paymongo-cli 1.4.7 → 1.4.8

package/AGENTS.md

@@ -2,9 +2,9 @@
 
 ## Project Overview
 
-PayMongo CLI is a developer-first command-line tool for PayMongo payment integration with local webhook forwarding. It uses **ESM modules** with Commander.js for CLI commands and provides both terminal and web-based interfaces.
+PayMongo CLI is a developer-first command-line tool for PayMongo payment integration with local webhook forwarding. It uses **ESM modules** with Commander.js for CLI commands and provides a terminal-first interface.
 
-**Tech Stack**: TypeScript, Node.js 18+, Express, Socket.io, ngrok, Axios, Zod, Winston, Jest
+**Tech Stack**: TypeScript, Node.js 20+, Commander.js, built-in `http`, `undici`, ngrok, Zod, Jest
 
 ---
 
@@ -134,8 +134,10 @@ src/
 ├── services/         # Business logic
 │   ├── api/         # PayMongo API client
 │   ├── config/      # Configuration management
-│   ├── web/         # Express + Socket.io server
-│   └── github/      # GitHub integration
+│   ├── dev/         # Local dev server + process management
+│   ├── analytics/   # Local webhook analytics
+│   ├── payments/    # Payment simulation helpers
+│   └── team/        # Team key-sharing workflows
 ├── types/           # TypeScript definitions + Zod schemas
 ├── utils/           # Shared utilities
 └── index.ts         # CLI entry point
@@ -174,8 +176,8 @@ tests/
 Use `jest.unstable_mockModule()` before dynamic imports:
 
 ```typescript
-jest.unstable_mockModule('axios', () => ({
-  default: mockAxios,
+jest.unstable_mockModule('undici', () => ({
+  request: mockRequest,
 }));
 
 const { ApiClient } = await import('../../src/services/api/client.js');

package/CHANGELOG.md

@@ -7,6 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.4.8] - 2026-03-08
+
+### Changed
+
+- **Command Modularization** - Refactored the large `config`, `payments`, `webhooks`, and `trigger` command files into focused helper/action modules to improve maintainability and make future changes safer.
+- **Test Execution** - Reworked CLI entry/config integration tests to avoid subprocess spawning in restricted environments while preserving end-to-end behavior checks.
+- **Documentation Alignment** - Updated README, installation, user guide, troubleshooting, testing, and contributor guidance to match the current Node 20+ runtime, `undici` network layer, ngrok token handling, and local team key-sharing workflow.
+
+### Fixed
+
+- **Config Validation Drift** - Added `rateLimiting` to the Zod configuration schema so runtime validation matches the declared config type and command behavior.
+- **CLI Test Reliability** - Eliminated environment-specific `EPERM` failures in spawn-based tests by switching to sandbox-friendly execution patterns.
+- **Release Metadata** - Synchronized package metadata by updating the npm package version and lockfile version fields to the current release line.
+
+### Security
+
+- **Webhook Verification Defaults** - New configs now enable webhook signature verification by default, and the dev server now rejects requests when verification is enabled but no webhook secret is configured.
+- **Secret Messaging** - Clarified CLI messaging around webhook secret storage to describe the actual `.paymongo` storage location.
+
 ## [1.4.7] - 2026-02-27
 
 ### Changed

package/README.md

@@ -17,10 +17,10 @@ PayMongo CLI is the official-feel command-line tool designed to streamline your
 - **Payment Testing**: Create and monitor payment intents and payments directly from your terminal.
 - **Real-time Monitoring**: Watch webhook events as they happen with formatted terminal logs.
 - **Privacy-First Analytics**: Optional local webhook event tracking to improve your development workflow (opt-in only).
-- **Team Collaboration**: Sync configurations across your team using GitHub integration.
+- **Team Collaboration**: Share API key bundles with teammates for test/live environments.
 - **Bulk Operations**: Import/export payments and webhooks for easy migration between environments.
 - **Rate Limiting Protection**: Built-in API abuse prevention with configurable limits and automatic backoff.
-- **Secure Management**: Encrypted storage for your API keys.
+- **Secure Management**: Local credential encryption for stored login sessions.
 
 ---
 
@@ -43,10 +43,12 @@ To use the `dev` server with webhook forwarding, you need an ngrok authtoken:
 
 1. Sign up at [ngrok.com](https://ngrok.com)
 2. Copy your authtoken from the [ngrok dashboard](https://dashboard.ngrok.com/get-started/your-authtoken)
-3. Configure it in the CLI:
+3. Configure it via environment variable or pass it at runtime:
 
