lane-sdk 0.1.0

package/dist/index.cjs

@@ -0,0 +1,3249 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var events = require('events');
+var crypto = require('crypto');
+var promises = require('fs/promises');
+var path = require('path');
+var os = require('os');
+var mcp_js = require('@modelcontextprotocol/sdk/server/mcp.js');
+var zod = require('zod');
+
+// src/client.ts
+var TIMESTAMP_TOLERANCE_SECONDS = 300;
+var HMACSignature = class {
+  secret;
+  constructor(secret) {
+    this.secret = secret;
+  }
+  /**
+   * Sign request components and return the hex-encoded HMAC-SHA256 signature.
+   */
+  sign(components) {
+    const bodyHash = components.body ? crypto.createHash("sha256").update(components.body).digest("hex") : crypto.createHash("sha256").update("").digest("hex");
+    const payload = [
+      components.method.toUpperCase(),
+      components.path,
+      components.timestamp.toString(),
+      bodyHash
+    ].join("\n");
+    return crypto.createHmac("sha256", this.secret).update(payload).digest("hex");
+  }
+  /**
+   * Verify a signature against request components.
+   * Uses constant-time comparison to prevent timing attacks.
+   */
+  verify(signature, components, toleranceSeconds = TIMESTAMP_TOLERANCE_SECONDS) {
+    const now = Math.floor(Date.now() / 1e3);
+    if (Math.abs(now - components.timestamp) > toleranceSeconds) {
+      return false;
+    }
+    const expected = this.sign(components);
+    return constantTimeEqual(expected, signature);
+  }
+  /**
+   * Generate the signature headers for an outgoing request.
+   */
+  headers(components) {
+    const signature = this.sign(components);
+    return {
+      "X-Lane-Timestamp": components.timestamp.toString(),
+      "X-Lane-Signature": `sha256=${signature}`
+    };
+  }
+};
+function verifyWebhookSignature(payload, signature, secret, timestamp) {
+  const hmac = new HMACSignature(secret);
+  const sig = signature.startsWith("sha256=") ? signature.slice(7) : signature;
+  return hmac.verify(sig, {
+    method: "POST",
+    path: "/webhook",
+    timestamp,
+    body: payload
+  });
+}
+function constantTimeEqual(a, b) {
+  if (a.length !== b.length) {
+    return false;
+  }
+  const bufA = Buffer.from(a, "utf8");
+  const bufB = Buffer.from(b, "utf8");
+  return crypto.timingSafeEqual(bufA, bufB);
+}
+
+// src/errors.ts
+var LaneError = class extends Error {
+  /** Machine-readable error code (e.g. 'budget_exceeded'). */
+  code;
+  /** HTTP status code from the API (or synthetic for client-side errors). */
+  statusCode;
+  /** Request ID for support and audit trail correlation. */
+  requestId;
+  /** Whether the caller should retry this request. */
+  retryable;
+  /** Human-readable suggestion for what the agent should do next. */
+  suggestedAction;
+  /** Executable suggestion for agents (e.g. "lane.wallet.deposit(2000)"). */
+  fix;
+  /** Current state context for agent decision-making. */
+  currentState;
+  constructor(message, options) {
+    super(message);
+    this.name = "LaneError";
+    this.code = options.code;
+    this.statusCode = options.statusCode;
+    this.requestId = options.requestId ?? "unknown";
+    this.retryable = options.retryable ?? false;
+    this.suggestedAction = options.suggestedAction;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+  /** Serialize to a plain object for structured logging / JSON responses. */
+  toJSON() {
+    const json = {
+      name: this.name,
+      message: this.message,
+      code: this.code,
+      statusCode: this.statusCode,
+      requestId: this.requestId,
+      retryable: this.retryable,
+      suggestedAction: this.suggestedAction
+    };
+    if (this.fix !== void 0) {
+      json.fix = this.fix;
+    }
+    if (this.currentState !== void 0) {
+      json.currentState = this.currentState;
+    }
+    return json;
+  }
+};
+var LaneAuthError = class _LaneAuthError extends LaneError {
+  constructor(message, options) {
+    super(message, { statusCode: 401, ...options });
+    this.name = "LaneAuthError";
+  }
+  static invalidApiKey(requestId) {
+    return new _LaneAuthError("Invalid API key. Check your key and try again.", {
+      code: "invalid_api_key",
+      statusCode: 401,
+      requestId,
+      suggestedAction: "Verify the API key is correct. Run `lane whoami` to check authentication."
+    });
+  }
+  static expiredToken(requestId) {
+    return new _LaneAuthError("Authentication token has expired.", {
+      code: "expired_token",
+      statusCode: 401,
+      requestId,
+      suggestedAction: "Run `lane login` to re-authenticate."
+    });
+  }
+  static insufficientScope(requiredScope, requestId) {
+    return new _LaneAuthError(
+      `API key lacks required permission: ${requiredScope}`,
+      {
+        code: "insufficient_scope",
+        statusCode: 403,
+        requestId,
+        suggestedAction: "Generate a new API key with the required permissions in the dashboard."
+      }
+    );
+  }
+};
+var LanePaymentError = class _LanePaymentError extends LaneError {
+  constructor(message, options) {
+    super(message, options);
+    this.name = "LanePaymentError";
+  }
+  static declined(requestId) {
+    return new _LanePaymentError("Payment was declined by the card issuer.", {
+      code: "payment_declined",
+      statusCode: 402,
+      requestId,
+      suggestedAction: "The card was declined. Ask the developer to check their card or add a new one."
+    });
+  }
+  static insufficientFunds(currentBalance, required, requestId) {
+    const error = new _LanePaymentError("Insufficient wallet balance", {
+      code: "insufficient_funds",
+      statusCode: 402,
+      requestId,
+      suggestedAction: "Check wallet balance and deposit more funds"
+    });
+    if (currentBalance !== void 0 && required !== void 0) {
+      error.fix = `lane.wallet.deposit(${required - currentBalance})`;
+      error.currentState = { balance: currentBalance, required };
+    }
+    return error;
+  }
+  static merchantUnavailable(merchant, requestId) {
+    return new _LanePaymentError(
+      `Merchant "${merchant}" is temporarily unavailable.`,
+      {
+        code: "merchant_unavailable",
+        statusCode: 502,
+        requestId,
+        retryable: true,
+        suggestedAction: "The merchant endpoint is down. Try again in a few minutes or choose an alternative."
+      }
+    );
+  }
+  static serviceError(requestId) {
+    return new _LanePaymentError(
+      "Payment service encountered an internal error.",
+      {
+        code: "payment_service_error",
+        statusCode: 502,
+        requestId,
+        retryable: true,
+        suggestedAction: "Payment service temporarily unavailable. Try again in a few minutes."
+      }
+    );
+  }
+};
+var LaneBudgetError = class _LaneBudgetError extends LaneError {
+  /** The budget limit that was exceeded. */
+  limit;
+  /** The amount that was requested. */
+  requested;
+  constructor(message, options) {
+    super(message, options);
+    this.name = "LaneBudgetError";
+    this.limit = options.limit;
+    this.requested = options.requested;
+  }
+  static dailyExceeded(limit, requested, requestId) {
+    return new _LaneBudgetError(
+      `Daily spending limit of $${(limit / 100).toFixed(2)} exceeded. Requested: $${(requested / 100).toFixed(2)}.`,
+      {
+        code: "daily_limit_exceeded",
+        statusCode: 402,
+        requestId,
+        limit,
+        requested,
+        suggestedAction: "Ask the developer to increase the daily limit or approve this transaction."
+      }
+    );
+  }
+  static taskExceeded(limit, requested, requestId) {
+    return new _LaneBudgetError(
+      `Per-task spending limit of $${(limit / 100).toFixed(2)} exceeded. Requested: $${(requested / 100).toFixed(2)}.`,
+      {
+        code: "task_limit_exceeded",
+        statusCode: 402,
+        requestId,
+        limit,
+        requested,
+        suggestedAction: "Ask the developer to increase the per-task limit or approve this transaction."
+      }
+    );
+  }
+  static monthlyExceeded(limit, requested, requestId) {
+    return new _LaneBudgetError(
+      `Monthly spending limit of $${(limit / 100).toFixed(2)} exceeded. Requested: $${(requested / 100).toFixed(2)}.`,
+      {
+        code: "monthly_limit_exceeded",
+        statusCode: 402,
+        requestId,
+        limit,
+        requested,
+        suggestedAction: "Ask the developer to increase the monthly limit."
+      }
+    );
+  }
+  static merchantNotAllowed(merchant, requestId) {
+    return new _LaneBudgetError(
+      `Merchant "${merchant}" is not on the spending allowlist.`,
+      {
+        code: "merchant_not_allowed",
+        statusCode: 402,
+        requestId,
+        limit: 0,
+        requested: 0,
+        suggestedAction: "This merchant is not on your allowlist. Ask the developer to add it via the dashboard."
+      }
+    );
+  }
+  toJSON() {
+    return {
+      ...super.toJSON(),
+      limit: this.limit,
+      requested: this.requested
+    };
+  }
+};
+var LaneNotFoundError = class extends LaneError {
+  constructor(resource, id, requestId) {
+    super(`${resource} "${id}" not found.`, {
+      code: `${resource.toLowerCase()}_not_found`,
+      statusCode: 404,
+      requestId,
+      suggestedAction: `The ${resource.toLowerCase()} does not exist or you don't have access to it.`
+    });
+    this.name = "LaneNotFoundError";
+  }
+};
+var LaneRateLimitError = class extends LaneError {
+  /** Seconds until the rate limit resets. */
+  retryAfter;
+  constructor(retryAfter, requestId) {
+    super(`Rate limit exceeded. Retry after ${retryAfter} seconds.`, {
+      code: "rate_limit_exceeded",
+      statusCode: 429,
+      requestId,
+      retryable: true,
+      suggestedAction: `Wait ${retryAfter} seconds before retrying.`
+    });
+    this.name = "LaneRateLimitError";
+    this.retryAfter = retryAfter;
+  }
+  toJSON() {
+    return {
+      ...super.toJSON(),
+      retryAfter: this.retryAfter
+    };
+  }
+};
+var LaneValidationError = class extends LaneError {
+  fields;
+  constructor(fields, requestId) {
+    const fieldMessages = fields.map((f) => `${f.field}: ${f.message}`).join("; ");
+    super(`Validation error: ${fieldMessages}`, {
+      code: "validation_error",
+      statusCode: 400,
+      requestId,
+      suggestedAction: "Check the request parameters and try again."
