payluk-escrow-inline-checkout 0.2.9 → 0.3.0

package/README.md

@@ -6,6 +6,7 @@ A lightweight client SDK that initializes your checkout configuration, creates a
 - Promise-based API.
 - First-class TypeScript types.
 - Optional React hook with loading/error state.
+- Multi-escrow support: pay for multiple escrows in a single checkout session.
 
 ## Installation
 
@@ -178,6 +179,106 @@ export function CheckoutButton() {
 - Only use publishable keys in the browser. Keep any secret keys on your server.
 - Validate inputs on your backend and return the required session payload.
 
+## Multi-Escrow Payments
+
+You can now pay for multiple escrows in a single checkout session by passing an array of payment tokens. This is useful when a customer wants to pay for multiple items or services at once.
+
+### Requirements
+
+- All escrows must belong to the same merchant
+- All escrows must be in `PENDING` status
+- If using merchant escrows, a `customerId` is required
+- The total amount from all escrows will be charged in a single transaction
+
+### Vanilla JS/TS Example
+
+```ts
+import { initEscrowCheckout, pay } from 'payluk-escrow-inline-checkout';
+
+// Initialize once
+initEscrowCheckout({
+  publicKey: '<YOUR_PUBLISHABLE_KEY>'
+});
+
+// Pay for multiple escrows
+async function onPayMultipleClick() {
+  try {
+    await pay({
+      // Pass an array of payment tokens
+      paymentToken: ['TOKEN_1', 'TOKEN_2', 'TOKEN_3'],
+      reference: '<REFERENCE_ID>',
+      redirectUrl: 'https://your-app.example.com/checkout/complete',
+      logoUrl: 'https://mediacloud.me/media/W8HU9TK245QF528ZULCFSJXX2SBBLT.jpg',
+      brand: 'YourBrand',
+      customerId: 'customer_123', // Required for merchant escrows
+      callback: (result) => {
+        // result.paymentId will contain comma-separated IDs: "id1,id2,id3"
+        // result.reference will contain unique refs: "REF_1,REF_2,REF_3"
+        console.log('Multi-escrow checkout result:', result);
+      },
+      onClose: () => {
+        console.log('Widget closed');
+      }
+    });
+  } catch (err) {
+    console.error('Payment failed:', err);
+  }
+}
+```
+
+### React Example
+
+```tsx
+import React from 'react';
+import { useEscrowCheckout } from 'payluk-escrow-inline-checkout/react';
+
+export function MultiEscrowCheckoutButton() {
+  const { pay } = useEscrowCheckout();
+
+  const handleClick = async () => {
+    try {
+      await pay({
+        // Array of payment tokens for multi-escrow checkout
+        paymentToken: ['TOKEN_1', 'TOKEN_2', 'TOKEN_3'],
+        reference: '<REFERENCE_ID>',
+        redirectUrl: 'https://your-app.example.com/checkout/complete',
+        customerId: 'customer_123',
+        callback: (result) => {
+          console.log('Payment successful:', result);
+        }
+      });
+    } catch (err) {
+      console.error('Payment failed:', err);
+    }
+  };
+
+  return (
+    <button onClick={handleClick}>
+      Pay for Multiple Items
+    </button>
+  );
+}
+```
+
+### How It Works
+
+1. **Individual Processing**: Each escrow is processed individually with its own payment intent
+2. **Aggregated Total**: The checkout widget displays the total amount from all escrows
+3. **Unique References**: Multi-payments generate unique references for each escrow (e.g., `REF_1`, `REF_2`, `REF_3`)
+4. **Single Transaction**: The customer completes one payment for all escrows combined
+5. **Backward Compatible**: Single payment tokens (strings) still work exactly as before
+
+### Response Format
+
+When using multi-escrow payments, the callback receives:
+
+```ts
+{
+  paymentId: "token1,token2,token3",  // Comma-separated escrow IDs
+  reference: "REF_1,REF_2,REF_3"      // Comma-separated unique references
+}
+```
+
 ## API
 
 ### `initEscrowCheckout(config)`
@@ -207,20 +308,27 @@ initEscrowCheckout({
 Creates a checkout session via your backend and opens the widget.
 
 **Required:**
-- `paymentToken`: `string`
+- `paymentToken`: `string | string[]` — single payment token or array of tokens for multi-escrow checkout
 - `reference`: `string`
 - `redirectUrl`: `string`
 
 **Optional:**
 - `logoUrl?`: `string`
-- `customerId?`: `string` — only for merchants using customer vaulting
+- `customerId?`: `string` — required for merchant escrows, optional for business escrows
 - `brand?`: `string`
 - `callback?`: `(result: unknown) => void`
 - `onClose?`: `() => void`
+- `extra?`: `Record<string, unknown>` — additional widget configuration
 
 **Returns:**
 - `Promise<void>` that resolves when the widget is opened (and rejects on errors).
 
+**Multi-Escrow Notes:**
+- When using an array of payment tokens, all escrows must belong to the same merchant
+- The checkout widget will display the aggregated total amount
+- Each escrow is processed individually with its own payment intent
+- Empty arrays or arrays containing empty strings will be rejected
+
 ### `useEscrowCheckout(): { ready, loading, error, pay }`
 
 React hook that exposes:
@@ -246,7 +354,22 @@ import { useEscrowCheckout } from 'payluk-escrow-inline-checkout/react';
 Common issues:
 - **Not initialized:** Ensure `initEscrowCheckout({ publicKey })` is called before `pay(...)`.
 - **Browser-only:** Do not call `pay(...)` on the server.
-- **Network/API errors:** If the session endpoint fails, `pay(...)` will reject with the error message from your backend (if any).
+- **Network/API errors:** If the session endpoint fails, `pay(...)` will reject with an `EscrowCheckoutError` that includes a `code`, optional HTTP `status`, and `details`.
+
+`EscrowCheckoutError` codes:
+- `NOT_INITIALIZED`
+- `BROWSER_ONLY`
+- `INVALID_INPUT`
+- `WIDGET_LOAD`
+- `NETWORK`
+- `SESSION_CREATE`
+- `SESSION_RESPONSE`
+
+You can import the error class if you want stricter checks in TypeScript:
+
+```ts
+import { EscrowCheckoutError } from 'payluk-escrow-inline-checkout';
+```
 
 **Example:**
 
@@ -254,7 +377,12 @@ Common issues:
 try {
   await pay({ /* ... */ });
 } catch (err) {
-  alert((err as Error).message);
+  if (err instanceof EscrowCheckoutError) {
+    console.error(err.code, err.status, err.message);
+    alert(err.message);
+  } else {
+    alert('Checkout failed');
+  }
 }
 ```
 

package/dist/chunk-E6SFCKQP.js

@@ -0,0 +1,183 @@
+// src/index.ts
+var EscrowCheckoutError = class extends Error {
+  constructor(message, code, options) {
+    super(message);
+    this.name = "EscrowCheckoutError";
+    this.code = code;
+    this.status = options?.status;
+    this.details = options?.details;
+  }
+};
+var DEFAULT_SCRIPT_URL = "https://checkout.payluk.ng/escrow-checkout.min.js";
+var DEFAULT_GLOBAL_NAME = "EscrowCheckout";
+var CONFIG = null;
+function initEscrowCheckout(config) {
+  if (!isNonEmptyString(config?.publicKey)) {
+    throw new EscrowCheckoutError('initEscrowCheckout(...) requires "publicKey".', "INVALID_INPUT");
+  }
+  CONFIG = {
+    publicKey: config.publicKey.trim(),
+    scriptUrl: config.scriptUrlOverride || DEFAULT_SCRIPT_URL,
+    globalName: config.globalName || DEFAULT_GLOBAL_NAME,
+    crossOrigin: config.crossOrigin ?? "anonymous"
+  };
+}
+function assertConfigured(config) {
+  if (!config) {
+    throw new EscrowCheckoutError(
+      "Escrow checkout not initialized. Call initEscrowCheckout({ publicKey }) first.",
+      "NOT_INITIALIZED"
+    );
+  }
+}
+function normalizeError(error) {
+  if (error instanceof Error) return error;
