@jackclaw/payment-vault 0.2.0

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+export { PaymentVault } from './vault';
+export { readPaymentLog, computeDailyTotal } from './isolation';
+export { SandboxPaymentProvider } from './sandbox';
+export type { SandboxPaymentResult } from './sandbox';
+/** True when PAYMENT_SANDBOX=true — no real payments are processed */
+export declare const isSandboxMode: boolean;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AACtC,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAA;AAClD,YAAY,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA;AAErD,sEAAsE;AACtE,eAAO,MAAM,aAAa,SAAyC,CAAA"}

package/dist/index.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isSandboxMode = exports.SandboxPaymentProvider = exports.computeDailyTotal = exports.readPaymentLog = exports.PaymentVault = void 0;
+var vault_1 = require("./vault");
+Object.defineProperty(exports, "PaymentVault", { enumerable: true, get: function () { return vault_1.PaymentVault; } });
+var isolation_1 = require("./isolation");
+Object.defineProperty(exports, "readPaymentLog", { enumerable: true, get: function () { return isolation_1.readPaymentLog; } });
+Object.defineProperty(exports, "computeDailyTotal", { enumerable: true, get: function () { return isolation_1.computeDailyTotal; } });
+var sandbox_1 = require("./sandbox");
+Object.defineProperty(exports, "SandboxPaymentProvider", { enumerable: true, get: function () { return sandbox_1.SandboxPaymentProvider; } });
+/** True when PAYMENT_SANDBOX=true — no real payments are processed */
+exports.isSandboxMode = process.env.PAYMENT_SANDBOX === 'true';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,iCAAsC;AAA7B,qGAAA,YAAY,OAAA;AACrB,yCAA+D;AAAtD,2GAAA,cAAc,OAAA;AAAE,8GAAA,iBAAiB,OAAA;AAC1C,qCAAkD;AAAzC,iHAAA,sBAAsB,OAAA;AAG/B,sEAAsE;AACzD,QAAA,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,MAAM,CAAA"}

package/dist/isolation.d.ts

@@ -0,0 +1,15 @@
+/**
+ * VaultIsolationStore — Payment Vault 隔离存储层
+ *
+ * 规则（同 Watchdog isolation 模式）：
+ *  - 存储路径 ~/.jackclaw/vault/<nodeId>/，独立于 Watchdog/Memory
+ *  - payments.jsonl chmod 444，只追加不可修改
+ *  - 本模块不暴露删除/覆盖接口
+ */
+import type { PaymentRequest } from '@jackclaw/protocol';
+declare const VAULT_BASE_DEFAULT: string;
+export declare function appendPaymentLog(baseDir: string, nodeId: string, entry: PaymentRequest): void;
+export declare function readPaymentLog(baseDir: string, nodeId: string): PaymentRequest[];
+export declare function computeDailyTotal(baseDir: string, nodeId: string): number;
+export { VAULT_BASE_DEFAULT };
+//# sourceMappingURL=isolation.d.ts.map

package/dist/isolation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"isolation.d.ts","sourceRoot":"","sources":["../src/isolation.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AAExD,QAAA,MAAM,kBAAkB,QAAgD,CAAA;AAYxE,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,cAAc,GACpB,IAAI,CAYN;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,GACb,cAAc,EAAE,CAMlB;AAID,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,GACb,MAAM,CAYR;AAED,OAAO,EAAE,kBAAkB,EAAE,CAAA"}

