globodai-mcp-payment-manager 1.0.1

package/dist/lib/pin-manager.js

@@ -0,0 +1,199 @@
+/**
+ * PIN Manager - Master PIN for card access
+ *
+ * Security model:
+ * - CVV is encrypted with a key derived from the master PIN
+ * - PIN is stored in memory only (never persisted)
+ * - PIN auto-expires after inactivity timeout
+ * - Without PIN, cards cannot be used for payments
+ *
+ * Flow:
+ * 1. User sets PIN once (stored as hash for verification)
+ * 2. User unlocks with PIN → PIN held in memory
+ * 3. Payments work while unlocked
+ * 4. After timeout or explicit lock → PIN cleared from memory
+ */
+import { createHash, scryptSync, randomBytes } from "crypto";
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+const CONFIG_DIR = join(homedir(), ".mcp-ecosystem");
+const PIN_CONFIG_FILE = join(CONFIG_DIR, "pin-config.json");
+// In-memory PIN storage (never persisted)
+let currentPin = null;
+let lastActivity = 0;
+const SESSION_TIMEOUT_MS = 30 * 60 * 1000; // 30 minutes
+function ensureConfigDir() {
+    if (!existsSync(CONFIG_DIR)) {
+        mkdirSync(CONFIG_DIR, { recursive: true });
+    }
+}
+/**
+ * Hash PIN for storage (verification only)
+ */
+function hashPin(pin, salt) {
+    return createHash("sha256")
+        .update(pin + salt)
+        .digest("hex");
+}
+/**
+ * Derive encryption key from PIN (for CVV encryption)
+ */
+export function deriveKeyFromPin(pin, salt) {
+    return scryptSync(pin, salt, 32);
+}
+/**
+ * Check if PIN is configured
+ */
+export function isPinConfigured() {
+    return existsSync(PIN_CONFIG_FILE);
+}
+/**
+ * Get PIN config (without sensitive data)
+ */
+function getPinConfig() {
+    if (!existsSync(PIN_CONFIG_FILE)) {
+        return null;
+    }
+    try {
+        return JSON.parse(readFileSync(PIN_CONFIG_FILE, "utf-8"));
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Set up master PIN (first time)
+ */
+export function setupPin(pin) {
+    if (pin.length < 4 || pin.length > 8) {
+        return { success: false, error: "PIN must be 4-8 characters" };
+    }
+    if (isPinConfigured()) {
+        return { success: false, error: "PIN already configured. Use change_pin to modify." };
+    }
+    ensureConfigDir();
+    const salt = randomBytes(16).toString("hex");
+    const cvvKeySalt = randomBytes(16).toString("hex");
+    const pinHash = hashPin(pin, salt);
+    const config = {
+        pinHash,
+        salt,
+        cvvKeySalt,
+        createdAt: new Date().toISOString(),
+    };
+    writeFileSync(PIN_CONFIG_FILE, JSON.stringify(config, null, 2), { mode: 0o600 });
+    // Auto-unlock after setup
+    currentPin = pin;
+    lastActivity = Date.now();
+    console.error("[pin-manager] Master PIN configured and unlocked");
+    return { success: true };
+}
+/**
+ * Change master PIN (requires current PIN)
+ */
+export function changePin(currentPinInput, newPin) {
+    const config = getPinConfig();
+    if (!config) {
+        return { success: false, error: "No PIN configured" };
+    }
+    // Verify current PIN
+    if (hashPin(currentPinInput, config.salt) !== config.pinHash) {
+        return { success: false, error: "Current PIN is incorrect" };
+    }
+    if (newPin.length < 4 || newPin.length > 8) {
+        return { success: false, error: "New PIN must be 4-8 characters" };
+    }
+    // Generate new salts
+    const salt = randomBytes(16).toString("hex");
+    const cvvKeySalt = randomBytes(16).toString("hex");
+    const pinHash = hashPin(newPin, salt);
+    const newConfig = {
+        pinHash,
+        salt,
+        cvvKeySalt,
+        createdAt: new Date().toISOString(),
+    };
+    writeFileSync(PIN_CONFIG_FILE, JSON.stringify(newConfig, null, 2), { mode: 0o600 });
+    // Update in-memory PIN
+    currentPin = newPin;
+    lastActivity = Date.now();
+    console.error("[pin-manager] Master PIN changed");
