULT_MESSAGES: Record<TryMellonErrorCode, string> = {\n NOT_SUPPORTED: 'WebAuthn is not supported in this environment',\n USER_CANCELLED: 'User cancelled the operation',\n PASSKEY_NOT_FOUND: 'Passkey not found',\n SESSION_EXPIRED: 'Session has expired',\n NETWORK_FAILURE: 'Network request failed',\n INVALID_ARGUMENT: 'Invalid argument provided',\n TIMEOUT: 'Operation timed out',\n ABORTED: 'Operation was aborted',\n UNKNOWN_ERROR: 'An unknown error occurred',\n};\n\nexport function createError(\n code: TryMellonErrorCode,\n message?: string,\n details?: unknown\n): TryMellonError {\n return new TryMellonError(code, message ?? DEFAULT_MESSAGES[code], details);\n}\n\nexport function isTryMellonError(error: unknown): error is TryMellonError {\n return (\n error instanceof TryMellonError ||\n (typeof error === 'object' &&\n error !== null &&\n 'isTryMellonError' in error &&\n (error as TryMellonError).isTryMellonError === true)\n );\n}\n\nexport function createNotSupportedError(): TryMellonError {\n return createError('NOT_SUPPORTED');\n}\n\nexport function createUserCancelledError(): TryMellonError {\n return createError('USER_CANCELLED');\n}\n\nexport function createNetworkError(cause?: Error): TryMellonError {\n return createError('NETWORK_FAILURE', undefined, {\n cause: cause?.message,\n originalError: cause,\n });\n}\n\nexport function createTimeoutError(): TryMellonError {\n return createError('TIMEOUT');\n}\n\nexport function createInvalidArgumentError(field: string, reason: string): TryMellonError {\n return createError('INVALID_ARGUMENT', `Invalid argument: ${field} - ${reason}`, {\n field,\n reason,\n });\n}\n\nexport function createCredentialError(operation: 'create' | 'get'): TryMellonError {\n return createError('UNKNOWN_ERROR', `Failed to ${operation} credential`, { operation });\n}\n\nexport function createEncodingError(type: 'encode' | 'decode'): TryMellonError {\n return createError(\n 'NOT_SUPPORTED',\n `No base64 ${type === 'encode' ? 'encoding' : 'decoding'} available`,\n { type }\n );\n}\n\nexport function validateNonEmptyString(value: unknown, fieldName: string): asserts value is string {\n if (!value || typeof value !== 'string' || value.trim() === '') {\n throw createInvalidArgumentError(fieldName, 'must be a non-empty string');\n }\n}\n\nexport function validateUrl(url: string, fieldName: string): void {\n try {\n const urlObj = new URL(url);\n if (urlObj.protocol !== 'https:' && urlObj.protocol !== 'http:') {\n throw createInvalidArgumentError(fieldName, 'must use http or https protocol');\n }\n } catch (error) {\n if (isTryMellonError(error)) {\n throw error;\n }\n throw createInvalidArgumentError(fieldName, 'must be a valid URL');\n }\n}\n\nexport function validateRange(value: number, fieldName: string, min: number, max: number): void {\n if (value < min || value > max) {\n throw createInvalidArgumentError(fieldName, `must be between ${min} and ${max}`);\n }\n}\n\nexport function validateBase64Url(s: string, fieldName: string): void {\n if (typeof s !== 'string' || s.length === 0) {\n throw createInvalidArgumentError(fieldName, 'must be a non-empty string');\n }\n if (!/^[A-Za-z0-9_-]+$/.test(s)) {\n throw createInvalidArgumentError(fieldName, 'must be a valid base64url string');\n }\n}\n\nconst DOM_EXCEPTION_ERROR_MAP: Record<string, TryMellonErrorCode> = {\n NotAllowedError: 'USER_CANCELLED',\n AbortError: 'ABORTED',\n NotSupportedError: 'NOT_SUPPORTED',\n SecurityError: 'NOT_SUPPORTED',\n InvalidStateError: 'UNKNOWN_ERROR',\n UnknownError: 'UNKNOWN_ERROR',\n};\n\nexport function mapWebAuthnError(error: unknown): TryMellonError {\n if (error instanceof DOMException) {\n const name = error.name;\n const message = error.message || 'WebAuthn operation failed';\n const errorCode = DOM_EXCEPTION_ERROR_MAP[name] ?? 'UNKNOWN_ERROR';\n return createError(errorCode, message, { originalError: error });\n }\n\n if (error instanceof Error) {\n return createError('UNKNOWN_ERROR', error.message, { originalError: error });\n }\n\n return createError('UNKNOWN_ERROR', 'An unknown error occurred', {\n originalError: error,\n });\n}\n","import type { Result } from '../../utils/result';\nimport { err } from '../../utils/result';\nimport { createError, type TryMellonError } from '../../errors';\n\nexport function isObject(value: unknown): value is Record<string, unknown> {\n return typeof value === 'object' && value !== null && !Array.isArray(value);\n}\n\nexport function isString(value: unknown): value is string {\n return typeof value === 'string';\n}\n\nexport function isNumber(value: unknown): value is number {\n return typeof value === 'number' && Number.isFinite(value);\n}\n\nexport function isBoolean(value: unknown): value is boolean {\n return typeof value === 'boolean';\n}\n\nexport function isArray(value: unknown): value is unknown[] {\n return Array.isArray(value);\n}\n\nexport function validationError(\n message: string,\n details?: { field?: string; expected?: string; originalData?: unknown }\n): Result<never, TryMellonError> {\n return err(\n createError('NETWORK_FAILURE', message, {\n ...details,\n originalData: details?.originalData,\n })\n );\n}\n\nexport function required(obj: Record<string, unknown>, key: string): unknown {\n return obj[key];\n}\n\nexport function optionalString(obj: Record<string, unknown>, key: string): string | undefined {\n const v = obj[key];\n return v === undefined ? undefined : typeof v === 'string' ? v : undefined;\n}\n","import type { Result } from '../../utils/result';\nimport { ok } from '../../utils/result';\nimport type {\n RegisterStartResponse,\n AuthStartResponse,\n RegisterFinishResponse,\n AuthFinishResponse,\n} from '../../types';\nimport type { TryMellonError } from '../../errors';\nimport {\n isObject,\n isString,\n isNumber,\n isBoolean,\n isArray,\n validationError,\n required,\n} from './helpers';\n\nexport function validateRegisterStartResponse(\n data: unknown\n): Result<RegisterStartResponse, TryMellonError> {\n if (!isObject(data)) {\n return validationError('Invalid API response: expected object', { originalData: data });\n }\n\n const session_id = required(data, 'session_id');\n if (!isString(session_id)) {\n return validationError('Invalid API response: session_id must be string', {\n field: 'session_id',\n originalData: data,\n });\n }\n\n const challenge = required(data, 'challenge');\n if (!isObject(challenge)) {\n return validationError('Invalid API response: challenge must be object', {\n field: 'challenge',\n originalData: data,\n });\n }\n\n const rp = required(challenge, 'rp');\n if (\n !isObject(rp) ||\n !isString((rp as Record<string, unknown>).name) ||\n !isString((rp as Record<string, unknown>).id)\n ) {\n return validationError('Invalid API response: challenge.rp must have name and id strings', {\n originalData: data,\n });\n }\n\n const user = required(challenge, 'user');\n if (\n !isObject(user) ||\n !isString((user as Record<string, unknown>).id) ||\n !isString((user as Record<string, unknown>).name) ||\n !isString((user as Record<string, unknown>).displayName)\n ) {\n return validationError(\n 'Invalid API response: challenge.user must have id, name, displayName strings',\n {\n originalData: data,\n }\n );\n }\n\n const challengeStr = required(challenge, 'challenge');\n if (!isString(challengeStr)) {\n return validationError('Invalid API response: challenge.challenge must be string', {\n originalData: data,\n });\n }\n\n const pubKeyCredParams = required(challenge, 'pubKeyCredParams');\n if (!isArray(pubKeyCredParams)) {\n return validationError('Invalid API response: challenge.pubKeyCredParams must be array', {\n originalData: data,\n });\n }\n for (const item of pubKeyCredParams) {\n if (\n !isObject(item) ||\n (item as Record<string, unknown>).type !== 'public-key' ||\n !isNumber((item as Record<string, unknown>).alg)\n ) {\n return validationError(\n 'Invalid API response: pubKeyCredParams items must have type and alg',\n {\n originalData: data,\n }\n );\n }\n }\n\n const timeout = challenge.timeout;\n if (timeout !== undefined && !isNumber(timeout)) {\n return validationError('Invalid API response: challenge.timeout must be number', {\n originalData: data,\n });\n }\n\n const excludeCredentials = challenge.excludeCredentials;\n if (excludeCredentials !== undefined) {\n if (!isArray(excludeCredentials)) {\n return validationError('Invalid API response: excludeCredentials must be array', {\n originalData: data,\n });\n }\n for (const c of excludeCredentials) {\n if (\n !isObject(c) ||\n (c as Record<string, unknown>).type !== 'public-key' ||\n !isString((c as Record<string, unknown>).id)\n ) {\n return validationError(\n 'Invalid API response: excludeCredentials items must have id and type',\n {\n originalData: data,\n }\n );\n }\n }\n }\n\n const authenticatorSelection = challenge.authenticatorSelection;\n if (authenticatorSelection !== undefined && !isObject(authenticatorSelection)) {\n return validationError('Invalid API response: authenticatorSelection must be object', {\n originalData: data,\n });\n }\n\n return ok({\n session_id,\n challenge: {\n rp: rp as RegisterStartResponse['challenge']['rp'],\n user: user as RegisterStartResponse['challenge']['user'],\n challenge: challengeStr,\n pubKeyCredParams: pubKeyCredParams as RegisterStartResponse['challenge']['pubKeyCredParams'],\n ...(timeout !== undefined && { timeout }),\n ...(excludeCredentials !== undefined && {\n excludeCredentials:\n excludeCredentials as RegisterStartResponse['challenge']['excludeCredentials'],\n }),\n ...(authenticatorSelection !== undefined && {\n authenticatorSelection:\n authenticatorSelection as RegisterStartResponse['challenge']['authenticatorSelection'],\n }),\n },\n });\n}\n\nexport function validateAuthStartResponse(\n data: unknown\n): Result<AuthStartResponse, TryMellonError> {\n if (!isObject(data)) {\n return validationError('Invalid API response: expected object', { originalData: data });\n }\n\n const session_id = required(data, 'session_id');\n if (!isString(session_id)) {\n return validationError('Invalid API response: session_id must be string', {\n field: 'session_id',\n originalData: data,\n });\n }\n\n const challenge = required(data, 'challenge');\n if (!isObject(challenge)) {\n return validationError('Invalid API response: challenge must be object', {\n field: 'challenge',\n originalData: data,\n });\n }\n\n const ch = required(challenge, 'challenge');\n const rpId = required(challenge, 'rpId');\n const allowCredentials = challenge.allowCredentials;\n if (!isString(ch)) {\n return validationError('Invalid API response: challenge.challenge must be string', {\n originalData: data,\n });\n }\n if (!isString(rpId)) {\n return validationError('Invalid API response: challenge.rpId must be string', {\n originalData: data,\n });\n }\n if (allowCredentials !== undefined && !isArray(allowCredentials)) {\n return validationError('Invalid API response: allowCredentials must be array', {\n originalData: data,\n });\n }\n if (allowCredentials) {\n for (const c of allowCredentials) {\n if (\n !isObject(c) ||\n (c as Record<string, unknown>).type !== 'public-key' ||\n !isString((c as Record<string, unknown>).id)\n ) {\n return validationError(\n 'Invalid API response: allowCredentials items must have id and type',\n {\n originalData: data,\n }\n );\n }\n }\n }\n\n const timeout = challenge.timeout;\n if (timeout !== undefined && !isNumber(timeout)) {\n return validationError('Invalid API response: challenge.timeout must be number', {\n originalData: data,\n });\n }\n\n const userVerification = challenge.userVerification;\n if (\n userVerification !== undefined &&\n !['required', 'preferred', 'discouraged'].includes(String(userVerification))\n ) {\n return validationError(\n 'Invalid API response: userVerification must be required|preferred|discouraged',\n {\n originalData: data,\n }\n );\n }\n\n return ok({\n session_id,\n challenge: {\n challenge: ch,\n rpId,\n allowCredentials:\n (allowCredentials as AuthStartResponse['challenge']['allowCredentials']) ?? [],\n ...(timeout !== undefined && { timeout }),\n ...(userVerification !== undefined && {\n userVerification: userVerification as AuthStartResponse['challenge']['userVerification'],\n }),\n },\n });\n}\n\nexport function validateRegisterFinishResponse(\n data: unknown\n): Result<RegisterFinishResponse, TryMellonError> {\n if (!isObject(data)) {\n return validationError('Invalid API response: expected object', { originalData: data });\n }\n\n const credential_id = required(data, 'credential_id');\n const status = required(data, 'status');\n const session_token = required(data, 'session_token');\n const user = required(data, 'user');\n\n if (!isString(credential_id)) {\n return validationError('Invalid API response: credential_id must be string', {\n field: 'credential_id',\n originalData: data,\n });\n }\n if (!isString(status)) {\n return validationError('Invalid API response: status must be string', {\n field: 'status',\n originalData: data,\n });\n }\n if (!isString(session_token)) {\n return validationError('Invalid API response: session_token must be string', {\n field: 'session_token',\n originalData: data,\n });\n }\n if (!isObject(user)) {\n return validationError('Invalid API response: user must be object', {\n field: 'user',\n originalData: data,\n });\n }\n\n const userId = required(user, 'user_id');\n const externalUserId = required(user, 'external_user_id');\n if (!isString(userId) || !isString(externalUserId)) {\n return validationError(\n 'Invalid API response: user must have user_id and external_user_id strings',\n {\n originalData: data,\n }\n );\n }\n\n const email = user.email;\n const metadata = user.metadata;\n if (email !== undefined && !isString(email)) {\n return validationError('Invalid API response: user.email must be string', {\n originalData: data,\n });\n }\n if (metadata !== undefined && (typeof metadata !== 'object' || metadata === null)) {\n return validationError('Invalid API response: user.metadata must be object', {\n originalData: data,\n });\n }\n\n return ok({\n credential_id,\n status,\n session_token,\n user: {\n user_id: userId,\n external_user_id: externalUserId,\n ...(email !== undefined && { email }),\n ...(metadata !== undefined && { metadata: metadata as Record<string, unknown> }),\n },\n });\n}\n\nexport function validateAuthFinishResponse(\n data: unknown\n): Result<AuthFinishResponse, TryMellonError> {\n if (!isObject(data)) {\n return validationError('Invalid API response: expected object', { originalData: data });\n }\n\n const authenticated = required(data, 'authenticated');\n const session_token = required(data, 'session_token');\n const user = required(data, 'user');\n const signals = required(data, 'signals');\n\n if (!isBoolean(authenticated)) {\n return validationError('Invalid API response: authenticated must be boolean', {\n field: 'authenticated',\n originalData: data,\n });\n }\n if (!isString(session_token)) {\n return validationError('Invalid API response: session_token must be string', {\n field: 'session_token',\n originalData: data,\n });\n }\n if (!isObject(user)) {\n return validationError('Invalid API response: user must be object', {\n field: 'user',\n originalData: data,\n });\n }\n\n const userId = required(user, 'user_id');\n const externalUserId = required(user, 'external_user_id');\n if (!isString(userId) || !isString(externalUserId)) {\n return validationError(\n 'Invalid API response: user must have user_id and external_user_id strings',\n {\n originalData: data,\n }\n );\n }\n\n if (signals !== undefined && !isObject(signals)) {\n return validationError('Invalid API response: signals must be object', {\n originalData: data,\n });\n }\n\n return ok({\n authenticated,\n session_token,\n user: {\n user_id: userId,\n external_user_id: externalUserId,\n ...