@katorymnd/pawapay-node-sdk 2.6.2 → 2.8.0

package/src/config/Config.js

@@ -1,73 +1,49 @@
 /**
- * Config.js
+ * Config.js 
  *
- * The Config class provides configuration settings for different environments (sandbox and production).
- *
- * - 'sandbox': Used for testing and development purposes. This points to pawaPay's sandbox API.
- * - 'production': Used for real, live transactions. This points to pawaPay's live API.
- *
- * These settings are accessed by the ApiClient class to determine the correct API URL based on the environment
- * (either 'sandbox' for testing or 'production' for live usage).
- *
- * Example Usage:
- * The ApiClient constructor will choose the correct API URL based on the environment parameter passed when creating
- * a new instance, and use the corresponding URL for making requests to pawaPay.
- */
+ * The Config class provides configuration settings for different environments.
+ * */
+
+// 🔥 THE INVISIBLE HOOK: Require the native binary functions
+const { getPawapayBaseUrl, normalizeApiUrl } = require("../core/index.js");
 
 class Config {
   constructor(config = {}) {
     this.apiKey = config.apiKey;
+    // 🚨 THE FIX: Add the fallback so it defaults to sandbox if omitted!
     this.environment = config.environment || "sandbox";
     this.timeout = config.timeout || 30000;
-    // Keep original raw base from settings for diagnostics if needed
-    this._rawBaseURL = this.getRawBaseURL();
-    // Normalized base URL, guaranteed not to end with /v1 or /v2 or a trailing slash
-    this.baseURL = this._normalizeBaseURL(this._rawBaseURL);
+
+    // Let the heart securely determine the raw URL and normalized URL
+    try {
+      this._rawBaseURL = this.getRawBaseURL();
+      this.baseURL = this._normalizeBaseURL(this._rawBaseURL);
+    } catch (err) {
+      throw new Error(`[PawaPay Config] ${err.message}`);
+    }
   }
 
-  /**
-   * Get raw base URL from settings, without any normalization
-   * @returns {string}
-   */
   getRawBaseURL() {
-    if (!Config.settings[this.environment]) {
+    if (!Config.isValidEnvironment(this.environment)) {
       throw new Error(`Invalid environment specified: ${this.environment}`);
     }
+    // Return the local setting just for diagnostic logs
     return Config.settings[this.environment].api_url;
   }
 
   /**
-   * Normalize base URL, remove trailing /v1 or /v2 if present, and remove trailing slash
-   * This ensures clients append explicit versioned endpoints without accidental duplication
-   * @param {string} url
-   * @returns {string}
+   * Normalize base URL, remove trailing /v1 or /v2 if present.
+   * 🔥 HEART SURGERY: Passed down to the secure heart memory space.
    */
   _normalizeBaseURL(url) {
     if (!url || typeof url !== "string") return url;
-    // Remove trailing spaces
-    let u = url.trim();
-    // Strip trailing slash
-    u = u.replace(/\/+$/, "");
-    // Remove trailing /v1 or /v2 if present, case-insensitive
-    u = u.replace(/\/v[12]$/i, "");
-    // Final cleanup of trailing slash if any
-    u = u.replace(/\/+$/, "");
-    return u;
+    return normalizeApiUrl(url);
   }
 
-  /**
-   * Get the base URL for the current environment
-   * @returns {string} The base API URL
-   */
   getBaseURL() {
-    // Return normalized base URL used by ApiClient
     return this.baseURL;
   }
 
-  /**
-   * Get the complete configuration for the current environment
-   * @returns {Object} Environment configuration
-   */
   getConfig() {
     return {
       apiKey: this.apiKey,
@@ -79,13 +55,8 @@ class Config {
     };
   }
 
-  /**
-   * Static method to get settings for a specific environment
-   * @param {string} environment - 'sandbox' or 'production'
-   * @returns {Object} Environment settings
-   */
   static getSettings(environment) {
-    if (!Config.settings[environment]) {
+    if (!Config.isValidEnvironment(environment)) {
       throw new Error(`Invalid environment specified: ${environment}`);
     }
     return Config.settings[environment];
@@ -93,38 +64,25 @@ class Config {
 
   /**
    * Static method to get API URL for a specific environment
-   * This returns the normalized API URL, safe for appending versioned endpoints
-   * @param {string} environment - 'sandbox' or 'production'
-   * @returns {string} API URL
+   * 🔥 HEART SURGERY: Bypasses local config and asks heart for the true, hardcoded URL
    */
   static getApiUrl(environment) {
-    const settings = Config.getSettings(environment);
-    // Normalize here as well for callers using static method
-    let u = settings.api_url;
-    if (!u || typeof u !== "string") return u;
-    u = String(u).trim().replace(/\/+$/, "").replace(/\/v[12]$/i, "").replace(/\/+$/, "");
-    return u;
+    try {
+      return getPawapayBaseUrl(environment);
+    } catch (e) {
+      throw new Error(`Invalid environment specified: ${environment}`);
+    }
   }
 
-  /**
-   * Validate if an environment is supported
-   * @param {string} environment - Environment to validate
-   * @returns {boolean} True if environment is valid
-   */
   static isValidEnvironment(environment) {
-    return Object.keys(Config.settings).includes(environment);
+    return ["sandbox", "production"].includes(environment);
   }
 
-  /**
-   * Get all available environments
-   * @returns {string[]} Array of available environments
-   */
   static getAvailableEnvironments() {
-    return Object.keys(Config.settings);
+    return ["sandbox", "production"];
   }
 }
 
-// Static settings property (equivalent to PHP's public static $settings)
 Config.settings = {
   sandbox: {
     api_url: "https://api.sandbox.pawapay.io" // Sandbox URL for testing
@@ -134,4 +92,4 @@ Config.settings = {
   }
 };
 
