@mercuryo-ai/magicpay-cli 0.1.0

package/dist/secret-backend.js

@@ -0,0 +1,335 @@
+import { createMagicPayClient, } from '@mercuryo-ai/magicpay-sdk';
+import { describeSecretRequestStatus } from '@mercuryo-ai/magicpay-sdk/core';
+import { approveMockSecretRequest as approveMockSecretRequestRecord, claimMockSecretRequest, createOrReuseMockSecretRequest, denyMockSecretRequest as denyMockSecretRequestRecord, pollMockSecretRequest, } from './mock-secret-cabinet.js';
+import { fetchMockSecretCatalog, resolveMockStoredSecretValues } from './mock-secret-store.js';
+import { resolveMagicPayGatewayConfig } from './gateway.js';
+const ENABLE_MOCK_SECRETS_ENV_NAMES = ['MAGICPAY_ENABLE_MOCK_SECRETS'];
+const MOCK_GATEWAY_CONFIG = {
+    apiKey: 'mock-secrets',
+    apiUrl: 'https://mock.invalid',
+};
+function envFlagEnabled(value) {
+    if (!value) {
+        return false;
+    }
+    const normalized = value.trim().toLowerCase();
+    return normalized === '1' || normalized === 'true' || normalized === 'yes' || normalized === 'on';
+}
+function formatUnknownError(error) {
+    if (error instanceof Error) {
+        return error.message;
+    }
+    if (typeof error === 'string') {
+        return error;
+    }
+    if (error && typeof error === 'object') {
+        try {
+            return JSON.stringify(error);
+        }
+        catch {
+            return Object.prototype.toString.call(error);
+        }
+    }
+    return String(error);
+}
+function buildClaimId() {
+    return `magicpay-cli-mock-claim-${Date.now()}`;
+}
+function isTerminalSecretStatus(status) {
+    return status !== 'pending';
+}
+async function waitForNextPoll(delayMs, signal) {
+    if (delayMs <= 0) {
+        if (signal?.aborted) {
+            throw signal.reason ?? new DOMException('This operation was aborted', 'AbortError');
+        }
+        return;
+    }
+    await new Promise((resolve, reject) => {
+        const timeoutId = setTimeout(() => {
+            signal?.removeEventListener('abort', onAbort);
+            resolve();
+        }, delayMs);
+        const onAbort = () => {
+            clearTimeout(timeoutId);
+            signal?.removeEventListener('abort', onAbort);
+            reject(signal?.reason ?? new DOMException('This operation was aborted', 'AbortError'));
+        };
+        if (signal?.aborted) {
+            onAbort();
+            return;
+        }
+        signal?.addEventListener('abort', onAbort, { once: true });
+    });
+}
+function mockBackendEnabledMessage() {
+    return `Set ${ENABLE_MOCK_SECRETS_ENV_NAMES.join('=1 or ')}=1 only for local/dev testing.`;
+}
+function tryGetLiveMagicPayClient(options = {}) {
+    try {
+        return createMagicPayClient({
+            gateway: resolveMagicPayGatewayConfig(),
+            ...(options.fetchImpl ? { fetchImpl: options.fetchImpl } : {}),
+        });
+    }
+    catch {
+        return null;
+    }
+}
+function getLiveMagicPayClient(options = {}) {
+    return createMagicPayClient({
+        gateway: resolveMagicPayGatewayConfig(),
+        ...(options.fetchImpl ? { fetchImpl: options.fetchImpl } : {}),
+    });
+}
+function unsupportedSessionsClient() {
+    const fail = () => {
+        throw new SecretBackendDisabledError('MagicPay session backend is not configured. Set MAGICPAY_API_KEY for MagicPay API access.');
+    };
+    return {
+        async create() {
+            return fail();
+        },
+        async get() {
+            return fail();
+        },
+        async getState() {
+            return fail();
+        },
+        describe() {
+            return fail();
+        },
+        async completeWithOutcome() {
+            return fail();
+        },
+    };
+}
+function toClaimFailure(error) {
+    const message = formatUnknownError(error);
+    if (message === 'secret_request_already_claimed') {
+        return {
+            success: false,
+            kind: 'already_claimed',
+            reason: 'A secret payload was already claimed for this request.',
+        };
+    }
+    if (message.startsWith('secret_request_not_fulfilled:')) {
+        return {
+            success: false,
