paymongo-cli 1.4.4 → 1.4.7

package/dist/services/dev/server.js

@@ -2,15 +2,18 @@ import * as http from 'http';
 import * as crypto from 'crypto';
 import chalk from 'chalk';
 import { AnalyticsService } from '../analytics/service.js';
+import Logger from '../../utils/logger.js';
 export class DevServer {
     server;
     port;
     config;
     analytics;
+    logger;
     constructor(port, config) {
         this.port = port;
         this.config = config;
         this.analytics = new AnalyticsService(config);
+        this.logger = new Logger();
         this.server = http.createServer((req, res) => {
             this.handleWebhookRequest(req, res);
         });
@@ -18,7 +21,7 @@ export class DevServer {
     async start() {
         return new Promise((resolve, reject) => {
             this.server.listen(this.port, () => {
-                console.log(chalk.green('✓'), `Webhook server listening on http://localhost:${this.port}`);
+                this.logger.success(`Webhook server listening on http://localhost:${this.port}`);
                 resolve();
             });
             this.server.on('error', (error) => {
@@ -29,7 +32,7 @@ export class DevServer {
     async stop() {
         return new Promise((resolve) => {
             this.server.close(() => {
-                console.log(chalk.yellow('✓'), 'Webhook server stopped');
+                this.logger.warning('Webhook server stopped');
                 resolve();
             });
         });
@@ -46,42 +49,45 @@ export class DevServer {
             body += chunk.toString();
         });
         req.on('end', () => {
-            try {
-                const event = JSON.parse(body);
-                const signatureValid = this.verifyWebhookSignature(req, body);
-                if (!signatureValid) {
-                    console.log(chalk.red('⚠️'), 'Webhook signature verification failed');
-                    res.writeHead(401, { 'Content-Type': 'application/json' });
-                    res.end(JSON.stringify({ error: 'Invalid signature' }));
-                    this.analytics.recordEvent({
-                        type: event.data?.type || 'unknown',
-                        success: false,
-                        error: 'Invalid signature',
-                        data: event.data?.attributes,
-                    });
-                    return;
-                }
-                this.logWebhookEvent(event);
-                res.writeHead(200, { 'Content-Type': 'application/json' });
-                res.end(JSON.stringify({ success: true }));
-            }
-            catch (error) {
-                console.error(chalk.red('✗'), 'Failed to process webhook:', error.message);
-                res.writeHead(400, { 'Content-Type': 'application/json' });
-                res.end(JSON.stringify({ error: 'Invalid JSON' }));
-                this.analytics.recordEvent({
-                    type: 'unknown',
+            void this.processWebhookBody(body, req, res);
+        });
+    }
+    async processWebhookBody(body, req, res) {
+        try {
+            const event = JSON.parse(body);
+            const signatureValid = this.verifyWebhookSignature(req, body);
+            if (!signatureValid) {
+                this.logger.failure('Webhook signature verification failed');
+                res.writeHead(401, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify({ error: 'Invalid signature' }));
+                await this.analytics.recordEvent({
+                    type: event.data?.type || 'unknown',
                     success: false,
-                    error: 'Invalid JSON',
+                    error: 'Invalid signature',
+                    data: event.data?.attributes,
                 });
+                return;
             }
-        });
+            await this.logWebhookEvent(event);
+            res.writeHead(200, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ success: true }));
+        }
+        catch (error) {
+            this.logger.error('Failed to process webhook:', error.message);
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: 'Invalid JSON' }));
+            await this.analytics.recordEvent({
+                type: 'unknown',
+                success: false,
+                error: 'Invalid JSON',
+            });
+        }
     }
-    logWebhookEvent(event) {
+    async logWebhookEvent(event) {
         const timestamp = new Date().toLocaleTimeString();
         const eventType = event.data?.type || 'unknown';
         const eventId = event.data?.id || 'unknown';
-        this.analytics.recordEvent({
+        await this.analytics.recordEvent({
             type: eventType,
             success: true,
             data: event.data?.attributes,
@@ -101,23 +107,23 @@ export class DevServer {
     }
     verifyWebhookSignature(req, body) {
         if (!this.config.dev.verifyWebhookSignatures) {
-            console.log(chalk.yellow('ℹ️'), 'Webhook signature verification disabled in config');
+            this.logger.warn('Webhook signature verification disabled in config');
             return true;
         }
         const signatureHeader = req.headers['paymongo-signature'];
         if (!signatureHeader) {
-            console.log(chalk.red('⚠️'), 'Signature verification required but no signature header found');
+            this.logger.failure('Signature verification required but no signature header found');
             return false;
         }
         const signatureParts = signatureHeader.split(',');
         if (signatureParts.length < 2) {
-            console.log(chalk.red('⚠️'), 'Invalid signature format');
+            this.logger.failure('Invalid signature format');
             return false;
         }
         const timestamp = signatureParts.find((part) => part.startsWith('t='))?.split('=')[1];
         const signature = signatureParts.find((part) => part.startsWith('te='))?.split('=')[1];
         if (!timestamp || !signature) {
-            console.log(chalk.red('⚠️'), 'Missing timestamp or signature in header');
+            this.logger.failure('Missing timestamp or signature in header');
             return false;
         }
         const webhookId = signatureParts.find((part) => part.startsWith('li='))?.split('=')[1];
@@ -130,12 +136,12 @@ export class DevServer {
         else {
             secretKeys = Object.values(webhookSecrets).filter((secret) => typeof secret === 'string' && secret.length > 0);
             if (webhookId && secretKeys.length > 0) {
-                console.log(chalk.yellow('⚠️'), `No webhook secret found for id ${webhookId}. Update your configuration.`);
+                this.logger.warning(`No webhook secret found for id ${webhookId}. Update your configuration.`);
                 return false;
             }
         }
         if (secretKeys.length === 0) {
-            console.log(chalk.yellow('⚠️'), 'Signature verification enabled but no webhook secrets configured');
+            this.logger.warning('Signature verification enabled but no webhook secrets configured');
             return true;
         }
         let isValid = false;
@@ -155,11 +161,11 @@ export class DevServer {
             }
         }
         if (isValid) {
-            console.log(chalk.green('✓'), 'Signature verified successfully');
+            this.logger.success('Signature verified successfully');
             return true;
         }
         else {
-            console.log(chalk.red('✗'), 'Signature verification failed');
+            this.logger.failure('Signature verification failed');
             return false;
         }
     }

