face-verification-iyx 2.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Inocyx
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,94 @@
+# face-verification-iyx
+
+Browser-based face liveness verification SDK — challenge-based liveness, identity check (catches mid-session face swaps), and built-in collection of device, network, geolocation and risk metadata with a signed payload.
+
+## Install
+
+```bash
+npm install face-verification-iyx
+```
+
+## Use
+
+```html
+<script type="module">
+  import LivenessSDK from "face-verification-iyx";
+
+  const sdk = new LivenessSDK({
+    apiUrl: "https://your-backend.example/verify",
+    challengeCount: 3,
+    verifyingFor: "Rathish Kumar",
+    enableIPCollection: true,
+    enableGeolocation: true,
+    enableDeviceFingerprint: true,
+    onSuccess: (r) => console.log("verified", r),
+    onError:   (e) => console.error("failed", e),
+  });
+
+  await sdk.start();
+</script>
+```
+
+The SDK renders its own UI (circular camera, pulsing ring, live hints), runs three random liveness challenges (blink, head-left, head-right) plus a final straight-on hold, captures an image and a 3-second video, collects metadata, signs the payload, and POSTs it to `apiUrl`.
+
+## Config
+
+```ts
+interface LivenessConfig {
+  apiUrl?: string;
+  method?: "POST" | "PUT";
+  headers?: Record<string, string>;
+  body?: Record<string, any>;
+  imageFieldName?: string;       // enables multipart/form-data
+  videoFieldName?: string;       // enables multipart/form-data
+  challengeCount?: number;       // 1-3
+  ipResolverUrl?: string;        // tried first; falls back to public providers
+  enableGeolocation?: boolean;
+  enableIPCollection?: boolean;
+  enableDeviceFingerprint?: boolean;
+  verifyingFor?: string;         // shown in UI, included in payload
+  identityCheck?: boolean;       // continuous same-person check (default true)
+  onSuccess?: (r) => void;
+  onError?:   (e) => void;
+  onProgress?: (p) => void;
+  onChallengeStart?: (c) => void;
+  onChallengeComplete?: (c, passed) => void;
+}
+```
+
+## Payload your backend receives
+
+```json
+{
+  "session_id": "...",
+  "sdk_version": "2.0.0",
+  "verifying_for": "Rathish Kumar",
+  "face_image": "data:image/jpeg;base64,...",
+  "liveness_video": "data:video/webm;base64,...",
+  "location":      { "latitude": 0, "longitude": 0, "accuracy": 0, "timestamp": "ISO" },
+  "network":       { "ip_address": "", "ip_version": "IPv4", "user_agent": "", "timezone": "", "language": "" },
+  "device":        { "fingerprint": "sha256", "platform": "", "screen_resolution": "1920x1080@24", "hardware_concurrency": 8 },
+  "risk_analysis": { "vpn_detected": false, "proxy_detected": false, "mock_location_suspected": false, "risk_score": 0 },
+  "timestamp": "ISO",
+  "nonce": "32-byte hex",
+  "integrity_hash": "sha256(canonicalJSON(payload_minus_hash) + nonce)"
+}
+```
+
+Optional fields are **omitted** (not sent as null) when their `enable*` flag is `false`.
+
+## Security
+
+- 32-byte crypto-random nonce per session.
+- SHA-256 integrity hash over canonical (sorted-keys) JSON. Backend re-hashes to detect tampering.
+- Continuous face identity check via landmark geometry — flags mid-session person swaps.
+- HTTPS required in production (geolocation + MediaPipe ESM).
+
+## Browser support
+
+Modern evergreen browsers (Chrome 90+, Edge 90+, Firefox 88+, Safari 15+). Requires:
+camera permission, `MediaRecorder`, `crypto.subtle`, `RTCPeerConnection` (optional, for WebRTC leak check).
+
+## License
+
+MIT

package/dist/sdk.d.ts

@@ -0,0 +1,85 @@
+export interface LivenessConfig {
+  apiUrl?: string;
+  method?: "POST" | "PUT";
+  headers?: Record<string, string>;
+  body?: Record<string, any>;
+  imageFieldName?: string;
+  videoFieldName?: string;
+  challengeCount?: number;
+  ipResolverUrl?: string;
+  enableGeolocation?: boolean;
+  enableIPCollection?: boolean;
+  enableDeviceFingerprint?: boolean;
+  // Extras (not in strict LivenessConfig but accepted)
+  verifyingFor?: string;
+  userName?: string;
+  identityCheck?: boolean;
+  challengeTimeout?: number;
+  debug?: boolean;
+  theme?: Partial<ThemeConfig>;
+  onSuccess?: (result: LivenessResult) => void;
+  onError?: (error: LivenessError) => void;
+  onProgress?: (progress: ProgressEvent) => void;
+  onChallengeStart?: (challenge: ChallengeEvent) => void;
+  onChallengeComplete?: (challenge: ChallengeEvent, passed: boolean) => void;
+}
+
+export interface ThemeConfig {
+  primary: string; success: string; error: string;
+  bg: string; text: string; muted: string;
+}
+
+export interface ChallengeEvent {
+  type: "blink" | "head_left" | "head_right" | "center";
+  sequenceNumber: number;
+  totalSequence?: number;
+}
+
+export interface ProgressEvent {
+  stage: string;
+  progress: number;
+  message: string;
+  timestamp: number;
+}
+
+export interface LivenessError extends Error {
+  code: string;
+  details?: any;
+  recoverable: boolean;
+}
+
+export interface LivenessPayload {
+  session_id: string;
+  sdk_version: string;
+  verifying_for: string | null;
+  face_image: string;
+  liveness_video: string | null;
+  location?: { latitude: number; longitude: number; accuracy: number; timestamp: string };
+  network?: { ip_address: string | null; ip_version: "IPv4" | "IPv6" | null; user_agent: string; timezone: string; language: string };
+  device?: { fingerprint: string; platform: string; screen_resolution: string; hardware_concurrency: number };
+  risk_analysis?: { vpn_detected: boolean; proxy_detected: boolean; mock_location_suspected: boolean; risk_score: number };
+  timestamp: string;
+  nonce: string;
+  integrity_hash: string;
+}
+
+export interface LivenessResult {
+  success: boolean;
+  sessionId: string;
+  verifiedFor: string | null;
+  timestamp: number;
+  payload: LivenessPayload;
+  apiResponse: any;
+}
+
+export const VERSION: string;
+
+export default class LivenessSDK {
+  constructor(config?: LivenessConfig);
+  start(): Promise<LivenessResult>;
+  stop(): void;
+  destroy(): void;
+  getSessionId(): string;
+}
+
+export { LivenessSDK };

package/dist/sdk.esm.js

@@ -0,0 +1,751 @@
+/**
+ * Advanced Liveness SDK - Production ESM Build (v2.0)
+ * Real face detection (MediaPipe) + 3 challenges + final straight-on hold,
+ * identity check, network/device/geo collectors, risk analysis,
+ * 3-second liveness video, signed payload, multipart or JSON transport.