+            kind: 'not_fulfilled',
+            reason: 'This secret request is not approved yet.',
+        };
+    }
+    if (message === 'secret_request_not_found') {
+        return {
+            success: false,
+            kind: 'other',
+            reason: 'MagicPay mock storage did not find a secret request for the provided session ID and request ID.',
+        };
+    }
+    if (message === 'mock_secret_values_missing') {
+        return {
+            success: false,
+            kind: 'other',
+            reason: 'MagicPay mock storage does not have secret values for the requested stored secret reference.',
+        };
+    }
+    return {
+        success: false,
+        kind: 'other',
+        reason: message,
+    };
+}
+async function pollMockSecretRequestUntil(sessionId, requestId, options = {}) {
+    const startedAt = Date.now();
+    const timeoutMs = options.timeoutMs ?? 180_000;
+    const maxIntervalMs = options.maxIntervalMs ?? 30_000;
+    const backoffMultiplier = options.backoffMultiplier ?? 1.2;
+    let nextIntervalMs = options.intervalMs ?? 10_000;
+    let attempts = 0;
+    let lastResult;
+    while (true) {
+        if (options.signal?.aborted) {
+            return {
+                success: false,
+                requestId,
+                attempts,
+                elapsedMs: Date.now() - startedAt,
+                kind: 'aborted',
+                reason: formatUnknownError(options.signal.reason),
+                ...(lastResult ? { lastResult } : {}),
+            };
+        }
+        attempts += 1;
+        const outcome = pollMockSecretRequest(sessionId, requestId);
+        const elapsedMs = Date.now() - startedAt;
+        options.onAttempt?.({
+            attempt: attempts,
+            elapsedMs,
+            nextIntervalMs,
+            outcome,
+        });
+        if (outcome.success) {
+            lastResult = outcome.result;
+            const statusContract = describeSecretRequestStatus(outcome.result.snapshot.status, outcome.result.snapshot.requestType);
+            const stopWhen = options.stopWhen ?? 'terminal';
+            const shouldStop = stopWhen === 'fulfilled'
+                ? outcome.result.snapshot.status === 'fulfilled'
+                : isTerminalSecretStatus(outcome.result.snapshot.status);
+            if (shouldStop) {
+                return {
+                    success: true,
+                    requestId,
+                    attempts,
+                    elapsedMs,
+                    result: outcome.result,
+                    statusContract,
+                };
+            }
+        }
+        else {
+            return {
+                success: false,
+                requestId,
+                attempts,
+                elapsedMs,
+                kind: outcome.kind,
+                reason: outcome.reason,
+                ...(lastResult ? { lastResult } : {}),
+                ...(outcome.status !== undefined ? { status: outcome.status } : {}),
+                ...(outcome.errorCode !== undefined ? { errorCode: outcome.errorCode } : {}),
+            };
+        }
+        if (elapsedMs >= timeoutMs) {
+            return {
+                success: false,
+                requestId,
+                attempts,
+                elapsedMs,
+                kind: 'timeout',
+                reason: `MagicPay mock secret request polling timed out after ${timeoutMs}ms.`,
+                ...(lastResult ? { lastResult } : {}),
+            };
+        }
+        const remainingMs = Math.max(0, timeoutMs - elapsedMs);
+        const delayMs = Math.min(nextIntervalMs, remainingMs);
+        try {
+            await waitForNextPoll(delayMs, options.signal);
+        }
+        catch (error) {
+            return {
+                success: false,
+                requestId,
+                attempts,
+                elapsedMs: Date.now() - startedAt,
+                kind: 'aborted',
+                reason: formatUnknownError(error),
+                ...(lastResult ? { lastResult } : {}),
+            };
+        }
+        nextIntervalMs = Math.min(maxIntervalMs, Math.round(nextIntervalMs * backoffMultiplier));
