paybridge 0.12.0 → 1.0.0-rc.2

package/README.md

@@ -101,6 +101,76 @@ Exit code 1 if drift detected, 0 if clean. Perfect for CI/CD pipelines or cron j
 
 The Square `/checkout/payment-links → /online-checkout/payment-links` endpoint change would have shipped silently to production. With `drift-check` running daily, you get a Slack alert the moment it happens.
 
+## Audit Reports
+
+Your payment stack generates signals across silos: drift detection in one CLI command, reconciliation in another, success rates in third-party dashboards, latency buried in logs. **Audit reports** unify every observability feature into one comprehensive artifact.
+
+```bash
+# Generate HTML report (default)
+npx paybridge audit --window 30d --ledger-pg postgresql://localhost/db
+
+# JSON for CI/CD pipelines
+npx paybridge audit --format json --output - | jq '.summary.anomalyCounts.high' | \
+  xargs -I {} test {} -eq 0 || exit 1
+
+# Markdown for email
+npx paybridge audit --format md --output - | mail -s "Monthly Audit" finance@example.com
+
+# Include reconciliation data
+npx paybridge audit --reconcile-input expected.jsonl --window 7d
+```
+
+### What's Included
+
+- **Success rate analytics** — per-provider success/failure/timeout counts with half-window comparison (detects degradation)
+- **Latency metrics** — avg + p95 per provider, with anomaly detection (>2s/5s/10s thresholds)
+- **Fee estimation** — calculated from actual transaction volume × provider fee structure
+- **Drift events** — timeline of baseline captures per provider
+- **Reconciliation** — missed webhook count + mismatch table (if `--reconcile-input` provided)
+- **Anomaly detection** — success rate drops (>10% decline), consecutive failures (3+), high latency, PII in raw responses
+- **Compliance flags** — scans metadata for PII leakage (email, card_number, iban, etc.)
+
+### Output Formats
+
+- **HTML** — dark mode, print-to-PDF friendly (Cmd/Ctrl+P), collapsible per-provider deep-dive. The artifact a CFO opens in a browser.
+- **Markdown** — copy-paste into Notion/Confluence/Slack. Clean GFM tables.
+- **JSON** — machine-readable. Pipe to CI/CD gates, monitoring dashboards, or alerting systems.
+
+### Exit Codes
+
+- `0` — no high-severity anomalies
+- `1` — high-severity anomalies detected (fails CI builds)
+
+### Cron Integration
+
+```bash
+# Daily 6 AM audit
+0 6 * * * cd /app && npx paybridge audit --window 7d --ledger-pg $DB_URL --output /var/reports/audit-$(date +\%Y-\%m-\%d).html
+```
+
+### Programmatic API
+
+```typescript
+import { generateAuditReport, renderAuditAsHtml } from 'paybridge';
+import { createPostgresLedgerStore } from 'paybridge';
+import { Pool } from 'pg';
+
+const pool = new Pool({ connectionString: process.env.DATABASE_URL });
+const ledger = createPostgresLedgerStore({ pool });
+
+const report = await generateAuditReport({
+  providers: [
+    { name: 'stripe', capabilities: stripeProvider.getCapabilities() },
+    { name: 'paystack', capabilities: paystackProvider.getCapabilities() },
+  ],
+  ledger,
+  windowMs: 30 * 24 * 60 * 60 * 1000, // 30 days
+});
+
+const html = renderAuditAsHtml(report);
+await sendEmail({ to: 'finance@company.com', html });
+```
+
 ## Reconciliation
 
 Webhooks can fail. Networks blip. Your server hiccups. Provider retries don't reach you. Without reconciliation, you discover missed webhooks when a customer complains their account wasn't credited.

package/dist/audit-report.d.ts

@@ -0,0 +1,102 @@
+import type { LedgerStore } from './ledger';
+import type { DriftStore } from './cli/drift-store';
+import type { ProviderCapabilities } from './routing-types';
+import type { ReconcileResult } from './cli/reconcile-types';
+export interface AuditInput {
+    providers: Array<{
+        name: string;
+        capabilities: ProviderCapabilities;
+    }>;
+    windowMs?: number;
+    ledger?: LedgerStore;
+    driftStore?: DriftStore;
+    reconcileResults?: ReconcileResult[];
+    generatedAt?: string;
+}
+export interface ProviderAuditSection {
+    name: string;
+    region?: string;
+    totalAttempts: number;
+    successRate: number | null;
+    avgLatencyMs: number | null;
+    p95LatencyMs: number | null;
+    failureCount: number;
+    rateLimitedCount: number;
+    timeoutCount: number;
+    estimatedFeesPaid: number;
+    estimatedFeeCurrency: string;
+    driftEvents: Array<{
+        at: string;
+        summary: string;
+    }>;
+    anomalies: AuditAnomaly[];
+}
+export type AuditAnomaly = {
+    type: 'success_rate_drop';
+    severity: 'low' | 'medium' | 'high';
+    description: string;
+    previousRate: number;
+    currentRate: number;
+} | {
+    type: 'drift_detected';
+    severity: 'medium';
+    description: string;
+    detectedAt: string;
+} | {
+    type: 'consecutive_failures';
+    severity: 'high';
+    description: string;
+    count: number;
+} | {
+    type: 'high_latency';
+    severity: 'low' | 'medium' | 'high';
+    description: string;
+    p95Ms: number;
+} | {
+    type: 'pii_in_raw';
+    severity: 'high';
+    description: string;
+    field: string;
+};
+export interface AuditReport {
+    generatedAt: string;
+    windowMs: number;
+    windowStart: string;
+    windowEnd: string;
+    summary: {
+        totalProviders: number;
+        totalAttempts: number;
+        overallSuccessRate: number | null;
+        totalEstimatedFees: number;
+        totalEstimatedFeesCurrency: string;
+        anomalyCounts: {
+            high: number;
+            medium: number;
+            low: number;
+        };
+        missedWebhookCount: number;
+    };
+    providers: ProviderAuditSection[];
+    reconciliation?: {
+        total: number;
+        match: number;
+        mismatch: number;
+        notFound: number;
+        error: number;
+        mismatches: Array<{
+            provider: string;
+            reference: string;
+            expected: string;
+            actual: string;
+        }>;
+    };
+    complianceFlags: Array<{
+        provider: string;
+        finding: string;
+        severity: 'high' | 'medium' | 'low';
+    }>;
+}
+export declare function generateAuditReport(input: AuditInput): Promise<AuditReport>;
+export declare function renderAuditAsHtml(report: AuditReport): string;
+export declare function renderAuditAsMarkdown(report: AuditReport): string;
+export declare function renderAuditAsJson(report: AuditReport, pretty?: boolean): string;

