@xodn348/clawpay 0.1.0

package/DISCLAIMER.md

@@ -0,0 +1,88 @@
+# ClawPay Disclaimer
+
+⚠️ IMPORTANT: Read this disclaimer carefully before using ClawPay.
+
+By using ClawPay, you agree to the terms of the Apache License 2.0 and acknowledge this disclaimer.
+
+---
+
+## 1. Financial Disclaimer
+
+This software is not financial advice. Use of ClawPay may result in real monetary transactions. You assume full responsibility for all payments initiated through this software.
+
+ClawPay does not provide investment advice, tax guidance, or any form of financial planning. Nothing in this software or its documentation constitutes a recommendation to make any financial decision. All payment amounts, recipients, and timing are determined solely by you or by an AI agent acting under your direction.
+
+Before deploying ClawPay in any production environment, consult qualified legal and financial professionals to understand the implications for your specific use case.
+
+---
+
+## 2. AI Agent Disclaimer
+
+Actions performed by an AI agent through ClawPay are NOT acts of ClawPay's authors or contributors. The authors are not responsible for autonomous agent decisions.
+
+When ClawPay is used as a tool by an AI agent (including but not limited to large language models, autonomous agents, or agentic frameworks), the agent acts on behalf of the user or operator who configured and deployed it, not on behalf of ClawPay's authors or contributors. The authors of ClawPay have no visibility into, control over, or responsibility for:
+
+- Payment amounts or recipients chosen by an AI agent
+- The frequency or timing of agent-initiated transactions
+- Errors in agent reasoning that result in unintended payments
+- Prompt injection attacks that manipulate agent behavior
+
+You are solely responsible for implementing appropriate guardrails, spending limits, human-in-the-loop approval flows, and monitoring when deploying ClawPay in agentic contexts. The authorization ambiguity inherent in autonomous agent payments is a known risk that you must address before production use.
+
+---
+
+## 3. PCI DSS Statement
+
+ClawPay never processes, stores, or transmits raw cardholder data (PANs, CVVs). All card input is handled exclusively by Stripe's PCI-compliant Checkout. ClawPay is not in PCI scope.
+
+ClawPay integrates with Stripe's hosted payment pages and tokenization infrastructure. Raw card numbers, CVV codes, expiration dates, and other sensitive authentication data never pass through ClawPay's codebase, servers, or logs. Stripe holds PCI DSS Level 1 certification, the highest level of compliance available.
+
+This architecture means ClawPay itself does not fall within the scope of PCI DSS requirements. However, your overall payment system may still have PCI obligations depending on how you deploy and integrate ClawPay. Consult a Qualified Security Assessor (QSA) if you have questions about your specific compliance posture.
+
+---
+
+## 4. Not a Money Transmitter
+
+ClawPay is a software tool that interfaces with the Stripe API. It is not a payment processor, money transmitter, or financial institution.
+
+ClawPay does not hold, move, or settle funds. All payment processing, fund movement, and settlement is performed by Stripe, Inc. under Stripe's own licenses and regulatory authorizations. ClawPay has no money transmission license and does not operate as a financial intermediary.
+
+If your use of ClawPay involves activities that may require money transmission licenses, payment facilitator agreements, or other financial regulatory approvals in your jurisdiction, you are responsible for obtaining those approvals independently.
+
+---
+
+## 5. Credential Security
+
+You are solely responsible for securing your Stripe API keys. Never commit API keys to version control. ClawPay stores keys only in environment variables.
+
+Stripe API keys grant the ability to initiate real financial transactions. Treat them with the same care as passwords or private keys. Specifically:
+
+- Do not hardcode API keys in source code
+- Do not commit `.env` files or any file containing API keys to git
+- Rotate keys immediately if you suspect they have been exposed
+- Use Stripe's restricted key feature to limit key permissions to only what ClawPay needs
+- Audit your Stripe Dashboard regularly for unexpected API activity
+
+ClawPay reads API keys from environment variables at runtime and does not persist them to disk, logs, or any external service. However, ClawPay cannot protect keys that are mishandled outside of its own execution context. A compromised key can result in unauthorized charges, refunds, or data access on your Stripe account.
+
+---
+
+## 6. Limitation of Liability
+
+As stated in Apache License 2.0, Section 8:
+
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+This limitation applies to all damages arising from use of ClawPay, including but not limited to:
+
+- Unauthorized or unintended payments initiated through the software
+- Financial losses resulting from AI agent decisions
+- Data breaches caused by improper credential handling
+- Regulatory penalties arising from non-compliant deployments
+- Any other direct or indirect financial harm
+
+The full text of the Apache License 2.0 is available in the LICENSE file at the root of this repository.
+
+---
+
+*Last updated: 2026*