+ */
+import {
+  FilesetResolver,
+  FaceLandmarker,
+} from "https://cdn.jsdelivr.net/npm/@mediapipe/tasks-vision@0.10.9/vision_bundle.mjs";
+
+const VERSION = "2.0.0";
+const STAGES = { INITIALIZING:"initializing", REQUESTING_PERMISSIONS:"requesting_permissions", SETTING_UP_CAMERA:"setting_up_camera", DETECTING_FACE:"detecting_face", RUNNING_ACTIVE_LIVENESS:"running_active_liveness", COLLECTING_METADATA:"collecting_metadata", CAPTURING_IMAGE:"capturing_image", UPLOADING:"uploading", COMPLETED:"completed" };
+const CHALLENGE_DEFS = {
+  blink:      { title: "Blink your eyes", hint: "Blink naturally a couple of times" },
+  head_left:  { title: "Turn left",        hint: "Slowly turn your head to the left" },
+  head_right: { title: "Turn right",       hint: "Slowly turn your head to the right" },
+  center:     { title: "Look straight",    hint: "Face the camera and hold still" },
+};
+const POOL = ["blink", "head_left", "head_right"];
+const IDENTITY_DRIFT_THRESHOLD = 0.30;
+const BASELINE_FRAMES = 6;
+const IDENTITY_YAW_MAX = 12;
+const IDENTITY_PITCH_MAX = 12;
+const SIGNATURE_LANDMARKS = [1, 33, 263, 61, 291, 199, 234, 454, 10, 152, 168, 6, 197, 132, 361];
+const IP_PROVIDERS = [
+  { url: "https://api.ipify.org?format=json", parse: (d) => ({ ip: d.ip }) },
+  { url: "https://ipapi.co/json/", parse: (d) => ({ ip: d.ip, org: d.org, timezone: d.timezone, country: d.country_name }) },
+  { url: "https://www.cloudflare.com/cdn-cgi/trace", parse: (t) => { const m = {}; String(t).split("\n").forEach(l => { const [k,v] = l.split("="); if (k) m[k]=v; }); return { ip: m.ip, country: m.loc }; } },
+];
+
+class LivenessSDK {
+  constructor(config = {}) {
+    this.config = {
+      apiUrl: config.apiUrl || null,
+      method: config.method || "POST",
+      headers: { ...(config.headers || {}) },
+      body: { ...(config.body || {}) },
+      imageFieldName: config.imageFieldName || null,
+      videoFieldName: config.videoFieldName || null,
+      challengeCount: Math.max(1, Math.min(3, config.challengeCount || 3)),
+      ipResolverUrl: config.ipResolverUrl || null,
+      enableGeolocation: config.enableGeolocation !== false,
+      enableIPCollection: config.enableIPCollection !== false,
+      enableDeviceFingerprint: config.enableDeviceFingerprint !== false,
+      // extras (not in strict LivenessConfig but useful)
+      verifyingFor: config.verifyingFor || config.userName || null,
+      identityCheck: config.identityCheck !== false,
+      challengeTimeout: config.challengeTimeout || 15000,
+      debug: !!config.debug,
+      theme: { primary:"#667eea", success:"#22c55e", error:"#ef4444", bg:"#ffffff", text:"#222222", muted:"#888888", ...(config.theme || {}) },
+      onSuccess: config.onSuccess || (() => {}),
+      onError: config.onError || (() => {}),
+      onProgress: config.onProgress || (() => {}),
+      onChallengeStart: config.onChallengeStart || (() => {}),
+      onChallengeComplete: config.onChallengeComplete || (() => {}),
+    };
+    this.sessionId = this._newSessionId();
+    this._state = this._freshState();
+    if (this.config.debug) console.log("[LivenessSDK]", "initialized", { sessionId: this.sessionId, version: VERSION });
+  }
+
+  _newSessionId() { return "sess_" + Date.now() + "_" + Math.random().toString(36).slice(2, 10); }
+  _freshState() {
+    const keep = this._state && this._state.landmarker;
+    return {
+      landmarker: keep || null, stream: null, video: null, rafId: null,
+      running: false, currentChallenge: null, challengeState: {},
+      capturedImage: null, livenessVideoBlob: null,
+      mediaRecorder: null, recordedChunks: [],
+      identitySignature: null, identityBaselineSamples: [], identityMatched: true,
+    };
+  }
+
+  async start() {
+    if (this._state.running) throw this._err("UNKNOWN_ERROR", "Verification already in progress");
+    this._state.running = true;
+    try {
+      this._buildUI();
+      this._showLoading("Loading face detection...");
+      this._progress(STAGES.INITIALIZING, 5, "Initializing");
+      await this._loadLandmarker();
+      this._progress(STAGES.SETTING_UP_CAMERA, 20, "Model loaded");
+      this._showLoading("Starting camera...");
+      this._progress(STAGES.REQUESTING_PERMISSIONS, 30, "Requesting camera permission");
+      await this._initCamera();
+      this._progress(STAGES.SETTING_UP_CAMERA, 40, "Camera ready");
+      this._showChallengeView();
+      this._progress(STAGES.RUNNING_ACTIVE_LIVENESS, 45, "Starting challenges");
+
+      const challenges = this._generateChallenges();
+      const completed = [];
+      for (let i = 0; i < challenges.length; i++) {
+        const ch = challenges[i];
+        this._state.currentChallenge = ch;
+        this._state.challengeState = { holdFrames: 0, blinkClosed: false, blinkCount: 0 };
+        this._setChallengeUI(ch, i, challenges.length);
+        this.config.onChallengeStart({ type: ch, sequenceNumber: i + 1, totalSequence: challenges.length });
+
+        // Start 3s video recording when entering the final "center" challenge
+        if (ch === "center") this._startVideoRecording();
+
+        const ok = await this._waitForChallenge(ch, this.config.challengeTimeout);
+        completed.push({ type: ch, completed: ok });
+        this.config.onChallengeComplete({ type: ch, sequenceNumber: i + 1 }, ok);
+        if (!ok) {
+          if (!this._state.identityMatched) throw this._err("IDENTITY_MISMATCH", "Different person detected. The same person must complete the entire verification.");
+          throw this._err("CHALLENGE_TIMEOUT", "Could not complete \"" + ch + "\" in time");
+        }
+        this._flashSuccess();
+        await this._sleep(700);
+      }
+
+      this._progress(STAGES.CAPTURING_IMAGE, 70, "Verifying identity");