package/dist/services/team/service.js

@@ -41,7 +41,7 @@ export class TeamService {
         await this.config.save(config);
         return bundle;
     }
-    async importKeyBundle(bundle, memberName) {
+    async importKeyBundle(bundle, memberName, options = {}) {
         const config = await this.config.load();
         if (!config) {
             throw new PayMongoError('No configuration found. Run "paymongo init" first.', 'CONFIG_NOT_FOUND', 400);
@@ -72,6 +72,9 @@ export class TeamService {
                 if (!config.apiKeys[env]) {
                     config.apiKeys[env] = bundle.keys[env];
                 }
+                else if (options.force) {
+                    config.apiKeys[env] = bundle.keys[env];
+                }
                 else {
                     console.log(`⚠️  ${env.toUpperCase()} keys already exist. Use --force to overwrite.`);
                 }

package/dist/types/schemas.js

@@ -12,23 +12,52 @@ const DevConfigSchema = z.object({
     autoRegisterWebhook: z.boolean(),
     verifyWebhookSignatures: z.boolean(),
 });
-const TeamConfigSchema = z.object({
-    githubToken: z.string().optional(),
-    repo: z.string().optional(),
-    branch: z.string().optional(),
-}).optional();
 export const PayMongoConfigSchema = z.object({
     version: z.string().min(1, 'Version is required'),
     projectName: z.string().min(1, 'Project name is required'),
     environment: z.enum(['test', 'live']),
-    apiKeys: z.object({
+    apiKeys: z
+        .object({
         test: ApiKeysSchema.optional(),
         live: ApiKeysSchema.optional(),
-    }).refine((keys) => keys.test !== undefined || keys.live !== undefined, { message: 'At least one environment API keys must be configured' }),
+    })
+        .optional(),
     webhooks: WebhooksConfigSchema,
-    webhookSecrets: z.record(z.string(), z.string()),
+    webhookSecrets: z.record(z.string(), z.string()).optional(),
     dev: DevConfigSchema,
-    team: TeamConfigSchema,
+    team: z
+        .object({
+        name: z.string().optional(),
+        members: z
+            .array(z.object({
+            name: z.string(),
+            email: z.string().optional(),
+            addedAt: z.number(),
+            sharedKeys: z.array(z.string()).optional(),
+        }))
+            .optional(),
+        sharedKeyBundles: z
+            .array(z.object({
+            id: z.string(),
+            createdAt: z.number(),
+            environments: z.array(z.enum(['test', 'live'])),
+            sharedWith: z.array(z.string()),
+        }))
+            .optional(),
+    })
+        .optional(),
+    registeredWebhooks: z
+        .array(z.object({
+        id: z.string(),
+        url: z.string(),
+        createdAt: z.number(),
+    }))
+        .optional(),
+    analytics: z
+        .object({
+        enabled: z.boolean(),
+    })
+        .optional(),
 });
 export function validateConfig(config) {
     const result = PayMongoConfigSchema.safeParse(config);

