vesant-sdk 1.1.1 → 1.2.0

package/dist/{client-BfeDYmrZ.d.mts → client-BIfLMfuC.d.mts}

@@ -73,6 +73,10 @@ type CipherTextReason = 'registration' | 'login' | 'transaction' | 'interval_che
 interface CipherTextOptions {
     /** Reason for collection (required) */
     reason: CipherTextReason;
+    /** Public signing key (pk_) for HMAC signing (produces v02 signed cipherText) */
+    signingKey?: string;
+    /** @deprecated Use signingKey instead. API key for HMAC signing (backward compat) */
+    apiKey?: string;
     /** Request GPS location (default: false) */
     requestLocation?: boolean;
     /** GPS timeout in milliseconds (default: 10000) */
@@ -449,6 +453,8 @@ interface GeolocationConfigResponse {
         registration: boolean;
         transaction: boolean;
     };
+    /** Public signing key (pk_) for client-side HMAC signing */
+    signing_key?: string;
 }
 interface GeolocationClientConfig {
     /** Base URL of the API Gateway (e.g., "https://api.example.com") */
@@ -736,6 +742,7 @@ interface UseLocationCaptureResult {
  * transient failures gracefully.
  */
 declare class GeolocationClient extends BaseClient {
+    private cachedSigningKey?;
     constructor(config: GeolocationClientConfig);
     /**
      * Verify an IP address and check compliance
@@ -964,6 +971,23 @@ declare class GeolocationClient extends BaseClient {
      * ```
      */
     captureLocation(token: string, capture: LocationCaptureRequest, requestOptions?: RequestOptions): Promise<LocationCaptureResponse>;
+    /**
+     * Generate a signed cipherText containing device and location data.
+     *
+     * Automatically passes the client's API key for HMAC signing (v02 format).
+     * If no API key is configured, falls back to unsigned v01 format.
+     *
+     * @param options - Options for cipherText generation
+     * @param gpsConfig - Optional GPS config (from getGPSConfig)
+     * @returns CipherText result with the signed string
+     *
+     * @example
+     * ```typescript
+     * const result = await client.generateCipherText({ reason: 'login' });
+     * console.log(result.cipherText); // v02 signed cipherText
+     * ```
+     */
+    generateCipherText(options: Omit<CipherTextOptions, 'apiKey' | 'signingKey'>, gpsConfig?: GeolocationConfigResponse): Promise<CipherTextResult>;
 }
 
 export { type UseLocationRequestsOptions as $, type AlertStatus as A, type APIError as B, type CipherTextPayload as C, type DeviceFingerprintRequest as D, type GeolocationConfigResponse as E, type GeolocationClientConfig as F, GeolocationClient as G, type UseGeolocationOptions as H, type UseGeolocationResult as I, type JurisdictionConfig as J, type UseAlertsOptions as K, type LocationVerification as L, type UseAlertsResult as M, type LocationRequestStatus as N, type LocationRequestChannel as O, type LocationRequest as P, type CreateLocationRequestRequest as Q, type LocationRequestResult as R, type LocationRequestFilters as S, type LocationRequestListResponse as T, type UpdateJurisdictionRequest as U, type ValidateCipherTextRequest as V, type ResendLocationRequestRequest as W, type WiFiNetwork as X, type LocationCaptureRequest as Y, type LocationShareInfo as Z, type LocationCaptureResponse as _, type CipherTextReason as a, type UseLocationRequestsResult as a0, type UseLocationCaptureOptions as a1, type UseLocationCaptureResult as a2, type CipherTextOptions as b, type CipherTextResult as c, type DecryptedCipherText as d, type CipherTextCustomerData as e, type ValidateCipherTextResponse as f, type VerifyIPRequest as g, type GeoIPResult as h, type GeofenceEvaluation as i, type DeviceFingerprint as j, type DeviceTrustResult as k, type ComplianceCheckResponse as l, type AlertSeverity as m, type AlertType as n, type GeolocationAlert as o, type AlertFilters as p, type AlertListResponse as q, type DashboardMetrics as r, type CreateJurisdictionRequest as s, type GeofenceRuleType as t, type GeofenceAction as u, type GeofenceRule as v, type CreateGeofenceRuleRequest as w, type UpdateGeofenceRuleRequest as x, type UpdateDeviceTrustRequest as y, type GeolocationRecord as z };