+    });
+    this.name = "LaneValidationError";
+    this.fields = fields;
+  }
+  toJSON() {
+    return {
+      ...super.toJSON(),
+      fields: this.fields
+    };
+  }
+};
+function createErrorFromResponse(body) {
+  const { error, requestId } = body;
+  if (error.statusCode === 401 || error.statusCode === 403) {
+    return new LaneAuthError(error.message, {
+      code: error.code,
+      statusCode: error.statusCode,
+      requestId,
+      suggestedAction: error.suggestedAction
+    });
+  }
+  if (error.statusCode === 429) {
+    return new LaneRateLimitError(error.retryAfter ?? 60, requestId);
+  }
+  if (error.statusCode === 400 && error.fields) {
+    return new LaneValidationError(error.fields, requestId);
+  }
+  if (error.code.includes("limit_exceeded") || error.code === "merchant_not_allowed") {
+    return new LaneBudgetError(error.message, {
+      code: error.code,
+      statusCode: error.statusCode,
+      requestId,
+      limit: error.limit ?? 0,
+      requested: error.requested ?? 0,
+      suggestedAction: error.suggestedAction
+    });
+  }
+  if (error.code.startsWith("payment_") || error.code === "insufficient_funds" || error.code === "merchant_unavailable") {
+    return new LanePaymentError(error.message, {
+      code: error.code,
+      statusCode: error.statusCode,
+      requestId,
+      retryable: error.retryable,
+      suggestedAction: error.suggestedAction
+    });
+  }
+  if (error.statusCode === 404) {
+    return new LaneNotFoundError("Resource", error.code.replace("_not_found", ""), requestId);
+  }
+  return new LaneError(error.message, {
+    code: error.code,
+    statusCode: error.statusCode,
+    requestId,
+    retryable: error.retryable,
+    suggestedAction: error.suggestedAction
+  });
+}
+
+// src/client.ts
+var CircuitBreaker = class {
+  constructor(failureThreshold = 3, resetTimeoutMs = 3e4) {
+    this.failureThreshold = failureThreshold;
+    this.resetTimeoutMs = resetTimeoutMs;
+  }
+  state = "closed";
+  failureCount = 0;
+  lastFailureTime = 0;
+  get isOpen() {
+    if (this.state === "open") {
+      if (Date.now() - this.lastFailureTime >= this.resetTimeoutMs) {
+        this.state = "half_open";
+        return false;
+      }
+      return true;
+    }
+    return false;
+  }
+  recordSuccess() {
+    this.failureCount = 0;
+    this.state = "closed";
+  }
+  recordFailure() {
+    this.failureCount++;
+    this.lastFailureTime = Date.now();
+    if (this.failureCount >= this.failureThreshold) {
+      this.state = "open";
+    }
+  }
+};
+var LaneClient = class extends events.EventEmitter {
+  config;
+  signer;
+  circuitBreaker;
+  constructor(config) {
+    super();
+    this.config = config;
+    this.signer = new HMACSignature(config.apiKey);
+    this.circuitBreaker = new CircuitBreaker(
+      config.circuitBreaker?.failureThreshold,
+      config.circuitBreaker?.resetTimeoutMs
+    );
+  }
+  /** Whether this client is operating in test mode. */
+  get testMode() {
+    return this.config.testMode;
+  }
+  /** The resolved base URL. */
+  get baseUrl() {
+    return this.config.baseUrl;
+  }
+  // -------------------------------------------------------------------------
+  // Public convenience methods
+  // -------------------------------------------------------------------------
+  async get(path, query) {
+    return this.request({ method: "GET", path, query });
+  }
+  async post(path, body, idempotencyKey) {
+    return this.request({ method: "POST", path, body, idempotencyKey });
+  }
+  async put(path, body) {
+    return this.request({ method: "PUT", path, body });
+  }
+  async delete(path) {
+    return this.request({ method: "DELETE", path });
+  }
+  // -------------------------------------------------------------------------
+  // Core request method with retries
+  // -------------------------------------------------------------------------
+  async request(options) {
+    const requestId = `req_${crypto.randomUUID().replace(/-/g, "").slice(0, 24)}`;
+    let lastError;
+    const maxAttempts = this.isRetryable(options.method) ? this.config.maxRetries + 1 : 1;
+    for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+      if (attempt > 1) {
+        this.emit("retry", {
+          attempt,
+          maxRetries: this.config.maxRetries,
+          requestId
+        });
+        await this.backoff(attempt);
+      }
+      try {
+        return await this.executeRequest(options, requestId);
+      } catch (err) {
+        lastError = err instanceof Error ? err : new Error(String(err));
+        if (err instanceof LaneError && !err.retryable) {
+          throw err;
+        }
+        if (err instanceof LaneRateLimitError) {
+          if (attempt < maxAttempts) {
+            await sleep(err.retryAfter * 1e3);
+            continue;
+          }
+          throw err;
+        }
+      }
+    }
+    throw lastError ?? new Error("Request failed with no error details");
+  }
+  // -------------------------------------------------------------------------
+  // Private
+  // -------------------------------------------------------------------------
+  async executeRequest(options, requestId) {
+    if (this.circuitBreaker.isOpen) {
+      throw new LaneError("Service temporarily unavailable (circuit breaker open).", {
+        code: "circuit_breaker_open",
+        statusCode: 503,
+        requestId,
+        retryable: true,
+        suggestedAction: "Payment service temporarily unavailable. Try again in 30 seconds."
+      });
+    }
+    const url = this.buildUrl(options.path, options.query);
+    const bodyStr = options.body ? JSON.stringify(options.body) : void 0;
+    const timestamp = Math.floor(Date.now() / 1e3);
+    const signatureHeaders = this.signer.headers({
+      method: options.method,
+      path: options.path,
+      timestamp,
+      body: bodyStr
+    });
+    const headers = {
+      "Authorization": `Bearer ${this.config.apiKey}`,
+      "Content-Type": "application/json",
+      "Accept": "application/json",
+      "X-Lane-Request-Id": requestId,
+      "User-Agent": "lane-sdk/0.1.0",
+      ...signatureHeaders
+    };
+    if (options.idempotencyKey) {
+      headers["X-Idempotency-Key"] = options.idempotencyKey;
+    }
+    this.emit("request", { method: options.method, path: options.path, requestId });
+    const startTime = Date.now();
+    const controller = new AbortController();
+    const timeoutId = setTimeout(
+      () => controller.abort(),
+      options.timeout ?? this.config.timeout
+    );
+    try {
+      const response = await fetch(url, {
+        method: options.method,
+        headers,
+        body: bodyStr,
+        signal: controller.signal
+      });
+      const durationMs = Date.now() - startTime;
+      this.emit("response", {
+        statusCode: response.status,
+        requestId,
+        durationMs
+      });
+      if (!response.ok) {
+        const errorBody = await this.parseErrorBody(response, requestId);
+        const error = createErrorFromResponse(errorBody);
+        this.emit("error", { error, requestId });
+        if (response.status >= 500) {
+          this.circuitBreaker.recordFailure();
+        }
+        throw error;
+      }
+      this.circuitBreaker.recordSuccess();
+      const data = await response.json();
+      return {
+        data,
+        requestId,
+        testMode: this.config.testMode,
+        rateLimitRemaining: parseIntHeader(response, "X-RateLimit-Remaining"),
+        rateLimitLimit: parseIntHeader(response, "X-RateLimit-Limit"),
+        rateLimitReset: parseIntHeader(response, "X-RateLimit-Reset")
+      };
+    } catch (err) {
+      if (err instanceof LaneError) throw err;
+      if (err instanceof DOMException && err.name === "AbortError") {
+        this.circuitBreaker.recordFailure();
+        throw new LaneError("Request timed out.", {
+          code: "request_timeout",
+          statusCode: 408,
+          requestId,
+          retryable: true,
+          suggestedAction: "The request took too long. Try again."
+        });
+      }
+      this.circuitBreaker.recordFailure();
+      throw new LaneError(
+        `Network error: ${err instanceof Error ? err.message : String(err)}`,
+        {
+          code: "network_error",
+          statusCode: 0,
+          requestId,
+          retryable: true,
+          suggestedAction: "Check your network connection and try again."
+        }
+      );
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+  buildUrl(path, query) {
+    const url = new URL(path, this.config.baseUrl);
+    if (query) {
+      for (const [key, value] of Object.entries(query)) {
+        if (value !== void 0) {
+          url.searchParams.set(key, String(value));
+        }
+      }
+    }
+    return url.toString();
+  }
+  async parseErrorBody(response, requestId) {
+    try {
+      const body = await response.json();
+      if (body.error && body.requestId) {
+        return body;
+      }
+      return {
+        error: {
+          code: "unknown_error",
+          message: JSON.stringify(body),
+          statusCode: response.status
+        },
+        requestId
+      };
+    } catch {
+      return {
+        error: {
+          code: "unknown_error",
+          message: `HTTP ${response.status}: ${response.statusText}`,
+          statusCode: response.status
+        },
+        requestId
+      };
+    }
+  }
+  isRetryable(method) {
+    return ["GET", "PUT", "DELETE"].includes(method) || method === "POST";
+  }
+  async backoff(attempt) {
+    const baseDelay = Math.min(1e3 * Math.pow(2, attempt - 2), 5e3);
+    const jitter = Math.random() * 500;
+    await sleep(baseDelay + jitter);
+  }
+};
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function parseIntHeader(response, name) {
+  const value = response.headers.get(name);
+  if (value === null) return void 0;
+  const parsed = parseInt(value, 10);
+  return isNaN(parsed) ? void 0 : parsed;
+}
+var LANE_DIR = ".lane";
+var CREDENTIALS_FILE = "credentials.json";
+var SECURE_FILE_MODE = 384;
+var SECURE_DIR_MODE = 448;
+var FileTokenStore = class {
+  dirPath;
+  filePath;
+  constructor(basePath) {
+    this.dirPath = basePath ?? path.join(os.homedir(), LANE_DIR);
+    this.filePath = path.join(this.dirPath, CREDENTIALS_FILE);
+  }
+  /**
+   * Read credentials from disk. Returns null if file doesn't exist.
+   * Warns to stderr if file permissions are too permissive.
+   */
+  async read() {
+    try {
+      await this.validatePermissions();
+      const raw = await promises.readFile(this.filePath, "utf-8");
+      const parsed = JSON.parse(raw);
+      return this.validateCredentials(parsed);
+    } catch (err) {
+      if (isNodeError(err) && err.code === "ENOENT") {
+        return null;
+      }
+      throw err;
+    }
+  }
+  /**
+   * Write credentials to disk with secure permissions.
+   */
+  async write(credentials) {
+    await this.ensureDirectory();
+    const data = JSON.stringify(credentials, null, 2) + "\n";
+    await promises.writeFile(this.filePath, data, { mode: SECURE_FILE_MODE });
+  }
+  /**
+   * Remove the credentials file.
+   */
+  async clear() {
+    try {
+      const { unlink } = await import('fs/promises');
+      await unlink(this.filePath);
+    } catch (err) {
+      if (isNodeError(err) && err.code === "ENOENT") {
+        return;
+      }
+      throw err;
+    }
+  }
+  /** Return the path to the credentials file (for CLI display). */
+  get path() {
+    return this.filePath;
+  }
+  // -------------------------------------------------------------------------
+  // Private
+  // -------------------------------------------------------------------------
+  async ensureDirectory() {
+    await promises.mkdir(this.dirPath, { recursive: true, mode: SECURE_DIR_MODE });
+  }
+  /**
+   * Check file permissions and warn if too open.
+   * SOC 2 control: credentials should only be readable by owner.
+   */
+  async validatePermissions() {
+    try {
+      const stats = await promises.stat(this.filePath);
+      const mode = stats.mode & 511;
+      if (mode !== SECURE_FILE_MODE) {
+        process.stderr.write(
+          `[lane] Warning: ${this.filePath} has permissions ${mode.toString(8)}. Expected ${SECURE_FILE_MODE.toString(8)}. Fixing...
+`
+        );
+        await promises.chmod(this.filePath, SECURE_FILE_MODE);
+      }
+    } catch {
+    }
+  }
+  validateCredentials(parsed) {
+    if (typeof parsed !== "object" || parsed === null || !("apiKey" in parsed) || typeof parsed["apiKey"] !== "string") {
+      return null;
+    }
+    return parsed;
+  }
+};
+function isNodeError(err) {
+  return err instanceof Error && "code" in err;
+}
+
+// src/config.ts
+var DEFAULT_BASE_URL = "https://api.getonlane.com";
+var DEFAULT_TIMEOUT = 3e4;
+var DEFAULT_MAX_RETRIES = 2;
+async function resolveConfig(options = {}, tokenStore) {
+  let apiKey = options.apiKey;
+  if (!apiKey) {
+    apiKey = process.env["LANE_API_KEY"];
+  }
+  if (!apiKey) {
+    const store = tokenStore ?? new FileTokenStore();
+    const creds = await store.read();
+    if (creds) {
+      apiKey = creds.apiKey;
+    }
+  }
+  if (!apiKey) {
+    throw new Error(
+      'No API key found. Provide one via:\n  1. new Lane({ apiKey: "lane_sk_..." })\n  2. LANE_API_KEY environment variable\n  3. Run `lane login` to authenticate'
+    );
+  }
+  const testMode = options.testMode ?? (process.env["LANE_TEST_MODE"] === "true" || apiKey.startsWith("lane_sk_test_"));
+  const baseUrl = options.baseUrl ?? process.env["LANE_BASE_URL"] ?? DEFAULT_BASE_URL;
+  const timeout = options.timeout ?? (process.env["LANE_TIMEOUT"] ? parseInt(process.env["LANE_TIMEOUT"], 10) : DEFAULT_TIMEOUT);
+  const maxRetries = options.maxRetries ?? (process.env["LANE_MAX_RETRIES"] ? parseInt(process.env["LANE_MAX_RETRIES"], 10) : DEFAULT_MAX_RETRIES);
+  return Object.freeze({
+    apiKey,
+    baseUrl,
+    testMode,
+    timeout,
+    maxRetries,
+    circuitBreaker: options.circuitBreaker ? Object.freeze({
+      failureThreshold: options.circuitBreaker.failureThreshold ?? 3,
+      resetTimeoutMs: options.circuitBreaker.resetTimeoutMs ?? 3e4
+    }) : void 0
+  });
+}
+
+// src/resources/base.ts
+var Resource = class {
+  client;
+  constructor(client) {
+    this.client = client;
+  }
+  // -----------------------------------------------------------------------
+  // Convenience wrappers that prepend basePath
+  // -----------------------------------------------------------------------
+  async _get(subpath = "", query) {
+    return this.client.get(`${this.basePath}${subpath}`, query);
+  }
+  async _post(subpath = "", body, idempotencyKey) {
+    return this.client.post(`${this.basePath}${subpath}`, body, idempotencyKey);
+  }
+  async _put(subpath = "", body) {
+    return this.client.put(`${this.basePath}${subpath}`, body);
+  }
+  async _delete(subpath = "") {
+    return this.client.delete(`${this.basePath}${subpath}`);
+  }
+  /**
+   * Helper for paginated list endpoints.
+   */
+  async _list(subpath = "", params) {
+    const query = {};
+    if (params) {
+      for (const [key, value] of Object.entries(params)) {
+        if (value !== void 0) {
+          query[key] = typeof value === "object" ? JSON.stringify(value) : value;
+        }
+      }
+    }
+    const response = await this.client.get(
+      `${this.basePath}${subpath}`,
+      query
+    );
+    return response.data;
+  }
+};
+
+// src/resources/auth.ts
+var Auth = class extends Resource {
+  get basePath() {
+    return "/api/sdk/auth";
+  }
+  /** Get the authenticated developer's profile. */
+  async whoami() {
+    const res = await this._get("/whoami");
+    return res.data;
+  }
+  /**
+   * Start a login session. Returns a URL the developer opens in their browser.
