vesant-sdk 1.6.0 → 1.6.2

package/dist/{client-C4g596fI.d.mts → client-BlCxjbY2.d.mts}

@@ -1,4 +1,4 @@
-import { L as Logger, B as BaseClient, R as RequestOptions } from './client-CIon-bGS.mjs';
+import { L as Logger, B as BaseClient, R as RequestOptions } from './client-ePzhQKp9.mjs';
 import { P as PaginationParams } from './types-B4Ezqo7V.mjs';
 
 interface DeviceFingerprintRequest {
@@ -195,6 +195,7 @@ interface ValidateCipherTextResponse {
         is_vpn: boolean;
         is_proxy: boolean;
         is_tor: boolean;
+        is_hosting?: boolean;
         /** Whether access is blocked based on tenant's geofence rules configuration */
         is_blocked: boolean;
         /** Reasons for blocking (only present if is_blocked is true) */
@@ -205,6 +206,11 @@ interface ValidateCipherTextResponse {
         location_mismatch_distance_km?: number;
     };
     errors?: string[];
+    is_compliant?: boolean;
+    jurisdiction?: JurisdictionConfig;
+    geofence_evaluation?: GeofenceEvaluation;
+    record_id?: string;
+    gps_required?: boolean;
 }
 interface VerifyIPRequest {
     ip_address: string;
@@ -1010,4 +1016,4 @@ declare class GeolocationClient extends BaseClient {
     generateCipherText(options: Omit<CipherTextOptions, 'apiKey' | 'signingKey'>, gpsConfig?: GeolocationConfigResponse): Promise<CipherTextResult>;
 }
 
-export { type WiFiNetwork as $, type AlertStatus as A, type GeofenceAction as B, type CipherTextOptions as C, type DeviceFingerprintRequest as D, type GeofenceRule as E, type CreateGeofenceRuleRequest as F, GeolocationClient as G, type UpdateGeofenceRuleRequest as H, type UpdateDeviceTrustRequest as I, type JurisdictionConfig as J, type GeolocationRecord as K, type LocationVerification as L, type APIError as M, type GeolocationConfigResponse as N, type GeolocationClientConfig as O, type UseAlertsOptions as P, type UseAlertsResult as Q, type LocationRequestStatus as R, type LocationRequestChannel as S, type LocationRequest as T, type UseGeolocationOptions as U, type ValidateCipherTextRequest as V, type CreateLocationRequestRequest as W, type LocationRequestResult as X, type LocationRequestFilters as Y, type LocationRequestListResponse as Z, type ResendLocationRequestRequest as _, type UseGeolocationResult as a, type LocationCaptureRequest as a0, type LocationShareInfo as a1, type LocationCaptureResponse as a2, type UseLocationRequestsOptions as b, type UseLocationRequestsResult as c, type UseLocationCaptureOptions as d, type UseLocationCaptureResult as e, type CipherTextResult as f, type CipherTextPayload as g, type CipherTextReason as h, type DecryptedCipherText as i, type CipherTextCustomerData as j, type ValidateCipherTextResponse as k, type VerifyIPRequest as l, type GeoIPResult as m, type GeofenceEvaluation as n, type DeviceFingerprint as o, type DeviceTrustResult as p, type ComplianceCheckResponse as q, type AlertSeverity as r, type AlertType as s, type GeolocationAlert as t, type AlertFilters as u, type AlertListResponse as v, type DashboardMetrics as w, type CreateJurisdictionRequest as x, type UpdateJurisdictionRequest as y, type GeofenceRuleType as z };
+export { type UseLocationRequestsOptions as $, type AlertStatus as A, type APIError as B, type CipherTextPayload as C, type DeviceFingerprintRequest as D, type GeolocationConfigResponse as E, type GeolocationClientConfig as F, GeolocationClient as G, type UseGeolocationOptions as H, type UseGeolocationResult as I, type JurisdictionConfig as J, type UseAlertsOptions as K, type LocationVerification as L, type UseAlertsResult as M, type LocationRequestStatus as N, type LocationRequestChannel as O, type LocationRequest as P, type CreateLocationRequestRequest as Q, type LocationRequestResult as R, type LocationRequestFilters as S, type LocationRequestListResponse as T, type UpdateJurisdictionRequest as U, type ValidateCipherTextRequest as V, type ResendLocationRequestRequest as W, type WiFiNetwork as X, type LocationCaptureRequest as Y, type LocationShareInfo as Z, type LocationCaptureResponse as _, type CipherTextReason as a, type UseLocationRequestsResult as a0, type UseLocationCaptureOptions as a1, type UseLocationCaptureResult as a2, type CipherTextOptions as b, type CipherTextResult as c, type DecryptedCipherText as d, type CipherTextCustomerData as e, type ValidateCipherTextResponse as f, type VerifyIPRequest as g, type GeoIPResult as h, type GeofenceEvaluation as i, type DeviceFingerprint as j, type DeviceTrustResult as k, type ComplianceCheckResponse as l, type AlertSeverity as m, type AlertType as n, type GeolocationAlert as o, type AlertFilters as p, type AlertListResponse as q, type DashboardMetrics as r, type CreateJurisdictionRequest as s, type GeofenceRuleType as t, type GeofenceAction as u, type GeofenceRule as v, type CreateGeofenceRuleRequest as w, type UpdateGeofenceRuleRequest as x, type UpdateDeviceTrustRequest as y, type GeolocationRecord as z };

