@ondc/automation-mock-runner 1.3.43 → 1.3.45

package/dist/lib/MockRunner.d.ts

@@ -1,4 +1,5 @@
 import { BaseCodeRunner } from "./runners/base-runner";
+import { RunnerOptions } from "./runners/runner-factory";
 import { MockPlaygroundConfigType } from "./types/mock-config";
 import { Logger } from "./utils/logger";
 import { ExecutionResult } from "./types/execution-results";
@@ -7,6 +8,14 @@ export declare class MockRunner {
     private static sharedRunner;
     logger: Logger;
     private static getSharedRunner;
+    /**
+     * Initialize (or replace) the process-wide shared runner with explicit
+     * options. Call this once at service boot — before constructing any
+     * MockRunner — to configure the fetch allowlist and worker pool settings.
+     *
+     * If a shared runner already exists it is terminated and replaced.
+     */
+    static initSharedRunner(options?: RunnerOptions): BaseCodeRunner;
     constructor(config: MockPlaygroundConfigType, skipValidation?: boolean);
     getRunnerInstance(): BaseCodeRunner;
     getConfig(): {
@@ -69,9 +78,9 @@ export declare class MockRunner {
         success: boolean;
         errors?: import("zod/v4/core").$ZodIssue[];
     };
-    runGeneratePayload(actionId: string, inputs?: any): Promise<ExecutionResult>;
+    runGeneratePayload(actionId: string, inputs?: any, extraSessionData?: Record<string, any>): Promise<ExecutionResult>;
     runGeneratePayloadWithSession(actionId: string, sessionData: any): Promise<ExecutionResult>;
-    runValidatePayload(actionId: string, targetPayload: any): Promise<ExecutionResult>;
+    runValidatePayload(actionId: string, targetPayload: any, extraSessionData?: Record<string, any>): Promise<ExecutionResult>;
     runValidatePayloadWithSession(actionId: string, targetPayload: any, sessionData: any): Promise<ExecutionResult>;
     runMeetRequirements(actionId: string): Promise<ExecutionResult>;
     runMeetRequirementsWithSession(actionId: string, sessionData: any): Promise<ExecutionResult>;

package/dist/lib/MockRunner.js

@@ -18,6 +18,27 @@ class MockRunner {
         }
         return MockRunner.sharedRunner;
     }
+    /**
+     * Initialize (or replace) the process-wide shared runner with explicit
+     * options. Call this once at service boot — before constructing any
+     * MockRunner — to configure the fetch allowlist and worker pool settings.
+     *
+     * If a shared runner already exists it is terminated and replaced.
+     */
+    static initSharedRunner(options = {}) {
+        const logger = logger_1.Logger.getInstance();
+        if (MockRunner.sharedRunner) {
+            logger.warn("Replacing existing shared runner");
+            try {
+                MockRunner.sharedRunner.terminate();
+            }
+            catch (e) {
+                logger.error("Failed to terminate previous shared runner", {}, e);
+            }
+        }
+        MockRunner.sharedRunner = runner_factory_1.RunnerFactory.createRunner(options, logger);
+        return MockRunner.sharedRunner;
+    }
     constructor(config, skipValidation = false) {
         this.logger = logger_1.Logger.getInstance();
         if (!skipValidation) {
@@ -55,7 +76,7 @@ class MockRunner {
         const res = (0, validateConfig_1.validateConfigWithErrors)(this.config);
         return res;
     }
-    async runGeneratePayload(actionId, inputs = {}) {
+    async runGeneratePayload(actionId, inputs = {}, extraSessionData) {
         const executionId = this.logger.createExecutionContext(actionId);
         const startTime = Date.now();
         try {
