@ondc/automation-mock-runner 1.3.44 → 1.3.46

package/dist/lib/MockRunner.d.ts

@@ -35,6 +35,7 @@ export declare class MockRunner {
             bap_uri?: string | undefined;
             bpp_id?: string | undefined;
             bpp_uri?: string | undefined;
+            external_session_data?: Record<string, any> | undefined;
         };
         steps: {
             api: string;

package/dist/lib/configHelper.js

@@ -29,6 +29,10 @@ function createInitialMockConfig(domain, version, flowId) {
             bap_uri: "https://bap.example.com",
             bpp_id: "bpp.example.com",
             bpp_uri: "https://bpp.example.com",
+            external_session_data: {
+                finvuUrl: "https://dev-automation.ondc.org/finvu",
+                mockBaseUrl: "https://dev-automation.ondc.org/mock",
+            },
         },
         steps: [],
         transaction_history: [],

package/dist/lib/helpers/default-helpers-source.d.ts

@@ -0,0 +1 @@
+export declare const DEFAULT_HELPERS_RAW = "\n/*\n * Default helpers available to every `generate()` in a mock step.\n *\n * Authoring rules:\n *   1. Prefer `function` declarations \u2014 they hoist, so cross-helper calls\n *      work regardless of order.\n *   2. No `require` / `import` inside function bodies. The VM sandbox has no\n *      module system. Only sandbox-whitelisted globals (Math, Date, JSON, \u2026)\n *      and sibling helpers are in scope.\n *   3. If the helper needs request-scope data, take `sessionData` as an\n *      explicit parameter. Free-variable references to `sessionData` do NOT\n *      resolve at runtime \u2014 helpers run at script scope, `sessionData` is\n *      only a parameter of `generate()`.\n *   4. Document every helper with a leading JSDoc block (`@param`, `@returns`).\n *\n * The full file (minus the trailing `module.exports = {...}` block) is\n * embedded verbatim into the sandbox bundle by\n * `scripts/generate-helpers-source.js`, so JSDoc reaches end users unchanged.\n * Re-run `npm run helpers:gen` after editing.\n */\n\n/**\n * Resolve the BPP or BAP subscriber URL from session data.\n *\n * @param {Object} sessionData  session data (reads `bppUri` or `bapUri`)\n * @param {\"bpp\"|\"bap\"|string} type  subscriber kind; anything other than \"bpp\" returns bapUri\n * @returns {string} the subscriber URL\n */\nfunction getSubscriberUrl(sessionData, type) {\n\tif (type === \"bpp\") {\n\t\treturn sessionData.bppUri;\n\t} else {\n\t\treturn sessionData.bapUri;\n\t}\n}\n\n/**\n * Generate a UUID v4 (RFC 4122, random-based).\n *\n * @returns {string} a new UUID v4, e.g. \"550e8400-e29b-41d4-a716-446655440000\"\n */\nfunction uuidv4() {\n\treturn \"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx\".replace(/[xy]/g, function (c) {\n\t\tconst r = (Math.random() * 16) | 0;\n\t\tconst v = c === \"x\" ? r : (r & 0x3) | 0x8;\n\t\treturn v.toString(16);\n\t});\n}\n\n/**\n * Generate a 6-digit numeric string ID in [100000, 999999].\n *\n * @returns {string} a zero-padded 6-digit numeric string\n */\nfunction generate6DigitId() {\n\treturn Math.floor(100000 + Math.random() * 900000).toString();\n}\n\n/**\n * Get the current ISO-8601 UTC timestamp.\n *\n * @returns {string} e.g. \"2026-04-23T12:34:56.789Z\"\n */\nfunction currentTimestamp() {\n\treturn new Date().toISOString();\n}\n\n/**\n * Convert an ISO 8601 duration string (e.g. \"PT1H30M\", \"P2DT3H\") to total seconds.\n *\n * Approximations used: 1 week = 7 days, 1 month \u2248 30.42 days (2628288 sec),\n * 1 year = 365 days. Not calendar-exact.\n *\n * @param {string} duration  ISO 8601 duration string\n * @returns {number} total seconds; 0 when the input is unparseable\n */\nfunction isoDurToSec(duration) {\n\tconst durRE =\n\t\t/P((\\d+)Y)?((\\d+)M)?((\\d+)W)?((\\d+)D)?T?((\\d+)H)?((\\d+)M)?((\\d+)S)?/;\n\tconst s = durRE.exec(duration);\n\tif (!s) return 0;\n\n\treturn (\n\t\t(Number(s?.[2]) || 0) * 31536000 +\n\t\t(Number(s?.[4]) || 0) * 2628288 +\n\t\t(Number(s?.[6]) || 0) * 604800 +\n\t\t(Number(s?.[8]) || 0) * 86400 +\n\t\t(Number(s?.[10]) || 0) * 3600 +\n\t\t(Number(s?.[12]) || 0) * 60 +\n\t\t(Number(s?.