mpesa-mock 0.1.0

package/dist/cli.js

@@ -0,0 +1,2574 @@
+#!/usr/bin/env node
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __commonJS = (cb, mod) => function __require2() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+
+// node_modules/.pnpm/tsup@8.5.1_postcss@8.5.14_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/assets/esm_shims.js
+import path from "path";
+import { fileURLToPath } from "url";
+var getFilename, __filename;
+var init_esm_shims = __esm({
+  "node_modules/.pnpm/tsup@8.5.1_postcss@8.5.14_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/assets/esm_shims.js"() {
+    "use strict";
+    getFilename = () => fileURLToPath(import.meta.url);
+    __filename = /* @__PURE__ */ getFilename();
+  }
+});
+
+// src/core/transactions.ts
+import { EventEmitter } from "events";
+function stateToResultCode(state) {
+  switch (state) {
+    case "success":
+      return 0;
+    case "insufficient_funds":
+      return 1;
+    case "user_cancelled":
+      return 1032;
+    case "wrong_pin":
+      return 2001;
+    case "expired":
+      return 1037;
+    case "system_error":
+      return 1025;
+    case "pending":
+      return 1019;
+    case "timeout":
+      return 1037;
+  }
+}
+function stateToResultDesc(state) {
+  switch (state) {
+    case "success":
+      return "The service request is processed successfully.";
+    case "insufficient_funds":
+      return "The balance is insufficient for the transaction.";
+    case "user_cancelled":
+      return "Request cancelled by user.";
+    case "wrong_pin":
+      return "The initiator information is invalid.";
+    case "expired":
+      return "DS timeout. User cannot be reached.";
+    case "system_error":
+      return "An error occurred while sending a push request.";
+    case "pending":
+      return "The transaction is being processed.";
+    case "timeout":
+      return "DS timeout. User cannot be reached.";
+  }
+}
+var InMemoryStore;
+var init_transactions = __esm({
+  "src/core/transactions.ts"() {
+    "use strict";
+    init_esm_shims();
+    InMemoryStore = class extends EventEmitter {
+      byCheckout = /* @__PURE__ */ new Map();
+      byConversation = /* @__PURE__ */ new Map();
+      put(record) {
+        this.byCheckout.set(record.checkoutRequestID, record);
+        if (record.conversationID) {
+          this.byConversation.set(record.conversationID, record.checkoutRequestID);
+        }
+        this.emit("change", record);
+      }
+      get(checkoutRequestID) {
+        return this.byCheckout.get(checkoutRequestID);
+      }
+      getByConversationID(id) {
+        const key = this.byConversation.get(id);
+        return key ? this.byCheckout.get(key) : void 0;
+      }
+      list(limit) {
+        const all = Array.from(this.byCheckout.values()).sort((a, b) => b.createdAt - a.createdAt);
+        return typeof limit === "number" ? all.slice(0, limit) : all;
+      }
+      update(checkoutRequestID, patch) {
+        const existing = this.byCheckout.get(checkoutRequestID);
+        if (!existing) return void 0;
+        const next = { ...existing, ...patch };
+        this.byCheckout.set(checkoutRequestID, next);
+        if (next.conversationID) this.byConversation.set(next.conversationID, checkoutRequestID);
+        this.emit("change", next);
+        return next;
+      }
+      clear() {
+        this.byCheckout.clear();
+        this.byConversation.clear();
+        this.emit("clear");
+      }
+    };
+  }
+});
+
+// src/core/webhook-dispatcher.ts
+import { EventEmitter as EventEmitter2 } from "events";
+import pRetry, { AbortError } from "p-retry";
+var WebhookDispatcher;
+var init_webhook_dispatcher = __esm({
+  "src/core/webhook-dispatcher.ts"() {
+    "use strict";
+    init_esm_shims();
+    WebhookDispatcher = class extends EventEmitter2 {
+      pending = /* @__PURE__ */ new Map();
+      store;
+      fetchImpl;
+      onLog;
+      constructor(opts = {}) {
+        super();
+        this.store = opts.store;
+        this.fetchImpl = opts.fetchImpl ?? fetch;
+        this.onLog = opts.onLog;
+      }
+      schedule(job, delayMs) {
+        if (delayMs < 0) {
+          this.emit("skipped", { id: job.id, reason: "timeout" });
+          return;
+        }
+        if (this.pending.has(job.id)) {
+          clearTimeout(this.pending.get(job.id));
+        }
+        const handle = setTimeout(() => {
+          this.pending.delete(job.id);
+          void this.fire(job);
+        }, delayMs);
+        this.pending.set(job.id, handle);
+        this.emit("scheduled", { id: job.id, delayMs, url: job.url });
+      }
+      cancel(id) {
+        const h = this.pending.get(id);
+        if (!h) return false;
+        clearTimeout(h);
+        this.pending.delete(id);
+        return true;
+      }
+      pendingIds() {
+        return Array.from(this.pending.keys());
+      }
+      async fire(job) {
+        let attempt = 0;
+        try {
+          await pRetry(
+            async () => {
+              attempt += 1;
+              if (typeof job.failNTimesFirst === "number" && attempt <= job.failNTimesFirst) {
+                this.onLog?.(`webhook attempt ${attempt} forced-fail for ${job.url}`);
+                throw new Error(`forced fail ${attempt}`);
+              }
+              const res = await this.fetchImpl(job.url, {
+                method: "POST",
+                headers: { "content-type": "application/json" },
+                body: JSON.stringify(job.body)
+              });
+              if (!res.ok && res.status >= 500) {
+                throw new Error(`callback ${res.status}`);
+              }
+              if (!res.ok && res.status >= 400) {
+                throw new AbortError(`callback ${res.status}`);
+              }
+              this.emit("delivered", { id: job.id, url: job.url, attempts: attempt });
+              if (this.store && job.transactionId) {
+                this.store.update(job.transactionId, {
+                  callbackAttempts: attempt,
+                  callbackDeliveredAt: Date.now()
+                });
+              }
+            },
+            {
+              retries: job.maxAttempts - 1,
+              minTimeout: job.backoffMs,
+              factor: 2,
+              onFailedAttempt: (err) => {
+                this.onLog?.(`webhook ${job.url} attempt ${err.attemptNumber} failed: ${err.message}`);
+              }
+            }
+          );
+        } catch (err) {
+          this.emit("failed", {
+            id: job.id,
+            url: job.url,
+            attempts: attempt,
+            error: err instanceof Error ? err.message : String(err)
+          });
+          if (this.store && job.transactionId) {
+            this.store.update(job.transactionId, { callbackAttempts: attempt });
+          }
+        }
+      }
+      shutdown() {
+        for (const handle of this.pending.values()) clearTimeout(handle);
+        this.pending.clear();
+      }
+    };
+  }
+});
+
+// src/core/id-generator.ts
+import { randomBytes, randomInt } from "crypto";
+function generateAccessToken() {
+  return randomBytes(24).toString("base64").replace(/[^a-zA-Z0-9]/g, "").slice(0, 32).padEnd(32, "0");
+}
+function generateMerchantRequestID() {
+  const a = randomInt(1e4, 99999);
+  const b = randomInt(1e7, 99999999);
+  const c = randomInt(1, 9);
+  return `${a}-${b}-${c}`;
+}
+function generateCheckoutRequestID(date = /* @__PURE__ */ new Date()) {
+  const pad = (n, len = 2) => String(n).padStart(len, "0");
+  const dd = pad(date.getDate());
+  const mm = pad(date.getMonth() + 1);
+  const yyyy = String(date.getFullYear());
+  const hh = pad(date.getHours());
+  const mi = pad(date.getMinutes());
+  const ss = pad(date.getSeconds());
+  const ms = pad(date.getMilliseconds(), 3);
+  return `ws_CO_${dd}${mm}${yyyy}${hh}${mi}${ss}${ms}`;
+}
+function generateConversationID() {
+  const a = randomInt(1e3, 9999);
+  const b = randomInt(1e5, 999999);
+  const c = randomInt(10, 99);
+  return `AG_${formatDate(/* @__PURE__ */ new Date())}_${a}${b}${c}`;
+}
+function generateOriginatorConversationID() {
+  const a = randomInt(1e4, 99999);
+  const b = randomInt(1e6, 9999999);
+  const c = randomInt(1, 9);
+  return `${a}-${b}-${c}`;
+}
+function generateMpesaReceiptNumber() {
+  const chars = "ABCDEFGHJKMNPQRSTUVWXYZ23456789";
+  let out = "";
+  for (let i = 0; i < 10; i++) {
+    out += chars[randomInt(0, chars.length)];
+  }
+  return out;
+}
+function generateTransactionDate(date = /* @__PURE__ */ new Date()) {
+  const pad = (n) => String(n).padStart(2, "0");
+  const yyyy = date.getFullYear();
+  const mm = pad(date.getMonth() + 1);
+  const dd = pad(date.getDate());
+  const hh = pad(date.getHours());
+  const mi = pad(date.getMinutes());
+  const ss = pad(date.getSeconds());
+  return Number(`${yyyy}${mm}${dd}${hh}${mi}${ss}`);
+}
+function formatDate(d) {
+  const pad = (n) => String(n).padStart(2, "0");
+  return `${pad(d.getDate())}${pad(d.getMonth() + 1)}${d.getFullYear()}${pad(d.getHours())}${pad(d.getMinutes())}${pad(d.getSeconds())}`;
+}
+var init_id_generator = __esm({
+  "src/core/id-generator.ts"() {
+    "use strict";
+    init_esm_shims();
+  }
+});
+
+// src/config/defaults.ts
+var DEFAULTS;
+var init_defaults = __esm({
+  "src/config/defaults.ts"() {
+    "use strict";
+    init_esm_shims();
+    DEFAULTS = {
+      port: 4e3,
+      host: "0.0.0.0",
+      callbackDelayMs: 8e3,
+      callbackRetryAttempts: 3,
+      callbackRetryBackoffMs: 1e3,
+      oauthTokenExpiresIn: "3599",
+      testCredentials: {
+        consumerKey: "test_key",
+        consumerSecret: "test_secret"
+      },
+      testShortcode: "174379",
+      testTill: "600000",
+      partyB: "254708374149"
+    };
+  }
+});
+
+// src/core/auth.ts
+function parseBasicAuth(header) {
+  if (!header || !header.toLowerCase().startsWith("basic ")) return null;
+  const encoded = header.slice(6).trim();
+  let decoded;
+  try {
+    decoded = Buffer.from(encoded, "base64").toString("utf-8");
+  } catch {
+    return null;
+  }
+  const idx = decoded.indexOf(":");
+  if (idx < 0) return null;
+  const key = decoded.slice(0, idx);
+  const secret = decoded.slice(idx + 1);
+  if (!key || !secret) return null;
+  return { key, secret };
+}
+function issueToken() {
+  const token = generateAccessToken();
+  issuedTokens.set(token, Date.now() + TOKEN_TTL_MS);
+  return { access_token: token, expires_in: DEFAULTS.oauthTokenExpiresIn };
+}
+function isUsingTestCredentials(key, secret) {
+  return key === DEFAULTS.testCredentials.consumerKey && secret === DEFAULTS.testCredentials.consumerSecret;
+}
+function parseBearerToken(header) {
+  if (!header) return null;
+  const m = header.match(/^Bearer\s+(.+)$/i);
+  return m && m[1] ? m[1].trim() : null;
+}
+function isValidToken(token) {
+  const exp = issuedTokens.get(token);
+  if (!exp) {
+    return /^[a-zA-Z0-9]{20,}$/.test(token);
+  }
+  if (Date.now() > exp) {
+    issuedTokens.delete(token);
+    return false;
+  }
+  return true;
+}
+var issuedTokens, TOKEN_TTL_MS;
+var init_auth = __esm({
+  "src/core/auth.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_id_generator();
+    init_defaults();
+    issuedTokens = /* @__PURE__ */ new Map();
+    TOKEN_TTL_MS = 3599 * 1e3;
+  }
+});
+
+// src/routes/oauth.ts
+import { Hono } from "hono";
+function oauthRoute() {
+  const app = new Hono();
+  app.get("/oauth/v1/generate", (c) => {
+    const grantType = c.req.query("grant_type");
+    if (grantType !== "client_credentials") {
+      return c.json(
+        { requestId: "no-request-id", errorCode: "400.001.01", errorMessage: "Invalid grant_type" },
+        400
+      );
+    }
+    const parsed = parseBasicAuth(c.req.header("authorization"));
+    if (!parsed) {
+      return c.json(
+        { requestId: "no-request-id", errorCode: "401.002.01", errorMessage: "Invalid Authentication passed" },
+        401
+      );
+    }
+    if (isUsingTestCredentials(parsed.key, parsed.secret)) {
+      c.get("log")?.("warn: using default test credentials (test_key:test_secret) \u2014 fine for mock");
+    }
+    return c.json(issueToken());
+  });
+  return app;
+}