package/Formula/clawpay.rb

@@ -0,0 +1,17 @@
+class Clawpay < Formula
+  desc "Open-source Stripe MCP Server for AI Agents"
+  homepage "https://github.com/xodn348/clawpay"
+  url "https://registry.npmjs.org/clawpay/-/clawpay-0.1.0.tgz"
+  sha256 "placeholder_sha256"
+  license "Apache-2.0"
+  depends_on "node"
+
+  def install
+    system "npm", "install", *Language::Node.std_npm_install_args(libexec)
+    bin.install_symlink Dir["#{libexec}/bin/*"]
+  end
+
+  test do
+    assert_match "clawpay", shell_output("#{bin}/clawpay --help 2>&1", 1)
+  end
+end

package/LICENSE

@@ -0,0 +1,198 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship made available under
+      the License, as indicated by a copyright notice that is included in
+      or attached to the work (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean, as submitted to the Licensor for inclusion
+      in the Work by the copyright owner or by an individual or Legal Entity
+      authorized to submit on behalf of the copyright owner. For the purposes
+      of this definition, "submitted" means any form of electronic, verbal,
+      or written communication sent to the Licensor or its representatives,
+      including but not limited to communication on electronic mailing lists,
+      source code control systems, and issue tracking systems that are managed
+      by, or on behalf of, the Licensor for the purpose of discussing and
+      improving the Work, but excluding communication that is conspicuously
+      marked or otherwise designated in writing by the copyright owner as
+      "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any Legal Entity on behalf of
+      whom a Contribution has been received by the Licensor and subsequently
+      incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, You must include a readable copy of the
+          attribution notices contained within such NOTICE file, in
+          at least one of the following places: within a NOTICE text
+          file distributed as part of the Derivative Works; within
+          the Source form or documentation, if provided along with the
+          Derivative Works; or, within a display generated by the
+          Derivative Works, if and wherever such third-party notices
+          normally appear. The contents of the NOTICE file are for
+          informational purposes only and do not modify the License.
+          You may add Your own attribution notices within Derivative
+          Works that You distribute, alongside or as an addendum to
+          the NOTICE text from the Work, provided that such additional
+          attribution notices cannot be construed as modifying the License.
+
+      You may add Your own license statement for Your modifications and
+      may provide additional grant of rights to use, copy, modify, merge,
+      publish, distribute, sublicense, and/or sell copies of the
+      Derivative Works, and to permit persons to whom the Derivative Works
+      is furnished to do so, subject to the following conditions:
+
+      The above copyright notice and this permission notice shall be
+      included in all copies or substantial portions of the Software.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or exemplary damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or all other
+      commercial damages or losses), even if such Contributor has been
+      advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format in use. We also recommend that
+      a file or class name and description of purpose be included on the
+      same "first page" as the copyright notice for easier identification
+      within third-party archives.
+
+   Copyright 2026 ClawPay Contributors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -0,0 +1,212 @@
+[![CI](https://github.com/xodn348/clawpay/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/xodn348/clawpay/actions/workflows/ci.yml)
+[![Coverage: 100%](https://img.shields.io/badge/coverage-100%25-brightgreen.svg)](https://github.com/xodn348/clawpay/actions/workflows/ci.yml)
+[![License: Apache 2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](LICENSE)
+[![Stripe](https://img.shields.io/badge/Stripe-Powered-635BFF.svg)](https://stripe.com)
+[![MCP](https://img.shields.io/badge/MCP-Compatible-green.svg)](https://modelcontextprotocol.io)
+
+# ClawPay
+
+Open-source Stripe MCP Server for AI Agents. Let Claude, OpenCode, and any MCP client make payments.
+
+> [!WARNING]
+> ClawPay enables AI agents to make real financial transactions. Real money is involved.
+> AI agent payments may be irreversible. You are responsible for all charges made through your Stripe account.
+> Review your guardrail limits before use. See [DISCLAIMER.md](DISCLAIMER.md) for full terms.
+
+> [!NOTE]
+> **ClawPay has zero contact with card data.** Card numbers, CVVs, and expiration dates never pass through ClawPay's code, memory, or logs. All card input is handled entirely by [Stripe Checkout](https://stripe.com/payments/checkout) on Stripe's PCI DSS-certified servers. ClawPay only stores Stripe-issued customer IDs and payment method IDs.
+
+---
+
+## Quick Start
+
+```bash
+npm install -g @xodn348/clawpay
+clawpay install
+```
+
+`clawpay install` handles the full setup automatically:
+
+1. Prompts for your Stripe secret key
+2. Detects OpenCode, Claude Desktop, and Cursor on your machine
+3. Patches their MCP config files to register ClawPay
+4. Confirms the connection
+
+Once installed, open your AI assistant and say: **"set up payment method"** to register a card through Stripe Checkout.
+
+---
+
+## Installation
+
+```bash
+# npm
+npm install -g @xodn348/clawpay
+
+# bun
+bun add -g @xodn348/clawpay
+
+# brew (coming soon)
+brew tap xodn348/clawpay
+brew install clawpay
+```
+
+Node.js 18 or higher is required.
+
+---
+
+## Manual Configuration
+
+If auto-detection doesn't find your client, add ClawPay manually.
+
+### OpenCode (`opencode.json`)
+
+```json
+{
+  "mcp": {
+    "clawpay": {
+      "type": "local",
+      "command": ["clawpay"],
+      "environment": {
+        "STRIPE_SECRET_KEY": "sk_test_..."
+      }
+    }
+  }
+}
+```
+
+### Claude Desktop (`claude_desktop_config.json`)
+
+```json
+{
+  "mcpServers": {
+    "clawpay": {
+      "command": "clawpay",
+      "args": [],
+      "env": {
+        "STRIPE_SECRET_KEY": "sk_test_..."
+      }
+    }
+  }
+}
+```
+
+### Cursor (`~/.cursor/mcp.json`)
+
+Same format as Claude Desktop above.
+
+Replace `sk_test_...` with your actual Stripe secret key. Use a test key (`sk_test_`) during development and a live key (`sk_live_`) only in production.
+
+---
+
+## MCP Tools Reference
+
+ClawPay exposes five tools over the MCP stdio protocol.
+
+### `setup_payment`
+
+Opens Stripe Checkout in your browser to register a card. Saves the resulting Stripe customer ID and payment method ID to `~/.clawpay/config.json`. No parameters.
+
+### `pay`
+
+Charges the registered payment method.
+
+| Parameter | Type | Required | Default | Description |
+|-----------|------|----------|---------|-------------|
+| `amount` | integer | yes | | Amount in cents (e.g., `1000` for $10.00) |
+| `currency` | string | no | `"usd"` | ISO 4217 currency code |
+| `description` | string | yes | | Human-readable description of the charge |
+
+Returns a `PaymentResult` with fields: `success`, `paymentIntentId`, `amount`, `currency`, `status`, `error`.
+
+### `get_balance`
+
+Returns the current Stripe account balance. No parameters.
+
+Returns a `BalanceInfo` with `available` and `pending` arrays, each containing `amount` (cents) and `currency`.
+
+### `list_transactions`
+
+Lists recent payment intents from your Stripe account.
+
+| Parameter | Type | Required | Default | Description |
+|-----------|------|----------|---------|-------------|
+| `limit` | integer | no | `10` | Number of transactions to return (max 100) |
+
+Returns an array of `Transaction` objects with fields: `id`, `amount`, `currency`, `description`, `status`, `created`.
+
+### `refund`
+
+Issues a full refund for a previous payment.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| `payment_intent_id` | string | yes | The `paymentIntentId` from a previous `pay` call |
+
+Returns a `RefundResult` with fields: `success`, `refundId`, `amount`, `status`, `error`. Partial refunds are not supported.
+
+---
+
+## Guardrails Configuration
+
+Default limits are conservative. To change them, edit `~/.clawpay/config.json`:
+
+```json
+{
+  "guardrails": {
+    "maxAmountPerTransactionCents": 10000,
+    "maxDailySpendCents": 50000,
+    "allowedCurrencies": ["usd"]
+  }
+}
+```
+
+The defaults are:
+
+- `maxAmountPerTransactionCents`: `10000` ($100.00)
+- `maxDailySpendCents`: `50000` ($500.00)
+- `allowedCurrencies`: `["usd"]`
+
+Any `pay` call that exceeds these limits is rejected before it reaches Stripe.
+
+---
+
+## Audit Log
+
+Every action ClawPay takes is recorded to `~/.clawpay/audit.log` as JSON Lines (one JSON object per line).
+
+**Location:** `~/.clawpay/audit.log`
+
+**View live:**
+```bash
+tail -f ~/.clawpay/audit.log | jq .
+```
+
+Each entry contains: `timestamp` (ISO 8601), `action`, `amount`, `currency`, `status`, and optionally `paymentIntentId`, `refundId`, or `reason`. API keys, card numbers, and other sensitive data are never written to this file.
+
+---
+
+## Contributing
+
+Pull requests are welcome. Please open an issue first for significant changes.
+
+To report a security vulnerability, follow the process in [SECURITY.md](SECURITY.md). Do not open a public issue for security bugs.
+
+---
+
+## Security & Safety
+
+**ClawPay never sees your card data.** All card entry happens inside Stripe Checkout, which is PCI DSS compliant. ClawPay only ever stores and uses Stripe customer IDs and payment method IDs.
+
+**Built-in Guardrails.** Out of the box, ClawPay enforces a $100 per-transaction maximum, a $500 daily spend cap, and USD-only payments. All limits are configurable in `~/.clawpay/config.json`.
+
+**Full Audit Trail.** Every payment, refund, and setup event is written to `~/.clawpay/audit.log` as JSON lines. No API keys or card data are ever logged.
+
+**Automated Security.** The CI pipeline runs a hardcoded-key scan on every push. Dependabot sends weekly dependency update PRs. GitHub secret scanning is enabled on the repository.
+
+For vulnerability reports, see [SECURITY.md](SECURITY.md). For full legal terms, see [DISCLAIMER.md](DISCLAIMER.md).
+
+---
+
+## License
+
+Apache 2.0. See [LICENSE](LICENSE) for details.

