npm - @trymellon/js - Versions diffs - 2.3.2 → 2.3.4 - Mend

@trymellon/js 2.3.2 → 2.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/ui/index.js CHANGED Viewed

@@ -488,5 +488,5 @@ function ro(t){if(t.recommendedFlow==="fallback")return t.fallbackType==="email"
 }
 `.trim();function dn(){return ve+`
 `+un}function cn(){if(!ln)return null;try{let t=new CSSStyleSheet;return t.replaceSync(ve+`
-`+un),t}catch{return null}}var $t="https://api.trymellonauth.com",pn="https://api.trymellonauth.com/v1/telemetry";var mn="trymellon_sandbox_session_token_v1",gn="https://trymellon.com/docs/getting-started#sandbox",fn="/v1/enrollment-bridge",hn="/v1/auth-bridge";var c=t=>({ok:!0,value:t}),l=t=>({ok:!1,error:t});var qe=class t extends Error{code;details;isTryMellonError=!0;constructor(e,r,n){super(r),this.name="TryMellonError",this.code=e,this.details=n,Error.captureStackTrace&&Error.captureStackTrace(this,t)}},Ao={NOT_SUPPORTED:"WebAuthn is not supported in this environment",USER_CANCELLED:"User cancelled the operation",PASSKEY_NOT_FOUND:"Passkey not found",SESSION_EXPIRED:"Session has expired",NETWORK_FAILURE:"Network request failed",INVALID_ARGUMENT:"Invalid argument provided",TIMEOUT:"Operation timed out",ABORTED:"Operation was aborted",ABORT_ERROR:"Operation aborted by user or timeout",CHALLENGE_MISMATCH:"This link was already used or expired. Please try again from your computer.",TICKET_NOT_FOUND:"Enrollment ticket not found or invalid",TICKET_EXPIRED:"Enrollment ticket has expired",TICKET_ALREADY_USED:"Enrollment ticket was already used",PIN_MISMATCH:"PIN does not match",PIN_LOCKED:"PIN is locked due to too many failed attempts",BRIDGE_SESSION_EXPIRED:"Bridge session has expired",UNKNOWN_ERROR:"An unknown error occurred"};function E(t,e,r){return new qe(t,e??Ao[t],r)}function zt(t){return t instanceof qe||typeof t=="object"&&t!==null&&"isTryMellonError"in t&&t.isTryMellonError===!0}function En(){return E("NOT_SUPPORTED")}function R(t,e){return E("INVALID_ARGUMENT",`Invalid argument: ${t} - ${e}`,{field:t,reason:e})}function bn(t){return E("UNKNOWN_ERROR",`Failed to ${t} credential`,{operation:t})}function Xt(t){return E("NOT_SUPPORTED",`No base64 ${t==="encode"?"encoding":"decoding"} available`,{type:t})}function yn(t,e){try{let r=new URL(t);if(r.protocol!=="https:"&&r.protocol!=="http:")throw R(e,"must use http or https protocol")}catch(r){throw zt(r)?r:R(e,"must be a valid URL")}}function Ge(t,e,r,n){if(!Number.isFinite(t))throw R(e,"must be a finite number");if(t<r||t>n)throw R(e,`must be between ${r} and ${n}`)}function je(t,e){if(typeof t!="string"||t.length===0)throw R(e,"must be a non-empty string");if(!/^[A-Za-z0-9_-]+$/.test(t))throw R(e,"must be a valid base64url string")}var vo={NotAllowedError:"USER_CANCELLED",AbortError:"ABORTED",NotSupportedError:"NOT_SUPPORTED",SecurityError:"NOT_SUPPORTED",InvalidStateError:"UNKNOWN_ERROR",UnknownError:"UNKNOWN_ERROR"},So=["origin_not_allowed","origin_not_allowed_for_application"];function Qt(t){return So.includes(t)}function X(t){if(typeof t!="string")return"UNKNOWN_ERROR";let e=t.toLowerCase().trim();return{challenge_mismatch:"CHALLENGE_MISMATCH",session_expired:"SESSION_EXPIRED",unauthorized:"SESSION_EXPIRED",validation_error:"INVALID_ARGUMENT",invalid_argument:"INVALID_ARGUMENT",user_not_found:"SESSION_EXPIRED",passkey_not_found:"PASSKEY_NOT_FOUND",ticket_not_found:"TICKET_NOT_FOUND",ticket_expired:"TICKET_EXPIRED",ticket_already_consumed:"TICKET_ALREADY_USED",not_found:"TICKET_NOT_FOUND",expired:"TICKET_EXPIRED",already_consumed:"TICKET_ALREADY_USED",context_mismatch:"CHALLENGE_MISMATCH",challenge_not_found:"CHALLENGE_MISMATCH",invalid_ticket_id:"INVALID_ARGUMENT",invalid_context_hash:"INVALID_ARGUMENT",invalid_ticket_status:"INVALID_ARGUMENT",invalid_config:"INVALID_ARGUMENT",enrollment_not_enabled:"INVALID_ARGUMENT",pin_mismatch:"PIN_MISMATCH",pin_locked:"PIN_LOCKED",bridge_not_enabled:"UNKNOWN_ERROR",bridge_session_expired:"BRIDGE_SESSION_EXPIRED",session_not_found:"BRIDGE_SESSION_EXPIRED",origin_not_allowed:"INVALID_ARGUMENT",origin_not_allowed_for_application:"INVALID_ARGUMENT"}[e]??"UNKNOWN_ERROR"}function _(t){if(t instanceof DOMException){let e=t.name,r=t.message||"WebAuthn operation failed",n=vo[e]??"UNKNOWN_ERROR";return E(n,r,{originalError:t})}return t instanceof Error?E("UNKNOWN_ERROR",t.message,{originalError:t}):E("UNKNOWN_ERROR","An unknown error occurred",{originalError:t})}function h(t){return typeof t=="object"&&t!==null&&!Array.isArray(t)}function d(t){return typeof t=="string"}function V(t){return typeof t=="number"&&Number.isFinite(t)}function Ye(t){return typeof t=="boolean"}function ee(t){return Array.isArray(t)}function s(t,e){return l(E("UNKNOWN_ERROR",t,{...e,originalData:e?.originalData}))}function m(t,e){return t[e]}function To(t,e){return!h(t)||!d(t.name)||!d(t.id)?s("Invalid API response: challenge.rp must have name and id strings",{originalData:e}):c(!0)}function Co(t,e){return!h(t)||!d(t.id)||!d(t.name)||!d(t.displayName)?s("Invalid API response: challenge.user must have id, name, displayName strings",{originalData:e}):c(!0)}function Io(t,e){if(!ee(t))return s("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:e});for(let r of t)if(!h(r)||r.type!=="public-key"||!V(r.alg))return s("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:e});return c(!0)}function We(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"session_id");if(!d(e))return s("Invalid API response: session_id must be string",{field:"session_id",originalData:t});let r=m(t,"challenge");if(!h(r))return s("Invalid API response: challenge must be object",{field:"challenge",originalData:t});let n=To(m(r,"rp"),t);if(!n.ok)return n;let o=Co(m(r,"user"),t);if(!o.ok)return o;let i=m(r,"challenge");if(!d(i))return s("Invalid API response: challenge.challenge must be string",{originalData:t});let a=Io(m(r,"pubKeyCredParams"),t);if(!a.ok)return a;let u=r.timeout;if(u!==void 0&&!V(u))return s("Invalid API response: challenge.timeout must be number",{originalData:t});let p=r.excludeCredentials;if(p!==void 0){if(!ee(p))return s("Invalid API response: excludeCredentials must be array",{originalData:t});for(let f of p)if(!h(f)||f.type!=="public-key"||!d(f.id))return s("Invalid API response: excludeCredentials items must have id and type",{originalData:t})}let g=r.authenticatorSelection;return g!==void 0&&!h(g)?s("Invalid API response: authenticatorSelection must be object",{originalData:t}):c({session_id:e,challenge:{rp:r.rp,user:r.user,challenge:i,pubKeyCredParams:r.pubKeyCredParams,...u!==void 0&&{timeout:u},...p!==void 0&&{excludeCredentials:p},...g!==void 0&&{authenticatorSelection:g}}})}function Jt(t,e){if(!h(t))return s("Invalid API response: user must be object",{field:"user",originalData:e});let r=m(t,"user_id"),n=m(t,"external_user_id");if(!d(r)||!d(n))return s("Invalid API response: user must have user_id and external_user_id strings",{originalData:e});let o=t.email,i=t.metadata;return o!==void 0&&!d(o)?s("Invalid API response: user.email must be string",{originalData:e}):i!==void 0&&(typeof i!="object"||i===null)?s("Invalid API response: user.metadata must be object",{originalData:e}):c({user_id:r,external_user_id:n,...o!==void 0&&{email:o},...i!==void 0&&{metadata:i}})}function Zt(t){let e=We(t);return e.ok?c({session_id:e.value.session_id,challenge:e.value.challenge}):e}function er(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"session_id");if(!d(e))return s("Invalid API response: session_id must be string",{field:"session_id",originalData:t});let r=m(t,"challenge");if(!h(r))return s("Invalid API response: challenge must be object",{field:"challenge",originalData:t});let n=m(r,"challenge"),o=m(r,"rpId"),i=r.allowCredentials;if(!d(n))return s("Invalid API response: challenge.challenge must be string",{originalData:t});if(!d(o))return s("Invalid API response: challenge.rpId must be string",{originalData:t});if(i!==void 0&&!ee(i))return s("Invalid API response: allowCredentials must be array",{originalData:t});if(i){for(let p of i)if(!h(p)||p.type!=="public-key"||!d(p.id))return s("Invalid API response: allowCredentials items must have id and type",{originalData:t})}let a=r.timeout;if(a!==void 0&&!V(a))return s("Invalid API response: challenge.timeout must be number",{originalData:t});let u=r.userVerification;return u!==void 0&&!["required","preferred","discouraged"].includes(String(u))?s("Invalid API response: userVerification must be required|preferred|discouraged",{originalData:t}):c({session_id:e,challenge:{challenge:n,rpId:o,allowCredentials:i??[],...a!==void 0&&{timeout:a},...u!==void 0&&{userVerification:u}}})}function tr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"credential_id"),r=m(t,"status"),n=m(t,"session_token"),o=m(t,"user");if(!d(e))return s("Invalid API response: credential_id must be string",{field:"credential_id",originalData:t});if(!d(r))return s("Invalid API response: status must be string",{field:"status",originalData:t});if(!d(n))return s("Invalid API response: session_token must be string",{field:"session_token",originalData:t});let i=Jt(o,t);if(!i.ok)return l(i.error);let a=t.redirect_url;return a!==void 0&&!d(a)?s("Invalid API response: redirect_url must be string",{originalData:t}):c({credential_id:e,status:r,session_token:n,user:i.value,...a!==void 0&&{redirect_url:a}})}function rr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"authenticated"),r=m(t,"session_token"),n=m(t,"user"),o=m(t,"signals");if(!Ye(e))return s("Invalid API response: authenticated must be boolean",{field:"authenticated",originalData:t});if(!d(r))return s("Invalid API response: session_token must be string",{field:"session_token",originalData:t});let i=Jt(n,t);if(!i.ok)return l(i.error);if(o!==void 0&&!h(o))return s("Invalid API response: signals must be object",{originalData:t});let a=t.redirect_url;return a!==void 0&&!d(a)?s("Invalid API response: redirect_url must be string",{originalData:t}):c({authenticated:e,session_token:r,user:i.value,signals:o,...a!==void 0&&{redirect_url:a}})}function nr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"valid"),r=m(t,"user_id"),n=m(t,"external_user_id"),o=m(t,"tenant_id"),i=m(t,"app_id");return Ye(e)?d(r)?d(n)?d(o)?d(i)?c({valid:e,userId:r,externalUserId:n,tenantId:o,appId:i}):s("Invalid API response: app_id must be string",{field:"app_id",originalData:t}):s("Invalid API response: tenant_id must be string",{field:"tenant_id",originalData:t}):s("Invalid API response: external_user_id must be string",{field:"external_user_id",originalData:t}):s("Invalid API response: user_id must be string",{field:"user_id",originalData:t}):s("Invalid API response: valid must be boolean",{field:"valid",originalData:t})}function or(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=t.session_token??t.sessionToken;if(!d(e))return s("Invalid API response: session_token/sessionToken must be string",{field:"session_token",originalData:t});let r=t.redirect_url;return r!==void 0&&!d(r)?s("Invalid API response: redirect_url must be string",{originalData:t}):c({sessionToken:e,...r!==void 0&&{redirectUrl:r}})}var Lo=["pending_passkey","pending_data","completed"],Mo=["pending_data","completed"];function ir(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"session_id"),r=m(t,"onboarding_url"),n=m(t,"expires_in");return d(e)?d(r)?V(n)?c({session_id:e,onboarding_url:r,expires_in:n}):s("Invalid API response: expires_in must be number",{field:"expires_in",originalData:t}):s("Invalid API response: onboarding_url must be string",{field:"onboarding_url",originalData:t}):s("Invalid API response: session_id must be string",{field:"session_id",originalData:t})}function sr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"status"),r=m(t,"onboarding_url"),n=m(t,"expires_in");return!d(e)||!Lo.includes(e)?s("Invalid API response: status must be pending_passkey|pending_data|completed",{field:"status",originalData:t}):d(r)?V(n)?c({status:e,onboarding_url:r,expires_in:n}):s("Invalid API response: expires_in must be number",{originalData:t}):s("Invalid API response: onboarding_url must be string",{originalData:t})}function ar(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"session_id"),r=m(t,"status"),n=m(t,"onboarding_url");if(!d(e))return s("Invalid API response: session_id must be string",{field:"session_id",originalData:t});if(r!=="pending_passkey")return s("Invalid API response: status must be pending_passkey",{field:"status",originalData:t});if(!d(n))return s("Invalid API response: onboarding_url must be string",{originalData:t});let o=t.challenge,i;if(o!==void 0){let a=Oo(o);if(!a.ok)return a;i=a.value}return c({session_id:e,status:"pending_passkey",onboarding_url:n,...i!==void 0&&{challenge:i}})}function Oo(t){if(!h(t))return s("Invalid API response: challenge must be object",{originalData:t});let e=m(t,"rp"),r=m(t,"user"),n=m(t,"challenge"),o=m(t,"pubKeyCredParams");if(!h(e)||!d(e.name)||!d(e.id))return s("Invalid API response: challenge.rp must have name and id",{originalData:t});if(!h(r)||!d(r.id)||!d(r.name)||!d(r.displayName))return s("Invalid API response: challenge.user must have id, name, displayName",{originalData:t});if(!d(n))return s("Invalid API response: challenge.challenge must be string",{originalData:t});if(!ee(o))return s("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:t});for(let i of o)if(!h(i)||i.type!=="public-key"||!V(i.alg))return s("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:t});return c({rp:e,user:r,challenge:n,pubKeyCredParams:o})}function lr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"session_id"),r=m(t,"status"),n=m(t,"user_id"),o=m(t,"tenant_id");return d(e)?!d(r)||!Mo.includes(r)?s("Invalid API response: status must be pending_data|completed",{originalData:t}):d(n)?d(o)?c({session_id:e,status:r,user_id:n,tenant_id:o}):s("Invalid API response: tenant_id must be string",{originalData:t}):s("Invalid API response: user_id must be string",{originalData:t}):s("Invalid API response: session_id must be string",{originalData:t})}function ur(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"session_id"),r=m(t,"status"),n=m(t,"user_id"),o=m(t,"tenant_id"),i=m(t,"session_token");return d(e)?r!=="completed"?s("Invalid API response: status must be completed",{originalData:t}):!d(n)||!d(o)||!d(i)?s("Invalid API response: user_id, tenant_id, session_token must be strings",{originalData:t}):c({session_id:e,status:"completed",user_id:n,tenant_id:o,session_token:i}):s("Invalid API response: session_id must be string",{originalData:t})}function $e(t){return t==null?c(void 0):h(t)&&Object.keys(t).length===0?c(void 0):s("Invalid API response: expected empty body (204)",{originalData:t})}function xo(t){if(!t||typeof t!="object")return!1;let e=t;return typeof e.challenge=="string"&&e.rp!=null&&typeof e.rp=="object"&&e.user!=null&&typeof e.user=="object"&&Array.isArray(e.pubKeyCredParams)}function ko(t){if(!t||typeof t!="object")return!1;let e=t;return typeof e.challenge=="string"&&typeof e.rpId=="string"}function ze(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e="resultado"in t&&h(t.resultado)?t.resultado:t,r=e.session_id,n=e.qr_url,o=e.expires_at,i=e.polling_token;if(!d(r)||!d(n)||!d(o)||!d(i))return s("Invalid API response: missing required fields",{originalData:t});let a={session_id:r,qr_url:n,expires_at:o,polling_token:i};return e.external_user_id!==void 0&&d(e.external_user_id)&&(a.external_user_id=e.external_user_id),c(a)}function dr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e="resultado"in t&&h(t.resultado)?t.resultado:t,r=e.status;if(!d(r)||!["pending","authenticated","completed"].includes(r))return s("Invalid API response: invalid status",{originalData:t});let n=e.user_id,o=e.session_token,i=e.redirect_url;return n!==void 0&&!d(n)?s("Invalid API response: user_id must be a string when present",{originalData:t}):o!==void 0&&!d(o)?s("Invalid API response: session_token must be a string when present",{originalData:t}):i!==void 0&&!d(i)?s("Invalid API response: redirect_url must be a string when present",{originalData:t}):c({status:r,user_id:n,session_token:o,redirect_url:i})}function cr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=t.type,r=e==="registration"?"registration":"auth",n=t.options;if(!h(n))return s("Invalid API response: options are required",{originalData:t});let o=200,i=_n(t.approval_context,o),a=_n(t.application_name,o);if(i===!1||a===!1)return s("Invalid API response: approval_context/application_name must be string max 200 chars",{originalData:t});let u={};return typeof i=="string"&&(u.approval_context=i),typeof a=="string"&&(u.application_name=a),r==="registration"?xo(n)?c({type:"registration",options:n,...u}):s("Invalid API response: registration options must have challenge, rp, user, pubKeyCredParams",{originalData:t}):ko(n)?c({type:"auth",options:n,...u}):s("Invalid API response: auth options must have challenge and rpId",{originalData:t})}function _n(t,e){if(t!=null)return typeof t!="string"||t.length>e?!1:t}function pr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"challenge"),r=m(t,"recovery_session_id");return h(e)?d(r)?c({challenge:e,recovery_session_id:r}):s("Invalid API response: recovery_session_id must be string",{field:"recovery_session_id",originalData:t}):s("Invalid API response: challenge must be object",{field:"challenge",originalData:t})}function mr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"status"),r=m(t,"session_token"),n=m(t,"user"),o=m(t,"credential_id");if(!d(e))return s("Invalid API response: status must be string",{field:"status",originalData:t});if(!d(r))return s("Invalid API response: session_token must be string",{field:"session_token",originalData:t});if(!d(o))return s("Invalid API response: credential_id must be string",{field:"credential_id",originalData:t});if(!h(n))return s("Invalid API response: user must be object",{field:"user",originalData:t});let i=m(n,"user_id");if(!d(i))return s("Invalid API response: user.user_id must be string",{field:"user.user_id",originalData:t});let u=t.redirect_url;if(u!==void 0&&!d(u))return s("Invalid API response: redirect_url must be string",{field:"redirect_url",originalData:t});let p=n;return c({status:e,session_token:r,credential_id:o,user:{user_id:i,external_user_id:d(p.external_user_id)?p.external_user_id:void 0,email:d(p.email)?p.email:void 0,metadata:h(p.metadata)?p.metadata:void 0},...u!==void 0&&{redirect_url:u}})}function gr(t){let e=We(t);return e.ok?c({session_id:e.value.session_id,challenge:e.value.challenge}):e}function Do(t,e){if(!h(t))return s("Invalid API response: user must be object",{field:"user",originalData:e});let r=m(t,"user_id");if(!d(r))return s("Invalid API response: user.user_id must be string",{originalData:e});let n=t.external_user_id;if(n!==void 0&&!d(n))return s("Invalid API response: user.external_user_id must be string",{originalData:e});let o=t.email;if(o!==void 0&&!d(o))return s("Invalid API response: user.email must be string",{originalData:e});let i=t.metadata;return i!==void 0&&(typeof i!="object"||i===null)?s("Invalid API response: user.metadata must be object",{originalData:e}):c({user_id:r,...n!==void 0&&{external_user_id:n},...o!==void 0&&{email:o},...i!==void 0&&{metadata:i}})}function fr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"credential_id"),r=m(t,"status"),n=m(t,"session_token"),o=m(t,"user");if(!d(e))return s("Invalid API response: credential_id must be string",{field:"credential_id",originalData:t});if(!d(r))return s("Invalid API response: status must be string",{field:"status",originalData:t});if(!d(n))return s("Invalid API response: session_token must be string",{field:"session_token",originalData:t});let i=Do(o,t);return i.ok?c({credential_id:e,status:r,session_token:n,user:i.value}):i}var No=["pending","pin_verified","pin_locked","completed"];function hr(t){if(!h(t))return s("Invalid bridge context response: expected object",{originalData:t});let e=m(t,"type");if(e!=="auth"&&e!=="registration")return s('Invalid bridge context response: type must be "auth" or "registration"',{field:"type",expected:"auth | registration",originalData:t});let r=m(t,"options");if(!h(r))return s("Invalid bridge context response: options must be object",{field:"options",originalData:t});let n=t.application_name;return n!