+var init_oauth = __esm({
+  "src/routes/oauth.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_auth();
+  }
+});
+
+// src/schemas/index.ts
+import { z } from "zod";
+var stkPushSchema, stkQuerySchema, c2bRegisterUrlSchema, c2bSimulateSchema, b2cSchema, b2bSchema, transactionStatusSchema, accountBalanceSchema, reversalSchema;
+var init_schemas = __esm({
+  "src/schemas/index.ts"() {
+    "use strict";
+    init_esm_shims();
+    stkPushSchema = z.object({
+      BusinessShortCode: z.string().min(1),
+      Password: z.string().min(1),
+      Timestamp: z.string().min(1),
+      TransactionType: z.enum(["CustomerPayBillOnline", "CustomerBuyGoodsOnline"]),
+      Amount: z.number().int().positive(),
+      PartyA: z.string().min(1),
+      PartyB: z.string().min(1),
+      PhoneNumber: z.string().min(1),
+      CallBackURL: z.string().url(),
+      AccountReference: z.string().min(1).max(12),
+      TransactionDesc: z.string().min(1).max(13)
+    });
+    stkQuerySchema = z.object({
+      BusinessShortCode: z.string().min(1),
+      Password: z.string().min(1),
+      Timestamp: z.string().min(1),
+      CheckoutRequestID: z.string().min(1)
+    });
+    c2bRegisterUrlSchema = z.object({
+      ShortCode: z.string().min(1),
+      ResponseType: z.enum(["Completed", "Cancelled"]),
+      ConfirmationURL: z.string().url(),
+      ValidationURL: z.string().url()
+    });
+    c2bSimulateSchema = z.object({
+      ShortCode: z.string().min(1),
+      CommandID: z.enum(["CustomerPayBillOnline", "CustomerBuyGoodsOnline"]),
+      Amount: z.number().int().positive(),
+      Msisdn: z.string().min(1),
+      BillRefNumber: z.string().min(1)
+    });
+    b2cSchema = z.object({
+      InitiatorName: z.string().min(1),
+      SecurityCredential: z.string().min(1),
+      CommandID: z.enum(["SalaryPayment", "BusinessPayment", "PromotionPayment"]),
+      Amount: z.number().int().positive(),
+      PartyA: z.string().min(1),
+      PartyB: z.string().min(1),
+      Remarks: z.string().min(1),
+      QueueTimeOutURL: z.string().url(),
+      ResultURL: z.string().url(),
+      Occasion: z.string().optional().default("")
+    });
+    b2bSchema = z.object({
+      Initiator: z.string().min(1),
+      SecurityCredential: z.string().min(1),
+      CommandID: z.string().min(1),
+      SenderIdentifierType: z.string().min(1),
+      RecieverIdentifierType: z.string().min(1),
+      Amount: z.number().int().positive(),
+      PartyA: z.string().min(1),
+      PartyB: z.string().min(1),
+      AccountReference: z.string().optional().default(""),
+      Remarks: z.string().min(1),
+      QueueTimeOutURL: z.string().url(),
+      ResultURL: z.string().url()
+    });
+    transactionStatusSchema = z.object({
+      Initiator: z.string().min(1),
+      SecurityCredential: z.string().min(1),
+      CommandID: z.literal("TransactionStatusQuery"),
+      TransactionID: z.string().min(1),
+      PartyA: z.string().min(1),
+      IdentifierType: z.string().min(1),
+      ResultURL: z.string().url(),
+      QueueTimeOutURL: z.string().url(),
+      Remarks: z.string().min(1),
+      Occasion: z.string().optional().default("")
+    });
+    accountBalanceSchema = z.object({
+      Initiator: z.string().min(1),
+      SecurityCredential: z.string().min(1),
+      CommandID: z.literal("AccountBalance"),
+      PartyA: z.string().min(1),
+      IdentifierType: z.string().min(1),
+      Remarks: z.string().min(1),
+      QueueTimeOutURL: z.string().url(),
+      ResultURL: z.string().url()
+    });
+    reversalSchema = z.object({
+      Initiator: z.string().min(1),
+      SecurityCredential: z.string().min(1),
+      CommandID: z.literal("TransactionReversal"),
+      TransactionID: z.string().min(1),
+      Amount: z.number().int().positive(),
+      ReceiverParty: z.string().min(1),
+      RecieverIdentifierType: z.string().min(1),
+      ResultURL: z.string().url(),
+      QueueTimeOutURL: z.string().url(),
+      Remarks: z.string().min(1),
+      Occasion: z.string().optional().default("")
+    });
+  }
+});
+
+// src/core/failure-injector.ts
+function pickScenario(phoneNumber, config) {
+  const direct = config.scenarios[phoneNumber];
+  if (direct) return direct;
+  const suffix = phoneNumber.slice(-2);
+  return SUFFIX_MAP[suffix] ?? "success";
+}
+function callbackDelayFor(scenario, config) {
+  if (scenario === "slow") return 3e4;
+  if (scenario === "timeout") return -1;
+  return config.defaultCallbackDelayMs;
+}
+var SUFFIX_MAP;
+var init_failure_injector = __esm({
+  "src/core/failure-injector.ts"() {
+    "use strict";
+    init_esm_shims();
+    SUFFIX_MAP = {
+      "00": "success",
+      "01": "user_cancelled",
+      "02": "insufficient_funds",
+      "03": "wrong_pin",
+      "04": "timeout",
+      "05": "callback_retry",
+      "06": "expired",
+      "07": "system_error",
+      "99": "slow"
+    };
+  }
+});
+
+// src/routes/stk-push.ts
+import { Hono as Hono2 } from "hono";
+function scenarioToState(s) {
+  switch (s) {
+    case "success":
+    case "callback_retry":
+    case "slow":
+      return "success";
+    case "user_cancelled":
+      return "user_cancelled";
+    case "insufficient_funds":
+      return "insufficient_funds";
+    case "wrong_pin":
+      return "wrong_pin";
+    case "expired":
+      return "expired";
+    case "system_error":
+      return "system_error";
+    case "timeout":
+      return "timeout";
+  }
+}
+function stkPushRoute() {
+  const app = new Hono2();
+  app.post("/mpesa/stkpush/v1/processrequest", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = stkPushSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        {
+          requestId: "no-request-id",
+          errorCode: "400.002.05",
+          errorMessage: "Invalid request payload",
+          errors: parsed.error.flatten()
+        },
+        400
+      );
+    }
+    const body = parsed.data;
+    const merchantRequestID = generateMerchantRequestID();
+    const checkoutRequestID = generateCheckoutRequestID();
+    const scenario = pickScenario(body.PhoneNumber, c.var.config);
+    const targetState = scenarioToState(scenario);
+    const delay = callbackDelayFor(scenario, c.var.config);
+    const record = {
+      checkoutRequestID,
+      merchantRequestID,
+      kind: "stk",
+      amount: body.Amount,
+      phoneNumber: body.PhoneNumber,
+      shortCode: body.BusinessShortCode,
+      callbackUrl: body.CallBackURL,
+      state: "pending",
+      createdAt: Date.now(),
+      callbackAttempts: 0
+    };
+    c.var.store.put(record);
+    const failNTimesFirst = scenario === "callback_retry" ? 3 : void 0;
+    const callbackBody = buildStkCallback({
+      merchantRequestID,
+      checkoutRequestID,
+      state: targetState,
+      amount: body.Amount,
+      phoneNumber: body.PhoneNumber
+    });
+    if (scenario === "timeout") {
+      c.var.log?.(`stk-push ${checkoutRequestID}: timeout scenario, no callback will fire`);
+    } else {
+      c.var.dispatcher.schedule(
+        {
+          id: checkoutRequestID,
+          url: body.CallBackURL,
+          body: callbackBody,
+          scheduledAt: Date.now() + delay,
+          attempts: 0,
+          maxAttempts: c.var.config.webhookRetry.attempts + (failNTimesFirst ?? 0),
+          backoffMs: c.var.config.webhookRetry.backoffMs,
+          transactionId: checkoutRequestID,
+          ...failNTimesFirst !== void 0 ? { failNTimesFirst } : {}
+        },
+        delay
+      );
+    }
+    setTimeout(() => {
+      const cur = c.var.store.get(checkoutRequestID);
+      if (cur && cur.state === "pending") {
+        c.var.store.update(checkoutRequestID, {
+          state: targetState,
+          resultCode: stateToResultCode(targetState),
+          resultDesc: stateToResultDesc(targetState),
+          completedAt: Date.now(),
+          ...targetState === "success" ? { mpesaReceiptNumber: generateMpesaReceiptNumber() } : {}
+        });
+      }
+    }, Math.max(0, delay));
+    return c.json({
+      MerchantRequestID: merchantRequestID,
+      CheckoutRequestID: checkoutRequestID,
+      ResponseCode: "0",
+      ResponseDescription: "Success. Request accepted for processing",
+      CustomerMessage: "Success. Request accepted for processing"
+    });
+  });
+  return app;
+}
+function buildStkCallback(params) {
+  const resultCode = stateToResultCode(params.state);
+  const resultDesc = stateToResultDesc(params.state);
+  if (params.state === "success") {
+    return {
+      Body: {
+        stkCallback: {
+          MerchantRequestID: params.merchantRequestID,
+          CheckoutRequestID: params.checkoutRequestID,
+          ResultCode: resultCode,
+          ResultDesc: resultDesc,
+          CallbackMetadata: {
+            Item: [
+              { Name: "Amount", Value: params.amount },
+              { Name: "MpesaReceiptNumber", Value: generateMpesaReceiptNumber() },
+              { Name: "TransactionDate", Value: generateTransactionDate() },
+              { Name: "PhoneNumber", Value: Number(params.phoneNumber) }
+            ]
+          }
+        }
+      }
+    };
+  }
+  return {
+    Body: {
+      stkCallback: {
+        MerchantRequestID: params.merchantRequestID,
+        CheckoutRequestID: params.checkoutRequestID,
+        ResultCode: resultCode,
+        ResultDesc: resultDesc
+      }
+    }
+  };
+}
+var init_stk_push = __esm({
+  "src/routes/stk-push.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_auth();
+    init_id_generator();
+    init_schemas();
+    init_failure_injector();
+    init_transactions();
+  }
+});
+
+// src/routes/stk-query.ts
+import { Hono as Hono3 } from "hono";
+function stkQueryRoute() {
+  const app = new Hono3();
+  app.post("/mpesa/stkpushquery/v1/query", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = stkQuerySchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    const record = c.var.store.get(parsed.data.CheckoutRequestID);
+    if (!record) {
+      return c.json(
+        {
+          requestId: "no-request-id",
+          errorCode: "500.001.1001",
+          errorMessage: "The transaction is being processed"
+        },
+        500
+      );
+    }
+    const resultCode = record.resultCode ?? stateToResultCode(record.state);
+    return c.json({
+      ResponseCode: "0",
+      ResponseDescription: "The service request has been accepted successfully",
+      MerchantRequestID: record.merchantRequestID,
+      CheckoutRequestID: record.checkoutRequestID,
+      ResultCode: String(resultCode),
+      ResultDesc: record.resultDesc ?? stateToResultDesc(record.state)
+    });
+  });
+  return app;
+}
+var init_stk_query = __esm({
+  "src/routes/stk-query.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_auth();
+    init_schemas();
+    init_transactions();
+  }
+});
+
+// src/routes/c2b.ts
+import { Hono as Hono4 } from "hono";
+function c2bRoute() {
+  const app = new Hono4();
+  app.post("/mpesa/c2b/v1/registerurl", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = c2bRegisterUrlSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    registry.set(parsed.data.ShortCode, {
+      shortCode: parsed.data.ShortCode,
+      confirmationURL: parsed.data.ConfirmationURL,
+      validationURL: parsed.data.ValidationURL,
+      responseType: parsed.data.ResponseType
+    });
+    return c.json({
+      OriginatorCoversationID: generateOriginatorConversationID(),
+      ResponseCode: "0",
+      ResponseDescription: "success"
+    });
+  });
+  app.post("/mpesa/c2b/v1/simulate", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = c2bSimulateSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    const result = await runC2BSimulation(c, parsed.data.ShortCode, parsed.data.Amount, parsed.data.Msisdn, parsed.data.BillRefNumber);
+    if (result.kind === "no-registration") {
+      return c.json(
+        { errorCode: "500.001.1001", errorMessage: "No registered URLs found for this shortcode" },
+        500
+      );
+    }
+    return c.json({
+      OriginatorCoversationID: result.originatorConversationID,
+      ConversationID: result.conversationID,
+      ResponseDescription: "Accept the service request successfully."