package/dist/isolation.js

@@ -0,0 +1,92 @@
+"use strict";
+/**
+ * VaultIsolationStore — Payment Vault 隔离存储层
+ *
+ * 规则（同 Watchdog isolation 模式）：
+ *  - 存储路径 ~/.jackclaw/vault/<nodeId>/，独立于 Watchdog/Memory
+ *  - payments.jsonl chmod 444，只追加不可修改
+ *  - 本模块不暴露删除/覆盖接口
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VAULT_BASE_DEFAULT = void 0;
+exports.appendPaymentLog = appendPaymentLog;
+exports.readPaymentLog = readPaymentLog;
+exports.computeDailyTotal = computeDailyTotal;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const VAULT_BASE_DEFAULT = path.join(os.homedir(), '.jackclaw', 'vault');
+exports.VAULT_BASE_DEFAULT = VAULT_BASE_DEFAULT;
+function nodeDir(baseDir, nodeId) {
+    return path.join(baseDir, nodeId);
+}
+function ensureDir(dir) {
+    fs.mkdirSync(dir, { recursive: true });
+}
+// ── Append-only payment log ──────────────────────────────────────────────────
+function appendPaymentLog(baseDir, nodeId, entry) {
+    const dir = nodeDir(baseDir, nodeId);
+    ensureDir(dir);
+    const filePath = path.join(dir, 'payments.jsonl');
+    // Temporarily unlock if exists
+    if (fs.existsSync(filePath)) {
+        try {
+            fs.chmodSync(filePath, 0o644);
+        }
+        catch { /* ignore */ }
+    }
+    fs.appendFileSync(filePath, JSON.stringify(entry) + '\n', 'utf8');
+    fs.chmodSync(filePath, 0o444);
+}
+function readPaymentLog(baseDir, nodeId) {
+    const filePath = path.join(nodeDir(baseDir, nodeId), 'payments.jsonl');
+    if (!fs.existsSync(filePath))
+        return [];
+    const lines = fs.readFileSync(filePath, 'utf8').split('\n').filter(Boolean);
+    return lines.map(line => JSON.parse(line));
+}
+// ── Daily totals (computed from log) ─────────────────────────────────────────
+function computeDailyTotal(baseDir, nodeId) {
+    const todayStart = new Date();
+    todayStart.setHours(0, 0, 0, 0);
+    const todayMs = todayStart.getTime();
+    const entries = readPaymentLog(baseDir, nodeId);
+    return entries
+        .filter(e => e.createdAt >= todayMs &&
+        (e.status === 'executed' || e.status === 'approved' || e.status === 'pending_human' || e.status === 'pending_compliance'))
+        .reduce((sum, e) => sum + e.amount, 0);
+}
+//# sourceMappingURL=isolation.js.map

package/dist/isolation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"isolation.js","sourceRoot":"","sources":["../src/isolation.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmBH,4CAgBC;AAED,wCASC;AAID,8CAeC;AA/DD,uCAAwB;AACxB,2CAA4B;AAC5B,uCAAwB;AAGxB,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,OAAO,CAAC,CAAA;AA4D/D,gDAAkB;AA1D3B,SAAS,OAAO,CAAC,OAAe,EAAE,MAAc;IAC9C,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;AACnC,CAAC;AAED,SAAS,SAAS,CAAC,GAAW;IAC5B,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;AACxC,CAAC;AAED,gFAAgF;AAEhF,SAAgB,gBAAgB,CAC9B,OAAe,EACf,MAAc,EACd,KAAqB;IAErB,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IACpC,SAAS,CAAC,GAAG,CAAC,CAAA;IACd,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAA;IAEjD,+BAA+B;IAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,IAAI,CAAC;YAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IAC9D,CAAC;IAED,EAAE,CAAC,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC,CAAA;IACjE,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;AAC/B,CAAC;AAED,SAAgB,cAAc,CAC5B,OAAe,EACf,MAAc;IAEd,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,gBAAgB,CAAC,CAAA;IACtE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,EAAE,CAAA;IAEvC,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAC3E,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,CAAC,CAAA;AAC9D,CAAC;AAED,gFAAgF;AAEhF,SAAgB,iBAAiB,CAC/B,OAAe,EACf,MAAc;IAEd,MAAM,UAAU,GAAG,IAAI,IAAI,EAAE,CAAA;IAC7B,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAA;IAC/B,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,EAAE,CAAA;IAEpC,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC/C,OAAO,OAAO;SACX,MAAM,CAAC,CAAC,CAAC,EAAE,CACV,CAAC,CAAC,SAAS,IAAI,OAAO;QACtB,CAAC,CAAC,CAAC,MAAM,KAAK,UAAU,IAAI,CAAC,CAAC,MAAM,KAAK,UAAU,IAAI,CAAC,CAAC,MAAM,KAAK,eAAe,IAAI,CAAC,CAAC,MAAM,KAAK,oBAAoB,CAAC,CAC1H;SACA,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAA;AAC1C,CAAC"}

package/dist/sandbox.d.ts

@@ -0,0 +1,24 @@
+/**
+ * PaymentVault Sandbox Mode
+ * 开发/测试环境使用，不发起真实支付
+ * PAYMENT_SANDBOX=true 时自动启用
+ */
+export interface SandboxPaymentResult {
+    transactionId: string;
+    status: "approved" | "declined" | "pending";
+    amount: number;
+    currency: string;
+    timestamp: number;
+    note: string;
+}
+export declare class SandboxPaymentProvider {
+    readonly isSandbox = true;
+    charge(amount: number, currency?: string, description?: string): Promise<SandboxPaymentResult>;
+    refund(transactionId: string, amount?: number): Promise<SandboxPaymentResult>;
+    static testCards: {
+        success: string;
+        decline: string;
+        insufficient: string;
+    };
+}
+//# sourceMappingURL=sandbox.d.ts.map