==void 0&&!d(n)?s("Invalid bridge context response: application_name must be string",{field:"application_name",originalData:t}):c({type:e,options:r,...n!==void 0&&{application_name:n}})}function Er(t){if(!h(t))return s("Invalid bridge verify response: expected object",{originalData:t});let e=m(t,"session_id");if(!d(e)||e.trim()==="")return s("Invalid bridge verify response: session_id must be non-empty string (UUID expected)",{field:"session_id",originalData:t});let r=t.challenge;if(r!==void 0&&!d(r))return s("Invalid bridge verify response: challenge must be string when present",{field:"challenge",originalData:t});let n=t.registration_options;if(n!==void 0&&!h(n))return s("Invalid bridge verify response: registration_options must be object when present",{field:"registration_options",originalData:t});let o=t.authentication_options;return o!==void 0&&!h(o)?s("Invalid bridge verify response: authentication_options must be object when present",{field:"authentication_options",originalData:t}):c({session_id:e,...r!==void 0&&{challenge:r},...n!==void 0&&{registration_options:n},...o!==void 0&&{authentication_options:o}})}function br(t){if(!h(t))return s("Invalid bridge complete enrollment response: expected object",{originalData:t});let e=m(t,"credential_id"),r=m(t,"entity_id"),n=m(t,"user_id"),o=m(t,"session_token");return d(e)?d(r)?d(n)?d(o)?c({credential_id:e,entity_id:r,user_id:n,session_token:o}):s("Invalid bridge complete enrollment response: session_token must be string",{field:"session_token",originalData:t}):s("Invalid bridge complete enrollment response: user_id must be string",{field:"user_id",originalData:t}):s("Invalid bridge complete enrollment response: entity_id must be string",{field:"entity_id",originalData:t}):s("Invalid bridge complete enrollment response: credential_id must be string",{field:"credential_id",originalData:t})}function yr(t){if(!h(t))return s("Invalid bridge complete auth response: expected object",{originalData:t});let e=m(t,"session_token");return d(e)?c({session_token:e}):s("Invalid bridge complete auth response: session_token must be string",{field:"session_token",originalData:t})}function _r(t){if(!h(t))return s("Invalid bridge status response: expected object",{originalData:t});let e=m(t,"status");if(typeof e!="string"||!No.includes(e))return s("Invalid bridge status response: status must be one of pending, pin_verified, pin_locked, completed",{field:"status",originalData:t});let r=t.ts;return r!==void 0&&!d(r)?s("Invalid bridge status response: ts must be string when present",{field:"ts",originalData:t}):c({status:e,...r!==void 0&&{ts:r}})}var Xe=class{constructor(e,r,n={}){this.httpClient=e;this.baseUrl=r;this.defaultHeaders=n}mergeHeaders(e){return{...this.defaultHeaders,...e}}async post(e,r,n,o){let i=`${this.baseUrl}${e}`,a=await this.httpClient.post(i,r,this.mergeHeaders(o));return a.ok?n(a.value):l(a.error)}async get(e,r,n){let o=`${this.baseUrl}${e}`,i=await this.httpClient.get(o,this.mergeHeaders(n));return i.ok?r(i.value):l(i.error)}async startRegister(e){return this.post("/v1/passkeys/register/start",e,Zt)}async startAuth(e){return this.post("/v1/passkeys/auth/start",e,er)}async finishRegister(e){return this.post("/v1/passkeys/register/finish",e,tr)}async finishAuthentication(e){return this.post("/v1/passkeys/auth/finish",e,rr)}async validateSession(e){return this.get("/v1/sessions/validate",nr,{Authorization:`Bearer ${e}`})}async startEmailFallback(e){let r=`${this.baseUrl}/v1/fallback/email/start`,n=await this.httpClient.post(r,{userId:e.userId,email:e.email},this.mergeHeaders());return n.ok?c(void 0):l(n.error)}async verifyEmailCode(e){let r={userId:e.userId,code:e.code};return e.successUrl&&(r.success_url=e.successUrl),this.post("/v1/fallback/email/verify",r,or)}async startOnboarding(e){return this.post("/v1/onboarding/start",e,ir)}async getOnboardingStatus(e){return this.get(`/v1/onboarding/${e}/status`,sr)}async getOnboardingRegister(e){return this.get(`/v1/onboarding/${e}/register`,ar)}async registerOnboardingPasskey(e,r){return this.post(`/v1/onboarding/${e}/register-passkey`,r,lr)}async completeOnboarding(e,r){return this.post(`/v1/onboarding/${e}/complete`,r,ur)}async initCrossDeviceAuth(){return this.post("/v1/auth/cross-device/init",{},ze)}async initCrossDeviceRegistration(e){let r=typeof e?.externalUserId=="string"?e.externalUserId.trim():"",n=r.length>0?{external_user_id:r}:{};return this.post("/v1/auth/cross-device/init-registration",n,ze)}async getCrossDeviceStatus(e,r){let n={};return typeof r=="string"&&r.length>0&&(n["X-Polling-Token"]=r),this.get(`/v1/auth/cross-device/status/${e}`,dr,Object.keys(n).length>0?n:void 0)}async getCrossDeviceContext(e){return this.get(`/v1/auth/cross-device/context/${e}`,cr)}async verifyCrossDeviceAuth(e){return this.post("/v1/auth/cross-device/verify",e,$e)}async verifyCrossDeviceRegistration(e){return this.post("/v1/auth/cross-device/verify-registration",e,$e)}async verifyAccountRecoveryOtp(e,r){return this.post("/v1/users/recovery/verify",{external_id:e,otp:r},pr)}async completeAccountRecovery(e,r){return this.post("/v1/users/recovery/complete",{recovery_session_id:e,credential:r},mr)}async startEnrollment(e,r,n){return this.post("/v1/enrollment/register/options",{ticket_id:e,context_hash:r},gr,n)}async finishEnrollment(e,r,n){return this.post("/v1/enrollment/register",{...r,ticket_id:e},fr,n)}bridgePrefix(e){return e==="enrollment"?fn:hn}async getBridgeContext(e,r,n){return this.get(`${this.bridgePrefix(r)}/context/${e}`,hr,n)}async verifyBridgePin(e,r,n,o){return this.post(`${this.bridgePrefix(n)}/verify/${e}`,{pin:r},Er,o)}async completeBridgeEnrollment(e,r){return this.post(`${this.bridgePrefix("enrollment")}/complete`,e,br,r)}async completeBridgeAuth(e,r){return this.post(`${this.bridgePrefix("auth")}/complete`,e,yr,r)}getBridgeStatusUrl(e,r){return`${this.baseUrl}${this.bridgePrefix(r)}/status/${e}`}async getBridgeStatus(e,r,n){return this.get(`${this.bridgePrefix(r)}/status/${e}`,_r,n)}};function wo(t){return typeof t=="object"&&t!==null&&t.ok===!0&&"resultado"in t}function Rr(t){if(typeof t!="object"||t===null)return!1;let e=t;if(e.ok!==!1||!e.error||typeof e.error!="object")return!1;let r=e.error;return typeof r.code=="string"&&typeof r.message=="string"}var Po="https://trymellon.com/docs/getting-started#allowed-origins",Uo="Add your origin to allowed origins in the TryMellon dashboard.";function Rn(t){let e=t.error.hint??Uo,r=t.error.docs_url??Po;console.warn(`[TryMellon] ${e} See: ${r}`)}function An(t,e){if(Rr(t))return{message:t.error.message,code:X(t.error.code)};let r=t,n=r?.error;if(typeof n=="object"&&n!==null&&"code"in n&&typeof n.code=="string")return{message:n.message??r?.message??e,code:X(n.code)};let o=r?.message??e,i=r?.error,a=typeof i=="string"?X(i):i===void 0?"NETWORK_FAILURE":X(String(i));return{message:o,code:a}}function Bo(){if(typeof globalThis.crypto<"u"&&typeof globalThis.crypto.randomUUID=="function")return globalThis.crypto.randomUUID();throw new Error("Web Crypto API is required but not available.")}function vn(t,e){let r=e*Math.pow(2,t);return Math.min(r,3e4)}function Fo(t,e){return t!=="GET"?!1:e>=500||e===429}var Qe=class{constructor(e,r=0,n=1e3,o){this.timeoutMs=e;this.maxRetries=r;this.retryDelayMs=n;this.logger=o}async get(e,r){return this.request(e,{method:"GET",headers:r})}async post(e,r,n){return this.request(e,{method:"POST",body:JSON.stringify(r),headers:{"Content-Type":"application/json",...n}})}async request(e,r){let n=(r.method??"GET").toUpperCase(),o=Bo(),i=new Headers(r.headers);i.set("X-Request-Id",o),this.logger&&this.logger.debug("request",{requestId:o,url:e,method:n});let a;for(let u=0;u<=this.maxRetries;u++)try{let p=new AbortController,g=setTimeout(()=>p.abort(),this.timeoutMs);try{let f=await fetch(e,{...r,headers:i,signal:p.signal});if(!f.ok){let v;try{v=await f.json()}catch{}Rr(v)&&Qt(v.error.code)&&Rn(v);let{message:S,code:L}=An(v,f.statusText),C=E(L,S,{requestId:o,status:f.status,statusText:f.statusText,data:v});if(Fo(n,f.status)&&u<this.maxRetries){a=C,clearTimeout(g),await new Promise(Rt=>setTimeout(Rt,vn(u,this.retryDelayMs)));continue}return l(C)}if(f.status===204)return c(void 0);if(f.headers.get("content-length")==="0")return c(void 0);let b=await f.json();if(wo(b))return c(b.resultado);let A=b;if(typeof b=="object"&&b!==null&&A.ok===!0&&!("resultado"in A))return c(void 0);if(Rr(b)){Qt(b.error.code)&&Rn(b);let{message:v,code:S}=An(b,f.statusText);return l(E(S,v,{requestId:o,status:f.status,statusText:f.statusText,data:b}))}return c(b)}finally{clearTimeout(g)}}catch(p){if(a=p,n==="GET"&&u<this.maxRetries)await new Promise(f=>setTimeout(f,vn(u,this.retryDelayMs)));else break}return a instanceof Error&&a.name==="AbortError"?l(E("TIMEOUT","Request timed out",{requestId:o})):l(E("NETWORK_FAILURE",a instanceof Error?a.message:"Request failed",{requestId:o,cause:a}))}};function U(t){let e=new Uint8Array(t),r=Array.from(e,o=>String.fromCharCode(o)).join("");if(typeof globalThis.btoa>"u")throw Xt("encode");return globalThis.btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function Ko(t){if(typeof globalThis.atob>"u")throw Xt("decode");let e=t.replace(/-/g,"+").replace(/_/g,"/"),r=e.length%4,n=r===0?e:e+"=".repeat(4-r),o=globalThis.atob(n);return Uint8Array.from(o,i=>i.charCodeAt(0))}function te(t){return Ko(t).buffer}function Sn(t){return t!==null&&typeof t=="object"&&"clientDataJSON"in t&&t.clientDataJSON instanceof ArrayBuffer}function x(t){if(!t.response)throw E("UNKNOWN_ERROR","Credential response is missing",{credential:t});let e=t.response;if(!Sn(e))throw E("UNKNOWN_ERROR","Invalid credential response structure",{response:e});if(!("attestationObject"in e))throw E("UNKNOWN_ERROR","Invalid credential response structure for register: attestationObject is missing",{response:e});let r=e.clientDataJSON,n=e.attestationObject;return{id:t.id,rawId:U(t.rawId),response:{clientDataJSON:U(r),attestationObject:U(n)},type:"public-key"}}function re(t){if(!t.response)throw E("UNKNOWN_ERROR","Credential response is missing",{credential:t});let e=t.response;if(!Sn(e))throw E("UNKNOWN_ERROR","Invalid credential response structure",{response:e});if(!("authenticatorData"in e)||!("signature"in e))throw E("UNKNOWN_ERROR","Invalid credential response structure for auth: authenticatorData or signature is missing",{response:e});let r=e.clientDataJSON,n=e.authenticatorData,o=e.signature,i=e.userHandle;return{id:t.id,rawId:U(t.rawId),response:{authenticatorData:U(n),clientDataJSON:U(r),signature:U(o),...i&&{userHandle:U(i)}},type:"public-key"}}function O(t,e="create"){if(!t||typeof t!="object"||!("id"in t)||!("rawId"in t)||!("response"in t))throw bn(e)}function ne(){try{return!(typeof navigator>"u"||!navigator.credentials||typeof PublicKeyCredential>"u")}catch{return!1}}async function Vo(){try{return!ne()||typeof PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable!="function"?!1:await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()}catch{return!1}}async function Je(){let t=ne(),e=await Vo();return{isPasskeySupported:t,platformAuthenticatorAvailable:e,recommendedFlow:t?"passkey":"fallback"}}async function Se(t){let{operation:e,eventEmitter:r,start:n,createOptions:o,invoke:i,finish:a}=t;try{if(r.emit("start",{type:"start",operation:e}),!ne()){let y=En();return r.emit("error",{type:"error",error:y}),l(y)}let u=await n();if(!u.ok)return r.emit("error",{type:"error",error:u.error}),l(u.error);let p=o(u.value);if(!p.ok)return r.emit("error",{type:"error",error:p.error}),l(p.error);let g=await i(p.value);if(!g){let y=R("credential",`${e==="register"?"creation":"retrieval"} failed`);return r.emit("error",{type:"error",error:y}),l(y)}try{O(g)}catch(y){let b=_(y);return r.emit("error",{type:"error",error:b}),l(b)}let f=await a(u.value,g);return f.ok?c(f.value):(r.emit("error",{type:"error",error:f.error}),l(f.error))}catch(u){let p=_(u);return r.emit("error",{type:"error",error:p}),l(p)}}function w(t,e){try{je(t.challenge,"challenge"),je(t.user.id,"user.id");let r=te(t.challenge),n=te(t.user.id),o={userVerification:"preferred"};t.authenticatorSelection&&(o={...t.authenticatorSelection}),e&&(o={...o,authenticatorAttachment:e});let i={rp:{id:t.rp.id,name:t.rp.name},user:{id:n,name:t.user.name,displayName:t.user.displayName},challenge:r,pubKeyCredParams:t.pubKeyCredParams,...t.timeout!==void 0&&{timeout:t.timeout},attestation:"none",authenticatorSelection:o,...t.excludeCredentials&&{excludeCredentials:t.excludeCredentials.map(a=>({id:te(a.id),type:a.type,...a.transports&&{transports:a.transports}}))}};return c({publicKey:i})}catch(r){return l(_(r))}}async function Tn(t,e){let r=w(t);if(!r.ok)return l(r.error);let n={...r.value,...e!==void 0&&{signal:e}},o;try{o=await navigator.credentials.create(n)}catch(i){return l(_(i))}try{O(o,"create")}catch(i){return l(_(i))}try{return c(x(o))}catch(i){return l(_(i))}}function Te(t,e){try{je(t.challenge,"challenge");let r=te(t.challenge);return c({publicKey:{challenge:r,rpId:t.rpId,...t.timeout!==void 0&&{timeout:t.timeout},userVerification:t.userVerification??"preferred",...t.allowCredentials&&{allowCredentials:t.allowCredentials.map(n=>({id:te(n.id),type:n.type,...n.transports&&{transports:n.transports}}))}},...e!==void 0&&{mediation:e}})}catch(r){return l(_(r))}}async function Cn(t,e,r){let n=t.externalUserId??t.external_user_id;if(!n||typeof n!="string"||n.trim()===""){let i=R("externalUserId","must be a non-empty string");return r.emit("error",{type:"error",error:i}),l(i)}let o=await Se({operation:"register",eventEmitter:r,start:()=>e.startRegister({external_user_id:n}),createOptions:i=>w(i.challenge,t.authenticatorType),invoke:async i=>{let a={...i,...t.signal&&{signal:t.signal}};return navigator.credentials.create(a)},finish:async(i,a)=>{let u=await e.finishRegister({session_id:i.session_id,credential:x(a),...t.successUrl&&{success_url:t.successUrl}});return u.ok?c({success:!0,credentialId:u.value.credential_id,credential_id:u.value.credential_id,status:u.value.status,sessionToken:u.value.session_token,user:{userId:u.value.user.user_id,externalUserId:u.value.user.external_user_id,email:u.value.user.email,metadata:u.value.user.metadata},...u.value.redirect_url&&{redirectUrl:u.value.redirect_url}}):l(u.error)}});return o.ok&&r.emit("success",{type:"success",operation:"register",token:o.value.sessionToken,user:o.value.user}),o}async function In(t,e,r){let n=t.externalUserId??t.external_user_id,o=n!==void 0&&typeof n=="string"&&n.trim()!=="",i=await Se({operation:"authenticate",eventEmitter:r,start:()=>e.startAuth(o?{external_user_id:n.trim()}:{}),createOptions:a=>Te(a.challenge,t.mediation),invoke:async a=>{let u={...a,...t.signal&&{signal:t.signal}};return navigator.credentials.get(u)},finish:async(a,u)=>{let p=await e.finishAuthentication({session_id:a.session_id,credential:re(u),...t.successUrl&&{success_url:t.successUrl}});return p.ok?c({authenticated:p.value.authenticated,sessionToken:p.value.session_token,user:{userId:p.value.user.user_id,externalUserId:p.value.user.external_user_id,email:p.value.user.email,metadata:p.value.user.metadata},signals:p.value.signals,...p.value.redirect_url&&{redirectUrl:p.value.redirect_url}}):l(p.error)}});return i.ok&&r.emit("success",{type:"success",operation:"authenticate",token:i.value.sessionToken,user:i.value.user}),i}async function Ze(t,e){return e?e.aborted?"aborted":new Promise(r=>{let n=()=>{o(),r("aborted")},o=()=>{clearTimeout(i),e.removeEventListener("abort",n)},i=setTimeout(()=>{o(),r("completed")},t);e.addEventListener("abort",n)}):(await new Promise(r=>setTimeout(r,t)),"completed")}var Ho=2e3,qo=60,et=class{constructor(e){this.apiClient=e}async startFlow(e,r){let n=await this.apiClient.startOnboarding({user_role:e.user_role});if(!n.ok)return l(n.error);let{session_id:o}=n.value;for(let i=0;i<qo;i++){if(r?.aborted)return l(E("ABORT_ERROR","Operation aborted by user or timeout"));if(await Ze(Ho,r)==="aborted")return l(E("ABORT_ERROR","Operation aborted by user or timeout"));let u=await this.apiClient.getOnboardingStatus(o);if(!u.ok)return l(u.error);let p=u.value.status,g=u.value.onboarding_url;if(p==="pending_passkey"){let f=await this.apiClient.getOnboardingRegister(o);if(!f.ok)return l(f.error);let y=f.value;if(!y.challenge)return l(E("NOT_SUPPORTED","Onboarding requires user action - complete passkey registration at the provided onboarding_url",{onboarding_url:g}));let b=w(y.challenge);if(!b.ok)return l(b.error);let A;try{A=await navigator.credentials.create(b.value)}catch(C){return l(_(C))}try{O(A,"create")}catch(C){return l(_(C))}let v;try{v=x(A)}catch(C){return l(_(C))}let S=await this.apiClient.registerOnboardingPasskey(o,{credential:v,challenge:y.challenge.challenge});return S.ok?await this.apiClient.completeOnboarding(o,{company_name:e.company_name}):l(S.error)}if(p==="completed")return await this.apiClient.completeOnboarding(o,{company_name:e.company_name})}return l(E("TIMEOUT","Onboarding timed out"))}};var Ln="trymellon_context_hash";var Go=/^[a-f0-9]{64}$/;function jo(t){return typeof t=="string"&&Go.test(t)}function Yo(){let t=new Uint8Array(32);if(typeof crypto<"u"&&crypto.getRandomValues)crypto.getRandomValues(t);else throw new Error("crypto.getRandomValues is not available");return Array.from(t).map(r=>r.toString(16).padStart(2,"0")).join("")}function Wo(){let t=null;return{getItem(){return t},setItem(e,r){t=r}}}var Mn=Wo();function On(t){let e=t.getItem(Ln);if(e&&jo(e))return e;let r=Yo();return t.setItem(Ln,r),r}function oe(t){let e=t??Mn;try{return On(e)}catch{return On(Mn)}}var tt=class{constructor(e,r){this.apiClient=e;this.storage=r}async enroll(e){if(e.signal?.aborted)return l(E("ABORT_ERROR","Operation aborted by user or timeout"));let r=this.storage??(typeof sessionStorage<"u"?sessionStorage:void 0),n=oe(r),o=await this.apiClient.startEnrollment(e.ticketId,n);if(!o.ok)return l(o.error);let i=await Tn(o.value.challenge,e.signal);if(!i.ok)return l(i.error);let a=await this.apiClient.finishEnrollment(e.ticketId,{credential:i.value,context_hash:n});return a.ok?c({sessionToken:a.value.session_token}):l(a.error)}};var $o=2e3,zo=60,rt=class{constructor(e){this.apiClient=e}async init(){return this.apiClient.initCrossDeviceAuth()}async initRegistration(e){return this.apiClient.initCrossDeviceRegistration(e)}async waitForSession(e,r,n){if(r?.aborted)return l(E("ABORT_ERROR","Operation aborted by user or timeout"));for(let o=0;o<zo;o++){let i=await this.apiClient.getCrossDeviceStatus(e,n);if(!i.ok)return l(i.error);if(i.value.status==="completed"){if(!i.value.session_token||!i.value.user_id)return l(E("UNKNOWN_ERROR","Missing data in completed session"));let u=i.value.redirect_url!=null&&i.value.redirect_url!==""?i.value.redirect_url:void 0;return c({session_token:i.value.session_token,user_id:i.value.user_id,...u!==void 0&&{redirectUrl:u}})}if(await Ze($o,r)==="aborted")return l(E("ABORT_ERROR","Operation aborted by user or timeout"))}return l(E("TIMEOUT","Cross-device authentication timed out"))}async approve(e){let r=await this.apiClient.getCrossDeviceContext(e);if(!r.ok)return l(r.error);let n=r.value;return n.type==="registration"?this.executeRegistrationApproval(e,n):this.executeAuthApproval(e,n)}async executeRegistrationApproval(e,r){let n=w(r.options);if(!n.ok)return l(n.error);let o;try{o=await navigator.credentials.create(n.value)}catch(a){return l(_(a))}try{O(o,"create")}catch(a){return l(_(a))}let i;try{i=x(o)}catch(a){return l(_(a))}return this.apiClient.verifyCrossDeviceRegistration({session_id:e,credential:i})}async executeAuthApproval(e,r){let n=Te(r.options);if(!n.ok)return l(n.error);let o;try{o=await navigator.credentials.get(n.value)}catch(a){return l(_(a))}try{O(o,"get")}catch(a){return l(_(a))}let i;try{i=re(o)}catch(a){return l(_(a))}return this.apiClient.verifyCrossDeviceAuth({session_id:e,credential:i})}};var Xo=new Set(["pin_verified","pin_locked","completed"]),Qo=1500,Jo=3e5;function xn(t){return Xo.has(t)}function nt(t){return t==null||typeof t!="string"||t.trim()===""?l(R("sessionId","must be a non-empty string")):c(t.trim())}function Zo(t){return{sessionToken:t.session_token,credentialId:t.credential_id,userId:t.user_id,entityId:t.entity_id}}function ei(t){return{sessionToken:t.session_token}}async function ti(t,e,r,n){let i=(n.presencePin!=null&&n.presencePin!==""?n.presencePin:null)??