+    });
+  });
+  app.post("/__mock__/c2b/trigger", async (c) => {
+    const raw = await c.req.json().catch(() => null);
+    if (!raw) {
+      return c.json({ error: "invalid body" }, 400);
+    }
+    const shortCode = String(raw.ShortCode ?? raw.shortCode ?? "");
+    const amount = Number(raw.Amount ?? raw.amount ?? 0);
+    const msisdn = String(raw.Msisdn ?? raw.msisdn ?? "");
+    const billRef = String(raw.BillRefNumber ?? raw.billRefNumber ?? "TEST");
+    if (!shortCode || !amount || !msisdn) {
+      return c.json({ error: "ShortCode, Amount, Msisdn required" }, 400);
+    }
+    const result = await runC2BSimulation(c, shortCode, amount, msisdn, billRef);
+    return c.json(result, result.kind === "no-registration" ? 404 : 200);
+  });
+  return app;
+}
+async function runC2BSimulation(c, shortCode, amount, msisdn, billRef) {
+  const reg = registry.get(shortCode);
+  if (!reg) return { kind: "no-registration" };
+  const conversationID = generateConversationID();
+  const originatorConversationID = generateOriginatorConversationID();
+  const receipt = generateMpesaReceiptNumber();
+  const transactionDate = generateTransactionDate();
+  const txn = {
+    checkoutRequestID: conversationID,
+    merchantRequestID: originatorConversationID,
+    conversationID,
+    originatorConversationID,
+    kind: "c2b",
+    amount,
+    phoneNumber: msisdn,
+    shortCode,
+    callbackUrl: reg.confirmationURL,
+    state: "pending",
+    createdAt: Date.now(),
+    callbackAttempts: 0,
+    mpesaReceiptNumber: receipt
+  };
+  c.var.store.put(txn);
+  const callbackPayload = {
+    TransactionType: "Pay Bill",
+    TransID: receipt,
+    TransTime: String(transactionDate),
+    TransAmount: String(amount),
+    BusinessShortCode: shortCode,
+    BillRefNumber: billRef,
+    InvoiceNumber: "",
+    OrgAccountBalance: "0.00",
+    ThirdPartyTransID: "",
+    MSISDN: msisdn,
+    FirstName: "Test",
+    MiddleName: "C2B",
+    LastName: "Customer"
+  };
+  let validationOk = true;
+  try {
+    const res = await fetch(reg.validationURL, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify(callbackPayload)
+    });
+    if (res.ok) {
+      const body = await res.json().catch(() => ({}));
+      if (body.ResultCode && body.ResultCode !== "0") validationOk = false;
+    }
+  } catch {
+    validationOk = true;
+  }
+  if (!validationOk) {
+    c.var.store.update(conversationID, { state: "user_cancelled", resultCode: 1, resultDesc: "Validation rejected", completedAt: Date.now() });
+    return { kind: "rejected", originatorConversationID, conversationID };
+  }
+  c.var.dispatcher.schedule(
+    {
+      id: conversationID,
+      url: reg.confirmationURL,
+      body: callbackPayload,
+      scheduledAt: Date.now(),
+      attempts: 0,
+      maxAttempts: c.var.config.webhookRetry.attempts,
+      backoffMs: c.var.config.webhookRetry.backoffMs,
+      transactionId: conversationID
+    },
+    0
+  );
+  c.var.store.update(conversationID, { state: "success", resultCode: 0, resultDesc: "Success", completedAt: Date.now() });
+  return { kind: "delivered", originatorConversationID, conversationID };
+}
+var registry;
+var init_c2b = __esm({
+  "src/routes/c2b.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_auth();
+    init_schemas();
+    init_id_generator();
+    registry = /* @__PURE__ */ new Map();
+  }
+});
+
+// src/routes/b2c.ts
+import { Hono as Hono5 } from "hono";
+function b2cRoute() {
+  const app = new Hono5();
+  app.post("/mpesa/b2c/v1/paymentrequest", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = b2cSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    const body = parsed.data;
+    const conversationID = generateConversationID();
+    const originatorConversationID = generateOriginatorConversationID();
+    const scenario = pickScenario(body.PartyB, c.var.config);
+    const isSuccess = scenario === "success" || scenario === "slow" || scenario === "callback_retry";
+    const record = {
+      checkoutRequestID: conversationID,
+      merchantRequestID: originatorConversationID,
+      conversationID,
+      originatorConversationID,
+      kind: "b2c",
+      amount: body.Amount,
+      phoneNumber: body.PartyB,
+      shortCode: body.PartyA,
+      callbackUrl: body.ResultURL,
+      state: isSuccess ? "success" : "system_error",
+      createdAt: Date.now(),
+      callbackAttempts: 0,
+      ...isSuccess ? { mpesaReceiptNumber: generateMpesaReceiptNumber() } : {}
+    };
+    c.var.store.put(record);
+    const callback = {
+      Result: {
+        ResultType: 0,
+        ResultCode: isSuccess ? 0 : 2001,
+        ResultDesc: isSuccess ? "The service request is processed successfully." : "The initiator information is invalid.",
+        OriginatorConversationID: originatorConversationID,
+        ConversationID: conversationID,
+        TransactionID: record.mpesaReceiptNumber ?? "N/A",
+        ResultParameters: {
+          ResultParameter: isSuccess ? [
+            { Key: "TransactionAmount", Value: body.Amount },
+            { Key: "TransactionReceipt", Value: record.mpesaReceiptNumber ?? "" },
+            { Key: "B2CRecipientIsRegisteredCustomer", Value: "Y" },
+            { Key: "B2CChargesPaidAccountAvailableFunds", Value: 0 },
+            { Key: "ReceiverPartyPublicName", Value: `${body.PartyB} - Test Recipient` },
+            { Key: "TransactionCompletedDateTime", Value: (/* @__PURE__ */ new Date()).toISOString() },
+            { Key: "B2CUtilityAccountAvailableFunds", Value: 1e6 },
+            { Key: "B2CWorkingAccountAvailableFunds", Value: 1e6 }
+          ] : []
+        },
+        ReferenceData: {
+          ReferenceItem: { Key: "QueueTimeoutURL", Value: body.QueueTimeOutURL }
+        }
+      }
+    };
+    c.var.dispatcher.schedule(
+      {
+        id: conversationID,
+        url: body.ResultURL,
+        body: callback,
+        scheduledAt: Date.now() + c.var.config.defaultCallbackDelayMs,
+        attempts: 0,
+        maxAttempts: c.var.config.webhookRetry.attempts,
+        backoffMs: c.var.config.webhookRetry.backoffMs,
+        transactionId: conversationID
+      },
+      c.var.config.defaultCallbackDelayMs
+    );
+    return c.json({
+      ConversationID: conversationID,
+      OriginatorConversationID: originatorConversationID,
+      ResponseCode: "0",
+      ResponseDescription: "Accept the service request successfully."
+    });
+  });
+  return app;
+}
+var init_b2c = __esm({
+  "src/routes/b2c.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_auth();
+    init_schemas();
+    init_id_generator();
+    init_failure_injector();
+  }
+});
+
+// src/routes/b2b.ts
+import { Hono as Hono6 } from "hono";
+function b2bRoute() {
+  const app = new Hono6();
+  app.post("/mpesa/b2b/v1/paymentrequest", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = b2bSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    const body = parsed.data;
+    const conversationID = generateConversationID();
+    const originatorConversationID = generateOriginatorConversationID();
+    const receipt = generateMpesaReceiptNumber();
+    const record = {
+      checkoutRequestID: conversationID,
+      merchantRequestID: originatorConversationID,
+      conversationID,
+      originatorConversationID,
+      kind: "b2b",
+      amount: body.Amount,
+      phoneNumber: body.PartyB,
+      shortCode: body.PartyA,
+      callbackUrl: body.ResultURL,
+      state: "success",
+      createdAt: Date.now(),
+      callbackAttempts: 0,
+      mpesaReceiptNumber: receipt
+    };
+    c.var.store.put(record);
+    const callback = {
+      Result: {
+        ResultType: 0,
+        ResultCode: 0,
+        ResultDesc: "The service request is processed successfully.",
+        OriginatorConversationID: originatorConversationID,
+        ConversationID: conversationID,
+        TransactionID: receipt,
+        ResultParameters: {
+          ResultParameter: [
+            { Key: "DebitAccountBalance", Value: "Working Account|KES|1000000.00|1000000.00|0.00|0.00" },
+            { Key: "Amount", Value: body.Amount },
+            { Key: "DebitPartyAffectedAccountBalance", Value: "Working Account|KES|1000000.00|1000000.00|0.00|0.00" },
+            { Key: "TransCompletedTime", Value: (/* @__PURE__ */ new Date()).toISOString() },
+            { Key: "DebitPartyCharges", Value: "" },
+            { Key: "ReceiverPartyPublicName", Value: `${body.PartyB} - Test Business` },
+            { Key: "Currency", Value: "KES" },
+            { Key: "InitiatorAccountCurrentBalance", Value: "{Amount={CurrencyCode=KES, MinimumAmount=99999900, BasicAmount=999999.00}}" }
+          ]
+        },
+        ReferenceData: {
+          ReferenceItem: [
+            { Key: "BillReferenceNumber", Value: body.AccountReference ?? "" },
+            { Key: "QueueTimeoutURL", Value: body.QueueTimeOutURL }
+          ]
+        }
+      }
+    };
+    c.var.dispatcher.schedule(
+      {
+        id: conversationID,
+        url: body.ResultURL,
+        body: callback,
+        scheduledAt: Date.now() + c.var.config.defaultCallbackDelayMs,
+        attempts: 0,
+        maxAttempts: c.var.config.webhookRetry.attempts,
+        backoffMs: c.var.config.webhookRetry.backoffMs,
+        transactionId: conversationID
+      },
+      c.var.config.defaultCallbackDelayMs
+    );
+    return c.json({
+      ConversationID: conversationID,
+      OriginatorConversationID: originatorConversationID,
+      ResponseCode: "0",
+      ResponseDescription: "Accept the service request successfully."
