npm - @useagentpay/sdk - Versions diffs - 0.1.1 → 0.1.3 - Mend

@useagentpay/sdk 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/index.js CHANGED Viewed

@@ -91,6 +91,136 @@ var init_errors = __esm({
   }
 });
+// src/utils/paths.ts
+import { homedir } from "os";
+import { join } from "path";
+import { existsSync } from "fs";
+function getHomePath() {
+  if (process.env.AGENTPAY_HOME) return process.env.AGENTPAY_HOME;
+  const local = join(process.cwd(), "agentpay");
+  if (existsSync(local)) return local;
+  return join(homedir(), ".agentpay");
+}
+function getCredentialsPath() {
+  return join(getHomePath(), "credentials.enc");
+}
+function getKeysPath() {
+  return join(getHomePath(), "keys");
+}
+function getPublicKeyPath() {
+  return join(getKeysPath(), "public.pem");
+}
+function getPrivateKeyPath() {
+  return join(getKeysPath(), "private.pem");
+}
+function getWalletPath() {
+  return join(getHomePath(), "wallet.json");
+}
+function getTransactionsPath() {
+  return join(getHomePath(), "transactions.json");
+}
+function getAuditPath() {
+  return join(getHomePath(), "audit.log");
+}
+var init_paths = __esm({
+  "src/utils/paths.ts"() {
+    "use strict";
+    init_esm_shims();
+  }
+});
+// src/auth/keypair.ts
+import { generateKeyPairSync } from "crypto";
+import { readFileSync as readFileSync2, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2 } from "fs";
+import { dirname as dirname2 } from "path";
+function generateKeyPair(passphrase) {
+  const { publicKey, privateKey } = generateKeyPairSync("ed25519", {
+    publicKeyEncoding: { type: "spki", format: "pem" },
+    privateKeyEncoding: {
+      type: "pkcs8",
+      format: "pem",
+      cipher: "aes-256-cbc",
+      passphrase
+    }
+  });
+  return { publicKey, privateKey };
+}
+function saveKeyPair(keys, publicPath, privatePath) {
+  const pubPath = publicPath ?? getPublicKeyPath();
+  const privPath = privatePath ?? getPrivateKeyPath();
+  mkdirSync2(dirname2(pubPath), { recursive: true });
+  writeFileSync2(pubPath, keys.publicKey, { mode: 420 });
+  writeFileSync2(privPath, keys.privateKey, { mode: 384 });
+}
+function loadPublicKey(path2) {
+  return readFileSync2(path2 ?? getPublicKeyPath(), "utf8");
+}
+function loadPrivateKey(path2) {
+  return readFileSync2(path2 ?? getPrivateKeyPath(), "utf8");
+}
+var init_keypair = __esm({
+  "src/auth/keypair.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_paths();
+  }
+});
+// src/auth/mandate.ts
+import { createHash, createPrivateKey, createPublicKey as createPublicKey2, sign, verify } from "crypto";
+function hashTransactionDetails(details) {
+  const canonical = JSON.stringify({
+    txId: details.txId,
+    merchant: details.merchant,
+    amount: details.amount,
+    description: details.description,
+    timestamp: details.timestamp
+  });
+  return createHash("sha256").update(canonical).digest("hex");
+}
+function createMandate(txDetails, privateKeyPem, passphrase) {
+  const txHash = hashTransactionDetails(txDetails);
+  const data = Buffer.from(txHash);
+  const privateKey = createPrivateKey({
+    key: privateKeyPem,
+    format: "pem",
+    type: "pkcs8",
+    passphrase
+  });
+  const signature = sign(null, data, privateKey);
+  const publicKey = createPublicKey2(privateKey);
+  const publicKeyPem = publicKey.export({ type: "spki", format: "pem" });
+  return {
+    txId: txDetails.txId,
+    txHash,
+    signature: signature.toString("base64"),
+    publicKey: publicKeyPem,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function verifyMandate(mandate, txDetails) {
+  try {
+    const txHash = hashTransactionDetails(txDetails);
+    if (txHash !== mandate.txHash) return false;
+    const data = Buffer.from(txHash);
+    const signature = Buffer.from(mandate.signature, "base64");
+    const publicKey = createPublicKey2({
+      key: mandate.publicKey,
+      format: "pem",
+      type: "spki"
+    });
+    return verify(null, data, publicKey, signature);
+  } catch {
+    return false;
+  }
+}
+var init_mandate = __esm({
+  "src/auth/mandate.ts"() {
+    "use strict";
+    init_esm_shims();
+  }
+});
 // src/transactions/poller.ts
 var poller_exports = {};
 __export(poller_exports, {
@@ -117,6 +247,1021 @@ var init_poller = __esm({
   }
 });
+// src/server/approval-html.ts
+function esc(s) {
+  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+function formatCurrency2(n) {
+  return "$" + n.toFixed(2);
+}
+function getApprovalHtml(token, tx) {
+  const lines = [];
+  lines.push(`<div class="detail"><span class="detail-label">Merchant</span><span class="detail-value">${esc(tx.merchant)}</span></div>`);
+  lines.push(`<div class="detail"><span class="detail-label">Amount</span><span class="detail-value">${formatCurrency2(tx.amount)}</span></div>`);
+  lines.push(`<div class="detail"><span class="detail-label">Description</span><span class="detail-value">${esc(tx.description)}</span></div>`);
+  if (tx.url) {
+    lines.push(`<div class="detail"><span class="detail-label">URL</span><span class="detail-value"><a href="${esc(tx.url)}" target="_blank" rel="noopener" style="color:#111;">${esc(tx.url)}</a></span></div>`);
+  }
+  lines.push(`<div class="detail"><span class="detail-label">Transaction</span><span class="detail-value" style="font-family:monospace;font-size:12px;">${esc(tx.id)}</span></div>`);
+  const contextHtml = `<div class="card context-card">${lines.join("")}</div>`;
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>AgentPay \u2014 Approve Purchase</title>
+<style>
+  *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+  body {
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+    background: #f5f5f5;
+    color: #111;
+    min-height: 100vh;
+    display: flex;
+    justify-content: center;
+    padding: 40px 16px;
+  }
+  .container { width: 100%; max-width: 420px; }
+  h1 { font-size: 24px; font-weight: 700; margin-bottom: 4px; }
+  .subtitle { color: #666; font-size: 14px; margin-bottom: 24px; }
+  .card {
+    background: #fff;
+    border-radius: 8px;
+    padding: 24px;
+    margin-bottom: 16px;
+    border: 1px solid #e0e0e0;
+  }
+  .context-card { padding: 16px 20px; }
+  .detail {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: 8px 0;
+    border-bottom: 1px solid #f0f0f0;
+  }
+  .detail:last-child { border-bottom: none; }
+  .detail-label { font-size: 13px; color: #666; }
+  .detail-value { font-size: 14px; font-weight: 600; }
+  label { display: block; font-size: 13px; font-weight: 500; color: #333; margin-bottom: 6px; }
+  input[type="password"], textarea {
+    width: 100%;
+    padding: 12px 14px;
+    border: 1px solid #d0d0d0;
+    border-radius: 8px;
+    font-size: 15px;
+    font-family: inherit;
+    outline: none;
+    transition: border-color 0.15s;
+  }
+  input[type="password"]:focus, textarea:focus { border-color: #111; }
+  textarea { resize: vertical; min-height: 60px; margin-top: 8px; }
+  .btn-row { display: flex; gap: 12px; margin-top: 16px; }
+  .btn-approve, .btn-deny {
+    flex: 1;
+    padding: 12px;
+    border: none;
+    border-radius: 8px;
+    font-size: 14px;
+    font-weight: 600;
+    cursor: pointer;
+    transition: opacity 0.15s;
+  }
+  .btn-approve { background: #111; color: #fff; }
+  .btn-approve:hover { opacity: 0.85; }
+  .btn-approve:disabled { opacity: 0.5; cursor: not-allowed; }
+  .btn-deny { background: #fff; color: #c62828; border: 2px solid #c62828; }
+  .btn-deny:hover { opacity: 0.85; }
+  .btn-deny:disabled { opacity: 0.5; cursor: not-allowed; }
+  .error { color: #c62828; font-size: 13px; margin-top: 10px; }
+  .success-screen {
+    text-align: center;
+    padding: 40px 0;
+  }
+  .checkmark { font-size: 48px; margin-bottom: 16px; }
+  .success-msg { font-size: 16px; font-weight: 600; margin-bottom: 8px; }
+  .success-hint { font-size: 13px; color: #666; }
+  .hidden { display: none; }
+  .reason-section { margin-top: 12px; }
+</style>
+</head>
+<body>
+<div class="container">
+  <div id="form-view">
+    <h1>AgentPay</h1>
+    <p class="subtitle">Approve Purchase</p>
+    ${contextHtml}
+    <div class="card">
+      <label for="passphrase">Passphrase</label>
+      <input type="password" id="passphrase" placeholder="Enter your passphrase" autofocus>
+      <div id="reason-section" class="reason-section hidden">
+        <label for="reason">Reason (optional)</label>
+        <textarea id="reason" placeholder="Why are you denying this purchase?"></textarea>
+      </div>
+      <div id="error" class="error hidden"></div>
+      <div class="btn-row">
+        <button class="btn-approve" id="btn-approve">Approve</button>
+        <button class="btn-deny" id="btn-deny">Deny</button>
+      </div>
+    </div>
+  </div>
+  <div id="success-view" class="hidden">
+    <h1>AgentPay</h1>
+    <p class="subtitle" id="success-subtitle"></p>
+    <div class="card">
+      <div class="success-screen">
+        <div class="checkmark" id="success-icon"></div>
+        <div class="success-msg" id="success-msg"></div>
+        <div class="success-hint">This tab will close automatically.</div>
+      </div>
+    </div>
+  </div>
+</div>
+<script>
+(function() {
+  var token = ${JSON.stringify(token)};
+  var form = document.getElementById('form-view');
+  var successView = document.getElementById('success-view');
+  var input = document.getElementById('passphrase');
+  var btnApprove = document.getElementById('btn-approve');
+  var btnDeny = document.getElementById('btn-deny');
+  var errDiv = document.getElementById('error');
+  var reasonSection = document.getElementById('reason-section');
+  var reasonInput = document.getElementById('reason');
+  var successSubtitle = document.getElementById('success-subtitle');
+  var successIcon = document.getElementById('success-icon');
+  var successMsg = document.getElementById('success-msg');
+  var denyMode = false;
+  function showError(msg) {
+    errDiv.textContent = msg;
+    errDiv.classList.remove('hidden');
+  }
+  function clearError() {
+    errDiv.classList.add('hidden');
+  }
+  function disableButtons() {
+    btnApprove.disabled = true;
+    btnDeny.disabled = true;
+  }
+  function enableButtons() {
+    btnApprove.disabled = false;
+    btnDeny.disabled = false;
+  }
+  function showSuccess(approved) {
+    form.classList.add('hidden');
+    successView.classList.remove('hidden');
+    if (approved) {
+      successSubtitle.textContent = 'Purchase Approved';
+      successIcon.innerHTML = '&#10003;';
+      successIcon.style.color = '#2e7d32';
+      successMsg.textContent = 'Transaction approved and signed.';
+    } else {
+      successSubtitle.textContent = 'Purchase Denied';
+      successIcon.innerHTML = '&#10007;';
+      successIcon.style.color = '#c62828';
+      successMsg.textContent = 'Transaction has been denied.';
+    }
+    setTimeout(function() { window.close(); }, 3000);
+  }
+  function doApprove() {
+    var passphrase = input.value;
+    if (!passphrase) {
+      showError('Passphrase is required to approve.');
+      return;
+    }
+    clearError();
+    disableButtons();
+    btnApprove.textContent = 'Approving...';
+    fetch('/api/approve', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ token: token, passphrase: passphrase })
+    })
+    .then(function(res) { return res.json(); })
+    .then(function(data) {
+      if (data.error) {
+        showError(data.error);
+        enableButtons();
+        btnApprove.textContent = 'Approve';
+      } else {
+        showSuccess(true);
+      }
+    })
+    .catch(function() {
+      showError('Failed to submit. Is the CLI still running?');
+      enableButtons();
+      btnApprove.textContent = 'Approve';
+    });
+  }