@@ -73,6 +94,9 @@ class MockRunner {
             // Deep clone to avoid mutations
             const defaultPayload = JSON.parse(JSON.stringify(step.mock.defaultPayload));
             const sessionData = await this.getSessionDataUpToStep(index);
+            if (extraSessionData) {
+                Object.assign(sessionData, extraSessionData);
+            }
             // Validate inputs against schema if provided
             if (step.mock.inputs?.jsonSchema && Object.keys(inputs).length > 0) {
                 // TODO: Add JSON schema validation for inputs
@@ -191,7 +215,7 @@ class MockRunner {
             };
         }
     }
-    async runValidatePayload(actionId, targetPayload) {
+    async runValidatePayload(actionId, targetPayload, extraSessionData) {
         try {
             const baseActionId = MockRunner.resolveBaseActionId(actionId);
             const step = this.config.steps.find((s) => s.action_id === baseActionId);
@@ -201,6 +225,9 @@ class MockRunner {
             const index = this.config.steps.findIndex((s) => s.action_id === baseActionId);
             const schema = (0, function_registry_1.getFunctionSchema)("validate");
             const sessionData = await this.getSessionDataUpToStep(index);
+            if (extraSessionData) {
+                Object.assign(sessionData, extraSessionData);
+            }
             const result = await this.getRunnerInstance().execute(MockRunner.decodeBase64(step.mock.validate), schema, [targetPayload, sessionData]);
             return result;
         }

package/dist/lib/configHelper.js

@@ -11,6 +11,7 @@ const MockRunner_1 = require("./MockRunner");
 const uuid_1 = require("uuid");
 const terser_1 = require("terser");
 const validateConfig_1 = require("./utils/validateConfig");
+const helpers_1 = require("./helpers");
 function createInitialMockConfig(domain, version, flowId) {
     return {
         meta: {
@@ -32,65 +33,9 @@ function createInitialMockConfig(domain, version, flowId) {
         steps: [],
         transaction_history: [],
         validationLib: "",
-        helperLib: MockRunner_1.MockRunner.encodeBase64(defaultHelpers),
+        helperLib: MockRunner_1.MockRunner.encodeBase64(helpers_1.DEFAULT_HELPER_LIB),
     };
 }
-const defaultHelpers = `/*
-	Custom helper functions available in all mock generation functions.
-	these are appended below the generate function for each step.
-*/
-
-const createFormURL = (domain,formId, sessionData) => {
-	const baseURL = sessionData.mockBaseUrl;
-	const transactionId = sessionData.transactionId[0];
-	const sessionId = sessionData.sessionId;
-	return \`\${baseURL}/forms/\${domain}/\${formId}/?transaction_id=\${transactionId}&session_id=\${sessionId}\`;
-}
-
-// Generates a UUID v4
-function uuidv4() {
-	return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (c) {
-	  const r = Math.random() * 16 | 0;
-	  const v = c === 'x' ? r : (r & 0x3 | 0x8);
-	  return v.toString(16);
-	});
-}
-
-// Generate a 6 digit string ID
-function generate6DigitId() {
-	return Math.floor(100000 + Math.random() * 900000).toString();
-}
-
-// Returns the current ISO timestamp
-function currentTimestamp() {
-	return new Date().toISOString();
-}
-
-// Converts ISO 8601 duration string to total seconds
-const isoDurToSec = (duration) => {
-  const durRE = /P((\d+)Y)?((\d+)M)?((\d+)W)?((\d+)D)?T?((\d+)H)?((\d+)M)?((\d+)S)?/;
-  const s = durRE.exec(duration);
-  if (!s) return 0;
-  
-  return (Number(s?.[2]) || 0) * 31536000 +
-	(Number(s?.[4]) || 0) * 2628288 +
-	(Number(s?.[6]) || 0) * 604800 +
-	(Number(s?.[8]) || 0) * 86400 +