package/dist/sandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../src/sandbox.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,oBAAoB;IACnC,aAAa,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,UAAU,GAAG,UAAU,GAAG,SAAS,CAAA;IAC3C,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,IAAI,EAAE,MAAM,CAAA;CACb;AAED,qBAAa,sBAAsB;IACjC,QAAQ,CAAC,SAAS,QAAO;IAGnB,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,SAAQ,EAAE,WAAW,SAAK,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAiBzF,MAAM,CAAC,aAAa,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAanF,MAAM,CAAC,SAAS;;;;MAIf;CACF"}

package/dist/sandbox.js

@@ -0,0 +1,47 @@
+"use strict";
+/**
+ * PaymentVault Sandbox Mode
+ * 开发/测试环境使用，不发起真实支付
+ * PAYMENT_SANDBOX=true 时自动启用
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SandboxPaymentProvider = void 0;
+class SandboxPaymentProvider {
+    isSandbox = true;
+    // 模拟支付（固定成功，除非金额>9999）
+    async charge(amount, currency = "USD", description = "") {
+        void description;
+        await new Promise(r => setTimeout(r, 200)); // 模拟网络延迟
+        const approved = amount <= 9999;
+        return {
+            transactionId: `sandbox_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
+            status: approved ? "approved" : "declined",
+            amount,
+            currency,
+            timestamp: Date.now(),
+            note: approved
+                ? "✅ Sandbox payment approved — no real money moved"
+                : "❌ Sandbox decline — amount exceeds sandbox limit ($9,999)",
+        };
+    }
+    // 模拟退款
+    async refund(transactionId, amount) {
+        await new Promise(r => setTimeout(r, 100));
+        return {
+            transactionId: `refund_${transactionId}`,
+            status: "approved",
+            amount: amount ?? 0,
+            currency: "USD",
+            timestamp: Date.now(),
+            note: "✅ Sandbox refund approved",
+        };
+    }
+    // 生成测试卡号
+    static testCards = {
+        success: "4242 4242 4242 4242",
+        decline: "4000 0000 0000 0002",
+        insufficient: "4000 0000 0000 9995",
+    };
+}
+exports.SandboxPaymentProvider = SandboxPaymentProvider;
+//# sourceMappingURL=sandbox.js.map

package/dist/sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../src/sandbox.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAWH,MAAa,sBAAsB;IACxB,SAAS,GAAG,IAAI,CAAA;IAEzB,uBAAuB;IACvB,KAAK,CAAC,MAAM,CAAC,MAAc,EAAE,QAAQ,GAAG,KAAK,EAAE,WAAW,GAAG,EAAE;QAC7D,KAAK,WAAW,CAAA;QAChB,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAA,CAAE,SAAS;QACrD,MAAM,QAAQ,GAAG,MAAM,IAAI,IAAI,CAAA;QAC/B,OAAO;YACL,aAAa,EAAE,WAAW,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAC,CAAC,CAAC,EAAE;YAC/E,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU;YAC1C,MAAM;YACN,QAAQ;YACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,IAAI,EAAE,QAAQ;gBACZ,CAAC,CAAC,kDAAkD;gBACpD,CAAC,CAAC,2DAA2D;SAChE,CAAA;IACH,CAAC;IAED,OAAO;IACP,KAAK,CAAC,MAAM,CAAC,aAAqB,EAAE,MAAe;QACjD,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAA;QAC1C,OAAO;YACL,aAAa,EAAE,UAAU,aAAa,EAAE;YACxC,MAAM,EAAE,UAAU;YAClB,MAAM,EAAE,MAAM,IAAI,CAAC;YACnB,QAAQ,EAAE,KAAK;YACf,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,IAAI,EAAE,2BAA2B;SAClC,CAAA;IACH,CAAC;IAED,SAAS;IACT,MAAM,CAAC,SAAS,GAAG;QACjB,OAAO,EAAE,qBAAqB;QAC9B,OAAO,EAAE,qBAAqB;QAC9B,YAAY,EAAE,qBAAqB;KACpC,CAAA;;AAtCH,wDAuCC"}

