pop-pay 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Point One Percent Team
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,35 @@
+# pop-pay
+
+**Point One Percent** — Semantic Payment Guardrail for AI Agents.
+
+> It only takes 0.1% of hallucination to drain 100% of your wallet.
+
+TypeScript + Rust implementation of the pop-pay runtime security layer for AI agent commerce.
+
+## Features
+
+- **Vault**: AES-256-GCM encrypted credential storage with Rust native security layer
+- **Guardrails**: Keyword + LLM-based payment intent validation
+- **MCP Server**: Model Context Protocol server for AI agent integration
+- **Providers**: Stripe Issuing, BYOC (Bring Your Own Card), Mock
+- **Security Scan**: Prompt injection detection on checkout pages
+
+## Installation
+
+```bash
+npm install pop-pay
+```
+
+## Quick Start
+
+```bash
+# Initialize vault
+pop-init-vault
+
+# Launch MCP server
+pop-launch
+```
+
+## License
+
+MIT

package/dist/cli-vault.d.ts

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+/**
+ * pop-init-vault: Interactive setup to encrypt card credentials.
+ * pop-unlock: Unlock vault for passphrase mode sessions.
+ */
+export {};
+//# sourceMappingURL=cli-vault.d.ts.map

package/dist/cli-vault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-vault.d.ts","sourceRoot":"","sources":["../src/cli-vault.ts"],"names":[],"mappings":";AACA;;;GAGG"}

