lane-sdk 0.2.2 → 0.2.8

package/dist/server/vic-demo.js

@@ -0,0 +1,1052 @@
+// server/vic-demo/index.ts
+import "dotenv/config";
+import crypto3 from "crypto";
+import express from "express";
+
+// server/vic-demo/routes.ts
+import crypto2 from "crypto";
+import { Router } from "express";
+
+// server/vic-demo/helpers.ts
+import crypto from "crypto";
+function generateDPAN() {
+  const prefix = "4";
+  let pan = prefix;
+  for (let i = 1; i < 15; i++) {
+    pan += Math.floor(Math.random() * 10).toString();
+  }
+  let sum = 0;
+  for (let i = 0; i < pan.length; i++) {
+    let digit = parseInt(pan.charAt(pan.length - 1 - i), 10);
+    if (i % 2 === 0) {
+      digit *= 2;
+      if (digit > 9) digit -= 9;
+    }
+    sum += digit;
+  }
+  pan += ((10 - sum % 10) % 10).toString();
+  return pan;
+}
+function generateCryptogram() {
+  return crypto.randomBytes(20).toString("base64");
+}
+function parseExpiry(expiresIn) {
+  const match = expiresIn.match(/^(\d+)(h|d|m)$/);
+  if (!match || !match[1] || !match[2]) {
+    return new Date(Date.now() + 24 * 60 * 60 * 1e3).toISOString();
+  }
+  const value = parseInt(match[1], 10);
+  const unit = match[2];
+  let ms;
+  switch (unit) {
+    case "h":
+      ms = value * 60 * 60 * 1e3;
+      break;
+    case "d":
+      ms = value * 24 * 60 * 60 * 1e3;
+      break;
+    case "m":
+      ms = value * 60 * 1e3;
+      break;
+    default:
+      ms = 24 * 60 * 60 * 1e3;
+  }
+  return new Date(Date.now() + ms).toISOString();
+}
+function generateId(prefix) {
+  return `${prefix}_${crypto.randomUUID().replace(/-/g, "").slice(0, 24)}`;
+}
+
+// server/vic-demo/routes.ts
+var tokens = /* @__PURE__ */ new Map();
+var intents = /* @__PURE__ */ new Map();
+var wallets = /* @__PURE__ */ new Map();
+var cards = /* @__PURE__ */ new Map();
+var instructions = /* @__PURE__ */ new Map();
+var mandates = /* @__PURE__ */ new Map();
+var confirmations = /* @__PURE__ */ new Map();
+var credentials = /* @__PURE__ */ new Map();
+var enrolledCards = /* @__PURE__ */ new Map();
+var idempotencyCache = /* @__PURE__ */ new Map();
+function toVICTokenResponse(token) {
+  return {
+    id: token.id,
+    walletId: token.walletId,
+    networkTokenId: token.networkTokenId,
+    last4: token.last4,
+    brand: token.brand,
+    status: token.status,
+    expiresAt: token.expiresAt,
+    createdAt: token.createdAt
+  };
+}
+function checkIdempotency(req, res) {
+  const key = req.headers["x-idempotency-key"];
+  if (!key) return false;
+  const cached = idempotencyCache.get(key);
+  if (cached) {
+    res.status(cached.statusCode).json(cached.body);
+    return true;
+  }
+  return false;
+}
+function cacheIdempotent(req, statusCode, body) {
+  const key = req.headers["x-idempotency-key"];
+  if (key) {
+    idempotencyCache.set(key, { statusCode, body, createdAt: Date.now() });
+  }
+}
+function createVICRoutes() {
+  const router = Router();
+  router.get("/intents", (_req, res) => {
+    const results = Array.from(intents.values());
+    const limit = Math.min(parseInt(_req.query.limit) || 20, 100);
+    const offset = parseInt(_req.query.offset) || 0;
+    let filtered = results;
+    if (_req.query.tokenId) {
+      filtered = filtered.filter((i) => i.tokenId === _req.query.tokenId);
+    }
+    if (_req.query.status) {
+      filtered = filtered.filter((i) => i.status === _req.query.status);
+    }
+    res.json({
+      data: filtered.slice(offset, offset + limit),
+      total: filtered.length,
+      limit,
+      offset
+    });
+  });
+  router.put("/intents/:intentId", (req, res) => {
+    const intent = intents.get(req.params.intentId);
+    if (!intent) {
+      res.status(404).json({ error: { code: "not_found", message: "Purchase intent not found" } });
+      return;
+    }
+    if (intent.status === "cancelled" || intent.status === "confirmed") {
+      res.status(400).json({
+        error: { code: "invalid_state", message: `Cannot update intent in status: ${intent.status}` }
+      });
+      return;
+    }
+    if (req.body.amount !== void 0) intent.amount = req.body.amount;
+    if (req.body.currency !== void 0) intent.currency = req.body.currency;
+    if (req.body.merchantId !== void 0) intent.merchantId = req.body.merchantId;
+    if (req.body.merchantName !== void 0) intent.merchantName = req.body.merchantName;
+    if (req.body.description !== void 0) intent.description = req.body.description;
+    if (req.body.mandates !== void 0) intent.mandates = req.body.mandates;
+    intent.status = "updated";
+    intent.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+    console.log(`[VIC Demo] Intent updated: ${intent.id}`);
+    res.json({ intentId: intent.id });
+  });
+  router.delete("/intents/:intentId", (req, res) => {