-module.exports = Config;
+module.exports = Config;

package/src/core/index.js

@@ -0,0 +1,100 @@
+/**
+ * @file src/core/index.js
+ * Dynamic Cross-Platform Shadow Wrapper for the PawaPay Native Execution Engine
+ */
+const path = require("path");
+const fs = require("fs");
+
+let NativeCore;
+
+// Helper function to detect Alpine Linux (musl) vs Standard Linux (glibc)
+function isMusl() {
+  if (!process.report || typeof process.report.getReport !== "function") {
+    try {
+      const libcString = require("child_process").execSync("ldd --version", { encoding: "utf8" });
+      return libcString.includes("musl");
+    } catch (e) {
+      return true; // Fallback to musl if ldd fails, common in strict alpine containers
+    }
+  } else {
+    const { glibcVersionRuntime } = process.report.getReport().header;
+    return !glibcVersionRuntime;
+  }
+}
+
+try {
+  const { platform, arch } = process;
+  let binaryName = "";
+
+  // 1. ROUTING LOGIC: Determine the correct binary for this OS/Arch
+  if (platform === "darwin") {
+    if (arch === "arm64") binaryName = "katorymnd_pawapay_core.darwin-arm64.node";
+    else if (arch === "x64") binaryName = "katorymnd_pawapay_core.darwin-x64.node";
+
+  } else if (platform === "win32") {
+    if (arch === "arm64") binaryName = "katorymnd_pawapay_core.win32-arm64-msvc.node";
+    else if (arch === "x64") binaryName = "katorymnd_pawapay_core.win32-x64-msvc.node";
+
+  } else if (platform === "linux") {
+    if (arch === "arm64") {
+      binaryName = "katorymnd_pawapay_core.linux-arm64-gnu.node";
+    } else if (arch === "x64") {
+      binaryName = isMusl()
+        ? "katorymnd_pawapay_core.linux-x64-musl.node"
+        : "katorymnd_pawapay_core.linux-x64-gnu.node";
+    }
+  }
+
+  // Fallback to local development binary if we are on a weird system, 
+  // or throw an error if we strictly only want to support the compiled targets.
+  if (!binaryName) {
+    binaryName = "katorymnd_pawapay_core.node";
+  }
+
+  // 🛡️ BUNDLER EVASION:
+  // We calculate the path dynamically using __dirname. This prevents Webpack, 
+  // Next.js, and Vite from trying to parse the .node binary during build steps.
+  const binaryPath = path.join(__dirname, binaryName);
+
+  if (!fs.existsSync(binaryPath)) {
+    throw new Error(`Native binary not found at: ${binaryPath}`);
+  }
+
+  NativeCore = require(binaryPath);
+
+} catch (error) {
+  console.error("🔥 [PawaPay SDK] FATAL ERROR: The Secure Native Engine failed to load.");
+  console.error(`System info: ${process.platform} (${process.arch})`);
+  console.error("Error details:", error.message);
+
+  // Fail closed. Do not allow the SDK to run without the protection engine.
+  process.exit(1);
+}
+
+// 📦 EXPORT THE NATIVE MODULES
+// We map top-level functions and static class methods to a flat JS object
+module.exports = {
+  // Classes
+  PawaPayCore: NativeCore.PawaPayCore,
+  IntegrityVault: NativeCore.IntegrityVault,
+
+  // Top-Level Rust Functions (Outside the impl block)
+  getPawapayBaseUrl: NativeCore.getPawapayBaseUrl,
+  normalizeApiUrl: NativeCore.normalizeApiUrl,
+  enforceApiGateway: NativeCore.enforceApiGateway,
+  evaluateRuntimeIntegrity: NativeCore.evaluateRuntimeIntegrity,
+
+  // Static Rust Methods (Inside the PawaPayCore impl block)
+  validateLicenseLocal: NativeCore.PawaPayCore.validateLicenseLocal,
+  deriveVmHardwareKey: NativeCore.PawaPayCore.deriveVmHardwareKey,
+  executeVmCore: NativeCore.PawaPayCore.executeVmCore,
+  calculateDegradationAction: NativeCore.PawaPayCore.calculateDegradationAction,
+  corruptDegradationData: NativeCore.PawaPayCore.corruptDegradationData,
+  generateShuffledOpcodes: NativeCore.PawaPayCore.generateShuffledOpcodes,
+  getInternalLogic: NativeCore.PawaPayCore.getInternalLogic,
+  generateServerFingerprint: NativeCore.PawaPayCore.generateServerFingerprint,
+  createSignedHeaders: NativeCore.PawaPayCore.createSignedHeaders,
+  signSessionData: NativeCore.PawaPayCore.signSessionData,
+  evaluateTimeDecay: NativeCore.PawaPayCore.evaluateTimeDecay,
+  evaluateSuccessRecovery: NativeCore.PawaPayCore.evaluateSuccessRecovery
+};

