ksef-client-ts 0.6.0 → 0.6.1

package/dist/index.cjs

@@ -977,7 +977,9 @@ function isValidVatUe(value) {
   return VatUe.test(value);
 }
 function isValidNipVatUe(value) {
-  return NipVatUe.test(value);
+  if (!NipVatUe.test(value)) return false;
+  const nip = value.split("-")[0];
+  return isValidNip(nip);
 }
 function isValidInternalId(value) {
   return InternalId.test(value);
@@ -2990,6 +2992,32 @@ var init_online_session = __esm({
   }
 });
 
+// src/utils/concurrency.ts
+async function runWithConcurrency(tasks, parallelism) {
+  if (tasks.length === 0) return;
+  const limit = Math.max(1, Math.min(parallelism, tasks.length));
+  const controller = new AbortController();
+  let index = 0;
+  const workers = Array.from({ length: limit }, async () => {
+    while (index < tasks.length && !controller.signal.aborted) {
+      const current = index;
+      index += 1;
+      try {
+        await tasks[current](controller.signal);
+      } catch (err) {
+        controller.abort();
+        throw err;
+      }
+    }
+  });
+  await Promise.all(workers);
+}
+var init_concurrency = __esm({
+  "src/utils/concurrency.ts"() {
+    "use strict";
+  }
+});
+
 // src/services/batch-session.ts
 var BatchSessionService;
 var init_batch_session = __esm({
@@ -2998,6 +3026,7 @@ var init_batch_session = __esm({
     init_ksef_feature();
     init_rest_request();
     init_routes();
+    init_concurrency();
     BatchSessionService = class {
       restClient;
       constructor(restClient) {
@@ -3011,12 +3040,10 @@ var init_batch_session = __esm({
         const response = await this.restClient.execute(req);
         return response.body;
       }
-      async sendParts(openResponse, parts) {
-        const uploadRequests = openResponse.partUploadRequests;
-        const tasks = parts.map(async (part) => {
-          const uploadReq = uploadRequests.find(
-            (r) => r.ordinalNumber === part.ordinalNumber
-          );
+      async sendParts(openResponse, parts, parallelism) {
+        const uploadMap = new Map(openResponse.partUploadRequests.map((r) => [r.ordinalNumber, r]));
+        const tasks = parts.map((part) => async (signal) => {
+          const uploadReq = uploadMap.get(part.ordinalNumber);
           if (!uploadReq) {
             throw new Error(`No upload request found for part ${part.ordinalNumber}`);
           }
@@ -3024,25 +3051,38 @@ var init_batch_session = __esm({
           for (const [k, v] of Object.entries(uploadReq.headers)) {
             if (v != null) headers[k] = v;
           }
-          await fetch(uploadReq.url, {
+          const resp = await fetch(uploadReq.url, {
             method: uploadReq.method,
             headers,
-            body: part.data
+            body: part.data,
+            signal
           });
+          if (!resp.ok) {
+            const body = await resp.text().catch(() => "");
+            throw new Error(
+              `Upload failed for part ${part.ordinalNumber}: HTTP ${resp.status}${body ? ` \u2014 ${body}` : ""}`
+            );
+          }
         });
-        await Promise.all(tasks);
+        if (parallelism !== void 0) {
+          await runWithConcurrency(tasks, parallelism);
+        } else {
+          const ac = new AbortController();
+          await Promise.all(tasks.map((t) => t(ac.signal).catch((err) => {
+            ac.abort();
+            throw err;
+          })));
+        }
       }
       /**
-       * Upload parts sequentially (not in parallel) because each part uses a
-       * streaming body (`duplex: 'half'`). Parallel streaming uploads can cause
-       * backpressure issues and exceed memory limits for large payloads.
+       * Upload parts using streaming bodies (`duplex: 'half'`).
+       * By default uploads sequentially to avoid backpressure issues.
+       * Pass `parallelism` to enable bounded concurrent uploads.
