npm - @visa/cli - Versions diffs - 1.0.5 → 1.0.7-rc.0 - Mend

@visa/cli 1.0.5 → 1.0.7-rc.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md +122 -79
package/dist/cli.js +31 -31
package/dist/mcp-server/index.js +21 -23
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # @visa/cli
-AI-powered payments for Claude Code. Exposes Visa card payment tools as MCP (Model Context Protocol) tools so Claude can pay for image generation, video, music, onchain data queries, and more — charged to a Visa card at the point of invocation.
+AI-powered payments over MCP. Exposes Visa card payment tools as MCP (Model Context Protocol) tools so your AI assistant can pay for image generation, video, music, onchain data queries, and more — charged to a Visa card with Touch ID confirmation at the point of invocation.
 ## Install
@@ -8,26 +8,9 @@ AI-powered payments for Claude Code. Exposes Visa card payment tools as MCP (Mod
 npm install -g @visa/cli
 ```
-## Usage
+## MCP setup
-```bash
-# Start MCP server (used by Claude Code)
-visa-cli mcp
-# Login with GitHub
-visa-cli login
-# Add a Visa card
-visa-cli add-card
-# Check status
-visa-cli status
-# View transaction history
-visa-cli history
-```
-### Claude Code integration
+Add to your MCP client config:
 ```json
 {
@@ -40,92 +23,152 @@ visa-cli history
 }
 ```
+Once connected, your assistant will have access to all payment tools. The first time you use a paid tool, you'll be prompted to log in and enroll a card.
 ---
-## MCP Tools
+## CLI commands
-### Core (immutable)
+```bash
+visa-cli login        # GitHub OAuth — opens browser, stores session token
+visa-cli add-card     # Enroll a Visa card via VGS secure form
+visa-cli status       # Show auth state, enrolled cards, daily spend remaining
+visa-cli history      # Recent transactions with amounts and any generated media URLs
+visa-cli mcp          # Start the MCP server
+```
-| Tool | Description |
-|------|-------------|
-| `login` | GitHub OAuth login flow |
-| `add_card` | Enroll a Visa card via VGS tokenization |
-| `reset` | Reset auth state |
-| `pay` | Generic payment endpoint |
-| `get_status` | Auth + card + account status |
-| `get_cards` | List enrolled cards |
-| `transaction_history` | Recent transactions with amounts |
-| `update_spending_controls` | Set daily/per-transaction limits |
-| `send_feedback` | Submit feedback on a tool result |
-| `get_feedback` | Retrieve feedback history |
-| `batch` | Batch multiple tool calls |
-| `discover` | List all available tools with pricing |
+---
-### Dynamic (from catalog)
+## Authentication
-Loaded from the auth server at runtime with a 5-minute TTL. Falls back to the compiled-in baseline from `@visa/tools` if the server is unreachable.
+Login is GitHub OAuth. Your session token is stored at `~/.visa-mcp/config.json`.
-Current catalog (18 tools): image generation (FLUX, Recraft, Ideogram, SeedEdit, upscale), video generation (Grok/Luma, Kling, Wan, MiniMax), 3D (Meshy), audio (F5-TTS, Suno), onchain data (Allium, 150+ chains), canvas (pxlwall, USDC/x402 native).
+```bash
+visa-cli login    # opens github.com/login/oauth/authorize in your browser
+visa-cli status   # verify you're logged in
+```
 ---
-## Catalog Resolution
+## Card enrollment
+Cards are tokenized via VGS — your raw card number never touches Visa servers. `add_card` opens a hosted VGS Collect form in your browser.
+```bash
+visa-cli add-card
 ```
-1. Live:     GET /v1/suggestions → tools[]   (auth server, TTL-cached, 5 min)
-2. Cache:    ~/.visa-mcp/catalog-cache.json  (disk, <24h)
-3. Baseline: CATALOG from @visa/tools        (compiled-in fallback)
-```
+Multiple cards can be enrolled. The first becomes the default; you can switch defaults with `set_default_card` from within your assistant. To remove a card: `remove_card` (requires Touch ID).
 ---
-## Architecture
+## Payments & Touch ID
-```
-visa-cli (this package)
-├── cli.ts           Commander CLI entry (login, add-card, status, history, mcp)
-├── api-client.ts    HTTP client for apps/auth (auth, attestation, shortcuts)
-├── mcp-server/
-│   ├── index.ts     MCP server bootstrap, tool registration
-│   ├── tools.ts     Core tool handler implementations
-│   └── suggestions.ts  Dynamic catalog polling
-├── touchid.ts       macOS Touch ID / Secure Enclave attestation
-├── rc-gate.ts       RC version gate (checks RC_CODE_HASH)
-└── config/
-    └── manager.ts   ~/.visa-mcp/config.json read/write
+Every paid tool call requires Touch ID (or device password on macOS). Your assistant will show you the amount and merchant before prompting. If you cancel Touch ID, the payment is aborted — nothing is charged.
+You can set hard limits via the `update_spending_controls` tool, or check your current limits any time:
+```bash
+visa-cli status
 ```
 ---
-## Development (monorepo)
+## MCP tools
-```bash
-# From monorepo root
-pnpm --filter @visa/cli build
-pnpm --filter @visa/cli test
-pnpm --filter @visa/cli test:unit:coverage
+### Account
-# Watch mode
-pnpm --filter @visa/cli dev
-```
+| Tool | Description |
+|------|-------------|
+| `login` | GitHub OAuth login — opens browser |
+| `add_card` | Enroll a card via VGS tokenization |
+| `get_cards` | List enrolled cards (masked) |
+| `remove_card` | Remove an enrolled card (Touch ID required) |
+| `set_default_card` | Change the default card (Touch ID required) |
+| `get_status` | Auth, card, spend limits, and budget summary |
+| `update_spending_controls` | Set daily and per-transaction limits (Touch ID required) |
+| `transaction_history` | Recent transactions with amounts and media URLs |
+| `feedback` | Submit feedback on a tool result |
+| `reset` | Clear auth state and credentials |
+### Generation
+| Tool | Price | Description |
+|------|-------|-------------|
+| `generate_image_card` | ~$0.06 | FLUX1.1 Ultra — 2K resolution, ~30s |
+| `generate_image_fast_card` | ~$0.04 | FLUX1.1 Pro — 1K resolution, ~10s |
+| `generate_video` | $0.10–$0.30 | Text-to-video (Wan / MiniMax / Kling) |
+| `generate_music_tempo_card` | ~$0.10 | Suno AI music generation, ~2 min |
+| `check_music_status_tempo_card` | ~$0.01 | Poll Suno task for audio URL |
+| `generate_audio` | ~$0.03–$0.04 | TTS (MetaVoice) or SFX (Stable Audio) |
+| `generate_3d` | ~$0.08 | Text-to-3D mesh (Trellis), returns GLB URL |
+| `upscale_image` | ~$0.03 | Image upscaling (Aura SR) |
+| `transcribe_audio` | ~$0.02 | Speech-to-text (Whisper) |
+### Data
+| Tool | Price | Description |
+|------|-------|-------------|
+| `query_onchain_prices_card` | ~$0.02 | Real-time or historical token prices (150+ chains via Allium) |
+| `allium_explorer_card` | ~$0.10 | Natural language → SQL blockchain query (step 1) |
+| `allium_explorer_results_card` | up to $3.00 | Fetch results for a submitted query (step 2) |
+| `run_llm` | $0.01–$0.09 | Run a prompt through GPT-4o Mini, Claude, DeepSeek, Perplexity, or Llama |
+### Utility
-### RC hash stub
+| Tool | Description |
+|------|-------------|
+| `pay` | Generic HTTP 402 payment endpoint |
+| `batch` | Execute multiple paid tools in one Touch ID approval |
+| `discover_tools` | Search the dynamic tool catalog |
+| `execute_tool` | Run a tool from the dynamic catalog by ID |
-`src/__generated__/rc-hash.ts` is committed with an all-zeros stub. The real hash is injected at publish time by `cli-publish.yml` from the `RC_ACCESS_CODE` secret. Local builds with the stub work normally — the RC gate only activates for prerelease versions.
+---
+## Dynamic catalog
+The tool catalog is fetched live from the auth server at startup (5-minute TTL). If the server is unreachable, it falls back to the compiled-in baseline from `@visa/tools`.
+To see all available tools with current pricing, ask your assistant:
+> "What tools do you have available?"
 ---
-## Release Pipeline
+## Spending controls
 ```
-PR to dev
-  → cli-changeset.yml   (AI classifies bump type, writes .changeset/ file)
-  → CI passes on dev
-  → cli-release-rc.yml  (bumps RC version, pushes v*-rc.* tag)
-  → cli-publish.yml     (injects hash, builds, publishes @visa/cli@rc)
-Merge dev → main
-  → CI passes on main
-  → cli-release-stable.yml  (exits pre mode, bumps stable, pushes v* tag)
-  → cli-publish.yml         (publishes @visa/cli@latest)
+Daily limit         — hard cap on total spend per day
+Max per-transaction — hard cap per single tool call
 ```
+Both limits are enforced server-side. Touch ID is always required per payment regardless of limits — this cannot be disabled.
+---
+## Config & data locations
+| Path | Contents |
+|------|----------|
+| `~/.visa-mcp/config.json` | Session token, device key |
+| `~/.visa-mcp/catalog-cache.json` | Cached tool catalog (24h TTL) |
+| `~/.visa-mcp/allium-results/` | Large query result CSVs |
+---
+## Troubleshooting
+**Touch ID prompt doesn't appear**
+Make sure `visa-cli mcp` is running as a foreground process that has access to the macOS security framework. Running inside some sandboxed environments may prevent Touch ID.
+**"Not logged in" after `visa-cli login`**
+Restart the MCP server after logging in — your MCP client needs to reconnect to pick up the new session.
+**Card not showing in `get_cards`**
+Enrollment is only confirmed after you complete the VGS form in the browser. Call `get_cards` after finishing the form to verify.
+**Tool returns an error about daily limit**
+Check your remaining budget with `visa-cli status` or ask your assistant: "What's my remaining budget today?"
+**Catalog shows stale tools**
+Delete `~/.visa-mcp/catalog-cache.json` and restart the MCP server to force a fresh fetch.