+    });
+  });
+  return app;
+}
+var init_b2b = __esm({
+  "src/routes/b2b.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_auth();
+    init_schemas();
+    init_id_generator();
+  }
+});
+
+// src/routes/transaction-status.ts
+import { Hono as Hono7 } from "hono";
+function transactionStatusRoute() {
+  const app = new Hono7();
+  app.post("/mpesa/transactionstatus/v1/query", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = transactionStatusSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    const body = parsed.data;
+    const conversationID = generateConversationID();
+    const originatorConversationID = generateOriginatorConversationID();
+    const existing = c.var.store.get(body.TransactionID);
+    const callback = {
+      Result: {
+        ResultType: 0,
+        ResultCode: 0,
+        ResultDesc: "The service request is processed successfully.",
+        OriginatorConversationID: originatorConversationID,
+        ConversationID: conversationID,
+        TransactionID: body.TransactionID,
+        ResultParameters: {
+          ResultParameter: [
+            { Key: "ReceiptNo", Value: existing?.mpesaReceiptNumber ?? body.TransactionID },
+            { Key: "ConversationID", Value: existing?.conversationID ?? conversationID },
+            { Key: "FinalisedTime", Value: (/* @__PURE__ */ new Date()).toISOString() },
+            { Key: "Amount", Value: existing?.amount ?? 0 },
+            { Key: "TransactionStatus", Value: existing?.state === "success" ? "Completed" : "Failed" },
+            { Key: "ReasonType", Value: "Salary Payment via API" },
+            { Key: "TransactionReason", Value: body.Remarks },
+            { Key: "DebitPartyCharges", Value: "" },
+            { Key: "DebitAccountType", Value: "Utility Account" },
+            { Key: "InitiatedTime", Value: (/* @__PURE__ */ new Date()).toISOString() },
+            { Key: "OriginatorConversationID", Value: existing?.originatorConversationID ?? originatorConversationID },
+            { Key: "CreditPartyName", Value: existing ? `${existing.phoneNumber} - Test Recipient` : "Test Recipient" },
+            { Key: "DebitPartyName", Value: existing ? `${existing.shortCode} - Test Merchant` : "Test Merchant" }
+          ]
+        },
+        ReferenceData: {
+          ReferenceItem: { Key: "Occasion", Value: body.Occasion ?? "" }
+        }
+      }
+    };
+    c.var.dispatcher.schedule(
+      {
+        id: conversationID,
+        url: body.ResultURL,
+        body: callback,
+        scheduledAt: Date.now() + c.var.config.defaultCallbackDelayMs,
+        attempts: 0,
+        maxAttempts: c.var.config.webhookRetry.attempts,
+        backoffMs: c.var.config.webhookRetry.backoffMs
+      },
+      c.var.config.defaultCallbackDelayMs
+    );
+    return c.json({
+      OriginatorConversationID: originatorConversationID,
+      ConversationID: conversationID,
+      ResponseCode: "0",
+      ResponseDescription: "Accept the service request successfully."
+    });
+  });
+  return app;
+}
+var init_transaction_status = __esm({
+  "src/routes/transaction-status.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_auth();
+    init_schemas();
+    init_id_generator();
+  }
+});
+
+// src/routes/account-balance.ts
+import { Hono as Hono8 } from "hono";
+function accountBalanceRoute() {
+  const app = new Hono8();
+  app.post("/mpesa/accountbalance/v1/query", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = accountBalanceSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    const body = parsed.data;
+    const conversationID = generateConversationID();
+    const originatorConversationID = generateOriginatorConversationID();
+    const callback = {
+      Result: {
+        ResultType: 0,
+        ResultCode: 0,
+        ResultDesc: "The service request is processed successfully.",
+        OriginatorConversationID: originatorConversationID,
+        ConversationID: conversationID,
+        TransactionID: "BALANCE-QUERY",
+        ResultParameters: {
+          ResultParameter: [
+            { Key: "AccountBalance", Value: "Working Account|KES|1000000.00|1000000.00|0.00|0.00&Float Account|KES|0.00|0.00|0.00|0.00&Utility Account|KES|1000000.00|1000000.00|0.00|0.00&Charges Paid Account|KES|0.00|0.00|0.00|0.00&Organization Settlement Account|KES|0.00|0.00|0.00|0.00" },
+            { Key: "BOCompletedTime", Value: (/* @__PURE__ */ new Date()).toISOString() }
+          ]
+        },
+        ReferenceData: {
+          ReferenceItem: { Key: "QueueTimeoutURL", Value: body.QueueTimeOutURL }
+        }
+      }
+    };
+    c.var.dispatcher.schedule(
+      {
+        id: conversationID,
+        url: body.ResultURL,
+        body: callback,
+        scheduledAt: Date.now() + c.var.config.defaultCallbackDelayMs,
+        attempts: 0,
+        maxAttempts: c.var.config.webhookRetry.attempts,
+        backoffMs: c.var.config.webhookRetry.backoffMs
+      },
+      c.var.config.defaultCallbackDelayMs
+    );
+    return c.json({
+      OriginatorConversationID: originatorConversationID,
+      ConversationID: conversationID,
+      ResponseCode: "0",
+      ResponseDescription: "Accept the service request successfully."
+    });
+  });
+  return app;
+}
+var init_account_balance = __esm({
+  "src/routes/account-balance.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_auth();
+    init_schemas();
+    init_id_generator();
+  }
+});
+
+// src/routes/reversal.ts
+import { Hono as Hono9 } from "hono";
+function reversalRoute() {
+  const app = new Hono9();
+  app.post("/mpesa/reversal/v1/request", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = reversalSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    const body = parsed.data;
+    const conversationID = generateConversationID();
+    const originatorConversationID = generateOriginatorConversationID();
+    const callback = {
+      Result: {
+        ResultType: 0,
+        ResultCode: 0,
+        ResultDesc: "The service request is processed successfully.",
+        OriginatorConversationID: originatorConversationID,
+        ConversationID: conversationID,
+        TransactionID: body.TransactionID,
+        ResultParameters: {
+          ResultParameter: [
+            { Key: "DebitAccountBalance", Value: "Working Account|KES|1000000.00|1000000.00|0.00|0.00" },
+            { Key: "Amount", Value: body.Amount },
+            { Key: "TransCompletedTime", Value: (/* @__PURE__ */ new Date()).toISOString() },
+            { Key: "OriginalTransactionID", Value: body.TransactionID },
+            { Key: "Charge", Value: 0 },
+            { Key: "CreditPartyPublicName", Value: `${body.ReceiverParty} - Test Recipient` },
+            { Key: "DebitPartyPublicName", Value: "Test Merchant" }
+          ]
+        },
+        ReferenceData: {
+          ReferenceItem: { Key: "QueueTimeoutURL", Value: body.QueueTimeOutURL }
+        }
+      }
+    };
+    c.var.dispatcher.schedule(
+      {
+        id: conversationID,
+        url: body.ResultURL,
+        body: callback,
+        scheduledAt: Date.now() + c.var.config.defaultCallbackDelayMs,
+        attempts: 0,
+        maxAttempts: c.var.config.webhookRetry.attempts,
+        backoffMs: c.var.config.webhookRetry.backoffMs
+      },
+      c.var.config.defaultCallbackDelayMs
+    );
+    return c.json({
+      OriginatorConversationID: originatorConversationID,
+      ConversationID: conversationID,
+      ResponseCode: "0",
+      ResponseDescription: "Accept the service request successfully."
+    });
+  });
+  return app;
+}
+var init_reversal = __esm({
+  "src/routes/reversal.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_auth();
+    init_schemas();
+    init_id_generator();
+  }
+});
+
+// src/routes/dashboard.ts
+import { Hono as Hono10 } from "hono";
+import { streamSSE } from "hono/streaming";
+function dashboardRoute() {
+  const app = new Hono10();
+  app.get("/__mock__/dashboard", (c) => c.html(DASHBOARD_HTML));
+  app.get("/__mock__/state", (c) => {
+    const transactions = c.var.store.list(100);
+    return c.json({
+      transactions,
+      pendingCallbacks: c.var.dispatcher.pendingIds().length
+    });
+  });
+  app.get("/__mock__/events", (c) => {
+    return streamSSE(c, async (stream) => {
+      const send = async () => {
+        await stream.writeSSE({
+          data: JSON.stringify({
+            transactions: c.var.store.list(100),
+            pendingCallbacks: c.var.dispatcher.pendingIds().length
+          })
+        });
+      };
+      await send();
+      const onChange = () => {
+        void send();
+      };
+      c.var.store.on("change", onChange);
+      c.var.store.on("clear", onChange);
+      const heartbeat = setInterval(() => {
+        void send();
+      }, 5e3);
+      try {
+        while (true) {
+          await stream.sleep(1e3);
+        }
+      } finally {
+        clearInterval(heartbeat);
+        c.var.store.off("change", onChange);
+        c.var.store.off("clear", onChange);
+      }
+    });
+  });
+  app.post("/__mock__/clear", (c) => {
+    c.var.store.clear();
+    return c.json({ cleared: true });
+  });
+  return app;
+}
+var DASHBOARD_HTML;
+var init_dashboard = __esm({
+  "src/routes/dashboard.ts"() {
+    "use strict";
+    init_esm_shims();
+    DASHBOARD_HTML = `<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <title>mpesa-mock dashboard</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <script src="https://cdn.tailwindcss.com"></script>
+</head>
+<body class="bg-slate-950 text-slate-100 font-mono min-h-screen">
+  <div class="max-w-6xl mx-auto p-6">
+    <header class="flex items-center justify-between mb-6">
+      <div>
+        <h1 class="text-2xl font-bold">mpesa-mock <span class="text-emerald-400">\u25CF</span></h1>
+        <p class="text-slate-400 text-sm">Local M-Pesa Daraja emulator \u2014 live transactions</p>
+      </div>
+      <div class="text-right text-xs text-slate-500">
+        <div id="health">checking\u2026</div>
+        <div>SSE: <span id="sse-status">connecting</span></div>
+      </div>
+    </header>
+
+    <section class="grid grid-cols-1 md:grid-cols-3 gap-4 mb-6">
+      <div class="bg-slate-900 rounded-lg p-4 border border-slate-800">
+        <div class="text-xs text-slate-500 uppercase">Transactions</div>
+        <div id="count-total" class="text-3xl font-bold">0</div>
+      </div>
+      <div class="bg-slate-900 rounded-lg p-4 border border-slate-800">