+  function doReject() {
+    if (!denyMode) {
+      denyMode = true;
+      reasonSection.classList.remove('hidden');
+      btnDeny.textContent = 'Confirm Deny';
+      reasonInput.focus();
+      return;
+    }
+    clearError();
+    disableButtons();
+    btnDeny.textContent = 'Denying...';
+    fetch('/api/reject', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ token: token, reason: reasonInput.value || undefined })
+    })
+    .then(function(res) { return res.json(); })
+    .then(function(data) {
+      if (data.error) {
+        showError(data.error);
+        enableButtons();
+        btnDeny.textContent = 'Confirm Deny';
+      } else {
+        showSuccess(false);
+      }
+    })
+    .catch(function() {
+      showError('Failed to submit. Is the CLI still running?');
+      enableButtons();
+      btnDeny.textContent = 'Confirm Deny';
+    });
+  }
+  btnApprove.addEventListener('click', doApprove);
+  btnDeny.addEventListener('click', doReject);
+  input.addEventListener('keydown', function(e) {
+    if (e.key === 'Enter') doApprove();
+  });
+})();
+</script>
+</body>
+</html>`;
+}
+var init_approval_html = __esm({
+  "src/server/approval-html.ts"() {
+    "use strict";
+    init_esm_shims();
+  }
+});
+// src/utils/open-browser.ts
+import { exec } from "child_process";
+import { platform } from "os";
+function openBrowser(url) {
+  const plat = platform();
+  let cmd;
+  if (plat === "darwin") cmd = `open "${url}"`;
+  else if (plat === "win32") cmd = `start "" "${url}"`;
+  else cmd = `xdg-open "${url}"`;
+  exec(cmd, (err) => {
+    if (err) {
+      console.log(`Open ${url} in your browser.`);
+    }
+  });
+}
+var init_open_browser = __esm({
+  "src/utils/open-browser.ts"() {
+    "use strict";
+    init_esm_shims();
+  }
+});
+// src/server/approval-server.ts
+var approval_server_exports = {};
+__export(approval_server_exports, {
+  createApprovalServer: () => createApprovalServer,
+  requestBrowserApproval: () => requestBrowserApproval
+});
+import { createServer } from "http";
+import { randomBytes as randomBytes3 } from "crypto";
+import { join as join3 } from "path";
+function parseBody(req) {
+  return new Promise((resolve, reject) => {
+    const chunks = [];
+    let size = 0;
+    req.on("data", (chunk) => {
+      size += chunk.length;
+      if (size > MAX_BODY) {
+        req.destroy();
+        reject(new Error("Request body too large"));
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on("end", () => {
+      try {
+        const text = Buffer.concat(chunks).toString("utf8");
+        resolve(text ? JSON.parse(text) : {});
+      } catch {
+        reject(new Error("Invalid JSON"));
+      }
+    });
+    req.on("error", reject);
+  });
+}
+function sendJson(res, status, body) {
+  const json = JSON.stringify(body);
+  res.writeHead(status, {
+    "Content-Type": "application/json",
+    "Content-Length": Buffer.byteLength(json)
+  });
+  res.end(json);
+}
+function sendHtml(res, html) {
+  res.writeHead(200, {
+    "Content-Type": "text/html; charset=utf-8",
+    "Content-Length": Buffer.byteLength(html)
+  });
+  res.end(html);
+}
+function createApprovalServer(tx, tm, audit, options) {
+  const nonce = randomBytes3(32).toString("hex");
+  let settled = false;
+  let tokenUsed = false;
+  let resolvePromise;
+  let rejectPromise;
+  let timer;
+  let serverInstance;
+  const promise = new Promise((resolve, reject) => {
+    resolvePromise = resolve;
+    rejectPromise = reject;
+  });
+  function cleanup() {
+    clearTimeout(timer);
+    serverInstance.close();
+  }
+  serverInstance = createServer(async (req, res) => {
+    const url = new URL(req.url ?? "/", `http://${req.headers.host}`);
+    const method = req.method ?? "GET";
+    try {
+      if (method === "GET" && url.pathname === `/approve/${tx.id}`) {
+        const token = url.searchParams.get("token");
+        if (token !== nonce || tokenUsed) {
+          sendHtml(res, "<h1>Invalid or expired link.</h1>");
+          return;
+        }
+        sendHtml(res, getApprovalHtml(nonce, tx));
+        return;
+      }
+      if (method === "POST" && url.pathname === "/api/approve") {
+        const body = await parseBody(req);
+        if (body.token !== nonce || tokenUsed) {
+          sendJson(res, 403, { error: "Invalid or expired token." });
+          return;
+        }
+        const passphrase = body.passphrase;
+        if (typeof passphrase !== "string" || !passphrase) {
+          sendJson(res, 400, { error: "Passphrase is required." });
+          return;
+        }
+        const currentTx = tm.get(tx.id);
+        if (!currentTx || currentTx.status !== "pending") {
+          sendJson(res, 400, { error: "Transaction is no longer pending." });
+          return;
+        }
+        try {
+          const keyPath = options?.home ? join3(options.home, "keys", "private.pem") : void 0;
+          const privateKeyPem = loadPrivateKey(keyPath);
+          const txDetails = {
+            txId: tx.id,
+            merchant: tx.merchant,
+            amount: tx.amount,
+            description: tx.description,
+            timestamp: tx.createdAt
+          };
+          const mandate = createMandate(txDetails, privateKeyPem, passphrase);
+          tm.approve(tx.id, mandate);
+          audit.log("APPROVE", { txId: tx.id, source: "browser-approval", mandateSigned: true });
+        } catch (err) {
+          const msg = err instanceof Error ? err.message : "Signing failed";
+          sendJson(res, 400, { error: msg });
+          return;
+        }
+        tokenUsed = true;
+        sendJson(res, 200, { ok: true });
+        if (!settled) {
+          settled = true;
+          cleanup();
+          resolvePromise({ action: "approved", passphrase });
+        }
+        return;
+      }
+      if (method === "POST" && url.pathname === "/api/reject") {
+        const body = await parseBody(req);
+        if (body.token !== nonce || tokenUsed) {
+          sendJson(res, 403, { error: "Invalid or expired token." });
+          return;
+        }
+        const currentTx = tm.get(tx.id);
+        if (!currentTx || currentTx.status !== "pending") {
+          sendJson(res, 400, { error: "Transaction is no longer pending." });
+          return;
+        }
+        const reason = typeof body.reason === "string" ? body.reason : void 0;
+        tm.reject(tx.id, reason);
+        audit.log("REJECT", { txId: tx.id, source: "browser-approval", reason });
+        tokenUsed = true;
+        sendJson(res, 200, { ok: true });
+        if (!settled) {
+          settled = true;
+          cleanup();
+          resolvePromise({ action: "rejected", reason });
+        }
+        return;
+      }
+      sendJson(res, 404, { error: "Not found" });
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Internal error";
+      sendJson(res, 500, { error: message });
+    }
+  });
+  timer = setTimeout(() => {
+    if (!settled) {
+      settled = true;
+      cleanup();
+      rejectPromise(new TimeoutError("Approval timed out after 5 minutes."));
+    }
+  }, TIMEOUT_MS);
+  serverInstance.on("error", (err) => {
+    if (!settled) {
+      settled = true;
+      cleanup();
+      rejectPromise(err);
+    }
+  });
+  let portValue = 0;
+  const handle = {
+    server: serverInstance,
+    token: nonce,
+    get port() {
+      return portValue;
+    },
+    promise
+  };
+  serverInstance.listen(0, "127.0.0.1", () => {
+    const addr = serverInstance.address();
+    if (!addr || typeof addr === "string") {
+      if (!settled) {
+        settled = true;
+        cleanup();
+        rejectPromise(new Error("Failed to bind server"));
+      }
+      return;
+    }
+    portValue = addr.port;
+    const pageUrl = `http://127.0.0.1:${addr.port}/approve/${tx.id}?token=${nonce}`;
+    if (options?.openBrowser !== false) {
+      console.log("Opening approval page in browser...");
+      openBrowser(pageUrl);
+    }
+  });
+  return handle;
+}
+function requestBrowserApproval(tx, tm, audit, home) {
+  const handle = createApprovalServer(tx, tm, audit, { openBrowser: true, home });
+  return handle.promise;
+}
+var TIMEOUT_MS, MAX_BODY;
+var init_approval_server = __esm({
+  "src/server/approval-server.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_approval_html();
+    init_open_browser();
+    init_keypair();
+    init_mandate();
+    init_errors();
+    TIMEOUT_MS = 5 * 60 * 1e3;
+    MAX_BODY = 4096;
+  }
+});
+// src/tunnel/tunnel.ts
+import { spawn } from "child_process";
+async function openTunnel(port) {
+  return new Promise((resolve, reject) => {
+    let child;
+    try {
+      child = spawn("cloudflared", ["tunnel", "--url", `http://127.0.0.1:${port}`], {
+        stdio: ["ignore", "pipe", "pipe"]
+      });
+    } catch {
+      reject(new Error(
+        "cloudflared is required for mobile approval. Install it: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/"
+      ));
+      return;
+    }
+    let resolved = false;
+    const timeout = setTimeout(() => {
+      if (!resolved) {
+        resolved = true;
+        child.kill();
+        reject(new Error("cloudflared tunnel timed out waiting for URL (15s). Is cloudflared installed?"));
+      }
+    }, 15e3);
+    const close = () => {
+      child.kill();
+    };
+    const chunks = [];
+    child.stderr?.on("data", (data) => {
+      const text = data.toString();
+      chunks.push(text);
+      const match = text.match(/https:\/\/[a-z0-9-]+\.trycloudflare\.com/);
+      if (match && !resolved) {
+        resolved = true;
+        clearTimeout(timeout);
+        resolve({ url: match[0], close });
+      }
+    });
+    child.on("error", (err) => {
+      if (!resolved) {
+        resolved = true;
+        clearTimeout(timeout);
+        reject(new Error(
+          `cloudflared failed to start: ${err.message}. Install it: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/`
+        ));
+      }
+    });
+    child.on("exit", (code) => {
+      if (!resolved) {
+        resolved = true;
+        clearTimeout(timeout);
+        const output = chunks.join("");
+        reject(new Error(
+          `cloudflared exited with code ${code}. Output: ${output.slice(0, 500)}`
+        ));
+      }
+    });
+  });
+}
+var init_tunnel = __esm({
+  "src/tunnel/tunnel.ts"() {
+    "use strict";
+    init_esm_shims();
+  }
+});
+// src/notify/notify.ts
+import { execFile } from "child_process";
+async function sendNotification(payload, options) {
+  const results = [];
+  if (options.command) {
+    const cmd = options.command.replace(/\{\{url\}\}/g, payload.url);
+    try {
+      await runCommand(cmd);
+      results.push({ method: "command", success: true });
+    } catch (err) {
+      results.push({
+        method: "command",
+        success: false,
+        error: err instanceof Error ? err.message : "Command failed"
+      });
+    }
+  }
+  if (options.webhookUrl) {
+    try {
+      const res = await fetch(options.webhookUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(payload)
+      });
+      if (!res.ok) {
+        results.push({
+          method: "webhook",
+          success: false,
+          error: `Webhook returned ${res.status}`
+        });
+      } else {
+        results.push({ method: "webhook", success: true });
+      }
+    } catch (err) {
+      results.push({
+        method: "webhook",
+        success: false,
+        error: err instanceof Error ? err.message : "Webhook failed"
+      });
+    }
+  }
+  if (results.length === 0) {
+    results.push({
+      method: "none",
+      success: false,
+      error: "No notification method configured. Set AGENTPAY_NOTIFY_COMMAND or AGENTPAY_NOTIFY_WEBHOOK."