(typeof n.onPinRequired=="function"?await n.onPinRequired():null);return i==null||i===""?l(E("INVALID_ARGUMENT","Bridge requires PIN: provide presencePin or onPinRequired in options")):t.verifyBridgePin(e,i,r)}var ot=class{constructor(e,r){this.apiClient=e;this.storage=r}async waitForResult(e,r){let n=nt(e);if(!n.ok)return l(n.error);let o=r?.kind??"enrollment",i=r?.useSse!==!1,a=r?.timeoutMs??Jo,u=async p=>{for(;;){let g=await this.apiClient.getBridgeStatus(n.value,o);if(!g.ok)return l(g.error);if(xn(g.value.status))return c(g.value);if(Date.now()-p>=a)return l(E("TIMEOUT","Bridge status wait timed out"));await new Promise(f=>setTimeout(f,Qo))}};return i&&typeof EventSource<"u"?new Promise(p=>{let g=this.apiClient.getBridgeStatusUrl(n.value,o),f=!1,y=A=>{if(!f){f=!0;try{b.close()}catch{}p(A)}},b;try{b=new EventSource(g)}catch{u(Date.now()).then(y);return}b.onmessage=A=>{try{let v=typeof A.data=="string"?A.data:String(A.data),S=JSON.parse(v);if(S!==null&&typeof S=="object"&&"status"in S&&typeof S.status=="string"){let L=S.status;if(xn(L)){let C=S.ts;y(c({status:L,...typeof C=="string"&&{ts:C}}))}}}catch{}},b.onerror=()=>{if(!f){try{b.close()}catch{}u(Date.now()).then(y)}}}):u(Date.now())}async getContext(e,r){let n=nt(e);return n.ok?this.apiClient.getBridgeContext(n.value,r):l(n.error)}async verifyPin(e,r,n){let o=nt(e);return o.ok?r==null||typeof r!="string"||r===""?l(R("pin","must be a non-empty string")):this.apiClient.verifyBridgePin(o.value,r,n):l(o.error)}async complete(e,r){let n=nt(e);if(!n.ok)return l(n.error);let o=r?.kind??"enrollment",i=await this.apiClient.getBridgeContext(n.value,o);if(!i.ok)return l(i.error);let a=i.value,u=await ti(this.apiClient,n.value,o,r??{kind:o});if(!u.ok)return l(u.error);let p=u.value;if(r?.signal?.aborted)return l(E("ABORT_ERROR","Operation aborted by user or timeout"));let g=a.type==="registration"?"enrollment":"auth";if(o!==g)return l(E("INVALID_ARGUMENT",`Bridge context type "${a.type}" does not match kind "${o}"`));if(a.type==="registration"){if(!r?.ticketId?.trim()||!r?.entityId?.trim())return l(R("ticketId/entityId","required for enrollment bridge complete"));let L=p.registration_options;if(!L||typeof L!="object")return l(E("UNKNOWN_ERROR","Bridge verify response missing registration_options"));let C=w(L);if(!C.ok)return l(C.error);let Rt={...C.value,...r.signal!==void 0&&{signal:r.signal}},At;try{At=await navigator.credentials.create(Rt)}catch(St){return l(_(St))}try{O(At,"create")}catch(St){return l(_(St))}let Me=x(At),eo=this.storage??(typeof sessionStorage<"u"?sessionStorage:void 0),to=oe(eo),vt=await this.apiClient.completeBridgeEnrollment({session_id:n.value,ticket_id:r.ticketId,entity_id:r.entityId,context_hash:to,registration_response:{id:Me.id,rawId:Me.rawId,response:Me.response,type:Me.type}});return vt.ok?c(Zo(vt.value)):l(vt.error)}let f=p.authentication_options;if(!f||typeof f!="object")return l(E("UNKNOWN_ERROR","Bridge verify response missing authentication_options"));let y=Te(f);if(!y.ok)return l(y.error);let b={...y.value,...r?.signal!==void 0&&{signal:r.signal}},A;try{A=await navigator.credentials.get(b)}catch(L){return l(_(L))}try{O(A,"get")}catch(L){return l(_(L))}let v=re(A),S=await this.apiClient.completeBridgeAuth({session_id:n.value,credential:{id:v.id,rawId:v.rawId,response:v.response,type:v.type}});return S.ok?c(ei(S.value)):l(S.error)}};var it=class{handlers;constructor(){this.handlers=new Map}on(e,r){let n=this.handlers.get(e);return n||(n=new Set,this.handlers.set(e,n)),n.add(r),()=>{this.off(e,r)}}off(e,r){let n=this.handlers.get(e);n&&(n.delete(r),n.size===0&&this.handlers.delete(e))}emit(e,r){let n=this.handlers.get(e);if(n)for(let o of n)try{o(r)}catch(i){console.warn("[TryMellon] Event handler threw:",i)}}removeAllListeners(){this.handlers.clear()}};function kn(t){return{async send(e){let r=JSON.stringify(e);if(typeof navigator<"u"&&typeof navigator.sendBeacon=="function"){navigator.sendBeacon(t,r);return}typeof fetch<"u"&&await fetch(t,{method:"POST",body:r,headers:{"Content-Type":"application/json"},keepalive:!0})}}}function Ar(t,e){return{event:t,latencyMs:e,ok:!0}}var st=class{constructor(e,r,n,o,i){this.apiClient=e;this.eventEmitter=r;this.sandbox=n;this.sandboxToken=o;this.telemetrySender=i}async sandboxAuthResult(e,r){let n="externalUserId"in r?r.externalUserId??r.external_user_id??"sandbox":r.external_user_id??r.externalUserId??"sandbox",o=typeof n=="string"?n:"sandbox";return e==="register"?Promise.resolve(c({success:!0,credentialId:"",status:"sandbox",sessionToken:this.sandboxToken,user:{userId:"sandbox-user",externalUserId:o}})):Promise.resolve(c({authenticated:!0,sessionToken:this.sandboxToken,user:{userId:"sandbox-user",externalUserId:o}}))}async register(e){if(this.sandbox){let o=await this.sandboxAuthResult("register",e);return o.ok&&this.eventEmitter.emit("success",{type:"success",operation:"register",token:o.value.sessionToken,user:o.value.user}),o}let r=Date.now(),n=await Cn(e,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(Ar("register",Date.now()-r)).catch(o=>console.warn("[TryMellon] Telemetry send failed",o)),n}async authenticate(e){if(this.sandbox){let o=await this.sandboxAuthResult("authenticate",e);return o.ok&&this.eventEmitter.emit("success",{type:"success",operation:"authenticate",token:o.value.sessionToken,user:o.value.user}),o}let r=Date.now(),n=await In(e,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(Ar("authenticate",Date.now()-r)).catch(o=>console.warn("[TryMellon] Telemetry send failed",o)),n}};async function Dn(t,e,r){let n=t.externalUserId??t.external_user_id;if(!n||typeof n!="string"||n.trim()===""){let i=R("externalUserId","must be a non-empty string");return r.emit("error",{type:"error",error:i}),l(i)}if(!t.otp||typeof t.otp!="string"||t.otp.trim().length!==6){let i=R("otp","must be a 6-digit string");return r.emit("error",{type:"error",error:i}),l(i)}let o=await Se({operation:"register",eventEmitter:r,start:()=>e.verifyAccountRecoveryOtp(n,t.otp),createOptions:i=>{let a=i.challenge;return!a||typeof a!="object"||!("rp"in a)||!("user"in a)||!("challenge"in a)||!("pubKeyCredParams"in a)?l(R("challenge","invalid recovery challenge structure")):w(a)},invoke:async i=>navigator.credentials.create(i),finish:async(i,a)=>{let u=await e.completeAccountRecovery(i.recovery_session_id,x(a));if(!u.ok)return l(u.error);let{credential_id:p,status:g,session_token:f,user:y,redirect_url:b}=u.value;return c({success:!0,credentialId:p,status:g,sessionToken:f,user:{userId:y.user_id,externalUserId:y.external_user_id,email:y.email,metadata:y.metadata},...b!==void 0&&{redirectUrl:b}})}});return o.ok&&r.emit("success",{type:"success",operation:"register",token:o.value.sessionToken,user:o.value.user}),o}var at=class{constructor(e,r){this.apiClient=e;this.eventEmitter=r}recover(e){return Dn(e,this.apiClient,this.eventEmitter)}};function di(t){if(typeof t!="string"||t==="")return!1;try{let e=new URL(t).hostname.toLowerCase();return e==="localhost"||e==="127.0.0.1"}catch{return!1}}var lt=class t{sandbox;sandboxToken;apiClient;eventEmitter;telemetrySender;crossDeviceManager;authService;recoveryService;onboarding;enrollmentManager;bridgeManager;contextHashStorage;static validateConfig(e){let{appId:r,publishableKey:n}=e;if(!r||typeof r!="string"||r.trim()==="")throw R("appId","must be a non-empty string");if(!n||typeof n!="string"||n.trim()==="")throw R("publishableKey","must be a non-empty string");let o=e.apiBaseUrl??$t;yn(o,"apiBaseUrl");let i=e.timeoutMs??3e4;Ge(i,"timeoutMs",1e3,3e5),e.maxRetries!==void 0&&Ge(e.maxRetries,"maxRetries",0,10),e.retryDelayMs!==void 0&&Ge(e.retryDelayMs,"retryDelayMs",100,1e4)}static create(e){try{return t.validateConfig(e),c(new t(e))}catch(r){return zt(r)?l(r):l(R("config",r.message))}}constructor(e){this.sandbox=e.sandbox===!0,this.sandboxToken=this.sandbox&&e.sandboxToken!=null&&e.sandboxToken!==""?e.sandboxToken:mn,t.validateConfig(e);let r=e.appId,n=e.publishableKey,o=e.apiBaseUrl??$t,i=e.timeoutMs??3e4,a=e.maxRetries??3,u=e.retryDelayMs??1e3,p=new Qe(i,a,u,e.logger),g=e.origin??(typeof window<"u"&&window?.location?.origin?window.location.origin:void 0),f={"X-App-Id":r.trim(),Authorization:`Bearer ${n.trim()}`,...g&&{Origin:g}};this.apiClient=new Xe(p,o,f),this.eventEmitter=new it,e.enableTelemetry&&(this.telemetrySender=e.telemetrySender??kn(e.telemetryEndpoint??pn)),this.authService=new st(this.apiClient,this.eventEmitter,this.sandbox,this.sandboxToken,this.telemetrySender),this.recoveryService=new at(this.apiClient,this.eventEmitter),this.contextHashStorage=e.contextHashStorage,this.onboarding=new et(this.apiClient),this.enrollmentManager=new tt(this.apiClient,this.contextHashStorage),this.crossDeviceManager=new rt(this.apiClient),this.bridgeManager=new ot(this.apiClient,this.contextHashStorage),this.warnIfSandboxOnProd()}warnIfSandboxOnProd(){if(typeof window>"u"||!this.sandbox)return;let e=window.location.origin;di(e)||console.warn(`[TryMellon] Sandbox mode is ON but origin is not localhost (current: ${e}). Use sandbox: false in production. See: ${gn}`)}get bridge(){return{getContext:(e,r)=>this.bridgeManager.getContext(e,r),verifyPin:(e,r,n)=>this.bridgeManager.verifyPin(e,r,n),complete:(e,r)=>this.bridgeManager.complete(e,r),waitForResult:(e,r)=>this.bridgeManager.waitForResult(e,r)}}static isSupported(){return ne()}async register(e){return this.authService.register(e)}async authenticate(e){return this.authService.authenticate(e)}async enroll(e){this.eventEmitter.emit("start",{type:"start",operation:"enroll"});let r=await this.enrollmentManager.enroll(e);return r.ok?this.eventEmitter.emit("success",{type:"success",operation:"enroll",token:r.value.sessionToken}):this.eventEmitter.emit("error",{type:"error",operation:"enroll",error:r.error}),r}getContextHash(){let e=this.contextHashStorage??(typeof sessionStorage<"u"?sessionStorage:void 0);return oe(e)}async validateSession(e){return this.sandbox&&e===this.sandboxToken?Promise.resolve(c({valid:!0,userId:"sandbox-user",externalUserId:"sandbox",tenantId:"sandbox-tenant",appId:"sandbox-app"})):this.apiClient.validateSession(e)}async getStatus(){return Je()}on(e,r){return this.eventEmitter.on(e,r)}version(){return"2.3.2"}fallback={email:{start:async e=>this.apiClient.startEmailFallback(e),verify:async e=>{let r=await this.apiClient.verifyEmailCode({userId:e.userId,code:e.code,...e.successUrl&&{successUrl:e.successUrl}});return r.ok?c({sessionToken:r.value.sessionToken,...r.value.redirectUrl&&{redirectUrl:r.value.redirectUrl}}):r}}};auth={crossDevice:{init:()=>this.crossDeviceManager.init(),initRegistration:e=>this.crossDeviceManager.initRegistration(e??{}),waitForSession:(e,r,n)=>this.crossDeviceManager.waitForSession(e,r,n),getContext:e=>this.apiClient.getCrossDeviceContext(e),approve:e=>this.crossDeviceManager.approve(e)},recoverAccount:e=>this.recoveryService.recover(e)}};function vr(t){let e=lt.create({appId:t.appId,publishableKey:t.publishableKey});return!e.ok||e.value==null?null:e.value}function wn(t){if(t==null||typeof t!="object")return!1;let e=t,r=typeof e.authenticate=="function",n=typeof e.register=="function",o=typeof e.on=="function",i=typeof e.enroll=="function",a=typeof e.getContextHash=="function";return r&&n&&o&&i&&a}function Pn(t){return t?{externalUserId:t}:{}}var ut="mellon:open",Ce="mellon:open-request",H="mellon:close",q="mellon:success",dt="mellon:error",ct="mellon:start",Ie="mellon:cancelled",pt="mellon:fallback",mt="mellon:tab-change",Sr="mellon:context-ready";function gt(t,e,r,n){t.dispatchEvent(new CustomEvent(e,{detail:r,bubbles:n.bubbles,composed:n.composed}))}function ft(t){return t==="authenticate"?"login":t==="enroll"?"enroll":"register"}function ci(t){if(t==null||typeof t!="object")return;let e=t,r=e.userId;if(typeof r!="string"||r.length===0)return;let n={userId:r};return typeof e.externalUserId=="string"&&(n.externalUserId=e.externalUserId),typeof e.email=="string"&&(n.email=e.email),e.metadata!=null&&typeof e.metadata=="object"&&!Array.isArray(e.metadata)&&(n.metadata=e.metadata),n}function pi(t){return t!=null&&typeof t=="object"&&t.type==="start"&&(t.operation==="register"||t.operation==="authenticate"||t.operation==="enroll")}function mi(t){let e=t;return t!=null&&typeof t=="object"&&e.type==="success"&&typeof e.token=="string"&&(e.operation==="register"||e.operation==="authenticate"||e.operation==="enroll")}function gi(t){return t!=null&&typeof t=="object"&&t.type==="error"}function fi(t){return t!=null&&typeof t=="object"&&t.type==="cancelled"&&(t.operation==="register"||t.operation==="authenticate"||t.operation==="enroll")}var Tr={subscribe(t,e){if(t==null||e==null)throw new TypeError("eventBridgeAdapter.subscribe: core and host are required");let r=[],n="authenticate",o=!1,i=t.on("start",g=>{if(!pi(g))return;n=g.operation,o=!1;let f={operation:ft(g.operation),...typeof g.nonce=="string"&&{nonce:g.nonce}};gt(e,ct,f,{bubbles:!0,composed:!0})});r.push(i);let a=t.on("success",g=>{if(!mi(g)||o||g.token.length===0)return;o=!0;let f=ci(g.user),y={operation:ft(g.operation),token:g.token,...typeof g.nonce=="string"&&{nonce:g.nonce},...f!==void 0&&{user:f},...typeof g.redirectUrl=="string"&&{redirectUrl:g.redirectUrl}};gt(e,q,y,{bubbles:!1,composed:!0})});r.push(a);let u=t.on("error",g=>{if(!gi(g)||o)return;let f=g.error?.code??"UNKNOWN_ERROR",y=X(typeof f=="string"?f:String(f)),b={operation:ft(g.operation??n),code:y,message:typeof g.error?.message=="string"?g.error.message:"Unknown error",...typeof g.nonce=="string"&&{nonce:g.nonce}};gt(e,dt,b,{bubbles:!0,composed:!0})});r.push(u);let p=t.on("cancelled",g=>{if(!fi(g))return;let f={operation:ft(g.operation),...typeof g.nonce=="string"&&{nonce:g.nonce}};gt(e,Ie,f,{bubbles:!0,composed:!0})});return r.push(p),function(){for(let f of r)f()}}};function Un(t){return{isPasskeySupported:t.isPasskeySupported,platformAuthenticatorAvailable:t.platformAuthenticatorAvailable,recommendedFlow:t.recommendedFlow}}function hi(){return{getClientStatus:async()=>{let t=await Je();return Un(t)}}}function Bn(t){let e=t;if(typeof e.getStatus!="function")return hi();let r=e.getStatus;return{getClientStatus:async()=>{let n=await r();return Un(n)}}}function Fn(t){return new CustomEvent(ut,{detail:t,bubbles:!0,composed:!0})}function Kn(t){return new CustomEvent(H,{detail:t,bubbles:!0,composed:!0})}function Vn(t){return new CustomEvent(Ie,{detail:t,bubbles:!0,composed:!0})}function Hn(t){return new CustomEvent(pt,{detail:t,bubbles:!0,composed:!0})}function qn(t){return new CustomEvent(mt,{detail:t,bubbles:!0,composed:!0})}function Gn(t){return new CustomEvent(Sr,{detail:t,bubbles:!1,composed:!0})}var ht=class{_currentState=k;_lastRenderedState=null;_renderDirty=!0;_pendingOperation="authenticate";_currentNonce=void 0;_envEvalRequestId=0;get currentState(){return this._currentState}setState(e){this._currentState=e,this._renderDirty=!0}invalidateRender(){this._renderDirty=!0}consumeRenderDecision(){return!this._renderDirty&&this._currentState===this._lastRenderedState?!1:(this._lastRenderedState=this._currentState,this._renderDirty=!1,!0)}setPendingOperationFromTab(e){this._pendingOperation=e==="login"?"authenticate":"register"}get pendingOperation(){return this._pendingOperation}setNonce(e){this._currentNonce=e}consumeCancelledDetailIfAuthenticating(){if(this._currentState!=="AUTHENTICATING")return null;let e={operation:this._pendingOperation==="authenticate"?"login":this._pendingOperation,...this._currentNonce!==void 0&&{nonce:this._currentNonce}};return this._currentNonce=void 0,e}handleAuthSuccess(){let e=I.handleAuthOutcome(this._currentState,"success");e!==null&&this.setState(e)}handleAuthError(){let e=I.handleAuthOutcome(this._currentState,"error");e!==null&&this.setState(e)}handleEnrollSuccess(){let e=I.handleEnrollOutcome(this._currentState,"success");e!==null&&this.setState(e)}handleEnrollError(){let e=I.handleEnrollOutcome(this._currentState,"error");e!==null&&this.setState(e)}onStartEvent(e){e?.nonce!==void 0&&(this._currentNonce=e.nonce)}startAuthFromClick(e,r,n){if(!e||!Pr(this._currentState))return;this.setPendingOperationFromTab(r);let o=I.startAuth(this._currentState,r,e,n);this.setState(o)}startEnrollment(e,r){if(!e)return;let n=I.startEnrollment(this._currentState,e,r);this.setState(n)}async runEnvEval(e){let r=++this._envEvalRequestId;this.setState(I.envEvalStart(this._currentState));let n=await I.evaluateEnv({...e,currentState:this._currentState});return r!==this._envEvalRequestId?null:n}reset(){this._currentState=I.reset(this._currentState),this._lastRenderedState=null,this._renderDirty=!0,this._currentNonce=void 0}setStateForRender(e){this._currentState=e,this._renderDirty=!0}};var ie=class extends HTMLElement{_controller=new ht;_unsubscribeBridge=null;_core=null;_lastCoreConfig=null;setState(e){this._controller.setState(e),this.scheduleRenderIfNeeded()}invalidateRender(){this._controller.invalidateRender(),this.scheduleRenderIfNeeded()}scheduleRenderIfNeeded(){this.shadowRoot&&this._controller.consumeRenderDecision()&&this._render()}_emitCancelledIfAuthenticating(){let e=this._controller.consumeCancelledDetailIfAuthenticating();return e?(this.dispatchEvent(Vn(e)),!0):!1}attachCore(e){if(this._core!==null&&this._teardownCore(),e==null){this._core=null,this._controller.reset(),this.scheduleRenderIfNeeded();return}if(!wn(e))throw new Error("[trymellon-auth] attachCore requires a CoreAuthPort-compatible instance.");this._core=e,this._unsubscribeBridge=Tr.subscribe(this._core,this),this._attachHostListeners(),this._runEnvEval()}_teardownCore(){this._unsubscribeBridge?.(),this._unsubscribeBridge=null,this.removeEventListener("mellon:start",this._onMellonStart),this.removeEventListener("mellon:success",this._onMellonSuccess),this.removeEventListener("mellon:error",this._onMellonError),this._core=null}_attachHostListeners(){this.removeEventListener("mellon:start",this._onMellonStart),this.removeEventListener("mellon:success",this._onMellonSuccess),this.removeEventListener("mellon:error",this._onMellonError),this.addEventListener("mellon:start",this._onMellonStart),this.addEventListener("mellon:success",this._onMellonSuccess),this.addEventListener("mellon:error",this._onMellonError)}_onMellonSuccess=()=>{this._controller.currentState==="ENROLLING"?this._controller.handleEnrollSuccess():this._controller.handleAuthSuccess(),this.scheduleRenderIfNeeded()};_onMellonError=()=>{this._controller.currentState==="ENROLLING"?this._controller.handleEnrollError():this._controller.handleAuthError(),this.scheduleRenderIfNeeded()};_onMellonStart=e=>{let r=e.detail;this._controller.onStartEvent(r)};startAuthFromClick(){this._core&&this.canStartAuth()&&(this._controller.startAuthFromClick(this._core,this.getTabKind(),this.getCoreAuthOptions()),this.scheduleRenderIfNeeded())}dispatchFallback(e){let r=e!==void 0?{...this.getFallbackDetail(),fallbackType:e}:this.getFallbackDetail();this.dispatchEvent(Hn(r))}async _runEnvEval(){if(!this._core)return;let e={...this.getEnvEvalParams(),envStatusPort:Bn(this._core)},r=await this._controller.runEnvEval(e);r!==null&&(!this._core||!this.isConnected||this.setState(r))}_maybeAutoCreateCoreAndRunEnvEval(){if(this._core!==null)return;let e=this.getCoreConfig();if(!e)return;let r=vr(e);if(!r){this.attachCore(null);return}this.attachCore(r)}_reconcileCoreFromConfig(){let e=this.getCoreConfig();if(this._lastCoreConfig===null&&e===null||this._lastCoreConfig!==null&&e!==null&&this._lastCoreConfig.appId===e.appId&&this._lastCoreConfig.publishableKey===e.publishableKey)return;if(this._lastCoreConfig=e,e===null){this.attachCore(null);return}let n=vr(e);this.attachCore(n??null)}disconnectedCallback(){this._teardownCore()}get currentState(){return this._controller.currentState}reset(){this._emitCancelledIfAuthenticating(),this._controller.reset(),this.scheduleRenderIfNeeded()}setStateForRender(e){this._controller.setStateForRender(e),this.scheduleRenderIfNeeded()}};function Ei(t){if(t==null||t.trim()==="")return Q;let e=t.split(",").map(o=>o.trim()),r=e[0]??Q.register,n=e[1]??Q.login;return{register:r,login:n}}function Et(t){let e={open:Be(t.getAttribute("open")),mode:N(t.getAttribute("mode"),ue,De),tab:N(t.getAttribute("tab"),le,Ne),tabLabels:Ei(t.getAttribute("tab-labels")),theme:N(t.getAttribute("theme"),G,Y),sessionId:M(t.getAttribute("session-id")),onboardingUrl:M(t.getAttribute("onboarding-url")),isMobileOverride:Ur(t.getAttribute("is-mobile-override")),fallbackType:Br(t.getAttribute("fallback-type"),de),appId:W(t.getAttribute("app-id")),publishableKey:W(t.getAttribute("publishable-key")),appName:M(t.getAttribute("app-name")),dialogTitle:M(t.getAttribute("dialog-title")),dialogDescription:M(t.getAttribute("dialog-description")),externalUserId:M(t.getAttribute("external-user-id")),modalVariant:N(t.getAttribute("modal-variant"),me,Ue)};return Dt(e)}function bi(t){let e=t.querySelector(`.