package/dist/config.d.ts

@@ -0,0 +1,8 @@
+import type { ClawPayConfig, GuardrailCheck } from "./types.js";
+export declare function loadConfig(): ClawPayConfig;
+export declare function saveConfig(config: ClawPayConfig): void;
+export declare function isConfigured(): boolean;
+export declare function getDailySpend(): number;
+export declare function recordSpend(amountCents: number): void;
+export declare function checkGuardrails(amountCents: number, currency: string): GuardrailCheck;
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAYhE,wBAAgB,UAAU,IAAI,aAAa,CAgB1C;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,CAGtD;AAED,wBAAgB,YAAY,IAAI,OAAO,CAGtC;AA4BD,wBAAgB,aAAa,IAAI,MAAM,CAEtC;AAED,wBAAgB,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAKrD;AAED,wBAAgB,eAAe,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,cAAc,CAmCrF"}

package/dist/config.js

@@ -0,0 +1,97 @@
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+import { DEFAULT_CONFIG } from "./types.js";
+const CONFIG_DIR = join(homedir(), ".clawpay");
+const CONFIG_FILE = join(CONFIG_DIR, "config.json");
+function ensureConfigDir() {
+    if (!existsSync(CONFIG_DIR)) {
+        mkdirSync(CONFIG_DIR, { recursive: true });
+    }
+}
+export function loadConfig() {
+    ensureConfigDir();
+    if (!existsSync(CONFIG_FILE)) {
+        return JSON.parse(JSON.stringify(DEFAULT_CONFIG));
+    }
+    try {
+        const raw = readFileSync(CONFIG_FILE, "utf-8");
+        const saved = JSON.parse(raw);
+        return {
+            stripe: { ...DEFAULT_CONFIG.stripe, ...saved.stripe },
+            server: { ...DEFAULT_CONFIG.server, ...saved.server },
+            guardrails: { ...DEFAULT_CONFIG.guardrails, ...saved.guardrails },
+        };
+    }
+    catch {
+        return JSON.parse(JSON.stringify(DEFAULT_CONFIG));
+    }
+}
+export function saveConfig(config) {
+    ensureConfigDir();
+    writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), "utf-8");
+}
+export function isConfigured() {
+    const config = loadConfig();
+    return Boolean(config.stripe.customerId && config.stripe.paymentMethodId);
+}
+function todayKey() {
+    return new Date().toISOString().slice(0, 10);
+}
+function spendLogFile() {
+    return join(CONFIG_DIR, `spend-${todayKey()}.json`);
+}
+function loadSpendLog() {
+    ensureConfigDir();
+    const file = spendLogFile();
+    if (!existsSync(file)) {
+        return { date: todayKey(), totalCents: 0 };
+    }
+    try {
+        return JSON.parse(readFileSync(file, "utf-8"));
+    }
+    catch {
+        return { date: todayKey(), totalCents: 0 };
+    }
+}
+export function getDailySpend() {
+    return loadSpendLog().totalCents;
+}
+export function recordSpend(amountCents) {
+    ensureConfigDir();
+    const log = loadSpendLog();
+    log.totalCents += amountCents;
+    writeFileSync(spendLogFile(), JSON.stringify(log, null, 2), "utf-8");
+}
+export function checkGuardrails(amountCents, currency) {
+    const config = loadConfig();
+    const { guardrails } = config;
+    if (amountCents <= 0) {
+        return { allowed: false, reason: "Amount must be greater than zero." };
+    }
+    if (!guardrails.allowedCurrencies.includes(currency.toLowerCase())) {
+        return {
+            allowed: false,
+            reason: `Currency "${currency}" is not allowed. Allowed: ${guardrails.allowedCurrencies.join(", ")}.`,
+        };
+    }
+    if (amountCents > guardrails.maxAmountPerTransactionCents) {
