npm - mpesa-mock - Versions diffs - 0.1.0 - Mend

mpesa-mock 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,1407 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  InMemoryStore: () => InMemoryStore,
+  WebhookDispatcher: () => WebhookDispatcher,
+  createServer: () => createServer,
+  defaultConfig: () => defaultConfig,
+  pickScenario: () => pickScenario
+});
+module.exports = __toCommonJS(src_exports);
+// src/server.ts
+var import_hono11 = require("hono");
+var import_logger = require("hono/logger");
+// src/core/transactions.ts
+var import_node_events = require("events");
+var InMemoryStore = class extends import_node_events.EventEmitter {
+  byCheckout = /* @__PURE__ */ new Map();
+  byConversation = /* @__PURE__ */ new Map();
+  put(record) {
+    this.byCheckout.set(record.checkoutRequestID, record);
+    if (record.conversationID) {
+      this.byConversation.set(record.conversationID, record.checkoutRequestID);
+    }
+    this.emit("change", record);
+  }
+  get(checkoutRequestID) {
+    return this.byCheckout.get(checkoutRequestID);
+  }
+  getByConversationID(id) {
+    const key = this.byConversation.get(id);
+    return key ? this.byCheckout.get(key) : void 0;
+  }
+  list(limit) {
+    const all = Array.from(this.byCheckout.values()).sort((a, b) => b.createdAt - a.createdAt);
+    return typeof limit === "number" ? all.slice(0, limit) : all;
+  }
+  update(checkoutRequestID, patch) {
+    const existing = this.byCheckout.get(checkoutRequestID);
+    if (!existing) return void 0;
+    const next = { ...existing, ...patch };
+    this.byCheckout.set(checkoutRequestID, next);
+    if (next.conversationID) this.byConversation.set(next.conversationID, checkoutRequestID);
+    this.emit("change", next);
+    return next;
+  }
+  clear() {
+    this.byCheckout.clear();
+    this.byConversation.clear();
+    this.emit("clear");
+  }
+};
+function stateToResultCode(state) {
+  switch (state) {
+    case "success":
+      return 0;
+    case "insufficient_funds":
+      return 1;
+    case "user_cancelled":
+      return 1032;
+    case "wrong_pin":
+      return 2001;
+    case "expired":
+      return 1037;
+    case "system_error":
+      return 1025;
+    case "pending":
+      return 1019;
+    case "timeout":
+      return 1037;
+  }
+}
+function stateToResultDesc(state) {
+  switch (state) {
+    case "success":
+      return "The service request is processed successfully.";
+    case "insufficient_funds":
+      return "The balance is insufficient for the transaction.";
+    case "user_cancelled":
+      return "Request cancelled by user.";
+    case "wrong_pin":
+      return "The initiator information is invalid.";
+    case "expired":
+      return "DS timeout. User cannot be reached.";
+    case "system_error":
+      return "An error occurred while sending a push request.";
+    case "pending":
+      return "The transaction is being processed.";
+    case "timeout":
+      return "DS timeout. User cannot be reached.";
+  }
+}
+// src/core/webhook-dispatcher.ts
+var import_node_events2 = require("events");
+var import_p_retry = __toESM(require("p-retry"), 1);
+var WebhookDispatcher = class extends import_node_events2.EventEmitter {
+  pending = /* @__PURE__ */ new Map();
+  store;
+  fetchImpl;
+  onLog;
+  constructor(opts = {}) {
+    super();
+    this.store = opts.store;
+    this.fetchImpl = opts.fetchImpl ?? fetch;
+    this.onLog = opts.onLog;
+  }
+  schedule(job, delayMs) {
+    if (delayMs < 0) {
+      this.emit("skipped", { id: job.id, reason: "timeout" });
+      return;
+    }
+    if (this.pending.has(job.id)) {
+      clearTimeout(this.pending.get(job.id));
+    }
+    const handle = setTimeout(() => {
+      this.pending.delete(job.id);
+      void this.fire(job);
+    }, delayMs);
+    this.pending.set(job.id, handle);
+    this.emit("scheduled", { id: job.id, delayMs, url: job.url });
+  }
+  cancel(id) {
+    const h = this.pending.get(id);
+    if (!h) return false;
+    clearTimeout(h);
+    this.pending.delete(id);
+    return true;
+  }
+  pendingIds() {
+    return Array.from(this.pending.keys());
+  }
+  async fire(job) {
+    let attempt = 0;
+    try {
+      await (0, import_p_retry.default)(
+        async () => {
+          attempt += 1;
+          if (typeof job.failNTimesFirst === "number" && attempt <= job.failNTimesFirst) {
+            this.onLog?.(`webhook attempt ${attempt} forced-fail for ${job.url}`);
+            throw new Error(`forced fail ${attempt}`);
+          }
+          const res = await this.fetchImpl(job.url, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify(job.body)
+          });
+          if (!res.ok && res.status >= 500) {
+            throw new Error(`callback ${res.status}`);
+          }
+          if (!res.ok && res.status >= 400) {
+            throw new import_p_retry.AbortError(`callback ${res.status}`);
+          }
+          this.emit("delivered", { id: job.id, url: job.url, attempts: attempt });
+          if (this.store && job.transactionId) {
+            this.store.update(job.transactionId, {
+              callbackAttempts: attempt,
+              callbackDeliveredAt: Date.now()
+            });
+          }
+        },
+        {
+          retries: job.maxAttempts - 1,
+          minTimeout: job.backoffMs,
+          factor: 2,
+          onFailedAttempt: (err) => {
+            this.onLog?.(`webhook ${job.url} attempt ${err.attemptNumber} failed: ${err.message}`);
+          }
+        }
+      );
+    } catch (err) {
+      this.emit("failed", {
+        id: job.id,
+        url: job.url,
+        attempts: attempt,
+        error: err instanceof Error ? err.message : String(err)
+      });