+    const intent = intents.get(req.params.intentId);
+    if (!intent) {
+      res.status(404).json({ error: { code: "not_found", message: "Purchase intent not found" } });
+      return;
+    }
+    if (intent.status === "confirmed") {
+      res.status(400).json({
+        error: { code: "invalid_state", message: "Cannot cancel a confirmed intent" }
+      });
+      return;
+    }
+    intent.status = "cancelled";
+    intent.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+    console.log(`[VIC Demo] Intent cancelled: ${intent.id}`);
+    res.json({ cancelled: true, intentId: intent.id });
+  });
+  router.post("/intents/:intentId/confirm", (req, res) => {
+    const intent = intents.get(req.params.intentId);
+    if (!intent) {
+      res.status(404).json({ error: { code: "not_found", message: "Purchase intent not found" } });
+      return;
+    }
+    if (intent.status === "cancelled") {
+      res.status(400).json({
+        error: { code: "invalid_state", message: "Cannot confirm a cancelled intent" }
+      });
+      return;
+    }
+    intent.status = "confirmed";
+    intent.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+    console.log(`[VIC Demo] Transaction confirmed: ${intent.id} (txn: ${req.body.transactionId}, status: ${req.body.status})`);
+    res.json({
+      confirmed: true,
+      intentId: intent.id,
+      transactionId: req.body.transactionId,
+      confirmedAt: intent.updatedAt
+    });
+  });
+  router.post("/intents/:intentId/credentials", (req, res) => {
+    const intent = intents.get(req.params.intentId);
+    if (!intent) {
+      res.status(404).json({ error: { code: "not_found", message: "Purchase intent not found" } });
+      return;
+    }
+    if (intent.status === "cancelled") {
+      res.status(400).json({
+        error: { code: "invalid_state", message: "Cannot retrieve credentials for a cancelled intent" }
+      });
+      return;
+    }
+    const token = tokens.get(intent.tokenId);
+    const card = token ? Array.from(cards.values()).find((c) => c.walletId === token.walletId) : null;
+    const cryptogram = generateCryptogram();
+    intent.status = "credentials_retrieved";
+    intent.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+    console.log(`[VIC Demo] Credentials retrieved for intent: ${intent.id}`);
+    res.json({
+      tokenNumber: intent.networkTokenId,
+      cryptogram,
+      eci: "05",
+      expMonth: card?.expMonth ?? 12,
+      expYear: card?.expYear ?? 2030
+    });
+  });
+  router.post("/", (req, res) => {
+    if (checkIdempotency(req, res)) return;
+    const { walletId, cardId, maxTransactionAmount, allowedMCCs, expiresIn } = req.body;
+    if (!walletId || !cardId) {
+      res.status(400).json({
+        error: { code: "validation_error", message: "walletId and cardId are required" }
+      });
+      return;
+    }
+    const wallet = wallets.get(walletId);
+    if (!wallet) {
+      res.status(404).json({ error: { code: "not_found", message: `Wallet ${walletId} not found` } });
+      return;
+    }
+    const card = cards.get(cardId);
+    if (!card || card.walletId !== walletId) {
+      res.status(404).json({ error: { code: "not_found", message: `Card ${cardId} not found in wallet` } });
+      return;
+    }
+    if (card.status !== "active") {
+      res.status(400).json({
+        error: { code: "card_not_active", message: `Card ${cardId} is ${card.status}` }
+      });
+      return;
+    }
+    const tokenId = generateId("vic_tok");
+    const dpan = generateDPAN();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const expiresAt = parseExpiry(expiresIn ?? "24h");
+    const token = {
+      id: tokenId,
+      walletId,
+      cardId,
+      networkTokenId: dpan,
+      last4: card.last4,
+      brand: "visa",
+      status: "active",
+      maxTransactionAmount,
+      allowedMCCs,
+      expiresAt,
+      createdAt: now
+    };
+    tokens.set(tokenId, token);
+    const intentId = crypto2.randomUUID();
+    intents.set(intentId, {
+      id: intentId,
+      tokenId,
+      networkTokenId: dpan,
+      amount: maxTransactionAmount ?? 0,
+      currency: "USD",
+      merchantId: null,
+      merchantName: null,
+      description: null,
+      mandates: allowedMCCs ? [{
+        mandateId: crypto2.randomUUID(),
+        declineThreshold: { amount: String(maxTransactionAmount ?? 0), currencyCode: "USD" },
+        effectiveUntilTime: expiresAt,
+        description: `MCC-restricted: ${allowedMCCs.join(", ")}`
+      }] : [],
+      status: "created",
+      createdAt: now,
+      updatedAt: now
+    });
+    console.log(`[VIC Demo] Token issued: ${tokenId} \u2192 DPAN ***${dpan.slice(-4)} (intent: ${intentId})`);
+    const body = toVICTokenResponse(token);
