npm - pop-pay - Versions diffs - 0.1.5 → 0.2.0 - Mend

pop-pay 0.1.5 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +411 -15
package/dist/mcp-server.js +102 -5
package/dist/mcp-server.js.map +1 -1
package/dist/providers/lithic.d.ts +15 -0
package/dist/providers/lithic.d.ts.map +1 -0
package/dist/providers/lithic.js +40 -0
package/dist/providers/lithic.js.map +1 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -1,18 +1,101 @@
-# pop-pay
+[![npm version](https://img.shields.io/npm/v/pop-pay.svg)](https://www.npmjs.com/package/pop-pay) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![CI](https://github.com/TPEmist/pop-pay/actions/workflows/ci.yml/badge.svg)](https://github.com/TPEmist/pop-pay/actions/workflows/ci.yml) [![Node.js](https://img.shields.io/badge/Node.js-%3E%3D18-339933?logo=node.js&logoColor=white)](https://nodejs.org/)
-**Point One Percent** — Semantic Payment Guardrail for AI Agents.
+<p align="center">
+    <picture>
+        <img src="https://raw.githubusercontent.com/TPEmist/Point-One-Percent/main/project_banner.png" alt="Point One Percent (AgentPay)" width="800">
+    </picture>
+</p>
-> It only takes 0.1% of hallucination to drain 100% of your wallet.
+# Point One Percent — pop-pay
+<p align="left"><i>it only takes <b>0.1%</b> of Hallucination to drain <b>100%</b> of your wallet.</i></p>
-TypeScript + Rust implementation of the pop-pay runtime security layer for AI agent commerce.
+### The runtime security layer for AI agent commerce.
-## Features
+> Your card never enters the agent's context. One hallucinated prompt can't drain a wallet it can't see.
-- **Vault**: AES-256-GCM encrypted credential storage with Rust native security layer
-- **Guardrails**: Keyword + LLM-based payment intent validation
-- **MCP Server**: Model Context Protocol server for AI agent integration
-- **Providers**: Stripe Issuing, BYOC (Bring Your Own Card), Mock
-- **Security Scan**: Prompt injection detection on checkout pages
+<p align="center">
+  <img src="assets/runtime_demo.gif" alt="Point One Percent — live CDP injection demo" width="800">
+</p>
+pop-pay is an open-source (MIT) runtime security layer that protects AI agents during online purchases. It works with OpenClaw, NemoClaw, Claude Code, OpenHands, and any MCP-compatible framework.
+## Architecture: Five Security Primitives
+| Primitive | What it does |
+|-----------|-------------|
+| **Context Isolation Layer** | Card credentials are injected directly into the browser DOM via CDP — they never enter the agent's process or LLM context window. Prompt injection can't steal what the agent doesn't have. |
+| **Intent Verification Engine** | Hybrid keyword + LLM guardrail evaluates whether a purchase *should* happen — not just whether it *can*. [95% accuracy on 20-scenario benchmark.](./docs/GUARDRAIL_BENCHMARK.md) |
+| **Human Trust Anchor** | Configurable human-in-the-loop approval for high-value or unrecognized transactions. |
+| **Zero-Knowledge Card Surface** | Agent only sees masked tokens (`****-4242`). Real data is stored in an AES-256-GCM encrypted vault. |
+| **Ephemeral Authorization Scope** | Each payment approval is single-use with TOCTOU domain guard — an approved session can't be redirected to a malicious merchant. |
+> See [THREAT_MODEL.md](./docs/THREAT_MODEL.md) for the full STRIDE analysis and [COMPLIANCE_FAQ.md](./docs/COMPLIANCE_FAQ.md) for enterprise compliance details.
+## Guardrail Benchmark
+| Layer | Score | Notes |
+|-------|-------|-------|
+| Keyword only | 14/20 (70%) | Fast, zero-cost, catches obvious violations |
+| **Hybrid (Keyword + LLM)** | **19/20 (95%)** | LLM resolves 5 of 6 keyword failures |
+| Feature | AgentPayy | AgentWallet | Prava | **pop-pay** |
+|---------|-----------|-------------|-------|------------|
+| Enforcement | Mock alert() | Rule-based | Spending limits | **Semantic validation** |
+| Intent check | None | Agent-provided text | None | **Context-aware LLM** |
+| Injection-proof | No | No | No | **Yes** |
+## Two Deployment Modes
+### BYOC — Bring Your Own Card (Local)
+The agent **never** receives the true card number — it only sees `****-4242`. When checkout is reached, the Context Isolation Layer attaches via CDP, traverses all cross-origin iframes (Stripe Elements, Adyen, etc.), and injects credentials directly into the DOM. Runs entirely on your machine via Node.js — no SaaS, no login, no external account.