${ye}`);return e||(e=document.createElement("div"),e.className=ye,t.appendChild(e)),e}function yi(t){let e=t.querySelector(`.${z}`);return e||(e=document.createElement("div"),e.className=z,e.setAttribute("aria-hidden","true"),t.appendChild(e)),e}function _i(t){let e=t.querySelector(`.${_e}`);return e||(e=document.createElement("div"),e.className=_e,t.appendChild(e)),e}function Ri(t,e){t.setAttribute("role","dialog"),t.setAttribute("aria-modal",e==="modal"?"true":"false"),t.setAttribute("aria-labelledby",He),t.setAttribute("aria-describedby",Ae)}function Ai(t,e){let r=t.querySelector(`#${He}`);r||(r=document.createElement("h2"),r.id=He,r.className="mellon-dialog-title",t.insertBefore(r,t.firstChild));let n=e.dialogTitle?.trim()??(e.appName?.trim()?Kr(e.appName.trim()):Fr);r.textContent=n;let o=t.querySelector(`#${Ae}`);o||(o=document.createElement("p"),o.id=Ae,o.className="mellon-dialog-desc",t.insertBefore(o,r.nextSibling)),o.textContent=e.dialogDescription?.trim()??Vr}function vi(t){let e=t.querySelector(`.${Ht}`);e||(e=document.createElement("button"),e.type="button",e.className=Ht,e.setAttribute("aria-label",qr),e.setAttribute("data-mellon-modal-close","true"),e.textContent="\xD7",t.appendChild(e))}function Si(t,e){let r=t.querySelector(`.${Re}`);if(!r){r=document.createElement("div"),r.className=Re,r.setAttribute("role","tablist");let i=document.createElement("button");i.type="button",i.setAttribute("data-tab","register"),i.setAttribute("role","tab");let a=document.createElement("button");a.type="button",a.setAttribute("data-tab","login"),a.setAttribute("role","tab"),r.appendChild(i),r.appendChild(a);let u=t.querySelector(`#${Ae}`);t.insertBefore(r,u?u.nextSibling:t.firstChild)}let[n,o]=r.querySelectorAll("button");return n&&(n.textContent=e.register),o&&(o.textContent=e.login),r}function Cr(t){let e=t.querySelector(`.${Ft}`);if(!e){e=document.createElement("div"),e.className=Ft;let r=t.querySelector(`.${Re}`);t.insertBefore(e,r?r.nextSibling:t.firstChild)}return e}function Ti(){let t=document.createElementNS(F,"svg");t.setAttribute("viewBox","0 0 24 24"),t.setAttribute("aria-hidden","true"),t.setAttribute("class","mellon-qr-icon"),t.setAttribute("fill","currentColor");let e=document.createElementNS(F,"path");return e.setAttribute("d","M3 3h6v6H3V3zm2 2v2h2V5H5zm8-2h6v6h-6V3zm2 2v2h2V5h-2zM3 15h6v6H3v-6zm2 2v2h2v-2H5zm8-2h6v6h-6v-6zm2 2v2h2v-2h-2zm4-12h2v2h-2V5zm0 8h2v2h-2v-2zm-4 4h2v2h-2v-2zm0-8h2v2h-2V9zm0 4h2v2h-2v-2z"),t.appendChild(e),t}function jn(){let t=document.createDocumentFragment(),e=document.createElement("div");e.className=jr;let r=document.createElement("p");r.className="mellon-cross-device-cta-text",r.textContent=Gr,e.appendChild(r);let n=document.createElement("button");return n.type="button",n.className="mellon-btn mellon-btn-qr-icon",n.setAttribute("data-mellon-action",J),n.setAttribute("aria-label",Yr),n.appendChild(Ti()),e.appendChild(n),t.appendChild(e),t}function Ci(){let t=document.createElement("div");t.className=Wr,t.setAttribute("aria-live","polite");let e=document.createElement("span");e.textContent=Xr;let r=document.createElement("span");return r.className="mellon-qr-dots",r.setAttribute("aria-hidden","true"),t.appendChild(e),t.appendChild(r),t}function Ii(){let t=document.createElement("div");return t.className=$r,t.setAttribute("aria-live","polite"),t.textContent=Qr,t}function Li(t){let e=Cr(t),r=e.querySelector(`.${P}`);if(!r){r=document.createElement("div"),r.className=P,r.setAttribute("data-qr-area-state","default"),r.appendChild(Ci()),r.appendChild(Ii());let o=document.createElement("div");o.className=zr;let i=document.createElement("slot");i.name=K,i.appendChild(jn()),o.appendChild(i),r.appendChild(o),e.appendChild(r)}let n=r.querySelector(`slot[name="${K}"]`);if(!n){let o=document.createElement("slot");return o.name=K,o.appendChild(jn()),r.appendChild(o),o}return n}function Mi(t){let e=Cr(t);if(e.querySelector(`.${Vt}`))return;let r=document.createElement("div");r.className=Vt,r.setAttribute("aria-hidden","true");let n=document.createElement("span");n.className="mellon-separator-text",n.textContent=Hr,r.appendChild(n);let o=e.querySelector(`.${P}`);e.insertBefore(r,o?o.nextSibling:e.firstChild)}function Oi(t){let e=Cr(t),r=e.querySelector("slot:not([name])");if(!r){r=document.createElement("slot");let o=document.createElement("div");o.id=$,o.className="mellon-root",r.appendChild(o),e.appendChild(r)}let n=t.querySelector(`#${$}`);return n||(n=document.createElement("div"),n.id=$,n.className="mellon-root",r.appendChild(n)),n}function xi(t){let e=t.querySelector(`slot[name="${Kt}"]`);return e||(e=document.createElement("slot"),e.name=Kt,t.appendChild(e)),e}function ki(t,e){let r=t.querySelector(`.${Re}`);if(!r)return;let n=r.querySelector('[data-tab="register"]'),o=r.querySelector('[data-tab="login"]');n&&n.setAttribute("aria-selected",String(e==="register")),o&&o.setAttribute("aria-selected",String(e==="login"))}function Le(t,e){if(t==null||e==null)return;let r=bi(t);r.setAttribute("data-mellon-modal-variant",e.modalVariant),e.mode==="modal"&&yi(r);let n=_i(r);Ri(n,e.mode),Ai(n,e),vi(n),Si(n,e.tabLabels),Li(n),Mi(n),Oi(n),xi(n),ki(n,e.tab)}function Di(t){return!(t.hidden===!0||t.getAttribute("aria-hidden")==="true")}function Yn(t){return Array.from(t.querySelectorAll(rn)).filter(r=>Di(r))}function Wn(t){let e=null,r=null,n=!1;function o(u){if(u.key!=="Tab")return;let p=Yn(t);if(p.length===0)return;let g=u.target instanceof Node?u.target:null,f=g?p.indexOf(g):-1,y=p.length-1,b;u.shiftKey?b=f<=0?y:f-1:b=f>=y?0:f+1;let A=p[b];A&&(u.preventDefault(),A.focus())}function i(){if(n)return;e=document.activeElement;let p=Yn(t)[0];p&&p.focus(),r=o,t.addEventListener("keydown",r,!0),n=!0}function a(){if(!n)return;r&&(t.removeEventListener("keydown",r,!0),r=null),n=!1;let u=t.getRootNode()?.ownerDocument??document,p=e instanceof HTMLElement&&u.body.contains(e)?e:null;if(p)p.focus();else{let g=u.body,f=g.getAttribute("tabindex");g.setAttribute("tabindex","-1"),g.focus(),f===null?g.removeAttribute("tabindex"):g.setAttribute("tabindex",f)}e=null}return{activate:i,deactivate:a}}var $n=["app-id","publishable-key","mode","external-user-id","theme","action","trigger-only","button-variant","button-label","button-aria-label","ticket-id"],zn=["open","mode","tab","tab-labels","theme","session-id","onboarding-url","is-mobile-override","fallback-type","app-id","publishable-key","app-name","dialog-title","dialog-description","external-user-id","modal-variant","qr-load-timeout-ms"],bt={wrapper:`.${ye}`,overlay:`.${z}`,panel:`.${_e}`},Xn="user";var Ni={SUCCESS:{reason:"success"},AUTHENTICATING:{reason:"cancel"},ERROR:{reason:"error"}};function wi(t){return Ni[t]??{reason:Xn}}var yt=class extends ie{static get observedAttributes(){return[...zn]}_parsed=Et(this);_focusTrap=null;_unregisterInteractions=null;_generatedExternalUserId=null;_qrLoadTimeoutId=null;_qrSlotChangeBound=null;_boundEscapeKeydown=e=>{e.key==="Escape"&&this._parsed.open&&(e.preventDefault(),this.open=!1)};connectedCallback(){if(this.addEventListener("keydown",this._boundEscapeKeydown,!0),this.shadowRoot){this._registerInteractions(),this._core!==null&&this._unsubscribeBridge===null&&this.attachCore(this._core);return}let e=this.attachShadow({mode:"open"}),r=cn();if(r)e.adoptedStyleSheets=[r];else{let n=document.createElement("style");n.textContent=dn(),e.appendChild(n)}this._parsed=Et(this),Le(e,this._parsed),this._registerInteractions(),this._render(),this._applyModalVisibility(),this._maybeAutoCreateCoreAndRunEnvEval()}_registerInteractions(){this.shadowRoot&&(this._unregisterInteractions?.(),this._unregisterInteractions=an(this.shadowRoot,{onTabChange:e=>{this.dispatchEvent(qn({tab:e})),this.setAttribute("tab",e)},onPrimaryClick:()=>this.startAuthFromClick(),onFallbackClick:e=>this.dispatchFallback(e),onOverlayClick:()=>{this.open=!1},onCloseClick:()=>{this.open=!1}}))}attributeChangedCallback(e,r,n){if(this.shadowRoot){if(this._parsed=Et(this),e==="open"){if(this._parsed.open&&r!=="true"){this._clearCrossDeviceSlot();let o={timestamp:Date.now()};this.dispatchEvent(Fn(o)),this._startQrLoadWait()}if(!this._parsed.open){this._clearQrLoadWait(),this._transitionToIdle();return}}e==="tab"&&(this._emitCancelledIfAuthenticating(),this.setState(I.tabChange(this.currentState,this._parsed.tab))),(e==="app-id"||e==="publishable-key")&&this._reconcileCoreFromConfig(),Le(this.shadowRoot,this._parsed),this._render(),this._applyModalVisibility()}}_clearCrossDeviceSlot(){this.querySelectorAll(`[slot="${K}"]`).forEach(e=>e.remove())}_startQrLoadWait(){let e=this.shadowRoot;if(!e)return;let r=e.querySelector(`.${P}`),n=e.querySelector(`slot[name="${K}"]`);if(!r||!n)return;r.setAttribute("data-qr-area-state","waiting");let o=Math.max(1e3,parseInt(this.getAttribute("qr-load-timeout-ms")??String(12e3),10)||12e3);this._qrLoadTimeoutId=window.setTimeout(()=>{if(this._qrLoadTimeoutId=null,!this.shadowRoot)return;let a=this.shadowRoot.querySelector(`.${P}`);a?.getAttribute("data-qr-area-state")==="waiting"&&a.setAttribute("data-qr-area-state","timeout")},o);let i=()=>{if(n.assignedNodes().length>0){this._clearQrLoadWait();let a=this.shadowRoot?.querySelector(`.${P}`);a&&a.setAttribute("data-qr-area-state","loaded")}};this._qrSlotChangeBound=i,n.addEventListener("slotchange",i),n.assignedNodes().length>0&&i()}_clearQrLoadWait(){this._qrLoadTimeoutId!=null&&(clearTimeout(this._qrLoadTimeoutId),this._qrLoadTimeoutId=null);let e=this.shadowRoot;if(!e)return;let r=e.querySelector(`slot[name="${K}"]`);r&&this._qrSlotChangeBound&&(r.removeEventListener("slotchange",this._qrSlotChangeBound),this._qrSlotChangeBound=null);let n=e.querySelector(`.${P}`);n&&n.setAttribute("data-qr-area-state","default")}_transitionToIdle(){this._generatedExternalUserId=null;let r={reason:wi(this.currentState).reason,timestamp:Date.now()};this.dispatchEvent(Kn(r)),this._emitCancelledIfAuthenticating(),this.setState(I.reset(this.currentState)),this.shadowRoot&&(Le(this.shadowRoot,this._parsed),this.scheduleRenderIfNeeded(),this._applyModalVisibility())}get open(){return this._parsed.open}set open(e){this.setAttribute("open",e?"true":"false")}get mode(){return this._parsed.mode}set mode(e){this.setAttribute("mode",e)}get tab(){return this._parsed.tab}set tab(e){this.setAttribute("tab",e)}get tabLabels(){return`${this._parsed.tabLabels.register},${this._parsed.tabLabels.login}`}set tabLabels(e){e==null||e===""?this.removeAttribute("tab-labels"):this.setAttribute("tab-labels",e)}get theme(){return this._parsed.theme}set theme(e){this.setAttribute("theme",e)}get sessionId(){return this._parsed.sessionId}set sessionId(e){e==null?this.removeAttribute("session-id"):this.setAttribute("session-id",e)}get onboardingUrl(){return this._parsed.onboardingUrl}set onboardingUrl(e){e==null?this.removeAttribute("onboarding-url"):this.setAttribute("onboarding-url",e)}get isMobileOverride(){return this._parsed.isMobileOverride}set isMobileOverride(e){e==null?this.removeAttribute("is-mobile-override"):this.setAttribute("is-mobile-override",e?"true":"false")}get fallbackType(){return this._parsed.fallbackType}set fallbackType(e){e==null?this.removeAttribute("fallback-type"):this.setAttribute("fallback-type",e)}get appId(){return this._parsed.appId}set appId(e){this.setAttribute("app-id",e??"")}get publishableKey(){return this._parsed.publishableKey}set publishableKey(e){this.setAttribute("publishable-key",e??"")}get appName(){return this._parsed.appName}set appName(e){e==null?this.removeAttribute("app-name"):this.setAttribute("app-name",e)}get dialogTitle(){return this._parsed.dialogTitle}set dialogTitle(e){e==null?this.removeAttribute("dialog-title"):this.setAttribute("dialog-title",e)}get dialogDescription(){return this._parsed.dialogDescription}set dialogDescription(e){e==null?this.removeAttribute("dialog-description"):this.setAttribute("dialog-description",e)}get externalUserId(){return this._parsed.externalUserId}set externalUserId(e){e==null?this.removeAttribute("external-user-id"):this.setAttribute("external-user-id",e)}disconnectedCallback(){this._unregisterInteractions?.(),this._unregisterInteractions=null,this.removeEventListener("keydown",this._boundEscapeKeydown,!0),super.disconnectedCallback()}reset(){this._transitionToIdle()}getTabKind(){return this._parsed.tab}getCoreAuthOptions(){let e=this._resolveExternalUserId();return e?{externalUserId:e}:{}}_resolveExternalUserId(){let e=this._parsed.externalUserId?.trim();return e||(this.getTabKind()!=="register"?null:(this._generatedExternalUserId??=typeof crypto<"u"&&typeof crypto.randomUUID=="function"?crypto.randomUUID():null,this._generatedExternalUserId))}canStartAuth(){return!0}getEnvEvalParams(){return{mode:this._parsed.tab,isMobileOverride:this._parsed.isMobileOverride??void 0,fallbackType:this._parsed.fallbackType}}getCoreConfig(){return!this._parsed.appId||!this._parsed.publishableKey?null:{appId:this._parsed.appId,publishableKey:this._parsed.publishableKey}}getFallbackDetail(){return{operation:this._parsed.tab}}_applyModalVisibility(){if(!this.shadowRoot)return;let e=this.shadowRoot.querySelector(bt.wrapper);e&&(e.hidden=!this._parsed.open);let r=this.shadowRoot.querySelector(bt.overlay);r&&(r.hidden=this._parsed.mode!=="modal");let n=this.shadowRoot.querySelector(bt.panel);n&&n.setAttribute("aria-hidden",String(!this._parsed.open)),this._parsed.open&&e?(this._focusTrap||(this._focusTrap=Wn(e)),this._focusTrap.activate()):this._focusTrap?.deactivate()}_render(){if(!this.shadowRoot)return;Le(this.shadowRoot,this._parsed),this._applyModalVisibility();let e=wt(this.currentState,this._parsed,{registerSessionReady:this._parsed.tab==="register"?this.canStartAuth():void 0,primaryButtonLabel:Ut,primaryButtonAriaLabel:Bt}),r={shadowRoot:this.shadowRoot};en(r,e)}};var _t=class extends ie{static get observedAttributes(){return[...$n]}_parsed={...he};get ticketId(){let e=this._parsed.ticketId;return e===void 0?null:e}_internalModal=null;_focusRestoreTarget=null;_unregisterInteractions=null;_onInternalModalClose=()=>{this._internalModal&&(this._internalModal.open=!1),this._restoreFocusToTrigger()};_onInternalModalSuccess=e=>{let r=e;this.dispatchEvent(new CustomEvent(q,{detail:r.detail,bubbles:!1,composed:!0}))};_restoreFocusToTrigger(){let e=this._focusRestoreTarget;this._focusRestoreTarget=null,!(!e?.isConnected||typeof e.focus!="function")&&e.focus()}_emitContextReadyIfEnrollment(){!this._core||!this.ticketId||this.dispatchEvent(Gn({contextHash:this._core.getContextHash()}))}enroll(){let e=this.ticketId;!e||!this._core||this._controller.startEnrollment(this._core,{ticketId:e})}connectedCallback(){if(this.shadowRoot){this._registerInteractions(),this._core!==null&&this._unsubscribeBridge===null&&this.attachCore(this._core),this._emitContextReadyIfEnrollment(),this._syncInternalModalAttributes(),this._ensureInternalModal();return}let e=this.attachShadow({mode:"open"}),r=Yt();if(r)e.adoptedStyleSheets=[r];else{let n=document.createElement("style");n.textContent=Wt(),e.appendChild(n)}this._parsed=Pt(this),this._syncThemeAttribute(),this._registerInteractions(),this._render(),this._reconcileCoreFromConfig(),this._emitContextReadyIfEnrollment(),this._ensureInternalModal()}_registerInteractions(){this.shadowRoot&&(this._unregisterInteractions?.(),this._unregisterInteractions=sn(this.shadowRoot,{onPrimaryClick:()=>this._onPrimaryClick(),onFallbackClick:e=>this.dispatchFallback(e)}))}attributeChangedCallback(e,r,n){if(!this.shadowRoot)return;let o=this._parsed.mode;if(this._parsed=Pt(this),(e==="button-variant"||e==="theme")&&this.invalidateRender(),(e==="app-id"||e==="publishable-key")&&this._reconcileCoreFromConfig(),(e==="ticket-id"||e==="app-id"||e==="publishable-key")&&this._emitContextReadyIfEnrollment(),e==="mode"&&(this._parsed.mode==="register"||this._parsed.mode==="login")){let i=this._parsed.mode;o!==i&&(this._emitCancelledIfAuthenticating(),this.setState(I.tabChange(this.currentState,i)))}this._syncThemeAttribute(),this.scheduleRenderIfNeeded(),this._syncInternalModalAttributes(),this._ensureInternalModal()}_onPrimaryClick(){if(this._parsed.action==="open-modal"){this._focusRestoreTarget=document.activeElement instanceof Element?document.activeElement:null,this.dispatchEvent(new CustomEvent(Ce,{detail:{},bubbles:!0,composed:!0})),!this._parsed.triggerOnly&&this._internalModal&&(this._internalModal.open=!0);return}this.startAuthFromClick()}getTabKind(){return this._parsed.mode==="auto"?"login":this._parsed.mode}getCoreAuthOptions(){return Pn(this._parsed.externalUserId)}canStartAuth(){return!0}getEnvEvalParams(){return{mode:this._parsed.mode}}getCoreConfig(){return!this._parsed.appId||!this._parsed.publishableKey?null:{appId:this._parsed.appId,publishableKey:this._parsed.publishableKey}}getFallbackDetail(){let e=this._parsed.mode==="login"||this._parsed.mode==="register"?this._parsed.mode:void 0;return e!==void 0?{operation:e}:{}}_render(){if(!this.shadowRoot)return;let e=Nt(this.currentState,this._parsed,{registerSessionReady:this._parsed.mode==="register"?this.canStartAuth():void 0,primaryButtonLabel:this._parsed.buttonLabel??void 0,primaryButtonAriaLabel:this._parsed.buttonAriaLabel??void 0}),r={shadowRoot:this.shadowRoot};Zr(r,e)}_syncThemeAttribute(){this.getAttribute("theme")!==this._parsed.theme&&this.setAttribute("theme",this._parsed.theme)}_syncInternalModalAttributes(){if(!this._internalModal)return;this._internalModal.setAttribute("app-id",this._parsed.appId??""),this._internalModal.setAttribute("publishable-key",this._parsed.publishableKey??""),this._internalModal.setAttribute("theme",this._parsed.theme);let e=this._parsed.mode==="auto"?"login":this._parsed.mode;this._internalModal.setAttribute("tab",e),this._internalModal.setAttribute("modal-variant","minimal")}_ensureInternalModal(){if(this._parsed.action!=="open-modal"||!this.shadowRoot)return;if(this._parsed.triggerOnly){this._internalModal?.isConnected&&(this._internalModal.removeEventListener(H,this._onInternalModalClose),this._internalModal.remove(),this._internalModal=null);return}if(this._internalModal?.isConnected){this._syncInternalModalAttributes();return}let e=document.createElement("trymellon-auth-modal");this._internalModal=e,this._syncInternalModalAttributes(),e.addEventListener(H,this._onInternalModalClose),e.addEventListener(q,this._onInternalModalSuccess),typeof document<"u"&&document.body?document.body.appendChild(e):this.shadowRoot.appendChild(e)}disconnectedCallback(){this._unregisterInteractions?.(),this._unregisterInteractions=null,this._internalModal?.isConnected&&(this._internalModal.removeEventListener(H,this._onInternalModalClose),this._internalModal.removeEventListener(q,this._onInternalModalSuccess),this._internalModal.remove(),this._internalModal=null),super.disconnectedCallback()}};var id="0.1.0",Jn="trymellon-auth",Zn="trymellon-auth-modal";typeof customElements<"u"&&!customElements.get(Jn)&&customElements.define(Jn,_t);typeof customElements<"u"&&!customElements.get(Zn)&&customElements.define(Zn,yt);export{ve as BASE_STYLES,k as INITIAL_UI_STATE,Ie as MELLON_CANCELLED,H as MELLON_CLOSE,dt as MELLON_ERROR,pt as MELLON_FALLBACK,ut as MELLON_OPEN,Ce as MELLON_OPEN_REQUEST,ct as MELLON_START,q as MELLON_SUCCESS,mt as MELLON_TAB_CHANGE,Zn as TRYMELLON_AUTH_MODAL_TAG,Jn as TRYMELLON_AUTH_TAG,_t as TryMellonAuthElement,yt as TryMellonAuthModalElement,id as UI_VERSION,Yt as createConstructableStylesheet,Tr as eventBridgeAdapter,se as getNextState,Wt as getStylesFallback};