+      if (this.store && job.transactionId) {
+        this.store.update(job.transactionId, { callbackAttempts: attempt });
+      }
+    }
+  }
+  shutdown() {
+    for (const handle of this.pending.values()) clearTimeout(handle);
+    this.pending.clear();
+  }
+};
+// src/routes/oauth.ts
+var import_hono = require("hono");
+// src/core/id-generator.ts
+var import_node_crypto = require("crypto");
+function generateAccessToken() {
+  return (0, import_node_crypto.randomBytes)(24).toString("base64").replace(/[^a-zA-Z0-9]/g, "").slice(0, 32).padEnd(32, "0");
+}
+function generateMerchantRequestID() {
+  const a = (0, import_node_crypto.randomInt)(1e4, 99999);
+  const b = (0, import_node_crypto.randomInt)(1e7, 99999999);
+  const c = (0, import_node_crypto.randomInt)(1, 9);
+  return `${a}-${b}-${c}`;
+}
+function generateCheckoutRequestID(date = /* @__PURE__ */ new Date()) {
+  const pad = (n, len = 2) => String(n).padStart(len, "0");
+  const dd = pad(date.getDate());
+  const mm = pad(date.getMonth() + 1);
+  const yyyy = String(date.getFullYear());
+  const hh = pad(date.getHours());
+  const mi = pad(date.getMinutes());
+  const ss = pad(date.getSeconds());
+  const ms = pad(date.getMilliseconds(), 3);
+  return `ws_CO_${dd}${mm}${yyyy}${hh}${mi}${ss}${ms}`;
+}
+function generateConversationID() {
+  const a = (0, import_node_crypto.randomInt)(1e3, 9999);
+  const b = (0, import_node_crypto.randomInt)(1e5, 999999);
+  const c = (0, import_node_crypto.randomInt)(10, 99);
+  return `AG_${formatDate(/* @__PURE__ */ new Date())}_${a}${b}${c}`;
+}
+function generateOriginatorConversationID() {
+  const a = (0, import_node_crypto.randomInt)(1e4, 99999);
+  const b = (0, import_node_crypto.randomInt)(1e6, 9999999);
+  const c = (0, import_node_crypto.randomInt)(1, 9);
+  return `${a}-${b}-${c}`;
+}
+function generateMpesaReceiptNumber() {
+  const chars = "ABCDEFGHJKMNPQRSTUVWXYZ23456789";
+  let out = "";
+  for (let i = 0; i < 10; i++) {
+    out += chars[(0, import_node_crypto.randomInt)(0, chars.length)];
+  }
+  return out;
+}
+function generateTransactionDate(date = /* @__PURE__ */ new Date()) {
+  const pad = (n) => String(n).padStart(2, "0");
+  const yyyy = date.getFullYear();
+  const mm = pad(date.getMonth() + 1);
+  const dd = pad(date.getDate());
+  const hh = pad(date.getHours());
+  const mi = pad(date.getMinutes());
+  const ss = pad(date.getSeconds());
+  return Number(`${yyyy}${mm}${dd}${hh}${mi}${ss}`);
+}
+function formatDate(d) {
+  const pad = (n) => String(n).padStart(2, "0");
+  return `${pad(d.getDate())}${pad(d.getMonth() + 1)}${d.getFullYear()}${pad(d.getHours())}${pad(d.getMinutes())}${pad(d.getSeconds())}`;
+}
+// src/config/defaults.ts
+var DEFAULTS = {
+  port: 4e3,
+  host: "0.0.0.0",
+  callbackDelayMs: 8e3,
+  callbackRetryAttempts: 3,
+  callbackRetryBackoffMs: 1e3,
+  oauthTokenExpiresIn: "3599",
+  testCredentials: {
+    consumerKey: "test_key",
+    consumerSecret: "test_secret"
+  },
+  testShortcode: "174379",
+  testTill: "600000",
+  partyB: "254708374149"
+};
+// src/core/auth.ts
+var issuedTokens = /* @__PURE__ */ new Map();
+var TOKEN_TTL_MS = 3599 * 1e3;
+function parseBasicAuth(header) {
+  if (!header || !header.toLowerCase().startsWith("basic ")) return null;
+  const encoded = header.slice(6).trim();
+  let decoded;
+  try {
+    decoded = Buffer.from(encoded, "base64").toString("utf-8");
+  } catch {
+    return null;
+  }
+  const idx = decoded.indexOf(":");
+  if (idx < 0) return null;
+  const key = decoded.slice(0, idx);
+  const secret = decoded.slice(idx + 1);
+  if (!key || !secret) return null;
+  return { key, secret };
+}
+function issueToken() {
+  const token = generateAccessToken();
+  issuedTokens.set(token, Date.now() + TOKEN_TTL_MS);
+  return { access_token: token, expires_in: DEFAULTS.oauthTokenExpiresIn };
+}
+function isUsingTestCredentials(key, secret) {
+  return key === DEFAULTS.testCredentials.consumerKey && secret === DEFAULTS.testCredentials.consumerSecret;
+}
+function parseBearerToken(header) {
+  if (!header) return null;
+  const m = header.match(/^Bearer\s+(.+)$/i);
+  return m && m[1] ? m[1].trim() : null;
+}
+function isValidToken(token) {
+  const exp = issuedTokens.get(token);
+  if (!exp) {
+    return /^[a-zA-Z0-9]{20,}$/.test(token);
+  }
+  if (Date.now() > exp) {
+    issuedTokens.delete(token);
+    return false;
+  }
+  return true;
+}
+// src/routes/oauth.ts
+function oauthRoute() {
+  const app = new import_hono.Hono();
+  app.get("/oauth/v1/generate", (c) => {
+    const grantType = c.req.query("grant_type");
+    if (grantType !== "client_credentials") {
+      return c.json(
+        { requestId: "no-request-id", errorCode: "400.001.01", errorMessage: "Invalid grant_type" },
+        400
+      );
+    }
+    const parsed = parseBasicAuth(c.req.header("authorization"));
+    if (!parsed) {
+      return c.json(
+        { requestId: "no-request-id", errorCode: "401.002.01", errorMessage: "Invalid Authentication passed" },
+        401
+      );
+    }
+    if (isUsingTestCredentials(parsed.key, parsed.secret)) {
+      c.get("log")?.("warn: using default test credentials (test_key:test_secret) \u2014 fine for mock");
+    }
+    return c.json(issueToken());
+  });
+  return app;
+}
+// src/routes/stk-push.ts
+var import_hono2 = require("hono");
+// src/schemas/index.ts
+var import_zod = require("zod");
+var stkPushSchema = import_zod.z.object({
+  BusinessShortCode: import_zod.z.string().min(1),
+  Password: import_zod.z.string().min(1),
+  Timestamp: import_zod.z.string().min(1),
+  TransactionType: import_zod.z.enum(["CustomerPayBillOnline", "CustomerBuyGoodsOnline"]),
+  Amount: import_zod.z.number().int().positive(),