+    cacheIdempotent(req, 201, body);
+    res.status(201).json(body);
+  });
+  router.get("/", (req, res) => {
+    let results = Array.from(tokens.values());
+    if (req.query.walletId) {
+      results = results.filter((t) => t.walletId === req.query.walletId);
+    }
+    if (req.query.status) {
+      results = results.filter((t) => t.status === req.query.status);
+    }
+    if (req.query.cardId) {
+      results = results.filter((t) => t.cardId === req.query.cardId);
+    }
+    const limit = Math.min(parseInt(req.query.limit) || 20, 100);
+    const offset = parseInt(req.query.offset) || 0;
+    const total = results.length;
+    const page = results.slice(offset, offset + limit);
+    res.json({
+      data: page.map(toVICTokenResponse),
+      total,
+      limit,
+      offset
+    });
+  });
+  router.get("/:id", (req, res) => {
+    const token = tokens.get(req.params.id);
+    if (!token) {
+      res.status(404).json({ error: { code: "not_found", message: "Token not found" } });
+      return;
+    }
+    if (token.status === "active" && new Date(token.expiresAt) < /* @__PURE__ */ new Date()) {
+      token.status = "expired";
+    }
+    res.json(toVICTokenResponse(token));
+  });
+  router.post("/:id/cryptogram", (req, res) => {
+    const token = tokens.get(req.params.id);
+    if (!token) {
+      res.status(404).json({ error: { code: "not_found", message: "Token not found" } });
+      return;
+    }
+    if (token.status === "active" && new Date(token.expiresAt) < /* @__PURE__ */ new Date()) {
+      token.status = "expired";
+    }
+    if (token.status !== "active") {
+      res.status(400).json({
+        error: { code: "token_not_active", message: `Token is ${token.status}` }
+      });
+      return;
+    }
+    if (token.maxTransactionAmount && req.body.amount > token.maxTransactionAmount) {
+      res.status(400).json({
+        error: {
+          code: "amount_exceeded",
+          message: `Amount ${req.body.amount} exceeds token max ${token.maxTransactionAmount}`
+        }
+      });
+      return;
+    }
+    const card = cards.get(token.cardId) ?? Array.from(cards.values()).find((c) => c.walletId === token.walletId);
+    const cryptogram = generateCryptogram();
+    const intentId = crypto2.randomUUID();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    intents.set(intentId, {
+      id: intentId,
+      tokenId: token.id,
+      networkTokenId: token.networkTokenId,
+      amount: req.body.amount ?? 0,
+      currency: req.body.currency ?? "USD",
+      merchantId: req.body.merchantId ?? null,
+      merchantName: null,
+      description: null,
+      mandates: [],
+      status: "credentials_retrieved",
+      createdAt: now,
+      updatedAt: now
+    });
+    console.log(`[VIC Demo] Credentials retrieved for token: ${token.id} (intent: ${intentId})`);
+    res.json({
+      tokenNumber: token.networkTokenId,
+      cryptogram,
+      eci: "05",
+      expMonth: card?.expMonth ?? 12,
+      expYear: card?.expYear ?? 2030
+    });
+  });
+  router.post("/:id/revoke", (req, res) => {
+    const token = tokens.get(req.params.id);
+    if (!token) {
+      res.status(404).json({ error: { code: "not_found", message: "Token not found" } });
+      return;
+    }
+    if (token.status === "revoked") {
+      res.status(400).json({
+        error: { code: "invalid_state", message: "Token is already revoked" }
+      });
+      return;
+    }
+    token.status = "revoked";
+    console.log(`[VIC Demo] Token revoked: ${token.id}`);
+    res.json(toVICTokenResponse(token));
+  });
+  router.post("/:id/suspend", (req, res) => {
+    const token = tokens.get(req.params.id);
+    if (!token) {
+      res.status(404).json({ error: { code: "not_found", message: "Token not found" } });
+      return;
+    }
+    if (token.status !== "active") {
+      res.status(400).json({
+        error: { code: "invalid_state", message: `Cannot suspend token in status: ${token.status}` }
+      });
+      return;
+    }
+    token.status = "suspended";
+    console.log(`[VIC Demo] Token suspended: ${token.id}`);
+    res.json(toVICTokenResponse(token));
+  });
+  router.post("/:id/reactivate", (req, res) => {
+    const token = tokens.get(req.params.id);
+    if (!token) {
+      res.status(404).json({ error: { code: "not_found", message: "Token not found" } });
+      return;
+    }
+    if (token.status !== "suspended") {
+      res.status(400).json({
+        error: { code: "invalid_state", message: `Cannot reactivate token in status: ${token.status}` }
+      });
+      return;
+    }
+    token.status = "active";
+    console.log(`[VIC Demo] Token reactivated: ${token.id}`);
+    res.json(toVICTokenResponse(token));
+  });
+  return router;