[14]) || 0)\n\t);\n}\n\n/**\n * Mutate `payload.context` in place to set the city code from `inputs.city_code`.\n *\n * Version-aware: ONDC v1.x uses flat `context.city`, v2.x uses nested\n * `context.location.city.code`. Falls back to \"*\" when `city_code` is missing.\n * No-op when `inputs` is falsy.\n *\n * @param {Object} payload  payload with a `context` to mutate\n * @param {Object|null|undefined} inputs  object with optional `city_code`\n * @returns {string|undefined} \"*\" when inputs is falsy; otherwise undefined\n */\nfunction setCityFromInputs(payload, inputs) {\n\tif (!inputs) return \"*\";\n\tconst version =\n\t\tpayload.context.version || payload.context.core_version || \"2.0.0\";\n\tif (version.startsWith(\"1\")) {\n\t\tpayload.context.city = inputs.city_code ?? \"*\";\n\t} else {\n\t\tpayload.context.location.city.code = inputs.city_code ?? \"*\";\n\t}\n}\n\n/**\n * Build a form submission URL from session data.\n *\n * @param {string} domain       ONDC domain (e.g. \"ONDC:RET10\")\n * @param {string} formId       form identifier\n * @param {Object} sessionData  reads `mockBaseUrl`, `transactionId[0]`, `sessionId`\n * @returns {string} `${baseURL}/forms/${domain}/${formId}/?transaction_id=...&session_id=...`\n */\nfunction createFormURL(domain, formId, sessionData) {\n\tconst baseURL = sessionData.mockBaseUrl;\n\tconst transactionId = sessionData.transactionId[0];\n\tconst sessionId = sessionData.sessionId;\n\treturn `${baseURL}/forms/${domain}/${formId}/?transaction_id=${transactionId}&session_id=${sessionId}`;\n}\n\n/**\n * Generate a consent handler from the Finvu AA Service.\n *\n * Reads the service base URL from `sessionData.finvuUrl` \u2014 the installing\n * service MUST include that origin in\n *   MockRunner.initSharedRunner({ allowedFetchBaseUrls: [...] })\n * otherwise the sandboxed fetch will be blocked.\n *\n * Times out after 10s via AbortController.\n *\n * @param {Object} sessionData  session data; `sessionData.finvuUrl` is required\n * @param {Object} params\n * @param {string} params.custId                customer ID (required)\n * @param {string} [params.templateName]        defaults to \"FINVUDEMO_TESTING\"\n * @param {string} [params.consentDescription]  defaults to \"Gold Loan Account Aggregator Consent\"\n * @param {string} [params.redirectUrl]         defaults to \"https://google.co.in\"\n * @returns {Promise<string>} the `consentHandler` returned by the AA service\n * @throws {Error} when `custId` or `sessionData.finvuUrl` is missing, on non-OK\n *   response, on missing `consentHandler` in the body, or on 10s timeout\n */\nasync function generateConsentHandler(\n\tsessionData,\n\t{\n\t\tcustId,\n\t\ttemplateName = \"FINVUDEMO_TESTING\",\n\t\tconsentDescription = \"Gold Loan Account Aggregator Consent\",\n\t\tredirectUrl = \"https://google.co.in\",\n\t},\n) {\n\tif (!custId) {\n\t\tthrow new Error(\"custId is required\");\n\t}\n\tconst baseUrl = sessionData && sessionData.finvuUrl;\n\tif (!baseUrl) {\n\t\tthrow new Error(\"sessionData.finvuUrl is required\");\n\t}\n\n\tconst url = `${baseUrl}/finvu-aa/consent/generate`;\n\n\tconst payload = {\n\t\tcustId,\n\t\ttemplateName,\n\t\tconsentDescription,\n\t\tredirectUrl,\n\t};\n\n\tconsole.log(\"Calling Finvu AA Service:\", url);\n\tconsole.log(\"Consent request payload:\", payload);\n\n\tconst controller = new AbortController();\n\tconst timeout = setTimeout(() => controller.abort(), 10000);\n\n\ttry {\n\t\tconst res = await fetch(url, {\n\t\t\tmethod: \"POST\",\n\t\t\theaders: {\n\t\t\t\t\"Content-Type\": \"application/json\",\n\t\t\t},\n\t\t\tbody: JSON.stringify(payload),\n\t\t\tsignal: controller.signal,\n\t\t});\n\n\t\tif (!res.ok) {\n\t\t\tconst text = await res.text();\n\t\t\tthrow new Error(`Request failed: ${res.status} ${text}`);\n\t\t}\n\n\t\tconst data = await res.json();\n\n\t\tif (!data || !data.consentHandler) {\n\t\t\tthrow new Error(\"Invalid response: consentHandler missing\");\n\t\t}\n\n\t\treturn data.consentHandler;\n\t} catch (err) {\n\t\tif (err && err.name === \"AbortError\") {\n\t\t\tthrow new Error(\"Request timed out after 10 seconds\");\n\t\t}\n\t\tthrow err;\n\t} finally {\n\t\tclearTimeout(timeout);\n\t}\n}\n";