+   */
+  async login() {
+    const res = await this._post("/login");
+    return res.data;
+  }
+  /**
+   * Exchange a one-time code (from browser callback) for an API key.
+   */
+  async exchangeCode(code, sessionId) {
+    const res = await this._post("/token", {
+      code,
+      sessionId
+    });
+    return res.data;
+  }
+  /**
+   * Rotate the API key. Old key remains valid for 15 minutes.
+   */
+  async rotateKey() {
+    const res = await this._post("/rotate");
+    return res.data;
+  }
+};
+
+// src/resources/wallets.ts
+var Wallets = class extends Resource {
+  get basePath() {
+    return "/api/sdk/wallets";
+  }
+  /** Create a new wallet, optionally scoped to an end user. */
+  async create(params = {}) {
+    const res = await this._post("", {
+      userId: params.userId
+    }, params.idempotencyKey);
+    return res.data;
+  }
+  /** Get a wallet by ID. */
+  async get(walletId) {
+    const res = await this._get(`/${walletId}`);
+    return res.data;
+  }
+  /** List all wallets for the authenticated developer. */
+  async list(params) {
+    return this._list("", params);
+  }
+  /** List cards in a wallet. Returns last4/brand only — never full PAN. */
+  async listCards(walletId) {
+    const res = await this._get(`/${walletId}/cards`);
+    return res.data;
+  }
+  /**
+   * Get a secure link for the end user to add a card via VGS Collect.
+   * PAN goes directly to VGS vault — Lane never sees it.
+   */
+  async getAddCardLink(walletId) {
+    const res = await this._get(`/${walletId}/add-card-link`);
+    return res.data;
+  }
+  /** Revoke a wallet. All linked tokens are immediately invalidated. */
+  async revoke(walletId) {
+    await this._delete(`/${walletId}`);
+  }
+  /** Remove a specific card from a wallet. */
+  async removeCard(walletId, cardId) {
+    await this._delete(`/${walletId}/cards/${cardId}`);
+  }
+  /** Deposit funds into a wallet. */
+  async deposit(walletId, params) {
+    const res = await this._post(
+      `/${walletId}/deposit`,
+      { amount: params.amount },
+      params.idempotencyKey
+    );
+    return res.data;
+  }
+  /** Get wallet balance and metadata. */
+  async balance(walletId) {
+    const res = await this._get(`/${walletId ?? "default"}/balance`);
+    return res.data;
+  }
+  /** Configure auto-reload for a wallet. */
+  async setAutoReload(walletId, config) {
+    const res = await this._put(
+      `/${walletId}/auto-reload`,
+      config
+    );
+    return res.data;
+  }
+  /** Get card attributes for a wallet. */
+  async getAttributes(walletId) {
+    const res = await this._get(`/${walletId}/card-attributes`);
+    return res.data;
+  }
+  /** Set the checkout profile for a wallet (billing, shipping, email). */
+  async setProfile(walletId, profile) {
+    const res = await this._post(`/${walletId}/profile`, profile);
+    return res.data;
+  }
+  /** Get the checkout profile. Addresses and email are visible; no sensitive data. */
+  async getProfile(walletId) {
+    const res = await this._get(`/${walletId}/profile`);
+    return res.data;
+  }
+  /** Update the checkout profile (partial). */
+  async updateProfile(walletId, updates) {
+    const res = await this._put(`/${walletId}/profile`, updates);
+    return res.data;
+  }
+  /** Save a merchant account (for sites without guest checkout). */
+  async saveMerchantAccount(walletId, params) {
+    const res = await this._post(`/${walletId}/merchant-accounts`, params);
+    return res.data;
+  }
+  /** List saved merchant accounts (domain + email only). */
+  async listMerchantAccounts(walletId) {
+    const res = await this._get(`/${walletId}/merchant-accounts`);
+    return res.data;
+  }
+  /** Remove a saved merchant account. */
+  async removeMerchantAccount(walletId, accountId) {
+    await this._delete(`/${walletId}/merchant-accounts/${accountId}`);
+  }
+};
+var Pay = class extends Resource {
+  get basePath() {
+    return "/api/sdk/pay";
+  }
+  /**
+   * Create a scoped agentic token — amount-limited, merchant-locked,
+   * time-bounded. The token can be used to execute a single payment.
+   */
+  async createToken(params) {
+    const res = await this._post("/tokens", {
+      walletId: params.walletId,
+      amount: params.amount,
+      currency: params.currency ?? "USD",
+      merchant: params.merchant ?? "*",
+      expiresIn: params.expiresIn ?? "1h",
+      permissions: params.permissions ?? []
+    }, params.idempotencyKey);
+    return res.data;
+  }
+  /**
+   * Execute a payment. Routed via the best available path:
+   *   1. Billing API (for services like OpenAI, Replicate, Vercel)
+   *   2. ACP-enabled merchant checkout
+   *   3. VIC agentic token (when available)
+   *
+   * Idempotency key is strongly recommended to prevent double charges.
+   */
+  async execute(params) {
+    const idempotencyKey = params.idempotencyKey ?? this.generateIdempotencyKey(params);
+    const res = await this._post("/execute", {
+      tokenId: params.tokenId,
+      recipient: params.recipient,
+      amount: params.amount,
+      currency: params.currency ?? "USD",
+      description: params.description
+    }, idempotencyKey);
+    return res.data;
+  }
+  generateIdempotencyKey(params) {
+    const window = Math.floor(Date.now() / (5 * 60 * 1e3));
+    const input = `${params.amount}:${params.recipient}:${params.currency ?? "USD"}:${window}`;
+    return `auto_${crypto.createHash("sha256").update(input).digest("hex").slice(0, 24)}`;
+  }
+  /** Get a transaction by ID. */
+  async getTransaction(transactionId) {
+    const res = await this._get(`/transactions/${transactionId}`);
+    return res.data;
+  }
+  /** List transactions with optional filters. */
+  async listTransactions(params) {
+    return this._list("/transactions", params);
+  }
+  /**
+   * Initiate a refund. Full or partial.
+   *
+   * Refund routing mirrors payment routing:
+   *   - Billing API merchants: calls their refund API
+   *   - ACP merchants: initiates refund through PSP
+   *   - VIC transactions: standard Visa dispute flow
+   */
+  async refund(params) {
+    const res = await this._post("/refunds", {
+      transactionId: params.transactionId,
+      amount: params.amount,
+      reason: params.reason
+    }, params.idempotencyKey);
+    return res.data;
+  }
+  /** Get a refund by ID. */
+  async getRefund(refundId) {
+    const res = await this._get(`/refunds/${refundId}`);
+    return res.data;
+  }
+};
+
+// src/resources/products.ts
+var Products = class extends Resource {
+  get basePath() {
+    return "/api/sdk/products";
+  }
+  /** Search the Lane product catalog. */
+  async search(params) {
+    return this._list("/search", { ...params });
+  }
+  /** Get a product by ID. */
+  async get(productId) {
+    const res = await this._get(`/${productId}`);
+    return res.data;
+  }
+  /** List available merchants. */
+  async listMerchants(params) {
+    return this._list("/merchants", params);
+  }
+  /** Get a merchant by ID or slug. */
+  async getMerchant(merchantIdOrSlug) {
+    const res = await this.client.get(`/api/sdk/merchants/${merchantIdOrSlug}`);
+    return res.data;
+  }
+};
+
+// src/resources/checkout.ts
+var Checkout = class extends Resource {
+  get basePath() {
+    return "/api/sdk/checkout";
+  }
+  /** Create a new checkout session for a product. */
+  async create(params) {
+    const body = {
+      productId: params.productId,
+      walletId: params.walletId,
+      quantity: params.quantity ?? 1
+    };
+    if ("plan" in params && params.plan !== void 0) {
+      body.plan = params.plan;
+    }
+    if ("parameters" in params && params.parameters !== void 0) {
+      body.parameters = params.parameters;
+    }
+    const res = await this._post("", body, params.idempotencyKey);
+    return res.data;
+  }
+  /** Complete a checkout session — processes payment and returns the order. */
+  async complete(sessionId) {
+    const res = await this._post(`/${sessionId}/complete`);
+    return res.data;
+  }
+  /** Get the status of a checkout session. */
+  async get(sessionId) {
+    const res = await this._get(`/${sessionId}`);
+    return res.data;
+  }
+  /** Cancel a pending checkout session. */
+  async cancel(sessionId) {
+    const res = await this._post(`/${sessionId}/cancel`);
+    return res.data;
+  }
+};
+
+// src/resources/sell.ts
+var Sell = class extends Resource {
+  get basePath() {
+    return "/api/sdk/sell";
+  }
+  /**
+   * List a product for sale on the Lane marketplace.
+   *
+   * Lane will:
+   *   1. List the product in the Product API (discoverable by any agent)
+   *   2. Create a proxy endpoint (handles auth + metering)
+   *   3. Generate API keys for buyers automatically
+   *   4. Meter usage and bill buyer wallets
+   *   5. Pay out to seller (minus Lane fee)
+   */
+  async create(params) {
+    const res = await this._post("/products", {
+      name: params.name,
+      type: params.type,
+      endpoint: params.endpoint,
+      mcpEndpoint: params.mcpEndpoint,
+      pricing: params.pricing,
+      description: params.description,
+      auth: params.auth
+    }, params.idempotencyKey);
+    return res.data;
+  }
+  /** Update an existing product listing. */
+  async update(productId, params) {
+    const res = await this._put(`/products/${productId}`, params);
+    return res.data;
+  }
+  /** Deactivate a product listing (soft delete). */
+  async deactivate(productId) {
+    await this._delete(`/products/${productId}`);
+  }
+  /** Get a product you've listed. */
+  async get(productId) {
+    const res = await this._get(`/products/${productId}`);
+    return res.data;
+  }
+  /** List all products you've listed for sale. */
+  async list(params) {
+    return this._list("/products", params);
+  }
+  /** Get analytics for a product you've listed. */
+  async analytics(params) {
+    const res = await this._get(
+      `/products/${params.productId}/analytics`,
+      { period: params.period }
+    );
+    return res.data;
+  }
+  /** List a software product using an SCP manifest. */
+  async createSoftwareProduct(manifest) {
+    const res = await this._post("/software", manifest);
+    return res.data;
+  }
+};
+
+// src/resources/admin.ts
+var Admin = class extends Resource {
+  get basePath() {
+    return "/api/sdk/admin";
+  }
+  // -------------------------------------------------------------------------
+  // Spending
+  // -------------------------------------------------------------------------
+  /** Get spending summary with optional grouping by team/developer/agent. */
+  async spending(params) {
+    const res = await this._get("/spending", params);
+    return res.data;
+  }
+  // -------------------------------------------------------------------------
+  // Budgets
+  // -------------------------------------------------------------------------
+  /** Get current budget configuration. */
+  async getBudget(scope) {
+    const res = await this._get("/budgets", scope);
+    return res.data;
+  }
+  /** Update budget limits. */
+  async setBudget(config) {
+    const res = await this._put("/budgets", config);
+    return res.data;
+  }
+  // -------------------------------------------------------------------------
+  // Team Members
+  // -------------------------------------------------------------------------
+  /** List team members. */
+  async listMembers(params) {
+    return this._list("/members", params);
+  }
+  /** Invite a team member. */
+  async inviteMember(params) {
+    const res = await this._post("/members", params);
+    return res.data;
+  }
+  /** Update a team member's role. */
+  async updateMember(memberId, params) {
+    const res = await this._put(`/members/${memberId}`, params);
+    return res.data;
+  }
+  /** Remove a team member. */
+  async removeMember(memberId) {
+    await this._delete(`/members/${memberId}`);
+  }
+  // -------------------------------------------------------------------------
+  // Account Management (GDPR)
+  // -------------------------------------------------------------------------
+  /**
+   * Export all developer data as JSON (GDPR data portability).
+   */
+  async exportData() {
+    const res = await this._get("/export");
+    return res.data;
+  }
+  /**
+   * Delete the developer account and purge all PII (GDPR right to erasure).
+   * Transaction records are anonymized (amount + merchant retained for regulatory).
+   */
+  async deleteAccount() {
+    const res = await this._delete("/account");
+    return res.data;
+  }
+};
+
+// src/resources/webhooks.ts
+var Webhooks = class extends Resource {
+  get basePath() {
+    return "/api/sdk/webhooks";
+  }
+  /** Register a new webhook endpoint. */
+  async create(params) {
+    const res = await this._post("", params);
+    return res.data;
+  }
+  /** List registered webhooks. */
+  async list() {
+    return this._list();
+  }
+  /** Get a webhook by ID. */
+  async get(webhookId) {
+    const res = await this._get(`/${webhookId}`);
+    return res.data;
+  }
+  /** Update a webhook configuration. */
+  async update(webhookId, params) {
+    const res = await this._put(`/${webhookId}`, params);
+    return res.data;
+  }
+  /** Delete a webhook endpoint. */
+  async delete(webhookId) {
+    await this._delete(`/${webhookId}`);
+  }
+  /**
+   * Verify a webhook payload's signature.