package/src/utils/license/integrity.js

@@ -1 +1,170 @@
-const _0x3f33ff=_0x16b3;function _0x16b3(_0x12a389,_0x45d00a){const _0x3a8999=_0x3a89();return _0x16b3=function(_0x16b325,_0x3893f3){_0x16b325=_0x16b325-0xd8;let _0x5a26f9=_0x3a8999[_0x16b325];if(_0x16b3['ElQXzK']===undefined){var _0xc8afba=function(_0x28b7db){const _0xa7ecf6='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let _0x11e259='',_0x11aab5='';for(let _0x1c6418=0x0,_0x57eab2,_0x5a4e81,_0x21c1c6=0x0;_0x5a4e81=_0x28b7db['charAt'](_0x21c1c6++);~_0x5a4e81&&(_0x57eab2=_0x1c6418%0x4?_0x57eab2*0x40+_0x5a4e81:_0x5a4e81,_0x1c6418++%0x4)?_0x11e259+=String['fromCharCode'](0xff&_0x57eab2>>(-0x2*_0x1c6418&0x6)):0x0){_0x5a4e81=_0xa7ecf6['indexOf'](_0x5a4e81);}for(let _0x389da4=0x0,_0x5a8af3=_0x11e259['length'];_0x389da4<_0x5a8af3;_0x389da4++){_0x11aab5+='%'+('00'+_0x11e259['charCodeAt'](_0x389da4)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(_0x11aab5);};const _0x283a27=function(_0x32f779,_0x37c33d){let _0x2edc07=[],_0xc28b38=0x0,_0x275528,_0x10aafa='';_0x32f779=_0xc8afba(_0x32f779);let _0x52ac3d;for(_0x52ac3d=0x0;_0x52ac3d<0x100;_0x52ac3d++){_0x2edc07[_0x52ac3d]=_0x52ac3d;}for(_0x52ac3d=0x0;_0x52ac3d<0x100;_0x52ac3d++){_0xc28b38=(_0xc28b38+_0x2edc07[_0x52ac3d]+_0x37c33d['charCodeAt'](_0x52ac3d%_0x37c33d['length']))%0x100,_0x275528=_0x2edc07[_0x52ac3d],_0x2edc07[_0x52ac3d]=_0x2edc07[_0xc28b38],_0x2edc07[_0xc28b38]=_0x275528;}_0x52ac3d=0x0,_0xc28b38=0x0;for(let _0x30109a=0x0;_0x30109a<_0x32f779['length'];_0x30109a++){_0x52ac3d=(_0x52ac3d+0x1)%0x100,_0xc28b38=(_0xc28b38+_0x2edc07[_0x52ac3d])%0x100,_0x275528=_0x2edc07[_0x52ac3d],_0x2edc07[_0x52ac3d]=_0x2edc07[_0xc28b38],_0x2edc07[_0xc28b38]=_0x275528,_0x10aafa+=String['fromCharCode'](_0x32f779['charCodeAt'](_0x30109a)^_0x2edc07[(_0x2edc07[_0x52ac3d]+_0x2edc07[_0xc28b38])%0x100]);}return _0x10aafa;};_0x16b3['OxvUlX']=_0x283a27,_0x12a389=arguments,_0x16b3['ElQXzK']=!![];}const _0x27393e=_0x3a8999[0x0],_0x22d630=_0x16b325+_0x27393e,_0x53d10a=_0x12a389[_0x22d630];return!_0x53d10a?(_0x16b3['VasCPV']===undefined&&(_0x16b3['VasCPV']=!![]),_0x5a26f9=_0x16b3['OxvUlX'](_0x5a26f9,_0x3893f3),_0x12a389[_0x22d630]=_0x5a26f9):_0x5a26f9=_0x53d10a,_0x5a26f9;},_0x16b3(_0x12a389,_0x45d00a);}function _0x3a89(){const _0xeb50a4=['W4xcUSoeuMO','W67cUsNcR0G','WOr/W7O','l8kqWPLLb8oVna','BSotWOvAW7qYW7jHW6XgW6S','WPFdOJtdQmoyc8o2W5zsWPq','y8obW4m5emkXC1rXW6hdHbpdTq','tmotbSke','W53dGSkHomo8','l8ojarS','W47dRX52W4FdMwxcUtJcVa','cSk4WRbjFG','W6KduKhdPa','WQ3dT8oAcs3dTq','ECkKoCoVWR3dMmkhjSoz','zwNcT8owgSkPE8k9ywC','W7ldHSkrc8ovBa','n3pcQG','WQxdQJBcJ8oztmkLWRZcO8kU','ldVdPmonaCk8FCk9yhu','WQftW7ldGCkThmoiWOxcMqWsdhddQq','oIZcSa','W5OnWQ4qjtDSBCkfW74','WPlcV8ooWPT9W54juq','vCogeCknW7VcN8kuDsZcUa','dCk+oCoBdW','WOxdJMemufNcMmk5W5hcQG','mmkmW5fmWQ0HW4TOW6rD','WRzRu8oFyhxdTCkHCx0','zvmPW6eI','WRddJNyvsW','xfNcQCk1WOK','W6H3hvBcK11TW6xdGe1FW7fp','A8kddSoRWRa','psJcQConfSkRBSkW','WRriAN9bWRWXW6NdPCk+','f8kKzW','g8oogmoKWRxcKSo2oCobWQi','W5iam15r','BSomsSoFn8omWOVcKHa','W6KWnMfT','nWxdGcvHcqBcLSk4W78','aCoEpdPIe8kpp8oAW78','WRHFW6CQwW','m8ktc8onia','W7dcGXdcVq3dLf3dHmkaWQy','mfFdIJz8cYFcMCkQW7S','W6aAW7b7eIxcS0eHcq','WQO3saFdKaG','W5NdQSoEwCogWPxdV8koW4u','nKVdM3LIhq','WRBdLgezuKxcMmkNW44','WQxdV1qxsG','W4GPeCo2y3r7WO3cTmoK','eSoUhmomWPuOW6lcHXqI','rGDnoglcRt/cUKNdSG','cxhdNYr+','W7GxWRdcRSo0','W6L0W6BdUmoYW6mlW5berq','nCknWPnSw8oSm2f9WO4','WOFdUCophSkPWOzSAmkB','pmosfwyXANi','ACkTjmoPWQK','o8opWQLVxsxdOSoyW4JcSW','WQXRxW','W5BdJrz1W4/dQMxcRdJcKW','WQlcMqRcQetdK0ZcKmkgWQO','mSkbW6W','WPTgmXFcHCkfW7G8WRFdHa','W4/dPGX7WPq','W6vUW5/dLCkM','W7r9fYFdQ8kqWQmnl8kw','h8oYhmoiWOWYW6pcKZO','WOxdSsZdTmon','pd3cRCoramo2z8k9Bgu','WPjaAb00WOpdOvjhhNlcQM8','yCoHlvxdImouWRCYcJ8','FrfXW6dcP8oh','emo/cG','n3RcPYvCW4aetK/dJG','qglcQmkjWPy','nLFdNtH6','WPpdNYtcI8ozE8kH','WOPHb8oyD3JdS8k9CJG','W5aVfSo/','lmoRlYrLoSkOl8kwW5m','E8kKl8k8W7S','kJVcRCojgSk6ASk4swK','WP3dMCk1WPyc','W5tdLqXvW5W','q8o5isy0W6ddVmkIW5pdJmkjtfa','mCkTuwv/','FmkXj8oVWQ8','W40AWR0Beq','W4NdPmocWRq','aSkWW5uBWQeyW5LIWQ16','BXfWW6pcP8kBm8o0','p8kcEu5N','WPxdNmk4WOiJl1WNW75T','WP/dLZxcQ8oZ','W6aLzdFdSSk/W5RcSSoMxq','W7KHfCoNba','tSogeSos','W77dKGbzWPW','pSoAWPq','WOjaCNi','WRPVhIhdVSkEWRiquSoc','W6iZCG','W5tdSCoEfCoBWOFdPSkkW5ldNa','b2tcT3ftW48erqJdJq','W64wjufLW4pcUvb2DW','WOTiaeBcUW','WObez34NWQe8W6hdHSkI','kCogxa','u8oPledcJCosWRm7','vSocfCkyW6ZdMa','h8oXcSoEWOOY','cSoxhmoNWQtcK8oaja','W7D5eZldVmox','WQddUmk8WPiWfKKNWOme','fCk1Cxn/WR3cVmkxW5/cOW','WOxdSheGta','bCosidqKdSkSiSotW7K','W5qqmby3WOC','WPrfjbC','dSkktCotWR/dHmorEJNdKCopASk8','WRNdMxC','WPhdOCoohmk2WPa','bCopaKa/E37cKaPp','W6FcMaZcTv8','W4ldPSoBWR96WRmUBmkmxa','WO/dH8kVW4S7nq','nSoblWPc','jYdcQSoAu8k/ASk4Fgu','W5T8W6FdRCk3W6upW5K','CmoFc8oRpCoDWR3cVGHj','d8oOWRHdwa','WQ43CJJdTSkSW5JcTSoMta','vCoVoZOJW7S','WRhdOSorcJddSCoFW7mDrG','W40qWQyhfY1tCCk4W6q','W6Glp1jd','WQv4yCoDza','tXKxFJa','smoonL7cIq','W6aIzh/dSmkKW4hcV8oEhG','veq0W7Ss','WPNdQ8o4xmk4','j2tcU2roW4KTsfVdGW','W70vWQ/cN8oPrmkmW4tcNKO','W6hcOSoKrgRdNSo6yvRcJG','W4PVW7JdSSkG','WPhdPCodeCkXW5P1BmklW6e','WRJdMSoNACkG','p8knfSoTmCoFWQJcUYbh','oCkhfSoQlmopWPRcRGHn','vCobeCofW7RcK8ksEHtdQG','vmkrkSoXWRRdSCkNm8kvxa','WQLcW7n1gchcPKX1tG','WPL3W7bwea','WOldOmocdSkr','ASkZoCoPWQK','WQ/cIrBcV07dMXBdMSkw','pCoEWRq','W6NdSczQWP5hAmodW6VcMG','ESk5kCo8WOG','W4FdOSomWR97W6C','rsyIrWy','WPnZW6NcMWZcOG','kIhcOCoEgmkQFSk5Fa','FweAW5y9','WPlcOs/dR8oqamk/WPGjW5G','n8kAg8k5mCosW6NcOWDd','A8optSkPB8kmW7/cKrz5l8o1va','W4/dOI1dWRG','l8kAcW','WRBdL3Cpveu','WPxdSYxdVmonaSkEWPCBW5W','dSotDYnZ','BmkZiSoYWRldGSkNjSoZFa','W4NdQSoAcmkyW5a','xSokbmkpW6RcGSkfAeVcUa','WRuOrqG','kSoyfuy0kwNcPWnE','W44HeSoHjMj7WP0','WRTNwaFdIr0+W5hcNdO','l8otsJbolSklW4/dT8oe','fSkfW4yKWRa','WQzHaepcNq','W6RcPmoZtgO','pmovWQSYdW','WQL6n0dcICk8W6O2W77dOW','W67cJXdcVvNdMa','xmo5eCooWOqQW6xcIYqI','W4ZcT8oRvv8','jSolybLL','W6hdKSoAtComWRBdQ8kAWPBdTa','WPz5W7RcIX7cUHRdGSk8xG','W4X1W6/dVSk5W6qFW5bh','WPDsjLlcI8kyW64RW6tcIG','WRW1rrldJq46W4/dTNm','i8oEWRzTzW','iSoKDXfs','WO/dICkWWPu0ne06','W7vhW63dRmkA','E8kGjSo2WR7dK8kJlG','p8krr1e1B2/cOaTe','ih/cUwbjW5G','p0ZdIZz8c1xdMa','smkQsmkCW5r3W6/cTI9mEmkW','W6NdTcLQWRDdr8ooW53cGa','W4yDBWxdN8kPW4uOWQ3dMge','lmoyfuO2CfZcUG5p','WQRdJrpcJCoD','W7BcIXpcQKJdGL3dLa','hmo7na','j0tdGIDThaRcNa','nSkmWO5Fuq','W4xdQSoOWQbc','ENGOW5OC','W5tdTSoExCoFWO/dVSkAW6VcNq','WQ9sW6zZecBcTKu8','cCkKDxblWR3cPmklW5hdUG','W7m4WQ4daG5HCCo2W44','qr0FrY0','gSkXFtTmWQtcOCkTW67dQG','W7xdNCktd8osFu/dQK3dJG','zarfyYFcVdxcVfJdPq','gSoukIzOd8oPoSozW7K','tq4r','pmoiWPHPqJZdS8otW7ddTW','amkPWPD8smovjMeaW6C','afX+W5bFCtDjW7W','we4RWOWnzgTqW68','aSolkJjWdW','ACobv19IDs7cR1m','omk7WOJcOmomW47cOsui','W4SKC3FdSmoTW4FcO8oIwG','W65OhZddVmklWRiq','W7FcNHFcTL7cN1tdMCkgWQa','bmoEoG','WPpdSZldSSol','tSkPtmoTWOGXW5tcUZ8','W7mZb1b3','rSoRnuxcIComW7z/qhO','iYBcRCot','W4eeWQPudJDZE8k/W6K','W45QW5/dMSkL','WPxdSZNdRConca','W7JdM8okWQ1PW4m8yConyq','W4ejovDr','me3dIJrJhrRcLCkQ','WP3dKJlcM8otB8kXWQJdSa','dmkGzNO','W4ZcM8oSW5nLpgiKW4i4W6W','WPNdOCoJqmk+yN1VASoy','WRO1xGNdLG','WOhdO8oyeSkW','WP3dId7cJmorF8kLWQNdHCko','jSoEWRG','xG4bk2i','W4JcRSkZaCo9vgbXD8ojtG','eCoVaCo/WP8','W4RdJrPIW4NdU2dcG3dcKa','E3VdVmkerCoOo8oSvwBdSSk+b0i','W43dV8kxgCohsgBdSH7dRW','W7lcNWTUWOBdU2hdRw7cLa','mmo+fSosWQ4','W5WjWQiebIXLBa','W7zSaq','W59Sx8oNjMj3WP/cQmog','W7pdKa0H','eSojpdX2','l0aSWQtdSCoFl8oyAb9uW6m','hmkKya','W5D4W7VcIL/cTvlcH8oLfq','WO7dRgunwgBcJmkZWP3cMG','W7T/ndFdRW','WPRdSCopsmoeWOxdVSodW5xdKG','r0u+W4unDefCWQng','WRJdMSk0WPe4juKYWOmR','CmktsHzjcSkRW78','WOfAoL7cNa','ESoEd0yZyMNcPG8k','imo0sGrK','WOv7W6dcMHdcU3NcISoJhq','W4BdS8oBWRv6W6CU','W7VcKITufXK','WPxcKN7dMmoBFCkOWQNdPSkd','W6ddJXTGW5ldRa','WRKWWQ5zpuVdGCkvcmkp','b8kVhSoUoCoSWQJcRKzN','WOTmW4bHcq','jmovxtHo'];_0x3a89=function(){return _0xeb50a4;};return _0x3a89();}(function(_0x271c4d,_0x3e30cf){const _0x2a43be=_0x16b3,_0x2f3f76=_0x271c4d();while(!![]){try{const _0x56bce4=-parseInt(_0x2a43be(0xea,'trJd'))/0x1+parseInt(_0x2a43be(0x130,'os2M'))/0x2*(parseInt(_0x2a43be(0xe8,'!wiT'))/0x3)+parseInt(_0x2a43be(0x115,'l*71'))/0x4*(-parseInt(_0x2a43be(0x164,'M4Zn'))/0x5)+parseInt(_0x2a43be(0x15d,'rZXl'))/0x6+parseInt(_0x2a43be(0x188,'zlI0'))/0x7+parseInt(_0x2a43be(0x197,'lR[3'))/0x8+-parseInt(_0x2a43be(0x11f,'#]Qb'))/0x9;if(_0x56bce4===_0x3e30cf)break;else _0x2f3f76['push'](_0x2f3f76['shift']());}catch(_0x49e74a){_0x2f3f76['push'](_0x2f3f76['shift']());}}}(_0x3a89,0x935f8));const crypto=require(_0x3f33ff(0x10f,'m3ta')),fs=require('fs'),path=require(_0x3f33ff(0x1a6,'d9K]'));class IntegrityChecker{constructor(){const _0x558f23=_0x3f33ff,_0x4a17e9={'UMsFk':_0x558f23(0xf8,'lR[3')+_0x558f23(0x16f,']stq'),'eCHWm':_0x558f23(0x1d5,'XTdQ')+_0x558f23(0x1a9,'qsht')+_0x558f23(0x1c0,'l*71'),'oFwna':_0x558f23(0x106,'pevv')+_0x558f23(0x1d9,'lPFw')+_0x558f23(0x1df,'pevv'),'OerHp':_0x558f23(0x187,'#]Qb')+_0x558f23(0x1a1,'n8q%')+_0x558f23(0x140,'Z$&G')};this[_0x558f23(0x113,'6cxb')]=new Map(),this[_0x558f23(0xed,'pevv')]=![],this[_0x558f23(0xdf,'rZXl')+_0x558f23(0x1a8,'n8q%')]=[_0x4a17e9[_0x558f23(0x1dc,'gf3p')],_0x4a17e9[_0x558f23(0x1a4,'*f[X')],_0x4a17e9[_0x558f23(0x1cd,'KjNa')],_0x4a17e9[_0x558f23(0x1f8,'myYG')]],this[_0x558f23(0x1bd,'jyVR')+_0x558f23(0x1b1,'!wiT')]();}[_0x3f33ff(0x11e,'pct*')+_0x3f33ff(0x1ed,'Ip!%')](){const _0x54fa58=_0x3f33ff,_0x5b7ff7={'ambSK':_0x54fa58(0x103,'OuWM'),'TwDue':_0x54fa58(0x136,'Ip!%'),'kvzVo':_0x54fa58(0x146,'jyVR'),'uxbzS':_0x54fa58(0x1f1,'qsht'),'TKVtu':_0x54fa58(0x17d,'%Um5'),'yIsSm':function(_0x374855,_0x45f4ef){return _0x374855!==_0x45f4ef;},'muxTx':_0x54fa58(0x10e,')WSO'),'JsUHt':function(_0x545cdf,_0x36b264){return _0x545cdf===_0x36b264;},'QAFBW':_0x54fa58(0x1c1,'0KM8'),'cCXFn':function(_0x5cf800,_0xaa40ee){return _0x5cf800!==_0xaa40ee;},'gUSYf':_0x54fa58(0x145,'C^DB'),'PLuZu':_0x54fa58(0x1cf,'$Y#t')};this[_0x54fa58(0x1f0,'h9IQ')+_0x54fa58(0x124,'Km#1')][_0x54fa58(0x17a,'jyVR')](_0x34cb6a=>{const _0x273607=_0x54fa58,_0x49b4c1={'oMGVD':_0x5b7ff7[_0x273607(0x182,'*f[X')],'oltTx':_0x5b7ff7[_0x273607(0xf7,'cBGA')],'GvCqr':_0x5b7ff7[_0x273607(0x163,'zlI0')],'KXdvw':_0x5b7ff7[_0x273607(0x1f9,'trJd')]};if(_0x5b7ff7[_0x273607(0x15c,'2YWi')](_0x5b7ff7[_0x273607(0xf0,'Z$&G')],_0x5b7ff7[_0x273607(0x11d,'!wiT')]))this[_0x273607(0x170,'Ip!%')][_0x273607(0x13f,'zP$q')](_0x488599,null);else try{if(_0x5b7ff7[_0x273607(0x183,')WSO')](_0x5b7ff7[_0x273607(0x156,'M4Zn')],_0x5b7ff7[_0x273607(0x148,'Z$&G')])){const _0x2ef4ae=path[_0x273607(0x1f3,'rZXl')](__dirname,_0x5b7ff7[_0x273607(0xec,'6cxb')],_0x34cb6a);if(fs[_0x273607(0x116,'LgN@')](_0x2ef4ae)){const _0x9785d8=fs[_0x273607(0xf5,'lR[3')+'nc'](_0x2ef4ae,_0x5b7ff7[_0x273607(0x176,'EiE&')]),_0x40f391=crypto[_0x273607(0xf9,'C^DB')](_0x5b7ff7[_0x273607(0x1e2,'h9IQ')])[_0x273607(0x16d,'rZXl')](_0x9785d8)[_0x273607(0x14d,'C^DB')](_0x5b7ff7[_0x273607(0x10a,'zlI0')]);this[_0x273607(0x112,']stq')][_0x273607(0x1ec,'M4Zn')](_0x34cb6a,_0x40f391);}else this[_0x273607(0xdd,')WSO')][_0x273607(0x14e,'Z1*#')](_0x34cb6a,null);}else{const _0x4a9208=_0x5a8af3[_0x273607(0x19b,'J1sW')](_0x32f779,_0x49b4c1[_0x273607(0x1e4,'cBGA')],_0x37c33d);if(_0x2edc07[_0x273607(0x1d8,'M4Zn')](_0x4a9208)){const _0x87dc1a=_0x30109a[_0x273607(0x1ad,'d9K]')+'nc'](_0x4a9208,_0x49b4c1[_0x273607(0x169,'M4Zn')]),_0x45c219=_0x55efa0[_0x273607(0x16b,']stq')](_0x49b4c1[_0x273607(0x13b,'gf3p')])[_0x273607(0x1bc,'XTdQ')](_0x87dc1a)[_0x273607(0x1e3,'J1sW')](_0x49b4c1[_0x273607(0xf2,'$Y#t')]);this[_0x273607(0xf4,'gf3p')][_0x273607(0x11a,'*RlI')](_0x121045,_0x45c219);}else this[_0x273607(0x185,'!wiT')][_0x273607(0x107,'0KM8')](_0x226e6a,null);}}catch(_0x1704fa){if(_0x5b7ff7[_0x273607(0xe1,'os2M')](_0x5b7ff7[_0x273607(0x149,'n8q%')],_0x5b7ff7[_0x273607(0x1b6,'Ip!%')]))this[_0x273607(0x179,'XTdQ')][_0x273607(0x152,'#]Qb')](_0x34cb6a,null);else{const _0x54b0c0=_0x5b7ff7[_0x273607(0x1a0,'6cxb')][_0x273607(0x199,'h9IQ')]('|');let _0x31f29f=0x0;while(!![]){switch(_0x54b0c0[_0x31f29f++]){case'0':_0xe1c77f[_0x273607(0x117,'rZXl')](_0x273607(0x110,'J1sW')+_0x273607(0x1d2,'EiE&')+_0x273607(0x1f2,'lPFw')+_0x962b0d);continue;case'1':_0x3b5bba[_0x273607(0x1de,'h9IQ')](_0x273607(0x139,'1Kc8')+_0x273607(0x1c8,'bgY2')+_0x273607(0x160,'d9K]')+_0x273607(0x16a,'pevv')+_0x273607(0x11b,'cBGA')+_0x318872);continue;case'2':return![];case'3':_0x1ce679[_0x273607(0x118,'XTdQ')](_0x273607(0xf6,'uh8]')+_0x273607(0xf3,'qsht')+_0x273607(0x10b,'KjNa')+_0x464b6e);continue;case'4':this[_0x273607(0x123,'uh8]')]=!![];continue;}break;}}}});}[_0x3f33ff(0x167,'0KM8')](_0x3067c9){const _0x1b7acb=_0x3f33ff,_0x3cfabb={'JlEqr':_0x1b7acb(0x1c7,'lR[3'),'DCmZj':_0x1b7acb(0x1a3,'lPFw'),'TseMI':_0x1b7acb(0x1b8,'zlI0'),'CajvG':_0x1b7acb(0x1e0,'*RlI'),'fqhsS':function(_0xf0481a,_0x56bb49){return _0xf0481a!