package/dist/{client-Bd9a5o0C.d.ts → client-C_A7QLcB.d.ts}

@@ -1,4 +1,4 @@
-import { L as Logger, B as BaseClient, R as RequestOptions } from './client-CIon-bGS.js';
+import { L as Logger, B as BaseClient, R as RequestOptions } from './client-ePzhQKp9.js';
 import { P as PaginationParams } from './types-B4Ezqo7V.js';
 
 interface DeviceFingerprintRequest {
@@ -195,6 +195,7 @@ interface ValidateCipherTextResponse {
         is_vpn: boolean;
         is_proxy: boolean;
         is_tor: boolean;
+        is_hosting?: boolean;
         /** Whether access is blocked based on tenant's geofence rules configuration */
         is_blocked: boolean;
         /** Reasons for blocking (only present if is_blocked is true) */
@@ -205,6 +206,11 @@ interface ValidateCipherTextResponse {
         location_mismatch_distance_km?: number;
     };
     errors?: string[];
+    is_compliant?: boolean;
+    jurisdiction?: JurisdictionConfig;
+    geofence_evaluation?: GeofenceEvaluation;
+    record_id?: string;
+    gps_required?: boolean;
 }
 interface VerifyIPRequest {
     ip_address: string;
@@ -1010,4 +1016,4 @@ declare class GeolocationClient extends BaseClient {
     generateCipherText(options: Omit<CipherTextOptions, 'apiKey' | 'signingKey'>, gpsConfig?: GeolocationConfigResponse): Promise<CipherTextResult>;
 }
 
