hooklens 1.0.0 → 1.1.0

package/dist/index.js

@@ -3,6 +3,93 @@
 // src/cli/index.ts
 import { Command as Command7 } from "commander";
 
+// package.json
+var package_default = {
+  name: "hooklens",
+  version: "1.1.0",
+  description: "Debug webhook signature failures locally.",
+  type: "module",
+  bin: {
+    hooklens: "./dist/index.js"
+  },
+  scripts: {
+    build: "tsup",
+    dev: "tsup --watch",
+    "docs:build": "vitepress build docs",
+    "docs:dev": "vitepress dev docs",
+    "docs:preview": "vitepress preview docs",
+    start: "node dist/index.js",
+    test: "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    lint: "eslint src/ tests/",
+    "lint:fix": "eslint src/ tests/ --fix",
+    format: 'prettier --write "src/**/*.ts" "tests/**/*.ts"',
+    "format:check": 'prettier --check "src/**/*.ts" "tests/**/*.ts"',
+    typecheck: "tsc --noEmit",
+    prepublishOnly: "npm run build",
+    prepare: "husky"
+  },
+  keywords: [
+    "webhook",
+    "debug",
+    "stripe",
+    "stripe-webhooks",
+    "github-webhooks",
+    "signature",
+    "webhook-signature",
+    "replay",
+    "cli",
+    "developer-tools"
+  ],
+  author: "Ilia Goginashvili",
+  license: "MIT",
+  repository: {
+    type: "git",
+    url: "https://github.com/Ilia01/hooklens.git"
+  },
+  bugs: {
+    url: "https://github.com/Ilia01/hooklens/issues"
+  },
+  homepage: "https://ilia01.github.io/hooklens/",
+  engines: {
+    node: ">=24.0.0"
+  },
+  files: [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  devDependencies: {
+    "@octokit/webhooks-methods": "^6.0.0",
+    "@types/node": "^22.0.0",
+    eslint: "^9.0.0",
+    husky: "^9.1.7",
+    "lint-staged": "^16.4.0",
+    prettier: "^3.4.0",
+    stripe: "^22.0.0",
+    tsup: "^8.0.0",
+    typescript: "^5.7.0",
+    "typescript-eslint": "^8.0.0",
+    vitepress: "^1.6.4",
+    vitest: "^3.0.0"
+  },
+  dependencies: {
+    chalk: "^5.4.0",
+    commander: "^13.0.0",
+    zod: "^4.3.6"
+  },
+  "lint-staged": {
+    "*.{ts,tsx}": [
+      "prettier --write",
+      "eslint --fix"
+    ],
+    "*.{json,md,yml,yaml}": [
+      "prettier --write"
+    ]
+  }
+};
+
 // src/errors.ts
 function toError(value) {
   return value instanceof Error ? value : new Error(String(value));
@@ -14,6 +101,115 @@ function errorMessage(value) {
 // src/cli/clear.ts
 import { Command } from "commander";
 