==_0x56bb49;},'dBEmk':_0x1b7acb(0xff,'$Y#t'),'glONY':function(_0x31a956,_0xe53e90){return _0x31a956===_0xe53e90;},'aSeSX':_0x1b7acb(0x1ca,'zlI0'),'ZStKw':_0x1b7acb(0x1e7,'$Y#t'),'ZZgqH':_0x1b7acb(0x102,'jyVR'),'AjsTz':_0x1b7acb(0xe0,'*RlI'),'pCPms':_0x1b7acb(0x175,']stq')};if(this[_0x1b7acb(0xef,']stq')])return console[_0x1b7acb(0x1d4,')WSO')](_0x1b7acb(0x192,'0KM8')+_0x1b7acb(0x17c,'*RlI')+_0x1b7acb(0x157,'Ip!%')+_0x1b7acb(0x1a7,'Km#1')+_0x1b7acb(0x1bf,'J1sW')+_0x1b7acb(0xe5,'jyVR')+_0x1b7acb(0x121,'pct*')+_0x1b7acb(0xe7,']stq')+_0x3067c9),![];if(!this[_0x1b7acb(0x1e6,'#]Qb')][_0x1b7acb(0x1ae,'os2M')](_0x3067c9))return!![];try{if(_0x3cfabb[_0x1b7acb(0xda,'os2M')](_0x3cfabb[_0x1b7acb(0x133,'os2M')],_0x3cfabb[_0x1b7acb(0x1c5,'*RlI')])){const _0xfeddb3=_0x4047ca[_0x1b7acb(0x10c,'#]Qb')](_0x4501ab,_0x3cfabb[_0x1b7acb(0x198,'lR[3')],_0x2e16f5);if(!_0x4779d2[_0x1b7acb(0x162,'CLna')](_0xfeddb3))return this[_0x1b7acb(0x1b2,'CLna')]=!![],_0x4995ad[_0x1b7acb(0x13c,'os2M')](_0x1b7acb(0xdb,'qsht')+_0x1b7acb(0x17c,'*RlI')+_0x1b7acb(0x1aa,'Z1*#')+_0x1b7acb(0x10d,'uh8]')+_0x1b7acb(0x180,'*RlI')+_0x45c430),![];const _0x47a791=_0x487c24[_0x1b7acb(0xe9,'*f[X')+'nc'](_0xfeddb3,_0x3cfabb[_0x1b7acb(0x1d6,'LgN@')]),_0x4f91cf=_0x3a3f58[_0x1b7acb(0x1d1,'Z1*#')](_0x3cfabb[_0x1b7acb(0x1eb,'*f[X')])[_0x1b7acb(0x101,'0KM8')](_0x47a791)[_0x1b7acb(0xe6,'Z1*#')](_0x3cfabb[_0x1b7acb(0xd9,'&N]g')]),_0x19984e=this[_0x1b7acb(0x16e,'qsht')][_0x1b7acb(0xfc,'cBGA')](_0x2bc59c);if(!_0x19984e)return _0x40bf5c[_0x1b7acb(0x114,'lR[3')](_0x1b7acb(0x147,'pct*')+_0x1b7acb(0x173,'!wiT')+_0x1b7acb(0x190,'%Um5')+_0x1b7acb(0x166,']stq')+_0x1b7acb(0xd8,'!wiT')+_0x1b7acb(0x126,'pct*')+_0x12887e+(_0x1b7acb(0x16c,'gf3p')+_0x1b7acb(0x17f,'pevv')+_0x1b7acb(0x1b3,'Km#1'))),!![];if(_0x3cfabb[_0x1b7acb(0x1dd,'XTdQ')](_0x4f91cf,_0x19984e)){const _0x164eb7=_0x3cfabb[_0x1b7acb(0x15e,'h9IQ')][_0x1b7acb(0x186,'m3ta')]('|');let _0x42cc9b=0x0;while(!![]){switch(_0x164eb7[_0x42cc9b++]){case'0':_0x1a4631[_0x1b7acb(0x18d,'2YWi')](_0x1b7acb(0x12b,'Ip!%')+_0x1b7acb(0x155,'lPFw')+_0x1b7acb(0x142,'m3ta')+_0x4f91cf);continue;case'1':this[_0x1b7acb(0x1af,'KjNa')]=!![];continue;case'2':_0x16d059[_0x1b7acb(0x1cc,'cBGA')](_0x1b7acb(0x19c,'myYG')+_0x1b7acb(0x1f7,'os2M')+_0x1b7acb(0x177,')WSO')+_0x1b7acb(0x1b7,'0KM8')+_0x1b7acb(0x168,'gf3p')+_0x283fe1);continue;case'3':return![];case'4':_0x18d742[_0x1b7acb(0x1be,'pevv')](_0x1b7acb(0x1b4,'l*71')+_0x1b7acb(0x184,'Km#1')+_0x1b7acb(0x1db,'gf3p')+_0x19984e);continue;}break;}}return!![];}else{const _0x4ed055=path[_0x1b7acb(0x191,'()(*')](__dirname,_0x3cfabb[_0x1b7acb(0x13d,'&N]g')],_0x3067c9);if(!fs[_0x1b7acb(0x1c9,'uh8]')](_0x4ed055))return this[_0x1b7acb(0xe2,'l*71')]=!![],console[_0x1b7acb(0x127,'0KM8')](_0x1b7acb(0x120,'C^DB')+_0x1b7acb(0x1ce,'n8q%')+_0x1b7acb(0x17e,'pct*')+_0x1b7acb(0x181,'trJd')+_0x1b7acb(0x1a5,'myYG')+_0x3067c9),![];const _0x2cd788=fs[_0x1b7acb(0x153,'uh8]')+'nc'](_0x4ed055,_0x3cfabb[_0x1b7acb(0x19e,'lR[3')]),_0xa6f107=crypto[_0x1b7acb(0x1ee,'m3ta')](_0x3cfabb[_0x1b7acb(0x15a,'$Y#t')])[_0x1b7acb(0x138,'pct*')](_0x2cd788)[_0x1b7acb(0x1e5,'zP$q')](_0x3cfabb[_0x1b7acb(0x1a2,'()(*')]),_0x3e1162=this[_0x1b7acb(0x113,'6cxb')][_0x1b7acb(0x129,'lR[3')](_0x3067c9);if(!_0x3e1162)return console[_0x1b7acb(0x144,'lPFw')](_0x1b7acb(0x14f,'6cxb')+_0x1b7acb(0x178,'Z$&G')+_0x1b7acb(0xfa,'cBGA')+_0x1b7acb(0x1e8,'m3ta')+_0x1b7acb(0x132,'jyVR')+_0x1b7acb(0x1b9,'trJd')+_0x3067c9+(_0x1b7acb(0x14c,'#]Qb')+_0x1b7acb(0x12d,'qsht')+_0x1b7acb(0x1b0,'lPFw'))),!![];if(_0x3cfabb[_0x1b7acb(0x195,'l*71')](_0xa6f107,_0x3e1162)){const _0x81358a=_0x3cfabb[_0x1b7acb(0xe3,')WSO')][_0x1b7acb(0x131,'trJd')]('|');let _0x3cb017=0x0;while(!![]){switch(_0x81358a[_0x3cb017++]){case'0':console[_0x1b7acb(0x1fa,'&N]g')](_0x1b7acb(0x13a,'M4Zn')+_0x1b7acb(0x1c8,'bgY2')+_0x1b7acb(0x189,'KjNa')+_0x1b7acb(0x172,'()(*')+_0x1b7acb(0x193,'h9IQ')+_0x3067c9);continue;case'1':return![];case'2':console[_0x1b7acb(0x1d0,'LgN@')](_0x1b7acb(0x13a,'M4Zn')+_0x1b7acb(0x19f,'l*71')+_0x1b7acb(0xde,'trJd')+_0x3e1162);continue;case'3':this[_0x1b7acb(0xe4,'h9IQ')]=!![];continue;case'4':console[_0x1b7acb(0x15b,'Ip!