+### Enterprise — Stripe Issuing
+For cloud-hosted AI fleets: programmatically issue single-use virtual cards via Stripe API, with per-agent budgets and full audit trails.
+---
+## Ecosystem Position
+pop-pay is the agent's **Policy Enforcement Point** — it evaluates, approves, and injects. It does NOT navigate websites or solve CAPTCHAs — that's the browser agent's job.
+### The Handshake: How Point One Percent and Browser Agents Work Together
+The real power emerges when Point One Percent is paired with a browser automation agent (e.g., OpenHands, browser-use, Skyvern). The workflow is a clean division of labor:
+```
+1. [Browser Agent]  Navigates to a site, scrapes product info, reaches checkout.
+        │
+        │  (Hit a paywall / payment form)
+        ▼
+2. [Browser Agent → POP MCP]  Calls request_virtual_card(amount, vendor, reasoning)
+        │
+        │  (Point One Percent evaluates: budget OK? vendor approved? no hallucination?)
+        ▼
+3. [POP]  Issues a one-time virtual card (Stripe mode) or uses BYOC vault credentials.
+            Full card credentials handled only by the local trusted process —
+            never exposed to the agent or LLM context.
+        │
+        ▼
+4. [POP]  Injects real credentials into the checkout form via CDP.
+            The agent receives only a transaction confirmation — no card details.
+        │
+        ▼
+5. [Browser Agent]  Clicks the submit button to complete the transaction.
+        │
+        ▼
+6. [The Vault]  Logs the transaction. Card session is immediately burned.
+```
+### Supported Integrations
+| Integration path | Works with |
+|---|---|
+| **MCP Tool** | Claude Code, OpenClaw, NemoClaw, OpenHands, any MCP-compatible host |
+| **Node.js SDK** | Custom Playwright scripts, Puppeteer automation, gemini-cli |
+> **Any browser-capable agent** (Claude Code, OpenClaw, browser-use, Skyvern, etc.) gets full CDP injection — card is auto-filled into the payment form, the agent only ever sees the masked confirmation (`****-****-****-4242`). See the **[Integration Guide](./docs/INTEGRATION_GUIDE.md)** for setup instructions and System Prompt templates.
+---
 ## Installation
@@ -20,16 +103,329 @@ TypeScript + Rust implementation of the pop-pay runtime security layer for AI ag
 npm install pop-pay
 ```
-## Quick Start
+## Quick Start for Claude Code / OpenHands
+If you're using Claude Code, OpenHands, or any MCP-compatible agentic framework, you can get Point One Percent running in under 2 minutes:
+### Step 1: Initialize the Credential Vault
+Credentials are stored in an AES-256-GCM encrypted vault — no plaintext `.env` required.
+```bash
+npx pop-init-vault
+```
+This will prompt for your card credentials (input is hidden), encrypt them into `~/.config/pop-pay/vault.enc`, and securely wipe any existing `.env`. The MCP server auto-decrypts the vault at startup.
+**Passphrase mode (stronger — protects against agents with shell access):**
+```bash
+npx pop-init-vault --passphrase   # one-time setup
+npx pop-unlock                     # run once before each MCP server session
+```
+`pop-unlock` derives the key from your passphrase and stores it in the OS keyring. The MCP server reads it automatically at startup.
+**Security levels (lowest → highest):**
+| Mode | Protects against |
+|---|---|
+| `.env` file (legacy) | Nothing — plaintext on disk |
+| Vault, machine key, OSS source | File-read agents |
+| Vault, machine key, `npm install pop-pay` | File-read agents + casual shell inspection |
+| Vault + passphrase | File-read agents + shell agents |
+| Stripe Issuing (commercial) | All local threats — no credentials stored |
+> **Policy & non-credential config** (allowed vendors, spending limits, CDP URL) is still read from `~/.config/pop-pay/.env`. Only card credentials moved to the vault.
+### Step 2: Launch Chrome & Get MCP Commands
+```bash
+npx pop-launch --print-mcp
+```
+This launches Chrome with CDP enabled and prints the exact `claude mcp add` commands to run.
+### Step 3: Add to Claude Code
+```bash
+claude mcp add pop-pay -- npx pop-pay launch-mcp
+```
+> `--scope user` (optional) stores the registration in `~/.claude.json` — available in every Claude Code session.
