npm - @visa/cli - Versions diffs - 1.0.3 → 1.0.4-rc.3 - Mend

@visa/cli 1.0.3 → 1.0.4-rc.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +87 -115
package/dist/cli.js +52 -13
package/dist/mcp-server/index.js +54 -10
package/native/visa-keychain.m +46 -4
package/package.json +5 -4
package/LICENSE +0 -8

package/README.md CHANGED Viewed

@@ -1,159 +1,131 @@
-# Visa CLI
+# @visa/cli
-Enable AI agents to make real payments. Two commands to start, zero build steps.
+AI-powered payments for Claude Code. Exposes Visa card payment tools as MCP (Model Context Protocol) tools so Claude can pay for image generation, video, music, onchain data queries, and more — charged to a Visa card at the point of invocation.
-```bash
-npm install -g @visa/cli
-visa-cli setup
-```
-Then ask Claude:
-```
-Generate me an image of a sunset
-```
----
-## Quick Start
-### 1. Install
+## Install
 ```bash
 npm install -g @visa/cli
 ```
-### 2. Setup
+## Usage
 ```bash
-visa-cli setup
-```
-This does three things in one step:
-1. Registers the MCP server with Claude Code
-2. Opens a browser for GitHub sign-in + card enrollment
-3. Generates a Secure Enclave attestation key (for Touch ID verification)
-Restart Claude Code or run `/mcp` to connect, then start using it.
+# Start MCP server (used by Claude Code)
+visa-cli mcp
-### 3. Start Using It
+# Login with GitHub
+visa-cli login
-Ask Claude naturally:
-```
-Generate me an image of a sunset
-```
+# Add a Visa card
+visa-cli add-card
-```
-What's the price of SOL right now?
-```
+# Check status
+visa-cli status
-```
-Make me a lofi jazz beat
+# View transaction history
+visa-cli history
 ```
-```
-Generate a video of waves crashing on a beach
+### Claude Code integration
+```json
+{
+  "mcpServers": {
+    "visa": {
+      "command": "visa-cli",
+      "args": ["mcp"]
+    }
+  }
+}
 ```
-All payments are handled automatically with your enrolled card. Touch ID confirms each transaction. Result URLs (images, audio, video) open automatically in your browser.
 ---
-## Available Tools
-### AI Generation
+## MCP Tools
-| Tool | What it does | Cost |
-|------|-------------|------|
-| `generate_image_card` | Generate an AI image (Ultra) — FLUX1.1 [pro] ultra, 2K resolution | ~$0.06 |
-| `generate_image_fast_card` | Generate an AI image (Fast) — FLUX1.1 [pro], 1K resolution | ~$0.04 |
-| `generate_video_tempo_card` | Generate an AI video — Grok Imagine Video (xAI), ~6s clip at 720p | ~$0.30 |
-| `generate_music_tempo_card` | Generate a music track via Suno AI | ~$0.10 |
-| `check_music_status_tempo_card` | Check music generation status and get audio URLs | ~$0.01 |
+### Core (immutable)
-### Data & Crypto
+| Tool | Description |
+|------|-------------|
+| `login` | GitHub OAuth login flow |
+| `add_card` | Enroll a Visa card via VGS tokenization |
+| `reset` | Reset auth state |
+| `pay` | Generic payment endpoint |
+| `get_status` | Auth + card + account status |
+| `get_cards` | List enrolled cards |
+| `transaction_history` | Recent transactions with amounts |
+| `update_spending_controls` | Set daily/per-transaction limits |
+| `send_feedback` | Submit feedback on a tool result |
+| `get_feedback` | Retrieve feedback history |
+| `batch` | Batch multiple tool calls |
+| `discover` | List all available tools with pricing |
-| Tool | What it does | Cost |
-|------|-------------|------|
-| `query_onchain_prices_card` | Query real-time token prices from 150+ blockchains via Allium | ~$0.02 |
+### Dynamic (from catalog)
-### Payments & Account
+Loaded from the auth server at runtime with a 5-minute TTL. Falls back to the compiled-in baseline from `@visa/tools` if the server is unreachable.
-| Tool | What it does | Cost |
-|------|-------------|------|
-| `pay` | Pay a merchant URL (auto-detects payment rail) | varies |
-| `batch` | Run any paid tool multiple times in parallel with one Touch ID approval | per-item × count |
-| `get_status` | Check enrollment, cards, and spending controls | free |
-| `get_cards` | List enrolled cards (masked, last 4 only) | free |
-| `transaction_history` | View recent transactions and generated media | free |
-| `update_spending_controls` | Set daily limit, max per-transaction, approval mode | free |
-| `add_card` | Add a payment card | free |
-| `login` | GitHub sign-in + card enrollment | free |
-| `feedback` | Submit feedback about Visa CLI | free |
-| `reset` | Clear all credentials from this device | free |
+Current catalog (18 tools): image generation (FLUX, Recraft, Ideogram, SeedEdit, upscale), video generation (Grok/Luma, Kling, Wan, MiniMax), 3D (Meshy), audio (F5-TTS, Suno), onchain data (Allium, 150+ chains), canvas (pxlwall, USDC/x402 native).
 ---
-## Security
-Every payment requires Touch ID (macOS) via Secure Enclave. This cannot be disabled or bypassed — attestation is verified server-side.
-| Layer | Protection |
-|-------|------------|
-| Session token | macOS Keychain (only credential on device) |
-| Touch ID | Secure Enclave ECDSA signing (hardware-backed) |
-| Spending limits | Server-side enforcement |
-| Rate limiting | Server-side per-session |
-| Card data | Server-side only (never touches the client) |
-### Spending Controls
+## Catalog Resolution
-| Setting | Default | Description |
-|---------|---------|-------------|
-| Max per transaction | $100 | Per-transaction ceiling |
-| Daily limit | $500 | Daily spend ceiling |
-| Daily transaction count | 50 | Daily transaction count ceiling |
-Adjust with: "Set my daily limit to $200"
+```
+1. Live:     GET /v1/suggestions → tools[]   (auth server, TTL-cached, 5 min)
+2. Cache:    ~/.visa-mcp/catalog-cache.json  (disk, <24h)
+3. Baseline: CATALOG from @visa/tools        (compiled-in fallback)
+```
 ---
-## CLI Commands
+## Architecture
-```bash
-visa-cli setup             # Register MCP server, authenticate, and generate attestation key
-visa-cli status            # Show enrollment and spending controls
-visa-cli feedback "msg"    # Submit feedback about Visa CLI
-visa-cli reset --confirm   # Clear session and attestation key
+```
+visa-cli (this package)
+├── cli.ts           Commander CLI entry (login, add-card, status, history, mcp)
+├── api-client.ts    HTTP client for apps/auth (auth, attestation, shortcuts)
+├── mcp-server/
+│   ├── index.ts     MCP server bootstrap, tool registration
+│   ├── tools.ts     Core tool handler implementations
+│   └── suggestions.ts  Dynamic catalog polling
+├── touchid.ts       macOS Touch ID / Secure Enclave attestation
+├── rc-gate.ts       RC version gate (checks RC_CODE_HASH)
+└── config/
+    └── manager.ts   ~/.visa-mcp/config.json read/write
 ```
 ---
-## Troubleshooting
+## Development (monorepo)
-**"Authentication required"** — Run `visa-cli setup` to log in and enroll a card.
-**"Session expired"** — Run `visa-cli setup` to re-authenticate.
-**"Amount exceeds limit"** — Ask Claude to increase your spending limit, or use `update_spending_controls`.
-**"Rate limited"** — Wait a few seconds and try again.
-**Batch request failed / "Merchant server error"** — The upstream API (e.g. fal.ai) may be temporarily overloaded. Wait a minute and retry with a smaller batch. Timeouts scale automatically with batch size.
-**Tools not showing in Claude Code** — Run `/mcp` in Claude Code to reconnect, or restart Claude Code.
+```bash
+# From monorepo root
+pnpm --filter @visa/cli build
+pnpm --filter @visa/cli test
+pnpm --filter @visa/cli test:unit:coverage
----
+# Watch mode
+pnpm --filter @visa/cli dev
+```
-## Requirements
+### RC hash stub
-- macOS (Touch ID or system password required for payment approval)
-- Node.js 18+
-- Claude Code
+`src/__generated__/rc-hash.ts` is committed with an all-zeros stub. The real hash is injected at publish time by `cli-publish.yml` from the `RC_ACCESS_CODE` secret. Local builds with the stub work normally — the RC gate only activates for prerelease versions.