package/dist/{client-i5QtnFIa.d.ts → client-BWp5FI3x.d.ts}

@@ -73,6 +73,10 @@ type CipherTextReason = 'registration' | 'login' | 'transaction' | 'interval_che
 interface CipherTextOptions {
     /** Reason for collection (required) */
     reason: CipherTextReason;
+    /** Public signing key (pk_) for HMAC signing (produces v02 signed cipherText) */
+    signingKey?: string;
+    /** @deprecated Use signingKey instead. API key for HMAC signing (backward compat) */
+    apiKey?: string;
     /** Request GPS location (default: false) */
     requestLocation?: boolean;
     /** GPS timeout in milliseconds (default: 10000) */
@@ -449,6 +453,8 @@ interface GeolocationConfigResponse {
         registration: boolean;
         transaction: boolean;
     };
+    /** Public signing key (pk_) for client-side HMAC signing */
+    signing_key?: string;
 }
 interface GeolocationClientConfig {
     /** Base URL of the API Gateway (e.g., "https://api.example.com") */
@@ -736,6 +742,7 @@ interface UseLocationCaptureResult {
  * transient failures gracefully.
  */
 declare class GeolocationClient extends BaseClient {
+    private cachedSigningKey?;
     constructor(config: GeolocationClientConfig);
     /**
      * Verify an IP address and check compliance
@@ -964,6 +971,23 @@ declare class GeolocationClient extends BaseClient {
      * ```
      */
     captureLocation(token: string, capture: LocationCaptureRequest, requestOptions?: RequestOptions): Promise<LocationCaptureResponse>;
+    /**
+     * Generate a signed cipherText containing device and location data.
+     *
+     * Automatically passes the client's API key for HMAC signing (v02 format).
+     * If no API key is configured, falls back to unsigned v01 format.
+     *
+     * @param options - Options for cipherText generation
+     * @param gpsConfig - Optional GPS config (from getGPSConfig)
+     * @returns CipherText result with the signed string
+     *
+     * @example
+     * ```typescript
+     * const result = await client.generateCipherText({ reason: 'login' });
+     * console.log(result.cipherText); // v02 signed cipherText
+     * ```
+     */
+    generateCipherText(options: Omit<CipherTextOptions, 'apiKey' | 'signingKey'>, gpsConfig?: GeolocationConfigResponse): Promise<CipherTextResult>;
 }
 
 export { type UseLocationRequestsOptions as $, type AlertStatus as A, type APIError as B, type CipherTextPayload as C, type DeviceFingerprintRequest as D, type GeolocationConfigResponse as E, type GeolocationClientConfig as F, GeolocationClient as G, type UseGeolocationOptions as H, type UseGeolocationResult as I, type JurisdictionConfig as J, type UseAlertsOptions as K, type LocationVerification as L, type UseAlertsResult as M, type LocationRequestStatus as N, type LocationRequestChannel as O, type LocationRequest as P, type CreateLocationRequestRequest as Q, type LocationRequestResult as R, type LocationRequestFilters as S, type LocationRequestListResponse as T, type UpdateJurisdictionRequest as U, type ValidateCipherTextRequest as V, type ResendLocationRequestRequest as W, type WiFiNetwork as X, type LocationCaptureRequest as Y, type LocationShareInfo as Z, type LocationCaptureResponse as _, type CipherTextReason as a, type UseLocationRequestsResult as a0, type UseLocationCaptureOptions as a1, type UseLocationCaptureResult as a2, type CipherTextOptions as b, type CipherTextResult as c, type DecryptedCipherText as d, type CipherTextCustomerData as e, type ValidateCipherTextResponse as f, type VerifyIPRequest as g, type GeoIPResult as h, type GeofenceEvaluation as i, type DeviceFingerprint as j, type DeviceTrustResult as k, type ComplianceCheckResponse as l, type AlertSeverity as m, type AlertType as n, type GeolocationAlert as o, type AlertFilters as p, type AlertListResponse as q, type DashboardMetrics as r, type CreateJurisdictionRequest as s, type GeofenceRuleType as t, type GeofenceAction as u, type GeofenceRule as v, type CreateGeofenceRuleRequest as w, type UpdateGeofenceRuleRequest as x, type UpdateDeviceTrustRequest as y, type GeolocationRecord as z };