+### Step 4: Configure Policy
+Edit `~/.config/pop-pay/.env` to set your spending limits and allowed vendors:
+| Variable | Default | Description |
+|---|---|---|
+| `POP_ALLOWED_CATEGORIES` | `["aws","cloudflare"]` | Vendors the agent is allowed to pay — see [Categories Cookbook](./docs/CATEGORIES_COOKBOOK.md) |
+| `POP_MAX_PER_TX` | `100.0` | Max $ per transaction |
+| `POP_MAX_DAILY` | `500.0` | Max $ per day |
+| `POP_BLOCK_LOOPS` | `true` | Block hallucination/retry loops |
+| `POP_AUTO_INJECT` | `true` | Enable CDP card injection |
+| `POP_GUARDRAIL_ENGINE` | `keyword` | Guardrail engine: `keyword` (zero-cost, default) or `llm` (semantic, two-layer) — see [Guardrail Mode](#guardrail-mode-keyword-vs-llm) |
+| `POP_BILLING_FIRST_NAME` / `POP_BILLING_LAST_NAME` | _(empty)_ | Auto-fill name fields on checkout pages |
+| `POP_BILLING_EMAIL` | _(empty)_ | Auto-fill email |
+| `POP_BILLING_PHONE` | _(empty)_ | E.164 format — auto-fill combined phone input |
+| `POP_BILLING_PHONE_COUNTRY_CODE` | _(empty)_ | ISO code (`"US"`) or dial prefix (`"+1"`) — fills country code dropdown |
+| `POP_BILLING_STREET` / `POP_BILLING_CITY` / `POP_BILLING_STATE` / `POP_BILLING_COUNTRY` / `POP_BILLING_ZIP` | _(empty)_ | Auto-fill address fields; state and country matched fuzzily |
+| `POP_ALLOWED_PAYMENT_PROCESSORS` | `[]` | Extra third-party payment processor domains to trust (pop-pay ships with 20 built-in) |
+| `POP_WEBHOOK_URL` | _(empty)_ | Webhook URL for Slack/Teams/PagerDuty notifications |
+> **After editing `.env`, fully close and reopen Claude Code.** The MCP server loads configuration at startup — `!claude mcp list` alone is not sufficient to pick up `.env` changes.
+#### Guardrail Mode: Keyword vs LLM
+Point One Percent ships with two guardrail engines. You switch between them with a single env var:
+| | `keyword` (default) | `llm` |
+|---|---|---|
+| **How it works** | Blocks requests whose `reasoning` string contains suspicious keywords (e.g. "retry", "failed again", "ignore previous instructions") | Sends the agent's `reasoning` to an LLM for deep semantic analysis |
+| **What it catches** | Obvious loops, hallucination phrases, prompt injection attempts | Subtle off-topic purchases, logical inconsistencies, policy violations that keyword matching misses |
+| **Cost** | Zero — no API calls, instant | One LLM call per `request_virtual_card` invocation |
+| **Dependencies** | None | Any OpenAI-compatible endpoint |
+| **Best for** | Development, low-risk workflows, cost-sensitive setups | Production, high-value transactions, untrusted agent pipelines |
+> **Tip:** `keyword` mode requires no extra config. To enable LLM mode, see the [full configuration reference in the Integration Guide §1](./docs/INTEGRATION_GUIDE.md#guardrail-mode-configuration).
+### Step 5: Use It
+Your agent now has access to these tools:
+| Tool | When to use |
+|---|---|
+| `request_purchaser_info` | Billing/contact info page (name, email, phone, address) — no card fields visible yet |
+| `request_virtual_card` | Payment page — card fields are visible. Prompt injection scan runs automatically inside this call. |
+**Single-page checkout** (e.g. Wikipedia donate): agent calls `request_virtual_card`.
+**Two-page checkout** (e.g. billing info → payment): agent calls `request_purchaser_info` first, then `request_virtual_card`.
+When it encounters a paywall:
+```
+Agent: "I need to purchase an API key from AWS for $15 to continue."
+[Tool Call] request_virtual_card(amount=15.0, vendor="AWS", reasoning="Need API key for deployment")
+[POP] Payment approved. Card Issued: ****4242, Expiry: 12/25, Amount: 15.0
+Agent: "Purchase successful, continuing workflow."
+```
+If the agent hallucinates or tries to overspend:
+```
+Agent: "Let me retry buying compute... the previous attempt failed again."