package/dist/lib/helpers/default-helpers-source.js

@@ -0,0 +1,221 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_HELPERS_RAW = void 0;
+// AUTO-GENERATED by scripts/generate-helpers-source.js. Do not edit.
+// Source: src/lib/helpers/default-helpers.js
+/* eslint-disable */
+exports.DEFAULT_HELPERS_RAW = `
+/*
+ * Default helpers available to every \`generate()\` in a mock step.
+ *
+ * Authoring rules:
+ *   1. Prefer \`function\` declarations — they hoist, so cross-helper calls
+ *      work regardless of order.
+ *   2. No \`require\` / \`import\` inside function bodies. The VM sandbox has no
+ *      module system. Only sandbox-whitelisted globals (Math, Date, JSON, …)
+ *      and sibling helpers are in scope.
+ *   3. If the helper needs request-scope data, take \`sessionData\` as an
+ *      explicit parameter. Free-variable references to \`sessionData\` do NOT
+ *      resolve at runtime — helpers run at script scope, \`sessionData\` is
+ *      only a parameter of \`generate()\`.
+ *   4. Document every helper with a leading JSDoc block (\`@param\`, \`@returns\`).
+ *
+ * The full file (minus the trailing \`module.exports = {...}\` block) is
+ * embedded verbatim into the sandbox bundle by
+ * \`scripts/generate-helpers-source.js\`, so JSDoc reaches end users unchanged.
+ * Re-run \`npm run helpers:gen\` after editing.
+ */
+
+/**
+ * Resolve the BPP or BAP subscriber URL from session data.
+ *
+ * @param {Object} sessionData  session data (reads \`bppUri\` or \`bapUri\`)
+ * @param {"bpp"|"bap"|string} type  subscriber kind; anything other than "bpp" returns bapUri
+ * @returns {string} the subscriber URL
+ */
+function getSubscriberUrl(sessionData, type) {
+	if (type === "bpp") {
+		return sessionData.bppUri;
+	} else {
+		return sessionData.bapUri;
+	}
+}
+
+/**
+ * Generate a UUID v4 (RFC 4122, random-based).
+ *
+ * @returns {string} a new UUID v4, e.g. "550e8400-e29b-41d4-a716-446655440000"
+ */
+function uuidv4() {
+	return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, function (c) {
+		const r = (Math.random() * 16) | 0;
+		const v = c === "x" ? r : (r & 0x3) | 0x8;
+		return v.toString(16);
+	});
+}
+
+/**
+ * Generate a 6-digit numeric string ID in [100000, 999999].
+ *
+ * @returns {string} a zero-padded 6-digit numeric string
+ */
+function generate6DigitId() {
+	return Math.floor(100000 + Math.random() * 900000).toString();
+}
+
+/**
+ * Get the current ISO-8601 UTC timestamp.
+ *
+ * @returns {string} e.g. "2026-04-23T12:34:56.789Z"
+ */
+function currentTimestamp() {
+	return new Date().toISOString();
+}
+
+/**
+ * Convert an ISO 8601 duration string (e.g. "PT1H30M", "P2DT3H") to total seconds.
+ *
+ * Approximations used: 1 week = 7 days, 1 month ≈ 30.42 days (2628288 sec),
+ * 1 year = 365 days. Not calendar-exact.
+ *
+ * @param {string} duration  ISO 8601 duration string
+ * @returns {number} total seconds; 0 when the input is unparseable
+ */
+function isoDurToSec(duration) {
+	const durRE =
+		/P((\\d+)Y)?((\\d+)M)?((\\d+)W)?((\\d+)D)?T?((\\d+)H)?((\\d+)M)?((\\d+)S)?/;
+	const s = durRE.exec(duration);
+	if (!s) return 0;
+
+	return (
+		(Number(s?.[2]) || 0) * 31536000 +
+		(Number(s?.[4]) || 0) * 2628288 +
+		(Number(s?.[6]) || 0) * 604800 +
+		(Number(s?.[8]) || 0) * 86400 +
+		(Number(s?.[10]) || 0) * 3600 +
+		(Number(s?.[12]) || 0) * 60 +
+		(Number(s?.[14]) || 0)
+	);
+}
+
+/**
+ * Mutate \`payload.context\` in place to set the city code from \`inputs.city_code\`.
+ *
+ * Version-aware: ONDC v1.x uses flat \`context.city\`, v2.x uses nested
+ * \`context.location.city.code\`. Falls back to "*" when \`city_code\` is missing.
+ * No-op when \`inputs\` is falsy.
+ *
+ * @param {Object} payload  payload with a \`context\` to mutate
