@trymellon/js 1.7.6 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/README.MD +637 -458
  2. package/dist/angular.cjs +1 -1
  3. package/dist/angular.cjs.map +1 -1
  4. package/dist/angular.d.cts +1 -1
  5. package/dist/angular.d.ts +1 -1
  6. package/dist/angular.js +1 -1
  7. package/dist/angular.js.map +1 -1
  8. package/dist/index.cjs +2 -2
  9. package/dist/index.cjs.map +1 -1
  10. package/dist/index.d.cts +42 -20
  11. package/dist/index.d.ts +42 -20
  12. package/dist/index.global.js +2 -2
  13. package/dist/index.global.js.map +1 -1
  14. package/dist/index.js +2 -2
  15. package/dist/index.js.map +1 -1
  16. package/dist/react.d.cts +1 -1
  17. package/dist/react.d.ts +1 -1
  18. package/dist/{trymellon-NM6i2RKa.d.cts → trymellon-P7BPxIry.d.cts} +42 -20
  19. package/dist/{trymellon-NM6i2RKa.d.ts → trymellon-P7BPxIry.d.ts} +42 -20
  20. package/dist/ui/index.d.ts +514 -0
  21. package/dist/ui/index.js +489 -0
  22. package/dist/ui/index.js.map +1 -0
  23. package/dist/vue.d.cts +1 -1
  24. package/dist/vue.d.ts +1 -1
  25. package/package.json +8 -2
package/dist/index.d.cts CHANGED
@@ -107,18 +107,34 @@ type ClientStatus = {
107
107
  recommendedFlow: 'passkey' | 'fallback';
108
108
  };
109
109
  type TryMellonEvent = 'start' | 'success' | 'error' | 'cancelled';
110
+ /** User info in success event (aligns with API user payload). */
111
+ type SuccessEventUserInfo = {
112
+ userId: string;
113
+ externalUserId?: string;
114
+ email?: string;
115
+ metadata?: Record<string, unknown>;
116
+ };
117
+ /** Success payload: token always present (03-eventos-seguridad). Nonce when flow generates it. */
118
+ type SuccessEventPayload = {
119
+ type: 'success';
120
+ operation: 'register' | 'authenticate';
121
+ token: string;
122
+ user?: SuccessEventUserInfo;
123
+ nonce?: string;
124
+ };
110
125
  type EventPayload = {
111
126
  type: 'start';
112
127
  operation: 'register' | 'authenticate';
113
- } | {
114
- type: 'success';
115
- operation: 'register' | 'authenticate';
116
- } | {
128
+ nonce?: string;
129
+ } | SuccessEventPayload | {
117
130
  type: 'error';
118
131
  error: TryMellonError;
132
+ operation?: 'register' | 'authenticate';
133
+ nonce?: string;
119
134
  } | {
120
135
  type: 'cancelled';
121
136
  operation: 'register' | 'authenticate';
137
+ nonce?: string;
122
138
  };
123
139
  type EventHandler = (payload: EventPayload) => void;
124
140
  type EmailFallbackStartOptions = {
@@ -150,6 +166,8 @@ type RecoveryCompleteResponse = {
150
166
  metadata?: Record<string, unknown>;
151
167
  };
152
168
  credential_id: string;
169
+ /** Set when successUrl was passed and allowed by application allowlist. */
170
+ redirect_url?: string;
153
171
  };
154
172
  type RecoverAccountOptions = {
155
173
  /** The external user ID of the account being recovered. */
@@ -172,6 +190,8 @@ interface RecoverAccountResult {
172
190
  email?: string;
173
191
  metadata?: Record<string, unknown>;
174
192
  };
193
+ /** Set when successUrl was passed and allowed by application allowlist. */
194
+ redirectUrl?: string;
175
195
  }
176
196
  type OnboardingStartOptions = {
177
197
  user_role: 'maintainer' | 'app_user';
@@ -228,11 +248,15 @@ type CrossDeviceInitResult = {
228
248
  expires_at: string;
229
249
  /** Opaque token; send in X-Polling-Token header when calling GET status. Not included in qr_url. */
230
250
  polling_token: string;
251
+ /** Set when backend returns it (e.g. after anonymous init-registration). */
252
+ external_user_id?: string;
231
253
  };
232
254
  type CrossDeviceStatusResult = {
233
255
  status: 'pending' | 'authenticated' | 'completed';
234
256
  user_id?: string;
235
257
  session_token?: string;
258
+ /** Set when backend allows redirect; returned in GET cross-device/status when status=completed. */
259
+ redirect_url?: string;
236
260
  };
237
261
  /** Context for auth: request options (get). */
238
262
  type CrossDeviceContextAuth = {
@@ -364,7 +388,7 @@ interface AuthFinishResponse {
364
388
  email?: string;
365
389
  metadata?: Record<string, unknown>;
366
390
  };
367
- signals: {
391
+ signals?: {
368
392
  userVerification?: boolean;
369
393
  backupEligible?: boolean;
370
394
  backupStatus?: boolean;
@@ -377,8 +401,8 @@ interface RegisterResult {
377
401
  success: true;
378
402
  credentialId: string;
379
403
  /**
380
- * Alias para compatibilidad con versiones anteriores que usaban snake_case.
381
- * Preferir `credentialId` en código nuevo.
404
+ * Alias for backward compatibility with snake_case.
405
+ * Prefer `credentialId` in new code.
382
406
  */
383
407
  credential_id?: string;
384
408
  status: string;
@@ -515,8 +539,8 @@ declare class ApiClient {
515
539
  registerOnboardingPasskey(sessionId: string, request: OnboardingRegisterPasskeyRequest): Promise<Result<OnboardingRegisterPasskeyResponse, TryMellonError>>;
516
540
  completeOnboarding(sessionId: string, request: OnboardingCompleteRequest): Promise<Result<OnboardingCompleteResponse, TryMellonError>>;
517
541
  initCrossDeviceAuth(): Promise<Result<CrossDeviceInitResult, TryMellonError>>;
518
- initCrossDeviceRegistration(options: {
519
- externalUserId: string;
542
+ initCrossDeviceRegistration(options?: {
543
+ externalUserId?: string;
520
544
  }): Promise<Result<CrossDeviceInitResult, TryMellonError>>;
521
545
  getCrossDeviceStatus(sessionId: string, pollingToken?: string | null): Promise<Result<CrossDeviceStatusResult, TryMellonError>>;
522
546
  /**
@@ -544,7 +568,7 @@ declare class OnboardingManager {
544
568
  */
545
569
  startFlow(options: OnboardingStartOptions & {
546
570
  company_name?: string;
547
- }): Promise<Result<OnboardingCompleteResult, TryMellonError>>;
571
+ }, signal?: AbortSignal): Promise<Result<OnboardingCompleteResult, TryMellonError>>;
548
572
  }
549
573
 
550
574
  declare class TryMellon {
@@ -554,11 +578,13 @@ declare class TryMellon {
554
578
  private eventEmitter;
555
579
  private telemetrySender;
556
580
  private crossDeviceManager;
581
+ private authService;
582
+ private recoveryService;
557
583
  onboarding: OnboardingManager;
558
584
  /**
559
- * Configura una nueva instancia de TryMellon.
560
- * Valida la configuración y retorna un Result.
561
- * @param config Configuración del SDK
585
+ * Creates a new TryMellon instance.
586
+ * Validates config and returns a Result.
587
+ * @param config SDK configuration
562
588
  */
563
589
  static create(config: TryMellonConfig): Result<TryMellon, TryMellonError>;
564
590
  /**
@@ -567,11 +593,6 @@ declare class TryMellon {
567
593
  */
568
594
  constructor(config: TryMellonConfig);
569
595
  static isSupported(): boolean;
570
- /**
571
- * Returns a successful Result for sandbox mode (register or authenticate).
572
- * Single place for sandbox contract; used by register() and authenticate().
573
- */
574
- private sandboxAuthResult;
575
596
  register(options: RegisterOptions): Promise<Result<RegisterResult, TryMellonError>>;
576
597
  authenticate(options: AuthenticateOptions): Promise<Result<AuthenticateResult, TryMellonError>>;
577
598
  validateSession(sessionToken: string): Promise<Result<SessionValidateResponse, TryMellonError>>;
@@ -587,12 +608,13 @@ declare class TryMellon {
587
608
  auth: {
588
609
  crossDevice: {
589
610
  init: () => Promise<Result<CrossDeviceInitResult, TryMellonError>>;
590
- initRegistration: (options: {
591
- externalUserId: string;
611
+ initRegistration: (options?: {
612
+ externalUserId?: string;
592
613
  }) => Promise<Result<CrossDeviceInitResult, TryMellonError>>;
593
614
  waitForSession: (sessionId: string, signal?: AbortSignal, pollingToken?: string | null) => Promise<Result<{
594
615
  session_token: string;
595
616
  user_id: string;
617
+ redirectUrl?: string;
596
618
  }, TryMellonError>>;
597
619
  getContext: (sessionId: string) => Promise<Result<CrossDeviceContextResult, TryMellonError>>;
598
620
  approve: (sessionId: string) => Promise<Result<void, TryMellonError>>;
package/dist/index.d.ts CHANGED
@@ -107,18 +107,34 @@ type ClientStatus = {
107
107
  recommendedFlow: 'passkey' | 'fallback';
108
108
  };
109
109
  type TryMellonEvent = 'start' | 'success' | 'error' | 'cancelled';
110
+ /** User info in success event (aligns with API user payload). */
111
+ type SuccessEventUserInfo = {
112
+ userId: string;
113
+ externalUserId?: string;
114
+ email?: string;
115
+ metadata?: Record<string, unknown>;
116
+ };
117
+ /** Success payload: token always present (03-eventos-seguridad). Nonce when flow generates it. */
118
+ type SuccessEventPayload = {
119
+ type: 'success';
120
+ operation: 'register' | 'authenticate';
121
+ token: string;
122
+ user?: SuccessEventUserInfo;
123
+ nonce?: string;
124
+ };
110
125
  type EventPayload = {
111
126
  type: 'start';
112
127
  operation: 'register' | 'authenticate';
113
- } | {
114
- type: 'success';
115
- operation: 'register' | 'authenticate';
116
- } | {
128
+ nonce?: string;
129
+ } | SuccessEventPayload | {
117
130
  type: 'error';
118
131
  error: TryMellonError;
132
+ operation?: 'register' | 'authenticate';
133
+ nonce?: string;
119
134
  } | {
120
135
  type: 'cancelled';
121
136
  operation: 'register' | 'authenticate';
137
+ nonce?: string;
122
138
  };
123
139
  type EventHandler = (payload: EventPayload) => void;
124
140
  type EmailFallbackStartOptions = {
@@ -150,6 +166,8 @@ type RecoveryCompleteResponse = {
150
166
  metadata?: Record<string, unknown>;
151
167
  };
152
168
  credential_id: string;
169
+ /** Set when successUrl was passed and allowed by application allowlist. */
170
+ redirect_url?: string;
153
171
  };
154
172
  type RecoverAccountOptions = {
155
173
  /** The external user ID of the account being recovered. */
@@ -172,6 +190,8 @@ interface RecoverAccountResult {
172
190
  email?: string;
173
191
  metadata?: Record<string, unknown>;
174
192
  };
193
+ /** Set when successUrl was passed and allowed by application allowlist. */
194
+ redirectUrl?: string;
175
195
  }
176
196
  type OnboardingStartOptions = {
177
197
  user_role: 'maintainer' | 'app_user';
@@ -228,11 +248,15 @@ type CrossDeviceInitResult = {
228
248
  expires_at: string;
229
249
  /** Opaque token; send in X-Polling-Token header when calling GET status. Not included in qr_url. */
230
250
  polling_token: string;
251
+ /** Set when backend returns it (e.g. after anonymous init-registration). */
252
+ external_user_id?: string;
231
253
  };
232
254
  type CrossDeviceStatusResult = {
233
255
  status: 'pending' | 'authenticated' | 'completed';
234
256
  user_id?: string;
235
257
  session_token?: string;
258
+ /** Set when backend allows redirect; returned in GET cross-device/status when status=completed. */
259
+ redirect_url?: string;
236
260
  };
237
261
  /** Context for auth: request options (get). */
238
262
  type CrossDeviceContextAuth = {
@@ -364,7 +388,7 @@ interface AuthFinishResponse {
364
388
  email?: string;
365
389
  metadata?: Record<string, unknown>;
366
390
  };
367
- signals: {
391
+ signals?: {
368
392
  userVerification?: boolean;
369
393
  backupEligible?: boolean;
370
394
  backupStatus?: boolean;
@@ -377,8 +401,8 @@ interface RegisterResult {
377
401
  success: true;
378
402
  credentialId: string;
379
403
  /**
380
- * Alias para compatibilidad con versiones anteriores que usaban snake_case.