+  PartyA: import_zod.z.string().min(1),
+  PartyB: import_zod.z.string().min(1),
+  PhoneNumber: import_zod.z.string().min(1),
+  CallBackURL: import_zod.z.string().url(),
+  AccountReference: import_zod.z.string().min(1).max(12),
+  TransactionDesc: import_zod.z.string().min(1).max(13)
+});
+var stkQuerySchema = import_zod.z.object({
+  BusinessShortCode: import_zod.z.string().min(1),
+  Password: import_zod.z.string().min(1),
+  Timestamp: import_zod.z.string().min(1),
+  CheckoutRequestID: import_zod.z.string().min(1)
+});
+var c2bRegisterUrlSchema = import_zod.z.object({
+  ShortCode: import_zod.z.string().min(1),
+  ResponseType: import_zod.z.enum(["Completed", "Cancelled"]),
+  ConfirmationURL: import_zod.z.string().url(),
+  ValidationURL: import_zod.z.string().url()
+});
+var c2bSimulateSchema = import_zod.z.object({
+  ShortCode: import_zod.z.string().min(1),
+  CommandID: import_zod.z.enum(["CustomerPayBillOnline", "CustomerBuyGoodsOnline"]),
+  Amount: import_zod.z.number().int().positive(),
+  Msisdn: import_zod.z.string().min(1),
+  BillRefNumber: import_zod.z.string().min(1)
+});
+var b2cSchema = import_zod.z.object({
+  InitiatorName: import_zod.z.string().min(1),
+  SecurityCredential: import_zod.z.string().min(1),
+  CommandID: import_zod.z.enum(["SalaryPayment", "BusinessPayment", "PromotionPayment"]),
+  Amount: import_zod.z.number().int().positive(),
+  PartyA: import_zod.z.string().min(1),
+  PartyB: import_zod.z.string().min(1),
+  Remarks: import_zod.z.string().min(1),
+  QueueTimeOutURL: import_zod.z.string().url(),
+  ResultURL: import_zod.z.string().url(),
+  Occasion: import_zod.z.string().optional().default("")
+});
+var b2bSchema = import_zod.z.object({
+  Initiator: import_zod.z.string().min(1),
+  SecurityCredential: import_zod.z.string().min(1),
+  CommandID: import_zod.z.string().min(1),
+  SenderIdentifierType: import_zod.z.string().min(1),
+  RecieverIdentifierType: import_zod.z.string().min(1),
+  Amount: import_zod.z.number().int().positive(),
+  PartyA: import_zod.z.string().min(1),
+  PartyB: import_zod.z.string().min(1),
+  AccountReference: import_zod.z.string().optional().default(""),
+  Remarks: import_zod.z.string().min(1),
+  QueueTimeOutURL: import_zod.z.string().url(),
+  ResultURL: import_zod.z.string().url()
+});
+var transactionStatusSchema = import_zod.z.object({
+  Initiator: import_zod.z.string().min(1),
+  SecurityCredential: import_zod.z.string().min(1),
+  CommandID: import_zod.z.literal("TransactionStatusQuery"),
+  TransactionID: import_zod.z.string().min(1),
+  PartyA: import_zod.z.string().min(1),
+  IdentifierType: import_zod.z.string().min(1),
+  ResultURL: import_zod.z.string().url(),
+  QueueTimeOutURL: import_zod.z.string().url(),
+  Remarks: import_zod.z.string().min(1),
+  Occasion: import_zod.z.string().optional().default("")
+});
+var accountBalanceSchema = import_zod.z.object({
+  Initiator: import_zod.z.string().min(1),
+  SecurityCredential: import_zod.z.string().min(1),
+  CommandID: import_zod.z.literal("AccountBalance"),
+  PartyA: import_zod.z.string().min(1),
+  IdentifierType: import_zod.z.string().min(1),
+  Remarks: import_zod.z.string().min(1),
+  QueueTimeOutURL: import_zod.z.string().url(),
+  ResultURL: import_zod.z.string().url()
+});
+var reversalSchema = import_zod.z.object({
+  Initiator: import_zod.z.string().min(1),
+  SecurityCredential: import_zod.z.string().min(1),
+  CommandID: import_zod.z.literal("TransactionReversal"),
+  TransactionID: import_zod.z.string().min(1),
+  Amount: import_zod.z.number().int().positive(),
+  ReceiverParty: import_zod.z.string().min(1),
+  RecieverIdentifierType: import_zod.z.string().min(1),
+  ResultURL: import_zod.z.string().url(),
+  QueueTimeOutURL: import_zod.z.string().url(),
+  Remarks: import_zod.z.string().min(1),
+  Occasion: import_zod.z.string().optional().default("")
+});
+// src/core/failure-injector.ts
+var SUFFIX_MAP = {
+  "00": "success",
+  "01": "user_cancelled",
+  "02": "insufficient_funds",
+  "03": "wrong_pin",
+  "04": "timeout",
+  "05": "callback_retry",
+  "06": "expired",
+  "07": "system_error",
+  "99": "slow"
+};
+function pickScenario(phoneNumber, config) {
+  const direct = config.scenarios[phoneNumber];
+  if (direct) return direct;
+  const suffix = phoneNumber.slice(-2);
+  return SUFFIX_MAP[suffix] ?? "success";
+}
+function callbackDelayFor(scenario, config) {
+  if (scenario === "slow") return 3e4;
+  if (scenario === "timeout") return -1;
+  return config.defaultCallbackDelayMs;
+}
+// src/routes/stk-push.ts
+function scenarioToState(s) {
+  switch (s) {
+    case "success":
+    case "callback_retry":
+    case "slow":
+      return "success";
+    case "user_cancelled":
+      return "user_cancelled";
+    case "insufficient_funds":
+      return "insufficient_funds";
+    case "wrong_pin":
+      return "wrong_pin";
+    case "expired":
+      return "expired";
+    case "system_error":
+      return "system_error";
+    case "timeout":
+      return "timeout";
+  }
+}
+function stkPushRoute() {
+  const app = new import_hono2.Hono();
+  app.post("/mpesa/stkpush/v1/processrequest", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = stkPushSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        {
+          requestId: "no-request-id",
+          errorCode: "400.002.05",
+          errorMessage: "Invalid request payload",
+          errors: parsed.error.flatten()
+        },
+        400
+      );
+    }
+    const body = parsed.data;
+    const merchantRequestID = generateMerchantRequestID();
+    const checkoutRequestID = generateCheckoutRequestID();
+    const scenario = pickScenario(body.PhoneNumber, c.var.config);
+    const targetState = scenarioToState(scenario);