-	(Number(s?.[10]) || 0) * 3600 +
-	(Number(s?.[12]) || 0) * 60 +
-	(Number(s?.[14]) || 0);
-};
-
-const setCityFromInputs = (payload, inputs) => {
-	if (!inputs) return "*";
-	let version = payload.context.version || payload.context.core_version || "2.0.0";
-	if (version.startsWith("1")) {
-		payload.context.city = inputs.city_code ?? "*";
-	} else {
-		payload.context.location.city.code = inputs.city_code ?? "*";
-	}
-}
-`;
 function convertToFlowConfig(config) {
     const flowConfig = {};
     flowConfig.id = config.meta.flowId;
@@ -172,13 +117,25 @@ function convertToFlowConfig(config) {
         if (step.mock.inputs !== undefined &&
             step.mock.inputs !== null &&
             Object.keys(step.mock.inputs).length > 0) {
-            flowStep.input = [
-                {
-                    name: step.mock.inputs.id,
-                    type: step.mock.inputs.id,
-                    schema: step.mock.inputs.jsonSchema,
-                },
-            ];
+            if (step.mock.inputs.id == "finvu_verification") {
+                flowStep.input = [
+                    {
+                        name: "finvu_verification",
+                        label: "Complete Account Aggregator Verification",
+                        type: "FINVU_REDIRECT",
+                        payloadField: "$.context.aa_consent_verified",
+                    },
+                ];
+            }
+            else {
+                flowStep.input = [
+                    {
+                        name: step.mock.inputs.id,
+                        type: step.mock.inputs.id,
+                        schema: step.mock.inputs.jsonSchema,
+                    },
+                ];
+            }
         }
         if (step.mock.inputs?.oldInputs) {
             flowStep.input = step.mock.inputs.oldInputs;

package/dist/lib/constants/function-registry.js

@@ -26,7 +26,7 @@ exports.FUNCTION_REGISTRY = {
             description: "The generated payload object to be sent in the API request",
         },
         description: "Generates the mock payload for an API call",
-        timeout: 35 * 1000,
+        timeout: 45 * 1000,
         defaultBody: `  return defaultPayload;`,
         template: (body) => `/**
  * Generates the mock payload for an API call in the transaction flow.

package/dist/lib/helpers/default-helpers-source.d.ts

@@ -0,0 +1 @@
+export declare const DEFAULT_HELPERS_RAW = "\n/*\n * Default helpers available to every `generate()` in a mock step.\n *\n * Authoring rules:\n *   1. Prefer `function` declarations \u2014 they hoist, so cross-helper calls\n *      work regardless of order.\n *   2. No `require` / `import` inside function bodies. The VM sandbox has no\n *      module system. Only sandbox-whitelisted globals (Math, Date, JSON, \u2026)\n *      and sibling helpers are in scope.\n *   3. If the helper needs request-scope data, take `sessionData` as an\n *      explicit parameter. Free-variable references to `sessionData` do NOT\n *      resolve at runtime \u2014 helpers run at script scope, `sessionData` is\n *      only a parameter of `generate()`.\n *   4. Document every helper with a leading JSDoc block (`@param`, `@returns`).\n *\n * The full file (minus the trailing `module.exports = {...}` block) is\n * embedded verbatim into the sandbox bundle by\n * `scripts/generate-helpers-source.js`, so JSDoc reaches end users unchanged.\n * Re-run `npm run helpers:gen` after editing.\n */\n\n/**\n * Resolve the BPP or BAP subscriber URL from session data.