381
- * Preferir `credentialId` en código nuevo.
404
+ * Alias for backward compatibility with snake_case.
405
+ * Prefer `credentialId` in new code.
382
406
  */
383
407
  credential_id?: string;
384
408
  status: string;
@@ -515,8 +539,8 @@ declare class ApiClient {
515
539
  registerOnboardingPasskey(sessionId: string, request: OnboardingRegisterPasskeyRequest): Promise<Result<OnboardingRegisterPasskeyResponse, TryMellonError>>;
516
540
  completeOnboarding(sessionId: string, request: OnboardingCompleteRequest): Promise<Result<OnboardingCompleteResponse, TryMellonError>>;
517
541
  initCrossDeviceAuth(): Promise<Result<CrossDeviceInitResult, TryMellonError>>;
518
- initCrossDeviceRegistration(options: {
519
- externalUserId: string;
542
+ initCrossDeviceRegistration(options?: {
543
+ externalUserId?: string;
520
544
  }): Promise<Result<CrossDeviceInitResult, TryMellonError>>;
521
545
  getCrossDeviceStatus(sessionId: string, pollingToken?: string | null): Promise<Result<CrossDeviceStatusResult, TryMellonError>>;
522
546
  /**
@@ -544,7 +568,7 @@ declare class OnboardingManager {
544
568
  */
545
569
  startFlow(options: OnboardingStartOptions & {
546
570
  company_name?: string;
547
- }): Promise<Result<OnboardingCompleteResult, TryMellonError>>;
571
+ }, signal?: AbortSignal): Promise<Result<OnboardingCompleteResult, TryMellonError>>;
548
572
  }
549
573
 
550
574
  declare class TryMellon {
@@ -554,11 +578,13 @@ declare class TryMellon {
554
578
  private eventEmitter;
555
579
  private telemetrySender;
556
580
  private crossDeviceManager;
581
+ private authService;
582
+ private recoveryService;
557
583
  onboarding: OnboardingManager;
558
584
  /**
559
- * Configura una nueva instancia de TryMellon.
560
- * Valida la configuración y retorna un Result.
561
- * @param config Configuración del SDK
585
+ * Creates a new TryMellon instance.
586
+ * Validates config and returns a Result.
587
+ * @param config SDK configuration
562
588
  */
563
589
  static create(config: TryMellonConfig): Result<TryMellon, TryMellonError>;
564
590
  /**
@@ -567,11 +593,6 @@ declare class TryMellon {
567
593
  */
568
594
  constructor(config: TryMellonConfig);
569
595
  static isSupported(): boolean;
570
- /**
571
- * Returns a successful Result for sandbox mode (register or authenticate).
572
- * Single place for sandbox contract; used by register() and authenticate().
573
- */
574
- private sandboxAuthResult;
575
596
  register(options: RegisterOptions): Promise<Result<RegisterResult, TryMellonError>>;
576
597
  authenticate(options: AuthenticateOptions): Promise<Result<AuthenticateResult, TryMellonError>>;
577
598
  validateSession(sessionToken: string): Promise<Result<SessionValidateResponse, TryMellonError>>;
@@ -587,12 +608,13 @@ declare class TryMellon {
587
608
  auth: {
588
609
  crossDevice: {
589
610
  init: () => Promise<Result<CrossDeviceInitResult, TryMellonError>>;
590
- initRegistration: (options: {
591
- externalUserId: string;
611
+ initRegistration: (options?: {
612
+ externalUserId?: string;
592
613
  }) => Promise<Result<CrossDeviceInitResult, TryMellonError>>;
593
614
  waitForSession: (sessionId: string, signal?: AbortSignal, pollingToken?: string | null) => Promise<Result<{
594
615
  session_token: string;
595
616
  user_id: string;
617
+ redirectUrl?: string;
596
618
  }, TryMellonError>>;
597
619
  getContext: (sessionId: string) => Promise<Result<CrossDeviceContextResult, TryMellonError>>;
598
620
  approve: (sessionId: string) => Promise<Result<void, TryMellonError>>;
package/dist/index.global.js CHANGED
@@ -1,3 +1,3 @@
1
- var TryMellon=(function(exports){'use strict';var p=e=>({ok:true,value:e}),u=e=>({ok:false,error:e});var D=class e extends Error{code;details;isTryMellonError=true;constructor(r,t,n){super(t),this.name="TryMellonError",this.code=r,this.details=n,Error.captureStackTrace&&Error.captureStackTrace(this,e);}},qe={NOT_SUPPORTED:"WebAuthn is not supported in this environment",USER_CANCELLED:"User cancelled the operation",PASSKEY_NOT_FOUND:"Passkey not found",SESSION_EXPIRED:"Session has expired",NETWORK_FAILURE:"Network request failed",INVALID_ARGUMENT:"Invalid argument provided",TIMEOUT:"Operation timed out",ABORTED:"Operation was aborted",ABORT_ERROR:"Operation aborted by user or timeout",CHALLENGE_MISMATCH:"This link was already used or expired. Please try again from your computer.",UNKNOWN_ERROR:"An unknown error occurred"};function R(e,r,t){return new D(e,r??qe[e],t)}function F(e){return e instanceof D||typeof e=="object"&&e!==null&&"isTryMellonError"in e&&e.isTryMellonError===true}function X(){return R("NOT_SUPPORTED")}function Ve(){return R("USER_CANCELLED")}function Be(e){return R("NETWORK_FAILURE",void 0,{cause:e?.message,originalError:e})}function We(){return R("TIMEOUT")}function y(e,r){return R("INVALID_ARGUMENT",`Invalid argument: ${e} - ${r}`,{field:e,reason:r})}function he(e){return R("UNKNOWN_ERROR",`Failed to ${e} credential`,{operation:e})}function G(e){return R("NOT_SUPPORTED",`No base64 ${e==="encode"?"encoding":"decoding"} available`,{type:e})}function z(e,r){try{let t=new URL(e);if(t.protocol!=="https:"&&t.protocol!=="http:")throw y(r,"must use http or https protocol")}catch(t){throw F(t)?t:y(r,"must be a valid URL")}}function O(e,r,t,n){if(!Number.isFinite(e))throw y(r,"must be a finite number");if(e<t||e>n)throw y(r,`must be between ${t} and ${n}`)}function L(e,r){if(typeof e!="string"||e.length===0)throw y(r,"must be a non-empty string");if(!/^[A-Za-z0-9_-]+$/.test(e))throw y(r,"must be a valid base64url string")}var He={NotAllowedError:"USER_CANCELLED",AbortError:"ABORTED",NotSupportedError:"NOT_SUPPORTED",SecurityError:"NOT_SUPPORTED",InvalidStateError:"UNKNOWN_ERROR",UnknownError:"UNKNOWN_ERROR"};function w(e){if(typeof e!="string")return "UNKNOWN_ERROR";let r=e.toLowerCase().trim();return {challenge_mismatch:"CHALLENGE_MISMATCH",session_expired:"SESSION_EXPIRED",unauthorized:"SESSION_EXPIRED",validation_error:"INVALID_ARGUMENT",invalid_argument:"INVALID_ARGUMENT",user_not_found:"SESSION_EXPIRED",passkey_not_found:"PASSKEY_NOT_FOUND"}[r]??"UNKNOWN_ERROR"}function h(e){if(e instanceof DOMException){let r=e.name,t=e.message||"WebAuthn operation failed",n=He[r]??"UNKNOWN_ERROR";return R(n,t,{originalError:e})}return e instanceof Error?R("UNKNOWN_ERROR",e.message,{originalError:e}):R("UNKNOWN_ERROR","An unknown error occurred",{originalError:e})}function g(e){return typeof e=="object"&&e!==null&&!Array.isArray(e)}function l(e){return typeof e=="string"}function T(e){return typeof e=="number"&&Number.isFinite(e)}function K(e){return typeof e=="boolean"}function S(e){return Array.isArray(e)}function o(e,r){return u(R("UNKNOWN_ERROR",e,{...r,originalData:r?.originalData}))}function c(e,r){return e[r]}function Ee(e,r){return !g(e)||!l(e.name)||!l(e.id)?o("Invalid API response: challenge.rp must have name and id strings",{originalData:r}):p(true)}function be(e,r){return !g(e)||!l(e.id)||!l(e.name)||!l(e.displayName)?o("Invalid API response: challenge.user must have id, name, displayName strings",{originalData:r}):p(true)}function _e(e,r){if(!S(e))return o("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:r});for(let t of e)if(!g(t)||t.type!=="public-key"||!T(t.alg))return o("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:r});return p(true)}function Y(e,r){if(!g(e))return o("Invalid API response: user must be object",{field:"user",originalData:r});let t=c(e,"user_id"),n=c(e,"external_user_id");if(!l(t)||!l(n))return o("Invalid API response: user must have user_id and external_user_id strings",{originalData:r});let s=e.email,i=e.metadata;return s!==void 0&&!l(s)?o("Invalid API response: user.email must be string",{originalData:r}):i!==void 0&&(typeof i!="object"||i===null)?o("Invalid API response: user.metadata must be object",{originalData:r}):p({user_id:t,external_user_id:n,...s!==void 0&&{email:s},...i!==void 0&&{metadata:i}})}function J(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=c(e,"session_id");if(!l(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});let t=c(e,"challenge");if(!g(t))return o("Invalid API response: challenge must be object",{field:"challenge",originalData:e});let n=Ee(c(t,"rp"),e);if(!n.ok)return n;let s=be(c(t,"user"),e);if(!s.ok)return s;let i=c(t,"challenge");if(!l(i))return o("Invalid API response: challenge.challenge must be string",{originalData:e});let a=_e(c(t,"pubKeyCredParams"),e);if(!a.ok)return a;let d=t.timeout;if(d!==void 0&&!T(d))return o("Invalid API response: challenge.timeout must be number",{originalData:e});let m=t.excludeCredentials;if(m!==void 0){if(!S(m))return o("Invalid API response: excludeCredentials must be array",{originalData:e});for(let f of m)if(!g(f)||f.type!=="public-key"||!l(f.id))return o("Invalid API response: excludeCredentials items must have id and type",{originalData:e})}let v=t.authenticatorSelection;return v!==void 0&&!g(v)?o("Invalid API response: authenticatorSelection must be object",{originalData:e}):p({session_id:r,challenge:{rp:t.rp,user:t.user,challenge:i,pubKeyCredParams:t.pubKeyCredParams,...d!==void 0&&{timeout:d},...m!==void 0&&{excludeCredentials:m},...v!==void 0&&{authenticatorSelection:v}}})}function Z(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=c(e,"session_id");if(!l(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});let t=c(e,"challenge");if(!g(t))return o("Invalid API response: challenge must be object",{field:"challenge",originalData:e});let n=c(t,"challenge"),s=c(t,"rpId"),i=t.allowCredentials;if(!l(n))return o("Invalid API response: challenge.challenge must be string",{originalData:e});if(!l(s))return o("Invalid API response: challenge.rpId must be string",{originalData:e});if(i!==void 0&&!S(i))return o("Invalid API response: allowCredentials must be array",{originalData:e});if(i){for(let m of i)if(!g(m)||m.type!=="public-key"||!l(m.id))return o("Invalid API response: allowCredentials items must have id and type",{originalData:e})}let a=t.timeout;if(a!==void 0&&!T(a))return o("Invalid API response: challenge.timeout must be number",{originalData:e});let d=t.userVerification;return d!==void 0&&!["required","preferred","discouraged"].includes(String(d))?o("Invalid API response: userVerification must be required|preferred|discouraged",{originalData:e}):p({session_id:r,challenge:{challenge:n,rpId:s,allowCredentials:i??[],...a!==void 0&&{timeout:a},...d!==void 0&&{userVerification:d}}})}function Q(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=c(e,"credential_id"),t=c(e,"status"),n=c(e,"session_token"),s=c(e,"user");if(!l(r))return o("Invalid API response: credential_id must be string",{field:"credential_id",originalData:e});if(!l(t))return o("Invalid API response: status must be string",{field:"status",originalData:e});if(!l(n))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});let i=Y(s,e);if(!i.ok)return o(i.error.message,{originalData:e});let a=e.redirect_url;return a!==void 0&&!l(a)?o("Invalid API response: redirect_url must be string",{originalData:e}):p({credential_id:r,status:t,session_token:n,user:i.value,...a!