package/dist/cli-vault.js

@@ -0,0 +1,233 @@
+#!/usr/bin/env node
+"use strict";
+/**
+ * pop-init-vault: Interactive setup to encrypt card credentials.
+ * pop-unlock: Unlock vault for passphrase mode sessions.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_fs_1 = require("node:fs");
+const node_readline_1 = require("node:readline");
+const node_os_1 = require("node:os");
+const node_path_1 = require("node:path");
+const vault_js_1 = require("./vault.js");
+const VAULT_DIR = (0, node_path_1.join)((0, node_os_1.homedir)(), ".config", "pop-pay");
+const VAULT_PATH = (0, node_path_1.join)(VAULT_DIR, "vault.enc");
+function prompt(question) {
+    const rl = (0, node_readline_1.createInterface)({ input: process.stdin, output: process.stdout });
+    return new Promise((resolve) => {
+        rl.question(question, (answer) => {
+            rl.close();
+            resolve(answer.trim());
+        });
+    });
+}
+function promptHidden(question) {
+    return new Promise((resolve) => {
+        process.stdout.write(question);
+        const stdin = process.stdin;
+        const wasRaw = stdin.isRaw;
+        if (stdin.isTTY)
+            stdin.setRawMode(true);
+        stdin.resume();
+        let input = "";
+        const onData = (char) => {
+            const c = char.toString("utf8");
+            if (c === "\n" || c === "\r" || c === "\u0004") {
+                if (stdin.isTTY)
+                    stdin.setRawMode(wasRaw ?? false);
+                stdin.pause();
+                stdin.removeListener("data", onData);
+                process.stdout.write("\n");
+                resolve(input.trim());
+            }
+            else if (c === "\u0003") {
+                process.exit(1);
+            }
+            else if (c === "\u007f" || c === "\b") {
+                input = input.slice(0, -1);
+            }
+            else {
+                input += c;
+            }
+        };
+        stdin.on("data", onData);
+    });
+}
+// ---------------------------------------------------------------------------
+// pop-init-vault
+// ---------------------------------------------------------------------------
+async function cmdInitVault() {
+    const usePassphrase = process.argv.includes("--passphrase");
+    console.log("pop-pay vault setup");
+    console.log("=".repeat(40));
+    console.log("Your card credentials will be encrypted and stored at:");
+    console.log(`  ${VAULT_PATH}`);
+    console.log();
+    console.log(vault_js_1.OSS_WARNING);
+    if ((0, vault_js_1.vaultExists)()) {
+        const overwrite = await prompt("A vault already exists. Overwrite? [y/N]: ");
+        if (overwrite.toLowerCase() !== "y") {
+            console.log("Aborted.");
+            process.exit(0);
+        }
+    }
+    let keyOverride;
+    if (usePassphrase) {
+        console.log("\nPassphrase mode: your vault will be encrypted with a passphrase.");
+        console.log("You must run `pop-unlock` before each MCP server session.\n");
+        while (true) {
+            const p1 = await promptHidden("  Choose passphrase: ");
+            const p2 = await promptHidden("  Confirm passphrase: ");
+            if (p1 !== p2) {
+                console.log("  Passphrases do not match. Try again.");
+                continue;
+            }
+            if (p1.length < 8) {
+                console.log("  Passphrase must be at least 8 characters.");
+                continue;
+            }
+            keyOverride = (0, vault_js_1.deriveKeyFromPassphrase)(p1);
+            (0, vault_js_1.storeKeyInKeyring)(keyOverride);
+            console.log("  Passphrase set. Vault unlocked for this session.");
+            break;
+        }
+    }
+    console.log("Enter your card credentials (input is hidden):");
+    const cardNumber = (await promptHidden("  Card number: "))
+        .replace(/\s/g, "")
+        .replace(/-/g, "");
+    const expMonth = await promptHidden("  Expiry month (MM): ");
+    const expYear = await promptHidden("  Expiry year (YY): ");
+    const cvv = await promptHidden("  CVV: ");
+    const creds = {
+        card_number: cardNumber,
+        cvv,
+        exp_month: expMonth,
+        exp_year: expYear,
+        expiration_date: `${expMonth}/${expYear}`,
+    };
+    console.log("\nEncrypting and writing vault...");
+    try {
+        (0, vault_js_1.saveVault)(creds, keyOverride);
+    }
+    catch (e) {
+        console.error(`ERROR: ${e.message}`);
+        process.exit(1);
+    }
+    console.log(`Vault written to ${VAULT_PATH}`);
+    // Handle policy .env