\n *\n * @param {Object} sessionData  session data (reads `bppUri` or `bapUri`)\n * @param {\"bpp\"|\"bap\"|string} type  subscriber kind; anything other than \"bpp\" returns bapUri\n * @returns {string} the subscriber URL\n */\nfunction getSubscriberUrl(sessionData, type) {\n\tif (type === \"bpp\") {\n\t\treturn sessionData.bppUri;\n\t} else {\n\t\treturn sessionData.bapUri;\n\t}\n}\n\n/**\n * Generate a UUID v4 (RFC 4122, random-based).\n *\n * @returns {string} a new UUID v4, e.g. \"550e8400-e29b-41d4-a716-446655440000\"\n */\nfunction uuidv4() {\n\treturn \"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx\".replace(/[xy]/g, function (c) {\n\t\tconst r = (Math.random() * 16) | 0;\n\t\tconst v = c === \"x\" ? r : (r & 0x3) | 0x8;\n\t\treturn v.toString(16);\n\t});\n}\n\n/**\n * Generate a 6-digit numeric string ID in [100000, 999999].\n *\n * @returns {string} a zero-padded 6-digit numeric string\n */\nfunction generate6DigitId() {\n\treturn Math.floor(100000 + Math.random() * 900000).toString();\n}\n\n/**\n * Get the current ISO-8601 UTC timestamp.\n *\n * @returns {string} e.g. \"2026-04-23T12:34:56.789Z\"\n */\nfunction currentTimestamp() {\n\treturn new Date().toISOString();\n}\n\n/**\n * Convert an ISO 8601 duration string (e.g. \"PT1H30M\", \"P2DT3H\") to total seconds.\n *\n * Approximations used: 1 week = 7 days, 1 month \u2248 30.42 days (2628288 sec),\n * 1 year = 365 days. Not calendar-exact.\n *\n * @param {string} duration  ISO 8601 duration string\n * @returns {number} total seconds; 0 when the input is unparseable\n */\nfunction isoDurToSec(duration) {\n\tconst durRE =\n\t\t/P((\\d+)Y)?((\\d+)M)?((\\d+)W)?((\\d+)D)?T?((\\d+)H)?((\\d+)M)?((\\d+)S)?/;\n\tconst s = durRE.exec(duration);\n\tif (!s) return 0;\n\n\treturn (\n\t\t(Number(s?.[2]) || 0) * 31536000 +\n\t\t(Number(s?.[4]) || 0) * 2628288 +\n\t\t(Number(s?.[6]) || 0) * 604800 +\n\t\t(Number(s?.[8]) || 0) * 86400 +\n\t\t(Number(s?.[10]) || 0) * 3600 +\n\t\t(Number(s?.[12]) || 0) * 60 +\n\t\t(Number(s?.[14]) || 0)\n\t);\n}\n\n/**\n * Mutate `payload.context` in place to set the city code from `inputs.city_code`.\n *\n * Version-aware: ONDC v1.x uses flat `context.city`, v2.x uses nested\n * `context.location.city.code`. Falls back to \"*\" when `city_code` is missing.\n * No-op when `inputs` is falsy.\n *\n * @param {Object} payload  payload with a `context` to mutate\n * @param {Object|null|undefined} inputs  object with optional `city_code`\n * @returns {string|undefined} \"*\" when inputs is falsy; otherwise undefined\n */\nfunction setCityFromInputs(payload, inputs) {\n\tif (!inputs) return \"*\";\n\tconst version =\n\t\tpayload.context.version || payload.context.core_version || \"2.0.0\";\n\tif (version.startsWith(\"1\")) {\n\t\tpayload.context.city = inputs.city_code ?? \"*\";\n\t} else {\n\t\tpayload.context.location.city.code = inputs.city_code ?? \"*\";\n\t}\n}\n\n/**\n * Build a form submission URL from session data.\n *\n * @param {string} domain       ONDC domain (e.g. \"ONDC:RET10\")\n * @param {string} formId       form identifier\n * @param {Object} sessionData  reads `mockBaseUrl`, `transactionId[0]`, `sessionId`\n * @returns {string} `${baseURL}/forms/${domain}/${formId}/?transaction_id=...&session_id=...`\n */\nfunction createFormURL(domain, formId, sessionData) {\n\tconst baseURL = sessionData.mockBaseUrl;\n\tconst transactionId = sessionData.transactionId[0];\n\tconst sessionId = sessionData.sessionId;\n\treturn `${baseURL}/forms/${domain}/${formId}/?transaction_id=${transactionId}&session_id=${sessionId}`;\n}\n\n/**\n * Generate a consent handler from the Finvu AA Service.