==void 0&&{redirect_url:a}})}function ee(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=c(e,"authenticated"),t=c(e,"session_token"),n=c(e,"user"),s=c(e,"signals");if(!K(r))return o("Invalid API response: authenticated must be boolean",{field:"authenticated",originalData:e});if(!l(t))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});let i=Y(n,e);if(!i.ok)return o(i.error.message,{originalData:e});if(s!==void 0&&!g(s))return o("Invalid API response: signals must be object",{originalData:e});let a=e.redirect_url;return a!==void 0&&!l(a)?o("Invalid API response: redirect_url must be string",{originalData:e}):p({authenticated:r,session_token:t,user:i.value,signals:s,...a!==void 0&&{redirect_url:a}})}function re(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=c(e,"valid"),t=c(e,"user_id"),n=c(e,"external_user_id"),s=c(e,"tenant_id"),i=c(e,"app_id");return K(r)?l(t)?l(n)?l(s)?l(i)?p({valid:r,user_id:t,external_user_id:n,tenant_id:s,app_id:i}):o("Invalid API response: app_id must be string",{field:"app_id",originalData:e}):o("Invalid API response: tenant_id must be string",{field:"tenant_id",originalData:e}):o("Invalid API response: external_user_id must be string",{field:"external_user_id",originalData:e}):o("Invalid API response: user_id must be string",{field:"user_id",originalData:e}):o("Invalid API response: valid must be boolean",{field:"valid",originalData:e})}function te(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=e.session_token??e.sessionToken;if(!l(r))return o("Invalid API response: session_token/sessionToken must be string",{field:"session_token",originalData:e});let t=e.redirect_url;return t!==void 0&&!l(t)?o("Invalid API response: redirect_url must be string",{originalData:e}):p({sessionToken:r,...t!==void 0&&{redirectUrl:t}})}var $e=["pending_passkey","pending_data","completed"],Xe=["pending_data","completed"];function ne(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=c(e,"session_id"),t=c(e,"onboarding_url"),n=c(e,"expires_in");return l(r)?l(t)?T(n)?p({session_id:r,onboarding_url:t,expires_in:n}):o("Invalid API response: expires_in must be number",{field:"expires_in",originalData:e}):o("Invalid API response: onboarding_url must be string",{field:"onboarding_url",originalData:e}):o("Invalid API response: session_id must be string",{field:"session_id",originalData:e})}function se(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=c(e,"status"),t=c(e,"onboarding_url"),n=c(e,"expires_in");return !l(r)||!$e.includes(r)?o("Invalid API response: status must be pending_passkey|pending_data|completed",{field:"status",originalData:e}):l(t)?T(n)?p({status:r,onboarding_url:t,expires_in:n}):o("Invalid API response: expires_in must be number",{originalData:e}):o("Invalid API response: onboarding_url must be string",{originalData:e})}function ie(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=c(e,"session_id"),t=c(e,"status"),n=c(e,"onboarding_url");if(!l(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});if(t!=="pending_passkey")return o("Invalid API response: status must be pending_passkey",{field:"status",originalData:e});if(!l(n))return o("Invalid API response: onboarding_url must be string",{originalData:e});let s=e.challenge,i;if(s!==void 0){let a=Ge(s);if(!a.ok)return a;i=a.value;}return p({session_id:r,status:"pending_passkey",onboarding_url:n,...i!==void 0&&{challenge:i}})}function Ge(e){if(!g(e))return o("Invalid API response: challenge must be object",{originalData:e});let r=c(e,"rp"),t=c(e,"user"),n=c(e,"challenge"),s=c(e,"pubKeyCredParams");if(!g(r)||!l(r.name)||!l(r.id))return o("Invalid API response: challenge.rp must have name and id",{originalData:e});if(!g(t)||!l(t.id)||!l(t.name)||!l(t.displayName))return o("Invalid API response: challenge.user must have id, name, displayName",{originalData:e});if(!l(n))return o("Invalid API response: challenge.challenge must be string",{originalData:e});if(!S(s))return o("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:e});for(let i of s)if(!g(i)||i.type!=="public-key"||!T(i.alg))return o("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:e});return p({rp:r,user:t,challenge:n,pubKeyCredParams:s})}function oe(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=c(e,"session_id"),t=c(e,"status"),n=c(e,"user_id"),s=c(e,"tenant_id");return l(r)?!l(t)||!Xe.includes(t)?o("Invalid API response: status must be pending_data|completed",{originalData:e}):l(n)?l(s)?p({session_id:r,status:t,user_id:n,tenant_id:s}):o("Invalid API response: tenant_id must be string",{originalData:e}):o("Invalid API response: user_id must be string",{originalData:e}):o("Invalid API response: session_id must be string",{originalData:e})}function ae(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=c(e,"session_id"),t=c(e,"status"),n=c(e,"user_id"),s=c(e,"tenant_id"),i=c(e,"session_token");return l(r)?t!=="completed"?o("Invalid API response: status must be completed",{originalData:e}):!l(n)||!l(s)||!l(i)?o("Invalid API response: user_id, tenant_id, session_token must be strings",{originalData:e}):p({session_id:r,status:"completed",user_id:n,tenant_id:s,session_token:i}):o("Invalid API response: session_id must be string",{originalData:e})}function ze(e){if(!e||typeof e!="object")return false;let r=e;return typeof r.challenge=="string"&&r.rp!=null&&typeof r.rp=="object"&&r.user!=null&&typeof r.user=="object"&&Array.isArray(r.pubKeyCredParams)}function Ye(e){if(!e||typeof e!="object")return false;let r=e;return typeof r.challenge=="string"&&typeof r.rpId=="string"}function j(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r="resultado"in e&&g(e.resultado)?e.resultado:e,t=r.session_id,n=r.qr_url,s=r.expires_at,i=r.polling_token;return !l(t)||!l(n)||!l(s)||!l(i)?o("Invalid API response: missing required fields",{originalData:e}):p({session_id:t,qr_url:n,expires_at:s,polling_token:i})}function le(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=e.status;return !l(r)||!["pending","authenticated","completed"].includes(r)?o("Invalid API response: invalid status",{originalData:e}):p({status:r,user_id:e.user_id,session_token:e.session_token})}function ue(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=e.type,t=r==="registration"?"registration":"auth",n=e.options;if(!g(n))return o("Invalid API response: options are required",{originalData:e});let s=200,i=Te(e.approval_context,s),a=Te(e.application_name,s);if(i===false||a===false)return o("Invalid API response: approval_context/application_name must be string max 200 chars",{originalData:e});let d={};return typeof i=="string"&&(d.approval_context=i),typeof a=="string"&&(d.application_name=a),t==="registration"?ze(n)?p({type:"registration",options:n,...d}):o("Invalid API response: registration options must have challenge, rp, user, pubKeyCredParams",{originalData:e}):Ye(n)?p({type:"auth",options:n,...d}):o("Invalid API response: auth options must have challenge and rpId",{originalData:e})}function Te(e,r){if(e!=null)return typeof e!="string"||e.length>r?false:e}function ce(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=c(e,"challenge"),t=c(e,"recovery_session_id");return g(r)?l(t)?p({challenge:r,recovery_session_id:t}):o("Invalid API response: recovery_session_id must be string",{field:"recovery_session_id",originalData:e}):o("Invalid API response: challenge must be object",{field:"challenge",originalData:e})}function pe(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=c(e,"status"),t=c(e,"session_token"),n=c(e,"user"),s=c(e,"credential_id");if(!l(r))return o("Invalid API response: status must be string",{field:"status",originalData:e});if(!l(t))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});if(!l(s))return o("Invalid API response: credential_id must be string",{field:"credential_id",originalData:e});if(!g(n))return o("Invalid API response: user must be object",{field:"user",originalData:e});let i=c(n,"user_id");if(!l(i))return o("Invalid API response: user.user_id must be string",{field:"user.user_id",originalData:e});let a=n;return p({status:r,session_token:t,credential_id:s,user:{user_id:i,external_user_id:l(a.external_user_id)?a.external_user_id:void 0,email:l(a.email)?a.email:void 0,metadata:g(a.metadata)?a.metadata:void 0}})}var q=class{constructor(r,t,n={}){this.httpClient=r;this.baseUrl=t;this.defaultHeaders=n;}mergeHeaders(r){return {...this.defaultHeaders,...r}}async post(r,t,n){let s=`${this.baseUrl}${r}`,i=await this.httpClient.post(s,t,this.mergeHeaders());return i.ok?n(i.value):u(i.error)}async get(r,t,n){let s=`${this.baseUrl}${r}`,i=await this.httpClient.get(s,this.mergeHeaders(n));return i.ok?t(i.value):u(i.error)}async startRegister(r){return this.post("/v1/passkeys/register/start",r,J)}async startAuth(r){return this.post("/v1/passkeys/auth/start",r,Z)}async finishRegister(r){return this.post("/v1/passkeys/register/finish",r,Q)}async finishAuthentication(r){return this.post("/v1/passkeys/auth/finish",r,ee)}async validateSession(r){return this.get("/v1/sessions/validate",re,{Authorization:`Bearer ${r}`})}async startEmailFallback(r){let t=`${this.baseUrl}/v1/fallback/email/start`,n=await this.httpClient.post(t,{userId:r.userId,email:r.email},this.mergeHeaders());return n.ok?p(void 0):u(n.error)}async verifyEmailCode(r){let t={userId:r.userId,code:r.code};return r.successUrl&&(t.success_url=r.successUrl),this.post("/v1/fallback/email/verify",t,te)}async startOnboarding(r){return this.post("/v1/onboarding/start",r,ne)}async getOnboardingStatus(r){return this.get(`/v1/onboarding/${r}/status`,se)}async getOnboardingRegister(r){return this.get(`/v1/onboarding/${r}/register`,ie)}async registerOnboardingPasskey(r,t){return this.post(`/v1/onboarding/${r}/register-passkey`,t,oe)}async completeOnboarding(r,t){return this.post(`/v1/onboarding/${r}/complete`,t,ae)}async initCrossDeviceAuth(){return this.post("/v1/auth/cross-device/init",{},j)}async initCrossDeviceRegistration(r){return this.post("/v1/auth/cross-device/init-registration",{external_user_id:r.externalUserId},j)}async getCrossDeviceStatus(r,t){let n={};return typeof t=="string"&&t.length>0&&(n["X-Polling-Token"]=t),this.get(`/v1/auth/cross-device/status/${r}`,le,Object.keys(n).length>0?n:void 0)}async getCrossDeviceContext(r){return this.get(`/v1/auth/cross-device/context/${r}`,ue)}async verifyCrossDeviceAuth(r){let t=`${this.baseUrl}/v1/auth/cross-device/verify`,n=await this.httpClient.post(t,r,this.mergeHeaders());return n.ok?p(void 0):u(n.error)}async verifyCrossDeviceRegistration(r){let t=`${this.baseUrl}/v1/auth/cross-device/verify-registration`,n=await this.httpClient.post(t,r,this.mergeHeaders());return n.ok?p(void 0):u(n.error)}async verifyAccountRecoveryOtp(r,t){return this.post("/v1/users/recovery/verify",{external_id:r,otp:t},ce)}async completeAccountRecovery(r,t){return this.post("/v1/users/recovery/complete",{recovery_session_id:r,credential:t},pe)}};function Je(e){return typeof e=="object"&&e!==null&&e.ok===true&&"resultado"in e}function Ze(e){if(typeof e!="object"||e===null)return false;let r=e;if(r.ok!==false||!r.error||typeof r.error!="object")return false;let t=r.error;return typeof t.code=="string"&&typeof t.message=="string"}function Qe(e,r){if(Ze(e))return {message:e.error.message,code:w(e.error.code)};let t=e,n=t?.error;if(typeof n=="object"&&n!