+[Tool Call] request_virtual_card(amount=50.0, vendor="AWS", reasoning="failed again, retry loop")
+[POP] Payment rejected. Reason: Hallucination or infinite loop detected in reasoning
+```
+---
+## Setup
+**Standard config** works across most MCP-compatible tools:
+```json
+{
+  "mcpServers": {
+    "pop-pay": {
+      "command": "npx",
+      "args": ["-y", "pop-pay", "launch-mcp"],
+      "env": {
+        "POP_CDP_URL": "http://localhost:9222",
+        "POP_ALLOWED_CATEGORIES": "[\"aws\",\"cloudflare\"]",
+        "POP_MAX_PER_TX": "100.0",
+        "POP_MAX_DAILY": "500.0",
+        "POP_GUARDRAIL_ENGINE": "keyword"
+      }
+    }
+  }
+}
+```
+[<img src="https://img.shields.io/badge/VS_Code-VS_Code?style=flat-square&label=Install%20MCP%20Server&color=0098FF" alt="Install in VS Code">](https://insiders.vscode.dev/redirect?url=vscode%3Amcp%2Finstall%3F%257B%2522name%2522%253A%2522pop-pay%2522%252C%2522command%2522%253A%2522npx%2522%252C%2522args%2522%253A%255B%2522-y%2522%252C%2522pop-pay%2522%252C%2522launch-mcp%2522%255D%252C%2522env%2522%253A%257B%2522POP_CDP_URL%2522%253A%2522http%253A%252F%252Flocalhost%253A9222%2522%257D%257D) [<img alt="Install in VS Code Insiders" src="https://img.shields.io/badge/VS_Code_Insiders-VS_Code_Insiders?style=flat-square&label=Install%20MCP%20Server&color=24bfa5">](https://insiders.vscode.dev/redirect?url=vscode-insiders%3Amcp%2Finstall%3F%257B%2522name%2522%253A%2522pop-pay%2522%252C%2522command%2522%253A%2522npx%2522%252C%2522args%2522%253A%255B%2522-y%2522%252C%2522pop-pay%2522%252C%2522launch-mcp%2522%255D%252C%2522env%2522%253A%257B%2522POP_CDP_URL%2522%253A%2522http%253A%252F%252Flocalhost%253A9222%2522%257D%257D)
+<details>
+<summary>Claude Code</summary>
 ```bash
-# Initialize vault
-pop-init-vault
+claude mcp add pop-pay -- npx -y pop-pay launch-mcp
+```
+To configure spending limits and allowed vendors, set environment variables:
-# Launch MCP server
-pop-launch
+```bash
+claude mcp add pop-pay \
+  -e POP_CDP_URL=http://localhost:9222 \
+  -e POP_ALLOWED_CATEGORIES='["aws","cloudflare"]' \
+  -e POP_MAX_PER_TX=100.0 \
+  -e POP_MAX_DAILY=500.0 \
+  -e POP_GUARDRAIL_ENGINE=keyword \
+  -- npx -y pop-pay launch-mcp
 ```
+Add `--scope user` to make the registration available across all projects.
+</details>
+<details>
+<summary>Cursor</summary>
+[<img src="https://img.shields.io/badge/Cursor-Cursor?style=flat-square&label=Install%20MCP%20Server&color=5C2D91" alt="Install in Cursor">](cursor://anysphere.cursor-deeplink/mcp/install?name=pop-pay&config=eyJjb21tYW5kIjoibnB4IiwiYXJncyI6WyIteSIsInBvcC1wYXkiLCJsYXVuY2gtbWNwIl0sImVudiI6eyJQT1BfQ0RQX1VSTCI6Imh0dHA6Ly9sb2NhbGhvc3Q6OTIyMiJ9fQ==)
+Or add manually to `~/.cursor/mcp.json`:
+```json
+{
+  "mcpServers": {
+    "pop-pay": {
+      "command": "npx",
+      "args": ["-y", "pop-pay", "launch-mcp"],
+      "env": {
+        "POP_CDP_URL": "http://localhost:9222",
+        "POP_ALLOWED_CATEGORIES": "[\"aws\",\"cloudflare\"]",
+        "POP_MAX_PER_TX": "100.0",
+        "POP_MAX_DAILY": "500.0",
+        "POP_GUARDRAIL_ENGINE": "keyword"
+      }
+    }
+  }
+}
+```
+</details>
+<details>
+<summary>Windsurf</summary>
+Add to `~/.codeium/windsurf/mcp_config.json`:
+```json
+{
+  "mcpServers": {
+    "pop-pay": {
+      "command": "npx",