+   *
+   * Use this in your webhook handler to confirm the payload was sent by Lane.
+   *
+   * @param payload   - Raw request body string
+   * @param signature - Value of X-Lane-Signature header
+   * @param secret    - Your webhook signing secret
+   * @param timestamp - Value of X-Lane-Timestamp header (unix seconds)
+   */
+  verify(payload, signature, secret, timestamp) {
+    return verifyWebhookSignature(payload, signature, secret, timestamp);
+  }
+  /**
+   * Parse and verify a webhook payload in one step.
+   * Throws if signature is invalid.
+   */
+  constructEvent(payload, signature, secret, timestamp) {
+    if (!this.verify(payload, signature, secret, timestamp)) {
+      throw new Error("Invalid webhook signature");
+    }
+    return JSON.parse(payload);
+  }
+};
+
+// src/resources/vic.ts
+var VIC = class extends Resource {
+  get basePath() {
+    return "/api/sdk/vic";
+  }
+  /**
+   * Issue a VIC agentic token. This provisions a Visa network token (DPAN)
+   * scoped to the agent's constraints: amount limits, merchant restrictions,
+   * and time bounds.
+   *
+   * The token works at any Visa-accepting merchant — not just Lane catalog.
+   */
+  async issue(params) {
+    const res = await this._post("/tokens", {
+      walletId: params.walletId,
+      cardId: params.cardId,
+      maxTransactionAmount: params.maxTransactionAmount,
+      allowedMCCs: params.allowedMCCs,
+      expiresIn: params.expiresIn ?? "24h"
+    }, params.idempotencyKey);
+    return res.data;
+  }
+  /**
+   * Get a transaction-specific cryptogram for a VIC token.
+   * Called just before payment execution — the cryptogram is single-use.
+   */
+  async getCryptogram(tokenId, params) {
+    const res = await this._post(
+      `/tokens/${tokenId}/cryptogram`,
+      params
+    );
+    return res.data;
+  }
+  /** Get a VIC token by ID. */
+  async get(tokenId) {
+    const res = await this._get(`/tokens/${tokenId}`);
+    return res.data;
+  }
+  /** List VIC tokens for a wallet. */
+  async list(params) {
+    return this._list("/tokens", params);
+  }
+  /** Revoke a VIC token immediately. */
+  async revoke(tokenId) {
+    const res = await this._post(`/tokens/${tokenId}/revoke`);
+    return res.data;
+  }
+  /** Suspend a VIC token (can be reactivated). */
+  async suspend(tokenId) {
+    const res = await this._post(`/tokens/${tokenId}/suspend`);
+    return res.data;
+  }
+  /** Reactivate a suspended VIC token. */
+  async reactivate(tokenId) {
+    const res = await this._post(`/tokens/${tokenId}/reactivate`);
+    return res.data;
+  }
+};
+
+// src/resources/metering.ts
+var Metering = class extends Resource {
+  get basePath() {
+    return "/api/sdk/metering";
+  }
+  /**
+   * Record a usage event (API call, token consumption, etc.).
+   * Called by the seller's service when a buyer uses it.
+   */
+  async record(params) {
+    const res = await this._post("/usage", {
+      productId: params.productId,
+      buyerId: params.buyerId,
+      quantity: params.quantity,
+      unit: params.unit ?? "calls"
+    }, params.idempotencyKey);
+    return res.data;
+  }
+  /**
+   * Record a batch of usage events efficiently.
+   */
+  async recordBatch(records) {
+    const res = await this._post("/usage/batch", {
+      records
+    });
+    return res.data;
+  }
+  /** Query usage for a product. */
+  async query(params) {
+    return this._list("/usage", params);
+  }
+  /** Get an aggregated usage report. */
+  async report(params) {
+    const res = await this._get("/reports", params);
+    return res.data;
+  }
+  /** Get or update metering config for a product. */
+  async getConfig(productId) {
+    const res = await this._get(`/config/${productId}`);
+    return res.data;
+  }
+  async setConfig(productId, config) {
+    const res = await this._put(`/config/${productId}`, config);
+    return res.data;
+  }
+};
+
+// src/resources/payouts.ts
+var Payouts = class extends Resource {
+  get basePath() {
+    return "/api/sdk/payouts";
+  }
+  /** Get payout configuration. */
+  async getConfig() {
+    const res = await this._get("/config");
+    return res.data;
+  }
+  /** Set up or update payout configuration. */
+  async setConfig(config) {
+    const res = await this._put("/config", config);
+    return res.data;
+  }
+  /** List payouts. */
+  async list(params) {
+    return this._list("", params);
+  }
+  /** Get a specific payout. */
+  async get(payoutId) {
+    const res = await this._get(`/${payoutId}`);
+    return res.data;
+  }
+};
+
+// src/resources/teams.ts
+var Teams = class extends Resource {
+  get basePath() {
+    return "/api/sdk/teams";
+  }
+  /** Create a new team. */
+  async create(params) {
+    const res = await this._post("", params);
+    return res.data;
+  }
+  /** List teams. */
+  async list(params) {
+    return this._list("", params);
+  }
+  /** Get a team by ID. */
+  async get(teamId) {
+    const res = await this._get(`/${teamId}`);
+    return res.data;
+  }
+  /** Update a team. */
+  async update(teamId, params) {
+    const res = await this._put(`/${teamId}`, params);
+    return res.data;
+  }
+  /** Delete a team. */
+  async delete(teamId) {
+    await this._delete(`/${teamId}`);
+  }
+  /** Add a member to a team. */
+  async addMember(teamId, params) {
+    const res = await this._post(`/${teamId}/members`, params);
+    return res.data;
+  }
+  /** List team members. */
+  async listMembers(teamId, params) {
+    return this._list(`/${teamId}/members`, params);
+  }
+  /** Remove a member from a team. */
+  async removeMember(teamId, memberId) {
+    await this._delete(`/${teamId}/members/${memberId}`);
+  }
+  /** Get the hierarchical budget for a team (org > team > developer > agent). */
+  async getHierarchicalBudget(teamId) {
+    const res = await this._get(`/${teamId}/budget/hierarchy`);
+    return res.data;
+  }
+  /** Set the team-level budget. */
+  async setBudget(teamId, budget) {
+    const res = await this._put(`/${teamId}/budget`, budget);
+    return res.data;
+  }
+};
+
+// src/resources/agents.ts
+var Agents = class extends Resource {
+  get basePath() {
+    return "/api/sdk/agents";
+  }
+  /** Register a new agent in the fleet. */
+  async register(params) {
+    const res = await this._post("", params);
+    return res.data;
+  }
+  /** Get an agent by ID. */
+  async get(agentId) {
+    const res = await this._get(`/${agentId}`);
+    return res.data;
+  }
+  /** List agents in the fleet. */
+  async list(params) {
+    return this._list("", params);
+  }
+  /** Update an agent's policy. */
+  async setPolicy(agentId, policy) {
+    const res = await this._put(`/${agentId}/policy`, policy);
+    return res.data;
+  }
+  /** Suspend an agent (temporary, can be reactivated). */
+  async suspend(agentId) {
+    const res = await this._post(`/${agentId}/suspend`);
+    return res.data;
+  }
+  /** Reactivate a suspended agent. */
+  async reactivate(agentId) {
+    const res = await this._post(`/${agentId}/reactivate`);
+    return res.data;
+  }
+  /** Permanently revoke an agent. */
+  async revoke(agentId) {
+    const res = await this._post(`/${agentId}/revoke`);
+    return res.data;
+  }
+  /** Assign a wallet to an agent (per-agent wallet). */
+  async assignWallet(agentId, walletId) {
+    const res = await this._put(`/${agentId}/wallet`, { walletId });
+    return res.data;
+  }
+};
+
+// src/resources/audit.ts
+var Audit = class extends Resource {
+  get basePath() {
+    return "/api/sdk/audit";
+  }
+  /** Query audit log entries. */
+  async query(params) {
+    return this._list("/logs", params ? { ...params } : void 0);
+  }
+  /** Get a specific audit entry by ID. */
+  async get(entryId) {
+    const res = await this._get(`/logs/${entryId}`);
+    return res.data;
+  }
+  /**
+   * Export audit logs for a date range (SOC 2 compliance).
+   * Returns a download URL for the audit log archive.
+   */
+  async export(params) {
+    const res = await this._post("/export", params);
+    return res.data;
+  }
+  /** Get audit summary/statistics for a period. */
+  async summary(params) {
+    const res = await this._get("/summary", params);
+    return res.data;
+  }
+};
+
+// src/resources/identity.ts
+var Identity = class extends Resource {
+  get basePath() {
+    return "/api/sdk/identity";
+  }
+  /**
+   * Register an agent for identity verification.
+   * This starts the KYC chain: Human (developer) vouches for Agent.
+   */
+  async register(params) {
+    const res = await this._post("", params);
+    return res.data;
+  }
+  /**
+   * Complete identity verification using a developer-provided code.
+   * This establishes the Human -> Lane -> Agent chain.
+   */
+  async verify(params) {
+    const res = await this._post(
+      `/${params.identityId}/verify`,
+      { verificationCode: params.verificationCode }
+    );
+    return res.data;
+  }
+  /** Get an agent identity by ID. */
+  async get(identityId) {
+    const res = await this._get(`/${identityId}`);
+    return res.data;
+  }
+  /** List agent identities. */
+  async list(params) {
+    return this._list("", params);
+  }
+  /**
+   * Get the current attestation for a verified identity.
+   * The attestation is a cryptographic proof that Lane has verified the
+   * Human -> Agent chain.
+   */
+  async getAttestation(identityId) {
+    const res = await this._get(`/${identityId}/attestation`);
+    return res.data;
+  }
+  /**
+   * Refresh the attestation (generates a new signed document).
+   * Useful when the previous attestation is nearing expiry.
+   */
+  async refreshAttestation(identityId) {
+    const res = await this._post(`/${identityId}/attestation/refresh`);
+    return res.data;
+  }
+  /** Suspend an agent identity. */
+  async suspend(identityId) {
+    const res = await this._post(`/${identityId}/suspend`);
+    return res.data;
+  }
+  /** Revoke an agent identity permanently. */
+  async revoke(identityId) {
+    const res = await this._post(`/${identityId}/revoke`);
+    return res.data;
+  }
+};
+
+// src/resources/subscriptions.ts
+var Subscriptions = class extends Resource {
+  get basePath() {
+    return "/api/sdk/subscriptions";
+  }
+  /** Create a new subscription. */
+  async create(params) {
+    const res = await this._post("", params);
+    return res.data;
+  }
+  /** List subscriptions, optionally filtered by status. */
+  async list(params) {
+    return this._list("", params);
+  }
+  /** Get a subscription by ID. */
+  async get(subscriptionId) {
+    const res = await this._get(`/${subscriptionId}`);
+    return res.data;
+  }
+  /** Cancel a subscription. */
+  async cancel(subscriptionId) {
+    const res = await this._post(`/${subscriptionId}/cancel`, {});
+    return res.data;
+  }
+  /** Upgrade a subscription to a higher plan. */
+  async upgrade(subscriptionId, params) {
+    const res = await this._post(`/${subscriptionId}/upgrade`, params);
+    return res.data;
+  }
+  /** Downgrade a subscription to a lower plan. */
+  async downgrade(subscriptionId, params) {
+    const res = await this._post(`/${subscriptionId}/downgrade`, params);
+    return res.data;
+  }
+  /** Pause a subscription. */
+  async pause(subscriptionId) {
+    const res = await this._post(`/${subscriptionId}/pause`, {});
+    return res.data;
+  }
+  /** Resume a paused subscription. */
+  async resume(subscriptionId) {
+    const res = await this._post(`/${subscriptionId}/resume`, {});
+    return res.data;
+  }
+};
+
+// src/resources/merchants.ts
+var Merchants = class extends Resource {
+  get basePath() {
+    return "/api/sdk/merchants";
+  }
+  /** List/search the merchant directory. */
+  async list(params) {
+    return this._list("", params);
+  }
+  /** Get a merchant by ID, slug, or domain. */
+  async get(idOrSlug) {
+    const res = await this._get(`/${idOrSlug}`);
+    return res.data;
+  }
+  /** List merchants that support a specific protocol. */
+  async listByProtocol(protocol, params) {
+    return this._list("", { ...params, protocol });
+  }
+  /** List merchants in a specific vertical. */
+  async listByVertical(vertical, params) {
+    return this._list("", { ...params, vertical });
+  }
+  /** List only Lane-onboarded merchants. */
+  async listOnboarded(params) {
+    return this._list("", { ...params, tier: "lane_onboarded" });
+  }
+  /** List all verticals with subcategories and counts. */
+  async verticals() {
+    const res = await this._get("/verticals");
+    return res.data;
+  }
+  /** Discover a protocol-compatible merchant by domain. */
+  async discover(domain) {
+    const res = await this._post("/discover", { domain });
+    return res.data;
+  }
+};
+
+// src/lane.ts
+var Lane = class _Lane {
+  client;
+  _config;
+  // Lazily initialized resources
+  _auth;
+  _wallets;
+  _pay;
+  _products;
+  _checkout;
+  _sell;
+  _admin;
+  _webhooks;
+  _vic;
+  _metering;
+  _payouts;
+  _teams;
+  _agents;
+  _audit;
+  _identity;
+  _subscriptions;
+  _merchants;
+  /**
+   * Private constructor — use `Lane.create()` for async config resolution,
+   * or `new Lane(resolvedConfig)` if you've already resolved config.