+    return { success: true };
+}
+/**
+ * Unlock cards with PIN
+ */
+export function unlock(pin) {
+    const config = getPinConfig();
+    if (!config) {
+        return { success: false, error: "No PIN configured. Use setup_pin first." };
+    }
+    if (hashPin(pin, config.salt) !== config.pinHash) {
+        return { success: false, error: "Invalid PIN" };
+    }
+    currentPin = pin;
+    lastActivity = Date.now();
+    console.error("[pin-manager] Cards unlocked");
+    return {
+        success: true,
+        expiresIn: SESSION_TIMEOUT_MS / 1000 / 60 // in minutes
+    };
+}
+/**
+ * Lock cards (clear PIN from memory)
+ */
+export function lock() {
+    currentPin = null;
+    lastActivity = 0;
+    console.error("[pin-manager] Cards locked");
+}
+/**
+ * Check if cards are currently unlocked
+ */
+export function isUnlocked() {
+    if (!currentPin) {
+        return false;
+    }
+    // Check timeout
+    if (Date.now() - lastActivity > SESSION_TIMEOUT_MS) {
+        lock();
+        return false;
+    }
+    return true;
+}
+/**
+ * Refresh activity (extend session)
+ */
+export function refreshActivity() {
+    if (currentPin) {
+        lastActivity = Date.now();
+    }
+}
+/**
+ * Get CVV encryption key (only works when unlocked)
+ */
+export function getCvvEncryptionKey() {
+    if (!isUnlocked()) {
+        return null;
+    }
+    const config = getPinConfig();
+    if (!config || !currentPin) {
+        return null;
+    }
+    refreshActivity();
+    return deriveKeyFromPin(currentPin, config.cvvKeySalt);
+}
+/**
+ * Get status
+ */
+export function getStatus() {
+    const configured = isPinConfigured();
+    const unlocked = isUnlocked();
+    let remainingMinutes;
+    if (unlocked && lastActivity > 0) {
+        const elapsed = Date.now() - lastActivity;
+        remainingMinutes = Math.ceil((SESSION_TIMEOUT_MS - elapsed) / 1000 / 60);
+    }
+    return { configured, unlocked, remainingMinutes };
+}

package/dist/lib/wallets.d.ts

@@ -0,0 +1,91 @@
+/**
+ * Crypto Wallet Management
+ *
+ * Secure storage for crypto wallets with encrypted private keys.
+ * Supports multiple chains and watch-only wallets.
+ *
+ * Security model:
+ * - Private keys encrypted at rest (same as card numbers)
+ * - Watch-only wallets for balance checking without spending
+ * - Transaction signing requires explicit confirmation
+ * - Support for hardware wallet addresses (no key storage)
+ */
+export type Chain = "ethereum" | "polygon" | "arbitrum" | "optimism" | "base" | "avalanche" | "bsc" | "bitcoin" | "solana" | "starknet";
+export type WalletType = "hot" | "watch-only" | "hardware";
+export interface CryptoWallet {
+    id: string;
+    nickname: string;
+    address: string;
+    chain: Chain;
+    type: WalletType;
+    privateKey?: string;
+    mnemonic?: string;
+    hardwareType?: "ledger" | "trezor" | "other";
+    derivationPath?: string;
+    enabled: boolean;
+    allowedOperations: ("send" | "swap" | "approve" | "sign")[];
+    limits?: {
+        perTransaction?: number;
+        daily?: number;
+        tokenSymbol: string;
+    };
+    addedAt: string;
+    lastUsedAt?: string;
+}
+export interface CryptoTransaction {
+    id: string;
+    walletId: string;
+    chain: Chain;
+    type: "send" | "swap" | "approve" | "contract";
+    status: "pending" | "signed" | "broadcast" | "confirmed" | "failed";
+    from: string;
+    to: string;
+    value?: string;
+    tokenAddress?: string;
+    tokenSymbol?: string;
+    tokenAmount?: string;
+    gasLimit?: string;
+    gasPrice?: string;
+    maxFeePerGas?: string;
+    maxPriorityFeePerGas?: string;
+    txHash?: string;
+    blockNumber?: number;
+    createdAt: string;
+    signedAt?: string;
+    broadcastAt?: string;
+    confirmedAt?: string;
+    description: string;
+}