+      "args": ["-y", "pop-pay", "launch-mcp"],
+      "env": {
+        "POP_CDP_URL": "http://localhost:9222",
+        "POP_ALLOWED_CATEGORIES": "[\"aws\",\"cloudflare\"]",
+        "POP_MAX_PER_TX": "100.0",
+        "POP_MAX_DAILY": "500.0",
+        "POP_GUARDRAIL_ENGINE": "keyword"
+      }
+    }
+  }
+}
+```
+</details>
+<details>
+<summary>VS Code (Copilot)</summary>
+Add to `.vscode/mcp.json` in your project root:
+```json
+{
+  "mcpServers": {
+    "pop-pay": {
+      "command": "npx",
+      "args": ["-y", "pop-pay", "launch-mcp"],
+      "env": {
+        "POP_CDP_URL": "http://localhost:9222",
+        "POP_ALLOWED_CATEGORIES": "[\"aws\",\"cloudflare\"]",
+        "POP_MAX_PER_TX": "100.0",
+        "POP_MAX_DAILY": "500.0",
+        "POP_GUARDRAIL_ENGINE": "keyword"
+      }
+    }
+  }
+}
+```
+</details>
+<details>
+<summary>OpenClaw / NemoClaw</summary>
+pop-pay works as an MCP tool with OpenClaw and NemoClaw. Use the standard config above, or see the [Integration Guide §4](./docs/INTEGRATION_GUIDE.md) for detailed setup instructions and System Prompt templates.
+</details>
+<details>
+<summary>Docker</summary>
+```bash
+docker-compose up -d
+```
+Runs pop-pay MCP server + headless Chromium with CDP. Mount your encrypted vault from the host. See `docker-compose.yml` for configuration.
+</details>
+> **Environment variables reference:** See [ENV_REFERENCE.md](./docs/ENV_REFERENCE.md) for the full list of `POP_*` variables (guardrail engine, LLM config, billing info, card credentials, webhooks, and more).
+---
+## MCP Tools
+| Tool | Description |
+|:---|:---|
+| `request_virtual_card` | Issue a one-time virtual card for an automated purchase. Runs security scan on the checkout page. |
+| `request_purchaser_info` | Auto-fill billing/contact info from pre-configured profile. |
+| `request_x402_payment` | Pay for API calls via the x402 HTTP payment protocol. |
+| `page_snapshot` | Security scan a checkout page for hidden prompt injections and anomalies. |
+## Providers
+| Provider | Description |
+|:---|:---|
+| **BYOC** (default) | Bring Your Own Card — uses your encrypted vault credentials for local CDP injection. |
+| **Stripe Issuing** | Real virtual cards via Stripe Issuing API. Requires `POP_STRIPE_KEY`. |
+| **Lithic** | Multi-issuer adapter skeleton (Stripe Issuing / Lithic). |
+| **Mock** | Test mode with generated card numbers for development. |
+**Provider priority (high → low):** Stripe Issuing → BYOC Local → Mock.
+If `POP_STRIPE_KEY` is set, Stripe takes precedence. If `POP_BYOC_NUMBER` is set (but no Stripe key), `LocalVaultProvider` is used. If neither is set, `MockProvider` is used for development.
+> **CDP injection limitation with Stripe Issuing:** The Stripe Issuing API returns only the last 4 digits of the card number for security reasons. CDP auto-injection (`POP_AUTO_INJECT=true`) requires the full PAN and therefore **does not work** with Stripe Issuing. Use BYOC (`POP_BYOC_NUMBER`) if you need CDP injection; use Stripe Issuing if you need a real card and will handle form submission yourself.
+---
+## Security Statement
+Security is a first-class citizen in pop-pay. The SDK **masks card numbers by default** (e.g., `****-****-****-4242`) when returning authorization results to the agent.