package/dist/audit-report.js

@@ -0,0 +1,663 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateAuditReport = generateAuditReport;
+exports.renderAuditAsHtml = renderAuditAsHtml;
+exports.renderAuditAsMarkdown = renderAuditAsMarkdown;
+exports.renderAuditAsJson = renderAuditAsJson;
+const PII_KEYS = ['email', 'card_number', 'iban', 'phone', 'id_number', 'ssn', 'passport', 'cvv', 'tax_id'];
+async function generateAuditReport(input) {
+    const windowMs = input.windowMs ?? 7 * 24 * 60 * 60 * 1000;
+    const generatedAt = input.generatedAt ?? new Date().toISOString();
+    const windowEnd = generatedAt;
+    const windowStart = new Date(new Date(generatedAt).getTime() - windowMs).toISOString();
+    const providerSections = [];
+    const complianceFlags = [];
+    let totalAttempts = 0;
+    let totalSuccess = 0;
+    let totalFees = 0;
+    let feeCurrencies = new Set();
+    for (const providerMeta of input.providers) {
+        const { name, capabilities } = providerMeta;
+        let entries = [];
+        if (input.ledger) {
+            entries = await input.ledger.query({
+                provider: name,
+                fromTimestamp: windowStart,
+                toTimestamp: windowEnd,
+            });
+        }
+        const totalProviderAttempts = entries.length;
+        const successCount = entries.filter((e) => e.status === 'success').length;
+        const failureCount = entries.filter((e) => e.status === 'failed').length;
+        const rateLimitedCount = entries.filter((e) => e.status === 'rate_limited').length;
+        const timeoutCount = entries.filter((e) => e.status === 'timeout').length;
+        const successRate = totalProviderAttempts > 0 ? successCount / totalProviderAttempts : null;
+        const durations = entries
+            .filter((e) => e.durationMs !== undefined && e.durationMs !== null)
+            .map((e) => e.durationMs);
+        const avgLatencyMs = durations.length > 0 ? durations.reduce((a, b) => a + b, 0) / durations.length : null;
+        const p95LatencyMs = calculateP95(durations);
+        const successfulEntries = entries.filter((e) => e.status === 'success' && e.amount !== undefined);
+        let estimatedFeesPaid = 0;
+        for (const entry of successfulEntries) {
+            const amount = entry.amount;
+            const fee = capabilities.fees.fixed + (amount * capabilities.fees.percent) / 100;
+            estimatedFeesPaid += fee;
+        }
+        feeCurrencies.add(capabilities.fees.currency);
+        totalFees += estimatedFeesPaid;
+        const driftEvents = [];
+        if (input.driftStore) {
+            const baseline = await input.driftStore.load(name);
+            if (baseline && baseline.shape.capturedAt) {
+                const capturedTime = new Date(baseline.shape.capturedAt).getTime();
+                const windowStartTime = new Date(windowStart).getTime();
+                if (capturedTime >= windowStartTime) {
+                    driftEvents.push({
+                        at: baseline.shape.capturedAt,
+                        summary: `Baseline snapshot captured for ${baseline.operation}`,
+                    });
+                }
+            }
+        }
+        const anomalies = [];
+        if (totalProviderAttempts > 0) {
+            const halfWindow = windowMs / 2;
+            const midpoint = new Date(new Date(windowStart).getTime() + halfWindow).toISOString();
+            const previousEntries = entries.filter((e) => e.timestamp < midpoint);
+            const currentEntries = entries.filter((e) => e.timestamp >= midpoint);
+            if (previousEntries.length >= 20 && currentEntries.length >= 20) {
+                const previousSuccessRate = previousEntries.filter((e) => e.status === 'success').length / previousEntries.length;
+                const currentSuccessRate = currentEntries.filter((e) => e.status === 'success').length / currentEntries.length;
+                const drop = previousSuccessRate - currentSuccessRate;
+                if (drop >= 0.30) {
+                    anomalies.push({
+                        type: 'success_rate_drop',
+                        severity: 'high',
+                        description: `Success rate dropped by ${(drop * 100).toFixed(1)}% in recent window`,
+                        previousRate: previousSuccessRate,
+                        currentRate: currentSuccessRate,
+                    });
+                }
+                else if (drop >= 0.20) {
+                    anomalies.push({
+                        type: 'success_rate_drop',
+                        severity: 'medium',
+                        description: `Success rate dropped by ${(drop * 100).toFixed(1)}% in recent window`,
+                        previousRate: previousSuccessRate,
+                        currentRate: currentSuccessRate,
+                    });
+                }
+                else if (drop >= 0.10) {
+                    anomalies.push({
+                        type: 'success_rate_drop',
+                        severity: 'low',
+                        description: `Success rate dropped by ${(drop * 100).toFixed(1)}% in recent window`,
+                        previousRate: previousSuccessRate,
+                        currentRate: currentSuccessRate,
+                    });
+                }
+            }
+            const consecutiveFailures = detectConsecutiveFailures(entries);
+            if (consecutiveFailures >= 3) {
+                anomalies.push({
+                    type: 'consecutive_failures',
+                    severity: 'high',
+                    description: `${consecutiveFailures} consecutive failures detected`,
+                    count: consecutiveFailures,
+                });
+            }
+            if (p95LatencyMs !== null) {
+                if (p95LatencyMs > 10000) {
+                    anomalies.push({
+                        type: 'high_latency',
+                        severity: 'high',
+                        description: `p95 latency ${p95LatencyMs.toFixed(0)}ms exceeds 10s threshold`,
+                        p95Ms: p95LatencyMs,
+                    });
+                }
+                else if (p95LatencyMs > 5000) {
+                    anomalies.push({
+                        type: 'high_latency',
+                        severity: 'medium',
+                        description: `p95 latency ${p95LatencyMs.toFixed(0)}ms exceeds 5s threshold`,
+                        p95Ms: p95LatencyMs,
+                    });
+                }
+                else if (p95LatencyMs > 2000) {
+                    anomalies.push({
+                        type: 'high_latency',
+                        severity: 'low',