+export declare const CHAIN_CONFIG: Record<Chain, {
+    name: string;
+    nativeCurrency: string;
+    explorerUrl: string;
+    rpcEnvVar: string;
+}>;
+/**
+ * Validate Ethereum-like address
+ */
+export declare function isValidEvmAddress(address: string): boolean;
+/**
+ * Validate Bitcoin address (basic check)
+ */
+export declare function isValidBtcAddress(address: string): boolean;
+/**
+ * Validate Solana address
+ */
+export declare function isValidSolanaAddress(address: string): boolean;
+/**
+ * Validate address based on chain
+ */
+export declare function isValidAddress(address: string, chain: Chain): boolean;
+export declare function getWallets(): Promise<CryptoWallet[]>;
+export declare function getWallet(id: string): Promise<CryptoWallet | null>;
+/**
+ * Get wallets without sensitive data (for listing)
+ */
+export declare function getWalletsSafe(): Promise<Omit<CryptoWallet, "privateKey" | "mnemonic">[]>;
+export declare function addWallet(wallet: CryptoWallet): Promise<void>;
+export declare function removeWallet(id: string): Promise<boolean>;
+export declare function getCryptoTransactions(limit?: number): Promise<CryptoTransaction[]>;
+export declare function logCryptoTransaction(tx: CryptoTransaction): Promise<void>;
+export declare function updateCryptoTransaction(id: string, updates: Partial<CryptoTransaction>): Promise<void>;

package/dist/lib/wallets.js

@@ -0,0 +1,227 @@
+/**
+ * Crypto Wallet Management
+ *
+ * Secure storage for crypto wallets with encrypted private keys.
+ * Supports multiple chains and watch-only wallets.
+ *
+ * Security model:
+ * - Private keys encrypted at rest (same as card numbers)
+ * - Watch-only wallets for balance checking without spending
+ * - Transaction signing requires explicit confirmation
+ * - Support for hardware wallet addresses (no key storage)
+ */
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+import { encrypt, decrypt, isEncrypted } from "./crypto";
+// Sensitive fields that must be encrypted
+const SENSITIVE_FIELDS = ["privateKey", "mnemonic"];
+const CONFIG_DIR = join(homedir(), ".mcp-ecosystem");
+const WALLETS_FILE = join(CONFIG_DIR, "crypto-wallets.json");
+const CRYPTO_TX_FILE = join(CONFIG_DIR, "crypto-transactions.json");
+// Chain configurations
+export const CHAIN_CONFIG = {
+    ethereum: { name: "Ethereum", nativeCurrency: "ETH", explorerUrl: "https://etherscan.io", rpcEnvVar: "ETH_RPC_URL" },
+    polygon: { name: "Polygon", nativeCurrency: "MATIC", explorerUrl: "https://polygonscan.com", rpcEnvVar: "POLYGON_RPC_URL" },
+    arbitrum: { name: "Arbitrum", nativeCurrency: "ETH", explorerUrl: "https://arbiscan.io", rpcEnvVar: "ARBITRUM_RPC_URL" },
+    optimism: { name: "Optimism", nativeCurrency: "ETH", explorerUrl: "https://optimistic.etherscan.io", rpcEnvVar: "OPTIMISM_RPC_URL" },
+    base: { name: "Base", nativeCurrency: "ETH", explorerUrl: "https://basescan.org", rpcEnvVar: "BASE_RPC_URL" },
+    avalanche: { name: "Avalanche", nativeCurrency: "AVAX", explorerUrl: "https://snowtrace.io", rpcEnvVar: "AVAX_RPC_URL" },
+    bsc: { name: "BNB Chain", nativeCurrency: "BNB", explorerUrl: "https://bscscan.com", rpcEnvVar: "BSC_RPC_URL" },
+    bitcoin: { name: "Bitcoin", nativeCurrency: "BTC", explorerUrl: "https://mempool.space", rpcEnvVar: "BTC_RPC_URL" },
+    solana: { name: "Solana", nativeCurrency: "SOL", explorerUrl: "https://solscan.io", rpcEnvVar: "SOLANA_RPC_URL" },
+    starknet: { name: "Starknet", nativeCurrency: "ETH", explorerUrl: "https://starkscan.co", rpcEnvVar: "STARKNET_RPC_URL" },
+};
+/**
+ * Validate Ethereum-like address
+ */
+export function isValidEvmAddress(address) {
+    return /^0x[a-fA-F0-9]{40}$/.test(address);
+}
+/**
+ * Validate Bitcoin address (basic check)
+ */
+export function isValidBtcAddress(address) {
+    // Supports legacy (1...), SegWit (3...), and native SegWit (bc1...)