+    }
+}
+function createMockMagicPayClient(options = {}) {
+    const liveClient = tryGetLiveMagicPayClient(options);
+    return {
+        gateway: liveClient?.gateway ?? MOCK_GATEWAY_CONFIG,
+        sessions: liveClient?.sessions ?? unsupportedSessionsClient(),
+        secrets: {
+            async fetchCatalog(_sessionId, urlOrHost, _request) {
+                return fetchMockSecretCatalog(urlOrHost);
+            },
+            async createRequest(input) {
+                return createOrReuseMockSecretRequest(input);
+            },
+            async poll(sessionId, requestId) {
+                return pollMockSecretRequest(sessionId, requestId);
+            },
+            async pollUntil(sessionId, requestId, pollOptions) {
+                return pollMockSecretRequestUntil(sessionId, requestId, pollOptions);
+            },
+            async claim(sessionId, requestId, claimIdOrOptions, _maybeOptions) {
+                const claimId = typeof claimIdOrOptions === 'string' ? claimIdOrOptions : buildClaimId();
+                try {
+                    return {
+                        success: true,
+                        result: claimMockSecretRequest(sessionId, requestId, claimId, {
+                            resolveValues: (storedSecretRef) => resolveMockStoredSecretValues(storedSecretRef),
+                        }),
+                    };
+                }
+                catch (error) {
+                    return toClaimFailure(error);
+                }
+            },
+        },
+    };
+}
+export class SecretBackendDisabledError extends Error {
+    constructor(message = 'Secret backend is not configured.') {
+        super(message);
+        this.name = 'SecretBackendDisabledError';
+    }
+}
+function toMockSecretDecisionResult(record) {
+    return {
+        requestId: record.requestId,
+        sessionId: record.sessionId,
+        status: record.status === 'denied' ? 'denied' : 'fulfilled',
+        updatedAt: record.updatedAt,
+        ...(record.resolvedAt ? { resolvedAt: record.resolvedAt } : {}),
+        ...(record.expiresAt ? { expiresAt: record.expiresAt } : {}),
+    };
+}
+const mockSecretBackend = {
+    kind: 'mock',
+    async fetchSecretCatalog(_sessionId, urlOrHost, _options) {
+        return fetchMockSecretCatalog(urlOrHost);
+    },
+};
+const magicpayApiSecretBackend = {
+    kind: 'magicpay_api',
+    async fetchSecretCatalog(sessionId, urlOrHost, options) {
+        return options
+            ? getLiveMagicPayClient().secrets.fetchCatalog(sessionId, urlOrHost, options)
+            : getLiveMagicPayClient().secrets.fetchCatalog(sessionId, urlOrHost);
+    },
+};
+export function isMockSecretBackendEnabled() {
+    return ENABLE_MOCK_SECRETS_ENV_NAMES.some((envName) => envFlagEnabled(process.env[envName]));
+}
+export function getMagicPayClient(options = {}) {
+    if (isMockSecretBackendEnabled()) {
+        return createMockMagicPayClient(options);
+    }
+    return getLiveMagicPayClient(options);
+}
+export function getSecretBackend() {
+    if (isMockSecretBackendEnabled()) {
+        return mockSecretBackend;
+    }
+    try {
+        resolveMagicPayGatewayConfig();
+    }
+    catch {
+        throw new SecretBackendDisabledError(`Secret backend is not configured. Set MAGICPAY_API_KEY for MagicPay API access or ${mockBackendEnabledMessage()}`);
+    }
+    return magicpayApiSecretBackend;
+}
+function ensureMockSecretBackendEnabled() {
+    if (!isMockSecretBackendEnabled()) {
+        throw new SecretBackendDisabledError(`Mock secret backend is disabled. ${mockBackendEnabledMessage()}`);
+    }
+}
+export function approveMockSecretRequest(requestId) {
+    ensureMockSecretBackendEnabled();
+    return toMockSecretDecisionResult(approveMockSecretRequestRecord(requestId));
+}
+export function denyMockSecretRequest(requestId) {
+    ensureMockSecretBackendEnabled();
+    return toMockSecretDecisionResult(denyMockSecretRequestRecord(requestId));
+}
+export const __testSecretBackend = {
+    approveMockSecretRequest,
+    denyMockSecretRequest,
+};