(user.email !== undefined && { email: user.email as string }),\n ...(user.metadata !== undefined && { metadata: user.metadata as Record<string, unknown> }),\n },\n signals: signals as AuthFinishResponse['signals'],\n });\n}\n","import type { Result } from '../../utils/result';\nimport { ok } from '../../utils/result';\nimport type { SessionValidateResponse } from '../../types';\nimport type { TryMellonError } from '../../errors';\nimport { isObject, isString, isBoolean, required, validationError } from './helpers';\n\nexport function validateSessionValidateResponse(\n data: unknown\n): Result<SessionValidateResponse, TryMellonError> {\n if (!isObject(data)) {\n return validationError('Invalid API response: expected object', { originalData: data });\n }\n\n const valid = required(data, 'valid');\n const user_id = required(data, 'user_id');\n const external_user_id = required(data, 'external_user_id');\n const tenant_id = required(data, 'tenant_id');\n const app_id = required(data, 'app_id');\n\n if (!isBoolean(valid)) {\n return validationError('Invalid API response: valid must be boolean', {\n field: 'valid',\n originalData: data,\n });\n }\n if (!isString(user_id)) {\n return validationError('Invalid API response: user_id must be string', {\n field: 'user_id',\n originalData: data,\n });\n }\n if (!isString(external_user_id)) {\n return validationError('Invalid API response: external_user_id must be string', {\n field: 'external_user_id',\n originalData: data,\n });\n }\n if (!isString(tenant_id)) {\n return validationError('Invalid API response: tenant_id must be string', {\n field: 'tenant_id',\n originalData: data,\n });\n }\n if (!isString(app_id)) {\n return validationError('Invalid API response: app_id must be string', {\n field: 'app_id',\n originalData: data,\n });\n }\n\n return ok({\n valid,\n user_id,\n external_user_id,\n tenant_id,\n app_id,\n });\n}\n","import type { Result } from '../../utils/result';\nimport { ok } from '../../utils/result';\nimport type { TryMellonError } from '../../errors';\nimport { isObject, isString, required, validationError } from './helpers';\n\nexport function validateEmailVerifyResponse(\n data: unknown\n): Result<{ sessionToken: string }, TryMellonError> {\n if (!isObject(data)) {\n return validationError('Invalid API response: expected object', { originalData: data });\n }\n\n const sessionToken = required(data, 'sessionToken');\n if (!isString(sessionToken)) {\n return validationError('Invalid API response: sessionToken must be string', {\n field: 'sessionToken',\n originalData: data,\n });\n }\n\n return ok({ sessionToken });\n}\n","import type { Result } from '../../utils/result';\nimport { ok } from '../../utils/result';\nimport type {\n OnboardingStartResponse,\n OnboardingStatusResponse,\n OnboardingRegisterResponse,\n OnboardingRegisterPasskeyResponse,\n OnboardingCompleteResponse,\n RegisterStartResponse,\n} from '../../types';\nimport type { TryMellonError } from '../../errors';\nimport { isObject, isString, isNumber, isArray, required, validationError } from './helpers';\n\nconst ONBOARDING_STATUSES = ['pending_passkey', 'pending_data', 'completed'] as const;\nconst REGISTER_PASSKEY_STATUSES = ['pending_data', 'completed'] as const;\n\nexport function validateOnboardingStartResponse(\n data: unknown\n): Result<OnboardingStartResponse, TryMellonError> {\n if (!isObject(data)) {\n return validationError('Invalid API response: expected object', { originalData: data });\n }\n\n const session_id = required(data, 'session_id');\n const onboarding_url = required(data, 'onboarding_url');\n const expires_in = required(data, 'expires_in');\n\n if (!isString(session_id)) {\n return validationError('Invalid API response: session_id must be string', {\n field: 'session_id',\n originalData: data,\n });\n }\n if (!isString(onboarding_url)) {\n return validationError('Invalid API response: onboarding_url must be string', {\n field: 'onboarding_url',\n originalData: data,\n });\n }\n if (!isNumber(expires_in)) {\n return validationError('Invalid API response: expires_in must be number', {\n field: 'expires_in',\n originalData: data,\n });\n }\n\n return ok({ session_id, onboarding_url, expires_in });\n}\n\nexport function validateOnboardingStatusResponse(\n data: unknown\n): Result<OnboardingStatusResponse, TryMellonError> {\n if (!isObject(data)) {\n return validationError('Invalid API response: expected object', { originalData: data });\n }\n\n const status = required(data, 'status');\n const onboarding_url = required(data, 'onboarding_url');\n const expires_in = required(data, 'expires_in');\n\n if (\n !isString(status) ||\n !ONBOARDING_STATUSES.includes(status as (typeof ONBOARDING_STATUSES)[number])\n ) {\n return validationError(\n 'Invalid API response: status must be pending_passkey|pending_data|completed',\n {\n field: 'status',\n originalData: data,\n }\n );\n }\n if (!isString(onboarding_url)) {\n return validationError('Invalid API response: onboarding_url must be string', {\n originalData: data,\n });\n }\n if (!isNumber(expires_in)) {\n return validationError('Invalid API response: expires_in must be number', {\n originalData: data,\n });\n }\n\n return ok({\n status: status as OnboardingStatusResponse['status'],\n onboarding_url,\n expires_in,\n });\n}\n\n/** Response may include optional challenge for same-device passkey registration */\nexport type OnboardingRegisterResponseWithChallenge = OnboardingRegisterResponse & {\n challenge?: RegisterStartResponse['challenge'];\n};\n\nexport function validateOnboardingRegisterResponse(\n data: unknown\n): Result<OnboardingRegisterResponseWithChallenge, TryMellonError> {\n if (!isObject(data)) {\n return validationError('Invalid API response: expected object', { originalData: data });\n }\n\n const session_id = required(data, 'session_id');\n const status = required(data, 'status');\n const onboarding_url = required(data, 'onboarding_url');\n\n if (!isString(session_id)) {\n return validationError('Invalid API response: session_id must be string', {\n field: 'session_id',\n originalData: data,\n });\n }\n if (status !== 'pending_passkey') {\n return validationError('Invalid API response: status must be pending_passkey', {\n field: 'status',\n originalData: data,\n });\n }\n if (!isString(onboarding_url)) {\n return validationError('Invalid API response: onboarding_url must be string', {\n originalData: data,\n });\n }\n\n const challenge = data.challenge;\n let parsedChallenge: RegisterStartResponse['challenge'] | undefined;\n if (challenge !== undefined) {\n const chResult = validateOnboardingChallenge(challenge);\n if (!chResult.ok) return chResult;\n parsedChallenge = chResult.value;\n }\n\n return ok({\n session_id,\n status: 'pending_passkey',\n onboarding_url,\n ...(parsedChallenge !== undefined && { challenge: parsedChallenge }),\n });\n}\n\nfunction validateOnboardingChallenge(\n data: unknown\n): Result<RegisterStartResponse['challenge'], TryMellonError> {\n if (!isObject(data)) {\n return validationError('Invalid API response: challenge must be object', {\n originalData: data,\n });\n }\n\n const rp = required(data, 'rp');\n const user = required(data, 'user');\n const challengeStr = required(data, 'challenge');\n const pubKeyCredParams = required(data, 'pubKeyCredParams');\n\n if (\n !isObject(rp) ||\n !isString((rp as Record<string, unknown>).name) ||\n !isString((rp as Record<string, unknown>).id)\n ) {\n return validationError('Invalid API response: challenge.rp must have name and id', {\n originalData: data,\n });\n }\n if (\n !isObject(user) ||\n !isString((user as Record<string, unknown>).id) ||\n !isString((user as Record<string, unknown>).name) ||\n !isString((user as Record<string, unknown>).displayName)\n ) {\n return validationError('Invalid API response: challenge.user must have id, name, displayName', {\n originalData: data,\n });\n }\n if (!isString(challengeStr)) {\n return validationError('Invalid API response: challenge.challenge must be string', {\n originalData: data,\n });\n }\n if (!isArray(pubKeyCredParams)) {\n return validationError('Invalid API response: challenge.pubKeyCredParams must be array', {\n originalData: data,\n });\n }\n for (const item of pubKeyCredParams) {\n if (\n !isObject(item) ||\n (item as Record<string, unknown>).type !== 'public-key' ||\n !isNumber((item as Record<string, unknown>).alg)\n ) {\n return validationError(\n 'Invalid API response: pubKeyCredParams items must have type and alg',\n {\n originalData: data,\n }\n );\n }\n }\n\n return ok({\n rp: rp as RegisterStartResponse['challenge']['rp'],\n user: user as RegisterStartResponse['challenge']['user'],\n challenge: challengeStr,\n pubKeyCredParams: pubKeyCredParams as RegisterStartResponse['challenge']['pubKeyCredParams'],\n });\n}\n\nexport function validateOnboardingRegisterPasskeyResponse(\n data: unknown\n): Result<OnboardingRegisterPasskeyResponse, TryMellonError> {\n if (!isObject(data)) {\n return validationError('Invalid API response: expected object', { originalData: data });\n }\n\n const session_id = required(data, 'session_id');\n const status = required(data, 'status');\n const user_id = required(data, 'user_id');\n const tenant_id = required(data, 'tenant_id');\n\n if (!isString(session_id)) {\n return validationError('Invalid API response: session_id must be string', {\n originalData: data,\n });\n }\n if (\n !isString(status) ||\n !REGISTER_PASSKEY_STATUSES.includes(status as (typeof REGISTER_PASSKEY_STATUSES)[number])\n ) {\n return validationError('Invalid API response: status must be pending_data|completed', {\n originalData: data,\n });\n }\n if (!isString(user_id)) {\n return validationError('Invalid API response: user_id must be string', {\n originalData: data,\n });\n }\n if (!isString(tenant_id)) {\n return validationError('Invalid API response: tenant_id must be string', {\n originalData: data,\n });\n }\n\n return ok({\n session_id,\n status: status as OnboardingRegisterPasskeyResponse['status'],\n user_id,\n tenant_id,\n });\n}\n\nexport function validateOnboardingCompleteResponse(\n data: unknown\n): Result<OnboardingCompleteResponse, TryMellonError> {\n if (!isObject(data)) {\n return validationError('Invalid API response: expected object', { originalData: data });\n }\n\n const session_id = required(data, 'session_id');\n const status = required(data, 'status');\n const user_id = required(data, 'user_id');\n const tenant_id = required(data, 'tenant_id');\n const session_token = required(data, 'session_token');\n\n if (!isString(session_id)) {\n return validationError('Invalid API response: session_id must be string', {\n originalData: data,\n });\n }\n if (status !== 'completed') {\n return validationError('Invalid API response: status must be completed', {\n originalData: data,\n });\n }\n if (!isString(user_id) || !isString(tenant_id) || !isString(session_token)) {\n return validationError(\n 'Invalid API response: user_id, tenant_id, session_token must be strings',\n { originalData: data }\n );\n }\n\n return ok({\n session_id,\n status: 'completed',\n user_id,\n tenant_id,\n session_token,\n });\n}\n","import type { HttpClient } from './http-client';\nimport type { Result } from '../utils/result';\nimport { ok, err } from '../utils/result';\nimport type { TryMellonError } from '../errors';\nimport {\n validateRegisterStartResponse,\n validateAuthStartResponse,\n validateRegisterFinishResponse,\n validateAuthFinishResponse,\n validateSessionValidateResponse,\n validateEmailVerifyResponse,\n validateOnboardingStartResponse,\n validateOnboardingStatusResponse,\n validateOnboardingRegisterResponse,\n validateOnboardingRegisterPasskeyResponse,\n validateOnboardingCompleteResponse,\n} from './validators';\nimport type {\n RegisterStartRequest,\n RegisterStartResponse,\n AuthStartRequest,\n AuthStartResponse,\n RegisterFinishRequest,\n RegisterFinishResponse,\n AuthFinishRequest,\n AuthFinishResponse,\n SessionValidateResponse,\n OnboardingStartRequest,\n OnboardingStartResponse,\n OnboardingStatusResponse,\n OnboardingRegisterPasskeyRequest,\n OnboardingRegisterPasskeyResponse,\n OnboardingCompleteRequest,\n OnboardingCompleteResponse,\n} from '../types';\nimport type { OnboardingRegisterResponseWithChallenge } from './validators';\n\nexport class ApiClient {\n constructor(\n private readonly httpClient: HttpClient,\n private readonly baseUrl: string,\n private readonly defaultHeaders: Record<string, string> = {}\n ) {}\n\n private mergeHeaders(extra?: Record<string, string>): Record<string, string> {\n return { ...this.defaultHeaders, ...extra };\n }\n\n private async post<Req, Res>(\n path: string,\n body: Req,\n validate: (data: unknown) => Result<Res, TryMellonError>\n ): Promise<Result<Res, TryMellonError>> {\n const url = `${this.baseUrl}${path}`;\n const result = await this.httpClient.post<unknown>(url, body, this.mergeHeaders());\n\n if (!result.ok) {\n return err(result.error);\n }\n\n return validate(result.value);\n }\n\n private async get<Res>(\n path: string,\n validate: (data: unknown) => Result<Res, TryMellonError>,\n headers?: Record<string, string>\n ): Promise<Result<Res, TryMellonError>> {\n const url = `${this.baseUrl}${path}`;\n const result = await this.httpClient.get<unknown>(url, this.mergeHeaders(headers));\n\n if (!result.ok) {\n return err(result.error);\n }\n\n return validate(result.value);\n }\n\n async startRegister(\n request: RegisterStartRequest\n ): Promise<Result<RegisterStartResponse, TryMellonError>> {\n return this.post('/v1/passkeys/register/start', request, validateRegisterStartResponse);\n }\n\n async startAuth(request: AuthStartRequest): Promise<Result<AuthStartResponse, TryMellonError>> {\n return this.post('/v1/passkeys/auth/start', request, validateAuthStartResponse);\n }\n\n async finishRegister(\n request: RegisterFinishRequest\n ): Promise<Result<RegisterFinishResponse, TryMellonError>> {\n return this.post('/v1/passkeys/register/finish', request, validateRegisterFinishResponse);\n }\n\n async finishAuth(\n request: AuthFinishRequest\n ): Promise<Result<AuthFinishResponse, TryMellonError>> {\n return this.post('/v1/passkeys/auth/finish', request, validateAuthFinishResponse);\n }\n\n async validateSession(\n sessionToken: string\n ): Promise<Result<SessionValidateResponse, TryMellonError>> {\n return this.get('/v1/sessions/validate', validateSessionValidateResponse, {\n Authorization: `Bearer ${sessionToken}`,\n });\n }\n\n async startEmailFallback(userId: string): Promise<Result<void, TryMellonError>> {\n const url = `${this.baseUrl}/v1/fallback/email/start`;\n const result = await this.httpClient.post<unknown>(url, { userId }, this.mergeHeaders());\n if (!result.ok) return err(result.error);\n return ok(undefined);\n }\n\n async verifyEmailCode(\n userId: string,\n code: string\n ): Promise<Result<{ sessionToken: string }, TryMellonError>> {\n return this.post('/v1/fallback/email/verify', { userId, code }, validateEmailVerifyResponse);\n }\n\n async startOnboarding(\n request: OnboardingStartRequest\n ): Promise<Result<OnboardingStartResponse, TryMellonError>> {\n return this.post('/onboarding/start', request, validateOnboardingStartResponse);\n }\n\n async getOnboardingStatus(\n sessionId: string\n ): Promise<Result<OnboardingStatusResponse, TryMellonError>> {\n return this.get(`/onboarding/${sessionId}/status`, validateOnboardingStatusResponse);\n }\n\n async getOnboardingRegister(\n sessionId: string\n ): Promise<Result<OnboardingRegisterResponseWithChallenge, TryMellonError>> {\n return this.get(`/onboarding/${sessionId}/register`, validateOnboardingRegisterResponse);\n }\n\n async registerOnboardingPasskey(\n sessionId: string,\n request: OnboardingRegisterPasskeyRequest\n ): Promise<Result<OnboardingRegisterPasskeyResponse, TryMellonError>> {\n return this.post(\n `/onboarding/${sessionId}/register-passkey`,\n request,\n validateOnboardingRegisterPasskeyResponse\n );\n }\n\n async completeOnboarding(\n sessionId: string,\n request: OnboardingCompleteRequest\n ): Promise<Result<OnboardingCompleteResponse, TryMellonError>> {\n return this.post(\n `/onboarding/${sessionId}/complete`,\n request,\n validateOnboardingCompleteResponse\n );\n }\n}\n","import type { HttpClient } from './http-client';\nimport type { Logger } from './ports/logger';\nimport type { Result } from '../utils/result';\nimport { ok, err } from '../utils/result';\nimport { createError, type TryMellonError, type TryMellonErrorCode } from '../errors';\n\nconst RETRY_DELAY_CAP_MS = 30_000;\n\nfunction generateRequestId(): string {\n if (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function') {\n return crypto.randomUUID();\n }\n return `${Date.now()}-${Math.random().toString(36).slice(2, 11)}`;\n}\n\n/**\n * Exponential backoff delay for a given attempt (0-based).