+    return /^(1|3)[a-km-zA-HJ-NP-Z1-9]{25,34}$/.test(address) || /^bc1[a-z0-9]{39,59}$/.test(address);
+}
+/**
+ * Validate Solana address
+ */
+export function isValidSolanaAddress(address) {
+    return /^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(address);
+}
+/**
+ * Validate address based on chain
+ */
+export function isValidAddress(address, chain) {
+    if (chain === "bitcoin")
+        return isValidBtcAddress(address);
+    if (chain === "solana")
+        return isValidSolanaAddress(address);
+    // All EVM chains
+    return isValidEvmAddress(address);
+}
+function ensureConfigDir() {
+    if (!existsSync(CONFIG_DIR)) {
+        mkdirSync(CONFIG_DIR, { recursive: true });
+    }
+}
+/**
+ * Decrypt sensitive fields in a wallet
+ */
+async function decryptWallet(wallet) {
+    const decrypted = { ...wallet };
+    for (const field of SENSITIVE_FIELDS) {
+        const value = decrypted[field];
+        if (value && typeof value === "string" && isEncrypted(value)) {
+            try {
+                decrypted[field] = await decrypt(value);
+            }
+            catch (err) {
+                console.error(`[wallets] Failed to decrypt ${field} for wallet ${wallet.nickname}`);
+            }
+        }
+    }
+    return decrypted;
+}
+/**
+ * Encrypt sensitive fields in a wallet
+ */
+async function encryptWallet(wallet) {
+    const encrypted = { ...wallet };
+    for (const field of SENSITIVE_FIELDS) {
+        const value = encrypted[field];
+        if (value && typeof value === "string" && !isEncrypted(value)) {
+            encrypted[field] = await encrypt(value);
+        }
+    }
+    return encrypted;
+}
+// ============================================================================
+// Wallet CRUD
+// ============================================================================
+export async function getWallets() {
+    ensureConfigDir();
+    if (!existsSync(WALLETS_FILE)) {
+        return [];
+    }
+    try {
+        const data = readFileSync(WALLETS_FILE, "utf-8");
+        const wallets = JSON.parse(data);
+        return Promise.all(wallets.map(decryptWallet));
+    }
+    catch {
+        return [];
+    }
+}
+export async function getWallet(id) {
+    const wallets = await getWallets();
+    return wallets.find((w) => w.id === id) ?? null;
+}
+/**
+ * Get wallets without sensitive data (for listing)
+ */
+export async function getWalletsSafe() {
+    const wallets = await getWallets();
+    return wallets.map(({ privateKey, mnemonic, ...safe }) => safe);
+}
+export async function addWallet(wallet) {
+    ensureConfigDir();
+    // Validate address
+    if (!isValidAddress(wallet.address, wallet.chain)) {
+        throw new Error(`Invalid ${wallet.chain} address`);
+    }
+    wallet.addedAt = new Date().toISOString();
+    // Load existing
+    let rawWallets = [];
+    if (existsSync(WALLETS_FILE)) {
+        try {
+            rawWallets = JSON.parse(readFileSync(WALLETS_FILE, "utf-8"));
+        }
+        catch {
+            rawWallets = [];
+        }
+    }
+    // Encrypt and save
+    const encryptedWallet = await encryptWallet(wallet);
+    const existingIndex = rawWallets.findIndex((w) => w.id === wallet.id);
+    if (existingIndex >= 0) {
+        rawWallets[existingIndex] = encryptedWallet;
+    }
+    else {
+        rawWallets.push(encryptedWallet);
+    }
+    writeFileSync(WALLETS_FILE, JSON.stringify(rawWallets, null, 2), { mode: 0o600 });
+    console.error(`[wallets] Saved wallet ${wallet.nickname} (${wallet.address.slice(0, 8)}...) - ${wallet.type}`);
+}
+export async function removeWallet(id) {
+    if (!existsSync(WALLETS_FILE)) {
+        return false;
+    }
+    let rawWallets = [];
+    try {
+        rawWallets = JSON.parse(readFileSync(WALLETS_FILE, "utf-8"));
+    }
+    catch {
+        return false;
+    }
+    const filtered = rawWallets.filter((w) => w.id !== id);
+    if (filtered.length === rawWallets.length) {
+        return false;
+    }
+    writeFileSync(WALLETS_FILE, JSON.stringify(filtered, null, 2), { mode: 0o600 });
+    console.error(`[wallets] Removed wallet ${id}`);
+    return true;
+}
+// ============================================================================
+// Crypto Transaction Log