+`+un),t}catch{return null}}var $t="https://api.trymellonauth.com",pn="https://api.trymellonauth.com/v1/telemetry";var mn="trymellon_sandbox_session_token_v1",gn="https://trymellon.com/docs/getting-started#sandbox",fn="/v1/enrollment-bridge",hn="/v1/auth-bridge";var c=t=>({ok:!0,value:t}),l=t=>({ok:!1,error:t});var qe=class t extends Error{code;details;isTryMellonError=!0;constructor(e,r,n){super(r),this.name="TryMellonError",this.code=e,this.details=n,Error.captureStackTrace&&Error.captureStackTrace(this,t)}},Ao={NOT_SUPPORTED:"WebAuthn is not supported in this environment",USER_CANCELLED:"User cancelled the operation",PASSKEY_NOT_FOUND:"Passkey not found",SESSION_EXPIRED:"Session has expired",NETWORK_FAILURE:"Network request failed",INVALID_ARGUMENT:"Invalid argument provided",TIMEOUT:"Operation timed out",ABORTED:"Operation was aborted",ABORT_ERROR:"Operation aborted by user or timeout",CHALLENGE_MISMATCH:"This link was already used or expired. Please try again from your computer.",TICKET_NOT_FOUND:"Enrollment ticket not found or invalid",TICKET_EXPIRED:"Enrollment ticket has expired",TICKET_ALREADY_USED:"Enrollment ticket was already used",PIN_MISMATCH:"PIN does not match",PIN_LOCKED:"PIN is locked due to too many failed attempts",BRIDGE_SESSION_EXPIRED:"Bridge session has expired",UNKNOWN_ERROR:"An unknown error occurred"};function E(t,e,r){return new qe(t,e??Ao[t],r)}function zt(t){return t instanceof qe||typeof t=="object"&&t!==null&&"isTryMellonError"in t&&t.isTryMellonError===!0}function En(){return E("NOT_SUPPORTED")}function R(t,e){return E("INVALID_ARGUMENT",`Invalid argument: ${t} - ${e}`,{field:t,reason:e})}function bn(t){return E("UNKNOWN_ERROR",`Failed to ${t} credential`,{operation:t})}function Xt(t){return E("NOT_SUPPORTED",`No base64 ${t==="encode"?"encoding":"decoding"} available`,{type:t})}function yn(t,e){try{let r=new URL(t);if(r.protocol!=="https:"&&r.protocol!=="http:")throw R(e,"must use http or https protocol")}catch(r){throw zt(r)?r:R(e,"must be a valid URL")}}function Ge(t,e,r,n){if(!Number.isFinite(t))throw R(e,"must be a finite number");if(t<r||t>n)throw R(e,`must be between ${r} and ${n}`)}function je(t,e){if(typeof t!="string"||t.length===0)throw R(e,"must be a non-empty string");if(!/^[A-Za-z0-9_-]+$/.test(t))throw R(e,"must be a valid base64url string")}var vo={NotAllowedError:"USER_CANCELLED",AbortError:"ABORTED",NotSupportedError:"NOT_SUPPORTED",SecurityError:"NOT_SUPPORTED",InvalidStateError:"UNKNOWN_ERROR",UnknownError:"UNKNOWN_ERROR"},So=["origin_not_allowed","origin_not_allowed_for_application"];function Qt(t){return So.includes(t)}function X(t){if(typeof t!="string")return"UNKNOWN_ERROR";let e=t.toLowerCase().trim();return{challenge_mismatch:"CHALLENGE_MISMATCH",session_expired:"SESSION_EXPIRED",unauthorized:"SESSION_EXPIRED",validation_error:"INVALID_ARGUMENT",invalid_argument:"INVALID_ARGUMENT",user_not_found:"SESSION_EXPIRED",passkey_not_found:"PASSKEY_NOT_FOUND",ticket_not_found:"TICKET_NOT_FOUND",ticket_expired:"TICKET_EXPIRED",ticket_already_consumed:"TICKET_ALREADY_USED",not_found:"TICKET_NOT_FOUND",expired:"TICKET_EXPIRED",already_consumed:"TICKET_ALREADY_USED",context_mismatch:"CHALLENGE_MISMATCH",challenge_not_found:"CHALLENGE_MISMATCH",invalid_ticket_id:"INVALID_ARGUMENT",invalid_context_hash:"INVALID_ARGUMENT",invalid_ticket_status:"INVALID_ARGUMENT",invalid_config:"INVALID_ARGUMENT",enrollment_not_enabled:"INVALID_ARGUMENT",pin_mismatch:"PIN_MISMATCH",pin_locked:"PIN_LOCKED",bridge_not_enabled:"UNKNOWN_ERROR",bridge_session_expired:"BRIDGE_SESSION_EXPIRED",session_not_found:"BRIDGE_SESSION_EXPIRED",origin_not_allowed:"INVALID_ARGUMENT",origin_not_allowed_for_application:"INVALID_ARGUMENT"}[e]??"UNKNOWN_ERROR"}function _(t){if(t instanceof DOMException){let e=t.name,r=t.message||"WebAuthn operation failed",n=vo[e]??"UNKNOWN_ERROR";return E(n,r,{originalError:t})}return t instanceof Error?E("UNKNOWN_ERROR",t.message,{originalError:t}):E("UNKNOWN_ERROR","An unknown error occurred",{originalError:t})}function h(t){return typeof t=="object"&&t!==null&&!Array.isArray(t)}function d(t){return typeof t=="string"}function V(t){return typeof t=="number"&&Number.isFinite(t)}function Ye(t){return typeof t=="boolean"}function ee(t){return Array.isArray(t)}function s(t,e){return l(E("UNKNOWN_ERROR",t,{...e,originalData:e?.originalData}))}function m(t,e){return t[e]}function To(t,e){return!h(t)||!d(t.name)||!d(t.id)?s("Invalid API response: challenge.rp must have name and id strings",{originalData:e}):c(!0)}function Co(t,e){return!h(t)||!d(t.id)||!d(t.name)||!d(t.displayName)?s("Invalid API response: challenge.user must have id, name, displayName strings",{originalData:e}):c(!0)}function Io(t,e){if(!ee(t))return s("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:e});for(let r of t)if(!h(r)||r.type!=="public-key"||!V(r.alg))return s("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:e});return c(!0)}function We(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"session_id");if(!d(e))return s("Invalid API response: session_id must be string",{field:"session_id",originalData:t});let r=m(t,"challenge");if(!h(r))return s("Invalid API response: challenge must be object",{field:"challenge",originalData:t});let n=To(m(r,"rp"),t);if(!n.ok)return n;let o=Co(m(r,"user"),t);if(!o.ok)return o;let i=m(r,"challenge");if(!d(i))return s("Invalid API response: challenge.challenge must be string",{originalData:t});let a=Io(m(r,"pubKeyCredParams"),t);if(!a.ok)return a;let u=r.timeout;if(u!==void 0&&!V(u))return s("Invalid API response: challenge.timeout must be number",{originalData:t});let p=r.excludeCredentials;if(p!==void 0){if(!ee(p))return s("Invalid API response: excludeCredentials must be array",{originalData:t});for(let f of p)if(!h(f)||f.type!=="public-key"||!d(f.id))return s("Invalid API response: excludeCredentials items must have id and type",{originalData:t})}let g=r.authenticatorSelection;return g!==void 0&&!h(g)?s("Invalid API response: authenticatorSelection must be object",{originalData:t}):c({session_id:e,challenge:{rp:r.rp,user:r.user,challenge:i,pubKeyCredParams:r.pubKeyCredParams,...u!==void 0&&{timeout:u},...p!==void 0&&{excludeCredentials:p},...g!==void 0&&{authenticatorSelection:g}}})}function Jt(t,e){if(!h(t))return s("Invalid API response: user must be object",{field:"user",originalData:e});let r=m(t,"user_id"),n=m(t,"external_user_id");if(!d(r)||!d(n))return s("Invalid API response: user must have user_id and external_user_id strings",{originalData:e});let o=t.email,i=t.metadata;return o!==void 0&&!d(o)?s("Invalid API response: user.email must be string",{originalData:e}):i!==void 0&&(typeof i!="object"||i===null)?s("Invalid API response: user.metadata must be object",{originalData:e}):c({user_id:r,external_user_id:n,...o!==void 0&&{email:o},...i!==void 0&&{metadata:i}})}function Zt(t){let e=We(t);return e.ok?c({session_id:e.value.session_id,challenge:e.value.challenge}):e}function er(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"session_id");if(!d(e))return s("Invalid API response: session_id must be string",{field:"session_id",originalData:t});let r=m(t,"challenge");if(!h(r))return s("Invalid API response: challenge must be object",{field:"challenge",originalData:t});let n=m(r,"challenge"),o=m(r,"rpId"),i=r.allowCredentials;if(!d(n))return s("Invalid API response: challenge.challenge must be string",{originalData:t});if(!d(o))return s("Invalid API response: challenge.rpId must be string",{originalData:t});if(i!==void 0&&!ee(i))return s("Invalid API response: allowCredentials must be array",{originalData:t});if(i){for(let p of i)if(!h(p)||p.type!=="public-key"||!d(p.id))return s("Invalid API response: allowCredentials items must have id and type",{originalData:t})}let a=r.timeout;if(a!==void 0&&!V(a))return s("Invalid API response: challenge.timeout must be number",{originalData:t});let u=r.userVerification;return u!==void 0&&!["required","preferred","discouraged"].includes(String(u))?s("Invalid API response: userVerification must be required|preferred|discouraged",{originalData:t}):c({session_id:e,challenge:{challenge:n,rpId:o,allowCredentials:i??[],...a!==void 0&&{timeout:a},...u!==void 0&&{userVerification:u}}})}function tr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"credential_id"),r=m(t,"status"),n=m(t,"session_token"),o=m(t,"user");if(!d(e))return s("Invalid API response: credential_id must be string",{field:"credential_id",originalData:t});if(!d(r))return s("Invalid API response: status must be string",{field:"status",originalData:t});if(!d(n))return s("Invalid API response: session_token must be string",{field:"session_token",originalData:t});let i=Jt(o,t);if(!i.ok)return l(i.error);let a=t.redirect_url;return a!==void 0&&!d(a)?s("Invalid API response: redirect_url must be string",{originalData:t}):c({credential_id:e,status:r,session_token:n,user:i.value,...a!==void 0&&{redirect_url:a}})}function rr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"authenticated"),r=m(t,"session_token"),n=m(t,"user"),o=m(t,"signals");if(!Ye(e))return s("Invalid API response: authenticated must be boolean",{field:"authenticated",originalData:t});if(!d(r))return s("Invalid API response: session_token must be string",{field:"session_token",originalData:t});let i=Jt(n,t);if(!i.ok)return l(i.error);if(o!==void 0&&!h(o))return s("Invalid API response: signals must be object",{originalData:t});let a=t.redirect_url;return a!==void 0&&!d(a)?s("Invalid API response: redirect_url must be string",{originalData:t}):c({authenticated:e,session_token:r,user:i.value,signals:o,...a!==void 0&&{redirect_url:a}})}function nr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"valid"),r=m(t,"user_id"),n=m(t,"external_user_id"),o=m(t,"tenant_id"),i=m(t,"app_id");return Ye(e)?d(r)?d(n)?d(o)?d(i)?c({valid:e,userId:r,externalUserId:n,tenantId:o,appId:i}):s("Invalid API response: app_id must be string",{field:"app_id",originalData:t}):s("Invalid API response: tenant_id must be string",{field:"tenant_id",originalData:t}):s("Invalid API response: external_user_id must be string",{field:"external_user_id",originalData:t}):s("Invalid API response: user_id must be string",{field:"user_id",originalData:t}):s("Invalid API response: valid must be boolean",{field:"valid",originalData:t})}function or(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=t.session_token??t.sessionToken;if(!d(e))return s("Invalid API response: session_token/sessionToken must be string",{field:"session_token",originalData:t});let r=t.redirect_url;return r!==void 0&&!d(r)?s("Invalid API response: redirect_url must be string",{originalData:t}):c({sessionToken:e,...r!==void 0&&{redirectUrl:r}})}var Lo=["pending_passkey","pending_data","completed"],Mo=["pending_data","completed"];function ir(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"session_id"),r=m(t,"onboarding_url"),n=m(t,"expires_in");return d(e)?d(r)?V(n)?c({session_id:e,onboarding_url:r,expires_in:n}):s("Invalid API response: expires_in must be number",{field:"expires_in",originalData:t}):s("Invalid API response: onboarding_url must be string",{field:"onboarding_url",originalData:t}):s("Invalid API response: session_id must be string",{field:"session_id",originalData:t})}function sr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"status"),r=m(t,"onboarding_url"),n=m(t,"expires_in");return!d(e)||!Lo.includes(e)?s("Invalid API response: status must be pending_passkey|pending_data|completed",{field:"status",originalData:t}):d(r)?V(n)?c({status:e,onboarding_url:r,expires_in:n}):s("Invalid API response: expires_in must be number",{originalData:t}):s("Invalid API response: onboarding_url must be string",{originalData:t})}function ar(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"session_id"),r=m(t,"status"),n=m(t,"onboarding_url");if(!d(e))return s("Invalid API response: session_id must be string",{field:"session_id",originalData:t});if(r!=="pending_passkey")return s("Invalid API response: status must be pending_passkey",{field:"status",originalData:t});if(!d(n))return s("Invalid API response: onboarding_url must be string",{originalData:t});let o=t.challenge,i;if(o!==void 0){let a=Oo(o);if(!a.ok)return a;i=a.value}return c({session_id:e,status:"pending_passkey",onboarding_url:n,...i!==void 0&&{challenge:i}})}function Oo(t){if(!h(t))return s("Invalid API response: challenge must be object",{originalData:t});let e=m(t,"rp"),r=m(t,"user"),n=m(t,"challenge"),o=m(t,"pubKeyCredParams");if(!h(e)||!d(e.name)||!d(e.id))return s("Invalid API response: challenge.rp must have name and id",{originalData:t});if(!h(r)||!d(r.id)||!d(r.name)||!d(r.displayName))return s("Invalid API response: challenge.user must have id, name, displayName",{originalData:t});if(!d(n))return s("Invalid API response: challenge.challenge must be string",{originalData:t});if(!ee(o))return s("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:t});for(let i of o)if(!h(i)||i.type!=="public-key"||!V(i.alg))return s("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:t});return c({rp:e,user:r,challenge:n,pubKeyCredParams:o})}function lr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"session_id"),r=m(t,"status"),n=m(t,"user_id"),o=m(t,"tenant_id");return d(e)?!d(r)||!Mo.includes(r)?s("Invalid API response: status must be pending_data|completed",{originalData:t}):d(n)?d(o)?c({session_id:e,status:r,user_id:n,tenant_id:o}):s("Invalid API response: tenant_id must be string",{originalData:t}):s("Invalid API response: user_id must be string",{originalData:t}):s("Invalid API response: session_id must be string",{originalData:t})}function ur(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"session_id"),r=m(t,"status"),n=m(t,"user_id"),o=m(t,"tenant_id"),i=m(t,"session_token");return d(e)?r!=="completed"?s("Invalid API response: status must be completed",{originalData:t}):!d(n)||!d(o)||!d(i)?s("Invalid API response: user_id, tenant_id, session_token must be strings",{originalData:t}):c({session_id:e,status:"completed",user_id:n,tenant_id:o,session_token:i}):s("Invalid API response: session_id must be string",{originalData:t})}function $e(t){return t==null?c(void 0):h(t)&&Object.keys(t).length===0?c(void 0):s("Invalid API response: expected empty body (204)",{originalData:t})}function xo(t){if(!t||typeof t!="object")return!1;let e=t;return typeof e.challenge=="string"&&e.rp!=null&&typeof e.rp=="object"&&e.user!=null&&typeof e.user=="object"&&Array.isArray(e.pubKeyCredParams)}function ko(t){if(!t||typeof t!="object")return!1;let e=t;return typeof e.challenge=="string"&&typeof e.rpId=="string"}function ze(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e="resultado"in t&&h(t.resultado)?t.resultado:t,r=e.session_id,n=e.qr_url,o=e.expires_at,i=e.polling_token;if(!d(r)||!d(n)||!d(o)||!d(i))return s("Invalid API response: missing required fields",{originalData:t});let a={session_id:r,qr_url:n,expires_at:o,polling_token:i};return e.external_user_id!==void 0&&d(e.external_user_id)&&(a.external_user_id=e.external_user_id),c(a)}function dr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e="resultado"in t&&h(t.resultado)?t.resultado:t,r=e.status;if(!d(r)||!["pending","authenticated","completed"].includes(r))return s("Invalid API response: invalid status",{originalData:t});let n=e.user_id,o=e.session_token,i=e.redirect_url;return n!==void 0&&!d(n)?s("Invalid API response: user_id must be a string when present",{originalData:t}):o!==void 0&&!d(o)?s("Invalid API response: session_token must be a string when present",{originalData:t}):i!==void 0&&!d(i)?s("Invalid API response: redirect_url must be a string when present",{originalData:t}):c({status:r,user_id:n,session_token:o,redirect_url:i})}function cr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=t.type,r=e==="registration"?"registration":"auth",n=t.options;if(!h(n))return s("Invalid API response: options are required",{originalData:t});let o=200,i=_n(t.approval_context,o),a=_n(t.application_name,o);if(i===!1||a===!1)return s("Invalid API response: approval_context/application_name must be string max 200 chars",{originalData:t});let u={};return typeof i=="string"&&(u.approval_context=i),typeof a=="string"&&(u.application_name=a),r==="registration"?xo(n)?c({type:"registration",options:n,...u}):s("Invalid API response: registration options must have challenge, rp, user, pubKeyCredParams",{originalData:t}):ko(n)?c({type:"auth",options:n,...u}):s("Invalid API response: auth options must have challenge and rpId",{originalData:t})}function _n(t,e){if(t!=null)return typeof t!="string"||t.length>e?!1:t}function pr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"challenge"),r=m(t,"recovery_session_id");return h(e)?d(r)?c({challenge:e,recovery_session_id:r}):s("Invalid API response: recovery_session_id must be string",{field:"recovery_session_id",originalData:t}):s("Invalid API response: challenge must be object",{field:"challenge",originalData:t})}function mr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"status"),r=m(t,"session_token"),n=m(t,"user"),o=m(t,"credential_id");if(!d(e))return s("Invalid API response: status must be string",{field:"status",originalData:t});if(!d(r))return s("Invalid API response: session_token must be string",{field:"session_token",originalData:t});if(!d(o))return s("Invalid API response: credential_id must be string",{field:"credential_id",originalData:t});if(!h(n))return s("Invalid API response: user must be object",{field:"user",originalData:t});let i=m(n,"user_id");if(!d(i))return s("Invalid API response: user.user_id must be string",{field:"user.user_id",originalData:t});let u=t.redirect_url;if(u!==void 0&&!d(u))return s("Invalid API response: redirect_url must be string",{field:"redirect_url",originalData:t});let p=n;return c({status:e,session_token:r,credential_id:o,user:{user_id:i,external_user_id:d(p.external_user_id)?p.external_user_id:void 0,email:d(p.email)?p.email:void 0,metadata:h(p.metadata)?p.metadata:void 0},...u!==void 0&&{redirect_url:u}})}function gr(t){let e=We(t);return e.ok?c({session_id:e.value.session_id,challenge:e.value.challenge}):e}function Do(t,e){if(!h(t))return s("Invalid API response: user must be object",{field:"user",originalData:e});let r=m(t,"user_id");if(!d(r))return s("Invalid API response: user.user_id must be string",{originalData:e});let n=t.external_user_id;if(n!==void 0&&!d(n))return s("Invalid API response: user.external_user_id must be string",{originalData:e});let o=t.email;if(o!==void 0&&!d(o))return s("Invalid API response: user.email must be string",{originalData:e});let i=t.metadata;return i!==void 0&&(typeof i!="object"||i===null)?s("Invalid API response: user.metadata must be object",{originalData:e}):c({user_id:r,...n!==void 0&&{external_user_id:n},...o!==void 0&&{email:o},...i!==void 0&&{metadata:i}})}function fr(t){if(!h(t))return s("Invalid API response: expected object",{originalData:t});let e=m(t,"credential_id"),r=m(t,"status"),n=m(t,"session_token"),o=m(t,"user");if(!d(e))return s("Invalid API response: credential_id must be string",{field:"credential_id",originalData:t});if(!d(r))return s("Invalid API response: status must be string",{field:"status",originalData:t});if(!d(n))return s("Invalid API response: session_token must be string",{field:"session_token",originalData:t});let i=Do(o,t);return i.ok?c({credential_id:e,status:r,session_token:n,user:i.value}):i}var No=["pending","pin_verified","pin_locked","completed"];function hr(t){if(!h(t))return s("Invalid bridge context response: expected object",{originalData:t});let e=m(t,"type");if(e!=="auth"&&e!=="registration")return s('Invalid bridge context response: type must be "auth" or "registration"',{field:"type",expected:"auth | registration",originalData:t});let r=m(t,"options");if(!h(r))return s("Invalid bridge context response: options must be object",{field:"options",originalData:t});let n=t.application_name;return n!==void 0&&!d(n)?s("Invalid bridge context response: application_name must be string",{field:"application_name",originalData:t}):c({type:e,options:r,...n!==void 0&&{application_name:n}})}function Er(t){if(!h(t))return s("Invalid bridge verify response: expected object",{originalData:t});let e=m(t,"session_id");if(!d(e)||e.trim()==="")return s("Invalid bridge verify response: session_id must be non-empty string (UUID expected)",{field:"session_id",originalData:t});let r=t.challenge;if(r!==void 0&&!d(r))return s("Invalid bridge verify response: challenge must be string when present",{field:"challenge",originalData:t});let n=t.registration_options;if(n!==void 0&&!h(n))return s("Invalid bridge verify response: registration_options must be object when present",{field:"registration_options",originalData:t});let o=t.authentication_options;return o!