+// src/ui/terminal.ts
+import chalk from "chalk";
+function writeLine(stream, line) {
+  stream.write(`${line}
+`);
+}
+function formatBodyForDisplay(event) {
+  if (event.bodyText !== null) {
+    try {
+      return JSON.stringify(JSON.parse(event.bodyText), null, 2).split("\n");
+    } catch {
+      return event.bodyText.split("\n");
+    }
+  }
+  const hex = Buffer.from(event.bodyRaw).toString("hex");
+  const lines = hex.match(/.{1,32}/g) ?? [];
+  return [`<binary body: ${event.bodyRaw.byteLength} bytes>`, ...lines];
+}
+function verificationLabel(result) {
+  if (!result) return chalk.cyan("RECV");
+  return result.valid ? chalk.green("PASS") : chalk.red("FAIL");
+}
+function createTerminal(stdout = process.stdout, stderr = process.stderr) {
+  return {
+    printListenStarted(info) {
+      writeLine(
+        stdout,
+        `${chalk.bold("Listening on")} ${chalk.cyan(`http://127.0.0.1:${info.port}`)}`
+      );
+      writeLine(stdout, `Verifier: ${info.verifier ?? "none"}`);
+      writeLine(stdout, `Forwarding to: ${info.forwardTo ?? "disabled"}`);
+      writeLine(stdout, `Storage: ${info.dbPath}`);
+    },
+    printEventCaptured(event, result) {
+      const label = verificationLabel(result);
+      const summary = `${label} ${chalk.bold(event.id)} ${event.method} ${event.path}`;
+      if (!result) {
+        writeLine(stdout, summary);
+        return;
+      }
+      writeLine(stdout, `${summary} ${result.message}`);
+    },
+    printForwardError(eventId, reason) {
+      writeLine(stdout, `${chalk.red("FWD")} ${chalk.bold(eventId)} ${reason}`);
+    },
+    printForwardRetry(eventId, attempt, maxRetries, reason) {
+      writeLine(
+        stdout,
+        `${chalk.yellow("RETRY")} ${chalk.bold(eventId)} attempt ${attempt}/${maxRetries} ${reason}`
+      );
+    },
+    printEventList(events) {
+      if (!events.length) {
+        writeLine(stdout, chalk.dim("No stored events."));
+        return;
+      }
+      for (const event of events) {
+        const row = `${chalk.dim(event.timestamp)} ${chalk.cyan(event.method)} ${chalk.bold(event.id)} ${event.path}`;
+        writeLine(stdout, row);
+      }
+    },
+    printEventDetail(event) {
+      writeLine(stdout, `${chalk.bold("Event:")}   ${event.id}`);
+      writeLine(stdout, `${chalk.bold("Time:")}    ${event.timestamp}`);
+      writeLine(stdout, `${chalk.bold("Method:")}  ${event.method}`);
+      writeLine(stdout, `${chalk.bold("Path:")}    ${event.path}`);
+      if (event.verification) {
+        const v = event.verification;
+        const label = v.valid ? chalk.green("PASS") : chalk.red("FAIL");
+        writeLine(stdout, "");
+        writeLine(stdout, chalk.bold("Verification:"));
+        writeLine(stdout, `  Result:   ${label}`);
+        writeLine(stdout, `  Provider: ${v.provider}`);
+        writeLine(stdout, `  Message:  ${v.message}`);
+      }
+      writeLine(stdout, "");
+      writeLine(stdout, chalk.bold("Headers:"));
+      for (const [key, value] of Object.entries(event.headers)) {
+        writeLine(stdout, `  ${key}: ${value}`);
+      }
+      writeLine(stdout, "");
+      writeLine(stdout, chalk.bold("Body:"));
+      for (const line of formatBodyForDisplay(event)) {
+        writeLine(stdout, `  ${line}`);
+      }
+    },
+    printReplayResult(result) {
+      const summary = `${chalk.bold("Replay response:")} ${chalk.cyan(String(result.status))}`;
+      if (!result.body) {
+        writeLine(stdout, summary);
+        return;
+      }
+      writeLine(stdout, `${summary} ${result.body}`);
+    },
+    printDeleted(eventId) {
+      writeLine(stdout, `Deleted ${chalk.bold(eventId)}`);
+    },
+    printCleared(count) {
+      writeLine(stdout, `Cleared ${chalk.bold(String(count))} events`);
+    },
+    printListenStopped() {
+      writeLine(stdout, chalk.dim("Stopped listening."));
+    },
+    printError(message) {
+      writeLine(stderr, chalk.red(message));
+    }
+  };
+}
+
 // src/storage/index.ts
 import os from "os";
 import fs from "fs";
@@ -41,7 +237,9 @@ var webhookEventSchema = z.object({
   method: z.string(),
   path: z.string(),
   headers: z.record(z.string(), z.string()),
-  body: z.string(),
+  bodyRaw: z.custom((value) => value instanceof Uint8Array),
+  bodyText: z.string().nullable(),
+  bodyExact: z.boolean(),
   verification: verificationResultSchema.nullable().optional()
 });
 var eventRowSchema = z.object({
@@ -50,13 +248,22 @@ var eventRowSchema = z.object({
   method: z.string(),
   path: z.string(),
   headers: z.string(),
-  body: z.string(),
+  body: z.string().nullable().optional(),
+  body_raw: z.custom((value) => value === null || value === void 0 || value instanceof Uint8Array).optional(),
   verification: z.string().nullable().optional()
 });
 var replayResultSchema = z.object({
   status: z.number().int(),
   body: z.string()
 });
+function tryDecodeUtf8(raw) {
+  if (raw.length === 0) return "";
+  const buf = Buffer.from(raw.buffer, raw.byteOffset, raw.byteLength);
+  const decoded = buf.toString("utf8");
+  const reEncoded = Buffer.from(decoded, "utf8");
+  if (buf.length !== reEncoded.length || !buf.equals(reEncoded)) return null;
+  return decoded;
+}
 