 ---
-## Legal
+## Release Pipeline
-Use of this software is governed by the [Visa CLI Terms of Use](https://auth.visacli.sh/legal/terms) and [Privacy Notice](https://auth.visacli.sh/legal/privacy).
+```
+PR to dev
+  → cli-changeset.yml   (AI classifies bump type, writes .changeset/ file)
+  → CI passes on dev
+  → cli-release-rc.yml  (bumps RC version, pushes v*-rc.* tag)
+  → cli-publish.yml     (injects hash, builds, publishes @visa/cli@rc)
+Merge dev → main
+  → CI passes on main
+  → cli-release-stable.yml  (exits pre mode, bumps stable, pushes v* tag)
+  → cli-publish.yml         (publishes @visa/cli@latest)
+```

package/dist/cli.js CHANGED Viewed

@@ -1,9 +1,33 @@
-"use strict";var fe=Object.create;var K=Object.defineProperty;var pe=Object.getOwnPropertyDescriptor;var ye=Object.getOwnPropertyNames;var he=Object.getPrototypeOf,we=Object.prototype.hasOwnProperty;var Se=(n,e)=>()=>(e||n((e={exports:{}}).exports,e),e.exports);var ve=(n,e,t,s)=>{if(e&&typeof e=="object"||typeof e=="function")for(let r of ye(e))!we.call(n,r)&&r!==t&&K(n,r,{get:()=>e[r],enumerable:!(s=pe(e,r))||s.enumerable});return n};var a=(n,e,t)=>(t=n!=null?fe(he(n)):{},ve(e||!n||!n.__esModule?K(t,"default",{value:n,enumerable:!0}):t,n));var ae=Se((Fe,Ae)=>{Ae.exports={name:"@visa/cli",version:"1.0.3",description:"AI-powered payments for Claude Code",bin:{"visa-cli":"./bin/visa-cli.js"},scripts:{build:"tsc --noEmit && node esbuild.config.js",dev:"tsc --watch",start:"node dist/mcp-server/index.js",test:"jest --config jest.config.js","test:unit":"jest --config jest.config.js","test:unit:watch":"jest --config jest.config.js --watch","test:unit:coverage":"jest --config jest.config.js --coverage","test:smoke":"VISA_AUTH_URL=https://auth.visacli.sh jest --config jest.smoke.config.js","test:integration":"jest --config jest.integration.config.js","test:e2e":"jest --config jest.e2e.config.js","test:all":"npm run test:unit && npm run test:integration && npm run test:e2e",prepare:"husky",prepublishOnly:"npm run build && npm test",lint:"eslint src/**/*.ts",format:'prettier --write "src/**/*.ts"',"format:check":'prettier --check "src/**/*.ts"'},keywords:["visa","checkout","mcp","ai-agent","payments","click-to-pay","usdc","stablecoin"],author:"Visa Crypto Labs",license:"SEE LICENSE IN LICENSE",dependencies:{"@modelcontextprotocol/sdk":"^1.0.0",commander:"^12.1.0"},devDependencies:{"@changesets/changelog-git":"^0.2.1","@changesets/cli":"^2.30.0","@types/jest":"^30.0.0","@types/node":"^22.10.0","@typescript-eslint/eslint-plugin":"^8.56.1","@typescript-eslint/parser":"^8.56.1","@types/express":"^5.0.0",esbuild:"^0.27.4",express:"^4.21.0",eslint:"^10.0.2","eslint-config-prettier":"^10.1.8",husky:"^9.1.7",jest:"^29.7.0",prettier:"^3.8.1","ts-jest":"^29.2.0",typescript:"^5.7.0"},engines:{node:">=18.0.0"},files:["bin/visa-cli.js","dist/","native/visa-keychain.m","README.md","LICENSE"]}});var ce=require("commander"),le=a(require("crypto")),S=a(require("fs")),x=a(require("path")),ue=a(require("os")),F=require("child_process"),ge=require("util");var D=require("child_process"),H=require("util"),d=a(require("fs")),G=a(require("os")),L=a(require("path")),C=(0,H.promisify)(D.execFile),W=L.join(G.homedir(),".visa-mcp"),I=L.join(W,"session-token"),_="visa-cli",O="session-token";async function ke(){try{let{stdout:n}=await C("security",["find-generic-password","-s",_,"-a",O,"-w"],{timeout:5e3});return n.trim()||null}catch{return null}}async function M(n){try{try{await C("security",["delete-generic-password","-s",_,"-a",O],{timeout:5e3})}catch{}return await C("security",["add-generic-password","-s",_,"-a",O,"-w",n],{timeout:5e3}),!0}catch{return!1}}async function be(){try{await C("security",["delete-generic-password","-s",_,"-a",O],{timeout:5e3})}catch{}}var g=class{static async getSessionToken(){if(process.env.VISA_MOCK_KEYCHAIN==="true")return Promise.resolve("mock-session-token-for-testing");let e=await ke();if(e)return e;try{let t=d.readFileSync(I,"utf-8").trim();if(t)return await M(t),t}catch{}return null}static async saveSessionToken(e){if(process.env.VISA_MOCK_KEYCHAIN==="true")return;if(await M(e)){try{d.unlinkSync(I)}catch{}return}d.mkdirSync(W,{recursive:!0,mode:448}),d.writeFileSync(I,e,{mode:384})}static async deleteSessionToken(){if(process.env.VISA_MOCK_KEYCHAIN!=="true"){await be();try{d.unlinkSync(I)}catch{}}}static async clearAll(){await this.deleteSessionToken()}};async function B(n,e){let t=e?.timeoutMs??3e4,s=new AbortController,r=setTimeout(()=>s.abort(),t);try{let{timeoutMs:i,...l}=e??{};return await fetch(n,{...l,signal:s.signal})}finally{clearTimeout(r)}}var Ee="1.0.3",y=class{constructor(e){this.getSessionToken=e;this.baseUrl=process.env.VISA_AUTH_URL||"https://auth.visacli.sh"}baseUrl;async request(e,t,s,r,i){let l=await this.getSessionToken();if(!l)throw new Error("Not logged in. Use the login tool to authenticate.");let f={Authorization:`Bearer ${l}`,"X-Visa-CLI-Version":Ee};i&&(e==="GET"?f["X-User-Context"]=i.replace(/[\r\n\0]/g," ").slice(0,1e3):s={...s||{},user_context:i}),s&&(f["Content-Type"]="application/json");let u;try{u=await B(`${this.baseUrl}${t}`,{method:e,headers:f,body:s?JSON.stringify(s):void 0,timeoutMs:r})}catch(p){throw p.name==="AbortError"||p.message?.includes("aborted")?new Error("The request timed out. The server may be under heavy load. Please try again."):new Error("Cannot reach the Visa CLI server. Check your internet connection and try again.")}if(u.status===401)throw new Error("Your session has expired. Use the login tool to re-authenticate.");if(u.status===429){let p=u.headers.get("Retry-After")||"3";throw new Error(`Too many requests. Please wait ${p} seconds before trying again.`)}if(u.status===503)throw new Error("The Visa CLI service is temporarily unavailable. Please try again in a few minutes.");let k;try{k=await u.json()}catch{throw u.status===500?new Error("Something went wrong on our end. Please try again."):new Error("Something went wrong. Please try again.")