+                        description: `p95 latency ${p95LatencyMs.toFixed(0)}ms exceeds 2s threshold`,
+                        p95Ms: p95LatencyMs,
+                    });
+                }
+            }
+            const sampleEntries = entries.slice(0, Math.min(10, entries.length));
+            for (const entry of sampleEntries) {
+                if (entry.metadata && typeof entry.metadata === 'object') {
+                    const raw = entry.metadata.raw;
+                    if (raw && typeof raw === 'object') {
+                        for (const key of PII_KEYS) {
+                            if (hasKey(raw, key)) {
+                                anomalies.push({
+                                    type: 'pii_in_raw',
+                                    severity: 'high',
+                                    description: `PII field '${key}' found in raw response metadata`,
+                                    field: key,
+                                });
+                                complianceFlags.push({
+                                    provider: name,
+                                    finding: `PII field '${key}' found in raw response metadata`,
+                                    severity: 'high',
+                                });
+                                break;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        totalAttempts += totalProviderAttempts;
+        totalSuccess += successCount;
+        providerSections.push({
+            name,
+            region: capabilities.country,
+            totalAttempts: totalProviderAttempts,
+            successRate,
+            avgLatencyMs,
+            p95LatencyMs,
+            failureCount,
+            rateLimitedCount,
+            timeoutCount,
+            estimatedFeesPaid,
+            estimatedFeeCurrency: capabilities.fees.currency,
+            driftEvents,
+            anomalies,
+        });
+    }
+    const overallSuccessRate = totalAttempts > 0 ? totalSuccess / totalAttempts : null;
+    const anomalyCounts = { high: 0, medium: 0, low: 0 };
+    for (const section of providerSections) {
+        for (const anomaly of section.anomalies) {
+            anomalyCounts[anomaly.severity]++;
+        }
+    }
+    let reconciliation;
+    let missedWebhookCount = 0;
+    if (input.reconcileResults) {
+        const mismatches = input.reconcileResults
+            .filter((r) => r.classification === 'mismatch')
+            .map((r) => ({
+            provider: r.provider,
+            reference: r.reference,
+            expected: r.expectedStatus,
+            actual: r.actualStatus ?? 'unknown',
+        }));
+        missedWebhookCount = mismatches.length;
+        reconciliation = {
+            total: input.reconcileResults.length,
+            match: input.reconcileResults.filter((r) => r.classification === 'match').length,
+            mismatch: input.reconcileResults.filter((r) => r.classification === 'mismatch').length,
+            notFound: input.reconcileResults.filter((r) => r.classification === 'not-found').length,
+            error: input.reconcileResults.filter((r) => r.classification === 'error').length,
+            mismatches,
+        };
+    }
+    return {
+        generatedAt,
+        windowMs,
+        windowStart,
+        windowEnd,
+        summary: {
+            totalProviders: input.providers.length,
+            totalAttempts,
+            overallSuccessRate,
+            totalEstimatedFees: totalFees,
+            totalEstimatedFeesCurrency: feeCurrencies.size === 1 ? Array.from(feeCurrencies)[0] : 'mixed',
+            anomalyCounts,
+            missedWebhookCount,
+        },
+        providers: providerSections,
+        reconciliation,
+        complianceFlags,
+    };
+}
+function calculateP95(values) {
+    if (values.length === 0)
+        return null;
+    const sorted = [...values].sort((a, b) => a - b);
+    const index = Math.ceil(sorted.length * 0.95) - 1;
+    return sorted[Math.max(0, index)];
+}
+function detectConsecutiveFailures(entries) {
+    let maxConsecutive = 0;
+    let currentConsecutive = 0;
+    for (const entry of entries) {
+        if (entry.status === 'failed' || entry.status === 'timeout' || entry.status === 'rate_limited') {
+            currentConsecutive++;
+            maxConsecutive = Math.max(maxConsecutive, currentConsecutive);
+        }
+        else {
+            currentConsecutive = 0;
+        }
+    }
+    return maxConsecutive;
+}
+function hasKey(obj, key) {
+    if (!obj || typeof obj !== 'object')
+        return false;
+    if (key in obj)
+        return true;
+    for (const k of Object.keys(obj)) {
+        if (typeof obj[k] === 'object' && hasKey(obj[k], key)) {
+            return true;
+        }
+    }
+    return false;
+}
+function renderAuditAsHtml(report) {
+    const { summary, providers, reconciliation, complianceFlags } = report;
+    const severityColor = (severity) => {
+        return severity === 'high' ? '#ff4444' : severity === 'medium' ? '#ffaa00' : '#ffdd00';
+    };
+    const anomalyRows = providers.flatMap((p) => p.anomalies.map((a) => ({ provider: p.name, anomaly: a }))).sort((a, b) => {
+        const order = { high: 0, medium: 1, low: 2 };
+        return order[a.anomaly.severity] - order[b.anomaly.severity];
+    });
+    return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>PayBridge Audit Report</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: #0d1117;
+      color: #c9d1d9;
+      padding: 2rem;
+      line-height: 1.6;
+    }
+    .container { max-width: 1200px; margin: 0 auto; }
+    header {
+      background: linear-gradient(135deg, #161b22 0%, #1c2128 100%);
+      padding: 2rem;
+      border-radius: 12px;
+      margin-bottom: 2rem;
+      border: 1px solid #30363d;
+      position: relative;
+    }
+    header::before {
+      content: 'AUDIT REPORT — INTERNAL USE ONLY';
+      position: absolute;
+      top: 1rem;
+      right: 2rem;
+      font-size: 0.7rem;
+      color: #484f58;
+      letter-spacing: 1px;
+    }
+    h1 { color: #58a6ff; font-size: 2rem; margin-bottom: 0.5rem; }
+    .meta { color: #8b949e; font-size: 0.9rem; }
+    .summary {
+      display: grid;
+      grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
+      gap: 1rem;
+      margin-bottom: 2rem;
+    }
+    .card {
+      background: #161b22;
+      border: 1px solid #30363d;
+      border-radius: 8px;
+      padding: 1.5rem;
+      transition: transform 0.2s;
+    }
+    .card:hover { transform: translateY(-2px); border-color: #58a6ff; }
+    .card-label { color: #8b949e; font-size: 0.85rem; margin-bottom: 0.5rem; }
+    .card-value { color: #58a6ff; font-size: 2rem; font-weight: bold; }