 // src/storage/index.ts
 var require2 = createRequire(import.meta.url);
@@ -64,15 +271,42 @@ var { DatabaseSync } = require2("node:sqlite");
 function defaultDbPath() {
   return path.join(os.homedir(), ".hooklens", "events.db");
 }
+function eventColumns(db) {
+  const rows = db.prepare(`PRAGMA table_info(events)`).all();
+  return new Map(rows.map((row) => [row.name, row]));
+}
+function migrateEventsTable(db) {
+  const columns = eventColumns(db);
+  if (!columns.has("body_raw")) {
+    db.exec(`ALTER TABLE events ADD COLUMN body_raw BLOB`);
+  }
+  if (!columns.has("verification")) {
+    db.exec(`ALTER TABLE events ADD COLUMN verification TEXT`);
+  }
+  if (!columns.has("body")) {
+    db.exec(`ALTER TABLE events ADD COLUMN body TEXT`);
+  }
+  if (columns.has("body_text")) {
+    db.exec(`
+      UPDATE events
+      SET body = COALESCE(body, body_text)
+      WHERE body_text IS NOT NULL
+    `);
+  }
+}
 function rowToEvent(row) {
   const verification = row.verification ? verificationResultSchema.parse(JSON.parse(row.verification)) : null;
+  const bodyRaw = row.body_raw ?? Buffer.from(row.body ?? "", "utf8");
+  const bodyText = row.body_raw ? tryDecodeUtf8(row.body_raw) : row.body ?? "";
   return webhookEventSchema.parse({
     id: row.id,
     timestamp: row.timestamp,
     method: row.method,
     path: row.path,
     headers: JSON.parse(row.headers),
-    body: row.body,
+    bodyRaw,
+    bodyText,
+    bodyExact: row.body_raw !== null && row.body_raw !== void 0,
     verification
   });
 }
@@ -86,20 +320,15 @@ function createStorage(dbPath) {
       method TEXT NOT NULL,
       path TEXT NOT NULL,
       headers TEXT NOT NULL,
-      body TEXT NOT NULL,
+      body TEXT,
+      body_raw BLOB,
       verification TEXT
     )
   `);
-  try {
-    db.exec(`ALTER TABLE events ADD COLUMN verification TEXT`);
-  } catch (error) {
-    if (!(error instanceof Error && /duplicate column/i.test(error.message))) {
-      throw error;
-    }
-  }
+  migrateEventsTable(db);
   const insertStmt = db.prepare(
-    `INSERT OR REPLACE INTO events (id, timestamp, method, path, headers, body, verification)
-     VALUES (?, ?, ?, ?, ?, ?, ?)`
+    `INSERT OR REPLACE INTO events (id, timestamp, method, path, headers, body, body_raw, verification)
+     VALUES (?, ?, ?, ?, ?, ?, ?, ?)`
   );
   const getStmt = db.prepare(`SELECT * FROM events WHERE id = ?`);
   const listAllStmt = db.prepare(`SELECT * FROM events ORDER BY timestamp DESC`);
@@ -114,7 +343,8 @@ function createStorage(dbPath) {
         event.method,
         event.path,
         JSON.stringify(event.headers),
-        event.body,
+        event.bodyText ?? "",
+        event.bodyRaw,
         event.verification ? JSON.stringify(event.verification) : null
       );
     },
@@ -146,107 +376,26 @@ function createStorage(dbPath) {
   };
 }
 