        */
-      async sendPartsWithStream(openResponse, parts) {
-        const uploadRequests = openResponse.partUploadRequests;
-        for (const part of parts) {
-          const uploadReq = uploadRequests.find(
-            (r) => r.ordinalNumber === part.ordinalNumber
-          );
+      async sendPartsWithStream(openResponse, parts, parallelism) {
+        const uploadMap = new Map(openResponse.partUploadRequests.map((r) => [r.ordinalNumber, r]));
+        const uploadPart = async (part, signal) => {
+          const uploadReq = uploadMap.get(part.ordinalNumber);
           if (!uploadReq) {
             throw new Error(`No upload request found for part ${part.ordinalNumber}`);
           }
@@ -3054,11 +3094,23 @@ var init_batch_session = __esm({
             method: uploadReq.method,
             headers,
             body: part.dataStream,
+            signal,
             // @ts-expect-error -- Node 18+ undici supports duplex for streaming body
             duplex: "half"
           });
           if (!resp.ok) {
-            throw new Error(`Upload failed for part ${part.ordinalNumber}: HTTP ${resp.status}`);
+            const body = await resp.text().catch(() => "");
+            throw new Error(
+              `Upload failed for part ${part.ordinalNumber}: HTTP ${resp.status}${body ? ` \u2014 ${body}` : ""}`
+            );
+          }
+        };
+        if (parallelism !== void 0) {
+          await runWithConcurrency(parts.map((p) => (signal) => uploadPart(p, signal)), parallelism);
+        } else {
+          const { signal } = new AbortController();
+          for (const part of parts) {
+            await uploadPart(part, signal);
           }
         }
       }
@@ -3171,7 +3223,10 @@ var init_invoice_download = __esm({
       async getInvoice(ksefNumber) {
         const req = RestRequest.get(Routes.Invoices.byKsefNumber(ksefNumber));
         const response = await this.restClient.executeRaw(req);
-        return new TextDecoder().decode(response.body);
+        return {
+          xml: new TextDecoder().decode(response.body),
+          hash: response.headers.get("x-ms-meta-hash") ?? void 0
+        };
       }
       async queryInvoiceMetadata(filters, pageOffset, pageSize, sortOrder) {
         const req = RestRequest.post(Routes.Invoices.queryMetadata).body(filters);
@@ -4433,6 +4488,72 @@ var init_zip = __esm({
   }
 });
 
+// src/offline/holidays.ts
+function toDateKey(d) {
+  return d.toISOString().slice(0, 10);
+}
+function dateKey(year, month, day) {
+  return toDateKey(new Date(Date.UTC(year, month - 1, day)));
+}
+function addDays(d, n) {
+  const result = new Date(d);
+  result.setUTCDate(result.getUTCDate() + n);
+  return result;
+}
+function computeEasterSunday(year) {
+  const a = year % 19;
+  const b = Math.floor(year / 100);
+  const c = year % 100;
+  const d = Math.floor(b / 4);
+  const e = b % 4;
+  const f = Math.floor((b + 8) / 25);
+  const g = Math.floor((b - f + 1) / 3);
+  const h = (19 * a + b - d - g + 15) % 30;
+  const i = Math.floor(c / 4);
+  const k = c % 4;
+  const l = (32 + 2 * e + 2 * i - h - k) % 7;
+  const m = Math.floor((a + 11 * h + 22 * l) / 451);
+  const month = Math.floor((h + l - 7 * m + 114) / 31);
+  const day = (h + l - 7 * m + 114) % 31 + 1;
+  return new Date(Date.UTC(year, month - 1, day));
+}
+function getPolishHolidays(year) {
+  const cached = holidayCache.get(year);
+  if (cached) return cached;
+  const easter = computeEasterSunday(year);
+  const holidays = /* @__PURE__ */ new Set([
+    // Fixed
+    dateKey(year, 1, 1),
+    dateKey(year, 1, 6),
+    dateKey(year, 5, 1),
+    dateKey(year, 5, 3),