+    .card-unit { color: #8b949e; font-size: 1rem; }
+    table {
+      width: 100%;
+      border-collapse: collapse;
+      background: #161b22;
+      border-radius: 8px;
+      overflow: hidden;
+      margin-bottom: 2rem;
+    }
+    th {
+      background: #21262d;
+      color: #c9d1d9;
+      text-align: left;
+      padding: 1rem;
+      font-weight: 600;
+      border-bottom: 2px solid #30363d;
+    }
+    td {
+      padding: 0.75rem 1rem;
+      border-bottom: 1px solid #21262d;
+    }
+    tr:last-child td { border-bottom: none; }
+    .section { margin-bottom: 3rem; }
+    .section-title {
+      color: #58a6ff;
+      font-size: 1.5rem;
+      margin-bottom: 1rem;
+      padding-bottom: 0.5rem;
+      border-bottom: 2px solid #30363d;
+    }
+    .badge {
+      display: inline-block;
+      padding: 0.25rem 0.75rem;
+      border-radius: 12px;
+      font-size: 0.8rem;
+      font-weight: 600;
+    }
+    .badge-high { background: #ff4444; color: white; }
+    .badge-medium { background: #ffaa00; color: white; }
+    .badge-low { background: #ffdd00; color: #0d1117; }
+    details {
+      background: #161b22;
+      border: 1px solid #30363d;
+      border-radius: 8px;
+      padding: 1rem;
+      margin-bottom: 1rem;
+    }
+    summary {
+      cursor: pointer;
+      font-weight: 600;
+      color: #58a6ff;
+      user-select: none;
+    }
+    summary:hover { text-decoration: underline; }
+    .no-data { color: #8b949e; font-style: italic; }
+    footer {
+      text-align: center;
+      color: #484f58;
+      margin-top: 3rem;
+      padding-top: 2rem;
+      border-top: 1px solid #21262d;
+      font-size: 0.9rem;
+    }
+    @media print {
+      body { background: white; color: black; }
+      .card, table, details { background: white; border-color: #ddd; }
+      th { background: #f5f5f5; }
+      .badge-high { background: #ffcccc; color: #cc0000; }
+      .badge-medium { background: #ffe6cc; color: #cc6600; }
+      .badge-low { background: #ffffcc; color: #666600; }
+      header::before { color: #ccc; }
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <header>
+      <h1>PayBridge Audit Report</h1>
+      <div class="meta">
+        <div>Generated: ${new Date(report.generatedAt).toLocaleString()}</div>
+        <div>Window: ${formatDuration(report.windowMs)} (${report.windowStart.split('T')[0]} to ${report.windowEnd.split('T')[0]})</div>
+      </div>
+    </header>
+
+    <div class="summary">
+      <div class="card">
+        <div class="card-label">Total Providers</div>
+        <div class="card-value">${summary.totalProviders}</div>
+      </div>
+      <div class="card">
+        <div class="card-label">Total Attempts</div>
+        <div class="card-value">${summary.totalAttempts.toLocaleString()}</div>
+      </div>
+      <div class="card">
+        <div class="card-label">Success Rate</div>
+        <div class="card-value">${summary.overallSuccessRate !== null ? (summary.overallSuccessRate * 100).toFixed(1) : '—'}<span class="card-unit">%</span></div>
+      </div>
+      <div class="card">
+        <div class="card-label">Estimated Fees</div>
+        <div class="card-value">${summary.totalEstimatedFees.toFixed(2)} <span class="card-unit">${summary.totalEstimatedFeesCurrency}</span></div>
+      </div>
+      <div class="card">
+        <div class="card-label">Anomalies</div>
+        <div class="card-value">
+          <span style="color: #ff4444">${summary.anomalyCounts.high}</span> /
+          <span style="color: #ffaa00">${summary.anomalyCounts.medium}</span> /
+          <span style="color: #ffdd00">${summary.anomalyCounts.low}</span>
+        </div>
+      </div>
+      <div class="card">
+        <div class="card-label">Missed Webhooks</div>
+        <div class="card-value" style="color: ${summary.missedWebhookCount > 0 ? '#ff4444' : '#3fb950'}">
+          ${summary.missedWebhookCount}
+        </div>
+      </div>
+    </div>
+
+    <div class="section">
+      <h2 class="section-title">Provider Overview</h2>
+      <table>
+        <thead>
+          <tr>
+            <th>Provider</th>
+            <th>Region</th>
+            <th>Attempts</th>
+            <th>Success Rate</th>
+            <th>Avg Latency</th>
+            <th>p95 Latency</th>
+            <th>Fees Paid</th>
+            <th>Anomalies</th>
+          </tr>
+        </thead>
+        <tbody>
+          ${providers.map((p) => `
+          <tr>
+            <td><strong>${p.name}</strong></td>
+            <td>${p.region ?? '—'}</td>
+            <td>${p.totalAttempts.toLocaleString()}</td>
+            <td>${p.successRate !== null ? (p.successRate * 100).toFixed(1) + '%' : '—'}</td>
+            <td>${p.avgLatencyMs !== null ? p.avgLatencyMs.toFixed(0) + 'ms' : '—'}</td>
+            <td>${p.p95LatencyMs !== null ? p.p95LatencyMs.toFixed(0) + 'ms' : '—'}</td>
+            <td>${p.estimatedFeesPaid.toFixed(2)} ${p.estimatedFeeCurrency}</td>
+            <td>${p.anomalies.length > 0 ? p.anomalies.length : '—'}</td>
+          </tr>
+          `).join('')}
+        </tbody>
+      </table>
+    </div>
+
+    ${anomalyRows.length > 0 ? `
+    <div class="section">
+      <h2 class="section-title">Anomalies</h2>
+      <table>
+        <thead>
+          <tr>
+            <th>Severity</th>
+            <th>Provider</th>
+            <th>Type</th>
+            <th>Description</th>
+          </tr>
+        </thead>
+        <tbody>
+          ${anomalyRows.map(({ provider, anomaly }) => `
+          <tr>
+            <td><span class="badge badge-${anomaly.severity}">${anomaly.severity.toUpperCase()}</span></td>
+            <td>${provider}</td>
+            <td>${anomaly.type}</td>
+            <td>${anomaly.description}</td>
+          </tr>
+          `).join('')}
+        </tbody>
+      </table>
+    </div>
+    ` : ''}
+
+    ${reconciliation ? `
+    <div class="section">
+      <h2 class="section-title">Reconciliation</h2>
+      <div class="summary">
+        <div class="card">
+          <div class="card-label">Match</div>
+          <div class="card-value" style="color: #3fb950">${reconciliation.match}</div>
+        </div>
+        <div class="card">
+          <div class="card-label">Mismatch</div>
+          <div class="card-value" style="color: #ff4444">${reconciliation.mismatch}</div>
+        </div>
+        <div class="card">
+          <div class="card-label">Not Found</div>
+          <div class="card-value" style="color: #ffaa00">${reconciliation.notFound}</div>
+        </div>
+        <div class="card">
+          <div class="card-label">Error</div>
+          <div class="card-value" style="color: #ff4444">${reconciliation.error}</div>
+        </div>
+      </div>