+      if (!this._verifyFinalIdentity()) throw this._err("IDENTITY_MISMATCH", "Different person detected at capture. The same person must complete the entire verification.");
+
+      this._progress(STAGES.CAPTURING_IMAGE, 75, "Capturing image");
+      this._state.capturedImage = this._captureImage();
+      this._state.livenessVideoBlob = await this._stopVideoRecording();
+
+      this._showLoading("Collecting metadata...");
+      this._progress(STAGES.COLLECTING_METADATA, 82, "Collecting metadata");
+      const network = this.config.enableIPCollection ? await this._collectNetwork() : null;
+      const geolocation = this.config.enableGeolocation ? await this._collectGeolocation() : null;
+      const device = this.config.enableDeviceFingerprint ? await this._collectDevice() : null;
+      const risk_analysis = await this._analyzeRisk(network, geolocation);
+
+      this._progress(STAGES.UPLOADING, 90, "Building payload");
+      const payload = await this._buildPayload({ network, geolocation, device, risk_analysis });
+
+      let apiResponse = null;
+      if (this.config.apiUrl) {
+        this._showLoading("Verifying...");
+        this._progress(STAGES.UPLOADING, 95, "Uploading");
+        apiResponse = await this._postToApi(payload);
+      }
+      this._progress(STAGES.COMPLETED, 100, "Completed");
+
+      const result = {
+        success: true,
+        sessionId: this.sessionId,
+        verifiedFor: this.config.verifyingFor || null,
+        timestamp: Date.now(),
+        payload,
+        apiResponse,
+      };
+      const successTitle = this.config.verifyingFor ? "Verified - " + this.config.verifyingFor : "Verified";
+      this._showSuccess(successTitle, "You're all set.");
+      this.config.onSuccess(result);
+      return result;
+    } catch (error) {
+      const err = error && error.code ? error : this._err("UNKNOWN_ERROR", (error && error.message) || String(error));
+      this._showError(err.message || "Verification failed");
+      this.config.onError(err);
+      throw err;
+    } finally {
+      this._state.running = false;
+      this._stopDetectionLoop();
+      this._stopStream();
+    }
+  }
+
+  stop() { this._state.running = false; this._stopDetectionLoop(); this._stopStream(); this._removeUI(); }
+  destroy() { this.stop(); if (this._state.landmarker && this._state.landmarker.close) { try { this._state.landmarker.close(); } catch (_) {} } this._state.landmarker = null; }
+  getSessionId() { return this.sessionId; }
+
+  async _retry() {
+    this._stopDetectionLoop(); this._stopStream(); this._removeUI();
+    this._state = this._freshState();
+    this.sessionId = this._newSessionId();
+    try { await this.start(); } catch (_) {}
+  }
+
+  async _loadLandmarker() {
+    if (this._state.landmarker) return;
+    const fileset = await FilesetResolver.forVisionTasks("https://cdn.jsdelivr.net/npm/@mediapipe/tasks-vision@0.10.9/wasm");
+    this._state.landmarker = await FaceLandmarker.createFromOptions(fileset, {
+      baseOptions: { modelAssetPath: "https://storage.googleapis.com/mediapipe-models/face_landmarker/face_landmarker/float16/1/face_landmarker.task", delegate: "GPU" },
+      outputFaceBlendshapes: true, outputFacialTransformationMatrixes: true, runningMode: "VIDEO", numFaces: 1,
+    });
+  }
+
+  async _initCamera() {
+    try {
+      this._state.stream = await navigator.mediaDevices.getUserMedia({ video: { width:{ ideal:640 }, height:{ ideal:480 }, facingMode:"user" }, audio: false });
+    } catch (e) { throw this._err("CAMERA_PERMISSION_DENIED", "Camera permission denied or unavailable"); }
+    const video = this._state.video;
+    video.srcObject = this._state.stream;
+    await new Promise((r) => (video.onloadedmetadata = r));
+    await video.play();
+  }
+
+  _generateChallenges() {
+    const pool = [...POOL]; const out = [];
+    const n = Math.min(this.config.challengeCount, pool.length);
+    while (out.length < n && pool.length > 0) {
+      const idx = Math.floor(Math.random() * pool.length);
+      out.push(pool.splice(idx, 1)[0]);
+    }
+    out.push("center");
+    return out;
+  }
+
+  _waitForChallenge(type, timeoutMs) {
+    return new Promise((resolve) => {
+      let resolved = false;
+      const timer = setTimeout(() => { if (!resolved) { resolved = true; this._stopDetectionLoop(); resolve(false); } }, timeoutMs);
+      const loop = () => {
+        if (!this._state.running) return;
+        const video = this._state.video;
+        if (video && video.readyState >= 2 && this._state.landmarker) {
+          try {
+            const res = this._state.landmarker.detectForVideo(video, performance.now());
+            if (!this._state.identityMatched) { resolved = true; clearTimeout(timer); this._stopDetectionLoop(); resolve(false); return; }
+            if (this._evaluate(res, type) && !resolved) { resolved = true; clearTimeout(timer); this._stopDetectionLoop(); resolve(true); return; }
+          } catch (_) {}
+        }
+        this._state.rafId = requestAnimationFrame(loop);
+      };
+      this._state.rafId = requestAnimationFrame(loop);
+    });
+  }
+
+  _evaluate(res, type) {
+    if (!res.faceLandmarks || res.faceLandmarks.length === 0) { this._setHint("Position your face in the circle", "warn"); return false; }
+    if (res.faceLandmarks.length > 1) { this._setHint("Only one face should be visible", "warn"); return false; }
+    const landmarks = res.faceLandmarks[0];
+    const bs = {};
+    const cats = (res.faceBlendshapes && res.faceBlendshapes[0] && res.faceBlendshapes[0].categories) || [];
+    cats.forEach((c) => (bs[c.categoryName] = c.score));
+    const matrix = res.facialTransformationMatrixes && res.facialTransformationMatrixes[0] && res.facialTransformationMatrixes[0].data;