+    const delay = callbackDelayFor(scenario, c.var.config);
+    const record = {
+      checkoutRequestID,
+      merchantRequestID,
+      kind: "stk",
+      amount: body.Amount,
+      phoneNumber: body.PhoneNumber,
+      shortCode: body.BusinessShortCode,
+      callbackUrl: body.CallBackURL,
+      state: "pending",
+      createdAt: Date.now(),
+      callbackAttempts: 0
+    };
+    c.var.store.put(record);
+    const failNTimesFirst = scenario === "callback_retry" ? 3 : void 0;
+    const callbackBody = buildStkCallback({
+      merchantRequestID,
+      checkoutRequestID,
+      state: targetState,
+      amount: body.Amount,
+      phoneNumber: body.PhoneNumber
+    });
+    if (scenario === "timeout") {
+      c.var.log?.(`stk-push ${checkoutRequestID}: timeout scenario, no callback will fire`);
+    } else {
+      c.var.dispatcher.schedule(
+        {
+          id: checkoutRequestID,
+          url: body.CallBackURL,
+          body: callbackBody,
+          scheduledAt: Date.now() + delay,
+          attempts: 0,
+          maxAttempts: c.var.config.webhookRetry.attempts + (failNTimesFirst ?? 0),
+          backoffMs: c.var.config.webhookRetry.backoffMs,
+          transactionId: checkoutRequestID,
+          ...failNTimesFirst !== void 0 ? { failNTimesFirst } : {}
+        },
+        delay
+      );
+    }
+    setTimeout(() => {
+      const cur = c.var.store.get(checkoutRequestID);
+      if (cur && cur.state === "pending") {
+        c.var.store.update(checkoutRequestID, {
+          state: targetState,
+          resultCode: stateToResultCode(targetState),
+          resultDesc: stateToResultDesc(targetState),
+          completedAt: Date.now(),
+          ...targetState === "success" ? { mpesaReceiptNumber: generateMpesaReceiptNumber() } : {}
+        });
+      }
+    }, Math.max(0, delay));
+    return c.json({
+      MerchantRequestID: merchantRequestID,
+      CheckoutRequestID: checkoutRequestID,
+      ResponseCode: "0",
+      ResponseDescription: "Success. Request accepted for processing",
+      CustomerMessage: "Success. Request accepted for processing"
+    });
+  });
+  return app;
+}
+function buildStkCallback(params) {
+  const resultCode = stateToResultCode(params.state);
+  const resultDesc = stateToResultDesc(params.state);
+  if (params.state === "success") {
+    return {
+      Body: {
+        stkCallback: {
+          MerchantRequestID: params.merchantRequestID,
+          CheckoutRequestID: params.checkoutRequestID,
+          ResultCode: resultCode,
+          ResultDesc: resultDesc,
+          CallbackMetadata: {
+            Item: [
+              { Name: "Amount", Value: params.amount },
+              { Name: "MpesaReceiptNumber", Value: generateMpesaReceiptNumber() },
+              { Name: "TransactionDate", Value: generateTransactionDate() },
+              { Name: "PhoneNumber", Value: Number(params.phoneNumber) }
+            ]
+          }
+        }
+      }
+    };
+  }
+  return {
+    Body: {
+      stkCallback: {
+        MerchantRequestID: params.merchantRequestID,
+        CheckoutRequestID: params.checkoutRequestID,
+        ResultCode: resultCode,
+        ResultDesc: resultDesc
+      }
+    }
+  };
+}
+// src/routes/stk-query.ts
+var import_hono3 = require("hono");
+function stkQueryRoute() {
+  const app = new import_hono3.Hono();
+  app.post("/mpesa/stkpushquery/v1/query", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = stkQuerySchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    const record = c.var.store.get(parsed.data.CheckoutRequestID);
+    if (!record) {
+      return c.json(
+        {
+          requestId: "no-request-id",
+          errorCode: "500.001.1001",
+          errorMessage: "The transaction is being processed"
+        },
+        500
+      );
+    }
+    const resultCode = record.resultCode ?? stateToResultCode(record.state);
+    return c.json({
+      ResponseCode: "0",
+      ResponseDescription: "The service request has been accepted successfully",
+      MerchantRequestID: record.merchantRequestID,
+      CheckoutRequestID: record.checkoutRequestID,
+      ResultCode: String(resultCode),
+      ResultDesc: record.resultDesc ?? stateToResultDesc(record.state)
+    });
+  });
+  return app;
+}
+// src/routes/c2b.ts
+var import_hono4 = require("hono");
+var registry = /* @__PURE__ */ new Map();
+function c2bRoute() {
+  const app = new import_hono4.Hono();
+  app.post("/mpesa/c2b/v1/registerurl", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = c2bRegisterUrlSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    registry.set(parsed.data.ShortCode, {
+      shortCode: parsed.data.ShortCode,
+      confirmationURL: parsed.data.ConfirmationURL,
+      validationURL: parsed.data.ValidationURL,
+      responseType: parsed.data.ResponseType
+    });
+    return c.json({
+      OriginatorCoversationID: generateOriginatorConversationID(),
+      ResponseCode: "0",
+      ResponseDescription: "success"
+    });
+  });
+  app.post("/mpesa/c2b/v1/simulate", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = c2bSimulateSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    const result = await runC2BSimulation(c, parsed.data.ShortCode, parsed.data.Amount, parsed.data.Msisdn, parsed.data.BillRefNumber);
+    if (result.kind === "no-registration") {
+      return c.json(
+        { errorCode: "500.001.1001", errorMessage: "No registered URLs found for this shortcode" },
+        500
+      );
+    }
+    return c.json({
+      OriginatorCoversationID: result.originatorConversationID,
+      ConversationID: result.conversationID,
+      ResponseDescription: "Accept the service request successfully."