+      ${reconciliation.mismatches.length > 0 ? `
+      <table>
+        <thead>
+          <tr>
+            <th>Provider</th>
+            <th>Reference</th>
+            <th>Expected</th>
+            <th>Actual</th>
+          </tr>
+        </thead>
+        <tbody>
+          ${reconciliation.mismatches.map((m) => `
+          <tr>
+            <td>${m.provider}</td>
+            <td><code>${m.reference}</code></td>
+            <td>${m.expected}</td>
+            <td>${m.actual}</td>
+          </tr>
+          `).join('')}
+        </tbody>
+      </table>
+      ` : '<p class="no-data">No mismatches detected.</p>'}
+    </div>
+    ` : ''}
+
+    ${complianceFlags.length > 0 ? `
+    <div class="section">
+      <h2 class="section-title">Compliance Flags</h2>
+      <table>
+        <thead>
+          <tr>
+            <th>Severity</th>
+            <th>Provider</th>
+            <th>Finding</th>
+          </tr>
+        </thead>
+        <tbody>
+          ${complianceFlags.map((f) => `
+          <tr>
+            <td><span class="badge badge-${f.severity}">${f.severity.toUpperCase()}</span></td>
+            <td>${f.provider}</td>
+            <td>${f.finding}</td>
+          </tr>
+          `).join('')}
+        </tbody>
+      </table>
+    </div>
+    ` : ''}
+
+    <div class="section">
+      <h2 class="section-title">Per-Provider Details</h2>
+      ${providers.map((p) => `
+      <details>
+        <summary>${p.name} — ${p.totalAttempts} attempts, ${p.successRate !== null ? (p.successRate * 100).toFixed(1) + '%' : 'N/A'} success</summary>
+        <div style="margin-top: 1rem;">
+          <p><strong>Failures:</strong> ${p.failureCount} (Rate Limited: ${p.rateLimitedCount}, Timeout: ${p.timeoutCount})</p>
+          <p><strong>Latency:</strong> Avg ${p.avgLatencyMs !== null ? p.avgLatencyMs.toFixed(0) : 'N/A'}ms, p95 ${p.p95LatencyMs !== null ? p.p95LatencyMs.toFixed(0) : 'N/A'}ms</p>
+          <p><strong>Drift Events:</strong> ${p.driftEvents.length > 0 ? p.driftEvents.map((d) => `${d.at} - ${d.summary}`).join(', ') : 'None'}</p>
+          <p><strong>Anomalies:</strong> ${p.anomalies.length > 0 ? p.anomalies.map((a) => a.description).join('; ') : 'None'}</p>
+        </div>
+      </details>
+      `).join('')}
+    </div>
+
+    <footer>
+      Generated by <strong>paybridge audit</strong><br>
+      Source: <a href="https://github.com/kobie3717/paybridge" style="color: #58a6ff;">github.com/kobie3717/paybridge</a>
+    </footer>
+  </div>
+</body>
+</html>`;
+}
+function renderAuditAsMarkdown(report) {
+    const { summary, providers, reconciliation, complianceFlags } = report;
+    let md = `# PayBridge Audit Report\n\n`;
+    md += `**Generated:** ${new Date(report.generatedAt).toLocaleString()}\n`;
+    md += `**Window:** ${formatDuration(report.windowMs)} (${report.windowStart.split('T')[0]} to ${report.windowEnd.split('T')[0]})\n\n`;
+    md += `## Executive Summary\n\n`;
+    md += `| Metric | Value |\n`;
+    md += `|--------|-------|\n`;
+    md += `| Total Providers | ${summary.totalProviders} |\n`;
+    md += `| Total Attempts | ${summary.totalAttempts.toLocaleString()} |\n`;
+    md += `| Success Rate | ${summary.overallSuccessRate !== null ? (summary.overallSuccessRate * 100).toFixed(1) + '%' : 'N/A'} |\n`;
+    md += `| Estimated Fees | ${summary.totalEstimatedFees.toFixed(2)} ${summary.totalEstimatedFeesCurrency} |\n`;
+    md += `| Anomalies (H/M/L) | ${summary.anomalyCounts.high} / ${summary.anomalyCounts.medium} / ${summary.anomalyCounts.low} |\n`;
+    md += `| Missed Webhooks | ${summary.missedWebhookCount} |\n\n`;
+    md += `## Provider Overview\n\n`;
+    md += `| Provider | Region | Attempts | Success Rate | Avg Latency | p95 Latency | Fees Paid | Anomalies |\n`;
+    md += `|----------|--------|----------|--------------|-------------|-------------|-----------|----------|\n`;
+    for (const p of providers) {
+        md += `| ${p.name} | ${p.region ?? 'N/A'} | ${p.totalAttempts} | ${p.successRate !== null ? (p.successRate * 100).toFixed(1) + '%' : 'N/A'} | `;
+        md += `${p.avgLatencyMs !== null ? p.avgLatencyMs.toFixed(0) + 'ms' : 'N/A'} | ${p.p95LatencyMs !== null ? p.p95LatencyMs.toFixed(0) + 'ms' : 'N/A'} | `;
+        md += `${p.estimatedFeesPaid.toFixed(2)} ${p.estimatedFeeCurrency} | ${p.anomalies.length || 'None'} |\n`;
+    }
+    md += `\n`;
+    const anomalyRows = providers.flatMap((p) => p.anomalies.map((a) => ({ provider: p.name, anomaly: a }))).sort((a, b) => {
+        const order = { high: 0, medium: 1, low: 2 };
+        return order[a.anomaly.severity] - order[b.anomaly.severity];
+    });
+    if (anomalyRows.length > 0) {
+        md += `## Anomalies\n\n`;
+        md += `| Severity | Provider | Type | Description |\n`;
+        md += `|----------|----------|------|-------------|\n`;
+        for (const { provider, anomaly } of anomalyRows) {
+            md += `| ${anomaly.severity.toUpperCase()} | ${provider} | ${anomaly.type} | ${anomaly.description} |\n`;
+        }
+        md += `\n`;
+    }
+    if (reconciliation) {
+        md += `## Reconciliation\n\n`;
+        md += `- **Match:** ${reconciliation.match}\n`;
+        md += `- **Mismatch:** ${reconciliation.mismatch}\n`;
+        md += `- **Not Found:** ${reconciliation.notFound}\n`;
+        md += `- **Error:** ${reconciliation.error}\n\n`;
+        if (reconciliation.mismatches.length > 0) {
+            md += `### Mismatches\n\n`;
+            md += `| Provider | Reference | Expected | Actual |\n`;
+            md += `|----------|-----------|----------|--------|\n`;
+            for (const m of reconciliation.mismatches) {
+                md += `| ${m.provider} | \`${m.reference}\` | ${m.expected} | ${m.actual} |\n`;
+            }
+            md += `\n`;
+        }
+    }
+    if (complianceFlags.length > 0) {
+        md += `## Compliance Flags\n\n`;
+        md += `| Severity | Provider | Finding |\n`;
+        md += `|----------|----------|----------|\n`;
+        for (const f of complianceFlags) {
+            md += `| ${f.severity.toUpperCase()} | ${f.provider} | ${f.finding} |\n`;
+        }
+        md += `\n`;
+    }
+    md += `---\n\n`;
+    md += `*Generated by **paybridge audit** — [github.com/kobie3717/paybridge](https://github.com/kobie3717/paybridge)*\n`;
+    return md;
+}
+function renderAuditAsJson(report, pretty = false) {
+    return JSON.stringify(report, null, pretty ? 2 : 0);
+}
+function formatDuration(ms) {
+    const days = Math.floor(ms / (24 * 60 * 60 * 1000));
+    if (days >= 1)
+        return `${days}d`;
+    const hours = Math.floor(ms / (60 * 60 * 1000));
+    if (hours >= 1)
+        return `${hours}h`;
+    return `${Math.floor(ms / (60 * 1000))}m`;
+}