+    let yaw = 0, pitch = 0;
+    if (matrix) {
+      yaw = -(Math.atan2(-matrix[8], matrix[0]) * 180) / Math.PI;
+      pitch = (Math.asin(Math.max(-1, Math.min(1, matrix[9]))) * 180) / Math.PI;
+    }
+
+    if (this.config.identityCheck && Math.abs(yaw) < IDENTITY_YAW_MAX && Math.abs(pitch) < IDENTITY_PITCH_MAX) {
+      const sig = this._computeSignature(landmarks);
+      if (sig) {
+        if (!this._state.identitySignature) {
+          this._state.identityBaselineSamples.push(sig);
+          if (this._state.identityBaselineSamples.length >= BASELINE_FRAMES) {
+            this._state.identitySignature = this._averageSignatures(this._state.identityBaselineSamples);
+            this._state.identityBaselineSamples = [];
+          }
+        } else {
+          const drift = this._signatureDistance(this._state.identitySignature, sig);
+          if (drift > IDENTITY_DRIFT_THRESHOLD) {
+            this._state.identityMatched = false;
+            this._setHint("Same person must complete all steps", "warn");
+            return false;
+          }
+        }
+      }
+    }
+
+    const st = this._state.challengeState;
+    switch (type) {
+      case "blink": {
+        const closed = ((bs.eyeBlinkLeft || 0) + (bs.eyeBlinkRight || 0)) / 2 > 0.5;
+        if (closed && !st.blinkClosed) st.blinkClosed = true;
+        else if (!closed && st.blinkClosed) {
+          st.blinkClosed = false; st.blinkCount++;
+          if (st.blinkCount >= 2) return true;
+          this._setHint("Good - blink " + st.blinkCount + "/2", "ok");
+        } else if (st.blinkCount === 0) this._setHint(CHALLENGE_DEFS.blink.hint);
+        return false;
+      }
+      case "head_left":
+        if (yaw > 18) { st.holdFrames++; this._setHint("Almost there...", "ok"); }
+        else { st.holdFrames = 0; this._setHint(CHALLENGE_DEFS.head_left.hint); }
+        return st.holdFrames >= 3;
+      case "head_right":
+        if (yaw < -18) { st.holdFrames++; this._setHint("Almost there...", "ok"); }
+        else { st.holdFrames = 0; this._setHint(CHALLENGE_DEFS.head_right.hint); }
+        return st.holdFrames >= 3;
+      case "center": {
+        const centered = Math.abs(yaw) < 10 && Math.abs(pitch) < 12;
+        if (centered) { st.holdFrames++; this._setHint("Hold still...", "ok"); }
+        else { st.holdFrames = 0; this._setHint(CHALLENGE_DEFS.center.hint); }
+        return st.holdFrames >= 8;
+      }
+    }
+    return false;
+  }
+
+  _captureImage() {
+    const video = this._state.video;
+    const canvas = document.createElement("canvas");
+    canvas.width = video.videoWidth; canvas.height = video.videoHeight;
+    const ctx = canvas.getContext("2d");
+    ctx.translate(canvas.width, 0); ctx.scale(-1, 1);
+    ctx.drawImage(video, 0, 0);
+    return canvas.toDataURL("image/jpeg", 0.85);
+  }
+
+  // ---- Video recording (final ~3s during center challenge) ----
+  _startVideoRecording() {
+    if (!this._state.stream || typeof MediaRecorder === "undefined") return;
+    try {
+      const mimeType = MediaRecorder.isTypeSupported("video/webm;codecs=vp8") ? "video/webm;codecs=vp8" : "video/webm";
+      const mr = new MediaRecorder(this._state.stream, { mimeType, videoBitsPerSecond: 600000 });
+      this._state.recordedChunks = [];
+      mr.ondataavailable = (e) => { if (e.data && e.data.size > 0) this._state.recordedChunks.push(e.data); };
+      mr.start(250);
+      this._state.mediaRecorder = mr;
+    } catch (_) { this._state.mediaRecorder = null; }
+  }
+
+  _stopVideoRecording() {
+    return new Promise((resolve) => {
+      const mr = this._state.mediaRecorder;
+      if (!mr) return resolve(null);
+      mr.onstop = () => {
+        const blob = new Blob(this._state.recordedChunks, { type: mr.mimeType || "video/webm" });
+        resolve(blob);
+      };
+      try { mr.stop(); } catch (_) { resolve(null); }
+    });
+  }
+
+  // ---- Identity signature ----
+  _computeSignature(landmarks) {
+    if (!landmarks || landmarks.length < 200) return null;
+    const pts = SIGNATURE_LANDMARKS.map((i) => landmarks[i]).filter(Boolean);
+    if (pts.length < SIGNATURE_LANDMARKS.length) return null;
+    const left = landmarks[33], right = landmarks[263];
+    const ioD = Math.hypot(right.x - left.x, right.y - left.y) || 1;
+    const sig = [];
+    for (let i = 0; i < pts.length; i++) for (let j = i + 1; j < pts.length; j++) sig.push(Math.hypot(pts[i].x - pts[j].x, pts[i].y - pts[j].y) / ioD);
+    return sig;
+  }
+  _averageSignatures(sigs) {
+    if (!sigs || sigs.length === 0) return null;
+    const n = sigs[0].length; const avg = new Array(n).fill(0);
+    for (let i = 0; i < sigs.length; i++) for (let j = 0; j < n; j++) avg[j] += sigs[i][j];
+    for (let j = 0; j < n; j++) avg[j] /= sigs.length;
+    return avg;
+  }
+  _signatureDistance(a, b) {
+    if (!a || !b || a.length !== b.length) return 1;
+    let sum = 0; for (let i = 0; i < a.length; i++) { const d = a[i] - b[i]; sum += d * d; }
+    return Math.sqrt(sum / a.length);
+  }
+  _verifyFinalIdentity() {
+    if (!this.config.identityCheck) return true;
+    if (!this._state.identityMatched) return false;
+    if (!this._state.landmarker || !this._state.video) return true;
+    if (!this._state.identitySignature) return true;
+    try {
+      const res = this._state.landmarker.detectForVideo(this._state.video, performance.now());
+      if (!res.faceLandmarks || res.faceLandmarks.length !== 1) return false;
+      const sig = this._computeSignature(res.faceLandmarks[0]);
+      if (!sig) return true;
+      return this._signatureDistance(this._state.identitySignature, sig) <= IDENTITY_DRIFT_THRESHOLD;
+    } catch (_) { return true; }
+  }
+
+  // ---- Collectors ----
+  async _fetchWithTimeout(url, ms = 5000) {