package/dist/secret-state.d.ts

@@ -0,0 +1,7 @@
+import type { SecretCatalog, SecretRequestSnapshot } from '@mercuryo-ai/magicpay-sdk';
+import type { MagicPaySession } from './workflow-state.js';
+export declare function saveSecretCatalog(session: MagicPaySession, snapshot: SecretCatalog): SecretCatalog;
+export declare function getSecretCatalog(session: MagicPaySession, host: string): SecretCatalog | null;
+export declare function saveSecretRequestSnapshot(session: MagicPaySession, snapshot: SecretRequestSnapshot): SecretRequestSnapshot;
+export declare function getSecretRequestSnapshot(session: MagicPaySession, requestId: string): SecretRequestSnapshot | null;
+//# sourceMappingURL=secret-state.d.ts.map

package/dist/secret-state.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-state.d.ts","sourceRoot":"","sources":["../src/secret-state.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACtF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAE3D,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,eAAe,EACxB,QAAQ,EAAE,aAAa,GACtB,aAAa,CAcf;AAED,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,MAAM,GACX,aAAa,GAAG,IAAI,CAEtB;AAED,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,eAAe,EACxB,QAAQ,EAAE,qBAAqB,GAC9B,qBAAqB,CAIvB;AAED,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,eAAe,EACxB,SAAS,EAAE,MAAM,GAChB,qBAAqB,GAAG,IAAI,CAE9B"}

package/dist/secret-state.js

@@ -0,0 +1,26 @@
+export function saveSecretCatalog(session, snapshot) {
+    const catalog = (session.secretCatalogByHost ??= {});
+    catalog[snapshot.host] = {
+        ...snapshot,
+        storedSecrets: snapshot.storedSecrets.map((secret) => ({
+            ...secret,
+            fieldKeys: [...secret.fieldKeys],
+            fieldPolicies: secret.fieldPolicies ? { ...secret.fieldPolicies } : undefined,
+            preferredForMerchantKeys: secret.preferredForMerchantKeys
+                ? [...secret.preferredForMerchantKeys]
+                : undefined,
+        })),
+    };
+    return catalog[snapshot.host];
+}
+export function getSecretCatalog(session, host) {
+    return session.secretCatalogByHost?.[host] ?? null;
+}
+export function saveSecretRequestSnapshot(session, snapshot) {
+    const snapshots = (session.secretRequestSnapshots ??= {});
+    snapshots[snapshot.requestId] = { ...snapshot };
+    return snapshots[snapshot.requestId];
+}
+export function getSecretRequestSnapshot(session, requestId) {
+    return session.secretRequestSnapshots?.[requestId] ?? null;
+}