-// src/ui/terminal.ts
-import chalk from "chalk";
-function writeLine(stream, line) {
-  stream.write(`${line}
-`);
-}
-function verificationLabel(result) {
-  if (!result) return chalk.cyan("RECV");
-  return result.valid ? chalk.green("PASS") : chalk.red("FAIL");
-}
-function createTerminal(stdout = process.stdout, stderr = process.stderr) {
-  return {
-    printListenStarted(info) {
-      writeLine(
-        stdout,
-        `${chalk.bold("Listening on")} ${chalk.cyan(`http://127.0.0.1:${info.port}`)}`
-      );
-      writeLine(stdout, `Verifier: ${info.verifier ?? "none"}`);
-      writeLine(stdout, `Forwarding to: ${info.forwardTo ?? "disabled"}`);
-      writeLine(stdout, `Storage: ${info.dbPath}`);
-    },
-    printEventCaptured(event, result) {
-      const label = verificationLabel(result);
-      const summary = `${label} ${chalk.bold(event.id)} ${event.method} ${event.path}`;
-      if (!result) {
-        writeLine(stdout, summary);
-        return;
-      }
-      writeLine(stdout, `${summary} ${result.message}`);
-    },
-    printForwardError(eventId, reason) {
-      writeLine(stdout, `${chalk.red("FWD")} ${chalk.bold(eventId)} ${reason}`);
-    },
-    printForwardRetry(eventId, attempt, maxRetries, reason) {
-      writeLine(
-        stdout,
-        `${chalk.yellow("RETRY")} ${chalk.bold(eventId)} attempt ${attempt}/${maxRetries} ${reason}`
-      );
-    },
-    printEventList(events) {
-      if (!events.length) {
-        writeLine(stdout, chalk.dim("No stored events."));
-        return;
-      }
-      for (const event of events) {
-        const row = `${chalk.dim(event.timestamp)} ${chalk.cyan(event.method)} ${chalk.bold(event.id)} ${event.path}`;
-        writeLine(stdout, row);
-      }
-    },
-    printEventDetail(event) {
-      writeLine(stdout, `${chalk.bold("Event:")}   ${event.id}`);
-      writeLine(stdout, `${chalk.bold("Time:")}    ${event.timestamp}`);
-      writeLine(stdout, `${chalk.bold("Method:")}  ${event.method}`);
-      writeLine(stdout, `${chalk.bold("Path:")}    ${event.path}`);
-      if (event.verification) {
-        const v = event.verification;
-        const label = v.valid ? chalk.green("PASS") : chalk.red("FAIL");
-        writeLine(stdout, "");
-        writeLine(stdout, chalk.bold("Verification:"));
-        writeLine(stdout, `  Result:   ${label}`);
-        writeLine(stdout, `  Provider: ${v.provider}`);
-        writeLine(stdout, `  Message:  ${v.message}`);
-      }
-      writeLine(stdout, "");
-      writeLine(stdout, chalk.bold("Headers:"));
-      for (const [key, value] of Object.entries(event.headers)) {
-        writeLine(stdout, `  ${key}: ${value}`);
-      }
-      writeLine(stdout, "");
-      writeLine(stdout, chalk.bold("Body:"));
-      let bodyText;
-      try {
-        bodyText = JSON.stringify(JSON.parse(event.body), null, 2);
-      } catch {
-        bodyText = event.body;
-      }
-      for (const line of bodyText.split("\n")) {
-        writeLine(stdout, `  ${line}`);
-      }
-    },
-    printReplayResult(result) {
-      const summary = `${chalk.bold("Replay response:")} ${chalk.cyan(String(result.status))}`;
-      if (!result.body) {
-        writeLine(stdout, summary);
-        return;
-      }
-      writeLine(stdout, `${summary} ${result.body}`);
-    },
-    printDeleted(eventId) {
-      writeLine(stdout, `Deleted ${chalk.bold(eventId)}`);
-    },
-    printCleared(count) {
-      writeLine(stdout, `Cleared ${chalk.bold(String(count))} events`);
-    },
-    printListenStopped() {
-      writeLine(stdout, chalk.dim("Stopped listening."));
-    },
-    printError(message) {
-      writeLine(stderr, chalk.red(message));
+// src/cli/runtime.ts
+async function withDefaultStorage(run) {
+  const storage = createStorage(defaultDbPath());
+  try {
+    return await run(storage);
+  } finally {
+    try {
+      storage.close();
+    } catch {
     }
-  };
+  }
+}
+async function runCommandAction(run) {
+  const terminal = createTerminal();
+  try {
+    await run(terminal);
+  } catch (error) {
+    terminal.printError(errorMessage(error));
+    process.exitCode = 1;
+  }
 }
 