+  if (typeof error === "string") return new Error(error);
+  return new Error("Unknown error");
+}
+function isNonEmptyString(value) {
+  return typeof value === "string" && value.trim().length > 0;
+}
+function isValidPaymentToken(value) {
+  if (isNonEmptyString(value)) {
+    return true;
+  }
+  if (Array.isArray(value)) {
+    return value.length > 0 && value.every((token) => isNonEmptyString(token));
+  }
+  return false;
+}
+function isSessionResponse(value) {
+  if (!value || typeof value !== "object") return false;
+  return "session" in value;
+}
+async function parseErrorBody(resp) {
+  const text = await resp.text();
+  if (!text) return {};
+  try {
+    const json = JSON.parse(text);
+    const message = typeof json?.message === "string" ? json.message : void 0;
+    return { message, details: json };
+  } catch {
+    return { message: text, details: text };
+  }
+}
+async function parseJsonResponse(resp) {
+  try {
+    return await resp.json();
+  } catch {
+    throw new EscrowCheckoutError("Invalid JSON response from session endpoint.", "SESSION_RESPONSE", {
+      status: resp.status
+    });
+  }
+}
+async function loadWidget() {
+  assertConfigured(CONFIG);
+  const { scriptUrl, globalName, crossOrigin } = CONFIG;
+  if (typeof window === "undefined") {
+    throw new EscrowCheckoutError("EscrowCheckout can only be loaded in the browser.", "BROWSER_ONLY");
+  }
+  const win = window;
+  win.__escrowCheckoutLoader ?? (win.__escrowCheckoutLoader = {});
+  if (win.__escrowCheckoutLoader[scriptUrl]) {
+    return win.__escrowCheckoutLoader[scriptUrl];
+  }
+  if (typeof win[globalName] === "function") {
+    const fn = win[globalName];
+    win.__escrowCheckoutLoader[scriptUrl] = Promise.resolve(fn);
+    return fn;
+  }
+  win.__escrowCheckoutLoader[scriptUrl] = new Promise((resolve, reject) => {
+    const script = document.createElement("script");
+    script.src = scriptUrl;
+    script.async = true;
+    if (crossOrigin) script.crossOrigin = crossOrigin;
+    script.onload = () => {
+      const fn = win[globalName];
+      if (typeof fn === "function") resolve(fn);
+      else {
+        reject(
+          new EscrowCheckoutError(
+            `Escrow checkout script loaded, but window.${globalName} is not a function.`,
+            "WIDGET_LOAD"
+          )
+        );
+      }
+    };
+    script.onerror = () => reject(new EscrowCheckoutError(`Failed to load escrow checkout script: ${scriptUrl}`, "WIDGET_LOAD"));
+    document.head.appendChild(script);
+  });
+  return win.__escrowCheckoutLoader[scriptUrl];
+}
+async function createSession(input) {
+  assertConfigured(CONFIG);
+  const { publicKey } = CONFIG;
+  const apiBaseUrl = publicKey.startsWith("pk_live_") ? "https://live.payluk.ng" : "https://staging.live.payluk.ng";
+  let resp;
+  try {
+    resp = await fetch(`${apiBaseUrl}/v1/checkout/session`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        paymentToken: input.paymentToken,
+        redirectUrl: input.redirectUrl,
+        reference: input.reference,
+        customerId: input.customerId,
+        publicKey
+      })
+    });
+  } catch (error) {
+    const normalized = normalizeError(error);
+    throw new EscrowCheckoutError("Network error while creating checkout session.", "NETWORK", {
+      details: normalized.message
+    });
+  }
+  if (!resp.ok) {
+    const { message, details } = await parseErrorBody(resp);
+    throw new EscrowCheckoutError(message || `Failed to create session (HTTP ${resp.status}).`, "SESSION_CREATE", {
+      status: resp.status,
+      details
+    });
+  }
+  const data = await parseJsonResponse(resp);
+  if (!isSessionResponse(data)) {
+    throw new EscrowCheckoutError('Session response missing "session".', "SESSION_RESPONSE", {
+      status: resp.status,
+      details: data
+    });
+  }
+  return data;
+}
+async function pay(input) {
+  if (typeof window === "undefined") {
+    throw new EscrowCheckoutError("pay(...) can only run in the browser.", "BROWSER_ONLY");
+  }
+  assertConfigured(CONFIG);
+  if (!input || !isValidPaymentToken(input.paymentToken)) {
+    throw new EscrowCheckoutError(
+      'pay(...) requires "paymentToken" (must be a non-empty string or array of non-empty strings).',
+      "INVALID_INPUT"
+    );
+  }
+  if (!isNonEmptyString(input.reference)) {
+    throw new EscrowCheckoutError('pay(...) requires "reference".', "INVALID_INPUT");
+  }
+  if (!isNonEmptyString(input.redirectUrl)) {
+    throw new EscrowCheckoutError('pay(...) requires "redirectUrl".', "INVALID_INPUT");
+  }
+  const [{ session }, widget] = await Promise.all([createSession(input), loadWidget()]);
+  widget({
+    session,
+    logoUrl: input.logoUrl,
+    brand: input.brand,
+    callback: input.callback,
+    onClose: input.onClose,
+    customerId: input.customerId,
+    publicKey: CONFIG.publicKey,
+    ...input.extra ?? {}
+  });
+}
+
+export { EscrowCheckoutError, initEscrowCheckout, pay };
+//# sourceMappingURL=chunk-E6SFCKQP.js.map
+//# sourceMappingURL=chunk-E6SFCKQP.js.map

package/dist/chunk-E6SFCKQP.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";AAWO,IAAM,mBAAA,GAAN,cAAkC,KAAA,CAAM;AAAA,EAK3C,WAAA,CAAY,OAAA,EAAiB,IAAA,EAA+B,OAAA,EAAkD;AAC1G,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,qBAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACvB,IAAA,IAAA,CAAK,UAAU,OAAA,EAAS,OAAA;AAAA,EAC5B;AACJ;AAmCA,IAAM,kBAAA,GAAqB,mDAAA;AAC3B,IAAM,mBAAA,GAAsB,gBAAA;AAQ5B,IAAI,MAAA,GAAgC,IAAA;AAM7B,SAAS,mBAAmB,MAAA,EAA0B;AACzD,EAAA,IAAI,CAAC,gBAAA,CAAiB,MAAA,EAAQ,SAAS,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,mBAAA,CAAoB,+CAAA,EAAiD,eAAe,CAAA;AAAA,EAClG;AACA,EAAA,MAAA,GAAS;AAAA,IACL,SAAA,EAAW,MAAA,CAAO,SAAA,CAAU,IAAA,EAAK;AAAA,IACjC,SAAA,EAAW,OAAO,iBAAA,IAAqB,kBAAA;AAAA,IACvC,UAAA,EAAY,OAAO,UAAA,IAAc,mBAAA;AAAA,IACjC,WAAA,EAAa,OAAO,WAAA,IAAe;AAAA,GACvC;AACJ;AAKA,SAAS,iBAAiB,MAAA,EAAiE;AACvF,EAAA,IAAI,CAAC,MAAA,EAAQ;AACT,IAAA,MAAM,IAAI,mBAAA;AAAA,MACN,gFAAA;AAAA,MACA;AAAA,KACJ;AAAA,EACJ;AACJ;AAEA,SAAS,eAAe,KAAA,EAAuB;AAC3C,EAAA,IAAI,KAAA,YAAiB,OAAO,OAAO,KAAA;AACnC,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,IAAI,MAAM,KAAK,CAAA;AACrD,EAAA,OAAO,IAAI,MAAM,eAAe,CAAA;AACpC;AAEA,SAAS,iBAAiB,KAAA,EAAiC;AACvD,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,IAAA,GAAO,MAAA,GAAS,CAAA;AAC9D;AAEA,SAAS,oBAAoB,KAAA,EAA4C;AAErE,EAAA,IAAI,gBAAA,CAAiB,KAAK,CAAA,EAAG;AACzB,IAAA,OAAO,IAAA;AAAA,EACX;AAGA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACtB,IAAA,OAAO,KAAA,CAAM,SAAS,CAAA,IAAK,KAAA,CAAM,MAAM,CAAC,KAAA,KAAU,gBAAA,CAAiB,KAAK,CAAC,CAAA;AAAA,EAC7E;AAEA,EAAA,OAAO,KAAA;AACX;AAEA,SAAS,kBAAkB,KAAA,EAA0C;AACjE,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,UAAU,OAAO,KAAA;AAChD,EAAA,OAAO,SAAA,IAAa,KAAA;AACxB;AAEA,eAAe,eAAe,IAAA,EAAkE;AAC5F,EAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,EAAK;AAC7B,EAAA,IAAI,CAAC,IAAA,EAAM,OAAO,EAAC;AAEnB,EAAA,IAAI;AACA,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,KAAA,CAAM,IAAI,CAAA;AAC5B,IAAA,MAAM,UAAU,OAAO,IAAA,EAAM,OAAA,KAAY,QAAA,GAAW,KAAK,OAAA,GAAU,KAAA,CAAA;AACnE,IAAA,OAAO,EAAE,OAAA,EAAS,OAAA,EAAS,IAAA,EAAK;AAAA,EACpC,CAAA,CAAA,MAAQ;AACJ,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,IAAA,EAAK;AAAA,EAC1C;AACJ;AAEA,eAAe,kBAAkB,IAAA,EAAkC;AAC/D,EAAA,IAAI;AACA,IAAA,OAAO,MAAM,KAAK,IAAA,EAAK;AAAA,EAC3B,CAAA,CAAA,MAAQ;AACJ,IAAA,MAAM,IAAI,mBAAA,CAAoB,8CAAA,EAAgD,kBAAA,EAAoB;AAAA,MAC9F,QAAQ,IAAA,CAAK;AAAA,KAChB,CAAA;AAAA,EACL;AACJ;AAKA,eAAe,UAAA,GAAoC;AAC/C,EAAA,gBAAA,CAAiB,MAAM,CAAA;AACvB,EAAA,MAAM,EAAE,SAAA,EAAW,UAAA,EAAY,WAAA,EAAY,GAAI,MAAA;AAE/C,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,mBAAA,CAAoB,mDAAA,EAAqD,cAAc,CAAA;AAAA,EACrG;AAEA,EAAA,MAAM,GAAA,GAAM,MAAA;AACZ,EAAA,GAAA,CAAI,sBAAA,KAAJ,GAAA,CAAI,sBAAA,GAA2B,EAAC,CAAA;AAEhC,EAAA,IAAI,GAAA,CAAI,sBAAA,CAAuB,SAAS,CAAA,EAAG;AACvC,IAAA,OAAO,GAAA,CAAI,uBAAuB,SAAS,CAAA;AAAA,EAC/C;AAEA,EAAA,IAAI,OAAO,GAAA,CAAI,UAAU,CAAA,KAAM,UAAA,EAAY;AACvC,IAAA,MAAM,EAAA,GAAK,IAAI,UAAU,CAAA;AACzB,IAAA,GAAA,CAAI,sBAAA,CAAuB,SAAS,CAAA,GAAI,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAC1D,IAAA,OAAO,EAAA;AAAA,EACX;AAEA,EAAA,GAAA,CAAI,uBAAuB,SAAS,CAAA,GAAI,IAAI,OAAA,CAAsB,CAAC,SAAS,MAAA,KAAW;AACnF,IAAA,MAAM,MAAA,GAAS,QAAA,CAAS,aAAA,CAAc,QAAQ,CAAA;AAC9C,IAAA,MAAA,CAAO,GAAA,GAAM,SAAA;AACb,IAAA,MAAA,CAAO,KAAA,GAAQ,IAAA;AACf,IAAA,IAAI,WAAA,SAAoB,WAAA,GAAc,WAAA;AAEtC,IAAA,MAAA,CAAO,SAAS,MAAM;AAClB,MAAA,MAAM,EAAA,GAAK,IAAI,UAAU,CAAA;AACzB,MAAA,IAAI,OAAO,EAAA,KAAO,UAAA,EAAY,OAAA,CAAQ,EAAkB,CAAA;AAAA,WACnD;AACD,QAAA,MAAA;AAAA,UACI,IAAI,mBAAA;AAAA,YACA,6CAA6C,UAAU,CAAA,mBAAA,CAAA;AAAA,YACvD;AAAA;AACJ,SACJ;AAAA,MACJ;AAAA,IACJ,CAAA;AAEA,IAAA,MAAA,CAAO,OAAA,GAAU,MACb,MAAA,CAAO,IAAI,oBAAoB,CAAA,uCAAA,EAA0C,SAAS,CAAA,CAAA,EAAI,aAAa,CAAC,CAAA;AAExG,IAAA,QAAA,CAAS,IAAA,CAAK,YAAY,MAAM,CAAA;AAAA,EACpC,CAAC,CAAA;AAED,EAAA,OAAO,GAAA,CAAI,uBAAuB,SAAS,CAAA;AAC/C;AAMA,eAAe,cAAc,KAAA,EAA2C;AACpE,EAAA,gBAAA,CAAiB,MAAM,CAAA;AACvB,EAAA,MAAM,EAAE,WAAU,GAAI,MAAA;AACtB,EAAA,MAAM,UAAA,GAAa,SAAA,CAAU,UAAA,CAAW,UAAU,IAAI,wBAAA,GAA2B,gCAAA;AACjF,EAAA,IAAI,IAAA;AAEJ,EAAA,IAAI;AACA,IAAA,IAAA,GAAO,MAAM,KAAA,CAAM,CAAA,EAAG,UAAU,CAAA,oBAAA,CAAA,EAAwB;AAAA,MACpD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,MAC9C,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,QACjB,cAAc,KAAA,CAAM,YAAA;AAAA,QACpB,aAAa,KAAA,CAAM,WAAA;AAAA,QACnB,WAAW,KAAA,CAAM,SAAA;AAAA,QACjB,YAAY,KAAA,CAAM,UAAA;AAAA,QAClB;AAAA,OACH;AAAA,KACJ,CAAA;AAAA,EACL,SAAS,KAAA,EAAO;AACZ,IAAA,MAAM,UAAA,GAAa,eAAe,KAAK,CAAA;AACvC,IAAA,MAAM,IAAI,mBAAA,CAAoB,gDAAA,EAAkD,SAAA,EAAW;AAAA,MACvF,SAAS,UAAA,CAAW;AAAA,KACvB,CAAA;AAAA,EACL;AAEA,EAAA,IAAI,CAAC,KAAK,EAAA,EAAI;AACV,IAAA,MAAM,EAAE,OAAA,EAAS,OAAA,EAAQ,GAAI,MAAM,eAAe,IAAI,CAAA;AACtD,IAAA,MAAM,IAAI,mBAAA,CAAoB,OAAA,IAAW,kCAAkC,IAAA,CAAK,MAAM,MAAM,gBAAA,EAAkB;AAAA,MAC1G,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb;AAAA,KACH,CAAA;AAAA,EACL;AAEA,EAAA,MAAM,IAAA,GAAO,MAAM,iBAAA,CAAkB,IAAI,CAAA;AACzC,EAAA,IAAI,CAAC,iBAAA,CAAkB,IAAI,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,mBAAA,CAAoB,qCAAA,EAAuC,kBAAA,EAAoB;AAAA,MACrF,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,OAAA,EAAS;AAAA,KACZ,CAAA;AAAA,EACL;AAEA,EAAA,OAAO,IAAA;AACX;AAMA,eAAsB,IAAI,KAAA,EAAgC;AACtD,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,mBAAA,CAAoB,uCAAA,EAAyC,cAAc,CAAA;AAAA,EACzF;AAEA,EAAA,gBAAA,CAAiB,MAAM,CAAA;AACvB,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,mBAAA,CAAoB,KAAA,CAAM,YAAY,CAAA,EAAG;AACpD,IAAA,MAAM,IAAI,mBAAA;AAAA,MACN,8FAAA;AAAA,MACA;AAAA,KACJ;AAAA,EACJ;AACA,EAAA,IAAI,CAAC,gBAAA,CAAiB,KAAA,CAAM,SAAS,CAAA,EAAG;AACpC,IAAA,MAAM,IAAI,mBAAA,CAAoB,gCAAA,EAAkC,eAAe,CAAA;AAAA,EACnF;AACA,EAAA,IAAI,CAAC,gBAAA,CAAiB,KAAA,CAAM,WAAW,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,mBAAA,CAAoB,kCAAA,EAAoC,eAAe,CAAA;AAAA,EACrF;AAEA,EAAA,MAAM,CAAC,EAAE,OAAA,EAAQ,EAAG,MAAM,CAAA,GAAI,MAAM,OAAA,CAAQ,GAAA,CAAI,CAAC,aAAA,CAAc,KAAK,CAAA,EAAG,UAAA,EAAY,CAAC,CAAA;AAEpF,EAAA,MAAA,CAAO;AAAA,IACH,OAAA;AAAA,IACA,SAAS,KAAA,CAAM,OAAA;AAAA,IACf,OAAO,KAAA,CAAM,KAAA;AAAA,IACb,UAAU,KAAA,CAAM,QAAA;AAAA,IAChB,SAAS,KAAA,CAAM,OAAA;AAAA,IACf,YAAY,KAAA,CAAM,UAAA;AAAA,IAClB,WAAW,MAAA,CAAO,SAAA;AAAA,IAClB,GAAI,KAAA,CAAM,KAAA,IAAS;AAAC,GACvB,CAAA;AACL","file":"chunk-E6SFCKQP.js","sourcesContent":["export type EscrowWidget = (options: Record<string, unknown>) => void;\n\nexport type EscrowCheckoutErrorCode =\n    | 'NOT_INITIALIZED'\n    | 'BROWSER_ONLY'\n    | 'INVALID_INPUT'\n    | 'WIDGET_LOAD'\n    | 'NETWORK'\n    | 'SESSION_CREATE'\n    | 'SESSION_RESPONSE';\n\nexport class EscrowCheckoutError extends Error {\n    code: EscrowCheckoutErrorCode;\n    status?: number;\n    details?: unknown;\n\n    constructor(message: string, code: EscrowCheckoutErrorCode, options?: { status?: number; details?: unknown }) {\n        super(message);\n        this.name = 'EscrowCheckoutError';\n        this.code = code;\n        this.status = options?.status;\n        this.details = options?.details;\n    }\n}\n\nexport interface InitConfig {\n    publicKey: string; // publishable key only\n    /**\n     * Optional overrides for experts. End users don't need to set these.\n     */\n    scriptUrlOverride?: string;\n    globalName?: string; // default 'EscrowCheckout'\n    crossOrigin?: '' | 'anonymous' | 'use-credentials';\n}\n\nexport interface PayInput {\n    /**\n     * Single escrow payment token or array of payment tokens for multi-escrow checkout.\n     * When providing multiple tokens, they must all belong to the same merchant.\n     */\n    paymentToken: string | string[];\n    reference: string;\n    redirectUrl: string;\n    logoUrl?: string;\n    brand?: string;\n    customerId?: string;\n    /**\n     * Extra fields supported by the widget.\n     */\n    extra?: Record<string, unknown>;\n    callback?: (result: any) => void;\n    onClose?: () => void;\n}\n\nexport interface SessionResponse {\n    session: unknown;\n}\n\nconst DEFAULT_SCRIPT_URL = 'https://checkout.payluk.ng/escrow-checkout.min.js';\nconst DEFAULT_GLOBAL_NAME = 'EscrowCheckout';\n\ntype ResolvedConfig = Required<Pick<InitConfig, 'publicKey'>> & {\n    scriptUrl: string;\n    globalName: string;\n    crossOrigin: '' | 'anonymous' | 'use-credentials';\n};\n\nlet CONFIG: ResolvedConfig | null = null;\n\n/**\n * Initialize the library once (e.g., in app bootstrap).\n * Hides script URL and session creation from consumers.\n */\nexport function initEscrowCheckout(config: InitConfig): void {\n    if (!isNonEmptyString(config?.publicKey)) {\n        throw new EscrowCheckoutError('initEscrowCheckout(...) requires \"publicKey\".', 'INVALID_INPUT');\n    }\n    CONFIG = {\n        publicKey: config.publicKey.trim(),\n        scriptUrl: config.scriptUrlOverride || DEFAULT_SCRIPT_URL,\n        globalName: config.globalName || DEFAULT_GLOBAL_NAME,\n        crossOrigin: config.crossOrigin ?? 'anonymous'\n    };\n}\n\n/**\n * Narrow a provided config to ResolvedConfig or throw if not initialized.\n */\nfunction assertConfigured(config: ResolvedConfig | null): asserts config is ResolvedConfig {\n    if (!config) {\n        throw new EscrowCheckoutError(\n            'Escrow checkout not initialized. Call initEscrowCheckout({ publicKey }) first.',\n            'NOT_INITIALIZED'\n        );\n    }\n}\n\nfunction normalizeError(error: unknown): Error {\n    if (error instanceof Error) return error;\n    if (typeof error === 'string') return new Error(error);\n    return new Error('Unknown error');\n}\n\nfunction isNonEmptyString(value: unknown): value is string {\n    return typeof value === 'string' && value.trim().length > 0;\n}\n\nfunction isValidPaymentToken(value: unknown): value is string | string[] {\n    // Check if it's a valid string\n    if (isNonEmptyString(value)) {\n        return true;\n    }\n\n    // Check if it's a valid array of strings\n    if (Array.isArray(value)) {\n        return value.length > 0 && value.every((token) => isNonEmptyString(token));\n    }\n\n    return false;\n}\n\nfunction isSessionResponse(value: unknown): value is SessionResponse {\n    if (!value || typeof value !