}if(!u.ok)throw u.status===500?new Error("Something went wrong on our end. Please try again."):new Error(k?.error||"Something went wrong. Please try again.");return k}async pay(e,t){return this.request("POST","/v1/pay",e,void 0,t)}async shortcut(e,t,s,r){return this.request("POST",`/v1/shortcuts/${encodeURIComponent(e)}`,t,s,r)}async batch(e,t,s){return this.request("POST","/v1/batch",e,t,s)}async paymentPreview(e,t){return this.request("POST","/v1/payment-preview",e,void 0,t)}async getStatus(e){return this.request("GET","/v1/status",void 0,void 0,e)}async getTransactions(e){return this.request("GET","/v1/transactions",void 0,void 0,e)}async updateSpendingControls(e,t){return this.request("POST","/v1/spending-controls",e,void 0,t)}async getAttestationChallenge(){return this.request("GET","/v1/attestation-challenge")}async registerAttestationKey(e){return this.request("POST","/v1/attestation-key",{publicKey:e})}async logout(e,t){return this.request("POST","/v1/logout",e,void 0,t)}async feedback(e,t,s){return this.request("POST","/v1/feedback",{message:e,...t&&{transaction_id:t}},void 0,s)}async feedSubmit(e){return this.request("POST","/v1/feed",e)}async feedList(e){let t=new URLSearchParams;e?.tab&&t.set("tab",e.tab),e?.limit&&t.set("limit",String(e.limit)),e?.offset&&t.set("offset",String(e.offset));let s=t.toString();return this.request("GET",`/v1/feed${s?"?"+s:""}`)}async feedVote(e,t){return this.request("POST",`/v1/feed/${encodeURIComponent(e)}/vote`,{direction:t})}async feedApprove(e){return this.request("POST",`/v1/feed/${encodeURIComponent(e)}/approve`)}async feedDelete(e){return this.request("DELETE",`/v1/feed/${encodeURIComponent(e)}`)}async feedPending(){return this.request("GET","/v1/feed/pending")}async submitFeedback(e,t,s){return this.request("POST","/v1/feedback",{message:e,...t&&{transaction_id:t}},void 0,s)}async getFeedback(e,t){let s=new URLSearchParams;e&&s.set("limit",String(e));let r=s.toString();return this.request("GET",`/v1/feedback${r?"?"+r:""}`,void 0,void 0,t)}};var ee=require("child_process"),te=require("util"),ne=a(require("crypto")),o=a(require("fs")),se=a(require("os")),m=a(require("path"));var c=a(require("fs")),U=a(require("path")),Y=a(require("os")),N=U.join(Y.homedir(),".visa-mcp"),E=U.join(N,"mcp-server.log"),Te=5*1024*1024,j=null;function Ie(){c.existsSync(N)||c.mkdirSync(N,{recursive:!0,mode:448})}function Ce(){if(!j){if(Ie(),c.existsSync(E)&&c.statSync(E).size>Te){let e=E+".1";c.existsSync(e)&&c.unlinkSync(e),c.renameSync(E,e)}j=c.createWriteStream(E,{flags:"a"})}return j}function P(n,...e){let t=new Date().toISOString(),s=e.map(i=>typeof i=="string"?i:JSON.stringify(i,null,2)).join(" "),r=`[${t}] [${n}] ${s}
-`;process.stderr.write(r),Ce().write(r)}var J={debug:(...n)=>P("DEBUG",...n),info:(...n)=>P("INFO",...n),warn:(...n)=>P("WARN",...n),error:(...n)=>P("ERROR",...n)};var T=(0,te.promisify)(ee.execFile),R=m.join(se.homedir(),".visa-mcp","bin"),h=m.join(R,"Visa CLI"),_e=m.join(__dirname,"..","native"),X="4",z=m.join(R,"visa-keychain.version"),Z=m.join(R,"visa-keychain.sha256");function Q(n){let e=o.readFileSync(n);return ne.createHash("sha256").update(e).digest("hex")}async function Oe(){try{if(o.readFileSync(z,"utf-8").trim()===X&&o.existsSync(h)){let s=o.readFileSync(Z,"utf-8").trim();if(Q(h)!==s)J.warn("binary:hash-mismatch",{message:"Binary hash mismatch \u2014 possible tampering detected. Recompiling from source."}),o.unlinkSync(h);else return h}}catch{}let n=m.join(_e,"visa-keychain.m");if(o.existsSync(n)||(n=m.resolve(__dirname,"..","..","native","visa-keychain.m")),o.existsSync(n)||(n=m.resolve(__dirname,"..","native","visa-keychain.m")),!o.existsSync(n))throw new Error("visa-keychain.m source not found. Reinstall Visa CLI.");o.mkdirSync(R,{recursive:!0,mode:448});try{await T("clang",["-framework","Security","-framework","LocalAuthentication","-framework","Foundation","-o",h,n],{timeout:3e4})}catch(t){throw t.code==="ENOENT"?new Error("Xcode Command Line Tools required. Install: xcode-select --install"):t}let e=Q(h);return o.writeFileSync(Z,e,{mode:384}),o.writeFileSync(z,X,{mode:384}),h}async function re(n){let e=await Oe(),t;try{t=(await T(e,n,{timeout:6e4})).stdout}catch(i){t=i.stdout||"";let l=t.trim();throw l.startsWith("ERROR:")?new Error(l.slice(6)):new Error(i.stderr?.trim()||i.message||"Unknown error")}let s=t.trim();if(s.startsWith("OK:"))return s.slice(3);if(s==="OK")return;let r=s.startsWith("ERROR:")?s.slice(6):"Unknown error";throw new Error(r)}var $=null;function A(){return process.env.VISA_MOCK_TOUCHID==="true"?!0:process.platform!=="darwin"?!1:$!==null?$:($=!0,!0)}var q="visa-cli",V="attestation-key";async function Pe(n){try{await T("security",["delete-generic-password","-s",q,"-a",V],{timeout:5e3})}catch{}await T("security",["add-generic-password","-s",q,"-a",V,"-w",n],{timeout:5e3})}async function oe(){let n=await re(["generate-key"]);if(!n)throw new Error("Key generation returned no output");let e=n.indexOf(":");if(e<0)throw new Error("Unexpected generate-key output format");let t=n.slice(0,e),s=n.slice(e+1);return await Pe(t),s}async function ie(){try{await T("security",["delete-generic-password","-s",q,"-a",V],{timeout:5e3})}catch{}try{await re(["delete-key"])}catch{}}var xe=(0,ge.promisify)(F.execFile),v=new ce.Command;v.name("visa-cli").description("Visa CLI - AI payment orchestration").version(ae().version);v.command("setup").description("Register MCP server, authenticate, and generate attestation key").action(async()=>{try{console.log("Step 1: Registering MCP server in ~/.claude.json...");let n=x.join(ue.homedir(),".claude.json"),e=x.resolve(__dirname,"mcp-server/index.js"),t={};S.existsSync(n)&&(t=JSON.parse(S.readFileSync(n,"utf-8"))),t.mcpServers=t.mcpServers||{},t.mcpServers["visa-cli"]={command:"node",args:[e]},S.writeFileSync(n,JSON.stringify(t,null,2)),console.log("   Registered visa-cli MCP server."),console.log(`
-Step 2: Checking authentication...`);let s=await g.getSessionToken();if(s?console.log("   Already authenticated."):(console.log("   No session found. Opening browser for GitHub login..."),s=await new Promise(async(l,f)=>{let u=le.randomBytes(16).toString("hex"),k=`https://auth.visacli.sh/login?state=${u}`;console.log(`   Opening browser for authentication...
-`),process.platform==="darwin"&&(0,F.execFile)("open",[k],b=>{b&&console.error("   Failed to open browser:",b.message)}),console.log(`   Waiting for login in browser...