\n * Cap at RETRY_DELAY_CAP_MS.\n */\nexport function getRetryDelayMs(attempt: number, baseMs: number): number {\n const delay = baseMs * Math.pow(2, attempt);\n return Math.min(delay, RETRY_DELAY_CAP_MS);\n}\n\nfunction shouldRetryOnStatus(method: string, status: number): boolean {\n if (method !== 'GET') return false;\n return status >= 500 || status === 429;\n}\n\nexport class FetchHttpClient implements HttpClient {\n constructor(\n private readonly timeoutMs: number,\n private readonly maxRetries: number = 0,\n private readonly retryDelayMs: number = 1000,\n private readonly logger?: Logger\n ) {}\n\n async get<T>(url: string, headers?: Record<string, string>): Promise<Result<T, TryMellonError>> {\n return this.request<T>(url, { method: 'GET', headers });\n }\n\n async post<T>(\n url: string,\n body: unknown,\n headers?: Record<string, string>\n ): Promise<Result<T, TryMellonError>> {\n return this.request<T>(url, {\n method: 'POST',\n body: JSON.stringify(body),\n headers: { 'Content-Type': 'application/json', ...headers },\n });\n }\n\n private async request<T>(url: string, config: RequestInit): Promise<Result<T, TryMellonError>> {\n const method = (config.method ?? 'GET').toUpperCase();\n const requestId = generateRequestId();\n const headers = new Headers(config.headers as HeadersInit);\n headers.set('X-Request-Id', requestId);\n\n if (this.logger) {\n this.logger.debug('request', { requestId, url, method });\n }\n\n let lastError: TryMellonError | Error | unknown;\n\n for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\n try {\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);\n\n const response = await fetch(url, {\n ...config,\n headers,\n signal: controller.signal,\n });\n\n clearTimeout(timeoutId);\n\n if (!response.ok) {\n let errorData: unknown;\n try {\n errorData = await response.json();\n } catch {\n // Ignore JSON parse error\n }\n\n const body = errorData as { message?: string; error?: string } | undefined;\n const message = body?.message ?? response.statusText;\n const code = (body?.error as TryMellonErrorCode | undefined) ?? 'NETWORK_FAILURE';\n const errResult = createError(code, message, {\n requestId,\n status: response.status,\n statusText: response.statusText,\n data: errorData,\n });\n\n if (shouldRetryOnStatus(method, response.status) && attempt < this.maxRetries) {\n lastError = errResult;\n await new Promise((resolve) =>\n setTimeout(resolve, getRetryDelayMs(attempt, this.retryDelayMs))\n );\n continue;\n }\n\n return err(errResult);\n }\n\n const data = (await response.json()) as T;\n return ok(data);\n } catch (error) {\n lastError = error;\n const isGet = method === 'GET';\n if (isGet && attempt < this.maxRetries) {\n await new Promise((resolve) =>\n setTimeout(resolve, getRetryDelayMs(attempt, this.retryDelayMs))\n );\n } else {\n break;\n }\n }\n }\n\n if (lastError instanceof Error && lastError.name === 'AbortError') {\n return err(createError('TIMEOUT', 'Request timed out', { requestId }));\n }\n\n return err(\n createError(\n 'NETWORK_FAILURE',\n lastError instanceof Error ? lastError.message : 'Request failed',\n { requestId, cause: lastError }\n )\n );\n }\n}\n","import type { ClientStatus } from '../types';\n\nexport function isWebAuthnSupported(): boolean {\n try {\n if (typeof navigator === 'undefined' || !navigator.credentials) {\n return false;\n }\n\n if (typeof PublicKeyCredential === 'undefined') {\n return false;\n }\n\n return true;\n } catch {\n return false;\n }\n}\n\nexport async function isPlatformAuthenticatorAvailable(): Promise<boolean> {\n try {\n if (!isWebAuthnSupported()) {\n return false;\n }\n\n if (typeof PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable !== 'function') {\n return false;\n }\n\n return await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();\n } catch {\n return false;\n }\n}\n\nexport async function getClientStatus(): Promise<ClientStatus> {\n const isPasskeySupported = isWebAuthnSupported();\n const platformAuthenticatorAvailable = await isPlatformAuthenticatorAvailable();\n\n return {\n isPasskeySupported,\n platformAuthenticatorAvailable,\n recommendedFlow: isPasskeySupported ? 'passkey' : 'fallback',\n };\n}\n","import { createEncodingError } from '../errors';\n\nexport function base64UrlEncode(buf: ArrayBuffer): string {\n const bytes = new Uint8Array(buf);\n let binary = '';\n for (let i = 0; i < bytes.length; i++) {\n binary += String.fromCharCode(bytes[i] ?? 0);\n }\n\n let base64 = '';\n if (typeof btoa !== 'undefined') {\n base64 = btoa(binary);\n } else if (typeof Buffer !== 'undefined') {\n base64 = Buffer.from(binary, 'binary').toString('base64');\n } else {\n throw createEncodingError('encode');\n }\n\n return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\n}\n\nexport function base64UrlDecode(s: string): Uint8Array {\n let base64 = s.replace(/-/g, '+').replace(/_/g, '/');\n\n const padding = base64.length % 4;\n if (padding !== 0) {\n base64 += '='.repeat(4 - padding);\n }\n\n let binary = '';\n if (typeof atob !== 'undefined') {\n binary = atob(base64);\n } else if (typeof Buffer !== 'undefined') {\n binary = Buffer.from(base64, 'base64').toString('binary');\n } else {\n throw createEncodingError('decode');\n }\n\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n\n return bytes;\n}\n\nexport function base64UrlDecodeToArrayBuffer(s: string): ArrayBuffer {\n const bytes = base64UrlDecode(s);\n const buffer = new ArrayBuffer(bytes.length);\n const view = new Uint8Array(buffer);\n view.set(bytes);\n return buffer;\n}\n","import { createCredentialError } from '../errors';\n\nexport function validateCredentialStructure(\n credential: unknown,\n operation: 'create' | 'get' = 'create'\n): asserts credential is PublicKeyCredential {\n if (\n !credential ||\n typeof credential !== 'object' ||\n !('id' in credential) ||\n !('rawId' in credential) ||\n !('response' in credential)\n ) {\n throw createCredentialError(operation);\n }\n}\n","import { createError } from '../errors';\nimport { base64UrlEncode } from '../utils/base64url';\nimport type { RegisterFinishRequest, AuthFinishRequest } from '../types';\n\ntype SerializedCredentialForRegister = RegisterFinishRequest['credential'];\ntype SerializedCredentialForAuth = AuthFinishRequest['credential'];\n\n/**\n * Type guard para verificar si una respuesta de credencial es válida.\n */\nfunction isValidCredentialResponse(\n response: unknown\n): response is AuthenticatorAssertionResponse | AuthenticatorAttestationResponse {\n return (\n response !== null &&\n typeof response === 'object' &&\n 'clientDataJSON' in response &&\n response.clientDataJSON instanceof ArrayBuffer\n );\n}\n\n/**\n * Serializa una credencial para registro (finish).\n * Incluye attestationObject requerido para la verificación de registro.\n *\n * @param credential - Credencial WebAuthn obtenida de navigator.credentials.create()\n * @returns Credencial serializada con formato Base64URL\n * @throws {TryMellonError} Si la credencial no tiene la estructura esperada para registro\n */\nexport function serializeCredentialForRegister(\n credential: PublicKeyCredential\n): SerializedCredentialForRegister {\n if (!credential.response) {\n throw createError('UNKNOWN_ERROR', 'Credential response is missing', { credential });\n }\n\n const response = credential.response;\n\n if (!isValidCredentialResponse(response)) {\n throw createError('UNKNOWN_ERROR', 'Invalid credential response structure', { response });\n }\n\n if (!('attestationObject' in response)) {\n throw createError(\n 'UNKNOWN_ERROR',\n 'Invalid credential response structure for register: attestationObject is missing',\n { response }\n );\n }\n\n const clientDataJSON = response.clientDataJSON;\n const attestationObject = (response as AuthenticatorAttestationResponse).attestationObject;\n\n return {\n id: credential.id,\n rawId: base64UrlEncode(credential.rawId),\n response: {\n clientDataJSON: base64UrlEncode(clientDataJSON),\n attestationObject: base64UrlEncode(attestationObject),\n },\n type: 'public-key',\n };\n}\n\n/**\n * Serializa una credencial para autenticación (finish).\n * Incluye authenticatorData, signature, y opcionalmente userHandle.\n *\n * @param credential - Credencial WebAuthn obtenida de navigator.credentials.get()\n * @returns Credencial serializada con formato Base64URL\n * @throws {TryMellonError} Si la credencial no tiene la estructura esperada para autenticación\n */\nexport function serializeCredentialForAuth(\n credential: PublicKeyCredential\n): SerializedCredentialForAuth {\n if (!credential.response) {\n throw createError('UNKNOWN_ERROR', 'Credential response is missing', { credential });\n }\n\n const response = credential.response;\n\n if (!isValidCredentialResponse(response)) {\n throw createError('UNKNOWN_ERROR', 'Invalid credential response structure', { response });\n }\n\n if (!('authenticatorData' in response) || !('signature' in response)) {\n throw createError(\n 'UNKNOWN_ERROR',\n 'Invalid credential response structure for auth: authenticatorData or signature is missing',\n { response }\n );\n }\n\n const clientDataJSON = response.clientDataJSON;\n const authenticatorData = (response as AuthenticatorAssertionResponse).authenticatorData;\n const signature = (response as AuthenticatorAssertionResponse).signature;\n const userHandle = (response as AuthenticatorAssertionResponse).userHandle;\n\n return {\n id: credential.id,\n rawId: base64UrlEncode(credential.rawId),\n response: {\n authenticatorData: base64UrlEncode(authenticatorData),\n clientDataJSON: base64UrlEncode(clientDataJSON),\n signature: base64UrlEncode(signature),\n ...(userHandle && { userHandle: base64UrlEncode(userHandle) }),\n },\n type: 'public-key',\n };\n}\n","import { isWebAuthnSupported } from '../utils/support';\nimport {\n mapWebAuthnError,\n createNotSupportedError,\n createInvalidArgumentError,\n validateBase64Url,\n} from '../errors';\nimport { base64UrlDecodeToArrayBuffer } from '../utils/base64url';\nimport { validateCredentialStructure } from '../utils/validation';\nimport { serializeCredentialForRegister, serializeCredentialForAuth } from './webauthn-utils';\nimport type { ApiClient } from './api';\nimport type { EventEmitter } from './events';\nimport type {\n RegisterOptions,\n RegisterResult,\n AuthenticateOptions,\n AuthenticateResult,\n RegisterStartResponse,\n AuthStartResponse,\n} from '../types';\nimport type { Result } from '../utils/result';\nimport { ok, err } from '../utils/result';\nimport type { TryMellonError } from '../errors';\n\n/**\n * Crea las opciones de creación de credencial para WebAuthn.\n * Convierte la respuesta del servidor en formato WebAuthn API.\n * Exported for use by OnboardingManager (same-device passkey registration).\n */\nexport function createRegistrationOptions(\n challenge: RegisterStartResponse['challenge'],\n authenticatorType?: 'platform' | 'cross-platform'\n): Result<CredentialCreationOptions, TryMellonError> {\n try {\n validateBase64Url(challenge.challenge, 'challenge');\n validateBase64Url(challenge.user.id, 'user.id');\n\n const challengeBuffer = base64UrlDecodeToArrayBuffer(challenge.challenge);\n const userIdBuffer = base64UrlDecodeToArrayBuffer(challenge.user.id);\n\n // Construir authenticatorSelection: priorizar servidor, permitir override de authenticatorType\n let authenticatorSelection: AuthenticatorSelectionCriteria = {\n userVerification: 'preferred',\n };\n\n if (challenge.authenticatorSelection) {\n // Usar valores del servidor como base\n authenticatorSelection = {\n ...challenge.authenticatorSelection,\n };\n }\n\n // Si el usuario especifica authenticatorType, sobrescribir authenticatorAttachment\n if (authenticatorType) {\n authenticatorSelection = {\n ...authenticatorSelection,\n authenticatorAttachment: authenticatorType,\n };\n }\n\n const publicKey: PublicKeyCredentialCreationOptions = {\n rp: {\n id: challenge.rp.id,\n name: challenge.rp.name,\n },\n user: {\n id: userIdBuffer,\n name: challenge.user.name,\n displayName: challenge.user.displayName,\n },\n challenge: challengeBuffer,\n pubKeyCredParams: challenge.pubKeyCredParams,\n ...(challenge.timeout !== undefined && { timeout: challenge.timeout }),\n attestation: 'none',\n authenticatorSelection,\n ...(challenge.excludeCredentials && {\n excludeCredentials: challenge.excludeCredentials.map((cred) => ({\n id: base64UrlDecodeToArrayBuffer(cred.id),\n type: cred.type,\n ...(cred.transports && {\n transports: cred.transports as AuthenticatorTransport[],\n }),\n })),\n }),\n };\n\n return ok({ publicKey });\n } catch (e) {\n return err(mapWebAuthnError(e));\n }\n}\n\n/**\n * Crea las opciones de autenticación para WebAuthn.\n * Convierte la respuesta del servidor en formato WebAuthn API.\n */\nfunction createAuthenticationOptions(\n challenge: AuthStartResponse['challenge'],\n mediation?: AuthenticateOptions['mediation']\n): Result<CredentialRequestOptions, TryMellonError> {\n try {\n validateBase64Url(challenge.challenge, 'challenge');\n const challengeBuffer = base64UrlDecodeToArrayBuffer(challenge.challenge);\n\n return ok({\n publicKey: {\n challenge: challengeBuffer,\n rpId: challenge.rpId,\n ...(challenge.timeout !== undefined && { timeout: challenge.timeout }),\n userVerification: challenge.userVerification ?? 'preferred',\n ...(challenge.allowCredentials && {\n allowCredentials: challenge.allowCredentials.map((cred) => ({\n id: base64UrlDecodeToArrayBuffer(cred.id),\n type: cred.type,\n ...(cred.transports && {\n transports: cred.transports as AuthenticatorTransport[],\n }),\n })),\n }),\n },\n ...(mediation !== undefined && { mediation }),\n });\n } catch (e) {\n return err(mapWebAuthnError(e));\n }\n}\n\n/**\n * Registra una nueva passkey para un usuario.\n * Maneja el flujo completo de registro WebAuthn.\n */\nexport async function registerPasskey(\n options: RegisterOptions,\n apiClient: ApiClient,\n eventEmitter: EventEmitter\n): Promise<Result<RegisterResult, TryMellonError>> {\n eventEmitter.emit('start', { type: 'start', operation: 'register' });\n\n try {\n const external_user_id = options.externalUserId ?? options.external_user_id;\n if (\n !external_user_id ||\n typeof external_user_id !