+        <div class="text-xs text-slate-500 uppercase">Pending callbacks</div>
+        <div id="count-pending" class="text-3xl font-bold text-amber-300">0</div>
+      </div>
+      <div class="bg-slate-900 rounded-lg p-4 border border-slate-800">
+        <div class="text-xs text-slate-500 uppercase">Delivered</div>
+        <div id="count-delivered" class="text-3xl font-bold text-emerald-300">0</div>
+      </div>
+    </section>
+
+    <section class="bg-slate-900 rounded-lg border border-slate-800 overflow-hidden">
+      <table class="w-full text-sm">
+        <thead class="bg-slate-800 text-slate-400 text-xs uppercase">
+          <tr>
+            <th class="text-left p-3">Kind</th>
+            <th class="text-left p-3">CheckoutRequestID</th>
+            <th class="text-left p-3">Phone</th>
+            <th class="text-right p-3">Amount</th>
+            <th class="text-left p-3">State</th>
+            <th class="text-right p-3">Cb attempts</th>
+            <th class="text-right p-3">Age</th>
+          </tr>
+        </thead>
+        <tbody id="rows"></tbody>
+      </table>
+    </section>
+
+    <footer class="text-center text-slate-600 text-xs mt-8">
+      mpesa-mock \u2014 not affiliated with Safaricom PLC
+    </footer>
+  </div>
+
+  <script>
+    const stateColors = {
+      success: 'text-emerald-300',
+      pending: 'text-amber-300',
+      user_cancelled: 'text-rose-300',
+      insufficient_funds: 'text-rose-400',
+      wrong_pin: 'text-rose-400',
+      expired: 'text-rose-400',
+      system_error: 'text-rose-500',
+      timeout: 'text-slate-400',
+    };
+
+    function renderRow(t) {
+      const age = Math.round((Date.now() - t.createdAt) / 1000);
+      const colorCls = stateColors[t.state] ?? 'text-slate-200';
+      return \`<tr class="border-t border-slate-800 hover:bg-slate-800/50">
+        <td class="p-3 uppercase text-xs text-slate-400">\${t.kind}</td>
+        <td class="p-3 text-xs">\${t.checkoutRequestID}</td>
+        <td class="p-3">\${t.phoneNumber}</td>
+        <td class="p-3 text-right">\${t.amount.toLocaleString()}</td>
+        <td class="p-3 \${colorCls}">\${t.state}</td>
+        <td class="p-3 text-right">\${t.callbackAttempts}</td>
+        <td class="p-3 text-right text-slate-500">\${age}s</td>
+      </tr>\`;
+    }
+
+    function refresh(data) {
+      const txns = data.transactions ?? [];
+      document.getElementById('count-total').textContent = txns.length;
+      document.getElementById('count-pending').textContent = data.pendingCallbacks ?? 0;
+      document.getElementById('count-delivered').textContent = txns.filter(t => t.callbackDeliveredAt).length;
+      document.getElementById('rows').innerHTML = txns.slice(0, 50).map(renderRow).join('');
+    }
+
+    fetch('/__mock__/health').then(r => r.json()).then(d => {
+      document.getElementById('health').textContent = 'up \xB7 ' + Math.round(d.uptime) + 's';
+    });
+
+    fetch('/__mock__/state').then(r => r.json()).then(refresh);
+
+    const es = new EventSource('/__mock__/events');
+    es.onopen = () => { document.getElementById('sse-status').textContent = 'live'; };
+    es.onerror = () => { document.getElementById('sse-status').textContent = 'disconnected'; };
+    es.onmessage = (e) => { try { refresh(JSON.parse(e.data)); } catch {} };
+  </script>
+</body>
+</html>`;
+  }
+});
+
+// src/server.ts
+var server_exports = {};
+__export(server_exports, {
+  createServer: () => createServer,
+  defaultConfig: () => defaultConfig
+});
+import { Hono as Hono11 } from "hono";
+import { logger as honoLogger } from "hono/logger";
+function defaultConfig(overrides = {}) {
+  return {
+    defaultCallbackDelayMs: overrides.defaultCallbackDelayMs ?? DEFAULTS.callbackDelayMs,
+    scenarios: overrides.scenarios ?? {},
+    webhookRetry: {
+      attempts: overrides.webhookRetry?.attempts ?? DEFAULTS.callbackRetryAttempts,
+      backoffMs: overrides.webhookRetry?.backoffMs ?? DEFAULTS.callbackRetryBackoffMs
+    }
+  };
+}
+function createServer(opts = {}) {
+  const store = opts.store ?? new InMemoryStore();
+  const config = defaultConfig(opts.config);
+  const log = opts.quiet ? void 0 : (msg) => console.log(msg);
+  const dispatcher = new WebhookDispatcher({ store, onLog: log });
+  const app = new Hono11();
+  if (!opts.quiet) {
+    app.use("*", honoLogger((msg) => console.log(msg)));
+  }
+  app.use("*", async (c, next) => {
+    c.set("store", store);
+    c.set("dispatcher", dispatcher);
+    c.set("config", config);
+    if (log) c.set("log", log);
+    if (opts.recorder) c.set("recorder", opts.recorder);
+    await next();
+  });
+  app.get("/", (c) => c.json({ name: "mpesa-mock", status: "ok" }));
+  app.get("/__mock__/health", (c) => c.json({ status: "ok", uptime: process.uptime() }));
+  app.route("/", oauthRoute());
+  app.route("/", stkPushRoute());
+  app.route("/", stkQueryRoute());
+  app.route("/", c2bRoute());
+  app.route("/", b2cRoute());
+  app.route("/", b2bRoute());
+  app.route("/", transactionStatusRoute());
+  app.route("/", accountBalanceRoute());
+  app.route("/", reversalRoute());
+  app.route("/", dashboardRoute());
+  app.notFound(
+    (c) => c.json(
+      {
+        errorCode: "404.000.01",
+        errorMessage: `Not found: ${c.req.method} ${c.req.path}`
+      },
+      404
+    )
+  );
+  return { app, store, dispatcher, config };
+}
+var init_server = __esm({
+  "src/server.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_transactions();
+    init_webhook_dispatcher();
+    init_oauth();
+    init_stk_push();
+    init_stk_query();
+    init_c2b();
+    init_b2c();
+    init_b2b();
+    init_transaction_status();
+    init_account_balance();
+    init_reversal();
+    init_dashboard();
+    init_defaults();
+  }
+});
+
+// node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/util.js
+var require_util = __commonJS({
+  "node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/util.js"(exports) {
+    "use strict";
+    init_esm_shims();
+    exports.getBooleanOption = (options, key) => {
+      let value = false;
+      if (key in options && typeof (value = options[key]) !== "boolean") {
+        throw new TypeError(`Expected the "${key}" option to be a boolean`);
+      }
+      return value;
+    };
+    exports.cppdb = /* @__PURE__ */ Symbol();
+    exports.inspect = /* @__PURE__ */ Symbol.for("nodejs.util.inspect.custom");
+  }
+});
+
+// node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/sqlite-error.js
+var require_sqlite_error = __commonJS({
+  "node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/sqlite-error.js"(exports, module) {
+    "use strict";
+    init_esm_shims();
+    var descriptor = { value: "SqliteError", writable: true, enumerable: false, configurable: true };
+    function SqliteError(message, code) {
+      if (new.target !== SqliteError) {
+        return new SqliteError(message, code);
+      }
+      if (typeof code !== "string") {
+        throw new TypeError("Expected second argument to be a string");
+      }
+      Error.call(this, message);
+      descriptor.value = "" + message;
+      Object.defineProperty(this, "message", descriptor);
+      Error.captureStackTrace(this, SqliteError);
+      this.code = code;
+    }
+    Object.setPrototypeOf(SqliteError, Error);
+    Object.setPrototypeOf(SqliteError.prototype, Error.prototype);
+    Object.defineProperty(SqliteError.prototype, "name", descriptor);
+    module.exports = SqliteError;
+  }
+});
+
+// node_modules/.pnpm/file-uri-to-path@1.0.0/node_modules/file-uri-to-path/index.js
+var require_file_uri_to_path = __commonJS({
+  "node_modules/.pnpm/file-uri-to-path@1.0.0/node_modules/file-uri-to-path/index.js"(exports, module) {
+    "use strict";
+    init_esm_shims();
+    var sep = __require("path").sep || "/";
+    module.exports = fileUriToPath;
+    function fileUriToPath(uri) {
+      if ("string" != typeof uri || uri.length <= 7 || "file://" != uri.substring(0, 7)) {
+        throw new TypeError("must pass in a file:// URI to convert to a file path");
+      }
+      var rest = decodeURI(uri.substring(7));
+      var firstSlash = rest.indexOf("/");
+      var host = rest.substring(0, firstSlash);
+      var path2 = rest.substring(firstSlash + 1);
+      if ("localhost" == host) host = "";
+      if (host) {
+        host = sep + sep + host;
+      }
+      path2 = path2.replace(/^(.+)\|/, "$1:");
+      if (sep == "\\") {
+        path2 = path2.replace(/\//g, "\\");
+      }
+      if (/^.+\:/.test(path2)) {
+      } else {
+        path2 = sep + path2;
+      }
+      return host + path2;
+    }
+  }
+});
+
+// node_modules/.pnpm/bindings@1.5.0/node_modules/bindings/bindings.js
+var require_bindings = __commonJS({
+  "node_modules/.pnpm/bindings@1.5.0/node_modules/bindings/bindings.js"(exports, module) {
+    "use strict";
+    init_esm_shims();
+    var fs = __require("fs");
+    var path2 = __require("path");
+    var fileURLToPath2 = require_file_uri_to_path();
+    var join = path2.join;
+    var dirname = path2.dirname;
+    var exists = fs.accessSync && function(path3) {
+      try {
+        fs.accessSync(path3);
+      } catch (e) {
+        return false;
+      }
+      return true;
+    } || fs.existsSync || path2.existsSync;
+    var defaults = {
+      arrow: process.env.NODE_BINDINGS_ARROW || " \u2192 ",
+      compiled: process.env.NODE_BINDINGS_COMPILED_DIR || "compiled",
+      platform: process.platform,
+      arch: process.arch,
+      nodePreGyp: "node-v" + process.versions.modules + "-" + process.platform + "-" + process.arch,
+      version: process.versions.node,
+      bindings: "bindings.node",
+      try: [
+        // node-gyp's linked version in the "build" dir
+        ["module_root", "build", "bindings"],
+        // node-waf and gyp_addon (a.k.a node-gyp)
+        ["module_root", "build", "Debug", "bindings"],
+        ["module_root", "build", "Release", "bindings"],
+        // Debug files, for development (legacy behavior, remove for node v0.9)
+        ["module_root", "out", "Debug", "bindings"],
+        ["module_root", "Debug", "bindings"],
+        // Release files, but manually compiled (legacy behavior, remove for node v0.9)
+        ["module_root", "out", "Release", "bindings"],
+        ["module_root", "Release", "bindings"],
+        // Legacy from node-waf, node <= 0.4.x
+        ["module_root", "build", "default", "bindings"],
+        // Production "Release" buildtype binary (meh...)