package/dist/compliance/index.d.mts

@@ -1,5 +1,5 @@
-import { D as DeviceFingerprintRequest, L as LocationVerification, P as LocationRequest, G as GeolocationClient, S as LocationRequestFilters, T as LocationRequestListResponse } from '../client-BfeDYmrZ.mjs';
-export { Q as CreateLocationRequestRequest, Y as LocationCaptureRequest, _ as LocationCaptureResponse, O as LocationRequestChannel, R as LocationRequestResult, N as LocationRequestStatus, Z as LocationShareInfo, W as ResendLocationRequestRequest } from '../client-BfeDYmrZ.mjs';
+import { D as DeviceFingerprintRequest, L as LocationVerification, P as LocationRequest, G as GeolocationClient, S as LocationRequestFilters, T as LocationRequestListResponse } from '../client-BIfLMfuC.mjs';
+export { Q as CreateLocationRequestRequest, Y as LocationCaptureRequest, _ as LocationCaptureResponse, O as LocationRequestChannel, R as LocationRequestResult, N as LocationRequestStatus, Z as LocationShareInfo, W as ResendLocationRequestRequest } from '../client-BIfLMfuC.mjs';
 import { RiskProfileClient } from '../risk-profile/index.mjs';
 import { E as EntityType, e as CGSConfig, R as RequestOptions, P as PaginationParams } from '../types-BpKxSXGF.mjs';
 import { C as CustomerProfile } from '../types-DKCQN4C5.mjs';

package/dist/compliance/index.d.ts

@@ -1,5 +1,5 @@
-import { D as DeviceFingerprintRequest, L as LocationVerification, P as LocationRequest, G as GeolocationClient, S as LocationRequestFilters, T as LocationRequestListResponse } from '../client-i5QtnFIa.js';
-export { Q as CreateLocationRequestRequest, Y as LocationCaptureRequest, _ as LocationCaptureResponse, O as LocationRequestChannel, R as LocationRequestResult, N as LocationRequestStatus, Z as LocationShareInfo, W as ResendLocationRequestRequest } from '../client-i5QtnFIa.js';
+import { D as DeviceFingerprintRequest, L as LocationVerification, P as LocationRequest, G as GeolocationClient, S as LocationRequestFilters, T as LocationRequestListResponse } from '../client-BWp5FI3x.js';
+export { Q as CreateLocationRequestRequest, Y as LocationCaptureRequest, _ as LocationCaptureResponse, O as LocationRequestChannel, R as LocationRequestResult, N as LocationRequestStatus, Z as LocationShareInfo, W as ResendLocationRequestRequest } from '../client-BWp5FI3x.js';
 import { RiskProfileClient } from '../risk-profile/index.js';
 import { E as EntityType, e as CGSConfig, R as RequestOptions, P as PaginationParams } from '../types-BpKxSXGF.js';
 import { C as CustomerProfile } from '../types-DfHLp_tz.js';

package/dist/compliance/index.js

@@ -84,7 +84,7 @@ function createConsoleLogger() {
 }
 
 // src/core/version.ts
-var SDK_VERSION = "1.1.0";
+var SDK_VERSION = "1.2.0";
 
 // src/core/client.ts
 var BaseClient = class {
@@ -309,6 +309,256 @@ var BaseClient = class {
   }
 };
 