-`);let p=3e4,me=300*1e3,de=Date.now()+me;for(;Date.now()<de;)try{let b=await globalThis.fetch("https://auth.visacli.sh/v1/auth-status",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({state:u,timeout:p}),signal:AbortSignal.timeout(p+5e3)});if(!b.ok)continue;let w=await b.json();if(w.status==="pending")continue;if(w.status==="expired"){f(new Error("Session expired. Please run setup again."));return}if(w.status==="complete"&&w.sessionToken){console.log(`   Signed in as ${w.user}.`),l(w.sessionToken);return}}catch{}f(new Error("Login timed out after 5 minutes. Please run setup again."))}),await g.saveSessionToken(s),console.log("   Session token saved.")),console.log(`
-Step 3: Setting up authentication...`),!A())console.log("   Not macOS \u2014 skipping biometric setup.");else{try{await xe("clang",["--version"])}catch{console.error("   Xcode Command Line Tools are required for payment authentication."),console.error("   Install them by running: xcode-select --install"),console.error("   Then re-run: visa-cli setup"),process.exit(1)}try{let l=await oe();console.log("   Attestation key generated."),await new y(()=>g.getSessionToken()).registerAttestationKey(l),console.log("   Attestation key registered with server.")}catch(l){console.log(`   Skipped: ${l.message}`)}}console.log(`
+"use strict";var tt=Object.create;var fe=Object.defineProperty;var nt=Object.getOwnPropertyDescriptor;var rt=Object.getOwnPropertyNames;var ot=Object.getPrototypeOf,st=Object.prototype.hasOwnProperty;var it=(t,e)=>()=>(e||t((e={exports:{}}).exports,e),e.exports);var at=(t,e,n,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of rt(e))!st.call(t,s)&&s!==n&&fe(t,s,{get:()=>e[s],enumerable:!(r=nt(e,s))||r.enumerable});return t};var p=(t,e,n)=>(n=t!=null?tt(ot(t)):{},at(e||!t||!t.__esModule?fe(n,"default",{value:t,enumerable:!0}):n,t));var te=it((jt,pt)=>{pt.exports={name:"@visa/cli",version:"1.0.4-rc.3",description:"AI-powered payments for Claude Code",bin:{"visa-cli":"./bin/visa-cli.js"},scripts:{build:"tsc --noEmit && node esbuild.config.js",dev:"tsc --watch",start:"node dist/mcp-server/index.js",test:"jest --config jest.config.js","test:unit":"jest --config jest.config.js","test:unit:watch":"jest --config jest.config.js --watch","test:unit:coverage":"jest --config jest.config.js --coverage","test:smoke":"VISA_AUTH_URL=https://auth.visacli.sh jest --config jest.smoke.config.js","test:integration":"jest --config jest.integration.config.js","test:e2e":"jest --config jest.e2e.config.js","test:catalog-e2e":"jest --config jest.catalog-e2e.config.js","test:all":"npm run test:unit && npm run test:integration && npm run test:e2e",prepublishOnly:"npm run build && npm test",lint:"eslint src/**/*.ts",format:'prettier --write "src/**/*.ts"',"format:check":'prettier --check "src/**/*.ts"'},keywords:["visa","checkout","mcp","ai-agent","payments","click-to-pay","usdc","stablecoin"],author:"Visa Crypto Labs",license:"SEE LICENSE IN LICENSE",dependencies:{"@modelcontextprotocol/sdk":"^1.0.0","@visa-cli/tools":"workspace:*",commander:"^12.1.0",zod:"^3.23.0"},devDependencies:{"@changesets/changelog-git":"^0.2.1","@changesets/cli":"^2.30.0","@types/jest":"^30.0.0","@types/node":"^22.10.0","@typescript-eslint/eslint-plugin":"^8.56.1","@typescript-eslint/parser":"^8.56.1","@types/express":"^5.0.0",esbuild:"^0.27.4",express:"^4.21.0",eslint:"^10.0.2","eslint-config-prettier":"^10.1.8",jest:"^29.7.0",prettier:"^3.8.1","ts-jest":"^29.2.0",typescript:"^5.7.0"},engines:{node:">=18.0.0"},files:["bin/visa-cli.js","dist/","native/visa-keychain.m","README.md","LICENSE"]}});var ze=require("commander"),X=p(require("crypto")),I=p(require("os")),ge=require("child_process"),Xe=require("util");var Se=require("child_process"),we=require("util"),C=p(require("fs")),ve=p(require("os")),Q=p(require("path")),E=(0,we.promisify)(Se.execFile),ee=Q.join(ve.homedir(),".visa-mcp"),K=Q.join(ee,"session-token"),k="visa-cli",V="session-token",F="rc-access";async function me(){try{let{stdout:t}=await E("security",["find-generic-password","-s",k,"-a",V,"-w"],{timeout:5e3});return t.trim()||null}catch{return null}}async function he(t){try{try{await E("security",["delete-generic-password","-s",k,"-a",V],{timeout:5e3})}catch{}return await E("security",["add-generic-password","-s",k,"-a",V,"-w",t],{timeout:5e3}),!0}catch{return!1}}async function ye(){try{await E("security",["delete-generic-password","-s",k,"-a",V],{timeout:5e3})}catch{}}async function ct(){try{let{stdout:t}=await E("security",["find-generic-password","-s",k,"-a",F,"-w"],{timeout:5e3});return t.trim()||null}catch{return null}}async function lt(t){try{try{await E("security",["delete-generic-password","-s",k,"-a",F],{timeout:5e3})}catch{}await E("security",["add-generic-password","-s",k,"-a",F,"-w",t],{timeout:5e3})}catch{}}async function ut(){try{await E("security",["delete-generic-password","-s",k,"-a",F],{timeout:5e3})}catch{}}function dt(t){C.mkdirSync(ee,{recursive:!0,mode:448}),C.writeFileSync(K,t,{mode:384})}function gt(){try{return C.readFileSync(K,"utf-8").trim()||null}catch{return null}}var h=class{static async getSessionToken(){if(process.env.VISA_MOCK_KEYCHAIN==="true")return Promise.resolve("mock-session-token-for-testing");let e=await me();if(e)return e;let n=gt();return n?(await he(n),n):null}static async saveSessionToken(e){if(process.env.VISA_MOCK_KEYCHAIN==="true")return;if(await he(e)){if(await me()===e){try{C.unlinkSync(K)}catch{}return}await ye()}if(dt(e),await this.getSessionToken()!==e)throw new Error("Failed to persist session token. "+(process.platform==="darwin"?'Check Keychain Access permissions for "visa-cli".':`Ensure ${ee} is writable.`))}static async getRcAccessToken(){return process.env.VISA_MOCK_KEYCHAIN==="true"?"mock-rc-token-for-testing":ct()}static async saveRcAccessToken(e){process.env.VISA_MOCK_KEYCHAIN!=="true"&&await lt(e)}static async deleteSessionToken(){if(process.env.VISA_MOCK_KEYCHAIN!=="true"){await ye();try{C.unlinkSync(K)}catch{}}}static async clearAll(){await this.deleteSessionToken(),await ut()}};var H=p(require("crypto")),D=p(require("tty")),q=p(require("fs"));var R="6820f6e91b762e645c9bf020c0d3673bb99d4a25a824880c0d548e10bb9bc7b1";function ft(t){return/-rc\.|-beta\./.test(t)}function ne(t){return H.createHash("sha256").update(t.trim()).digest("hex")}function be(t){return R==="SKIP"?!0:H.timingSafeEqual(Buffer.from(ne(t)),Buffer.from(R))}function mt(t){return new Promise((e,n)=>{let r=q.openSync("/dev/tty","r+"),s=new D.ReadStream(r),o=new D.WriteStream(r),i=()=>{try{s.destroy()}catch{}try{o.destroy()}catch{}try{q.closeSync(r)}catch{}};o.write(t),s.setRawMode(!0),s.resume(),s.setEncoding("utf8");let a="";s.on("data",c=>{c==="\r"||c===`
+`?(o.write(`
+`),i(),e(a)):c===""?(o.write(`
+`),i(),n(new Error("Cancelled"))):c==="\x7F"||c==="\b"?a.length>0&&(a=a.slice(0,-1),o.write("\b \b")):(a+=c,o.write("\u2022"))})})}var ht=`
+ \u2588\u2588\u2557   \u2588\u2588\u2557\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557
+ \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557
+ \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551
+ \u255A\u2588\u2588\u2557 \u2588\u2588\u2554\u255D\u2588\u2588\u2551\u255A\u2550\u2550\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551
+  \u255A\u2588\u2588\u2588\u2588\u2554\u255D \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2551  \u2588\u2588\u2551  \u2588 CLI \u2014 Release Candidate
+   \u255A\u2550\u2550\u2550\u255D  \u255A\u2550\u255D\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u255D  \u255A\u2550\u255D
+  This is a Release Candidate build. Access is restricted to Visa employees.
+`;async function Ce(t={}){let e=t.version??te().version;if(!ft(e))return;if(t.isMcp??!1){let o=process.env.VISA_RC_CODE;if(o&&be(o)){await h.saveRcAccessToken(ne(o));return}let i=await h.getRcAccessToken();if(i&&(R==="SKIP"||i===R))return;process.stderr.write(`[visa-cli] RC build requires access. Run: visa-cli setup
+`),process.exit(1)}let r=await h.getRcAccessToken();if(r&&(R==="SKIP"||r===R))return;console.log(ht);let s=3;for(let o=1;o<=s;o++){let i;try{i=await mt("  Enter RC access code: ")}catch{process.exit(1)}if(be(i)){await h.saveRcAccessToken(ne(i)),console.log(`
+  Access granted. Welcome.
+`);return}o<s&&console.log(`
+  Invalid code. ${s-o} attempt(s) remaining.
+`)}console.log(`
+  Invalid code. Contact your team lead.