 // src/cli/clear.ts
@@ -269,13 +418,10 @@ async function runClear(flags, deps = {}) {
       return;
     }
   }
-  const storage = createStorage(defaultDbPath());
-  try {
+  return withDefaultStorage((storage) => {
     const count = storage.clear();
     terminal.printCleared(count);
-  } finally {
-    storage.close();
-  }
+  });
 }
 var clearCommand = new Command("clear").description("Delete all stored webhook events").option("--yes", "Skip confirmation prompt").addHelpText(
   "after",
@@ -284,29 +430,20 @@ Examples:
   hooklens clear --yes
   hooklens clear`
 ).action(async (options) => {
-  const terminal = createTerminal();
-  try {
-    await runClear(options, { terminal });
-  } catch (error) {
-    terminal.printError(errorMessage(error));
-    process.exitCode = 1;
-  }
+  await runCommandAction((terminal) => runClear(options, { terminal }));
 });
 
 // src/cli/delete.ts
 import { Command as Command2 } from "commander";
 async function runDelete(eventId, deps = {}) {
   const terminal = deps.terminal ?? createTerminal();
-  const storage = createStorage(defaultDbPath());
-  try {
+  return withDefaultStorage((storage) => {
     const deleted = storage.delete(eventId);
     if (!deleted) {
       throw new Error(`Event "${eventId}" not found.`);
     }
     terminal.printDeleted(eventId);
-  } finally {
-    storage.close();
-  }
+  });
 }
 var deleteCommand = new Command2("delete").description("Delete a stored webhook event").argument("<event-id>", "ID of the event to delete").addHelpText(
   "after",
@@ -314,24 +451,38 @@ var deleteCommand = new Command2("delete").description("Delete a stored webhook
 Examples:
   hooklens delete evt_abc123`
 ).action(async (eventId) => {
-  const terminal = createTerminal();
-  try {
-    await runDelete(eventId, { terminal });
-  } catch (error) {
-    terminal.printError(errorMessage(error));
-    process.exitCode = 1;
-  }
+  await runCommandAction((terminal) => runDelete(eventId, { terminal }));
 });
 
 // src/cli/inspect.ts
 import { Command as Command3 } from "commander";
 
 // src/cli/json-output.ts
+function toJsonValue(value) {
+  if (value instanceof Uint8Array) {
+    return Buffer.from(value).toString("base64");
+  }
+  if (Array.isArray(value)) {
+    return value.map(toJsonValue);
+  }
+  if (value && typeof value === "object") {
+    const input = value;
+    const output = {};
+    for (const [key, entry] of Object.entries(input)) {
+      output[key] = toJsonValue(entry);
+    }
+    if ("bodyRaw" in input && "bodyText" in input && "bodyExact" in input && !("body" in output)) {
+      output.body = output.bodyText ?? null;
+    }
+    return output;
+  }
+  return value;
+}
 function writeJsonLine(stdout, data) {
-  const json = JSON.stringify(data);
+  const json = JSON.stringify(toJsonValue(data));
   if (json === void 0) {
     throw new Error(
-      "Cannot serialize value to JSON \u2013 received a non-serializable type (undefined, function, or symbol)"
+      "Cannot serialize value to JSON - received a non-serializable type (undefined, function, or symbol)"
     );
   }
   stdout.write(json + "\n");
@@ -340,8 +491,7 @@ function writeJsonLine(stdout, data) {
 // src/cli/inspect.ts
 async function runInspect(eventId, flags, deps = {}) {
   const terminal = deps.terminal ?? createTerminal();
-  const storage = createStorage(defaultDbPath());
-  try {
+  return withDefaultStorage((storage) => {
     const event = storage.load(eventId);
     if (!event) {
       throw new Error(`Event "${eventId}" not found.`);
@@ -352,9 +502,7 @@ async function runInspect(eventId, flags, deps = {}) {
     } else {
       terminal.printEventDetail(event);
     }
-  } finally {
-    storage.close();
-  }
+  });
 }
 var inspectCommand = new Command3("inspect").description("View full details of a stored webhook event").argument("<event-id>", "ID of the event to inspect").option("--json", "Output as JSON").addHelpText(
   "after",
@@ -363,13 +511,7 @@ Examples:
   hooklens inspect evt_abc123
   hooklens inspect evt_abc123 --json`
 ).action(async (eventId, options) => {
-  const terminal = createTerminal();
-  try {
-    await runInspect(eventId, options, { terminal });
-  } catch (error) {
-    terminal.printError(errorMessage(error));
-    process.exitCode = 1;
-  }
+  await runCommandAction((terminal) => runInspect(eventId, options, { terminal }));
 });
 