+        ["module_root", "compiled", "version", "platform", "arch", "bindings"],
+        // node-qbs builds
+        ["module_root", "addon-build", "release", "install-root", "bindings"],
+        ["module_root", "addon-build", "debug", "install-root", "bindings"],
+        ["module_root", "addon-build", "default", "install-root", "bindings"],
+        // node-pre-gyp path ./lib/binding/{node_abi}-{platform}-{arch}
+        ["module_root", "lib", "binding", "nodePreGyp", "bindings"]
+      ]
+    };
+    function bindings(opts) {
+      if (typeof opts == "string") {
+        opts = { bindings: opts };
+      } else if (!opts) {
+        opts = {};
+      }
+      Object.keys(defaults).map(function(i2) {
+        if (!(i2 in opts)) opts[i2] = defaults[i2];
+      });
+      if (!opts.module_root) {
+        opts.module_root = exports.getRoot(exports.getFileName());
+      }
+      if (path2.extname(opts.bindings) != ".node") {
+        opts.bindings += ".node";
+      }
+      var requireFunc = typeof __webpack_require__ === "function" ? __non_webpack_require__ : __require;
+      var tries = [], i = 0, l = opts.try.length, n, b, err;
+      for (; i < l; i++) {
+        n = join.apply(
+          null,
+          opts.try[i].map(function(p) {
+            return opts[p] || p;
+          })
+        );
+        tries.push(n);
+        try {
+          b = opts.path ? requireFunc.resolve(n) : requireFunc(n);
+          if (!opts.path) {
+            b.path = n;
+          }
+          return b;
+        } catch (e) {
+          if (e.code !== "MODULE_NOT_FOUND" && e.code !== "QUALIFIED_PATH_RESOLUTION_FAILED" && !/not find/i.test(e.message)) {
+            throw e;
+          }
+        }
+      }
+      err = new Error(
+        "Could not locate the bindings file. Tried:\n" + tries.map(function(a) {
+          return opts.arrow + a;
+        }).join("\n")
+      );
+      err.tries = tries;
+      throw err;
+    }
+    module.exports = exports = bindings;
+    exports.getFileName = function getFileName(calling_file) {
+      var origPST = Error.prepareStackTrace, origSTL = Error.stackTraceLimit, dummy = {}, fileName;
+      Error.stackTraceLimit = 10;
+      Error.prepareStackTrace = function(e, st) {
+        for (var i = 0, l = st.length; i < l; i++) {
+          fileName = st[i].getFileName();
+          if (fileName !== __filename) {
+            if (calling_file) {
+              if (fileName !== calling_file) {
+                return;
+              }
+            } else {
+              return;
+            }
+          }
+        }
+      };
+      Error.captureStackTrace(dummy);
+      dummy.stack;
+      Error.prepareStackTrace = origPST;
+      Error.stackTraceLimit = origSTL;
+      var fileSchema = "file://";
+      if (fileName.indexOf(fileSchema) === 0) {
+        fileName = fileURLToPath2(fileName);
+      }
+      return fileName;
+    };
+    exports.getRoot = function getRoot(file) {
+      var dir = dirname(file), prev;
+      while (true) {
+        if (dir === ".") {
+          dir = process.cwd();
+        }
+        if (exists(join(dir, "package.json")) || exists(join(dir, "node_modules"))) {
+          return dir;
+        }
+        if (prev === dir) {
+          throw new Error(
+            'Could not find module root given file: "' + file + '". Do you have a `package.json` file? '
+          );
+        }
+        prev = dir;
+        dir = join(dir, "..");
+      }
+    };
+  }
+});
+
+// node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/wrappers.js
+var require_wrappers = __commonJS({
+  "node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/wrappers.js"(exports) {
+    "use strict";
+    init_esm_shims();
+    var { cppdb } = require_util();
+    exports.prepare = function prepare(sql) {
+      return this[cppdb].prepare(sql, this, false);
+    };
+    exports.exec = function exec(sql) {
+      this[cppdb].exec(sql);
+      return this;
+    };
+    exports.close = function close() {
+      this[cppdb].close();
+      return this;
+    };
+    exports.loadExtension = function loadExtension(...args) {
+      this[cppdb].loadExtension(...args);
+      return this;
+    };
+    exports.defaultSafeIntegers = function defaultSafeIntegers(...args) {
+      this[cppdb].defaultSafeIntegers(...args);
+      return this;
+    };
+    exports.unsafeMode = function unsafeMode(...args) {
+      this[cppdb].unsafeMode(...args);
+      return this;
+    };
+    exports.getters = {
+      name: {
+        get: function name() {
+          return this[cppdb].name;
+        },
+        enumerable: true
+      },
+      open: {
+        get: function open() {
+          return this[cppdb].open;
+        },
+        enumerable: true
+      },
+      inTransaction: {
+        get: function inTransaction() {
+          return this[cppdb].inTransaction;
+        },
+        enumerable: true
+      },
+      readonly: {
+        get: function readonly() {
+          return this[cppdb].readonly;
+        },
+        enumerable: true
+      },
+      memory: {
+        get: function memory() {
+          return this[cppdb].memory;
+        },
+        enumerable: true
+      }
+    };
+  }
+});
+
+// node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/transaction.js
+var require_transaction = __commonJS({
+  "node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/transaction.js"(exports, module) {
+    "use strict";
+    init_esm_shims();
+    var { cppdb } = require_util();
+    var controllers = /* @__PURE__ */ new WeakMap();
+    module.exports = function transaction(fn) {
+      if (typeof fn !== "function") throw new TypeError("Expected first argument to be a function");
+      const db = this[cppdb];
+      const controller = getController(db, this);
+      const { apply } = Function.prototype;
+      const properties = {
+        default: { value: wrapTransaction(apply, fn, db, controller.default) },
+        deferred: { value: wrapTransaction(apply, fn, db, controller.deferred) },
+        immediate: { value: wrapTransaction(apply, fn, db, controller.immediate) },
+        exclusive: { value: wrapTransaction(apply, fn, db, controller.exclusive) },
+        database: { value: this, enumerable: true }
+      };
+      Object.defineProperties(properties.default.value, properties);
+      Object.defineProperties(properties.deferred.value, properties);
+      Object.defineProperties(properties.immediate.value, properties);
+      Object.defineProperties(properties.exclusive.value, properties);
+      return properties.default.value;
+    };
+    var getController = (db, self) => {
+      let controller = controllers.get(db);
+      if (!controller) {
+        const shared = {
+          commit: db.prepare("COMMIT", self, false),
+          rollback: db.prepare("ROLLBACK", self, false),
+          savepoint: db.prepare("SAVEPOINT `	_bs3.	`", self, false),
+          release: db.prepare("RELEASE `	_bs3.	`", self, false),
+          rollbackTo: db.prepare("ROLLBACK TO `	_bs3.	`", self, false)
+        };
+        controllers.set(db, controller = {
+          default: Object.assign({ begin: db.prepare("BEGIN", self, false) }, shared),
+          deferred: Object.assign({ begin: db.prepare("BEGIN DEFERRED", self, false) }, shared),
+          immediate: Object.assign({ begin: db.prepare("BEGIN IMMEDIATE", self, false) }, shared),
+          exclusive: Object.assign({ begin: db.prepare("BEGIN EXCLUSIVE", self, false) }, shared)
+        });
+      }
+      return controller;
+    };
+    var wrapTransaction = (apply, fn, db, { begin, commit, rollback, savepoint, release, rollbackTo }) => function sqliteTransaction() {
+      let before, after, undo;
+      if (db.inTransaction) {
+        before = savepoint;
+        after = release;
+        undo = rollbackTo;
+      } else {
+        before = begin;
+        after = commit;
+        undo = rollback;
+      }
+      before.run();
+      try {
+        const result = apply.call(fn, this, arguments);
+        if (result && typeof result.then === "function") {
+          throw new TypeError("Transaction function cannot return a promise");
+        }
+        after.run();
+        return result;
+      } catch (ex) {
+        if (db.inTransaction) {
+          undo.run();
+          if (undo !== rollback) after.run();
+        }
+        throw ex;
+      }
+    };
+  }
+});
+
+// node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/pragma.js
+var require_pragma = __commonJS({
+  "node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/pragma.js"(exports, module) {
+    "use strict";
+    init_esm_shims();
+    var { getBooleanOption, cppdb } = require_util();
+    module.exports = function pragma(source, options) {
+      if (options == null) options = {};
+      if (typeof source !== "string") throw new TypeError("Expected first argument to be a string");
+      if (typeof options !== "object") throw new TypeError("Expected second argument to be an options object");
+      const simple = getBooleanOption(options, "simple");
+      const stmt = this[cppdb].prepare(`PRAGMA ${source}`, this, true);
+      return simple ? stmt.pluck().get() : stmt.all();
+    };
+  }
+});
+
+// node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/backup.js
+var require_backup = __commonJS({
+  "node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/backup.js"(exports, module) {
+    "use strict";
+    init_esm_shims();
+    var fs = __require("fs");
+    var path2 = __require("path");
+    var { promisify } = __require("util");
+    var { cppdb } = require_util();
+    var fsAccess = promisify(fs.access);
+    module.exports = async function backup(filename, options) {
+      if (options == null) options = {};
+      if (typeof filename !== "string") throw new TypeError("Expected first argument to be a string");
+      if (typeof options !== "object") throw new TypeError("Expected second argument to be an options object");
+      filename = filename.trim();
+      const attachedName = "attached" in options ? options.attached : "main";
+      const handler = "progress" in options ? options.progress : null;
+      if (!filename) throw new TypeError("Backup filename cannot be an empty string");
+      if (filename === ":memory:") throw new TypeError('Invalid backup filename ":memory:"');
+      if (typeof attachedName !== "string") throw new TypeError('Expected the "attached" option to be a string');
+      if (!attachedName) throw new TypeError('The "attached" option cannot be an empty string');
+      if (handler != null && typeof handler !== "function") throw new TypeError('Expected the "progress" option to be a function');
+      await fsAccess(path2.dirname(filename)).catch(() => {
+        throw new TypeError("Cannot save backup because the directory does not exist");
+      });
+      const isNewFile = await fsAccess(filename).then(() => false, () => true);
+      return runBackup(this[cppdb].backup(this, attachedName, filename, isNewFile), handler || null);
+    };
+    var runBackup = (backup, handler) => {
+      let rate = 0;
+      let useDefault = true;
+      return new Promise((resolve2, reject) => {
+        setImmediate(function step() {
+          try {
+            const progress = backup.transfer(rate);
+            if (!progress.remainingPages) {
+              backup.close();
+              resolve2(progress);
+              return;
+            }
+            if (useDefault) {
+              useDefault = false;
+              rate = 100;
+            }
+            if (handler) {
+              const ret = handler(progress);
+              if (ret !== void 0) {
+                if (typeof ret === "number" && ret === ret) rate = Math.max(0, Math.min(2147483647, Math.round(ret)));
+                else throw new TypeError("Expected progress callback to return a number or undefined");
+              }
+            }
+            setImmediate(step);
+          } catch (err) {
+            backup.close();
+            reject(err);
+          }
+        });
+      });
+    };
+  }
+});
+
+// node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/serialize.js
+var require_serialize = __commonJS({
+  "node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/serialize.js"(exports, module) {
+    "use strict";
+    init_esm_shims();
+    var { cppdb } = require_util();
+    module.exports = function serialize(options) {
+      if (options == null) options = {};
+      if (typeof options !== "object") throw new TypeError("Expected first argument to be an options object");
+      const attachedName = "attached" in options ? options.attached : "main";
+      if (typeof attachedName !== "string") throw new TypeError('Expected the "attached" option to be a string');