+    const ctrl = new AbortController();
+    const t = setTimeout(() => ctrl.abort(), ms);
+    try {
+      const r = await fetch(url, { signal: ctrl.signal });
+      if (!r.ok) throw new Error("HTTP " + r.status);
+      const ct = r.headers.get("content-type") || "";
+      return ct.includes("application/json") ? await r.json() : await r.text();
+    } finally { clearTimeout(t); }
+  }
+
+  async _collectNetwork() {
+    const tz = (Intl.DateTimeFormat().resolvedOptions().timeZone) || "";
+    const lang = navigator.language || (navigator.languages && navigator.languages[0]) || "";
+    const ua = navigator.userAgent || "";
+    let ip = null, org = null, geoCountry = null, providerTz = null;
+    const providers = this.config.ipResolverUrl
+      ? [{ url: this.config.ipResolverUrl, parse: (d) => (typeof d === "object" ? { ip: d.ip || d.address || null, org: d.org, timezone: d.timezone, country: d.country } : { ip: String(d).trim() }) }, ...IP_PROVIDERS]
+      : IP_PROVIDERS;
+    for (const p of providers) {
+      try {
+        const data = await this._fetchWithTimeout(p.url, 5000);
+        const parsed = p.parse(data);
+        if (parsed && parsed.ip) {
+          ip = parsed.ip; org = parsed.org || null; geoCountry = parsed.country || null; providerTz = parsed.timezone || null;
+          break;
+        }
+      } catch (_) { /* try next */ }
+    }
+    const ipVersion = ip && ip.includes(":") ? "IPv6" : ip ? "IPv4" : null;
+    return { ipAddress: ip, ipVersion, userAgent: ua, timezone: tz, language: lang, _org: org, _providerTimezone: providerTz, _country: geoCountry };
+  }
+
+  _collectGeolocation() {
+    return new Promise((resolve) => {
+      if (!navigator.geolocation) return resolve(null);
+      const opts = { enableHighAccuracy: true, timeout: 10000, maximumAge: 60000 };
+      navigator.geolocation.getCurrentPosition(
+        (pos) => resolve({ latitude: pos.coords.latitude, longitude: pos.coords.longitude, accuracy: pos.coords.accuracy, timestamp: new Date(pos.timestamp).toISOString() }),
+        () => resolve(null),
+        opts,
+      );
+    });
+  }
+
+  async _collectDevice() {
+    const screenRes = (screen.width || 0) + "x" + (screen.height || 0) + "@" + (screen.colorDepth || 0);
+    const platform = navigator.platform || "";
+    const tz = (Intl.DateTimeFormat().resolvedOptions().timeZone) || "";
+    const lang = navigator.language || "";
+    const hwc = navigator.hardwareConcurrency || 0;
+    const touch = navigator.maxTouchPoints || 0;
+    const canvasFp = this._canvasFingerprint();
+    const webglFp = this._webglFingerprint();
+    let mediaDevices = { audioInputs: 0, videoInputs: 0, audioOutputs: 0 };
+    try {
+      const list = await navigator.mediaDevices.enumerateDevices();
+      mediaDevices = {
+        audioInputs: list.filter(d => d.kind === "audioinput").length,
+        videoInputs: list.filter(d => d.kind === "videoinput").length,
+        audioOutputs: list.filter(d => d.kind === "audiooutput").length,
+      };
+    } catch (_) {}
+    const raw = [navigator.userAgent, platform, screenRes, tz, lang, hwc, touch, canvasFp, webglFp, JSON.stringify(mediaDevices)].join("|");
+    const fingerprint = await this._sha256(raw);
+    return { fingerprint, platform, screen_resolution: screenRes, hardware_concurrency: hwc, _canvasFp: canvasFp, _webglFp: webglFp, _mediaDevices: mediaDevices, _maxTouchPoints: touch };
+  }
+
+  _canvasFingerprint() {
+    try {
+      const c = document.createElement("canvas"); c.width = 200; c.height = 50;
+      const ctx = c.getContext("2d");
+      ctx.textBaseline = "top"; ctx.font = "14px Arial";
+      ctx.fillStyle = "#f60"; ctx.fillRect(125, 1, 62, 20);
+      ctx.fillStyle = "#069"; ctx.fillText("Liveness-FP-1.0", 2, 15);
+      ctx.fillStyle = "rgba(102,204,0,0.7)"; ctx.fillText("Liveness-FP-1.0", 4, 17);
+      return c.toDataURL().slice(-100);
+    } catch (_) { return "na"; }
+  }
+
+  _webglFingerprint() {
+    try {
+      const c = document.createElement("canvas");
+      const gl = c.getContext("webgl") || c.getContext("experimental-webgl");
+      if (!gl) return "na";
+      const dbg = gl.getExtension("WEBGL_debug_renderer_info");
+      const vendor = dbg ? gl.getParameter(dbg.UNMASKED_VENDOR_WEBGL) : gl.getParameter(gl.VENDOR);
+      const renderer = dbg ? gl.getParameter(dbg.UNMASKED_RENDERER_WEBGL) : gl.getParameter(gl.RENDERER);
+      return (vendor || "") + "|" + (renderer || "");
+    } catch (_) { return "na"; }
+  }
+
+  async _sha256(str) {
+    try {
+      const buf = new TextEncoder().encode(str);
+      const hash = await crypto.subtle.digest("SHA-256", buf);
+      return Array.from(new Uint8Array(hash)).map(b => b.toString(16).padStart(2, "0")).join("");
+    } catch (_) { return String(str.length) + "_fallback"; }
+  }
+
+  // ---- Risk analysis (browser-only heuristics) ----
+  async _analyzeRisk(network, geo) {
+    let vpn_detected = false;
+    let proxy_detected = false;
+    let mock_location_suspected = false;
+    let timezone_mismatch = false;
+    let risk_score = 0;
+    const flags = [];
+
+    if (network && network._providerTimezone && network.timezone && network._providerTimezone !== network.timezone) {
+      timezone_mismatch = true;
+      vpn_detected = true; // strong VPN/proxy indicator
+      risk_score += 35;
+      flags.push({ type: "TIMEZONE_MISMATCH", severity: "high", description: "Browser timezone differs from IP-derived timezone" });
+    }
+
+    if (network && network._org && /amazon|aws|azure|google cloud|digitalocean|linode|ovh|hetzner|hosting|datacenter|vpn|proxy/i.test(network._org)) {
+      vpn_detected = true;
+      risk_score += 30;
+      flags.push({ type: "DATACENTER_IP", severity: "medium", description: "IP belongs to a hosting/datacenter ASN: " + network._org });