+}
+function createInstructionRoutes() {
+  const router = Router();
+  router.post("/", (req, res) => {
+    if (checkIdempotency(req, res)) return;
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const id = generateId("instr");
+    const instruction = {
+      id,
+      walletId: req.body.walletId,
+      type: req.body.type ?? "payment",
+      amount: req.body.amount,
+      currency: req.body.currency ?? "USD",
+      merchant: req.body.merchant,
+      permissions: req.body.permissions ?? ["pay"],
+      constraints: req.body.constraints ?? {},
+      status: "pending_confirmation",
+      spentCents: 0,
+      remainingCents: req.body.amount ?? null,
+      expiresAt: req.body.expiresIn ? parseExpiry(req.body.expiresIn) : void 0,
+      createdAt: now
+    };
+    instructions.set(id, instruction);
+    confirmations.set(id, []);
+    console.log(`[VIC Demo] Instruction created: ${id} (amount: ${instruction.amount}, merchant: ${instruction.merchant})`);
+    const body = { ...instruction };
+    cacheIdempotent(req, 201, body);
+    res.status(201).json(body);
+  });
+  router.get("/", (_req, res) => {
+    const results = Array.from(instructions.values());
+    const limit = Math.min(parseInt(_req.query.limit) || 20, 100);
+    const offset = parseInt(_req.query.offset) || 0;
+    res.json({
+      data: results.slice(offset, offset + limit),
+      total: results.length,
+      limit,
+      offset
+    });
+  });
+  router.get("/:id", (req, res) => {
+    const instruction = instructions.get(req.params.id);
+    if (!instruction) {
+      res.status(404).json({ error: { code: "not_found", message: "Instruction not found" } });
+      return;
+    }
+    res.json(instruction);
+  });
+  router.put("/:id", (req, res) => {
+    const instruction = instructions.get(req.params.id);
+    if (!instruction) {
+      res.status(404).json({ error: { code: "not_found", message: "Instruction not found" } });
+      return;
+    }
+    if (req.body.amount !== void 0) instruction.amount = req.body.amount;
+    if (req.body.currency !== void 0) instruction.currency = req.body.currency;
+    if (req.body.merchant !== void 0) instruction.merchant = req.body.merchant;
+    if (req.body.permissions !== void 0) instruction.permissions = req.body.permissions;
+    if (req.body.constraints !== void 0) instruction.constraints = req.body.constraints;
+    res.json(instruction);
+  });
+  router.post("/:id/cancel", (req, res) => {
+    const instruction = instructions.get(req.params.id);
+    if (!instruction) {
+      res.status(404).json({ error: { code: "not_found", message: "Instruction not found" } });
+      return;
+    }
+    instruction.status = "cancelled";
+    console.log(`[VIC Demo] Instruction cancelled: ${instruction.id}`);
+    res.json(instruction);
+  });
+  router.post("/:id/mandate", (req, res) => {
+    const instruction = instructions.get(req.params.id);
+    if (!instruction) {
+      res.status(404).json({ error: { code: "not_found", message: "Instruction not found" } });
+      return;
+    }
+    const mandate = {
+      id: generateId("mdt"),
+      instructionId: instruction.id,
+      type: req.body.type ?? "spending_limit",
+      config: req.body.config ?? {},
+      status: "active",
+      spentCents: 0,
+      remainingCents: req.body.config?.maxAmount ?? 0,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    mandates.set(mandate.id, mandate);
+    res.status(201).json(mandate);
+  });
+  router.get("/:id/mandate", (req, res) => {
+    const instruction = instructions.get(req.params.id);
+    if (!instruction) {
+      res.status(404).json({ error: { code: "not_found", message: "Instruction not found" } });
+      return;
+    }
+    const result = Array.from(mandates.values()).filter((m) => m.instructionId === instruction.id);
+    res.json(result);
+  });
+  router.get("/:id/mandate/:mandateId", (req, res) => {
+    const mandate = mandates.get(req.params.mandateId);
+    if (!mandate || mandate.instructionId !== req.params.id) {
+      res.status(404).json({ error: { code: "not_found", message: "Mandate not found" } });
+      return;
+    }
+    res.json(mandate);
+  });
+  router.put("/:id/mandate/:mandateId", (req, res) => {
+    const mandate = mandates.get(req.params.mandateId);
+    if (!mandate || mandate.instructionId !== req.params.id) {
+      res.status(404).json({ error: { code: "not_found", message: "Mandate not found" } });
+      return;
+    }
+    if (req.body.type !== void 0) mandate.type = req.body.type;
+    if (req.body.config !== void 0) mandate.config = req.body.config;
+    res.json(mandate);
+  });
+  router.delete("/:id/mandate/:mandateId", (req, res) => {
+    const mandate = mandates.get(req.params.mandateId);