== 'string' ||\n external_user_id.trim() === ''\n ) {\n return err(\n createInvalidArgumentError(\n 'external_user_id',\n 'must be provided (use externalUserId or external_user_id)'\n )\n );\n }\n\n if (!isWebAuthnSupported()) {\n return err(createNotSupportedError());\n }\n\n // 1. Iniciar registro en el servidor\n const startResponseResult = await apiClient.startRegister({\n external_user_id: external_user_id.trim(),\n });\n\n if (!startResponseResult.ok) {\n eventEmitter.emit('error', { type: 'error', error: startResponseResult.error });\n return err(startResponseResult.error);\n }\n\n const startResponse = startResponseResult.value;\n const session_id = startResponse.session_id;\n\n // 2. Crear opciones de registro para WebAuthn API\n const creationOptionsResult = createRegistrationOptions(\n startResponse.challenge,\n options.authenticatorType\n );\n\n if (!creationOptionsResult.ok) {\n eventEmitter.emit('error', { type: 'error', error: creationOptionsResult.error });\n return err(creationOptionsResult.error);\n }\n\n const creationOptions = creationOptionsResult.value;\n\n if (options.signal) {\n creationOptions.signal = options.signal;\n }\n\n // 3. Crear credencial usando WebAuthn API del navegador\n let credential: Credential | null;\n try {\n credential = await navigator.credentials.create(creationOptions);\n } catch (e) {\n const error = mapWebAuthnError(e);\n eventEmitter.emit('error', { type: 'error', error });\n return err(error);\n }\n\n // We can't trust validateCredentialStructure to bail out with TryMellon error gracefully if it throws generic error.\n // It throws errors. We should wrap.\n try {\n validateCredentialStructure(credential, 'create');\n } catch (e) {\n const error = mapWebAuthnError(e);\n eventEmitter.emit('error', { type: 'error', error });\n return err(error);\n }\n\n // 4. Serializar credencial para registro\n let serializedCredential;\n try {\n serializedCredential = serializeCredentialForRegister(credential as PublicKeyCredential);\n } catch (e) {\n // serializeCredentialForRegister throws TryMellonError (via createError)\n // or unknown.\n const error = mapWebAuthnError(e);\n eventEmitter.emit('error', { type: 'error', error });\n return err(error);\n }\n\n // 5. Completar registro en el servidor\n const finishResult = await apiClient.finishRegister({\n session_id,\n credential: serializedCredential,\n });\n\n if (!finishResult.ok) {\n eventEmitter.emit('error', { type: 'error', error: finishResult.error });\n return err(finishResult.error);\n }\n\n const result = finishResult.value;\n\n eventEmitter.emit('success', { type: 'success', operation: 'register' });\n\n return ok({\n success: true,\n credential_id: result.credential_id,\n status: result.status,\n session_token: result.session_token,\n user: result.user,\n });\n } catch (error) {\n // Catch-all for unexpected synchronous errors\n const mappedError = mapWebAuthnError(error);\n eventEmitter.emit('error', { type: 'error', error: mappedError });\n return err(mappedError);\n }\n}\n\n/**\n * Autentica un usuario usando su passkey.\n * Maneja el flujo completo de autenticación WebAuthn.\n */\nexport async function authenticatePasskey(\n options: AuthenticateOptions,\n apiClient: ApiClient,\n eventEmitter: EventEmitter\n): Promise<Result<AuthenticateResult, TryMellonError>> {\n eventEmitter.emit('start', { type: 'start', operation: 'authenticate' });\n\n try {\n const external_user_id = options.externalUserId ?? options.external_user_id;\n if (\n !external_user_id ||\n typeof external_user_id !== 'string' ||\n external_user_id.trim() === ''\n ) {\n return err(\n createInvalidArgumentError(\n 'external_user_id',\n 'must be provided (use externalUserId or external_user_id)'\n )\n );\n }\n\n if (!isWebAuthnSupported()) {\n return err(createNotSupportedError());\n }\n\n // 1. Iniciar autenticación en el servidor\n const startResponseResult = await apiClient.startAuth({\n external_user_id: external_user_id.trim(),\n });\n\n if (!startResponseResult.ok) {\n eventEmitter.emit('error', { type: 'error', error: startResponseResult.error });\n return err(startResponseResult.error);\n }\n\n const startResponse = startResponseResult.value;\n const session_id = startResponse.session_id;\n\n // 2. Crear opciones de autenticación para WebAuthn API\n const requestOptionsResult = createAuthenticationOptions(\n startResponse.challenge,\n options.mediation\n );\n if (!requestOptionsResult.ok) {\n eventEmitter.emit('error', { type: 'error', error: requestOptionsResult.error });\n return err(requestOptionsResult.error);\n }\n\n const requestOptions = requestOptionsResult.value;\n\n if (options.signal) {\n requestOptions.signal = options.signal;\n }\n\n // 3. Obtener credencial usando WebAuthn API del navegador\n let credential: Credential | null;\n try {\n credential = await navigator.credentials.get(requestOptions);\n } catch (e) {\n const error = mapWebAuthnError(e);\n eventEmitter.emit('error', { type: 'error', error });\n return err(error);\n }\n\n try {\n validateCredentialStructure(credential, 'get');\n } catch (e) {\n const error = mapWebAuthnError(e);\n eventEmitter.emit('error', { type: 'error', error });\n return err(error);\n }\n\n // 4. Serializar credencial para autenticación\n let serializedCredential;\n try {\n serializedCredential = serializeCredentialForAuth(credential as PublicKeyCredential);\n } catch (e) {\n const error = mapWebAuthnError(e);\n eventEmitter.emit('error', { type: 'error', error });\n return err(error);\n }\n\n // 5. Completar autenticación en el servidor\n const finishResult = await apiClient.finishAuth({\n session_id,\n credential: serializedCredential,\n });\n\n if (!finishResult.ok) {\n eventEmitter.emit('error', { type: 'error', error: finishResult.error });\n return err(finishResult.error);\n }\n\n const result = finishResult.value;\n\n eventEmitter.emit('success', {\n type: 'success',\n operation: 'authenticate',\n });\n\n return ok({\n authenticated: result.authenticated,\n session_token: result.session_token,\n user: result.user,\n signals: result.signals,\n });\n } catch (error) {\n const mappedError = mapWebAuthnError(error);\n eventEmitter.emit('error', { type: 'error', error: mappedError });\n return err(mappedError);\n }\n}\n","import type { ApiClient } from './api';\nimport type { Result } from '../utils/result';\nimport { err } from '../utils/result';\nimport { createError, mapWebAuthnError } from '../errors';\nimport type { TryMellonError } from '../errors';\nimport type { OnboardingStartOptions, OnboardingCompleteResult } from '../types';\nimport { createRegistrationOptions } from './webauthn';\nimport { serializeCredentialForRegister } from './webauthn-utils';\nimport { validateCredentialStructure } from '../utils/validation';\nimport type { OnboardingRegisterResponseWithChallenge } from './validators';\n\nconst POLL_INTERVAL_MS = 2000;\nconst MAX_POLL_ATTEMPTS = 60; // ~2 minutes\n\nexport class OnboardingManager {\n constructor(private readonly apiClient: ApiClient) {}\n\n /**\n * Executes the full onboarding flow in a single call.\n * 1. Starts onboarding\n * 2. Polls for 'pending_passkey' or 'completed' status\n * 3. If pending_passkey: when API returns challenge, registers passkey (WebAuthn) then completes onboarding\n * 4. If pending_passkey but API does not return challenge: returns NOT_SUPPORTED with onboarding_url for user to complete elsewhere\n */\n async startFlow(\n options: OnboardingStartOptions & { company_name?: string }\n ): Promise<Result<OnboardingCompleteResult, TryMellonError>> {\n const startResult = await this.apiClient.startOnboarding({ user_role: options.user_role });\n if (!startResult.ok) return err(startResult.error);\n\n const { session_id } = startResult.value;\n\n for (let attempt = 0; attempt < MAX_POLL_ATTEMPTS; attempt++) {\n await new Promise((resolve) => setTimeout(resolve, POLL_INTERVAL_MS));\n\n const statusResult = await this.apiClient.getOnboardingStatus(session_id);\n if (!statusResult.ok) return err(statusResult.error);\n\n const status = statusResult.value.status;\n const onboarding_url = statusResult.value.onboarding_url;\n\n if (status === 'pending_passkey') {\n const registerInfoResult = await this.apiClient.getOnboardingRegister(session_id);\n if (!registerInfoResult.ok) return err(registerInfoResult.error);\n\n const registerInfo = registerInfoResult.value as OnboardingRegisterResponseWithChallenge;\n\n if (!registerInfo.challenge) {\n return err(\n createError(\n 'NOT_SUPPORTED',\n 'Onboarding requires user action - complete passkey registration at the provided onboarding_url',\n { onboarding_url }\n )\n );\n }\n\n const creationOptionsResult = createRegistrationOptions(registerInfo.challenge);\n if (!creationOptionsResult.ok) return err(creationOptionsResult.error);\n\n let credential: Credential | null;\n try {\n credential = await navigator.credentials.create(creationOptionsResult.value);\n } catch (e) {\n return err(mapWebAuthnError(e));\n }\n\n try {\n validateCredentialStructure(credential, 'create');\n } catch (e) {\n return err(mapWebAuthnError(e));\n }\n\n let serializedCredential;\n try {\n serializedCredential = serializeCredentialForRegister(credential as PublicKeyCredential);\n } catch (e) {\n return err(mapWebAuthnError(e));\n }\n\n const registerPasskeyResult = await this.apiClient.registerOnboardingPasskey(session_id, {\n credential: serializedCredential,\n challenge: registerInfo.challenge.challenge,\n });\n if (!registerPasskeyResult.ok) return err(registerPasskeyResult.error);\n\n const completeResult = await this.apiClient.completeOnboarding(session_id, {\n company_name: options.company_name,\n });\n return completeResult;\n }\n\n if (status === 'completed') {\n const completeResult = await this.apiClient.completeOnboarding(session_id, {\n company_name: options.company_name,\n });\n return completeResult;\n }\n }\n\n return err(createError('TIMEOUT', 'Onboarding timed out'));\n }\n}\n","import type { EventHandler, EventPayload, TryMellonEvent } from '../types';\n\nexport class EventEmitter {\n private handlers: Map<TryMellonEvent, Set<EventHandler>>;\n\n constructor() {\n this.handlers = new Map();\n }\n\n on(event: TryMellonEvent, handler: EventHandler): () => void {\n let handlersSet = this.handlers.get(event);\n if (!handlersSet) {\n handlersSet = new Set();\n this.handlers.set(event, handlersSet);\n }\n\n handlersSet.add(handler);\n\n return () => {\n this.off(event, handler);\n };\n }\n\n off(event: TryMellonEvent, handler: EventHandler): void {\n const handlersSet = this.handlers.get(event);\n if (!handlersSet) {\n return;\n }\n handlersSet.delete(handler);\n if (handlersSet.size === 0) {\n this.handlers.delete(event);\n }\n }\n\n emit(event: TryMellonEvent, payload: EventPayload): void {\n const handlersSet = this.handlers.get(event);\n if (handlersSet) {\n handlersSet.forEach((handler) => {\n try {\n handler(payload);\n } catch {\n // Silently ignore handler errors to prevent one handler from breaking others\n // Handler errors are the responsibility of the handler implementation\n }\n });\n }\n }\n\n removeAllListeners(): void {\n this.handlers.clear();\n }\n}\n","export const COSE_ALGORITHM_ES256 = -7;\nexport const COSE_ALGORITHM_RS256 = -257;\n\nexport const DEFAULT_API_BASE_URL = 'https://api.trymellonauth.com';\nexport const DEFAULT_TELEMETRY_ENDPOINT = 'https://api.trymellonauth.com/v1/telemetry';\nexport const DEFAULT_TIMEOUT_MS = 30000;\nexport const DEFAULT_MAX_RETRIES = 3;\nexport const DEFAULT_RETRY_DELAY_MS = 1000;\n\nexport const MIN_TIMEOUT_MS = 1000;\nexport const MAX_TIMEOUT_MS = 300000;\nexport const MIN_MAX_RETRIES = 0;\nexport const MAX_MAX_RETRIES = 10;\nexport const MIN_RETRY_DELAY_MS = 100;\nexport const MAX_RETRY_DELAY_MS = 10000;\n","import type { TelemetrySender, TelemetryPayload } from '../ports/telemetry';\n\n/**\n * Default telemetry sender: sends payload via sendBeacon (or fetch) to the given endpoint.\n * No retries; fire-and-forget.\n */\nexport function createDefaultTelemetrySender(endpoint: string): TelemetrySender {\n return {\n async send(payload: TelemetryPayload): Promise<void> {\n const body = JSON.stringify(payload);\n if (typeof navigator !== 'undefined' && typeof navigator.sendBeacon === 'function') {\n navigator.sendBeacon(endpoint, body);\n return;\n }\n if (typeof fetch !== 'undefined') {\n await fetch(endpoint, {\n method: 'POST',\n body,\n headers: { 'Content-Type': 'application/json' },\n keepalive: true,\n });\n }\n },\n };\n}\n","export type TelemetryEvent = 'register' | 'authenticate';\n\nexport type TelemetryPayload = {\n event: TelemetryEvent;\n latencyMs: number;\n ok: true;\n};\n\nexport interface TelemetrySender {\n send(payload: TelemetryPayload): Promise<void>;\n}\n\n/**\n * Builds the minimal telemetry payload (no PII).\n */\nexport function buildTelemetryPayload(event: TelemetryEvent, latencyMs: number): TelemetryPayload {\n return { event, latencyMs, ok: true };\n}\n","import { ApiClient } from './api';\nimport { FetchHttpClient } from './fetch-client';\nimport { OnboardingManager } from './onboarding-manager';\nimport { EventEmitter } from './events';\nimport { registerPasskey, authenticatePasskey } from './webauthn';\nimport { isWebAuthnSupported, getClientStatus } from '../utils/support';\nimport { validateUrl, validateRange, createInvalidArgumentError } from '../errors';\nimport {\n DEFAULT_API_BASE_URL,\n DEFAULT_TIMEOUT_MS,\n DEFAULT_MAX_RETRIES,\n DEFAULT_RETRY_DELAY_MS,\n DEFAULT_TELEMETRY_ENDPOINT,\n MIN_TIMEOUT_MS,\n MAX_TIMEOUT_MS,\n MIN_MAX_RETRIES,\n MAX_MAX_RETRIES,\n MIN_RETRY_DELAY_MS,\n MAX_RETRY_DELAY_MS,\n} from './constants';\nimport { createDefaultTelemetrySender } from './adapters/telemetry-sender';\nimport { buildTelemetryPayload, type TelemetrySender } from './ports/telemetry';\nimport type {\n TryMellonConfig,\n RegisterOptions,\n RegisterResult,\n AuthenticateOptions,\n AuthenticateResult,\n ClientStatus,\n TryMellonEvent,\n EventHandler,\n EmailFallbackStartOptions,\n EmailFallbackVerifyOptions,\n EmailFallbackVerifyResult,\n SessionValidateResponse,\n} from '../types';\nimport type { Result } from '../utils/result';\nimport type { TryMellonError } from '../errors';\n\ndeclare const __VERSION__: string;\n\nexport class TryMellon {\n private apiClient: ApiClient;\n private eventEmitter: EventEmitter;\n private telemetrySender: TelemetrySender | undefined;\n public onboarding: OnboardingManager;\n\n constructor(config: TryMellonConfig) {\n const appId = config.appId;\n const publishableKey = config.publishableKey;\n if (!appId || typeof appId !== 'string' || appId.trim() === '') {\n throw createInvalidArgumentError('appId', 'must be a non-empty string');\n }\n if (!publishableKey || typeof publishableKey !== 'string' || publishableKey.trim() === '') {\n throw createInvalidArgumentError('publishableKey', 'must be a non-empty string');\n }\n\n const apiBaseUrl = config.apiBaseUrl ?? DEFAULT_API_BASE_URL;\n validateUrl(apiBaseUrl, 'apiBaseUrl');\n\n const timeoutMs = config.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n validateRange(timeoutMs, 'timeoutMs', MIN_TIMEOUT_MS, MAX_TIMEOUT_MS);\n\n if (config.maxRetries !== undefined) {\n validateRange(config.maxRetries, 'maxRetries', MIN_MAX_RETRIES, MAX_MAX_RETRIES);\n }\n\n if (config.retryDelayMs !== undefined) {\n validateRange(config.retryDelayMs, 'retryDelayMs', MIN_RETRY_DELAY_MS, MAX_RETRY_DELAY_MS);\n }\n\n const maxRetries = config.maxRetries ?? DEFAULT_MAX_RETRIES;\n const retryDelayMs = config.retryDelayMs ?? DEFAULT_RETRY_DELAY_MS;\n const httpClient = new FetchHttpClient(timeoutMs, maxRetries, retryDelayMs, config.logger);\n\n const defaultHeaders: Record<string, string> = {\n 'X-App-Id': appId.trim(),\n Authorization: `Bearer ${publishableKey.trim()}`,\n };\n\n this.apiClient = new ApiClient(httpClient, apiBaseUrl, defaultHeaders);\n this.onboarding = new OnboardingManager(this.apiClient);\n this.eventEmitter = new EventEmitter();\n\n if (config.enableTelemetry) {\n this.telemetrySender =\n config.telemetrySender ??