==void 0&&!h(o)?s("Invalid bridge verify response: authentication_options must be object when present",{field:"authentication_options",originalData:t}):c({session_id:e,...r!==void 0&&{challenge:r},...n!==void 0&&{registration_options:n},...o!==void 0&&{authentication_options:o}})}function br(t){if(!h(t))return s("Invalid bridge complete enrollment response: expected object",{originalData:t});let e=m(t,"credential_id"),r=m(t,"entity_id"),n=m(t,"user_id"),o=m(t,"session_token");return d(e)?d(r)?d(n)?d(o)?c({credential_id:e,entity_id:r,user_id:n,session_token:o}):s("Invalid bridge complete enrollment response: session_token must be string",{field:"session_token",originalData:t}):s("Invalid bridge complete enrollment response: user_id must be string",{field:"user_id",originalData:t}):s("Invalid bridge complete enrollment response: entity_id must be string",{field:"entity_id",originalData:t}):s("Invalid bridge complete enrollment response: credential_id must be string",{field:"credential_id",originalData:t})}function yr(t){if(!h(t))return s("Invalid bridge complete auth response: expected object",{originalData:t});let e=m(t,"session_token");return d(e)?c({session_token:e}):s("Invalid bridge complete auth response: session_token must be string",{field:"session_token",originalData:t})}function _r(t){if(!h(t))return s("Invalid bridge status response: expected object",{originalData:t});let e=m(t,"status");if(typeof e!="string"||!No.includes(e))return s("Invalid bridge status response: status must be one of pending, pin_verified, pin_locked, completed",{field:"status",originalData:t});let r=t.ts;return r!==void 0&&!d(r)?s("Invalid bridge status response: ts must be string when present",{field:"ts",originalData:t}):c({status:e,...r!==void 0&&{ts:r}})}var Xe=class{constructor(e,r,n={}){this.httpClient=e;this.baseUrl=r;this.defaultHeaders=n}mergeHeaders(e){return{...this.defaultHeaders,...e}}async post(e,r,n,o){let i=`${this.baseUrl}${e}`,a=await this.httpClient.post(i,r,this.mergeHeaders(o));return a.ok?n(a.value):l(a.error)}async get(e,r,n){let o=`${this.baseUrl}${e}`,i=await this.httpClient.get(o,this.mergeHeaders(n));return i.ok?r(i.value):l(i.error)}async startRegister(e){return this.post("/v1/passkeys/register/start",e,Zt)}async startAuth(e){return this.post("/v1/passkeys/auth/start",e,er)}async finishRegister(e){return this.post("/v1/passkeys/register/finish",e,tr)}async finishAuthentication(e){return this.post("/v1/passkeys/auth/finish",e,rr)}async validateSession(e){return this.get("/v1/sessions/validate",nr,{Authorization:`Bearer ${e}`})}async startEmailFallback(e){let r=`${this.baseUrl}/v1/fallback/email/start`,n=await this.httpClient.post(r,{userId:e.userId,email:e.email},this.mergeHeaders());return n.ok?c(void 0):l(n.error)}async verifyEmailCode(e){let r={userId:e.userId,code:e.code};return e.successUrl&&(r.success_url=e.successUrl),this.post("/v1/fallback/email/verify",r,or)}async startOnboarding(e){return this.post("/v1/onboarding/start",e,ir)}async getOnboardingStatus(e){return this.get(`/v1/onboarding/${e}/status`,sr)}async getOnboardingRegister(e){return this.get(`/v1/onboarding/${e}/register`,ar)}async registerOnboardingPasskey(e,r){return this.post(`/v1/onboarding/${e}/register-passkey`,r,lr)}async completeOnboarding(e,r){return this.post(`/v1/onboarding/${e}/complete`,r,ur)}async initCrossDeviceAuth(){return this.post("/v1/auth/cross-device/init",{},ze)}async initCrossDeviceRegistration(e){let r=typeof e?.externalUserId=="string"?e.externalUserId.trim():"",n=r.length>0?{external_user_id:r}:{};return this.post("/v1/auth/cross-device/init-registration",n,ze)}async getCrossDeviceStatus(e,r){let n={};return typeof r=="string"&&r.length>0&&(n["X-Polling-Token"]=r),this.get(`/v1/auth/cross-device/status/${e}`,dr,Object.keys(n).length>0?n:void 0)}async getCrossDeviceContext(e){return this.get(`/v1/auth/cross-device/context/${e}`,cr)}async verifyCrossDeviceAuth(e){return this.post("/v1/auth/cross-device/verify",e,$e)}async verifyCrossDeviceRegistration(e){return this.post("/v1/auth/cross-device/verify-registration",e,$e)}async verifyAccountRecoveryOtp(e,r){return this.post("/v1/users/recovery/verify",{external_id:e,otp:r},pr)}async completeAccountRecovery(e,r){return this.post("/v1/users/recovery/complete",{recovery_session_id:e,credential:r},mr)}async startEnrollment(e,r,n){return this.post("/v1/enrollment/register/options",{ticket_id:e,context_hash:r},gr,n)}async finishEnrollment(e,r,n){return this.post("/v1/enrollment/register",{...r,ticket_id:e},fr,n)}bridgePrefix(e){return e==="enrollment"?fn:hn}async getBridgeContext(e,r,n){return this.get(`${this.bridgePrefix(r)}/context/${e}`,hr,n)}async verifyBridgePin(e,r,n,o){return this.post(`${this.bridgePrefix(n)}/verify/${e}`,{pin:r},Er,o)}async completeBridgeEnrollment(e,r){return this.post(`${this.bridgePrefix("enrollment")}/complete`,e,br,r)}async completeBridgeAuth(e,r){return this.post(`${this.bridgePrefix("auth")}/complete`,e,yr,r)}getBridgeStatusUrl(e,r){return`${this.baseUrl}${this.bridgePrefix(r)}/status/${e}`}async getBridgeStatus(e,r,n){return this.get(`${this.bridgePrefix(r)}/status/${e}`,_r,n)}};function wo(t){return typeof t=="object"&&t!==null&&t.ok===!0&&"resultado"in t}function Rr(t){if(typeof t!="object"||t===null)return!1;let e=t;if(e.ok!==!1||!e.error||typeof e.error!="object")return!1;let r=e.error;return typeof r.code=="string"&&typeof r.message=="string"}var Po="https://trymellon.com/docs/getting-started#allowed-origins",Uo="Add your origin to allowed origins in the TryMellon dashboard.";function Rn(t){let e=t.error.hint??Uo,r=t.error.docs_url??Po;console.warn(`[TryMellon] ${e} See: ${r}`)}function An(t,e){if(Rr(t))return{message:t.error.message,code:X(t.error.code)};let r=t,n=r?.error;if(typeof n=="object"&&n!==null&&"code"in n&&typeof n.code=="string")return{message:n.message??r?.message??e,code:X(n.code)};let o=r?.message??e,i=r?.error,a=typeof i=="string"?X(i):i===void 0?"NETWORK_FAILURE":X(String(i));return{message:o,code:a}}function Bo(){if(typeof globalThis.crypto<"u"&&typeof globalThis.crypto.randomUUID=="function")return globalThis.crypto.randomUUID();throw new Error("Web Crypto API is required but not available.")}function vn(t,e){let r=e*Math.pow(2,t);return Math.min(r,3e4)}function Fo(t,e){return t!=="GET"?!1:e>=500||e===429}var Qe=class{constructor(e,r=0,n=1e3,o){this.timeoutMs=e;this.maxRetries=r;this.retryDelayMs=n;this.logger=o}async get(e,r){return this.request(e,{method:"GET",headers:r})}async post(e,r,n){return this.request(e,{method:"POST",body:JSON.stringify(r),headers:{"Content-Type":"application/json",...n}})}async request(e,r){let n=(r.method??"GET").toUpperCase(),o=Bo(),i=new Headers(r.headers);i.set("X-Request-Id",o),this.logger&&this.logger.debug("request",{requestId:o,url:e,method:n});let a;for(let u=0;u<=this.maxRetries;u++)try{let p=new AbortController,g=setTimeout(()=>p.abort(),this.timeoutMs);try{let f=await fetch(e,{...r,headers:i,signal:p.signal});if(!f.ok){let v;try{v=await f.json()}catch{}Rr(v)&&Qt(v.error.code)&&Rn(v);let{message:S,code:L}=An(v,f.statusText),C=E(L,S,{requestId:o,status:f.status,statusText:f.statusText,data:v});if(Fo(n,f.status)&&u<this.maxRetries){a=C,clearTimeout(g),await new Promise(Rt=>setTimeout(Rt,vn(u,this.retryDelayMs)));continue}return l(C)}if(f.status===204)return c(void 0);if(f.headers.get("content-length")==="0")return c(void 0);let b=await f.json();if(wo(b))return c(b.resultado);let A=b;if(typeof b=="object"&&b!==null&&A.ok===!0&&!("resultado"in A))return c(void 0);if(Rr(b)){Qt(b.error.code)&&Rn(b);let{message:v,code:S}=An(b,f.statusText);return l(E(S,v,{requestId:o,status:f.status,statusText:f.statusText,data:b}))}return c(b)}finally{clearTimeout(g)}}catch(p){if(a=p,n==="GET"&&u<this.maxRetries)await new Promise(f=>setTimeout(f,vn(u,this.retryDelayMs)));else break}return a instanceof Error&&a.name==="AbortError"?l(E("TIMEOUT","Request timed out",{requestId:o})):l(E("NETWORK_FAILURE",a instanceof Error?a.message:"Request failed",{requestId:o,cause:a}))}};function U(t){let e=new Uint8Array(t),r=Array.from(e,o=>String.fromCharCode(o)).join("");if(typeof globalThis.btoa>"u")throw Xt("encode");return globalThis.btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function Ko(t){if(typeof globalThis.atob>"u")throw Xt("decode");let e=t.replace(/-/g,"+").replace(/_/g,"/"),r=e.length%4,n=r===0?e:e+"=".repeat(4-r),o=globalThis.atob(n);return Uint8Array.from(o,i=>i.charCodeAt(0))}function te(t){return Ko(t).buffer}function Sn(t){return t!==null&&typeof t=="object"&&"clientDataJSON"in t&&t.clientDataJSON instanceof ArrayBuffer}function x(t){if(!t.response)throw E("UNKNOWN_ERROR","Credential response is missing",{credential:t});let e=t.response;if(!Sn(e))throw E("UNKNOWN_ERROR","Invalid credential response structure",{response:e});if(!("attestationObject"in e))throw E("UNKNOWN_ERROR","Invalid credential response structure for register: attestationObject is missing",{response:e});let r=e.clientDataJSON,n=e.attestationObject;return{id:t.id,rawId:U(t.rawId),response:{clientDataJSON:U(r),attestationObject:U(n)},type:"public-key"}}function re(t){if(!t.response)throw E("UNKNOWN_ERROR","Credential response is missing",{credential:t});let e=t.response;if(!Sn(e))throw E("UNKNOWN_ERROR","Invalid credential response structure",{response:e});if(!("authenticatorData"in e)||!("signature"in e))throw E("UNKNOWN_ERROR","Invalid credential response structure for auth: authenticatorData or signature is missing",{response:e});let r=e.clientDataJSON,n=e.authenticatorData,o=e.signature,i=e.userHandle;return{id:t.id,rawId:U(t.rawId),response:{authenticatorData:U(n),clientDataJSON:U(r),signature:U(o),...i&&{userHandle:U(i)}},type:"public-key"}}function O(t,e="create"){if(!t||typeof t!="object"||!("id"in t)||!("rawId"in t)||!("response"in t))throw bn(e)}function ne(){try{return!(typeof navigator>"u"||!navigator.credentials||typeof PublicKeyCredential>"u")}catch{return!1}}async function Vo(){try{return!ne()||typeof PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable!="function"?!1:await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()}catch{return!1}}async function Je(){let t=ne(),e=await Vo();return{isPasskeySupported:t,platformAuthenticatorAvailable:e,recommendedFlow:t?"passkey":"fallback"}}async function Se(t){let{operation:e,eventEmitter:r,start:n,createOptions:o,invoke:i,finish:a}=t;try{if(r.emit("start",{type:"start",operation:e}),!ne()){let y=En();return r.emit("error",{type:"error",error:y}),l(y)}let u=await n();if(!u.ok)return r.emit("error",{type:"error",error:u.error}),l(u.error);let p=o(u.value);if(!p.ok)return r.emit("error",{type:"error",error:p.error}),l(p.error);let g=await i(p.value);if(!g){let y=R("credential",`${e==="register"?"creation":"retrieval"} failed`);return r.emit("error",{type:"error",error:y}),l(y)}try{O(g)}catch(y){let b=_(y);return r.emit("error",{type:"error",error:b}),l(b)}let f=await a(u.value,g);return f.ok?c(f.value):(r.emit("error",{type:"error",error:f.error}),l(f.error))}catch(u){let p=_(u);return r.emit("error",{type:"error",error:p}),l(p)}}function w(t,e){try{je(t.challenge,"challenge"),je(t.user.id,"user.id");let r=te(t.challenge),n=te(t.user.id),o={userVerification:"preferred"};t.authenticatorSelection&&(o={...t.authenticatorSelection}),e&&(o={...o,authenticatorAttachment:e});let i={rp:{id:t.rp.id,name:t.rp.name},user:{id:n,name:t.user.name,displayName:t.user.displayName},challenge:r,pubKeyCredParams:t.pubKeyCredParams,...t.timeout!==void 0&&{timeout:t.timeout},attestation:"none",authenticatorSelection:o,...t.excludeCredentials&&{excludeCredentials:t.excludeCredentials.map(a=>({id:te(a.id),type:a.type,...a.transports&&{transports:a.transports}}))}};return c({publicKey:i})}catch(r){return l(_(r))}}async function Tn(t,e){let r=w(t);if(!r.ok)return l(r.error);let n={...r.value,...e!==void 0&&{signal:e}},o;try{o=await navigator.credentials.create(n)}catch(i){return l(_(i))}try{O(o,"create")}catch(i){return l(_(i))}try{return c(x(o))}catch(i){return l(_(i))}}function Te(t,e){try{je(t.challenge,"challenge");let r=te(t.challenge);return c({publicKey:{challenge:r,rpId:t.rpId,...t.timeout!==void 0&&{timeout:t.timeout},userVerification:t.userVerification??"preferred",...t.allowCredentials&&{allowCredentials:t.allowCredentials.map(n=>({id:te(n.id),type:n.type,...n.transports&&{transports:n.transports}}))}},...e!==void 0&&{mediation:e}})}catch(r){return l(_(r))}}async function Cn(t,e,r){let n=t.externalUserId??t.external_user_id;if(!n||typeof n!="string"||n.trim()===""){let i=R("externalUserId","must be a non-empty string");return r.emit("error",{type:"error",error:i}),l(i)}let o=await Se({operation:"register",eventEmitter:r,start:()=>e.startRegister({external_user_id:n}),createOptions:i=>w(i.challenge,t.authenticatorType),invoke:async i=>{let a={...i,...t.signal&&{signal:t.signal}};return navigator.credentials.create(a)},finish:async(i,a)=>{let u=await e.finishRegister({session_id:i.session_id,credential:x(a),...t.successUrl&&{success_url:t.successUrl}});return u.ok?c({success:!0,credentialId:u.value.credential_id,credential_id:u.value.credential_id,status:u.value.status,sessionToken:u.value.session_token,user:{userId:u.value.user.user_id,externalUserId:u.value.user.external_user_id,email:u.value.user.email,metadata:u.value.user.metadata},...u.value.redirect_url&&{redirectUrl:u.value.redirect_url}}):l(u.error)}});return o.ok&&r.emit("success",{type:"success",operation:"register",token:o.value.sessionToken,user:o.value.user}),o}async function In(t,e,r){let n=t.externalUserId??t.external_user_id,o=n!==void 0&&typeof n=="string"&&n.trim()!=="",i=await Se({operation:"authenticate",eventEmitter:r,start:()=>e.startAuth(o?{external_user_id:n.trim()}:{}),createOptions:a=>Te(a.challenge,t.mediation),invoke:async a=>{let u={...a,...t.signal&&{signal:t.signal}};return navigator.credentials.get(u)},finish:async(a,u)=>{let p=await e.finishAuthentication({session_id:a.session_id,credential:re(u),...t.successUrl&&{success_url:t.successUrl}});return p.ok?c({authenticated:p.value.authenticated,sessionToken:p.value.session_token,user:{userId:p.value.user.user_id,externalUserId:p.value.user.external_user_id,email:p.value.user.email,metadata:p.value.user.metadata},signals:p.value.signals,...p.value.redirect_url&&{redirectUrl:p.value.redirect_url}}):l(p.error)}});return i.ok&&r.emit("success",{type:"success",operation:"authenticate",token:i.value.sessionToken,user:i.value.user}),i}async function Ze(t,e){return e?e.aborted?"aborted":new Promise(r=>{let n=()=>{o(),r("aborted")},o=()=>{clearTimeout(i),e.removeEventListener("abort",n)},i=setTimeout(()=>{o(),r("completed")},t);e.addEventListener("abort",n)}):(await new Promise(r=>setTimeout(r,t)),"completed")}var Ho=2e3,qo=60,et=class{constructor(e){this.apiClient=e}async startFlow(e,r){let n=await this.apiClient.startOnboarding({user_role:e.user_role});if(!n.ok)return l(n.error);let{session_id:o}=n.value;for(let i=0;i<qo;i++){if(r?.aborted)return l(E("ABORT_ERROR","Operation aborted by user or timeout"));if(await Ze(Ho,r)==="aborted")return l(E("ABORT_ERROR","Operation aborted by user or timeout"));let u=await this.apiClient.getOnboardingStatus(o);if(!u.ok)return l(u.error);let p=u.value.status,g=u.value.onboarding_url;if(p==="pending_passkey"){let f=await this.apiClient.getOnboardingRegister(o);if(!f.ok)return l(f.error);let y=f.value;if(!y.challenge)return l(E("NOT_SUPPORTED","Onboarding requires user action - complete passkey registration at the provided onboarding_url",{onboarding_url:g}));let b=w(y.challenge);if(!b.ok)return l(b.error);let A;try{A=await navigator.credentials.create(b.value)}catch(C){return l(_(C))}try{O(A,"create")}catch(C){return l(_(C))}let v;try{v=x(A)}catch(C){return l(_(C))}let S=await this.apiClient.registerOnboardingPasskey(o,{credential:v,challenge:y.challenge.challenge});return S.ok?await this.apiClient.completeOnboarding(o,{company_name:e.company_name}):l(S.error)}if(p==="completed")return await this.apiClient.completeOnboarding(o,{company_name:e.company_name})}return l(E("TIMEOUT","Onboarding timed out"))}};var Ln="trymellon_context_hash";var Go=/^[a-f0-9]{64}$/;function jo(t){return typeof t=="string"&&Go.test(t)}function Yo(){let t=new Uint8Array(32);if(typeof crypto<"u"&&crypto.getRandomValues)crypto.getRandomValues(t);else throw new Error("crypto.getRandomValues is not available");return Array.from(t).map(r=>r.toString(16).padStart(2,"0")).join("")}function Wo(){let t=null;return{getItem(){return t},setItem(e,r){t=r}}}var Mn=Wo();function On(t){let e=t.getItem(Ln);if(e&&jo(e))return e;let r=Yo();return t.setItem(Ln,r),r}function oe(t){let e=t??Mn;try{return On(e)}catch{return On(Mn)}}var tt=class{constructor(e,r){this.apiClient=e;this.storage=r}async enroll(e){if(e.signal?.aborted)return l(E("ABORT_ERROR","Operation aborted by user or timeout"));let r=this.storage??(typeof sessionStorage<"u"?sessionStorage:void 0),n=oe(r),o=await this.apiClient.startEnrollment(e.ticketId,n);if(!o.ok)return l(o.error);let i=await Tn(o.value.challenge,e.signal);if(!i.ok)return l(i.error);let a=await this.apiClient.finishEnrollment(e.ticketId,{credential:i.value,context_hash:n});return a.ok?c({sessionToken:a.value.session_token}):l(a.error)}};var $o=2e3,zo=60,rt=class{constructor(e){this.apiClient=e}async init(){return this.apiClient.initCrossDeviceAuth()}async initRegistration(e){return this.apiClient.initCrossDeviceRegistration(e)}async waitForSession(e,r,n){if(r?.aborted)return l(E("ABORT_ERROR","Operation aborted by user or timeout"));for(let o=0;o<zo;o++){let i=await this.apiClient.getCrossDeviceStatus(e,n);if(!i.ok)return l(i.error);if(i.value.status==="completed"){if(!i.value.session_token||!i.value.user_id)return l(E("UNKNOWN_ERROR","Missing data in completed session"));let u=i.value.redirect_url!=null&&i.value.redirect_url!==""?i.value.redirect_url:void 0;return c({session_token:i.value.session_token,user_id:i.value.user_id,...u!==void 0&&{redirectUrl:u}})}if(await Ze($o,r)==="aborted")return l(E("ABORT_ERROR","Operation aborted by user or timeout"))}return l(E("TIMEOUT","Cross-device authentication timed out"))}async approve(e){let r=await this.apiClient.getCrossDeviceContext(e);if(!r.ok)return l(r.error);let n=r.value;return n.type==="registration"?this.executeRegistrationApproval(e,n):this.executeAuthApproval(e,n)}async executeRegistrationApproval(e,r){let n=w(r.options);if(!n.ok)return l(n.error);let o;try{o=await navigator.credentials.create(n.value)}catch(a){return l(_(a))}try{O(o,"create")}catch(a){return l(_(a))}let i;try{i=x(o)}catch(a){return l(_(a))}return this.apiClient.verifyCrossDeviceRegistration({session_id:e,credential:i})}async executeAuthApproval(e,r){let n=Te(r.options);if(!n.ok)return l(n.error);let o;try{o=await navigator.credentials.get(n.value)}catch(a){return l(_(a))}try{O(o,"get")}catch(a){return l(_(a))}let i;try{i=re(o)}catch(a){return l(_(a))}return this.apiClient.verifyCrossDeviceAuth({session_id:e,credential:i})}};var Xo=new Set(["pin_verified","pin_locked","completed"]),Qo=1500,Jo=3e5;function xn(t){return Xo.has(t)}function nt(t){return t==null||typeof t!="string"||t.trim()===""?l(R("sessionId","must be a non-empty string")):c(t.trim())}function Zo(t){return{sessionToken:t.session_token,credentialId:t.credential_id,userId:t.user_id,entityId:t.entity_id}}function ei(t){return{sessionToken:t.session_token}}async function ti(t,e,r,n){let i=(n.presencePin!=null&&n.presencePin!==""?n.presencePin:null)??(typeof n.onPinRequired=="function"?await n.onPinRequired():null);return i==null||i===""?l(E("INVALID_ARGUMENT","Bridge requires PIN: provide presencePin or onPinRequired in options")):t.verifyBridgePin(e,i,r)}var ot=class{constructor(e,r){this.apiClient=e;this.storage=r}async waitForResult(e,r){let n=nt(e);if(!n.ok)return l(n.error);let o=r?.kind??"enrollment",i=r?.useSse!==!1,a=r?.timeoutMs??Jo,u=async p=>{for(;;){let g=await this.apiClient.getBridgeStatus(n.value,o);if(!g.ok)return l(g.error);if(xn(g.value.status))return c(g.value);if(Date.now()-p>=a)return l(E("TIMEOUT","Bridge status wait timed out"));await new Promise(f=>setTimeout(f,Qo))}};return i&&typeof EventSource<"u"?new Promise(p=>{let g=this.apiClient.getBridgeStatusUrl(n.value,o),f=!1,y=A=>{if(!f){f=!0;try{b.close()}catch{}p(A)}},b;try{b=new EventSource(g)}catch{u(Date.now()).then(y);return}b.onmessage=A=>{try{let v=typeof A.data=="string"?A.data:String(A.data),S=JSON.parse(v);if(S!