+    if (!mandate || mandate.instructionId !== req.params.id) {
+      res.status(404).json({ error: { code: "not_found", message: "Mandate not found" } });
+      return;
+    }
+    mandates.delete(mandate.id);
+    res.json({ deleted: true });
+  });
+  router.get("/:id/confirmation", (req, res) => {
+    const instruction = instructions.get(req.params.id);
+    if (!instruction) {
+      res.status(404).json({ error: { code: "not_found", message: "Instruction not found" } });
+      return;
+    }
+    const result = confirmations.get(instruction.id) ?? [];
+    res.json(result);
+  });
+  router.post("/:id/confirmation", (req, res) => {
+    const instruction = instructions.get(req.params.id);
+    if (!instruction) {
+      res.status(404).json({ error: { code: "not_found", message: "Instruction not found" } });
+      return;
+    }
+    const confirmation = {
+      id: generateId("conf"),
+      instructionId: instruction.id,
+      confirmedBy: req.body.confirmedBy,
+      confirmationType: req.body.confirmationType ?? "biometric",
+      details: {
+        method: req.body.method ?? "touchId",
+        timestamp: req.body.timestamp ?? (/* @__PURE__ */ new Date()).toISOString(),
+        machineId: req.body.machineId,
+        ...req.body
+      },
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    const existing = confirmations.get(instruction.id) ?? [];
+    existing.push(confirmation);
+    confirmations.set(instruction.id, existing);
+    instruction.status = "confirmed";
+    console.log(`[VIC Demo] Confirmation created for instruction: ${instruction.id} (type: ${confirmation.confirmationType})`);
+    res.status(201).json(confirmation);
+  });
+  router.post("/:id/credential", (req, res) => {
+    const instruction = instructions.get(req.params.id);
+    if (!instruction) {
+      res.status(404).json({ error: { code: "not_found", message: "Instruction not found" } });
+      return;
+    }
+    const credential = {
+      id: generateId("cred"),
+      instructionId: instruction.id,
+      credentialType: "vic_dpan",
+      credentialData: {
+        tokenNumber: generateDPAN(),
+        cryptogram: generateCryptogram(),
+        eci: "05",
+        expMonth: 12,
+        expYear: 2030
+      },
+      expiresAt: instruction.expiresAt,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    credentials.set(credential.id, credential);
+    console.log(`[VIC Demo] Credential issued for instruction: ${instruction.id}`);
+    res.status(201).json(credential);
+  });
+  router.get("/:id/budget", (req, res) => {
+    const instruction = instructions.get(req.params.id);
+    if (!instruction) {
+      res.status(404).json({ error: { code: "not_found", message: "Instruction not found" } });
+      return;
+    }
+    const instructionMandates = Array.from(mandates.values()).filter((m) => m.instructionId === instruction.id);
+    res.json({
+      amountCents: instruction.amount ?? null,
+      spentCents: instruction.spentCents,
+      remainingCents: instruction.remainingCents ?? (instruction.amount ? instruction.amount - instruction.spentCents : 0),
+      mandateCount: instructionMandates.length,
+      completedMandates: instructionMandates.filter((m) => m.status === "completed").length,
+      mandates: instructionMandates.map((m) => ({
+        id: m.id,
+        name: m.type,
+        spentCents: m.spentCents,
+        remainingCents: m.remainingCents,
+        maxAmountCents: m.config.maxAmount ?? null,
+        status: m.status
+      }))
+    });
+  });
+  return router;
+}
+function createVICFlowRoutes() {
+  const router = Router();
+  router.post("/enroll", (req, res) => {
+    const { walletId, cardId } = req.body;
+    if (!walletId || !cardId) {
+      res.status(400).json({ error: { code: "validation_error", message: "walletId and cardId are required" } });
+      return;
+    }
+    const card = cards.get(cardId);
+    if (!card || card.walletId !== walletId) {
+      res.status(404).json({ error: { code: "not_found", message: "Card not found in wallet" } });
+      return;
+    }
+    const existing = Array.from(enrolledCards.values()).find(
+      (e) => e.instrumentIdentifierId === cardId && e.status === "ACTIVE"
+    );
+    if (existing) {
+      res.json({ data: existing });
+      return;
+    }
+    const dpan = generateDPAN();
+    const enrolled = {
+      instrumentIdentifierId: cardId,
+      clientCorrelationId: req.body.clientCorrelationId ?? crypto2.randomUUID(),
+      tokenReferenceId: crypto2.randomBytes(16).toString("hex"),
+      dpan,
+      expMonth: card.expMonth,
+      expYear: card.expYear,
+      status: "ACTIVE",
+      enrolledAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    enrolledCards.set(cardId, enrolled);