package/dist/vault.d.ts

@@ -0,0 +1,43 @@
+/**
+ * PaymentVault — 隔离支付区核心类
+ *
+ * 状态机：pending_compliance → approved/pending_human → approved → executed
+ *                            → rejected (compliance fail or human reject)
+ *
+ * 安全约束：
+ * - Agent 不能直接执行支付，只能 submit → 合规检查 → 可能等人工审批 → execute
+ * - execute() 内部验证状态机，只有 approved 状态才能执行
+ * - 人工审批使用 HMAC-SHA256（同 Watchdog/HumanInLoop）
+ */
+import { type PaymentRequest, type PaymentVaultConfig, type ComplianceCheckResult, type Jurisdiction } from '@jackclaw/protocol';
+export declare class PaymentVault {
+    private config;
+    private baseDir;
+    readonly isSandboxMode: boolean;
+    /** In-memory index of active requests (persisted to JSONL on every mutation) */
+    private requests;
+    /** Per-node last-payment timestamp for cooldown enforcement */
+    private lastPaymentAt;
+    constructor(config: PaymentVaultConfig);
+    private warnSandbox;
+    checkCompliance(req: {
+        amount: number;
+        currency: string;
+        jurisdiction: Jurisdiction;
+        paymentMethod: string;
+        category: string;
+        nodeId: string;
+    }): ComplianceCheckResult;
+    submit(req: Omit<PaymentRequest, 'requestId' | 'status' | 'complianceResult' | 'humanApprovalRequired' | 'createdAt' | 'auditHash'>): PaymentRequest;
+    humanApprove(requestId: string, humanToken: string): PaymentRequest;
+    humanReject(requestId: string, humanToken: string, reason: string): PaymentRequest;
+    execute(requestId: string): PaymentRequest;
+    getDailyTotal(nodeId: string): number;
+    getAuditLog(nodeId: string): PaymentRequest[];
+    getPending(): PaymentRequest[];
+    getRequest(requestId: string): PaymentRequest;
+    generateHumanToken(requestId: string): string;
+    private verifyHumanToken;
+    private computeAuditHash;
+}
+//# sourceMappingURL=vault.d.ts.map

package/dist/vault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,YAAY,EAGlB,MAAM,oBAAoB,CAAA;AAQ3B,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,OAAO,CAAQ;IACvB,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAA;IAE/B,gFAAgF;IAChF,OAAO,CAAC,QAAQ,CAAoC;IAEpD,+DAA+D;IAC/D,OAAO,CAAC,aAAa,CAA4B;gBAErC,MAAM,EAAE,kBAAkB;IAMtC,OAAO,CAAC,WAAW;IAQnB,eAAe,CAAC,GAAG,EAAE;QACnB,MAAM,EAAE,MAAM,CAAA;QACd,QAAQ,EAAE,MAAM,CAAA;QAChB,YAAY,EAAE,YAAY,CAAA;QAC1B,aAAa,EAAE,MAAM,CAAA;QACrB,QAAQ,EAAE,MAAM,CAAA;QAChB,MAAM,EAAE,MAAM,CAAA;KACf,GAAG,qBAAqB;IAoDzB,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,cAAc,EAAE,WAAW,GAAG,QAAQ,GAAG,kBAAkB,GAAG,uBAAuB,GAAG,WAAW,GAAG,WAAW,CAAC,GAAG,cAAc;IAyCpJ,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,cAAc;IAmBnE,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,cAAc;IAsBlF,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,cAAc;IAmC1C,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IAIrC,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,cAAc,EAAE;IAI7C,UAAU,IAAI,cAAc,EAAE;IAM9B,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,cAAc;IAU7C,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAM7C,OAAO,CAAC,gBAAgB;IASxB,OAAO,CAAC,gBAAgB;CAKzB"}