 ```bash
-paymongo config set ngrok.authtoken YOUR_AUTHTOKEN
+export NGROK_AUTHTOKEN=YOUR_AUTHTOKEN
+# or
+paymongo dev --ngrok-token YOUR_AUTHTOKEN
 ```
 
 ---
@@ -168,7 +170,7 @@ Analytics data helps you:
 | `paymongo config`            | View and modify CLI configuration.                      |
 | `paymongo config analytics`  | Configure webhook analytics settings.                   |
 | `paymongo config rate-limit` | Configure rate limiting settings.                       |
-| `paymongo team`              | Sync configurations with your team via GitHub.          |
+| `paymongo team`              | Share API key bundles with your team.                   |
 | `paymongo trigger`           | Simulate webhook events locally for testing.            |
 
 > Use `paymongo <command> --help` for detailed information on any command.

package/TESTING.md

@@ -4,12 +4,12 @@
 
 This document tracks the progress of improving test coverage for the PayMongo CLI project from the initial ~12% to the target 80-85%.
 
-## Current Status (2026-01-25)
+## Current Status (2026-03-08)
 
-- **Overall Coverage**: ~65-70% statements (estimated post-all command testing completion)
+- **Overall Coverage**: strong command and service coverage with full green suite
 - **Target**: ≥80% statements/branches/functions/lines
 - **Progress**: API client, init command, config command, login command, dev command, env command, trigger command, webhooks command, CLI entry point, and payments command testing completed
-- **Total Tests**: 380 passing tests across 23 test suites
+- **Total Tests**: 459 passing tests across 29 test suites
 
 ## Completed Work
 
@@ -79,9 +79,8 @@ This document tracks the progress of improving test coverage for the PayMongo CL
   - Resolved testing challenges: crypto timingSafeEqual mocking, HTTP request/response simulation, ESM module mocking for complex dependencies
 
 - **CLI Entry Point Testing**: ✅ **COMPLETED**
-  - Created integration tests in `tests/unit/index.test.ts` with 3 test cases
   - Tests verify CLI initialization, help display, version information, and error handling
-  - Uses subprocess spawning to test actual CLI behavior rather than complex module mocking
+  - Uses in-process execution instead of subprocess spawning for sandbox-friendly test runs
 
 - **Payments Command Testing**: ✅ **COMPLETED**
   - Created comprehensive test file `tests/unit/payments-command.test.ts` with 20 test cases achieving 100% coverage
@@ -195,7 +194,7 @@ This document tracks the progress of improving test coverage for the PayMongo CL
 
 1. **ESM Mocking Complexity**: Required careful setup of `jest.unstable_mockModule()` for modern ES modules
 2. **Interceptor Testing**: Needed to test interceptor functions directly rather than through full API calls
-3. **Error Handler Mocking**: Complex to mock axios.isAxiosError in interceptor context
+3. **Network Layer Mocking**: `undici` request/response behavior requires careful ESM mocking
 4. **Commander.js Testing**: Resolved by extracting command action logic to separate exported function for direct testing
 5. **Console Mocking**: Required global.console usage for reliable spy functionality across test suites
 6. **ESM Module Resolution**: Fixed import path issues in tests by using '../../src/' prefix for consistency
@@ -219,4 +218,4 @@ This document tracks the progress of improving test coverage for the PayMongo CL
 
 ---
 
-_Last updated: 2026-01-25_
+_Last updated: 2026-03-08_