+   */
+  constructor(config) {
+    this._config = config;
+    this.client = new LaneClient(config);
+  }
+  /**
+   * Create a new Lane SDK instance with async config resolution.
+   *
+   * Resolves API key from: constructor > env var > credentials file.
+   */
+  static async create(options = {}) {
+    const config = await resolveConfig(options, options.tokenStore);
+    return new _Lane(config);
+  }
+  /**
+   * Create a Lane SDK instance synchronously (requires explicit apiKey).
+   *
+   * Use this when you already have the API key and don't need file-based
+   * credential resolution.
+   */
+  static fromApiKey(apiKey, options = {}) {
+    const testMode = options.testMode ?? apiKey.startsWith("lane_sk_test_");
+    const config = Object.freeze({
+      apiKey,
+      baseUrl: options.baseUrl ?? process.env["LANE_BASE_URL"] ?? "https://api.getonlane.com",
+      testMode,
+      timeout: options.timeout ?? 3e4,
+      maxRetries: options.maxRetries ?? 2,
+      circuitBreaker: options.circuitBreaker ? Object.freeze({
+        failureThreshold: options.circuitBreaker.failureThreshold ?? 3,
+        resetTimeoutMs: options.circuitBreaker.resetTimeoutMs ?? 3e4
+      }) : void 0
+    });
+    return new _Lane(config);
+  }
+  // -------------------------------------------------------------------------
+  // Resource Accessors (lazy initialization)
+  // -------------------------------------------------------------------------
+  /** Authentication — login, whoami, key rotation. */
+  get auth() {
+    return this._auth ??= new Auth(this.client);
+  }
+  /** Wallets — create, list cards, add card, revoke. */
+  get wallets() {
+    return this._wallets ??= new Wallets(this.client);
+  }
+  /** Pay — agentic tokens, payment execution, refunds. */
+  get pay() {
+    return this._pay ??= new Pay(this.client);
+  }
+  /** Products — search catalog, list merchants. */
+  get products() {
+    return this._products ??= new Products(this.client);
+  }
+  /** Checkout — create and complete checkout sessions. */
+  get checkout() {
+    return this._checkout ??= new Checkout(this.client);
+  }
+  /** Sell — list products for sale, analytics (Make-a-SaaS). */
+  get sell() {
+    return this._sell ??= new Sell(this.client);
+  }
+  /** Admin — spending, budgets, team management, GDPR. */
+  get admin() {
+    return this._admin ??= new Admin(this.client);
+  }
+  /** Webhooks — register, verify, manage webhook endpoints. */
+  get webhooks() {
+    return this._webhooks ??= new Webhooks(this.client);
+  }
+  /** VIC — Visa Intelligent Commerce agentic tokens (Phase 2). */
+  get vic() {
+    return this._vic ??= new VIC(this.client);
+  }
+  /** Metering — usage tracking for Make-a-SaaS sellers (Phase 4). */
+  get metering() {
+    return this._metering ??= new Metering(this.client);
+  }
+  /** Payouts — seller disbursements (Phase 4). */
+  get payouts() {
+    return this._payouts ??= new Payouts(this.client);
+  }
+  /** Teams — team management with hierarchical budgets (Phase 5). */
+  get teams() {
+    return this._teams ??= new Teams(this.client);
+  }
+  /** Agents — fleet management with per-agent policies (Phase 5). */
+  get agents() {
+    return this._agents ??= new Agents(this.client);
+  }
+  /** Audit — immutable audit trail for SOC 2 compliance (Phase 5). */
+  get audit() {
+    return this._audit ??= new Audit(this.client);
+  }
+  /** Identity — agent identity and KYC chain (Phase 6). */
+  get identity() {
+    return this._identity ??= new Identity(this.client);
+  }
+  /** Subscriptions — manage software subscriptions (SCP). */
+  get subscriptions() {
+    return this._subscriptions ??= new Subscriptions(this.client);
+  }
+  /** Merchants — discover and search the merchant directory. */
+  get merchants() {
+    return this._merchants ??= new Merchants(this.client);
+  }
+  // -------------------------------------------------------------------------
+  // Observability
+  // -------------------------------------------------------------------------
+  /** Subscribe to SDK events (request, response, error, retry). */
+  on(event, listener) {
+    this.client.on(event, listener);
+    return this;
+  }
+  // -------------------------------------------------------------------------
+  // Metadata
+  // -------------------------------------------------------------------------
+  /** Whether this instance is operating in test mode. */
+  get testMode() {
+    return this._config.testMode;
+  }
+  /** The resolved base URL. */
+  get baseUrl() {
+    return this._config.baseUrl;
+  }
+};
+
+// src/mcp/tool.ts
+var LaneTool = class {
+  lane;
+  constructor(lane) {
+    this.lane = lane;
+  }
+  /**
+   * Public entry point — validates input, runs tool, formats output.
+   * Catches LaneErrors and formats them as structured agent-readable responses.
+   */
+  async execute(input) {
+    try {
+      const parsed = this.definition.inputSchema.parse(input);
+      const result = await this.run(parsed);
+      return {
+        content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+      };
+    } catch (err) {
+      if (err instanceof LaneError) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(
+                {
+                  error: err.code,
+                  message: err.message,
+                  suggestedAction: err.suggestedAction,
+                  retryable: err.retryable
+                },
+                null,
+                2
+              )
+            }
+          ],
+          isError: true
+        };
+      }
+      const message = err instanceof Error ? err.message : String(err);
+      return {
+        content: [{ type: "text", text: JSON.stringify({ error: "tool_error", message }, null, 2) }],
+        isError: true
+      };
+    }
+  }
+};
+
+// src/mcp/tools/whoami.ts
+var WhoamiTool = class extends LaneTool {
+  get definition() {
+    return {
+      name: "whoami",
+      description: "Get the authenticated developer profile. Returns email, plan, and member since date.",
+      inputSchema: zod.z.object({})
+    };
+  }
+  async run() {
+    return this.lane.auth.whoami();
+  }
+};
+var inputSchema = zod.z.object({
+  walletId: zod.z.string().optional().describe("Wallet ID. Uses default wallet if not provided.")
+});
+var ListCardsTool = class extends LaneTool {
+  get definition() {
+    return {
+      name: "list_cards",
+      description: "List available payment cards. Returns last4 and brand only \u2014 never full card numbers. Use this to check what payment methods are available before making a purchase.",
+      inputSchema
+    };
+  }
+  async run(input) {
+    let walletId = input.walletId;
+    if (!walletId) {
+      const wallets = await this.lane.wallets.list({ limit: 1 });
+      if (wallets.data.length === 0) {
+        return { cards: [], message: "No wallets found. Ask the developer to run `lane add-card`." };
+      }
+      walletId = wallets.data[0].id;
+    }
+    const cards = await this.lane.wallets.listCards(walletId);
+    return { cards };
+  }
+};
+var inputSchema2 = zod.z.object({
+  cardId: zod.z.string().optional().describe("Specific card ID to check balance for.")
+});
+var CheckBalanceTool = class extends LaneTool {
+  get definition() {
+    return {
+      name: "check_balance",
+      description: "Check remaining spending budget and limits. Returns daily limit, weekly limit, monthly limit, per-task limit, and how much has been spent today. Always check balance before making a payment to avoid exceeding limits.",
+      inputSchema: inputSchema2
+    };
+  }
+  async run(_input) {
+    const [budget, spending] = await Promise.all([
+      this.lane.admin.getBudget(),
+      this.lane.admin.spending({ period: "1d" })
+    ]);
+    return {
+      spentToday: spending.total,
+      currency: spending.currency,
+      limits: {
+        daily: budget.dailyLimit ?? null,
+        weekly: budget.weeklyLimit ?? null,
+        monthly: budget.monthlyLimit ?? null,
+        perTask: budget.perTaskLimit ?? null,
+        confirmationThreshold: budget.confirmationThreshold ?? null
+      },
+      remaining: budget.dailyLimit ? { daily: budget.dailyLimit - spending.total } : null
+    };
+  }
+};
+var inputSchema3 = zod.z.object({
+  amount: zod.z.number().positive().describe("Payment amount in dollars (e.g. 20.00)."),
+  currency: zod.z.string().default("USD").describe("Currency code (default: USD)."),
+  recipient: zod.z.string().describe('Merchant or service to pay (e.g. "replicate.com").'),
+  description: zod.z.string().optional().describe("What this payment is for."),
+  idempotencyKey: zod.z.string().optional().describe("Unique key to prevent duplicate charges on retry.")
+});
+var PayTool = class extends LaneTool {
+  get definition() {
+    return {
+      name: "pay",
+      description: "Execute a payment to a merchant or service. The payment is routed through the best available path (billing API, ACP, or VIC token). Amount is in dollars. Always check_balance first to ensure the payment is within limits. Provide an idempotencyKey to prevent double charges if you need to retry.",
+      inputSchema: inputSchema3
+    };
+  }
+  async run(input) {
+    const txn = await this.lane.pay.execute({
+      recipient: input.recipient,
+      amount: Math.round(input.amount * 100),
+      // Convert dollars to cents
+      currency: input.currency,
+      description: input.description,
+      idempotencyKey: input.idempotencyKey
+    });
+    return {
+      transactionId: txn.id,
+      amount: txn.amount / 100,
+      // Back to dollars for display
+      currency: txn.currency,
+      recipient: txn.recipient,
+      status: txn.status,
+      receiptUrl: txn.receiptUrl,
+      testMode: txn.testMode
+    };
+  }
+};
+var inputSchema4 = zod.z.object({
+  limit: zod.z.number().int().min(1).max(100).default(10).describe("Number of transactions to return."),
+  offset: zod.z.number().int().min(0).default(0).describe("Offset for pagination."),
+  cardId: zod.z.string().optional().describe("Filter by specific card ID.")
+});
+var ListTransactionsTool = class extends LaneTool {
+  get definition() {
+    return {
+      name: "list_transactions",
+      description: "List recent payment transactions. Shows amount, recipient, timestamp, status, and description. Use this to review spending history or verify a payment was successful.",
+      inputSchema: inputSchema4
+    };
+  }
+  async run(input) {
+    const result = await this.lane.pay.listTransactions({
+      limit: input.limit,
+      offset: input.offset,
+      cardId: input.cardId
+    });
+    return {
+      transactions: result.data.map((txn) => ({
+        id: txn.id,
+        amount: txn.amount / 100,
+        currency: txn.currency,
+        recipient: txn.recipient,
+        description: txn.description,
+        status: txn.status,
+        testMode: txn.testMode,
+        createdAt: txn.createdAt
+      })),
+      total: result.total,
+      limit: result.limit,
+      offset: result.offset
+    };
+  }
+};
+var inputSchema5 = zod.z.object({
+  query: zod.z.string().describe('Search query (e.g. "image resize API", "API credits").'),
+  type: zod.z.enum(["skill", "api", "saas", "opensource"]).optional().describe("Filter by product type."),
+  limit: zod.z.number().int().min(1).max(50).default(10).describe("Number of results.")
+});
+var SearchProductsTool = class extends LaneTool {
+  get definition() {
+    return {
+      name: "search_products",
+      description: "Search the Lane product catalog for APIs, skills, SaaS, and open source tools. Returns product name, description, pricing, and seller info. Use this to find services the agent can purchase.",
+      inputSchema: inputSchema5
+    };
+  }
+  async run(input) {
+    const result = await this.lane.products.search({
+      query: input.query,
+      type: input.type,
+      limit: input.limit
+    });
+    return {
+      products: result.data.map((p) => ({
+        id: p.id,
+        name: p.name,
+        description: p.description,
+        type: p.type,
+        pricing: p.pricing,
+        rating: p.rating
+      })),
+      total: result.total
+    };
+  }
+};
+var inputSchema6 = zod.z.object({
+  productId: zod.z.string().describe("Product ID from search_products results."),
+  walletId: zod.z.string().optional().describe("Wallet ID. Uses default if not provided."),
+  quantity: zod.z.number().int().min(1).default(1).describe("Quantity to purchase.")
+});
+var CheckoutTool = class extends LaneTool {
+  get definition() {
+    return {
+      name: "checkout",
+      description: "Purchase a product from the Lane catalog. Creates a checkout session and completes payment in one step. Returns the order details including any API keys or endpoints. Use search_products first to find the product ID.",
+      inputSchema: inputSchema6
+    };
+  }
+  async run(input) {
+    let walletId = input.walletId;
+    if (!walletId) {
+      const wallets = await this.lane.wallets.list({ limit: 1 });
+      if (wallets.data.length === 0) {
+        return {
+          error: "no_wallet",
+          message: "No wallet found. Ask the developer to run `lane add-card` first."