+**Defense-in-depth hardening:**
+| Layer | Defense |
+|---|---|
+| **Encrypted vault** | Card credentials stored as AES-256-GCM ciphertext (`vault.enc`); plaintext never touches disk after `pop-init-vault` |
+| **Passphrase mode** | Key derived from user passphrase via scrypt; stored in OS keyring — agents with shell access cannot derive the key |
+| **Database** | SQLite only stores masked card (`****-4242`); `card_number` and `cvv` columns removed entirely |
+| **Injection-time TOCTOU guard** | Domain verified against guardrail-approved vendor at the moment of injection — prevents redirect-to-attacker attacks |
+| **Repr redaction** | Masked card output in all logs and responses; credentials cannot leak via tracebacks |
+| **Process isolation** | Agent communicates via MCP JSON-RPC as a separate process — cannot access MCP server memory or env vars through the protocol |
+| **Native security layer** | XOR-split salt storage and scrypt key derivation handled in a stripped Rust binary (napi-rs) |
+See [THREAT_MODEL.md](./docs/THREAT_MODEL.md) for the full STRIDE analysis and red team results.
+## Architecture
+- **TypeScript** — MCP server, CDP injection engine, guardrails, CLI
+- **Rust (napi-rs)** — Native security layer: XOR-split salt storage, scrypt key derivation
+- **Node.js crypto** — AES-256-GCM vault encryption (OpenSSL binding)
+- **Chrome DevTools Protocol** — Direct DOM injection via raw WebSocket
+## Documentation
+- [Threat Model](docs/THREAT_MODEL.md) — STRIDE analysis, 5 security primitives, 10 attack scenarios
+- [Guardrail Benchmark](docs/GUARDRAIL_BENCHMARK.md) — 95% accuracy across 20 test scenarios, competitive comparison
+- [Compliance FAQ](docs/COMPLIANCE_FAQ.md) — Enterprise security and PCI DSS/SOC 2/GDPR details
+- [Environment Reference](docs/ENV_REFERENCE.md) — All POP_* environment variables
+- [Integration Guide](docs/INTEGRATION_GUIDE.md) — Detailed setup for Claude Code, Node.js SDK, and browser agents
+- [Categories Cookbook](docs/CATEGORIES_COOKBOOK.md) — POP_ALLOWED_CATEGORIES patterns and examples
 ## License
 MIT

package/dist/mcp-server.js CHANGED Viewed

@@ -17,6 +17,7 @@ const client_js_1 = require("./client.js");
 const stripe_mock_js_1 = require("./providers/stripe-mock.js");
 const byoc_local_js_1 = require("./providers/byoc-local.js");
 const guardrails_js_1 = require("./engine/guardrails.js");
+const injector_js_1 = require("./engine/injector.js");
 async function main() {
     // Load .env from config dir first, then fallback
     const configEnv = (0, node_path_1.join)((0, node_os_1.homedir)(), ".config", "pop-pay", ".env");
@@ -90,6 +91,10 @@ async function main() {
         engine = new guardrails_js_1.GuardrailEngine();
     }
     const client = new client_js_1.PopClient(provider, policy, engine);
+    // Optional: browser injector (only loaded when POP_AUTO_INJECT=true)
+    const cdpUrl = process.env.POP_CDP_URL ?? "http://localhost:9222";
+    const autoInject = (process.env.POP_AUTO_INJECT ?? "false").toLowerCase() === "true";
+    const injector = autoInject ? new injector_js_1.PopBrowserInjector(cdpUrl) : null;
     // Snapshot cache for security scans
     const snapshotCache = new Map();
     const SNAPSHOT_CACHE_MAX = 200;
@@ -238,6 +243,49 @@ async function main() {
         }
         const last4 = seal.cardNumber?.slice(-4) ?? "????";
         const maskedCard = `****-****-****-${last4}`;
+        // Auto-injection path: inject into browser if enabled
+        if (injector && seal.cardNumber && seal.cvv && seal.expirationDate) {
+            const injectionResult = await injector.injectPaymentInfo({
+                sealId: seal.sealId,
+                cardNumber: seal.cardNumber,
+                cvv: seal.cvv,
+                expirationDate: seal.expirationDate,
+                pageUrl: page_url,
+                approvedVendor: target_vendor,
+            });
+            if (!injectionResult.cardFilled) {
+                client.stateTracker.markUsed(seal.sealId);
+                if (injectionResult.blockedReason.startsWith("domain_mismatch:")) {
+                    const actual = injectionResult.blockedReason.split(":", 2)[1];
+                    return {
+                        content: [{
+                                type: "text",
+                                text: `Payment blocked. Security: current page domain '${actual}' does not match approved vendor '${target_vendor}'. Do not retry.`,
+                            }],
+                    };
+                }
+                return {
+                    content: [{