+`),process.exit(1)}async function Pe(t,e){let n=e?.timeoutMs??3e4,r=new AbortController,s=setTimeout(()=>r.abort(),n);try{let{timeoutMs:o,...i}=e??{};return await fetch(t,{...i,signal:r.signal})}finally{clearTimeout(s)}}var yt=/^(\d+)\.(\d+)\.(\d+)(?:-([0-9A-Za-z.-]+))?(?:\+[0-9A-Za-z.-]+)?$/;function ke(t,e){let n=Ee(t),r=Ee(e);if(!n||!r)return!1;for(let s=0;s<3;s++)if(n.main[s]!==r.main[s])return n.main[s]>r.main[s];return n.pre&&!r.pre?!1:!n.pre&&r.pre?!0:!n.pre&&!r.pre?!1:St(n.pre,r.pre)>0}function Ee(t){if(typeof t!="string")return null;let n=t.trim().replace(/^v/,"").match(yt);return n?{main:[Number(n[1]),Number(n[2]),Number(n[3])],pre:n[4]??null}:null}function St(t,e){let n=t.split("."),r=e.split("."),s=Math.max(n.length,r.length);for(let o=0;o<s;o++){if(o>=n.length)return-1;if(o>=r.length)return 1;let i=n[o],a=r[o],c=/^\d+$/.test(i),l=/^\d+$/.test(a);if(c&&l){let g=Number(i)-Number(a);if(g!==0)return g}else{if(c)return-1;if(l)return 1;if(i<a)return-1;if(i>a)return 1}}return 0}function G(){return!!(Re(process.env.VISA_CLI_NO_UPDATE_CHECK)||Re(process.env.CI)||process.env.NODE_ENV==="test")}function Re(t){if(t===void 0)return!1;let e=t.trim().toLowerCase();return!(e===""||e==="0"||e==="false"||e==="no"||e==="off")}var re="1.0.4-rc.3",j=class{constructor(e){this.getSessionToken=e;this.baseUrl=process.env.VISA_AUTH_URL||"https://auth.visacli.sh"}getSessionToken;baseUrl;lastSignals={};parseServerSignals(e){if(this.lastSignals={},!G()){let r=e.headers.get("X-Latest-Version"),s=e.headers.get("X-Update-Message");r&&ke(r,re)&&(this.lastSignals.updateAvailable={version:r,message:s||`Update available: v${r}. Run: npm install -g @visa/cli && visa-cli setup`})}let n=e.headers.get("X-Feedback-Prompt");if(n)try{this.lastSignals.feedbackPrompt=JSON.parse(n)}catch{}}getClientVersion(){return re}async request(e,n,r,s,o){let i=await this.getSessionToken();if(!i)throw new Error("Not logged in. Use the login tool to authenticate.");let a={Authorization:`Bearer ${i}`};o&&(e==="GET"?a["X-User-Context"]=o.replace(/[\r\n\0]/g," ").slice(0,1e3):r={...r||{},user_context:o}),r&&(a["Content-Type"]="application/json");let c;try{c=await Pe(`${this.baseUrl}${n}`,{method:e,headers:{...a,"X-Visa-CLI-Version":re},body:r?JSON.stringify(r):void 0,timeoutMs:s})}catch(g){throw g.name==="AbortError"||g.message?.includes("aborted")?new Error("The request timed out. The server may be under heavy load. Please try again."):new Error("Cannot reach the Visa CLI server. Check your internet connection and try again.")}if(this.parseServerSignals(c),c.status===401)throw new Error("Your session has expired. Use the login tool to re-authenticate.");if(c.status===429){let g=c.headers.get("Retry-After")||"3";throw new Error(`Too many requests. Please wait ${g} seconds before trying again.`)}if(c.status===503)throw new Error("The Visa CLI service is temporarily unavailable. Please try again in a few minutes.");let l;try{l=await c.json()}catch{throw c.status===500?new Error("Something went wrong on our end. Please try again."):new Error("Something went wrong. Please try again.")}if(!c.ok)throw c.status===500?new Error("Something went wrong on our end. Please try again."):new Error(l?.error||"Something went wrong. Please try again.");return l}async pay(e,n){return this.request("POST","/v1/pay",e,void 0,n)}async shortcut(e,n,r,s){return this.request("POST",`/v1/shortcuts/${encodeURIComponent(e)}`,n,r,s)}async batch(e,n,r){return this.request("POST","/v1/batch",e,n,r)}async catalogSearch(e,n){let r=new URLSearchParams;e&&r.set("q",e),n&&r.set("category",n);let s=r.toString();return this.request("GET",`/v1/catalog${s?`?${s}`:""}`)}async catalogTool(e){try{return await this.request("GET",`/v1/catalog/${encodeURIComponent(e)}`)}catch{return null}}async paymentPreview(e,n){return this.request("POST","/v1/payment-preview",e,void 0,n)}async getStatus(e){return this.request("GET","/v1/status",void 0,void 0,e)}async getTransactions(e){return this.request("GET","/v1/transactions",void 0,void 0,e)}async updateSpendingControls(e,n){return this.request("POST","/v1/spending-controls",e,void 0,n)}async removeCard(e,n,r){return this.request("DELETE",`/v1/cards/${encodeURIComponent(String(e))}`,n,void 0,r)}async setDefaultCard(e,n,r){return this.request("POST",`/v1/cards/${encodeURIComponent(String(e))}/default`,n,void 0,r)}async getAttestationChallenge(){return this.request("GET","/v1/attestation-challenge")}async registerAttestationKey(e){return this.request("POST","/v1/attestation-key",{publicKey:e})}async logout(e,n){return this.request("POST","/v1/logout",e,void 0,n)}async feedback(e,n,r){return this.request("POST","/v1/feedback",{message:e,...n&&{transaction_id:n}},void 0,r)}async feedSubmit(e){return this.request("POST","/v1/feed",e)}async feedList(e){let n=new URLSearchParams;e?.tab&&n.set("tab",e.tab),e?.limit&&n.set("limit",String(e.limit)),e?.offset&&n.set("offset",String(e.offset));let r=n.toString();return this.request("GET",`/v1/feed${r?"?"+r:""}`)}async feedVote(e,n){return this.request("POST",`/v1/feed/${encodeURIComponent(e)}/vote`,{direction:n})}async feedApprove(e){return this.request("POST",`/v1/feed/${encodeURIComponent(e)}/approve`)}async feedDelete(e){return this.request("DELETE",`/v1/feed/${encodeURIComponent(e)}`)}async feedPending(){return this.request("GET","/v1/feed/pending")}async submitFeedback(e,n,r){return this.request("POST","/v1/feedback",{message:e,...n&&{transaction_id:n}},void 0,r)}async getFeedback(e,n){let r=new URLSearchParams;e&&r.set("limit",String(e));let s=r.toString();return this.request("GET",`/v1/feedback${s?"?"+s:""}`,void 0,void 0,n)}async submitRatedFeedback(e){return this.request("POST","/v1/feedback",e)}};var ce=require("child_process"),je=require("util"),Oe=p(require("crypto")),f=p(require("fs")),_e=p(require("os")),b=p(require("path"));var y=p(require("fs")),ie=p(require("path")),xe=p(require("os")),se=ie.join(xe.homedir(),".visa-mcp"),O=ie.join(se,"mcp-server.log"),wt=5*1024*1024,oe=null;function vt(){y.existsSync(se)||y.mkdirSync(se,{recursive:!0,mode:448})}function bt(){if(!oe){if(vt(),y.existsSync(O)&&y.statSync(O).size>wt){let e=O+".1";y.existsSync(e)&&y.unlinkSync(e),y.renameSync(O,e)}oe=y.createWriteStream(O,{flags:"a"})}return oe}function B(t,...e){let n=new Date().toISOString(),r=e.map(o=>typeof o=="string"?o:JSON.stringify(o,null,2)).join(" "),s=`[${n}] [${t}] ${r}