==null&&"code"in n&&typeof n.code=="string")return {message:n.message??t?.message??r,code:w(n.code)};let s=t?.message??r,i=t?.error,a=typeof i=="string"?w(i):i===void 0?"NETWORK_FAILURE":w(String(i));return {message:s,code:a}}var er=3e4;function rr(){if(typeof globalThis.crypto<"u"&&typeof globalThis.crypto.randomUUID=="function")return globalThis.crypto.randomUUID();throw new Error("Web Crypto API is required but not available.")}function Ae(e,r){let t=r*Math.pow(2,e);return Math.min(t,er)}function tr(e,r){return e!=="GET"?false:r>=500||r===429}var V=class{constructor(r,t=0,n=1e3,s){this.timeoutMs=r;this.maxRetries=t;this.retryDelayMs=n;this.logger=s;}async get(r,t){return this.request(r,{method:"GET",headers:t})}async post(r,t,n){return this.request(r,{method:"POST",body:JSON.stringify(t),headers:{"Content-Type":"application/json",...n}})}async request(r,t){let n=(t.method??"GET").toUpperCase(),s=rr(),i=new Headers(t.headers);i.set("X-Request-Id",s),this.logger&&this.logger.debug("request",{requestId:s,url:r,method:n});let a;for(let d=0;d<=this.maxRetries;d++)try{let m=new AbortController,v=setTimeout(()=>m.abort(),this.timeoutMs);try{let f=await fetch(r,{...t,headers:i,signal:m.signal});if(!f.ok){let U;try{U=await f.json();}catch{}let{message:I,code:Ke}=Qe(U,f.statusText),ve=R(Ke,I,{requestId:s,status:f.status,statusText:f.statusText,data:U});if(tr(n,f.status)&&d<this.maxRetries){a=ve,clearTimeout(v),await new Promise(je=>setTimeout(je,Ae(d,this.retryDelayMs)));continue}return u(ve)}if(f.status===204)return p(void 0);if(f.headers.get("content-length")==="0")return p(void 0);let b=await f.json();if(Je(b))return p(b.resultado);let P=b;return typeof b=="object"&&b!==null&&P.ok===true&&!("resultado"in P)?p(void 0):p(b)}finally{clearTimeout(v);}}catch(m){if(a=m,n==="GET"&&d<this.maxRetries)await new Promise(f=>setTimeout(f,Ae(d,this.retryDelayMs)));else break}return a instanceof Error&&a.name==="AbortError"?u(R("TIMEOUT","Request timed out",{requestId:s})):u(R("NETWORK_FAILURE",a instanceof Error?a.message:"Request failed",{requestId:s,cause:a}))}};function _(e){let r=new Uint8Array(e),t=Array.from(r,s=>String.fromCharCode(s)).join("");if(typeof globalThis.btoa>"u")throw G("encode");return globalThis.btoa(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function nr(e){if(typeof globalThis.atob>"u")throw G("decode");let r=e.replace(/-/g,"+").replace(/_/g,"/"),t=r.length%4,n=t===0?r:r+"=".repeat(4-t),s=globalThis.atob(n);return Uint8Array.from(s,i=>i.charCodeAt(0))}function x(e){let r=nr(e),t=new ArrayBuffer(r.length);return new Uint8Array(t).set(r),t}function Ie(e){return e!==null&&typeof e=="object"&&"clientDataJSON"in e&&e.clientDataJSON instanceof ArrayBuffer}function A(e){if(!e.response)throw R("UNKNOWN_ERROR","Credential response is missing",{credential:e});let r=e.response;if(!Ie(r))throw R("UNKNOWN_ERROR","Invalid credential response structure",{response:r});if(!("attestationObject"in r))throw R("UNKNOWN_ERROR","Invalid credential response structure for register: attestationObject is missing",{response:r});let t=r.clientDataJSON,n=r.attestationObject;return {id:e.id,rawId:_(e.rawId),response:{clientDataJSON:_(t),attestationObject:_(n)},type:"public-key"}}function B(e){if(!e.response)throw R("UNKNOWN_ERROR","Credential response is missing",{credential:e});let r=e.response;if(!Ie(r))throw R("UNKNOWN_ERROR","Invalid credential response structure",{response:r});if(!("authenticatorData"in r)||!("signature"in r))throw R("UNKNOWN_ERROR","Invalid credential response structure for auth: authenticatorData or signature is missing",{response:r});let t=r.clientDataJSON,n=r.authenticatorData,s=r.signature,i=r.userHandle;return {id:e.id,rawId:_(e.rawId),response:{authenticatorData:_(n),clientDataJSON:_(t),signature:_(s),...i&&{userHandle:_(i)}},type:"public-key"}}function M(){try{return !(typeof navigator>"u"||!navigator.credentials||typeof PublicKeyCredential>"u")}catch{return false}}async function sr(){try{return !M()||typeof PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable!="function"?false:await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()}catch{return false}}async function Oe(){let e=M(),r=await sr();return {isPasskeySupported:e,platformAuthenticatorAvailable:r,recommendedFlow:e?"passkey":"fallback"}}function C(e,r="create"){if(!e||typeof e!="object"||!("id"in e)||!("rawId"in e)||!("response"in e))throw he(r)}async function N(e){let{operation:r,eventEmitter:t,start:n,createOptions:s,invoke:i,finish:a}=e;try{if(t.emit("start",{type:"start",operation:r}),!M()){let E=X();return t.emit("error",{type:"error",error:E}),u(E)}let d=await n();if(!d.ok)return t.emit("error",{type:"error",error:d.error}),u(d.error);let m=s(d.value);if(!m.ok)return t.emit("error",{type:"error",error:m.error}),u(m.error);let v=await i(m.value);if(!v){let E=y("credential",`${r==="register"?"creation":"retrieval"} failed`);return t.emit("error",{type:"error",error:E}),u(E)}try{C(v);}catch(E){let b=h(E);return t.emit("error",{type:"error",error:b}),u(b)}let f=await a(d.value,v);return f.ok?(t.emit("success",{type:"success",operation:r}),p(f.value)):(t.emit("error",{type:"error",error:f.error}),u(f.error))}catch(d){let m=h(d);return t.emit("error",{type:"error",error:m}),u(m)}}function k(e,r){try{L(e.challenge,"challenge"),L(e.user.id,"user.id");let t=x(e.challenge),n=x(e.user.id),s={userVerification:"preferred"};e.authenticatorSelection&&(s={...e.authenticatorSelection}),r&&(s={...s,authenticatorAttachment:r});let i={rp:{id:e.rp.id,name:e.rp.name},user:{id:n,name:e.user.name,displayName:e.user.displayName},challenge:t,pubKeyCredParams:e.pubKeyCredParams,...e.timeout!==void 0&&{timeout:e.timeout},attestation:"none",authenticatorSelection:s,...e.excludeCredentials&&{excludeCredentials:e.excludeCredentials.map(a=>({id:x(a.id),type:a.type,...a.transports&&{transports:a.transports}}))}};return p({publicKey:i})}catch(t){return u(h(t))}}function de(e,r){try{L(e.challenge,"challenge");let t=x(e.challenge);return p({publicKey:{challenge:t,rpId:e.rpId,...e.timeout!==void 0&&{timeout:e.timeout},userVerification:e.userVerification??"preferred",...e.allowCredentials&&{allowCredentials:e.allowCredentials.map(n=>({id:x(n.id),type:n.type,...n.transports&&{transports:n.transports}}))}},...r!==void 0&&{mediation:r}})}catch(t){return u(h(t))}}async function Ce(e,r,t){let n=e.externalUserId??e.external_user_id;if(!n||typeof n!="string"||n.trim()===""){let s=y("externalUserId","must be a non-empty string");return t.emit("error",{type:"error",error:s}),u(s)}return N({operation:"register",eventEmitter:t,start:()=>r.startRegister({external_user_id:n}),createOptions:s=>k(s.challenge,e.authenticatorType),invoke:async s=>{let i={...s,...e.signal&&{signal:e.signal}};return navigator.credentials.create(i)},finish:async(s,i)=>{let a=await r.finishRegister({session_id:s.session_id,credential:A(i),...e.successUrl&&{success_url:e.successUrl}});return a.ok?p({success:true,credentialId:a.value.credential_id,credential_id:a.value.credential_id,status:a.value.status,sessionToken:a.value.session_token,user:{userId:a.value.user.user_id,externalUserId:a.value.user.external_user_id,email:a.value.user.email,metadata:a.value.user.metadata},...a.value.redirect_url&&{redirectUrl:a.value.redirect_url}}):u(a.error)}})}async function ke(e,r,t){let n=e.externalUserId??e.external_user_id,s=n!==void 0&&typeof n=="string"&&n.trim()!=="";return N({operation:"authenticate",eventEmitter:t,start:()=>r.startAuth(s?{external_user_id:n.trim()}:{}),createOptions:i=>de(i.challenge,e.mediation),invoke:async i=>{let a={...i,...e.signal&&{signal:e.signal}};return navigator.credentials.get(a)},finish:async(i,a)=>{let d=await r.finishAuthentication({session_id:i.session_id,credential:B(a),...e.successUrl&&{success_url:e.successUrl}});return d.ok?p({authenticated:d.value.authenticated,sessionToken:d.value.session_token,user:{userId:d.value.user.user_id,externalUserId:d.value.user.external_user_id,email:d.value.user.email,metadata:d.value.user.metadata},signals:d.value.signals,...d.value.redirect_url&&{redirectUrl:d.value.redirect_url}}):u(d.error)}})}var ir=2e3,or=60,W=class{constructor(r){this.apiClient=r;}async startFlow(r){let t=await this.apiClient.startOnboarding({user_role:r.user_role});if(!t.ok)return u(t.error);let{session_id:n}=t.value;for(let s=0;s<or;s++){await new Promise(m=>setTimeout(m,ir));let i=await this.apiClient.getOnboardingStatus(n);if(!i.ok)return u(i.error);let a=i.value.status,d=i.value.onboarding_url;if(a==="pending_passkey"){let m=await this.apiClient.getOnboardingRegister(n);if(!m.ok)return u(m.error);let v=m.value;if(!v.challenge)return u(R("NOT_SUPPORTED","Onboarding requires user action - complete passkey registration at the provided onboarding_url",{onboarding_url:d}));let f=k(v.challenge);if(!f.ok)return u(f.error);let E;try{E=await navigator.credentials.create(f.value);}catch(I){return u(h(I))}try{C(E,"create");}catch(I){return u(h(I))}let b;try{b=A(E);}catch(I){return u(h(I))}let P=await this.apiClient.registerOnboardingPasskey(n,{credential:b,challenge:v.challenge.challenge});return P.ok?await this.apiClient.completeOnboarding(n,{company_name:r.company_name}):u(P.error)}if(a==="completed")return await this.apiClient.completeOnboarding(n,{company_name:r.company_name})}return u(R("TIMEOUT","Onboarding timed out"))}};var ar=2e3,lr=60,H=class{constructor(r){this.apiClient=r;}async init(){return this.apiClient.initCrossDeviceAuth()}async initRegistration(r){return this.apiClient.initCrossDeviceRegistration(r)}async waitForSession(r,t,n){for(let s=0;s<lr;s++){if(t?.aborted)return u(R("ABORT_ERROR","Operation aborted by user or timeout"));let i=await this.apiClient.getCrossDeviceStatus(r,n);if(!i.ok)return u(i.error);if(i.value.status==="completed")return !i.value.session_token||!i.value.user_id?u(R("UNKNOWN_ERROR","Missing data in completed session")):p({session_token:i.value.session_token,user_id:i.value.user_id});if(t?.aborted)return u(R("ABORT_ERROR","Operation aborted by user or timeout"));if(await new Promise(a=>{let d=setTimeout(()=>{a(null),t?.removeEventListener("abort",m);},ar),m=()=>{clearTimeout(d),a(null);};t?.addEventListener("abort",m);}),t?.aborted)return u(R("ABORT_ERROR","Operation aborted by user or timeout"))}return u(R("TIMEOUT","Cross-device authentication timed out"))}async approve(r){let t=await this.apiClient.getCrossDeviceContext(r);if(!t.ok)return u(t.error);let n=t.value;return n.type==="registration"?this.executeRegistrationApproval(r,n):this.executeAuthApproval(r,n)}async executeRegistrationApproval(r,t){let n=k(t.options);if(!n.ok)return u(n.error);let s;try{s=await navigator.credentials.create(n.value);}catch(a){return u(h(a))}try{C(s,"create");}catch(a){return u(h(a))}let i;try{i=A(s);}catch(a){return u(h(a))}return this.apiClient.verifyCrossDeviceRegistration({session_id:r,credential:i})}async executeAuthApproval(r,t){let n=de(t.options);if(!n.ok)return u(n.error);let s;try{s=await navigator.credentials.get(n.value);}catch(a){return u(h(a))}try{C(s,"get");}catch(a){return u(h(a))}let i;try{i=B(s);}catch(a){return u(h(a))}return this.apiClient.verifyCrossDeviceAuth({session_id:r,credential:i})}};var $=class{handlers;constructor(){this.handlers=new Map;}on(r,t){let n=this.handlers.get(r);return n||(n=new Set,this.handlers.set(r,n)),n.add(t),()=>{this.off(r,t);}}off(r,t){let n=this.handlers.get(r);n&&(n.delete(t),n.size===0&&this.handlers.delete(r));}emit(r,t){let n=this.handlers.get(r);if(n)for(let s of n)try{s(t);}catch{}}removeAllListeners(){this.handlers.clear();}};async function Se(e,r,t){let n=e.externalUserId??e.external_user_id;if(!n||typeof n!