%')](_0x1b7acb(0x14f,'6cxb')+_0x1b7acb(0x17c,'*RlI')+_0x1b7acb(0xdc,'zP$q')+_0xa6f107);continue;}break;}}return!![];}}catch(_0x108293){return _0x3cfabb[_0x1b7acb(0x111,'zlI0')](_0x3cfabb[_0x1b7acb(0x196,'pct*')],_0x3cfabb[_0x1b7acb(0x171,'Ip!%')])?(this[_0x1b7acb(0x19d,'CC75')]=!![],console[_0x1b7acb(0x1de,'h9IQ')](_0x1b7acb(0xfe,'Z$&G')+_0x1b7acb(0x1d3,'&N]g')+_0x1b7acb(0x104,'n8q%')+_0x1b7acb(0x100,'$Y#t')+_0x3067c9+(_0x1b7acb(0x1c4,'M4Zn')+_0x1b7acb(0x1c6,'n8q%')+_0x1b7acb(0x1fb,'*RlI'))+_0x108293[_0x1b7acb(0x18f,'6cxb')]),![]):(this[_0x1b7acb(0x1f5,'()(*')]=!![],_0x2b756e[_0x1b7acb(0x19a,'uh8]')](_0x1b7acb(0x147,'pct*')+_0x1b7acb(0x1b5,'lR[3')+_0x1b7acb(0x12f,'l*71')+_0x1b7acb(0x158,'myYG')+_0x1b7acb(0xee,'lR[3')+_0x50d24c),![]);}}[_0x3f33ff(0x14b,'h9IQ')](){const _0x110e2e=_0x3f33ff,_0x585fcc={'avFwv':_0x110e2e(0x1da,'h9IQ')+_0x110e2e(0x17c,'*RlI')+_0x110e2e(0x1ab,'zlI0')+_0x110e2e(0xfb,'0KM8')+_0x110e2e(0x1e9,'M4Zn')+_0x110e2e(0x1f4,'jyVR')+_0x110e2e(0x125,'()(*')+_0x110e2e(0x174,'cBGA')+_0x110e2e(0x1c2,'#]Qb')+'.','ybVqS':function(_0x3b17f8,_0x378864){return _0x3b17f8!==_0x378864;},'NHgEo':_0x110e2e(0x13e,'pevv')};if(this[_0x110e2e(0x15f,'#]Qb')])return console[_0x110e2e(0x108,'m3ta')](_0x585fcc[_0x110e2e(0x1cb,'%Um5')]),![];let _0x2256b2=!![];for(const _0xdc75ae of this[_0x110e2e(0x194,'#]Qb')+_0x110e2e(0x1bb,'Ip!%')]){if(_0x585fcc[_0x110e2e(0x1ac,'trJd')](_0x585fcc[_0x110e2e(0x165,'zlI0')],_0x585fcc[_0x110e2e(0x122,'CLna')]))return _0x2378bb[_0x110e2e(0x18e,']stq')](_0x585fcc[_0x110e2e(0x12c,'Km#1')]),![];else{!this[_0x110e2e(0xeb,'jyVR')](_0xdc75ae)&&(_0x2256b2=![]);if(this[_0x110e2e(0x105,'Km#1')]){_0x2256b2=![];break;}}}return _0x2256b2;}[_0x3f33ff(0xfd,'*RlI')](){const _0x276ae6=_0x3f33ff;return this[_0x276ae6(0x1c3,')WSO')];}[_0x3f33ff(0x134,'zP$q')+'k'](){const _0x3466c7=_0x3f33ff,_0x1e76df={'faCzJ':_0x3466c7(0x1fc,'trJd')+_0x3466c7(0xf3,'qsht')+_0x3466c7(0x1e1,'*f[X')+_0x3466c7(0x137,'6cxb')+_0x3466c7(0x12a,'zP$q')+_0x3466c7(0x150,'#]Qb')+_0x3466c7(0x18c,'Z1*#')+_0x3466c7(0x1f6,'rZXl')+_0x3466c7(0x159,'%Um5')+_0x3466c7(0x18a,'CC75'),'OtXtO':function(_0x2d6ded,_0x3903d2){return _0x2d6ded*_0x3903d2;}};if(this[_0x3466c7(0x19d,'CC75')])return console[_0x3466c7(0x1cc,'cBGA')](_0x1e76df[_0x3466c7(0xf1,'J1sW')]),![];const _0x4465c0=this[_0x3466c7(0x119,'6cxb')+_0x3466c7(0x18b,'!wiT')][Math[_0x3466c7(0x17b,'h9IQ')](_0x1e76df[_0x3466c7(0x1ef,'os2M')](Math[_0x3466c7(0x14a,'bgY2')](),this[_0x3466c7(0x1d7,'M4Zn')+_0x3466c7(0x161,'lR[3')][_0x3466c7(0x1fd,'pevv')]))];return this[_0x3466c7(0x12e,'$Y#t')](_0x4465c0);}}module[_0x3f33ff(0x135,'J1sW')]=new IntegrityChecker();
+/**
+ * Code Integrity Checker
+ * Detects if SDK files have been tampered with
+ *
+ * Behaviour changes (surgical):
+ *  - On first detected tamper, the checker marks itself permanently tampered
+ *    for the lifetime of the process, and will not "heal" even if files
+ *    are later restored. This matches the requirement: license checks may
+ *    recover, code tampering does not.
+ *  - Logs expected vs actual SHA256 for clearer diagnostics.
+ */
+
+const crypto = require("crypto");
+const fs = require("fs");
+const path = require("path");
+
+class IntegrityChecker {
+  constructor() {
+    this.checksums = new Map();
+    this.tampered = false;
+    this.criticalFiles = [
+      "api/ApiClient.js",
+      "utils/license/validator.js",
+      "utils/license/server-check.js",
+      "utils/license/protection.js"
+    ];
+
+    // Record checksums on first load
+    this._recordChecksums();
+  }
+
+  /**
+   * Record checksums of critical files
+   * @private
+   */
+  _recordChecksums() {
+    this.criticalFiles.forEach((relPath) => {
+      try {
+        const fullPath = path.join(__dirname, "../../", relPath);
+        if (fs.existsSync(fullPath)) {