-export { type WiFiNetwork as $, type AlertStatus as A, type GeofenceAction as B, type CipherTextOptions as C, type DeviceFingerprintRequest as D, type GeofenceRule as E, type CreateGeofenceRuleRequest as F, GeolocationClient as G, type UpdateGeofenceRuleRequest as H, type UpdateDeviceTrustRequest as I, type JurisdictionConfig as J, type GeolocationRecord as K, type LocationVerification as L, type APIError as M, type GeolocationConfigResponse as N, type GeolocationClientConfig as O, type UseAlertsOptions as P, type UseAlertsResult as Q, type LocationRequestStatus as R, type LocationRequestChannel as S, type LocationRequest as T, type UseGeolocationOptions as U, type ValidateCipherTextRequest as V, type CreateLocationRequestRequest as W, type LocationRequestResult as X, type LocationRequestFilters as Y, type LocationRequestListResponse as Z, type ResendLocationRequestRequest as _, type UseGeolocationResult as a, type LocationCaptureRequest as a0, type LocationShareInfo as a1, type LocationCaptureResponse as a2, type UseLocationRequestsOptions as b, type UseLocationRequestsResult as c, type UseLocationCaptureOptions as d, type UseLocationCaptureResult as e, type CipherTextResult as f, type CipherTextPayload as g, type CipherTextReason as h, type DecryptedCipherText as i, type CipherTextCustomerData as j, type ValidateCipherTextResponse as k, type VerifyIPRequest as l, type GeoIPResult as m, type GeofenceEvaluation as n, type DeviceFingerprint as o, type DeviceTrustResult as p, type ComplianceCheckResponse as q, type AlertSeverity as r, type AlertType as s, type GeolocationAlert as t, type AlertFilters as u, type AlertListResponse as v, type DashboardMetrics as w, type CreateJurisdictionRequest as x, type UpdateJurisdictionRequest as y, type GeofenceRuleType as z };
+export { type UseLocationRequestsOptions as $, type AlertStatus as A, type APIError as B, type CipherTextPayload as C, type DeviceFingerprintRequest as D, type GeolocationConfigResponse as E, type GeolocationClientConfig as F, GeolocationClient as G, type UseGeolocationOptions as H, type UseGeolocationResult as I, type JurisdictionConfig as J, type UseAlertsOptions as K, type LocationVerification as L, type UseAlertsResult as M, type LocationRequestStatus as N, type LocationRequestChannel as O, type LocationRequest as P, type CreateLocationRequestRequest as Q, type LocationRequestResult as R, type LocationRequestFilters as S, type LocationRequestListResponse as T, type UpdateJurisdictionRequest as U, type ValidateCipherTextRequest as V, type ResendLocationRequestRequest as W, type WiFiNetwork as X, type LocationCaptureRequest as Y, type LocationShareInfo as Z, type LocationCaptureResponse as _, type CipherTextReason as a, type UseLocationRequestsResult as a0, type UseLocationCaptureOptions as a1, type UseLocationCaptureResult as a2, type CipherTextOptions as b, type CipherTextResult as c, type DecryptedCipherText as d, type CipherTextCustomerData as e, type ValidateCipherTextResponse as f, type VerifyIPRequest as g, type GeoIPResult as h, type GeofenceEvaluation as i, type DeviceFingerprint as j, type DeviceTrustResult as k, type ComplianceCheckResponse as l, type AlertSeverity as m, type AlertType as n, type GeolocationAlert as o, type AlertFilters as p, type AlertListResponse as q, type DashboardMetrics as r, type CreateJurisdictionRequest as s, type GeofenceRuleType as t, type GeofenceAction as u, type GeofenceRule as v, type CreateGeofenceRuleRequest as w, type UpdateGeofenceRuleRequest as x, type UpdateDeviceTrustRequest as y, type GeolocationRecord as z };

package/dist/{client-CIon-bGS.d.mts → client-ePzhQKp9.d.mts}

@@ -64,6 +64,8 @@ interface RequestOptions {
     signal?: AbortSignal;
     /** Idempotency key for POST/PUT/PATCH requests */
     idempotencyKey?: string;
+    /** Response type — defaults to 'json'. Use 'arraybuffer' for binary downloads (PDF, etc.) */
+    responseType?: 'json' | 'arraybuffer';
 }
 interface RequestInterceptor {
     /** Called before each request. Can modify headers or options. */

package/dist/{client-CIon-bGS.d.ts → client-ePzhQKp9.d.ts}

@@ -64,6 +64,8 @@ interface RequestOptions {
     signal?: AbortSignal;
     /** Idempotency key for POST/PUT/PATCH requests */
     idempotencyKey?: string;
+    /** Response type — defaults to 'json'. Use 'arraybuffer' for binary downloads (PDF, etc.) */
+    responseType?: 'json' | 'arraybuffer';
 }
 interface RequestInterceptor {
     /** Called before each request. Can modify headers or options. */