+      if (!attachedName) throw new TypeError('The "attached" option cannot be an empty string');
+      return this[cppdb].serialize(attachedName);
+    };
+  }
+});
+
+// node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/function.js
+var require_function = __commonJS({
+  "node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/function.js"(exports, module) {
+    "use strict";
+    init_esm_shims();
+    var { getBooleanOption, cppdb } = require_util();
+    module.exports = function defineFunction(name, options, fn) {
+      if (options == null) options = {};
+      if (typeof options === "function") {
+        fn = options;
+        options = {};
+      }
+      if (typeof name !== "string") throw new TypeError("Expected first argument to be a string");
+      if (typeof fn !== "function") throw new TypeError("Expected last argument to be a function");
+      if (typeof options !== "object") throw new TypeError("Expected second argument to be an options object");
+      if (!name) throw new TypeError("User-defined function name cannot be an empty string");
+      const safeIntegers = "safeIntegers" in options ? +getBooleanOption(options, "safeIntegers") : 2;
+      const deterministic = getBooleanOption(options, "deterministic");
+      const directOnly = getBooleanOption(options, "directOnly");
+      const varargs = getBooleanOption(options, "varargs");
+      let argCount = -1;
+      if (!varargs) {
+        argCount = fn.length;
+        if (!Number.isInteger(argCount) || argCount < 0) throw new TypeError("Expected function.length to be a positive integer");
+        if (argCount > 100) throw new RangeError("User-defined functions cannot have more than 100 arguments");
+      }
+      this[cppdb].function(fn, name, argCount, safeIntegers, deterministic, directOnly);
+      return this;
+    };
+  }
+});
+
+// node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/aggregate.js
+var require_aggregate = __commonJS({
+  "node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/aggregate.js"(exports, module) {
+    "use strict";
+    init_esm_shims();
+    var { getBooleanOption, cppdb } = require_util();
+    module.exports = function defineAggregate(name, options) {
+      if (typeof name !== "string") throw new TypeError("Expected first argument to be a string");
+      if (typeof options !== "object" || options === null) throw new TypeError("Expected second argument to be an options object");
+      if (!name) throw new TypeError("User-defined function name cannot be an empty string");
+      const start = "start" in options ? options.start : null;
+      const step = getFunctionOption(options, "step", true);
+      const inverse = getFunctionOption(options, "inverse", false);
+      const result = getFunctionOption(options, "result", false);
+      const safeIntegers = "safeIntegers" in options ? +getBooleanOption(options, "safeIntegers") : 2;
+      const deterministic = getBooleanOption(options, "deterministic");
+      const directOnly = getBooleanOption(options, "directOnly");
+      const varargs = getBooleanOption(options, "varargs");
+      let argCount = -1;
+      if (!varargs) {
+        argCount = Math.max(getLength(step), inverse ? getLength(inverse) : 0);
+        if (argCount > 0) argCount -= 1;
+        if (argCount > 100) throw new RangeError("User-defined functions cannot have more than 100 arguments");
+      }
+      this[cppdb].aggregate(start, step, inverse, result, name, argCount, safeIntegers, deterministic, directOnly);
+      return this;
+    };
+    var getFunctionOption = (options, key, required) => {
+      const value = key in options ? options[key] : null;
+      if (typeof value === "function") return value;
+      if (value != null) throw new TypeError(`Expected the "${key}" option to be a function`);
+      if (required) throw new TypeError(`Missing required option "${key}"`);
+      return null;
+    };
+    var getLength = ({ length }) => {
+      if (Number.isInteger(length) && length >= 0) return length;
+      throw new TypeError("Expected function.length to be a positive integer");
+    };
+  }
+});
+
+// node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/table.js
+var require_table = __commonJS({
+  "node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/table.js"(exports, module) {
+    "use strict";
+    init_esm_shims();
+    var { cppdb } = require_util();
+    module.exports = function defineTable(name, factory) {
+      if (typeof name !== "string") throw new TypeError("Expected first argument to be a string");
+      if (!name) throw new TypeError("Virtual table module name cannot be an empty string");
+      let eponymous = false;
+      if (typeof factory === "object" && factory !== null) {
+        eponymous = true;
+        factory = defer(parseTableDefinition(factory, "used", name));
+      } else {
+        if (typeof factory !== "function") throw new TypeError("Expected second argument to be a function or a table definition object");
+        factory = wrapFactory(factory);
+      }
+      this[cppdb].table(factory, name, eponymous);
+      return this;
+    };
+    function wrapFactory(factory) {
+      return function virtualTableFactory(moduleName, databaseName, tableName, ...args) {
+        const thisObject = {
+          module: moduleName,
+          database: databaseName,
+          table: tableName
+        };
+        const def = apply.call(factory, thisObject, args);
+        if (typeof def !== "object" || def === null) {
+          throw new TypeError(`Virtual table module "${moduleName}" did not return a table definition object`);
+        }
+        return parseTableDefinition(def, "returned", moduleName);
+      };
+    }
+    function parseTableDefinition(def, verb, moduleName) {
+      if (!hasOwnProperty.call(def, "rows")) {
+        throw new TypeError(`Virtual table module "${moduleName}" ${verb} a table definition without a "rows" property`);
+      }
+      if (!hasOwnProperty.call(def, "columns")) {
+        throw new TypeError(`Virtual table module "${moduleName}" ${verb} a table definition without a "columns" property`);
+      }
+      const rows = def.rows;
+      if (typeof rows !== "function" || Object.getPrototypeOf(rows) !== GeneratorFunctionPrototype) {
+        throw new TypeError(`Virtual table module "${moduleName}" ${verb} a table definition with an invalid "rows" property (should be a generator function)`);
+      }
+      let columns = def.columns;
+      if (!Array.isArray(columns) || !(columns = [...columns]).every((x) => typeof x === "string")) {
+        throw new TypeError(`Virtual table module "${moduleName}" ${verb} a table definition with an invalid "columns" property (should be an array of strings)`);
+      }
+      if (columns.length !== new Set(columns).size) {
+        throw new TypeError(`Virtual table module "${moduleName}" ${verb} a table definition with duplicate column names`);
+      }
+      if (!columns.length) {
+        throw new RangeError(`Virtual table module "${moduleName}" ${verb} a table definition with zero columns`);
+      }
+      let parameters;
+      if (hasOwnProperty.call(def, "parameters")) {
+        parameters = def.parameters;
+        if (!Array.isArray(parameters) || !(parameters = [...parameters]).every((x) => typeof x === "string")) {
+          throw new TypeError(`Virtual table module "${moduleName}" ${verb} a table definition with an invalid "parameters" property (should be an array of strings)`);
+        }
+      } else {
+        parameters = inferParameters(rows);
+      }
+      if (parameters.length !== new Set(parameters).size) {
+        throw new TypeError(`Virtual table module "${moduleName}" ${verb} a table definition with duplicate parameter names`);
+      }
+      if (parameters.length > 32) {
+        throw new RangeError(`Virtual table module "${moduleName}" ${verb} a table definition with more than the maximum number of 32 parameters`);
+      }
+      for (const parameter of parameters) {
+        if (columns.includes(parameter)) {
+          throw new TypeError(`Virtual table module "${moduleName}" ${verb} a table definition with column "${parameter}" which was ambiguously defined as both a column and parameter`);
+        }
+      }
+      let safeIntegers = 2;
+      if (hasOwnProperty.call(def, "safeIntegers")) {
+        const bool = def.safeIntegers;
+        if (typeof bool !== "boolean") {
+          throw new TypeError(`Virtual table module "${moduleName}" ${verb} a table definition with an invalid "safeIntegers" property (should be a boolean)`);
+        }
+        safeIntegers = +bool;
+      }
+      let directOnly = false;
+      if (hasOwnProperty.call(def, "directOnly")) {
+        directOnly = def.directOnly;
+        if (typeof directOnly !== "boolean") {
+          throw new TypeError(`Virtual table module "${moduleName}" ${verb} a table definition with an invalid "directOnly" property (should be a boolean)`);
+        }
+      }
+      const columnDefinitions = [
+        ...parameters.map(identifier).map((str) => `${str} HIDDEN`),
+        ...columns.map(identifier)
+      ];
+      return [
+        `CREATE TABLE x(${columnDefinitions.join(", ")});`,
+        wrapGenerator(rows, new Map(columns.map((x, i) => [x, parameters.length + i])), moduleName),
+        parameters,
+        safeIntegers,
+        directOnly
+      ];
+    }
+    function wrapGenerator(generator, columnMap, moduleName) {
+      return function* virtualTable(...args) {
+        const output = args.map((x) => Buffer.isBuffer(x) ? Buffer.from(x) : x);
+        for (let i = 0; i < columnMap.size; ++i) {
+          output.push(null);
+        }
+        for (const row of generator(...args)) {
+          if (Array.isArray(row)) {
+            extractRowArray(row, output, columnMap.size, moduleName);
+            yield output;
+          } else if (typeof row === "object" && row !== null) {
+            extractRowObject(row, output, columnMap, moduleName);
+            yield output;
+          } else {
+            throw new TypeError(`Virtual table module "${moduleName}" yielded something that isn't a valid row object`);
+          }
+        }
+      };
+    }
+    function extractRowArray(row, output, columnCount, moduleName) {
+      if (row.length !== columnCount) {
+        throw new TypeError(`Virtual table module "${moduleName}" yielded a row with an incorrect number of columns`);
+      }
+      const offset = output.length - columnCount;
+      for (let i = 0; i < columnCount; ++i) {
+        output[i + offset] = row[i];
+      }
+    }
+    function extractRowObject(row, output, columnMap, moduleName) {
+      let count = 0;
+      for (const key of Object.keys(row)) {
+        const index = columnMap.get(key);
+        if (index === void 0) {
+          throw new TypeError(`Virtual table module "${moduleName}" yielded a row with an undeclared column "${key}"`);
+        }
+        output[index] = row[key];
+        count += 1;
+      }
+      if (count !== columnMap.size) {
+        throw new TypeError(`Virtual table module "${moduleName}" yielded a row with missing columns`);
+      }
+    }
+    function inferParameters({ length }) {
+      if (!Number.isInteger(length) || length < 0) {
+        throw new TypeError("Expected function.length to be a positive integer");
+      }
+      const params = [];
+      for (let i = 0; i < length; ++i) {
+        params.push(`$${i + 1}`);
+      }
+      return params;
+    }
+    var { hasOwnProperty } = Object.prototype;
+    var { apply } = Function.prototype;
+    var GeneratorFunctionPrototype = Object.getPrototypeOf(function* () {
+    });
+    var identifier = (str) => `"${str.replace(/"/g, '""')}"`;
+    var defer = (x) => () => x;
+  }
+});
+
+// node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/inspect.js
+var require_inspect = __commonJS({
+  "node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/methods/inspect.js"(exports, module) {
+    "use strict";
+    init_esm_shims();
+    var DatabaseInspection = function Database() {
+    };
+    module.exports = function inspect(depth, opts) {
+      return Object.assign(new DatabaseInspection(), this);
+    };
+  }
+});
+
+// node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/database.js
+var require_database = __commonJS({
+  "node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/database.js"(exports, module) {
+    "use strict";
+    init_esm_shims();
+    var fs = __require("fs");
+    var path2 = __require("path");
+    var util = require_util();
+    var SqliteError = require_sqlite_error();
+    var DEFAULT_ADDON;
+    function Database(filenameGiven, options) {