+    });
+  }
+  return results;
+}
+function runCommand(cmd) {
+  return new Promise((resolve, reject) => {
+    execFile("sh", ["-c", cmd], { timeout: 1e4 }, (err) => {
+      if (err) reject(err);
+      else resolve();
+    });
+  });
+}
+var init_notify = __esm({
+  "src/notify/notify.ts"() {
+    "use strict";
+    init_esm_shims();
+  }
+});
+// src/server/mobile-approval-server.ts
+var mobile_approval_server_exports = {};
+__export(mobile_approval_server_exports, {
+  requestMobileApproval: () => requestMobileApproval
+});
+async function requestMobileApproval(tx, tm, audit, options) {
+  const handle = createApprovalServer(tx, tm, audit, {
+    openBrowser: false,
+    home: options.home
+  });
+  await waitForPort(handle);
+  let tunnel;
+  try {
+    tunnel = await openTunnel(handle.port);
+    const approvalUrl = `${tunnel.url}/approve/${tx.id}?token=${handle.token}`;
+    const payload = {
+      url: approvalUrl,
+      txId: tx.id,
+      merchant: tx.merchant,
+      amount: tx.amount
+    };
+    const notifyResults = await sendNotification(payload, options.notify);
+    audit.log("MOBILE_APPROVAL_REQUESTED", {
+      txId: tx.id,
+      tunnelUrl: tunnel.url,
+      notifyResults
+    });
+    const result = await handle.promise;
+    return {
+      ...result,
+      approvalUrl,
+      notifyResults
+    };
+  } finally {
+    tunnel?.close();
+  }
+}
+function waitForPort(handle, timeoutMs = 5e3) {
+  return new Promise((resolve, reject) => {
+    const start = Date.now();
+    const check = () => {
+      if (handle.port > 0) {
+        resolve();
+        return;
+      }
+      if (Date.now() - start > timeoutMs) {
+        reject(new Error("Approval server failed to bind to a port"));
+        return;
+      }
+      setTimeout(check, 50);
+    };
+    check();
+  });
+}
+var init_mobile_approval_server = __esm({
+  "src/server/mobile-approval-server.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_approval_server();
+    init_tunnel();
+    init_notify();
+  }
+});
+// src/server/passphrase-html.ts
+function esc2(s) {
+  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+function formatCurrency3(n) {
+  return "$" + n.toFixed(2);
+}
+function getPassphraseHtml(token, context) {
+  const actionLabel = context?.action === "approve" ? "Approve Transaction" : "Approve Purchase";
+  const buttonLabel = context?.action === "approve" ? "Unlock &amp; Approve" : "Unlock &amp; Approve";
+  let contextHtml = "";
+  if (context) {
+    const lines = [];
+    if (context.merchant) lines.push(`<div class="detail"><span class="detail-label">Merchant</span><span class="detail-value">${esc2(context.merchant)}</span></div>`);
+    if (context.amount !== void 0) lines.push(`<div class="detail"><span class="detail-label">Amount</span><span class="detail-value">${formatCurrency3(context.amount)}</span></div>`);
+    if (context.description) lines.push(`<div class="detail"><span class="detail-label">Description</span><span class="detail-value">${esc2(context.description)}</span></div>`);
+    if (context.txId) lines.push(`<div class="detail"><span class="detail-label">Transaction</span><span class="detail-value" style="font-family:monospace;font-size:12px;">${esc2(context.txId)}</span></div>`);
+    if (lines.length > 0) {
+      contextHtml = `<div class="card context-card">${lines.join("")}</div>`;
+    }
+  }
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>AgentPay \u2014 Passphrase Required</title>
+<style>
+  *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+  body {
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+    background: #f5f5f5;
+    color: #111;
+    min-height: 100vh;
+    display: flex;
+    justify-content: center;
+    padding: 40px 16px;
+  }
+  .container { width: 100%; max-width: 420px; }
+  h1 { font-size: 24px; font-weight: 700; margin-bottom: 4px; }
+  .subtitle { color: #666; font-size: 14px; margin-bottom: 24px; }
+  .card {
+    background: #fff;
+    border-radius: 8px;
+    padding: 24px;
+    margin-bottom: 16px;
+    border: 1px solid #e0e0e0;
+  }
+  .context-card { padding: 16px 20px; }
+  .detail {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: 8px 0;
+    border-bottom: 1px solid #f0f0f0;
+  }
+  .detail:last-child { border-bottom: none; }
+  .detail-label { font-size: 13px; color: #666; }
+  .detail-value { font-size: 14px; font-weight: 600; }
+  label { display: block; font-size: 13px; font-weight: 500; color: #333; margin-bottom: 6px; }
+  input[type="password"] {
+    width: 100%;
+    padding: 12px 14px;
+    border: 1px solid #d0d0d0;
+    border-radius: 8px;
+    font-size: 15px;
+    outline: none;
+    transition: border-color 0.15s;
+  }
+  input[type="password"]:focus { border-color: #111; }
+  button {
+    width: 100%;
+    padding: 12px;
+    border: none;
+    border-radius: 8px;
+    font-size: 14px;
+    font-weight: 600;
+    cursor: pointer;
+    transition: opacity 0.15s;
+    margin-top: 16px;
+    background: #111;
+    color: #fff;
+  }
+  button:hover { opacity: 0.85; }
+  button:disabled { opacity: 0.5; cursor: not-allowed; }
+  .error { color: #c62828; font-size: 13px; margin-top: 10px; }
+  .success-screen {
+    text-align: center;
+    padding: 40px 0;
+  }
+  .checkmark {
+    font-size: 48px;
+    margin-bottom: 16px;
+  }
+  .success-msg {
+    font-size: 16px;
+    font-weight: 600;
+    margin-bottom: 8px;
+  }
+  .success-hint {
+    font-size: 13px;
+    color: #666;
+  }
+  .hidden { display: none; }
+</style>
+</head>
+<body>
+<div class="container">
+  <div id="form-view">
+    <h1>AgentPay</h1>
+    <p class="subtitle">${esc2(actionLabel)}</p>
+    ${contextHtml}
+    <div class="card">
+      <label for="passphrase">Passphrase</label>
+      <input type="password" id="passphrase" placeholder="Enter your passphrase" autofocus>
+      <div id="error" class="error hidden"></div>
+      <button id="submit">${buttonLabel}</button>
+    </div>
+  </div>
+  <div id="success-view" class="hidden">
+    <h1>AgentPay</h1>
+    <p class="subtitle">${esc2(actionLabel)}</p>
+    <div class="card">
+      <div class="success-screen">
+        <div class="checkmark">&#10003;</div>
+        <div class="success-msg">Passphrase received</div>
+        <div class="success-hint">You can close this tab.</div>
+      </div>
+    </div>
+  </div>
+</div>
+<script>
+(function() {
+  var token = ${JSON.stringify(token)};
+  var form = document.getElementById('form-view');
+  var success = document.getElementById('success-view');
+  var input = document.getElementById('passphrase');
+  var btn = document.getElementById('submit');
+  var errDiv = document.getElementById('error');
+  function submit() {
+    var passphrase = input.value;
+    if (!passphrase) {
+      errDiv.textContent = 'Passphrase is required.';
+      errDiv.classList.remove('hidden');
+      return;
+    }
+    btn.disabled = true;
+    btn.textContent = 'Submitting...';
+    errDiv.classList.add('hidden');
+    fetch('/passphrase', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ token: token, passphrase: passphrase })
+    })
+    .then(function(res) { return res.json(); })
+    .then(function(data) {
+      if (data.error) {
+        errDiv.textContent = data.error;
+        errDiv.classList.remove('hidden');
+        btn.disabled = false;
+        btn.textContent = '${buttonLabel}';
+      } else {
+        form.classList.add('hidden');
+        success.classList.remove('hidden');
+      }
+    })
+    .catch(function() {
+      errDiv.textContent = 'Failed to submit. Is the CLI still running?';
+      errDiv.classList.remove('hidden');
+      btn.disabled = false;
+      btn.textContent = '${buttonLabel}';
+    });
+  }
+  btn.addEventListener('click', submit);
+  input.addEventListener('keydown', function(e) {
+    if (e.key === 'Enter') submit();
+  });
+})();
+</script>
+</body>
+</html>`;
+}
+var init_passphrase_html = __esm({
+  "src/server/passphrase-html.ts"() {
+    "use strict";
+    init_esm_shims();
+  }
+});
+// src/server/passphrase-server.ts
+var passphrase_server_exports = {};
+__export(passphrase_server_exports, {
+  collectPassphrase: () => collectPassphrase
+});
+import { createServer as createServer4 } from "http";
+import { randomBytes as randomBytes5 } from "crypto";
+function parseBody4(req) {
+  return new Promise((resolve, reject) => {
+    const chunks = [];
+    let size = 0;
+    req.on("data", (chunk) => {
+      size += chunk.length;
+      if (size > MAX_BODY4) {
+        req.destroy();
+        reject(new Error("Request body too large"));
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on("end", () => {
+      try {
+        const text = Buffer.concat(chunks).toString("utf8");
+        resolve(text ? JSON.parse(text) : {});
+      } catch {
+        reject(new Error("Invalid JSON"));
+      }
+    });
+    req.on("error", reject);
+  });
+}
+function sendJson4(res, status, body) {
+  const json = JSON.stringify(body);
+  res.writeHead(status, {
+    "Content-Type": "application/json",
+    "Content-Length": Buffer.byteLength(json)
+  });
+  res.end(json);
+}
+function sendHtml4(res, html) {
+  res.writeHead(200, {
+    "Content-Type": "text/html; charset=utf-8",
+    "Content-Length": Buffer.byteLength(html)
+  });
+  res.end(html);
+}
+function collectPassphrase(context) {
+  return new Promise((resolve, reject) => {
+    const nonce = randomBytes5(32).toString("hex");
+    let settled = false;
+    const server = createServer4(async (req, res) => {
+      const url = new URL(req.url ?? "/", `http://${req.headers.host}`);
+      const method = req.method ?? "GET";
+      try {
+        if (method === "GET" && url.pathname === "/passphrase") {
+          const token = url.searchParams.get("token");
+          if (token !== nonce) {
+            sendHtml4(res, "<h1>Invalid or expired link.</h1>");
+            return;
+          }
+          sendHtml4(res, getPassphraseHtml(nonce, context));
+        } else if (method === "POST" && url.pathname === "/passphrase") {
+          const body = await parseBody4(req);
+          if (body.token !== nonce) {
+            sendJson4(res, 403, { error: "Invalid token." });
+            return;
+          }
+          const passphrase = body.passphrase;
+          if (typeof passphrase !== "string" || !passphrase) {
+            sendJson4(res, 400, { error: "Passphrase is required." });
+            return;
+          }
+          sendJson4(res, 200, { ok: true });
+          if (!settled) {
+            settled = true;
+            cleanup();
+            resolve(passphrase);
+          }
+        } else {
+          sendJson4(res, 404, { error: "Not found" });