package/dist/compliance/index.d.mts

@@ -1,7 +1,7 @@
-import { D as DeviceFingerprintRequest, L as LocationVerification, k as ValidateCipherTextResponse, T as LocationRequest, G as GeolocationClient, Y as LocationRequestFilters, Z as LocationRequestListResponse } from '../client-C4g596fI.mjs';
-export { W as CreateLocationRequestRequest, a0 as LocationCaptureRequest, a2 as LocationCaptureResponse, S as LocationRequestChannel, X as LocationRequestResult, R as LocationRequestStatus, a1 as LocationShareInfo, _ as ResendLocationRequestRequest } from '../client-C4g596fI.mjs';
+import { D as DeviceFingerprintRequest, L as LocationVerification, f as ValidateCipherTextResponse, P as LocationRequest, G as GeolocationClient, S as LocationRequestFilters, T as LocationRequestListResponse } from '../client-BlCxjbY2.mjs';
+export { Q as CreateLocationRequestRequest, Y as LocationCaptureRequest, _ as LocationCaptureResponse, O as LocationRequestChannel, R as LocationRequestResult, N as LocationRequestStatus, Z as LocationShareInfo, W as ResendLocationRequestRequest } from '../client-BlCxjbY2.mjs';
 import { RiskProfileClient } from '../risk-profile/index.mjs';
-import { V as VesantConfig, R as RequestOptions } from '../client-CIon-bGS.mjs';
+import { V as VesantConfig, R as RequestOptions } from '../client-ePzhQKp9.mjs';
 import { C as CustomerProfile } from '../types-1RzYeSal.mjs';
 import { E as EntityType, P as PaginationParams } from '../types-B4Ezqo7V.mjs';
 
@@ -38,7 +38,7 @@ interface LoginVerificationRequest {
 interface LoginVerificationResponse {
     allowed: boolean;
     geolocation: LocationVerification;
-    profile: CustomerProfile;
+    profile: CustomerProfile | null;
     requiresStepUp: boolean;
     blockReasons: string[];
     processingTime: number;
@@ -57,7 +57,7 @@ interface TransactionVerificationRequest {
 interface TransactionVerificationResponse {
     allowed: boolean;
     geolocation: LocationVerification;
-    profile: CustomerProfile;
+    profile: CustomerProfile | null;
     transactionRisk: TransactionRiskResult;
     requiresApproval: boolean;
     blockReasons: string[];
@@ -277,6 +277,13 @@ declare class ComplianceClient {
      * Returns undefined if cipherText is not provided or validation fails.
      */
     private executeCipherTextValidation;
+    /**
+     * Build a LocationVerification from a ValidateCipherTextResponse.
+     * The validate-ciphertext endpoint now returns the full geo-verification data
+     * (is_compliant, jurisdiction, geofence_evaluation, record_id, gps_required),
+     * so a separate verifyIP call is unnecessary.
+     */
+    private buildLocationFromCipherText;
     private calculateTransactionRisk;
     private checkJurisdictionLimits;
     private normalizeToUSD;

package/dist/compliance/index.d.ts

@@ -1,7 +1,7 @@
-import { D as DeviceFingerprintRequest, L as LocationVerification, k as ValidateCipherTextResponse, T as LocationRequest, G as GeolocationClient, Y as LocationRequestFilters, Z as LocationRequestListResponse } from '../client-Bd9a5o0C.js';
-export { W as CreateLocationRequestRequest, a0 as LocationCaptureRequest, a2 as LocationCaptureResponse, S as LocationRequestChannel, X as LocationRequestResult, R as LocationRequestStatus, a1 as LocationShareInfo, _ as ResendLocationRequestRequest } from '../client-Bd9a5o0C.js';
+import { D as DeviceFingerprintRequest, L as LocationVerification, f as ValidateCipherTextResponse, P as LocationRequest, G as GeolocationClient, S as LocationRequestFilters, T as LocationRequestListResponse } from '../client-C_A7QLcB.js';
+export { Q as CreateLocationRequestRequest, Y as LocationCaptureRequest, _ as LocationCaptureResponse, O as LocationRequestChannel, R as LocationRequestResult, N as LocationRequestStatus, Z as LocationShareInfo, W as ResendLocationRequestRequest } from '../client-C_A7QLcB.js';
 import { RiskProfileClient } from '../risk-profile/index.js';
-import { V as VesantConfig, R as RequestOptions } from '../client-CIon-bGS.js';
+import { V as VesantConfig, R as RequestOptions } from '../client-ePzhQKp9.js';
 import { C as CustomerProfile } from '../types-X5Md_dD_.js';
 import { E as EntityType, P as PaginationParams } from '../types-B4Ezqo7V.js';
 