+// src/shared/browser-utils.ts
+function generateUUID() {
+  if (typeof crypto !== "undefined" && crypto.randomUUID) {
+    return crypto.randomUUID();
+  }
+  return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
+    const r = Math.random() * 16 | 0;
+    const v = c === "x" ? r : r & 3 | 8;
+    return v.toString(16);
+  });
+}
+function generateDeviceId() {
+  if (typeof window === "undefined" || typeof localStorage === "undefined") {
+    return generateUUID();
+  }
+  const storageKey = "cgs_device_id";
+  let deviceId = localStorage.getItem(storageKey);
+  if (!deviceId) {
+    deviceId = generateUUID();
+    localStorage.setItem(storageKey, deviceId);
+  }
+  return deviceId;
+}
+function getBrowserInfo() {
+  if (typeof navigator === "undefined") {
+    return { browser: "unknown", browser_version: "", os: "unknown", os_version: "" };
+  }
+  const ua = navigator.userAgent;
+  let browser = "unknown";
+  let browserVersion = "";
+  let os = "unknown";
+  let osVersion = "";
+  if (ua.includes("Firefox/")) {
+    browser = "Firefox";
+    browserVersion = ua.match(/Firefox\/([\d.]+)/)?.[1] || "";
+  } else if (ua.includes("Edg/")) {
+    browser = "Edge";
+    browserVersion = ua.match(/Edg\/([\d.]+)/)?.[1] || "";
+  } else if (ua.includes("Chrome/")) {
+    browser = "Chrome";
+    browserVersion = ua.match(/Chrome\/([\d.]+)/)?.[1] || "";
+  } else if (ua.includes("Safari/") && !ua.includes("Chrome")) {
+    browser = "Safari";
+    browserVersion = ua.match(/Version\/([\d.]+)/)?.[1] || "";
+  } else if (ua.includes("Opera") || ua.includes("OPR/")) {
+    browser = "Opera";
+    browserVersion = ua.match(/(?:Opera|OPR)\/([\d.]+)/)?.[1] || "";
+  }
+  if (ua.includes("Windows")) {
+    os = "Windows";
+    if (ua.includes("Windows NT 10.0")) osVersion = "10";
+    else if (ua.includes("Windows NT 6.3")) osVersion = "8.1";
+    else if (ua.includes("Windows NT 6.2")) osVersion = "8";
+    else if (ua.includes("Windows NT 6.1")) osVersion = "7";
+  } else if (ua.includes("Mac OS X")) {
+    os = "macOS";
+    osVersion = ua.match(/Mac OS X ([\d_]+)/)?.[1]?.replace(/_/g, ".") || "";
+  } else if (ua.includes("Linux")) {
+    os = "Linux";
+  } else if (ua.includes("Android")) {
+    os = "Android";
+    osVersion = ua.match(/Android ([\d.]+)/)?.[1] || "";
+  } else if (ua.includes("iOS") || ua.includes("iPhone") || ua.includes("iPad")) {
+    os = "iOS";
+    osVersion = ua.match(/OS ([\d_]+)/)?.[1]?.replace(/_/g, ".") || "";
+  }
+  return { browser, browser_version: browserVersion, os, os_version: osVersion };
+}
+
+// src/geolocation/ciphertext.ts
+var CIPHER_TEXT_EXPIRY_MINUTES = 5;
+async function computeHMAC(key, message) {
+  if (typeof globalThis.crypto !== "undefined" && globalThis.crypto.subtle) {
+    const encoder = new TextEncoder();
+    const keyData = encoder.encode(key);
+    const msgData = encoder.encode(message);
+    const cryptoKey = await globalThis.crypto.subtle.importKey(
+      "raw",
+      keyData,
+      { name: "HMAC", hash: "SHA-256" },
+      false,
+      ["sign"]
+    );
+    const signature = await globalThis.crypto.subtle.sign("HMAC", cryptoKey, msgData);
+    const bytes = new Uint8Array(signature);
+    return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  const { createHmac } = await import('crypto');
+  return createHmac("sha256", key).update(message).digest("hex");
+}
+function getWebGLInfo() {
+  if (typeof document === "undefined") return null;
+  try {
+    const canvas = document.createElement("canvas");
+    const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
+    if (!gl) return null;
+    const debugInfo = gl.getExtension("WEBGL_debug_renderer_info");
+    if (!debugInfo) return null;
+    return {
+      vendor: gl.getParameter(debugInfo.UNMASKED_VENDOR_WEBGL) || "",