+        const max = (guardrails.maxAmountPerTransactionCents / 100).toFixed(2);
+        const requested = (amountCents / 100).toFixed(2);
+        return {
+            allowed: false,
+            reason: `Amount $${requested} exceeds per-transaction limit of $${max}.`,
+        };
+    }
+    const daily = getDailySpend();
+    if (daily + amountCents > guardrails.maxDailySpendCents) {
+        const limit = (guardrails.maxDailySpendCents / 100).toFixed(2);
+        const spent = (daily / 100).toFixed(2);
+        return {
+            allowed: false,
+            reason: `Would exceed daily spend limit of $${limit} (today: $${spent}).`,
+        };
+    }
+    return { allowed: true };
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE5C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AAEpD,SAAS,eAAe;IACtB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,eAAe,EAAE,CAAC;IAClB,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,CAAkB,CAAC;IACrE,CAAC;IACD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA2B,CAAC;QACxD,OAAO;YACL,MAAM,EAAE,EAAE,GAAG,cAAc,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,EAAE;YACrD,MAAM,EAAE,EAAE,GAAG,cAAc,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,EAAE;YACrD,UAAU,EAAE,EAAE,GAAG,cAAc,CAAC,UAAU,EAAE,GAAG,KAAK,CAAC,UAAU,EAAE;SAClE,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,CAAkB,CAAC;IACrE,CAAC;AACH,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,MAAqB;IAC9C,eAAe,EAAE,CAAC;IAClB,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,OAAO,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;AAC5E,CAAC;AAED,SAAS,QAAQ;IACf,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,YAAY;IACnB,OAAO,IAAI,CAAC,UAAU,EAAE,SAAS,QAAQ,EAAE,OAAO,CAAC,CAAC;AACtD,CAAC;AAOD,SAAS,YAAY;IACnB,eAAe,EAAE,CAAC;IAClB,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;IAC5B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;IAC7C,CAAC;IACD,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAa,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;IAC7C,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,OAAO,YAAY,EAAE,CAAC,UAAU,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,WAAmB;IAC7C,eAAe,EAAE,CAAC;IAClB,MAAM,GAAG,GAAG,YAAY,EAAE,CAAC;IAC3B,GAAG,CAAC,UAAU,IAAI,WAAW,CAAC;IAC9B,aAAa,CAAC,YAAY,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,WAAmB,EAAE,QAAgB;IACnE,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC;IAE9B,IAAI,WAAW,IAAI,CAAC,EAAE,CAAC;QACrB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,mCAAmC,EAAE,CAAC;IACzE,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QACnE,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,aAAa,QAAQ,8BAA8B,UAAU,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;SACtG,CAAC;IACJ,CAAC;IAED,IAAI,WAAW,GAAG,UAAU,CAAC,4BAA4B,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,CAAC,UAAU,CAAC,4BAA4B,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,CAAC,WAAW,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACjD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,WAAW,SAAS,sCAAsC,GAAG,GAAG;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,IAAI,KAAK,GAAG,WAAW,GAAG,UAAU,CAAC,kBAAkB,EAAE,CAAC;QACxD,MAAM,KAAK,GAAG,CAAC,UAAU,CAAC,kBAAkB,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAC/D,MAAM,KAAK,GAAG,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACvC,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,sCAAsC,KAAK,aAAa,KAAK,IAAI;SAC1E,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC"}