+                            type: "text",
+                            text: "Payment rejected. Could not find credit card input fields. Ensure page_url points to the checkout page and Playwright MCP shares --cdp-endpoint http://localhost:9222.",
+                        }],
+                };
+            }
+            let billingNote = "";
+            if (injectionResult.billingFilled && injectionResult.billingDetails) {
+                const filled = injectionResult.billingDetails.filled;
+                const failed = injectionResult.billingDetails.failed;
+                billingNote = ` Billing filled: ${JSON.stringify(filled)}.`;
+                if (failed.length > 0)
+                    billingNote += ` FAILED: ${JSON.stringify(failed)}.`;
+            }
+            return {
+                content: [{
+                        type: "text",
+                        text: `Payment approved and securely auto-injected into the browser form.${billingNote}${scanNote} Please proceed to click the submit/pay button. Masked card: ${maskedCard}`,
+                    }],
+            };
+        }
         return {
             content: [
                 {
@@ -266,13 +314,40 @@ async function main() {
                 ],
             };
         }
+        if (!injector) {
+            return {
+                content: [{
+                        type: "text",
+                        text: "Billing info injection is not available. Ensure POP_AUTO_INJECT=true in ~/.config/pop-pay/.env and restart the MCP server.",
+                    }],
+            };
+        }
+        const injectionResult = await injector.injectBillingOnly({
+            pageUrl: page_url,
+            approvedVendor: target_vendor,
+        });
+        if (injectionResult.blockedReason.startsWith("domain_mismatch:")) {
+            const actual = injectionResult.blockedReason.split(":", 2)[1];
+            return {
+                content: [{
+                        type: "text",
+                        text: `Blocked. Current page domain '${actual}' does not match approved vendor '${target_vendor}'. Do not retry.`,
+                    }],
+            };
+        }
+        if (!injectionResult.billingFilled) {
+            return {
+                content: [{
+                        type: "text",
+                        text: "Could not find billing fields on the current page. Make sure you are on the billing/contact info page before calling this tool.",
+                    }],
+            };
+        }
         return {
-            content: [
-                {
+            content: [{
                     type: "text",
-                    text: `Billing info request acknowledged for '${target_vendor}'. Browser injection is not yet implemented in the TypeScript version. Please fill billing fields manually.`,
-                },
-            ],
+                    text: `Billing info filled successfully for '${target_vendor}'. Name, address, email, and/or phone fields have been auto-populated. Proceed to the payment page and call request_virtual_card when card fields are visible.`,
+                }],
         };
     });
     server.tool("request_x402_payment", "Pay for an API call or service using the x402 HTTP payment protocol.", {
@@ -323,6 +398,28 @@ async function main() {
             ],
         };
     });
+    server.tool("page_snapshot", "Capture a security snapshot of a checkout page. Scans for hidden prompt injections, price mismatches, and redirect anomalies. Call before request_virtual_card to pre-validate checkout safety.", {
+        page_url: zod_1.z.string().describe("The checkout page URL to scan (must be https://)"),
+    }, async ({ page_url }) => {
+        const scanResult = await scanPage(page_url);
+        if (scanResult.error) {
+            return {
+                content: [{
+                        type: "text",
+                        text: `Snapshot failed: ${scanResult.error} Snapshot ID: ${scanResult.snapshotId}.`,
+                    }],
+            };
+        }
+        const flagsSummary = scanResult.flags.length > 0
+            ? `Flags: ${scanResult.flags.join(", ")}.`
+            : "No flags detected.";
+        return {
+            content: [{
+                    type: "text",
+                    text: `Page snapshot complete. Safe: ${scanResult.safe}. ${flagsSummary} Snapshot ID: ${scanResult.snapshotId}.`,
+                }],
+        };
+    });
     // Start stdio transport
     const transport = new stdio_js_1.StdioServerTransport();
     await server.connect(transport);