+        };
+      }
+      walletId = wallets.data[0].id;
+    }
+    const session = await this.lane.checkout.create({
+      productId: input.productId,
+      walletId,
+      quantity: input.quantity
+    });
+    const order = await this.lane.checkout.complete(session.id);
+    return {
+      orderId: order.id,
+      productId: order.productId,
+      amount: order.amount / 100,
+      currency: order.currency,
+      status: order.status,
+      apiKey: order.apiKey,
+      endpoint: order.endpoint
+    };
+  }
+};
+var inputSchema7 = zod.z.object({
+  daily: zod.z.number().positive().optional().describe("Daily spending limit in dollars."),
+  weekly: zod.z.number().positive().optional().describe("Weekly spending limit in dollars."),
+  monthly: zod.z.number().positive().optional().describe("Monthly spending limit in dollars."),
+  perTask: zod.z.number().positive().optional().describe("Per-task spending limit in dollars.")
+});
+var SetBudgetTool = class extends LaneTool {
+  get definition() {
+    return {
+      name: "set_budget",
+      description: "Set spending limits for agent payments. Amounts are in dollars. Only the authenticated developer can change these limits. The agent cannot exceed these limits when using the pay tool.",
+      inputSchema: inputSchema7
+    };
+  }
+  async run(input) {
+    const config = await this.lane.admin.setBudget({
+      dailyLimit: input.daily ? Math.round(input.daily * 100) : void 0,
+      weeklyLimit: input.weekly ? Math.round(input.weekly * 100) : void 0,
+      monthlyLimit: input.monthly ? Math.round(input.monthly * 100) : void 0,
+      perTaskLimit: input.perTask ? Math.round(input.perTask * 100) : void 0
+    });
+    return {
+      limits: {
+        daily: config.dailyLimit ? config.dailyLimit / 100 : null,
+        weekly: config.weeklyLimit ? config.weeklyLimit / 100 : null,
+        monthly: config.monthlyLimit ? config.monthlyLimit / 100 : null,
+        perTask: config.perTaskLimit ? config.perTaskLimit / 100 : null
+      }
+    };
+  }
+};
+var inputSchema8 = zod.z.object({
+  transactionId: zod.z.string().describe("Transaction ID to refund."),
+  amount: zod.z.number().positive().optional().describe("Refund amount in dollars. If omitted, full refund."),
+  reason: zod.z.string().optional().describe("Reason for the refund.")
+});
+var RequestRefundTool = class extends LaneTool {
+  get definition() {
+    return {
+      name: "request_refund",
+      description: "Request a refund for a previous transaction. Partial or full refunds are supported. The developer may need to approve refunds above a certain threshold. Use list_transactions to find the transaction ID.",
+      inputSchema: inputSchema8
+    };
+  }
+  async run(input) {
+    const refund = await this.lane.pay.refund({
+      transactionId: input.transactionId,
+      amount: input.amount ? Math.round(input.amount * 100) : void 0,
+      reason: input.reason
+    });
+    return {
+      refundId: refund.id,
+      transactionId: refund.transactionId,
+      amount: refund.amount / 100,
+      status: refund.status,
+      reason: refund.reason
+    };
+  }
+};
+var inputSchema9 = zod.z.object({
+  productId: zod.z.string().describe("Product ID to subscribe to."),
+  plan: zod.z.string().describe('Plan ID (e.g. "pro", "starter").'),
+  parameters: zod.z.record(zod.z.string(), zod.z.string()).optional().describe("SCP selection parameters (e.g. custom_domain, webhook_url).")
+});
+var SubscribeTool = class extends LaneTool {
+  get definition() {
+    return {
+      name: "subscribe",
+      description: "Subscribe to a software product. Creates a subscription with recurring billing from the wallet. Returns subscription details including access credentials. Use search_products first to find the product and plan IDs.",
+      inputSchema: inputSchema9
+    };
+  }
+  async run(input) {
+    const subscription = await this.lane.subscriptions.create({
+      productId: input.productId,
+      plan: input.plan,
+      parameters: input.parameters,
+      paymentSource: "wallet"
+    });
+    return {
+      subscriptionId: subscription.id,
+      productId: subscription.productId,
+      plan: subscription.plan,
+      status: subscription.status,
+      accessToken: subscription.accessToken,
+      currentPeriodStart: subscription.currentPeriodStart,
+      currentPeriodEnd: subscription.currentPeriodEnd
+    };
+  }
+};
+var inputSchema10 = zod.z.object({
+  status: zod.z.enum(["active", "paused", "canceled", "past_due", "trialing"]).optional().describe("Filter by subscription status."),
+  limit: zod.z.number().int().min(1).max(50).default(20).describe("Number of results.")
+});
+var ListSubscriptionsTool = class extends LaneTool {
+  get definition() {
+    return {
+      name: "list_subscriptions",
+      description: "List active subscriptions for the current wallet. Returns subscription details including product ID, plan, status, and billing period. Use this to check what software products the agent is currently subscribed to.",
+      inputSchema: inputSchema10
+    };
+  }
+  async run(input) {
+    const result = await this.lane.subscriptions.list({
+      status: input.status,
+      limit: input.limit
+    });
+    return {
+      subscriptions: result.data.map((s) => ({
+        id: s.id,
+        productId: s.productId,
+        plan: s.plan,
+        status: s.status,
+        currentPeriodStart: s.currentPeriodStart,
+        currentPeriodEnd: s.currentPeriodEnd
+      })),
+      total: result.total
+    };
+  }
+};
+var inputSchema11 = zod.z.object({
+  query: zod.z.string().describe('Search query (e.g. "monitoring API", "email service").'),
+  type: zod.z.enum(["software", "skill", "oss"]).optional().describe("Filter by software type. Defaults to all software types."),
+  pricingModel: zod.z.enum(["fixed", "subscription", "consumption"]).optional().describe("Filter by pricing model."),
+  limit: zod.z.number().int().min(1).max(50).default(10).describe("Number of results.")
+});
+var SearchSoftwareTool = class extends LaneTool {
+  get definition() {
+    return {
+      name: "search_software",
+      description: "Search for software products, SaaS tools, skills, and open source tools in the Lane catalog. Returns product details including SCP manifests, pricing, and plans. More targeted than search_products \u2014 focuses on software and subscribable products.",
+      inputSchema: inputSchema11
+    };
+  }
+  async run(input) {
+    const typeMap = {
+      software: "saas",
+      skill: "skill",
+      oss: "opensource"
+    };
+    const result = await this.lane.products.search({
+      query: input.query,
+      type: input.type ? typeMap[input.type] : void 0,
+      limit: input.limit
+    });
+    return {
+      products: result.data.map((p) => ({
+        id: p.id,
+        name: p.name,
+        description: p.description,
+        type: p.type,
+        pricing: p.pricing,
+        rating: p.rating
+      })),
+      total: result.total
+    };
+  }
+};
+var inputSchema12 = zod.z.object({
+  subscriptionId: zod.z.string().describe("Subscription ID to cancel.")
+});
+var CancelSubscriptionTool = class extends LaneTool {
+  get definition() {
+    return {
+      name: "cancel_subscription",
+      description: "Cancel an active subscription. The subscription will remain active until the end of the current billing period. Use list_subscriptions first to find the subscription ID.",
+      inputSchema: inputSchema12
+    };
+  }
+  async run(input) {
+    const subscription = await this.lane.subscriptions.cancel(input.subscriptionId);
+    return {
+      subscriptionId: subscription.id,
+      productId: subscription.productId,
+      plan: subscription.plan,
+      status: subscription.status,
+      canceledAt: subscription.canceledAt,
+      currentPeriodEnd: subscription.currentPeriodEnd
+    };
+  }
+};
+var inputSchema13 = zod.z.object({
+  query: zod.z.string().optional().describe("Search query to find merchants by name or description."),
+  merchantType: zod.z.enum(["ecommerce", "software", "api", "saas", "skill", "service"]).optional().describe("Filter by merchant type."),
+  vertical: zod.z.string().optional().describe('Filter by vertical (e.g. "fashion", "electronics", "developer_tools").'),
+  subcategory: zod.z.string().optional().describe('Filter by subcategory (e.g. "shoes", "laptops", "hosting").'),
+  tier: zod.z.enum(["lane_onboarded", "protocol"]).optional().describe("Filter by tier: lane_onboarded (full checkout) or protocol (ACP/UCP)."),
+  limit: zod.z.number().int().min(1).max(50).optional().default(10).describe("Max results to return (default 10).")
+});
+var DiscoverMerchantsTool = class extends LaneTool {
+  get definition() {
+    return {
+      name: "discover_merchants",
+      description: "Search the Lane merchant directory to find AI-shoppable merchants. Filter by type (ecommerce, software, api, saas, skill, service), vertical (fashion, electronics, developer_tools, etc.), subcategory (shoes, laptops, hosting, etc.), or free-text query. Returns merchant name, domain, capabilities, and supported protocols.",
+      inputSchema: inputSchema13
+    };
+  }
+  async run(input) {
+    const result = await this.lane.merchants.list({
+      query: input.query,
+      merchantType: input.merchantType,
+      vertical: input.vertical,
+      subcategory: input.subcategory,
+      tier: input.tier,
+      limit: input.limit
+    });
+    return {
+      merchants: result.data.map((m) => ({
+        name: m.name,
+        slug: m.slug,
+        domain: m.domain,
+        description: m.description,
+        tier: m.tier,
+        merchantType: m.merchantType,
+        vertical: m.vertical,
+        subcategories: m.subcategories,
+        protocols: m.protocols,
+        capabilities: m.capabilities,
+        productCount: m.productCount
+      })),
+      total: result.total,
+      showing: result.data.length
+    };
+  }
+};
+
+// src/mcp/server.ts
+var LaneMCPServer = class {
+  constructor(lane, options = {}) {
+    this.lane = lane;
+    this.mcp = new mcp_js.McpServer(
+      {
+        name: options.name ?? "lane",
+        version: options.version ?? "0.1.0"
+      },
+      {
+        capabilities: {
+          tools: {}
+        }
+      }
+    );
+    this.tools = [
+      new WhoamiTool(lane),
+      new ListCardsTool(lane),
+      new CheckBalanceTool(lane),
+      new PayTool(lane),
+      new ListTransactionsTool(lane),
+      new SearchProductsTool(lane),
+      new CheckoutTool(lane),
+      new SetBudgetTool(lane),
+      new RequestRefundTool(lane),
+      new SubscribeTool(lane),
+      new ListSubscriptionsTool(lane),
+      new SearchSoftwareTool(lane),
+      new CancelSubscriptionTool(lane),
+      new DiscoverMerchantsTool(lane)
+    ];
+    this.registerTools();
+  }
+  mcp;
+  tools;
+  registerTools() {
+    for (const tool of this.tools) {
+      const def = tool.definition;
+      this.mcp.registerTool(
+        def.name,
+        { description: def.description, inputSchema: def.inputSchema },
+        async (args) => {
+          const result = await tool.execute(args);
+          return { ...result };
+        }
+      );
+    }
+  }
+};
+
+// src/vgs/token.ts
+var TOKEN_REFRESH_MARGIN_MS = 6e4;
+var VGSTokenManager = class {
+  constructor(config) {
+    this.config = config;
+  }
+  cached = null;
+  /**
+   * Get a valid access token, refreshing if expired or near-expiry.
+   */
+  async getAccessToken() {
+    if (this.cached && Date.now() < this.cached.expiresAt - TOKEN_REFRESH_MARGIN_MS) {
+      return this.cached.accessToken;
+    }
+    return this.refresh();
+  }
+  /**
+   * Force-refresh the token.
+   */
+  async refresh() {
+    const tokenUrl = this.getTokenUrl();
+    const body = new URLSearchParams({
+      grant_type: "client_credentials",
+      client_id: this.config.clientId,
+      client_secret: this.config.clientSecret
+    });
+    const response = await fetch(tokenUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: body.toString()
+    });
+    if (!response.ok) {
+      throw LaneAuthError.invalidApiKey(
+        `VGS token exchange failed: ${response.status} ${response.statusText}`
+      );
+    }
+    const data = await response.json();
+    this.cached = {
+      accessToken: data.access_token,
+      expiresAt: Date.now() + data.expires_in * 1e3
+    };
+    return this.cached.accessToken;
+  }
+  /**
+   * Invalidate the cached token.
+   */
+  invalidate() {
+    this.cached = null;
+  }
+  getTokenUrl() {
+    const env = this.config.environment === "live" ? "live" : "sandbox";
+    return `https://auth.verygoodsecurity.com/vaults/${this.config.vaultId}/tokens?env=${env}`;
+  }
+};
+
+// src/vgs/proxy.ts
+var VGSOutboundProxy = class {
+  constructor(config) {
+    this.config = config;
+    this.tokenManager = new VGSTokenManager(config);
+  }
+  tokenManager;
+  /**
+   * Send a request through the VGS outbound proxy.
+   * VGS aliases in the body are de-tokenized and revealed to the target PSP.