+`;process.stderr.write(s),bt().write(s)}var $e={debug:(...t)=>B("DEBUG",...t),info:(...t)=>B("INFO",...t),warn:(...t)=>B("WARN",...t),error:(...t)=>B("ERROR",...t)};var T=(0,je.promisify)(ce.execFile),Y=b.join(_e.homedir(),".visa-mcp","bin"),x=b.join(Y,"Visa CLI"),Ct=b.join(__dirname,"..","native"),Te="5",Ie=b.join(Y,"visa-keychain.version"),Ne=b.join(Y,"visa-keychain.sha256");function Ae(t){let e=f.readFileSync(t);return Oe.createHash("sha256").update(e).digest("hex")}async function Me(){try{if(f.readFileSync(Ie,"utf-8").trim()===Te&&f.existsSync(x)){let r=f.readFileSync(Ne,"utf-8").trim();if(Ae(x)!==r)$e.warn("binary:hash-mismatch",{message:"Binary hash mismatch \u2014 possible tampering detected. Recompiling from source."}),f.unlinkSync(x);else return x}}catch{}let t=b.join(Ct,"visa-keychain.m");if(f.existsSync(t)||(t=b.resolve(__dirname,"..","..","native","visa-keychain.m")),f.existsSync(t)||(t=b.resolve(__dirname,"..","native","visa-keychain.m")),!f.existsSync(t))throw new Error("visa-keychain.m source not found. Reinstall Visa CLI.");f.mkdirSync(Y,{recursive:!0,mode:448});try{await T("clang",["-framework","Security","-framework","LocalAuthentication","-framework","Foundation","-framework","AppKit","-o",x,t],{timeout:3e4})}catch(n){throw n.code==="ENOENT"?new Error("Xcode Command Line Tools required. Install: xcode-select --install"):n}let e=Ae(x);return f.writeFileSync(Ne,e,{mode:384}),f.writeFileSync(Ie,Te,{mode:384}),x}async function Ue(t){let e=await Me(),n;try{n=(await T(e,t,{timeout:6e4})).stdout}catch(o){n=o.stdout||"";let i=n.trim();throw i.startsWith("ERROR:")?new Error(i.slice(6)):new Error(o.stderr?.trim()||o.message||"Unknown error")}let r=n.trim();if(r.startsWith("OK:"))return r.slice(3);if(r==="OK")return;let s=r.startsWith("ERROR:")?r.slice(6):"Unknown error";throw new Error(s)}var ae=null;function _(){return process.env.VISA_MOCK_TOUCHID==="true"?!0:process.platform!=="darwin"?!1:ae!==null?ae:(ae=!0,!0)}var W="visa-cli",J="attestation-key";async function Pt(t){try{await T("security",["delete-generic-password","-s",W,"-a",J],{timeout:5e3})}catch{}await T("security",["add-generic-password","-s",W,"-a",J,"-w",t],{timeout:5e3})}async function Et(){try{let{stdout:t}=await T("security",["find-generic-password","-s",W,"-a",J,"-w"],{timeout:5e3});return t.trim()||null}catch{return null}}async function Le(){let t=await Ue(["generate-key"]);if(!t)throw new Error("Key generation returned no output");let e=t.indexOf(":");if(e<0)throw new Error("Unexpected generate-key output format");let n=t.slice(0,e),r=t.slice(e+1);return await Pt(n),r}async function Ke(t,e){if(process.env.VISA_MOCK_TOUCHID==="true")return Promise.resolve("mock-ecdsa-signature-for-testing");let n=await Et();if(!n)throw new Error("Attestation key not found. Run setup to generate a new key.");let r=await Me(),s=["sign",t];return e&&s.push(e),new Promise((o,i)=>{let a=(0,ce.execFile)(r,s,{timeout:6e4},(c,l)=>{let g=(l||"").trim();if(c){g.startsWith("ERROR:")?i(new Error(g.slice(6))):i(new Error(c.stderr?.trim()||c.message||"Unknown error"));return}g.startsWith("OK:")?o(g.slice(3)):i(new Error(g.startsWith("ERROR:")?g.slice(6):"Unknown error"))});a.stdin.write(n),a.stdin.end()})}async function Ve(){try{await T("security",["delete-generic-password","-s",W,"-a",J],{timeout:5e3})}catch{}try{await Ue(["delete-key"])}catch{}}function Fe(t,e=process.stderr){if(G()||!t?.updateAvailable)return!1;let{message:n}=t.updateAvailable;return n?(e.write(`
+\x1B[33m\u2191 ${n}\x1B[0m
+`),!0):!1}var S=class extends Error{constructor(e){super(e),this.name="PayValidationError"}},He=["GET","POST"];function De(t){let e;try{e=new URL(t)}catch{throw new S(`Invalid URL: ${t}. Expected a fully-qualified http(s) URL.`)}if(e.protocol!=="http:"&&e.protocol!=="https:")throw new S(`Unsupported URL scheme "${e.protocol}". Only http and https are allowed.`);return e}function qe(t){let e=(t??"GET").toUpperCase();if(!He.includes(e))throw new S(`Unsupported HTTP method "${t}". Supported: ${He.join(", ")}.`);return e}function Ge(t){if(t!==void 0){try{JSON.parse(t)}catch(e){throw new S(`--body is not valid JSON: ${e?.message??"parse error"}`)}return t}}function Be(t){if(!t||typeof t!="object")throw new S("Merchant returned no payment preview.");let e=t;if(typeof e.amount!="number"||!Number.isFinite(e.amount)||e.amount<=0)throw new S("Could not determine payment amount from merchant.");if(typeof e.merchantName!="string"||e.merchantName.trim().length===0)throw new S("Merchant returned an empty merchant name.");if(e.merchantName.length>200)throw new S(`Merchant name too long (${e.merchantName.length} chars).`);if(typeof e.currency!="string"||e.currency.trim().length===0)throw new S("Merchant returned an empty currency.");if(e.currency.length>10)throw new S(`Currency code too long (${e.currency.length} chars).`);return{amount:e.amount,currency:e.currency,merchantName:e.merchantName}}var d=p(require("fs")),u=p(require("path")),We=p(require("os")),m=We.homedir(),w=[{id:"claude",displayName:"Claude Code",globalConfigPath:u.join(m,".claude.json"),configKey:"mcpServers",detectPaths:[u.join(m,".claude.json")],postInstallHint:"Restart Claude Code or run /mcp to connect."},{id:"claude-desktop",displayName:"Claude Desktop",globalConfigPath:u.join(m,"Library","Application Support","Claude","claude_desktop_config.json"),configKey:"mcpServers",detectPaths:[u.join(m,"Library","Application Support","Claude")],postInstallHint:"Restart the Claude desktop app to connect."},{id:"cursor",displayName:"Cursor",globalConfigPath:u.join(m,".cursor","mcp.json"),configKey:"mcpServers",detectPaths:[u.join(m,".cursor")],postInstallHint:"Restart Cursor to connect."},{id:"windsurf",displayName:"Windsurf",globalConfigPath:u.join(m,".codeium","windsurf","mcp_config.json"),configKey:"mcpServers",detectPaths:[u.join(m,".codeium","windsurf")],postInstallHint:"Restart Windsurf to connect."},{id:"cline",displayName:"Cline",globalConfigPath:u.join(m,".vscode","mcp.json"),configKey:"mcpServers",detectPaths:[u.join(m,".vscode","extensions","saoudrizwan.claude-dev-*")],postInstallHint:"Restart VS Code to connect."},{id:"roo-code",displayName:"Roo Code",globalConfigPath:u.join(m,".config","Roo","mcp_settings.json"),configKey:"mcpServers",detectPaths:[u.join(m,".vscode","extensions","RooVeterinaryInc.roo-cline-*")],postInstallHint:"Restart VS Code to connect."},{id:"copilot",displayName:"VS Code Copilot",globalConfigPath:u.join(m,".vscode","mcp.json"),configKey:"servers",detectPaths:[u.join(m,".vscode")],postInstallHint:"Restart VS Code to connect."},{id:"zed",displayName:"Zed",globalConfigPath:u.join(m,".config","zed","settings.json"),configKey:"context_servers",detectPaths:[u.join(m,".config","zed")],postInstallHint:"Restart Zed to connect.",buildEntry:t=>({source:"custom",...t})}];function le(t){return w.find(e=>e.id===t)}function M(t){return t.detectPaths.some(e=>{if(e.includes("*")){let n=u.dirname(e),r=u.basename(e).replaceAll("*","");if(!d.existsSync(n))return!1;try{return d.readdirSync(n).some(s=>s.startsWith(r))}catch{return!1}}return d.existsSync(e)})}function Je(){return{command:"node",args:[u.resolve(__dirname,"mcp-server/index.js")]}}function U(t,e="global"){let n=e==="project"?u.join(process.cwd(),".mcp.json"):t.globalConfigPath,r=u.dirname(n);d.existsSync(r)||d.mkdirSync(r,{recursive:!0});let s={};if(d.existsSync(n))try{s=JSON.parse(d.readFileSync(n,"utf-8"))}catch{s={}}s[t.configKey]=s[t.configKey]||{};let o=Je();return s[t.configKey]["visa-cli"]=t.buildEntry?t.buildEntry(o):o,d.writeFileSync(n,JSON.stringify(s,null,2)+`