+ * @param {Object|null|undefined} inputs  object with optional \`city_code\`
+ * @returns {string|undefined} "*" when inputs is falsy; otherwise undefined
+ */
+function setCityFromInputs(payload, inputs) {
+	if (!inputs) return "*";
+	const version =
+		payload.context.version || payload.context.core_version || "2.0.0";
+	if (version.startsWith("1")) {
+		payload.context.city = inputs.city_code ?? "*";
+	} else {
+		payload.context.location.city.code = inputs.city_code ?? "*";
+	}
+}
+
+/**
+ * Build a form submission URL from session data.
+ *
+ * @param {string} domain       ONDC domain (e.g. "ONDC:RET10")
+ * @param {string} formId       form identifier
+ * @param {Object} sessionData  reads \`mockBaseUrl\`, \`transactionId[0]\`, \`sessionId\`
+ * @returns {string} \`\${baseURL}/forms/\${domain}/\${formId}/?transaction_id=...&session_id=...\`
+ */
+function createFormURL(domain, formId, sessionData) {
+	const baseURL = sessionData.mockBaseUrl;
+	const transactionId = sessionData.transactionId[0];
+	const sessionId = sessionData.sessionId;
+	return \`\${baseURL}/forms/\${domain}/\${formId}/?transaction_id=\${transactionId}&session_id=\${sessionId}\`;
+}
+
+/**
+ * Generate a consent handler from the Finvu AA Service.
+ *
+ * Reads the service base URL from \`sessionData.finvuUrl\` — the installing
+ * service MUST include that origin in
+ *   MockRunner.initSharedRunner({ allowedFetchBaseUrls: [...] })
+ * otherwise the sandboxed fetch will be blocked.
+ *
+ * Times out after 10s via AbortController.
+ *
+ * @param {Object} sessionData  session data; \`sessionData.finvuUrl\` is required
+ * @param {Object} params
+ * @param {string} params.custId                customer ID (required)
+ * @param {string} [params.templateName]        defaults to "FINVUDEMO_TESTING"
+ * @param {string} [params.consentDescription]  defaults to "Gold Loan Account Aggregator Consent"
+ * @param {string} [params.redirectUrl]         defaults to "https://google.co.in"
+ * @returns {Promise<string>} the \`consentHandler\` returned by the AA service
+ * @throws {Error} when \`custId\` or \`sessionData.finvuUrl\` is missing, on non-OK
+ *   response, on missing \`consentHandler\` in the body, or on 10s timeout
+ */
+async function generateConsentHandler(
+	sessionData,
+	{
+		custId,
+		templateName = "FINVUDEMO_TESTING",
+		consentDescription = "Gold Loan Account Aggregator Consent",
+		redirectUrl = "https://google.co.in",
+	},
+) {
+	if (!custId) {
+		throw new Error("custId is required");
+	}
+	const baseUrl = sessionData && sessionData.finvuUrl;
+	if (!baseUrl) {
+		throw new Error("sessionData.finvuUrl is required");
+	}
+
+	const url = \`\${baseUrl}/finvu-aa/consent/generate\`;
+
+	const payload = {
+		custId,
+		templateName,
+		consentDescription,
+		redirectUrl,
+	};
+
+	console.log("Calling Finvu AA Service:", url);
+	console.log("Consent request payload:", payload);
+
+	const controller = new AbortController();
+	const timeout = setTimeout(() => controller.abort(), 10000);
+
+	try {
+		const res = await fetch(url, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+			},
+			body: JSON.stringify(payload),
+			signal: controller.signal,
+		});
+
+		if (!res.ok) {
+			const text = await res.text();
+			throw new Error(\`Request failed: \${res.status} \${text}\`);
+		}
+
+		const data = await res.json();
+
+		if (!data || !data.consentHandler) {
+			throw new Error("Invalid response: consentHandler missing");
+		}
+
+		return data.consentHandler;
+	} catch (err) {
+		if (err && err.name === "AbortError") {
+			throw new Error("Request timed out after 10 seconds");
+		}
+		throw err;
+	} finally {
+		clearTimeout(timeout);
+	}
+}
+`;