+    });
+  });
+  app.post("/__mock__/c2b/trigger", async (c) => {
+    const raw = await c.req.json().catch(() => null);
+    if (!raw) {
+      return c.json({ error: "invalid body" }, 400);
+    }
+    const shortCode = String(raw.ShortCode ?? raw.shortCode ?? "");
+    const amount = Number(raw.Amount ?? raw.amount ?? 0);
+    const msisdn = String(raw.Msisdn ?? raw.msisdn ?? "");
+    const billRef = String(raw.BillRefNumber ?? raw.billRefNumber ?? "TEST");
+    if (!shortCode || !amount || !msisdn) {
+      return c.json({ error: "ShortCode, Amount, Msisdn required" }, 400);
+    }
+    const result = await runC2BSimulation(c, shortCode, amount, msisdn, billRef);
+    return c.json(result, result.kind === "no-registration" ? 404 : 200);
+  });
+  return app;
+}
+async function runC2BSimulation(c, shortCode, amount, msisdn, billRef) {
+  const reg = registry.get(shortCode);
+  if (!reg) return { kind: "no-registration" };
+  const conversationID = generateConversationID();
+  const originatorConversationID = generateOriginatorConversationID();
+  const receipt = generateMpesaReceiptNumber();
+  const transactionDate = generateTransactionDate();
+  const txn = {
+    checkoutRequestID: conversationID,
+    merchantRequestID: originatorConversationID,
+    conversationID,
+    originatorConversationID,
+    kind: "c2b",
+    amount,
+    phoneNumber: msisdn,
+    shortCode,
+    callbackUrl: reg.confirmationURL,
+    state: "pending",
+    createdAt: Date.now(),
+    callbackAttempts: 0,
+    mpesaReceiptNumber: receipt
+  };
+  c.var.store.put(txn);
+  const callbackPayload = {
+    TransactionType: "Pay Bill",
+    TransID: receipt,
+    TransTime: String(transactionDate),
+    TransAmount: String(amount),
+    BusinessShortCode: shortCode,
+    BillRefNumber: billRef,
+    InvoiceNumber: "",
+    OrgAccountBalance: "0.00",
+    ThirdPartyTransID: "",
+    MSISDN: msisdn,
+    FirstName: "Test",
+    MiddleName: "C2B",
+    LastName: "Customer"
+  };
+  let validationOk = true;
+  try {
+    const res = await fetch(reg.validationURL, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify(callbackPayload)
+    });
+    if (res.ok) {
+      const body = await res.json().catch(() => ({}));
+      if (body.ResultCode && body.ResultCode !== "0") validationOk = false;
+    }
+  } catch {
+    validationOk = true;
+  }
+  if (!validationOk) {
+    c.var.store.update(conversationID, { state: "user_cancelled", resultCode: 1, resultDesc: "Validation rejected", completedAt: Date.now() });
+    return { kind: "rejected", originatorConversationID, conversationID };
+  }
+  c.var.dispatcher.schedule(
+    {
+      id: conversationID,
+      url: reg.confirmationURL,
+      body: callbackPayload,
+      scheduledAt: Date.now(),
+      attempts: 0,
+      maxAttempts: c.var.config.webhookRetry.attempts,
+      backoffMs: c.var.config.webhookRetry.backoffMs,
+      transactionId: conversationID
+    },
+    0
+  );
+  c.var.store.update(conversationID, { state: "success", resultCode: 0, resultDesc: "Success", completedAt: Date.now() });
+  return { kind: "delivered", originatorConversationID, conversationID };
+}
+// src/routes/b2c.ts
+var import_hono5 = require("hono");
+function b2cRoute() {
+  const app = new import_hono5.Hono();
+  app.post("/mpesa/b2c/v1/paymentrequest", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = b2cSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    const body = parsed.data;
+    const conversationID = generateConversationID();
+    const originatorConversationID = generateOriginatorConversationID();
+    const scenario = pickScenario(body.PartyB, c.var.config);
+    const isSuccess = scenario === "success" || scenario === "slow" || scenario === "callback_retry";
+    const record = {
+      checkoutRequestID: conversationID,
+      merchantRequestID: originatorConversationID,
+      conversationID,
+      originatorConversationID,
+      kind: "b2c",
+      amount: body.Amount,
+      phoneNumber: body.PartyB,
+      shortCode: body.PartyA,
+      callbackUrl: body.ResultURL,
+      state: isSuccess ? "success" : "system_error",
+      createdAt: Date.now(),
+      callbackAttempts: 0,
+      ...isSuccess ? { mpesaReceiptNumber: generateMpesaReceiptNumber() } : {}
+    };
+    c.var.store.put(record);
+    const callback = {
+      Result: {
+        ResultType: 0,
+        ResultCode: isSuccess ? 0 : 2001,
+        ResultDesc: isSuccess ? "The service request is processed successfully." : "The initiator information is invalid.",
+        OriginatorConversationID: originatorConversationID,
+        ConversationID: conversationID,
+        TransactionID: record.mpesaReceiptNumber ?? "N/A",
+        ResultParameters: {
+          ResultParameter: isSuccess ? [
+            { Key: "TransactionAmount", Value: body.Amount },
+            { Key: "TransactionReceipt", Value: record.mpesaReceiptNumber ?? "" },
+            { Key: "B2CRecipientIsRegisteredCustomer", Value: "Y" },
+            { Key: "B2CChargesPaidAccountAvailableFunds", Value: 0 },
+            { Key: "ReceiverPartyPublicName", Value: `${body.PartyB} - Test Recipient` },
+            { Key: "TransactionCompletedDateTime", Value: (/* @__PURE__ */ new Date()).toISOString() },
+            { Key: "B2CUtilityAccountAvailableFunds", Value: 1e6 },
+            { Key: "B2CWorkingAccountAvailableFunds", Value: 1e6 }
+          ] : []
+        },
+        ReferenceData: {
+          ReferenceItem: { Key: "QueueTimeoutURL", Value: body.QueueTimeOutURL }
+        }
+      }
+    };
+    c.var.dispatcher.schedule(
+      {
+        id: conversationID,
+        url: body.ResultURL,
+        body: callback,
+        scheduledAt: Date.now() + c.var.config.defaultCallbackDelayMs,
+        attempts: 0,
+        maxAttempts: c.var.config.webhookRetry.attempts,
+        backoffMs: c.var.config.webhookRetry.backoffMs,
+        transactionId: conversationID
+      },
+      c.var.config.defaultCallbackDelayMs
+    );
+    return c.json({
+      ConversationID: conversationID,
+      OriginatorConversationID: originatorConversationID,
+      ResponseCode: "0",
+      ResponseDescription: "Accept the service request successfully."