+    }
+
+    if (geo && geo.accuracy && geo.accuracy > 10000) {
+      mock_location_suspected = true;
+      risk_score += 10;
+      flags.push({ type: "LOW_GPS_ACCURACY", severity: "low", description: "GPS accuracy > 10km" });
+    }
+
+    // WebRTC leak check (proxy indicator) - best effort
+    try {
+      const localIp = await this._probeWebRTC(2000);
+      if (localIp && network && network.ipAddress && localIp !== network.ipAddress && /^(10\.|192\.168\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)/.test(localIp) === false) {
+        proxy_detected = true;
+        risk_score += 15;
+        flags.push({ type: "WEBRTC_PUBLIC_LEAK", severity: "medium", description: "WebRTC reveals different public IP" });
+      }
+    } catch (_) {}
+
+    if (risk_score > 100) risk_score = 100;
+    return { vpn_detected, proxy_detected, mock_location_suspected, timezone_mismatch, risk_score, flags };
+  }
+
+  _probeWebRTC(timeoutMs = 2000) {
+    return new Promise((resolve) => {
+      try {
+        const pc = new RTCPeerConnection({ iceServers: [{ urls: "stun:stun.l.google.com:19302" }] });
+        let resolved = false;
+        const done = (val) => { if (!resolved) { resolved = true; try { pc.close(); } catch(_) {} resolve(val); } };
+        pc.createDataChannel("p");
+        pc.onicecandidate = (e) => {
+          if (!e.candidate || !e.candidate.candidate) return;
+          const m = e.candidate.candidate.match(/(\d+\.\d+\.\d+\.\d+|[a-f0-9:]+:[a-f0-9:]+)/i);
+          if (m) done(m[1]);
+        };
+        pc.createOffer().then(o => pc.setLocalDescription(o)).catch(() => done(null));
+        setTimeout(() => done(null), timeoutMs);
+      } catch (_) { resolve(null); }
+    });
+  }
+
+  // ---- Payload + transport ----
+  async _buildPayload({ network, geolocation, device, risk_analysis }) {
+    const nonce = this._nonce();
+    const sessionPayload = {
+      session_id: this.sessionId,
+      sdk_version: VERSION,
+      verifying_for: this.config.verifyingFor || null,
+      face_image: this._state.capturedImage,
+      liveness_video: this._state.livenessVideoBlob ? await this._blobToBase64(this._state.livenessVideoBlob) : null,
+      timestamp: new Date().toISOString(),
+      nonce,
+    };
+    if (geolocation) sessionPayload.location = {
+      latitude: geolocation.latitude, longitude: geolocation.longitude,
+      accuracy: geolocation.accuracy, timestamp: geolocation.timestamp,
+    };
+    if (network) sessionPayload.network = {
+      ip_address: network.ipAddress || null,
+      ip_version: network.ipVersion || null,
+      user_agent: network.userAgent || "",
+      timezone: network.timezone || "",
+      language: network.language || "",
+    };
+    if (device) sessionPayload.device = {
+      fingerprint: device.fingerprint, platform: device.platform,
+      screen_resolution: device.screen_resolution, hardware_concurrency: device.hardware_concurrency,
+    };
+    if (risk_analysis) sessionPayload.risk_analysis = {
+      vpn_detected: risk_analysis.vpn_detected, proxy_detected: risk_analysis.proxy_detected,
+      mock_location_suspected: risk_analysis.mock_location_suspected, risk_score: risk_analysis.risk_score,
+    };
+    // Integrity hash over canonical payload (excluding the hash itself)
+    sessionPayload.integrity_hash = await this._sha256(this._canonical(sessionPayload) + nonce);
+    // Merge integrator body extras (last so they can override metadata if needed)
+    Object.assign(sessionPayload, this.config.body);
+    return sessionPayload;
+  }
+
+  _canonical(obj) {
+    const keys = Object.keys(obj).filter(k => k !== "integrity_hash").sort();
+    const out = {};
+    for (const k of keys) out[k] = obj[k];
+    return JSON.stringify(out);
+  }
+
+  _nonce() {
+    const arr = new Uint8Array(32);
+    crypto.getRandomValues(arr);
+    return Array.from(arr).map(b => b.toString(16).padStart(2, "0")).join("");
+  }
+
+  async _blobToBase64(blob) {
+    return new Promise((resolve, reject) => {
+      const r = new FileReader();
+      r.onloadend = () => resolve(r.result);
+      r.onerror = reject;
+      r.readAsDataURL(blob);
+    });
+  }
+
+  async _postToApi(payload) {
+    const useMultipart = !!(this.config.imageFieldName || this.config.videoFieldName);
+    let body, headers = { ...this.config.headers };
+    if (useMultipart) {
+      const fd = new FormData();
+      // Attach image as blob
+      if (this.config.imageFieldName && payload.face_image) {
+        const imgBlob = await (await fetch(payload.face_image)).blob();
+        fd.append(this.config.imageFieldName, imgBlob, "face.jpg");
+      }
+      // Attach video as blob
+      if (this.config.videoFieldName && this._state.livenessVideoBlob) {
+        fd.append(this.config.videoFieldName, this._state.livenessVideoBlob, "liveness.webm");
+      }
+      // Strip media from JSON-side payload to avoid duplication
+      const meta = { ...payload };
+      if (this.config.imageFieldName) delete meta.face_image;
+      if (this.config.videoFieldName) delete meta.liveness_video;
+      fd.append("metadata", JSON.stringify(meta));
+      body = fd;
+      // Let browser set Content-Type with boundary
+      delete headers["Content-Type"]; delete headers["content-type"];
+    } else {
+      headers["Content-Type"] = headers["Content-Type"] || "application/json";
+      body = JSON.stringify(payload);
+    }
+    try {
+      const r = await fetch(this.config.apiUrl, { method: this.config.method, headers, body });
+      if (!r.ok) throw this._err("UPLOAD_FAILED", "API returned " + r.status);
+      try { return await r.json(); } catch (_) { return null; }