package/dist/cli.js CHANGED Viewed

@@ -1,7 +1,7 @@
-"use strict";var tt=Object.create;var fe=Object.defineProperty;var nt=Object.getOwnPropertyDescriptor;var rt=Object.getOwnPropertyNames;var ot=Object.getPrototypeOf,st=Object.prototype.hasOwnProperty;var it=(t,e)=>()=>(e||t((e={exports:{}}).exports,e),e.exports);var at=(t,e,n,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of rt(e))!st.call(t,s)&&s!==n&&fe(t,s,{get:()=>e[s],enumerable:!(r=nt(e,s))||r.enumerable});return t};var p=(t,e,n)=>(n=t!=null?tt(ot(t)):{},at(e||!t||!t.__esModule?fe(n,"default",{value:t,enumerable:!0}):n,t));var te=it((jt,pt)=>{pt.exports={name:"@visa/cli",version:"1.0.5",description:"AI-powered payments for Claude Code",bin:{"visa-cli":"./bin/visa-cli.js"},scripts:{build:"tsc --noEmit && node esbuild.config.js",dev:"tsc --watch",start:"node dist/mcp-server/index.js",test:"jest --config jest.config.js","test:unit":"jest --config jest.config.js","test:unit:watch":"jest --config jest.config.js --watch","test:unit:coverage":"jest --config jest.config.js --coverage","test:smoke":"VISA_AUTH_URL=https://auth.visacli.sh jest --config jest.smoke.config.js","test:integration":"jest --config jest.integration.config.js","test:e2e":"jest --config jest.e2e.config.js","test:catalog-e2e":"jest --config jest.catalog-e2e.config.js","test:all":"npm run test:unit && npm run test:integration && npm run test:e2e",prepublishOnly:"npm run build && npm test",lint:"eslint src/**/*.ts",format:'prettier --write "src/**/*.ts"',"format:check":'prettier --check "src/**/*.ts"'},keywords:["visa","checkout","mcp","ai-agent","payments","click-to-pay","usdc","stablecoin"],author:"Visa Crypto Labs",license:"SEE LICENSE IN LICENSE",dependencies:{"@modelcontextprotocol/sdk":"^1.0.0",commander:"^12.1.0",zod:"^3.23.0"},devDependencies:{"@visa-cli/tools":"workspace:*","@changesets/changelog-git":"^0.2.1","@changesets/cli":"^2.30.0","@types/jest":"^30.0.0","@types/node":"^22.10.0","@typescript-eslint/eslint-plugin":"^8.56.1","@typescript-eslint/parser":"^8.56.1","@types/express":"^5.0.0",esbuild:"^0.27.4",express:"^4.21.0",eslint:"^10.0.2","eslint-config-prettier":"^10.1.8",jest:"^29.7.0",prettier:"^3.8.1","ts-jest":"^29.2.0",typescript:"^5.7.0"},engines:{node:">=18.0.0"},files:["bin/visa-cli.js","dist/","native/visa-keychain.m","README.md","LICENSE"]}});var ze=require("commander"),X=p(require("crypto")),I=p(require("os")),ge=require("child_process"),Xe=require("util");var Se=require("child_process"),we=require("util"),C=p(require("fs")),ve=p(require("os")),Q=p(require("path")),E=(0,we.promisify)(Se.execFile),ee=Q.join(ve.homedir(),".visa-mcp"),K=Q.join(ee,"session-token"),k="visa-cli",V="session-token",F="rc-access";async function me(){try{let{stdout:t}=await E("security",["find-generic-password","-s",k,"-a",V,"-w"],{timeout:5e3});return t.trim()||null}catch{return null}}async function he(t){try{try{await E("security",["delete-generic-password","-s",k,"-a",V],{timeout:5e3})}catch{}return await E("security",["add-generic-password","-s",k,"-a",V,"-w",t],{timeout:5e3}),!0}catch{return!1}}async function ye(){try{await E("security",["delete-generic-password","-s",k,"-a",V],{timeout:5e3})}catch{}}async function ct(){try{let{stdout:t}=await E("security",["find-generic-password","-s",k,"-a",F,"-w"],{timeout:5e3});return t.trim()||null}catch{return null}}async function lt(t){try{try{await E("security",["delete-generic-password","-s",k,"-a",F],{timeout:5e3})}catch{}await E("security",["add-generic-password","-s",k,"-a",F,"-w",t],{timeout:5e3})}catch{}}async function ut(){try{await E("security",["delete-generic-password","-s",k,"-a",F],{timeout:5e3})}catch{}}function dt(t){C.mkdirSync(ee,{recursive:!0,mode:448}),C.writeFileSync(K,t,{mode:384})}function gt(){try{return C.readFileSync(K,"utf-8").trim()||null}catch{return null}}var h=class{static async getSessionToken(){if(process.env.VISA_MOCK_KEYCHAIN==="true")return Promise.resolve("mock-session-token-for-testing");let e=await me();if(e)return e;let n=gt();return n?(await he(n),n):null}static async saveSessionToken(e){if(process.env.VISA_MOCK_KEYCHAIN==="true")return;if(await he(e)){if(await me()===e){try{C.unlinkSync(K)}catch{}return}await ye()}if(dt(e),await this.getSessionToken()!==e)throw new Error("Failed to persist session token. "+(process.platform==="darwin"?'Check Keychain Access permissions for "visa-cli".':`Ensure ${ee} is writable.`))}static async getRcAccessToken(){return process.env.VISA_MOCK_KEYCHAIN==="true"?"mock-rc-token-for-testing":ct()}static async saveRcAccessToken(e){process.env.VISA_MOCK_KEYCHAIN!=="true"&&await lt(e)}static async deleteSessionToken(){if(process.env.VISA_MOCK_KEYCHAIN!=="true"){await ye();try{C.unlinkSync(K)}catch{}}}static async clearAll(){await this.deleteSessionToken(),await ut()}};var H=p(require("crypto")),D=p(require("tty")),q=p(require("fs"));var R="0000000000000000000000000000000000000000000000000000000000000000";function ft(t){return/-rc\.|-beta\./.test(t)}function ne(t){return H.createHash("sha256").update(t.trim()).digest("hex")}function be(t){return R==="SKIP"?!0:H.timingSafeEqual(Buffer.from(ne(t)),Buffer.from(R))}function mt(t){return new Promise((e,n)=>{let r=q.openSync("/dev/tty","r+"),s=new D.ReadStream(r),o=new D.WriteStream(r),i=()=>{try{s.destroy()}catch{}try{o.destroy()}catch{}try{q.closeSync(r)}catch{}};o.write(t),s.setRawMode(!0),s.resume(),s.setEncoding("utf8");let a="";s.on("data",c=>{c==="\r"||c===`
+"use strict";var rt=Object.create;var ge=Object.defineProperty;var st=Object.getOwnPropertyDescriptor;var ot=Object.getOwnPropertyNames;var it=Object.getPrototypeOf,at=Object.prototype.hasOwnProperty;var ct=(t,e)=>()=>(e||t((e={exports:{}}).exports,e),e.exports);var lt=(t,e,n,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of ot(e))!at.call(t,s)&&s!==n&&ge(t,s,{get:()=>e[s],enumerable:!(r=st(e,s))||r.enumerable});return t};var g=(t,e,n)=>(n=t!=null?rt(it(t)):{},lt(e||!t||!t.__esModule?ge(n,"default",{value:t,enumerable:!0}):n,t));var ee=ct((Ut,mt)=>{mt.exports={name:"@visa/cli",version:"1.0.7-rc.0",description:"AI-powered payments for Claude Code",bin:{"visa-cli":"./bin/visa-cli.js"},scripts:{build:"tsc --noEmit && node esbuild.config.js",dev:"tsc --watch",start:"node dist/mcp-server/index.js",test:"jest --config jest.config.js","test:unit":"jest --config jest.config.js","test:unit:watch":"jest --config jest.config.js --watch","test:unit:coverage":"jest --config jest.config.js --coverage","test:smoke":"VISA_AUTH_URL=https://auth.visacli.sh jest --config jest.smoke.config.js","test:integration":"jest --config jest.integration.config.js","test:e2e":"jest --config jest.e2e.config.js","test:catalog-e2e":"jest --config jest.catalog-e2e.config.js","test:all":"npm run test:unit && npm run test:integration && npm run test:e2e",prepublishOnly:"npm run build && npm test",lint:"eslint src/**/*.ts",format:'prettier --write "src/**/*.ts"',"format:check":'prettier --check "src/**/*.ts"'},keywords:["visa","checkout","mcp","ai-agent","payments","click-to-pay","usdc","stablecoin"],author:"Visa Crypto Labs",license:"SEE LICENSE IN LICENSE",dependencies:{"@modelcontextprotocol/sdk":"^1.0.0",commander:"^12.1.0",zod:"^3.23.0"},devDependencies:{"@visa-cli/tools":"workspace:*","@changesets/changelog-git":"^0.2.1","@changesets/cli":"^2.30.0","@types/jest":"^30.0.0","@types/node":"^22.10.0","@typescript-eslint/eslint-plugin":"^8.56.1","@typescript-eslint/parser":"^8.56.1","@types/express":"^5.0.0",esbuild:"^0.27.4",express:"^4.21.0",eslint:"^10.0.2","eslint-config-prettier":"^10.1.8",jest:"^29.7.0",prettier:"^3.8.1","ts-jest":"^29.2.0",typescript:"^5.7.0"},engines:{node:">=18.0.0"},files:["bin/visa-cli.js","dist/","native/visa-keychain.m","README.md","LICENSE"]}});var Xe=require("commander"),z=g(require("crypto")),N=g(require("os")),Ze=require("child_process"),Qe=require("util");var ye=require("child_process"),Se=require("util"),E=g(require("fs")),ve=g(require("os")),Z=g(require("path")),P=(0,Se.promisify)(ye.execFile),Q=Z.join(ve.homedir(),".visa-mcp"),U=Z.join(Q,"session-token"),k="visa-cli",V="session-token",K="rc-access";async function fe(){try{let{stdout:t}=await P("security",["find-generic-password","-s",k,"-a",V,"-w"],{timeout:5e3});return t.trim()||null}catch{return null}}async function me(t){try{try{await P("security",["delete-generic-password","-s",k,"-a",V],{timeout:5e3})}catch{}return await P("security",["add-generic-password","-s",k,"-a",V,"-w",t],{timeout:5e3}),!0}catch{return!1}}async function he(){try{await P("security",["delete-generic-password","-s",k,"-a",V],{timeout:5e3})}catch{}}async function ut(){try{let{stdout:t}=await P("security",["find-generic-password","-s",k,"-a",K,"-w"],{timeout:5e3});return t.trim()||null}catch{return null}}async function dt(t){try{try{await P("security",["delete-generic-password","-s",k,"-a",K],{timeout:5e3})}catch{}await P("security",["add-generic-password","-s",k,"-a",K,"-w",t],{timeout:5e3})}catch{}}async function pt(){try{await P("security",["delete-generic-password","-s",k,"-a",K],{timeout:5e3})}catch{}}function gt(t){E.mkdirSync(Q,{recursive:!0,mode:448}),E.writeFileSync(U,t,{mode:384})}function ft(){try{return E.readFileSync(U,"utf-8").trim()||null}catch{return null}}var h=class{static async getSessionToken(){if(process.env.VISA_MOCK_KEYCHAIN==="true")return Promise.resolve("mock-session-token-for-testing");let e=await fe();if(e)return e;let n=ft();return n?(await me(n),n):null}static async saveSessionToken(e){if(process.env.VISA_MOCK_KEYCHAIN==="true")return;if(await me(e)){if(await fe()===e){try{E.unlinkSync(U)}catch{}return}await he()}if(gt(e),await this.getSessionToken()!==e)throw new Error("Failed to persist session token. "+(process.platform==="darwin"?'Check Keychain Access permissions for "visa-cli".':`Ensure ${Q} is writable.`))}static async getRcAccessToken(){return process.env.VISA_MOCK_KEYCHAIN==="true"?"mock-rc-token-for-testing":ut()}static async saveRcAccessToken(e){process.env.VISA_MOCK_KEYCHAIN!=="true"&&await dt(e)}static async deleteSessionToken(){if(process.env.VISA_MOCK_KEYCHAIN!=="true"){await he();try{E.unlinkSync(U)}catch{}}}static async clearAll(){await this.deleteSessionToken(),await pt()}};var D=g(require("crypto")),H=g(require("tty")),F=g(require("fs"));var R="6820f6e91b762e645c9bf020c0d3673bb99d4a25a824880c0d548e10bb9bc7b1";function ht(t){return/-rc\.|-beta\./.test(t)}function te(t){return D.createHash("sha256").update(t.trim()).digest("hex")}function we(t){return R==="SKIP"?!0:D.timingSafeEqual(Buffer.from(te(t)),Buffer.from(R))}function yt(t){return new Promise((e,n)=>{let r=F.openSync("/dev/tty","r+"),s=new H.ReadStream(r),o=new H.WriteStream(r),a=()=>{try{s.destroy()}catch{}try{o.destroy()}catch{}try{F.closeSync(r)}catch{}};o.write(t),s.setRawMode(!0),s.resume(),s.setEncoding("utf8");let i="";s.on("data",c=>{c==="\r"||c===`
 `?(o.write(`
-`),i(),e(a)):c===""?(o.write(`
-`),i(),n(new Error("Cancelled"))):c==="\x7F"||c==="\b"?a.length>0&&(a=a.slice(0,-1),o.write("\b \b")):(a+=c,o.write("\u2022"))})})}var ht=`
+`),a(),e(i)):c===""?(o.write(`
+`),a(),n(new Error("Cancelled"))):c==="\x7F"||c==="\b"?i.length>0&&(i=i.slice(0,-1),o.write("\b \b")):(i+=c,o.write("\u2022"))})})}var St=`
  \u2588\u2588\u2557   \u2588\u2588\u2557\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557
  \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557
  \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551
@@ -10,24 +10,24 @@
    \u255A\u2550\u2550\u2550\u255D  \u255A\u2550\u255D\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u255D  \u255A\u2550\u255D
   This is a Release Candidate build. Access is restricted to Visa employees.