+    });
+  });
+  return app;
+}
+// src/routes/b2b.ts
+var import_hono6 = require("hono");
+function b2bRoute() {
+  const app = new import_hono6.Hono();
+  app.post("/mpesa/b2b/v1/paymentrequest", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = b2bSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    const body = parsed.data;
+    const conversationID = generateConversationID();
+    const originatorConversationID = generateOriginatorConversationID();
+    const receipt = generateMpesaReceiptNumber();
+    const record = {
+      checkoutRequestID: conversationID,
+      merchantRequestID: originatorConversationID,
+      conversationID,
+      originatorConversationID,
+      kind: "b2b",
+      amount: body.Amount,
+      phoneNumber: body.PartyB,
+      shortCode: body.PartyA,
+      callbackUrl: body.ResultURL,
+      state: "success",
+      createdAt: Date.now(),
+      callbackAttempts: 0,
+      mpesaReceiptNumber: receipt
+    };
+    c.var.store.put(record);
+    const callback = {
+      Result: {
+        ResultType: 0,
+        ResultCode: 0,
+        ResultDesc: "The service request is processed successfully.",
+        OriginatorConversationID: originatorConversationID,
+        ConversationID: conversationID,
+        TransactionID: receipt,
+        ResultParameters: {
+          ResultParameter: [
+            { Key: "DebitAccountBalance", Value: "Working Account|KES|1000000.00|1000000.00|0.00|0.00" },
+            { Key: "Amount", Value: body.Amount },
+            { Key: "DebitPartyAffectedAccountBalance", Value: "Working Account|KES|1000000.00|1000000.00|0.00|0.00" },
+            { Key: "TransCompletedTime", Value: (/* @__PURE__ */ new Date()).toISOString() },
+            { Key: "DebitPartyCharges", Value: "" },
+            { Key: "ReceiverPartyPublicName", Value: `${body.PartyB} - Test Business` },
+            { Key: "Currency", Value: "KES" },
+            { Key: "InitiatorAccountCurrentBalance", Value: "{Amount={CurrencyCode=KES, MinimumAmount=99999900, BasicAmount=999999.00}}" }
+          ]
+        },
+        ReferenceData: {
+          ReferenceItem: [
+            { Key: "BillReferenceNumber", Value: body.AccountReference ?? "" },
+            { Key: "QueueTimeoutURL", Value: body.QueueTimeOutURL }
+          ]
+        }
+      }
+    };
+    c.var.dispatcher.schedule(
+      {
+        id: conversationID,
+        url: body.ResultURL,
+        body: callback,
+        scheduledAt: Date.now() + c.var.config.defaultCallbackDelayMs,
+        attempts: 0,
+        maxAttempts: c.var.config.webhookRetry.attempts,
+        backoffMs: c.var.config.webhookRetry.backoffMs,
+        transactionId: conversationID
+      },
+      c.var.config.defaultCallbackDelayMs
+    );
+    return c.json({
+      ConversationID: conversationID,
+      OriginatorConversationID: originatorConversationID,
+      ResponseCode: "0",
+      ResponseDescription: "Accept the service request successfully."
+    });
+  });
+  return app;
+}
+// src/routes/transaction-status.ts
+var import_hono7 = require("hono");
+function transactionStatusRoute() {
+  const app = new import_hono7.Hono();
+  app.post("/mpesa/transactionstatus/v1/query", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = transactionStatusSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    const body = parsed.data;
+    const conversationID = generateConversationID();
+    const originatorConversationID = generateOriginatorConversationID();
+    const existing = c.var.store.get(body.TransactionID);
+    const callback = {
+      Result: {
+        ResultType: 0,
+        ResultCode: 0,
+        ResultDesc: "The service request is processed successfully.",
+        OriginatorConversationID: originatorConversationID,
+        ConversationID: conversationID,
+        TransactionID: body.TransactionID,
+        ResultParameters: {
+          ResultParameter: [
+            { Key: "ReceiptNo", Value: existing?.mpesaReceiptNumber ?? body.TransactionID },
+            { Key: "ConversationID", Value: existing?.conversationID ?? conversationID },
+            { Key: "FinalisedTime", Value: (/* @__PURE__ */ new Date()).toISOString() },
+            { Key: "Amount", Value: existing?.amount ?? 0 },
+            { Key: "TransactionStatus", Value: existing?.state === "success" ? "Completed" : "Failed" },
+            { Key: "ReasonType", Value: "Salary Payment via API" },
+            { Key: "TransactionReason", Value: body.Remarks },
+            { Key: "DebitPartyCharges", Value: "" },
+            { Key: "DebitAccountType", Value: "Utility Account" },
+            { Key: "InitiatedTime", Value: (/* @__PURE__ */ new Date()).toISOString() },
+            { Key: "OriginatorConversationID", Value: existing?.originatorConversationID ?? originatorConversationID },
+            { Key: "CreditPartyName", Value: existing ? `${existing.phoneNumber} - Test Recipient` : "Test Recipient" },
+            { Key: "DebitPartyName", Value: existing ? `${existing.shortCode} - Test Merchant` : "Test Merchant" }
+          ]
+        },
+        ReferenceData: {
+          ReferenceItem: { Key: "Occasion", Value: body.Occasion ?? "" }
+        }
+      }
+    };
+    c.var.dispatcher.schedule(
+      {
+        id: conversationID,
+        url: body.ResultURL,
+        body: callback,
+        scheduledAt: Date.now() + c.var.config.defaultCallbackDelayMs,
+        attempts: 0,
+        maxAttempts: c.var.config.webhookRetry.attempts,
+        backoffMs: c.var.config.webhookRetry.backoffMs
+      },
+      c.var.config.defaultCallbackDelayMs
+    );
+    return c.json({
+      OriginatorConversationID: originatorConversationID,
+      ConversationID: conversationID,
+      ResponseCode: "0",
+      ResponseDescription: "Accept the service request successfully."