+    dateKey(year, 8, 15),
+    dateKey(year, 11, 1),
+    dateKey(year, 11, 11),
+    dateKey(year, 12, 25),
+    dateKey(year, 12, 26),
+    // Wigilia — added by Dz.U. 2024 poz. 1965, effective from 2025
+    ...year >= 2025 ? [dateKey(year, 12, 24)] : [],
+    // Moveable
+    toDateKey(easter),
+    toDateKey(addDays(easter, 1)),
+    toDateKey(addDays(easter, 49)),
+    toDateKey(addDays(easter, 60))
+  ]);
+  holidayCache.set(year, holidays);
+  return holidays;
+}
+function isPolishHoliday(date) {
+  return getPolishHolidays(date.getUTCFullYear()).has(toDateKey(date));
+}
+var holidayCache;
+var init_holidays = __esm({
+  "src/offline/holidays.ts"() {
+    "use strict";
+    holidayCache = /* @__PURE__ */ new Map();
+  }
+});
+
 // src/offline/deadline.ts
 function getDefaultReason(mode) {
   switch (mode) {
@@ -4449,7 +4570,7 @@ function getDefaultReason(mode) {
 function nextBusinessDay(from) {
   const d = new Date(from);
   d.setUTCDate(d.getUTCDate() + 1);
-  while (d.getUTCDay() === 0 || d.getUTCDay() === 6) {
+  while (d.getUTCDay() === 0 || d.getUTCDay() === 6 || isPolishHoliday(d)) {
     d.setUTCDate(d.getUTCDate() + 1);
   }
   return d;
@@ -4462,7 +4583,7 @@ function addBusinessDays(from, days) {
   let remaining = days;
   while (remaining > 0) {
     d.setUTCDate(d.getUTCDate() + 1);
-    if (d.getUTCDay() !== 0 && d.getUTCDay() !== 6) {
+    if (d.getUTCDay() !== 0 && d.getUTCDay() !== 6 && !isPolishHoliday(d)) {
       remaining--;
     }
   }
@@ -4528,16 +4649,17 @@ var FAR_FUTURE;
 var init_deadline = __esm({
   "src/offline/deadline.ts"() {
     "use strict";
+    init_holidays();
     FAR_FUTURE = /* @__PURE__ */ new Date("9999-12-31T23:59:59Z");
   }
 });
 
 // src/workflows/offline-invoice-workflow.ts
-var import_node_crypto2, OfflineInvoiceWorkflow;
+var import_node_crypto3, OfflineInvoiceWorkflow;
 var init_offline_invoice_workflow = __esm({
   "src/workflows/offline-invoice-workflow.ts"() {
     "use strict";
-    import_node_crypto2 = __toESM(require("crypto"), 1);
+    import_node_crypto3 = __toESM(require("crypto"), 1);
     init_ksef_api_error();
     init_deadline();
     init_document_structures();
@@ -4557,7 +4679,7 @@ var init_offline_invoice_workflow = __esm({
         }
         const mode = options?.mode ?? "offline24";
         const reason = getDefaultReason(mode);
-        const invoiceHashBase64 = import_node_crypto2.default.createHash("sha256").update(input.invoiceXml).digest("base64");
+        const invoiceHashBase64 = import_node_crypto3.default.createHash("sha256").update(input.invoiceXml).digest("base64");
         const kod1Url = this.qrService.buildInvoiceVerificationUrl(
           input.sellerNip,
           input.invoiceDate,
@@ -4576,7 +4698,7 @@ var init_offline_invoice_workflow = __esm({
         }
         const submitBy = options?.customDeadline ? typeof options.customDeadline === "string" ? options.customDeadline : options.customDeadline.toISOString() : calculateOfflineDeadline(mode, input.invoiceDate, options?.maintenanceWindow).toISOString();
         const metadata = {
-          id: import_node_crypto2.default.randomUUID(),
+          id: import_node_crypto3.default.randomUUID(),
           mode,
           reason,
           status: "GENERATED",
@@ -4732,7 +4854,7 @@ var init_offline_invoice_workflow = __esm({
             original.status === "CORRECTED" ? `Invoice ${rejectedInvoiceId} has already been corrected (by ${original.correctedBy})` : `Only rejected invoices can be corrected (current status: ${original.status})`
           );
         }
-        const originalHash = import_node_crypto2.default.createHash("sha256").update(original.invoiceXml).digest("base64");