package/dist/vault.js

@@ -0,0 +1,210 @@
+"use strict";
+/**
+ * PaymentVault — 隔离支付区核心类
+ *
+ * 状态机：pending_compliance → approved/pending_human → approved → executed
+ *                            → rejected (compliance fail or human reject)
+ *
+ * 安全约束：
+ * - Agent 不能直接执行支付，只能 submit → 合规检查 → 可能等人工审批 → execute
+ * - execute() 内部验证状态机，只有 approved 状态才能执行
+ * - 人工审批使用 HMAC-SHA256（同 Watchdog/HumanInLoop）
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PaymentVault = void 0;
+const crypto_1 = require("crypto");
+const protocol_1 = require("@jackclaw/protocol");
+const isolation_1 = require("./isolation");
+class PaymentVault {
+    config;
+    baseDir;
+    isSandboxMode;
+    /** In-memory index of active requests (persisted to JSONL on every mutation) */
+    requests = new Map();
+    /** Per-node last-payment timestamp for cooldown enforcement */
+    lastPaymentAt = new Map();
+    constructor(config) {
+        this.config = config;
+        this.baseDir = config.vaultDir || isolation_1.VAULT_BASE_DEFAULT;
+        this.isSandboxMode = process.env.PAYMENT_SANDBOX === 'true';
+    }
+    warnSandbox() {
+        if (this.isSandboxMode) {
+            console.warn('[payment] SANDBOX MODE — no real payments');
+        }
+    }
+    // ── Compliance Engine ────────────────────────────────────────────────────────
+    checkCompliance(req) {
+        const rule = protocol_1.COMPLIANCE_RULES[req.jurisdiction] ?? protocol_1.COMPLIANCE_RULES['GLOBAL'];
+        const violations = [];
+        // 1. Prohibited category
+        if (rule.prohibitedCategories.includes(req.category)) {
+            violations.push(`Category "${req.category}" is prohibited in ${req.jurisdiction}`);
+        }
+        // 2. Payment method whitelist (empty = needs manual config)
+        if (rule.allowedPaymentMethods.length > 0 && !rule.allowedPaymentMethods.includes(req.paymentMethod)) {
+            violations.push(`Payment method "${req.paymentMethod}" not allowed in ${req.jurisdiction}`);
+        }
+        if (rule.allowedPaymentMethods.length === 0) {
+            violations.push(`No payment methods configured for ${req.jurisdiction} — requires manual setup`);
+        }
+        // 3. Daily limit
+        const dailyTotal = (0, isolation_1.computeDailyTotal)(this.baseDir, req.nodeId);
+        if (dailyTotal + req.amount > rule.maxDailyLimit) {
+            violations.push(`Daily limit exceeded: current $${dailyTotal} + $${req.amount} > $${rule.maxDailyLimit}`);
+        }
+        // 4. Cooldown
+        const lastTs = this.lastPaymentAt.get(req.nodeId);
+        if (lastTs && rule.cooldownSeconds > 0) {
+            const elapsed = (Date.now() - lastTs) / 1000;
+            if (elapsed < rule.cooldownSeconds) {
+                violations.push(`Cooldown: ${Math.ceil(rule.cooldownSeconds - elapsed)}s remaining`);
+            }
+        }
+        // Determine auto-approve or human required
+        const requiresHuman = req.amount > rule.autoApproveLimit || req.amount > rule.requireHumanAbove;
+        const autoApproved = violations.length === 0 && !requiresHuman;
+        return {
+            passed: violations.length === 0,
+            jurisdiction: req.jurisdiction,
+            rule,
+            violations,
+            requiresHuman,
+            autoApproved,
+        };
+    }
+    // ── Submit (Agent entry point) ─────────────────────────────────────────────
+    submit(req) {
+        this.warnSandbox();
+        const requestId = (0, crypto_1.randomUUID)();
+        // Run compliance
+        const complianceResult = this.checkCompliance({
+            amount: req.amount,
+            currency: req.currency,
+            jurisdiction: req.jurisdiction,
+            paymentMethod: req.paymentMethod,
+            category: req.category,
+            nodeId: req.nodeId,
+        });
+        let status;
+        if (!complianceResult.passed) {
+            status = 'rejected';
+        }
+        else if (complianceResult.autoApproved) {
+            status = 'approved';
+        }
+        else {
+            status = 'pending_human';
+        }
+        const payment = {
+            ...req,
+            requestId,
+            status,
+            complianceResult,
+            humanApprovalRequired: complianceResult.requiresHuman,
+            createdAt: Date.now(),
+            auditHash: this.computeAuditHash(requestId, req.amount, req.nodeId),
+        };
+        this.requests.set(requestId, payment);
+        (0, isolation_1.appendPaymentLog)(this.baseDir, req.nodeId, payment);
+        return payment;