\n createDefaultTelemetrySender(config.telemetryEndpoint ?? DEFAULT_TELEMETRY_ENDPOINT);\n }\n }\n\n static isSupported(): boolean {\n return isWebAuthnSupported();\n }\n\n async register(options: RegisterOptions): Promise<Result<RegisterResult, TryMellonError>> {\n const start = Date.now();\n const result = await registerPasskey(options, this.apiClient, this.eventEmitter);\n if (result.ok && this.telemetrySender) {\n this.telemetrySender\n .send(buildTelemetryPayload('register', Date.now() - start))\n .catch(() => {});\n }\n return result;\n }\n\n async authenticate(\n options: AuthenticateOptions\n ): Promise<Result<AuthenticateResult, TryMellonError>> {\n const start = Date.now();\n const result = await authenticatePasskey(options, this.apiClient, this.eventEmitter);\n if (result.ok && this.telemetrySender) {\n this.telemetrySender\n .send(buildTelemetryPayload('authenticate', Date.now() - start))\n .catch(() => {});\n }\n return result;\n }\n\n async validateSession(\n sessionToken: string\n ): Promise<Result<SessionValidateResponse, TryMellonError>> {\n return this.apiClient.validateSession(sessionToken);\n }\n\n async getStatus(): Promise<ClientStatus> {\n return getClientStatus();\n }\n\n on(event: TryMellonEvent, handler: EventHandler): () => void {\n return this.eventEmitter.on(event, handler);\n }\n\n version(): string {\n return typeof __VERSION__ !== 'undefined' ? __VERSION__ : '0.0.0';\n }\n\n fallback = {\n email: {\n start: async (options: EmailFallbackStartOptions): Promise<Result<void, TryMellonError>> => {\n return this.apiClient.startEmailFallback(options.userId);\n },\n verify: async (\n options: EmailFallbackVerifyOptions\n ): Promise<Result<EmailFallbackVerifyResult, TryMellonError>> => {\n return this.apiClient.verifyEmailCode(options.userId, options.code);\n },\n },\n };\n}\n"],"mappings":";4tEAAA,IAAAA,GAAA,GAAAC,GAAAD,GAAA,sBAAAE,EAAA,qBAAAC,EAAA,2BAAAC,KAAA,eAAAC,GAAAL,ICAA,IAAAM,EAAmD,yBCE5C,IAAMC,EAASC,IAAgC,CAAE,GAAI,GAAM,MAAAA,CAAM,GAC3DC,EAAUC,IAAgC,CAAE,GAAI,GAAO,MAAAA,CAAM,GCQnE,IAAMC,EAAN,MAAMC,UAAuB,KAAM,CAC/B,KACA,QACA,iBAAmB,GAE5B,YAAYC,EAA0BC,EAAiBC,EAAmB,CACxE,MAAMD,CAAO,EACb,KAAK,KAAO,iBACZ,KAAK,KAAOD,EACZ,KAAK,QAAUE,EAEX,MAAM,mBACR,MAAM,kBAAkB,KAAMH,CAAc,CAEhD,CACF,EAEMI,GAAuD,CAC3D,cAAe,gDACf,eAAgB,+BAChB,kBAAmB,oBACnB,gBAAiB,sBACjB,gBAAiB,yBACjB,iBAAkB,4BAClB,QAAS,sBACT,QAAS,wBACT,cAAe,2BACjB,EAEO,SAASC,EACdJ,EACAC,EACAC,EACgB,CAChB,OAAO,IAAIJ,EAAeE,EAAMC,GAAWE,GAAiBH,CAAI,EAAGE,CAAO,CAC5E,CAEO,SAASG,GAAiBC,EAAyC,CACxE,OACEA,aAAiBR,GAChB,OAAOQ,GAAU,UAChBA,IAAU,MACV,qBAAsBA,GACrBA,EAAyB,mBAAqB,EAErD,CAEO,SAASC,IAA0C,CACxD,OAAOH,EAAY,eAAe,CACpC,CAiBO,SAASI,EAA2BC,EAAeC,EAAgC,CACxF,OAAOC,EAAY,mBAAoB,qBAAqBF,CAAK,MAAMC,CAAM,GAAI,CAC/E,MAAAD,EACA,OAAAC,CACF,CAAC,CACH,CAEO,SAASE,GAAsBC,EAA6C,CACjF,OAAOF,EAAY,gBAAiB,aAAaE,CAAS,cAAe,CAAE,UAAAA,CAAU,CAAC,CACxF,CAEO,SAASC,GAAoBC,EAA2C,CAC7E,OAAOJ,EACL,gBACA,aAAaI,IAAS,SAAW,WAAa,UAAU,aACxD,CAAE,KAAAA,CAAK,CACT,CACF,CAQO,SAASC,GAAYC,EAAaC,EAAyB,CAChE,GAAI,CACF,IAAMC,EAAS,IAAI,IAAIF,CAAG,EAC1B,GAAIE,EAAO,WAAa,UAAYA,EAAO,WAAa,QACtD,MAAMC,EAA2BF,EAAW,iCAAiC,CAEjF,OAASG,EAAO,CACd,MAAIC,GAAiBD,CAAK,EAClBA,EAEFD,EAA2BF,EAAW,qBAAqB,CACnE,CACF,CAEO,SAASK,EAAcC,EAAeN,EAAmBO,EAAaC,EAAmB,CAC9F,GAAIF,EAAQC,GAAOD,EAAQE,EACzB,MAAMN,EAA2BF,EAAW,mBAAmBO,CAAG,QAAQC,CAAG,EAAE,CAEnF,CAEO,SAASC,EAAkBC,EAAWV,EAAyB,CACpE,GAAI,OAAOU,GAAM,UAAYA,EAAE,SAAW,EACxC,MAAMR,EAA2BF,EAAW,4BAA4B,EAE1E,GAAI,CAAC,mBAAmB,KAAKU,CAAC,EAC5B,MAAMR,EAA2BF,EAAW,kCAAkC,CAElF,CAEA,IAAMW,GAA8D,CAClE,gBAAiB,iBACjB,WAAY,UACZ,kBAAmB,gBACnB,cAAe,gBACf,kBAAmB,gBACnB,aAAc,eAChB,EAEO,SAASC,EAAiBT,EAAgC,CAC/D,GAAIA,aAAiB,aAAc,CACjC,IAAMU,EAAOV,EAAM,KACbW,EAAUX,EAAM,SAAW,4BAC3BY,EAAYJ,GAAwBE,CAAI,GAAK,gBACnD,OAAOG,EAAYD,EAAWD,EAAS,CAAE,cAAeX,CAAM,CAAC,CACjE,CAEA,OAAIA,aAAiB,MACZa,EAAY,gBAAiBb,EAAM,QAAS,CAAE,cAAeA,CAAM,CAAC,EAGtEa,EAAY,gBAAiB,4BAA6B,CAC/D,cAAeb,CACjB,CAAC,CACH,CCvJO,SAASc,EAASC,EAAkD,CACzE,OAAO,OAAOA,GAAU,UAAYA,IAAU,MAAQ,CAAC,MAAM,QAAQA,CAAK,CAC5E,CAEO,SAASC,EAASD,EAAiC,CACxD,OAAO,OAAOA,GAAU,QAC1B,CAEO,SAASE,EAASF,EAAiC,CACxD,OAAO,OAAOA,GAAU,UAAY,OAAO,SAASA,CAAK,CAC3D,CAEO,SAASG,EAAUH,EAAkC,CAC1D,OAAO,OAAOA,GAAU,SAC1B,CAEO,SAASI,EAAQJ,EAAoC,CAC1D,OAAO,MAAM,QAAQA,CAAK,CAC5B,CAEO,SAASK,EACdC,EACAC,EAC+B,CAC/B,OAAOC,EACLC,EAAY,kBAAmBH,EAAS,CACtC,GAAGC,EACH,aAAcA,GAAS,YACzB,CAAC,CACH,CACF,CAEO,SAASG,EAASC,EAA8BC,EAAsB,CAC3E,OAAOD,EAAIC,CAAG,CAChB,CCnBO,SAASC,GACdC,EAC+C,CAC/C,GAAI,CAACC,EAASD,CAAI,EAChB,OAAOE,EAAgB,wCAAyC,CAAE,aAAcF,CAAK,CAAC,EAGxF,IAAMG,EAAaC,EAASJ,EAAM,YAAY,EAC9C,GAAI,CAACK,EAASF,CAAU,EACtB,OAAOD,EAAgB,kDAAmD,CACxE,MAAO,aACP,aAAcF,CAChB,CAAC,EAGH,IAAMM,EAAYF,EAASJ,EAAM,WAAW,EAC5C,GAAI,CAACC,EAASK,CAAS,EACrB,OAAOJ,EAAgB,iDAAkD,CACvE,MAAO,YACP,aAAcF,CAChB,CAAC,EAGH,IAAMO,EAAKH,EAASE,EAAW,IAAI,EACnC,GACE,CAACL,EAASM,CAAE,GACZ,CAACF,EAAUE,EAA+B,IAAI,GAC9C,CAACF,EAAUE,EAA+B,EAAE,EAE5C,OAAOL,EAAgB,mEAAoE,CACzF,aAAcF,CAChB,CAAC,EAGH,IAAMQ,EAAOJ,EAASE,EAAW,MAAM,EACvC,GACE,CAACL,EAASO,CAAI,GACd,CAACH,EAAUG,EAAiC,EAAE,GAC9C,CAACH,EAAUG,EAAiC,IAAI,GAChD,CAACH,EAAUG,EAAiC,WAAW,EAEvD,OAAON,EACL,+EACA,CACE,aAAcF,CAChB,CACF,EAGF,IAAMS,EAAeL,EAASE,EAAW,WAAW,EACpD,GAAI,CAACD,EAASI,CAAY,EACxB,OAAOP,EAAgB,2DAA4D,CACjF,aAAcF,CAChB,CAAC,EAGH,IAAMU,EAAmBN,EAASE,EAAW,kBAAkB,EAC/D,GAAI,CAACK,EAAQD,CAAgB,EAC3B,OAAOR,EAAgB,iEAAkE,CACvF,aAAcF,CAChB,CAAC,EAEH,QAAWY,KAAQF,EACjB,GACE,CAACT,EAASW,CAAI,GACbA,EAAiC,OAAS,cAC3C,CAACC,EAAUD,EAAiC,GAAG,EAE/C,OAAOV,EACL,sEACA,CACE,aAAcF,CAChB,CACF,EAIJ,IAAMc,EAAUR,EAAU,QAC1B,GAAIQ,IAAY,QAAa,CAACD,EAASC,CAAO,EAC5C,OAAOZ,EAAgB,yDAA0D,CAC/E,aAAcF,CAChB,CAAC,EAGH,IAAMe,EAAqBT,EAAU,mBACrC,GAAIS,IAAuB,OAAW,CACpC,GAAI,CAACJ,EAAQI,CAAkB,EAC7B,OAAOb,EAAgB,yDAA0D,CAC/E,aAAcF,CAChB,CAAC,EAEH,QAAWgB,KAAKD,EACd,GACE,CAACd,EAASe,CAAC,GACVA,EAA8B,OAAS,cACxC,CAACX,EAAUW,EAA8B,EAAE,EAE3C,OAAOd,EACL,uEACA,CACE,aAAcF,CAChB,CACF,CAGN,CAEA,IAAMiB,EAAyBX,EAAU,uBACzC,OAAIW,IAA2B,QAAa,CAAChB,EAASgB,CAAsB,EACnEf,EAAgB,8DAA+D,CACpF,aAAcF,CAChB,CAAC,EAGIkB,EAAG,CACR,WAAAf,EACA,UAAW,CACT,GAAII,EACJ,KAAMC,EACN,UAAWC,EACX,iBAAkBC,EAClB,GAAII,IAAY,QAAa,CAAE,QAAAA,CAAQ,EACvC,GAAIC,IAAuB,QAAa,CACtC,mBACEA,CACJ,EACA,GAAIE,IAA2B,QAAa,CAC1C,uBACEA,CACJ,CACF,CACF,CAAC,CACH,CAEO,SAASE,GACdnB,EAC2C,CAC3C,GAAI,CAACC,EAASD,CAAI,EAChB,OAAOE,EAAgB,wCAAyC,CAAE,aAAcF,CAAK,CAAC,EAGxF,IAAMG,EAAaC,EAASJ,EAAM,YAAY,EAC9C,GAAI,CAACK,EAASF,CAAU,EACtB,OAAOD,EAAgB,kDAAmD,CACxE,MAAO,aACP,aAAcF,CAChB,CAAC,EAGH,IAAMM,EAAYF,EAASJ,EAAM,WAAW,EAC5C,GAAI,CAACC,EAASK,CAAS,EACrB,OAAOJ,EAAgB,iDAAkD,CACvE,MAAO,YACP,aAAcF,CAChB,CAAC,EAGH,IAAMoB,EAAKhB,EAASE,EAAW,WAAW,EACpCe,EAAOjB,EAASE,EAAW,MAAM,EACjCgB,EAAmBhB,EAAU,iBACnC,GAAI,CAACD,EAASe,CAAE,EACd,OAAOlB,EAAgB,2DAA4D,CACjF,aAAcF,CAChB,CAAC,EAEH,GAAI,CAACK,EAASgB,CAAI,EAChB,OAAOnB,EAAgB,sDAAuD,CAC5E,aAAcF,CAChB,CAAC,EAEH,GAAIsB,IAAqB,QAAa,CAACX,EAAQW,CAAgB,EAC7D,OAAOpB,EAAgB,uDAAwD,CAC7E,aAAcF,CAChB,CAAC,EAEH,GAAIsB,GACF,QAAWN,KAAKM,EACd,GACE,CAACrB,EAASe,CAAC,GACVA,EAA8B,OAAS,cACxC,CAACX,EAAUW,EAA8B,EAAE,EAE3C,OAAOd,EACL,qEACA,CACE,aAAcF,CAChB,CACF,EAKN,IAAMc,EAAUR,EAAU,QAC1B,GAAIQ,IAAY,QAAa,CAACD,EAASC,CAAO,EAC5C,OAAOZ,EAAgB,yDAA0D,CAC/E,aAAcF,CAChB,CAAC,EAGH,IAAMuB,EAAmBjB,EAAU,iBACnC,OACEiB,IAAqB,QACrB,CAAC,CAAC,WAAY,YAAa,aAAa,EAAE,SAAS,OAAOA,CAAgB,CAAC,EAEpErB,EACL,gFACA,CACE,aAAcF,CAChB,CACF,EAGKkB,EAAG,CACR,WAAAf,EACA,UAAW,CACT,UAAWiB,EACX,KAAAC,EACA,iBACGC,GAA2E,CAAC,EAC/E,GAAIR,IAAY,QAAa,CAAE,QAAAA,CAAQ,EACvC,GAAIS,IAAqB,QAAa,CACpC,iBAAkBA,CACpB,CACF,CACF,CAAC,CACH,CAEO,SAASC,GACdxB,EACgD,CAChD,GAAI,CAACC,EAASD,CAAI,EAChB,OAAOE,EAAgB,wCAAyC,CAAE,aAAcF,CAAK,CAAC,EAGxF,IAAMyB,EAAgBrB,EAASJ,EAAM,eAAe,EAC9C0B,EAAStB,EAASJ,EAAM,QAAQ,EAChC2B,EAAgBvB,EAASJ,EAAM,eAAe,EAC9CQ,EAAOJ,EAASJ,EAAM,MAAM,EAElC,GAAI,CAACK,EAASoB,CAAa,EACzB,OAAOvB,EAAgB,qDAAsD,CAC3E,MAAO,gBACP,aAAcF,CAChB,CAAC,EAEH,GAAI,CAACK,EAASqB,CAAM,EAClB,OAAOxB,EAAgB,8CAA+C,CACpE,MAAO,SACP,aAAcF,CAChB,CAAC,EAEH,GAAI,CAACK,EAASsB,CAAa,EACzB,OAAOzB,EAAgB,qDAAsD,CAC3E,MAAO,gBACP,aAAcF,CAChB,CAAC,EAEH,GAAI,CAACC,EAASO,CAAI,EAChB,OAAON,EAAgB,4CAA6C,CAClE,MAAO,OACP,aAAcF,CAChB,CAAC,EAGH,IAAM4B,EAASxB,EAASI,EAAM,SAAS,EACjCqB,EAAiBzB,EAASI,EAAM,kBAAkB,EACxD,GAAI,CAACH,EAASuB,CAAM,GAAK,CAACvB,EAASwB,CAAc,EAC/C,OAAO3B,EACL,4EACA,CACE,aAAcF,CAChB,CACF,EAGF,IAAM8B,EAAQtB,EAAK,MACbuB,EAAWvB,EAAK,SACtB,OAAIsB,IAAU,QAAa,CAACzB,EAASyB,CAAK,EACjC5B,EAAgB,kDAAmD,CACxE,aAAcF,CAChB,CAAC,EAEC+B,IAAa,SAAc,OAAOA,GAAa,UAAYA,IAAa,MACnE7B,EAAgB,qDAAsD,CAC3E,aAAcF,CAChB,CAAC,EAGIkB,EAAG,CACR,cAAAO,EACA,OAAAC,EACA,cAAAC,EACA,KAAM,CACJ,QAASC,EACT,iBAAkBC,EAClB,GAAIC,IAAU,QAAa,CAAE,MAAAA,CAAM,EACnC,GAAIC,IAAa,QAAa,CAAE,SAAUA,CAAoC,CAChF,CACF,CAAC,CACH,CAEO,SAASC,GACdhC,EAC4C,CAC5C,GAAI,CAACC,EAASD,CAAI,EAChB,OAAOE,EAAgB,wCAAyC,CAAE,aAAcF,CAAK,CAAC,EAGxF,IAAMiC,EAAgB7B,EAASJ,EAAM,eAAe,EAC9C2B,EAAgBvB,EAASJ,EAAM,eAAe,EAC9CQ,EAAOJ,EAASJ,EAAM,MAAM,EAC5BkC,EAAU9B,EAASJ,EAAM,SAAS,EAExC,GAAI,CAACmC,EAAUF,CAAa,EAC1B,OAAO/B,EAAgB,sDAAuD,CAC5E,MAAO,gBACP,aAAcF,CAChB,CAAC,EAEH,GAAI,CAACK,EAASsB,CAAa,EACzB,OAAOzB,EAAgB,qDAAsD,CAC3E,MAAO,gBACP,aAAcF,CAChB,CAAC,EAEH,GAAI,CAACC,EAASO,CAAI,EAChB,OAAON,EAAgB,4CAA6C,CAClE,MAAO,OACP,aAAcF,CAChB,CAAC,EAGH,IAAM4B,EAASxB,EAASI,EAAM,SAAS,EACjCqB,EAAiBzB,EAASI,EAAM,kBAAkB,EACxD,MAAI,CAACH,EAASuB,CAAM,GAAK,CAACvB,EAASwB,CAAc,EACxC3B,EACL,4EACA,CACE,aAAcF,CAChB,CACF,EAGEkC,IAAY,QAAa,CAACjC,EAASiC,CAAO,EACrChC,EAAgB,+CAAgD,CACrE,aAAcF,CAChB,CAAC,EAGIkB,EAAG,CACR,cAAAe,EACA,cAAAN,EACA,KAAM,CACJ,QAASC,EACT,iBAAkBC,EAClB,GAAIrB,EAAK,QAAU,QAAa,CAAE,MAAOA,EAAK,KAAgB,EAC9D,GAAIA,EAAK,WAAa,QAAa,CAAE,SAAUA,EAAK,QAAoC,CAC1F,EACA,QAAS0B,CACX,CAAC,CACH,CCrXO,SAASE,GACdC,EACiD,CACjD,GAAI,CAACC,EAASD,CAAI,EAChB,OAAOE,EAAgB,wCAAyC,CAAE,aAAcF,CAAK,CAAC,EAGxF,IAAMG,EAAQC,EAASJ,EAAM,OAAO,EAC9BK,EAAUD,EAASJ,EAAM,SAAS,EAClCM,EAAmBF,EAASJ,EAAM,kBAAkB,EACpDO,EAAYH,EAASJ,EAAM,WAAW,EACtCQ,EAASJ,EAASJ,EAAM,QAAQ,EAEtC,OAAKS,EAAUN,CAAK,EAMfO,EAASL,CAAO,EAMhBK,EAASJ,CAAgB,EAMzBI,EAASH,CAAS,EAMlBG,EAASF,CAAM,EAObG,EAAG,CACR,MAAAR,EACA,QAAAE,EACA,iBAAAC,EACA,UAAAC,EACA,OAAAC,CACF,CAAC,EAZQN,EAAgB,8CAA+C,CACpE,MAAO,SACP,aAAcF,CAChB,CAAC,EATME,EAAgB,iDAAkD,CACvE,MAAO,YACP,aAAcF,CAChB,CAAC,EATME,EAAgB,wDAAyD,CAC9E,MAAO,mBACP,aAAcF,CAChB,CAAC,EATME,EAAgB,+CAAgD,CACrE,MAAO,UACP,aAAcF,CAChB,CAAC,EATME,EAAgB,8CAA+C,CACpE,MAAO,QACP,aAAcF,CAChB,CAAC,CAkCL,CCpDO,SAASY,GACdC,EACkD,CAClD,GAAI,CAACC,EAASD,CAAI,EAChB,OAAOE,EAAgB,wCAAyC,CAAE,aAAcF,CAAK,CAAC,EAGxF,IAAMG,EAAeC,EAASJ,EAAM,cAAc,EAClD,OAAKK,EAASF,CAAY,EAOnBG,EAAG,CAAE,aAAAH,CAAa,CAAC,EANjBD,EAAgB,oDAAqD,CAC1E,MAAO,eACP,aAAcF,CAChB,CAAC,CAIL,CCRA,IAAMO,GAAsB,CAAC,kBAAmB,eAAgB,WAAW,EACrEC,GAA4B,CAAC,eAAgB,WAAW,EAEvD,SAASC,GACdC,EACiD,CACjD,GAAI,CAACC,EAASD,CAAI,EAChB,OAAOE,EAAgB,wCAAyC,CAAE,aAAcF,CAAK,CAAC,EAGxF,IAAMG,EAAaC,EAASJ,EAAM,YAAY,EACxCK,EAAiBD,EAASJ,EAAM,gBAAgB,EAChDM,EAAaF,EAASJ,EAAM,YAAY,EAE9C,OAAKO,EAASJ,CAAU,EAMnBI,EAASF,CAAc,EAMvBG,EAASF,CAAU,EAOjBG,EAAG,CAAE,WAAAN,EAAY,eAAAE,EAAgB,WAAAC,CAAW,CAAC,EAN3CJ,EAAgB,kDAAmD,CACxE,MAAO,aACP,aAAcF,CAChB,CAAC,EATME,EAAgB,sDAAuD,CAC5E,MAAO,iBACP,aAAcF,CAChB,CAAC,EATME,EAAgB,kDAAmD,CACxE,MAAO,aACP,aAAcF,CAChB,CAAC,CAgBL,CAEO,SAASU,GACdV,EACkD,CAClD,GAAI,CAACC,EAASD,CAAI,EAChB,OAAOE,EAAgB,wCAAyC,CAAE,aAAcF,CAAK,CAAC,EAGxF,IAAMW,EAASP,EAASJ,EAAM,QAAQ,EAChCK,EAAiBD,EAASJ,EAAM,gBAAgB,EAChDM,EAAaF,EAASJ,EAAM,YAAY,EAE9C,MACE,CAACO,EAASI,CAAM,GAChB,CAACd,GAAoB,SAASc,CAA8C,EAErET,EACL,8EACA,CACE,MAAO,SACP,aAAcF,CAChB,CACF,EAEGO,EAASF,CAAc,EAKvBG,EAASF,CAAU,EAMjBG,EAAG,CACR,OAAQE,EACR,eAAAN,EACA,WAAAC,CACF,CAAC,EATQJ,EAAgB,kDAAmD,CACxE,aAAcF,CAChB,CAAC,EAPME,EAAgB,sDAAuD,CAC5E,aAAcF,CAChB,CAAC,CAaL,CAOO,SAASY,GACdZ,EACiE,CACjE,GAAI,CAACC,EAASD,CAAI,EAChB,OAAOE,EAAgB,wCAAyC,CAAE,aAAcF,CAAK,CAAC,EAGxF,IAAMG,EAAaC,EAASJ,EAAM,YAAY,EACxCW,EAASP,EAASJ,EAAM,QAAQ,EAChCK,EAAiBD,EAASJ,EAAM,gBAAgB,EAEtD,GAAI,CAACO,EAASJ,CAAU,EACtB,OAAOD,EAAgB,kDAAmD,CACxE,MAAO,aACP,aAAcF,CAChB,CAAC,EAEH,GAAIW,IAAW,kBACb,OAAOT,EAAgB,uDAAwD,CAC7E,MAAO,SACP,aAAcF,CAChB,CAAC,EAEH,GAAI,CAACO,EAASF,CAAc,EAC1B,OAAOH,EAAgB,sDAAuD,CAC5E,aAAcF,CAChB,CAAC,EAGH,IAAMa,EAAYb,EAAK,UACnBc,EACJ,GAAID,IAAc,OAAW,CAC3B,IAAME,EAAWC,GAA4BH,CAAS,EACtD,GAAI,CAACE,EAAS,GAAI,OAAOA,EACzBD,EAAkBC,EAAS,KAC7B,CAEA,OAAON,EAAG,CACR,WAAAN,EACA,OAAQ,kBACR,eAAAE,EACA,GAAIS,IAAoB,QAAa,CAAE,UAAWA,CAAgB,CACpE,CAAC,CACH,CAEA,SAASE,GACPhB,EAC4D,CAC5D,GAAI,CAACC,EAASD,CAAI,EAChB,OAAOE,EAAgB,iDAAkD,CACvE,aAAcF,CAChB,CAAC,EAGH,IAAMiB,EAAKb,EAASJ,EAAM,IAAI,EACxBkB,EAAOd,EAASJ,EAAM,MAAM,EAC5BmB,EAAef,EAASJ,EAAM,WAAW,EACzCoB,EAAmBhB,EAASJ,EAAM,kBAAkB,EAE1D,GACE,CAACC,EAASgB,CAAE,GACZ,CAACV,EAAUU,EAA+B,IAAI,GAC9C,CAACV,EAAUU,EAA+B,EAAE,EAE5C,OAAOf,EAAgB,2DAA4D,CACjF,aAAcF,CAChB,CAAC,EAEH,GACE,CAACC,EAASiB,CAAI,GACd,CAACX,EAAUW,EAAiC,EAAE,GAC9C,CAACX,EAAUW,EAAiC,IAAI,GAChD,CAACX,EAAUW,EAAiC,WAAW,EAEvD,OAAOhB,EAAgB,uEAAwE,CAC7F,aAAcF,CAChB,CAAC,EAEH,GAAI,CAACO,EAASY,CAAY,EACxB,OAAOjB,EAAgB,2DAA4D,CACjF,aAAcF,CAChB,CAAC,EAEH,GAAI,CAACqB,EAAQD,CAAgB,EAC3B,OAAOlB,EAAgB,iEAAkE,CACvF,aAAcF,CAChB,CAAC,EAEH,QAAWsB,KAAQF,EACjB,GACE,CAACnB,EAASqB,CAAI,GACbA,EAAiC,OAAS,cAC3C,CAACd,EAAUc,EAAiC,GAAG,EAE/C,OAAOpB,EACL,sEACA,CACE,aAAcF,CAChB,CACF,EAIJ,OAAOS,EAAG,CACR,GAAIQ,EACJ,KAAMC,EACN,UAAWC,EACX,iBAAkBC,CACpB,CAAC,CACH,CAEO,SAASG,GACdvB,EAC2D,CAC3D,GAAI,CAACC,EAASD,CAAI,EAChB,OAAOE,EAAgB,wCAAyC,CAAE,aAAcF,CAAK,CAAC,EAGxF,IAAMG,EAAaC,EAASJ,EAAM,YAAY,EACxCW,EAASP,EAASJ,EAAM,QAAQ,EAChCwB,EAAUpB,EAASJ,EAAM,SAAS,EAClCyB,EAAYrB,EAASJ,EAAM,WAAW,EAE5C,OAAKO,EAASJ,CAAU,EAMtB,CAACI,EAASI,CAAM,GAChB,CAACb,GAA0B,SAASa,CAAoD,EAEjFT,EAAgB,8DAA+D,CACpF,aAAcF,CAChB,CAAC,EAEEO,EAASiB,CAAO,EAKhBjB,EAASkB,CAAS,EAMhBhB,EAAG,CACR,WAAAN,EACA,OAAQQ,EACR,QAAAa,EACA,UAAAC,CACF,CAAC,EAVQvB,EAAgB,iDAAkD,CACvE,aAAcF,CAChB,CAAC,EAPME,EAAgB,+CAAgD,CACrE,aAAcF,CAChB,CAAC,EAfME,EAAgB,kDAAmD,CACxE,aAAcF,CAChB,CAAC,CA2BL,CAEO,SAAS0B,GACd1B,EACoD,CACpD,GAAI,CAACC,EAASD,CAAI,EAChB,OAAOE,EAAgB,wCAAyC,CAAE,aAAcF,CAAK,CAAC,EAGxF,IAAMG,EAAaC,EAASJ,EAAM,YAAY,EACxCW,EAASP,EAASJ,EAAM,QAAQ,EAChCwB,EAAUpB,EAASJ,EAAM,SAAS,EAClCyB,EAAYrB,EAASJ,EAAM,WAAW,EACtC2B,EAAgBvB,EAASJ,EAAM,eAAe,EAEpD,OAAKO,EAASJ,CAAU,EAKpBQ,IAAW,YACNT,EAAgB,iDAAkD,CACvE,aAAcF,CAChB,CAAC,EAEC,CAACO,EAASiB,CAAO,GAAK,CAACjB,EAASkB,CAAS,GAAK,CAAClB,EAASoB,CAAa,EAChEzB,EACL,0EACA,CAAE,aAAcF,CAAK,CACvB,EAGKS,EAAG,CACR,WAAAN,EACA,OAAQ,YACR,QAAAqB,EACA,UAAAC,EACA,cAAAE,CACF,CAAC,EAtBQzB,EAAgB,kDAAmD,CACxE,aAAcF,CAChB,CAAC,CAqBL,CC1PO,IAAM4B,EAAN,KAAgB,CACrB,YACmBC,EACAC,EACAC,EAAyC,CAAC,EAC3D,CAHiB,gBAAAF,EACA,aAAAC,EACA,oBAAAC,CAChB,CAEK,aAAaC,EAAwD,CAC3E,MAAO,CAAE,GAAG,KAAK,eAAgB,GAAGA,CAAM,CAC5C,CAEA,MAAc,KACZC,EACAC,EACAC,EACsC,CACtC,IAAMC,EAAM,GAAG,KAAK,OAAO,GAAGH,CAAI,GAC5BI,EAAS,MAAM,KAAK,WAAW,KAAcD,EAAKF,EAAM,KAAK,aAAa,CAAC,EAEjF,OAAKG,EAAO,GAILF,EAASE,EAAO,KAAK,EAHnBC,EAAID,EAAO,KAAK,CAI3B,CAEA,MAAc,IACZJ,EACAE,EACAI,EACsC,CACtC,IAAMH,EAAM,GAAG,KAAK,OAAO,GAAGH,CAAI,GAC5BI,EAAS,MAAM,KAAK,WAAW,IAAaD,EAAK,KAAK,aAAaG,CAAO,CAAC,EAEjF,OAAKF,EAAO,GAILF,EAASE,EAAO,KAAK,EAHnBC,EAAID,EAAO,KAAK,CAI3B,CAEA,MAAM,cACJG,EACwD,CACxD,OAAO,KAAK,KAAK,8BAA+BA,EAASC,EAA6B,CACxF,CAEA,MAAM,UAAUD,EAA+E,CAC7F,OAAO,KAAK,KAAK,0BAA2BA,EAASE,EAAyB,CAChF,CAEA,MAAM,eACJF,EACyD,CACzD,OAAO,KAAK,KAAK,+BAAgCA,EAASG,EAA8B,CAC1F,CAEA,MAAM,WACJH,EACqD,CACrD,OAAO,KAAK,KAAK,2BAA4BA,EAASI,EAA0B,CAClF,CAEA,MAAM,gBACJC,EAC0D,CAC1D,OAAO,KAAK,IAAI,wBAAyBC,GAAiC,CACxE,cAAe,UAAUD,CAAY,EACvC,CAAC,CACH,CAEA,MAAM,mBAAmBE,EAAuD,CAC9E,IAAMX,EAAM,GAAG,KAAK,OAAO,2BACrBC,EAAS,MAAM,KAAK,WAAW,KAAcD,EAAK,CAAE,OAAAW,CAAO,EAAG,KAAK,aAAa,CAAC,EACvF,OAAKV,EAAO,GACLW,EAAG,MAAS,EADIV,EAAID,EAAO,KAAK,CAEzC,CAEA,MAAM,gBACJU,EACAE,EAC2D,CAC3D,OAAO,KAAK,KAAK,4BAA6B,CAAE,OAAAF,EAAQ,KAAAE,CAAK,EAAGC,EAA2B,CAC7F,CAEA,MAAM,gBACJV,EAC0D,CAC1D,OAAO,KAAK,KAAK,oBAAqBA,EAASW,EAA+B,CAChF,CAEA,MAAM,oBACJC,EAC2D,CAC3D,OAAO,KAAK,IAAI,eAAeA,CAAS,UAAWC,EAAgC,CACrF,CAEA,MAAM,sBACJD,EAC0E,CAC1E,OAAO,KAAK,IAAI,eAAeA,CAAS,YAAaE,EAAkC,CACzF,CAEA,MAAM,0BACJF,EACAZ,EACoE,CACpE,OAAO,KAAK,KACV,eAAeY,CAAS,oBACxBZ,EACAe,EACF,CACF,CAEA,MAAM,mBACJH,EACAZ,EAC6D,CAC7D,OAAO,KAAK,KACV,eAAeY,CAAS,YACxBZ,EACAgB,EACF,CACF,CACF,EC3JA,IAAMC,GAAqB,IAE3B,SAASC,IAA4B,CACnC,OAAI,OAAO,OAAW,KAAe,OAAO,OAAO,YAAe,WACzD,OAAO,WAAW,EAEpB,GAAG,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,EAAG,EAAE,CAAC,EACjE,CAMO,SAASC,GAAgBC,EAAiBC,EAAwB,CACvE,IAAMC,EAAQD,EAAS,KAAK,IAAI,EAAGD,CAAO,EAC1C,OAAO,KAAK,IAAIE,EAAOL,EAAkB,CAC3C,CAEA,SAASM,GAAoBC,EAAgBC,EAAyB,CACpE,OAAID,IAAW,MAAc,GACtBC,GAAU,KAAOA,IAAW,GACrC,CAEO,IAAMC,EAAN,KAA4C,CACjD,YACmBC,EACAC,EAAqB,EACrBC,EAAuB,IACvBC,EACjB,CAJiB,eAAAH,EACA,gBAAAC,EACA,kBAAAC,EACA,YAAAC,CAChB,CAEH,MAAM,IAAOC,EAAaC,EAAsE,CAC9F,OAAO,KAAK,QAAWD,EAAK,CAAE,OAAQ,MAAO,QAAAC,CAAQ,CAAC,CACxD,CAEA,MAAM,KACJD,EACAE,EACAD,EACoC,CACpC,OAAO,KAAK,QAAWD,EAAK,CAC1B,OAAQ,OACR,KAAM,KAAK,UAAUE,CAAI,EACzB,QAAS,CAAE,eAAgB,mBAAoB,GAAGD,CAAQ,CAC5D,CAAC,CACH,CAEA,MAAc,QAAWD,EAAaG,EAAyD,CAC7F,IAAMV,GAAUU,EAAO,QAAU,OAAO,YAAY,EAC9CC,EAAYjB,GAAkB,EAC9Bc,EAAU,IAAI,QAAQE,EAAO,OAAsB,EACzDF,EAAQ,IAAI,eAAgBG,CAAS,EAEjC,KAAK,QACP,KAAK,OAAO,MAAM,UAAW,CAAE,UAAAA,EAAW,IAAAJ,EAAK,OAAAP,CAAO,CAAC,EAGzD,IAAIY,EAEJ,QAAShB,EAAU,EAAGA,GAAW,KAAK,WAAYA,IAChD,GAAI,CACF,IAAMiB,EAAa,IAAI,gBACjBC,EAAY,WAAW,IAAMD,EAAW,MAAM,EAAG,KAAK,SAAS,EAE/DE,EAAW,MAAM,MAAMR,EAAK,CAChC,GAAGG,EACH,QAAAF,EACA,OAAQK,EAAW,MACrB,CAAC,EAID,GAFA,aAAaC,CAAS,EAElB,CAACC,EAAS,GAAI,CAChB,IAAIC,EACJ,GAAI,CACFA,EAAY,MAAMD,EAAS,KAAK,CAClC,MAAQ,CAER,CAEA,IAAMN,EAAOO,EACPC,EAAUR,GAAM,SAAWM,EAAS,WACpCG,EAAQT,GAAM,OAA4C,kBAC1DU,EAAYC,EAAYF,EAAMD,EAAS,CAC3C,UAAAN,EACA,OAAQI,EAAS,OACjB,WAAYA,EAAS,WACrB,KAAMC,CACR,CAAC,EAED,GAAIjB,GAAoBC,EAAQe,EAAS,MAAM,GAAKnB,EAAU,KAAK,WAAY,CAC7EgB,EAAYO,EACZ,MAAM,IAAI,QAASE,GACjB,WAAWA,EAAS1B,GAAgBC,EAAS,KAAK,YAAY,CAAC,CACjE,EACA,QACF,CAEA,OAAO0B,EAAIH,CAAS,CACtB,CAEA,IAAMI,EAAQ,MAAMR,EAAS,KAAK,EAClC,OAAOS,EAAGD,CAAI,CAChB,OAASE,EAAO,CAGd,GAFAb,EAAYa,EACEzB,IAAW,OACZJ,EAAU,KAAK,WAC1B,MAAM,IAAI,QAASyB,GACjB,WAAWA,EAAS1B,GAAgBC,EAAS,KAAK,YAAY,CAAC,CACjE,MAEA,MAEJ,CAGF,OAAIgB,aAAqB,OAASA,EAAU,OAAS,aAC5CU,EAAIF,EAAY,UAAW,oBAAqB,CAAE,UAAAT,CAAU,CAAC,CAAC,EAGhEW,EACLF,EACE,kBACAR,aAAqB,MAAQA,EAAU,QAAU,iBACjD,CAAE,UAAAD,EAAW,MAAOC,CAAU,CAChC,CACF,CACF,CACF,ECpIO,SAASc,GAA+B,CAC7C,GAAI,CAKF,MAJI,SAAO,UAAc,KAAe,CAAC,UAAU,aAI/C,OAAO,oBAAwB,IAKrC,MAAQ,CACN,MAAO,EACT,CACF,CAEA,eAAsBC,IAAqD,CACzE,GAAI,CAKF,MAJI,CAACD,EAAoB,GAIrB,OAAO,oBAAoB,+CAAkD,WACxE,GAGF,MAAM,oBAAoB,8CAA8C,CACjF,MAAQ,CACN,MAAO,EACT,CACF,CAEA,eAAsBE,IAAyC,CAC7D,IAAMC,EAAqBH,EAAoB,EACzCI,EAAiC,MAAMH,GAAiC,EAE9E,MAAO,CACL,mBAAAE,EACA,+BAAAC,EACA,gBAAiBD,EAAqB,UAAY,UACpD,CACF,CCzCO,SAASE,EAAgBC,EAA0B,CACxD,IAAMC,EAAQ,IAAI,WAAWD,CAAG,EAC5BE,EAAS,GACb,QAASC,EAAI,EAAGA,EAAIF,EAAM,OAAQE,IAChCD,GAAU,OAAO,aAAaD,EAAME,CAAC,GAAK,CAAC,EAG7C,IAAIC,EAAS,GACb,GAAI,OAAO,KAAS,IAClBA,EAAS,KAAKF,CAAM,UACX,OAAO,OAAW,IAC3BE,EAAS,OAAO,KAAKF,EAAQ,QAAQ,EAAE,SAAS,QAAQ,MAExD,OAAMG,GAAoB,QAAQ,EAGpC,OAAOD,EAAO,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,KAAM,EAAE,CACxE,CAEO,SAASE,GAAgBC,EAAuB,CACrD,IAAIH,EAASG,EAAE,QAAQ,KAAM,GAAG,EAAE,QAAQ,KAAM,GAAG,EAE7CC,EAAUJ,EAAO,OAAS,EAC5BI,IAAY,IACdJ,GAAU,IAAI,OAAO,EAAII,CAAO,GAGlC,IAAIN,EAAS,GACb,GAAI,OAAO,KAAS,IAClBA,EAAS,KAAKE,CAAM,UACX,OAAO,OAAW,IAC3BF,EAAS,OAAO,KAAKE,EAAQ,QAAQ,EAAE,SAAS,QAAQ,MAExD,OAAMC,GAAoB,QAAQ,EAGpC,IAAMJ,EAAQ,IAAI,WAAWC,EAAO,MAAM,EAC1C,QAAS,EAAI,EAAG,EAAIA,EAAO,OAAQ,IACjCD,EAAM,CAAC,EAAIC,EAAO,WAAW,CAAC,EAGhC,OAAOD,CACT,CAEO,SAASQ,EAA6BF,EAAwB,CACnE,IAAMN,EAAQK,GAAgBC,CAAC,EACzBG,EAAS,IAAI,YAAYT,EAAM,MAAM,EAE3C,OADa,IAAI,WAAWS,CAAM,EAC7B,IAAIT,CAAK,EACPS,CACT,CClDO,SAASC,EACdC,EACAC,EAA8B,SACa,CAC3C,GACE,CAACD,GACD,OAAOA,GAAe,UACtB,EAAE,OAAQA,IACV,EAAE,UAAWA,IACb,EAAE,aAAcA,GAEhB,MAAME,GAAsBD,CAAS,CAEzC,CCLA,SAASE,GACPC,EAC+E,CAC/E,OACEA,IAAa,MACb,OAAOA,GAAa,UACpB,mBAAoBA,GACpBA,EAAS,0BAA0B,WAEvC,CAUO,SAASC,EACdC,EACiC,CACjC,GAAI,CAACA,EAAW,SACd,MAAMC,EAAY,gBAAiB,iCAAkC,CAAE,WAAAD,CAAW,CAAC,EAGrF,IAAMF,EAAWE,EAAW,SAE5B,GAAI,CAACH,GAA0BC,CAAQ,EACrC,MAAMG,EAAY,gBAAiB,wCAAyC,CAAE,SAAAH,CAAS,CAAC,EAG1F,GAAI,EAAE,sBAAuBA,GAC3B,MAAMG,EACJ,gBACA,mFACA,CAAE,SAAAH,CAAS,CACb,EAGF,IAAMI,EAAiBJ,EAAS,eAC1BK,EAAqBL,EAA8C,kBAEzE,MAAO,CACL,GAAIE,EAAW,GACf,MAAOI,EAAgBJ,EAAW,KAAK,EACvC,SAAU,CACR,eAAgBI,EAAgBF,CAAc,EAC9C,kBAAmBE,EAAgBD,CAAiB,CACtD,EACA,KAAM,YACR,CACF,CAUO,SAASE,GACdL,EAC6B,CAC7B,GAAI,CAACA,EAAW,SACd,MAAMC,EAAY,gBAAiB,iCAAkC,CAAE,WAAAD,CAAW,CAAC,EAGrF,IAAMF,EAAWE,EAAW,SAE5B,GAAI,CAACH,GAA0BC,CAAQ,EACrC,MAAMG,EAAY,gBAAiB,wCAAyC,CAAE,SAAAH,CAAS,CAAC,EAG1F,GAAI,EAAE,sBAAuBA,IAAa,EAAE,cAAeA,GACzD,MAAMG,EACJ,gBACA,4FACA,CAAE,SAAAH,CAAS,CACb,EAGF,IAAMI,EAAiBJ,EAAS,eAC1BQ,EAAqBR,EAA4C,kBACjES,EAAaT,EAA4C,UACzDU,EAAcV,EAA4C,WAEhE,MAAO,CACL,GAAIE,EAAW,GACf,MAAOI,EAAgBJ,EAAW,KAAK,EACvC,SAAU,CACR,kBAAmBI,EAAgBE,CAAiB,EACpD,eAAgBF,EAAgBF,CAAc,EAC9C,UAAWE,EAAgBG,CAAS,EACpC,GAAIC,GAAc,CAAE,WAAYJ,EAAgBI,CAAU,CAAE,CAC9D,EACA,KAAM,YACR,CACF,CChFO,SAASC,GACdC,EACAC,EACmD,CACnD,GAAI,CACFC,EAAkBF,EAAU,UAAW,WAAW,EAClDE,EAAkBF,EAAU,KAAK,GAAI,SAAS,EAE9C,IAAMG,EAAkBC,EAA6BJ,EAAU,SAAS,EAClEK,EAAeD,EAA6BJ,EAAU,KAAK,EAAE,EAG/DM,EAAyD,CAC3D,iBAAkB,WACpB,EAEIN,EAAU,yBAEZM,EAAyB,CACvB,GAAGN,EAAU,sBACf,GAIEC,IACFK,EAAyB,CACvB,GAAGA,EACH,wBAAyBL,CAC3B,GAGF,IAAMM,EAAgD,CACpD,GAAI,CACF,GAAIP,EAAU,GAAG,GACjB,KAAMA,EAAU,GAAG,IACrB,EACA,KAAM,CACJ,GAAIK,EACJ,KAAML,EAAU,KAAK,KACrB,YAAaA,EAAU,KAAK,WAC9B,EACA,UAAWG,EACX,iBAAkBH,EAAU,iBAC5B,GAAIA,EAAU,UAAY,QAAa,CAAE,QAASA,EAAU,OAAQ,EACpE,YAAa,OACb,uBAAAM,EACA,GAAIN,EAAU,oBAAsB,CAClC,mBAAoBA,EAAU,mBAAmB,IAAKQ,IAAU,CAC9D,GAAIJ,EAA6BI,EAAK,EAAE,EACxC,KAAMA,EAAK,KACX,GAAIA,EAAK,YAAc,CACrB,WAAYA,EAAK,UACnB,CACF,EAAE,CACJ,CACF,EAEA,OAAOC,EAAG,CAAE,UAAAF,CAAU,CAAC,CACzB,OAASG,EAAG,CACV,OAAOC,EAAIC,EAAiBF,CAAC,CAAC,CAChC,CACF,CAMA,SAASG,GACPb,EACAc,EACkD,CAClD,GAAI,CACFZ,EAAkBF,EAAU,UAAW,WAAW,EAClD,IAAMG,EAAkBC,EAA6BJ,EAAU,SAAS,EAExE,OAAOS,EAAG,CACR,UAAW,CACT,UAAWN,EACX,KAAMH,EAAU,KAChB,GAAIA,EAAU,UAAY,QAAa,CAAE,QAASA,EAAU,OAAQ,EACpE,iBAAkBA,EAAU,kBAAoB,YAChD,GAAIA,EAAU,kBAAoB,CAChC,iBAAkBA,EAAU,iBAAiB,IAAKQ,IAAU,CAC1D,GAAIJ,EAA6BI,EAAK,EAAE,EACxC,KAAMA,EAAK,KACX,GAAIA,EAAK,YAAc,CACrB,WAAYA,EAAK,UACnB,CACF,EAAE,CACJ,CACF,EACA,GAAIM,IAAc,QAAa,CAAE,UAAAA,CAAU,CAC7C,CAAC,CACH,OAASJ,EAAG,CACV,OAAOC,EAAIC,EAAiBF,CAAC,CAAC,CAChC,CACF,CAMA,eAAsBK,GACpBC,EACAC,EACAC,EACiD,CACjDA,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,UAAW,UAAW,CAAC,EAEnE,GAAI,CACF,IAAMC,EAAmBH,EAAQ,gBAAkBA,EAAQ,iBAC3D,GACE,CAACG,GACD,OAAOA,GAAqB,UAC5BA,EAAiB,KAAK,IAAM,GAE5B,OAAOR,EACLS,EACE,mBACA,2DACF,CACF,EAGF,GAAI,CAACC,EAAoB,EACvB,OAAOV,EAAIW,GAAwB,CAAC,EAItC,IAAMC,EAAsB,MAAMN,EAAU,cAAc,CACxD,iBAAkBE,EAAiB,KAAK,CAC1C,CAAC,EAED,GAAI,CAACI,EAAoB,GACvB,OAAAL,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,MAAOK,EAAoB,KAAM,CAAC,EACvEZ,EAAIY,EAAoB,KAAK,EAGtC,IAAMC,EAAgBD,EAAoB,MACpCE,EAAaD,EAAc,WAG3BE,EAAwB3B,GAC5ByB,EAAc,UACdR,EAAQ,iBACV,EAEA,GAAI,CAACU,EAAsB,GACzB,OAAAR,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,MAAOQ,EAAsB,KAAM,CAAC,EACzEf,EAAIe,EAAsB,KAAK,EAGxC,IAAMC,EAAkBD,EAAsB,MAE1CV,EAAQ,SACVW,EAAgB,OAASX,EAAQ,QAInC,IAAIY,EACJ,GAAI,CACFA,EAAa,MAAM,UAAU,YAAY,OAAOD,CAAe,CACjE,OAASjB,EAAG,CACV,IAAMmB,EAAQjB,EAAiBF,CAAC,EAChC,OAAAQ,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,MAAAW,CAAM,CAAC,EAC5ClB,EAAIkB,CAAK,CAClB,CAIA,GAAI,CACFC,EAA4BF,EAAY,QAAQ,CAClD,OAASlB,EAAG,CACV,IAAMmB,EAAQjB,EAAiBF,CAAC,EAChC,OAAAQ,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,MAAAW,CAAM,CAAC,EAC5ClB,EAAIkB,CAAK,CAClB,CAGA,IAAIE,EACJ,GAAI,CACFA,EAAuBC,EAA+BJ,CAAiC,CACzF,OAASlB,EAAG,CAGV,IAAMmB,EAAQjB,EAAiBF,CAAC,EAChC,OAAAQ,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,MAAAW,CAAM,CAAC,EAC5ClB,EAAIkB,CAAK,CAClB,CAGA,IAAMI,EAAe,MAAMhB,EAAU,eAAe,CAClD,WAAAQ,EACA,WAAYM,CACd,CAAC,EAED,GAAI,CAACE,EAAa,GAChB,OAAAf,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,MAAOe,EAAa,KAAM,CAAC,EAChEtB,EAAIsB,EAAa,KAAK,EAG/B,IAAMC,EAASD,EAAa,MAE5B,OAAAf,EAAa,KAAK,UAAW,CAAE,KAAM,UAAW,UAAW,UAAW,CAAC,EAEhET,EAAG,CACR,QAAS,GACT,cAAeyB,EAAO,cACtB,OAAQA,EAAO,OACf,cAAeA,EAAO,cACtB,KAAMA,EAAO,IACf,CAAC,CACH,OAASL,EAAO,CAEd,IAAMM,EAAcvB,EAAiBiB,CAAK,EAC1C,OAAAX,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,MAAOiB,CAAY,CAAC,EACzDxB,EAAIwB,CAAW,CACxB,CACF,CAMA,eAAsBC,GACpBpB,EACAC,EACAC,EACqD,CACrDA,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,UAAW,cAAe,CAAC,EAEvE,GAAI,CACF,IAAMC,EAAmBH,EAAQ,gBAAkBA,EAAQ,iBAC3D,GACE,CAACG,GACD,OAAOA,GAAqB,UAC5BA,EAAiB,KAAK,IAAM,GAE5B,OAAOR,EACLS,EACE,mBACA,2DACF,CACF,EAGF,GAAI,CAACC,EAAoB,EACvB,OAAOV,EAAIW,GAAwB,CAAC,EAItC,IAAMC,EAAsB,MAAMN,EAAU,UAAU,CACpD,iBAAkBE,EAAiB,KAAK,CAC1C,CAAC,EAED,GAAI,CAACI,EAAoB,GACvB,OAAAL,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,MAAOK,EAAoB,KAAM,CAAC,EACvEZ,EAAIY,EAAoB,KAAK,EAGtC,IAAMC,EAAgBD,EAAoB,MACpCE,EAAaD,EAAc,WAG3Ba,EAAuBxB,GAC3BW,EAAc,UACdR,EAAQ,SACV,EACA,GAAI,CAACqB,EAAqB,GACxB,OAAAnB,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,MAAOmB,EAAqB,KAAM,CAAC,EACxE1B,EAAI0B,EAAqB,KAAK,EAGvC,IAAMC,EAAiBD,EAAqB,MAExCrB,EAAQ,SACVsB,EAAe,OAAStB,EAAQ,QAIlC,IAAIY,EACJ,GAAI,CACFA,EAAa,MAAM,UAAU,YAAY,IAAIU,CAAc,CAC7D,OAAS5B,EAAG,CACV,IAAMmB,EAAQjB,EAAiBF,CAAC,EAChC,OAAAQ,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,MAAAW,CAAM,CAAC,EAC5ClB,EAAIkB,CAAK,CAClB,CAEA,GAAI,CACFC,EAA4BF,EAAY,KAAK,CAC/C,OAASlB,EAAG,CACV,IAAMmB,EAAQjB,EAAiBF,CAAC,EAChC,OAAAQ,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,MAAAW,CAAM,CAAC,EAC5ClB,EAAIkB,CAAK,CAClB,CAGA,IAAIE,EACJ,GAAI,CACFA,EAAuBQ,GAA2BX,CAAiC,CACrF,OAASlB,EAAG,CACV,IAAMmB,EAAQjB,EAAiBF,CAAC,EAChC,OAAAQ,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,MAAAW,CAAM,CAAC,EAC5ClB,EAAIkB,CAAK,CAClB,CAGA,IAAMI,EAAe,MAAMhB,EAAU,WAAW,CAC9C,WAAAQ,EACA,WAAYM,CACd,CAAC,EAED,GAAI,CAACE,EAAa,GAChB,OAAAf,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,MAAOe,EAAa,KAAM,CAAC,EAChEtB,EAAIsB,EAAa,KAAK,EAG/B,IAAMC,EAASD,EAAa,MAE5B,OAAAf,EAAa,KAAK,UAAW,CAC3B,KAAM,UACN,UAAW,cACb,CAAC,EAEMT,EAAG,CACR,cAAeyB,EAAO,cACtB,cAAeA,EAAO,cACtB,KAAMA,EAAO,KACb,QAASA,EAAO,OAClB,CAAC,CACH,OAASL,EAAO,CACd,IAAMM,EAAcvB,EAAiBiB,CAAK,EAC1C,OAAAX,EAAa,KAAK,QAAS,CAAE,KAAM,QAAS,MAAOiB,CAAY,CAAC,EACzDxB,EAAIwB,CAAW,CACxB,CACF,CClWA,IAAMK,GAAmB,IACnBC,GAAoB,GAEbC,EAAN,KAAwB,CAC7B,YAA6BC,EAAsB,CAAtB,eAAAA,CAAuB,CASpD,MAAM,UACJC,EAC2D,CAC3D,IAAMC,EAAc,MAAM,KAAK,UAAU,gBAAgB,CAAE,UAAWD,EAAQ,SAAU,CAAC,EACzF,GAAI,CAACC,EAAY,GAAI,OAAOC,EAAID,EAAY,KAAK,EAEjD,GAAM,CAAE,WAAAE,CAAW,EAAIF,EAAY,MAEnC,QAASG,EAAU,EAAGA,EAAUP,GAAmBO,IAAW,CAC5D,MAAM,IAAI,QAASC,GAAY,WAAWA,EAAST,EAAgB,CAAC,EAEpE,IAAMU,EAAe,MAAM,KAAK,UAAU,oBAAoBH,CAAU,EACxE,GAAI,CAACG,EAAa,GAAI,OAAOJ,EAAII,EAAa,KAAK,EAEnD,IAAMC,EAASD,EAAa,MAAM,OAC5BE,EAAiBF,EAAa,MAAM,eAE1C,GAAIC,IAAW,kBAAmB,CAChC,IAAME,EAAqB,MAAM,KAAK,UAAU,sBAAsBN,CAAU,EAChF,GAAI,CAACM,EAAmB,GAAI,OAAOP,EAAIO,EAAmB,KAAK,EAE/D,IAAMC,EAAeD,EAAmB,MAExC,GAAI,CAACC,EAAa,UAChB,OAAOR,EACLS,EACE,gBACA,iGACA,CAAE,eAAAH,CAAe,CACnB,CACF,EAGF,IAAMI,EAAwBC,GAA0BH,EAAa,SAAS,EAC9E,GAAI,CAACE,EAAsB,GAAI,OAAOV,EAAIU,EAAsB,KAAK,EAErE,IAAIE,EACJ,GAAI,CACFA,EAAa,MAAM,UAAU,YAAY,OAAOF,EAAsB,KAAK,CAC7E,OAASG,EAAG,CACV,OAAOb,EAAIc,EAAiBD,CAAC,CAAC,CAChC,CAEA,GAAI,CACFE,EAA4BH,EAAY,QAAQ,CAClD,OAASC,EAAG,CACV,OAAOb,EAAIc,EAAiBD,CAAC,CAAC,CAChC,CAEA,IAAIG,EACJ,GAAI,CACFA,EAAuBC,EAA+BL,CAAiC,CACzF,OAASC,EAAG,CACV,OAAOb,EAAIc,EAAiBD,CAAC,CAAC,CAChC,CAEA,IAAMK,EAAwB,MAAM,KAAK,UAAU,0BAA0BjB,EAAY,CACvF,WAAYe,EACZ,UAAWR,EAAa,UAAU,SACpC,CAAC,EACD,OAAKU,EAAsB,GAEJ,MAAM,KAAK,UAAU,mBAAmBjB,EAAY,CACzE,aAAcH,EAAQ,YACxB,CAAC,EAJqCE,EAAIkB,EAAsB,KAAK,CAMvE,CAEA,GAAIb,IAAW,YAIb,OAHuB,MAAM,KAAK,UAAU,mBAAmBJ,EAAY,CACzE,aAAcH,EAAQ,YACxB,CAAC,CAGL,CAEA,OAAOE,EAAIS,EAAY,UAAW,sBAAsB,CAAC,CAC3D,CACF,ECpGO,IAAMU,EAAN,KAAmB,CAChB,SAER,aAAc,CACZ,KAAK,SAAW,IAAI,GACtB,CAEA,GAAGC,EAAuBC,EAAmC,CAC3D,IAAIC,EAAc,KAAK,SAAS,IAAIF,CAAK,EACzC,OAAKE,IACHA,EAAc,IAAI,IAClB,KAAK,SAAS,IAAIF,EAAOE,CAAW,GAGtCA,EAAY,IAAID,CAAO,EAEhB,IAAM,CACX,KAAK,IAAID,EAAOC,CAAO,CACzB,CACF,CAEA,IAAID,EAAuBC,EAA6B,CACtD,IAAMC,EAAc,KAAK,SAAS,IAAIF,CAAK,EACtCE,IAGLA,EAAY,OAAOD,CAAO,EACtBC,EAAY,OAAS,GACvB,KAAK,SAAS,OAAOF,CAAK,EAE9B,CAEA,KAAKA,EAAuBG,EAA6B,CACvD,IAAMD,EAAc,KAAK,SAAS,IAAIF,CAAK,EACvCE,GACFA,EAAY,QAASD,GAAY,CAC/B,GAAI,CACFA,EAAQE,CAAO,CACjB,MAAQ,CAGR,CACF,CAAC,CAEL,CAEA,oBAA2B,CACzB,KAAK,SAAS,MAAM,CACtB,CACF,EChDO,IAAMC,GAAuB,gCACvBC,GAA6B,6CCEnC,SAASC,GAA6BC,EAAmC,CAC9E,MAAO,CACL,MAAM,KAAKC,EAA0C,CACnD,IAAMC,EAAO,KAAK,UAAUD,CAAO,EACnC,GAAI,OAAO,UAAc,KAAe,OAAO,UAAU,YAAe,WAAY,CAClF,UAAU,WAAWD,EAAUE,CAAI,EACnC,MACF,CACI,OAAO,MAAU,KACnB,MAAM,MAAMF,EAAU,CACpB,OAAQ,OACR,KAAAE,EACA,QAAS,CAAE,eAAgB,kBAAmB,EAC9C,UAAW,EACb,CAAC,CAEL,CACF,CACF,CCTO,SAASC,GAAsBC,EAAuBC,EAAqC,CAChG,MAAO,CAAE,MAAAD,EAAO,UAAAC,EAAW,GAAI,EAAK,CACtC,CCwBO,IAAMC,EAAN,KAAgB,CACb,UACA,aACA,gBACD,WAEP,YAAYC,EAAyB,CACnC,IAAMC,EAAQD,EAAO,MACfE,EAAiBF,EAAO,eAC9B,GAAI,CAACC,GAAS,OAAOA,GAAU,UAAYA,EAAM,KAAK,IAAM,GAC1D,MAAME,EAA2B,QAAS,4BAA4B,EAExE,GAAI,CAACD,GAAkB,OAAOA,GAAmB,UAAYA,EAAe,KAAK,IAAM,GACrF,MAAMC,EAA2B,iBAAkB,4BAA4B,EAGjF,IAAMC,EAAaJ,EAAO,YAAcK,GACxCC,GAAYF,EAAY,YAAY,EAEpC,IAAMG,EAAYP,EAAO,WAAa,IACtCQ,EAAcD,EAAW,YAAa,IAAgB,GAAc,EAEhEP,EAAO,aAAe,QACxBQ,EAAcR,EAAO,WAAY,aAAc,EAAiB,EAAe,EAG7EA,EAAO,eAAiB,QAC1BQ,EAAcR,EAAO,aAAc,eAAgB,IAAoB,GAAkB,EAG3F,IAAMS,EAAaT,EAAO,YAAc,EAClCU,EAAeV,EAAO,cAAgB,IACtCW,EAAa,IAAIC,EAAgBL,EAAWE,EAAYC,EAAcV,EAAO,MAAM,EAEnFa,EAAyC,CAC7C,WAAYZ,EAAM,KAAK,EACvB,cAAe,UAAUC,EAAe,KAAK,CAAC,EAChD,EAEA,KAAK,UAAY,IAAIY,EAAUH,EAAYP,EAAYS,CAAc,EACrE,KAAK,WAAa,IAAIE,EAAkB,KAAK,SAAS,EACtD,KAAK,aAAe,IAAIC,EAEpBhB,EAAO,kBACT,KAAK,gBACHA,EAAO,iBACPiB,GAA6BjB,EAAO,mBAAqBkB,EAA0B,EAEzF,CAEA,OAAO,aAAuB,CAC5B,OAAOC,EAAoB,CAC7B,CAEA,MAAM,SAASC,EAA2E,CACxF,IAAMC,EAAQ,KAAK,IAAI,EACjBC,EAAS,MAAMC,GAAgBH,EAAS,KAAK,UAAW,KAAK,YAAY,EAC/E,OAAIE,EAAO,IAAM,KAAK,iBACpB,KAAK,gBACF,KAAKE,GAAsB,WAAY,KAAK,IAAI,EAAIH,CAAK,CAAC,EAC1D,MAAM,IAAM,CAAC,CAAC,EAEZC,CACT,CAEA,MAAM,aACJF,EACqD,CACrD,IAAMC,EAAQ,KAAK,IAAI,EACjBC,EAAS,MAAMG,GAAoBL,EAAS,KAAK,UAAW,KAAK,YAAY,EACnF,OAAIE,EAAO,IAAM,KAAK,iBACpB,KAAK,gBACF,KAAKE,GAAsB,eAAgB,KAAK,IAAI,EAAIH,CAAK,CAAC,EAC9D,MAAM,IAAM,CAAC,CAAC,EAEZC,CACT,CAEA,MAAM,gBACJI,EAC0D,CAC1D,OAAO,KAAK,UAAU,gBAAgBA,CAAY,CACpD,CAEA,MAAM,WAAmC,CACvC,OAAOC,GAAgB,CACzB,CAEA,GAAGC,EAAuBC,EAAmC,CAC3D,OAAO,KAAK,aAAa,GAAGD,EAAOC,CAAO,CAC5C,CAEA,SAAkB,CAChB,MAA4C,OAC9C,CAEA,SAAW,CACT,MAAO,CACL,MAAO,MAAOT,GACL,KAAK,UAAU,mBAAmBA,EAAQ,MAAM,EAEzD,OAAQ,MACNA,GAEO,KAAK,UAAU,gBAAgBA,EAAQ,OAAQA,EAAQ,IAAI,CAEtE,CACF,CACF,EpBjJO,IAAMU,EAAmB,IAAI,iBAAgC,kBAAkB,EAJtFC,GAAAC,GAMAD,GAAA,IAAC,cAAW,CAAE,WAAY,MAAO,CAAC,GAC3B,IAAME,EAAN,KAAuB,CACX,UAAS,UAAOH,EAAkB,CAAE,SAAU,EAAK,CAAC,EAC7D,QAA4B,KAEpC,IAAI,QAAoB,CACtB,GAAI,KAAK,SAAW,KAAM,CACxB,GAAI,KAAK,QAAU,KACjB,MAAM,IAAI,MACR,sFACF,EAEF,KAAK,QAAU,IAAII,EAAU,KAAK,MAAM,CAC1C,CACA,OAAO,KAAK,OACd,CACF,EAfOF,GAAAG,GAAA,MAAMF,EAANG,GAAAJ,GAAA,qBADPD,GACaE,GAANI,GAAAL,GAAA,EAAMC,GDDN,SAASK,GAAuBC,EAAmC,CACxE,MAAO,CAAE,QAASC,EAAkB,SAAUD,CAAO,CACvD","names":["angular_exports","__export","TRYMELLON_CONFIG","TryMellonService","provideTryMellonConfig","__toCommonJS","import_core","ok","value","err","error","TryMellonError","_TryMellonError","code","message","details","DEFAULT_MESSAGES","createError","isTryMellonError","error","createNotSupportedError","createInvalidArgumentError","field","reason","createError","createCredentialError","operation","createEncodingError","type","validateUrl","url","fieldName","urlObj","createInvalidArgumentError","error","isTryMellonError","validateRange","value","min","max","validateBase64Url","s","DOM_EXCEPTION_ERROR_MAP","mapWebAuthnError","name","message","errorCode","createError","isObject","value","isString","isNumber","isBoolean","isArray","validationError","message","details","err","createError","required","obj","key","validateRegisterStartResponse","data","isObject","validationError","session_id","required","isString","challenge","rp","user","challengeStr","pubKeyCredParams","isArray","item","isNumber","timeout","excludeCredentials","c","authenticatorSelection","ok","validateAuthStartResponse","ch","rpId","allowCredentials","userVerification","validateRegisterFinishResponse","credential_id","status","session_token","userId","externalUserId","email","metadata","validateAuthFinishResponse","authenticated","signals","isBoolean","validateSessionValidateResponse","data","isObject","validationError","valid","required","user_id","external_user_id","tenant_id","app_id","isBoolean","isString","ok","validateEmailVerifyResponse","data","isObject","validationError","sessionToken","required","isString","ok","ONBOARDING_STATUSES","REGISTER_PASSKEY_STATUSES","validateOnboardingStartResponse","data","isObject","validationError","session_id","required","onboarding_url","expires_in","