package/dist/lib/helpers/default-helpers.d.ts

@@ -1,13 +1,83 @@
-export function getSubscriberUrl(sessionData: any, type: any): any;
+/**
+ * Resolve the BPP or BAP subscriber URL from session data.
+ *
+ * @param {Object} sessionData  session data (reads `bppUri` or `bapUri`)
+ * @param {"bpp"|"bap"|string} type  subscriber kind; anything other than "bpp" returns bapUri
+ * @returns {string} the subscriber URL
+ */
+export function getSubscriberUrl(sessionData: Object, type: "bpp" | "bap" | string): string;
+/**
+ * Generate a UUID v4 (RFC 4122, random-based).
+ *
+ * @returns {string} a new UUID v4, e.g. "550e8400-e29b-41d4-a716-446655440000"
+ */
 export function uuidv4(): string;
+/**
+ * Generate a 6-digit numeric string ID in [100000, 999999].
+ *
+ * @returns {string} a zero-padded 6-digit numeric string
+ */
 export function generate6DigitId(): string;
+/**
+ * Get the current ISO-8601 UTC timestamp.
+ *
+ * @returns {string} e.g. "2026-04-23T12:34:56.789Z"
+ */
 export function currentTimestamp(): string;
-export function isoDurToSec(duration: any): number;
-export function setCityFromInputs(payload: any, inputs: any): "*" | undefined;
-export function createFormURL(domain: any, formId: any, sessionData: any): string;
-export function generateConsentHandler(sessionData: any, { custId, templateName, consentDescription, redirectUrl, }: {
-    custId: any;
+/**
+ * Convert an ISO 8601 duration string (e.g. "PT1H30M", "P2DT3H") to total seconds.
+ *
+ * Approximations used: 1 week = 7 days, 1 month ≈ 30.42 days (2628288 sec),
+ * 1 year = 365 days. Not calendar-exact.
+ *
+ * @param {string} duration  ISO 8601 duration string
+ * @returns {number} total seconds; 0 when the input is unparseable
+ */
+export function isoDurToSec(duration: string): number;
+/**
+ * Mutate `payload.context` in place to set the city code from `inputs.city_code`.
+ *
+ * Version-aware: ONDC v1.x uses flat `context.city`, v2.x uses nested
+ * `context.location.city.code`. Falls back to "*" when `city_code` is missing.
+ * No-op when `inputs` is falsy.
+ *
+ * @param {Object} payload  payload with a `context` to mutate
+ * @param {Object|null|undefined} inputs  object with optional `city_code`
+ * @returns {string|undefined} "*" when inputs is falsy; otherwise undefined
+ */
+export function setCityFromInputs(payload: Object, inputs: Object | null | undefined): string | undefined;
+/**
+ * Build a form submission URL from session data.
+ *
+ * @param {string} domain       ONDC domain (e.g. "ONDC:RET10")
+ * @param {string} formId       form identifier
+ * @param {Object} sessionData  reads `mockBaseUrl`, `transactionId[0]`, `sessionId`
+ * @returns {string} `${baseURL}/forms/${domain}/${formId}/?transaction_id=...&session_id=...`
+ */
+export function createFormURL(domain: string, formId: string, sessionData: Object): string;
+/**
+ * Generate a consent handler from the Finvu AA Service.
+ *
+ * Reads the service base URL from `sessionData.finvuUrl` — the installing
+ * service MUST include that origin in
+ *   MockRunner.initSharedRunner({ allowedFetchBaseUrls: [...] })
+ * otherwise the sandboxed fetch will be blocked.
+ *
+ * Times out after 10s via AbortController.
+ *
+ * @param {Object} sessionData  session data; `sessionData.finvuUrl` is required
+ * @param {Object} params
+ * @param {string} params.custId                customer ID (required)
+ * @param {string} [params.templateName]        defaults to "FINVUDEMO_TESTING"
+ * @param {string} [params.consentDescription]  defaults to "Gold Loan Account Aggregator Consent"
+ * @param {string} [params.redirectUrl]         defaults to "https://google.co.in"
+ * @returns {Promise<string>} the `consentHandler` returned by the AA service
+ * @throws {Error} when `custId` or `sessionData.finvuUrl` is missing, on non-OK
+ *   response, on missing `consentHandler` in the body, or on 10s timeout
+ */
+export function generateConsentHandler(sessionData: Object, { custId, templateName, consentDescription, redirectUrl, }: {
+    custId: string;
     templateName?: string | undefined;
     consentDescription?: string | undefined;
     redirectUrl?: string | undefined;
-}): Promise<any>;
+}): Promise<string>;