+    }
+    // ── Human Approve / Reject ─────────────────────────────────────────────────
+    humanApprove(requestId, humanToken) {
+        this.warnSandbox();
+        const payment = this.getRequest(requestId);
+        if (payment.status !== 'pending_human') {
+            throw new Error(`Cannot approve: status is "${payment.status}", expected "pending_human"`);
+        }
+        if (!this.verifyHumanToken(requestId, humanToken)) {
+            throw new Error('Invalid human-token. Unauthorized.');
+        }
+        payment.status = 'approved';
+        payment.humanApprovedBy = `human:${humanToken.slice(0, 8)}`;
+        payment.humanApprovedAt = Date.now();
+        this.requests.set(requestId, payment);
+        (0, isolation_1.appendPaymentLog)(this.baseDir, payment.nodeId, payment);
+        return payment;
+    }
+    humanReject(requestId, humanToken, reason) {
+        this.warnSandbox();
+        const payment = this.getRequest(requestId);
+        if (payment.status !== 'pending_human') {
+            throw new Error(`Cannot reject: status is "${payment.status}", expected "pending_human"`);
+        }
+        if (!this.verifyHumanToken(requestId, humanToken)) {
+            throw new Error('Invalid human-token. Unauthorized.');
+        }
+        payment.status = 'rejected';
+        payment.failureReason = reason;
+        payment.humanApprovedBy = `human:${humanToken.slice(0, 8)}`;
+        payment.humanApprovedAt = Date.now();
+        this.requests.set(requestId, payment);
+        (0, isolation_1.appendPaymentLog)(this.baseDir, payment.nodeId, payment);
+        return payment;
+    }
+    // ── Execute (state-machine enforced) ───────────────────────────────────────
+    execute(requestId) {
+        this.warnSandbox();
+        const payment = this.getRequest(requestId);
+        if (payment.status !== 'approved') {
+            throw new Error(`Cannot execute: status is "${payment.status}". Only "approved" payments can be executed.`);
+        }
+        // Verify audit hash integrity
+        const expectedHash = this.computeAuditHash(requestId, payment.amount, payment.nodeId);
+        if (payment.auditHash !== expectedHash) {
+            payment.status = 'failed';
+            payment.failureReason = 'Audit hash mismatch — possible tampering';
+            this.requests.set(requestId, payment);
+            (0, isolation_1.appendPaymentLog)(this.baseDir, payment.nodeId, payment);
+            throw new Error('Audit hash verification failed');
+        }
+        // Execute (log-only in this version — no real payment gateway)
+        payment.status = 'executed';
+        payment.executedAt = Date.now();
+        this.lastPaymentAt.set(payment.nodeId, Date.now());
+        this.requests.set(requestId, payment);
+        (0, isolation_1.appendPaymentLog)(this.baseDir, payment.nodeId, payment);
+        console.log(`[vault] Payment executed: ${requestId} | $${payment.amount} ${payment.currency} → ${payment.recipient} | node=${payment.nodeId}`);
+        return payment;
+    }
+    // ── Read-only queries ──────────────────────────────────────────────────────
+    getDailyTotal(nodeId) {
+        return (0, isolation_1.computeDailyTotal)(this.baseDir, nodeId);
+    }
+    getAuditLog(nodeId) {
+        return (0, isolation_1.readPaymentLog)(this.baseDir, nodeId);
+    }
+    getPending() {
+        return Array.from(this.requests.values()).filter(r => r.status === 'pending_human');
+    }
+    getRequest(requestId) {
+        const payment = this.requests.get(requestId);
+        if (!payment) {
+            throw new Error(`Payment request ${requestId} not found`);
+        }
+        return payment;
+    }
+    // ── HMAC token (same mechanism as Watchdog/HumanInLoop) ────────────────────
+    generateHumanToken(requestId) {
+        return (0, crypto_1.createHmac)('sha256', this.config.humanTokenSecret)
+            .update(requestId)
+            .digest('hex');
+    }
+    verifyHumanToken(requestId, token) {
+        const expected = this.generateHumanToken(requestId);
+        try {
+            return (0, crypto_1.timingSafeEqual)(Buffer.from(expected, 'hex'), Buffer.from(token, 'hex'));
+        }
+        catch {
+            return false;
+        }
+    }
+    computeAuditHash(requestId, amount, nodeId) {
+        return (0, crypto_1.createHmac)('sha256', this.config.humanTokenSecret)
+            .update(`${requestId}:${amount}:${nodeId}`)
+            .digest('hex');
+    }
+}
+exports.PaymentVault = PaymentVault;
+//# sourceMappingURL=vault.js.map