package/dist/session-backend.d.ts

@@ -0,0 +1,34 @@
+import type { ClaimRemoteSecretResponse, ClaimedRemoteSecret, CompleteRemoteSessionInput, CompleteRemoteSessionResponse, CreateRemoteSecretRequestInput, CreateRemoteSessionEventInput, CreateRemoteSessionInput, RemoteSecretRequestEnvelope, RemoteSessionEventEnvelope, RemoteSessionSecretRequestEnvelope, SessionResponse, SessionBackendCurrentRequest, SessionBackendEvent, SessionBackendRequest, SessionBackendSecretCatalogEntry, SessionBackendSession } from '@mercuryo-ai/magicpay-sdk/session-client';
+import type { CompleteRemoteSessionOutcome } from '@mercuryo-ai/magicpay-sdk/session-flow';
+export type { ClaimRemoteSecretResponse, ClaimedRemoteSecret, CompleteRemoteSessionOutcome, CompleteRemoteSessionInput, CompleteRemoteSessionResponse, CreateRemoteSecretRequestInput, CreateRemoteSessionEventInput, CreateRemoteSessionInput, RemoteSecretRequestEnvelope, RemoteSessionEventEnvelope, RemoteSessionSecretRequestEnvelope, SessionResponse, SessionBackendCurrentRequest, SessionBackendEvent, SessionBackendRequest, SessionBackendSecretCatalogEntry, SessionBackendSession, };
+export declare function getMagicPayClient(options?: {
+    fetchImpl?: typeof fetch;
+}): import("@mercuryo-ai/magicpay-sdk").MagicPayClient;
+export declare function createRemoteSession(input: CreateRemoteSessionInput, options?: {
+    fetchImpl?: typeof fetch;
+}): Promise<SessionResponse>;
+export declare function getRemoteSession(sessionId: string, options?: {
+    fetchImpl?: typeof fetch;
+}): Promise<SessionResponse>;
+export declare function getRemoteSessionSecretCatalog(sessionId: string, host: string, options?: {
+    fetchImpl?: typeof fetch;
+}): Promise<SessionBackendSecretCatalogEntry[]>;
+export declare function createRemoteSessionEvent(sessionId: string, input: CreateRemoteSessionEventInput, options?: {
+    fetchImpl?: typeof fetch;
+}): Promise<RemoteSessionEventEnvelope>;
+export declare function completeRemoteSession(sessionId: string, input: CompleteRemoteSessionInput, options?: {
+    fetchImpl?: typeof fetch;
+}): Promise<CompleteRemoteSessionResponse>;
+export declare function completeRemoteSessionWithOutcome(sessionId: string, input: CompleteRemoteSessionInput, options?: {
+    fetchImpl?: typeof fetch;
+}): Promise<CompleteRemoteSessionOutcome>;
+export declare function createRemoteSecretRequest(sessionId: string, input: CreateRemoteSecretRequestInput, options?: {
+    fetchImpl?: typeof fetch;
+}): Promise<RemoteSecretRequestEnvelope>;
+export declare function getRemoteSecretRequest(sessionId: string, requestId: string, options?: {
+    fetchImpl?: typeof fetch;
+}): Promise<RemoteSessionSecretRequestEnvelope>;
+export declare function claimRemoteSecret(sessionId: string, requestId: string, claimId: string, options?: {
+    fetchImpl?: typeof fetch;
+}): Promise<ClaimRemoteSecretResponse>;
+//# sourceMappingURL=session-backend.d.ts.map

package/dist/session-backend.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-backend.d.ts","sourceRoot":"","sources":["../src/session-backend.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EACV,yBAAyB,EACzB,mBAAmB,EACnB,0BAA0B,EAC1B,6BAA6B,EAC7B,8BAA8B,EAC9B,6BAA6B,EAC7B,wBAAwB,EACxB,2BAA2B,EAC3B,0BAA0B,EAC1B,kCAAkC,EAClC,eAAe,EACf,4BAA4B,EAC5B,mBAAmB,EACnB,qBAAqB,EACrB,gCAAgC,EAChC,qBAAqB,EACtB,MAAM,0CAA0C,CAAC;AAClD,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,wCAAwC,CAAC;AAG3F,YAAY,EACV,yBAAyB,EACzB,mBAAmB,EACnB,4BAA4B,EAC5B,0BAA0B,EAC1B,6BAA6B,EAC7B,8BAA8B,EAC9B,6BAA6B,EAC7B,wBAAwB,EACxB,2BAA2B,EAC3B,0BAA0B,EAC1B,kCAAkC,EAClC,eAAe,EACf,4BAA4B,EAC5B,mBAAmB,EACnB,qBAAqB,EACrB,gCAAgC,EAChC,qBAAqB,GACtB,CAAC;AAEF,wBAAgB,iBAAiB,CAAC,OAAO,GAAE;IAAE,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;CAAO,sDAK3E;AAED,wBAAsB,mBAAmB,CACvC,KAAK,EAAE,wBAAwB,EAC/B,OAAO,GAAE;IAAE,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;CAAO,GACzC,OAAO,CAAC,eAAe,CAAC,CAE1B;AAED,wBAAsB,gBAAgB,CACpC,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE;IAAE,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;CAAO,GACzC,OAAO,CAAC,eAAe,CAAC,CAE1B;AAED,wBAAsB,6BAA6B,CACjD,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE;IAAE,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;CAAO,GACzC,OAAO,CAAC,gCAAgC,EAAE,CAAC,CAO7C;AAED,wBAAsB,wBAAwB,CAC5C,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,6BAA6B,EACpC,OAAO,GAAE;IAAE,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;CAAO,GACzC,OAAO,CAAC,0BAA0B,CAAC,CAOrC;AAED,wBAAsB,qBAAqB,CACzC,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,0BAA0B,EACjC,OAAO,GAAE;IAAE,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;CAAO,GACzC,OAAO,CAAC,6BAA6B,CAAC,CAExC;AAED,wBAAsB,gCAAgC,CACpD,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,0BAA0B,EACjC,OAAO,GAAE;IAAE,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;CAAO,GACzC,OAAO,CAAC,4BAA4B,CAAC,CAEvC;AAED,wBAAsB,yBAAyB,CAC7C,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,8BAA8B,EACrC,OAAO,GAAE;IAAE,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;CAAO,GACzC,OAAO,CAAC,2BAA2B,CAAC,CAOtC;AAED,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE;IAAE,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;CAAO,GACzC,OAAO,CAAC,kCAAkC,CAAC,CAO7C;AAED,wBAAsB,iBAAiB,CACrC,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;IAAE,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;CAAO,GACzC,OAAO,CAAC,yBAAyB,CAAC,CAQpC"}