+        }
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Internal error";
+        sendJson4(res, 500, { error: message });
+      }
+    });
+    const timer = setTimeout(() => {
+      if (!settled) {
+        settled = true;
+        cleanup();
+        reject(new TimeoutError("Passphrase entry timed out after 5 minutes."));
+      }
+    }, TIMEOUT_MS3);
+    function cleanup() {
+      clearTimeout(timer);
+      server.close();
+    }
+    server.on("error", (err) => {
+      if (!settled) {
+        settled = true;
+        cleanup();
+        reject(err);
+      }
+    });
+    server.listen(0, "127.0.0.1", () => {
+      const addr = server.address();
+      if (!addr || typeof addr === "string") {
+        if (!settled) {
+          settled = true;
+          cleanup();
+          reject(new Error("Failed to bind server"));
+        }
+        return;
+      }
+      const url = `http://127.0.0.1:${addr.port}/passphrase?token=${nonce}`;
+      console.log("Waiting for passphrase entry in browser...");
+      openBrowser(url);
+    });
+  });
+}
+var TIMEOUT_MS3, MAX_BODY4;
+var init_passphrase_server = __esm({
+  "src/server/passphrase-server.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_passphrase_html();
+    init_open_browser();
+    init_errors();
+    TIMEOUT_MS3 = 5 * 60 * 1e3;
+    MAX_BODY4 = 4096;
+  }
+});
 // src/index.ts
 init_esm_shims();
 init_errors();
@@ -172,38 +1317,13 @@ function formatStatus(data) {
   return lines.join("\n");
 }
-// src/utils/paths.ts
-init_esm_shims();
-import { homedir } from "os";
-import { join } from "path";
-function getHomePath() {
-  return process.env.AGENTPAY_HOME || join(homedir(), ".agentpay");
-}
-function getCredentialsPath() {
-  return join(getHomePath(), "credentials.enc");
-}
-function getKeysPath() {
-  return join(getHomePath(), "keys");
-}
-function getPublicKeyPath() {
-  return join(getKeysPath(), "public.pem");
-}
-function getPrivateKeyPath() {
-  return join(getKeysPath(), "private.pem");
-}
-function getWalletPath() {
-  return join(getHomePath(), "wallet.json");
-}
-function getTransactionsPath() {
-  return join(getHomePath(), "transactions.json");
-}
-function getAuditPath() {
-  return join(getHomePath(), "audit.log");
-}
+// src/index.ts
+init_paths();
 // src/vault/vault.ts
 init_esm_shims();
 init_errors();
+init_paths();
 import { pbkdf2Sync, randomBytes as randomBytes2, createCipheriv, createDecipheriv } from "crypto";
 import { readFileSync, writeFileSync, mkdirSync } from "fs";
 import { dirname } from "path";
@@ -261,90 +1381,14 @@ function loadVault(path2) {
   }
 }
-// src/auth/keypair.ts
-init_esm_shims();
-import { generateKeyPairSync } from "crypto";
-import { readFileSync as readFileSync2, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2 } from "fs";
-import { dirname as dirname2 } from "path";
-function generateKeyPair(passphrase) {
-  const { publicKey, privateKey } = generateKeyPairSync("ed25519", {
-    publicKeyEncoding: { type: "spki", format: "pem" },
-    privateKeyEncoding: {
-      type: "pkcs8",
-      format: "pem",
-      cipher: "aes-256-cbc",
-      passphrase
-    }
-  });
-  return { publicKey, privateKey };
-}
-function saveKeyPair(keys, publicPath, privatePath) {
-  const pubPath = publicPath ?? getPublicKeyPath();
-  const privPath = privatePath ?? getPrivateKeyPath();
-  mkdirSync2(dirname2(pubPath), { recursive: true });
-  writeFileSync2(pubPath, keys.publicKey, { mode: 420 });
-  writeFileSync2(privPath, keys.privateKey, { mode: 384 });
-}
-function loadPublicKey(path2) {
-  return readFileSync2(path2 ?? getPublicKeyPath(), "utf8");
-}
-function loadPrivateKey(path2) {
-  return readFileSync2(path2 ?? getPrivateKeyPath(), "utf8");
-}
-// src/auth/mandate.ts
-init_esm_shims();
-import { createHash, createPrivateKey, createPublicKey as createPublicKey2, sign, verify } from "crypto";
-function hashTransactionDetails(details) {
-  const canonical = JSON.stringify({
-    txId: details.txId,
-    merchant: details.merchant,
-    amount: details.amount,
-    description: details.description,
-    timestamp: details.timestamp
-  });
-  return createHash("sha256").update(canonical).digest("hex");
-}
-function createMandate(txDetails, privateKeyPem, passphrase) {
-  const txHash = hashTransactionDetails(txDetails);
-  const data = Buffer.from(txHash);
-  const privateKey = createPrivateKey({
-    key: privateKeyPem,
-    format: "pem",
-    type: "pkcs8",
-    passphrase
-  });
-  const signature = sign(null, data, privateKey);
-  const publicKey = createPublicKey2(privateKey);
-  const publicKeyPem = publicKey.export({ type: "spki", format: "pem" });
-  return {
-    txId: txDetails.txId,
-    txHash,
-    signature: signature.toString("base64"),
-    publicKey: publicKeyPem,
-    timestamp: (/* @__PURE__ */ new Date()).toISOString()
-  };
-}
-function verifyMandate(mandate, txDetails) {
-  try {
-    const txHash = hashTransactionDetails(txDetails);
-    if (txHash !== mandate.txHash) return false;
-    const data = Buffer.from(txHash);
-    const signature = Buffer.from(mandate.signature, "base64");
-    const publicKey = createPublicKey2({
-      key: mandate.publicKey,
-      format: "pem",
-      type: "spki"
-    });
-    return verify(null, data, publicKey, signature);
-  } catch {
-    return false;
-  }
-}
+// src/index.ts
+init_keypair();
+init_mandate();
 // src/budget/budget.ts
 init_esm_shims();
 init_errors();
+init_paths();
 import { readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync3 } from "fs";
 import { dirname as dirname3 } from "path";
 var BudgetManager = class {
@@ -420,10 +1464,47 @@ var BudgetManager = class {
   }
 };
+// src/config/config.ts
+init_esm_shims();
+init_paths();
+import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, mkdirSync as mkdirSync4 } from "fs";
+import { dirname as dirname4, join as join2 } from "path";
+// src/config/types.ts
+init_esm_shims();
+var DEFAULT_CONFIG = {
+  mobileMode: false
+};
+// src/config/config.ts
+function getConfigPath(home) {
+  return join2(home ?? getHomePath(), "config.json");
+}
+function loadConfig(home) {
+  try {
+    const data = readFileSync4(getConfigPath(home), "utf8");
+    return { ...DEFAULT_CONFIG, ...JSON.parse(data) };
+  } catch {
+    return { ...DEFAULT_CONFIG };
+  }
+}
+function saveConfig(config, home) {
+  const path2 = getConfigPath(home);
+  mkdirSync4(dirname4(path2), { recursive: true });
+  writeFileSync4(path2, JSON.stringify(config, null, 2), { mode: 384 });
+}
+function setMobileMode(enabled, home) {
+  const config = loadConfig(home);
+  config.mobileMode = enabled;
+  saveConfig(config, home);
+  return config;
+}
 // src/transactions/manager.ts
 init_esm_shims();
-import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, mkdirSync as mkdirSync4 } from "fs";
-import { dirname as dirname4 } from "path";
+import { readFileSync as readFileSync5, writeFileSync as writeFileSync5, mkdirSync as mkdirSync5 } from "fs";
+import { dirname as dirname5 } from "path";
+init_paths();
 var TransactionManager = class {
   txPath;
   constructor(txPath) {
@@ -431,15 +1512,15 @@ var TransactionManager = class {
   }
   loadAll() {
     try {
-      const data = readFileSync4(this.txPath, "utf8");
+      const data = readFileSync5(this.txPath, "utf8");
       return JSON.parse(data);
     } catch {
       return [];
     }
   }
   saveAll(transactions) {
-    mkdirSync4(dirname4(this.txPath), { recursive: true });
-    writeFileSync4(this.txPath, JSON.stringify(transactions, null, 2), { mode: 384 });
+    mkdirSync5(dirname5(this.txPath), { recursive: true });
+    writeFileSync5(this.txPath, JSON.stringify(transactions, null, 2), { mode: 384 });
   }
   propose(options) {
     const transactions = this.loadAll();
@@ -519,8 +1600,9 @@ init_poller();
 // src/audit/logger.ts
 init_esm_shims();
-import { appendFileSync, readFileSync as readFileSync5, mkdirSync as mkdirSync5 } from "fs";
-import { dirname as dirname5 } from "path";
+init_paths();
+import { appendFileSync, readFileSync as readFileSync6, mkdirSync as mkdirSync6 } from "fs";
+import { dirname as dirname6 } from "path";
 var AuditLogger = class {
   logPath;
   constructor(logPath) {
@@ -531,12 +1613,12 @@ var AuditLogger = class {
     const detailsStr = JSON.stringify(details);
     const entry = `${timestamp}	${action}	${detailsStr}
 `;
-    mkdirSync5(dirname5(this.logPath), { recursive: true });
+    mkdirSync6(dirname6(this.logPath), { recursive: true });
     appendFileSync(this.logPath, entry, { mode: 384 });
   }
   getLog() {
     try {
-      const data = readFileSync5(this.logPath, "utf8");
+      const data = readFileSync6(this.logPath, "utf8");
       return data.trim().split("\n").filter(Boolean);
     } catch {
       return [];
@@ -547,7 +1629,6 @@ var AuditLogger = class {
 // src/executor/executor.ts
 init_esm_shims();
 init_errors();
-import { Stagehand } from "@browserbasehq/stagehand";
 // src/executor/placeholder.ts
 init_esm_shims();
@@ -610,29 +1691,33 @@ function credentialsToSwapMap(creds) {
   };
 }
+// src/executor/providers/local-provider.ts
+init_esm_shims();
+import { Stagehand } from "@browserbasehq/stagehand";
+var LocalBrowserProvider = class {
+  createStagehand(modelApiKey) {
+    return new Stagehand({
+      env: "LOCAL",
+      model: modelApiKey ? { modelName: "claude-3-7-sonnet-latest", apiKey: modelApiKey } : void 0
+    });
+  }
+  async close() {
+  }
+};
 // src/executor/executor.ts
 var PurchaseExecutor = class {
-  config;
+  provider;
+  modelApiKey;
   stagehand = null;
+  proxyUrl;
+  originalBaseUrl;
   constructor(config) {
-    this.config = {
-      browserbaseApiKey: config?.browserbaseApiKey ?? process.env.BROWSERBASE_API_KEY,
-      browserbaseProjectId: config?.browserbaseProjectId ?? process.env.BROWSERBASE_PROJECT_ID,
-      modelApiKey: config?.modelApiKey ?? process.env.ANTHROPIC_API_KEY
-    };
+    this.provider = config?.provider ?? new LocalBrowserProvider();
+    this.modelApiKey = config?.modelApiKey ?? process.env.ANTHROPIC_API_KEY;
   }
   createStagehand() {
-    return new Stagehand({
-      env: "BROWSERBASE",
-      apiKey: this.config.browserbaseApiKey,
-      projectId: this.config.browserbaseProjectId,
-      model: this.config.modelApiKey ? { modelName: "claude-3-7-sonnet-latest", apiKey: this.config.modelApiKey } : void 0,
-      browserbaseSessionCreateParams: {
-        browserSettings: {
-          recordSession: false
-        }
-      }
-    });
+    return this.provider.createStagehand(this.modelApiKey);
   }
   /**
    * Phase 1: Open browser, navigate to URL, extract price and product info.