package/dist/cli/commands/audit.d.ts

@@ -0,0 +1 @@
+export declare function runAudit(args: string[]): Promise<void>;

package/dist/cli/commands/audit.js

@@ -0,0 +1,308 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runAudit = runAudit;
+const node_fs_1 = require("node:fs");
+const audit_report_1 = require("../../audit-report");
+const drift_store_1 = require("../drift-store");
+const postgres_ledger_1 = require("../../stores/postgres-ledger");
+const runners_1 = require("../runners");
+const index_1 = require("../../index");
+const reconcile_1 = require("../reconcile");
+const utils_1 = require("../utils");
+function parseWindow(windowStr) {
+    const match = windowStr.match(/^(\d+)(d|h|m)$/);
+    if (!match) {
+        throw new Error(`Invalid window format: ${windowStr}. Use format like 7d, 24h, 60m`);
+    }
+    const value = parseInt(match[1], 10);
+    const unit = match[2];
+    switch (unit) {
+        case 'd':
+            return value * 24 * 60 * 60 * 1000;
+        case 'h':
+            return value * 60 * 60 * 1000;
+        case 'm':
+            return value * 60 * 1000;
+        default:
+            throw new Error(`Unknown unit: ${unit}`);
+    }
+}
+function parseArgs(args) {
+    const opts = {
+        format: 'html',
+        window: 7 * 24 * 60 * 60 * 1000,
+        driftDir: '.paybridge/drift-baseline',
+    };
+    for (let i = 0; i < args.length; i++) {
+        const arg = args[i];
+        switch (arg) {
+            case '--output':
+                opts.output = args[++i];
+                break;
+            case '--format':
+                const format = args[++i];
+                if (format !== 'html' && format !== 'md' && format !== 'json') {
+                    throw new Error(`Invalid format: ${format}. Use html, md, or json`);
+                }
+                opts.format = format;
+                break;
+            case '--window':
+                opts.window = parseWindow(args[++i]);
+                break;
+            case '--providers':
+                opts.providers = args[++i].split(',').map((s) => s.trim());
+                break;
+            case '--ledger-pg':
+                opts.ledgerPg = args[++i];
+                break;
+            case '--drift-dir':
+                opts.driftDir = args[++i];
+                break;
+            case '--reconcile-input':
+                opts.reconcileInput = args[++i];
+                break;
+            case '-h':
+            case '--help':
+                printHelp();
+                process.exit(0);
+                break;
+            default:
+                throw new Error(`Unknown option: ${arg}`);
+        }
+    }
+    if (!opts.output) {
+        const timestamp = new Date().toISOString().split('T')[0];
+        const ext = opts.format === 'html' ? 'html' : opts.format === 'md' ? 'md' : 'json';
+        opts.output = `paybridge-audit-${timestamp}.${ext}`;
+    }
+    return opts;
+}
+function printHelp() {
+    console.log(`
+paybridge audit — Generate comprehensive payment stack audit report
+
+USAGE
+  paybridge audit [options]
+
+OPTIONS
+  --output <file>          Output file path (default: paybridge-audit-<date>.<ext>)
+                           Use '-' for stdout
+  --format <type>          Output format: html, md, json (default: html)
+  --window <duration>      Analysis window: 7d, 30d, 90d, 24h, 1d (default: 7d)
+  --providers <list>       Comma-separated provider names (default: all configured)
+  --ledger-pg <conn>       PostgreSQL connection string for ledger data
+  --drift-dir <path>       Drift baseline directory (default: .paybridge/drift-baseline)
+  --reconcile-input <file> Include reconciliation data from file (JSONL or CSV)
+  -h, --help               Print this help
+
+EXAMPLES
+  paybridge audit
+  paybridge audit --window 30d --format json --output report.json
+  paybridge audit --ledger-pg postgresql://user:pass@localhost/db
+  paybridge audit --output - --format md | mail -s "Audit" finance@example.com
+
+EXIT CODES
+  0  No high-severity anomalies
+  1  High-severity anomalies detected
+
+OUTPUT
+  HTML reports are print-to-PDF friendly (Cmd/Ctrl+P in browser).
+  JSON reports can be piped to CI/CD pipelines.
+
+Docs: https://github.com/kobie3717/paybridge
+  `.trim());
+}
+async function runAudit(args) {
+    const opts = parseArgs(args);
+    const providerConfigs = opts.providers
+        ? runners_1.runners.filter((r) => opts.providers.includes(r.name))
+        : runners_1.runners.filter((r) => r.envRequired.every((e) => process.env[e]));
+    const providers = providerConfigs.map((r) => {
+        let credentials = {};
+        for (const envVar of r.envRequired) {
+            if (envVar === 'STRIPE_API_KEY')
+                credentials.apiKey = process.env.STRIPE_API_KEY;
+            else if (envVar === 'YOCO_API_KEY')
+                credentials.apiKey = process.env.YOCO_API_KEY;
+            else if (envVar === 'SOFTYCOMP_API_KEY') {
+                credentials.apiKey = process.env.SOFTYCOMP_API_KEY;
+                credentials.secretKey = process.env.SOFTYCOMP_SECRET_KEY;
+            }
+            else if (envVar === 'OZOW_API_KEY') {
+                credentials.apiKey = process.env.OZOW_API_KEY;
+                credentials.siteCode = process.env.OZOW_SITE_CODE;
+                credentials.privateKey = process.env.OZOW_PRIVATE_KEY;
+            }
+            else if (envVar === 'PAYFAST_MERCHANT_ID') {
+                credentials.merchantId = process.env.PAYFAST_MERCHANT_ID;
+                credentials.merchantKey = process.env.PAYFAST_MERCHANT_KEY;
+                credentials.passphrase = process.env.PAYFAST_PASSPHRASE;
+            }
+            else if (envVar === 'PAYSTACK_API_KEY')
+                credentials.apiKey = process.env.PAYSTACK_API_KEY;