== 'object') return false;\n    return 'session' in value;\n}\n\nasync function parseErrorBody(resp: Response): Promise<{ message?: string; details?: unknown }> {\n    const text = await resp.text();\n    if (!text) return {};\n\n    try {\n        const json = JSON.parse(text) as { message?: unknown };\n        const message = typeof json?.message === 'string' ? json.message : undefined;\n        return { message, details: json };\n    } catch {\n        return { message: text, details: text };\n    }\n}\n\nasync function parseJsonResponse(resp: Response): Promise<unknown> {\n    try {\n        return await resp.json();\n    } catch {\n        throw new EscrowCheckoutError('Invalid JSON response from session endpoint.', 'SESSION_RESPONSE', {\n            status: resp.status\n        });\n    }\n}\n\n/**\n * Internal: load the widget script once and return the global function.\n */\nasync function loadWidget(): Promise<EscrowWidget> {\n    assertConfigured(CONFIG);\n    const { scriptUrl, globalName, crossOrigin } = CONFIG;\n\n    if (typeof window === 'undefined') {\n        throw new EscrowCheckoutError('EscrowCheckout can only be loaded in the browser.', 'BROWSER_ONLY');\n    }\n\n    const win = window as any;\n    win.__escrowCheckoutLoader ??= {};\n\n    if (win.__escrowCheckoutLoader[scriptUrl]) {\n        return win.__escrowCheckoutLoader[scriptUrl];\n    }\n\n    if (typeof win[globalName] === 'function') {\n        const fn = win[globalName] as EscrowWidget;\n        win.__escrowCheckoutLoader[scriptUrl] = Promise.resolve(fn);\n        return fn;\n    }\n\n    win.__escrowCheckoutLoader[scriptUrl] = new Promise<EscrowWidget>((resolve, reject) => {\n        const script = document.createElement('script');\n        script.src = scriptUrl;\n        script.async = true;\n        if (crossOrigin) script.crossOrigin = crossOrigin;\n\n        script.onload = () => {\n            const fn = win[globalName];\n            if (typeof fn === 'function') resolve(fn as EscrowWidget);\n            else {\n                reject(\n                    new EscrowCheckoutError(\n                        `Escrow checkout script loaded, but window.${globalName} is not a function.`,\n                        'WIDGET_LOAD'\n                    )\n                );\n            }\n        };\n\n        script.onerror = () =>\n            reject(new EscrowCheckoutError(`Failed to load escrow checkout script: ${scriptUrl}`, 'WIDGET_LOAD'));\n\n        document.head.appendChild(script);\n    });\n\n    return win.__escrowCheckoutLoader[scriptUrl];\n}\n\n/**\n * Internal: create a checkout session by calling your API.\n * This is intentionally inside the lib (user doesn't implement it).\n */\nasync function createSession(input: PayInput): Promise<SessionResponse> {\n    assertConfigured(CONFIG);\n    const { publicKey } = CONFIG;\n    const apiBaseUrl = publicKey.startsWith('pk_live_') ? 'https://live.payluk.ng' : 'https://staging.live.payluk.ng';\n    let resp: Response;\n\n    try {\n        resp = await fetch(`${apiBaseUrl}/v1/checkout/session`, {\n            method: 'POST',\n            headers: { 'Content-Type': 'application/json' },\n            body: JSON.stringify({\n                paymentToken: input.paymentToken,\n                redirectUrl: input.redirectUrl,\n                reference: input.reference,\n                customerId: input.customerId,\n                publicKey\n            })\n        });\n    } catch (error) {\n        const normalized = normalizeError(error);\n        throw new EscrowCheckoutError('Network error while creating checkout session.', 'NETWORK', {\n            details: normalized.message\n        });\n    }\n\n    if (!resp.ok) {\n        const { message, details } = await parseErrorBody(resp);\n        throw new EscrowCheckoutError(message || `Failed to create session (HTTP ${resp.status}).`, 'SESSION_CREATE', {\n            status: resp.status,\n            details\n        });\n    }\n\n    const data = await parseJsonResponse(resp);\n    if (!isSessionResponse(data)) {\n        throw new EscrowCheckoutError('Session response missing \"session\".', 'SESSION_RESPONSE', {\n            status: resp.status,\n            details: data\n        });\n    }\n\n    return data as SessionResponse;\n}\n\n/**\n * Public API: create the session and open the widget.\n * Consumers only supply business inputs (no script URL, no API calls).\n */\nexport async function pay(input: PayInput): Promise<void> {\n    if (typeof window === 'undefined') {\n        throw new EscrowCheckoutError('pay(...) can only run in the browser.', 'BROWSER_ONLY');\n    }\n\n    assertConfigured(CONFIG);\n    if (!input || !isValidPaymentToken(input.paymentToken)) {\n        throw new EscrowCheckoutError(\n            'pay(...) requires \"paymentToken\" (must be a non-empty string or array of non-empty strings).',\n            'INVALID_INPUT'\n        );\n    }\n    if (!isNonEmptyString(input.reference)) {\n        throw new EscrowCheckoutError('pay(...) requires \"reference\".', 'INVALID_INPUT');\n    }\n    if (!isNonEmptyString(input.redirectUrl)) {\n        throw new EscrowCheckoutError('pay(...) requires \"redirectUrl\".', 'INVALID_INPUT');\n    }\n\n    const [{ session }, widget] = await Promise.all([createSession(input), loadWidget()]);\n\n    widget({\n        session,\n        logoUrl: input.logoUrl,\n        brand: input.brand,\n        callback: input.callback,\n        onClose: input.onClose,\n        customerId: input.customerId,\n        publicKey: CONFIG.publicKey,\n        ...(input.extra ?? {})\n    });\n}\n"]}

package/dist/index.cjs

@@ -1,13 +1,24 @@
 'use strict';
 
 // src/index.ts
+var EscrowCheckoutError = class extends Error {
+  constructor(message, code, options) {
+    super(message);
+    this.name = "EscrowCheckoutError";
+    this.code = code;
+    this.status = options?.status;
+    this.details = options?.details;
+  }
+};
 var DEFAULT_SCRIPT_URL = "https://checkout.payluk.ng/escrow-checkout.min.js";
 var DEFAULT_GLOBAL_NAME = "EscrowCheckout";
 var CONFIG = null;
 function initEscrowCheckout(config) {
-  if (!config?.publicKey) throw new Error('initEscrowCheckout: "publicKey" is required.');
+  if (!isNonEmptyString(config?.publicKey)) {
+    throw new EscrowCheckoutError('initEscrowCheckout(...) requires "publicKey".', "INVALID_INPUT");
+  }
   CONFIG = {
-    publicKey: config.publicKey,
+    publicKey: config.publicKey.trim(),
     scriptUrl: config.scriptUrlOverride || DEFAULT_SCRIPT_URL,
     globalName: config.globalName || DEFAULT_GLOBAL_NAME,
     crossOrigin: config.crossOrigin ?? "anonymous"
@@ -15,14 +26,58 @@ function initEscrowCheckout(config) {
 }
 function assertConfigured(config) {
   if (!config) {
-    throw new Error("Escrow checkout not initialized. Call initEscrowCheckout({ apiBaseUrl, publicKey }) first.");
+    throw new EscrowCheckoutError(
+      "Escrow checkout not initialized. Call initEscrowCheckout({ publicKey }) first.",
+      "NOT_INITIALIZED"
+    );
+  }
+}
+function normalizeError(error) {
+  if (error instanceof Error) return error;
+  if (typeof error === "string") return new Error(error);
+  return new Error("Unknown error");