@@ -792,13 +1877,1295 @@ var PurchaseExecutor = class {
         this.stagehand = null;
       }
     } catch {
+    } finally {
+      await this.provider.close();
+    }
+  }
+};
+// src/index.ts
+init_approval_server();
+init_mobile_approval_server();
+init_tunnel();
+init_notify();
+// src/server/setup-server.ts
+init_esm_shims();
+import { createServer as createServer2 } from "http";
+import { randomBytes as randomBytes4 } from "crypto";
+import { mkdirSync as mkdirSync7 } from "fs";
+import { join as join4 } from "path";
+// src/server/setup-html.ts
+init_esm_shims();
+function getSetupHtml(token) {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>AgentPay \u2014 Setup</title>
+<style>
+  *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+  body {
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+    background: #f5f5f5;
+    color: #111;
+    min-height: 100vh;
+    display: flex;
+    justify-content: center;
+    padding: 40px 16px;
+  }
+  .container { width: 100%; max-width: 480px; }
+  h1 { font-size: 24px; font-weight: 700; margin-bottom: 4px; }
+  .subtitle { color: #666; font-size: 14px; margin-bottom: 24px; }
+  .card {
+    background: #fff;
+    border-radius: 8px;
+    padding: 24px;
+    margin-bottom: 16px;
+    border: 1px solid #e0e0e0;
+  }
+  .card-title {
+    font-size: 15px;
+    font-weight: 600;
+    margin-bottom: 16px;
+    padding-bottom: 8px;
+    border-bottom: 1px solid #f0f0f0;
+  }
+  label { display: block; font-size: 13px; font-weight: 500; color: #333; margin-bottom: 6px; }
+  input[type="text"], input[type="password"], input[type="email"], input[type="tel"], input[type="number"] {
+    width: 100%;
+    padding: 12px 14px;
+    border: 1px solid #d0d0d0;
+    border-radius: 8px;
+    font-size: 15px;
+    font-family: inherit;
+    outline: none;
+    transition: border-color 0.15s;
+  }
+  input:focus { border-color: #111; }
+  .field { margin-bottom: 14px; }
+  .field:last-child { margin-bottom: 0; }
+  .row { display: flex; gap: 12px; }
+  .row > .field { flex: 1; }
+  .checkbox-row {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    margin-bottom: 14px;
+  }
+  .checkbox-row input[type="checkbox"] {
+    width: 16px;
+    height: 16px;
+    cursor: pointer;
+  }
+  .checkbox-row label {
+    margin-bottom: 0;
+    cursor: pointer;
+    font-size: 14px;
+  }
+  .btn-submit {
+    width: 100%;
+    padding: 14px;
+    border: none;
+    border-radius: 8px;
+    font-size: 15px;
+    font-weight: 600;
+    cursor: pointer;
+    background: #111;
+    color: #fff;
+    transition: opacity 0.15s;
+  }
+  .btn-submit:hover { opacity: 0.85; }
+  .btn-submit:disabled { opacity: 0.5; cursor: not-allowed; }
+  .error { color: #c62828; font-size: 13px; margin-top: 10px; }
+  .success-screen {
+    text-align: center;
+    padding: 40px 0;
+  }
+  .checkmark { font-size: 48px; margin-bottom: 16px; color: #2e7d32; }
+  .success-msg { font-size: 16px; font-weight: 600; margin-bottom: 8px; }
+  .success-hint { font-size: 13px; color: #666; }
+  .hidden { display: none; }
+  .hint { font-size: 12px; color: #999; margin-top: 4px; }
+</style>
+</head>
+<body>
+<div class="container">
+  <div id="form-view">
+    <h1>AgentPay</h1>
+    <p class="subtitle">Initial Setup</p>
+    <div class="card">
+      <div class="card-title">Passphrase</div>
+      <div class="field">
+        <label for="passphrase">Choose a passphrase</label>
+        <input type="password" id="passphrase" placeholder="Enter passphrase" autofocus>
+      </div>
+      <div class="field">
+        <label for="passphrase-confirm">Confirm passphrase</label>
+        <input type="password" id="passphrase-confirm" placeholder="Re-enter passphrase">
+      </div>
+    </div>
+    <div class="card">
+      <div class="card-title">Budget</div>
+      <div class="row">
+        <div class="field">
+          <label for="budget">Total budget ($)</label>
+          <input type="number" id="budget" placeholder="0" min="0" step="0.01">
+        </div>
+        <div class="field">
+          <label for="limit-per-tx">Per-transaction limit ($)</label>
+          <input type="number" id="limit-per-tx" placeholder="0" min="0" step="0.01">
+        </div>
+      </div>
+      <div class="hint">Leave at 0 to set later via <code>agentpay budget</code>.</div>
+    </div>
+    <div class="card">
+      <div class="card-title">Card</div>
+      <div class="field">
+        <label for="card-number">Card number</label>
+        <input type="text" id="card-number" placeholder="4111 1111 1111 1111" autocomplete="cc-number">
+      </div>
+      <div class="row">
+        <div class="field">
+          <label for="card-expiry">Expiry (MM/YY)</label>
+          <input type="text" id="card-expiry" placeholder="MM/YY" autocomplete="cc-exp" maxlength="5">
+        </div>
+        <div class="field">
+          <label for="card-cvv">CVV</label>
+          <input type="text" id="card-cvv" placeholder="123" autocomplete="cc-csc" maxlength="4">
+        </div>
+      </div>
+    </div>
+    <div class="card">
+      <div class="card-title">Personal</div>
+      <div class="field">
+        <label for="name">Full name</label>
+        <input type="text" id="name" placeholder="Jane Doe" autocomplete="name">
+      </div>
+      <div class="row">
+        <div class="field">
+          <label for="email">Email</label>
+          <input type="email" id="email" placeholder="jane@example.com" autocomplete="email">
+        </div>
+        <div class="field">
+          <label for="phone">Phone</label>
+          <input type="tel" id="phone" placeholder="+1 555-0100" autocomplete="tel">
+        </div>
+      </div>
+    </div>
+    <div class="card">
+      <div class="card-title">Billing Address</div>
+      <div class="field">
+        <label for="billing-street">Street</label>
+        <input type="text" id="billing-street" autocomplete="billing street-address">
+      </div>
+      <div class="row">
+        <div class="field">
+          <label for="billing-city">City</label>
+          <input type="text" id="billing-city" autocomplete="billing address-level2">
+        </div>
+        <div class="field">
+          <label for="billing-state">State</label>
+          <input type="text" id="billing-state" autocomplete="billing address-level1">
+        </div>
+      </div>
+      <div class="row">
+        <div class="field">
+          <label for="billing-zip">ZIP</label>
+          <input type="text" id="billing-zip" autocomplete="billing postal-code">
+        </div>
+        <div class="field">
+          <label for="billing-country">Country</label>
+          <input type="text" id="billing-country" placeholder="US" autocomplete="billing country">
+        </div>
+      </div>
+    </div>
+    <div class="card">
+      <div class="card-title">Shipping Address</div>
+      <div class="checkbox-row">
+        <input type="checkbox" id="same-as-billing" checked>
+        <label for="same-as-billing">Same as billing</label>
+      </div>
+      <div id="shipping-fields" class="hidden">
+        <div class="field">
+          <label for="shipping-street">Street</label>
+          <input type="text" id="shipping-street" autocomplete="shipping street-address">
+        </div>
+        <div class="row">
+          <div class="field">
+            <label for="shipping-city">City</label>
+            <input type="text" id="shipping-city" autocomplete="shipping address-level2">
+          </div>
+          <div class="field">
+            <label for="shipping-state">State</label>
+            <input type="text" id="shipping-state" autocomplete="shipping address-level1">
+          </div>
+        </div>
+        <div class="row">
+          <div class="field">
+            <label for="shipping-zip">ZIP</label>
+            <input type="text" id="shipping-zip" autocomplete="shipping postal-code">
+          </div>
+          <div class="field">
+            <label for="shipping-country">Country</label>
+            <input type="text" id="shipping-country" placeholder="US" autocomplete="shipping country">
+          </div>
+        </div>
+      </div>
+    </div>
+    <div id="error" class="error hidden"></div>
+    <button class="btn-submit" id="btn-submit">Complete Setup</button>
+  </div>
+  <div id="success-view" class="hidden">
+    <h1>AgentPay</h1>
+    <p class="subtitle">Setup Complete</p>
+    <div class="card">
+      <div class="success-screen">
+        <div class="checkmark">&#10003;</div>
+        <div class="success-msg">Your wallet is ready.</div>
+        <div class="success-hint">You can close this tab and return to the terminal.</div>
+      </div>
+    </div>
+  </div>
+</div>
+<script>
+(function() {
+  var token = ${JSON.stringify(token)};
+  var formView = document.getElementById('form-view');
+  var successView = document.getElementById('success-view');
+  var btnSubmit = document.getElementById('btn-submit');
+  var errDiv = document.getElementById('error');
+  var sameAsBilling = document.getElementById('same-as-billing');
+  var shippingFields = document.getElementById('shipping-fields');
+  sameAsBilling.addEventListener('change', function() {
+    shippingFields.classList.toggle('hidden', sameAsBilling.checked);
+  });
+  function val(id) { return document.getElementById(id).value.trim(); }
+  function showError(msg) {
+    errDiv.textContent = msg;
+    errDiv.classList.remove('hidden');
+  }
+  function clearError() {
+    errDiv.classList.add('hidden');
+  }
+  btnSubmit.addEventListener('click', function() {
+    clearError();
+    var passphrase = val('passphrase');
+    var passphraseConfirm = val('passphrase-confirm');
+    if (!passphrase) { showError('Passphrase is required.'); return; }
+    if (passphrase !== passphraseConfirm) { showError('Passphrases do not match.'); return; }
+    var cardNumber = val('card-number');
+    var cardExpiry = val('card-expiry');
+    var cardCvv = val('card-cvv');
+    if (!cardNumber || !cardExpiry || !cardCvv) { showError('Card number, expiry, and CVV are required.'); return; }
+    var name = val('name');
+    var email = val('email');
+    var phone = val('phone');
+    if (!name || !email || !phone) { showError('Name, email, and phone are required.'); return; }
+    var billingStreet = val('billing-street');
+    var billingCity = val('billing-city');
+    var billingState = val('billing-state');
+    var billingZip = val('billing-zip');
+    var billingCountry = val('billing-country');
+    if (!billingStreet || !billingCity || !billingState || !billingZip || !billingCountry) {
+      showError('All billing address fields are required.'); return;
+    }
+    var shippingStreet, shippingCity, shippingState, shippingZip, shippingCountry;
+    if (sameAsBilling.checked) {
+      shippingStreet = billingStreet;
+      shippingCity = billingCity;
+      shippingState = billingState;
+      shippingZip = billingZip;
+      shippingCountry = billingCountry;
+    } else {
+      shippingStreet = val('shipping-street');
+      shippingCity = val('shipping-city');
+      shippingState = val('shipping-state');
+      shippingZip = val('shipping-zip');
+      shippingCountry = val('shipping-country');
+      if (!shippingStreet || !shippingCity || !shippingState || !shippingZip || !shippingCountry) {
+        showError('All shipping address fields are required.'); return;
+      }
+    }
+    var budget = parseFloat(document.getElementById('budget').value) || 0;
+    var limitPerTx = parseFloat(document.getElementById('limit-per-tx').value) || 0;
+    btnSubmit.disabled = true;
+    btnSubmit.textContent = 'Setting up...';
+    fetch('/api/setup', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        token: token,
+        passphrase: passphrase,
+        budget: budget,
+        limitPerTx: limitPerTx,
+        card: { number: cardNumber, expiry: cardExpiry, cvv: cardCvv },
+        name: name,
+        email: email,
+        phone: phone,
+        billingAddress: { street: billingStreet, city: billingCity, state: billingState, zip: billingZip, country: billingCountry },
+        shippingAddress: { street: shippingStreet, city: shippingCity, state: shippingState, zip: shippingZip, country: shippingCountry }
+      })
+    })
+    .then(function(res) { return res.json(); })
+    .then(function(data) {
+      if (data.error) {
+        showError(data.error);
+        btnSubmit.disabled = false;