@@ -38,7 +38,7 @@ interface LoginVerificationRequest {
 interface LoginVerificationResponse {
     allowed: boolean;
     geolocation: LocationVerification;
-    profile: CustomerProfile;
+    profile: CustomerProfile | null;
     requiresStepUp: boolean;
     blockReasons: string[];
     processingTime: number;
@@ -57,7 +57,7 @@ interface TransactionVerificationRequest {
 interface TransactionVerificationResponse {
     allowed: boolean;
     geolocation: LocationVerification;
-    profile: CustomerProfile;
+    profile: CustomerProfile | null;
     transactionRisk: TransactionRiskResult;
     requiresApproval: boolean;
     blockReasons: string[];
@@ -277,6 +277,13 @@ declare class ComplianceClient {
      * Returns undefined if cipherText is not provided or validation fails.
      */
     private executeCipherTextValidation;
+    /**
+     * Build a LocationVerification from a ValidateCipherTextResponse.
+     * The validate-ciphertext endpoint now returns the full geo-verification data
+     * (is_compliant, jurisdiction, geofence_evaluation, record_id, gps_required),
+     * so a separate verifyIP call is unnecessary.
+     */
+    private buildLocationFromCipherText;
     private calculateTransactionRisk;
     private checkJurisdictionLimits;
     private normalizeToUSD;

package/dist/compliance/index.js

@@ -224,7 +224,7 @@ function createConsoleLogger() {
 }
 
 // src/core/version.ts
-var SDK_VERSION = "1.6.0";
+var SDK_VERSION = "1.6.2";
 