+    const policyEnvPath = (0, node_path_1.join)(VAULT_DIR, ".env");
+    const envCandidates = [policyEnvPath, (0, node_path_1.join)(process.cwd(), ".env")];
+    let wipedPolicyEnv = false;
+    for (const envPath of envCandidates) {
+        if ((0, node_fs_1.existsSync)(envPath)) {
+            const content = (0, node_fs_1.readFileSync)(envPath, "utf8");
+            if (content.includes("POP_BYOC_NUMBER") || content.includes("POP_BYOC_CVV")) {
+                const wipe = await prompt(`\n\x1b[1;31m${envPath} contains card credentials. Securely wipe it?\x1b[0m [y/N]: `);
+                if (wipe.toLowerCase() === "y") {
+                    (0, vault_js_1.secureWipeEnv)(envPath);
+                    console.log(`${envPath} wiped.`);
+                    if (envPath === policyEnvPath)
+                        wipedPolicyEnv = true;
+                }
+            }
+        }
+    }
+    // Offer to create policy template
+    if (!(0, node_fs_1.existsSync)(policyEnvPath) || wipedPolicyEnv) {
+        console.log(`\nNo policy config found at ${policyEnvPath}.`);
+        const create = await prompt("Create a policy template .env? [y/N]: ");
+        if (create.toLowerCase() === "y") {
+            (0, node_fs_1.mkdirSync)(VAULT_DIR, { recursive: true });
+            (0, node_fs_1.writeFileSync)(policyEnvPath, `# pop-pay policy configuration
+# Card credentials are stored in vault.enc — do not add them here.
+
+# Vendors the agent is allowed to pay (JSON array)
+POP_ALLOWED_CATEGORIES=["aws", "cloudflare", "openai", "github", "Wikipedia", "donation", "Wikimedia"]
+
+# Spending limits
+POP_MAX_PER_TX=100.0
+POP_MAX_DAILY=500.0
+POP_BLOCK_LOOPS=true
+
+# CDP injection (required for BYOC card filling)
+POP_AUTO_INJECT=true
+POP_CDP_URL=http://localhost:9222
+
+# Guardrail engine: keyword (default, zero-cost) or llm
+# POP_GUARDRAIL_ENGINE=keyword
+
+# Billing info for auto-filling name/address fields on checkout pages
+# POP_BILLING_FIRST_NAME=Bob
+# POP_BILLING_LAST_NAME=Smith
+# POP_BILLING_EMAIL=bob@example.com
+# POP_BILLING_PHONE_COUNTRY_CODE=+1
+# POP_BILLING_PHONE=+14155551234
+# POP_BILLING_STREET=123 Main St
+# POP_BILLING_CITY=Redwood City
+# POP_BILLING_ZIP=94043
+# POP_BILLING_STATE=CA
+# POP_BILLING_COUNTRY=US
+`, { mode: 0o600 });
+            console.log(`Template created at ${policyEnvPath} — edit to set your policy.`);
+        }
+    }
+    if (usePassphrase) {
+        console.log("\nSetup complete. This session is already unlocked.");
+        console.log("Run `pop-unlock` before each new MCP server session.");
+    }
+    else {
+        console.log("\nSetup complete. The MCP server will auto-decrypt the vault at startup.");
+    }
+}
+// ---------------------------------------------------------------------------
+// pop-unlock
+// ---------------------------------------------------------------------------
+async function cmdUnlock() {
+    const doLock = process.argv.includes("--lock");
+    if (doLock) {
+        await (0, vault_js_1.clearKeyring)();
+        console.log("Vault locked — key removed from keyring.");
+        console.log("Restart the MCP server to apply.");
+        return;
+    }
+    if (!(0, vault_js_1.vaultExists)()) {
+        console.log("No vault found. Run `pop-init-vault` first.");
+        process.exit(1);
+    }
+    const passphrase = await promptHidden("Vault passphrase: ");
+    if (!passphrase) {
+        console.log("Passphrase cannot be empty.");
+        process.exit(1);
+    }
+    const key = (0, vault_js_1.deriveKeyFromPassphrase)(passphrase);
+    try {
+        const blob = (0, node_fs_1.readFileSync)(VAULT_PATH);
+        (0, vault_js_1.decryptCredentials)(blob, undefined, key);
+    }
+    catch {
+        console.log("Wrong passphrase — vault not unlocked.");
+        process.exit(1);
+    }
+    (0, vault_js_1.storeKeyInKeyring)(key);
+    console.log("Vault unlocked for this session.");
+    console.log("Start (or restart) the MCP server — it will auto-decrypt using the stored key.");
+    console.log("Run `pop-unlock --lock` to re-lock when done.");
+}
+// ---------------------------------------------------------------------------
+// Main dispatch
+// ---------------------------------------------------------------------------
+const command = process.argv[1] ?? "";
+if (command.includes("pop-unlock") || process.argv.includes("unlock")) {
+    cmdUnlock().catch((e) => {
+        console.error(e);
+        process.exit(1);
+    });
+}
+else {
+    cmdInitVault().catch((e) => {
+        console.error(e);
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=cli-vault.js.map