package/dist/utils/bulk.js

@@ -32,8 +32,24 @@ export class BulkOperations {
         return filename;
     }
     static async importWebhooks(filename) {
-        const content = await fs.readFile(filename, 'utf-8');
-        const data = JSON.parse(content);
+        let content;
+        try {
+            content = await fs.readFile(filename, 'utf-8');
+        }
+        catch (error) {
+            const code = error.code;
+            if (code === 'ENOENT') {
+                throw new PayMongoError(`File not found: ${filename}`, 'FILE_NOT_FOUND', 404);
+            }
+            throw new PayMongoError(`Cannot read file: ${filename}`, 'FILE_READ_ERROR', 400);
+        }
+        let data;
+        try {
+            data = JSON.parse(content);
+        }
+        catch {
+            throw new PayMongoError(`Invalid JSON in ${filename}`, 'INVALID_JSON', 400);
+        }
         this.validateImportData(data, 'webhooks');
         return {
             webhooks: data.data,
@@ -41,8 +57,24 @@ export class BulkOperations {
         };
     }
     static async importPayments(filename) {
-        const content = await fs.readFile(filename, 'utf-8');
-        const data = JSON.parse(content);
+        let content;
+        try {
+            content = await fs.readFile(filename, 'utf-8');
+        }
+        catch (error) {
+            const code = error.code;
+            if (code === 'ENOENT') {
+                throw new PayMongoError(`File not found: ${filename}`, 'FILE_NOT_FOUND', 404);
+            }
+            throw new PayMongoError(`Cannot read file: ${filename}`, 'FILE_READ_ERROR', 400);
+        }
+        let data;
+        try {
+            data = JSON.parse(content);
+        }
+        catch {
+            throw new PayMongoError(`Invalid JSON in ${filename}`, 'INVALID_JSON', 400);
+        }
         this.validateImportData(data, 'payments');
         return {
             payments: data.data,

package/dist/utils/constants.js

@@ -12,10 +12,20 @@ export const ENVIRONMENTS = ['test', 'live'];
 export const CONFIG_FILE_NAME = '.paymongo';
 export const ENV_FILE_NAME = '.env';
 export const CLI_NAME = 'paymongo';
-export const CLI_VERSION = '1.0.0';
+import { createRequire } from 'module';
+const _require = createRequire(import.meta.url);
+const _pkg = _require('../../package.json');
+export const CLI_VERSION = _pkg.version;
 export const REQUEST_TIMEOUT = 30000;
 export const MAX_RETRIES = 3;
 export const RETRY_DELAY = 1000;
+export const CACHE_TTL = 2 * 60 * 1000;
+export const RATE_LIMIT_WINDOW_MS = 60 * 1000;
+export const RATE_LIMIT_DEFAULT_MAX = 100;
+export const RATE_LIMIT_WEBHOOKS_MAX = 30;
+export const RATE_LIMIT_PAYMENTS_MAX = 60;
+export const RATE_LIMIT_REFUNDS_MAX = 20;
+export const RATE_LIMIT_ENV_MULTIPLIER = 0.5;
 export const DEFAULT_DEV_PORT = 3000;
 export const DEFAULT_WEBHOOK_PATH = '/webhook';
 export const LOG_LEVELS = ['error', 'warn', 'info', 'debug'];

package/dist/utils/errors.js

@@ -56,6 +56,12 @@ export class WebhookError extends Error {
         this.name = 'WebhookError';
     }
 }
+export class CommandError extends Error {
+    constructor(message) {
+        super(message || 'Command failed');
+        this.name = 'CommandError';
+    }
+}
 export async function withRetry(operation, options = {}) {
     const { maxRetries = 3, delayMs = 1000, backoffMultiplier = 2, silent = false, retryCondition = (error) => {
         return (error.name === 'NetworkError' ||