\n *\n * Reads the service base URL from `sessionData.finvuUrl` \u2014 the installing\n * service MUST include that origin in\n *   MockRunner.initSharedRunner({ allowedFetchBaseUrls: [...] })\n * otherwise the sandboxed fetch will be blocked.\n *\n * Times out after 10s via AbortController.\n *\n * @param {Object} sessionData  session data; `sessionData.finvuUrl` is required\n * @param {Object} params\n * @param {string} params.custId                customer ID (required)\n * @param {string} [params.templateName]        defaults to \"FINVUDEMO_TESTING\"\n * @param {string} [params.consentDescription]  defaults to \"Gold Loan Account Aggregator Consent\"\n * @param {string} [params.redirectUrl]         defaults to \"https://google.co.in\"\n * @returns {Promise<string>} the `consentHandler` returned by the AA service\n * @throws {Error} when `custId` or `sessionData.finvuUrl` is missing, on non-OK\n *   response, on missing `consentHandler` in the body, or on 10s timeout\n */\nasync function generateConsentHandler(\n\tsessionData,\n\t{\n\t\tcustId,\n\t\ttemplateName = \"FINVUDEMO_TESTING\",\n\t\tconsentDescription = \"Gold Loan Account Aggregator Consent\",\n\t\tredirectUrl = \"https://google.co.in\",\n\t},\n) {\n\tif (!custId) {\n\t\tthrow new Error(\"custId is required\");\n\t}\n\tconst baseUrl = sessionData && sessionData.finvuUrl;\n\tif (!baseUrl) {\n\t\tthrow new Error(\"sessionData.finvuUrl is required\");\n\t}\n\n\tconst url = `${baseUrl}/finvu-aa/consent/generate`;\n\n\tconst payload = {\n\t\tcustId,\n\t\ttemplateName,\n\t\tconsentDescription,\n\t\tredirectUrl,\n\t};\n\n\tconsole.log(\"Calling Finvu AA Service:\", url);\n\tconsole.log(\"Consent request payload:\", payload);\n\n\tconst controller = new AbortController();\n\tconst timeout = setTimeout(() => controller.abort(), 10000);\n\n\ttry {\n\t\tconst res = await fetch(url, {\n\t\t\tmethod: \"POST\",\n\t\t\theaders: {\n\t\t\t\t\"Content-Type\": \"application/json\",\n\t\t\t},\n\t\t\tbody: JSON.stringify(payload),\n\t\t\tsignal: controller.signal,\n\t\t});\n\n\t\tif (!res.ok) {\n\t\t\tconst text = await res.text();\n\t\t\tthrow new Error(`Request failed: ${res.status} ${text}`);\n\t\t}\n\n\t\tconst data = await res.json();\n\n\t\tif (!data || !data.consentHandler) {\n\t\t\tthrow new Error(\"Invalid response: consentHandler missing\");\n\t\t}\n\n\t\treturn data.consentHandler;\n\t} catch (err) {\n\t\tif (err && err.name === \"AbortError\") {\n\t\t\tthrow new Error(\"Request timed out after 10 seconds\");\n\t\t}\n\t\tthrow err;\n\t} finally {\n\t\tclearTimeout(timeout);\n\t}\n}\n";

package/dist/lib/helpers/default-helpers-source.js

@@ -0,0 +1,221 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_HELPERS_RAW = void 0;
+// AUTO-GENERATED by scripts/generate-helpers-source.js. Do not edit.
+// Source: src/lib/helpers/default-helpers.js
+/* eslint-disable */
+exports.DEFAULT_HELPERS_RAW = `
+/*
+ * Default helpers available to every \`generate()\` in a mock step.
+ *
+ * Authoring rules:
+ *   1. Prefer \`function\` declarations — they hoist, so cross-helper calls
+ *      work regardless of order.
+ *   2. No \`require\` / \`import\` inside function bodies. The VM sandbox has no
+ *      module system. Only sandbox-whitelisted globals (Math, Date, JSON, …)
+ *      and sibling helpers are in scope.
+ *   3. If the helper needs request-scope data, take \`sessionData\` as an
+ *      explicit parameter. Free-variable references to \`sessionData\` do NOT
+ *      resolve at runtime — helpers run at script scope, \`sessionData\` is
+ *      only a parameter of \`generate()\`.