-`;async function Ce(t={}){let e=t.version??te().version;if(!ft(e))return;if(t.isMcp??!1){let o=process.env.VISA_RC_CODE;if(o&&be(o)){await h.saveRcAccessToken(ne(o));return}let i=await h.getRcAccessToken();if(i&&(R==="SKIP"||i===R))return;process.stderr.write(`[visa-cli] RC build requires access. Run: visa-cli setup
-`),process.exit(1)}let r=await h.getRcAccessToken();if(r&&(R==="SKIP"||r===R))return;console.log(ht);let s=3;for(let o=1;o<=s;o++){let i;try{i=await mt("  Enter RC access code: ")}catch{process.exit(1)}if(be(i)){await h.saveRcAccessToken(ne(i)),console.log(`
+`;async function be(t={}){let e=t.version??ee().version;if(!ht(e))return;let n=process.env.VISA_RC_CODE;if(n&&we(n)){await h.saveRcAccessToken(te(n));return}if(t.isMcp??!1){let a=await h.getRcAccessToken();if(a&&(R==="SKIP"||a===R))return;process.stderr.write(`[visa-cli] RC build requires access. Run: visa-cli setup
+`),process.exit(1)}let s=await h.getRcAccessToken();if(s&&(R==="SKIP"||s===R))return;console.log(St);let o=3;for(let a=1;a<=o;a++){let i;try{i=await yt("  Enter RC access code: ")}catch{process.exit(1)}if(we(i)){await h.saveRcAccessToken(te(i)),console.log(`
   Access granted. Welcome.
-`);return}o<s&&console.log(`
-  Invalid code. ${s-o} attempt(s) remaining.
+`);return}a<o&&console.log(`
+  Invalid code. ${o-a} attempt(s) remaining.
 `)}console.log(`
   Invalid code. Contact your team lead.
-`),process.exit(1)}async function Pe(t,e){let n=e?.timeoutMs??3e4,r=new AbortController,s=setTimeout(()=>r.abort(),n);try{let{timeoutMs:o,...i}=e??{};return await fetch(t,{...i,signal:r.signal})}finally{clearTimeout(s)}}var yt=/^(\d+)\.(\d+)\.(\d+)(?:-([0-9A-Za-z.-]+))?(?:\+[0-9A-Za-z.-]+)?$/;function ke(t,e){let n=Ee(t),r=Ee(e);if(!n||!r)return!1;for(let s=0;s<3;s++)if(n.main[s]!==r.main[s])return n.main[s]>r.main[s];return n.pre&&!r.pre?!1:!n.pre&&r.pre?!0:!n.pre&&!r.pre?!1:St(n.pre,r.pre)>0}function Ee(t){if(typeof t!="string")return null;let n=t.trim().replace(/^v/,"").match(yt);return n?{main:[Number(n[1]),Number(n[2]),Number(n[3])],pre:n[4]??null}:null}function St(t,e){let n=t.split("."),r=e.split("."),s=Math.max(n.length,r.length);for(let o=0;o<s;o++){if(o>=n.length)return-1;if(o>=r.length)return 1;let i=n[o],a=r[o],c=/^\d+$/.test(i),l=/^\d+$/.test(a);if(c&&l){let g=Number(i)-Number(a);if(g!==0)return g}else{if(c)return-1;if(l)return 1;if(i<a)return-1;if(i>a)return 1}}return 0}function G(){return!!(Re(process.env.VISA_CLI_NO_UPDATE_CHECK)||Re(process.env.CI)||process.env.NODE_ENV==="test")}function Re(t){if(t===void 0)return!1;let e=t.trim().toLowerCase();return!(e===""||e==="0"||e==="false"||e==="no"||e==="off")}var re="1.0.5",j=class{constructor(e){this.getSessionToken=e;this.baseUrl=process.env.VISA_AUTH_URL||"https://auth.visacli.sh"}getSessionToken;baseUrl;lastSignals={};parseServerSignals(e){if(this.lastSignals={},!G()){let r=e.headers.get("X-Latest-Version"),s=e.headers.get("X-Update-Message");r&&ke(r,re)&&(this.lastSignals.updateAvailable={version:r,message:s||`Update available: v${r}. Run: npm install -g @visa/cli && visa-cli setup`})}let n=e.headers.get("X-Feedback-Prompt");if(n)try{this.lastSignals.feedbackPrompt=JSON.parse(n)}catch{}}getClientVersion(){return re}async request(e,n,r,s,o){let i=await this.getSessionToken();if(!i)throw new Error("Not logged in. Use the login tool to authenticate.");let a={Authorization:`Bearer ${i}`};o&&(e==="GET"?a["X-User-Context"]=o.replace(/[\r\n\0]/g," ").slice(0,1e3):r={...r||{},user_context:o}),r&&(a["Content-Type"]="application/json");let c;try{c=await Pe(`${this.baseUrl}${n}`,{method:e,headers:{...a,"X-Visa-CLI-Version":re},body:r?JSON.stringify(r):void 0,timeoutMs:s})}catch(g){throw g.name==="AbortError"||g.message?.includes("aborted")?new Error("The request timed out. The server may be under heavy load. Please try again."):new Error("Cannot reach the Visa CLI server. Check your internet connection and try again.")}if(this.parseServerSignals(c),c.status===401)throw new Error("Your session has expired. Use the login tool to re-authenticate.");if(c.status===429){let g=c.headers.get("Retry-After")||"3";throw new Error(`Too many requests. Please wait ${g} seconds before trying again.`)}if(c.status===503)throw new Error("The Visa CLI service is temporarily unavailable. Please try again in a few minutes.");let l;try{l=await c.json()}catch{throw c.status===500?new Error("Something went wrong on our end. Please try again."):new Error("Something went wrong. Please try again.")}if(!c.ok)throw c.status===500?new Error("Something went wrong on our end. Please try again."):new Error(l?.error||"Something went wrong. Please try again.");return l}async pay(e,n){return this.request("POST","/v1/pay",e,void 0,n)}async shortcut(e,n,r,s){return this.request("POST",`/v1/shortcuts/${encodeURIComponent(e)}`,n,r,s)}async batch(e,n,r){return this.request("POST","/v1/batch",e,n,r)}async catalogSearch(e,n){let r=new URLSearchParams;e&&r.set("q",e),n&&r.set("category",n);let s=r.toString();return this.request("GET",`/v1/catalog${s?`?${s}`:""}`)}async catalogTool(e){try{return await this.request("GET",`/v1/catalog/${encodeURIComponent(e)}`)}catch{return null}}async paymentPreview(e,n){return this.request("POST","/v1/payment-preview",e,void 0,n)}async getStatus(e){return this.request("GET","/v1/status",void 0,void 0,e)}async getTransactions(e){return this.request("GET","/v1/transactions",void 0,void 0,e)}async updateSpendingControls(e,n){return this.request("POST","/v1/spending-controls",e,void 0,n)}async removeCard(e,n,r){return this.request("DELETE",`/v1/cards/${encodeURIComponent(String(e))}`,n,void 0,r)}async setDefaultCard(e,n,r){return this.request("POST",`/v1/cards/${encodeURIComponent(String(e))}/default`,n,void 0,r)}async getAttestationChallenge(){return this.request("GET","/v1/attestation-challenge")}async registerAttestationKey(e){return this.request("POST","/v1/attestation-key",{publicKey:e})}async logout(e,n){return this.request("POST","/v1/logout",e,void 0,n)}async feedback(e,n,r){return this.request("POST","/v1/feedback",{message:e,...n&&{transaction_id:n}},void 0,r)}async feedSubmit(e){return this.request("POST","/v1/feed",e)}async feedList(e){let n=new URLSearchParams;e?.tab&&n.set("tab",e.tab),e?.limit&&n.set("limit",String(e.limit)),e?.offset&&n.set("offset",String(e.offset));let r=n.toString();return this.request("GET",`/v1/feed${r?"?"+r:""}`)}async feedVote(e,n){return this.request("POST",`/v1/feed/${encodeURIComponent(e)}/vote`,{direction:n})}async feedApprove(e){return this.request("POST",`/v1/feed/${encodeURIComponent(e)}/approve`)}async feedDelete(e){return this.request("DELETE",`/v1/feed/${encodeURIComponent(e)}`)}async feedPending(){return this.request("GET","/v1/feed/pending")}async submitFeedback(e,n,r){return this.request("POST","/v1/feedback",{message:e,...n&&{transaction_id:n}},void 0,r)}async getFeedback(e,n){let r=new URLSearchParams;e&&r.set("limit",String(e));let s=r.toString();return this.request("GET",`/v1/feedback${s?"?"+s:""}`,void 0,void 0,n)}async submitRatedFeedback(e){return this.request("POST","/v1/feedback",e)}};var ce=require("child_process"),je=require("util"),Oe=p(require("crypto")),f=p(require("fs")),_e=p(require("os")),b=p(require("path"));var y=p(require("fs")),ie=p(require("path")),xe=p(require("os")),se=ie.join(xe.homedir(),".visa-mcp"),O=ie.join(se,"mcp-server.log"),wt=5*1024*1024,oe=null;function vt(){y.existsSync(se)||y.mkdirSync(se,{recursive:!0,mode:448})}function bt(){if(!oe){if(vt(),y.existsSync(O)&&y.statSync(O).size>wt){let e=O+".1";y.existsSync(e)&&y.unlinkSync(e),y.renameSync(O,e)}oe=y.createWriteStream(O,{flags:"a"})}return oe}function B(t,...e){let n=new Date().toISOString(),r=e.map(o=>typeof o=="string"?o:JSON.stringify(o,null,2)).join(" "),s=`[${n}] [${t}] ${r}
-`;process.stderr.write(s),bt().write(s)}var $e={debug:(...t)=>B("DEBUG",...t),info:(...t)=>B("INFO",...t),warn:(...t)=>B("WARN",...t),error:(...t)=>B("ERROR",...t)};var T=(0,je.promisify)(ce.execFile),Y=b.join(_e.homedir(),".visa-mcp","bin"),x=b.join(Y,"Visa CLI"),Ct=b.join(__dirname,"..","native"),Te="5",Ie=b.join(Y,"visa-keychain.version"),Ne=b.join(Y,"visa-keychain.sha256");function Ae(t){let e=f.readFileSync(t);return Oe.createHash("sha256").update(e).digest("hex")}async function Me(){try{if(f.readFileSync(Ie,"utf-8").trim()===Te&&f.existsSync(x)){let r=f.readFileSync(Ne,"utf-8").trim();if(Ae(x)!==r)$e.warn("binary:hash-mismatch",{message:"Binary hash mismatch \u2014 possible tampering detected. Recompiling from source."}),f.unlinkSync(x);else return x}}catch{}let t=b.join(Ct,"visa-keychain.m");if(f.existsSync(t)||(t=b.resolve(__dirname,"..","..","native","visa-keychain.m")),f.existsSync(t)||(t=b.resolve(__dirname,"..","native","visa-keychain.m")),!f.existsSync(t))throw new Error("visa-keychain.m source not found. Reinstall Visa CLI.");f.mkdirSync(Y,{recursive:!0,mode:448});try{await T("clang",["-framework","Security","-framework","LocalAuthentication","-framework","Foundation","-framework","AppKit","-o",x,t],{timeout:3e4})}catch(n){throw n.code==="ENOENT"?new Error("Xcode Command Line Tools required. Install: xcode-select --install"):n}let e=Ae(x);return f.writeFileSync(Ne,e,{mode:384}),f.writeFileSync(Ie,Te,{mode:384}),x}async function Ue(t){let e=await Me(),n;try{n=(await T(e,t,{timeout:6e4})).stdout}catch(o){n=o.stdout||"";let i=n.trim();throw i.startsWith("ERROR:")?new Error(i.slice(6)):new Error(o.stderr?.trim()||o.message||"Unknown error")}let r=n.trim();if(r.startsWith("OK:"))return r.slice(3);if(r==="OK")return;let s=r.startsWith("ERROR:")?r.slice(6):"Unknown error";throw new Error(s)}var ae=null;function _(){return process.env.VISA_MOCK_TOUCHID==="true"?!0:process.platform!