+        const originalHash = import_node_crypto3.default.createHash("sha256").update(original.invoiceXml).digest("base64");
         await client.crypto.init();
         const encData = client.crypto.getEncryptionData();
         const formCode = options.formCode ?? DEFAULT_FORM_CODE;
@@ -4745,9 +4867,9 @@ var init_offline_invoice_workflow = __esm({
           const plainMeta = client.crypto.getFileMetadata(data);
           const encrypted = client.crypto.encryptAES256(data, encData.cipherKey, encData.cipherIv);
           const encMeta = client.crypto.getFileMetadata(encrypted);
-          const correctionId = import_node_crypto2.default.randomUUID();
+          const correctionId = import_node_crypto3.default.randomUUID();
           const submittedAt = (/* @__PURE__ */ new Date()).toISOString();
-          const correctedHashBase64 = import_node_crypto2.default.createHash("sha256").update(correctedInvoiceXml).digest("base64");
+          const correctedHashBase64 = import_node_crypto3.default.createHash("sha256").update(correctedInvoiceXml).digest("base64");
           const kod1Url = this.qrService.buildInvoiceVerificationUrl(
             original.sellerNip,
             original.invoiceDate,
@@ -4902,6 +5024,7 @@ var init_client = __esm({
       qr;
       options;
       authManager;
+      _baseRestClientConfig;
       _offline;
       constructor(options) {
         this.options = resolveOptions(options);
@@ -4913,6 +5036,8 @@ var init_client = __esm({
         });
         this.authManager = authManager;
         const restClientConfig = buildRestClientConfig(options, authManager);
+        const { authManager: _am, ...baseConfig } = restClientConfig;
+        this._baseRestClientConfig = baseConfig;
         const restClient = new RestClient(this.options, restClientConfig);
         const fetcher = new CertificateFetcher(restClient);
         this.crypto = new CryptographyService(fetcher);
@@ -4937,6 +5062,10 @@ var init_client = __esm({
         }
         return this._offline;
       }
+      /** @internal Create a RestClient with a different AuthManager, preserving transport/retry/rateLimit config. */
+      createScopedRestClient(authManager) {
+        return new RestClient(this.options, { ...this._baseRestClientConfig, authManager });
+      }
       async loginWithToken(token, nip) {
         const challenge = await this.auth.getChallenge();
         await this.crypto.init();
@@ -5097,9 +5226,11 @@ __export(index_exports, {
   getDefaultReason: () => getDefaultReason,
   getEffectiveStartDate: () => getEffectiveStartDate,
   getFormCode: () => getFormCode,
+  getPolishHolidays: () => getPolishHolidays,
   getTimeUntilDeadline: () => getTimeUntilDeadline,
   incrementalExportAndDownload: () => incrementalExportAndDownload,
   isExpired: () => isExpired,
+  isPolishHoliday: () => isPolishHoliday,
   isRetryableError: () => isRetryableError,
   isRetryableStatus: () => isRetryableStatus,
   isValidBase64: () => isValidBase64,
@@ -5126,6 +5257,9 @@ __export(index_exports, {
   parseUpoXml: () => parseUpoXml,
   pollUntil: () => pollUntil,
   resolveOptions: () => resolveOptions,
+  resumeOnlineSession: () => resumeOnlineSession,
+  runWithConcurrency: () => runWithConcurrency,
+  sha256Base64: () => sha256Base642,
   sleep: () => sleep,
   unzip: () => unzip,
   updateContinuationPoint: () => updateContinuationPoint,
@@ -5140,6 +5274,7 @@ __export(index_exports, {
   validatePresignedUrl: () => validatePresignedUrl,
   validateSchema: () => validateSchema,
   validateWellFormedness: () => validateWellFormedness,