package/dist/session-backend.js

@@ -0,0 +1,36 @@
+import { createMagicPayClient, } from '@mercuryo-ai/magicpay-sdk';
+import { claimRemoteSecret as claimRemoteSecretWithGateway, completeRemoteSession as completeRemoteSessionWithGateway, createRemoteSecretRequest as createRemoteSecretRequestWithGateway, createRemoteSessionEvent as createRemoteSessionEventWithGateway, getRemoteSecretRequest as getRemoteSecretRequestWithGateway, getRemoteSessionSecretCatalog as getRemoteSessionSecretCatalogWithGateway, } from '@mercuryo-ai/magicpay-sdk/session-client';
+import { resolveMagicPayGatewayConfig } from './gateway.js';
+export function getMagicPayClient(options = {}) {
+    return createMagicPayClient({
+        gateway: resolveMagicPayGatewayConfig(),
+        ...(options.fetchImpl ? { fetchImpl: options.fetchImpl } : {}),
+    });
+}
+export async function createRemoteSession(input, options = {}) {
+    return getMagicPayClient(options).sessions.create(input);
+}
+export async function getRemoteSession(sessionId, options = {}) {
+    return getMagicPayClient(options).sessions.get(sessionId);
+}
+export async function getRemoteSessionSecretCatalog(sessionId, host, options = {}) {
+    return getRemoteSessionSecretCatalogWithGateway(resolveMagicPayGatewayConfig(), sessionId, host, options);
+}
+export async function createRemoteSessionEvent(sessionId, input, options = {}) {
+    return createRemoteSessionEventWithGateway(resolveMagicPayGatewayConfig(), sessionId, input, options);
+}
+export async function completeRemoteSession(sessionId, input, options = {}) {
+    return completeRemoteSessionWithGateway(resolveMagicPayGatewayConfig(), sessionId, input, options);
+}
+export async function completeRemoteSessionWithOutcome(sessionId, input, options = {}) {
+    return getMagicPayClient(options).sessions.completeWithOutcome(sessionId, input);
+}
+export async function createRemoteSecretRequest(sessionId, input, options = {}) {
+    return createRemoteSecretRequestWithGateway(resolveMagicPayGatewayConfig(), sessionId, input, options);
+}
+export async function getRemoteSecretRequest(sessionId, requestId, options = {}) {
+    return getRemoteSecretRequestWithGateway(resolveMagicPayGatewayConfig(), sessionId, requestId, options);
+}
+export async function claimRemoteSecret(sessionId, requestId, claimId, options = {}) {
+    return claimRemoteSecretWithGateway(resolveMagicPayGatewayConfig(), sessionId, requestId, claimId, options);
+}

package/dist/update-check.d.ts

@@ -0,0 +1,13 @@
+export type CliUpdateNotice = {
+    command: string;
+    message: string;
+};
+export type CliUpdateCheckOptions = {
+    fetchImpl?: typeof fetch;
+    now?: Date;
+    timeoutMs?: number;
+    ttlMs?: number;
+};
+export declare function compareVersions(left: string, right: string): number;
+export declare function checkForCliUpdate(options?: CliUpdateCheckOptions): Promise<CliUpdateNotice | null>;
+//# sourceMappingURL=update-check.d.ts.map