=="darwin"?!1:ae!==null?ae:(ae=!0,!0)}var W="visa-cli",J="attestation-key";async function Pt(t){try{await T("security",["delete-generic-password","-s",W,"-a",J],{timeout:5e3})}catch{}await T("security",["add-generic-password","-s",W,"-a",J,"-w",t],{timeout:5e3})}async function Et(){try{let{stdout:t}=await T("security",["find-generic-password","-s",W,"-a",J,"-w"],{timeout:5e3});return t.trim()||null}catch{return null}}async function Le(){let t=await Ue(["generate-key"]);if(!t)throw new Error("Key generation returned no output");let e=t.indexOf(":");if(e<0)throw new Error("Unexpected generate-key output format");let n=t.slice(0,e),r=t.slice(e+1);return await Pt(n),r}async function Ke(t,e){if(process.env.VISA_MOCK_TOUCHID==="true")return Promise.resolve("mock-ecdsa-signature-for-testing");let n=await Et();if(!n)throw new Error("Attestation key not found. Run setup to generate a new key.");let r=await Me(),s=["sign",t];return e&&s.push(e),new Promise((o,i)=>{let a=(0,ce.execFile)(r,s,{timeout:6e4},(c,l)=>{let g=(l||"").trim();if(c){g.startsWith("ERROR:")?i(new Error(g.slice(6))):i(new Error(c.stderr?.trim()||c.message||"Unknown error"));return}g.startsWith("OK:")?o(g.slice(3)):i(new Error(g.startsWith("ERROR:")?g.slice(6):"Unknown error"))});a.stdin.write(n),a.stdin.end()})}async function Ve(){try{await T("security",["delete-generic-password","-s",W,"-a",J],{timeout:5e3})}catch{}try{await Ue(["delete-key"])}catch{}}function Fe(t,e=process.stderr){if(G()||!t?.updateAvailable)return!1;let{message:n}=t.updateAvailable;return n?(e.write(`
+`),process.exit(1)}var Ce=require("child_process");function vt(t=process.env,e=process.platform){return t.VISA_CLI_NO_BROWSER==="1"||t.VISA_CLI_NO_BROWSER==="true"?{headless:!0,reason:"VISA_CLI_NO_BROWSER is set"}:t.CI==="true"||t.CI==="1"?{headless:!0,reason:"CI environment detected"}:t.SSH_CONNECTION||t.SSH_TTY?{headless:!0,reason:"SSH session detected"}:e==="linux"&&!t.DISPLAY&&!t.WAYLAND_DISPLAY?{headless:!0,reason:"Linux with no $DISPLAY or $WAYLAND_DISPLAY"}:{headless:!1}}function wt(t){let n=t.length+4;return[`\u250C${"\u2500".repeat(n)}\u2510`,`\u2502${" ".repeat(2)}${t}${" ".repeat(2)}\u2502`,`\u2514${"\u2500".repeat(n)}\u2518`].join(`
+`)}function bt(t,e=process.platform){return e==="darwin"?{cmd:"open",args:[t]}:e==="win32"?{cmd:"cmd",args:["/c","start","",t]}:e==="linux"?{cmd:"xdg-open",args:[t]}:null}async function Ee(t,e={}){let n=e.log??(c=>console.log(c)),r=e.env??process.env,s=e.platform??process.platform,o=e.spawn??((c,l,d)=>{(0,Ce.execFile)(c,l,b=>d(b))});n(""),n("   Sign in to Visa CLI by opening this URL in your browser:"),n("");for(let c of wt(t).split(`
+`))n(`   ${c}`);n("");let a=vt(r,s);if(a.headless){n(`   (${a.reason} \u2014 skipping browser auto-open.)`),n("   Open the URL above on any device with a browser. The CLI will"),n("   continue waiting for you to complete sign-in."),n("");return}let i=bt(t,s);if(!i){n(`   No known browser-open command for platform "${s}".`),n("   Open the URL above manually to continue."),n("");return}await new Promise(c=>{o(i.cmd,i.args,l=>{l?(n(`   Could not open browser automatically (${l.message}).`),n("   Open the URL above manually to continue."),n("")):(n("   Opened browser. Waiting for you to sign in..."),n("")),c()})})}async function Pe(t,e){let n=e?.timeoutMs??3e4,r=new AbortController,s=setTimeout(()=>r.abort(),n);try{let{timeoutMs:o,...a}=e??{};return await fetch(t,{...a,signal:r.signal})}finally{clearTimeout(s)}}var Ct=/^(\d+)\.(\d+)\.(\d+)(?:-([0-9A-Za-z.-]+))?(?:\+[0-9A-Za-z.-]+)?$/;function Re(t,e){let n=ke(t),r=ke(e);if(!n||!r)return!1;for(let s=0;s<3;s++)if(n.main[s]!==r.main[s])return n.main[s]>r.main[s];return n.pre&&!r.pre?!1:!n.pre&&r.pre?!0:!n.pre&&!r.pre?!1:Et(n.pre,r.pre)>0}function ke(t){if(typeof t!="string")return null;let n=t.trim().replace(/^v/,"").match(Ct);return n?{main:[Number(n[1]),Number(n[2]),Number(n[3])],pre:n[4]??null}:null}function Et(t,e){let n=t.split("."),r=e.split("."),s=Math.max(n.length,r.length);for(let o=0;o<s;o++){if(o>=n.length)return-1;if(o>=r.length)return 1;let a=n[o],i=r[o],c=/^\d+$/.test(a),l=/^\d+$/.test(i);if(c&&l){let d=Number(a)-Number(i);if(d!==0)return d}else{if(c)return-1;if(l)return 1;if(a<i)return-1;if(a>i)return 1}}return 0}function q(){return!!($e(process.env.VISA_CLI_NO_UPDATE_CHECK)||$e(process.env.CI)||process.env.NODE_ENV==="test")}function $e(t){if(t===void 0)return!1;let e=t.trim().toLowerCase();return!(e===""||e==="0"||e==="false"||e==="no"||e==="off")}var ne="1.0.7-rc.0",A=class{constructor(e){this.getSessionToken=e;this.baseUrl=process.env.VISA_AUTH_URL||"https://auth.visacli.sh"}getSessionToken;baseUrl;lastSignals={};parseServerSignals(e){if(this.lastSignals={},!q()){let r=e.headers.get("X-Latest-Version"),s=e.headers.get("X-Update-Message");r&&Re(r,ne)&&(this.lastSignals.updateAvailable={version:r,message:s||`Update available: v${r}. Run: npm install -g @visa/cli && visa-cli setup`})}let n=e.headers.get("X-Feedback-Prompt");if(n)try{this.lastSignals.feedbackPrompt=JSON.parse(n)}catch{}}getClientVersion(){return ne}async request(e,n,r,s,o){let a=await this.getSessionToken();if(!a)throw new Error("Not logged in. Sign up at https://visacli.sh or run: visa-cli setup");let i={Authorization:`Bearer ${a}`};o&&(e==="GET"?i["X-User-Context"]=o.replace(/[\r\n\0]/g," ").slice(0,1e3):r={...r||{},user_context:o}),r&&(i["Content-Type"]="application/json");let c;try{c=await Pe(`${this.baseUrl}${n}`,{method:e,headers:{...i,"X-Visa-CLI-Version":ne},body:r?JSON.stringify(r):void 0,timeoutMs:s})}catch(d){throw d.name==="AbortError"||d.message?.includes("aborted")?new Error("The request timed out. The server may be under heavy load. Please try again."):new Error("Cannot reach the Visa CLI server. Check your internet connection and try again.")}if(this.parseServerSignals(c),c.status===401)throw new Error("Your session has expired. Run: visa-cli setup");if(c.status===429){let d=c.headers.get("Retry-After")||"3";throw new Error(`Rate limited \u2014 wait ${d}s. Tip: use the batch tool to combine multiple requests into one.`)}if(c.status===503)throw new Error("Visa CLI is temporarily unavailable. Check https://visacli.sh for status.");let l;try{l=await c.json()}catch{throw c.status===500?new Error(`Server error on ${n}. Try again or check https://visacli.sh for status.`):new Error(`Unexpected response from ${n}. Try again.`)}if(!c.ok)throw c.status===500?new Error(`Server error on ${n}. Try again or check https://visacli.sh for status.`):new Error(l?.error||`Request failed (${c.status}). Try again.`);return l}async pay(e,n){return this.request("POST","/v1/pay",e,void 0,n)}async shortcut(e,n,r,s){return this.request("POST",`/v1/shortcuts/${encodeURIComponent(e)}`,n,r,s)}async batch(e,n,r){return this.request("POST","/v1/batch",e,n,r)}async catalogSearch(e,n){let r=new URLSearchParams;e&&r.set("q",e),n&&r.set("category",n);let s=r.toString();return this.request("GET",`/v1/catalog${s?`?${s}`:""}`)}async catalogTool(e){try{return await this.request("GET",`/v1/catalog/${encodeURIComponent(e)}`)}catch{return null}}async paymentPreview(e,n){return this.request("POST","/v1/payment-preview",e,void 0,n)}async getStatus(e){return this.request("GET","/v1/status",void 0,void 0,e)}async getTransactions(e){return this.request("GET","/v1/transactions",void 0,void 0,e)}async updateSpendingControls(e,n){return this.request("POST","/v1/spending-controls",e,void 0,n)}async removeCard(e,n,r){return this.request("DELETE",`/v1/cards/${encodeURIComponent(String(e))}`,n,void 0,r)}async setDefaultCard(e,n,r){return this.request("POST",`/v1/cards/${encodeURIComponent(String(e))}/default`,n,void 0,r)}async getAttestationChallenge(){return this.request("GET","/v1/attestation-challenge")}async registerAttestationKey(e){return this.request("POST","/v1/attestation-key",{publicKey:e})}async logout(e,n){return this.request("POST","/v1/logout",e,void 0,n)}async feedback(e,n,r){return this.request("POST","/v1/feedback",{message:e,...n&&{transaction_id:n}},void 0,r)}async feedSubmit(e){return this.request("POST","/v1/feed",e)}async feedList(e){let n=new URLSearchParams;e?.tab&&n.set("tab",e.tab),e?.limit&&n.set("limit",String(e.limit)),e?.offset&&n.set("offset",String(e.offset));let r=n.toString();return this.request("GET",`/v1/feed${r?"?"+r:""}`)}async feedVote(e,n){return this.request("POST",`/v1/feed/${encodeURIComponent(e)}/vote`,{direction:n})}async feedApprove(e){return this.request("POST",`/v1/feed/${encodeURIComponent(e)}/approve`)}async feedDelete(e){return this.request("DELETE",`/v1/feed/${encodeURIComponent(e)}`)}async feedPending(){return this.request("GET","/v1/feed/pending")}async submitFeedback(e,n,r){return this.request("POST","/v1/feedback",{message:e,...n&&{transaction_id:n}},void 0,r)}async getFeedback(e,n){let r=new URLSearchParams;e&&r.set("limit",String(e));let s=r.toString();return this.request("GET",`/v1/feedback${s?"?"+s:""}`,void 0,void 0,n)}async submitRatedFeedback(e){return this.request("POST","/v1/feedback",e)}};var ae=require("child_process"),_e=require("util"),je=g(require("crypto")),f=g(require("fs")),Me=g(require("os")),C=g(require("path"));var y=g(require("fs")),oe=g(require("path")),xe=g(require("os")),se=oe.join(xe.homedir(),".visa-mcp"),O=oe.join(se,"mcp-server.log"),Pt=5*1024*1024,re=null;function kt(){y.existsSync(se)||y.mkdirSync(se,{recursive:!0,mode:448})}function Rt(){if(!re){if(kt(),y.existsSync(O)&&y.statSync(O).size>Pt){let e=O+".1";y.existsSync(e)&&y.unlinkSync(e),y.renameSync(O,e)}re=y.createWriteStream(O,{flags:"a"})}return re}function B(t,...e){let n=new Date().toISOString(),r=e.map(o=>typeof o=="string"?o:JSON.stringify(o,null,2)).join(" "),s=`[${n}] [${t}] ${r}