+}
+function isNonEmptyString(value) {
+  return typeof value === "string" && value.trim().length > 0;
+}
+function isValidPaymentToken(value) {
+  if (isNonEmptyString(value)) {
+    return true;
+  }
+  if (Array.isArray(value)) {
+    return value.length > 0 && value.every((token) => isNonEmptyString(token));
+  }
+  return false;
+}
+function isSessionResponse(value) {
+  if (!value || typeof value !== "object") return false;
+  return "session" in value;
+}
+async function parseErrorBody(resp) {
+  const text = await resp.text();
+  if (!text) return {};
+  try {
+    const json = JSON.parse(text);
+    const message = typeof json?.message === "string" ? json.message : void 0;
+    return { message, details: json };
+  } catch {
+    return { message: text, details: text };
+  }
+}
+async function parseJsonResponse(resp) {
+  try {
+    return await resp.json();
+  } catch {
+    throw new EscrowCheckoutError("Invalid JSON response from session endpoint.", "SESSION_RESPONSE", {
+      status: resp.status
+    });
   }
 }
 async function loadWidget() {
   assertConfigured(CONFIG);
   const { scriptUrl, globalName, crossOrigin } = CONFIG;
   if (typeof window === "undefined") {
-    throw new Error("EscrowCheckout can only be loaded in the browser.");
+    throw new EscrowCheckoutError("EscrowCheckout can only be loaded in the browser.", "BROWSER_ONLY");
   }
   const win = window;
   win.__escrowCheckoutLoader ?? (win.__escrowCheckoutLoader = {});
@@ -42,9 +97,16 @@ async function loadWidget() {
     script.onload = () => {
       const fn = win[globalName];
       if (typeof fn === "function") resolve(fn);
-      else reject(new Error(`Escrow checkout script loaded, but window.${globalName} is not a function.`));
+      else {
+        reject(
+          new EscrowCheckoutError(
+            `Escrow checkout script loaded, but window.${globalName} is not a function.`,
+            "WIDGET_LOAD"
+          )
+        );
+      }
     };
-    script.onerror = () => reject(new Error(`Failed to load escrow checkout script: ${scriptUrl}`));
+    script.onerror = () => reject(new EscrowCheckoutError(`Failed to load escrow checkout script: ${scriptUrl}`, "WIDGET_LOAD"));
     document.head.appendChild(script);
   });
   return win.__escrowCheckoutLoader[scriptUrl];
@@ -53,26 +115,57 @@ async function createSession(input) {
   assertConfigured(CONFIG);
   const { publicKey } = CONFIG;
   const apiBaseUrl = publicKey.startsWith("pk_live_") ? "https://live.payluk.ng" : "https://staging.live.payluk.ng";
-  const resp = await fetch(`${apiBaseUrl}/v1/checkout/session`, {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({
-      paymentToken: input.paymentToken,
-      redirectUrl: input.redirectUrl,
-      reference: input.reference,
-      customerId: input.customerId,
-      publicKey
-    })
-  });
+  let resp;
+  try {
+    resp = await fetch(`${apiBaseUrl}/v1/checkout/session`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        paymentToken: input.paymentToken,
+        redirectUrl: input.redirectUrl,
+        reference: input.reference,
+        customerId: input.customerId,
+        publicKey
+      })
+    });
+  } catch (error) {
+    const normalized = normalizeError(error);
+    throw new EscrowCheckoutError("Network error while creating checkout session.", "NETWORK", {
+      details: normalized.message
+    });
+  }
   if (!resp.ok) {
-    const err = await resp.json().catch(() => ({}));
-    throw new Error(err.message || "Failed to create session");
+    const { message, details } = await parseErrorBody(resp);
+    throw new EscrowCheckoutError(message || `Failed to create session (HTTP ${resp.status}).`, "SESSION_CREATE", {
+      status: resp.status,
+      details
+    });
+  }
+  const data = await parseJsonResponse(resp);
+  if (!isSessionResponse(data)) {
+    throw new EscrowCheckoutError('Session response missing "session".', "SESSION_RESPONSE", {
+      status: resp.status,
+      details: data
+    });
   }
-  return await resp.json();
+  return data;
 }
 async function pay(input) {
   if (typeof window === "undefined") {
-    throw new Error("pay(...) can only run in the browser.");
+    throw new EscrowCheckoutError("pay(...) can only run in the browser.", "BROWSER_ONLY");
+  }
+  assertConfigured(CONFIG);
+  if (!input || !isValidPaymentToken(input.paymentToken)) {
+    throw new EscrowCheckoutError(
+      'pay(...) requires "paymentToken" (must be a non-empty string or array of non-empty strings).',
+      "INVALID_INPUT"
+    );
+  }
+  if (!isNonEmptyString(input.reference)) {
+    throw new EscrowCheckoutError('pay(...) requires "reference".', "INVALID_INPUT");
+  }
+  if (!isNonEmptyString(input.redirectUrl)) {
+    throw new EscrowCheckoutError('pay(...) requires "redirectUrl".', "INVALID_INPUT");
   }
   const [{ session }, widget] = await Promise.all([createSession(input), loadWidget()]);
   widget({
@@ -82,11 +175,12 @@ async function pay(input) {
     callback: input.callback,
     onClose: input.onClose,
     customerId: input.customerId,
-    publicKey: CONFIG?.publicKey,
+    publicKey: CONFIG.publicKey,
     ...input.extra ?? {}
   });
 }
 
+exports.EscrowCheckoutError = EscrowCheckoutError;
 exports.initEscrowCheckout = initEscrowCheckout;
 exports.pay = pay;
 //# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";;;AA+BA,IAAM,kBAAA,GAAqB,mDAAA;AAC3B,IAAM,mBAAA,GAAsB,gBAAA;AAQ5B,IAAI,MAAA,GAAgC,IAAA;AAM7B,SAAS,mBAAmB,MAAA,EAA0B;AACzD,EAAA,IAAI,CAAC,MAAA,EAAQ,SAAA,EAAW,MAAM,IAAI,MAAM,8CAA8C,CAAA;AACtF,EAAA,MAAA,GAAS;AAAA,IACL,WAAW,MAAA,CAAO,SAAA;AAAA,IAClB,SAAA,EAAW,OAAO,iBAAA,IAAqB,kBAAA;AAAA,IACvC,UAAA,EAAY,OAAO,UAAA,IAAc,mBAAA;AAAA,IACjC,WAAA,EAAa,OAAO,WAAA,IAAe;AAAA,GACvC;AACJ;AAKA,SAAS,iBAAiB,MAAA,EAAiE;AACvF,EAAA,IAAI,CAAC,MAAA,EAAQ;AACT,IAAA,MAAM,IAAI,MAAM,4FAA4F,CAAA;AAAA,EAChH;AACJ;AAKA,eAAe,UAAA,GAAoC;AAC/C,EAAA,gBAAA,CAAiB,MAAM,CAAA;AACvB,EAAA,MAAM,EAAE,SAAA,EAAW,UAAA,EAAY,WAAA,EAAY,GAAI,MAAA;AAE/C,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,MAAM,mDAAmD,CAAA;AAAA,EACvE;AAEA,EAAA,MAAM,GAAA,GAAM,MAAA;AACZ,EAAA,GAAA,CAAI,sBAAA,KAAJ,GAAA,CAAI,sBAAA,GAA2B,EAAC,CAAA;AAEhC,EAAA,IAAI,GAAA,CAAI,sBAAA,CAAuB,SAAS,CAAA,EAAG;AACvC,IAAA,OAAO,GAAA,CAAI,uBAAuB,SAAS,CAAA;AAAA,EAC/C;AAEA,EAAA,IAAI,OAAO,GAAA,CAAI,UAAU,CAAA,KAAM,UAAA,EAAY;AACvC,IAAA,MAAM,EAAA,GAAK,IAAI,UAAU,CAAA;AACzB,IAAA,GAAA,CAAI,sBAAA,CAAuB,SAAS,CAAA,GAAI,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAC1D,IAAA,OAAO,EAAA;AAAA,EACX;AAEA,EAAA,GAAA,CAAI,uBAAuB,SAAS,CAAA,GAAI,IAAI,OAAA,CAAsB,CAAC,SAAS,MAAA,KAAW;AACnF,IAAA,MAAM,MAAA,GAAS,QAAA,CAAS,aAAA,CAAc,QAAQ,CAAA;AAC9C,IAAA,MAAA,CAAO,GAAA,GAAM,SAAA;AACb,IAAA,MAAA,CAAO,KAAA,GAAQ,IAAA;AACf,IAAA,IAAI,WAAA,SAAoB,WAAA,GAAc,WAAA;AAEtC,IAAA,MAAA,CAAO,SAAS,MAAM;AAClB,MAAA,MAAM,EAAA,GAAK,IAAI,UAAU,CAAA;AACzB,MAAA,IAAI,OAAO,EAAA,KAAO,UAAA,EAAY,OAAA,CAAQ,EAAkB,CAAA;AAAA,kBAC5C,IAAI,KAAA,CAAM,CAAA,0CAAA,EAA6C,UAAU,qBAAqB,CAAC,CAAA;AAAA,IACvG,CAAA;AAEA,IAAA,MAAA,CAAO,OAAA,GAAU,MAAM,MAAA,CAAO,IAAI,MAAM,CAAA,uCAAA,EAA0C,SAAS,EAAE,CAAC,CAAA;AAE9F,IAAA,QAAA,CAAS,IAAA,CAAK,YAAY,MAAM,CAAA;AAAA,EACpC,CAAC,CAAA;AAED,EAAA,OAAO,GAAA,CAAI,uBAAuB,SAAS,CAAA;AAC/C;AAMA,eAAe,cAAc,KAAA,EAA2C;AACpE,EAAA,gBAAA,CAAiB,MAAM,CAAA;AACvB,EAAA,MAAM,EAAE,WAAU,GAAI,MAAA;AACtB,EAAA,MAAM,UAAA,GAAa,SAAA,CAAU,UAAA,CAAW,UAAU,IAAI,wBAAA,GAA2B,gCAAA;AAEjF,EAAA,MAAM,IAAA,GAAO,MAAM,KAAA,CAAM,CAAA,EAAG,UAAU,CAAA,oBAAA,CAAA,EAAwB;AAAA,IAC1D,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,IAC9C,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,MACjB,cAAc,KAAA,CAAM,YAAA;AAAA,MACpB,aAAa,KAAA,CAAM,WAAA;AAAA,MACnB,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,YAAY,KAAA,CAAM,UAAA;AAAA,MAClB;AAAA,KACH;AAAA,GACJ,CAAA;AAED,EAAA,IAAI,CAAC,KAAK,EAAA,EAAI;AACV,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAA,GAAO,KAAA,CAAM,OAAO,EAAC,CAAE,CAAA;AAC9C,IAAA,MAAM,IAAI,KAAA,CAAM,GAAA,CAAI,OAAA,IAAW,0BAA0B,CAAA;AAAA,EAC7D;AAEA,EAAA,OAAQ,MAAM,KAAK,IAAA,EAAK;AAC5B;AAMA,eAAsB,IAAI,KAAA,EAAgC;AACtD,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAAA,EAC3D;AAEA,EAAA,MAAM,CAAC,EAAE,OAAA,EAAQ,EAAG,MAAM,CAAA,GAAI,MAAM,OAAA,CAAQ,GAAA,CAAI,CAAC,aAAA,CAAc,KAAK,CAAA,EAAG,UAAA,EAAY,CAAC,CAAA;AAEpF,EAAA,MAAA,CAAO;AAAA,IACH,OAAA;AAAA,IACA,SAAS,KAAA,CAAM,OAAA;AAAA,IACf,OAAO,KAAA,CAAM,KAAA;AAAA,IACb,UAAU,KAAA,CAAM,QAAA;AAAA,IAChB,SAAS,KAAA,CAAM,OAAA;AAAA,IACf,YAAY,KAAA,CAAM,UAAA;AAAA,IAClB,WAAW,MAAA,EAAQ,SAAA;AAAA,IACnB,GAAI,KAAA,CAAM,KAAA,IAAS;AAAC,GACvB,CAAA;AACL","file":"index.cjs","sourcesContent":["export