 // src/shared/browser-utils.ts
 function generateUUID() {
@@ -398,6 +398,19 @@ var BaseClient = class {
       if (this.rateLimitTracker) {
         this.rateLimitTracker.updateFromHeaders(response.headers);
       }
+      if (requestOptions?.responseType === "arraybuffer") {
+        if (!response.ok) {
+          let errData = {};
+          try {
+            errData = await response.json();
+          } catch {
+          }
+          this.handleErrorResponse(response.status, errData, requestId);
+        }
+        this.circuitBreaker?.onSuccess();
+        const buffer = await response.arrayBuffer();
+        return buffer;
+      }
       let data;
       try {
         data = await response.json();
@@ -1025,22 +1038,51 @@ var GeolocationClient = class extends BaseClient {
       void 0,
       requestOptions
     );
-    const locationResult = await this.verifyIP({
-      ip_address: ipAddress,
-      user_id: userId,
-      event_type: eventType,
-      device_fingerprint: cipherTextResult.valid && cipherTextResult.device ? {
-        device_id: cipherTextResult.device_uuid,
-        user_agent: "",
-        platform: cipherTextResult.device.platform,
-        browser: cipherTextResult.device.browser,
-        os: cipherTextResult.device.os
-      } : void 0
-    }, requestOptions);
+    const loc = cipherTextResult.location;
+    const risk = cipherTextResult.risk;
+    if (!risk) {
+      const locationResult = await this.verifyIP({
+        ip_address: ipAddress,
+        user_id: userId,
+        event_type: eventType
+      }, requestOptions);
+      return {
+        ciphertext_valid: cipherTextResult.valid,
+        ciphertext_result: cipherTextResult,
+        location: locationResult
+      };
+    }
+    const location = {
+      ip_address: cipherTextResult.ip_address,
+      location: {
+        country: loc?.country ?? "",
+        country_iso: loc?.country_iso ?? "",
+        city: loc?.city ?? "",
+        region: loc?.region ?? "",
+        postal_code: "",
+        latitude: loc?.latitude ?? 0,
+        longitude: loc?.longitude ?? 0,
+        timezone: "",
+        is_vpn: risk.is_vpn ?? false,
+        is_proxy: risk.is_proxy ?? false,
+        is_tor: risk.is_tor ?? false,
+        is_hosting: risk.is_hosting ?? false,
+        is_anonymizer: risk.is_vpn || risk.is_proxy || risk.is_tor
+      },
+      is_compliant: cipherTextResult.is_compliant ?? !risk.is_blocked,
+      is_blocked: risk.is_blocked ?? false,
+      risk_level: risk.level ?? "low",
+      risk_score: risk.score ?? 0,
+      risk_reasons: risk.is_blocked && risk.block_reasons ? risk.block_reasons : risk.factors ?? [],
+      jurisdiction: cipherTextResult.jurisdiction,
+      geofence_evaluation: cipherTextResult.geofence_evaluation,
+      record_id: cipherTextResult.record_id ?? "",
+      gps_required: cipherTextResult.gps_required
+    };
     return {
       ciphertext_valid: cipherTextResult.valid,
       ciphertext_result: cipherTextResult,
-      location: locationResult
+      location
     };
   }
   // ============================================================================
@@ -1445,28 +1487,34 @@ var ComplianceClient = class {
       if (this.config.debug) {
         this.logger.debug("Starting registration verification", { customerId: request.customerId });
       }
-      const customerData = request.cipherText ? {
-        full_name: request.fullName,
-        email: request.emailAddress,
-        phone: request.phoneNumber,
-        date_of_birth: request.dateOfBirth
-      } : void 0;
-      [cipherTextResult, geoVerification] = await Promise.all([
-        this.executeCipherTextValidation(
+      if (request.cipherText) {
+        cipherTextResult = await this.executeCipherTextValidation(
           request.cipherText,
           request.customerId,
           "registration",
           request.ipAddress,
-          customerData,
+          {
+            full_name: request.fullName,
+            email: request.emailAddress,
+            phone: request.phoneNumber,
+            date_of_birth: request.dateOfBirth
+          },
           requestOptions
-        ),
-        this.geoClient.verifyIP({
+        );
+        geoVerification = (cipherTextResult && this.buildLocationFromCipherText(cipherTextResult, request.ipAddress)) ?? await this.geoClient.verifyIP({
           ip_address: request.ipAddress,
           user_id: request.customerId,
           event_type: "registration",
           device_fingerprint: request.deviceFingerprint
-        }, requestOptions)
-      ]);
+        }, requestOptions);
+      } else {
+        geoVerification = await this.geoClient.verifyIP({
+          ip_address: request.ipAddress,
+          user_id: request.customerId,
+          event_type: "registration",
+          device_fingerprint: request.deviceFingerprint
+        }, requestOptions);
+      }
       const blockReasons = this.evaluateRegistrationBlock(geoVerification, cipherTextResult);
       if (blockReasons.length > 0) {
         if (this.config.debug) {
@@ -1547,7 +1595,7 @@ var ComplianceClient = class {