+            else if (envVar === 'PEACH_ACCESS_TOKEN') {
+                credentials.apiKey = process.env.PEACH_ACCESS_TOKEN;
+                credentials.secretKey = process.env.PEACH_ENTITY_ID;
+            }
+            else if (envVar === 'FLUTTERWAVE_API_KEY')
+                credentials.apiKey = process.env.FLUTTERWAVE_API_KEY;
+            else if (envVar === 'ADYEN_API_KEY') {
+                credentials.apiKey = process.env.ADYEN_API_KEY;
+                credentials.merchantAccount = process.env.ADYEN_MERCHANT_ACCOUNT;
+            }
+            else if (envVar === 'MERCADOPAGO_ACCESS_TOKEN')
+                credentials.apiKey = process.env.MERCADOPAGO_ACCESS_TOKEN;
+            else if (envVar === 'RAZORPAY_KEY_ID') {
+                credentials.apiKey = process.env.RAZORPAY_KEY_ID;
+                credentials.secretKey = process.env.RAZORPAY_KEY_SECRET;
+            }
+            else if (envVar === 'MOLLIE_API_KEY')
+                credentials.apiKey = process.env.MOLLIE_API_KEY;
+            else if (envVar === 'SQUARE_ACCESS_TOKEN') {
+                credentials.apiKey = process.env.SQUARE_ACCESS_TOKEN;
+                credentials.locationId = process.env.SQUARE_LOCATION_ID;
+            }
+            else if (envVar === 'PESAPAL_CONSUMER_KEY') {
+                credentials.apiKey = process.env.PESAPAL_CONSUMER_KEY;
+                credentials.secretKey = process.env.PESAPAL_CONSUMER_SECRET;
+                credentials.notificationId = process.env.PESAPAL_NOTIFICATION_ID || 'dummy';
+            }
+        }
+        const pay = new index_1.PayBridge({
+            provider: r.name,
+            credentials,
+            sandbox: true,
+        });
+        return {
+            name: r.name,
+            capabilities: pay.provider.getCapabilities(),
+        };
+    });
+    if (providers.length === 0) {
+        console.error((0, utils_1.colorize)('Error: No providers configured. Set environment variables for at least one provider.', 'red'));
+        process.exit(1);
+    }
+    const input = {
+        providers,
+        windowMs: opts.window,
+    };
+    if (opts.ledgerPg) {
+        try {
+            // @ts-ignore - pg is an optional peer dependency
+            const pgModule = await Promise.resolve().then(() => __importStar(require('pg')));
+            const Pool = pgModule.default?.Pool || pgModule.Pool;
+            const pool = new Pool({ connectionString: opts.ledgerPg });
+            input.ledger = (0, postgres_ledger_1.createPostgresLedgerStore)({ pool });
+        }
+        catch (err) {
+            console.error((0, utils_1.colorize)(`Error: pg module not installed. Run: npm install pg`, 'red'));
+            process.exit(1);
+        }
+    }
+    if (opts.driftDir) {
+        input.driftStore = new drift_store_1.FileDriftStore(opts.driftDir);
+    }
+    if (opts.reconcileInput) {
+        const content = await node_fs_1.promises.readFile(opts.reconcileInput, 'utf-8');
+        const records = [];
+        const lines = content.trim().split('\n');
+        for (const line of lines) {
+            if (line.trim().startsWith('#') || !line.trim())
+                continue;
+            if (line.trim().startsWith('{')) {
+                const record = JSON.parse(line);
+                records.push(record);
+            }
+            else {
+                const parts = line.split(/\t|,/).map((s) => s.trim());
+                if (parts.length >= 3) {
+                    records.push({
+                        provider: parts[0],
+                        reference: parts[1],
+                        expectedStatus: parts[2],
+                    });
+                }
+            }
+        }
+        const buildProvider = (providerName) => {
+            const runner = runners_1.runners.find((r) => r.name === providerName);
+            if (!runner)
+                throw new Error(`Unknown provider: ${providerName}`);
+            return new index_1.PayBridge({
+                provider: providerName,
+                credentials: {},
+                sandbox: true,
+            });
+        };
+        const hasCredsFor = (providerName) => {
+            const runner = runners_1.runners.find((r) => r.name === providerName);
+            return runner ? runner.envRequired.every((e) => process.env[e]) : false;
+        };
+        const { results } = await (0, reconcile_1.runReconcile)(records, { buildProvider, hasCredsFor });
+        input.reconcileResults = results;
+    }
+    const report = await (0, audit_report_1.generateAuditReport)(input);
+    let output;
+    switch (opts.format) {
+        case 'html':
+            output = (0, audit_report_1.renderAuditAsHtml)(report);
+            break;
+        case 'md':
+            output = (0, audit_report_1.renderAuditAsMarkdown)(report);
+            break;
+        case 'json':
+            output = (0, audit_report_1.renderAuditAsJson)(report, true);
+            break;
+    }
+    if (opts.output === '-') {
+        console.log(output);
+    }
+    else {
+        if (!opts.output) {
+            throw new Error('Output path is required');
+        }
+        await node_fs_1.promises.writeFile(opts.output, output, 'utf-8');
+        console.log((0, utils_1.colorize)(`Audit written to ${opts.output}`, 'green'));
+        console.log(`Total providers: ${report.summary.totalProviders}`);
+        console.log(`Anomalies: ${(0, utils_1.colorize)(`${report.summary.anomalyCounts.high}`, report.summary.anomalyCounts.high > 0 ? 'red' : 'green')} high, ${report.summary.anomalyCounts.medium} medium, ${report.summary.anomalyCounts.low} low`);
+        if (opts.format === 'html') {
+            console.log((0, utils_1.colorize)('Open in browser to review.', 'cyan'));
+        }
+    }
+    if (report.summary.anomalyCounts.high > 0) {
+        process.exit(1);
+    }
+}