type EscrowWidget = (options: Record<string, unknown>) => void;\r\n\r\nexport interface InitConfig {\r\n    publicKey: string; // publishable key only\r\n    /**\r\n     * Optional overrides for experts. End users don't need to set these.\r\n     */\r\n    scriptUrlOverride?: string;\r\n    globalName?: string; // default 'EscrowCheckout'\r\n    crossOrigin?: '' | 'anonymous' | 'use-credentials';\r\n}\r\n\r\nexport interface PayInput {\r\n    paymentToken: string;\r\n    reference: string;\r\n    redirectUrl: string;\r\n    logoUrl?: string;\r\n    brand?: string;\r\n    customerId?: string;\r\n    /**\r\n     * Extra fields supported by the widget.\r\n     */\r\n    extra?: Record<string, unknown>;\r\n    callback?: (result: any) => void;\r\n    onClose?: () => void;\r\n}\r\n\r\nexport interface SessionResponse {\r\n    session: unknown;\r\n}\r\n\r\nconst DEFAULT_SCRIPT_URL = 'https://checkout.payluk.ng/escrow-checkout.min.js';\r\nconst DEFAULT_GLOBAL_NAME = 'EscrowCheckout';\r\n\r\ntype ResolvedConfig = Required<Pick<InitConfig, 'publicKey'>> & {\r\n    scriptUrl: string;\r\n    globalName: string;\r\n    crossOrigin: '' | 'anonymous' | 'use-credentials';\r\n};\r\n\r\nlet CONFIG: ResolvedConfig | null = null;\r\n\r\n/**\r\n * Initialize the library once (e.g., in app bootstrap).\r\n * Hides script URL and session creation from consumers.\r\n */\r\nexport function initEscrowCheckout(config: InitConfig): void {\r\n    if (!config?.publicKey) throw new Error('initEscrowCheckout: \"publicKey\" is required.');\r\n    CONFIG = {\r\n        publicKey: config.publicKey,\r\n        scriptUrl: config.scriptUrlOverride || DEFAULT_SCRIPT_URL,\r\n        globalName: config.globalName || DEFAULT_GLOBAL_NAME,\r\n        crossOrigin: config.crossOrigin ?? 'anonymous'\r\n    };\r\n}\r\n\r\n/**\r\n * Narrow a provided config to ResolvedConfig or throw if not initialized.\r\n */\r\nfunction assertConfigured(config: ResolvedConfig | null): asserts config is ResolvedConfig {\r\n    if (!config) {\r\n        throw new Error('Escrow checkout not initialized. Call initEscrowCheckout({ apiBaseUrl, publicKey }) first.');\r\n    }\r\n}\r\n\r\n/**\r\n * Internal: load the widget script once and return the global function.\r\n */\r\nasync function loadWidget(): Promise<EscrowWidget> {\r\n    assertConfigured(CONFIG);\r\n    const { scriptUrl, globalName, crossOrigin } = CONFIG;\r\n\r\n    if (typeof window === 'undefined') {\r\n        throw new Error('EscrowCheckout can only be loaded in the browser.');\r\n    }\r\n\r\n    const win = window as any;\r\n    win.__escrowCheckoutLoader ??= {};\r\n\r\n    if (win.__escrowCheckoutLoader[scriptUrl]) {\r\n        return win.__escrowCheckoutLoader[scriptUrl];\r\n    }\r\n\r\n    if (typeof win[globalName] === 'function') {\r\n        const fn = win[globalName] as EscrowWidget;\r\n        win.__escrowCheckoutLoader[scriptUrl] = Promise.resolve(fn);\r\n        return fn;\r\n    }\r\n\r\n    win.__escrowCheckoutLoader[scriptUrl] = new Promise<EscrowWidget>((resolve, reject) => {\r\n        const script = document.createElement('script');\r\n        script.src = scriptUrl;\r\n        script.async = true;\r\n        if (crossOrigin) script.crossOrigin = crossOrigin;\r\n\r\n        script.onload = () => {\r\n            const fn = win[globalName];\r\n            if (typeof fn === 'function') resolve(fn as EscrowWidget);\r\n            else reject(new Error(`Escrow checkout script loaded, but window.${globalName} is not a function.`));\r\n        };\r\n\r\n        script.onerror = () => reject(new Error(`Failed to load escrow checkout script: ${scriptUrl}`));\r\n\r\n        document.head.appendChild(script);\r\n    });\r\n\r\n    return win.__escrowCheckoutLoader[scriptUrl];\r\n}\r\n\r\n/**\r\n * Internal: create a checkout session by calling your API.\r\n * This is intentionally inside the lib (user doesn't implement it).\r\n */\r\nasync function createSession(input: PayInput): Promise<SessionResponse> {\r\n    assertConfigured(CONFIG);\r\n    const { publicKey } = CONFIG;\r\n    const apiBaseUrl = publicKey.startsWith(\"pk_live_\") ? 'https://live.payluk.ng' : 'https://staging.live.payluk.ng';\r\n\r\n    const resp = await fetch(`${apiBaseUrl}/v1/checkout/session`, {\r\n        method: 'POST',\r\n        headers: { 'Content-Type': 'application/json' },\r\n        body: JSON.stringify({\r\n            paymentToken: input.paymentToken,\r\n            redirectUrl: input.redirectUrl,\r\n            reference: input.reference,\r\n            customerId: input.customerId,\r\n            publicKey\r\n        })\r\n    });\r\n\r\n    if (!resp.ok) {\r\n        const err = await resp.json().catch(() => ({}));\r\n        throw new Error(err.message || 'Failed to create session');\r\n    }\r\n\r\n    return (await resp.json()) as SessionResponse;\r\n}\r\n\r\n/**\r\n * Public API: create the session and open the widget.\r\n * Consumers only supply business inputs (no script URL, no API calls).\r\n */\r\nexport async function pay(input: PayInput): Promise<void> {\r\n    if (typeof window === 'undefined') {\r\n        throw new Error('pay(...) can only run in the browser.');\r\n    }\r\n\r\n    const [{ session }, widget] = await Promise.all([createSession(input), loadWidget()]);\r\n\r\n    widget({\r\n        session,\r\n        logoUrl: input.logoUrl,\r\n        brand: input.brand,\r\n        callback: input.callback,\r\n        onClose: input.onClose,\r\n        customerId: input.customerId,\r\n        publicKey: CONFIG?.publicKey,\r\n        ...(input.extra ?? {})\r\n    });\r\n}"]}