   evaluateRegistrationBlock(geoVerification, cipherTextResult) {
     const blockReasons = [];
     if (geoVerification.is_blocked) {
-      blockReasons.push(...geoVerification.risk_reasons);
+      blockReasons.push(...geoVerification.risk_reasons ?? []);
     }
     if (!geoVerification.is_compliant) {
       if (!blockReasons.includes("non_compliant_jurisdiction")) {
@@ -1571,7 +1619,7 @@ var ComplianceClient = class {
       }
     }
     if (geoVerification.geofence_evaluation?.blocked) {
-      blockReasons.push(...geoVerification.geofence_evaluation.reasons);
+      blockReasons.push(...geoVerification.geofence_evaluation.reasons ?? []);
     }
     if (geoVerification.risk_level === "critical") {
       if (!blockReasons.includes("critical_risk_level")) {
@@ -1722,24 +1770,40 @@ var ComplianceClient = class {
       if (this.config.debug) {
         this.logger.debug("Starting login verification", { customerId: request.customerId });
       }
-      const [cipherTextResult, geoVerification, profileResult] = await Promise.all([
-        this.executeCipherTextValidation(
-          request.cipherText,
-          request.customerId,
-          "login",
-          request.ipAddress,
-          void 0,
-          requestOptions
-        ),
-        this.geoClient.verifyIP({
+      let cipherTextResult;
+      let geoVerification;
+      let profileResult;
+      if (request.cipherText) {
+        [cipherTextResult, profileResult] = await Promise.all([
+          this.executeCipherTextValidation(
+            request.cipherText,
+            request.customerId,
+            "login",
+            request.ipAddress,
+            void 0,
+            requestOptions
+          ),
+          this.riskClient.getProfile(request.customerId, requestOptions).catch(() => null)
+        ]);
+        geoVerification = (cipherTextResult && this.buildLocationFromCipherText(cipherTextResult, request.ipAddress)) ?? await this.geoClient.verifyIP({
           ip_address: request.ipAddress,
           user_id: request.customerId,
           event_type: "login",
           device_fingerprint: request.deviceFingerprint
-        }, requestOptions),
-        this.riskClient.getProfile(request.customerId, requestOptions).catch(() => null)
-      ]);
-      const loginBlockReasons = this.getBlockReasons(geoVerification, profileResult || {}, cipherTextResult);
+        }, requestOptions);
+      } else {
+        [, geoVerification, profileResult] = await Promise.all([
+          Promise.resolve(void 0),
+          this.geoClient.verifyIP({
+            ip_address: request.ipAddress,
+            user_id: request.customerId,
+            event_type: "login",
+            device_fingerprint: request.deviceFingerprint
+          }, requestOptions),
+          this.riskClient.getProfile(request.customerId, requestOptions).catch(() => null)
+        ]);
+      }
+      const loginBlockReasons = this.getBlockReasons(geoVerification, profileResult, cipherTextResult);
       const isBlocked = !geoVerification.is_compliant || geoVerification.is_blocked || !!cipherTextResult?.risk?.is_blocked || cipherTextResult?.valid === false || geoVerification.gps_required && !cipherTextResult;
       if (isBlocked && !profileResult) {
         return {
@@ -1823,23 +1887,39 @@ var ComplianceClient = class {
           currency: request.currency
         });
       }
-      const [cipherTextResult, geoVerification, profileResult] = await Promise.all([
-        this.executeCipherTextValidation(
-          request.cipherText,
-          request.customerId,
-          "transaction",
-          request.ipAddress,
-          void 0,
-          requestOptions
-        ),
-        this.geoClient.verifyIP({
+      let cipherTextResult;
+      let geoVerification;
+      let profileResult;
+      if (request.cipherText) {
+        [cipherTextResult, profileResult] = await Promise.all([
+          this.executeCipherTextValidation(
+            request.cipherText,
+            request.customerId,
+            "transaction",
+            request.ipAddress,
+            void 0,
+            requestOptions
+          ),
+          this.riskClient.getProfile(request.customerId, requestOptions).catch(() => null)
+        ]);
+        geoVerification = (cipherTextResult && this.buildLocationFromCipherText(cipherTextResult, request.ipAddress)) ?? await this.geoClient.verifyIP({
           ip_address: request.ipAddress,
           user_id: request.customerId,
           event_type: "transaction",
           device_fingerprint: request.deviceFingerprint
-        }, requestOptions),
-        this.riskClient.getProfile(request.customerId, requestOptions).catch(() => null)
-      ]);
+        }, requestOptions);
+      } else {
+        [, geoVerification, profileResult] = await Promise.all([
+          Promise.resolve(void 0),
+          this.geoClient.verifyIP({
+            ip_address: request.ipAddress,
+            user_id: request.customerId,
+            event_type: "transaction",
+            device_fingerprint: request.deviceFingerprint
+          }, requestOptions),
+          this.riskClient.getProfile(request.customerId, requestOptions).catch(() => null)