package/dist/cli-vault.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-vault.js","sourceRoot":"","sources":["../src/cli-vault.ts"],"names":[],"mappings":";;AACA;;;GAGG;;AAEH,qCAAwF;AACxF,iDAAgD;AAChD,qCAAkC;AAClC,yCAAiC;AAEjC,yCAUoB;AAEpB,MAAM,SAAS,GAAG,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;AACxD,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,WAAW,CAAC,CAAC;AAEhD,SAAS,MAAM,CAAC,QAAgB;IAC9B,MAAM,EAAE,GAAG,IAAA,+BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,EAAE;YAC/B,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,YAAY,CAAC,QAAgB;IACpC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC;QAC3B,IAAI,KAAK,CAAC,KAAK;YAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACxC,KAAK,CAAC,MAAM,EAAE,CAAC;QAEf,IAAI,KAAK,GAAG,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,CAAC,IAAY,EAAE,EAAE;YAC9B,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAChC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC/C,IAAI,KAAK,CAAC,KAAK;oBAAE,KAAK,CAAC,UAAU,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC;gBACnD,KAAK,CAAC,KAAK,EAAE,CAAC;gBACd,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBACrC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC3B,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACxB,CAAC;iBAAM,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC1B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;iBAAM,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBACxC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC7B,CAAC;iBAAM,CAAC;gBACN,KAAK,IAAI,CAAC,CAAC;YACb,CAAC;QACH,CAAC,CAAC;QACF,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAC9E,KAAK,UAAU,YAAY;IACzB,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAE5D,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,KAAK,UAAU,EAAE,CAAC,CAAC;IAC/B,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,CAAC;IAEzB,IAAI,IAAA,sBAAW,GAAE,EAAE,CAAC;QAClB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,4CAA4C,CAAC,CAAC;QAC7E,IAAI,SAAS,CAAC,WAAW,EAAE,KAAK,GAAG,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,IAAI,WAA+B,CAAC;IACpC,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,oEAAoE,CAAC,CAAC;QAClF,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;QAC3E,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC,uBAAuB,CAAC,CAAC;YACvD,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC,wBAAwB,CAAC,CAAC;YACxD,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;gBACtD,SAAS;YACX,CAAC;YACD,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;gBAC3D,SAAS;YACX,CAAC;YACD,WAAW,GAAG,IAAA,kCAAuB,EAAC,EAAE,CAAC,CAAC;YAC1C,IAAA,4BAAiB,EAAC,WAAW,CAAC,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;YAClE,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;IAC9D,MAAM,UAAU,GAAG,CAAC,MAAM,YAAY,CAAC,iBAAiB,CAAC,CAAC;SACvD,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;SAClB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACrB,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,uBAAuB,CAAC,CAAC;IAC7D,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,sBAAsB,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,SAAS,CAAC,CAAC;IAE1C,MAAM,KAAK,GAA2B;QACpC,WAAW,EAAE,UAAU;QACvB,GAAG;QACH,SAAS,EAAE,QAAQ;QACnB,QAAQ,EAAE,OAAO;QACjB,eAAe,EAAE,GAAG,QAAQ,IAAI,OAAO,EAAE;KAC1C,CAAC;IAEF,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACjD,IAAI,CAAC;QACH,IAAA,oBAAS,EAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,oBAAoB,UAAU,EAAE,CAAC,CAAC;IAE9C,qBAAqB;IACrB,MAAM,aAAa,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC9C,MAAM,aAAa,GAAG,CAAC,aAAa,EAAE,IAAA,gBAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IAEnE,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,IAAI,IAAA,oBAAU,EAAC,OAAO,CAAC,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,IAAA,sBAAY,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC9C,IAAI,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC5E,MAAM,IAAI,GAAG,MAAM,MAAM,CACvB,eAAe,OAAO,8DAA8D,CACrF,CAAC;gBACF,IAAI,IAAI,CAAC,WAAW,EAAE,KAAK,GAAG,EAAE,CAAC;oBAC/B,IAAA,wBAAa,EAAC,OAAO,CAAC,CAAC;oBACvB,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,SAAS,CAAC,CAAC;oBACjC,IAAI,OAAO,KAAK,aAAa;wBAAE,cAAc,GAAG,IAAI,CAAC;gBACvD,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,CAAC,IAAA,oBAAU,EAAC,aAAa,CAAC,IAAI,cAAc,EAAE,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,+BAA+B,aAAa,GAAG,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,wCAAwC,CAAC,CAAC;QACtE,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,GAAG,EAAE,CAAC;YACjC,IAAA,mBAAS,EAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC1C,IAAA,uBAAa,EACX,aAAa,EACb;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6BP,EACO,EAAE,IAAI,EAAE,KAAK,EAAE,CAChB,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,uBAAuB,aAAa,6BAA6B,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAED,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;IACtE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,0EAA0E,CAAC,CAAC;IAC1F,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAC9E,KAAK,UAAU,SAAS;IACtB,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAE/C,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,IAAA,uBAAY,GAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;QAChD,OAAO;IACT,CAAC;IAED,IAAI,CAAC,IAAA,sBAAW,GAAE,EAAE,CAAC;QACnB,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;QAC3D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,oBAAoB,CAAC,CAAC;IAC5D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAC3C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,kCAAuB,EAAC,UAAU,CAAC,CAAC;IAChD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAA,sBAAY,EAAC,UAAU,CAAC,CAAC;QACtC,IAAA,6BAAkB,EAAC,IAAI,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;QACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAA,4BAAiB,EAAC,GAAG,CAAC,CAAC;IACvB,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,gFAAgF,CAAC,CAAC;IAC9F,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;AAC/D,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAC9E,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AACtC,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;IACtE,SAAS,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;QACtB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;KAAM,CAAC;IACN,YAAY,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;QACzB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,6 @@
+#!/usr/bin/env node
+/**
+ * pop-launch: Launch Chrome with CDP + start MCP server.
+ */
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;GAEG"}