+{"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";;;AAWO,IAAM,mBAAA,GAAN,cAAkC,KAAA,CAAM;AAAA,EAK3C,WAAA,CAAY,OAAA,EAAiB,IAAA,EAA+B,OAAA,EAAkD;AAC1G,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,qBAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACvB,IAAA,IAAA,CAAK,UAAU,OAAA,EAAS,OAAA;AAAA,EAC5B;AACJ;AAmCA,IAAM,kBAAA,GAAqB,mDAAA;AAC3B,IAAM,mBAAA,GAAsB,gBAAA;AAQ5B,IAAI,MAAA,GAAgC,IAAA;AAM7B,SAAS,mBAAmB,MAAA,EAA0B;AACzD,EAAA,IAAI,CAAC,gBAAA,CAAiB,MAAA,EAAQ,SAAS,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,mBAAA,CAAoB,+CAAA,EAAiD,eAAe,CAAA;AAAA,EAClG;AACA,EAAA,MAAA,GAAS;AAAA,IACL,SAAA,EAAW,MAAA,CAAO,SAAA,CAAU,IAAA,EAAK;AAAA,IACjC,SAAA,EAAW,OAAO,iBAAA,IAAqB,kBAAA;AAAA,IACvC,UAAA,EAAY,OAAO,UAAA,IAAc,mBAAA;AAAA,IACjC,WAAA,EAAa,OAAO,WAAA,IAAe;AAAA,GACvC;AACJ;AAKA,SAAS,iBAAiB,MAAA,EAAiE;AACvF,EAAA,IAAI,CAAC,MAAA,EAAQ;AACT,IAAA,MAAM,IAAI,mBAAA;AAAA,MACN,gFAAA;AAAA,MACA;AAAA,KACJ;AAAA,EACJ;AACJ;AAEA,SAAS,eAAe,KAAA,EAAuB;AAC3C,EAAA,IAAI,KAAA,YAAiB,OAAO,OAAO,KAAA;AACnC,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,IAAI,MAAM,KAAK,CAAA;AACrD,EAAA,OAAO,IAAI,MAAM,eAAe,CAAA;AACpC;AAEA,SAAS,iBAAiB,KAAA,EAAiC;AACvD,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,IAAA,GAAO,MAAA,GAAS,CAAA;AAC9D;AAEA,SAAS,oBAAoB,KAAA,EAA4C;AAErE,EAAA,IAAI,gBAAA,CAAiB,KAAK,CAAA,EAAG;AACzB,IAAA,OAAO,IAAA;AAAA,EACX;AAGA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACtB,IAAA,OAAO,KAAA,CAAM,SAAS,CAAA,IAAK,KAAA,CAAM,MAAM,CAAC,KAAA,KAAU,gBAAA,CAAiB,KAAK,CAAC,CAAA;AAAA,EAC7E;AAEA,EAAA,OAAO,KAAA;AACX;AAEA,SAAS,kBAAkB,KAAA,EAA0C;AACjE,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,UAAU,OAAO,KAAA;AAChD,EAAA,OAAO,SAAA,IAAa,KAAA;AACxB;AAEA,eAAe,eAAe,IAAA,EAAkE;AAC5F,EAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,EAAK;AAC7B,EAAA,IAAI,CAAC,IAAA,EAAM,OAAO,EAAC;AAEnB,EAAA,IAAI;AACA,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,KAAA,CAAM,IAAI,CAAA;AAC5B,IAAA,MAAM,UAAU,OAAO,IAAA,EAAM,OAAA,KAAY,QAAA,GAAW,KAAK,OAAA,GAAU,KAAA,CAAA;AACnE,IAAA,OAAO,EAAE,OAAA,EAAS,OAAA,EAAS,IAAA,EAAK;AAAA,EACpC,CAAA,CAAA,MAAQ;AACJ,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,IAAA,EAAK;AAAA,EAC1C;AACJ;AAEA,eAAe,kBAAkB,IAAA,EAAkC;AAC/D,EAAA,IAAI;AACA,IAAA,OAAO,MAAM,KAAK,IAAA,EAAK;AAAA,EAC3B,CAAA,CAAA,MAAQ;AACJ,IAAA,MAAM,IAAI,mBAAA,CAAoB,8CAAA,EAAgD,kBAAA,EAAoB;AAAA,MAC9F,QAAQ,IAAA,CAAK;AAAA,KAChB,CAAA;AAAA,EACL;AACJ;AAKA,eAAe,UAAA,GAAoC;AAC/C,EAAA,gBAAA,CAAiB,MAAM,CAAA;AACvB,EAAA,MAAM,EAAE,SAAA,EAAW,UAAA,EAAY,WAAA,EAAY,GAAI,MAAA;AAE/C,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,mBAAA,CAAoB,mDAAA,EAAqD,cAAc,CAAA;AAAA,EACrG;AAEA,EAAA,MAAM,GAAA,GAAM,MAAA;AACZ,EAAA,GAAA,CAAI,sBAAA,KAAJ,GAAA,CAAI,sBAAA,GAA2B,EAAC,CAAA;AAEhC,EAAA,IAAI,GAAA,CAAI,sBAAA,CAAuB,SAAS,CAAA,EAAG;AACvC,IAAA,OAAO,GAAA,CAAI,uBAAuB,SAAS,CAAA;AAAA,EAC/C;AAEA,EAAA,IAAI,OAAO,GAAA,CAAI,UAAU,CAAA,KAAM,UAAA,EAAY;AACvC,IAAA,MAAM,EAAA,GAAK,IAAI,UAAU,CAAA;AACzB,IAAA,GAAA,CAAI,sBAAA,CAAuB,SAAS,CAAA,GAAI,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAC1D,IAAA,OAAO,EAAA;AAAA,EACX;AAEA,EAAA,GAAA,CAAI,uBAAuB,SAAS,CAAA,GAAI,IAAI,OAAA,CAAsB,CAAC,SAAS,MAAA,KAAW;AACnF,IAAA,MAAM,MAAA,GAAS,QAAA,CAAS,aAAA,CAAc,QAAQ,CAAA;AAC9C,IAAA,MAAA,CAAO,GAAA,GAAM,SAAA;AACb,IAAA,MAAA,CAAO,KAAA,GAAQ,IAAA;AACf,IAAA,IAAI,WAAA,SAAoB,WAAA,GAAc,WAAA;AAEtC,IAAA,MAAA,CAAO,SAAS,MAAM;AAClB,MAAA,MAAM,EAAA,GAAK,IAAI,UAAU,CAAA;AACzB,MAAA,IAAI,OAAO,EAAA,KAAO,UAAA,EAAY,OAAA,CAAQ,EAAkB,CAAA;AAAA,WACnD;AACD,QAAA,MAAA;AAAA,UACI,IAAI,mBAAA;AAAA,YACA,6CAA6C,UAAU,CAAA,mBAAA,CAAA;AAAA,YACvD;AAAA;AACJ,SACJ;AAAA,MACJ;AAAA,IACJ,CAAA;AAEA,IAAA,MAAA,CAAO,OAAA,GAAU,MACb,MAAA,CAAO,IAAI,oBAAoB,CAAA,uCAAA,EAA0C,SAAS,CAAA,CAAA,EAAI,aAAa,CAAC,CAAA;AAExG,IAAA,QAAA,CAAS,IAAA,CAAK,YAAY,MAAM,CAAA;AAAA,EACpC,CAAC,CAAA;AAED,EAAA,OAAO,GAAA,CAAI,uBAAuB,SAAS,CAAA;AAC/C;AAMA,eAAe,cAAc,KAAA,EAA2C;AACpE,EAAA,gBAAA,CAAiB,MAAM,CAAA;AACvB,EAAA,MAAM,EAAE,WAAU,GAAI,MAAA;AACtB,EAAA,MAAM,UAAA,GAAa,SAAA,CAAU,UAAA,CAAW,UAAU,IAAI,wBAAA,GAA2B,gCAAA;AACjF,EAAA,IAAI,IAAA;AAEJ,EAAA,IAAI;AACA,IAAA,IAAA,GAAO,MAAM,KAAA,CAAM,CAAA,EAAG,UAAU,CAAA,oBAAA,CAAA,EAAwB;AAAA,MACpD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,MAC9C,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,QACjB,cAAc,KAAA,CAAM,YAAA;AAAA,QACpB,aAAa,KAAA,CAAM,WAAA;AAAA,QACnB,WAAW,KAAA,CAAM,SAAA;AAAA,QACjB,YAAY,KAAA,CAAM,UAAA;AAAA,QAClB;AAAA,OACH;AAAA,KACJ,CAAA;AAAA,EACL,SAAS,KAAA,EAAO;AACZ,IAAA,MAAM,UAAA,GAAa,eAAe,KAAK,CAAA;AACvC,IAAA,MAAM,IAAI,mBAAA,CAAoB,gDAAA,EAAkD,SAAA,EAAW;AAAA,MACvF,SAAS,UAAA,CAAW;AAAA,KACvB,CAAA;AAAA,EACL;AAEA,EAAA,IAAI,CAAC,KAAK,EAAA,EAAI;AACV,IAAA,MAAM,EAAE,OAAA,EAAS,OAAA,EAAQ,GAAI,MAAM,eAAe,IAAI,CAAA;AACtD,IAAA,MAAM,IAAI,mBAAA,CAAoB,OAAA,IAAW,kCAAkC,IAAA,CAAK,MAAM,MAAM,gBAAA,EAAkB;AAAA,MAC1G,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb;AAAA,KACH,CAAA;AAAA,EACL;AAEA,EAAA,MAAM,IAAA,GAAO,MAAM,iBAAA,CAAkB,IAAI,CAAA;AACzC,EAAA,IAAI,CAAC,iBAAA,CAAkB,IAAI,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,mBAAA,CAAoB,qCAAA,EAAuC,kBAAA,EAAoB;AAAA,MACrF,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,OAAA,EAAS;AAAA,KACZ,CAAA;AAAA,EACL;AAEA,EAAA,OAAO,IAAA;AACX;AAMA,eAAsB,IAAI,KAAA,EAAgC;AACtD,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,mBAAA,CAAoB,uCAAA,EAAyC,cAAc,CAAA;AAAA,EACzF;AAEA,EAAA,gBAAA,CAAiB,MAAM,CAAA;AACvB,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,mBAAA,CAAoB,KAAA,CAAM,YAAY,CAAA,EAAG;AACpD,IAAA,MAAM,IAAI,mBAAA;AAAA,MACN,8FAAA;AAAA,MACA;AAAA,KACJ;AAAA,EACJ;AACA,EAAA,IAAI,CAAC,gBAAA,CAAiB,KAAA,CAAM,SAAS,CAAA,EAAG;AACpC,IAAA,MAAM,IAAI,mBAAA,CAAoB,gCAAA,EAAkC,eAAe,CAAA;AAAA,EACnF;AACA,EAAA,IAAI,CAAC,gBAAA,CAAiB,KAAA,CAAM,WAAW,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,mBAAA,CAAoB,kCAAA,EAAoC,eAAe,CAAA;AAAA,EACrF;AAEA,EAAA,MAAM,CAAC,EAAE,OAAA,EAAQ,EAAG,MAAM,CAAA,GAAI,MAAM,OAAA,CAAQ,GAAA,CAAI,CAAC,aAAA,CAAc,KAAK,CAAA,EAAG,UAAA,EAAY,CAAC,CAAA;AAEpF,EAAA,MAAA,CAAO;AAAA,IACH,OAAA;AAAA,IACA,SAAS,KAAA,CAAM,OAAA;AAAA,IACf,OAAO,KAAA,CAAM,KAAA;AAAA,IACb,UAAU,KAAA,CAAM,QAAA;AAAA,IAChB,SAAS,KAAA,CAAM,OAAA;AAAA,IACf,YAAY,KAAA,CAAM,UAAA;AAAA,IAClB,WAAW,MAAA,CAAO,SAAA;AAAA,IAClB,GAAI,KAAA,CAAM,KAAA,IAAS;AAAC,GACvB,CAAA;AACL","file":"index.cjs","sourcesContent":["export type EscrowWidget = (options: Record<string, unknown>) => void;\n\nexport type EscrowCheckoutErrorCode =\n    | 'NOT_INITIALIZED'\n    | 'BROWSER_ONLY'\n    | 'INVALID_INPUT'\n    | 'WIDGET_LOAD'\n    | 'NETWORK'\n    | 'SESSION_CREATE'\n    | 'SESSION_RESPONSE';\n\nexport class EscrowCheckoutError extends Error {\n    code: EscrowCheckoutErrorCode;\n    status?: number;\n    details?: unknown;\n\n    constructor(message: string, code: EscrowCheckoutErrorCode, options?: { status?: number; details?: unknown }) {\n        super(message);\n        this.name = 'EscrowCheckoutError';\n        this.code = code;\n        this.status = options?.status;\n        this.details = options?.details;\n    }\n}\n\nexport interface InitConfig {\n    publicKey: string; // publishable key only\n    /**\n     * Optional overrides for experts. End users don't need to set these.\n     */\n    scriptUrlOverride?: string;\n    globalName?: string; // default 'EscrowCheckout'\n    crossOrigin?: '' | 'anonymous' | 'use-credentials';\n}\n\nexport interface PayInput {\n    /**\n     * Single escrow payment token or array of payment tokens for multi-escrow checkout.\n     * When providing multiple tokens, they must all belong to the same merchant.\n     */\n    paymentToken: string | string[];\n    reference: string;\n    redirectUrl: string;\n    logoUrl?: string;\n    brand?: string;\n    customerId?: string;\n    /**\n     * Extra fields supported by the widget.\n     */\n    extra?: Record<string, unknown>;\n    callback?: (result: any) => void;\n    onClose?: () => void;\n}\n\nexport interface SessionResponse {\n    session: unknown;\n}\n\nconst DEFAULT_SCRIPT_URL = 'https://checkout.payluk.ng/escrow-checkout.min.js';\nconst DEFAULT_GLOBAL_NAME = 'EscrowCheckout';\n\ntype ResolvedConfig = Required<Pick<InitConfig, 'publicKey'>> & {\n    scriptUrl: string;\n    globalName: string;\n    crossOrigin: '' | 'anonymous' | 'use-credentials';\n};\n\nlet CONFIG: ResolvedConfig | null = null;\n\n/**\n * Initialize the library once (e.g., in app bootstrap).