==null&&typeof S=="object"&&"status"in S&&typeof S.status=="string"){let L=S.status;if(xn(L)){let C=S.ts;y(c({status:L,...typeof C=="string"&&{ts:C}}))}}}catch{}},b.onerror=()=>{if(!f){try{b.close()}catch{}u(Date.now()).then(y)}}}):u(Date.now())}async getContext(e,r){let n=nt(e);return n.ok?this.apiClient.getBridgeContext(n.value,r):l(n.error)}async verifyPin(e,r,n){let o=nt(e);return o.ok?r==null||typeof r!="string"||r===""?l(R("pin","must be a non-empty string")):this.apiClient.verifyBridgePin(o.value,r,n):l(o.error)}async complete(e,r){let n=nt(e);if(!n.ok)return l(n.error);let o=r?.kind??"enrollment",i=await this.apiClient.getBridgeContext(n.value,o);if(!i.ok)return l(i.error);let a=i.value,u=await ti(this.apiClient,n.value,o,r??{kind:o});if(!u.ok)return l(u.error);let p=u.value;if(r?.signal?.aborted)return l(E("ABORT_ERROR","Operation aborted by user or timeout"));let g=a.type==="registration"?"enrollment":"auth";if(o!==g)return l(E("INVALID_ARGUMENT",`Bridge context type "${a.type}" does not match kind "${o}"`));if(a.type==="registration"){if(!r?.ticketId?.trim()||!r?.entityId?.trim())return l(R("ticketId/entityId","required for enrollment bridge complete"));let L=p.registration_options;if(!L||typeof L!="object")return l(E("UNKNOWN_ERROR","Bridge verify response missing registration_options"));let C=w(L);if(!C.ok)return l(C.error);let Rt={...C.value,...r.signal!==void 0&&{signal:r.signal}},At;try{At=await navigator.credentials.create(Rt)}catch(St){return l(_(St))}try{O(At,"create")}catch(St){return l(_(St))}let Me=x(At),eo=this.storage??(typeof sessionStorage<"u"?sessionStorage:void 0),to=oe(eo),vt=await this.apiClient.completeBridgeEnrollment({session_id:n.value,ticket_id:r.ticketId,entity_id:r.entityId,context_hash:to,registration_response:{id:Me.id,rawId:Me.rawId,response:Me.response,type:Me.type}});return vt.ok?c(Zo(vt.value)):l(vt.error)}let f=p.authentication_options;if(!f||typeof f!="object")return l(E("UNKNOWN_ERROR","Bridge verify response missing authentication_options"));let y=Te(f);if(!y.ok)return l(y.error);let b={...y.value,...r?.signal!==void 0&&{signal:r.signal}},A;try{A=await navigator.credentials.get(b)}catch(L){return l(_(L))}try{O(A,"get")}catch(L){return l(_(L))}let v=re(A),S=await this.apiClient.completeBridgeAuth({session_id:n.value,credential:{id:v.id,rawId:v.rawId,response:v.response,type:v.type}});return S.ok?c(ei(S.value)):l(S.error)}};var it=class{handlers;constructor(){this.handlers=new Map}on(e,r){let n=this.handlers.get(e);return n||(n=new Set,this.handlers.set(e,n)),n.add(r),()=>{this.off(e,r)}}off(e,r){let n=this.handlers.get(e);n&&(n.delete(r),n.size===0&&this.handlers.delete(e))}emit(e,r){let n=this.handlers.get(e);if(n)for(let o of n)try{o(r)}catch(i){console.warn("[TryMellon] Event handler threw:",i)}}removeAllListeners(){this.handlers.clear()}};function kn(t){return{async send(e){let r=JSON.stringify(e);if(typeof navigator<"u"&&typeof navigator.sendBeacon=="function"){navigator.sendBeacon(t,r);return}typeof fetch<"u"&&await fetch(t,{method:"POST",body:r,headers:{"Content-Type":"application/json"},keepalive:!0})}}}function Ar(t,e){return{event:t,latencyMs:e,ok:!0}}var st=class{constructor(e,r,n,o,i){this.apiClient=e;this.eventEmitter=r;this.sandbox=n;this.sandboxToken=o;this.telemetrySender=i}async sandboxAuthResult(e,r){let n="externalUserId"in r?r.externalUserId??r.external_user_id??"sandbox":r.external_user_id??r.externalUserId??"sandbox",o=typeof n=="string"?n:"sandbox";return e==="register"?Promise.resolve(c({success:!0,credentialId:"",status:"sandbox",sessionToken:this.sandboxToken,user:{userId:"sandbox-user",externalUserId:o}})):Promise.resolve(c({authenticated:!0,sessionToken:this.sandboxToken,user:{userId:"sandbox-user",externalUserId:o}}))}async register(e){if(this.sandbox){let o=await this.sandboxAuthResult("register",e);return o.ok&&this.eventEmitter.emit("success",{type:"success",operation:"register",token:o.value.sessionToken,user:o.value.user}),o}let r=Date.now(),n=await Cn(e,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(Ar("register",Date.now()-r)).catch(o=>console.warn("[TryMellon] Telemetry send failed",o)),n}async authenticate(e){if(this.sandbox){let o=await this.sandboxAuthResult("authenticate",e);return o.ok&&this.eventEmitter.emit("success",{type:"success",operation:"authenticate",token:o.value.sessionToken,user:o.value.user}),o}let r=Date.now(),n=await In(e,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(Ar("authenticate",Date.now()-r)).catch(o=>console.warn("[TryMellon] Telemetry send failed",o)),n}};async function Dn(t,e,r){let n=t.externalUserId??t.external_user_id;if(!n||typeof n!="string"||n.trim()===""){let i=R("externalUserId","must be a non-empty string");return r.emit("error",{type:"error",error:i}),l(i)}if(!t.otp||typeof t.otp!="string"||t.otp.trim().length!==6){let i=R("otp","must be a 6-digit string");return r.emit("error",{type:"error",error:i}),l(i)}let o=await Se({operation:"register",eventEmitter:r,start:()=>e.verifyAccountRecoveryOtp(n,t.otp),createOptions:i=>{let a=i.challenge;return!a||typeof a!="object"||!("rp"in a)||!("user"in a)||!("challenge"in a)||!("pubKeyCredParams"in a)?l(R("challenge","invalid recovery challenge structure")):w(a)},invoke:async i=>navigator.credentials.create(i),finish:async(i,a)=>{let u=await e.completeAccountRecovery(i.recovery_session_id,x(a));if(!u.ok)return l(u.error);let{credential_id:p,status:g,session_token:f,user:y,redirect_url:b}=u.value;return c({success:!0,credentialId:p,status:g,sessionToken:f,user:{userId:y.user_id,externalUserId:y.external_user_id,email:y.email,metadata:y.metadata},...b!==void 0&&{redirectUrl:b}})}});return o.ok&&r.emit("success",{type:"success",operation:"register",token:o.value.sessionToken,user:o.value.user}),o}var at=class{constructor(e,r){this.apiClient=e;this.eventEmitter=r}recover(e){return Dn(e,this.apiClient,this.eventEmitter)}};function di(t){if(typeof t!="string"||t==="")return!1;try{let e=new URL(t).hostname.toLowerCase();return e==="localhost"||e==="127.0.0.1"}catch{return!1}}var lt=class t{sandbox;sandboxToken;apiClient;eventEmitter;telemetrySender;crossDeviceManager;authService;recoveryService;onboarding;enrollmentManager;bridgeManager;contextHashStorage;static validateConfig(e){let{appId:r,publishableKey:n}=e;if(!r||typeof r!="string"||r.trim()==="")throw R("appId","must be a non-empty string");if(!n||typeof n!="string"||n.trim()==="")throw R("publishableKey","must be a non-empty string");let o=e.apiBaseUrl??$t;yn(o,"apiBaseUrl");let i=e.timeoutMs??3e4;Ge(i,"timeoutMs",1e3,3e5),e.maxRetries!==void 0&&Ge(e.maxRetries,"maxRetries",0,10),e.retryDelayMs!==void 0&&Ge(e.retryDelayMs,"retryDelayMs",100,1e4)}static create(e){try{return t.validateConfig(e),c(new t(e))}catch(r){return zt(r)?l(r):l(R("config",r.message))}}constructor(e){this.sandbox=e.sandbox===!0,this.sandboxToken=this.sandbox&&e.sandboxToken!=null&&e.sandboxToken!==""?e.sandboxToken:mn,t.validateConfig(e);let r=e.appId,n=e.publishableKey,o=e.apiBaseUrl??$t,i=e.timeoutMs??3e4,a=e.maxRetries??3,u=e.retryDelayMs??1e3,p=new Qe(i,a,u,e.logger),g=e.origin??(typeof window<"u"&&window?.location?.origin?window.location.origin:void 0),f={"X-App-Id":r.trim(),Authorization:`Bearer ${n.trim()}`,...g&&{Origin:g}};this.apiClient=new Xe(p,o,f),this.eventEmitter=new it,e.enableTelemetry&&(this.telemetrySender=e.telemetrySender??kn(e.telemetryEndpoint??pn)),this.authService=new st(this.apiClient,this.eventEmitter,this.sandbox,this.sandboxToken,this.telemetrySender),this.recoveryService=new at(this.apiClient,this.eventEmitter),this.contextHashStorage=e.contextHashStorage,this.onboarding=new et(this.apiClient),this.enrollmentManager=new tt(this.apiClient,this.contextHashStorage),this.crossDeviceManager=new rt(this.apiClient),this.bridgeManager=new ot(this.apiClient,this.contextHashStorage),this.warnIfSandboxOnProd()}warnIfSandboxOnProd(){if(typeof window>"u"||!this.sandbox)return;let e=window.location.origin;di(e)||console.warn(`[TryMellon] Sandbox mode is ON but origin is not localhost (current: ${e}). Use sandbox: false in production. See: ${gn}`)}get bridge(){return{getContext:(e,r)=>this.bridgeManager.getContext(e,r),verifyPin:(e,r,n)=>this.bridgeManager.verifyPin(e,r,n),complete:(e,r)=>this.bridgeManager.complete(e,r),waitForResult:(e,r)=>this.bridgeManager.waitForResult(e,r)}}static isSupported(){return ne()}async register(e){return this.authService.register(e)}async authenticate(e){return this.authService.authenticate(e)}async enroll(e){this.eventEmitter.emit("start",{type:"start",operation:"enroll"});let r=await this.enrollmentManager.enroll(e);return r.ok?this.eventEmitter.emit("success",{type:"success",operation:"enroll",token:r.value.sessionToken}):this.eventEmitter.emit("error",{type:"error",operation:"enroll",error:r.error}),r}getContextHash(){let e=this.contextHashStorage??(typeof sessionStorage<"u"?sessionStorage:void 0);return oe(e)}async validateSession(e){return this.sandbox&&e===this.sandboxToken?Promise.resolve(c({valid:!0,userId:"sandbox-user",externalUserId:"sandbox",tenantId:"sandbox-tenant",appId:"sandbox-app"})):this.apiClient.validateSession(e)}async getStatus(){return Je()}on(e,r){return this.eventEmitter.on(e,r)}version(){return"2.3.4"}fallback={email:{start:async e=>this.apiClient.startEmailFallback(e),verify:async e=>{let r=await this.apiClient.verifyEmailCode({userId:e.userId,code:e.code,...e.successUrl&&{successUrl:e.successUrl}});return r.ok?c({sessionToken:r.value.sessionToken,...r.value.redirectUrl&&{redirectUrl:r.value.redirectUrl}}):r}}};auth={crossDevice:{init:()=>this.crossDeviceManager.init(),initRegistration:e=>this.crossDeviceManager.initRegistration(e??{}),waitForSession:(e,r,n)=>this.crossDeviceManager.waitForSession(e,r,n),getContext:e=>this.apiClient.getCrossDeviceContext(e),approve:e=>this.crossDeviceManager.approve(e)},recoverAccount:e=>this.recoveryService.recover(e)}};function vr(t){let e=lt.create({appId:t.appId,publishableKey:t.publishableKey});return!e.ok||e.value==null?null:e.value}function wn(t){if(t==null||typeof t!="object")return!1;let e=t,r=typeof e.authenticate=="function",n=typeof e.register=="function",o=typeof e.on=="function",i=typeof e.enroll=="function",a=typeof e.getContextHash=="function";return r&&n&&o&&i&&a}function Pn(t){return t?{externalUserId:t}:{}}var ut="mellon:open",Ce="mellon:open-request",H="mellon:close",q="mellon:success",dt="mellon:error",ct="mellon:start",Ie="mellon:cancelled",pt="mellon:fallback",mt="mellon:tab-change",Sr="mellon:context-ready";function gt(t,e,r,n){t.dispatchEvent(new CustomEvent(e,{detail:r,bubbles:n.bubbles,composed:n.composed}))}function ft(t){return t==="authenticate"?"login":t==="enroll"?"enroll":"register"}function ci(t){if(t==null||typeof t!="object")return;let e=t,r=e.userId;if(typeof r!="string"||r.length===0)return;let n={userId:r};return typeof e.externalUserId=="string"&&(n.externalUserId=e.externalUserId),typeof e.email=="string"&&(n.email=e.email),e.metadata!=null&&typeof e.metadata=="object"&&!Array.isArray(e.metadata)&&(n.metadata=e.metadata),n}function pi(t){return t!=null&&typeof t=="object"&&t.type==="start"&&(t.operation==="register"||t.operation==="authenticate"||t.operation==="enroll")}function mi(t){let e=t;return t!=null&&typeof t=="object"&&e.type==="success"&&typeof e.token=="string"&&(e.operation==="register"||e.operation==="authenticate"||e.operation==="enroll")}function gi(t){return t!=null&&typeof t=="object"&&t.type==="error"}function fi(t){return t!=null&&typeof t=="object"&&t.type==="cancelled"&&(t.operation==="register"||t.operation==="authenticate"||t.operation==="enroll")}var Tr={subscribe(t,e){if(t==null||e==null)throw new TypeError("eventBridgeAdapter.subscribe: core and host are required");let r=[],n="authenticate",o=!1,i=t.on("start",g=>{if(!pi(g))return;n=g.operation,o=!1;let f={operation:ft(g.operation),...typeof g.nonce=="string"&&{nonce:g.nonce}};gt(e,ct,f,{bubbles:!0,composed:!0})});r.push(i);let a=t.on("success",g=>{if(!mi(g)||o||g.token.length===0)return;o=!0;let f=ci(g.user),y={operation:ft(g.operation),token:g.token,...typeof g.nonce=="string"&&{nonce:g.nonce},...f!==void 0&&{user:f},...typeof g.redirectUrl=="string"&&{redirectUrl:g.redirectUrl}};gt(e,q,y,{bubbles:!1,composed:!0})});r.push(a);let u=t.on("error",g=>{if(!gi(g)||o)return;let f=g.error?.code??"UNKNOWN_ERROR",y=X(typeof f=="string"?f:String(f)),b={operation:ft(g.operation??n),code:y,message:typeof g.error?.message=="string"?g.error.message:"Unknown error",...typeof g.nonce=="string"&&{nonce:g.nonce}};gt(e,dt,b,{bubbles:!0,composed:!0})});r.push(u);let p=t.on("cancelled",g=>{if(!fi(g))return;let f={operation:ft(g.operation),...typeof g.nonce=="string"&&{nonce:g.nonce}};gt(e,Ie,f,{bubbles:!0,composed:!0})});return r.push(p),function(){for(let f of r)f()}}};function Un(t){return{isPasskeySupported:t.isPasskeySupported,platformAuthenticatorAvailable:t.platformAuthenticatorAvailable,recommendedFlow:t.recommendedFlow}}function hi(){return{getClientStatus:async()=>{let t=await Je();return Un(t)}}}function Bn(t){let e=t;if(typeof e.getStatus!="function")return hi();let r=e.getStatus;return{getClientStatus:async()=>{let n=await r();return Un(n)}}}function Fn(t){return new CustomEvent(ut,{detail:t,bubbles:!0,composed:!0})}function Kn(t){return new CustomEvent(H,{detail:t,bubbles:!0,composed:!0})}function Vn(t){return new CustomEvent(Ie,{detail:t,bubbles:!0,composed:!0})}function Hn(t){return new CustomEvent(pt,{detail:t,bubbles:!0,composed:!0})}function qn(t){return new CustomEvent(mt,{detail:t,bubbles:!0,composed:!0})}function Gn(t){return new CustomEvent(Sr,{detail:t,bubbles:!1,composed:!0})}var ht=class{_currentState=k;_lastRenderedState=null;_renderDirty=!0;_pendingOperation="authenticate";_currentNonce=void 0;_envEvalRequestId=0;get currentState(){return this._currentState}setState(e){this._currentState=e,this._renderDirty=!0}invalidateRender(){this._renderDirty=!0}consumeRenderDecision(){return!this._renderDirty&&this._currentState===this._lastRenderedState?!1:(this._lastRenderedState=this._currentState,this._renderDirty=!1,!0)}setPendingOperationFromTab(e){this._pendingOperation=e==="login"?"authenticate":"register"}get pendingOperation(){return this._pendingOperation}setNonce(e){this._currentNonce=e}consumeCancelledDetailIfAuthenticating(){if(this._currentState!=="AUTHENTICATING")return null;let e={operation:this._pendingOperation==="authenticate"?"login":this._pendingOperation,...this._currentNonce!==void 0&&{nonce:this._currentNonce}};return this._currentNonce=void 0,e}handleAuthSuccess(){let e=I.handleAuthOutcome(this._currentState,"success");e!==null&&this.setState(e)}handleAuthError(){let e=I.handleAuthOutcome(this._currentState,"error");e!==null&&this.setState(e)}handleEnrollSuccess(){let e=I.handleEnrollOutcome(this._currentState,"success");e!==null&&this.setState(e)}handleEnrollError(){let e=I.handleEnrollOutcome(this._currentState,"error");e!==null&&this.setState(e)}onStartEvent(e){e?.nonce!==void 0&&(this._currentNonce=e.nonce)}startAuthFromClick(e,r,n){if(!e||!Pr(this._currentState))return;this.setPendingOperationFromTab(r);let o=I.startAuth(this._currentState,r,e,n);this.setState(o)}startEnrollment(e,r){if(!e)return;let n=I.startEnrollment(this._currentState,e,r);this.setState(n)}async runEnvEval(e){let r=++this._envEvalRequestId;this.setState(I.envEvalStart(this._currentState));let n=await I.evaluateEnv({...e,currentState:this._currentState});return r!==this._envEvalRequestId?null:n}reset(){this._currentState=I.reset(this._currentState),this._lastRenderedState=null,this._renderDirty=!0,this._currentNonce=void 0}setStateForRender(e){this._currentState=e,this._renderDirty=!0}};var ie=class extends HTMLElement{_controller=new ht;_unsubscribeBridge=null;_core=null;_lastCoreConfig=null;setState(e){this._controller.setState(e),this.scheduleRenderIfNeeded()}invalidateRender(){this._controller.invalidateRender(),this.scheduleRenderIfNeeded()}scheduleRenderIfNeeded(){this.shadowRoot&&this._controller.consumeRenderDecision()&&this._render()}_emitCancelledIfAuthenticating(){let e=this._controller.consumeCancelledDetailIfAuthenticating();return e?(this.dispatchEvent(Vn(e)),!0):!1}attachCore(e){if(this._core!==null&&this._teardownCore(),e==null){this._core=null,this._controller.reset(),this.scheduleRenderIfNeeded();return}if(!wn(e))throw new Error("[trymellon-auth] attachCore requires a CoreAuthPort-compatible instance.");this._core=e,this._unsubscribeBridge=Tr.subscribe(this._core,this),this._attachHostListeners(),this._runEnvEval()}_teardownCore(){this._unsubscribeBridge?.(),this._unsubscribeBridge=null,this.removeEventListener("mellon:start",this._onMellonStart),this.removeEventListener("mellon:success",this._onMellonSuccess),this.removeEventListener("mellon:error",this._onMellonError),this._core=null}_attachHostListeners(){this.removeEventListener("mellon:start",this._onMellonStart),this.removeEventListener("mellon:success",this._onMellonSuccess),this.removeEventListener("mellon:error",this._onMellonError),this.addEventListener("mellon:start",this._onMellonStart),this.addEventListener("mellon:success",this._onMellonSuccess),this.addEventListener("mellon:error",this._onMellonError)}_onMellonSuccess=()=>{this._controller.currentState==="ENROLLING"?this._controller.handleEnrollSuccess():this._controller.handleAuthSuccess(),this.scheduleRenderIfNeeded()};_onMellonError=()=>{this._controller.currentState==="ENROLLING"?this._controller.handleEnrollError():this._controller.handleAuthError(),this.scheduleRenderIfNeeded()};_onMellonStart=e=>{let r=e.detail;this._controller.onStartEvent(r)};startAuthFromClick(){this._core&&this.canStartAuth()&&(this._controller.startAuthFromClick(this._core,this.getTabKind(),this.getCoreAuthOptions()),this.scheduleRenderIfNeeded())}dispatchFallback(e){let r=e!==void 0?{...this.getFallbackDetail(),fallbackType:e}:this.getFallbackDetail();this.dispatchEvent(Hn(r))}async _runEnvEval(){if(!this._core)return;let e={...this.getEnvEvalParams(),envStatusPort:Bn(this._core)},r=await this._controller.runEnvEval(e);r!==null&&(!this._core||!this.isConnected||this.setState(r))}_maybeAutoCreateCoreAndRunEnvEval(){if(this._core!==null)return;let e=this.getCoreConfig();if(!e)return;let r=vr(e);if(!r){this.attachCore(null);return}this.attachCore(r)}_reconcileCoreFromConfig(){let e=this.getCoreConfig();if(this._lastCoreConfig===null&&e===null||this._lastCoreConfig!==null&&e!==null&&this._lastCoreConfig.appId===e.appId&&this._lastCoreConfig.publishableKey===e.publishableKey)return;if(this._lastCoreConfig=e,e===null){this.attachCore(null);return}let n=vr(e);this.attachCore(n??null)}disconnectedCallback(){this._teardownCore()}get currentState(){return this._controller.currentState}reset(){this._emitCancelledIfAuthenticating(),this._controller.reset(),this.scheduleRenderIfNeeded()}setStateForRender(e){this._controller.setStateForRender(e),this.scheduleRenderIfNeeded()}};function Ei(t){if(t==null||t.trim()==="")return Q;let e=t.split(",").map(o=>o.trim()),r=e[0]??Q.register,n=e[1]??Q.login;return{register:r,login:n}}function Et(t){let e={open:Be(t.getAttribute("open")),mode:N(t.getAttribute("mode"),ue,De),tab:N(t.getAttribute("tab"),le,Ne),tabLabels:Ei(t.getAttribute("tab-labels")),theme:N(t.getAttribute("theme"),G,Y),sessionId:M(t.getAttribute("session-id")),onboardingUrl:M(t.getAttribute("onboarding-url")),isMobileOverride:Ur(t.getAttribute("is-mobile-override")),fallbackType:Br(t.getAttribute("fallback-type"),de),appId:W(t.getAttribute("app-id")),publishableKey:W(t.getAttribute("publishable-key")),appName:M(t.getAttribute("app-name")),dialogTitle:M(t.getAttribute("dialog-title")),dialogDescription:M(t.getAttribute("dialog-description")),externalUserId:M(t.getAttribute("external-user-id")),modalVariant:N(t.getAttribute("modal-variant"),me,Ue)};return Dt(e)}function bi(t){let e=t.querySelector(`.${ye}`);return e||(e=document.createElement("div"),e.className=ye,t.appendChild(e)),e}function yi(t){let e=t.querySelector(`.${z}`);return e||(e=document.createElement("div"),e.className=z,e.setAttribute("aria-hidden","true"),t.appendChild(e)),e}function _i(t){let e=t.querySelector(`.