package/dist/utils/validator.js

@@ -1,11 +1,5 @@
-export class ValidationError extends Error {
-    field;
-    constructor(message, field) {
-        super(message);
-        this.field = field;
-        this.name = 'ValidationError';
-    }
-}
+import { ValidationError } from './errors.js';
+export { ValidationError };
 export function validateApiKey(key, type) {
     if (!key || typeof key !== 'string') {
         return false;
@@ -16,7 +10,14 @@ export function validateApiKey(key, type) {
 }
 export function validateWebhookUrl(url) {
     try {
-        const parsedUrl = new URL(url);
+        const trimmed = url.trim();
+        if (trimmed.length > 2048) {
+            return false;
+        }
+        const parsedUrl = new URL(trimmed);
+        if (parsedUrl.username || parsedUrl.password) {
+            return false;
+        }
         return (parsedUrl.protocol === 'https:' ||
             parsedUrl.hostname === 'localhost' ||
             parsedUrl.hostname === '127.0.0.1');

package/dist/utils/webhook-store.js

@@ -1,23 +1,25 @@
-import * as fs from 'fs';
+import fs from 'fs/promises';
 import * as path from 'path';
 import * as os from 'os';
 class WebhookEventStore {
     storePath;
+    storeDir;
     constructor() {
-        const paymongoDir = path.join(os.homedir(), '.paymongo');
-        this.storePath = path.join(paymongoDir, 'webhook-events.json');
-        if (!fs.existsSync(paymongoDir)) {
-            fs.mkdirSync(paymongoDir, { recursive: true });
-        }
+        this.storeDir = path.join(os.homedir(), '.paymongo');
+        this.storePath = path.join(this.storeDir, 'webhook-events.json');
+    }
+    async ensureDir() {
+        await fs.mkdir(this.storeDir, { recursive: true });
     }
     async storeEvent(event) {
         try {
+            await this.ensureDir();
             const events = await this.loadEvents();
             events.push(event);
             if (events.length > 1000) {
                 events.splice(0, events.length - 1000);
             }
-            fs.writeFileSync(this.storePath, JSON.stringify(events, null, 2));
+            await fs.writeFile(this.storePath, JSON.stringify(events, null, 2));
         }
         catch (error) {
             console.warn('Failed to store webhook event:', error);
@@ -25,13 +27,13 @@ class WebhookEventStore {
     }
     async loadEvents() {
         try {
-            if (!fs.existsSync(this.storePath)) {
-                return [];
-            }
-            const data = fs.readFileSync(this.storePath, 'utf-8');
+            const data = await fs.readFile(this.storePath, 'utf-8');
             return JSON.parse(data);
         }
-        catch (_error) {
+        catch (error) {
+            if (error instanceof Error && 'code' in error && error.code === 'ENOENT') {
+                return [];
+            }
             return [];
         }
     }
@@ -45,11 +47,12 @@ class WebhookEventStore {
     }
     async clearEvents() {
         try {
-            if (fs.existsSync(this.storePath)) {
-                fs.unlinkSync(this.storePath);
-            }
+            await fs.unlink(this.storePath);
         }
         catch (error) {
+            if (error instanceof Error && 'code' in error && error.code === 'ENOENT') {
+                return;
+            }
             console.warn('Failed to clear webhook events:', error);
         }
     }