="string"||n.trim()===""){let s=y("externalUserId","must be a non-empty string");return t.emit("error",{type:"error",error:s}),u(s)}if(!e.otp||typeof e.otp!="string"||e.otp.trim().length!==6){let s=y("otp","must be a 6-digit string");return t.emit("error",{type:"error",error:s}),u(s)}return N({operation:"register",eventEmitter:t,start:()=>r.verifyAccountRecoveryOtp(n,e.otp),createOptions:s=>k(s.challenge),invoke:async s=>navigator.credentials.create(s),finish:async(s,i)=>{let a=await r.completeAccountRecovery(s.recovery_session_id,A(i));return a.ok?p({success:true,credentialId:a.value.credential_id,status:a.value.status,sessionToken:a.value.session_token,user:{userId:a.value.user.user_id,externalUserId:a.value.user.external_user_id,email:a.value.user.email,metadata:a.value.user.metadata}}):u(a.error)}})}var ge="https://api.trymellonauth.com",xe="https://api.trymellonauth.com/v1/telemetry";var me="trymellon_sandbox_session_token_v1";function Me(e){return {async send(r){let t=JSON.stringify(r);if(typeof navigator<"u"&&typeof navigator.sendBeacon=="function"){navigator.sendBeacon(e,t);return}typeof fetch<"u"&&await fetch(e,{method:"POST",body:t,headers:{"Content-Type":"application/json"},keepalive:true});}}}function Re(e,r){return {event:e,latencyMs:r,ok:true}}var fe=class e{sandbox;sandboxToken;apiClient;eventEmitter;telemetrySender;crossDeviceManager;onboarding;static create(r){try{let t=r.appId,n=r.publishableKey;if(!t||typeof t!="string"||t.trim()==="")return u(y("appId","must be a non-empty string"));if(!n||typeof n!="string"||n.trim()==="")return u(y("publishableKey","must be a non-empty string"));let s=r.apiBaseUrl??ge;z(s,"apiBaseUrl");let i=r.timeoutMs??3e4;return O(i,"timeoutMs",1e3,3e5),r.maxRetries!==void 0&&O(r.maxRetries,"maxRetries",0,10),r.retryDelayMs!==void 0&&O(r.retryDelayMs,"retryDelayMs",100,1e4),p(new e(r))}catch(t){return F(t)?u(t):u(y("config",t.message))}}constructor(r){this.sandbox=r.sandbox===true,this.sandboxToken=this.sandbox&&r.sandboxToken!=null&&r.sandboxToken!==""?r.sandboxToken:me;let t=r.appId,n=r.publishableKey;if(!t||typeof t!="string"||t.trim()==="")throw y("appId","must be a non-empty string");if(!n||typeof n!="string"||n.trim()==="")throw y("publishableKey","must be a non-empty string");let s=r.apiBaseUrl??ge;z(s,"apiBaseUrl");let i=r.timeoutMs??3e4;O(i,"timeoutMs",1e3,3e5),r.maxRetries!==void 0&&O(r.maxRetries,"maxRetries",0,10),r.retryDelayMs!==void 0&&O(r.retryDelayMs,"retryDelayMs",100,1e4);let a=r.maxRetries??3,d=r.retryDelayMs??1e3,m=new V(i,a,d,r.logger),v=r.origin??(typeof window<"u"&&window?.location?.origin?window.location.origin:void 0),f={"X-App-Id":t.trim(),Authorization:`Bearer ${n.trim()}`,...v&&{Origin:v}};this.apiClient=new q(m,s,f),this.onboarding=new W(this.apiClient),this.crossDeviceManager=new H(this.apiClient),this.eventEmitter=new $,r.enableTelemetry&&(this.telemetrySender=r.telemetrySender??Me(r.telemetryEndpoint??xe));}static isSupported(){return M()}sandboxAuthResult(r,t){let n=t.externalUserId??t.external_user_id??"sandbox",s=typeof n=="string"?n:"sandbox";return r==="register"?Promise.resolve(p({success:true,credentialId:"",status:"sandbox",sessionToken:this.sandboxToken,user:{userId:"sandbox-user",externalUserId:s}})):Promise.resolve(p({authenticated:true,sessionToken:this.sandboxToken,user:{userId:"sandbox-user",externalUserId:s}}))}async register(r){if(this.sandbox)return this.sandboxAuthResult("register",r);let t=Date.now(),n=await Ce(r,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(Re("register",Date.now()-t)).catch(()=>{}),n}async authenticate(r){if(this.sandbox)return this.sandboxAuthResult("authenticate",r);let t=Date.now(),n=await ke(r,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(Re("authenticate",Date.now()-t)).catch(()=>{}),n}async validateSession(r){return this.sandbox&&r===this.sandboxToken?Promise.resolve(p({valid:true,user_id:"sandbox-user",external_user_id:"sandbox",tenant_id:"sandbox-tenant",app_id:"sandbox-app"})):this.apiClient.validateSession(r)}async getStatus(){return Oe()}on(r,t){return this.eventEmitter.on(r,t)}version(){return "1.7.6"}fallback={email:{start:async r=>this.apiClient.startEmailFallback(r),verify:async r=>{let t=await this.apiClient.verifyEmailCode({userId:r.userId,code:r.code,...r.successUrl&&{successUrl:r.successUrl}});return t.ok?p({sessionToken:t.value.sessionToken,...t.value.redirectUrl&&{redirectUrl:t.value.redirectUrl}}):t}}};auth={crossDevice:{init:()=>this.crossDeviceManager.init(),initRegistration:r=>this.crossDeviceManager.initRegistration(r),waitForSession:(r,t,n)=>this.crossDeviceManager.waitForSession(r,t,n),getContext:r=>this.apiClient.getCrossDeviceContext(r),approve:r=>this.crossDeviceManager.approve(r)},recoverAccount:async r=>Se(r,this.apiClient,this.eventEmitter)}};var ye=class{debug(r,t){t&&Object.keys(t).length>0?console.debug(`[TryMellon] ${r}`,t):console.debug(`[TryMellon] ${r}`);}info(r,t){t&&Object.keys(t).length>0?console.info(`[TryMellon] ${r}`,t):console.info(`[TryMellon] ${r}`);}warn(r,t){t&&Object.keys(t).length>0?console.warn(`[TryMellon] ${r}`,t):console.warn(`[TryMellon] ${r}`);}error(r,t){t&&Object.keys(t).length>0?console.error(`[TryMellon] ${r}`,t):console.error(`[TryMellon] ${r}`);}};
2
- exports.ConsoleLogger=ye;exports.SANDBOX_SESSION_TOKEN=me;exports.TryMellon=fe;exports.TryMellonError=D;exports.createError=R;exports.createInvalidArgumentError=y;exports.createNetworkError=Be;exports.createNotSupportedError=X;exports.createTimeoutError=We;exports.createUserCancelledError=Ve;exports.err=u;exports.isTryMellonError=F;exports.mapWebAuthnError=h;exports.ok=p;return exports;})({});//# sourceMappingURL=index.global.js.map
1
+ var TryMellon=(function(exports){'use strict';var p=e=>({ok:true,value:e}),c=e=>({ok:false,error:e});var U=class e extends Error{code;details;isTryMellonError=true;constructor(r,t,n){super(t),this.name="TryMellonError",this.code=r,this.details=n,Error.captureStackTrace&&Error.captureStackTrace(this,e);}},Xe={NOT_SUPPORTED:"WebAuthn is not supported in this environment",USER_CANCELLED:"User cancelled the operation",PASSKEY_NOT_FOUND:"Passkey not found",SESSION_EXPIRED:"Session has expired",NETWORK_FAILURE:"Network request failed",INVALID_ARGUMENT:"Invalid argument provided",TIMEOUT:"Operation timed out",ABORTED:"Operation was aborted",ABORT_ERROR:"Operation aborted by user or timeout",CHALLENGE_MISMATCH:"This link was already used or expired. Please try again from your computer.",UNKNOWN_ERROR:"An unknown error occurred"};function f(e,r,t){return new U(e,r??Xe[e],t)}function L(e){return e instanceof U||typeof e=="object"&&e!==null&&"isTryMellonError"in e&&e.isTryMellonError===true}function Z(){return f("NOT_SUPPORTED")}function Ge(){return f("USER_CANCELLED")}function ze(e){return f("NETWORK_FAILURE",void 0,{cause:e?.message,originalError:e})}function Ye(){return f("TIMEOUT")}function y(e,r){return f("INVALID_ARGUMENT",`Invalid argument: ${e} - ${r}`,{field:e,reason:r})}function Ae(e){return f("UNKNOWN_ERROR",`Failed to ${e} credential`,{operation:e})}function Q(e){return f("NOT_SUPPORTED",`No base64 ${e==="encode"?"encoding":"decoding"} available`,{type:e})}function ee(e,r){try{let t=new URL(e);if(t.protocol!=="https:"&&t.protocol!=="http:")throw y(r,"must use http or https protocol")}catch(t){throw L(t)?t:y(r,"must be a valid URL")}}function k(e,r,t,n){if(!Number.isFinite(e))throw y(r,"must be a finite number");if(e<t||e>n)throw y(r,`must be between ${t} and ${n}`)}function K(e,r){if(typeof e!="string"||e.length===0)throw y(r,"must be a non-empty string");if(!/^[A-Za-z0-9_-]+$/.test(e))throw y(r,"must be a valid base64url string")}var Je={NotAllowedError:"USER_CANCELLED",AbortError:"ABORTED",NotSupportedError:"NOT_SUPPORTED",SecurityError:"NOT_SUPPORTED",InvalidStateError:"UNKNOWN_ERROR",UnknownError:"UNKNOWN_ERROR"};function N(e){if(typeof e!="string")return "UNKNOWN_ERROR";let r=e.toLowerCase().trim();return {challenge_mismatch:"CHALLENGE_MISMATCH",session_expired:"SESSION_EXPIRED",unauthorized:"SESSION_EXPIRED",validation_error:"INVALID_ARGUMENT",invalid_argument:"INVALID_ARGUMENT",user_not_found:"SESSION_EXPIRED",passkey_not_found:"PASSKEY_NOT_FOUND"}[r]??"UNKNOWN_ERROR"}function b(e){if(e instanceof DOMException){let r=e.name,t=e.message||"WebAuthn operation failed",n=Je[r]??"UNKNOWN_ERROR";return f(n,t,{originalError:e})}return e instanceof Error?f("UNKNOWN_ERROR",e.message,{originalError:e}):f("UNKNOWN_ERROR","An unknown error occurred",{originalError:e})}function g(e){return typeof e=="object"&&e!==null&&!Array.isArray(e)}function l(e){return typeof e=="string"}function I(e){return typeof e=="number"&&Number.isFinite(e)}function j(e){return typeof e=="boolean"}function M(e){return Array.isArray(e)}function o(e,r){return c(f("UNKNOWN_ERROR",e,{...r,originalData:r?.originalData}))}function d(e,r){return e[r]}function Ie(e,r){return !g(e)||!l(e.name)||!l(e.id)?o("Invalid API response: challenge.rp must have name and id strings",{originalData:r}):p(true)}function Oe(e,r){return !g(e)||!l(e.id)||!l(e.name)||!l(e.displayName)?o("Invalid API response: challenge.user must have id, name, displayName strings",{originalData:r}):p(true)}function ke(e,r){if(!M(e))return o("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:r});for(let t of e)if(!g(t)||t.type!=="public-key"||!I(t.alg))return o("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:r});return p(true)}function re(e,r){if(!g(e))return o("Invalid API response: user must be object",{field:"user",originalData:r});let t=d(e,"user_id"),n=d(e,"external_user_id");if(!l(t)||!l(n))return o("Invalid API response: user must have user_id and external_user_id strings",{originalData:r});let i=e.email,s=e.metadata;return i!==void 0&&!l(i)?o("Invalid API response: user.email must be string",{originalData:r}):s!==void 0&&(typeof s!="object"||s===null)?o("Invalid API response: user.metadata must be object",{originalData:r}):p({user_id:t,external_user_id:n,...i!==void 0&&{email:i},...s!==void 0&&{metadata:s}})}function te(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=d(e,"session_id");if(!l(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});let t=d(e,"challenge");if(!g(t))return o("Invalid API response: challenge must be object",{field:"challenge",originalData:e});let n=Ie(d(t,"rp"),e);if(!n.ok)return n;let i=Oe(d(t,"user"),e);if(!i.ok)return i;let s=d(t,"challenge");if(!l(s))return o("Invalid API response: challenge.challenge must be string",{originalData:e});let a=ke(d(t,"pubKeyCredParams"),e);if(!a.ok)return a;let u=t.timeout;if(u!==void 0&&!I(u))return o("Invalid API response: challenge.timeout must be number",{originalData:e});let m=t.excludeCredentials;if(m!