+`),{installed:!0,configPath:n,message:t.postInstallHint}}function ue(t,e="global"){let n=e==="project"?u.join(process.cwd(),".mcp.json"):t.globalConfigPath;if(!d.existsSync(n))return{removed:!1,configPath:n};let r;try{r=JSON.parse(d.readFileSync(n,"utf-8"))}catch{return{removed:!1,configPath:n}}let s=r[t.configKey];return!s||!s["visa-cli"]?{removed:!1,configPath:n}:(delete s["visa-cli"],d.writeFileSync(n,JSON.stringify(r,null,2)+`
+`),{removed:!0,configPath:n})}function Ye(t,e="global"){let n=e==="project"?u.join(process.cwd(),".mcp.json"):t.globalConfigPath;if(!d.existsSync(n))return!1;try{return!!JSON.parse(d.readFileSync(n,"utf-8"))?.[t.configKey]?.["visa-cli"]}catch{return!1}}function Rt(t){if(!t||typeof t!="object")return;let e=t;if(e.command!=="node"||!Array.isArray(e.args)||e.args.length===0)return;let n=e.args[e.args.length-1];if(!(typeof n!="string"||n.length===0))return n}function xt(t,e){if(t===e)return!0;let n=u.resolve(t),r=u.resolve(e);if(n===r)return!0;try{let s=d.realpathSync(n),o=d.realpathSync(r);return s===o}catch{return!1}}function L(){let t=Je(),e=t.args[t.args.length-1],n=[];for(let r of w){let s=r.globalConfigPath;if(!d.existsSync(s))continue;let o;try{o=JSON.parse(d.readFileSync(s,"utf-8"))}catch{continue}let i=o?.[r.configKey]?.["visa-cli"];if(!i)continue;let a=Rt(i);if(!a||xt(a,e))continue;let c=d.existsSync(a)?"mismatch":"missing";n.push({client:r,configPath:s,currentPath:a,expectedPath:e,staleReason:c})}return n}function de(t){return{configPath:U(t.client,"global").configPath}}var $t=(0,Xe.promisify)(ge.execFile);function Tt(t){let e=I.homedir(),n=s=>s.replace(e,"~"),r=t.staleReason==="missing"?"path missing on disk":"path mismatch";return`   \u2022 ${t.client.displayName} (${n(t.configPath)})
+     ${r}: ${n(t.currentPath)}`}function Ze(t,e){if(t.length===0){console.log(`${e} \u2713 All MCP client configs are up to date.`);return}console.log(`${e} Found ${t.length} stale MCP config ${t.length===1?"entry":"entries"}:`);for(let n of t)console.log(Tt(n))}var v=new ze.Command,z=null;function Z(){return z=new j(()=>h.getSessionToken()),z}v.name("visa-cli").description("Visa CLI - AI payment orchestration").version(te().version);v.hook("preAction",async()=>{await Ce()});v.command("setup").description("Register MCP server, authenticate, and generate attestation key").option("--check","Scan MCP client configs for stale visa-cli entries and exit without making changes").action(async t=>{try{if(t.check){let l=L();Ze(l,"MCP config check:"),l.length>0&&(console.log("\nRun `visa-cli setup` (or `visa-cli install --repair`) to rewrite these entries."),process.exit(1));return}console.log("Step 1: Registering MCP server...");let e=L(),n=new Map(e.map(l=>[l.client.id,l])),r=new Set;for(let l of w)if(M(l)){let g=U(l),P=n.get(l.id),N=P?` \u2014 repaired stale ${P.staleReason} entry`:"";console.log(`   \u2713 ${l.displayName} (${g.configPath.replace(I.homedir(),"~")})${N}`),P&&r.add(l.id)}let s=e.filter(l=>!r.has(l.client.id));for(let l of s)de(l),console.log(`   \u2713 ${l.client.displayName} (${l.configPath.replace(I.homedir(),"~")}) \u2014 repaired stale ${l.staleReason} entry`);let o=r.size+s.length;console.log(o===0?"   \u2713 MCP config verified \u2014 nothing to repair.":`   \u2713 Repaired ${o} stale MCP config ${o===1?"entry":"entries"}.`),console.log(`
+Step 2: Checking authentication...`);let i=await h.getSessionToken();if(i?console.log("   Already authenticated."):(console.log("   No session found. Opening browser for GitHub login..."),i=await new Promise(async(l,g)=>{let P=X.randomBytes(16).toString("hex"),N=`https://auth.visacli.sh/login?state=${P}`;console.log(`   Opening browser for authentication...
+`),process.platform==="darwin"&&(0,ge.execFile)("open",[N],A=>{A&&console.error("   Failed to open browser:",A.message)}),console.log(`   Waiting for login in browser...
+`);let pe=3e4,Qe=300*1e3,et=Date.now()+Qe;for(;Date.now()<et;)try{let A=await globalThis.fetch("https://auth.visacli.sh/v1/auth-status",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({state:P,timeout:pe}),signal:AbortSignal.timeout(pe+5e3)});if(!A.ok)continue;let $=await A.json();if($.status==="pending")continue;if($.status==="expired"){g(new Error("Session expired. Please run setup again."));return}if($.status==="complete"&&$.sessionToken){console.log(`   Signed in as ${$.user}.`),l($.sessionToken);return}}catch{}g(new Error("Login timed out after 5 minutes. Please run setup again."))}),await h.saveSessionToken(i),console.log("   Session token saved.")),console.log(`
+Step 3: Setting up authentication...`),!_())console.log("   Not macOS \u2014 skipping biometric setup.");else{try{await $t("clang",["--version"])}catch{console.error("   Xcode Command Line Tools are required for payment authentication."),console.error("   Install them by running: xcode-select --install"),console.error("   Then re-run: visa-cli setup"),process.exit(1)}try{let l=await Le();console.log("   Attestation key generated."),await Z().registerAttestationKey(l),console.log("   Attestation key registered with server.")}catch(l){console.log(`   Skipped: ${l.message}`)}}let a="\x1B[1m",c="\x1B[0m";console.log(`
  \u2588\u2588\u2557   \u2588\u2588\u2557\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557
  \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557
  \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551
@@ -11,11 +35,26 @@ Step 3: Setting up authentication...`),!A())console.log("   Not macOS \u2014 ski
   \u255A\u2588\u2588\u2588\u2588\u2554\u255D \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2551  \u2588\u2588\u2551
    \u255A\u2550\u2550\u2550\u255D  \u255A\u2550\u255D\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u255D  \u255A\u2550\u255D  \u2588 CLI
-  \x1B[1mSetup complete.\x1B[0m Restart Claude Code or run /mcp to connect.
-`)}catch(n){console.error("Error:",n.message),process.exit(1)}});v.command("status").description("Check enrollment, cards, wallet, and spending controls").action(async()=>{try{let e=await new y(()=>g.getSessionToken()).getStatus();if(console.log(`Visa CLI Status
+  ${a}Setup complete.${c} Restart Claude Code or run /mcp to connect.
+  ${a}Try it out:${c}
+  \u2022 Ask Claude: "Generate an image of a neon cityscape"
+  \u2022 Ask Claude: "What's the price of ETH on Base?"