+ *   4. Document every helper with a leading JSDoc block (\`@param\`, \`@returns\`).
+ *
+ * The full file (minus the trailing \`module.exports = {...}\` block) is
+ * embedded verbatim into the sandbox bundle by
+ * \`scripts/generate-helpers-source.js\`, so JSDoc reaches end users unchanged.
+ * Re-run \`npm run helpers:gen\` after editing.
+ */
+
+/**
+ * Resolve the BPP or BAP subscriber URL from session data.
+ *
+ * @param {Object} sessionData  session data (reads \`bppUri\` or \`bapUri\`)
+ * @param {"bpp"|"bap"|string} type  subscriber kind; anything other than "bpp" returns bapUri
+ * @returns {string} the subscriber URL
+ */
+function getSubscriberUrl(sessionData, type) {
+	if (type === "bpp") {
+		return sessionData.bppUri;
+	} else {
+		return sessionData.bapUri;
+	}
+}
+
+/**
+ * Generate a UUID v4 (RFC 4122, random-based).
+ *
+ * @returns {string} a new UUID v4, e.g. "550e8400-e29b-41d4-a716-446655440000"
+ */
+function uuidv4() {
+	return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, function (c) {
+		const r = (Math.random() * 16) | 0;
+		const v = c === "x" ? r : (r & 0x3) | 0x8;
+		return v.toString(16);
+	});
+}
+
+/**
+ * Generate a 6-digit numeric string ID in [100000, 999999].
+ *
+ * @returns {string} a zero-padded 6-digit numeric string
+ */
+function generate6DigitId() {
+	return Math.floor(100000 + Math.random() * 900000).toString();
+}
+
+/**
+ * Get the current ISO-8601 UTC timestamp.
+ *
+ * @returns {string} e.g. "2026-04-23T12:34:56.789Z"
+ */
+function currentTimestamp() {
+	return new Date().toISOString();
+}
+
+/**
+ * Convert an ISO 8601 duration string (e.g. "PT1H30M", "P2DT3H") to total seconds.
+ *
+ * Approximations used: 1 week = 7 days, 1 month ≈ 30.42 days (2628288 sec),
+ * 1 year = 365 days. Not calendar-exact.
+ *
+ * @param {string} duration  ISO 8601 duration string
+ * @returns {number} total seconds; 0 when the input is unparseable
+ */
+function isoDurToSec(duration) {
+	const durRE =
+		/P((\\d+)Y)?((\\d+)M)?((\\d+)W)?((\\d+)D)?T?((\\d+)H)?((\\d+)M)?((\\d+)S)?/;
+	const s = durRE.exec(duration);
+	if (!s) return 0;
+
+	return (
+		(Number(s?.[2]) || 0) * 31536000 +
+		(Number(s?.[4]) || 0) * 2628288 +
+		(Number(s?.[6]) || 0) * 604800 +
+		(Number(s?.[8]) || 0) * 86400 +
+		(Number(s?.[10]) || 0) * 3600 +
+		(Number(s?.[12]) || 0) * 60 +
+		(Number(s?.[14]) || 0)
+	);
+}
+
+/**
+ * Mutate \`payload.context\` in place to set the city code from \`inputs.city_code\`.
+ *
+ * Version-aware: ONDC v1.x uses flat \`context.city\`, v2.x uses nested
+ * \`context.location.city.code\`. Falls back to "*" when \`city_code\` is missing.
+ * No-op when \`inputs\` is falsy.
+ *
+ * @param {Object} payload  payload with a \`context\` to mutate
+ * @param {Object|null|undefined} inputs  object with optional \`city_code\`
+ * @returns {string|undefined} "*" when inputs is falsy; otherwise undefined
+ */
+function setCityFromInputs(payload, inputs) {
+	if (!inputs) return "*";
+	const version =
+		payload.context.version || payload.context.core_version || "2.0.0";
+	if (version.startsWith("1")) {
+		payload.context.city = inputs.city_code ?? "*";
+	} else {
+		payload.context.location.city.code = inputs.city_code ?? "*";
+	}
+}
+
+/**
+ * Build a form submission URL from session data.