package/dist/cli/index.js

@@ -8,6 +8,7 @@ const quote_1 = require("./commands/quote");
 const drift_1 = require("./commands/drift");
 const drift_watch_1 = require("./commands/drift-watch");
 const reconcile_1 = require("./commands/reconcile");
+const audit_1 = require("./commands/audit");
 const utils_1 = require("./utils");
 async function main() {
     const [, , command, ...args] = process.argv;
@@ -33,6 +34,9 @@ async function main() {
         case 'reconcile':
             await (0, reconcile_1.runReconcileCommand)(args);
             break;
+        case 'audit':
+            await (0, audit_1.runAudit)(args);
+            break;
         case '-h':
         case '--help':
         case 'help':

package/dist/cli/utils.js

@@ -73,6 +73,8 @@ COMMANDS
   drift-check [opts]      Capture/compare provider response shapes (drift detection)
   drift-watch [opts]      Run drift-check on a loop (long-running monitor)
   reconcile [opts]        Reconcile your DB against provider state (detects missed webhooks)
+  audit [opts]            Generate comprehensive audit report (drift + reconcile +
+                          success rates + fees + anomalies)
   help, -h, --help        Print this help
   version, -v             Print version
 
@@ -99,6 +101,8 @@ EXAMPLES
   paybridge drift-watch --interval 1h --webhook-url https://hooks.slack.com/...
   paybridge reconcile --input expected.jsonl
   psql -t -c "SELECT provider, reference, status FROM payments" | paybridge reconcile
+  paybridge audit --window 30d --ledger-pg postgresql://localhost/db
+  paybridge audit --output - --format md | mail -s "Audit" finance@example.com
 
 Docs: https://github.com/kobie3717/paybridge
 `.trim();

package/dist/index.d.ts

@@ -26,6 +26,9 @@ export { createPostgresLedgerStore, type PostgresLedgerStoreOptions, getCreateTa
 export type { PgPoolLike, PgQueryResult } from './stores/postgres';
 export { runReconcile, type ReconcileDeps } from './cli/reconcile';
 export * from './cli/reconcile-types';
+export * from './drift-detector';
+export { FileDriftStore, type DriftStore } from './cli/drift-store';
+export { generateAuditReport, renderAuditAsHtml, renderAuditAsMarkdown, renderAuditAsJson, type AuditInput, type AuditReport, type ProviderAuditSection, type AuditAnomaly, } from './audit-report';
 export declare class PayBridge {
     readonly provider: PaymentProvider;
     constructor(config: PayBridgeConfig);

package/dist/index.js

@@ -20,7 +20,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.PayBridge = exports.runReconcile = exports.getPostgresLedgerTableSql = exports.createPostgresLedgerStore = exports.createRedisLedgerStore = exports.createRedisIdempotencyStore = exports.createRedisCircuitBreakerStore = void 0;
+exports.PayBridge = exports.renderAuditAsJson = exports.renderAuditAsMarkdown = exports.renderAuditAsHtml = exports.generateAuditReport = exports.FileDriftStore = exports.runReconcile = exports.getPostgresLedgerTableSql = exports.createPostgresLedgerStore = exports.createRedisLedgerStore = exports.createRedisIdempotencyStore = exports.createRedisCircuitBreakerStore = void 0;
 const softycomp_1 = require("./providers/softycomp");
 const yoco_1 = require("./providers/yoco");
 const ozow_1 = require("./providers/ozow");
@@ -60,6 +60,14 @@ Object.defineProperty(exports, "getPostgresLedgerTableSql", { enumerable: true,
 var reconcile_1 = require("./cli/reconcile");
 Object.defineProperty(exports, "runReconcile", { enumerable: true, get: function () { return reconcile_1.runReconcile; } });
 __exportStar(require("./cli/reconcile-types"), exports);
+__exportStar(require("./drift-detector"), exports);
+var drift_store_1 = require("./cli/drift-store");
+Object.defineProperty(exports, "FileDriftStore", { enumerable: true, get: function () { return drift_store_1.FileDriftStore; } });
+var audit_report_1 = require("./audit-report");
+Object.defineProperty(exports, "generateAuditReport", { enumerable: true, get: function () { return audit_report_1.generateAuditReport; } });
+Object.defineProperty(exports, "renderAuditAsHtml", { enumerable: true, get: function () { return audit_report_1.renderAuditAsHtml; } });
+Object.defineProperty(exports, "renderAuditAsMarkdown", { enumerable: true, get: function () { return audit_report_1.renderAuditAsMarkdown; } });
+Object.defineProperty(exports, "renderAuditAsJson", { enumerable: true, get: function () { return audit_report_1.renderAuditAsJson; } });
 class PayBridge {
     constructor(config) {
         this.provider = this.createProvider(config);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "paybridge",
-  "version": "0.12.0",
+  "version": "1.0.0-rc.2",
   "description": "One API for fiat + crypto payments. Multi-provider routing, automatic failover, MoonPay on/off-ramp. SA-first, global-ready.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",