package/eslint.config.ts

@@ -1,70 +1,70 @@
-import eslint from '@eslint/js';
-import tseslint from 'typescript-eslint';
-import globals from 'globals';
-
-export default tseslint.config(
-  eslint.configs.recommended,
-  ...tseslint.configs.recommended,
-  {
-    files: ['src/**/*.ts'],
-    languageOptions: {
-      ecmaVersion: 2022,
-      sourceType: 'module',
-      globals: {
-        ...globals.node,
-        ...globals.es2022,
-      },
-      parserOptions: {
-        project: './tsconfig.json',
-      },
-    },
-    rules: {
-      'no-unused-vars': 'off',
-      '@typescript-eslint/no-unused-vars': ['warn', { 
-        argsIgnorePattern: '^_',
-        varsIgnorePattern: '^_',
-        caughtErrorsIgnorePattern: '^_'
-      }],
-      'no-console': 'off',
-      'no-redeclare': 'off',
-      '@typescript-eslint/no-redeclare': 'error',
-      'no-shadow': 'off',
-      '@typescript-eslint/no-shadow': 'error',
-      'no-undef': 'off',
-      'no-empty': 'error',
-      '@typescript-eslint/explicit-function-return-type': 'off',
-      '@typescript-eslint/no-explicit-any': 'warn',
-      '@typescript-eslint/no-non-null-assertion': 'warn',
-      eqeqeq: ['error', 'always'],
-      curly: ['error', 'all'],
-      'no-var': 'error',
-      'prefer-const': 'error',
-    },
-  },
-  {
-    files: ['tests/**/*.ts'],
-    languageOptions: {
-      ecmaVersion: 2022,
-      sourceType: 'module',
-      globals: {
-        ...globals.node,
-        ...globals.es2022,
-        ...globals.jest,
-      },
-    },
-    rules: {
-      'no-unused-vars': 'off',
-      '@typescript-eslint/no-unused-vars': ['warn', { 
-        argsIgnorePattern: '^_',
-        varsIgnorePattern: '^_',
-        caughtErrorsIgnorePattern: '^_'
-      }],
-      '@typescript-eslint/no-explicit-any': 'off', // Allow any in tests for mocking
-      'no-console': 'off',
-      'no-undef': 'off',
-    },
-  },
-  {
-    ignores: ['dist/', 'node_modules/', '*.js', '*.cjs', 'coverage/'],
-  }
-);
+import eslint from '@eslint/js';
+import tseslint from 'typescript-eslint';
+import globals from 'globals';
+
+export default tseslint.config(
+  eslint.configs.recommended,
+  ...tseslint.configs.recommended,
+  {
+    files: ['src/**/*.ts'],
+    languageOptions: {
+      ecmaVersion: 2022,
+      sourceType: 'module',
+      globals: {
+        ...globals.node,
+        ...globals.es2022,
+      },
+      parserOptions: {
+        project: './tsconfig.json',
+      },
+    },
+    rules: {
+      'no-unused-vars': 'off',
+      '@typescript-eslint/no-unused-vars': ['warn', { 
+        argsIgnorePattern: '^_',
+        varsIgnorePattern: '^_',
+        caughtErrorsIgnorePattern: '^_'
+      }],
+      'no-console': 'off',
+      'no-redeclare': 'off',
+      '@typescript-eslint/no-redeclare': 'error',
+      'no-shadow': 'off',
+      '@typescript-eslint/no-shadow': 'error',
+      'no-undef': 'off',
+      'no-empty': 'error',
+      '@typescript-eslint/explicit-function-return-type': 'off',
+      '@typescript-eslint/no-explicit-any': 'warn',
+      '@typescript-eslint/no-non-null-assertion': 'warn',
+      eqeqeq: ['error', 'always'],
+      curly: ['error', 'all'],
+      'no-var': 'error',
+      'prefer-const': 'error',
+    },
+  },
+  {
+    files: ['tests/**/*.ts'],
+    languageOptions: {
+      ecmaVersion: 2022,
+      sourceType: 'module',
+      globals: {
+        ...globals.node,
+        ...globals.es2022,
+        ...globals.jest,
+      },
+    },
+    rules: {
+      'no-unused-vars': 'off',
+      '@typescript-eslint/no-unused-vars': ['warn', { 
+        argsIgnorePattern: '^_',
+        varsIgnorePattern: '^_',
+        caughtErrorsIgnorePattern: '^_'
+      }],
+      '@typescript-eslint/no-explicit-any': 'off', // Allow any in tests for mocking
+      'no-console': 'off',
+      'no-undef': 'off',
+    },
+  },
+  {
+    ignores: ['dist/', 'node_modules/', '*.js', '*.cjs', 'coverage/'],
+  }
+);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "paymongo-cli",
-  "version": "1.4.4",
+  "version": "1.4.7",
   "description": "Developer-first CLI tool for PayMongo integration development with local webhook forwarding, payment testing, and team collaboration features. See USER_GUIDE.md for comprehensive documentation.",
   "type": "module",
   "main": "dist/index.js",
@@ -72,4 +72,4 @@
   "publishConfig": {
     "access": "public"
   }
-}
+}