package/dist/cli.js

@@ -0,0 +1,159 @@
+#!/usr/bin/env node
+"use strict";
+/**
+ * pop-launch: Launch Chrome with CDP + start MCP server.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_fs_1 = require("node:fs");
+const node_fs_2 = require("node:fs");
+const node_os_1 = require("node:os");
+const node_os_2 = require("node:os");
+const node_path_1 = require("node:path");
+const node_child_process_1 = require("node:child_process");
+function findChrome() {
+    const system = (0, node_os_1.platform)();
+    if (system === "darwin") {
+        const candidates = [
+            "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome",
+            "/Applications/Chromium.app/Contents/MacOS/Chromium",
+        ];
+        for (const p of candidates) {
+            if ((0, node_fs_1.existsSync)(p))
+                return p;
+        }
+    }
+    else if (system === "linux") {
+        const { execSync } = require("node:child_process");
+        const candidates = ["google-chrome", "google-chrome-stable", "chromium", "chromium-browser"];
+        for (const name of candidates) {
+            try {
+                const found = execSync(`which ${name}`, { encoding: "utf8" }).trim();
+                if (found)
+                    return found;
+            }
+            catch { }
+        }
+    }
+    else if (system === "win32") {
+        const candidates = [
+            String.raw `C:\Program Files\Google\Chrome\Application\chrome.exe`,
+            String.raw `C:\Program Files (x86)\Google\Chrome\Application\chrome.exe`,
+        ];
+        for (const p of candidates) {
+            if ((0, node_fs_1.existsSync)(p))
+                return p;
+        }
+    }
+    return null;
+}
+async function waitForChrome(port, timeout = 10000) {
+    const url = `http://localhost:${port}/json/version`;
+    const deadline = Date.now() + timeout;
+    while (Date.now() < deadline) {
+        try {
+            const resp = await fetch(url, { signal: AbortSignal.timeout(1000) });
+            return await resp.json();
+        }
+        catch {
+            await new Promise((r) => setTimeout(r, 500));
+        }
+    }
+    return null;
+}
+function printMcpInstructions(port) {
+    const cdpEndpoint = `http://localhost:${port}`;
+    console.log();
+    console.log("Point One Percent is ready. Add it to Claude Code with:");
+    console.log();
+    console.log(`  claude mcp add pop-pay -- npx pop-pay launch-mcp`);
+    console.log(`  claude mcp add playwright -- npx @playwright/mcp@latest --cdp-endpoint ${cdpEndpoint}`);
+    console.log();
+    console.log("Then start Claude Code and you're set.");
+}
+function parseArgs(argv) {
+    const opts = {
+        port: 9222,
+        profileDir: (0, node_path_1.join)((0, node_os_2.homedir)(), ".pop", "chrome-profile"),
+        url: null,
+        printMcp: false,
+        headless: false,
+        help: false,
+    };
+    for (let i = 0; i < argv.length; i++) {
+        const arg = argv[i];
+        if (arg === "--port" && argv[i + 1]) {
+            opts.port = parseInt(argv[++i], 10);
+        }
+        else if (arg === "--profile-dir" && argv[i + 1]) {
+            opts.profileDir = argv[++i];
+        }
+        else if (arg === "--url" && argv[i + 1]) {
+            opts.url = argv[++i];
+        }
+        else if (arg === "--print-mcp") {
+            opts.printMcp = true;
+        }
+        else if (arg === "--headless") {
+            opts.headless = true;
+        }
+        else if (arg === "--help" || arg === "-h") {
+            opts.help = true;
+        }
+    }
+    return opts;
+}
+async function main() {
+    const args = parseArgs(process.argv.slice(2));
+    if (args.help) {
+        console.log(`pop-launch: Launch Chrome with CDP remote debugging for pop-pay.
+
+Usage: pop-launch [options]
+
+Options:
+  --port <number>       Chrome remote debugging port (default: 9222)
+  --profile-dir <path>  Chrome user-data-dir (default: ~/.pop/chrome-profile)
+  --url <url>           Optional URL to open in Chrome on launch
+  --print-mcp           Print the claude mcp add commands after Chrome is ready
+  --headless            Launch headless Chromium (for Docker/CI)
+  -h, --help            Show this help message`);
+        return 0;
+    }
+    // Resolve profile directory
+    const profileDir = (0, node_path_1.resolve)(args.profileDir.replace(/^~/, (0, node_os_2.homedir)()));
+    (0, node_fs_2.mkdirSync)(profileDir, { recursive: true });
+    const chrome = findChrome();
+    if (!chrome) {
+        process.stderr.write("ERROR: Could not find Chrome or Chromium. Please install Google Chrome and try again.\n");
+        return 1;
+    }
+    const cmd = [
+        `--remote-debugging-port=${args.port}`,
+        `--user-data-dir=${profileDir}`,
+    ];
+    if (args.url)
+        cmd.push(args.url);
+    console.log(`Launching Chrome: ${chrome}`);