+`;process.stderr.write(s),Rt().write(s)}var Ie={debug:(...t)=>B("DEBUG",...t),info:(...t)=>B("INFO",...t),warn:(...t)=>B("WARN",...t),error:(...t)=>B("ERROR",...t)};var I=(0,_e.promisify)(ae.execFile),Y=C.join(Me.homedir(),".visa-mcp","bin"),$=C.join(Y,"Visa CLI"),$t=C.join(__dirname,"..","native"),Ne="5",Te=C.join(Y,"visa-keychain.version"),Ae=C.join(Y,"visa-keychain.sha256");function Oe(t){let e=f.readFileSync(t);return je.createHash("sha256").update(e).digest("hex")}async function Le(){try{if(f.readFileSync(Te,"utf-8").trim()===Ne&&f.existsSync($)){let r=f.readFileSync(Ae,"utf-8").trim();if(Oe($)!==r)Ie.warn("binary:hash-mismatch",{message:"Binary hash mismatch \u2014 possible tampering detected. Recompiling from source."}),f.unlinkSync($);else return $}}catch{}let t=C.join($t,"visa-keychain.m");if(f.existsSync(t)||(t=C.resolve(__dirname,"..","..","native","visa-keychain.m")),f.existsSync(t)||(t=C.resolve(__dirname,"..","native","visa-keychain.m")),!f.existsSync(t))throw new Error("visa-keychain.m source not found. Reinstall Visa CLI.");f.mkdirSync(Y,{recursive:!0,mode:448});try{await I("clang",["-framework","Security","-framework","LocalAuthentication","-framework","Foundation","-framework","AppKit","-o",$,t],{timeout:3e4})}catch(n){throw n.code==="ENOENT"?new Error("Xcode Command Line Tools required. Install: xcode-select --install"):n}let e=Oe($);return f.writeFileSync(Ae,e,{mode:384}),f.writeFileSync(Te,Ne,{mode:384}),$}async function Ue(t){let e=await Le(),n;try{n=(await I(e,t,{timeout:6e4})).stdout}catch(o){n=o.stdout||"";let a=n.trim();throw a.startsWith("ERROR:")?new Error(a.slice(6)):new Error(o.stderr?.trim()||o.message||"Unknown error")}let r=n.trim();if(r.startsWith("OK:"))return r.slice(3);if(r==="OK")return;let s=r.startsWith("ERROR:")?r.slice(6):"Unknown error";throw new Error(s)}var ie=null;function _(){return process.env.VISA_MOCK_TOUCHID==="true"?!0:process.platform!=="darwin"?!1:ie!==null?ie:(ie=!0,!0)}var G="visa-cli",W="attestation-key";async function xt(t){try{await I("security",["delete-generic-password","-s",G,"-a",W],{timeout:5e3})}catch{}await I("security",["add-generic-password","-s",G,"-a",W,"-w",t],{timeout:5e3})}async function It(){try{let{stdout:t}=await I("security",["find-generic-password","-s",G,"-a",W,"-w"],{timeout:5e3});return t.trim()||null}catch{return null}}async function Ve(){let t=await Ue(["generate-key"]);if(!t)throw new Error("Key generation returned no output");let e=t.indexOf(":");if(e<0)throw new Error("Unexpected generate-key output format");let n=t.slice(0,e),r=t.slice(e+1);return await xt(n),r}async function Ke(t,e){if(process.env.VISA_MOCK_TOUCHID==="true")return Promise.resolve("mock-ecdsa-signature-for-testing");let n=await It();if(!n)throw new Error("Attestation key not found. Run setup to generate a new key.");let r=await Le(),s=["sign",t];return e&&s.push(e),new Promise((o,a)=>{let i=(0,ae.execFile)(r,s,{timeout:6e4},(c,l)=>{let d=(l||"").trim();if(c){d.startsWith("ERROR:")?a(new Error(d.slice(6))):a(new Error(c.stderr?.trim()||c.message||"Unknown error"));return}d.startsWith("OK:")?o(d.slice(3)):a(new Error(d.startsWith("ERROR:")?d.slice(6):"Unknown error"))});i.stdin.write(n),i.stdin.end()})}async function De(){try{await I("security",["delete-generic-password","-s",G,"-a",W],{timeout:5e3})}catch{}try{await Ue(["delete-key"])}catch{}}function He(t,e=process.stderr){if(q()||!t?.updateAvailable)return!1;let{message:n}=t.updateAvailable;return n?(e.write(`
 \x1B[33m\u2191 ${n}\x1B[0m
-`),!0):!1}var S=class extends Error{constructor(e){super(e),this.name="PayValidationError"}},He=["GET","POST"];function De(t){let e;try{e=new URL(t)}catch{throw new S(`Invalid URL: ${t}. Expected a fully-qualified http(s) URL.`)}if(e.protocol!=="http:"&&e.protocol!=="https:")throw new S(`Unsupported URL scheme "${e.protocol}". Only http and https are allowed.`);return e}function qe(t){let e=(t??"GET").toUpperCase();if(!He.includes(e))throw new S(`Unsupported HTTP method "${t}". Supported: ${He.join(", ")}.`);return e}function Ge(t){if(t!==void 0){try{JSON.parse(t)}catch(e){throw new S(`--body is not valid JSON: ${e?.message??"parse error"}`)}return t}}function Be(t){if(!t||typeof t!="object")throw new S("Merchant returned no payment preview.");let e=t;if(typeof e.amount!="number"||!Number.isFinite(e.amount)||e.amount<=0)throw new S("Could not determine payment amount from merchant.");if(typeof e.merchantName!="string"||e.merchantName.trim().length===0)throw new S("Merchant returned an empty merchant name.");if(e.merchantName.length>200)throw new S(`Merchant name too long (${e.merchantName.length} chars).`);if(typeof e.currency!="string"||e.currency.trim().length===0)throw new S("Merchant returned an empty currency.");if(e.currency.length>10)throw new S(`Currency code too long (${e.currency.length} chars).`);return{amount:e.amount,currency:e.currency,merchantName:e.merchantName}}var d=p(require("fs")),u=p(require("path")),We=p(require("os")),m=We.homedir(),w=[{id:"claude",displayName:"Claude Code",globalConfigPath:u.join(m,".claude.json"),configKey:"mcpServers",detectPaths:[u.join(m,".claude.json")],postInstallHint:"Restart Claude Code or run /mcp to connect."},{id:"claude-desktop",displayName:"Claude Desktop",globalConfigPath:u.join(m,"Library","Application Support","Claude","claude_desktop_config.json"),configKey:"mcpServers",detectPaths:[u.join(m,"Library","Application Support","Claude")],postInstallHint:"Restart the Claude desktop app to connect."},{id:"cursor",displayName:"Cursor",globalConfigPath:u.join(m,".cursor","mcp.json"),configKey:"mcpServers",detectPaths:[u.join(m,".cursor")],postInstallHint:"Restart Cursor to connect."},{id:"windsurf",displayName:"Windsurf",globalConfigPath:u.join(m,".codeium","windsurf","mcp_config.json"),configKey:"mcpServers",detectPaths:[u.join(m,".codeium","windsurf")],postInstallHint:"Restart Windsurf to connect."},{id:"cline",displayName:"Cline",globalConfigPath:u.join(m,".vscode","mcp.json"),configKey:"mcpServers",detectPaths:[u.join(m,".vscode","extensions","saoudrizwan.claude-dev-*")],postInstallHint:"Restart VS Code to connect."},{id:"roo-code",displayName:"Roo Code",globalConfigPath:u.join(m,".config","Roo","mcp_settings.json"),configKey:"mcpServers",detectPaths:[u.join(m,".vscode","extensions","RooVeterinaryInc.roo-cline-*")],postInstallHint:"Restart VS Code to connect."},{id:"copilot",displayName:"VS Code Copilot",globalConfigPath:u.join(m,".vscode","mcp.json"),configKey:"servers",detectPaths:[u.join(m,".vscode")],postInstallHint:"Restart VS Code to connect."},{id:"zed",displayName:"Zed",globalConfigPath:u.join(m,".config","zed","settings.json"),configKey:"context_servers",detectPaths:[u.join(m,".config","zed")],postInstallHint:"Restart Zed to connect.",buildEntry:t=>({source:"custom",...t})}];function le(t){return w.find(e=>e.id===t)}function M(t){return t.detectPaths.some(e=>{if(e.includes("*")){let n=u.dirname(e),r=u.basename(e).replaceAll("*","");if(!d.existsSync(n))return!1;try{return d.readdirSync(n).some(s=>s.startsWith(r))}catch{return!1}}return d.existsSync(e)})}function Je(){return{command:"node",args:[u.resolve(__dirname,"mcp-server/index.js")]}}function U(t,e="global"){let n=e==="project"?u.join(process.cwd(),".mcp.json"):t.globalConfigPath,r=u.dirname(n);d.existsSync(r)||d.mkdirSync(r,{recursive:!0});let s={};if(d.existsSync(n))try{s=JSON.parse(d.readFileSync(n,"utf-8"))}catch{s={}}s[t.configKey]=s[t.configKey]||{};let o=Je();return s[t.configKey]["visa-cli"]=t.buildEntry?t.buildEntry(o):o,d.writeFileSync(n,JSON.stringify(s,null,2)+`
-`),{installed:!0,configPath:n,message:t.postInstallHint}}function ue(t,e="global"){let n=e==="project"?u.join(process.cwd(),".mcp.json"):t.globalConfigPath;if(!d.existsSync(n))return{removed:!1,configPath:n};let r;try{r=JSON.parse(d.readFileSync(n,"utf-8"))}catch{return{removed:!1,configPath:n}}let s=r[t.configKey];return!s||!s["visa-cli"]?{removed:!1,configPath:n}:(delete s["visa-cli"],d.writeFileSync(n,JSON.stringify(r,null,2)+`
-`),{removed:!0,configPath:n})}function Ye(t,e="global"){let n=e==="project"?u.join(process.cwd(),".mcp.json"):t.globalConfigPath;if(!d.existsSync(n))return!1;try{return!!JSON.parse(d.readFileSync(n,"utf-8"))?.[t.configKey]?.["visa-cli"]}catch{return!1}}function Rt(t){if(!t||typeof t!="object")return;let e=t;if(e.command!=="node"||!Array.isArray(e.args)||e.args.length===0)return;let n=e.args[e.args.length-1];if(!(typeof n!="string"||n.length===0))return n}function xt(t,e){if(t===e)return!0;let n=u.resolve(t),r=u.resolve(e);if(n===r)return!0;try{let s=d.realpathSync(n),o=d.realpathSync(r);return s===o}catch{return!1}}function L(){let t=Je(),e=t.args[t.args.length-1],n=[];for(let r of w){let s=r.globalConfigPath;if(!d.existsSync(s))continue;let o;try{o=JSON.parse(d.readFileSync(s,"utf-8"))}catch{continue}let i=o?.[r.configKey]?.["visa-cli"];if(!i)continue;let a=Rt(i);if(!a||xt(a,e))continue;let c=d.existsSync(a)?"mismatch":"missing";n.push({client:r,configPath:s,currentPath:a,expectedPath:e,staleReason:c})}return n}function de(t){return{configPath:U(t.client,"global").configPath}}var $t=(0,Xe.promisify)(ge.execFile);function Tt(t){let e=I.homedir(),n=s=>s.replace(e,"~"),r=t.staleReason==="missing"?"path missing on disk":"path mismatch";return`   \u2022 ${t.client.displayName} (${n(t.configPath)})