 // src/cli/listen.ts
@@ -462,7 +604,7 @@ function readBody(req, maxBytes) {
       }
       chunks.push(chunk);
     };
-    const onEnd = () => resolveOnce(Buffer.concat(chunks, totalBytes).toString("utf8"));
+    const onEnd = () => resolveOnce(Buffer.concat(chunks, totalBytes));
     const onError = (error) => rejectOnce(error);
     const onSocketClose = () => rejectOnce(new Error("socket closed during request body"));
     const onSocketError = (error) => rejectOnce(error);
@@ -562,7 +704,7 @@ async function forwardEvent(targetUrl, event, timeoutMs = DEFAULT_FORWARD_TIMEOU
     const response = await fetch(destination, {
       method: event.method,
       headers: headersForForwarding(event.headers),
-      body: hasBody ? event.body : void 0,
+      body: hasBody ? event.bodyRaw : void 0,
       signal: controller.signal
     });
     return {
@@ -593,8 +735,8 @@ function cancellableDelay(ms, req) {
     timer.unref();
   });
 }
-function clampRetryCount(value) {
-  const n = value ?? 0;
+function clampRetryCount(value = 0) {
+  const n = value;
   if (!Number.isFinite(n) || !Number.isInteger(n)) return 0;
   return Math.max(0, Math.min(n, 10));
 }
@@ -608,16 +750,19 @@ function createServer(opts) {
   const retryCount = clampRetryCount(opts.retryCount);
   const retryBaseDelayMs = opts.retryBaseDelayMs ?? DEFAULT_RETRY_BASE_DELAY_MS;
   const handleRequest = async (req, res) => {
-    const body = await readBody(req, maxBodyBytes);
+    const bodyRaw = await readBody(req, maxBodyBytes);
+    const bodyText = tryDecodeUtf8(bodyRaw);
     const event = {
       id: generateEventId(),
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
       method: req.method ?? "GET",
       path: req.url ?? "/",
       headers: headersToRecord(req.headers),
-      body
+      bodyRaw,
+      bodyText,
+      bodyExact: true
     };
-    const verification = opts.verifier?.verify({ headers: event.headers, body: event.body }) ?? null;
+    const verification = opts.verifier?.verify({ headers: event.headers, bodyRaw }) ?? null;
     event.verification = verification;
     opts.storage.save(event);
     opts.onEvent?.(event, verification);
@@ -736,9 +881,11 @@ function getHeaderCaseInsensitive(headers, name) {
   return void 0;
 }
 function tryCanonicalForm(payload) {
+  const text = typeof payload === "string" ? payload : tryDecodeUtf8(payload);
+  if (text === null) return null;
   try {
-    const canonical = JSON.stringify(JSON.parse(payload));
-    return canonical === payload ? null : canonical;
+    const canonical = JSON.stringify(JSON.parse(text));
+    return canonical === text ? null : canonical;
   } catch {
     return null;
   }
@@ -804,7 +951,7 @@ function createGitHubVerifier(opts) {
   return {
     provider: PROVIDER,
     verify: (event) => verifyGitHubSignature({
-      payload: event.body,
+      payload: event.bodyRaw,
       header: getHeaderCaseInsensitive(event.headers, "x-hub-signature-256"),
       secret: opts.secret
     })
@@ -834,8 +981,13 @@ function parseHeader(header) {
   if (timestamp === null || signatures.length === 0) return null;
   return { timestamp, signatures };
 }
-function computeHmac2(secret, signedPayload) {
-  return crypto3.createHmac("sha256", secret).update(signedPayload).digest("hex");
+function computeHmac2(secret, signedPayload2) {
+  return crypto3.createHmac("sha256", secret).update(signedPayload2).digest("hex");
+}
+function signedPayload(timestamp, payload) {
+  const prefix = Buffer.from(`${timestamp}.`, "utf8");
+  const body = typeof payload === "string" ? Buffer.from(payload, "utf8") : Buffer.from(payload);
+  return Buffer.concat([prefix, body]);
 }
 function constantTimeMatch2(expected, candidates) {
   const expectedBuf = Buffer.from(expected, "utf8");
@@ -876,14 +1028,13 @@ function verifyStripeSignature(opts) {
       `Timestamp is ${minutes} minutes old. Event expired or your clock is drifting.`
     );
   }
-  const signedPayload = `${parsed.timestamp}.${opts.payload}`;
-  const expected = computeHmac2(opts.secret, signedPayload);
+  const expected = computeHmac2(opts.secret, signedPayload(parsed.timestamp, opts.payload));
   if (constantTimeMatch2(expected, parsed.signatures)) {
     return success2("Signature verified.");
   }
   const canonical = tryCanonicalForm(opts.payload);
   if (canonical !== null) {
-    const expectedCanonical = computeHmac2(opts.secret, `${parsed.timestamp}.${canonical}`);
+    const expectedCanonical = computeHmac2(opts.secret, signedPayload(parsed.timestamp, canonical));
     if (constantTimeMatch2(expectedCanonical, parsed.signatures)) {
       return failure2(
         "body_mutated",
@@ -900,7 +1051,7 @@ function createStripeVerifier(opts) {
   return {
     provider: PROVIDER2,
     verify: (event) => verifyStripeSignature({
-      payload: event.body,
+      payload: event.bodyRaw,
       header: getHeaderCaseInsensitive(event.headers, "stripe-signature"),
       secret: opts.secret,
       tolerance: opts.tolerance
@@ -908,6 +1059,12 @@ function createStripeVerifier(opts) {
   };
 }
 