+    console.log(`  --remote-debugging-port=${args.port}`);
+    console.log(`  --user-data-dir=${profileDir}`);
+    if (args.url)
+        console.log(`  Opening URL: ${args.url}`);
+    // Launch Chrome as a detached background process
+    (0, node_child_process_1.spawn)(chrome, cmd, {
+        detached: true,
+        stdio: "ignore",
+    }).unref();
+    console.log(`\nWaiting for Chrome to be ready on port ${args.port}...`);
+    const info = await waitForChrome(args.port);
+    if (!info) {
+        process.stderr.write(`ERROR: Chrome did not become ready within 10 seconds on port ${args.port}.\n`);
+        return 1;
+    }
+    const browserVersion = info.Browser ?? "unknown";
+    console.log(`Chrome is ready. Browser: ${browserVersion}`);
+    if (args.printMcp) {
+        printMcpInstructions(args.port);
+    }
+    return 0;
+}
+main().then((code) => process.exit(code));
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AACA;;GAEG;;AAEH,qCAAqC;AACrC,qCAAoC;AACpC,qCAAmC;AACnC,qCAAkC;AAClC,yCAA0C;AAC1C,2DAA2C;AAE3C,SAAS,UAAU;IACjB,MAAM,MAAM,GAAG,IAAA,kBAAQ,GAAE,CAAC;IAE1B,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,MAAM,UAAU,GAAG;YACjB,8DAA8D;YAC9D,oDAAoD;SACrD,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,IAAA,oBAAU,EAAC,CAAC,CAAC;gBAAE,OAAO,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QAC9B,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;QACnD,MAAM,UAAU,GAAG,CAAC,eAAe,EAAE,sBAAsB,EAAE,UAAU,EAAE,kBAAkB,CAAC,CAAC;QAC7F,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBACrE,IAAI,KAAK;oBAAE,OAAO,KAAK,CAAC;YAC1B,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACZ,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QAC9B,MAAM,UAAU,GAAG;YACjB,MAAM,CAAC,GAAG,CAAA,uDAAuD;YACjE,MAAM,CAAC,GAAG,CAAA,6DAA6D;SACxE,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,IAAA,oBAAU,EAAC,CAAC,CAAC;gBAAE,OAAO,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,IAAY,EAAE,UAAkB,KAAK;IAChE,MAAM,GAAG,GAAG,oBAAoB,IAAI,eAAe,CAAC;IACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;IACtC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrE,OAAO,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY;IACxC,MAAM,WAAW,GAAG,oBAAoB,IAAI,EAAE,CAAC;IAC/C,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;IACvE,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CACT,4EAA4E,WAAW,EAAE,CAC1F,CAAC;IACF,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,SAAS,CAAC,IAAc;IAQ/B,MAAM,IAAI,GAAG;QACX,IAAI,EAAE,IAAI;QACV,UAAU,EAAE,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,MAAM,EAAE,gBAAgB,CAAC;QACrD,GAAG,EAAE,IAAqB;QAC1B,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,KAAK;KACZ,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,KAAK,QAAQ,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACpC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACtC,CAAC;aAAM,IAAI,GAAG,KAAK,eAAe,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YAClD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAC9B,CAAC;aAAM,IAAI,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACvB,CAAC;aAAM,IAAI,GAAG,KAAK,aAAa,EAAE,CAAC;YACjC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACvB,CAAC;aAAM,IAAI,GAAG,KAAK,YAAY,EAAE,CAAC;YAChC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACvB,CAAC;aAAM,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YAC5C,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACnB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAE9C,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;+CAU+B,CAAC,CAAC;QAC7C,OAAO,CAAC,CAAC;IACX,CAAC;IAED,4BAA4B;IAC5B,MAAM,UAAU,GAAG,IAAA,mBAAO,EAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,IAAA,iBAAO,GAAE,CAAC,CAAC,CAAC;IACrE,IAAA,mBAAS,EAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE3C,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yFAAyF,CAC1F,CAAC;QACF,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,GAAG,GAAG;QACV,2BAA2B,IAAI,CAAC,IAAI,EAAE;QACtC,mBAAmB,UAAU,EAAE;KAChC,CAAC;IACF,IAAI,IAAI,CAAC,GAAG;QAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEjC,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,EAAE,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,6BAA6B,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC;IAC/C,IAAI,IAAI,CAAC,GAAG;QAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAExD,iDAAiD;IACjD,IAAA,0BAAK,EAAC,MAAM,EAAE,GAAG,EAAE;QACjB,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,QAAQ;KAChB,CAAC,CAAC,KAAK,EAAE,CAAC;IAEX,OAAO,CAAC,GAAG,CAAC,4CAA4C,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC;IACxE,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,gEAAgE,IAAI,CAAC,IAAI,KAAK,CAC/E,CAAC;QACF,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,IAAI,SAAS,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,6BAA6B,cAAc,EAAE,CAAC,CAAC;IAE3D,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,OAAO,CAAC,CAAC;AACX,CAAC;AAED,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC"}