+    const tokenId = generateId("vic_tok");
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    tokens.set(tokenId, {
+      id: tokenId,
+      walletId,
+      cardId,
+      networkTokenId: dpan,
+      last4: card.last4,
+      brand: "visa",
+      status: "active",
+      expiresAt: new Date(Date.now() + 365 * 24 * 60 * 60 * 1e3).toISOString(),
+      createdAt: now
+    });
+    console.log(`[VIC Demo] Card enrolled: ${cardId} \u2192 DPAN ***${dpan.slice(-4)}`);
+    res.status(201).json({ data: enrolled });
+  });
+  router.post("/intents", (req, res) => {
+    const { networkTokenId, amount, currency, merchantId, merchantName, description } = req.body;
+    if (!networkTokenId) {
+      res.status(400).json({ error: { code: "validation_error", message: "networkTokenId is required" } });
+      return;
+    }
+    const token = Array.from(tokens.values()).find((t) => t.networkTokenId === networkTokenId || t.id === networkTokenId);
+    if (!token) {
+      res.status(404).json({ error: { code: "not_found", message: "Network token not found" } });
+      return;
+    }
+    const intentId = crypto2.randomUUID();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const intent = {
+      id: intentId,
+      tokenId: token.id,
+      networkTokenId: token.networkTokenId,
+      amount: amount ?? 0,
+      currency: currency ?? "USD",
+      merchantId: merchantId ?? null,
+      merchantName: merchantName ?? null,
+      description: description ?? null,
+      mandates: req.body.mandates ?? [],
+      status: "created",
+      createdAt: now,
+      updatedAt: now
+    };
+    intents.set(intentId, intent);
+    console.log(`[VIC Demo] Purchase intent created: ${intentId} (token: ${token.id})`);
+    res.status(201).json({ data: { intentId } });
+  });
+  router.put("/intents/:id", (req, res) => {
+    const intent = intents.get(req.params.id);
+    if (!intent) {
+      res.status(404).json({ error: { code: "not_found", message: "Purchase intent not found" } });
+      return;
+    }
+    if (intent.status === "cancelled" || intent.status === "confirmed") {
+      res.status(400).json({
+        error: { code: "invalid_state", message: `Cannot update intent in status: ${intent.status}` }
+      });
+      return;
+    }
+    if (req.body.amount !== void 0) intent.amount = req.body.amount;
+    if (req.body.currency !== void 0) intent.currency = req.body.currency;
+    if (req.body.merchantId !== void 0) intent.merchantId = req.body.merchantId;
+    if (req.body.merchantName !== void 0) intent.merchantName = req.body.merchantName;
+    if (req.body.description !== void 0) intent.description = req.body.description;
+    if (req.body.mandates !== void 0) intent.mandates = req.body.mandates;
+    intent.status = "updated";
+    intent.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+    res.json({ data: { intentId: intent.id } });
+  });
+  router.delete("/intents/:id", (req, res) => {
+    const intent = intents.get(req.params.id);
+    if (!intent) {
+      res.status(404).json({ error: { code: "not_found", message: "Purchase intent not found" } });
+      return;
+    }
+    if (intent.status === "confirmed") {
+      res.status(400).json({
+        error: { code: "invalid_state", message: "Cannot cancel a confirmed intent" }
+      });
+      return;
+    }
+    intent.status = "cancelled";
+    intent.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+    res.json({ cancelled: true, intentId: intent.id });
+  });
+  router.post("/intents/:id/credentials", (req, res) => {
+    const intent = intents.get(req.params.id);
+    if (!intent) {
+      res.status(404).json({ error: { code: "not_found", message: "Purchase intent not found" } });
+      return;
+    }
+    if (intent.status === "cancelled") {
+      res.status(400).json({
+        error: { code: "invalid_state", message: "Cannot retrieve credentials for a cancelled intent" }
+      });
+      return;
+    }
+    const token = tokens.get(intent.tokenId);
+    const card = token ? cards.get(token.cardId) ?? Array.from(cards.values()).find((c) => c.walletId === token.walletId) : null;
+    const cryptogram = generateCryptogram();
+    intent.status = "credentials_retrieved";
+    intent.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+    console.log(`[VIC Demo] Credentials retrieved for intent: ${intent.id}`);
+    res.json({
+      data: {
+        tokenNumber: intent.networkTokenId,
+        cryptogram,
+        eci: "05",
+        expMonth: card?.expMonth ?? 12,
+        expYear: card?.expYear ?? 2030
+      }
+    });
+  });
+  router.post("/intents/:id/confirm", (req, res) => {
+    const intent = intents.get(req.params.id);
+    if (!intent) {