+  verifyHash: () => verifyHash,
   xmlToObject: () => xmlToObject
 });
 module.exports = __toCommonJS(index_exports);
@@ -5911,6 +6046,18 @@ function parseKSeFTokenContext(token) {
   };
 }
 
+// src/utils/hash.ts
+var import_node_crypto2 = __toESM(require("crypto"), 1);
+function sha256Base642(data) {
+  return import_node_crypto2.default.createHash("sha256").update(data).digest("base64");
+}
+function verifyHash(data, expectedHash) {
+  return sha256Base642(data) === expectedHash;
+}
+
+// src/utils/index.ts
+init_concurrency();
+
 // src/workflows/polling.ts
 async function pollUntil(action, condition, options) {
   const intervalMs = options?.intervalMs ?? 2e3;
@@ -5929,6 +6076,10 @@ async function pollUntil(action, condition, options) {
 }
 
 // src/workflows/online-session-workflow.ts
+init_ksef_session_expired_error();
+init_auth_manager();
+init_online_session();
+init_session_status();
 init_document_structures();
 
 // src/xml/upo-parser.ts
@@ -6092,18 +6243,11 @@ function nonEmptyString(value) {
 // src/workflows/online-session-workflow.ts
 init_invoice_validator();
 init_ksef_validation_error();
-async function openOnlineSession(client, options) {
-  await client.crypto.init();
-  const encData = client.crypto.getEncryptionData();
-  const formCode = options?.formCode ?? DEFAULT_FORM_CODE;
-  const openResp = await client.onlineSession.openSession(
-    { formCode, encryption: encData.encryptionInfo },
-    options?.upoVersion
-  );
-  const sessionRef = openResp.referenceNumber;
+function buildSessionHandle(params) {
+  const { deps, sessionRef, validUntil, cipherKey, cipherIv, formCode, validate: validate2 } = params;
   async function fetchUpo(pollOpts) {
     const result = await pollUntil(
-      () => client.sessionStatus.getSessionStatus(sessionRef),
+      () => deps.sessionStatus.getSessionStatus(sessionRef),
       (s) => s.status.code === 200 || s.status.code >= 400,
       { ...pollOpts, description: `UPO for session ${sessionRef}` }
     );
@@ -6119,9 +6263,9 @@ async function openOnlineSession(client, options) {
   }
   return {
     sessionRef,
-    validUntil: openResp.validUntil,
+    validUntil,
     async sendInvoice(invoiceXml) {
-      if (options?.validate) {
+      if (validate2) {
         const xmlStr = typeof invoiceXml === "string" ? invoiceXml : new TextDecoder().decode(invoiceXml);
         const vResult = await validate(xmlStr);
         if (!vResult.valid) {
@@ -6132,10 +6276,10 @@ async function openOnlineSession(client, options) {
         }
       }
       const data = typeof invoiceXml === "string" ? new TextEncoder().encode(invoiceXml) : invoiceXml;
-      const plainMeta = client.crypto.getFileMetadata(data);
-      const encrypted = client.crypto.encryptAES256(data, encData.cipherKey, encData.cipherIv);
-      const encMeta = client.crypto.getFileMetadata(encrypted);
-      const resp = await client.onlineSession.sendInvoice(sessionRef, {
+      const plainMeta = deps.crypto.getFileMetadata(data);
+      const encrypted = deps.crypto.encryptAES256(data, cipherKey, cipherIv);
+      const encMeta = deps.crypto.getFileMetadata(encrypted);
+      const resp = await deps.onlineSession.sendInvoice(sessionRef, {
         invoiceHash: plainMeta.hashSHA,
         invoiceSize: plainMeta.fileSize,
         encryptedInvoiceHash: encMeta.hashSHA,
@@ -6145,7 +6289,7 @@ async function openOnlineSession(client, options) {
       return resp.referenceNumber;
     },
     async close() {
-      await client.onlineSession.closeSession(sessionRef);
+      await deps.onlineSession.closeSession(sessionRef);
     },
     async waitForUpo(pollOpts) {