+    } catch (e) { if (e && e.code) throw e; throw this._err("NETWORK_ERROR", "Could not reach verification server"); }
+  }
+
+  _stopDetectionLoop() { if (this._state.rafId) { cancelAnimationFrame(this._state.rafId); this._state.rafId = null; } }
+  _stopStream() { if (this._state.stream) { this._state.stream.getTracks().forEach((t) => t.stop()); this._state.stream = null; } }
+
+  // ---- UI ----
+  _buildUI() {
+    if (this._ui) return;
+    const t = this.config.theme;
+    const style = document.createElement("style");
+    style.id = "liveness-sdk-styles";
+    style.textContent = this._css(t);
+    document.head.appendChild(style);
+    const subtitle = this.config.verifyingFor ? "Verifying for <strong>" + this._escape(this.config.verifyingFor) + "</strong>" : "";
+    const overlay = document.createElement("div");
+    overlay.className = "lvs-overlay";
+    overlay.innerHTML = this._html(subtitle);
+    document.body.appendChild(overlay);
+    this._ui = {
+      style, overlay,
+      modal: overlay.querySelector(".lvs-modal"),
+      closeBtn: overlay.querySelector(".lvs-close"),
+      loadingView: overlay.querySelector(".lvs-loading-view"),
+      loadingText: overlay.querySelector(".lvs-loading-text"),
+      challengeView: overlay.querySelector(".lvs-challenge-view"),
+      ring: overlay.querySelector(".lvs-ring"),
+      titleEl: overlay.querySelector(".lvs-title"),
+      hintEl: overlay.querySelector(".lvs-hint"),
+      dotsEl: overlay.querySelector(".lvs-dots"),
+      resultView: overlay.querySelector(".lvs-result-view"),
+      resultIcon: overlay.querySelector(".lvs-result-icon"),
+      resultTitle: overlay.querySelector(".lvs-result-title"),
+      resultMsg: overlay.querySelector(".lvs-result-msg"),
+      resultBtn: overlay.querySelector(".lvs-result-btn"),
+      retryBtn: overlay.querySelector(".lvs-retry-btn"),
+    };
+    this._state.video = overlay.querySelector(".lvs-video");
+    this._ui.closeBtn.addEventListener("click", () => this._handleClose());
+    this._ui.resultBtn.addEventListener("click", () => this._removeUI());
+    this._ui.retryBtn.addEventListener("click", () => this._retry());
+  }
+
+  _css(t) {
+    return ".lvs-overlay{position:fixed;inset:0;background:rgba(20,22,30,.6);display:flex;align-items:center;justify-content:center;z-index:999999;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;backdrop-filter:blur(4px)}"
+      + ".lvs-modal{background:" + t.bg + ";border-radius:16px;padding:32px 28px;max-width:420px;width:92%;box-shadow:0 24px 60px rgba(0,0,0,.25);text-align:center;position:relative;box-sizing:border-box}"
+      + ".lvs-modal *{box-sizing:border-box}"
+      + ".lvs-close{position:absolute;top:12px;right:12px;background:none;border:none;font-size:22px;color:#aaa;cursor:pointer;width:32px;height:32px;border-radius:50%;display:flex;align-items:center;justify-content:center;line-height:1}"
+      + ".lvs-close:hover{background:#f0f0f0;color:#666}"
+      + ".lvs-header{font-size:16px;color:" + t.text + ";font-weight:600;margin-bottom:4px}"
+      + ".lvs-subtitle{font-size:12px;color:" + t.muted + ";margin-bottom:18px;min-height:14px}"
+      + ".lvs-subtitle strong{color:" + t.text + ";font-weight:600}"
+      + ".lvs-camera-wrap{position:relative;width:220px;height:220px;margin:0 auto 22px}"
+      + ".lvs-ring{position:absolute;inset:0;border-radius:50%;pointer-events:none}"
+      + ".lvs-ring::before,.lvs-ring::after{content:'';position:absolute;inset:0;border-radius:50%;border:3px solid " + t.primary + ";box-sizing:border-box}"
+      + ".lvs-ring::before{animation:lvs-pulse 1.8s ease-out infinite}"
+      + ".lvs-ring::after{opacity:.4;animation:lvs-pulse 1.8s ease-out infinite;animation-delay:.9s}"
+      + ".lvs-ring.success::before,.lvs-ring.success::after{border-color:" + t.success + ";animation:lvs-flash .5s ease-out}"
+      + ".lvs-ring.idle::before,.lvs-ring.idle::after{animation:none;opacity:.3}"
+      + "@keyframes lvs-pulse{0%{transform:scale(1);opacity:.9}100%{transform:scale(1.18);opacity:0}}"
+      + "@keyframes lvs-flash{0%{transform:scale(1);opacity:1}50%{transform:scale(1.12);opacity:.8}100%{transform:scale(1);opacity:1}}"
+      + ".lvs-circle{width:200px;height:200px;border-radius:50%;background:#000;margin:10px;overflow:hidden;position:relative}"
+      + ".lvs-video{width:100%;height:100%;object-fit:cover;transform:scaleX(-1)}"
+      + ".lvs-title{font-size:20px;color:" + t.text + ";font-weight:600;margin-bottom:6px}"
+      + ".lvs-hint{font-size:13px;color:" + t.muted + ";min-height:18px;transition:color .2s}"
+      + ".lvs-hint.ok{color:" + t.success + "}"
+      + ".lvs-hint.warn{color:#f59e0b}"
+      + ".lvs-dots{display:flex;gap:6px;justify-content:center;margin-top:18px}"
+      + ".lvs-dot{width:7px;height:7px;border-radius:50%;background:#dfe2e8;transition:all .3s}"
+      + ".lvs-dot.active{background:" + t.primary + ";transform:scale(1.25)}"
+      + ".lvs-dot.done{background:" + t.success + "}"
+      + ".lvs-loading{display:flex;flex-direction:column;align-items:center;gap:14px;padding:30px 0}"
+      + ".lvs-spinner{width:36px;height:36px;border:3px solid #eee;border-top-color:" + t.primary + ";border-radius:50%;animation:lvs-spin .8s linear infinite}"
+      + "@keyframes lvs-spin{to{transform:rotate(360deg)}}"
+      + ".lvs-loading p{font-size:13px;color:" + t.muted + ";margin:0}"
+      + ".lvs-result-icon{width:72px;height:72px;margin:0 auto 18px;border-radius:50%;display:flex;align-items:center;justify-content:center;font-size:36px;color:#fff;font-weight:bold}"
+      + ".lvs-result-icon.success{background:" + t.success + "}"
+      + ".lvs-result-icon.error{background:" + t.error + "}"
+      + ".lvs-result-title{font-size:20px;color:" + t.text + ";font-weight:600;margin-bottom:6px}"