+ *
+ * @param {string} domain       ONDC domain (e.g. "ONDC:RET10")
+ * @param {string} formId       form identifier
+ * @param {Object} sessionData  reads \`mockBaseUrl\`, \`transactionId[0]\`, \`sessionId\`
+ * @returns {string} \`\${baseURL}/forms/\${domain}/\${formId}/?transaction_id=...&session_id=...\`
+ */
+function createFormURL(domain, formId, sessionData) {
+	const baseURL = sessionData.mockBaseUrl;
+	const transactionId = sessionData.transactionId[0];
+	const sessionId = sessionData.sessionId;
+	return \`\${baseURL}/forms/\${domain}/\${formId}/?transaction_id=\${transactionId}&session_id=\${sessionId}\`;
+}
+
+/**
+ * Generate a consent handler from the Finvu AA Service.
+ *
+ * Reads the service base URL from \`sessionData.finvuUrl\` — the installing
+ * service MUST include that origin in
+ *   MockRunner.initSharedRunner({ allowedFetchBaseUrls: [...] })
+ * otherwise the sandboxed fetch will be blocked.
+ *
+ * Times out after 10s via AbortController.
+ *
+ * @param {Object} sessionData  session data; \`sessionData.finvuUrl\` is required
+ * @param {Object} params
+ * @param {string} params.custId                customer ID (required)
+ * @param {string} [params.templateName]        defaults to "FINVUDEMO_TESTING"
+ * @param {string} [params.consentDescription]  defaults to "Gold Loan Account Aggregator Consent"
+ * @param {string} [params.redirectUrl]         defaults to "https://google.co.in"
+ * @returns {Promise<string>} the \`consentHandler\` returned by the AA service
+ * @throws {Error} when \`custId\` or \`sessionData.finvuUrl\` is missing, on non-OK
+ *   response, on missing \`consentHandler\` in the body, or on 10s timeout
+ */
+async function generateConsentHandler(
+	sessionData,
+	{
+		custId,
+		templateName = "FINVUDEMO_TESTING",
+		consentDescription = "Gold Loan Account Aggregator Consent",
+		redirectUrl = "https://google.co.in",
+	},
+) {
+	if (!custId) {
+		throw new Error("custId is required");
+	}
+	const baseUrl = sessionData && sessionData.finvuUrl;
+	if (!baseUrl) {
+		throw new Error("sessionData.finvuUrl is required");
+	}
+
+	const url = \`\${baseUrl}/finvu-aa/consent/generate\`;
+
+	const payload = {
+		custId,
+		templateName,
+		consentDescription,
+		redirectUrl,
+	};
+
+	console.log("Calling Finvu AA Service:", url);
+	console.log("Consent request payload:", payload);
+
+	const controller = new AbortController();
+	const timeout = setTimeout(() => controller.abort(), 10000);
+
+	try {
+		const res = await fetch(url, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+			},
+			body: JSON.stringify(payload),
+			signal: controller.signal,
+		});
+
+		if (!res.ok) {
+			const text = await res.text();
+			throw new Error(\`Request failed: \${res.status} \${text}\`);
+		}
+
+		const data = await res.json();
+
+		if (!data || !data.consentHandler) {
+			throw new Error("Invalid response: consentHandler missing");
+		}
+
+		return data.consentHandler;
+	} catch (err) {
+		if (err && err.name === "AbortError") {
+			throw new Error("Request timed out after 10 seconds");
+		}
+		throw err;
+	} finally {
+		clearTimeout(timeout);
+	}
+}
+`;

package/dist/lib/helpers/default-helpers.d.ts

@@ -0,0 +1,83 @@
+/**
+ * Resolve the BPP or BAP subscriber URL from session data.