+      renderer: gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) || ""
+    };
+  } catch {
+    return null;
+  }
+}
+function getNetworkInfo() {
+  if (typeof navigator === "undefined") return void 0;
+  const connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
+  if (!connection) return void 0;
+  return {
+    effective_type: connection.effectiveType,
+    downlink: connection.downlink,
+    rtt: connection.rtt,
+    save_data: connection.saveData
+  };
+}
+async function requestGPSLocation(timeout = 1e4, highAccuracy = true) {
+  if (typeof navigator === "undefined" || !navigator.geolocation) {
+    return null;
+  }
+  return new Promise((resolve) => {
+    navigator.geolocation.getCurrentPosition(
+      (position) => {
+        const { latitude, longitude, accuracy } = position.coords;
+        if (latitude < -90 || latitude > 90) {
+          resolve(null);
+          return;
+        }
+        if (longitude < -180 || longitude > 180) {
+          resolve(null);
+          return;
+        }
+        if (accuracy !== null && accuracy !== void 0 && accuracy <= 0) {
+          resolve(null);
+          return;
+        }
+        resolve({
+          latitude,
+          longitude,
+          accuracy,
+          altitude: position.coords.altitude ?? void 0,
+          altitude_accuracy: position.coords.altitudeAccuracy ?? void 0,
+          heading: position.coords.heading ?? void 0,
+          speed: position.coords.speed ?? void 0,
+          timestamp: position.timestamp
+        });
+      },
+      () => {
+        resolve(null);
+      },
+      {
+        enableHighAccuracy: highAccuracy,
+        timeout,
+        maximumAge: 0
+      }
+    );
+  });
+}
+function collectDeviceData(includeWebGL) {
+  const browserInfo = getBrowserInfo();
+  const webglInfo = includeWebGL ? getWebGLInfo() : null;
+  return {
+    device_id: generateDeviceId(),
+    user_agent: typeof navigator !== "undefined" ? navigator.userAgent : "",
+    platform: typeof navigator !== "undefined" ? navigator.platform : "",
+    browser: browserInfo.browser,
+    browser_version: browserInfo.browser_version,
+    os: browserInfo.os,
+    os_version: browserInfo.os_version,
+    screen_resolution: typeof screen !== "undefined" ? `${screen.width}x${screen.height}` : void 0,
+    language: typeof navigator !== "undefined" ? navigator.language : void 0,
+    timezone: Intl?.DateTimeFormat?.()?.resolvedOptions?.()?.timeZone,
+    color_depth: typeof screen !== "undefined" ? screen.colorDepth : void 0,
+    hardware_concurrency: typeof navigator !== "undefined" ? navigator.hardwareConcurrency : void 0,
+    device_memory: typeof navigator !== "undefined" ? navigator.deviceMemory : void 0,
+    touch_support: typeof navigator !== "undefined" ? navigator.maxTouchPoints > 0 : void 0,
+    webgl_vendor: webglInfo?.vendor,
+    webgl_renderer: webglInfo?.renderer
+  };
+}
+function encodePayload(payload) {
+  const json = JSON.stringify(payload);
+  if (typeof btoa !== "undefined") {
+    return btoa(unescape(encodeURIComponent(json)));
+  } else if (typeof Buffer !== "undefined") {
+    return Buffer.from(json, "utf-8").toString("base64");
+  }
+  throw new Error("No base64 encoding method available");
+}
+async function generateCipherText(options, config) {
+  const warnings = [];
+  let requestLocation = options.requestLocation ?? false;
+  if (config?.require_gps) {
+    const reason = options.reason;
+    if (reason === "login" && config.require_gps.login || reason === "registration" && config.require_gps.registration || reason === "transaction" && config.require_gps.transaction) {
+      requestLocation = true;
+    }
+  }
+  const deviceData = collectDeviceData(options.includeWebGL !== false);