-     ${r}: ${n(t.currentPath)}`}function Ze(t,e){if(t.length===0){console.log(`${e} \u2713 All MCP client configs are up to date.`);return}console.log(`${e} Found ${t.length} stale MCP config ${t.length===1?"entry":"entries"}:`);for(let n of t)console.log(Tt(n))}var v=new ze.Command,z=null;function Z(){return z=new j(()=>h.getSessionToken()),z}v.name("visa-cli").description("Visa CLI - AI payment orchestration").version(te().version);v.hook("preAction",async()=>{await Ce()});v.command("setup").description("Register MCP server, authenticate, and generate attestation key").option("--check","Scan MCP client configs for stale visa-cli entries and exit without making changes").action(async t=>{try{if(t.check){let l=L();Ze(l,"MCP config check:"),l.length>0&&(console.log("\nRun `visa-cli setup` (or `visa-cli install --repair`) to rewrite these entries."),process.exit(1));return}console.log("Step 1: Registering MCP server...");let e=L(),n=new Map(e.map(l=>[l.client.id,l])),r=new Set;for(let l of w)if(M(l)){let g=U(l),P=n.get(l.id),N=P?` \u2014 repaired stale ${P.staleReason} entry`:"";console.log(`   \u2713 ${l.displayName} (${g.configPath.replace(I.homedir(),"~")})${N}`),P&&r.add(l.id)}let s=e.filter(l=>!r.has(l.client.id));for(let l of s)de(l),console.log(`   \u2713 ${l.client.displayName} (${l.configPath.replace(I.homedir(),"~")}) \u2014 repaired stale ${l.staleReason} entry`);let o=r.size+s.length;console.log(o===0?"   \u2713 MCP config verified \u2014 nothing to repair.":`   \u2713 Repaired ${o} stale MCP config ${o===1?"entry":"entries"}.`),console.log(`
-Step 2: Checking authentication...`);let i=await h.getSessionToken();if(i?console.log("   Already authenticated."):(console.log("   No session found. Opening browser for GitHub login..."),i=await new Promise(async(l,g)=>{let P=X.randomBytes(16).toString("hex"),N=`https://auth.visacli.sh/login?state=${P}`;console.log(`   Opening browser for authentication...
-`),process.platform==="darwin"&&(0,ge.execFile)("open",[N],A=>{A&&console.error("   Failed to open browser:",A.message)}),console.log(`   Waiting for login in browser...
-`);let pe=3e4,Qe=300*1e3,et=Date.now()+Qe;for(;Date.now()<et;)try{let A=await globalThis.fetch("https://auth.visacli.sh/v1/auth-status",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({state:P,timeout:pe}),signal:AbortSignal.timeout(pe+5e3)});if(!A.ok)continue;let $=await A.json();if($.status==="pending")continue;if($.status==="expired"){g(new Error("Session expired. Please run setup again."));return}if($.status==="complete"&&$.sessionToken){console.log(`   Signed in as ${$.user}.`),l($.sessionToken);return}}catch{}g(new Error("Login timed out after 5 minutes. Please run setup again."))}),await h.saveSessionToken(i),console.log("   Session token saved.")),console.log(`
-Step 3: Setting up authentication...`),!_())console.log("   Not macOS \u2014 skipping biometric setup.");else{try{await $t("clang",["--version"])}catch{console.error("   Xcode Command Line Tools are required for payment authentication."),console.error("   Install them by running: xcode-select --install"),console.error("   Then re-run: visa-cli setup"),process.exit(1)}try{let l=await Le();console.log("   Attestation key generated."),await Z().registerAttestationKey(l),console.log("   Attestation key registered with server.")}catch(l){console.log(`   Skipped: ${l.message}`)}}let a="\x1B[1m",c="\x1B[0m";console.log(`
+`),!0):!1}var S=class extends Error{constructor(e){super(e),this.name="PayValidationError"}},Fe=["GET","POST"];function qe(t){let e;try{e=new URL(t)}catch{throw new S(`Invalid URL: ${t}. Expected a fully-qualified http(s) URL.`)}if(e.protocol!=="http:"&&e.protocol!=="https:")throw new S(`Unsupported URL scheme "${e.protocol}". Only http and https are allowed.`);return e}function Be(t){let e=(t??"GET").toUpperCase();if(!Fe.includes(e))throw new S(`Unsupported HTTP method "${t}". Supported: ${Fe.join(", ")}.`);return e}function Ge(t){if(t!==void 0){try{JSON.parse(t)}catch(e){throw new S(`--body is not valid JSON: ${e?.message??"parse error"}`)}return t}}function We(t){if(!t||typeof t!="object")throw new S("Merchant returned no payment preview.");let e=t;if(typeof e.amount!="number"||!Number.isFinite(e.amount)||e.amount<=0)throw new S("Could not determine payment amount from merchant.");if(typeof e.merchantName!="string"||e.merchantName.trim().length===0)throw new S("Merchant returned an empty merchant name.");if(e.merchantName.length>200)throw new S(`Merchant name too long (${e.merchantName.length} chars).`);if(typeof e.currency!="string"||e.currency.trim().length===0)throw new S("Merchant returned an empty currency.");if(e.currency.length>10)throw new S(`Currency code too long (${e.currency.length} chars).`);return{amount:e.amount,currency:e.currency,merchantName:e.merchantName}}var p=g(require("fs")),u=g(require("path")),Ye=g(require("os")),m=Ye.homedir(),v=[{id:"claude",displayName:"Claude Code",globalConfigPath:u.join(m,".claude.json"),configKey:"mcpServers",detectPaths:[u.join(m,".claude.json")],postInstallHint:"Restart Claude Code or run /mcp to connect."},{id:"claude-desktop",displayName:"Claude Desktop",globalConfigPath:u.join(m,"Library","Application Support","Claude","claude_desktop_config.json"),configKey:"mcpServers",detectPaths:[u.join(m,"Library","Application Support","Claude")],postInstallHint:"Restart the Claude desktop app to connect."},{id:"cursor",displayName:"Cursor",globalConfigPath:u.join(m,".cursor","mcp.json"),configKey:"mcpServers",detectPaths:[u.join(m,".cursor")],postInstallHint:"Restart Cursor to connect."},{id:"windsurf",displayName:"Windsurf",globalConfigPath:u.join(m,".codeium","windsurf","mcp_config.json"),configKey:"mcpServers",detectPaths:[u.join(m,".codeium","windsurf")],postInstallHint:"Restart Windsurf to connect."},{id:"cline",displayName:"Cline",globalConfigPath:u.join(m,".vscode","mcp.json"),configKey:"mcpServers",detectPaths:[u.join(m,".vscode","extensions","saoudrizwan.claude-dev-*")],postInstallHint:"Restart VS Code to connect."},{id:"roo-code",displayName:"Roo Code",globalConfigPath:u.join(m,".config","Roo","mcp_settings.json"),configKey:"mcpServers",detectPaths:[u.join(m,".vscode","extensions","RooVeterinaryInc.roo-cline-*")],postInstallHint:"Restart VS Code to connect."},{id:"copilot",displayName:"VS Code Copilot",globalConfigPath:u.join(m,".vscode","mcp.json"),configKey:"servers",detectPaths:[u.join(m,".vscode")],postInstallHint:"Restart VS Code to connect."},{id:"zed",displayName:"Zed",globalConfigPath:u.join(m,".config","zed","settings.json"),configKey:"context_servers",detectPaths:[u.join(m,".config","zed")],postInstallHint:"Restart Zed to connect.",buildEntry:t=>({source:"custom",...t})}];function ce(t){return v.find(e=>e.id===t)}function j(t){return t.detectPaths.some(e=>{if(e.includes("*")){let n=u.dirname(e),r=u.basename(e).replaceAll("*","");if(!p.existsSync(n))return!1;try{return p.readdirSync(n).some(s=>s.startsWith(r))}catch{return!1}}return p.existsSync(e)})}function Je(){return{command:"node",args:[u.resolve(__dirname,"mcp-server/index.js")]}}function M(t,e="global"){let n=e==="project"?u.join(process.cwd(),".mcp.json"):t.globalConfigPath,r=u.dirname(n);p.existsSync(r)||p.mkdirSync(r,{recursive:!0});let s={};if(p.existsSync(n))try{s=JSON.parse(p.readFileSync(n,"utf-8"))}catch{s={}}s[t.configKey]=s[t.configKey]||{};let o=Je();return s[t.configKey]["visa-cli"]=t.buildEntry?t.buildEntry(o):o,p.writeFileSync(n,JSON.stringify(s,null,2)+`
+`),{installed:!0,configPath:n,message:t.postInstallHint}}function le(t,e="global"){let n=e==="project"?u.join(process.cwd(),".mcp.json"):t.globalConfigPath;if(!p.existsSync(n))return{removed:!1,configPath:n};let r;try{r=JSON.parse(p.readFileSync(n,"utf-8"))}catch{return{removed:!1,configPath:n}}let s=r[t.configKey];return!s||!s["visa-cli"]?{removed:!1,configPath:n}:(delete s["visa-cli"],p.writeFileSync(n,JSON.stringify(r,null,2)+`
+`),{removed:!0,configPath:n})}function ze(t,e="global"){let n=e==="project"?u.join(process.cwd(),".mcp.json"):t.globalConfigPath;if(!p.existsSync(n))return!1;try{return!!JSON.parse(p.readFileSync(n,"utf-8"))?.[t.configKey]?.["visa-cli"]}catch{return!1}}function Tt(t){if(!t||typeof t!="object")return;let e=t;if(e.command!=="node"||!Array.isArray(e.args)||e.args.length===0)return;let n=e.args[e.args.length-1];if(!(typeof n!="string"||n.length===0))return n}function At(t,e){if(t===e)return!0;let n=u.resolve(t),r=u.resolve(e);if(n===r)return!0;try{let s=p.realpathSync(n),o=p.realpathSync(r);return s===o}catch{return!1}}function L(){let t=Je(),e=t.args[t.args.length-1],n=[];for(let r of v){let s=r.globalConfigPath;if(!p.existsSync(s))continue;let o;try{o=JSON.parse(p.readFileSync(s,"utf-8"))}catch{continue}let a=o?.[r.configKey]?.["visa-cli"];if(!a)continue;let i=Tt(a);if(!i||At(i,e))continue;let c=p.existsSync(i)?"mismatch":"missing";n.push({client:r,configPath:s,currentPath:i,expectedPath:e,staleReason:c})}return n}function ue(t){return{configPath:M(t.client,"global").configPath}}var Ot=(0,Qe.promisify)(Ze.execFile);function _t(t){let e=N.homedir(),n=s=>s.replace(e,"~"),r=t.staleReason==="missing"?"path missing on disk":"path mismatch";return`   \u2022 ${t.client.displayName} (${n(t.configPath)})