+      + ".lvs-result-msg{font-size:13px;color:" + t.muted + ";margin-bottom:22px}"
+      + ".lvs-btn{width:100%;padding:12px;border:none;border-radius:8px;font-size:14px;font-weight:600;cursor:pointer;background:" + t.primary + ";color:#fff;margin-top:8px}"
+      + ".lvs-btn:first-of-type{margin-top:0}"
+      + ".lvs-btn:hover{opacity:.9}"
+      + ".lvs-btn-secondary{background:#f3f4f6;color:" + t.text + "}"
+      + ".lvs-btn-secondary:hover{background:#e5e7eb;opacity:1}";
+  }
+
+  _html(subtitle) {
+    return '<div class="lvs-modal">'
+      + '<button class="lvs-close" aria-label="Close">&times;</button>'
+      + '<div class="lvs-header">Identity Verification</div>'
+      + '<div class="lvs-subtitle">' + subtitle + '</div>'
+      + '<div class="lvs-loading-view lvs-loading"><div class="lvs-spinner"></div><p class="lvs-loading-text">Loading...</p></div>'
+      + '<div class="lvs-challenge-view" style="display:none">'
+        + '<div class="lvs-camera-wrap">'
+          + '<div class="lvs-ring idle"></div>'
+          + '<div class="lvs-circle"><video class="lvs-video" autoplay playsinline muted></video></div>'
+        + '</div>'
+        + '<div class="lvs-title">Get ready</div>'
+        + '<div class="lvs-hint">Position your face in the circle</div>'
+        + '<div class="lvs-dots"></div>'
+      + '</div>'
+      + '<div class="lvs-result-view" style="display:none">'
+        + '<div class="lvs-result-icon success">&#10003;</div>'
+        + '<div class="lvs-result-title">Verified</div>'
+        + '<div class="lvs-result-msg">All set.</div>'
+        + '<button class="lvs-btn lvs-retry-btn" style="display:none">Try Again</button>'
+        + '<button class="lvs-btn lvs-btn-secondary lvs-result-btn">Close</button>'
+      + '</div>'
+    + '</div>';
+  }
+
+  _handleClose() { this._state.running = false; this._stopDetectionLoop(); this._stopStream(); this._removeUI(); }
+  _removeUI() { if (!this._ui) return; this._ui.overlay.remove(); this._ui.style.remove(); this._ui = null; }
+  _showLoading(msg) { if (!this._ui) return; this._ui.loadingText.textContent = msg; this._ui.loadingView.style.display = "flex"; this._ui.challengeView.style.display = "none"; this._ui.resultView.style.display = "none"; }
+  _showChallengeView() { if (!this._ui) return; this._ui.loadingView.style.display = "none"; this._ui.challengeView.style.display = "block"; this._ui.resultView.style.display = "none"; }
+  _setChallengeUI(type, index, total) {
+    if (!this._ui) return;
+    const def = CHALLENGE_DEFS[type];
+    this._ui.titleEl.textContent = def.title;
+    this._setHint(def.hint);
+    this._ui.ring.className = "lvs-ring";
+    this._ui.dotsEl.innerHTML = "";
+    for (let i = 0; i < total; i++) {
+      const d = document.createElement("div");
+      d.className = "lvs-dot" + (i < index ? " done" : i === index ? " active" : "");
+      this._ui.dotsEl.appendChild(d);
+    }
+  }
+  _setHint(text, kind) { if (!this._ui) return; this._ui.hintEl.textContent = text; this._ui.hintEl.className = "lvs-hint" + (kind ? " " + kind : ""); }
+  _flashSuccess() { if (!this._ui) return; this._ui.ring.className = "lvs-ring success"; this._setHint("Great!", "ok"); }
+  _showSuccess(title, msg) { if (!this._ui) return; this._ui.loadingView.style.display = "none"; this._ui.challengeView.style.display = "none"; this._ui.resultView.style.display = "block"; this._ui.resultIcon.className = "lvs-result-icon success"; this._ui.resultIcon.innerHTML = "&#10003;"; this._ui.resultTitle.textContent = title; this._ui.resultMsg.textContent = msg; this._ui.retryBtn.style.display = "none"; }
+  _showError(msg) { if (!this._ui) return; this._ui.loadingView.style.display = "none"; this._ui.challengeView.style.display = "none"; this._ui.resultView.style.display = "block"; this._ui.resultIcon.className = "lvs-result-icon error"; this._ui.resultIcon.innerHTML = "&times;"; this._ui.resultTitle.textContent = "Verification failed"; this._ui.resultMsg.textContent = msg || "Please try again"; this._ui.retryBtn.style.display = "block"; }
+  _progress(stage, progress, message) { try { this.config.onProgress({ stage, progress, message, timestamp: Date.now() }); } catch (_) {} }
+  _err(code, message, details) { const e = new Error(message); e.code = code; e.details = details; e.recoverable = code !== "BROWSER_NOT_SUPPORTED"; return e; }
+  _sleep(ms) { return new Promise((r) => setTimeout(r, ms)); }
+  _escape(str) { return String(str).replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;"); }
+}
+
+export default LivenessSDK;
+export { LivenessSDK, VERSION };

package/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "face-verification-iyx",
+  "version": "2.0.0",
+  "description": "Browser face liveness verification SDK — challenge-based liveness, identity check, device/network/risk metadata, signed payload.",
+  "type": "module",
+  "main": "./dist/sdk.esm.js",
+  "module": "./dist/sdk.esm.js",
+  "types": "./dist/sdk.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/sdk.esm.js",
+      "types": "./dist/sdk.d.ts"
+    }
+  },
+  "files": [
+    "dist/sdk.esm.js",
+    "dist/sdk.d.ts",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "prepublishOnly": "node -e \"require('fs').accessSync('dist/sdk.esm.js')\"",
+    "publish:public": "npm publish --access public"
+  },
+  "keywords": [
+    "face-liveness",
+    "liveness-detection",
+    "face-verification",
+    "biometric",
+    "identity-verification",
+    "anti-spoofing",
+    "browser",
+    "sdk",
+    "mediapipe",
+    "kyc"
+  ],
+  "author": "Inocyx",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/rathish64/face-auth-sdk.git"
+  },
+  "homepage": "https://github.com/rathish64/face-auth-sdk.git",
+  "engines": {
+    "node": ">=18"
+  },
+  "sideEffects": false
+}