+   */
+  async forward(request) {
+    const accessToken = await this.tokenManager.getAccessToken();
+    const proxyUrl = this.getProxyUrl();
+    const response = await fetch(proxyUrl, {
+      method: request.method,
+      headers: {
+        ...request.headers,
+        "Authorization": `Bearer ${accessToken}`,
+        "X-VGS-Route-Id": this.config.routeId,
+        "X-VGS-Upstream-Url": request.url,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(request.body)
+    });
+    const responseBody = await response.json().catch(() => null);
+    if (!response.ok) {
+      throw new LanePaymentError(
+        `VGS proxy request failed: ${response.status}`,
+        {
+          code: "vgs_proxy_error",
+          statusCode: response.status,
+          retryable: response.status >= 500,
+          suggestedAction: "Check VGS vault configuration and PSP endpoint whitelist."
+        }
+      );
+    }
+    const responseHeaders = {};
+    response.headers.forEach((value, key) => {
+      responseHeaders[key] = value;
+    });
+    return {
+      status: response.status,
+      headers: responseHeaders,
+      body: responseBody
+    };
+  }
+  /**
+   * Invalidate the cached VGS access token.
+   */
+  invalidateToken() {
+    this.tokenManager.invalidate();
+  }
+  getProxyUrl() {
+    const env = this.config.environment === "live" ? "live" : "sandbox";
+    return `https://${this.config.vaultId}.${env}.verygoodproxy.com`;
+  }
+};
+
+// src/vgs/card-types.ts
+var BIN_RANGES = [
+  { brand: "visa", prefixes: ["4"], lengths: [13, 16, 19] },
+  { brand: "mastercard", prefixes: ["51", "52", "53", "54", "55", "2221", "2720"], lengths: [16] },
+  { brand: "amex", prefixes: ["34", "37"], lengths: [15] },
+  { brand: "discover", prefixes: ["6011", "644", "645", "646", "647", "648", "649", "65"], lengths: [16, 19] },
+  { brand: "diners", prefixes: ["300", "301", "302", "303", "304", "305", "36", "38"], lengths: [14, 16] },
+  { brand: "jcb", prefixes: ["3528", "3589"], lengths: [16, 17, 18, 19] },
+  { brand: "unionpay", prefixes: ["62", "81"], lengths: [16, 17, 18, 19] }
+];
+function detectCardBrand(cardNumber) {
+  const digits = cardNumber.replace(/\D/g, "");
+  for (const range of BIN_RANGES) {
+    for (const prefix of range.prefixes) {
+      if (digits.startsWith(prefix)) {
+        return range.brand;
+      }
+    }
+  }
+  return "unknown";
+}
+function luhnCheck(cardNumber) {
+  const digits = cardNumber.replace(/\D/g, "");
+  if (digits.length < 12 || digits.length > 19) return false;
+  let sum = 0;
+  let alternate = false;
+  for (let i = digits.length - 1; i >= 0; i--) {
+    let n = parseInt(digits[i], 10);
+    if (alternate) {
+      n *= 2;
+      if (n > 9) n -= 9;
+    }
+    sum += n;
+    alternate = !alternate;
+  }
+  return sum % 10 === 0;
+}
+function maskCardNumber(cardNumber) {
+  const digits = cardNumber.replace(/\D/g, "");
+  if (digits.length < 4) return "****";
+  return `****${digits.slice(-4)}`;
+}
+
+// src/vgs/collect.ts
+function generateCollectPage(config) {
+  const vgsEnv = config.environment === "live" ? "live" : "sandbox";
+  `https://${config.vaultId}.${vgsEnv}.verygoodproxy.com`;
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Lane \u2014 Add Payment Method</title>
+  <script src="https://js.verygoodvault.com/vgs-collect/2.18.0/vgs-collect.js"></script>
+  <style>
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+    body {
+      font-family: 'At Aero', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: #0A0A0A;
+      color: #FFFFFF;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+    }
+    .container {
+      width: 100%;
+      max-width: 440px;
+      padding: 40px 32px;
+      background: #141414;
+      border: 1px solid #2A2A2A;
+      border-radius: 16px;
+    }
+    .logo {
+      font-size: 24px;
+      font-weight: 700;
+      color: #1201FF;
+      letter-spacing: -0.5px;
+      margin-bottom: 8px;
+    }
+    .subtitle {
+      color: #888;
+      font-size: 14px;
+      margin-bottom: 32px;
+    }
+    .field-group {
+      margin-bottom: 20px;
+    }
+    .field-group label {
+      display: block;
+      font-size: 12px;
+      font-weight: 600;
+      color: #888;
+      text-transform: uppercase;
+      letter-spacing: 0.5px;
+      margin-bottom: 8px;
+    }
+    .field-wrapper {
+      background: #1A1A1A;
+      border: 1px solid #333;
+      border-radius: 8px;
+      padding: 0;
+      height: 48px;
+      transition: border-color 0.2s;
+    }
+    .field-wrapper:focus-within {
+      border-color: #1201FF;
+    }
+    .field-wrapper iframe {
+      height: 48px !important;
+    }
+    .row {
+      display: flex;
+      gap: 12px;
+    }
+    .row .field-group {
+      flex: 1;
+    }
+    .submit-btn {
+      width: 100%;
+      height: 48px;
+      background: #1201FF;
+      color: #FFFFFF;
+      border: none;
+      border-radius: 8px;
+      font-size: 16px;
+      font-weight: 600;
+      cursor: pointer;
+      margin-top: 24px;
+      transition: background 0.2s;
+    }
+    .submit-btn:hover { background: #0E01CC; }
+    .submit-btn:disabled {
+      background: #333;
+      cursor: not-allowed;
+    }
+    .security-note {
+      text-align: center;
+      margin-top: 16px;
+      font-size: 12px;
+      color: #555;
+    }
+    .security-note svg {
+      vertical-align: middle;
+      margin-right: 4px;
+    }
+    .error-msg {
+      color: #FF4444;
+      font-size: 13px;
+      margin-top: 8px;
+      display: none;
+    }
+    .success-container {
+      text-align: center;
+      display: none;
+    }
+    .success-container .check {
+      font-size: 48px;
+      margin-bottom: 16px;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div id="form-view">
+      <div class="logo">Lane</div>
+      <div class="subtitle">Add a payment method. Your card data goes directly to our PCI Level 1 vault.</div>
+
+      <form id="card-form">
+        <div class="field-group">
+          <label>Card Number</label>
+          <div id="cc-number" class="field-wrapper"></div>
+        </div>
+
+        <div class="row">
+          <div class="field-group">
+            <label>Expiry</label>
+            <div id="cc-expiry" class="field-wrapper"></div>
+          </div>
+          <div class="field-group">
+            <label>CVC</label>
+            <div id="cc-cvc" class="field-wrapper"></div>
+          </div>
+        </div>
+
+        <div class="field-group">
+          <label>Cardholder Name</label>
+          <div id="cc-name" class="field-wrapper"></div>
+        </div>
+
+        <div id="error-msg" class="error-msg"></div>
+
+        <button type="submit" id="submit-btn" class="submit-btn" disabled>
+          Add Card
+        </button>
+      </form>
+
+      <div class="security-note">
+        <svg width="12" height="12" viewBox="0 0 12 12" fill="#555"><path d="M6 1a3 3 0 0 0-3 3v1H2.5A.5.5 0 0 0 2 5.5v5a.5.5 0 0 0 .5.5h7a.5.5 0 0 0 .5-.5v-5A.5.5 0 0 0 9.5 5H9V4a3 3 0 0 0-3-3zm2 4H4V4a2 2 0 1 1 4 0v1z"/></svg>
+        Secured by VGS. Lane never sees your card number.
+      </div>
+    </div>
+
+    <div id="success-view" class="success-container">
+      <div class="check">&#10003;</div>
+      <div class="logo">Card Added</div>
+      <div class="subtitle">You can close this window and return to your terminal.</div>
+    </div>
+  </div>
+
+  <script>
+    const form = VGSCollect.create('${config.vaultId}', '${vgsEnv}', function(state) {});
+    const css = {
+      'font-family': '"JetBrains Mono", monospace',
+      'font-size': '16px',
+      'color': '#FFFFFF',
+      'padding': '12px 16px',
+      '&::placeholder': { color: '#555' },
+    };
+
+    form.field('#cc-number', {
+      type: 'card-number',
+      name: 'card_number',
+      placeholder: '4242 4242 4242 4242',
+      validations: ['required', 'validCardNumber'],
+      css: css,
+    });
+
+    form.field('#cc-expiry', {
+      type: 'card-expiration-date',
+      name: 'card_exp',
+      placeholder: 'MM / YY',
+      validations: ['required', 'validCardExpirationDate'],
+      css: css,
+    });
+
+    form.field('#cc-cvc', {
+      type: 'card-security-code',
+      name: 'card_cvc',
+      placeholder: 'CVC',
+      validations: ['required', 'validCardSecurityCode'],
+      css: css,
+    });
+
+    form.field('#cc-name', {
+      type: 'text',
+      name: 'card_name',
+      placeholder: 'Name on card',
+      validations: ['required'],
+      css: css,
+    });
+
+    // Enable submit when all fields are valid
+    let fieldStates = {};
+    form.on('change', function(state) {
+      fieldStates = state;
+      const allValid = Object.values(state).every(function(f) { return f.isValid; });
+      document.getElementById('submit-btn').disabled = !allValid;
+    });
+
+    document.getElementById('card-form').addEventListener('submit', function(e) {
+      e.preventDefault();
+      var btn = document.getElementById('submit-btn');
+      btn.disabled = true;
+      btn.textContent = 'Processing...';
+      document.getElementById('error-msg').style.display = 'none';
+
+      form.submit(
+        '/post',
+        {
+          headers: { 'Content-Type': 'application/json' },
+          data: function(fields) {
+            return {
+              card_number: fields.card_number,
+              card_exp: fields.card_exp,
+              card_cvc: fields.card_cvc,
+              card_name: fields.card_name,
+              developer_id: '${config.developerId}',
+            };
+          },
+        },
+        function(status, data) {
+          if (status >= 200 && status < 300) {
+            document.getElementById('form-view').style.display = 'none';
+            document.getElementById('success-view').style.display = 'block';
+            // Notify callback
+            fetch('${config.callbackUrl}', {
+              method: 'POST',
+              headers: { 'Content-Type': 'application/json' },
+              body: JSON.stringify({
+                alias: data.card_number,
+                last4: data.last4 || 'xxxx',
+                brand: data.brand || 'unknown',
+              }),
+            });
+          } else {
+            var errEl = document.getElementById('error-msg');
+            errEl.textContent = 'Card could not be saved. Please check your details and try again.';
+            errEl.style.display = 'block';
+            btn.disabled = false;
+            btn.textContent = 'Add Card';
+          }
+        },
+        function(errors) {
+          var errEl = document.getElementById('error-msg');
+          errEl.textContent = 'Validation failed. Please check all fields.';
+          errEl.style.display = 'block';
+          btn.disabled = false;
+          btn.textContent = 'Add Card';
+        }
+      );
+    });
+  </script>
+</body>
+</html>`;
+}
+
+// src/psp/registry.ts
+var PSPRegistry = class {
+  adapters = /* @__PURE__ */ new Map();
+  /**
+   * Register an adapter with a priority (lower = higher priority).
+   */
+  register(adapter, priority = 100) {
+    this.adapters.set(adapter.name, { adapter, priority });
+  }
+  /**
+   * Remove an adapter from the registry.
+   */
+  unregister(name) {
+    this.adapters.delete(name);
+  }
+  /**
+   * Get a specific adapter by name.
+   */
+  get(name) {
+    return this.adapters.get(name)?.adapter;
+  }
+  /**
+   * Get the highest-priority adapter (lowest priority number).
+   * Optionally exclude specific adapters (e.g., after a failure).
+   */
+  getPrimary(exclude) {
+    let best;
+    for (const [name, entry] of this.adapters) {
+      if (exclude?.has(name)) continue;
+      if (!best || entry.priority < best.priority) {
+        best = entry;
+      }
+    }
+    return best?.adapter;
+  }
+  /**
+   * Get all registered adapters sorted by priority.
+   */
+  getAll() {
+    return Array.from(this.adapters.values()).sort((a, b) => a.priority - b.priority).map((entry) => entry.adapter);
+  }
+  /**
+   * Run health checks on all adapters. Returns names of healthy adapters.