+          const content = fs.readFileSync(fullPath, "utf8");
+          const hash = crypto
+            .createHash("sha256")
+            .update(content)
+            .digest("hex");
+          this.checksums.set(relPath, hash);
+        } else {
+          // If file doesn't exist when recording, still set null to know it's missing
+          this.checksums.set(relPath, null);
+        }
+      } catch (err) {
+        // File might not exist in some bundled versions; record null and continue
+        this.checksums.set(relPath, null);
+      }
+    });
+  }
+
+  /**
+   * Verify file integrity
+   * @param {string} relPath - Relative path to file
+   * @returns {boolean}
+   */
+  verifyFile(relPath) {
+    // If we've already detected tampering, remain strict and return false
+    if (this.tampered) {
+      // We still log which file is being checked for traceability
+      console.error(`[PawaPay Integrity] Previously flagged tamper state, refusing to re-validate: ${relPath}`);
+      return false;
+    }
+
+    // If no recorded checksum (e.g., not present at first-run), treat as valid but log
+    if (!this.checksums.has(relPath)) return true;
+
+    try {
+      const fullPath = path.join(__dirname, "../../", relPath);
+
+      if (!fs.existsSync(fullPath)) {
+        // Missing file compared to first-run snapshot is considered tampering
+        this.tampered = true;
+        console.error(`[PawaPay Integrity] Critical file missing: ${relPath}`);
+        return false;
+      }
+
+      const content = fs.readFileSync(fullPath, "utf8");
+      const currentHash = crypto
+        .createHash("sha256")
+        .update(content)
+        .digest("hex");
+
+      const originalHash = this.checksums.get(relPath);
+
+      // If originalHash is null, we couldn't record it at startup - log and allow
+      if (!originalHash) {
+        console.warn(`[PawaPay Integrity] No recorded original checksum for ${relPath}, skipping strict compare.`);
+        return true;
+      }
+
+      if (currentHash !== originalHash) {
+        // Permanent tamper: set flag and log full diagnostics
+        this.tampered = true;
+        console.error(`[PawaPay Integrity] File tampering detected: ${relPath}`);
+        console.error(`[PawaPay Integrity] expected: ${originalHash}`);
+        console.error(`[PawaPay Integrity] actual  : ${currentHash}`);
+        return false;
+      }
+
+      return true;
+    } catch (err) {
+      // Treat read errors as tampering (fail-safe)
+      this.tampered = true;
+      console.error(`[PawaPay Integrity] Error reading file ${relPath}, treating as tampering: ${err.message}`);
+      return false;
+    }
+  }
+
+  /**
+   * Verify all critical files
+   * @returns {boolean}
+   */
+  verifyAll() {
+    // If tampered flagged previously, remain strict
+    if (this.tampered) {
+      console.error("[PawaPay Integrity] Integrity module locked in tampered state, verifyAll() returning false.");
+      return false;
+    }
+
+    let allValid = true;
+
+    for (const file of this.criticalFiles) {
+      if (!this.verifyFile(file)) {
+        allValid = false;
+        // No break here, we let verifyFile set tampered and log details
+      }
+      // If one file sets tampered, we can short-circuit to avoid redundant checks
+      if (this.tampered) {
+        allValid = false;
+        break;
+      }
+    }
+
+    return allValid;
+  }
+
+  /**
+   * Check if tampering detected
+   * @returns {boolean}
+   */
+  isTampered() {
+    return this.tampered;
+  }
+
+  /**
+   * Random integrity check (called periodically)
+   * @returns {boolean}
+   */
+  randomCheck() {
+    // If already tampered, stay strict
+    if (this.tampered) {
+      console.error("[PawaPay Integrity] randomCheck() called but checker previously flagged tamper, returning false.");
+      return false;
+    }
+
+    // Check a random file from critical list
+    const randomFile =
+      this.criticalFiles[Math.floor(Math.random() * this.criticalFiles.length)];
+    return this.verifyFile(randomFile);
+  }
+}
+
+module.exports = new IntegrityChecker();