+// ============================================================================
+export async function getCryptoTransactions(limit = 50) {
+    ensureConfigDir();
+    if (!existsSync(CRYPTO_TX_FILE)) {
+        return [];
+    }
+    try {
+        const data = readFileSync(CRYPTO_TX_FILE, "utf-8");
+        const transactions = JSON.parse(data);
+        return transactions.slice(-limit);
+    }
+    catch {
+        return [];
+    }
+}
+export async function logCryptoTransaction(tx) {
+    ensureConfigDir();
+    let transactions = [];
+    if (existsSync(CRYPTO_TX_FILE)) {
+        try {
+            transactions = JSON.parse(readFileSync(CRYPTO_TX_FILE, "utf-8"));
+        }
+        catch {
+            transactions = [];
+        }
+    }
+    transactions.push(tx);
+    // Keep last 1000 transactions
+    if (transactions.length > 1000) {
+        transactions = transactions.slice(-1000);
+    }
+    writeFileSync(CRYPTO_TX_FILE, JSON.stringify(transactions, null, 2), { mode: 0o600 });
+}
+export async function updateCryptoTransaction(id, updates) {
+    if (!existsSync(CRYPTO_TX_FILE))
+        return;
+    let transactions = [];
+    try {
+        transactions = JSON.parse(readFileSync(CRYPTO_TX_FILE, "utf-8"));
+    }
+    catch {
+        return;
+    }
+    const idx = transactions.findIndex((t) => t.id === id);
+    if (idx >= 0) {
+        transactions[idx] = { ...transactions[idx], ...updates };
+        writeFileSync(CRYPTO_TX_FILE, JSON.stringify(transactions, null, 2), { mode: 0o600 });
+    }
+}

package/dist/tools/add-card.d.ts

@@ -0,0 +1,65 @@
+/**
+ * Add a new payment card (encrypted storage)
+ */
+import { z } from "zod";
+export declare const name = "add_card";
+export declare const description = "Add a new payment card. Card number and expiration are encrypted. CVV is encrypted with your master PIN (requires unlock).";
+export declare const parameters: z.ZodObject<{
+    nickname: z.ZodString;
+    card_number: z.ZodString;
+    expiration: z.ZodString;
+    cvv: z.ZodString;
+    cardholder_name: z.ZodString;
+    allowed_usage: z.ZodOptional<z.ZodArray<z.ZodEnum<["flight", "train", "hotel", "general", "all"]>, "many">>;
+    billing_street: z.ZodOptional<z.ZodString>;
+    billing_city: z.ZodOptional<z.ZodString>;
+    billing_postal_code: z.ZodOptional<z.ZodString>;
+    billing_country: z.ZodOptional<z.ZodString>;
+    per_transaction_limit: z.ZodOptional<z.ZodNumber>;
+    daily_limit: z.ZodOptional<z.ZodNumber>;
+    monthly_limit: z.ZodOptional<z.ZodNumber>;
+    limit_currency: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    cvv: string;
+    nickname: string;
+    card_number: string;
+    expiration: string;
+    cardholder_name: string;
+    allowed_usage?: ("flight" | "train" | "hotel" | "general" | "all")[] | undefined;
+    billing_street?: string | undefined;
+    billing_city?: string | undefined;
+    billing_postal_code?: string | undefined;
+    billing_country?: string | undefined;
+    per_transaction_limit?: number | undefined;
+    daily_limit?: number | undefined;
+    monthly_limit?: number | undefined;
+    limit_currency?: string | undefined;
+}, {
+    cvv: string;
+    nickname: string;
+    card_number: string;
+    expiration: string;
+    cardholder_name: string;
+    allowed_usage?: ("flight" | "train" | "hotel" | "general" | "all")[] | undefined;
+    billing_street?: string | undefined;
+    billing_city?: string | undefined;
+    billing_postal_code?: string | undefined;
+    billing_country?: string | undefined;
+    per_transaction_limit?: number | undefined;
+    daily_limit?: number | undefined;
+    monthly_limit?: number | undefined;
+    limit_currency?: string | undefined;
+}>;
+export declare function execute(args: z.infer<typeof parameters>): Promise<{
+    success: boolean;
+    error: string;
+    message?: undefined;
+    card_id?: undefined;
+    security?: undefined;
+} | {
+    success: boolean;
+    message: string;
+    card_id: `${string}-${string}-${string}-${string}-${string}`;
+    security: string;
+    error?: undefined;
+}>;

package/dist/tools/add-card.js

@@ -0,0 +1,97 @@
+/**
+ * Add a new payment card (encrypted storage)
+ */
+import { z } from "zod";