+      res.status(404).json({ error: { code: "not_found", message: "Purchase intent not found" } });
+      return;
+    }
+    intent.status = "confirmed";
+    intent.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+    console.log(`[VIC Demo] Transaction confirmed: ${intent.id}`);
+    res.json({ data: { confirmed: true } });
+  });
+  router.get("/tokens", (_req, res) => {
+    const results = Array.from(tokens.values());
+    let filtered = results;
+    if (_req.query.walletId) {
+      filtered = filtered.filter((t) => t.walletId === _req.query.walletId);
+    }
+    res.json({ data: filtered.map(toVICTokenResponse) });
+  });
+  router.get("/tokens/:id", (req, res) => {
+    const token = tokens.get(req.params.id);
+    if (!token) {
+      res.status(404).json({ error: { code: "not_found", message: "Token not found" } });
+      return;
+    }
+    res.json({ data: toVICTokenResponse(token) });
+  });
+  return router;
+}
+
+// server/vic-demo/index.ts
+var app = express();
+app.use(express.json());
+app.use((_req, res, next) => {
+  res.header("Access-Control-Allow-Origin", "*");
+  res.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, PATCH, OPTIONS");
+  res.header("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Lane-Request-Id, X-Idempotency-Key, X-Lane-Signature, X-Lane-Timestamp");
+  if (_req.method === "OPTIONS") {
+    res.status(204).send();
+    return;
+  }
+  next();
+});
+app.use("/agent", (req, _res, next) => {
+  const auth = req.headers.authorization;
+  if (!auth || !auth.startsWith("Bearer ")) {
+    _res.status(401).json({
+      error: { code: "unauthorized", message: "Bearer token required", statusCode: 401 }
+    });
+    return;
+  }
+  req.developer = { id: "dev_demo_001", name: "Demo Developer" };
+  next();
+});
+app.use("/vic", (req, _res, next) => {
+  const auth = req.headers.authorization;
+  if (!auth || !auth.startsWith("Bearer ")) {
+    _res.status(401).json({
+      error: { code: "unauthorized", message: "Bearer token required", statusCode: 401 }
+    });
+    return;
+  }
+  req.developer = { id: "dev_demo_001", name: "Demo Developer" };
+  next();
+});
+wallets.set("wallet_demo_001", {
+  id: "wallet_demo_001",
+  balance: 1e5,
+  // $1,000.00
+  currency: "USD",
+  createdAt: (/* @__PURE__ */ new Date()).toISOString()
+});
+wallets.set("wallet_demo_002", {
+  id: "wallet_demo_002",
+  balance: 5e5,
+  // $5,000.00
+  currency: "USD",
+  createdAt: (/* @__PURE__ */ new Date()).toISOString()
+});
+cards.set("card_demo_001", {
+  id: "card_demo_001",
+  walletId: "wallet_demo_001",
+  last4: "4242",
+  brand: "visa",
+  expMonth: 12,
+  expYear: 2030,
+  status: "active"
+});
+cards.set("card_demo_002", {
+  id: "card_demo_002",
+  walletId: "wallet_demo_002",
+  last4: "1234",
+  brand: "visa",
+  expMonth: 6,
+  expYear: 2029,
+  status: "active"
+});
+app.get("/health", (_req, res) => {
+  res.json({
+    service: "VIC Demo Server",
+    status: "healthy",
+    version: "1.1.0",
+    note: "Mock implementation of Lane VIC API for demos and development",
+    features: [
+      "VIC token lifecycle (issue, suspend, reactivate, revoke)",
+      "Payment credentials (DPAN + cryptogram)",
+      "Purchase intent management (create, update, cancel, confirm)",
+      "Instruction lifecycle with biometric confirmation",
+      "Raw Visa IC 6-step flow endpoints",
+      "Idempotency key support"
+    ],
+    stats: {
+      tokens: tokens.size,
+      intents: intents.size,
+      instructions: instructions.size,
+      wallets: wallets.size,
+      cards: cards.size
+    },
+    seedData: {
+      wallets: ["wallet_demo_001 ($1,000.00)", "wallet_demo_002 ($5,000.00)"],
+      cards: ["card_demo_001 (Visa ***4242)", "card_demo_002 (Visa ***1234)"]
+    }
+  });
+});
+app.use("/agent/token", createVICRoutes());
+app.use("/agent/instruction", createInstructionRoutes());
+app.use("/vic", createVICFlowRoutes());
+app.get("/agent/wallet", (_req, res) => {
+  const allWallets = Array.from(wallets.values()).map((w) => ({
+    id: w.id,
+    label: `Demo Wallet (${w.id})`,
+    developerId: "dev_demo_001",
+    status: "active",
+    createdAt: w.createdAt,
+    updatedAt: w.createdAt
+  }));
+  const limit = Math.min(parseInt(_req.query.limit) || 20, 100);
+  const offset = parseInt(_req.query.offset) || 0;
+  res.json({
+    data: allWallets.slice(offset, offset + limit),
+    total: allWallets.length,
+    limit,
+    offset
+  });
+});
+app.get("/agent/wallet/:walletId", (req, res) => {
+  const wallet = wallets.get(req.params.walletId);
+  if (!wallet) {
+    res.status(404).json({ error: { code: "not_found", message: "Wallet not found" } });
+    return;
+  }
+  res.json({
+    id: wallet.id,
+    label: `Demo Wallet (${wallet.id})`,