       return fetchUpo(pollOpts);
@@ -6154,13 +6298,75 @@ async function openOnlineSession(client, options) {
       const upoInfo = await fetchUpo(pollOpts);
       const parsed = [];
       for (const page of upoInfo.pages) {
-        const result = await client.sessionStatus.getSessionUpo(sessionRef, page.referenceNumber);
+        const result = await deps.sessionStatus.getSessionUpo(sessionRef, page.referenceNumber);
         parsed.push(parseUpoXml(result.upo));
       }
       return { ...upoInfo, parsed };
+    },
+    getState() {
+      const token = deps.getAccessToken();
+      if (!token) {
+        throw new Error("Cannot serialize session state: no access token available");
+      }
+      return {
+        referenceNumber: sessionRef,
+        aesKey: Buffer.from(cipherKey).toString("base64"),
+        iv: Buffer.from(cipherIv).toString("base64"),
+        accessToken: token,
+        formCode,
+        validUntil,
+        ...validate2 ? { validate: validate2 } : {}
+      };
     }
   };
 }
+async function openOnlineSession(client, options) {
+  await client.crypto.init();
+  const encData = client.crypto.getEncryptionData();
+  const formCode = options?.formCode ?? DEFAULT_FORM_CODE;
+  const openResp = await client.onlineSession.openSession(
+    { formCode, encryption: encData.encryptionInfo },
+    options?.upoVersion
+  );
+  return buildSessionHandle({
+    deps: {
+      crypto: client.crypto,
+      onlineSession: client.onlineSession,
+      sessionStatus: client.sessionStatus,
+      getAccessToken: () => client.authManager.getAccessToken()
+    },
+    sessionRef: openResp.referenceNumber,
+    validUntil: openResp.validUntil,
+    cipherKey: encData.cipherKey,
+    cipherIv: encData.cipherIv,
+    formCode,
+    validate: options?.validate
+  });
+}
+function resumeOnlineSession(client, state, options) {
+  const expiry = new Date(state.validUntil);
+  if (expiry.getTime() <= Date.now()) {
+    throw new KSeFSessionExpiredError(
+      `Cannot resume session: expired at ${state.validUntil}`
+    );
+  }
+  const scopedAuth = new DefaultAuthManager(() => Promise.resolve(null), state.accessToken);
+  const scopedRestClient = client.createScopedRestClient(scopedAuth);
+  return buildSessionHandle({
+    deps: {
+      crypto: client.crypto,
+      onlineSession: new OnlineSessionService(scopedRestClient),
+      sessionStatus: new SessionStatusService(scopedRestClient),
+      getAccessToken: () => scopedAuth.getAccessToken()
+    },
+    sessionRef: state.referenceNumber,
+    validUntil: state.validUntil,
+    cipherKey: new Uint8Array(Buffer.from(state.aesKey, "base64")),
+    cipherIv: new Uint8Array(Buffer.from(state.iv, "base64")),
+    formCode: state.formCode,
+    validate: options?.validate ?? state.validate
+  });
+}
 async function openSendAndClose(client, invoices, options) {
   const handle = await openOnlineSession(client, options);
   for (const inv of invoices) {
@@ -6173,6 +6379,9 @@ async function openSendAndClose(client, invoices, options) {
 // src/workflows/batch-session-workflow.ts
 init_document_structures();
 async function uploadBatch(client, zipData, options) {
+  if (options?.parallelism !== void 0 && (!Number.isInteger(options.parallelism) || options.parallelism < 1)) {
+    throw new Error("parallelism must be a positive integer");
+  }
   await client.crypto.init();
   if (options?.validate) {
     const { unzip: unzip2 } = await Promise.resolve().then(() => (init_zip(), zip_exports));
@@ -6215,7 +6424,7 @@ async function uploadBatch(client, zipData, options) {
     },
     ordinalNumber: i + 1
   }));
-  await client.batchSession.sendParts(openResp, sendingParts);