package/dist/update-check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"update-check.d.ts","sourceRoot":"","sources":["../src/update-check.ts"],"names":[],"mappings":"AAsBA,MAAM,MAAM,eAAe,GAAG;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;IACzB,GAAG,CAAC,EAAE,IAAI,CAAC;IACX,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CA8DnE;AAED,wBAAsB,iBAAiB,CACrC,OAAO,GAAE,qBAA0B,GAClC,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CA2BjC"}

package/dist/update-check.js

@@ -0,0 +1,175 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { dirname } from 'node:path';
+import { getMagicPayUpdateStatePath } from '@mercuryo-ai/magicpay-home';
+import { readCurrentPackageVersion } from './package-version.js';
+const PACKAGE_NAME = '@mercuryo-ai/magicpay-cli';
+const REGISTRY_METADATA_URL = `https://registry.npmjs.org/${encodeURIComponent(PACKAGE_NAME)}`;
+const DEFAULT_UPDATE_CHECK_TIMEOUT_MS = 1500;
+const DEFAULT_UPDATE_TTL_MS = 12 * 60 * 60 * 1000;
+export function compareVersions(left, right) {
+    const parsedLeft = parseVersion(left);
+    const parsedRight = parseVersion(right);
+    if (!parsedLeft || !parsedRight) {
+        return left.localeCompare(right, undefined, {
+            numeric: true,
+            sensitivity: 'base',
+        });
+    }
+    for (let i = 0; i < 3; i += 1) {
+        const diff = parsedLeft.core[i] - parsedRight.core[i];
+        if (diff !== 0) {
+            return diff;
+        }
+    }
+    if (!parsedLeft.prerelease && !parsedRight.prerelease) {
+        return 0;
+    }
+    if (!parsedLeft.prerelease) {
+        return 1;
+    }
+    if (!parsedRight.prerelease) {
+        return -1;
+    }
+    const length = Math.max(parsedLeft.prerelease.length, parsedRight.prerelease.length);
+    for (let i = 0; i < length; i += 1) {
+        const leftPart = parsedLeft.prerelease[i];
+        const rightPart = parsedRight.prerelease[i];
+        if (leftPart === undefined) {
+            return -1;
+        }
+        if (rightPart === undefined) {
+            return 1;
+        }
+        if (typeof leftPart === 'number' && typeof rightPart === 'number') {
+            const diff = leftPart - rightPart;
+            if (diff !== 0) {
+                return diff;
+            }
+            continue;
+        }
+        if (typeof leftPart === 'number') {
+            return -1;
+        }
+        if (typeof rightPart === 'number') {
+            return 1;
+        }
+        const diff = leftPart.localeCompare(rightPart);
+        if (diff !== 0) {
+            return diff;
+        }
+    }
+    return 0;
+}
+export async function checkForCliUpdate(options = {}) {
+    const currentVersion = readCurrentPackageVersion();
+    const now = options.now ?? new Date();
+    const ttlMs = options.ttlMs ?? DEFAULT_UPDATE_TTL_MS;
+    const cachedState = readUpdateState();
+    const cachedNotice = buildCliUpdateNotice(currentVersion, cachedState?.latestVersion);
+    if (cachedState && !isCacheStale(cachedState.lastCheckedAt, now, ttlMs)) {
+        return cachedNotice;
+    }
+    const latestVersion = await fetchLatestVersion({
+        fetchImpl: options.fetchImpl,
+        timeoutMs: options.timeoutMs ?? DEFAULT_UPDATE_CHECK_TIMEOUT_MS,
+    }).catch(() => null);
+    if (!latestVersion) {
+        return cachedNotice;
+    }
+    writeUpdateState({
+        packageName: PACKAGE_NAME,
+        latestVersion,
+        lastCheckedAt: now.toISOString(),
+    });
+    return buildCliUpdateNotice(currentVersion, latestVersion);
+}
+function parseVersion(version) {
+    const match = version
+        .trim()
+        .match(/^(\d+)\.(\d+)\.(\d+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+.*)?$/);
+    if (!match) {
+        return null;
+    }
+    const prerelease = match[4]
+        ? match[4].split('.').map((part) => (/^\d+$/.test(part) ? Number(part) : part))
+        : null;
+    return {
+        core: [Number(match[1]), Number(match[2]), Number(match[3])],
+        prerelease,
+    };
+}
+function buildCliUpdateNotice(currentVersion, latestVersion) {
+    if (!latestVersion || compareVersions(latestVersion, currentVersion) <= 0) {
+        return null;
+    }
+    const command = `npm i -g ${PACKAGE_NAME}@latest`;
+    return {
+        command,
+        message: `Update magicpay-cli before continuing. Run: ${command}. Then run magicpay --version and magicpay status again.`,
+    };
+}
+function readUpdateState() {
+    const updateStatePath = getUpdateStatePath();
+    if (!existsSync(updateStatePath)) {
+        return null;
+    }
+    try {
+        const raw = JSON.parse(readFileSync(updateStatePath, 'utf-8'));
+        if (raw.packageName !== PACKAGE_NAME ||
+            typeof raw.latestVersion !== 'string' ||
+            typeof raw.lastCheckedAt !== 'string') {
+            return null;
+        }
+        return {
+            packageName: raw.packageName,
+            latestVersion: raw.latestVersion,
+            lastCheckedAt: raw.lastCheckedAt,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+function writeUpdateState(state) {
+    const updateStatePath = getUpdateStatePath();
+    mkdirSync(dirname(updateStatePath), { recursive: true });
+    writeFileSync(updateStatePath, JSON.stringify(state, null, 2) + '\n', 'utf-8');
+}
+function isCacheStale(lastCheckedAt, now, ttlMs) {
+    const lastCheckedAtMs = new Date(lastCheckedAt).getTime();
+    if (!Number.isFinite(lastCheckedAtMs)) {
+        return true;
+    }
+    return now.getTime() - lastCheckedAtMs >= ttlMs;
+}
+async function fetchLatestVersion(options) {
+    const fetchImpl = options.fetchImpl ?? globalThis.fetch;
+    if (typeof fetchImpl !== 'function') {
+        throw new Error('Global fetch is not available.');
+    }
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), options.timeoutMs);
+    try {
+        const response = await fetchImpl(REGISTRY_METADATA_URL, {
+            headers: {
+                Accept: 'application/json',
+            },
+            signal: controller.signal,
+        });
+        if (!response.ok) {
+            throw new Error(`Registry responded with ${response.status}.`);
+        }
+        const metadata = (await response.json());
+        const latestVersion = metadata['dist-tags']?.latest;
+        if (!latestVersion || typeof latestVersion !== 'string') {
+            throw new Error('Registry metadata does not include dist-tags.latest.');
+        }
+        return latestVersion;
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+function getUpdateStatePath() {
+    return getMagicPayUpdateStatePath();
+}