+  let locationData;
+  if (requestLocation) {
+    const location = await requestGPSLocation(
+      options.locationTimeout || 1e4,
+      options.highAccuracy !== false
+    );
+    if (location) {
+      locationData = location;
+    } else {
+      warnings.push("GPS location not available or permission denied");
+    }
+  }
+  let networkData;
+  if (options.includeNetworkInfo !== false) {
+    networkData = getNetworkInfo();
+  }
+  const now = /* @__PURE__ */ new Date();
+  const expiry = new Date(now.getTime() + CIPHER_TEXT_EXPIRY_MINUTES * 60 * 1e3);
+  const payload = {
+    device: deviceData,
+    location: locationData,
+    network: networkData,
+    metadata: {
+      collected_at: now.toISOString(),
+      sdk_version: SDK_VERSION,
+      collection_reason: options.reason,
+      page_url: typeof window !== "undefined" ? window.location.href : void 0,
+      referrer: typeof document !== "undefined" ? document.referrer || void 0 : void 0
+    }
+  };
+  const encoded = encodePayload(payload);
+  const timestamp = now.getTime().toString(36);
+  let cipherText;
+  const hmacKey = options.signingKey || options.apiKey;
+  if (hmacKey) {
+    const message = `02.${timestamp}.${encoded}`;
+    const hmac = await computeHMAC(hmacKey, message);
+    cipherText = `${message}.${hmac}`;
+  } else {
+    cipherText = `01.${timestamp}.${encoded}`;
+  }
+  return {
+    cipherText,
+    locationCaptured: !!locationData,
+    warnings: warnings.length > 0 ? warnings : void 0,
+    generatedAt: now.toISOString(),
+    expiresAt: expiry.toISOString()
+  };
+}
+
 // src/geolocation/client.ts
 var GeolocationClient = class extends BaseClient {
   constructor(config) {
@@ -409,7 +659,11 @@ var GeolocationClient = class extends BaseClient {
    * ```
    */
   async getGPSConfig(requestOptions) {
-    return this.requestWithRetry("/api/v1/geo/config", void 0, void 0, void 0, requestOptions);
+    const config = await this.requestWithRetry("/api/v1/geo/config", void 0, void 0, void 0, requestOptions);
+    if (config.signing_key) {
+      this.cachedSigningKey = config.signing_key;
+    }
+    return config;
   }
   // ============================================================================
   // CipherText Validation
@@ -669,6 +923,36 @@ var GeolocationClient = class extends BaseClient {
     }, void 0, requestOptions);
   }
   // ============================================================================
+  // CipherText Generation
+  // ============================================================================
+  /**
+   * Generate a signed cipherText containing device and location data.
+   *
+   * Automatically passes the client's API key for HMAC signing (v02 format).
+   * If no API key is configured, falls back to unsigned v01 format.
+   *
+   * @param options - Options for cipherText generation
+   * @param gpsConfig - Optional GPS config (from getGPSConfig)
+   * @returns CipherText result with the signed string
+   *
+   * @example
+   * ```typescript
+   * const result = await client.generateCipherText({ reason: 'login' });
+   * console.log(result.cipherText); // v02 signed cipherText
+   * ```
+   */
+  async generateCipherText(options, gpsConfig) {
+    let signingKey = this.cachedSigningKey;
+    if (!signingKey) {
+      const config = await this.getGPSConfig();
+      signingKey = config.signing_key;
+    }
+    return generateCipherText(
+      { ...options, signingKey: signingKey || void 0 },
+      gpsConfig
+    );
+  }
+  // ============================================================================
   // Utility Methods (inherited from BaseClient: healthCheck, updateConfig, getConfig, buildQueryString)
   // ============================================================================
 };