+    });
+  });
+  return app;
+}
+// src/routes/account-balance.ts
+var import_hono8 = require("hono");
+function accountBalanceRoute() {
+  const app = new import_hono8.Hono();
+  app.post("/mpesa/accountbalance/v1/query", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = accountBalanceSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    const body = parsed.data;
+    const conversationID = generateConversationID();
+    const originatorConversationID = generateOriginatorConversationID();
+    const callback = {
+      Result: {
+        ResultType: 0,
+        ResultCode: 0,
+        ResultDesc: "The service request is processed successfully.",
+        OriginatorConversationID: originatorConversationID,
+        ConversationID: conversationID,
+        TransactionID: "BALANCE-QUERY",
+        ResultParameters: {
+          ResultParameter: [
+            { Key: "AccountBalance", Value: "Working Account|KES|1000000.00|1000000.00|0.00|0.00&Float Account|KES|0.00|0.00|0.00|0.00&Utility Account|KES|1000000.00|1000000.00|0.00|0.00&Charges Paid Account|KES|0.00|0.00|0.00|0.00&Organization Settlement Account|KES|0.00|0.00|0.00|0.00" },
+            { Key: "BOCompletedTime", Value: (/* @__PURE__ */ new Date()).toISOString() }
+          ]
+        },
+        ReferenceData: {
+          ReferenceItem: { Key: "QueueTimeoutURL", Value: body.QueueTimeOutURL }
+        }
+      }
+    };
+    c.var.dispatcher.schedule(
+      {
+        id: conversationID,
+        url: body.ResultURL,
+        body: callback,
+        scheduledAt: Date.now() + c.var.config.defaultCallbackDelayMs,
+        attempts: 0,
+        maxAttempts: c.var.config.webhookRetry.attempts,
+        backoffMs: c.var.config.webhookRetry.backoffMs
+      },
+      c.var.config.defaultCallbackDelayMs
+    );
+    return c.json({
+      OriginatorConversationID: originatorConversationID,
+      ConversationID: conversationID,
+      ResponseCode: "0",
+      ResponseDescription: "Accept the service request successfully."
+    });
+  });
+  return app;
+}
+// src/routes/reversal.ts
+var import_hono9 = require("hono");
+function reversalRoute() {
+  const app = new import_hono9.Hono();
+  app.post("/mpesa/reversal/v1/request", async (c) => {
+    const token = parseBearerToken(c.req.header("authorization"));
+    if (!token || !isValidToken(token)) {
+      return c.json({ errorCode: "404.001.03", errorMessage: "Invalid Access Token" }, 401);
+    }
+    const raw = await c.req.json().catch(() => null);
+    const parsed = reversalSchema.safeParse(raw);
+    if (!parsed.success) {
+      return c.json(
+        { errorCode: "400.002.05", errorMessage: "Invalid request payload", errors: parsed.error.flatten() },
+        400
+      );
+    }
+    const body = parsed.data;
+    const conversationID = generateConversationID();
+    const originatorConversationID = generateOriginatorConversationID();
+    const callback = {
+      Result: {
+        ResultType: 0,
+        ResultCode: 0,
+        ResultDesc: "The service request is processed successfully.",
+        OriginatorConversationID: originatorConversationID,
+        ConversationID: conversationID,
+        TransactionID: body.TransactionID,
+        ResultParameters: {
+          ResultParameter: [
+            { Key: "DebitAccountBalance", Value: "Working Account|KES|1000000.00|1000000.00|0.00|0.00" },
+            { Key: "Amount", Value: body.Amount },
+            { Key: "TransCompletedTime", Value: (/* @__PURE__ */ new Date()).toISOString() },
+            { Key: "OriginalTransactionID", Value: body.TransactionID },
+            { Key: "Charge", Value: 0 },
+            { Key: "CreditPartyPublicName", Value: `${body.ReceiverParty} - Test Recipient` },
+            { Key: "DebitPartyPublicName", Value: "Test Merchant" }
+          ]
+        },
+        ReferenceData: {
+          ReferenceItem: { Key: "QueueTimeoutURL", Value: body.QueueTimeOutURL }
+        }
+      }
+    };
+    c.var.dispatcher.schedule(
+      {
+        id: conversationID,
+        url: body.ResultURL,
+        body: callback,
+        scheduledAt: Date.now() + c.var.config.defaultCallbackDelayMs,
+        attempts: 0,
+        maxAttempts: c.var.config.webhookRetry.attempts,
+        backoffMs: c.var.config.webhookRetry.backoffMs
+      },
+      c.var.config.defaultCallbackDelayMs
+    );
+    return c.json({
+      OriginatorConversationID: originatorConversationID,
+      ConversationID: conversationID,
+      ResponseCode: "0",
+      ResponseDescription: "Accept the service request successfully."
+    });
+  });
+  return app;
+}
+// src/routes/dashboard.ts
+var import_hono10 = require("hono");
+var import_streaming = require("hono/streaming");
+var DASHBOARD_HTML = `<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <title>mpesa-mock dashboard</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <script src="https://cdn.tailwindcss.com"></script>
+</head>
+<body class="bg-slate-950 text-slate-100 font-mono min-h-screen">
+  <div class="max-w-6xl mx-auto p-6">
+    <header class="flex items-center justify-between mb-6">
+      <div>
+        <h1 class="text-2xl font-bold">mpesa-mock <span class="text-emerald-400">\u25CF</span></h1>
+        <p class="text-slate-400 text-sm">Local M-Pesa Daraja emulator \u2014 live transactions</p>
+      </div>
+      <div class="text-right text-xs text-slate-500">
+        <div id="health">checking\u2026</div>
+        <div>SSE: <span id="sse-status">connecting</span></div>
+      </div>
+    </header>
+    <section class="grid grid-cols-1 md:grid-cols-3 gap-4 mb-6">
+      <div class="bg-slate-900 rounded-lg p-4 border border-slate-800">
+        <div class="text-xs text-slate-500 uppercase">Transactions</div>
+        <div id="count-total" class="text-3xl font-bold">0</div>
+      </div>
+      <div class="bg-slate-900 rounded-lg p-4 border border-slate-800">
+        <div class="text-xs text-slate-500 uppercase">Pending callbacks</div>
+        <div id="count-pending" class="text-3xl font-bold text-amber-300">0</div>
+      </div>
+      <div class="bg-slate-900 rounded-lg p-4 border border-slate-800">
+        <div class="text-xs text-slate-500 uppercase">Delivered</div>
+        <div id="count-delivered" class="text-3xl font-bold text-emerald-300">0</div>