==void 0){if(!M(m))return o("Invalid API response: excludeCredentials must be array",{originalData:e});for(let R of m)if(!g(R)||R.type!=="public-key"||!l(R.id))return o("Invalid API response: excludeCredentials items must have id and type",{originalData:e})}let v=t.authenticatorSelection;return v!==void 0&&!g(v)?o("Invalid API response: authenticatorSelection must be object",{originalData:e}):p({session_id:r,challenge:{rp:t.rp,user:t.user,challenge:s,pubKeyCredParams:t.pubKeyCredParams,...u!==void 0&&{timeout:u},...m!==void 0&&{excludeCredentials:m},...v!==void 0&&{authenticatorSelection:v}}})}function ne(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=d(e,"session_id");if(!l(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});let t=d(e,"challenge");if(!g(t))return o("Invalid API response: challenge must be object",{field:"challenge",originalData:e});let n=d(t,"challenge"),i=d(t,"rpId"),s=t.allowCredentials;if(!l(n))return o("Invalid API response: challenge.challenge must be string",{originalData:e});if(!l(i))return o("Invalid API response: challenge.rpId must be string",{originalData:e});if(s!==void 0&&!M(s))return o("Invalid API response: allowCredentials must be array",{originalData:e});if(s){for(let m of s)if(!g(m)||m.type!=="public-key"||!l(m.id))return o("Invalid API response: allowCredentials items must have id and type",{originalData:e})}let a=t.timeout;if(a!==void 0&&!I(a))return o("Invalid API response: challenge.timeout must be number",{originalData:e});let u=t.userVerification;return u!==void 0&&!["required","preferred","discouraged"].includes(String(u))?o("Invalid API response: userVerification must be required|preferred|discouraged",{originalData:e}):p({session_id:r,challenge:{challenge:n,rpId:i,allowCredentials:s??[],...a!==void 0&&{timeout:a},...u!==void 0&&{userVerification:u}}})}function se(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=d(e,"credential_id"),t=d(e,"status"),n=d(e,"session_token"),i=d(e,"user");if(!l(r))return o("Invalid API response: credential_id must be string",{field:"credential_id",originalData:e});if(!l(t))return o("Invalid API response: status must be string",{field:"status",originalData:e});if(!l(n))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});let s=re(i,e);if(!s.ok)return o(s.error.message,{originalData:e});let a=e.redirect_url;return a!==void 0&&!l(a)?o("Invalid API response: redirect_url must be string",{originalData:e}):p({credential_id:r,status:t,session_token:n,user:s.value,...a!==void 0&&{redirect_url:a}})}function ie(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=d(e,"authenticated"),t=d(e,"session_token"),n=d(e,"user"),i=d(e,"signals");if(!j(r))return o("Invalid API response: authenticated must be boolean",{field:"authenticated",originalData:e});if(!l(t))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});let s=re(n,e);if(!s.ok)return o(s.error.message,{originalData:e});if(i!==void 0&&!g(i))return o("Invalid API response: signals must be object",{originalData:e});let a=e.redirect_url;return a!==void 0&&!l(a)?o("Invalid API response: redirect_url must be string",{originalData:e}):p({authenticated:r,session_token:t,user:s.value,signals:i,...a!==void 0&&{redirect_url:a}})}function oe(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=d(e,"valid"),t=d(e,"user_id"),n=d(e,"external_user_id"),i=d(e,"tenant_id"),s=d(e,"app_id");return j(r)?l(t)?l(n)?l(i)?l(s)?p({valid:r,user_id:t,external_user_id:n,tenant_id:i,app_id:s}):o("Invalid API response: app_id must be string",{field:"app_id",originalData:e}):o("Invalid API response: tenant_id must be string",{field:"tenant_id",originalData:e}):o("Invalid API response: external_user_id must be string",{field:"external_user_id",originalData:e}):o("Invalid API response: user_id must be string",{field:"user_id",originalData:e}):o("Invalid API response: valid must be boolean",{field:"valid",originalData:e})}function ae(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=e.session_token??e.sessionToken;if(!l(r))return o("Invalid API response: session_token/sessionToken must be string",{field:"session_token",originalData:e});let t=e.redirect_url;return t!==void 0&&!l(t)?o("Invalid API response: redirect_url must be string",{originalData:e}):p({sessionToken:r,...t!==void 0&&{redirectUrl:t}})}var Ze=["pending_passkey","pending_data","completed"],Qe=["pending_data","completed"];function le(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=d(e,"session_id"),t=d(e,"onboarding_url"),n=d(e,"expires_in");return l(r)?l(t)?I(n)?p({session_id:r,onboarding_url:t,expires_in:n}):o("Invalid API response: expires_in must be number",{field:"expires_in",originalData:e}):o("Invalid API response: onboarding_url must be string",{field:"onboarding_url",originalData:e}):o("Invalid API response: session_id must be string",{field:"session_id",originalData:e})}function ue(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=d(e,"status"),t=d(e,"onboarding_url"),n=d(e,"expires_in");return !l(r)||!Ze.includes(r)?o("Invalid API response: status must be pending_passkey|pending_data|completed",{field:"status",originalData:e}):l(t)?I(n)?p({status:r,onboarding_url:t,expires_in:n}):o("Invalid API response: expires_in must be number",{originalData:e}):o("Invalid API response: onboarding_url must be string",{originalData:e})}function ce(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=d(e,"session_id"),t=d(e,"status"),n=d(e,"onboarding_url");if(!l(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});if(t!=="pending_passkey")return o("Invalid API response: status must be pending_passkey",{field:"status",originalData:e});if(!l(n))return o("Invalid API response: onboarding_url must be string",{originalData:e});let i=e.challenge,s;if(i!==void 0){let a=er(i);if(!a.ok)return a;s=a.value;}return p({session_id:r,status:"pending_passkey",onboarding_url:n,...s!==void 0&&{challenge:s}})}function er(e){if(!g(e))return o("Invalid API response: challenge must be object",{originalData:e});let r=d(e,"rp"),t=d(e,"user"),n=d(e,"challenge"),i=d(e,"pubKeyCredParams");if(!g(r)||!l(r.name)||!l(r.id))return o("Invalid API response: challenge.rp must have name and id",{originalData:e});if(!g(t)||!l(t.id)||!l(t.name)||!l(t.displayName))return o("Invalid API response: challenge.user must have id, name, displayName",{originalData:e});if(!l(n))return o("Invalid API response: challenge.challenge must be string",{originalData:e});if(!M(i))return o("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:e});for(let s of i)if(!g(s)||s.type!=="public-key"||!I(s.alg))return o("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:e});return p({rp:r,user:t,challenge:n,pubKeyCredParams:i})}function pe(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=d(e,"session_id"),t=d(e,"status"),n=d(e,"user_id"),i=d(e,"tenant_id");return l(r)?!l(t)||!Qe.includes(t)?o("Invalid API response: status must be pending_data|completed",{originalData:e}):l(n)?l(i)?p({session_id:r,status:t,user_id:n,tenant_id:i}):o("Invalid API response: tenant_id must be string",{originalData:e}):o("Invalid API response: user_id must be string",{originalData:e}):o("Invalid API response: session_id must be string",{originalData:e})}function de(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=d(e,"session_id"),t=d(e,"status"),n=d(e,"user_id"),i=d(e,"tenant_id"),s=d(e,"session_token");return l(r)?t!=="completed"?o("Invalid API response: status must be completed",{originalData:e}):!l(n)||!l(i)||!l(s)?o("Invalid API response: user_id, tenant_id, session_token must be strings",{originalData:e}):p({session_id:r,status:"completed",user_id:n,tenant_id:i,session_token:s}):o("Invalid API response: session_id must be string",{originalData:e})}function V(e){return e==null?p(void 0):g(e)&&Object.keys(e).length===0?p(void 0):o("Invalid API response: expected empty body (204)",{originalData:e})}function rr(e){if(!e||typeof e!="object")return false;let r=e;return typeof r.challenge=="string"&&r.rp!=null&&typeof r.rp=="object"&&r.user!=null&&typeof r.user=="object"&&Array.isArray(r.pubKeyCredParams)}function tr(e){if(!e||typeof e!="object")return false;let r=e;return typeof r.challenge=="string"&&typeof r.rpId=="string"}function q(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r="resultado"in e&&g(e.resultado)?e.resultado:e,t=r.session_id,n=r.qr_url,i=r.expires_at,s=r.polling_token;if(!l(t)||!l(n)||!l(i)||!l(s))return o("Invalid API response: missing required fields",{originalData:e});let a={session_id:t,qr_url:n,expires_at:i,polling_token:s};return r.external_user_id!==void 0&&l(r.external_user_id)&&(a.external_user_id=r.external_user_id),p(a)}function me(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r="resultado"in e&&g(e.resultado)?e.resultado:e,t=r.status;if(!l(t)||!["pending","authenticated","completed"].includes(t))return o("Invalid API response: invalid status",{originalData:e});let n=r.user_id,i=r.session_token,s=r.redirect_url;return n!==void 0&&!l(n)?o("Invalid API response: user_id must be a string when present",{originalData:e}):i!==void 0&&!l(i)?o("Invalid API response: session_token must be a string when present",{originalData:e}):s!==void 0&&!l(s)?o("Invalid API response: redirect_url must be a string when present",{originalData:e}):p({status:t,user_id:n,session_token:i,redirect_url:s})}function ge(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=e.type,t=r==="registration"?"registration":"auth",n=e.options;if(!g(n))return o("Invalid API response: options are required",{originalData:e});let i=200,s=Ce(e.approval_context,i),a=Ce(e.application_name,i);if(s===false||a===false)return o("Invalid API response: approval_context/application_name must be string max 200 chars",{originalData:e});let u={};return typeof s=="string"&&(u.approval_context=s),typeof a=="string"&&(u.application_name=a),t==="registration"?rr(n)?p({type:"registration",options:n,...u}):o("Invalid API response: registration options must have challenge, rp, user, pubKeyCredParams",{originalData:e}):tr(n)?p({type:"auth",options:n,...u}):o("Invalid API response: auth options must have challenge and rpId",{originalData:e})}function Ce(e,r){if(e!=null)return typeof e!="string"||e.length>r?false:e}function fe(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=d(e,"challenge"),t=d(e,"recovery_session_id");return g(r)?l(t)?p({challenge:r,recovery_session_id:t}):o("Invalid API response: recovery_session_id must be string",{field:"recovery_session_id",originalData:e}):o("Invalid API response: challenge must be object",{field:"challenge",originalData:e})}function Re(e){if(!g(e))return o("Invalid API response: expected object",{originalData:e});let r=d(e,"status"),t=d(e,"session_token"),n=d(e,"user"),i=d(e,"credential_id");if(!l(r))return o("Invalid API response: status must be string",{field:"status",originalData:e});if(!l(t))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});if(!l(i))return o("Invalid API response: credential_id must be string",{field:"credential_id",originalData:e});if(!g(n))return o("Invalid API response: user must be object",{field:"user",originalData:e});let s=d(n,"user_id");if(!l(s))return o("Invalid API response: user.user_id must be string",{field:"user.user_id",originalData:e});let u=e.redirect_url;if(u!