+   */
+  async healthCheckAll() {
+    const results = await Promise.allSettled(
+      Array.from(this.adapters.entries()).map(async ([name, { adapter }]) => {
+        const ok = await adapter.healthCheck();
+        return ok ? name : null;
+      })
+    );
+    return results.filter((r) => r.status === "fulfilled" && r.value !== null).map((r) => r.value);
+  }
+};
+
+// src/psp/adapters/stripe.ts
+var StripeAdapter = class {
+  name = "stripe";
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  async charge(params) {
+    const body = {
+      amount: params.amount,
+      currency: params.currency.toLowerCase(),
+      source: {
+        object: "card",
+        number: params.cardAlias,
+        // VGS reveals this to Stripe
+        exp_month: params.expMonth,
+        exp_year: params.expYear,
+        cvc: params.cvvAlias
+      },
+      description: params.merchantDescriptor,
+      metadata: params.metadata ?? {}
+    };
+    const response = await this.config.proxy.forward({
+      url: "https://api.stripe.com/v1/charges",
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${this.config.secretKey}`,
+        "Stripe-Version": this.config.apiVersion ?? "2024-12-18.acacia",
+        ...params.idempotencyKey ? { "Idempotency-Key": params.idempotencyKey } : {}
+      },
+      body
+    });
+    const data = response.body;
+    const status = data["status"] === "succeeded" ? "succeeded" : data["status"] === "pending" ? "pending" : "failed";
+    return {
+      pspTransactionId: String(data["id"] ?? ""),
+      status,
+      authorizationCode: data["authorization_code"],
+      declineReason: status === "failed" ? String(data["failure_message"] ?? "unknown") : void 0,
+      rawResponse: data
+    };
+  }
+  async refund(params) {
+    const body = {
+      charge: params.pspTransactionId,
+      ...params.amount !== void 0 ? { amount: params.amount } : {},
+      ...params.reason ? { reason: params.reason } : {}
+    };
+    const response = await this.config.proxy.forward({
+      url: "https://api.stripe.com/v1/refunds",
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${this.config.secretKey}`,
+        "Stripe-Version": this.config.apiVersion ?? "2024-12-18.acacia",
+        ...params.idempotencyKey ? { "Idempotency-Key": params.idempotencyKey } : {}
+      },
+      body
+    });
+    const data = response.body;
+    const status = data["status"] === "succeeded" ? "succeeded" : data["status"] === "pending" ? "pending" : "failed";
+    return {
+      pspRefundId: String(data["id"] ?? ""),
+      status,
+      amount: Number(data["amount"] ?? 0),
+      rawResponse: data
+    };
+  }
+  async healthCheck() {
+    try {
+      const response = await fetch("https://api.stripe.com/v1/balance", {
+        headers: { "Authorization": `Bearer ${this.config.secretKey}` }
+      });
+      return response.ok;
+    } catch {
+      return false;
+    }
+  }
+};
+
+// src/psp/adapters/worldpay.ts
+var WorldpayAdapter = class {
+  name = "worldpay";
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  async charge(params) {
+    const body = {
+      transactionType: "sale",
+      amount: {
+        value: params.amount,
+        currencyCode: params.currency.toUpperCase()
+      },
+      paymentInstrument: {
+        type: "card/plain",
+        cardNumber: params.cardAlias,
+        // VGS reveals to Worldpay
+        expiryDate: {
+          month: params.expMonth,
+          year: params.expYear
+        },
+        cvc: params.cvvAlias
+      },
+      merchant: {
+        entity: this.config.merchantId
+      },
+      narrative: {
+        line1: params.merchantDescriptor
+      }
+    };
+    const response = await this.config.proxy.forward({
+      url: `${this.config.baseUrl}/payments/authorizations`,
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${this.config.apiKey}`,
+        ...params.idempotencyKey ? { "Idempotency-Key": params.idempotencyKey } : {}
+      },
+      body
+    });
+    const data = response.body;
+    const outcome = data["outcome"];
+    const status = outcome === "approved" ? "succeeded" : outcome === "pending" ? "pending" : "failed";
+    return {
+      pspTransactionId: String(data["_links"] && data["_links"]["self"] || ""),
+      status,
+      authorizationCode: data["authorizationCode"],
+      declineReason: status === "failed" ? String(data["description"] ?? "declined") : void 0,
+      rawResponse: data
+    };
+  }
+  async refund(params) {
+    const body = {
+      ...params.amount !== void 0 ? { value: { amount: params.amount, currencyCode: "USD" } } : {},
+      ...params.reason ? { reference: params.reason } : {}
+    };
+    const response = await this.config.proxy.forward({
+      url: `${this.config.baseUrl}/payments/${params.pspTransactionId}/refunds`,
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${this.config.apiKey}`,
+        ...params.idempotencyKey ? { "Idempotency-Key": params.idempotencyKey } : {}
+      },
+      body
+    });
+    const data = response.body;
+    return {
+      pspRefundId: String(data["refundId"] ?? ""),
+      status: "succeeded",
+      amount: params.amount ?? 0,
+      rawResponse: data
+    };
+  }
+  async healthCheck() {
+    try {
+      const response = await fetch(`${this.config.baseUrl}/health`, {
+        headers: { "Authorization": `Bearer ${this.config.apiKey}` }
+      });
+      return response.ok;
+    } catch {
+      return false;
+    }
+  }
+};
+
+// src/psp/adapters/cybersource.ts
+var CyberSourceAdapter = class {
+  name = "cybersource";
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  async charge(params) {
+    const csParams = params;
+    const paymentInformation = csParams.isNetworkToken ? {
+      tokenizedCard: {
+        number: params.cardAlias,
+        // VGS reveals to CyberSource
+        expirationMonth: String(params.expMonth).padStart(2, "0"),
+        expirationYear: String(params.expYear),
+        cryptogram: csParams.cryptogram,
+        type: "001"
+        // Visa network token
+      }
+    } : {
+      card: {
+        number: params.cardAlias,
+        // VGS reveals to CyberSource
+        expirationMonth: String(params.expMonth).padStart(2, "0"),
+        expirationYear: String(params.expYear),
+        securityCode: params.cvvAlias
+      }
+    };
+    const body = {
+      clientReferenceInformation: {
+        code: params.idempotencyKey ?? `lane_${Date.now()}`
+      },
+      processingInformation: {
+        capture: true,
+        ...csParams.isNetworkToken ? { paymentSolution: "015" } : {},
+        ...csParams.eci ? { commerceIndicator: csParams.eci } : {}
+      },
+      orderInformation: {
+        amountDetails: {
+          totalAmount: (params.amount / 100).toFixed(2),
+          currency: params.currency.toUpperCase()
+        }
+      },
+      paymentInformation
+    };
+    const response = await this.config.proxy.forward({
+      url: `${this.config.baseUrl}/pts/v2/payments`,
+      method: "POST",
+      headers: {
+        "v-c-merchant-id": this.config.merchantId,
+        "Content-Type": "application/json"
+      },
+      body
+    });
+    const data = response.body;
+    const csStatus = data["status"];
+    const status = csStatus === "AUTHORIZED" || csStatus === "PENDING" ? csStatus === "AUTHORIZED" ? "succeeded" : "pending" : "failed";
+    return {
+      pspTransactionId: String(data["id"] ?? ""),
+      status,
+      authorizationCode: data["processorInformation"]?.["approvalCode"],
+      declineReason: status === "failed" ? String(data["errorInformation"]?.["message"] ?? "declined") : void 0,
+      rawResponse: data
+    };
+  }
+  async refund(params) {
+    const body = {
+      clientReferenceInformation: {
+        code: params.idempotencyKey ?? `lane_ref_${Date.now()}`
+      },
+      orderInformation: {
+        amountDetails: {
+          ...params.amount !== void 0 ? { totalAmount: (params.amount / 100).toFixed(2) } : {},
+          currency: "USD"
+        }
+      }
+    };
+    const response = await this.config.proxy.forward({
+      url: `${this.config.baseUrl}/pts/v2/payments/${params.pspTransactionId}/refunds`,
+      method: "POST",
+      headers: {
+        "v-c-merchant-id": this.config.merchantId,
+        "Content-Type": "application/json"
+      },
+      body
+    });
+    const data = response.body;
+    const csStatus = data["status"];
+    return {
+      pspRefundId: String(data["id"] ?? ""),
+      status: csStatus === "PENDING" ? "pending" : "succeeded",
+      amount: params.amount ?? 0,
+      rawResponse: data
+    };
+  }
+  async healthCheck() {
+    try {
+      const response = await fetch(`${this.config.baseUrl}/reporting/v3/report-definitions`, {
+        headers: { "v-c-merchant-id": this.config.merchantId }
+      });
+      return response.status !== 500;
+    } catch {
+      return false;
+    }
+  }
+};
+
+// src/routing/engine.ts
+var MerchantRegistry = class _MerchantRegistry {
+  merchants = /* @__PURE__ */ new Map();
+  register(capabilities) {
+    this.merchants.set(capabilities.merchantId, capabilities);
+  }
+  get(merchantId) {
+    return this.merchants.get(merchantId);
+  }
+  registerBatch(merchants) {
+    for (const m of merchants) {
+      this.merchants.set(m.merchantId, m);
+    }
+  }
+  /** Create a registry pre-populated from directory capabilities. */
+  static fromDirectory(capabilities) {
+    const registry = new _MerchantRegistry();
+    registry.registerBatch(capabilities);
+    return registry;
+  }
+  /** Clear and repopulate with new capabilities. */
+  reload(capabilities) {
+    this.merchants.clear();
+    this.registerBatch(capabilities);
+  }
+  /** Number of registered merchants. */
+  get size() {
+    return this.merchants.size;
+  }
+  /** List all registered merchant IDs. */
+  listIds() {
+    return Array.from(this.merchants.keys());
+  }
+};
+var PaymentRouter = class {
+  constructor(registry) {
+    this.registry = registry;
+  }
+  /**
+   * Decide the payment route for a transaction.
+   */
+  route(context) {
+    const merchant = this.registry.get(context.merchantId);
+    const fallbacks = [];
+    if (context.budget && context.currentSpend !== void 0) {
+      const limit = context.budget.perTaskLimit ?? context.budget.dailyLimit;
+      if (limit !== void 0 && context.amount > limit - context.currentSpend) {
+        return {
+          route: "fallback",
+          merchantId: context.merchantId,
+          reason: "Transaction would exceed budget limits.",
+          fallbacks: []
+        };
+      }
+    }
+    if (merchant?.hasBillingAPI) {
+      fallbacks.push("acp", "vic", "fallback");
+      return {
+        route: "billing_api",
+        merchantId: context.merchantId,
+        reason: "Merchant has direct billing API integration (cheapest path).",
+        fallbacks: this.filterFallbacks(fallbacks, merchant, context)
+      };
+    }
+    if (merchant?.supportsACP) {
+      fallbacks.push("vic", "fallback");
+      return {
+        route: "acp",
+        merchantId: context.merchantId,
+        reason: "Merchant supports Agent Commerce Protocol checkout.",
+        fallbacks: this.filterFallbacks(fallbacks, merchant, context)
+      };
+    }
+    if (context.hasVICToken && context.cardBrand === "visa" && (merchant?.acceptsVisa ?? true)) {
+      fallbacks.push("fallback");
+      return {
+        route: "vic",
+        merchantId: context.merchantId,
+        reason: "Using VIC agentic token for Visa-authenticated payment.",
+        fallbacks
+      };
+    }
+    return {
+      route: "fallback",
+      merchantId: context.merchantId,
+      reason: merchant ? "No preferred route available; using standard card payment." : "Unknown merchant; using standard card payment.",
+      fallbacks: []
+    };
+  }
+  filterFallbacks(routes, merchant, context) {
+    return routes.filter((r) => {
+      if (r === "acp") return merchant.supportsACP;
+      if (r === "vic") return context.hasVICToken && context.cardBrand === "visa";
+      return true;
+    });
+  }
+};
+
+// src/index.ts
+var index_default = Lane;
+
+exports.Admin = Admin;
+exports.Agents = Agents;
+exports.Audit = Audit;
+exports.Auth = Auth;
+exports.Checkout = Checkout;
+exports.CyberSourceAdapter = CyberSourceAdapter;
+exports.FileTokenStore = FileTokenStore;
+exports.HMACSignature = HMACSignature;
+exports.Identity = Identity;
+exports.Lane = Lane;
+exports.LaneAuthError = LaneAuthError;
+exports.LaneBudgetError = LaneBudgetError;
+exports.LaneClient = LaneClient;
+exports.LaneError = LaneError;
+exports.LaneMCPServer = LaneMCPServer;
+exports.LaneNotFoundError = LaneNotFoundError;
+exports.LanePaymentError = LanePaymentError;
+exports.LaneRateLimitError = LaneRateLimitError;
+exports.LaneValidationError = LaneValidationError;
+exports.MerchantRegistry = MerchantRegistry;
+exports.Merchants = Merchants;
+exports.Metering = Metering;
+exports.PSPRegistry = PSPRegistry;
+exports.Pay = Pay;
+exports.PaymentRouter = PaymentRouter;
+exports.Payouts = Payouts;
+exports.Products = Products;
+exports.Resource = Resource;
+exports.Sell = Sell;
+exports.StripeAdapter = StripeAdapter;
+exports.Subscriptions = Subscriptions;
+exports.Teams = Teams;
+exports.VGSOutboundProxy = VGSOutboundProxy;
+exports.VGSTokenManager = VGSTokenManager;
+exports.VIC = VIC;
+exports.Wallets = Wallets;
+exports.Webhooks = Webhooks;
+exports.WorldpayAdapter = WorldpayAdapter;
+exports.createErrorFromResponse = createErrorFromResponse;
+exports.default = index_default;
+exports.detectCardBrand = detectCardBrand;
+exports.generateCollectPage = generateCollectPage;
+exports.luhnCheck = luhnCheck;
+exports.maskCardNumber = maskCardNumber;
+exports.resolveConfig = resolveConfig;
+exports.verifyWebhookSignature = verifyWebhookSignature;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map