+  await client.batchSession.sendParts(openResp, sendingParts, options?.parallelism);
   await client.batchSession.closeSession(openResp.referenceNumber);
   const result = await pollUntil(
     () => client.sessionStatus.getSessionStatus(openResp.referenceNumber),
@@ -6236,6 +6445,9 @@ async function uploadBatch(client, zipData, options) {
   };
 }
 async function uploadBatchStream(client, zipStreamFactory, zipSize, options) {
+  if (options?.parallelism !== void 0 && (!Number.isInteger(options.parallelism) || options.parallelism < 1)) {
+    throw new Error("parallelism must be a positive integer");
+  }
   await client.crypto.init();
   const encData = client.crypto.getEncryptionData();
   const formCode = options?.formCode ?? DEFAULT_FORM_CODE;
@@ -6257,7 +6469,7 @@ async function uploadBatchStream(client, zipStreamFactory, zipSize, options) {
     },
     options?.upoVersion
   );
-  await client.batchSession.sendPartsWithStream(openResp, streamParts);
+  await client.batchSession.sendPartsWithStream(openResp, streamParts, options?.parallelism);
   await client.batchSession.closeSession(openResp.referenceNumber);
   const result = await pollUntil(
     () => client.sessionStatus.getSessionStatus(openResp.referenceNumber),
@@ -6332,6 +6544,7 @@ async function doExport(client, filters, options) {
         url: p.url,
         method: p.method,
         partSize: p.partSize,
+        partHash: p.partHash,
         encryptedPartSize: p.encryptedPartSize,
         encryptedPartHash: p.encryptedPartHash,
         expirationDate: p.expirationDate
@@ -6357,6 +6570,9 @@ async function exportAndDownload(client, filters, options) {
       throw new Error(`Download failed for part ${part.ordinalNumber}: HTTP ${resp.status}`);
     }
     const encryptedData = new Uint8Array(await resp.arrayBuffer());
+    if (options?.verifyHash !== false && !verifyHash(encryptedData, part.encryptedPartHash)) {
+      throw new Error(`Hash mismatch for export part ${part.ordinalNumber}`);
+    }
     const decrypted = client.crypto.decryptAES256(encryptedData, encData.cipherKey, encData.cipherIv);
     decryptedParts.push(decrypted);
   }
@@ -6429,6 +6645,9 @@ async function incrementalExportAndDownload(client, options) {
         throw new Error(`Download failed for part ${part.ordinalNumber}: HTTP ${resp.status}`);
       }
       const encryptedData = new Uint8Array(await resp.arrayBuffer());
+      if (options.verifyHash !== false && !verifyHash(encryptedData, part.encryptedPartHash)) {
+        throw new Error(`Hash mismatch for export part ${part.ordinalNumber}`);
+      }
       const decrypted = client.crypto.decryptAES256(encryptedData, encData.cipherKey, encData.cipherIv);
       decryptedParts.push(decrypted);
     }
@@ -6594,6 +6813,7 @@ async function authenticateWithPkcs12(client, options) {
 
 // src/offline/index.ts
 init_deadline();
+init_holidays();
 
 // src/offline/storage.ts
 function matchesFilter(invoice, filter) {
@@ -6836,9 +7056,11 @@ init_client();
   getDefaultReason,
   getEffectiveStartDate,
   getFormCode,
+  getPolishHolidays,
   getTimeUntilDeadline,
   incrementalExportAndDownload,
   isExpired,
+  isPolishHoliday,
   isRetryableError,
   isRetryableStatus,
   isValidBase64,
@@ -6865,6 +7087,9 @@ init_client();
   parseUpoXml,
   pollUntil,
   resolveOptions,
+  resumeOnlineSession,
+  runWithConcurrency,
+  sha256Base64,
   sleep,
   unzip,
   updateContinuationPoint,
@@ -6879,6 +7104,7 @@ init_client();
   validatePresignedUrl,
   validateSchema,
   validateWellFormedness,
+  verifyHash,
   xmlToObject
 });
 //# sourceMappingURL=index.cjs.map