package/dist/lib/helpers/default-helpers.js

@@ -2,30 +2,31 @@
 /*
  * Default helpers available to every `generate()` in a mock step.
  *
- * Authoring rules (enforced by how this file is consumed, not by tooling):
- *   1. Use `function` declarations only. Arrow `const x = () => {}` stringifies
- *      as an expression — it won't hoist or concat cleanly when each function
- *      is `.toString()`-ed into the helper bundle.
+ * Authoring rules:
+ *   1. Prefer `function` declarations — they hoist, so cross-helper calls
+ *      work regardless of order.
  *   2. No `require` / `import` inside function bodies. The VM sandbox has no
  *      module system. Only sandbox-whitelisted globals (Math, Date, JSON, …)
  *      and sibling helpers are in scope.
- *   3. Cross-helper calls are fine — every function declaration lands in the
- *      same flat script after assembly, and declarations hoist.
- *   4. Put docs INSIDE the function body (first statement). Leading comments
- *      above a declaration are dropped by `fn.toString()`, so they never
- *      reach the assembled bundle.
- *   5. If the helper needs request-scope data, take `sessionData` as an
+ *   3. If the helper needs request-scope data, take `sessionData` as an
  *      explicit parameter. Free-variable references to `sessionData` do NOT
- *      resolve at runtime — helpers are declared at script scope, `sessionData`
- *      is only a parameter of `generate()`.
+ *      resolve at runtime — helpers run at script scope, `sessionData` is
+ *      only a parameter of `generate()`.
+ *   4. Document every helper with a leading JSDoc block (`@param`, `@returns`).
  *
- * The `module.exports = {...}` line at the bottom is only used by Node
- * (index.ts and the Jest tests). `fn.toString()` never includes it, so it
- * doesn't leak into the sandbox string.
+ * The full file (minus the trailing `module.exports = {...}` block) is
+ * embedded verbatim into the sandbox bundle by
+ * `scripts/generate-helpers-source.js`, so JSDoc reaches end users unchanged.
+ * Re-run `npm run helpers:gen` after editing.
+ */
+/**
+ * Resolve the BPP or BAP subscriber URL from session data.
+ *
+ * @param {Object} sessionData  session data (reads `bppUri` or `bapUri`)
+ * @param {"bpp"|"bap"|string} type  subscriber kind; anything other than "bpp" returns bapUri
+ * @returns {string} the subscriber URL
  */
 function getSubscriberUrl(sessionData, type) {
-    // Resolve the BPP or BAP subscriber URL from session data.
-    // Usage: getSubscriberUrl(sessionData, "bpp")
     if (type === "bpp") {
         return sessionData.bppUri;
     }
@@ -33,29 +34,44 @@ function getSubscriberUrl(sessionData, type) {
         return sessionData.bapUri;
     }
 }
+/**
+ * Generate a UUID v4 (RFC 4122, random-based).
+ *
+ * @returns {string} a new UUID v4, e.g. "550e8400-e29b-41d4-a716-446655440000"
+ */
 function uuidv4() {
-    // Generates a UUID v4 (RFC 4122, random-based).
     return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, function (c) {
         const r = (Math.random() * 16) | 0;
         const v = c === "x" ? r : (r & 0x3) | 0x8;
         return v.toString(16);
     });
 }
+/**
+ * Generate a 6-digit numeric string ID in [100000, 999999].
+ *
+ * @returns {string} a zero-padded 6-digit numeric string
+ */
 function generate6DigitId() {
-    // Generate a 6-digit numeric string ID in [100000, 999999].
     return Math.floor(100000 + Math.random() * 900000).toString();
 }
+/**
+ * Get the current ISO-8601 UTC timestamp.
+ *
+ * @returns {string} e.g. "2026-04-23T12:34:56.789Z"
+ */
 function currentTimestamp() {
-    // Returns the current ISO-8601 UTC timestamp (e.g. "2026-04-23T12:34:56.789Z").
     return new Date().toISOString();
 }
+/**
+ * Convert an ISO 8601 duration string (e.g. "PT1H30M", "P2DT3H") to total seconds.
+ *
+ * Approximations used: 1 week = 7 days, 1 month ≈ 30.42 days (2628288 sec),
+ * 1 year = 365 days. Not calendar-exact.
+ *
+ * @param {string} duration  ISO 8601 duration string
+ * @returns {number} total seconds; 0 when the input is unparseable
+ */
 function isoDurToSec(duration) {
-    /*
-     * Convert an ISO 8601 duration string (e.g. "PT1H30M", "P2DT3H") to total seconds.
-     * Returns 0 for unparseable input.
-     * Approximations used: 1 week = 7 days, 1 month ≈ 30.42 days (2628288 sec),
-     * 1 year = 365 days. Not calendar-exact.
-     */
