vesant-sdk 1.6.6 → 2.0.0-dev.40d1c39

package/dist/compliance/index.mjs

@@ -1,3 +1,78 @@
+// src/compliance/block-reasons.ts
+var sdkReasons = {
+  // Jurisdiction
+  jurisdictionBlocked: (country, countryISO) => ({
+    code: "JURISDICTION_BLOCKED",
+    message: "Access from a blocked jurisdiction",
+    metadata: { country, country_iso: countryISO }
+  }),
+  jurisdictionNonCompliant: () => ({
+    code: "JURISDICTION_NON_COMPLIANT",
+    message: "Location does not meet compliance requirements"
+  }),
+  jurisdictionRegistrationDenied: () => ({
+    code: "JURISDICTION_REGISTRATION_DENIED",
+    message: "Registration is not permitted in this jurisdiction"
+  }),
+  jurisdictionRestricted: () => ({
+    code: "JURISDICTION_RESTRICTED",
+    message: "Access from a restricted jurisdiction"
+  }),
+  // Risk
+  riskCriticalLevel: () => ({
+    code: "RISK_CRITICAL_LEVEL",
+    message: "Risk assessment reached critical threshold"
+  }),
+  accountSuspended: () => ({
+    code: "RISK_ACCOUNT_SUSPENDED",
+    message: "Customer account is suspended"
+  }),
+  sanctionsMatch: () => ({
+    code: "RISK_SANCTIONS_MATCH",
+    message: "Customer profile matched against sanctions list"
+  }),
+  riskHighLocation: () => ({
+    code: "RISK_HIGH_LOCATION",
+    message: "High-risk geographic location"
+  }),
+  riskHighCustomer: () => ({
+    code: "RISK_HIGH_CUSTOMER",
+    message: "Customer flagged as high risk"
+  }),
+  // Device
+  ciphertextInvalid: () => ({
+    code: "DEVICE_CIPHERTEXT_INVALID",
+    message: "Device verification payload failed validation"
+  }),
+  gpsIPMismatch: () => ({
+    code: "DEVICE_GPS_IP_MISMATCH",
+    message: "GPS location does not match IP-derived location"
+  }),
+  gpsRequired: () => ({
+    code: "DEVICE_GPS_REQUIRED",
+    message: "GPS verification is required but was not provided"
+  }),
+  // Transaction
+  transactionHighAmount: (amount, currency, threshold) => ({
+    code: "TRANSACTION_HIGH_AMOUNT",
+    message: "Transaction amount exceeds high-value threshold",
+    metadata: { amount, currency, threshold }
+  }),
+  transactionElevatedAmount: (amount, currency, threshold) => ({
+    code: "TRANSACTION_ELEVATED_AMOUNT",
+    message: "Transaction amount exceeds elevated-value threshold",
+    metadata: { amount, currency, threshold }
+  }),
+  transactionJurisdictionLimit: () => ({
+    code: "TRANSACTION_JURISDICTION_LIMIT",
+    message: "Transaction amount exceeds jurisdiction limit"
+  }),
+  anonymizationDetected: () => ({
+    code: "NETWORK_ANONYMIZER_DETECTED",
+    message: "Anonymization tool detected"
+  })
+};
+
 // src/core/errors.ts
 var VesantError = class _VesantError extends Error {
   constructor(message, code, statusCode, details) {
@@ -222,7 +297,7 @@ function createConsoleLogger() {
 }
 
 // src/core/version.ts
-var SDK_VERSION = "1.6.6";
+var SDK_VERSION = "2.0.0";
 
 // src/shared/browser-utils.ts
 function generateUUID() {
@@ -725,7 +800,7 @@ function encodePayload(payload) {
   } else if (typeof Buffer !== "undefined") {
     return Buffer.from(json, "utf-8").toString("base64");
   }
-  throw new Error("No base64 encoding method available");
+  throw new VesantError("No base64 encoding method available", "BASE64_UNAVAILABLE");
 }
 async function generateCipherText(options, config) {
   const warnings = [];
@@ -750,8 +825,9 @@ async function generateCipherText(options, config) {
     if (location) {
       locationData = location;
     } else if (gpsRequiredByConfig) {
-      throw new Error(
-        `GPS location is required for ${options.reason} by tenant configuration, but GPS was not available or permission was denied`
+      throw new VesantError(