${_e}`);return e||(e=document.createElement("div"),e.className=_e,t.appendChild(e)),e}function Ri(t,e){t.setAttribute("role","dialog"),t.setAttribute("aria-modal",e==="modal"?"true":"false"),t.setAttribute("aria-labelledby",He),t.setAttribute("aria-describedby",Ae)}function Ai(t,e){let r=t.querySelector(`#${He}`);r||(r=document.createElement("h2"),r.id=He,r.className="mellon-dialog-title",t.insertBefore(r,t.firstChild));let n=e.dialogTitle?.trim()??(e.appName?.trim()?Kr(e.appName.trim()):Fr);r.textContent=n;let o=t.querySelector(`#${Ae}`);o||(o=document.createElement("p"),o.id=Ae,o.className="mellon-dialog-desc",t.insertBefore(o,r.nextSibling)),o.textContent=e.dialogDescription?.trim()??Vr}function vi(t){let e=t.querySelector(`.${Ht}`);e||(e=document.createElement("button"),e.type="button",e.className=Ht,e.setAttribute("aria-label",qr),e.setAttribute("data-mellon-modal-close","true"),e.textContent="\xD7",t.appendChild(e))}function Si(t,e){let r=t.querySelector(`.${Re}`);if(!r){r=document.createElement("div"),r.className=Re,r.setAttribute("role","tablist");let i=document.createElement("button");i.type="button",i.setAttribute("data-tab","register"),i.setAttribute("role","tab");let a=document.createElement("button");a.type="button",a.setAttribute("data-tab","login"),a.setAttribute("role","tab"),r.appendChild(i),r.appendChild(a);let u=t.querySelector(`#${Ae}`);t.insertBefore(r,u?u.nextSibling:t.firstChild)}let[n,o]=r.querySelectorAll("button");return n&&(n.textContent=e.register),o&&(o.textContent=e.login),r}function Cr(t){let e=t.querySelector(`.${Ft}`);if(!e){e=document.createElement("div"),e.className=Ft;let r=t.querySelector(`.${Re}`);t.insertBefore(e,r?r.nextSibling:t.firstChild)}return e}function Ti(){let t=document.createElementNS(F,"svg");t.setAttribute("viewBox","0 0 24 24"),t.setAttribute("aria-hidden","true"),t.setAttribute("class","mellon-qr-icon"),t.setAttribute("fill","currentColor");let e=document.createElementNS(F,"path");return e.setAttribute("d","M3 3h6v6H3V3zm2 2v2h2V5H5zm8-2h6v6h-6V3zm2 2v2h2V5h-2zM3 15h6v6H3v-6zm2 2v2h2v-2H5zm8-2h6v6h-6v-6zm2 2v2h2v-2h-2zm4-12h2v2h-2V5zm0 8h2v2h-2v-2zm-4 4h2v2h-2v-2zm0-8h2v2h-2V9zm0 4h2v2h-2v-2z"),t.appendChild(e),t}function jn(){let t=document.createDocumentFragment(),e=document.createElement("div");e.className=jr;let r=document.createElement("p");r.className="mellon-cross-device-cta-text",r.textContent=Gr,e.appendChild(r);let n=document.createElement("button");return n.type="button",n.className="mellon-btn mellon-btn-qr-icon",n.setAttribute("data-mellon-action",J),n.setAttribute("aria-label",Yr),n.appendChild(Ti()),e.appendChild(n),t.appendChild(e),t}function Ci(){let t=document.createElement("div");t.className=Wr,t.setAttribute("aria-live","polite");let e=document.createElement("span");e.textContent=Xr;let r=document.createElement("span");return r.className="mellon-qr-dots",r.setAttribute("aria-hidden","true"),t.appendChild(e),t.appendChild(r),t}function Ii(){let t=document.createElement("div");return t.className=$r,t.setAttribute("aria-live","polite"),t.textContent=Qr,t}function Li(t){let e=Cr(t),r=e.querySelector(`.${P}`);if(!r){r=document.createElement("div"),r.className=P,r.setAttribute("data-qr-area-state","default"),r.appendChild(Ci()),r.appendChild(Ii());let o=document.createElement("div");o.className=zr;let i=document.createElement("slot");i.name=K,i.appendChild(jn()),o.appendChild(i),r.appendChild(o),e.appendChild(r)}let n=r.querySelector(`slot[name="${K}"]`);if(!n){let o=document.createElement("slot");return o.name=K,o.appendChild(jn()),r.appendChild(o),o}return n}function Mi(t){let e=Cr(t);if(e.querySelector(`.${Vt}`))return;let r=document.createElement("div");r.className=Vt,r.setAttribute("aria-hidden","true");let n=document.createElement("span");n.className="mellon-separator-text",n.textContent=Hr,r.appendChild(n);let o=e.querySelector(`.${P}`);e.insertBefore(r,o?o.nextSibling:e.firstChild)}function Oi(t){let e=Cr(t),r=e.querySelector("slot:not([name])");if(!r){r=document.createElement("slot");let o=document.createElement("div");o.id=$,o.className="mellon-root",r.appendChild(o),e.appendChild(r)}let n=t.querySelector(`#${$}`);return n||(n=document.createElement("div"),n.id=$,n.className="mellon-root",r.appendChild(n)),n}function xi(t){let e=t.querySelector(`slot[name="${Kt}"]`);return e||(e=document.createElement("slot"),e.name=Kt,t.appendChild(e)),e}function ki(t,e){let r=t.querySelector(`.${Re}`);if(!r)return;let n=r.querySelector('[data-tab="register"]'),o=r.querySelector('[data-tab="login"]');n&&n.setAttribute("aria-selected",String(e==="register")),o&&o.setAttribute("aria-selected",String(e==="login"))}function Le(t,e){if(t==null||e==null)return;let r=bi(t);r.setAttribute("data-mellon-modal-variant",e.modalVariant),e.mode==="modal"&&yi(r);let n=_i(r);Ri(n,e.mode),Ai(n,e),vi(n),Si(n,e.tabLabels),Li(n),Mi(n),Oi(n),xi(n),ki(n,e.tab)}function Di(t){return!(t.hidden===!0||t.getAttribute("aria-hidden")==="true")}function Yn(t){return Array.from(t.querySelectorAll(rn)).filter(r=>Di(r))}function Wn(t){let e=null,r=null,n=!1;function o(u){if(u.key!=="Tab")return;let p=Yn(t);if(p.length===0)return;let g=u.target instanceof Node?u.target:null,f=g?p.indexOf(g):-1,y=p.length-1,b;u.shiftKey?b=f<=0?y:f-1:b=f>=y?0:f+1;let A=p[b];A&&(u.preventDefault(),A.focus())}function i(){if(n)return;e=document.activeElement;let p=Yn(t)[0];p&&p.focus(),r=o,t.addEventListener("keydown",r,!0),n=!0}function a(){if(!n)return;r&&(t.removeEventListener("keydown",r,!0),r=null),n=!1;let u=t.getRootNode()?.ownerDocument??document,p=e instanceof HTMLElement&&u.body.contains(e)?e:null;if(p)p.focus();else{let g=u.body,f=g.getAttribute("tabindex");g.setAttribute("tabindex","-1"),g.focus(),f===null?g.removeAttribute("tabindex"):g.setAttribute("tabindex",f)}e=null}return{activate:i,deactivate:a}}var $n=["app-id","publishable-key","mode","external-user-id","theme","action","trigger-only","button-variant","button-label","button-aria-label","ticket-id"],zn=["open","mode","tab","tab-labels","theme","session-id","onboarding-url","is-mobile-override","fallback-type","app-id","publishable-key","app-name","dialog-title","dialog-description","external-user-id","modal-variant","qr-load-timeout-ms"],bt={wrapper:`.${ye}`,overlay:`.${z}`,panel:`.${_e}`},Xn="user";var Ni={SUCCESS:{reason:"success"},AUTHENTICATING:{reason:"cancel"},ERROR:{reason:"error"}};function wi(t){return Ni[t]??{reason:Xn}}var yt=class extends ie{static get observedAttributes(){return[...zn]}_parsed=Et(this);_focusTrap=null;_unregisterInteractions=null;_generatedExternalUserId=null;_qrLoadTimeoutId=null;_qrSlotChangeBound=null;_boundEscapeKeydown=e=>{e.key==="Escape"&&this._parsed.open&&(e.preventDefault(),this.open=!1)};connectedCallback(){if(this.addEventListener("keydown",this._boundEscapeKeydown,!0),this.shadowRoot){this._registerInteractions(),this._core!==null&&this._unsubscribeBridge===null&&this.attachCore(this._core);return}let e=this.attachShadow({mode:"open"}),r=cn();if(r)e.adoptedStyleSheets=[r];else{let n=document.createElement("style");n.textContent=dn(),e.appendChild(n)}this._parsed=Et(this),Le(e,this._parsed),this._registerInteractions(),this._render(),this._applyModalVisibility(),this._maybeAutoCreateCoreAndRunEnvEval()}_registerInteractions(){this.shadowRoot&&(this._unregisterInteractions?.(),this._unregisterInteractions=an(this.shadowRoot,{onTabChange:e=>{this.dispatchEvent(qn({tab:e})),this.setAttribute("tab",e)},onPrimaryClick:()=>this.startAuthFromClick(),onFallbackClick:e=>this.dispatchFallback(e),onOverlayClick:()=>{this.open=!1},onCloseClick:()=>{this.open=!1}}))}attributeChangedCallback(e,r,n){if(this.shadowRoot){if(this._parsed=Et(this),e==="open"){if(this._parsed.open&&r!=="true"){this._clearCrossDeviceSlot();let o={timestamp:Date.now()};this.dispatchEvent(Fn(o)),this._startQrLoadWait()}if(!this._parsed.open){this._clearQrLoadWait(),this._transitionToIdle();return}}e==="tab"&&(this._emitCancelledIfAuthenticating(),this.setState(I.tabChange(this.currentState,this._parsed.tab))),(e==="app-id"||e==="publishable-key")&&this._reconcileCoreFromConfig(),Le(this.shadowRoot,this._parsed),this._render(),this._applyModalVisibility()}}_clearCrossDeviceSlot(){this.querySelectorAll(`[slot="${K}"]`).forEach(e=>e.remove())}_startQrLoadWait(){let e=this.shadowRoot;if(!e)return;let r=e.querySelector(`.${P}`),n=e.querySelector(`slot[name="${K}"]`);if(!r||!n)return;r.setAttribute("data-qr-area-state","waiting");let o=Math.max(1e3,parseInt(this.getAttribute("qr-load-timeout-ms")??String(12e3),10)||12e3);this._qrLoadTimeoutId=window.setTimeout(()=>{if(this._qrLoadTimeoutId=null,!this.shadowRoot)return;let a=this.shadowRoot.querySelector(`.${P}`);a?.getAttribute("data-qr-area-state")==="waiting"&&a.setAttribute("data-qr-area-state","timeout")},o);let i=()=>{if(n.assignedNodes().length>0){this._clearQrLoadWait();let a=this.shadowRoot?.querySelector(`.${P}`);a&&a.setAttribute("data-qr-area-state","loaded")}};this._qrSlotChangeBound=i,n.addEventListener("slotchange",i),n.assignedNodes().length>0&&i()}_clearQrLoadWait(){this._qrLoadTimeoutId!=null&&(clearTimeout(this._qrLoadTimeoutId),this._qrLoadTimeoutId=null);let e=this.shadowRoot;if(!e)return;let r=e.querySelector(`slot[name="${K}"]`);r&&this._qrSlotChangeBound&&(r.removeEventListener("slotchange",this._qrSlotChangeBound),this._qrSlotChangeBound=null);let n=e.querySelector(`.${P}`);n&&n.setAttribute("data-qr-area-state","default")}_transitionToIdle(){this._generatedExternalUserId=null;let r={reason:wi(this.currentState).reason,timestamp:Date.now()};this.dispatchEvent(Kn(r)),this._emitCancelledIfAuthenticating(),this.setState(I.reset(this.currentState)),this.shadowRoot&&(Le(this.shadowRoot,this._parsed),this.scheduleRenderIfNeeded(),this._applyModalVisibility())}get open(){return this._parsed.open}set open(e){this.setAttribute("open",e?"true":"false")}get mode(){return this._parsed.mode}set mode(e){this.setAttribute("mode",e)}get tab(){return this._parsed.tab}set tab(e){this.setAttribute("tab",e)}get tabLabels(){return`${this._parsed.tabLabels.register},${this._parsed.tabLabels.login}`}set tabLabels(e){e==null||e===""?this.removeAttribute("tab-labels"):this.setAttribute("tab-labels",e)}get theme(){return this._parsed.theme}set theme(e){this.setAttribute("theme",e)}get sessionId(){return this._parsed.sessionId}set sessionId(e){e==null?this.removeAttribute("session-id"):this.setAttribute("session-id",e)}get onboardingUrl(){return this._parsed.onboardingUrl}set onboardingUrl(e){e==null?this.removeAttribute("onboarding-url"):this.setAttribute("onboarding-url",e)}get isMobileOverride(){return this._parsed.isMobileOverride}set isMobileOverride(e){e==null?this.removeAttribute("is-mobile-override"):this.setAttribute("is-mobile-override",e?"true":"false")}get fallbackType(){return this._parsed.fallbackType}set fallbackType(e){e==null?this.removeAttribute("fallback-type"):this.setAttribute("fallback-type",e)}get appId(){return this._parsed.appId}set appId(e){this.setAttribute("app-id",e??"")}get publishableKey(){return this._parsed.publishableKey}set publishableKey(e){this.setAttribute("publishable-key",e??"")}get appName(){return this._parsed.appName}set appName(e){e==null?this.removeAttribute("app-name"):this.setAttribute("app-name",e)}get dialogTitle(){return this._parsed.dialogTitle}set dialogTitle(e){e==null?this.removeAttribute("dialog-title"):this.setAttribute("dialog-title",e)}get dialogDescription(){return this._parsed.dialogDescription}set dialogDescription(e){e==null?this.removeAttribute("dialog-description"):this.setAttribute("dialog-description",e)}get externalUserId(){return this._parsed.externalUserId}set externalUserId(e){e==null?this.removeAttribute("external-user-id"):this.setAttribute("external-user-id",e)}disconnectedCallback(){this._unregisterInteractions?.(),this._unregisterInteractions=null,this.removeEventListener("keydown",this._boundEscapeKeydown,!0),super.disconnectedCallback()}reset(){this._transitionToIdle()}getTabKind(){return this._parsed.tab}getCoreAuthOptions(){let e=this._resolveExternalUserId();return e?{externalUserId:e}:{}}_resolveExternalUserId(){let e=this._parsed.externalUserId?.trim();return e||(this.getTabKind()!=="register"?null:(this._generatedExternalUserId??=typeof crypto<"u"&&typeof crypto.randomUUID=="function"?crypto.randomUUID():null,this._generatedExternalUserId))}canStartAuth(){return!0}getEnvEvalParams(){return{mode:this._parsed.tab,isMobileOverride:this._parsed.isMobileOverride??void 0,fallbackType:this._parsed.fallbackType}}getCoreConfig(){return!this._parsed.appId||!this._parsed.publishableKey?null:{appId:this._parsed.appId,publishableKey:this._parsed.publishableKey}}getFallbackDetail(){return{operation:this._parsed.tab}}_applyModalVisibility(){if(!this.shadowRoot)return;let e=this.shadowRoot.querySelector(bt.wrapper);e&&(e.hidden=!this._parsed.open);let r=this.shadowRoot.querySelector(bt.overlay);r&&(r.hidden=this._parsed.mode!=="modal");let n=this.shadowRoot.querySelector(bt.panel);n&&n.setAttribute("aria-hidden",String(!this._parsed.open)),this._parsed.open&&e?(this._focusTrap||(this._focusTrap=Wn(e)),this._focusTrap.activate()):this._focusTrap?.deactivate()}_render(){if(!this.shadowRoot)return;Le(this.shadowRoot,this._parsed),this._applyModalVisibility();let e=wt(this.currentState,this._parsed,{registerSessionReady:this._parsed.tab==="register"?this.canStartAuth():void 0,primaryButtonLabel:Ut,primaryButtonAriaLabel:Bt}),r={shadowRoot:this.shadowRoot};en(r,e)}};var _t=class extends ie{static get observedAttributes(){return[...$n]}_parsed={...he};get ticketId(){let e=this._parsed.ticketId;return e===void 0?null:e}_internalModal=null;_focusRestoreTarget=null;_unregisterInteractions=null;_onInternalModalClose=()=>{this._internalModal&&(this._internalModal.open=!1),this._restoreFocusToTrigger()};_onInternalModalSuccess=e=>{let r=e;this.dispatchEvent(new CustomEvent(q,{detail:r.detail,bubbles:!1,composed:!0}))};_restoreFocusToTrigger(){let e=this._focusRestoreTarget;this._focusRestoreTarget=null,!(!e?.isConnected||typeof e.focus!="function")&&e.focus()}_emitContextReadyIfEnrollment(){!this._core||!this.ticketId||this.dispatchEvent(Gn({contextHash:this._core.getContextHash()}))}enroll(){let e=this.ticketId;!e||!this._core||this._controller.startEnrollment(this._core,{ticketId:e})}connectedCallback(){if(this.shadowRoot){this._registerInteractions(),this._core!==null&&this._unsubscribeBridge===null&&this.attachCore(this._core),this._emitContextReadyIfEnrollment(),this._syncInternalModalAttributes(),this._ensureInternalModal();return}let e=this.attachShadow({mode:"open"}),r=Yt();if(r)e.adoptedStyleSheets=[r];else{let n=document.createElement("style");n.textContent=Wt(),e.appendChild(n)}this._parsed=Pt(this),this._syncThemeAttribute(),this._registerInteractions(),this._render(),this._reconcileCoreFromConfig(),this._emitContextReadyIfEnrollment(),this._ensureInternalModal()}_registerInteractions(){this.shadowRoot&&(this._unregisterInteractions?.(),this._unregisterInteractions=sn(this.shadowRoot,{onPrimaryClick:()=>this._onPrimaryClick(),onFallbackClick:e=>this.dispatchFallback(e)}))}attributeChangedCallback(e,r,n){if(!this.shadowRoot)return;let o=this._parsed.mode;if(this._parsed=Pt(this),(e==="button-variant"||e==="theme")&&this.invalidateRender(),(e==="app-id"||e==="publishable-key")&&this._reconcileCoreFromConfig(),(e==="ticket-id"||e==="app-id"||e==="publishable-key")&&this._emitContextReadyIfEnrollment(),e==="mode"&&(this._parsed.mode==="register"||this._parsed.mode==="login")){let i=this._parsed.mode;o!==i&&(this._emitCancelledIfAuthenticating(),this.setState(I.tabChange(this.currentState,i)))}this._syncThemeAttribute(),this.scheduleRenderIfNeeded(),this._syncInternalModalAttributes(),this._ensureInternalModal()}_onPrimaryClick(){if(this._parsed.action==="open-modal"){this._focusRestoreTarget=document.activeElement instanceof Element?document.activeElement:null,this.dispatchEvent(new CustomEvent(Ce,{detail:{},bubbles:!0,composed:!0})),!this._parsed.triggerOnly&&this._internalModal&&(this._internalModal.open=!0);return}this.startAuthFromClick()}getTabKind(){return this._parsed.mode==="auto"?"login":this._parsed.mode}getCoreAuthOptions(){return Pn(this._parsed.externalUserId)}canStartAuth(){return!0}getEnvEvalParams(){return{mode:this._parsed.mode}}getCoreConfig(){return!this._parsed.appId||!this._parsed.publishableKey?null:{appId:this._parsed.appId,publishableKey:this._parsed.publishableKey}}getFallbackDetail(){let e=this._parsed.mode==="login"||this._parsed.mode==="register"?this._parsed.mode:void 0;return e!==void 0?{operation:e}:{}}_render(){if(!this.shadowRoot)return;let e=Nt(this.currentState,this._parsed,{registerSessionReady:this._parsed.mode==="register"?this.canStartAuth():void 0,primaryButtonLabel:this._parsed.buttonLabel??void 0,primaryButtonAriaLabel:this._parsed.buttonAriaLabel??void 0}),r={shadowRoot:this.shadowRoot};Zr(r,e)}_syncThemeAttribute(){this.getAttribute("theme")!==this._parsed.theme&&this.setAttribute("theme",this._parsed.theme)}_syncInternalModalAttributes(){if(!this._internalModal)return;this._internalModal.setAttribute("app-id",this._parsed.appId??""),this._internalModal.setAttribute("publishable-key",this._parsed.publishableKey??""),this._internalModal.setAttribute("theme",this._parsed.theme);let e=this._parsed.mode==="auto"?"login":this._parsed.mode;this._internalModal.setAttribute("tab",e),this._internalModal.setAttribute("modal-variant","minimal")}_ensureInternalModal(){if(this._parsed.action!=="open-modal"||!this.shadowRoot)return;if(this._parsed.triggerOnly){this._internalModal?.isConnected&&(this._internalModal.removeEventListener(H,this._onInternalModalClose),this._internalModal.remove(),this._internalModal=null);return}if(this._internalModal?.isConnected){this._syncInternalModalAttributes();return}let e=document.createElement("trymellon-auth-modal");this._internalModal=e,this._syncInternalModalAttributes(),e.addEventListener(H,this._onInternalModalClose),e.addEventListener(q,this._onInternalModalSuccess),typeof document<"u"&&document.body?document.body.appendChild(e):this.shadowRoot.appendChild(e)}disconnectedCallback(){this._unregisterInteractions?.(),this._unregisterInteractions=null,this._internalModal?.isConnected&&(this._internalModal.removeEventListener(H,this._onInternalModalClose),this._internalModal.removeEventListener(q,this._onInternalModalSuccess),this._internalModal.remove(),this._internalModal=null),super.disconnectedCallback()}};var id="0.1.0",Jn="trymellon-auth",Zn="trymellon-auth-modal";typeof customElements<"u"&&!customElements.get(Jn)&&customElements.define(Jn,_t);typeof customElements<"u"&&!customElements.get(Zn)&&customElements.define(Zn,yt);export{ve as BASE_STYLES,k as INITIAL_UI_STATE,Ie as MELLON_CANCELLED,H as MELLON_CLOSE,dt as MELLON_ERROR,pt as MELLON_FALLBACK,ut as MELLON_OPEN,Ce as MELLON_OPEN_REQUEST,ct as MELLON_START,q as MELLON_SUCCESS,mt as MELLON_TAB_CHANGE,Zn as TRYMELLON_AUTH_MODAL_TAG,Jn as TRYMELLON_AUTH_TAG,_t as TryMellonAuthElement,yt as TryMellonAuthModalElement,id as UI_VERSION,Yt as createConstructableStylesheet,Tr as eventBridgeAdapter,se as getNextState,Wt as getStylesFallback};
 //# sourceMappingURL=index.js.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@trymellon/js",
-  "version": "2.3.2",
+  "version": "2.3.4",
   "description": "SDK oficial de TryMellon para integrar autenticación passwordless con Passkeys / WebAuthn",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -91,7 +91,9 @@
     "node": ">=18.0.0"
   },
   "overrides": {
-    "flatted": ">=3.4.0"
+    "flatted": ">=3.4.2",
+    "picomatch": ">=4.0.4",
+    "minimatch": ">=3.1.4"
   },
   "browserslist": [
     ">0.5%",
@@ -116,7 +118,7 @@
     "eslint": "^9.0.0",
     "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-prettier": "^5.1.3",
-    "happy-dom": "^15.11.7",
+    "happy-dom": "^20.8.9",
     "jsdom": "^24.0.0",
     "prettier": "^3.2.5",
     "react": "^19.2.4",
@@ -130,9 +132,9 @@
     "vue": "^3.5.28"
   },
   "peerDependencies": {
+    "@angular/core": "^17.0.0 || ^18.0.0 || ^19.0.0",
     "react": "^18.0.0 || ^19.0.0",
-    "vue": "^3.3.0",
-    "@angular/core": "^17.0.0 || ^18.0.0 || ^19.0.0"
+    "vue": "^3.3.0"
   },
   "peerDependenciesMeta": {
     "react": {