+// src/cli/defaults.ts
+var DEFAULT_LISTEN_PORT = 4400;
+var DEFAULT_LIST_LIMIT = 20;
+var DEFAULT_REPLAY_TARGET_URL = "http://localhost:3000/webhook";
+var DEFAULT_RETRY_COUNT = 0;
+
 // src/cli/listen.ts
 function parsePort(port) {
   const raw = port;
@@ -918,7 +1075,7 @@ function parsePort(port) {
   return parsed;
 }
 function parseRetryCount(retry) {
-  if (retry === void 0) return 0;
+  if (retry === void 0) return DEFAULT_RETRY_COUNT;
   const parsed = typeof retry === "number" ? retry : Number(retry);
   if (!Number.isInteger(parsed) || parsed < 0 || parsed > 10) {
     throw new Error(`Invalid retry count "${retry}". Expected an integer between 0 and 10.`);
@@ -1034,7 +1191,11 @@ async function runListen(flags, deps = {}) {
     throw error;
   }
 }
-var listenCommand = new Command4("listen").description("Start receiving webhooks").option("-p, --port <port>", "Port to listen on", "4400").option("--verify <provider>", "Verify signatures (stripe, github)").option("--secret <secret>", "Webhook signing secret").option("--forward-to <url>", "Forward received webhooks to this URL").option("--retry <count>", "Retry failed forwards with exponential backoff", "0").addHelpText(
+var listenCommand = new Command4("listen").description("Start receiving webhooks").option("-p, --port <port>", "Port to listen on", String(DEFAULT_LISTEN_PORT)).option("--verify <provider>", "Verify signatures (stripe, github)").option("--secret <secret>", "Webhook signing secret").option("--forward-to <url>", "Forward received webhooks to this URL").option(
+  "--retry <count>",
+  "Retry failed forwards with exponential backoff",
+  String(DEFAULT_RETRY_COUNT)
+).addHelpText(
   "after",
   `
 Examples:
@@ -1044,13 +1205,7 @@ Examples:
   hooklens listen --verify github --secret ghsecret_xxx
   hooklens listen --forward-to http://localhost:3000/webhook --retry 3`
 ).action(async (options) => {
-  const terminal = createTerminal();
-  try {
-    await runListen(options, { terminal });
-  } catch (error) {
-    terminal.printError(errorMessage(error));
-    process.exitCode = 1;
-  }
+  await runCommandAction((terminal) => runListen(options, { terminal }));
 });
 