+        `GPS location is required for ${options.reason} by tenant configuration, but GPS was not available or permission was denied`,
+        "GPS_REQUIRED"
       );
     } else {
       warnings.push("GPS location not available or permission denied");
@@ -845,10 +921,9 @@ var GeolocationClient = class extends BaseClient {
     if (!request.ip_address?.trim()) {
       throw new ValidationError("ip_address is required and must be a non-empty string", ["ip_address"]);
     }
-    const enrichedRequest = request.device_fingerprint ? request : { ...request, device_fingerprint: collectDeviceFingerprint() };
     return this.requestWithRetry("/api/v1/geo/verify", {
       method: "POST",
-      body: JSON.stringify(enrichedRequest)
+      body: JSON.stringify(request)
     }, void 0, void 0, requestOptions);
   }
   /**
@@ -1252,24 +1327,6 @@ var GeolocationClient = class extends BaseClient {
   // Utility Methods (inherited from BaseClient: healthCheck, updateConfig, getConfig, buildQueryString)
   // ============================================================================
 };
-function collectDeviceFingerprint() {
-  const deviceId = generateDeviceId();
-  const browserInfo = getBrowserInfo();
-  const userAgent = typeof navigator !== "undefined" ? navigator.userAgent : "server";
-  const platform = typeof navigator !== "undefined" ? navigator.platform || "unknown" : "server";
-  return {
-    device_id: deviceId,
-    user_agent: userAgent,
-    platform,
-    browser: browserInfo.browser,
-    browser_version: browserInfo.browser_version,
-    os: browserInfo.os,
-    os_version: browserInfo.os_version,
-    screen_resolution: typeof screen !== "undefined" ? `${screen.width}x${screen.height}` : void 0,
-    language: typeof navigator !== "undefined" ? navigator.language : void 0,
-    timezone: Intl?.DateTimeFormat?.()?.resolvedOptions?.()?.timeZone
-  };
-}
 
 // src/risk-profile/client.ts
 var RiskProfileClient = class extends BaseClient {
@@ -1586,7 +1643,7 @@ var ComplianceClient = class {
     } catch (error) {
       if (this.config.debug) {
         this.logger.error("Registration verification failed", {
-          code: error instanceof Error ? error.code : void 0,
+          code: error instanceof VesantError ? error.code : void 0,
           message: error instanceof Error ? error.message : "Unknown error"
         });
       }
@@ -1618,23 +1675,23 @@ var ComplianceClient = class {
       blockReasons.push(...geoVerification.risk_reasons ?? []);
     }
     if (!geoVerification.is_compliant) {
-      if (!blockReasons.includes("non_compliant_jurisdiction")) {
-        blockReasons.push("non_compliant_jurisdiction");
+      if (!blockReasons.some((r) => r.code === "JURISDICTION_NON_COMPLIANT")) {
+        blockReasons.push(sdkReasons.jurisdictionNonCompliant());
       }
     }
     const jurisdiction = geoVerification.jurisdiction;
     if (jurisdiction) {
       if (jurisdiction.allow_registration === false) {
-        blockReasons.push("registration_not_allowed_in_jurisdiction");
+        blockReasons.push(sdkReasons.jurisdictionRegistrationDenied());
       }
       if (jurisdiction.status === "blocked" || jurisdiction.status === "sanctioned") {
-        if (!blockReasons.includes("blocked_jurisdiction")) {
-          blockReasons.push("blocked_jurisdiction");
+        if (!blockReasons.some((r) => r.code === "JURISDICTION_BLOCKED")) {
+          blockReasons.push(sdkReasons.jurisdictionBlocked(jurisdiction.country_name ?? "", jurisdiction.country_iso ?? ""));
         }
       }
       if (jurisdiction.status === "restricted" && jurisdiction.allow_registration === false) {
-        if (!blockReasons.includes("restricted_jurisdiction_no_registration")) {