+import { randomUUID } from "crypto";
+import { addCard } from "../lib/cards";
+import { isUnlocked, isPinConfigured } from "../lib/pin-manager";
+import { encryptCvv } from "../lib/cvv-crypto";
+export const name = "add_card";
+export const description = "Add a new payment card. Card number and expiration are encrypted. CVV is encrypted with your master PIN (requires unlock).";
+export const parameters = z.object({
+    nickname: z.string().describe("Friendly name for the card (e.g., 'Visa perso', 'Amex pro')"),
+    card_number: z.string().describe("Full card number (will be encrypted)"),
+    expiration: z.string().describe("Expiration date in MM/YY format"),
+    cvv: z.string().describe("CVV/CVC (3-4 digits) - encrypted with your PIN, never shown"),
+    cardholder_name: z.string().describe("Name as shown on the card"),
+    allowed_usage: z.array(z.enum(["flight", "train", "hotel", "general", "all"])).optional()
+        .describe("What this card can be used for (default: all)"),
+    billing_street: z.string().optional().describe("Billing address street"),
+    billing_city: z.string().optional().describe("Billing address city"),
+    billing_postal_code: z.string().optional().describe("Billing postal code"),
+    billing_country: z.string().optional().describe("Billing country (2-letter code)"),
+    per_transaction_limit: z.number().optional().describe("Max amount per transaction"),
+    daily_limit: z.number().optional().describe("Max daily spending"),
+    monthly_limit: z.number().optional().describe("Max monthly spending"),
+    limit_currency: z.string().optional().describe("Currency for limits (default: EUR)"),
+});
+export async function execute(args) {
+    try {
+        // Check PIN is configured and unlocked
+        if (!isPinConfigured()) {
+            return {
+                success: false,
+                error: "Master PIN not configured. Use setup_pin first.",
+            };
+        }
+        if (!isUnlocked()) {
+            return {
+                success: false,
+                error: "Cards are locked. Use unlock_cards with your PIN first.",
+            };
+        }
+        // Validate CVV format
+        if (!/^\d{3,4}$/.test(args.cvv)) {
+            return {
+                success: false,
+                error: "Invalid CVV format (must be 3-4 digits)",
+            };
+        }
+        // Encrypt CVV with PIN-derived key
+        const encryptedCvv = encryptCvv(args.cvv);
+        if (!encryptedCvv) {
+            return {
+                success: false,
+                error: "Failed to encrypt CVV. Make sure cards are unlocked.",
+            };
+        }
+        const cardId = randomUUID();
+        await addCard({
+            id: cardId,
+            nickname: args.nickname,
+            cardNumber: args.card_number,
+            expirationDate: args.expiration,
+            cvv: encryptedCvv,
+            cardholderName: args.cardholder_name,
+            cardType: "other", // Will be auto-detected
+            lastFourDigits: "", // Will be set from card number
+            allowedUsage: args.allowed_usage ?? ["all"],
+            enabled: true,
+            billingAddress: args.billing_street ? {
+                street: args.billing_street,
+                city: args.billing_city ?? "",
+                postalCode: args.billing_postal_code ?? "",
+                country: args.billing_country ?? "FR",
+            } : undefined,
+            limits: args.per_transaction_limit || args.daily_limit || args.monthly_limit ? {
+                perTransaction: args.per_transaction_limit,
+                daily: args.daily_limit,
+                monthly: args.monthly_limit,
+                currency: args.limit_currency ?? "EUR",
+            } : undefined,
+            addedAt: new Date().toISOString(),
+        });
+        return {
+            success: true,
+            message: `Card "${args.nickname}" added successfully`,
+            card_id: cardId,
+            security: "Card number and CVV encrypted. CVV protected by your master PIN.",
+        };
+    }
+    catch (error) {
+        return {
+            success: false,
+            error: error instanceof Error ? error.message : "Failed to add card",
+        };
+    }
+}