+        btnSubmit.textContent = 'Complete Setup';
+      } else {
+        formView.classList.add('hidden');
+        successView.classList.remove('hidden');
+        setTimeout(function() { window.close(); }, 3000);
+      }
+    })
+    .catch(function() {
+      showError('Failed to submit. Is the CLI still running?');
+      btnSubmit.disabled = false;
+      btnSubmit.textContent = 'Complete Setup';
+    });
+  });
+})();
+</script>
+</body>
+</html>`;
+}
+// src/server/setup-server.ts
+init_open_browser();
+init_keypair();
+init_paths();
+init_errors();
+var TIMEOUT_MS2 = 10 * 60 * 1e3;
+var MAX_BODY2 = 8192;
+function parseBody2(req) {
+  return new Promise((resolve, reject) => {
+    const chunks = [];
+    let size = 0;
+    req.on("data", (chunk) => {
+      size += chunk.length;
+      if (size > MAX_BODY2) {
+        req.destroy();
+        reject(new Error("Request body too large"));
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on("end", () => {
+      try {
+        const text = Buffer.concat(chunks).toString("utf8");
+        resolve(text ? JSON.parse(text) : {});
+      } catch {
+        reject(new Error("Invalid JSON"));
+      }
+    });
+    req.on("error", reject);
+  });
+}
+function sendJson2(res, status, body) {
+  const json = JSON.stringify(body);
+  res.writeHead(status, {
+    "Content-Type": "application/json",
+    "Content-Length": Buffer.byteLength(json)
+  });
+  res.end(json);
+}
+function sendHtml2(res, html) {
+  res.writeHead(200, {
+    "Content-Type": "text/html; charset=utf-8",
+    "Content-Length": Buffer.byteLength(html)
+  });
+  res.end(html);
+}
+function isNonEmptyString(val) {
+  return typeof val === "string" && val.length > 0;
+}
+function isAddress(val) {
+  if (!val || typeof val !== "object") return false;
+  const a = val;
+  return isNonEmptyString(a.street) && isNonEmptyString(a.city) && isNonEmptyString(a.state) && isNonEmptyString(a.zip) && isNonEmptyString(a.country);
+}
+function isCard(val) {
+  if (!val || typeof val !== "object") return false;
+  const c = val;
+  return isNonEmptyString(c.number) && isNonEmptyString(c.expiry) && isNonEmptyString(c.cvv);
+}
+function createSetupServer(options) {
+  const nonce = randomBytes4(32).toString("hex");
+  let settled = false;
+  let tokenUsed = false;
+  let resolvePromise;
+  let rejectPromise;
+  let timer;
+  let serverInstance;
+  const promise = new Promise((resolve, reject) => {
+    resolvePromise = resolve;
+    rejectPromise = reject;
+  });
+  function cleanup() {
+    clearTimeout(timer);
+    serverInstance.close();
+  }
+  const home = options?.home ?? getHomePath();
+  serverInstance = createServer2(async (req, res) => {
+    const url = new URL(req.url ?? "/", `http://${req.headers.host}`);
+    const method = req.method ?? "GET";
+    try {
+      if (method === "GET" && url.pathname === "/setup") {
+        const token = url.searchParams.get("token");
+        if (token !== nonce || tokenUsed) {
+          sendHtml2(res, "<h1>Invalid or expired link.</h1>");
+          return;
+        }
+        sendHtml2(res, getSetupHtml(nonce));
+        return;
+      }
+      if (method === "POST" && url.pathname === "/api/setup") {
+        const body = await parseBody2(req);
+        if (body.token !== nonce || tokenUsed) {
+          sendJson2(res, 403, { error: "Invalid or expired token." });
+          return;
+        }
+        const passphrase = body.passphrase;
+        if (!isNonEmptyString(passphrase)) {
+          sendJson2(res, 400, { error: "Passphrase is required." });
+          return;
+        }
+        if (!isCard(body.card)) {
+          sendJson2(res, 400, { error: "Card number, expiry, and CVV are required." });
+          return;
+        }
+        if (!isNonEmptyString(body.name) || !isNonEmptyString(body.email) || !isNonEmptyString(body.phone)) {
+          sendJson2(res, 400, { error: "Name, email, and phone are required." });
+          return;
+        }
+        if (!isAddress(body.billingAddress)) {
+          sendJson2(res, 400, { error: "Complete billing address is required." });
+          return;
+        }
+        if (!isAddress(body.shippingAddress)) {
+          sendJson2(res, 400, { error: "Complete shipping address is required." });
+          return;
+        }
+        try {
+          mkdirSync7(home, { recursive: true });
+          const credentials = {
+            card: { number: body.card.number, expiry: body.card.expiry, cvv: body.card.cvv },
+            name: body.name,
+            billingAddress: {
+              street: body.billingAddress.street,
+              city: body.billingAddress.city,
+              state: body.billingAddress.state,
+              zip: body.billingAddress.zip,
+              country: body.billingAddress.country
+            },
+            shippingAddress: {
+              street: body.shippingAddress.street,
+              city: body.shippingAddress.city,
+              state: body.shippingAddress.state,
+              zip: body.shippingAddress.zip,
+              country: body.shippingAddress.country
+            },
+            email: body.email,
+            phone: body.phone
+          };
+          const credPath = join4(home, "credentials.enc");
+          const vault = encrypt(credentials, passphrase);
+          saveVault(vault, credPath);
+          const keysDir = join4(home, "keys");
+          mkdirSync7(keysDir, { recursive: true });
+          const keys = generateKeyPair(passphrase);
+          saveKeyPair(keys, join4(keysDir, "public.pem"), join4(keysDir, "private.pem"));
+          const budget = typeof body.budget === "number" ? body.budget : 0;
+          const limitPerTx = typeof body.limitPerTx === "number" ? body.limitPerTx : 0;
+          const bm = new BudgetManager(join4(home, "wallet.json"));
+          bm.initWallet(budget, limitPerTx);
+          const audit = new AuditLogger(join4(home, "audit.log"));
+          audit.log("SETUP", { message: "credentials encrypted, keypair generated, wallet initialized", source: "browser-setup" });
+        } catch (err) {
+          const msg = err instanceof Error ? err.message : "Setup failed";
+          sendJson2(res, 500, { error: msg });
+          return;
+        }
+        tokenUsed = true;
+        sendJson2(res, 200, { ok: true });
+        if (!settled) {
+          settled = true;
+          cleanup();
+          resolvePromise({ completed: true });
+        }
+        return;
+      }
+      sendJson2(res, 404, { error: "Not found" });
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Internal error";
+      sendJson2(res, 500, { error: message });
+    }
+  });
+  timer = setTimeout(() => {
+    if (!settled) {
+      settled = true;
+      cleanup();
+      rejectPromise(new TimeoutError("Setup timed out after 10 minutes."));
+    }
+  }, TIMEOUT_MS2);
+  serverInstance.on("error", (err) => {
+    if (!settled) {
+      settled = true;
+      cleanup();
+      rejectPromise(err);
+    }
+  });
+  let portValue = 0;
+  const handle = {
+    server: serverInstance,
+    token: nonce,
+    get port() {
+      return portValue;
+    },
+    promise
+  };
+  serverInstance.listen(0, "127.0.0.1", () => {
+    const addr = serverInstance.address();
+    if (!addr || typeof addr === "string") {
+      if (!settled) {
+        settled = true;
+        cleanup();
+        rejectPromise(new Error("Failed to bind server"));
+      }
+      return;
+    }
+    portValue = addr.port;
+    const pageUrl = `http://127.0.0.1:${addr.port}/setup?token=${nonce}`;
+    if (options?.openBrowser !== false) {
+      console.log("Opening setup form in browser...");
+      openBrowser(pageUrl);
     }
+  });
+  return handle;
+}
+function requestBrowserSetup(home) {
+  const handle = createSetupServer({ openBrowser: true, home });
+  return handle.promise;
+}
+// src/server/index.ts
+init_esm_shims();
+import { createServer as createServer3 } from "http";
+// src/server/html.ts
+init_esm_shims();
+function getDashboardHtml() {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>AgentPay Dashboard</title>
+<style>
+  *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+  body {
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+    background: #f5f5f5;
+    color: #111;
+    min-height: 100vh;
+    display: flex;
+    justify-content: center;
+    padding: 40px 16px;
+  }
+  .container { width: 100%; max-width: 480px; }
+  h1 { font-size: 24px; font-weight: 700; margin-bottom: 8px; }
+  h2 { font-size: 18px; font-weight: 600; margin-bottom: 12px; }
+  .subtitle { color: #666; font-size: 14px; margin-bottom: 32px; }
+  .card {
+    background: #fff;
+    border-radius: 8px;
+    padding: 24px;
+    margin-bottom: 16px;
+    border: 1px solid #e0e0e0;
+  }
+  label { display: block; font-size: 13px; font-weight: 500; color: #333; margin-bottom: 4px; }
+  input, select {
+    width: 100%;
+    padding: 10px 12px;
+    border: 1px solid #d0d0d0;
+    border-radius: 8px;
+    font-size: 14px;
+    margin-bottom: 16px;
+    outline: none;
+    transition: border-color 0.15s;
+  }
+  input:focus { border-color: #111; }
+  .row { display: flex; gap: 12px; }
+  .row > div { flex: 1; }
+  button {
+    width: 100%;
+    padding: 12px;
+    border: none;
+    border-radius: 8px;
+    font-size: 14px;
+    font-weight: 600;
+    cursor: pointer;
+    transition: opacity 0.15s;
+  }
+  button:hover { opacity: 0.85; }
+  button:disabled { opacity: 0.5; cursor: not-allowed; }
+  .btn-primary { background: #111; color: #fff; }
+  .btn-secondary { background: #e0e0e0; color: #111; }
+  /* Progress bar for wizard */
+  .progress { display: flex; gap: 6px; margin-bottom: 24px; }
+  .progress .step {
+    flex: 1; height: 4px; border-radius: 2px; background: #e0e0e0;
+    transition: background 0.3s;
+  }
+  .progress .step.active { background: #111; }
+  /* Balance display */
+  .balance-display {
+    text-align: center;
+    padding: 32px 0;
+  }
+  .balance-amount {
+    font-size: 48px;
+    font-weight: 700;
+    letter-spacing: -1px;
+  }
+  .balance-label { font-size: 13px; color: #666; margin-top: 4px; }
+  /* Budget bar */
+  .budget-bar-container { margin: 16px 0; }
+  .budget-bar {
+    height: 8px;
+    background: #e0e0e0;
+    border-radius: 4px;
+    overflow: hidden;
+  }
+  .budget-bar-fill {
+    height: 100%;
+    background: #111;
+    border-radius: 4px;
+    transition: width 0.3s;
+  }
+  .budget-bar-labels {
+    display: flex;
+    justify-content: space-between;
+    font-size: 12px;
+    color: #666;
+    margin-top: 4px;
+  }
+  /* Stats grid */
+  .stats { display: grid; grid-template-columns: 1fr 1fr; gap: 12px; margin-bottom: 16px; }
+  .stat { text-align: center; padding: 12px; background: #f9f9f9; border-radius: 8px; }
+  .stat-value { font-size: 18px; font-weight: 700; }
+  .stat-label { font-size: 11px; color: #666; margin-top: 2px; }
+  /* Add funds inline */
+  .add-funds-row { display: flex; gap: 8px; }
+  .add-funds-row input { margin-bottom: 0; flex: 1; }
+  .add-funds-row button { width: auto; padding: 10px 20px; }
+  /* Transactions */
+  .tx-list { margin-top: 12px; }
+  .tx-item {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: 10px 0;
+    border-bottom: 1px solid #f0f0f0;
+    font-size: 13px;
+  }
+  .tx-item:last-child { border-bottom: none; }
+  .tx-merchant { font-weight: 500; }
+  .tx-amount { font-weight: 600; }
+  .tx-status {
+    font-size: 11px;
+    padding: 2px 6px;
+    border-radius: 4px;
+    font-weight: 500;
+  }
+  .tx-status.completed { background: #e6f4ea; color: #1e7e34; }
+  .tx-status.pending { background: #fff8e1; color: #f57f17; }
+  .tx-status.failed { background: #fde8e8; color: #c62828; }
+  .tx-status.rejected { background: #fde8e8; color: #c62828; }
+  .tx-status.approved { background: #e3f2fd; color: #1565c0; }
+  .tx-status.executing { background: #e3f2fd; color: #1565c0; }
+  .error { color: #c62828; font-size: 13px; margin-top: 8px; }
+  .success { color: #1e7e34; font-size: 13px; margin-top: 8px; }
+  .hidden { display: none; }
+  /* Checkbox row for same-as-billing */
+  .checkbox-row {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    margin-bottom: 16px;
   }
+  .checkbox-row input { width: auto; margin: 0; }
+  .checkbox-row label { margin: 0; }
+</style>
+</head>
+<body>
+<div class="container" id="app">
+  <div id="loading">Loading...</div>
+</div>
+<script>
+const App = {