+      if (new.target == null) {
+        return new Database(filenameGiven, options);
+      }
+      let buffer;
+      if (Buffer.isBuffer(filenameGiven)) {
+        buffer = filenameGiven;
+        filenameGiven = ":memory:";
+      }
+      if (filenameGiven == null) filenameGiven = "";
+      if (options == null) options = {};
+      if (typeof filenameGiven !== "string") throw new TypeError("Expected first argument to be a string");
+      if (typeof options !== "object") throw new TypeError("Expected second argument to be an options object");
+      if ("readOnly" in options) throw new TypeError('Misspelled option "readOnly" should be "readonly"');
+      if ("memory" in options) throw new TypeError('Option "memory" was removed in v7.0.0 (use ":memory:" filename instead)');
+      const filename = filenameGiven.trim();
+      const anonymous = filename === "" || filename === ":memory:";
+      const readonly = util.getBooleanOption(options, "readonly");
+      const fileMustExist = util.getBooleanOption(options, "fileMustExist");
+      const timeout = "timeout" in options ? options.timeout : 5e3;
+      const verbose = "verbose" in options ? options.verbose : null;
+      const nativeBinding = "nativeBinding" in options ? options.nativeBinding : null;
+      if (readonly && anonymous && !buffer) throw new TypeError("In-memory/temporary databases cannot be readonly");
+      if (!Number.isInteger(timeout) || timeout < 0) throw new TypeError('Expected the "timeout" option to be a positive integer');
+      if (timeout > 2147483647) throw new RangeError('Option "timeout" cannot be greater than 2147483647');
+      if (verbose != null && typeof verbose !== "function") throw new TypeError('Expected the "verbose" option to be a function');
+      if (nativeBinding != null && typeof nativeBinding !== "string" && typeof nativeBinding !== "object") throw new TypeError('Expected the "nativeBinding" option to be a string or addon object');
+      let addon;
+      if (nativeBinding == null) {
+        addon = DEFAULT_ADDON || (DEFAULT_ADDON = require_bindings()("better_sqlite3.node"));
+      } else if (typeof nativeBinding === "string") {
+        const requireFunc = typeof __non_webpack_require__ === "function" ? __non_webpack_require__ : __require;
+        addon = requireFunc(path2.resolve(nativeBinding).replace(/(\.node)?$/, ".node"));
+      } else {
+        addon = nativeBinding;
+      }
+      if (!addon.isInitialized) {
+        addon.setErrorConstructor(SqliteError);
+        addon.isInitialized = true;
+      }
+      if (!anonymous && !fs.existsSync(path2.dirname(filename))) {
+        throw new TypeError("Cannot open database because the directory does not exist");
+      }
+      Object.defineProperties(this, {
+        [util.cppdb]: { value: new addon.Database(filename, filenameGiven, anonymous, readonly, fileMustExist, timeout, verbose || null, buffer || null) },
+        ...wrappers.getters
+      });
+    }
+    var wrappers = require_wrappers();
+    Database.prototype.prepare = wrappers.prepare;
+    Database.prototype.transaction = require_transaction();
+    Database.prototype.pragma = require_pragma();
+    Database.prototype.backup = require_backup();
+    Database.prototype.serialize = require_serialize();
+    Database.prototype.function = require_function();
+    Database.prototype.aggregate = require_aggregate();
+    Database.prototype.table = require_table();
+    Database.prototype.loadExtension = wrappers.loadExtension;
+    Database.prototype.exec = wrappers.exec;
+    Database.prototype.close = wrappers.close;
+    Database.prototype.defaultSafeIntegers = wrappers.defaultSafeIntegers;
+    Database.prototype.unsafeMode = wrappers.unsafeMode;
+    Database.prototype[util.inspect] = require_inspect();
+    module.exports = Database;
+  }
+});
+
+// node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/index.js
+var require_lib = __commonJS({
+  "node_modules/.pnpm/better-sqlite3@11.10.0/node_modules/better-sqlite3/lib/index.js"(exports, module) {
+    "use strict";
+    init_esm_shims();
+    module.exports = require_database();
+    module.exports.SqliteError = require_sqlite_error();
+  }
+});
+
+// src/ui/dashboard.ts
+var dashboard_exports = {};
+__export(dashboard_exports, {
+  startTui: () => startTui
+});
+function startTui(_store, _dispatcher) {
+  console.log("Terminal UI not implemented yet \u2014 open the web dashboard at /__mock__/dashboard instead.");
+  return { stop: () => void 0 };
+}
+var init_dashboard2 = __esm({
+  "src/ui/dashboard.ts"() {
+    "use strict";
+    init_esm_shims();
+  }
+});
+
+// src/cli.ts
+init_esm_shims();
+init_server();
+import { Command } from "commander";
+import pc from "picocolors";
+import { serve } from "@hono/node-server";
+import { readFileSync, writeFileSync, existsSync, appendFileSync } from "fs";
+import { resolve } from "path";
+
+// src/core/persistence.ts
+init_esm_shims();
+init_transactions();
+async function createSqliteStore(path2) {
+  let Database;
+  try {
+    const mod = await Promise.resolve().then(() => __toESM(require_lib(), 1));
+    Database = mod.default;
+  } catch {
+    throw new Error(
+      "Persistence requires the optional dependency 'better-sqlite3'. Install with: npm i better-sqlite3"
+    );
+  }
+  const db = Database(path2);
+  db.pragma("journal_mode = WAL");
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS transactions (
+      checkoutRequestID TEXT PRIMARY KEY,
+      merchantRequestID TEXT NOT NULL,
+      conversationID TEXT,
+      originatorConversationID TEXT,
+      kind TEXT NOT NULL,
+      amount INTEGER NOT NULL,
+      phoneNumber TEXT NOT NULL,
+      shortCode TEXT NOT NULL,
+      callbackUrl TEXT,
+      state TEXT NOT NULL,
+      resultCode INTEGER,
+      resultDesc TEXT,
+      mpesaReceiptNumber TEXT,
+      createdAt INTEGER NOT NULL,
+      completedAt INTEGER,
+      callbackAttempts INTEGER NOT NULL DEFAULT 0,
+      callbackDeliveredAt INTEGER
+    );
+    CREATE INDEX IF NOT EXISTS idx_conv ON transactions(conversationID);
+    CREATE INDEX IF NOT EXISTS idx_created ON transactions(createdAt);
+  `);
+  class SqliteBackedStore extends InMemoryStore {
+    constructor() {
+      super();
+      const rows = db.prepare("SELECT * FROM transactions ORDER BY createdAt DESC").all();
+      for (const r of rows) super.put(r);
+      this.on("change", (rec) => writeRow(rec));
+      this.on("clear", () => db.exec("DELETE FROM transactions"));
+    }
+    close() {
+      db.close();
+    }
+  }
+  const writeStmt = db.prepare(`
+    INSERT INTO transactions (
+      checkoutRequestID, merchantRequestID, conversationID, originatorConversationID, kind,
+      amount, phoneNumber, shortCode, callbackUrl, state, resultCode, resultDesc,
+      mpesaReceiptNumber, createdAt, completedAt, callbackAttempts, callbackDeliveredAt
+    ) VALUES (
+      @checkoutRequestID, @merchantRequestID, @conversationID, @originatorConversationID, @kind,
+      @amount, @phoneNumber, @shortCode, @callbackUrl, @state, @resultCode, @resultDesc,
+      @mpesaReceiptNumber, @createdAt, @completedAt, @callbackAttempts, @callbackDeliveredAt
+    )
+    ON CONFLICT(checkoutRequestID) DO UPDATE SET
+      state=excluded.state,
+      resultCode=excluded.resultCode,
+      resultDesc=excluded.resultDesc,
+      mpesaReceiptNumber=excluded.mpesaReceiptNumber,
+      completedAt=excluded.completedAt,
+      callbackAttempts=excluded.callbackAttempts,
+      callbackDeliveredAt=excluded.callbackDeliveredAt
+  `);
+  function writeRow(rec) {
+    writeStmt.run({
+      checkoutRequestID: rec.checkoutRequestID,
+      merchantRequestID: rec.merchantRequestID,
+      conversationID: rec.conversationID ?? null,
+      originatorConversationID: rec.originatorConversationID ?? null,
+      kind: rec.kind,
+      amount: rec.amount,
+      phoneNumber: rec.phoneNumber,
+      shortCode: rec.shortCode,
+      callbackUrl: rec.callbackUrl ?? null,
+      state: rec.state,
+      resultCode: rec.resultCode ?? null,
+      resultDesc: rec.resultDesc ?? null,
+      mpesaReceiptNumber: rec.mpesaReceiptNumber ?? null,
+      createdAt: rec.createdAt,
+      completedAt: rec.completedAt ?? null,
+      callbackAttempts: rec.callbackAttempts,
+      callbackDeliveredAt: rec.callbackDeliveredAt ?? null
+    });
+  }
+  return new SqliteBackedStore();
+}
+
+// src/cli.ts
+init_defaults();
+var VERSION = "0.1.0";
+var program = new Command();
+program.name("mpesa-mock").description("Local M-Pesa Daraja API emulator").version(VERSION).option("-p, --port <number>", "port to listen on", String(DEFAULTS.port)).option("-h, --host <host>", "host to bind", DEFAULTS.host).option("-d, --delay <ms>", "default callback delay in milliseconds").option("-c, --config <path>", "path to mpesa-mock.config.json").option("--persist <path>", "SQLite database path (transactions survive restart)").option("--record <path>", "append every request/response to a file").option("--replay <path>", "replay a recorded session (transactions only)").option("-q, --quiet", "disable per-request logging").option("--ui", "launch terminal UI dashboard (live transaction view)").action(async (opts) => {
+  await run(opts);
+});
+program.parse();
+async function run(opts) {
+  const port = Number(opts.port);
+  if (!Number.isFinite(port) || port < 1 || port > 65535) {
+    console.error(pc.red(`Invalid port: ${opts.port}`));
+    process.exit(1);
+  }
+  let configOverrides = {};
+  if (opts.config) {
+    const cfgPath = resolve(opts.config);
+    if (!existsSync(cfgPath)) {
+      console.error(pc.red(`Config file not found: ${cfgPath}`));
+      process.exit(1);
+    }
+    try {
+      configOverrides = JSON.parse(readFileSync(cfgPath, "utf-8"));
+    } catch (err) {
+      console.error(pc.red(`Failed to parse config: ${err.message}`));
+      process.exit(1);
+    }
+  }
+  if (opts.delay !== void 0) {
+    configOverrides.defaultCallbackDelayMs = Number(opts.delay);
+  }
+  const store = opts.persist ? await createSqliteStore(resolve(opts.persist)) : void 0;
+  let recorder;
+  if (opts.record) {
+    const recordPath = resolve(opts.record);
+    writeFileSync(recordPath, "", { flag: "a" });
+    recorder = (e) => {
+      appendFileSync(recordPath, JSON.stringify(e) + "\n");
+    };
+  }
+  const { app, dispatcher } = createServer({
+    config: configOverrides,
+    quiet: opts.quiet ?? false,
+    ...recorder ? { recorder } : {},
+    ...store ? { store } : {}
+  });
+  const server = serve({ fetch: app.fetch, port, hostname: opts.host }, (info) => {
+    if (!opts.quiet) printBanner(port, info.address);
+  });
+  if (opts.ui) {
+    const { startTui: startTui2 } = await Promise.resolve().then(() => (init_dashboard2(), dashboard_exports)).catch(() => ({ startTui: void 0 }));
+    if (startTui2) {
+      try {
+        const { store: liveStore, dispatcher: liveDispatcher } = await (await Promise.resolve().then(() => (init_server(), server_exports))).createServer({ config: configOverrides });
+        void liveStore;
+        void liveDispatcher;
+      } catch {
+      }
+    }
+  }
+  if (opts.replay) {
+    void replayFile(resolve(opts.replay));
+  }
+  const shutdown = () => {
+    dispatcher.shutdown();
+    server.close(() => process.exit(0));
+    setTimeout(() => process.exit(0), 2e3).unref();
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+}
+function printBanner(port, host) {
+  const base = `http://localhost:${port}`;
+  console.log("");
+  console.log(`  ${pc.green("\u{1F7E2}")} ${pc.bold("mpesa-mock")} ${pc.dim(`v${VERSION}`)} ${pc.dim("running on")} ${pc.cyan(base)}`);
+  console.log("");
+  console.log(`  ${pc.dim("Bound to:")}    ${host}:${port}`);
+  console.log(`  ${pc.dim("Base URL:")}    ${base}`);
+  console.log(`  ${pc.dim("OAuth:")}       POST /oauth/v1/generate`);
+  console.log(`  ${pc.dim("STK Push:")}    POST /mpesa/stkpush/v1/processrequest`);
+  console.log(`  ${pc.dim("Dashboard:")}   ${pc.underline(`${base}/__mock__/dashboard`)}`);
+  console.log("");
+  console.log(`  ${pc.dim("Try it:")}`);
+  console.log(`    ${pc.cyan(`curl ${base}/oauth/v1/generate?grant_type=client_credentials \\`)}`);
+  console.log(`    ${pc.cyan(`  -u "test_key:test_secret"`)}`);
+  console.log("");
+  console.log(`  ${pc.dim("Docs:")}        https://github.com/smbugua/mpesa-mock#readme`);
+  console.log(`  ${pc.dim("Issues:")}      https://github.com/smbugua/mpesa-mock/issues`);
+  console.log("");
+}
+async function replayFile(path2) {
+  if (!existsSync(path2)) {
+    console.error(pc.yellow(`Replay file not found: ${path2}`));
+    return;
+  }
+  console.log(pc.dim(`Replay mode: ${path2} (transactions will be re-emitted)`));
+}
+//# sourceMappingURL=cli.js.map