+     ${r}: ${n(t.currentPath)}`}function et(t,e){if(t.length===0){console.log(`${e} \u2713 All MCP client configs are up to date.`);return}console.log(`${e} Found ${t.length} stale MCP config ${t.length===1?"entry":"entries"}:`);for(let n of t)console.log(_t(n))}var w=new Xe.Command,J=null;function X(){return J=new A(()=>h.getSessionToken()),J}w.name("visa-cli").description("Visa CLI - AI payment orchestration").version(ee().version);w.hook("preAction",async()=>{await be()});w.command("setup").description("Register MCP server, authenticate, and generate attestation key").option("--check","Scan MCP client configs for stale visa-cli entries and exit without making changes").action(async t=>{try{if(t.check){let l=L();et(l,"MCP config check:"),l.length>0&&(console.log("\nRun `visa-cli setup` (or `visa-cli install --repair`) to rewrite these entries."),process.exit(1));return}console.log("Step 1: Registering MCP server...");let e=L(),n=new Map(e.map(l=>[l.client.id,l])),r=new Set;for(let l of v)if(j(l)){let d=M(l),b=n.get(l.id),T=b?` \u2014 repaired stale ${b.staleReason} entry`:"";console.log(`   \u2713 ${l.displayName} (${d.configPath.replace(N.homedir(),"~")})${T}`),b&&r.add(l.id)}let s=e.filter(l=>!r.has(l.client.id));for(let l of s)ue(l),console.log(`   \u2713 ${l.client.displayName} (${l.configPath.replace(N.homedir(),"~")}) \u2014 repaired stale ${l.staleReason} entry`);let o=r.size+s.length;console.log(o===0?"   \u2713 MCP config verified \u2014 nothing to repair.":`   \u2713 Repaired ${o} stale MCP config ${o===1?"entry":"entries"}.`),console.log(`
+Step 2: Checking authentication...`);let a=await h.getSessionToken();if(a?console.log("   Already authenticated."):(console.log("   No session found. Opening browser for GitHub login..."),a=await new Promise(async(l,d)=>{let b=z.randomBytes(16).toString("hex"),T=`https://auth.visacli.sh/login?state=${b}`;await Ee(T);let de=3e4,tt=300*1e3,nt=Date.now()+tt;for(;Date.now()<nt;)try{let pe=await globalThis.fetch("https://auth.visacli.sh/v1/auth-status",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({state:b,timeout:de}),signal:AbortSignal.timeout(de+5e3)});if(!pe.ok)continue;let x=await pe.json();if(x.status==="pending")continue;if(x.status==="expired"){d(new Error("Session expired. Please run setup again."));return}if(x.status==="complete"&&x.sessionToken){console.log(`   Signed in as ${x.user}.`),l(x.sessionToken);return}}catch{}d(new Error("Login timed out after 5 minutes. Please run setup again."))}),await h.saveSessionToken(a),console.log("   Session token saved.")),console.log(`
+Step 3: Setting up authentication...`),!_())console.log("   Not macOS \u2014 skipping biometric setup.");else{try{await Ot("clang",["--version"])}catch{console.error("   Xcode Command Line Tools are required for payment authentication."),console.error("   Install them by running: xcode-select --install"),console.error("   Then re-run: visa-cli setup"),process.exit(1)}try{let l=await Ve();console.log("   Attestation key generated."),await X().registerAttestationKey(l),console.log("   Attestation key registered with server.")}catch(l){console.log(`   Skipped: ${l.message}`)}}let i="\x1B[1m",c="\x1B[0m";console.log(`
  \u2588\u2588\u2557   \u2588\u2588\u2557\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557
  \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557
  \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551
@@ -35,26 +35,26 @@ Step 3: Setting up authentication...`),!_())console.log("   Not macOS \u2014 ski
   \u255A\u2588\u2588\u2588\u2588\u2554\u255D \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2551  \u2588\u2588\u2551
    \u255A\u2550\u2550\u2550\u255D  \u255A\u2550\u255D\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u255D  \u255A\u2550\u255D  \u2588 CLI
-  ${a}Setup complete.${c} Restart Claude Code or run /mcp to connect.
+  ${i}Setup complete.${c} Restart Claude Code or run /mcp to connect.
-  ${a}Try it out:${c}
+  ${i}Try it out:${c}
   \u2022 Ask Claude: "Generate an image of a neon cityscape"
   \u2022 Ask Claude: "What's the price of ETH on Base?"
   \u2022 Or run:     visa-cli pay <merchant-url>
-  ${a}Verify:${c}  visa-cli status
-  ${a}Docs:${c}    https://visacli.sh
-`)}catch(e){console.error("Error:",e.message),process.exit(1)}});v.command("install [client]").description("Register MCP server with an AI client (claude, cursor, windsurf, cline, zed, ...)").option("--all","Install for all detected clients").option("--list","Show supported clients and install status").option("--check","Scan MCP client configs for stale visa-cli entries and exit without making changes").option("--repair","Repair stale MCP client configs without re-running the full setup flow").option("--scope <scope>","Install scope: global or project","global").action(async(t,e)=>{try{if(e.check){let o=L();Ze(o,"MCP config check:"),o.length>0&&process.exit(1);return}if(e.repair){let o=L();if(o.length===0){console.log("\u2713 MCP config verified \u2014 nothing to repair.");return}for(let i of o)de(i),console.log(`   \u2713 ${i.client.displayName} (${i.configPath.replace(I.homedir(),"~")}) \u2014 repaired stale ${i.staleReason} entry`);console.log(`
+  ${i}Verify:${c}  visa-cli status
+  ${i}Docs:${c}    https://visacli.sh
+`)}catch(e){console.error("Error:",e.message),process.exit(1)}});w.command("install [client]").description("Register MCP server with an AI client (claude, cursor, windsurf, cline, zed, ...)").option("--all","Install for all detected clients").option("--list","Show supported clients and install status").option("--check","Scan MCP client configs for stale visa-cli entries and exit without making changes").option("--repair","Repair stale MCP client configs without re-running the full setup flow").option("--scope <scope>","Install scope: global or project","global").action(async(t,e)=>{try{if(e.check){let o=L();et(o,"MCP config check:"),o.length>0&&process.exit(1);return}if(e.repair){let o=L();if(o.length===0){console.log("\u2713 MCP config verified \u2014 nothing to repair.");return}for(let a of o)ue(a),console.log(`   \u2713 ${a.client.displayName} (${a.configPath.replace(N.homedir(),"~")}) \u2014 repaired stale ${a.staleReason} entry`);console.log(`
 Repaired ${o.length} stale MCP config ${o.length===1?"entry":"entries"}.`);return}if(e.list){console.log(`
 \x1B[1mSupported MCP Clients\x1B[0m
-`),console.log(`  ${"Client".padEnd(18)} ${"Detected".padEnd(10)} ${"Installed".padEnd(11)} Config Path`),console.log(`  ${"\u2500".repeat(18)} ${"\u2500".repeat(10)} ${"\u2500".repeat(11)} ${"\u2500".repeat(40)}`);for(let a of w){let c=M(a),l=Ye(a),g=c?"Yes":"No",P=l?"Yes":"No",N=a.globalConfigPath.replace(I.homedir(),"~");console.log(`  ${a.displayName.padEnd(18)} ${g.padEnd(10)} ${P.padEnd(11)} ${N}`)}console.log("");return}let n=e.scope==="project"?"project":"global";if(e.all){let o=[],i=[];for(let a of w){if(!M(a)){i.push(a.displayName);continue}U(a,n),o.push(a.displayName)}o.length>0&&console.log(`Installed for: ${o.join(", ")}.`),i.length>0&&console.log(`Skipped: ${i.map(a=>`${a} (not detected)`).join(", ")}.`),o.length===0&&i.length===0&&console.log("No supported clients found.");return}t||(console.error("Usage: visa-cli install <client>"),console.error("       visa-cli install --all"),console.error("       visa-cli install --list"),console.error(`
-Supported clients: ${w.map(o=>o.id).join(", ")}`),process.exit(1));let r=le(t);r||(console.error(`Unknown client: ${t}`),console.error(`Supported clients: ${w.map(o=>o.id).join(", ")}`),process.exit(1)),n==="global"&&!M(r)&&(console.error(`${r.displayName} not detected on this machine.`),console.error(`Expected: ${r.detectPaths.join(", ")}`),process.exit(1));let s=U(r,n);console.log(`Registered visa-cli MCP server in ${s.configPath}`),console.log(s.message)}catch(n){console.error("Error:",n.message),process.exit(1)}});v.command("uninstall [client]").description("Remove MCP server from an AI client").option("--all","Remove from all clients").option("--scope <scope>","Uninstall scope: global or project","global").action(async(t,e)=>{try{let n=e.scope==="project"?"project":"global";if(e.all){let o=[];for(let i of w)ue(i,n).removed&&o.push(i.displayName);o.length>0?console.log(`Removed visa-cli from: ${o.join(", ")}.`):console.log("visa-cli was not installed in any client.");return}t||(console.error("Usage: visa-cli uninstall <client>"),console.error("       visa-cli uninstall --all"),console.error(`
-Supported clients: ${w.map(o=>o.id).join(", ")}`),process.exit(1));let r=le(t);r||(console.error(`Unknown client: ${t}`),console.error(`Supported clients: ${w.map(o=>o.id).join(", ")}`),process.exit(1));let s=ue(r,n);s.removed?console.log(`Removed visa-cli from ${s.configPath}`):console.log(`visa-cli was not installed for ${r.displayName}.`)}catch(n){console.error("Error:",n.message),process.exit(1)}});v.command("pay <url>").description("Pay a merchant URL (amount auto-detected from HTTP 402 response)").option("-m, --method <method>","HTTP method (GET or POST)","GET").option("-b, --body <json>","JSON request body for POST endpoints").action(async(t,e)=>{try{De(t);let n=qe(e.method),r=Ge(e.body),s=new j(()=>h.getSessionToken());console.log(`Checking payment for ${t}...`);let o=Be(await s.paymentPreview({url:t}));console.log(`  Merchant: ${o.merchantName}`),console.log(`  Amount:   $${o.amount.toFixed(2)} ${o.currency}`),console.log(`  Rail:     auto-detected