+      </div>
+    </section>
+    <section class="bg-slate-900 rounded-lg border border-slate-800 overflow-hidden">
+      <table class="w-full text-sm">
+        <thead class="bg-slate-800 text-slate-400 text-xs uppercase">
+          <tr>
+            <th class="text-left p-3">Kind</th>
+            <th class="text-left p-3">CheckoutRequestID</th>
+            <th class="text-left p-3">Phone</th>
+            <th class="text-right p-3">Amount</th>
+            <th class="text-left p-3">State</th>
+            <th class="text-right p-3">Cb attempts</th>
+            <th class="text-right p-3">Age</th>
+          </tr>
+        </thead>
+        <tbody id="rows"></tbody>
+      </table>
+    </section>
+    <footer class="text-center text-slate-600 text-xs mt-8">
+      mpesa-mock \u2014 not affiliated with Safaricom PLC
+    </footer>
+  </div>
+  <script>
+    const stateColors = {
+      success: 'text-emerald-300',
+      pending: 'text-amber-300',
+      user_cancelled: 'text-rose-300',
+      insufficient_funds: 'text-rose-400',
+      wrong_pin: 'text-rose-400',
+      expired: 'text-rose-400',
+      system_error: 'text-rose-500',
+      timeout: 'text-slate-400',
+    };
+    function renderRow(t) {
+      const age = Math.round((Date.now() - t.createdAt) / 1000);
+      const colorCls = stateColors[t.state] ?? 'text-slate-200';
+      return \`<tr class="border-t border-slate-800 hover:bg-slate-800/50">
+        <td class="p-3 uppercase text-xs text-slate-400">\${t.kind}</td>
+        <td class="p-3 text-xs">\${t.checkoutRequestID}</td>
+        <td class="p-3">\${t.phoneNumber}</td>
+        <td class="p-3 text-right">\${t.amount.toLocaleString()}</td>
+        <td class="p-3 \${colorCls}">\${t.state}</td>
+        <td class="p-3 text-right">\${t.callbackAttempts}</td>
+        <td class="p-3 text-right text-slate-500">\${age}s</td>
+      </tr>\`;
+    }
+    function refresh(data) {
+      const txns = data.transactions ?? [];
+      document.getElementById('count-total').textContent = txns.length;
+      document.getElementById('count-pending').textContent = data.pendingCallbacks ?? 0;
+      document.getElementById('count-delivered').textContent = txns.filter(t => t.callbackDeliveredAt).length;
+      document.getElementById('rows').innerHTML = txns.slice(0, 50).map(renderRow).join('');
+    }
+    fetch('/__mock__/health').then(r => r.json()).then(d => {
+      document.getElementById('health').textContent = 'up \xB7 ' + Math.round(d.uptime) + 's';
+    });
+    fetch('/__mock__/state').then(r => r.json()).then(refresh);
+    const es = new EventSource('/__mock__/events');
+    es.onopen = () => { document.getElementById('sse-status').textContent = 'live'; };
+    es.onerror = () => { document.getElementById('sse-status').textContent = 'disconnected'; };
+    es.onmessage = (e) => { try { refresh(JSON.parse(e.data)); } catch {} };
+  </script>
+</body>
+</html>`;
+function dashboardRoute() {
+  const app = new import_hono10.Hono();
+  app.get("/__mock__/dashboard", (c) => c.html(DASHBOARD_HTML));
+  app.get("/__mock__/state", (c) => {
+    const transactions = c.var.store.list(100);
+    return c.json({
+      transactions,
+      pendingCallbacks: c.var.dispatcher.pendingIds().length
+    });
+  });
+  app.get("/__mock__/events", (c) => {
+    return (0, import_streaming.streamSSE)(c, async (stream) => {
+      const send = async () => {
+        await stream.writeSSE({
+          data: JSON.stringify({
+            transactions: c.var.store.list(100),
+            pendingCallbacks: c.var.dispatcher.pendingIds().length
+          })
+        });
+      };
+      await send();
+      const onChange = () => {
+        void send();
+      };
+      c.var.store.on("change", onChange);
+      c.var.store.on("clear", onChange);
+      const heartbeat = setInterval(() => {
+        void send();
+      }, 5e3);
+      try {
+        while (true) {
+          await stream.sleep(1e3);
+        }
+      } finally {
+        clearInterval(heartbeat);
+        c.var.store.off("change", onChange);
+        c.var.store.off("clear", onChange);
+      }
+    });
+  });
+  app.post("/__mock__/clear", (c) => {
+    c.var.store.clear();
+    return c.json({ cleared: true });
+  });
+  return app;
+}
+// src/server.ts
+function defaultConfig(overrides = {}) {
+  return {
+    defaultCallbackDelayMs: overrides.defaultCallbackDelayMs ?? DEFAULTS.callbackDelayMs,
+    scenarios: overrides.scenarios ?? {},
+    webhookRetry: {
+      attempts: overrides.webhookRetry?.attempts ?? DEFAULTS.callbackRetryAttempts,
+      backoffMs: overrides.webhookRetry?.backoffMs ?? DEFAULTS.callbackRetryBackoffMs
+    }
+  };
+}
+function createServer(opts = {}) {
+  const store = opts.store ?? new InMemoryStore();
+  const config = defaultConfig(opts.config);
+  const log = opts.quiet ? void 0 : (msg) => console.log(msg);
+  const dispatcher = new WebhookDispatcher({ store, onLog: log });
+  const app = new import_hono11.Hono();
+  if (!opts.quiet) {
+    app.use("*", (0, import_logger.logger)((msg) => console.log(msg)));
+  }
+  app.use("*", async (c, next) => {
+    c.set("store", store);
+    c.set("dispatcher", dispatcher);
+    c.set("config", config);
+    if (log) c.set("log", log);
+    if (opts.recorder) c.set("recorder", opts.recorder);
+    await next();
+  });
+  app.get("/", (c) => c.json({ name: "mpesa-mock", status: "ok" }));
+  app.get("/__mock__/health", (c) => c.json({ status: "ok", uptime: process.uptime() }));
+  app.route("/", oauthRoute());
+  app.route("/", stkPushRoute());
+  app.route("/", stkQueryRoute());
+  app.route("/", c2bRoute());
+  app.route("/", b2cRoute());
+  app.route("/", b2bRoute());
+  app.route("/", transactionStatusRoute());
+  app.route("/", accountBalanceRoute());
+  app.route("/", reversalRoute());
+  app.route("/", dashboardRoute());
+  app.notFound(
+    (c) => c.json(
+      {
+        errorCode: "404.000.01",
+        errorMessage: `Not found: ${c.req.method} ${c.req.path}`
+      },
+      404
+    )
+  );
+  return { app, store, dispatcher, config };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  InMemoryStore,
+  WebhookDispatcher,
+  createServer,
+  defaultConfig,
+  pickScenario
+});
+//# sourceMappingURL=index.cjs.map