     const durRE = /P((\d+)Y)?((\d+)M)?((\d+)W)?((\d+)D)?T?((\d+)H)?((\d+)M)?((\d+)S)?/;
     const s = durRE.exec(duration);
     if (!s)
@@ -68,13 +84,18 @@ function isoDurToSec(duration) {
         (Number(s?.[12]) || 0) * 60 +
         (Number(s?.[14]) || 0));
 }
+/**
+ * Mutate `payload.context` in place to set the city code from `inputs.city_code`.
+ *
+ * Version-aware: ONDC v1.x uses flat `context.city`, v2.x uses nested
+ * `context.location.city.code`. Falls back to "*" when `city_code` is missing.
+ * No-op when `inputs` is falsy.
+ *
+ * @param {Object} payload  payload with a `context` to mutate
+ * @param {Object|null|undefined} inputs  object with optional `city_code`
+ * @returns {string|undefined} "*" when inputs is falsy; otherwise undefined
+ */
 function setCityFromInputs(payload, inputs) {
-    /*
-     * Mutates `payload.context` in place to set the city code from `inputs.city_code`.
-     * Version-aware: ONDC v1.x uses flat `context.city`, v2.x uses nested
-     * `context.location.city.code`. Falls back to "*" when city_code is missing.
-     * No-op when `inputs` is falsy.
-     */
     if (!inputs)
         return "*";
     const version = payload.context.version || payload.context.core_version || "2.0.0";
@@ -85,35 +106,41 @@ function setCityFromInputs(payload, inputs) {
         payload.context.location.city.code = inputs.city_code ?? "*";
     }
 }
+/**
+ * Build a form submission URL from session data.
+ *
+ * @param {string} domain       ONDC domain (e.g. "ONDC:RET10")
+ * @param {string} formId       form identifier
+ * @param {Object} sessionData  reads `mockBaseUrl`, `transactionId[0]`, `sessionId`
+ * @returns {string} `${baseURL}/forms/${domain}/${formId}/?transaction_id=...&session_id=...`
+ */
 function createFormURL(domain, formId, sessionData) {
-    /*
-     * Build a form submission URL from session data.
-     * Reads sessionData.mockBaseUrl, sessionData.transactionId[0], sessionData.sessionId.
-     * Returns: `${baseURL}/forms/${domain}/${formId}/?transaction_id=...&session_id=...`
-     */
     const baseURL = sessionData.mockBaseUrl;
     const transactionId = sessionData.transactionId[0];
     const sessionId = sessionData.sessionId;
     return `${baseURL}/forms/${domain}/${formId}/?transaction_id=${transactionId}&session_id=${sessionId}`;
 }
+/**
+ * Generate a consent handler from the Finvu AA Service.
+ *
+ * Reads the service base URL from `sessionData.finvuUrl` — the installing
+ * service MUST include that origin in
+ *   MockRunner.initSharedRunner({ allowedFetchBaseUrls: [...] })
+ * otherwise the sandboxed fetch will be blocked.
+ *
+ * Times out after 10s via AbortController.
+ *
+ * @param {Object} sessionData  session data; `sessionData.finvuUrl` is required
+ * @param {Object} params
+ * @param {string} params.custId                customer ID (required)
+ * @param {string} [params.templateName]        defaults to "FINVUDEMO_TESTING"
+ * @param {string} [params.consentDescription]  defaults to "Gold Loan Account Aggregator Consent"
+ * @param {string} [params.redirectUrl]         defaults to "https://google.co.in"
+ * @returns {Promise<string>} the `consentHandler` returned by the AA service
+ * @throws {Error} when `custId` or `sessionData.finvuUrl` is missing, on non-OK
+ *   response, on missing `consentHandler` in the body, or on 10s timeout
+ */
 async function generateConsentHandler(sessionData, { custId, templateName = "FINVUDEMO_TESTING", consentDescription = "Gold Loan Account Aggregator Consent", redirectUrl = "https://google.co.in", }) {
-    /*
-     * Generate a consent handler from the Finvu AA Service.
-     * Reads the service base URL from `sessionData.finvuUrl` — the installing
-     * service MUST include that origin in
-     *   MockRunner.initSharedRunner({ allowedFetchBaseUrls: [...] })
-     * otherwise the sandboxed fetch will be blocked.
-     *
-     * Times out after 10s via AbortController.
-     *
-     * @param {Object} sessionData             session data; sessionData.finvuUrl is required
-     * @param {Object} params
-     * @param {string} params.custId           customer ID (required)
-     * @param {string} [params.templateName]
-     * @param {string} [params.consentDescription]
-     * @param {string} [params.redirectUrl]
-     * @returns {Promise<string>} consentHandler
-     */
     if (!custId) {
         throw new Error("custId is required");
     }