package/dist/workflow-session-completion.d.ts

@@ -0,0 +1,32 @@
+import type { MagicPaySession } from './workflow-state.js';
+import { type CompleteRemoteSessionResponse } from './session-backend.js';
+import { type StepCommand } from './run-store.js';
+export type WorkflowSessionTerminalStatus = 'completed' | 'canceled' | 'error';
+export type WorkflowRunTerminalStatus = 'completed' | 'aborted' | 'failed';
+export type CompleteWorkflowSessionRemoteResult = {
+    success: true;
+    response: CompleteRemoteSessionResponse;
+    completedAt: string;
+    runId: string;
+    stepId: string | null;
+} | {
+    success: false;
+    error: 'workflow_session_unavailable' | 'workflow_session_already_closed' | 'workflow_run_unavailable' | 'workflow_step_unavailable' | 'backend_session_complete_failed';
+    reason: string;
+};
+export declare function formatUnknownWorkflowCompletionError(error: unknown): string;
+export declare function completeWorkflowSessionRemote(params: {
+    session: MagicPaySession;
+    stepId: string | undefined;
+    command: StepCommand;
+    terminalStatus: WorkflowSessionTerminalStatus;
+    runStatus: WorkflowRunTerminalStatus;
+    summary: string;
+    outcomeType: string;
+    message: string;
+    reason?: string;
+    details?: Record<string, unknown>;
+    allowMissingStep?: boolean;
+    fetchImpl?: typeof fetch;
+}): Promise<CompleteWorkflowSessionRemoteResult>;
+//# sourceMappingURL=workflow-session-completion.d.ts.map