isString","isNumber","ok","validateOnboardingStatusResponse","status","validateOnboardingRegisterResponse","challenge","parsedChallenge","chResult","validateOnboardingChallenge","rp","user","challengeStr","pubKeyCredParams","isArray","item","validateOnboardingRegisterPasskeyResponse","user_id","tenant_id","validateOnboardingCompleteResponse","session_token","ApiClient","httpClient","baseUrl","defaultHeaders","extra","path","body","validate","url","result","err","headers","request","validateRegisterStartResponse","validateAuthStartResponse","validateRegisterFinishResponse","validateAuthFinishResponse","sessionToken","validateSessionValidateResponse","userId","ok","code","validateEmailVerifyResponse","validateOnboardingStartResponse","sessionId","validateOnboardingStatusResponse","validateOnboardingRegisterResponse","validateOnboardingRegisterPasskeyResponse","validateOnboardingCompleteResponse","RETRY_DELAY_CAP_MS","generateRequestId","getRetryDelayMs","attempt","baseMs","delay","shouldRetryOnStatus","method","status","FetchHttpClient","timeoutMs","maxRetries","retryDelayMs","logger","url","headers","body","config","requestId","lastError","controller","timeoutId","response","errorData","message","code","errResult","createError","resolve","err","data","ok","error","isWebAuthnSupported","isPlatformAuthenticatorAvailable","getClientStatus","isPasskeySupported","platformAuthenticatorAvailable","base64UrlEncode","buf","bytes","binary","i","base64","createEncodingError","base64UrlDecode","s","padding","base64UrlDecodeToArrayBuffer","buffer","validateCredentialStructure","credential","operation","createCredentialError","isValidCredentialResponse","response","serializeCredentialForRegister","credential","createError","clientDataJSON","attestationObject","base64UrlEncode","serializeCredentialForAuth","authenticatorData","signature","userHandle","createRegistrationOptions","challenge","authenticatorType","validateBase64Url","challengeBuffer","base64UrlDecodeToArrayBuffer","userIdBuffer","authenticatorSelection","publicKey","cred","ok","e","err","mapWebAuthnError","createAuthenticationOptions","mediation","registerPasskey","options","apiClient","eventEmitter","external_user_id","createInvalidArgumentError","isWebAuthnSupported","createNotSupportedError","startResponseResult","startResponse","session_id","creationOptionsResult","creationOptions","credential","error","validateCredentialStructure","serializedCredential","serializeCredentialForRegister","finishResult","result","mappedError","authenticatePasskey","requestOptionsResult","requestOptions","serializeCredentialForAuth","POLL_INTERVAL_MS","MAX_POLL_ATTEMPTS","OnboardingManager","apiClient","options","startResult","err","session_id","attempt","resolve","statusResult","status","onboarding_url","registerInfoResult","registerInfo","createError","creationOptionsResult","createRegistrationOptions","credential","e","mapWebAuthnError","validateCredentialStructure","serializedCredential","serializeCredentialForRegister","registerPasskeyResult","EventEmitter","event","handler","handlersSet","payload","DEFAULT_API_BASE_URL","DEFAULT_TELEMETRY_ENDPOINT","createDefaultTelemetrySender","endpoint","payload","body","buildTelemetryPayload","event","latencyMs","TryMellon","config","appId","publishableKey","createInvalidArgumentError","apiBaseUrl","DEFAULT_API_BASE_URL","validateUrl","timeoutMs","validateRange","maxRetries","retryDelayMs","httpClient","FetchHttpClient","defaultHeaders","ApiClient","OnboardingManager","EventEmitter","createDefaultTelemetrySender","DEFAULT_TELEMETRY_ENDPOINT","isWebAuthnSupported","options","start","result","registerPasskey","buildTelemetryPayload","authenticatePasskey","sessionToken","getClientStatus","event","handler","TRYMELLON_CONFIG","_TryMellonService_decorators","_init","TryMellonService","TryMellon","__decoratorStart","__decorateElement","__runInitializers","provideTryMellonConfig","config","TRYMELLON_CONFIG"]}

package/dist/angular.d.cts ADDED Viewed

@@ -0,0 +1,13 @@
+import { InjectionToken, Provider } from '@angular/core';
+import { T as TryMellon, e as TryMellonConfig } from './trymellon-Ca4kob_K.cjs';
+declare const TRYMELLON_CONFIG: InjectionToken<TryMellonConfig>;
+declare class TryMellonService {
+    private readonly config;
+    private _client;
+    get client(): TryMellon;
+}
+declare function provideTryMellonConfig(config: TryMellonConfig): Provider;
+export { TRYMELLON_CONFIG, TryMellonService, provideTryMellonConfig };

package/dist/angular.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { InjectionToken, Provider } from '@angular/core';
+import { T as TryMellon, e as TryMellonConfig } from './trymellon-Ca4kob_K.js';
+declare const TRYMELLON_CONFIG: InjectionToken<TryMellonConfig>;
+declare class TryMellonService {
+    private readonly config;
+    private _client;
+    get client(): TryMellon;
+}
+declare function provideTryMellonConfig(config: TryMellonConfig): Provider;
+export { TRYMELLON_CONFIG, TryMellonService, provideTryMellonConfig };

package/dist/angular.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use client";
+var Ne=Object.create;var J=Object.defineProperty;var Ue=Object.getOwnPropertyDescriptor;var he=(e,r)=>(r=Symbol[e])?r:Symbol.for("Symbol."+e),N=e=>{throw TypeError(e)};var Fe=(e,r,t)=>r in e?J(e,r,{enumerable:!0,configurable:!0,writable:!0,value:t}):e[r]=t;var fe=(e,r)=>J(e,"name",{value:r,configurable:!0});var Ee=e=>[,,,Ne(e?.[he("metadata")]??null)],be=["class","method","getter","setter","accessor","field","value","get","set"],D=e=>e!==void 0&&typeof e!="function"?N("Function expected"):e,Le=(e,r,t,n,s)=>({kind:be[e],name:r,metadata:n,addInitializer:i=>t._?N("Already initialized"):s.push(D(i||null))}),Ke=(e,r)=>Fe(r,he("metadata"),e[3]),_e=(e,r,t,n)=>{for(var s=0,i=e[r>>1],u=i&&i.length;s<u;s++)r&1?i[s].call(t):n=i[s].call(t,n);return n},Te=(e,r,t,n,s,i)=>{var u,p,g,y,m,d=r&7,_=!!(r&8),R=!!(r&16),E=d>3?e.length+1:d?_?1:2:0,S=be[d+5],x=d>3&&(e[E-1]=[]),$=e[E]||(e[E]=[]),A=d&&(!R&&!_&&(s=s.prototype),d<5&&(d>3||!R)&&Ue(d<4?s:{get[t](){return Re(this,i)},set[t](v){return ye(this,i,v)}},t));d?R&&d<4&&fe(i,(d>2?"set ":d>1?"get ":"")+t):fe(s,t);for(var X=n.length-1;X>=0;X--)y=Le(d,t,g={},e[3],$),d&&(y.static=_,y.private=R,m=y.access={has:R?v=>je(s,v):v=>t in v},d^3&&(m.get=R?v=>(d^1?Re:qe)(v,s,d^4?i:A.get):v=>v[t]),d>2&&(m.set=R?(v,z)=>ye(v,s,z,d^4?i:A.set):(v,z)=>v[t]=z)),p=(0,n[X])(d?d<4?R?i:A[S]:d>4?void 0:{get:A.get,set:A.set}:s,y),g._=1,d^4||p===void 0?D(p)&&(d>4?x.unshift(p):d?R?i=p:A[S]=p:s=p):typeof p!="object"||p===null?N("Object expected"):(D(u=p.get)&&(A.get=u),D(u=p.set)&&(A.set=u),D(u=p.init)&&x.unshift(u));return d||Ke(e,s),A&&J(s,t,A),R?d^4?i:A:s};var Z=(e,r,t)=>r.has(e)||N("Cannot "+t),je=(e,r)=>Object(r)!==r?N('Cannot use the "in" operator on this value'):e.has(r),Re=(e,r,t)=>(Z(e,r,"read from private field"),t?t.call(e):r.get(e));var ye=(e,r,t,n)=>(Z(e,r,"write to private field"),n?n.call(e,t):r.set(e,t),t),qe=(e,r,t)=>(Z(e,r,"access private method"),t);import{Injectable as dr,InjectionToken as cr,inject as gr}from"@angular/core";var h=e=>({ok:!0,value:e}),c=e=>({ok:!1,error:e});var F=class e extends Error{code;details;isTryMellonError=!0;constructor(r,t,n){super(t),this.name="TryMellonError",this.code=r,this.details=n,Error.captureStackTrace&&Error.captureStackTrace(this,e)}},Ve={NOT_SUPPORTED:"WebAuthn is not supported in this environment",USER_CANCELLED:"User cancelled the operation",PASSKEY_NOT_FOUND:"Passkey not found",SESSION_EXPIRED:"Session has expired",NETWORK_FAILURE:"Network request failed",INVALID_ARGUMENT:"Invalid argument provided",TIMEOUT:"Operation timed out",ABORTED:"Operation was aborted",UNKNOWN_ERROR:"An unknown error occurred"};function b(e,r,t){return new F(e,r??Ve[e],t)}function We(e){return e instanceof F||typeof e=="object"&&e!==null&&"isTryMellonError"in e&&e.isTryMellonError===!0}function Q(){return b("NOT_SUPPORTED")}function I(e,r){return b("INVALID_ARGUMENT",`Invalid argument: ${e} - ${r}`,{field:e,reason:r})}function ve(e){return b("UNKNOWN_ERROR",`Failed to ${e} credential`,{operation:e})}function ee(e){return b("NOT_SUPPORTED",`No base64 ${e==="encode"?"encoding":"decoding"} available`,{type:e})}function Ae(e,r){try{let t=new URL(e);if(t.protocol!=="https:"&&t.protocol!=="http:")throw I(r,"must use http or https protocol")}catch(t){throw We(t)?t:I(r,"must be a valid URL")}}function L(e,r,t,n){if(e<t||e>n)throw I(r,`must be between ${t} and ${n}`)}function K(e,r){if(typeof e!="string"||e.length===0)throw I(r,"must be a non-empty string");if(!/^[A-Za-z0-9_-]+$/.test(e))throw I(r,"must be a valid base64url string")}var Be={NotAllowedError:"USER_CANCELLED",AbortError:"ABORTED",NotSupportedError:"NOT_SUPPORTED",SecurityError:"NOT_SUPPORTED",InvalidStateError:"UNKNOWN_ERROR",UnknownError:"UNKNOWN_ERROR"};function T(e){if(e instanceof DOMException){let r=e.name,t=e.message||"WebAuthn operation failed",n=Be[r]??"UNKNOWN_ERROR";return b(n,t,{originalError:e})}return e instanceof Error?b("UNKNOWN_ERROR",e.message,{originalError:e}):b("UNKNOWN_ERROR","An unknown error occurred",{originalError:e})}function f(e){return typeof e=="object"&&e!==null&&!Array.isArray(e)}function l(e){return typeof e=="string"}function P(e){return typeof e=="number"&&Number.isFinite(e)}function j(e){return typeof e=="boolean"}function M(e){return Array.isArray(e)}function o(e,r){return c(b("NETWORK_FAILURE",e,{...r,originalData:r?.originalData}))}function a(e,r){return e[r]}function re(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"session_id");if(!l(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});let t=a(e,"challenge");if(!f(t))return o("Invalid API response: challenge must be object",{field:"challenge",originalData:e});let n=a(t,"rp");if(!f(n)||!l(n.name)||!l(n.id))return o("Invalid API response: challenge.rp must have name and id strings",{originalData:e});let s=a(t,"user");if(!f(s)||!l(s.id)||!l(s.name)||!l(s.displayName))return o("Invalid API response: challenge.user must have id, name, displayName strings",{originalData:e});let i=a(t,"challenge");if(!l(i))return o("Invalid API response: challenge.challenge must be string",{originalData:e});let u=a(t,"pubKeyCredParams");if(!M(u))return o("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:e});for(let m of u)if(!f(m)||m.type!=="public-key"||!P(m.alg))return o("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:e});let p=t.timeout;if(p!==void 0&&!P(p))return o("Invalid API response: challenge.timeout must be number",{originalData:e});let g=t.excludeCredentials;if(g!==void 0){if(!M(g))return o("Invalid API response: excludeCredentials must be array",{originalData:e});for(let m of g)if(!f(m)||m.type!=="public-key"||!l(m.id))return o("Invalid API response: excludeCredentials items must have id and type",{originalData:e})}let y=t.authenticatorSelection;return y!==void 0&&!f(y)?o("Invalid API response: authenticatorSelection must be object",{originalData:e}):h({session_id:r,challenge:{rp:n,user:s,challenge:i,pubKeyCredParams:u,...p!==void 0&&{timeout:p},...g!==void 0&&{excludeCredentials:g},...y!==void 0&&{authenticatorSelection:y}}})}function te(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"session_id");if(!l(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});let t=a(e,"challenge");if(!f(t))return o("Invalid API response: challenge must be object",{field:"challenge",originalData:e});let n=a(t,"challenge"),s=a(t,"rpId"),i=t.allowCredentials;if(!l(n))return o("Invalid API response: challenge.challenge must be string",{originalData:e});if(!l(s))return o("Invalid API response: challenge.rpId must be string",{originalData:e});if(i!==void 0&&!M(i))return o("Invalid API response: allowCredentials must be array",{originalData:e});if(i){for(let g of i)if(!f(g)||g.type!=="public-key"||!l(g.id))return o("Invalid API response: allowCredentials items must have id and type",{originalData:e})}let u=t.timeout;if(u!==void 0&&!P(u))return o("Invalid API response: challenge.timeout must be number",{originalData:e});let p=t.userVerification;return p!==void 0&&!["required","preferred","discouraged"].includes(String(p))?o("Invalid API response: userVerification must be required|preferred|discouraged",{originalData:e}):h({session_id:r,challenge:{challenge:n,rpId:s,allowCredentials:i??[],...u!==void 0&&{timeout:u},...p!==void 0&&{userVerification:p}}})}function ne(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"credential_id"),t=a(e,"status"),n=a(e,"session_token"),s=a(e,"user");if(!l(r))return o("Invalid API response: credential_id must be string",{field:"credential_id",originalData:e});if(!l(t))return o("Invalid API response: status must be string",{field:"status",originalData:e});if(!l(n))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});if(!f(s))return o("Invalid API response: user must be object",{field:"user",originalData:e});let i=a(s,"user_id"),u=a(s,"external_user_id");if(!l(i)||!l(u))return o("Invalid API response: user must have user_id and external_user_id strings",{originalData:e});let p=s.email,g=s.metadata;return p!==void 0&&!l(p)?o("Invalid API response: user.email must be string",{originalData:e}):g!==void 0&&(typeof g!="object"||g===null)?o("Invalid API response: user.metadata must be object",{originalData:e}):h({credential_id:r,status:t,session_token:n,user:{user_id:i,external_user_id:u,...p!==void 0&&{email:p},...g!==void 0&&{metadata:g}}})}function se(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"authenticated"),t=a(e,"session_token"),n=a(e,"user"),s=a(e,"signals");if(!j(r))return o("Invalid API response: authenticated must be boolean",{field:"authenticated",originalData:e});if(!l(t))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});if(!f(n))return o("Invalid API response: user must be object",{field:"user",originalData:e});let i=a(n,"user_id"),u=a(n,"external_user_id");return!l(i)||!l(u)?o("Invalid API response: user must have user_id and external_user_id strings",{originalData:e}):s!==void 0&&!f(s)?o("Invalid API response: signals must be object",{originalData:e}):h({authenticated:r,session_token:t,user:{user_id:i,external_user_id:u,...n.email!==void 0&&{email:n.email},...n.metadata!==void 0&&{metadata:n.metadata}},signals:s})}function ie(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"valid"),t=a(e,"user_id"),n=a(e,"external_user_id"),s=a(e,"tenant_id"),i=a(e,"app_id");return j(r)?l(t)?l(n)?l(s)?l(i)?h({valid:r,user_id:t,external_user_id:n,tenant_id:s,app_id:i}):o("Invalid API response: app_id must be string",{field:"app_id",originalData:e}):o("Invalid API response: tenant_id must be string",{field:"tenant_id",originalData:e}):o("Invalid API response: external_user_id must be string",{field:"external_user_id",originalData:e}):o("Invalid API response: user_id must be string",{field:"user_id",originalData:e}):o("Invalid API response: valid must be boolean",{field:"valid",originalData:e})}function oe(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"sessionToken");return l(r)?h({sessionToken:r}):o("Invalid API response: sessionToken must be string",{field:"sessionToken",originalData:e})}var Ye=["pending_passkey","pending_data","completed"],He=["pending_data","completed"];function ae(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"session_id"),t=a(e,"onboarding_url"),n=a(e,"expires_in");return l(r)?l(t)?P(n)?h({session_id:r,onboarding_url:t,expires_in:n}):o("Invalid API response: expires_in must be number",{field:"expires_in",originalData:e}):o("Invalid API response: onboarding_url must be string",{field:"onboarding_url",originalData:e}):o("Invalid API response: session_id must be string",{field:"session_id",originalData:e})}function le(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"status"),t=a(e,"onboarding_url"),n=a(e,"expires_in");return!l(r)||!Ye.includes(r)?o("Invalid API response: status must be pending_passkey|pending_data|completed",{field:"status",originalData:e}):l(t)?P(n)?h({status:r,onboarding_url:t,expires_in:n}):o("Invalid API response: expires_in must be number",{originalData:e}):o("Invalid API response: onboarding_url must be string",{originalData:e})}function ue(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"session_id"),t=a(e,"status"),n=a(e,"onboarding_url");if(!l(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});if(t!