package/dist/client.d.ts

@@ -0,0 +1,18 @@
+import type { PaymentIntent, GuardrailPolicy, VirtualSeal } from "./core/models.js";
+import type { VirtualCardProvider } from "./providers/base.js";
+import { GuardrailEngine } from "./engine/guardrails.js";
+import { PopStateTracker } from "./core/state.js";
+export declare class PopClient {
+    provider: VirtualCardProvider;
+    policy: GuardrailPolicy;
+    stateTracker: PopStateTracker;
+    engine: GuardrailEngine;
+    constructor(provider: VirtualCardProvider, policy: GuardrailPolicy, engine?: GuardrailEngine, dbPath?: string);
+    processPayment(intent: PaymentIntent): Promise<VirtualSeal>;
+    executePayment(sealId: string, amount: number): Promise<{
+        status: string;
+        reason?: string;
+        amount?: number;
+    }>;
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACpF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,qBAAa,SAAS;IACpB,QAAQ,EAAE,mBAAmB,CAAC;IAC9B,MAAM,EAAE,eAAe,CAAC;IACxB,YAAY,EAAE,eAAe,CAAC;IAC9B,MAAM,EAAE,eAAe,CAAC;gBAGtB,QAAQ,EAAE,mBAAmB,EAC7B,MAAM,EAAE,eAAe,EACvB,MAAM,CAAC,EAAE,eAAe,EACxB,MAAM,GAAE,MAAuB;IAQ3B,cAAc,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC;IAoD3D,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAOpH"}

package/dist/client.js

@@ -0,0 +1,68 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PopClient = void 0;
+const node_crypto_1 = require("node:crypto");
+const guardrails_js_1 = require("./engine/guardrails.js");
+const state_js_1 = require("./core/state.js");
+class PopClient {
+    provider;
+    policy;
+    stateTracker;
+    engine;
+    constructor(provider, policy, engine, dbPath = "pop_state.db") {
+        this.provider = provider;
+        this.policy = policy;
+        this.stateTracker = new state_js_1.PopStateTracker(dbPath);
+        this.engine = engine ?? new guardrails_js_1.GuardrailEngine();
+    }
+    async processPayment(intent) {
+        // Check daily budget
+        if (!this.stateTracker.canSpend(intent.requestedAmount, this.policy.maxDailyBudget)) {
+            const seal = {
+                sealId: (0, node_crypto_1.randomUUID)(),
+                cardNumber: null,
+                cvv: null,
+                expirationDate: null,
+                authorizedAmount: 0.0,
+                status: "Rejected",
+                rejectionReason: "Daily budget exceeded",
+            };
+            this.stateTracker.recordSeal(seal.sealId, seal.authorizedAmount, intent.targetVendor, seal.status);
+            return seal;
+        }
+        // Evaluate intent
+        const [approved, reason] = await this.engine.evaluateIntent(intent, this.policy);
+        if (!approved) {
+            const seal = {
+                sealId: (0, node_crypto_1.randomUUID)(),
+                cardNumber: null,
+                cvv: null,
+                expirationDate: null,
+                authorizedAmount: 0.0,
+                status: "Rejected",
+                rejectionReason: reason,
+            };
+            this.stateTracker.recordSeal(seal.sealId, seal.authorizedAmount, intent.targetVendor, seal.status);
+            return seal;
+        }
+        // Issue card
+        const seal = await this.provider.issueCard(intent, this.policy);
+        const maskedCard = seal.cardNumber
+            ? `****-****-****-${seal.cardNumber.slice(-4)}`
+            : "****-****-****-????";
+        this.stateTracker.recordSeal(seal.sealId, seal.authorizedAmount, intent.targetVendor, seal.status, maskedCard, seal.expirationDate);
+        if (seal.status !== "Rejected") {
+            this.stateTracker.addSpend(intent.requestedAmount);
+        }
+        return seal;
+    }
+    async executePayment(sealId, amount) {
+        if (this.stateTracker.isUsed(sealId)) {
+            return { status: "rejected", reason: "Burn-after-use enforced" };
+        }
+        this.stateTracker.markUsed(sealId);
+        return { status: "success", amount };
+    }
+}
+exports.PopClient = PopClient;
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":";;;AAAA,6CAAyC;AAGzC,0DAAyD;AACzD,8CAAkD;AAElD,MAAa,SAAS;IACpB,QAAQ,CAAsB;IAC9B,MAAM,CAAkB;IACxB,YAAY,CAAkB;IAC9B,MAAM,CAAkB;IAExB,YACE,QAA6B,EAC7B,MAAuB,EACvB,MAAwB,EACxB,SAAiB,cAAc;QAE/B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,YAAY,GAAG,IAAI,0BAAe,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,IAAI,+BAAe,EAAE,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAqB;QACxC,qBAAqB;QACrB,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;YACpF,MAAM,IAAI,GAAgB;gBACxB,MAAM,EAAE,IAAA,wBAAU,GAAE;gBACpB,UAAU,EAAE,IAAI;gBAChB,GAAG,EAAE,IAAI;gBACT,cAAc,EAAE,IAAI;gBACpB,gBAAgB,EAAE,GAAG;gBACrB,MAAM,EAAE,UAAU;gBAClB,eAAe,EAAE,uBAAuB;aACzC,CAAC;YACF,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YACnG,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kBAAkB;QAClB,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACjF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,GAAgB;gBACxB,MAAM,EAAE,IAAA,wBAAU,GAAE;gBACpB,UAAU,EAAE,IAAI;gBAChB,GAAG,EAAE,IAAI;gBACT,cAAc,EAAE,IAAI;gBACpB,gBAAgB,EAAE,GAAG;gBACrB,MAAM,EAAE,UAAU;gBAClB,eAAe,EAAE,MAAM;aACxB,CAAC;YACF,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YACnG,OAAO,IAAI,CAAC;QACd,CAAC;QAED,aAAa;QACb,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU;YAChC,CAAC,CAAC,kBAAkB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;YAC/C,CAAC,CAAC,qBAAqB,CAAC;QAC1B,IAAI,CAAC,YAAY,CAAC,UAAU,CAC1B,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,gBAAgB,EACrB,MAAM,CAAC,YAAY,EACnB,IAAI,CAAC,MAAM,EACX,UAAU,EACV,IAAI,CAAC,cAAc,CACpB,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC/B,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,MAAc;QACjD,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACnC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IACvC,CAAC;CACF;AA7ED,8BA6EC"}