+        ]);
+      }
       const geoBlocked = !geoVerification.is_compliant || geoVerification.is_blocked || !!cipherTextResult?.risk?.is_blocked || cipherTextResult?.valid === false || geoVerification.gps_required && !cipherTextResult;
       if (geoBlocked && !profileResult) {
         return {
@@ -1858,6 +1938,9 @@ var ComplianceClient = class {
           cipherTextValidation: cipherTextResult
         };
       }
+      if (!profileResult) {
+        throw new ComplianceError("Customer profile not found", request.customerId);
+      }
       const profile = profileResult;
       const transactionRisk = this.calculateTransactionRisk(
         request.amount,
@@ -1900,22 +1983,31 @@ var ComplianceClient = class {
   async verifyEvent(request, requestOptions) {
     const startTime = Date.now();
     this.validateEventRequest(request);
-    const [cipherTextResult, geoVerification] = await Promise.all([
-      this.executeCipherTextValidation(
+    let cipherTextResult;
+    let geoVerification;
+    if (request.cipherText) {
+      cipherTextResult = await this.executeCipherTextValidation(
         request.cipherText,
         request.customerId,
         request.eventType,
         request.ipAddress,
         void 0,
         requestOptions
-      ),
-      this.geoClient.verifyIP({
+      );
+      geoVerification = (cipherTextResult && this.buildLocationFromCipherText(cipherTextResult, request.ipAddress)) ?? await this.geoClient.verifyIP({
         ip_address: request.ipAddress,
         user_id: request.customerId,
         event_type: request.eventType,
         device_fingerprint: request.deviceFingerprint
-      }, requestOptions)
-    ]);
+      }, requestOptions);
+    } else {
+      geoVerification = await this.geoClient.verifyIP({
+        ip_address: request.ipAddress,
+        user_id: request.customerId,
+        event_type: request.eventType,
+        device_fingerprint: request.deviceFingerprint
+      }, requestOptions);
+    }
     if (this.config.autoCreateProfiles) {
       try {
         const profile = await this.riskClient.getProfile(request.customerId, requestOptions);
@@ -1929,7 +2021,7 @@ var ComplianceClient = class {
       }
     }
     const cipherTextBlocked = cipherTextResult ? !cipherTextResult.valid || cipherTextResult.risk?.is_blocked === true : false;
-    const blockReasons = [...geoVerification.risk_reasons];
+    const blockReasons = [...geoVerification.risk_reasons ?? []];
     if (cipherTextResult) {
       if (!cipherTextResult.valid) {
         blockReasons.push("ciphertext_validation_failed");
@@ -1998,6 +2090,44 @@ var ComplianceClient = class {
       return void 0;
     }
   }
+  /**
+   * Build a LocationVerification from a ValidateCipherTextResponse.
+   * The validate-ciphertext endpoint now returns the full geo-verification data
+   * (is_compliant, jurisdiction, geofence_evaluation, record_id, gps_required),
+   * so a separate verifyIP call is unnecessary.
+   */
+  buildLocationFromCipherText(ct, ipAddress) {
+    const loc = ct.location;
+    const risk = ct.risk;
+    if (!risk) return null;
+    return {
+      ip_address: ct.ip_address || ipAddress,
+      location: {
+        country: loc?.country ?? "",
+        country_iso: loc?.country_iso ?? "",
+        city: loc?.city ?? "",
+        region: loc?.region ?? "",
+        postal_code: "",
+        latitude: loc?.latitude ?? 0,
+        longitude: loc?.longitude ?? 0,
+        timezone: "",
+        is_vpn: risk.is_vpn,
+        is_proxy: risk.is_proxy,
+        is_tor: risk.is_tor,
+        is_hosting: risk.is_hosting ?? false,
+        is_anonymizer: risk.is_vpn || risk.is_proxy || risk.is_tor
+      },
+      is_compliant: ct.is_compliant ?? !risk.is_blocked,
+      is_blocked: risk.is_blocked,
+      risk_level: risk.level,
+      risk_score: risk.score,
+      risk_reasons: risk.is_blocked && risk.block_reasons ? risk.block_reasons : risk.factors ?? [],
+      jurisdiction: ct.jurisdiction,
+      geofence_evaluation: ct.geofence_evaluation,
+      record_id: ct.record_id ?? "",
+      gps_required: ct.gps_required
+    };
+  }
   calculateTransactionRisk(amount, currency, geoVerification, profile, cipherTextResult) {
     if (!this._currencyRatesCustomized && !this._currencyRatesWarned) {
       this._currencyRatesWarned = true;
@@ -2068,13 +2198,15 @@ var ComplianceClient = class {
   getBlockReasons(geoVerification, profile, cipherTextResult) {
     const reasons = [];
     if (geoVerification.is_blocked) {
-      reasons.push(...geoVerification.risk_reasons);
+      reasons.push(...geoVerification.risk_reasons ?? []);
     }
-    if (profile.customer_status === "suspended") {
-      reasons.push("account_suspended");
-    }
-    if (profile.has_sanctions) {
-      reasons.push("sanctions_match");
+    if (profile) {
+      if (profile.customer_status === "suspended") {
+        reasons.push("account_suspended");
+      }
+      if (profile.has_sanctions) {
+        reasons.push("sanctions_match");
+      }
     }
     if (cipherTextResult) {
       if (!cipherTextResult.valid) {