+    developerId: "dev_demo_001",
+    status: "active",
+    createdAt: wallet.createdAt,
+    updatedAt: wallet.createdAt
+  });
+});
+app.get("/agent/wallet/:walletId/cards", (req, res) => {
+  const walletCards = Array.from(cards.values()).filter((c) => c.walletId === req.params.walletId).map((c) => ({
+    id: c.id,
+    last4: c.last4,
+    brand: c.brand,
+    status: c.status,
+    isDefault: true,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString()
+  }));
+  res.json(walletCards);
+});
+app.get("/agent/wallet/:walletId/balance", (req, res) => {
+  const walletId = req.params.walletId;
+  const wallet = walletId === "default" ? Array.from(wallets.values())[0] : wallets.get(walletId);
+  if (!wallet) {
+    res.status(404).json({ error: { code: "not_found", message: "Wallet not found" } });
+    return;
+  }
+  res.json({
+    balance: wallet.balance,
+    currency: wallet.currency
+  });
+});
+app.post("/agent/auth/verify-sdk-access", (_req, res) => {
+  res.json({ access: true, demo: true });
+});
+app.get("/agent/admin/whoami", (_req, res) => {
+  res.json({
+    id: "dev_demo_001",
+    email: "demo@getonlane.com",
+    plan: "demo",
+    memberSince: "2024-01-01"
+  });
+});
+app.get("/agent/admin/budgets", (_req, res) => {
+  res.json({
+    dailyLimit: 5e4,
+    weeklyLimit: 2e5,
+    monthlyLimit: 5e5,
+    perTaskLimit: 1e4
+  });
+});
+app.get("/agent/card", (_req, res) => {
+  const allCards = Array.from(cards.values()).map((c) => ({
+    id: c.id,
+    last4: c.last4,
+    brand: c.brand,
+    status: c.status,
+    isDefault: true,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString()
+  }));
+  const limit = Math.min(parseInt(_req.query.limit) || 20, 100);
+  const offset = parseInt(_req.query.offset) || 0;
+  res.json({
+    data: allCards.slice(offset, offset + limit),
+    total: allCards.length,
+    limit,
+    offset
+  });
+});
+app.post("/agent/pay", (req, res) => {
+  res.json({
+    id: `txn_demo_${crypto3.randomUUID().slice(0, 8)}`,
+    amount: req.body.amount ?? 0,
+    currency: req.body.currency ?? "USD",
+    recipient: req.body.recipient ?? "demo-merchant",
+    description: req.body.description,
+    status: "success",
+    testMode: true,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString()
+  });
+});
+app.get("/agent/transaction", (_req, res) => {
+  const limit = Math.min(parseInt(_req.query.limit) || 20, 100);
+  const offset = parseInt(_req.query.offset) || 0;
+  res.json({ data: [], total: 0, limit, offset });
+});
+app.get("/agent/discovery", (_req, res) => {
+  res.json({
+    name: "Lane VIC Demo",
+    version: "1.1.0",
+    capabilities: ["vic", "instructions", "wallets"],
+    authMethods: ["bearer"]
+  });
+});
+app.use((err, _req, res, _next) => {
+  const requestId = _req.headers["x-lane-request-id"] ?? `req_${Date.now()}`;
+  console.error("[VIC Demo] Error:", err.message);
+  res.status(500).json({
+    error: {
+      code: "internal_error",
+      message: err.message,
+      statusCode: 500
+    },
+    requestId
+  });
+});
+var PORT = parseInt(process.env.PORT ?? "3020", 10);
+var server = app.listen(PORT, () => {
+  console.log(`[VIC Demo] Server running on http://localhost:${PORT}`);
+  console.log(`[VIC Demo] Health: http://localhost:${PORT}/health`);
+  console.log(`[VIC Demo]`);
+  console.log(`[VIC Demo] Routes:`);
+  console.log(`[VIC Demo]   SDK VIC tokens:    /agent/token/*`);
+  console.log(`[VIC Demo]   SDK instructions:  /agent/instruction/*`);
+  console.log(`[VIC Demo]   SDK wallets:       /agent/wallet/*`);
+  console.log(`[VIC Demo]   Visa IC 6-step:    /vic/*`);
+  console.log(`[VIC Demo]`);
+  console.log(`[VIC Demo] Seed data:`);
+  console.log(`[VIC Demo]   Wallet: wallet_demo_001 ($1,000.00)`);
+  console.log(`[VIC Demo]   Wallet: wallet_demo_002 ($5,000.00)`);
+  console.log(`[VIC Demo]   Card:   card_demo_001 (Visa ***4242)`);
+  console.log(`[VIC Demo]   Card:   card_demo_002 (Visa ***1234)`);
+  console.log(`[VIC Demo]`);
+  console.log(`[VIC Demo] SDK usage:`);
+  console.log(`[VIC Demo]   const lane = Lane._unsafeCreate({ baseUrl: 'http://localhost:${PORT}' });`);
+  console.log(`[VIC Demo]   const token = await lane.vic.issue({ walletId: 'wallet_demo_001', cardId: 'card_demo_001' });`);
+  console.log(`[VIC Demo]   const creds = await lane.vic.getPaymentCredentials(token.id, { amount: 1999, currency: 'USD', merchantId: 'amazon.com' });`);
+});
+for (const signal of ["SIGTERM", "SIGINT"]) {
+  process.on(signal, () => {
+    console.log(`[VIC Demo] Received ${signal}, shutting down...`);
+    server.close(() => process.exit(0));
+  });
+}
+var vic_demo_default = app;
+export {
+  vic_demo_default as default
+};
+//# sourceMappingURL=vic-demo.js.map