-          blockReasons.push("restricted_jurisdiction_no_registration");
+        if (!blockReasons.some((r) => r.code === "JURISDICTION_RESTRICTED")) {
+          blockReasons.push(sdkReasons.jurisdictionRestricted());
         }
       }
     }
@@ -1642,25 +1699,30 @@ var ComplianceClient = class {
       blockReasons.push(...geoVerification.geofence_evaluation.reasons ?? []);
     }
     if (geoVerification.risk_level === "critical") {
-      if (!blockReasons.includes("critical_risk_level")) {
-        blockReasons.push("critical_risk_level");
+      if (!blockReasons.some((r) => r.code === "RISK_CRITICAL_LEVEL")) {
+        blockReasons.push(sdkReasons.riskCriticalLevel());
       }
     }
     if (cipherTextResult) {
       if (!cipherTextResult.valid) {
-        blockReasons.push("ciphertext_validation_failed");
+        blockReasons.push(sdkReasons.ciphertextInvalid());
       }
       if (cipherTextResult.risk?.is_blocked) {
         blockReasons.push(...cipherTextResult.risk.block_reasons || []);
       }
       if (cipherTextResult.risk?.location_mismatch) {
-        blockReasons.push("gps_ip_location_mismatch");
+        blockReasons.push(sdkReasons.gpsIPMismatch());
       }
     }
     if (geoVerification.gps_required && !cipherTextResult) {
-      blockReasons.push("gps_verification_required");
+      blockReasons.push(sdkReasons.gpsRequired());
     }
-    return [...new Set(blockReasons)];
+    const seen = /* @__PURE__ */ new Set();
+    return blockReasons.filter((r) => {
+      if (seen.has(r.code)) return false;
+      seen.add(r.code);
+      return true;
+    });
   }
   /**
    * Validate registration request has all required fields
@@ -2044,7 +2106,7 @@ var ComplianceClient = class {
     const blockReasons = [...geoVerification.risk_reasons ?? []];
     if (cipherTextResult) {
       if (!cipherTextResult.valid) {
-        blockReasons.push("ciphertext_validation_failed");
+        blockReasons.push(sdkReasons.ciphertextInvalid());
       }
       if (cipherTextResult.risk?.is_blocked) {
         blockReasons.push(...cipherTextResult.risk.block_reasons || []);
@@ -2052,12 +2114,18 @@ var ComplianceClient = class {
     }
     const gpsBlocked = geoVerification.gps_required && !cipherTextResult;
     if (gpsBlocked) {
-      blockReasons.push("gps_verification_required");
+      blockReasons.push(sdkReasons.gpsRequired());
     }
+    const seen = /* @__PURE__ */ new Set();
+    const dedupedBlockReasons = blockReasons.filter((r) => {
+      if (seen.has(r.code)) return false;
+      seen.add(r.code);
+      return true;
+    });
     return {
       allowed: geoVerification.is_compliant && !geoVerification.is_blocked && !cipherTextBlocked && !gpsBlocked,
       geolocation: geoVerification,
-      blockReasons: [...new Set(blockReasons)],
+      blockReasons: dedupedBlockReasons,
       processingTime: Date.now() - startTime,
       cipherTextValidation: cipherTextResult
     };
@@ -2160,31 +2228,31 @@ var ComplianceClient = class {
     const normalizedAmount = this.normalizeToUSD(amount, currency);
     if (normalizedAmount > 1e4) {
       riskScore += 30;
-      factors.push("high_transaction_amount");
+      factors.push(sdkReasons.transactionHighAmount(normalizedAmount, currency, 1e4));
     } else if (normalizedAmount > 5e3) {
       riskScore += 15;
-      factors.push("elevated_transaction_amount");
+      factors.push(sdkReasons.transactionElevatedAmount(normalizedAmount, currency, 5e3));
     }
     riskScore += geoVerification.risk_score * 0.4;
     if (geoVerification.risk_level === "high" || geoVerification.risk_level === "critical") {
-      factors.push("high_risk_location");