==void 0&&!l(u))return o("Invalid API response: redirect_url must be string",{field:"redirect_url",originalData:e});let m=n;return p({status:r,session_token:t,credential_id:i,user:{user_id:s,external_user_id:l(m.external_user_id)?m.external_user_id:void 0,email:l(m.email)?m.email:void 0,metadata:g(m.metadata)?m.metadata:void 0},...u!==void 0&&{redirect_url:u}})}var W=class{constructor(r,t,n={}){this.httpClient=r;this.baseUrl=t;this.defaultHeaders=n;}mergeHeaders(r){return {...this.defaultHeaders,...r}}async post(r,t,n){let i=`${this.baseUrl}${r}`,s=await this.httpClient.post(i,t,this.mergeHeaders());return s.ok?n(s.value):c(s.error)}async get(r,t,n){let i=`${this.baseUrl}${r}`,s=await this.httpClient.get(i,this.mergeHeaders(n));return s.ok?t(s.value):c(s.error)}async startRegister(r){return this.post("/v1/passkeys/register/start",r,te)}async startAuth(r){return this.post("/v1/passkeys/auth/start",r,ne)}async finishRegister(r){return this.post("/v1/passkeys/register/finish",r,se)}async finishAuthentication(r){return this.post("/v1/passkeys/auth/finish",r,ie)}async validateSession(r){return this.get("/v1/sessions/validate",oe,{Authorization:`Bearer ${r}`})}async startEmailFallback(r){let t=`${this.baseUrl}/v1/fallback/email/start`,n=await this.httpClient.post(t,{userId:r.userId,email:r.email},this.mergeHeaders());return n.ok?p(void 0):c(n.error)}async verifyEmailCode(r){let t={userId:r.userId,code:r.code};return r.successUrl&&(t.success_url=r.successUrl),this.post("/v1/fallback/email/verify",t,ae)}async startOnboarding(r){return this.post("/v1/onboarding/start",r,le)}async getOnboardingStatus(r){return this.get(`/v1/onboarding/${r}/status`,ue)}async getOnboardingRegister(r){return this.get(`/v1/onboarding/${r}/register`,ce)}async registerOnboardingPasskey(r,t){return this.post(`/v1/onboarding/${r}/register-passkey`,t,pe)}async completeOnboarding(r,t){return this.post(`/v1/onboarding/${r}/complete`,t,de)}async initCrossDeviceAuth(){return this.post("/v1/auth/cross-device/init",{},q)}async initCrossDeviceRegistration(r){let t=typeof r?.externalUserId=="string"?r.externalUserId.trim():"",n=t.length>0?{external_user_id:t}:{};return this.post("/v1/auth/cross-device/init-registration",n,q)}async getCrossDeviceStatus(r,t){let n={};return typeof t=="string"&&t.length>0&&(n["X-Polling-Token"]=t),this.get(`/v1/auth/cross-device/status/${r}`,me,Object.keys(n).length>0?n:void 0)}async getCrossDeviceContext(r){return this.get(`/v1/auth/cross-device/context/${r}`,ge)}async verifyCrossDeviceAuth(r){return this.post("/v1/auth/cross-device/verify",r,V)}async verifyCrossDeviceRegistration(r){return this.post("/v1/auth/cross-device/verify-registration",r,V)}async verifyAccountRecoveryOtp(r,t){return this.post("/v1/users/recovery/verify",{external_id:r,otp:t},fe)}async completeAccountRecovery(r,t){return this.post("/v1/users/recovery/complete",{recovery_session_id:r,credential:t},Re)}};function nr(e){return typeof e=="object"&&e!==null&&e.ok===true&&"resultado"in e}function Pe(e){if(typeof e!="object"||e===null)return false;let r=e;if(r.ok!==false||!r.error||typeof r.error!="object")return false;let t=r.error;return typeof t.code=="string"&&typeof t.message=="string"}function Se(e,r){if(Pe(e))return {message:e.error.message,code:N(e.error.code)};let t=e,n=t?.error;if(typeof n=="object"&&n!==null&&"code"in n&&typeof n.code=="string")return {message:n.message??t?.message??r,code:N(n.code)};let i=t?.message??r,s=t?.error,a=typeof s=="string"?N(s):s===void 0?"NETWORK_FAILURE":N(String(s));return {message:i,code:a}}var sr=3e4;function ir(){if(typeof globalThis.crypto<"u"&&typeof globalThis.crypto.randomUUID=="function")return globalThis.crypto.randomUUID();throw new Error("Web Crypto API is required but not available.")}function xe(e,r){let t=r*Math.pow(2,e);return Math.min(t,sr)}function or(e,r){return e!=="GET"?false:r>=500||r===429}var B=class{constructor(r,t=0,n=1e3,i){this.timeoutMs=r;this.maxRetries=t;this.retryDelayMs=n;this.logger=i;}async get(r,t){return this.request(r,{method:"GET",headers:t})}async post(r,t,n){return this.request(r,{method:"POST",body:JSON.stringify(t),headers:{"Content-Type":"application/json",...n}})}async request(r,t){let n=(t.method??"GET").toUpperCase(),i=ir(),s=new Headers(t.headers);s.set("X-Request-Id",i),this.logger&&this.logger.debug("request",{requestId:i,url:r,method:n});let a;for(let u=0;u<=this.maxRetries;u++)try{let m=new AbortController,v=setTimeout(()=>m.abort(),this.timeoutMs);try{let R=await fetch(r,{...t,headers:s,signal:m.signal});if(!R.ok){let T;try{T=await R.json();}catch{}let{message:P,code:Te}=Se(T,R.statusText),A=f(Te,P,{requestId:i,status:R.status,statusText:R.statusText,data:T});if(or(n,R.status)&&u<this.maxRetries){a=A,clearTimeout(v),await new Promise($e=>setTimeout($e,xe(u,this.retryDelayMs)));continue}return c(A)}if(R.status===204)return p(void 0);if(R.headers.get("content-length")==="0")return p(void 0);let h=await R.json();if(nr(h))return p(h.resultado);let x=h;if(typeof h=="object"&&h!==null&&x.ok===true&&!("resultado"in x))return p(void 0);if(Pe(h)){let{message:T,code:P}=Se(h,R.statusText);return c(f(P,T,{requestId:i,status:R.status,statusText:R.statusText,data:h}))}return p(h)}finally{clearTimeout(v);}}catch(m){if(a=m,n==="GET"&&u<this.maxRetries)await new Promise(R=>setTimeout(R,xe(u,this.retryDelayMs)));else break}return a instanceof Error&&a.name==="AbortError"?c(f("TIMEOUT","Request timed out",{requestId:i})):c(f("NETWORK_FAILURE",a instanceof Error?a.message:"Request failed",{requestId:i,cause:a}))}};function _(e){let r=new Uint8Array(e),t=Array.from(r,i=>String.fromCharCode(i)).join("");if(typeof globalThis.btoa>"u")throw Q("encode");return globalThis.btoa(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function ar(e){if(typeof globalThis.atob>"u")throw Q("decode");let r=e.replace(/-/g,"+").replace(/_/g,"/"),t=r.length%4,n=t===0?r:r+"=".repeat(4-t),i=globalThis.atob(n);return Uint8Array.from(i,s=>s.charCodeAt(0))}function D(e){let r=ar(e),t=new ArrayBuffer(r.length);return new Uint8Array(t).set(r),t}function Me(e){return e!==null&&typeof e=="object"&&"clientDataJSON"in e&&e.clientDataJSON instanceof ArrayBuffer}function O(e){if(!e.response)throw f("UNKNOWN_ERROR","Credential response is missing",{credential:e});let r=e.response;if(!Me(r))throw f("UNKNOWN_ERROR","Invalid credential response structure",{response:r});if(!("attestationObject"in r))throw f("UNKNOWN_ERROR","Invalid credential response structure for register: attestationObject is missing",{response:r});let t=r.clientDataJSON,n=r.attestationObject;return {id:e.id,rawId:_(e.rawId),response:{clientDataJSON:_(t),attestationObject:_(n)},type:"public-key"}}function H(e){if(!e.response)throw f("UNKNOWN_ERROR","Credential response is missing",{credential:e});let r=e.response;if(!Me(r))throw f("UNKNOWN_ERROR","Invalid credential response structure",{response:r});if(!("authenticatorData"in r)||!("signature"in r))throw f("UNKNOWN_ERROR","Invalid credential response structure for auth: authenticatorData or signature is missing",{response:r});let t=r.clientDataJSON,n=r.authenticatorData,i=r.signature,s=r.userHandle;return {id:e.id,rawId:_(e.rawId),response:{authenticatorData:_(n),clientDataJSON:_(t),signature:_(i),...s&&{userHandle:_(s)}},type:"public-key"}}function w(){try{return !(typeof navigator>"u"||!navigator.credentials||typeof PublicKeyCredential>"u")}catch{return false}}async function lr(){try{return !w()||typeof PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable!="function"?false:await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()}catch{return false}}async function De(){let e=w(),r=await lr();return {isPasskeySupported:e,platformAuthenticatorAvailable:r,recommendedFlow:e?"passkey":"fallback"}}function C(e,r="create"){if(!e||typeof e!="object"||!("id"in e)||!("rawId"in e)||!("response"in e))throw Ae(r)}async function F(e){let{operation:r,eventEmitter:t,start:n,createOptions:i,invoke:s,finish:a}=e;try{if(t.emit("start",{type:"start",operation:r}),!w()){let E=Z();return t.emit("error",{type:"error",error:E}),c(E)}let u=await n();if(!u.ok)return t.emit("error",{type:"error",error:u.error}),c(u.error);let m=i(u.value);if(!m.ok)return t.emit("error",{type:"error",error:m.error}),c(m.error);let v=await s(m.value);if(!v){let E=y("credential",`${r==="register"?"creation":"retrieval"} failed`);return t.emit("error",{type:"error",error:E}),c(E)}try{C(v);}catch(E){let h=b(E);return t.emit("error",{type:"error",error:h}),c(h)}let R=await a(u.value,v);return R.ok?p(R.value):(t.emit("error",{type:"error",error:R.error}),c(R.error))}catch(u){let m=b(u);return t.emit("error",{type:"error",error:m}),c(m)}}function S(e,r){try{K(e.challenge,"challenge"),K(e.user.id,"user.id");let t=D(e.challenge),n=D(e.user.id),i={userVerification:"preferred"};e.authenticatorSelection&&(i={...e.authenticatorSelection}),r&&(i={...i,authenticatorAttachment:r});let s={rp:{id:e.rp.id,name:e.rp.name},user:{id:n,name:e.user.name,displayName:e.user.displayName},challenge:t,pubKeyCredParams:e.pubKeyCredParams,...e.timeout!==void 0&&{timeout:e.timeout},attestation:"none",authenticatorSelection:i,...e.excludeCredentials&&{excludeCredentials:e.excludeCredentials.map(a=>({id:D(a.id),type:a.type,...a.transports&&{transports:a.transports}}))}};return p({publicKey:s})}catch(t){return c(b(t))}}function ye(e,r){try{K(e.challenge,"challenge");let t=D(e.challenge);return p({publicKey:{challenge:t,rpId:e.rpId,...e.timeout!==void 0&&{timeout:e.timeout},userVerification:e.userVerification??"preferred",...e.allowCredentials&&{allowCredentials:e.allowCredentials.map(n=>({id:D(n.id),type:n.type,...n.transports&&{transports:n.transports}}))}},...r!==void 0&&{mediation:r}})}catch(t){return c(b(t))}}async function we(e,r,t){let n=e.externalUserId??e.external_user_id;if(!n||typeof n!="string"||n.trim()===""){let s=y("externalUserId","must be a non-empty string");return t.emit("error",{type:"error",error:s}),c(s)}let i=await F({operation:"register",eventEmitter:t,start:()=>r.startRegister({external_user_id:n}),createOptions:s=>S(s.challenge,e.authenticatorType),invoke:async s=>{let a={...s,...e.signal&&{signal:e.signal}};return navigator.credentials.create(a)},finish:async(s,a)=>{let u=await r.finishRegister({session_id:s.session_id,credential:O(a),...e.successUrl&&{success_url:e.successUrl}});return u.ok?p({success:true,credentialId:u.value.credential_id,credential_id:u.value.credential_id,status:u.value.status,sessionToken:u.value.session_token,user:{userId:u.value.user.user_id,externalUserId:u.value.user.external_user_id,email:u.value.user.email,metadata:u.value.user.metadata},...u.value.redirect_url&&{redirectUrl:u.value.redirect_url}}):c(u.error)}});return i.ok&&t.emit("success",{type:"success",operation:"register",token:i.value.sessionToken,user:i.value.user}),i}async function Ue(e,r,t){let n=e.externalUserId??e.external_user_id,i=n!==void 0&&typeof n=="string"&&n.trim()!=="",s=await F({operation:"authenticate",eventEmitter:t,start:()=>r.startAuth(i?