+  state: { isSetup: false, wallet: null, recentTransactions: [], wizardStep: 1 },
+  async init() {
+    try {
+      const res = await fetch('/api/status');
+      const data = await res.json();
+      this.state.isSetup = data.isSetup;
+      this.state.wallet = data.wallet;
+      this.state.recentTransactions = data.recentTransactions || [];
+    } catch (e) {
+      console.error('Failed to load status', e);
+    }
+    this.render();
+  },
+  render() {
+    const app = document.getElementById('app');
+    if (this.state.isSetup && this.state.wallet) {
+      app.innerHTML = this.renderDashboard();
+      this.bindDashboard();
+    } else if (this.state.isSetup) {
+      app.innerHTML = '<div class="card"><h2>Setup detected</h2><p>Wallet data could not be loaded. Try running <code>agentpay budget --set 100</code> from the CLI.</p></div>';
+    } else {
+      app.innerHTML = this.renderWizard();
+      this.bindWizard();
+    }
+  },
+  fmt(n) {
+    return '$' + Number(n).toFixed(2);
+  },
+  renderDashboard() {
+    const w = this.state.wallet;
+    const pct = w.budget > 0 ? Math.min(100, (w.spent / w.budget) * 100) : 0;
+    const txHtml = this.state.recentTransactions.length === 0
+      ? '<p style="color:#666;font-size:13px;">No transactions yet.</p>'
+      : this.state.recentTransactions.map(tx => \`
+          <div class="tx-item">
+            <div>
+              <div class="tx-merchant">\${this.esc(tx.merchant)}</div>
+              <div style="color:#999;font-size:11px;">\${new Date(tx.createdAt).toLocaleDateString()}</div>
+            </div>
+            <div style="text-align:right">
+              <div class="tx-amount">\${this.fmt(tx.amount)}</div>
+              <span class="tx-status \${tx.status}">\${tx.status}</span>
+            </div>
+          </div>\`).join('');
+    return \`
+      <h1>AgentPay</h1>
+      <p class="subtitle">Wallet Dashboard</p>
+      <div class="card">
+        <div class="balance-display">
+          <div class="balance-amount">\${this.fmt(w.balance)}</div>
+          <div class="balance-label">Available Balance</div>
+        </div>
+        <div class="budget-bar-container">
+          <div class="budget-bar"><div class="budget-bar-fill" style="width:\${pct.toFixed(1)}%"></div></div>
+          <div class="budget-bar-labels">
+            <span>\${this.fmt(w.spent)} spent</span>
+            <span>\${this.fmt(w.budget)} budget</span>
+          </div>
+        </div>
+      </div>
+      <div class="card">
+        <div class="stats">
+          <div class="stat"><div class="stat-value">\${this.fmt(w.budget)}</div><div class="stat-label">Total Budget</div></div>
+          <div class="stat"><div class="stat-value">\${this.fmt(w.spent)}</div><div class="stat-label">Total Spent</div></div>
+          <div class="stat"><div class="stat-value">\${this.fmt(w.balance)}</div><div class="stat-label">Remaining</div></div>
+          <div class="stat"><div class="stat-value">\${w.limitPerTx > 0 ? this.fmt(w.limitPerTx) : 'None'}</div><div class="stat-label">Per-Tx Limit</div></div>
+        </div>
+      </div>
+      <div class="card">
+        <h2>Add Funds</h2>
+        <div class="add-funds-row">
+          <input type="number" id="fundAmount" placeholder="Amount" min="0.01" step="0.01">
+          <button class="btn-primary" id="fundBtn">Add</button>
+        </div>
+        <div id="fundMsg"></div>
+      </div>
+      <div class="card">
+        <h2>Recent Transactions</h2>
+        <div class="tx-list">\${txHtml}</div>
+      </div>
+    \`;
+  },
+  bindDashboard() {
+    const btn = document.getElementById('fundBtn');
+    const input = document.getElementById('fundAmount');
+    const msg = document.getElementById('fundMsg');
+    btn.addEventListener('click', async () => {
+      const amount = parseFloat(input.value);
+      if (!amount || amount <= 0) {
+        msg.innerHTML = '<p class="error">Enter a valid amount.</p>';
+        return;
+      }
+      btn.disabled = true;
+      btn.textContent = '...';
+      try {
+        const res = await fetch('/api/fund', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ amount }),
+        });
+        const data = await res.json();
+        if (data.error) {
+          msg.innerHTML = '<p class="error">' + this.esc(data.error) + '</p>';
+        } else {
+          this.state.wallet = data.wallet;
+          input.value = '';
+          this.render();
+        }
+      } catch (e) {
+        msg.innerHTML = '<p class="error">Request failed.</p>';
+      }
+      btn.disabled = false;
+      btn.textContent = 'Add';
+    });
+  },
+  renderWizard() {
+    const step = this.state.wizardStep;
+    const steps = [1, 2, 3, 4];
+    const progressHtml = '<div class="progress">' + steps.map(s =>
+      '<div class="step' + (s <= step ? ' active' : '') + '"></div>'
+    ).join('') + '</div>';
+    const titles = ['Create Passphrase', 'Card Information', 'Personal Details', 'Budget & Limits'];
+    let fields = '';
+    if (step === 1) {
+      fields = \`
+        <label for="w_pass">Passphrase</label>
+        <input type="password" id="w_pass" placeholder="Choose a strong passphrase">
+        <label for="w_pass2">Confirm Passphrase</label>
+        <input type="password" id="w_pass2" placeholder="Confirm your passphrase">
+      \`;
+    } else if (step === 2) {
+      fields = \`
+        <label for="w_cardNum">Card Number</label>
+        <input type="text" id="w_cardNum" placeholder="4242 4242 4242 4242">
+        <div class="row">
+          <div><label for="w_expiry">Expiry</label><input type="text" id="w_expiry" placeholder="MM/YY"></div>
+          <div><label for="w_cvv">CVV</label><input type="text" id="w_cvv" placeholder="123"></div>
+        </div>
+      \`;
+    } else if (step === 3) {
+      fields = \`
+        <label for="w_name">Full Name</label>
+        <input type="text" id="w_name" placeholder="Jane Doe">
+        <div class="row">
+          <div><label for="w_email">Email</label><input type="email" id="w_email" placeholder="jane@example.com"></div>
+          <div><label for="w_phone">Phone</label><input type="tel" id="w_phone" placeholder="+1 555 0123"></div>
+        </div>
+        <label for="w_street">Street Address</label>
+        <input type="text" id="w_street" placeholder="123 Main St">
+        <div class="row">
+          <div><label for="w_city">City</label><input type="text" id="w_city" placeholder="San Francisco"></div>
+          <div><label for="w_state">State</label><input type="text" id="w_state" placeholder="CA"></div>
+        </div>
+        <div class="row">
+          <div><label for="w_zip">ZIP</label><input type="text" id="w_zip" placeholder="94102"></div>
+          <div><label for="w_country">Country</label><input type="text" id="w_country" placeholder="US" value="US"></div>
+        </div>
+      \`;
+    } else if (step === 4) {
+      fields = \`
+        <label for="w_budget">Initial Budget ($)</label>
+        <input type="number" id="w_budget" placeholder="200" min="0" step="0.01">
+        <label for="w_limit">Per-Transaction Limit ($)</label>
+        <input type="number" id="w_limit" placeholder="50 (0 = no limit)" min="0" step="0.01">
+      \`;
+    }
+    return \`
+      <h1>AgentPay</h1>
+      <p class="subtitle">Step \${step} of 4 \u2014 \${titles[step - 1]}</p>
+      \${progressHtml}
+      <div class="card">
+        \${fields}
+        <div id="wizardError"></div>
+        <div style="display:flex;gap:8px;margin-top:8px;">
+          \${step > 1 ? '<button class="btn-secondary" id="wizBack">Back</button>' : ''}
+          <button class="btn-primary" id="wizNext">\${step === 4 ? 'Complete Setup' : 'Continue'}</button>
+        </div>
+      </div>
+    \`;
+  },
+  // Wizard form data persisted across steps
+  wizardData: {},
+  bindWizard() {
+    const step = this.state.wizardStep;
+    const errDiv = document.getElementById('wizardError');
+    const nextBtn = document.getElementById('wizNext');
+    const backBtn = document.getElementById('wizBack');
+    // Restore saved data into fields
+    this.restoreWizardFields(step);
+    if (backBtn) {
+      backBtn.addEventListener('click', () => {
+        this.saveWizardFields(step);
+        this.state.wizardStep--;
+        this.render();
+      });
+    }
+    nextBtn.addEventListener('click', async () => {
+      errDiv.innerHTML = '';
+      if (step === 1) {
+        const pass = document.getElementById('w_pass').value;
+        const pass2 = document.getElementById('w_pass2').value;
+        if (!pass) { errDiv.innerHTML = '<p class="error">Passphrase is required.</p>'; return; }
+        if (pass !== pass2) { errDiv.innerHTML = '<p class="error">Passphrases do not match.</p>'; return; }
+        this.wizardData.passphrase = pass;
+        this.state.wizardStep = 2;
+        this.render();
+      } else if (step === 2) {
+        this.saveWizardFields(step);
+        const d = this.wizardData;
+        if (!d.cardNumber) { errDiv.innerHTML = '<p class="error">Card number is required.</p>'; return; }
+        if (!d.expiry) { errDiv.innerHTML = '<p class="error">Expiry is required.</p>'; return; }
+        if (!d.cvv) { errDiv.innerHTML = '<p class="error">CVV is required.</p>'; return; }
+        this.state.wizardStep = 3;
+        this.render();
+      } else if (step === 3) {
+        this.saveWizardFields(step);
+        const d = this.wizardData;
+        if (!d.name) { errDiv.innerHTML = '<p class="error">Full name is required.</p>'; return; }
+        this.state.wizardStep = 4;
+        this.render();
+      } else if (step === 4) {
+        this.saveWizardFields(step);
+        const d = this.wizardData;
+        nextBtn.disabled = true;
+        nextBtn.textContent = 'Setting up...';
+        try {
+          const res = await fetch('/api/setup', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+              passphrase: d.passphrase,
+              credentials: {
+                card: { number: d.cardNumber, expiry: d.expiry, cvv: d.cvv },
+                name: d.name,
+                billingAddress: { street: d.street || '', city: d.city || '', state: d.state || '', zip: d.zip || '', country: d.country || 'US' },
+                shippingAddress: { street: d.street || '', city: d.city || '', state: d.state || '', zip: d.zip || '', country: d.country || 'US' },
+                email: d.email || '',
+                phone: d.phone || '',
+              },
+              budget: parseFloat(d.budget) || 0,
+              limitPerTx: parseFloat(d.limit) || 0,
+            }),
+          });
+          const result = await res.json();
+          if (result.error) {
+            errDiv.innerHTML = '<p class="error">' + this.esc(result.error) + '</p>';
+            nextBtn.disabled = false;
+            nextBtn.textContent = 'Complete Setup';
+          } else {
+            this.state.isSetup = true;
+            this.state.wallet = result.wallet;
+            this.state.recentTransactions = [];
+            this.wizardData = {};
+            this.render();
+          }
+        } catch (e) {
+          errDiv.innerHTML = '<p class="error">Setup request failed.</p>';
+          nextBtn.disabled = false;
+          nextBtn.textContent = 'Complete Setup';
+        }
+      }
+    });
+  },
+  saveWizardFields(step) {
+    const val = (id) => { const el = document.getElementById(id); return el ? el.value : ''; };
+    if (step === 2) {
+      this.wizardData.cardNumber = val('w_cardNum');
+      this.wizardData.expiry = val('w_expiry');
+      this.wizardData.cvv = val('w_cvv');
+    } else if (step === 3) {
+      this.wizardData.name = val('w_name');
+      this.wizardData.email = val('w_email');
+      this.wizardData.phone = val('w_phone');
+      this.wizardData.street = val('w_street');
+      this.wizardData.city = val('w_city');
+      this.wizardData.state = val('w_state');
+      this.wizardData.zip = val('w_zip');
+      this.wizardData.country = val('w_country');
+    } else if (step === 4) {
+      this.wizardData.budget = val('w_budget');
+      this.wizardData.limit = val('w_limit');
+    }
+  },
+  restoreWizardFields(step) {
+    const set = (id, val) => { const el = document.getElementById(id); if (el && val) el.value = val; };
+    if (step === 2) {
+      set('w_cardNum', this.wizardData.cardNumber);
+      set('w_expiry', this.wizardData.expiry);
+      set('w_cvv', this.wizardData.cvv);
+    } else if (step === 3) {