+      factors.push(sdkReasons.riskHighLocation());
     }
     riskScore += profile.risk_score * 0.3;
     if (profile.risk_category === "high" || profile.risk_category === "critical") {
-      factors.push("high_risk_customer");
+      factors.push(sdkReasons.riskHighCustomer());
     }
     if (geoVerification.location.is_vpn || geoVerification.location.is_proxy) {
       riskScore += 20;
-      factors.push("anonymization_detected");
+      factors.push(sdkReasons.anonymizationDetected());
     }
     if (profile.customer_status === "suspended") {
       riskScore += 50;
-      factors.push("account_suspended");
+      factors.push(sdkReasons.accountSuspended());
     }
     if (cipherTextResult) {
       if (cipherTextResult.risk?.location_mismatch) {
         riskScore += 20;
-        factors.push("gps_ip_location_mismatch");
+        factors.push(sdkReasons.gpsIPMismatch());
       }
       if (cipherTextResult.risk?.score) {
         riskScore += cipherTextResult.risk.score * 0.2;
@@ -2222,48 +2290,58 @@ var ComplianceClient = class {
     }
     if (profile) {
       if (profile.customer_status === "suspended") {
-        reasons.push("account_suspended");
+        reasons.push(sdkReasons.accountSuspended());
       }
       if (profile.has_sanctions) {
-        reasons.push("sanctions_match");
+        reasons.push(sdkReasons.sanctionsMatch());
       }
     }
     if (cipherTextResult) {
       if (!cipherTextResult.valid) {
-        reasons.push("ciphertext_validation_failed");
+        reasons.push(sdkReasons.ciphertextInvalid());
       }
       if (cipherTextResult.risk?.is_blocked) {
         reasons.push(...cipherTextResult.risk.block_reasons || []);
       }
     }
     if (geoVerification.gps_required && !cipherTextResult) {
-      reasons.push("gps_verification_required");
+      reasons.push(sdkReasons.gpsRequired());
     }
-    return [...new Set(reasons)];
+    const seen = /* @__PURE__ */ new Set();
+    return reasons.filter((r) => {
+      if (seen.has(r.code)) return false;
+      seen.add(r.code);
+      return true;
+    });
   }
   getTransactionBlockReasons(geoVerification, transactionRisk, jurisdictionAllowed, cipherTextResult) {
     const reasons = [];
     if (!geoVerification.is_compliant) {
-      reasons.push("non_compliant_jurisdiction");
+      reasons.push(sdkReasons.jurisdictionNonCompliant());
     }
     if (!jurisdictionAllowed) {
-      reasons.push("exceeds_jurisdiction_limit");
+      reasons.push(sdkReasons.transactionJurisdictionLimit());
     }
     if (!transactionRisk.allowed) {
       reasons.push(...transactionRisk.factors);
     }
     if (cipherTextResult) {
       if (!cipherTextResult.valid) {
-        reasons.push("ciphertext_validation_failed");
+        reasons.push(sdkReasons.ciphertextInvalid());
       }
       if (cipherTextResult.risk?.is_blocked) {
         reasons.push(...cipherTextResult.risk.block_reasons || []);
       }
     }
     if (geoVerification.gps_required && !cipherTextResult) {
-      reasons.push("gps_verification_required");
+      reasons.push(sdkReasons.gpsRequired());
     }
-    return [...new Set(reasons)];
+    const seen = /* @__PURE__ */ new Set();
+    return reasons.filter((r) => {
+      if (seen.has(r.code)) return false;
+      seen.add(r.code);
+      return true;
+    });
   }
   // ============================================================================
   // Location Request Methods
@@ -2481,6 +2559,6 @@ var ComplianceClient = class {
   }
 };
 
-export { ComplianceClient, DEFAULT_CURRENCY_RATES };
+export { ComplianceClient, DEFAULT_CURRENCY_RATES, sdkReasons };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map