package/dist/lib/helpers/default-helpers.test.js

@@ -226,7 +226,9 @@ describe("DEFAULT_HELPER_LIB bundle", () => {
         return sandbox;
     }
     it("does not leak `module.exports` or `require` into the bundle source", () => {
-        expect(index_1.DEFAULT_HELPER_LIB).not.toMatch(/module\.exports/);
+        // Statement-level `module.exports = ...` (line-anchored) would throw
+        // ReferenceError in the sandbox. Mentions inside comments are harmless.
+        expect(index_1.DEFAULT_HELPER_LIB).not.toMatch(/^module\.exports\s*=/m);
         expect(index_1.DEFAULT_HELPER_LIB).not.toMatch(/\brequire\s*\(/);
     });
     it("declares every expected helper as a function", () => {
@@ -250,8 +252,14 @@ describe("DEFAULT_HELPER_LIB bundle", () => {
     it("preserves in-body docs so playground users see them", () => {
         // Guard against a future refactor silently dropping the in-body comments
         // the way the pre-refactor .toString() pattern did.
-        expect(index_1.DEFAULT_HELPER_LIB).toContain("Generates a UUID v4");
+        expect(index_1.DEFAULT_HELPER_LIB).toContain("Generate a UUID v4");
         expect(index_1.DEFAULT_HELPER_LIB).toContain("ISO 8601 duration");
         expect(index_1.DEFAULT_HELPER_LIB).toContain("Finvu AA Service");
     });
+    it("preserves source fidelity (no bundler lowering / numeric packing)", () => {
+        // If a future build step reintroduces fn.toString() or otherwise lets a
+        // minifier touch the helper bodies, these canaries break.
+        expect(index_1.DEFAULT_HELPER_LIB).toContain("s?.[2]");
+        expect(index_1.DEFAULT_HELPER_LIB).toContain("100000 + Math.random() * 900000");
+    });
 });

package/dist/lib/helpers/index.js

@@ -1,47 +1,10 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.DEFAULT_HELPER_LIB = void 0;
-const defaultHelperFns = __importStar(require("./default-helpers"));
+const default_helpers_source_1 = require("./default-helpers-source");
 const HEADER = `/*
 	Custom helper functions available in all mock generate() functions.
-	Assembled from src/lib/helpers/default-helpers.js — edit there.
+	Source: src/lib/helpers/default-helpers.js — edit there, then run
+	\`npm run helpers:gen\` to refresh.
 */`;
-exports.DEFAULT_HELPER_LIB = [
-    HEADER,
-    ...Object.values(defaultHelperFns)
-        .filter((v) => typeof v === "function")
-        .map((f) => f.toString()),
-].join("\n\n");
+exports.DEFAULT_HELPER_LIB = HEADER + "\n\n" + default_helpers_source_1.DEFAULT_HELPERS_RAW;

package/dist/lib/types/mock-config.d.ts

@@ -19,6 +19,7 @@ export declare const TransactionDataSchema: z.ZodObject<{
     bap_uri: z.ZodOptional<z.ZodString>;
     bpp_id: z.ZodOptional<z.ZodString>;
     bpp_uri: z.ZodOptional<z.ZodString>;
+    external_session_data: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
 }, z.core.$strip>;
 export declare const MockConfigSchema: z.ZodObject<{
     generate: z.ZodBase64;
@@ -92,6 +93,7 @@ export declare const MockPlaygroundConfigSchema: z.ZodObject<{
         bap_uri: z.ZodOptional<z.ZodString>;
         bpp_id: z.ZodOptional<z.ZodString>;
         bpp_uri: z.ZodOptional<z.ZodString>;
+        external_session_data: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
     }, z.core.$strip>;
     steps: z.ZodArray<z.ZodObject<{
         api: z.ZodString;

package/dist/lib/types/mock-config.js

@@ -20,6 +20,7 @@ exports.TransactionDataSchema = zod_1.z.object({
     bap_uri: zod_1.z.string().min(1, "BAP URI is required").optional(),
     bpp_id: zod_1.z.string().min(1, "BPP ID is required").optional(),
     bpp_uri: zod_1.z.string().min(1, "BPP URI is required").optional(),
+    external_session_data: zod_1.z.record(zod_1.z.string(), zod_1.z.any()).optional(),
 });
 exports.MockConfigSchema = zod_1.z.object({
     generate: zod_1.z.base64(),

package/dist/test/helper-config.test.js

@@ -456,6 +456,10 @@ describe("configHelper", () => {
                 bap_uri: "https://bap.example.com",
                 bpp_id: "bpp.example.com",
                 bpp_uri: "https://bpp.example.com",
+                external_session_data: {
+                    finvuUrl: "https://dev-automation.ondc.org/finvu",
+                    mockBaseUrl: "https://dev-automation.ondc.org/mock",
+                },
             });
         });
         it("should initialize empty arrays and strings", () => {

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@ondc/automation-mock-runner",
-	"version": "1.3.44",
+	"version": "1.3.46",
 	"description": "A TypeScript library for ONDC automation mock runner",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",
@@ -11,6 +11,8 @@
 		"public"
 	],
 	"scripts": {
+		"helpers:gen": "node scripts/generate-helpers-source.js",
+		"prebuild": "npm run helpers:gen",
 		"build": "npm run clean && tsc",
 		"build:watch": "tsc --watch",
 		"start": "node dist/index.js",
@@ -18,6 +20,7 @@
 		"clean": "rm -rf dist coverage browser-dist",
 		"prepare": "npm run clean && npm run build",
 		"prepublishOnly": "npm run test && npm run build",
+		"pretest": "npm run helpers:gen",
 		"test": "jest",
 		"test:watch": "jest --watch",
 		"test:coverage": "jest --coverage",