=="pending_passkey")return o("Invalid API response: status must be pending_passkey",{field:"status",originalData:e});if(!l(n))return o("Invalid API response: onboarding_url must be string",{originalData:e});let s=e.challenge,i;if(s!==void 0){let u=Ge(s);if(!u.ok)return u;i=u.value}return h({session_id:r,status:"pending_passkey",onboarding_url:n,...i!==void 0&&{challenge:i}})}function Ge(e){if(!f(e))return o("Invalid API response: challenge must be object",{originalData:e});let r=a(e,"rp"),t=a(e,"user"),n=a(e,"challenge"),s=a(e,"pubKeyCredParams");if(!f(r)||!l(r.name)||!l(r.id))return o("Invalid API response: challenge.rp must have name and id",{originalData:e});if(!f(t)||!l(t.id)||!l(t.name)||!l(t.displayName))return o("Invalid API response: challenge.user must have id, name, displayName",{originalData:e});if(!l(n))return o("Invalid API response: challenge.challenge must be string",{originalData:e});if(!M(s))return o("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:e});for(let i of s)if(!f(i)||i.type!=="public-key"||!P(i.alg))return o("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:e});return h({rp:r,user:t,challenge:n,pubKeyCredParams:s})}function pe(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"session_id"),t=a(e,"status"),n=a(e,"user_id"),s=a(e,"tenant_id");return l(r)?!l(t)||!He.includes(t)?o("Invalid API response: status must be pending_data|completed",{originalData:e}):l(n)?l(s)?h({session_id:r,status:t,user_id:n,tenant_id:s}):o("Invalid API response: tenant_id must be string",{originalData:e}):o("Invalid API response: user_id must be string",{originalData:e}):o("Invalid API response: session_id must be string",{originalData:e})}function de(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=a(e,"session_id"),t=a(e,"status"),n=a(e,"user_id"),s=a(e,"tenant_id"),i=a(e,"session_token");return l(r)?t!=="completed"?o("Invalid API response: status must be completed",{originalData:e}):!l(n)||!l(s)||!l(i)?o("Invalid API response: user_id, tenant_id, session_token must be strings",{originalData:e}):h({session_id:r,status:"completed",user_id:n,tenant_id:s,session_token:i}):o("Invalid API response: session_id must be string",{originalData:e})}var q=class{constructor(r,t,n={}){this.httpClient=r;this.baseUrl=t;this.defaultHeaders=n}mergeHeaders(r){return{...this.defaultHeaders,...r}}async post(r,t,n){let s=`${this.baseUrl}${r}`,i=await this.httpClient.post(s,t,this.mergeHeaders());return i.ok?n(i.value):c(i.error)}async get(r,t,n){let s=`${this.baseUrl}${r}`,i=await this.httpClient.get(s,this.mergeHeaders(n));return i.ok?t(i.value):c(i.error)}async startRegister(r){return this.post("/v1/passkeys/register/start",r,re)}async startAuth(r){return this.post("/v1/passkeys/auth/start",r,te)}async finishRegister(r){return this.post("/v1/passkeys/register/finish",r,ne)}async finishAuth(r){return this.post("/v1/passkeys/auth/finish",r,se)}async validateSession(r){return this.get("/v1/sessions/validate",ie,{Authorization:`Bearer ${r}`})}async startEmailFallback(r){let t=`${this.baseUrl}/v1/fallback/email/start`,n=await this.httpClient.post(t,{userId:r},this.mergeHeaders());return n.ok?h(void 0):c(n.error)}async verifyEmailCode(r,t){return this.post("/v1/fallback/email/verify",{userId:r,code:t},oe)}async startOnboarding(r){return this.post("/onboarding/start",r,ae)}async getOnboardingStatus(r){return this.get(`/onboarding/${r}/status`,le)}async getOnboardingRegister(r){return this.get(`/onboarding/${r}/register`,ue)}async registerOnboardingPasskey(r,t){return this.post(`/onboarding/${r}/register-passkey`,t,pe)}async completeOnboarding(r,t){return this.post(`/onboarding/${r}/complete`,t,de)}};var $e=3e4;function Xe(){return typeof crypto<"u"&&typeof crypto.randomUUID=="function"?crypto.randomUUID():`${Date.now()}-${Math.random().toString(36).slice(2,11)}`}function Ie(e,r){let t=r*Math.pow(2,e);return Math.min(t,$e)}function ze(e,r){return e!=="GET"?!1:r>=500||r===429}var V=class{constructor(r,t=0,n=1e3,s){this.timeoutMs=r;this.maxRetries=t;this.retryDelayMs=n;this.logger=s}async get(r,t){return this.request(r,{method:"GET",headers:t})}async post(r,t,n){return this.request(r,{method:"POST",body:JSON.stringify(t),headers:{"Content-Type":"application/json",...n}})}async request(r,t){let n=(t.method??"GET").toUpperCase(),s=Xe(),i=new Headers(t.headers);i.set("X-Request-Id",s),this.logger&&this.logger.debug("request",{requestId:s,url:r,method:n});let u;for(let p=0;p<=this.maxRetries;p++)try{let g=new AbortController,y=setTimeout(()=>g.abort(),this.timeoutMs),m=await fetch(r,{...t,headers:i,signal:g.signal});if(clearTimeout(y),!m.ok){let _;try{_=await m.json()}catch{}let R=_,E=R?.message??m.statusText,S=R?.error??"NETWORK_FAILURE",x=b(S,E,{requestId:s,status:m.status,statusText:m.statusText,data:_});if(ze(n,m.status)&&p<this.maxRetries){u=x,await new Promise($=>setTimeout($,Ie(p,this.retryDelayMs)));continue}return c(x)}let d=await m.json();return h(d)}catch(g){if(u=g,n==="GET"&&p<this.maxRetries)await new Promise(m=>setTimeout(m,Ie(p,this.retryDelayMs)));else break}return u instanceof Error&&u.name==="AbortError"?c(b("TIMEOUT","Request timed out",{requestId:s})):c(b("NETWORK_FAILURE",u instanceof Error?u.message:"Request failed",{requestId:s,cause:u}))}};function k(){try{return!(typeof navigator>"u"||!navigator.credentials||typeof PublicKeyCredential>"u")}catch{return!1}}async function Je(){try{return!k()||typeof PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable!="function"?!1:await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()}catch{return!1}}async function Se(){let e=k(),r=await Je();return{isPasskeySupported:e,platformAuthenticatorAvailable:r,recommendedFlow:e?"passkey":"fallback"}}function O(e){let r=new Uint8Array(e),t="";for(let s=0;s<r.length;s++)t+=String.fromCharCode(r[s]??0);let n="";if(typeof btoa<"u")n=btoa(t);else if(typeof Buffer<"u")n=Buffer.from(t,"binary").toString("base64");else throw ee("encode");return n.replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function Ze(e){let r=e.replace(/-/g,"+").replace(/_/g,"/"),t=r.length%4;t!==0&&(r+="=".repeat(4-t));let n="";if(typeof atob<"u")n=atob(r);else if(typeof Buffer<"u")n=Buffer.from(r,"base64").toString("binary");else throw ee("decode");let s=new Uint8Array(n.length);for(let i=0;i<n.length;i++)s[i]=n.charCodeAt(i);return s}function C(e){let r=Ze(e),t=new ArrayBuffer(r.length);return new Uint8Array(t).set(r),t}function U(e,r="create"){if(!e||typeof e!="object"||!("id"in e)||!("rawId"in e)||!("response"in e))throw ve(r)}function Oe(e){return e!==null&&typeof e=="object"&&"clientDataJSON"in e&&e.clientDataJSON instanceof ArrayBuffer}function W(e){if(!e.response)throw b("UNKNOWN_ERROR","Credential response is missing",{credential:e});let r=e.response;if(!Oe(r))throw b("UNKNOWN_ERROR","Invalid credential response structure",{response:r});if(!("attestationObject"in r))throw b("UNKNOWN_ERROR","Invalid credential response structure for register: attestationObject is missing",{response:r});let t=r.clientDataJSON,n=r.attestationObject;return{id:e.id,rawId:O(e.rawId),response:{clientDataJSON:O(t),attestationObject:O(n)},type:"public-key"}}function Pe(e){if(!e.response)throw b("UNKNOWN_ERROR","Credential response is missing",{credential:e});let r=e.response;if(!Oe(r))throw b("UNKNOWN_ERROR","Invalid credential response structure",{response:r});if(!("authenticatorData"in r)||!("signature"in r))throw b("UNKNOWN_ERROR","Invalid credential response structure for auth: authenticatorData or signature is missing",{response:r});let t=r.clientDataJSON,n=r.authenticatorData,s=r.signature,i=r.userHandle;return{id:e.id,rawId:O(e.rawId),response:{authenticatorData:O(n),clientDataJSON:O(t),signature:O(s),...i&&{userHandle:O(i)}},type:"public-key"}}function ce(e,r){try{K(e.challenge,"challenge"),K(e.user.id,"user.id");let t=C(e.challenge),n=C(e.user.id),s={userVerification:"preferred"};e.authenticatorSelection&&(s={...e.authenticatorSelection}),r&&(s={...s,authenticatorAttachment:r});let i={rp:{id:e.rp.id,name:e.rp.name},user:{id:n,name:e.user.name,displayName:e.user.displayName},challenge:t,pubKeyCredParams:e.pubKeyCredParams,...e.timeout!==void 0&&{timeout:e.timeout},attestation:"none",authenticatorSelection:s,...e.excludeCredentials&&{excludeCredentials:e.excludeCredentials.map(u=>({id:C(u.id),type:u.type,...u.transports&&{transports:u.transports}}))}};return h({publicKey:i})}catch(t){return c(T(t))}}function Qe(e,r){try{K(e.challenge,"challenge");let t=C(e.challenge);return h({publicKey:{challenge:t,rpId:e.rpId,...e.timeout!==void 0&&{timeout:e.timeout},userVerification:e.userVerification??"preferred",...e.allowCredentials&&{allowCredentials:e.allowCredentials.map(n=>({id:C(n.id),type:n.type,...n.transports&&{transports:n.transports}}))}},...r!==void 0&&{mediation:r}})}catch(t){return c(T(t))}}async function ke(e,r,t){t.emit("start",{type:"start",operation:"register"});try{let n=e.externalUserId??e.external_user_id;if(!n||typeof n!="string"||n.trim()==="")return c(I("external_user_id","must be provided (use externalUserId or external_user_id)"));if(!k())return c(Q());let s=await r.startRegister({external_user_id:n.trim()});if(!s.ok)return t.emit("error",{type:"error",error:s.error}),c(s.error);let i=s.value,u=i.session_id,p=ce(i.challenge,e.authenticatorType);if(!p.ok)return t.emit("error",{type:"error",error:p.error}),c(p.error);let g=p.value;e.signal&&(g.signal=e.signal);let y;try{y=await navigator.credentials.create(g)}catch(R){let E=T(R);return t.emit("error",{type:"error",error:E}),c(E)}try{U(y,"create")}catch(R){let E=T(R);return t.emit("error",{type:"error",error:E}),c(E)}let m;try{m=W(y)}catch(R){let E=T(R);return t.emit("error",{type:"error",error:E}),c(E)}let d=await r.finishRegister({session_id:u,credential:m});if(!d.ok)return t.emit("error",{type:"error",error:d.error}),c(d.error);let _=d.value;return t.emit("success",{type:"success",operation:"register"}),h({success:!0,credential_id:_.credential_id,status:_.status,session_token:_.session_token,user:_.user})}catch(n){let s=T(n);return t.emit("error",{type:"error",error:s}),c(s)}}async function Me(e,r,t){t.emit("start",{type:"start",operation:"authenticate"});try{let n=e.externalUserId??e.external_user_id;if(!n||typeof n!="string"||n.trim()==="")return c(I("external_user_id","must be provided (use externalUserId or external_user_id)"));if(!k())return c(Q());let s=await r.startAuth({external_user_id:n.trim()});if(!s.ok)return t.emit("error",{type:"error",error:s.error}),c(s.error);let i=s.value,u=i.session_id,p=Qe(i.challenge,e.mediation);if(!p.ok)return t.emit("error",{type:"error",error:p.error}),c(p.error);let g=p.value;e.signal&&(g.signal=e.signal);let y;try{y=await navigator.credentials.get(g)}catch(R){let E=T(R);return t.emit("error",{type:"error",error:E}),c(E)}try{U(y,"get")}catch(R){let E=T(R);return t.emit("error",{type:"error",error:E}),c(E)}let m;try{m=Pe(y)}catch(R){let E=T(R);return t.emit("error",{type:"error",error:E}),c(E)}let d=await r.finishAuth({session_id:u,credential:m});if(!d.ok)return t.emit("error",{type:"error",error:d.error}),c(d.error);let _=d.value;return t.emit("success",{type:"success",operation:"authenticate"}),h({authenticated:_.authenticated,session_token:_.session_token,user:_.user,signals:_.signals})}catch(n){let s=T(n);return t.emit("error",{type:"error",error:s}),c(s)}}var er=2e3,rr=60,B=class{constructor(r){this.apiClient=r}async startFlow(r){let t=await this.apiClient.startOnboarding({user_role:r.user_role});if(!t.ok)return c(t.error);let{session_id:n}=t.value;for(let s=0;s<rr;s++){await new Promise(g=>setTimeout(g,er));let i=await this.apiClient.getOnboardingStatus(n);if(!i.ok)return c(i.error);let u=i.value.status,p=i.value.onboarding_url;if(u==="pending_passkey"){let g=await this.apiClient.getOnboardingRegister(n);if(!g.ok)return c(g.error);let y=g.value;if(!y.challenge)return c(b("NOT_SUPPORTED","Onboarding requires user action - complete passkey registration at the provided onboarding_url",{onboarding_url:p}));let m=ce(y.challenge);if(!m.ok)return c(m.error);let d;try{d=await navigator.credentials.create(m.value)}catch(S){return c(T(S))}try{U(d,"create")}catch(S){return c(T(S))}let _;try{_=W(d)}catch(S){return c(T(S))}let R=await this.apiClient.registerOnboardingPasskey(n,{credential:_,challenge:y.challenge.challenge});return R.ok?await this.apiClient.completeOnboarding(n,{company_name:r.company_name}):c(R.error)}if(u==="completed")return await this.apiClient.completeOnboarding(n,{company_name:r.company_name})}return c(b("TIMEOUT","Onboarding timed out"))}};var Y=class{handlers;constructor(){this.handlers=new Map}on(r,t){let n=this.handlers.get(r);return n||(n=new Set,this.handlers.set(r,n)),n.add(t),()=>{this.off(r,t)}}off(r,t){let n=this.handlers.get(r);n&&(n.delete(t),n.size===0&&this.handlers.delete(r))}emit(r,t){let n=this.handlers.get(r);n&&n.forEach(s=>{try{s(t)}catch{}})}removeAllListeners(){this.handlers.clear()}};var Ce="https://api.trymellonauth.com",we="https://api.trymellonauth.com/v1/telemetry";function xe(e){return{async send(r){let t=JSON.stringify(r);if(typeof navigator<"u"&&typeof navigator.sendBeacon=="function"){navigator.sendBeacon(e,t);return}typeof fetch<"u"&&await fetch(e,{method:"POST",body:t,headers:{"Content-Type":"application/json"},keepalive:!0})}}}function ge(e,r){return{event:e,latencyMs:r,ok:!0}}var H=class{apiClient;eventEmitter;telemetrySender;onboarding;constructor(r){let t=r.appId,n=r.publishableKey;if(!t||typeof t!="string"||t.trim()==="")throw I("appId","must be a non-empty string");if(!n||typeof n!="string"||n.trim()==="")throw I("publishableKey","must be a non-empty string");let s=r.apiBaseUrl??Ce;Ae(s,"apiBaseUrl");let i=r.timeoutMs??3e4;L(i,"timeoutMs",1e3,3e5),r.maxRetries!==void 0&&L(r.maxRetries,"maxRetries",0,10),r.retryDelayMs!==void 0&&L(r.retryDelayMs,"retryDelayMs",100,1e4);let u=r.maxRetries??3,p=r.retryDelayMs??1e3,g=new V(i,u,p,r.logger),y={"X-App-Id":t.trim(),Authorization:`Bearer ${n.trim()}`};this.apiClient=new q(g,s,y),this.onboarding=new B(this.apiClient),this.eventEmitter=new Y,r.enableTelemetry&&(this.telemetrySender=r.telemetrySender??xe(r.telemetryEndpoint??we))}static isSupported(){return k()}async register(r){let t=Date.now(),n=await ke(r,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(ge("register",Date.now()-t)).catch(()=>{}),n}async authenticate(r){let t=Date.now(),n=await Me(r,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(ge("authenticate",Date.now()-t)).catch(()=>{}),n}async validateSession(r){return this.apiClient.validateSession(r)}async getStatus(){return Se()}on(r,t){return this.eventEmitter.on(r,t)}version(){return"1.1.3"}fallback={email:{start:async r=>this.apiClient.startEmailFallback(r.userId),verify:async r=>this.apiClient.verifyEmailCode(r.userId,r.code)}}};var G=new cr("TRYMELLON_CONFIG"),De,me;De=[dr({providedIn:"root"})];var w=class{config=gr(G,{optional:!0});_client=null;get client(){if(this._client==null){if(this.config==null)throw new Error("TryMellonService: provide TRYMELLON_CONFIG (e.g. via provideTryMellonConfig(config))");this._client=new H(this.config)}return this._client}};me=Ee(null),w=Te(me,0,"TryMellonService",De,w),_e(me,1,w);function Mt(e){return{provide:G,useValue:e}}export{G as TRYMELLON_CONFIG,w as TryMellonService,Mt as provideTryMellonConfig};
+//# sourceMappingURL=angular.js.map