+      set('w_name', this.wizardData.name);
+      set('w_email', this.wizardData.email);
+      set('w_phone', this.wizardData.phone);
+      set('w_street', this.wizardData.street);
+      set('w_city', this.wizardData.city);
+      set('w_state', this.wizardData.state);
+      set('w_zip', this.wizardData.zip);
+      set('w_country', this.wizardData.country);
+    } else if (step === 4) {
+      set('w_budget', this.wizardData.budget);
+      set('w_limit', this.wizardData.limit);
+    }
+  },
+  esc(s) {
+    const d = document.createElement('div');
+    d.textContent = s;
+    return d.innerHTML;
+  },
 };
+App.init();
+</script>
+</body>
+</html>`;
+}
+// src/server/routes.ts
+init_esm_shims();
+import { existsSync as existsSync2, mkdirSync as mkdirSync8 } from "fs";
+init_keypair();
+init_paths();
+function handleGetStatus() {
+  const isSetup = existsSync2(getCredentialsPath());
+  if (!isSetup) {
+    return { status: 200, body: { isSetup: false } };
+  }
+  try {
+    const bm = new BudgetManager();
+    const wallet = bm.getBalance();
+    const tm = new TransactionManager();
+    const recent = tm.list().slice(-10).reverse();
+    return {
+      status: 200,
+      body: { isSetup: true, wallet, recentTransactions: recent }
+    };
+  } catch {
+    return { status: 200, body: { isSetup: true, wallet: null, recentTransactions: [] } };
+  }
+}
+function handlePostSetup(body) {
+  if (!body.passphrase || !body.credentials) {
+    return { status: 400, body: { error: "Missing passphrase or credentials" } };
+  }
+  try {
+    const home = getHomePath();
+    mkdirSync8(home, { recursive: true });
+    const vault = encrypt(body.credentials, body.passphrase);
+    saveVault(vault, getCredentialsPath());
+    const keys = generateKeyPair(body.passphrase);
+    mkdirSync8(getKeysPath(), { recursive: true });
+    saveKeyPair(keys);
+    const bm = new BudgetManager();
+    bm.initWallet(body.budget || 0, body.limitPerTx || 0);
+    const audit = new AuditLogger();
+    audit.log("SETUP", { source: "dashboard", message: "credentials encrypted, keypair generated, wallet initialized" });
+    const wallet = bm.getBalance();
+    return { status: 200, body: { success: true, wallet } };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Setup failed";
+    return { status: 500, body: { error: message } };
+  }
+}
+function handlePostFund(body) {
+  if (!body.amount || body.amount <= 0) {
+    return { status: 400, body: { error: "Amount must be positive" } };
+  }
+  try {
+    const bm = new BudgetManager();
+    const wallet = bm.addFunds(body.amount);
+    const audit = new AuditLogger();
+    audit.log("ADD_FUNDS", { source: "dashboard", amount: body.amount });
+    return { status: 200, body: { success: true, wallet } };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to add funds";
+    return { status: 500, body: { error: message } };
+  }
+}
+// src/server/index.ts
+var MAX_BODY3 = 1048576;
+function parseBody3(req) {
+  return new Promise((resolve, reject) => {
+    const chunks = [];
+    let size = 0;
+    req.on("data", (chunk) => {
+      size += chunk.length;
+      if (size > MAX_BODY3) {
+        req.destroy();
+        reject(new Error("Request body too large"));
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on("end", () => {
+      try {
+        const text = Buffer.concat(chunks).toString("utf8");
+        resolve(text ? JSON.parse(text) : {});
+      } catch {
+        reject(new Error("Invalid JSON"));
+      }
+    });
+    req.on("error", reject);
+  });
+}
+function sendJson3(res, status, body) {
+  const json = JSON.stringify(body);
+  res.writeHead(status, {
+    "Content-Type": "application/json",
+    "Content-Length": Buffer.byteLength(json)
+  });
+  res.end(json);
+}
+function sendHtml3(res, html) {
+  res.writeHead(200, {
+    "Content-Type": "text/html; charset=utf-8",
+    "Content-Length": Buffer.byteLength(html)
+  });
+  res.end(html);
+}
+function startServer(port) {
+  return new Promise((resolve, reject) => {
+    const server = createServer3(async (req, res) => {
+      const url = req.url ?? "/";
+      const method = req.method ?? "GET";
+      try {
+        if (method === "GET" && url === "/api/status") {
+          const result = handleGetStatus();
+          sendJson3(res, result.status, result.body);
+        } else if (method === "POST" && url === "/api/setup") {
+          const body = await parseBody3(req);
+          const result = handlePostSetup(body);
+          sendJson3(res, result.status, result.body);
+        } else if (method === "POST" && url === "/api/fund") {
+          const body = await parseBody3(req);
+          const result = handlePostFund(body);
+          sendJson3(res, result.status, result.body);
+        } else if (method === "GET" && (url === "/" || url === "/index.html")) {
+          sendHtml3(res, getDashboardHtml());
+        } else {
+          sendJson3(res, 404, { error: "Not found" });
+        }
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Internal error";
+        sendJson3(res, 500, { error: message });
+      }
+    });
+    server.on("error", (err) => {
+      if (err.code === "EADDRINUSE") {
+        reject(new Error(`Port ${port} is already in use. Try a different port with --port <number>.`));
+      } else {
+        reject(err);
+      }
+    });
+    server.listen(port, "127.0.0.1", () => {
+      resolve(server);
+    });
+  });
+}
+// src/index.ts
+init_open_browser();
+// src/utils/prompt.ts
+init_esm_shims();
+import { createInterface } from "readline";
+function createRl() {
+  return createInterface({ input: process.stdin, output: process.stdout });
+}
+function promptInput(question) {
+  return new Promise((resolve) => {
+    const rl = createRl();
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(answer.trim());
+    });
+  });
+}
+async function promptPassphrase(prompt = "Passphrase: ") {
+  return promptInput(prompt);
+}
+function promptConfirm(question) {
+  return new Promise((resolve) => {
+    const rl = createRl();
+    rl.question(`${question} (y/N): `, (answer) => {
+      rl.close();
+      resolve(answer.trim().toLowerCase() === "y" || answer.trim().toLowerCase() === "yes");
+    });
+  });
+}
+async function promptPassphraseSafe(context) {
+  if (process.stdin.isTTY) {
+    return promptPassphrase("Enter passphrase: ");
+  }
+  const { collectPassphrase: collectPassphrase2 } = await Promise.resolve().then(() => (init_passphrase_server(), passphrase_server_exports));
+  return collectPassphrase2(context);
+}
 // src/agentpay.ts
 init_esm_shims();
-import { join as join2 } from "path";
+import { join as join5 } from "path";
+init_mandate();
+init_paths();
 init_errors();
 var AgentPay = class {
   home;
@@ -810,9 +3177,9 @@ var AgentPay = class {
   constructor(options) {
     this.home = options?.home ?? getHomePath();
     this.passphrase = options?.passphrase;
-    this.budgetManager = new BudgetManager(join2(this.home, "wallet.json"));
-    this.txManager = new TransactionManager(join2(this.home, "transactions.json"));
-    this.auditLogger = new AuditLogger(join2(this.home, "audit.log"));
+    this.budgetManager = new BudgetManager(join5(this.home, "wallet.json"));
+    this.txManager = new TransactionManager(join5(this.home, "transactions.json"));
+    this.auditLogger = new AuditLogger(join5(this.home, "audit.log"));
     this.executor = new PurchaseExecutor(options?.executor);
   }
   get wallet() {
@@ -823,19 +3190,16 @@ var AgentPay = class {
       getLimits: () => {
         const w = bm.getBalance();
         return { budget: w.budget, limitPerTx: w.limitPerTx, remaining: w.balance };
-      },
-      generateFundingQR: async (options) => {
-        const QRCode = await import("qrcode");
-        const params = new URLSearchParams();
-        if (options?.suggestedBudget) params.set("budget", String(options.suggestedBudget));
-        if (options?.message) params.set("msg", options.message);
-        const baseUrl = process.env.AGENTPAY_WEB_URL ?? "http://localhost:3000";
-        const url = `${baseUrl}/setup${params.toString() ? `?${params.toString()}` : ""}`;
-        const qrDataUrl = await QRCode.toDataURL(url);
-        return { url, qrDataUrl };
       }
     };
   }
+  get config() {
+    return {
+      get: () => loadConfig(this.home),
+      setMobileMode: (enabled) => setMobileMode(enabled, this.home),
+      save: (config) => saveConfig(config, this.home)
+    };
+  }
   get transactions() {
     return {
       propose: (options) => {
@@ -849,6 +3213,33 @@ var AgentPay = class {
         const { waitForApproval: waitForApproval2 } = await Promise.resolve().then(() => (init_poller(), poller_exports));
         return waitForApproval2(txId, this.txManager, options);
       },
+      requestApproval: async (txId) => {
+        const tx = this.txManager.get(txId);
+        if (!tx) throw new Error(`Transaction ${txId} not found.`);
+        if (tx.status !== "pending") throw new Error(`Transaction ${txId} is not pending.`);
+        const { existsSync: existsSync3 } = await import("fs");
+        const keyPath = join5(this.home, "keys", "private.pem");
+        if (!existsSync3(keyPath)) {
+          throw new Error('Private key not found. Run "agentpay setup" first.');
+        }
+        const { requestBrowserApproval: requestBrowserApproval2 } = await Promise.resolve().then(() => (init_approval_server(), approval_server_exports));
+        return requestBrowserApproval2(tx, this.txManager, this.auditLogger, this.home);
+      },
+      requestMobileApproval: async (txId, notify) => {
+        const tx = this.txManager.get(txId);
+        if (!tx) throw new Error(`Transaction ${txId} not found.`);
+        if (tx.status !== "pending") throw new Error(`Transaction ${txId} is not pending.`);
+        const { existsSync: existsSync3 } = await import("fs");
+        const keyPath = join5(this.home, "keys", "private.pem");
+        if (!existsSync3(keyPath)) {
+          throw new Error('Private key not found. Run "agentpay setup" first.');
+        }
+        const { requestMobileApproval: requestMobileApproval2 } = await Promise.resolve().then(() => (init_mobile_approval_server(), mobile_approval_server_exports));
+        return requestMobileApproval2(tx, this.txManager, this.auditLogger, {
+          notify,
+          home: this.home
+        });
+      },
       execute: async (txId) => {
         const tx = this.txManager.get(txId);
         if (!tx) throw new Error(`Transaction ${txId} not found.`);
@@ -878,7 +3269,7 @@ var AgentPay = class {
           if (!this.passphrase) {
             throw new Error("Passphrase required for execution. Pass it to AgentPay constructor.");
           }
-          const vaultPath = join2(this.home, "credentials.enc");
+          const vaultPath = join5(this.home, "credentials.enc");
           const vault = loadVault(vaultPath);
           const credentials = decrypt(vault, this.passphrase);
           const result = await this.executor.execute(tx, credentials);
@@ -909,6 +3300,7 @@ var AgentPay = class {
     return { getLog: () => this.auditLogger.getLog() };
   }
   status() {
+    const cfg = loadConfig(this.home);
     try {
       const wallet = this.budgetManager.getBalance();
       const pending = this.txManager.getPending();
@@ -919,7 +3311,8 @@ var AgentPay = class {
         limitPerTx: wallet.limitPerTx,
         pending,
         recent,
-        isSetup: true
+        isSetup: true,
+        mobileMode: cfg.mobileMode
       };
     } catch {
       return {
@@ -928,14 +3321,15 @@ var AgentPay = class {
         limitPerTx: 0,
         pending: [],
         recent: [],
-        isSetup: false
+        isSetup: false,
+        mobileMode: cfg.mobileMode
       };
     }
   }
 };
 // src/index.ts
-var VERSION = "0.1.0";
+var VERSION = true ? "0.1.3" : "0.0.0";
 export {
   AgentPay,
   AlreadyExecutedError,
@@ -970,11 +3364,25 @@ export {
   getPlaceholderVariables,
   getTransactionsPath,
   getWalletPath,
+  loadConfig,
   loadPrivateKey,
   loadPublicKey,
   loadVault,
+  openBrowser,
+  openTunnel,
+  promptConfirm,
+  promptInput,
+  promptPassphrase,
+  promptPassphraseSafe,
+  requestBrowserApproval,
+  requestBrowserSetup,
+  requestMobileApproval,
+  saveConfig,
   saveKeyPair,
   saveVault,
+  sendNotification,
+  setMobileMode,
+  startServer as startDashboardServer,
   verifyMandate,
   waitForApproval
 };