package/dist/vault.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault.js","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAEH,mCAAgE;AAChE,iDAO2B;AAC3B,2CAKoB;AAEpB,MAAa,YAAY;IACf,MAAM,CAAoB;IAC1B,OAAO,CAAQ;IACd,aAAa,CAAS;IAE/B,gFAAgF;IACxE,QAAQ,GAAG,IAAI,GAAG,EAA0B,CAAA;IAEpD,+DAA+D;IACvD,aAAa,GAAG,IAAI,GAAG,EAAkB,CAAA;IAEjD,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,QAAQ,IAAI,8BAAkB,CAAA;QACpD,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,MAAM,CAAA;IAC7D,CAAC;IAEO,WAAW;QACjB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAA;QAC3D,CAAC;IACH,CAAC;IAED,gFAAgF;IAEhF,eAAe,CAAC,GAOf;QACC,MAAM,IAAI,GAAG,2BAAgB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,2BAAgB,CAAC,QAAQ,CAAC,CAAA;QAC7E,MAAM,UAAU,GAAa,EAAE,CAAA;QAE/B,yBAAyB;QACzB,IAAI,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrD,UAAU,CAAC,IAAI,CAAC,aAAa,GAAG,CAAC,QAAQ,sBAAsB,GAAG,CAAC,YAAY,EAAE,CAAC,CAAA;QACpF,CAAC;QAED,4DAA4D;QAC5D,IAAI,IAAI,CAAC,qBAAqB,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;YACrG,UAAU,CAAC,IAAI,CAAC,mBAAmB,GAAG,CAAC,aAAa,oBAAoB,GAAG,CAAC,YAAY,EAAE,CAAC,CAAA;QAC7F,CAAC;QACD,IAAI,IAAI,CAAC,qBAAqB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5C,UAAU,CAAC,IAAI,CAAC,qCAAqC,GAAG,CAAC,YAAY,0BAA0B,CAAC,CAAA;QAClG,CAAC;QAED,iBAAiB;QACjB,MAAM,UAAU,GAAG,IAAA,6BAAiB,EAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;QAC9D,IAAI,UAAU,GAAG,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YACjD,UAAU,CAAC,IAAI,CACb,kCAAkC,UAAU,OAAO,GAAG,CAAC,MAAM,OAAO,IAAI,CAAC,aAAa,EAAE,CACzF,CAAA;QACH,CAAC;QAED,cAAc;QACd,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACjD,IAAI,MAAM,IAAI,IAAI,CAAC,eAAe,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,GAAG,IAAI,CAAA;YAC5C,IAAI,OAAO,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;gBACnC,UAAU,CAAC,IAAI,CACb,aAAa,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,aAAa,CACpE,CAAA;YACH,CAAC;QACH,CAAC;QAED,2CAA2C;QAC3C,MAAM,aAAa,GAAG,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,gBAAgB,IAAI,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAA;QAC/F,MAAM,YAAY,GAAG,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,CAAA;QAE9D,OAAO;YACL,MAAM,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;YAC/B,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,IAAI;YACJ,UAAU;YACV,aAAa;YACb,YAAY;SACb,CAAA;IACH,CAAC;IAED,8EAA8E;IAE9E,MAAM,CAAC,GAA4H;QACjI,IAAI,CAAC,WAAW,EAAE,CAAA;QAClB,MAAM,SAAS,GAAG,IAAA,mBAAU,GAAE,CAAA;QAE9B,iBAAiB;QACjB,MAAM,gBAAgB,GAAG,IAAI,CAAC,eAAe,CAAC;YAC5C,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,aAAa,EAAE,GAAG,CAAC,aAAa;YAChC,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,MAAM,EAAE,GAAG,CAAC,MAAM;SACnB,CAAC,CAAA;QAEF,IAAI,MAAqB,CAAA;QACzB,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC;YAC7B,MAAM,GAAG,UAAU,CAAA;QACrB,CAAC;aAAM,IAAI,gBAAgB,CAAC,YAAY,EAAE,CAAC;YACzC,MAAM,GAAG,UAAU,CAAA;QACrB,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,eAAe,CAAA;QAC1B,CAAC;QAED,MAAM,OAAO,GAAmB;YAC9B,GAAG,GAAG;YACN,SAAS;YACT,MAAM;YACN,gBAAgB;YAChB,qBAAqB,EAAE,gBAAgB,CAAC,aAAa;YACrD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,SAAS,EAAE,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC;SACpE,CAAA;QAED,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;QACrC,IAAA,4BAAgB,EAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QAEnD,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,8EAA8E;IAE9E,YAAY,CAAC,SAAiB,EAAE,UAAkB;QAChD,IAAI,CAAC,WAAW,EAAE,CAAA;QAClB,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAA;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,8BAA8B,OAAO,CAAC,MAAM,6BAA6B,CAAC,CAAA;QAC5F,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;QACvD,CAAC;QAED,OAAO,CAAC,MAAM,GAAG,UAAU,CAAA;QAC3B,OAAO,CAAC,eAAe,GAAG,SAAS,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAA;QAC3D,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACpC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;QACrC,IAAA,4BAAgB,EAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QAEvD,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,WAAW,CAAC,SAAiB,EAAE,UAAkB,EAAE,MAAc;QAC/D,IAAI,CAAC,WAAW,EAAE,CAAA;QAClB,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAA;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,CAAC,MAAM,6BAA6B,CAAC,CAAA;QAC3F,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;QACvD,CAAC;QAED,OAAO,CAAC,MAAM,GAAG,UAAU,CAAA;QAC3B,OAAO,CAAC,aAAa,GAAG,MAAM,CAAA;QAC9B,OAAO,CAAC,eAAe,GAAG,SAAS,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAA;QAC3D,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACpC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;QACrC,IAAA,4BAAgB,EAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QAEvD,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,8EAA8E;IAE9E,OAAO,CAAC,SAAiB;QACvB,IAAI,CAAC,WAAW,EAAE,CAAA;QAClB,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAA;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CACb,8BAA8B,OAAO,CAAC,MAAM,8CAA8C,CAC3F,CAAA;QACH,CAAC;QAED,8BAA8B;QAC9B,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;QACrF,IAAI,OAAO,CAAC,SAAS,KAAK,YAAY,EAAE,CAAC;YACvC,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAA;YACzB,OAAO,CAAC,aAAa,GAAG,0CAA0C,CAAA;YAClE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;YACrC,IAAA,4BAAgB,EAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YACvD,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;QACnD,CAAC;QAED,+DAA+D;QAC/D,OAAO,CAAC,MAAM,GAAG,UAAU,CAAA;QAC3B,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAC/B,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;QAClD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;QACrC,IAAA,4BAAgB,EAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QAEvD,OAAO,CAAC,GAAG,CACT,6BAA6B,SAAS,OAAO,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,QAAQ,MAAM,OAAO,CAAC,SAAS,WAAW,OAAO,CAAC,MAAM,EAAE,CAClI,CAAA;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,8EAA8E;IAE9E,aAAa,CAAC,MAAc;QAC1B,OAAO,IAAA,6BAAiB,EAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAChD,CAAC;IAED,WAAW,CAAC,MAAc;QACxB,OAAO,IAAA,0BAAc,EAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC7C,CAAC;IAED,UAAU;QACR,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAC9C,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,eAAe,CAClC,CAAA;IACH,CAAC;IAED,UAAU,CAAC,SAAiB;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAC5C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,mBAAmB,SAAS,YAAY,CAAC,CAAA;QAC3D,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,8EAA8E;IAE9E,kBAAkB,CAAC,SAAiB;QAClC,OAAO,IAAA,mBAAU,EAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;aACtD,MAAM,CAAC,SAAS,CAAC;aACjB,MAAM,CAAC,KAAK,CAAC,CAAA;IAClB,CAAC;IAEO,gBAAgB,CAAC,SAAiB,EAAE,KAAa;QACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAA;QACnD,IAAI,CAAC;YACH,OAAO,IAAA,wBAAe,EAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAA;QACjF,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,SAAiB,EAAE,MAAc,EAAE,MAAc;QACxE,OAAO,IAAA,mBAAU,EAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;aACtD,MAAM,CAAC,GAAG,SAAS,IAAI,MAAM,IAAI,MAAM,EAAE,CAAC;aAC1C,MAAM,CAAC,KAAK,CAAC,CAAA;IAClB,CAAC;CACF;AArPD,oCAqPC"}

package/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "@jackclaw/payment-vault",
+  "version": "0.2.0",
+  "description": "JackClaw Payment Vault — isolated compliance-first payment engine",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "clean": "rm -rf dist",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "@jackclaw/protocol": "^0.2.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.4.0",
+    "@types/node": "^20.0.0"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "license": "MIT",
+  "keywords": [
+    "jackclaw",
+    "payment",
+    "compliance",
+    "vault"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/DevJackKong/JackClawOS.git"
+  },
+  "homepage": "https://github.com/DevJackKong/JackClawOS#readme"
+}