-`);let i;if(_())try{let{nonce:c}=await s.getAttestationChallenge(),l=Buffer.from(JSON.stringify({nonce:c,amount:o.amount,merchant:o.merchantName,context:t})).toString("base64");i={signature:await Ke(l,`pay $${o.amount.toFixed(2)} to ${o.merchantName}`),nonce:c,amount:o.amount,merchant:o.merchantName}}catch(c){console.error(`Touch ID confirmation failed: ${c?.message||"user cancelled or biometric error"}`),process.exit(1)}else console.warn("Warning: Touch ID unavailable on this system \u2014 payment will proceed without biometric attestation.");let a=await s.pay({url:t,method:n,body:r,attestation:i,idempotencyKey:X.randomUUID()});if(a.success){if(console.log(`Payment complete: $${(a.amount??o.amount).toFixed(2)} \u2192 ${a.merchantName??o.merchantName}`),a.receipt?.urls?.length){console.log(`
-Result URLs:`);for(let c of a.receipt.urls)console.log(`  ${c}`)}}else console.error(`Payment failed: ${a.message||"Unknown error"}`),process.exit(1)}catch(n){n instanceof S?console.error(`Error: ${n.message}`):console.error("Error:",n.message),process.exit(1)}});v.command("status").description("Check enrollment, cards, wallet, and spending controls").action(async()=>{try{let e=await Z().getStatus();if(console.log(`Visa CLI Status
+`),console.log(`  ${"Client".padEnd(18)} ${"Detected".padEnd(10)} ${"Installed".padEnd(11)} Config Path`),console.log(`  ${"\u2500".repeat(18)} ${"\u2500".repeat(10)} ${"\u2500".repeat(11)} ${"\u2500".repeat(40)}`);for(let i of v){let c=j(i),l=ze(i),d=c?"Yes":"No",b=l?"Yes":"No",T=i.globalConfigPath.replace(N.homedir(),"~");console.log(`  ${i.displayName.padEnd(18)} ${d.padEnd(10)} ${b.padEnd(11)} ${T}`)}console.log("");return}let n=e.scope==="project"?"project":"global";if(e.all){let o=[],a=[];for(let i of v){if(!j(i)){a.push(i.displayName);continue}M(i,n),o.push(i.displayName)}o.length>0&&console.log(`Installed for: ${o.join(", ")}.`),a.length>0&&console.log(`Skipped: ${a.map(i=>`${i} (not detected)`).join(", ")}.`),o.length===0&&a.length===0&&console.log("No supported clients found.");return}t||(console.error("Usage: visa-cli install <client>"),console.error("       visa-cli install --all"),console.error("       visa-cli install --list"),console.error(`
+Supported clients: ${v.map(o=>o.id).join(", ")}`),process.exit(1));let r=ce(t);r||(console.error(`Unknown client: ${t}`),console.error(`Supported clients: ${v.map(o=>o.id).join(", ")}`),process.exit(1)),n==="global"&&!j(r)&&(console.error(`${r.displayName} not detected on this machine.`),console.error(`Expected: ${r.detectPaths.join(", ")}`),process.exit(1));let s=M(r,n);console.log(`Registered visa-cli MCP server in ${s.configPath}`),console.log(s.message)}catch(n){console.error("Error:",n.message),process.exit(1)}});w.command("uninstall [client]").description("Remove MCP server from an AI client").option("--all","Remove from all clients").option("--scope <scope>","Uninstall scope: global or project","global").action(async(t,e)=>{try{let n=e.scope==="project"?"project":"global";if(e.all){let o=[];for(let a of v)le(a,n).removed&&o.push(a.displayName);o.length>0?console.log(`Removed visa-cli from: ${o.join(", ")}.`):console.log("visa-cli was not installed in any client.");return}t||(console.error("Usage: visa-cli uninstall <client>"),console.error("       visa-cli uninstall --all"),console.error(`
+Supported clients: ${v.map(o=>o.id).join(", ")}`),process.exit(1));let r=ce(t);r||(console.error(`Unknown client: ${t}`),console.error(`Supported clients: ${v.map(o=>o.id).join(", ")}`),process.exit(1));let s=le(r,n);s.removed?console.log(`Removed visa-cli from ${s.configPath}`):console.log(`visa-cli was not installed for ${r.displayName}.`)}catch(n){console.error("Error:",n.message),process.exit(1)}});w.command("pay <url>").description("Pay a merchant URL (amount auto-detected from HTTP 402 response)").option("-m, --method <method>","HTTP method (GET or POST)","GET").option("-b, --body <json>","JSON request body for POST endpoints").action(async(t,e)=>{try{qe(t);let n=Be(e.method),r=Ge(e.body),s=new A(()=>h.getSessionToken());console.log(`Checking payment for ${t}...`);let o=We(await s.paymentPreview({url:t}));console.log(`  Merchant: ${o.merchantName}`),console.log(`  Amount:   $${o.amount.toFixed(2)} ${o.currency}`),console.log(`  Rail:     auto-detected
+`);let a;if(_())try{let{nonce:c}=await s.getAttestationChallenge(),l=Buffer.from(JSON.stringify({nonce:c,amount:o.amount,merchant:o.merchantName,context:t})).toString("base64");a={signature:await Ke(l,`pay $${o.amount.toFixed(2)} to ${o.merchantName}`),nonce:c,amount:o.amount,merchant:o.merchantName}}catch(c){console.error(`Touch ID confirmation failed: ${c?.message||"user cancelled or biometric error"}`),process.exit(1)}else console.warn("Warning: Touch ID unavailable on this system \u2014 payment will proceed without biometric attestation.");let i=await s.pay({url:t,method:n,body:r,attestation:a,idempotencyKey:z.randomUUID()});if(i.success){if(console.log(`Payment complete: $${(i.amount??o.amount).toFixed(2)} \u2192 ${i.merchantName??o.merchantName}`),i.receipt?.urls?.length){console.log(`
+Result URLs:`);for(let c of i.receipt.urls)console.log(`  ${c}`)}}else console.error(`Payment failed: ${i.message||"Unknown error"}`),process.exit(1)}catch(n){n instanceof S?console.error(`Error: ${n.message}`):console.error("Error:",n.message),process.exit(1)}});w.command("status").description("Check enrollment, cards, wallet, and spending controls").action(async()=>{try{let e=await X().getStatus();if(console.log(`Visa CLI Status
 `),console.log("Enrollment:"),console.log(`   Enrolled:  ${e.enrolled?"Yes":"No"}`),e.githubUser&&console.log(`   GitHub:    ${e.githubUser}`),console.log(`   Cards:     ${e.cardCount??0}`),e.cards&&e.cards.length>0){console.log(`
-Cards:`);for(let n of e.cards){let r=n.isDefault?" (default)":"";console.log(`   ${n.brand?.toUpperCase()||"CARD"} ****${n.last4}${r}`)}}if(e.spendingControls){let n=e.spendingControls;console.log(`
+Cards:`);for(let n of e.cards){let r=n.isDefault?" (default)":"",s=Number.isInteger(n.id)?`#${n.id} `:"";console.log(`   ${s}${n.brand?.toUpperCase()||"CARD"} ****${n.last4}${r}`)}}if(e.spendingControls){let n=e.spendingControls;console.log(`
 Spending Controls:`),console.log(`   Max per transaction: $${n.maxTransactionAmount}`),console.log(`   Daily limit:         $${n.dailyLimit}`),n.dailySpent!==void 0&&console.log(`   Spent today:         $${Number(n.dailySpent).toFixed(2)} / $${n.dailyLimit}`)}console.log(`
-Touch ID:`),console.log(`   Available: ${_()?"Yes":"No"}`)}catch(t){console.error("Error:",t.message),process.exit(1)}});v.command("reset").description("Log out and clear all credentials").action(async()=>{try{console.log(`Resetting Visa CLI...
-`);try{await Z().logout(),console.log("   Server session invalidated.")}catch{console.log("   Server logout skipped (no active session).")}if(await h.clearAll(),console.log("   Keychain credentials cleared."),_())try{await Ve(),console.log("   Secure Enclave key deleted.")}catch{console.log("   No Secure Enclave key to delete.")}console.log(`
-Reset complete.`)}catch(t){console.error("Error:",t.message),process.exit(1)}});v.command("feedback").description("Submit feedback about Visa CLI").argument("[message]","Your feedback message").action(async t=>{(!t||t.trim().length===0)&&(console.log('Usage: visa-cli feedback "your message"'),process.exit(1));try{await h.getSessionToken()||(console.error("Not logged in. Run visa-cli setup first."),process.exit(1)),await Z().feedback(t.trim()),console.log("Feedback submitted. Thanks!")}catch(e){console.error("Error:",e.message),process.exit(1)}});v.hook("postAction",()=>{z&&Fe(z.lastSignals)});v.parse();
+Touch ID:`),console.log(`   Available: ${_()?"Yes":"No"}`)}catch(t){console.error("Error:",t.message),process.exit(1)}});w.command("reset").description("Log out and clear all credentials").action(async()=>{try{console.log(`Resetting Visa CLI...
+`);try{await X().logout(),console.log("   Server session invalidated.")}catch{console.log("   Server logout skipped (no active session).")}if(await h.clearAll(),console.log("   Keychain credentials cleared."),_())try{await De(),console.log("   Secure Enclave key deleted.")}catch{console.log("   No Secure Enclave key to delete.")}console.log(`
+Reset complete.`)}catch(t){console.error("Error:",t.message),process.exit(1)}});w.command("feedback").description("Submit feedback about Visa CLI").argument("[message]","Your feedback message").action(async t=>{(!t||t.trim().length===0)&&(console.log('Usage: visa-cli feedback "your message"'),process.exit(1));try{await h.getSessionToken()||(console.error("Not logged in. Run visa-cli setup first."),process.exit(1)),await X().feedback(t.trim()),console.log("Feedback submitted. Thanks!")}catch(e){console.error("Error:",e.message),process.exit(1)}});w.hook("postAction",()=>{J&&He(J.lastSignals)});w.parse();