package/dist/guardrails.d.ts

@@ -0,0 +1,28 @@
+type AuditAction = "pay" | "refund" | "balance" | "list_transactions" | "setup_payment";
+interface AuditEntry {
+    timestamp: string;
+    action: AuditAction;
+    amount?: number;
+    currency?: string;
+    paymentIntentId?: string;
+    refundId?: string;
+    status: "success" | "failed" | "blocked";
+    reason?: string;
+}
+export declare function auditLog(entry: AuditEntry): void;
+export declare function auditPayment(opts: {
+    amount: number;
+    currency: string;
+    paymentIntentId?: string;
+    status: "success" | "failed" | "blocked";
+    reason?: string;
+}): void;
+export declare function auditRefund(opts: {
+    refundId?: string;
+    amount?: number;
+    status: "success" | "failed";
+    reason?: string;
+}): void;
+export declare function auditSetup(status: "success" | "failed", reason?: string): void;
+export {};
+//# sourceMappingURL=guardrails.d.ts.map

package/dist/guardrails.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"guardrails.d.ts","sourceRoot":"","sources":["../src/guardrails.ts"],"names":[],"mappings":"AAOA,KAAK,WAAW,GAAG,KAAK,GAAG,QAAQ,GAAG,SAAS,GAAG,mBAAmB,GAAG,eAAe,CAAC;AAExF,UAAU,UAAU;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,WAAW,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,SAAS,CAAC;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,QAAQ,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI,CAMhD;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,SAAS,CAAC;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,IAAI,CAUP;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,SAAS,GAAG,QAAQ,CAAC;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,IAAI,CASP;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,SAAS,GAAG,QAAQ,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAO9E"}