+ *
+ * @param {Object} sessionData  session data (reads `bppUri` or `bapUri`)
+ * @param {"bpp"|"bap"|string} type  subscriber kind; anything other than "bpp" returns bapUri
+ * @returns {string} the subscriber URL
+ */
+export function getSubscriberUrl(sessionData: Object, type: "bpp" | "bap" | string): string;
+/**
+ * Generate a UUID v4 (RFC 4122, random-based).
+ *
+ * @returns {string} a new UUID v4, e.g. "550e8400-e29b-41d4-a716-446655440000"
+ */
+export function uuidv4(): string;
+/**
+ * Generate a 6-digit numeric string ID in [100000, 999999].
+ *
+ * @returns {string} a zero-padded 6-digit numeric string
+ */
+export function generate6DigitId(): string;
+/**
+ * Get the current ISO-8601 UTC timestamp.
+ *
+ * @returns {string} e.g. "2026-04-23T12:34:56.789Z"
+ */
+export function currentTimestamp(): string;
+/**
+ * Convert an ISO 8601 duration string (e.g. "PT1H30M", "P2DT3H") to total seconds.
+ *
+ * Approximations used: 1 week = 7 days, 1 month ≈ 30.42 days (2628288 sec),
+ * 1 year = 365 days. Not calendar-exact.
+ *
+ * @param {string} duration  ISO 8601 duration string
+ * @returns {number} total seconds; 0 when the input is unparseable
+ */
+export function isoDurToSec(duration: string): number;
+/**
+ * Mutate `payload.context` in place to set the city code from `inputs.city_code`.
+ *
+ * Version-aware: ONDC v1.x uses flat `context.city`, v2.x uses nested
+ * `context.location.city.code`. Falls back to "*" when `city_code` is missing.
+ * No-op when `inputs` is falsy.
+ *
+ * @param {Object} payload  payload with a `context` to mutate
+ * @param {Object|null|undefined} inputs  object with optional `city_code`
+ * @returns {string|undefined} "*" when inputs is falsy; otherwise undefined
+ */
+export function setCityFromInputs(payload: Object, inputs: Object | null | undefined): string | undefined;
+/**
+ * Build a form submission URL from session data.
+ *
+ * @param {string} domain       ONDC domain (e.g. "ONDC:RET10")
+ * @param {string} formId       form identifier
+ * @param {Object} sessionData  reads `mockBaseUrl`, `transactionId[0]`, `sessionId`
+ * @returns {string} `${baseURL}/forms/${domain}/${formId}/?transaction_id=...&session_id=...`
+ */
+export function createFormURL(domain: string, formId: string, sessionData: Object): string;
+/**
+ * Generate a consent handler from the Finvu AA Service.
+ *
+ * Reads the service base URL from `sessionData.finvuUrl` — the installing
+ * service MUST include that origin in
+ *   MockRunner.initSharedRunner({ allowedFetchBaseUrls: [...] })
+ * otherwise the sandboxed fetch will be blocked.
+ *
+ * Times out after 10s via AbortController.
+ *
+ * @param {Object} sessionData  session data; `sessionData.finvuUrl` is required
+ * @param {Object} params
+ * @param {string} params.custId                customer ID (required)
+ * @param {string} [params.templateName]        defaults to "FINVUDEMO_TESTING"
+ * @param {string} [params.consentDescription]  defaults to "Gold Loan Account Aggregator Consent"
+ * @param {string} [params.redirectUrl]         defaults to "https://google.co.in"
+ * @returns {Promise<string>} the `consentHandler` returned by the AA service
+ * @throws {Error} when `custId` or `sessionData.finvuUrl` is missing, on non-OK
+ *   response, on missing `consentHandler` in the body, or on 10s timeout
+ */
+export function generateConsentHandler(sessionData: Object, { custId, templateName, consentDescription, redirectUrl, }: {
+    custId: string;
+    templateName?: string | undefined;
+    consentDescription?: string | undefined;
+    redirectUrl?: string | undefined;
+}): Promise<string>;