\n * Hides script URL and session creation from consumers.\n */\nexport function initEscrowCheckout(config: InitConfig): void {\n    if (!isNonEmptyString(config?.publicKey)) {\n        throw new EscrowCheckoutError('initEscrowCheckout(...) requires \"publicKey\".', 'INVALID_INPUT');\n    }\n    CONFIG = {\n        publicKey: config.publicKey.trim(),\n        scriptUrl: config.scriptUrlOverride || DEFAULT_SCRIPT_URL,\n        globalName: config.globalName || DEFAULT_GLOBAL_NAME,\n        crossOrigin: config.crossOrigin ?? 'anonymous'\n    };\n}\n\n/**\n * Narrow a provided config to ResolvedConfig or throw if not initialized.\n */\nfunction assertConfigured(config: ResolvedConfig | null): asserts config is ResolvedConfig {\n    if (!config) {\n        throw new EscrowCheckoutError(\n            'Escrow checkout not initialized. Call initEscrowCheckout({ publicKey }) first.',\n            'NOT_INITIALIZED'\n        );\n    }\n}\n\nfunction normalizeError(error: unknown): Error {\n    if (error instanceof Error) return error;\n    if (typeof error === 'string') return new Error(error);\n    return new Error('Unknown error');\n}\n\nfunction isNonEmptyString(value: unknown): value is string {\n    return typeof value === 'string' && value.trim().length > 0;\n}\n\nfunction isValidPaymentToken(value: unknown): value is string | string[] {\n    // Check if it's a valid string\n    if (isNonEmptyString(value)) {\n        return true;\n    }\n\n    // Check if it's a valid array of strings\n    if (Array.isArray(value)) {\n        return value.length > 0 && value.every((token) => isNonEmptyString(token));\n    }\n\n    return false;\n}\n\nfunction isSessionResponse(value: unknown): value is SessionResponse {\n    if (!value || typeof value !== 'object') return false;\n    return 'session' in value;\n}\n\nasync function parseErrorBody(resp: Response): Promise<{ message?: string; details?: unknown }> {\n    const text = await resp.text();\n    if (!text) return {};\n\n    try {\n        const json = JSON.parse(text) as { message?: unknown };\n        const message = typeof json?.message === 'string' ? json.message : undefined;\n        return { message, details: json };\n    } catch {\n        return { message: text, details: text };\n    }\n}\n\nasync function parseJsonResponse(resp: Response): Promise<unknown> {\n    try {\n        return await resp.json();\n    } catch {\n        throw new EscrowCheckoutError('Invalid JSON response from session endpoint.', 'SESSION_RESPONSE', {\n            status: resp.status\n        });\n    }\n}\n\n/**\n * Internal: load the widget script once and return the global function.\n */\nasync function loadWidget(): Promise<EscrowWidget> {\n    assertConfigured(CONFIG);\n    const { scriptUrl, globalName, crossOrigin } = CONFIG;\n\n    if (typeof window === 'undefined') {\n        throw new EscrowCheckoutError('EscrowCheckout can only be loaded in the browser.', 'BROWSER_ONLY');\n    }\n\n    const win = window as any;\n    win.__escrowCheckoutLoader ??= {};\n\n    if (win.__escrowCheckoutLoader[scriptUrl]) {\n        return win.__escrowCheckoutLoader[scriptUrl];\n    }\n\n    if (typeof win[globalName] === 'function') {\n        const fn = win[globalName] as EscrowWidget;\n        win.__escrowCheckoutLoader[scriptUrl] = Promise.resolve(fn);\n        return fn;\n    }\n\n    win.__escrowCheckoutLoader[scriptUrl] = new Promise<EscrowWidget>((resolve, reject) => {\n        const script = document.createElement('script');\n        script.src = scriptUrl;\n        script.async = true;\n        if (crossOrigin) script.crossOrigin = crossOrigin;\n\n        script.onload = () => {\n            const fn = win[globalName];\n            if (typeof fn === 'function') resolve(fn as EscrowWidget);\n            else {\n                reject(\n                    new EscrowCheckoutError(\n                        `Escrow checkout script loaded, but window.${globalName} is not a function.`,\n                        'WIDGET_LOAD'\n                    )\n                );\n            }\n        };\n\n        script.onerror = () =>\n            reject(new EscrowCheckoutError(`Failed to load escrow checkout script: ${scriptUrl}`, 'WIDGET_LOAD'));\n\n        document.head.appendChild(script);\n    });\n\n    return win.__escrowCheckoutLoader[scriptUrl];\n}\n\n/**\n * Internal: create a checkout session by calling your API.\n * This is intentionally inside the lib (user doesn't implement it).\n */\nasync function createSession(input: PayInput): Promise<SessionResponse> {\n    assertConfigured(CONFIG);\n    const { publicKey } = CONFIG;\n    const apiBaseUrl = publicKey.startsWith('pk_live_') ? 'https://live.payluk.ng' : 'https://staging.live.payluk.ng';\n    let resp: Response;\n\n    try {\n        resp = await fetch(`${apiBaseUrl}/v1/checkout/session`, {\n            method: 'POST',\n            headers: { 'Content-Type': 'application/json' },\n            body: JSON.stringify({\n                paymentToken: input.paymentToken,\n                redirectUrl: input.redirectUrl,\n                reference: input.reference,\n                customerId: input.customerId,\n                publicKey\n            })\n        });\n    } catch (error) {\n        const normalized = normalizeError(error);\n        throw new EscrowCheckoutError('Network error while creating checkout session.', 'NETWORK', {\n            details: normalized.message\n        });\n    }\n\n    if (!resp.ok) {\n        const { message, details } = await parseErrorBody(resp);\n        throw new EscrowCheckoutError(message || `Failed to create session (HTTP ${resp.status}).`, 'SESSION_CREATE', {\n            status: resp.status,\n            details\n        });\n    }\n\n    const data = await parseJsonResponse(resp);\n    if (!isSessionResponse(data)) {\n        throw new EscrowCheckoutError('Session response missing \"session\".', 'SESSION_RESPONSE', {\n            status: resp.status,\n            details: data\n        });\n    }\n\n    return data as SessionResponse;\n}\n\n/**\n * Public API: create the session and open the widget.\n * Consumers only supply business inputs (no script URL, no API calls).\n */\nexport async function pay(input: PayInput): Promise<void> {\n    if (typeof window === 'undefined') {\n        throw new EscrowCheckoutError('pay(...) can only run in the browser.', 'BROWSER_ONLY');\n    }\n\n    assertConfigured(CONFIG);\n    if (!input || !isValidPaymentToken(input.paymentToken)) {\n        throw new EscrowCheckoutError(\n            'pay(...) requires \"paymentToken\" (must be a non-empty string or array of non-empty strings).',\n            'INVALID_INPUT'\n        );\n    }\n    if (!isNonEmptyString(input.reference)) {\n        throw new EscrowCheckoutError('pay(...) requires \"reference\".', 'INVALID_INPUT');\n    }\n    if (!isNonEmptyString(input.redirectUrl)) {\n        throw new EscrowCheckoutError('pay(...) requires \"redirectUrl\".', 'INVALID_INPUT');\n    }\n\n    const [{ session }, widget] = await Promise.all([createSession(input), loadWidget()]);\n\n    widget({\n        session,\n        logoUrl: input.logoUrl,\n        brand: input.brand,\n        callback: input.callback,\n        onClose: input.onClose,\n        customerId: input.customerId,\n        publicKey: CONFIG.publicKey,\n        ...(input.extra ?? {})\n    });\n}\n"]}