+  \u2022 Or run:     visa-cli pay <merchant-url>
+  ${a}Verify:${c}  visa-cli status
+  ${a}Docs:${c}    https://visacli.sh
+`)}catch(e){console.error("Error:",e.message),process.exit(1)}});v.command("install [client]").description("Register MCP server with an AI client (claude, cursor, windsurf, cline, zed, ...)").option("--all","Install for all detected clients").option("--list","Show supported clients and install status").option("--check","Scan MCP client configs for stale visa-cli entries and exit without making changes").option("--repair","Repair stale MCP client configs without re-running the full setup flow").option("--scope <scope>","Install scope: global or project","global").action(async(t,e)=>{try{if(e.check){let o=L();Ze(o,"MCP config check:"),o.length>0&&process.exit(1);return}if(e.repair){let o=L();if(o.length===0){console.log("\u2713 MCP config verified \u2014 nothing to repair.");return}for(let i of o)de(i),console.log(`   \u2713 ${i.client.displayName} (${i.configPath.replace(I.homedir(),"~")}) \u2014 repaired stale ${i.staleReason} entry`);console.log(`
+Repaired ${o.length} stale MCP config ${o.length===1?"entry":"entries"}.`);return}if(e.list){console.log(`
+\x1B[1mSupported MCP Clients\x1B[0m
+`),console.log(`  ${"Client".padEnd(18)} ${"Detected".padEnd(10)} ${"Installed".padEnd(11)} Config Path`),console.log(`  ${"\u2500".repeat(18)} ${"\u2500".repeat(10)} ${"\u2500".repeat(11)} ${"\u2500".repeat(40)}`);for(let a of w){let c=M(a),l=Ye(a),g=c?"Yes":"No",P=l?"Yes":"No",N=a.globalConfigPath.replace(I.homedir(),"~");console.log(`  ${a.displayName.padEnd(18)} ${g.padEnd(10)} ${P.padEnd(11)} ${N}`)}console.log("");return}let n=e.scope==="project"?"project":"global";if(e.all){let o=[],i=[];for(let a of w){if(!M(a)){i.push(a.displayName);continue}U(a,n),o.push(a.displayName)}o.length>0&&console.log(`Installed for: ${o.join(", ")}.`),i.length>0&&console.log(`Skipped: ${i.map(a=>`${a} (not detected)`).join(", ")}.`),o.length===0&&i.length===0&&console.log("No supported clients found.");return}t||(console.error("Usage: visa-cli install <client>"),console.error("       visa-cli install --all"),console.error("       visa-cli install --list"),console.error(`
+Supported clients: ${w.map(o=>o.id).join(", ")}`),process.exit(1));let r=le(t);r||(console.error(`Unknown client: ${t}`),console.error(`Supported clients: ${w.map(o=>o.id).join(", ")}`),process.exit(1)),n==="global"&&!M(r)&&(console.error(`${r.displayName} not detected on this machine.`),console.error(`Expected: ${r.detectPaths.join(", ")}`),process.exit(1));let s=U(r,n);console.log(`Registered visa-cli MCP server in ${s.configPath}`),console.log(s.message)}catch(n){console.error("Error:",n.message),process.exit(1)}});v.command("uninstall [client]").description("Remove MCP server from an AI client").option("--all","Remove from all clients").option("--scope <scope>","Uninstall scope: global or project","global").action(async(t,e)=>{try{let n=e.scope==="project"?"project":"global";if(e.all){let o=[];for(let i of w)ue(i,n).removed&&o.push(i.displayName);o.length>0?console.log(`Removed visa-cli from: ${o.join(", ")}.`):console.log("visa-cli was not installed in any client.");return}t||(console.error("Usage: visa-cli uninstall <client>"),console.error("       visa-cli uninstall --all"),console.error(`
+Supported clients: ${w.map(o=>o.id).join(", ")}`),process.exit(1));let r=le(t);r||(console.error(`Unknown client: ${t}`),console.error(`Supported clients: ${w.map(o=>o.id).join(", ")}`),process.exit(1));let s=ue(r,n);s.removed?console.log(`Removed visa-cli from ${s.configPath}`):console.log(`visa-cli was not installed for ${r.displayName}.`)}catch(n){console.error("Error:",n.message),process.exit(1)}});v.command("pay <url>").description("Pay a merchant URL (amount auto-detected from HTTP 402 response)").option("-m, --method <method>","HTTP method (GET or POST)","GET").option("-b, --body <json>","JSON request body for POST endpoints").action(async(t,e)=>{try{De(t);let n=qe(e.method),r=Ge(e.body),s=new j(()=>h.getSessionToken());console.log(`Checking payment for ${t}...`);let o=Be(await s.paymentPreview({url:t}));console.log(`  Merchant: ${o.merchantName}`),console.log(`  Amount:   $${o.amount.toFixed(2)} ${o.currency}`),console.log(`  Rail:     auto-detected
+`);let i;if(_())try{let{nonce:c}=await s.getAttestationChallenge(),l=Buffer.from(JSON.stringify({nonce:c,amount:o.amount,merchant:o.merchantName,context:t})).toString("base64");i={signature:await Ke(l,`pay $${o.amount.toFixed(2)} to ${o.merchantName}`),nonce:c,amount:o.amount,merchant:o.merchantName}}catch(c){console.error(`Touch ID confirmation failed: ${c?.message||"user cancelled or biometric error"}`),process.exit(1)}else console.warn("Warning: Touch ID unavailable on this system \u2014 payment will proceed without biometric attestation.");let a=await s.pay({url:t,method:n,body:r,attestation:i,idempotencyKey:X.randomUUID()});if(a.success){if(console.log(`Payment complete: $${(a.amount??o.amount).toFixed(2)} \u2192 ${a.merchantName??o.merchantName}`),a.receipt?.urls?.length){console.log(`
+Result URLs:`);for(let c of a.receipt.urls)console.log(`  ${c}`)}}else console.error(`Payment failed: ${a.message||"Unknown error"}`),process.exit(1)}catch(n){n instanceof S?console.error(`Error: ${n.message}`):console.error("Error:",n.message),process.exit(1)}});v.command("status").description("Check enrollment, cards, wallet, and spending controls").action(async()=>{try{let e=await Z().getStatus();if(console.log(`Visa CLI Status
 `),console.log("Enrollment:"),console.log(`   Enrolled:  ${e.enrolled?"Yes":"No"}`),e.githubUser&&console.log(`   GitHub:    ${e.githubUser}`),console.log(`   Cards:     ${e.cardCount??0}`),e.cards&&e.cards.length>0){console.log(`
-Cards:`);for(let t of e.cards){let s=t.isDefault?" (default)":"";console.log(`   ${t.brand?.toUpperCase()||"CARD"} ****${t.last4}${s}`)}}if(e.spendingControls){let t=e.spendingControls;console.log(`
-Spending Controls:`),console.log(`   Max per transaction: $${t.maxTransactionAmount}`),console.log(`   Daily limit:         $${t.dailyLimit}`),t.dailySpent!==void 0&&console.log(`   Spent today:         $${Number(t.dailySpent).toFixed(2)} / $${t.dailyLimit}`)}console.log(`
-Touch ID:`),console.log(`   Available: ${A()?"Yes":"No"}`)}catch(n){console.error("Error:",n.message),process.exit(1)}});v.command("reset").description("Log out and clear all credentials").action(async()=>{try{console.log(`Resetting Visa CLI...
-`);try{await new y(()=>g.getSessionToken()).logout(),console.log("   Server session invalidated.")}catch{console.log("   Server logout skipped (no active session).")}if(await g.clearAll(),console.log("   Keychain credentials cleared."),A())try{await ie(),console.log("   Secure Enclave key deleted.")}catch{console.log("   No Secure Enclave key to delete.")}console.log(`
-Reset complete.`)}catch(n){console.error("Error:",n.message),process.exit(1)}});v.command("feedback").description("Submit feedback about Visa CLI").argument("[message]","Your feedback message").action(async n=>{(!n||n.trim().length===0)&&(console.log('Usage: visa-cli feedback "your message"'),process.exit(1));try{await g.getSessionToken()||(console.error("Not logged in. Run visa-cli setup first."),process.exit(1)),await new y(()=>g.getSessionToken()).feedback(n.trim()),console.log("Feedback submitted. Thanks!")}catch(e){console.error("Error:",e.message),process.exit(1)}});v.parse();
+Cards:`);for(let n of e.cards){let r=n.isDefault?" (default)":"";console.log(`   ${n.brand?.toUpperCase()||"CARD"} ****${n.last4}${r}`)}}if(e.spendingControls){let n=e.spendingControls;console.log(`
+Spending Controls:`),console.log(`   Max per transaction: $${n.maxTransactionAmount}`),console.log(`   Daily limit:         $${n.dailyLimit}`),n.dailySpent!==void 0&&console.log(`   Spent today:         $${Number(n.dailySpent).toFixed(2)} / $${n.dailyLimit}`)}console.log(`
+Touch ID:`),console.log(`   Available: ${_()?"Yes":"No"}`)}catch(t){console.error("Error:",t.message),process.exit(1)}});v.command("reset").description("Log out and clear all credentials").action(async()=>{try{console.log(`Resetting Visa CLI...
+`);try{await Z().logout(),console.log("   Server session invalidated.")}catch{console.log("   Server logout skipped (no active session).")}if(await h.clearAll(),console.log("   Keychain credentials cleared."),_())try{await Ve(),console.log("   Secure Enclave key deleted.")}catch{console.log("   No Secure Enclave key to delete.")}console.log(`
+Reset complete.`)}catch(t){console.error("Error:",t.message),process.exit(1)}});v.command("feedback").description("Submit feedback about Visa CLI").argument("[message]","Your feedback message").action(async t=>{(!t||t.trim().length===0)&&(console.log('Usage: visa-cli feedback "your message"'),process.exit(1));try{await h.getSessionToken()||(console.error("Not logged in. Run visa-cli setup first."),process.exit(1)),await Z().feedback(t.trim()),console.log("Feedback submitted. Thanks!")}catch(e){console.error("Error:",e.message),process.exit(1)}});v.hook("postAction",()=>{z&&Fe(z.lastSignals)});v.parse();