 // src/cli/list.ts
@@ -1064,10 +1219,9 @@ function parseLimit(limit) {
   return parsed;
 }
 async function runList(flags, deps = {}) {
-  const limit = parseLimit(flags.limit ?? "20");
+  const limit = parseLimit(flags.limit ?? DEFAULT_LIST_LIMIT);
   const terminal = deps.terminal ?? createTerminal();
-  const storage = createStorage(defaultDbPath());
-  try {
+  return withDefaultStorage((storage) => {
     const events = storage.list(limit);
     if (flags.json) {
       const out = deps.stdout ?? process.stdout;
@@ -1082,11 +1236,9 @@ async function runList(flags, deps = {}) {
     } else {
       terminal.printEventList(events);
     }
-  } finally {
-    storage.close();
-  }
+  });
 }
-var listCommand = new Command5("list").description("Show received webhook events").option("-n, --limit <count>", "Number of events to show", "20").option("--json", "Output as newline-delimited JSON").addHelpText(
+var listCommand = new Command5("list").description("Show received webhook events").option("-n, --limit <count>", "Number of events to show", String(DEFAULT_LIST_LIMIT)).option("--json", "Output as newline-delimited JSON").addHelpText(
   "after",
   `
 Examples:
@@ -1094,18 +1246,11 @@ Examples:
   hooklens list -n 5
   hooklens list --json`
 ).action(async (options) => {
-  const terminal = createTerminal();
-  try {
-    await runList(options, { terminal });
-  } catch (error) {
-    terminal.printError(errorMessage(error));
-    process.exitCode = 1;
-  }
+  await runCommandAction((terminal) => runList(options, { terminal }));
 });
 
 // src/cli/replay.ts
 import { Command as Command6 } from "commander";
-var DEFAULT_REPLAY_TARGET_URL = "http://localhost:3000/webhook";
 function parseTargetUrl(targetUrl) {
   const raw = targetUrl ?? DEFAULT_REPLAY_TARGET_URL;
   try {
@@ -1117,8 +1262,7 @@ function parseTargetUrl(targetUrl) {
 async function runReplay(eventId, flags, deps = {}) {
   const targetUrl = parseTargetUrl(flags.to);
   const terminal = deps.terminal ?? createTerminal();
-  const storage = createStorage(defaultDbPath());
-  try {
+  return withDefaultStorage(async (storage) => {
     const event = storage.load(eventId);
     if (!event) {
       throw new Error(`Event "${eventId}" not found.`);
@@ -1138,9 +1282,7 @@ async function runReplay(eventId, flags, deps = {}) {
     } catch (error) {
       throw new Error(`Failed to replay "${eventId}" to ${targetUrl}: ${errorMessage(error)}`);
     }
-  } finally {
-    storage.close();
-  }
+  });
 }
 var replayCommand = new Command6("replay").description("Replay a stored webhook event").argument("<event-id>", "ID of the event to replay").option("--to <url>", "Target URL to send the event to", DEFAULT_REPLAY_TARGET_URL).option("--json", "Output as JSON").addHelpText(
   "after",
@@ -1150,18 +1292,12 @@ Examples:
   hooklens replay evt_abc123 --to http://localhost:8080/hook
   hooklens replay evt_abc123 --json`
 ).action(async (eventId, options) => {
-  const terminal = createTerminal();
-  try {
-    await runReplay(eventId, options, { terminal });
-  } catch (error) {
-    terminal.printError(errorMessage(error));
-    process.exitCode = 1;
-  }
+  await runCommandAction((terminal) => runReplay(eventId, options, { terminal }));
 });
 
 // src/cli/index.ts
 var program = new Command7();
-program.name("hooklens").description("Inspect, verify, and replay webhooks from your terminal").version("0.1.0");
+program.name("hooklens").description(package_default.description).version(package_default.version);
 program.addCommand(listenCommand);
 program.addCommand(listCommand);
 program.addCommand(inspectCommand);