package/dist/core/models.d.ts

@@ -0,0 +1,51 @@
+import { z } from "zod";
+export declare const GuardrailPolicySchema: z.ZodObject<{
+    allowedCategories: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    maxAmountPerTx: z.ZodNumber;
+    maxDailyBudget: z.ZodNumber;
+    blockHallucinationLoops: z.ZodDefault<z.ZodBoolean>;
+    webhookUrl: z.ZodDefault<z.ZodNullable<z.ZodString>>;
+}, "strip", z.ZodTypeAny, {
+    allowedCategories: string[];
+    maxAmountPerTx: number;
+    maxDailyBudget: number;
+    blockHallucinationLoops: boolean;
+    webhookUrl: string | null;
+}, {
+    maxAmountPerTx: number;
+    maxDailyBudget: number;
+    allowedCategories?: string[] | undefined;
+    blockHallucinationLoops?: boolean | undefined;
+    webhookUrl?: string | null | undefined;
+}>;
+export type GuardrailPolicy = z.infer<typeof GuardrailPolicySchema>;
+export declare const PaymentIntentSchema: z.ZodObject<{
+    agentId: z.ZodString;
+    requestedAmount: z.ZodNumber;
+    targetVendor: z.ZodString;
+    reasoning: z.ZodString;
+    pageUrl: z.ZodDefault<z.ZodNullable<z.ZodString>>;
+}, "strip", z.ZodTypeAny, {
+    agentId: string;
+    requestedAmount: number;
+    targetVendor: string;
+    reasoning: string;
+    pageUrl: string | null;
+}, {
+    agentId: string;
+    requestedAmount: number;
+    targetVendor: string;
+    reasoning: string;
+    pageUrl?: string | null | undefined;
+}>;
+export type PaymentIntent = z.infer<typeof PaymentIntentSchema>;
+export interface VirtualSeal {
+    sealId: string;
+    cardNumber: string | null;
+    cvv: string | null;
+    expirationDate: string | null;
+    authorizedAmount: number;
+    status: "Issued" | "Rejected" | "Revoked" | "Used";
+    rejectionReason: string | null;
+}
+//# sourceMappingURL=models.d.ts.map

package/dist/core/models.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"models.d.ts","sourceRoot":"","sources":["../../src/core/models.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;EAMhC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;EAM9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,gBAAgB,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,MAAM,CAAC;IACnD,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;CAChC"}