{external_user_id:n.trim()}:{}),createOptions:a=>ye(a.challenge,e.mediation),invoke:async a=>{let u={...a,...e.signal&&{signal:e.signal}};return navigator.credentials.get(u)},finish:async(a,u)=>{let m=await r.finishAuthentication({session_id:a.session_id,credential:H(u),...e.successUrl&&{success_url:e.successUrl}});return m.ok?p({authenticated:m.value.authenticated,sessionToken:m.value.session_token,user:{userId:m.value.user.user_id,externalUserId:m.value.user.external_user_id,email:m.value.user.email,metadata:m.value.user.metadata},signals:m.value.signals,...m.value.redirect_url&&{redirectUrl:m.value.redirect_url}}):c(m.error)}});return s.ok&&t.emit("success",{type:"success",operation:"authenticate",token:s.value.sessionToken,user:s.value.user}),s}async function $(e,r){return r?r.aborted?"aborted":new Promise(t=>{let n=()=>{i(),t("aborted");},i=()=>{clearTimeout(s),r.removeEventListener("abort",n);},s=setTimeout(()=>{i(),t("completed");},e);r.addEventListener("abort",n);}):(await new Promise(t=>setTimeout(t,e)),"completed")}var ur=2e3,cr=60,X=class{constructor(r){this.apiClient=r;}async startFlow(r,t){let n=await this.apiClient.startOnboarding({user_role:r.user_role});if(!n.ok)return c(n.error);let{session_id:i}=n.value;for(let s=0;s<cr;s++){if(t?.aborted)return c(f("ABORT_ERROR","Operation aborted by user or timeout"));if(await $(ur,t)==="aborted")return c(f("ABORT_ERROR","Operation aborted by user or timeout"));let u=await this.apiClient.getOnboardingStatus(i);if(!u.ok)return c(u.error);let m=u.value.status,v=u.value.onboarding_url;if(m==="pending_passkey"){let R=await this.apiClient.getOnboardingRegister(i);if(!R.ok)return c(R.error);let E=R.value;if(!E.challenge)return c(f("NOT_SUPPORTED","Onboarding requires user action - complete passkey registration at the provided onboarding_url",{onboarding_url:v}));let h=S(E.challenge);if(!h.ok)return c(h.error);let x;try{x=await navigator.credentials.create(h.value);}catch(A){return c(b(A))}try{C(x,"create");}catch(A){return c(b(A))}let T;try{T=O(x);}catch(A){return c(b(A))}let P=await this.apiClient.registerOnboardingPasskey(i,{credential:T,challenge:E.challenge.challenge});return P.ok?await this.apiClient.completeOnboarding(i,{company_name:r.company_name}):c(P.error)}if(m==="completed")return await this.apiClient.completeOnboarding(i,{company_name:r.company_name})}return c(f("TIMEOUT","Onboarding timed out"))}};var pr=2e3,dr=60,G=class{constructor(r){this.apiClient=r;}async init(){return this.apiClient.initCrossDeviceAuth()}async initRegistration(r){return this.apiClient.initCrossDeviceRegistration(r)}async waitForSession(r,t,n){if(t?.aborted)return c(f("ABORT_ERROR","Operation aborted by user or timeout"));for(let i=0;i<dr;i++){let s=await this.apiClient.getCrossDeviceStatus(r,n);if(!s.ok)return c(s.error);if(s.value.status==="completed"){if(!s.value.session_token||!s.value.user_id)return c(f("UNKNOWN_ERROR","Missing data in completed session"));let u=s.value.redirect_url!=null&&s.value.redirect_url!==""?s.value.redirect_url:void 0;return p({session_token:s.value.session_token,user_id:s.value.user_id,...u!==void 0&&{redirectUrl:u}})}if(await $(pr,t)==="aborted")return c(f("ABORT_ERROR","Operation aborted by user or timeout"))}return c(f("TIMEOUT","Cross-device authentication timed out"))}async approve(r){let t=await this.apiClient.getCrossDeviceContext(r);if(!t.ok)return c(t.error);let n=t.value;return n.type==="registration"?this.executeRegistrationApproval(r,n):this.executeAuthApproval(r,n)}async executeRegistrationApproval(r,t){let n=S(t.options);if(!n.ok)return c(n.error);let i;try{i=await navigator.credentials.create(n.value);}catch(a){return c(b(a))}try{C(i,"create");}catch(a){return c(b(a))}let s;try{s=O(i);}catch(a){return c(b(a))}return this.apiClient.verifyCrossDeviceRegistration({session_id:r,credential:s})}async executeAuthApproval(r,t){let n=ye(t.options);if(!n.ok)return c(n.error);let i;try{i=await navigator.credentials.get(n.value);}catch(a){return c(b(a))}try{C(i,"get");}catch(a){return c(b(a))}let s;try{s=H(i);}catch(a){return c(b(a))}return this.apiClient.verifyCrossDeviceAuth({session_id:r,credential:s})}};var z=class{handlers;constructor(){this.handlers=new Map;}on(r,t){let n=this.handlers.get(r);return n||(n=new Set,this.handlers.set(r,n)),n.add(t),()=>{this.off(r,t);}}off(r,t){let n=this.handlers.get(r);n&&(n.delete(t),n.size===0&&this.handlers.delete(r));}emit(r,t){let n=this.handlers.get(r);if(n)for(let i of n)try{i(t);}catch{}}removeAllListeners(){this.handlers.clear();}};var ve="https://api.trymellonauth.com",Ne="https://api.trymellonauth.com/v1/telemetry";var he="trymellon_sandbox_session_token_v1";function Fe(e){return {async send(r){let t=JSON.stringify(r);if(typeof navigator<"u"&&typeof navigator.sendBeacon=="function"){navigator.sendBeacon(e,t);return}typeof fetch<"u"&&await fetch(e,{method:"POST",body:t,headers:{"Content-Type":"application/json"},keepalive:true});}}}function be(e,r){return {event:e,latencyMs:r,ok:true}}var Y=class{constructor(r,t,n,i,s){this.apiClient=r;this.eventEmitter=t;this.sandbox=n;this.sandboxToken=i;this.telemetrySender=s;}async sandboxAuthResult(r,t){let n="externalUserId"in t?t.externalUserId??t.external_user_id??"sandbox":t.external_user_id??t.externalUserId??"sandbox",i=typeof n=="string"?n:"sandbox";return r==="register"?Promise.resolve(p({success:true,credentialId:"",status:"sandbox",sessionToken:this.sandboxToken,user:{userId:"sandbox-user",externalUserId:i}})):Promise.resolve(p({authenticated:true,sessionToken:this.sandboxToken,user:{userId:"sandbox-user",externalUserId:i}}))}async register(r){if(this.sandbox){let i=await this.sandboxAuthResult("register",r);return i.ok&&this.eventEmitter.emit("success",{type:"success",operation:"register",token:i.value.sessionToken,user:i.value.user}),i}let t=Date.now(),n=await we(r,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(be("register",Date.now()-t)).catch(()=>{}),n}async authenticate(r){if(this.sandbox){let i=await this.sandboxAuthResult("authenticate",r);return i.ok&&this.eventEmitter.emit("success",{type:"success",operation:"authenticate",token:i.value.sessionToken,user:i.value.user}),i}let t=Date.now(),n=await Ue(r,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(be("authenticate",Date.now()-t)).catch(()=>{}),n}};async function Le(e,r,t){let n=e.externalUserId??e.external_user_id;if(!n||typeof n!="string"||n.trim()===""){let s=y("externalUserId","must be a non-empty string");return t.emit("error",{type:"error",error:s}),c(s)}if(!e.otp||typeof e.otp!="string"||e.otp.trim().length!==6){let s=y("otp","must be a 6-digit string");return t.emit("error",{type:"error",error:s}),c(s)}let i=await F({operation:"register",eventEmitter:t,start:()=>r.verifyAccountRecoveryOtp(n,e.otp),createOptions:s=>S(s.challenge),invoke:async s=>navigator.credentials.create(s),finish:async(s,a)=>{let u=await r.completeAccountRecovery(s.recovery_session_id,O(a));if(!u.ok)return c(u.error);let{credential_id:m,status:v,session_token:R,user:E,redirect_url:h}=u.value;return p({success:true,credentialId:m,status:v,sessionToken:R,user:{userId:E.user_id,externalUserId:E.external_user_id,email:E.email,metadata:E.metadata},...h!==void 0&&{redirectUrl:h}})}});return i.ok&&t.emit("success",{type:"success",operation:"register",token:i.value.sessionToken,user:i.value.user}),i}var J=class{constructor(r,t){this.apiClient=r;this.eventEmitter=t;}recover(r){return Le(r,this.apiClient,this.eventEmitter)}};var Ee=class e{sandbox;sandboxToken;apiClient;eventEmitter;telemetrySender;crossDeviceManager;authService;recoveryService;onboarding;static create(r){try{let t=r.appId,n=r.publishableKey;if(!t||typeof t!="string"||t.trim()==="")return c(y("appId","must be a non-empty string"));if(!n||typeof n!="string"||n.trim()==="")return c(y("publishableKey","must be a non-empty string"));let i=r.apiBaseUrl??ve;ee(i,"apiBaseUrl");let s=r.timeoutMs??3e4;return k(s,"timeoutMs",1e3,3e5),r.maxRetries!==void 0&&k(r.maxRetries,"maxRetries",0,10),r.retryDelayMs!==void 0&&k(r.retryDelayMs,"retryDelayMs",100,1e4),p(new e(r))}catch(t){return L(t)?c(t):c(y("config",t.message))}}constructor(r){this.sandbox=r.sandbox===true,this.sandboxToken=this.sandbox&&r.sandboxToken!=null&&r.sandboxToken!==""?r.sandboxToken:he;let t=r.appId,n=r.publishableKey;if(!t||typeof t!="string"||t.trim()==="")throw y("appId","must be a non-empty string");if(!n||typeof n!="string"||n.trim()==="")throw y("publishableKey","must be a non-empty string");let i=r.apiBaseUrl??ve;ee(i,"apiBaseUrl");let s=r.timeoutMs??3e4;k(s,"timeoutMs",1e3,3e5),r.maxRetries!==void 0&&k(r.maxRetries,"maxRetries",0,10),r.retryDelayMs!==void 0&&k(r.retryDelayMs,"retryDelayMs",100,1e4);let a=r.maxRetries??3,u=r.retryDelayMs??1e3,m=new B(s,a,u,r.logger),v=r.origin??(typeof window<"u"&&window?.location?.origin?window.location.origin:void 0),R={"X-App-Id":t.trim(),Authorization:`Bearer ${n.trim()}`,...v&&{Origin:v}};this.apiClient=new W(m,i,R),this.eventEmitter=new z,r.enableTelemetry&&(this.telemetrySender=r.telemetrySender??Fe(r.telemetryEndpoint??Ne)),this.authService=new Y(this.apiClient,this.eventEmitter,this.sandbox,this.sandboxToken,this.telemetrySender),this.recoveryService=new J(this.apiClient,this.eventEmitter),this.onboarding=new X(this.apiClient),this.crossDeviceManager=new G(this.apiClient);}static isSupported(){return w()}async register(r){return this.authService.register(r)}async authenticate(r){return this.authService.authenticate(r)}async validateSession(r){return this.sandbox&&r===this.sandboxToken?Promise.resolve(p({valid:true,user_id:"sandbox-user",external_user_id:"sandbox",tenant_id:"sandbox-tenant",app_id:"sandbox-app"})):this.apiClient.validateSession(r)}async getStatus(){return De()}on(r,t){return this.eventEmitter.on(r,t)}version(){return "2.0.0"}fallback={email:{start:async r=>this.apiClient.startEmailFallback(r),verify:async r=>{let t=await this.apiClient.verifyEmailCode({userId:r.userId,code:r.code,...r.successUrl&&{successUrl:r.successUrl}});return t.ok?p({sessionToken:t.value.sessionToken,...t.value.redirectUrl&&{redirectUrl:t.value.redirectUrl}}):t}}};auth={crossDevice:{init:()=>this.crossDeviceManager.init(),initRegistration:r=>this.crossDeviceManager.initRegistration(r??{}),waitForSession:(r,t,n)=>this.crossDeviceManager.waitForSession(r,t,n),getContext:r=>this.apiClient.getCrossDeviceContext(r),approve:r=>this.crossDeviceManager.approve(r)},recoverAccount:r=>this.recoveryService.recover(r)}};var _e=class{debug(r,t){t&&Object.keys(t).length>0?console.debug(`[TryMellon] ${r}`,t):console.debug(`[TryMellon] ${r}`);}info(r,t){t&&Object.keys(t).length>0?console.info(`[TryMellon] ${r}`,t):console.info(`[TryMellon] ${r}`);}warn(r,t){t&&Object.keys(t).length>0?console.warn(`[TryMellon] ${r}`,t):console.warn(`[TryMellon] ${r}`);}error(r,t){t&&Object.keys(t).length>0?console.error(`[TryMellon] ${r}`,t):console.error(`[TryMellon] ${r}`);}};
2
+ exports.ConsoleLogger=_e;exports.SANDBOX_SESSION_TOKEN=he;exports.TryMellon=Ee;exports.TryMellonError=U;exports.createError=f;exports.createInvalidArgumentError=y;exports.createNetworkError=ze;exports.createNotSupportedError=Z;exports.createTimeoutError=Ye;exports.createUserCancelledError=Ge;exports.err=c;exports.isTryMellonError=L;exports.mapWebAuthnError=b;exports.ok=p;return exports;})({});//# sourceMappingURL=index.global.js.map
3
3
  //# sourceMappingURL=index.global.js.map