package/dist/mcp-server.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"mcp-server.js","sourceRoot":"","sources":["../src/mcp-server.ts"],"names":[],"mappings":";;AACA;;;GAGG;;AAEH,oEAAoE;AACpE,wEAAiF;AACjF,6BAAwB;AACxB,6CAAyC;AACzC,mCAAgC;AAChC,qCAAqC;AACrC,yCAAiC;AACjC,qCAAkC;AAGlC,2CAAwC;AACxC,+DAAgE;AAChE,6DAA+D;AAC/D,0DAAsE;AAGtE,KAAK,UAAU,IAAI;IAEnB,iDAAiD;IACjD,MAAM,SAAS,GAAG,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IAChE,IAAI,IAAA,oBAAU,EAAC,SAAS,CAAC,EAAE,CAAC;QAC1B,IAAA,eAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,IAAA,eAAM,GAAE,CAAC;IACX,CAAC;IAED,yBAAyB;IACzB,IAAI,UAAU,GAA2B,EAAE,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,kBAAkB,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QAC/F,IAAI,WAAW,EAAE,EAAE,CAAC;YAClB,MAAM,UAAU,GAAG,MAAM,kBAAkB,EAAE,CAAC;YAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YACpC,CAAC;YACD,UAAU,GAAG,MAAM,SAAS,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IAEV,kCAAkC;IAClC,IAAI,UAAU,CAAC,WAAW;QAAE,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,UAAU,CAAC,WAAW,CAAC;IACnF,IAAI,UAAU,CAAC,GAAG;QAAE,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,UAAU,CAAC,GAAG,CAAC;IAChE,IAAI,UAAU,CAAC,SAAS;QAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,UAAU,CAAC,SAAS,CAAC;IAClF,IAAI,UAAU,CAAC,QAAQ;QAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,UAAU,CAAC,QAAQ,CAAC;IAE/E,gBAAgB;IAChB,MAAM,iBAAiB,GAAa,IAAI,CAAC,KAAK,CAC5C,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,uBAAuB,CAC9D,CAAC;IACF,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC,CAAC;IAClE,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,MAAM,CAAC,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC;IACpF,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC7C,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAI,CAAC;IAEvD,MAAM,MAAM,GAAoB;QAC9B,iBAAiB;QACjB,cAAc,EAAE,QAAQ;QACxB,cAAc,EAAE,QAAQ;QACxB,uBAAuB,EAAE,UAAU;QACnC,UAAU;KACX,CAAC;IAEF,qBAAqB;IACrB,IAAI,QAA6B,CAAC;IAClC,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAAC,4BAA4B,CAAC,CAAC;QAC7E,QAAQ,GAAG,IAAI,qBAAqB,CAAC,SAAS,CAAC,CAAC;IAClD,CAAC;SAAM,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;QACvC,QAAQ,GAAG,IAAI,kCAAkB,EAAE,CAAC;IACtC,CAAC;SAAM,CAAC;QACN,QAAQ,GAAG,IAAI,mCAAkB,EAAE,CAAC;IACtC,CAAC;IAED,mBAAmB;IACnB,IAAI,MAAuB,CAAC;IAC5B,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;IACjF,IAAI,UAAU,KAAK,KAAK,EAAE,CAAC;QACzB,MAAM,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,4BAA4B,CAAC,CAAC;QACjG,MAAM,GAAG,IAAI,qBAAqB,CAChC,IAAI,kBAAkB,CAAC;YACrB,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE;YACzC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,SAAS;YAClD,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,aAAa;YACjD,WAAW,EAAE,IAAI;SAClB,CAAC,CACI,CAAC;IACX,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,IAAI,+BAAe,EAAE,CAAC;IACjC,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,qBAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAEvD,oCAAoC;IACpC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAoE,CAAC;IAClG,MAAM,kBAAkB,GAAG,GAAG,CAAC;IAE/B,iCAAiC;IACjC,MAAM,eAAe,GACnB,0OAA0O,CAAC;IAC7O,MAAM,QAAQ,GAAG,2CAA2C,CAAC;IAE7D,KAAK,UAAU,QAAQ,CAAC,OAAe;QAMrC,MAAM,UAAU,GAAG,IAAA,wBAAU,GAAE,CAAC;QAChC,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,aAAa;QACb,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;YAChC,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACjC,OAAO,EAAE,KAAK,EAAE,CAAC,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC;YAC3G,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,KAAK,EAAE,CAAC,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;QACpF,CAAC;QAED,aAAa;QACb,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC9F,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;YACjC,IAAI,QAAQ,CAAC,QAAQ,KAAK,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAC3C,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAC1B,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,wBAAwB,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;QACxF,CAAC;QAED,wBAAwB;QACxB,MAAM,mBAAmB,GAAG;YAC1B,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ;SAC9F,CAAC;QACF,IAAI,0BAA0B,GAAG,KAAK,CAAC;QACvC,IAAI,KAAK,CAAC;QACV,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACpD,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACxC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;YAC7G,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;gBAC3D,0BAA0B,GAAG,IAAI,CAAC;gBAClC,MAAM;YACR,CAAC;QACH,CAAC;QACD,IAAI,0BAA0B;YAAE,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAE3E,iBAAiB;QACjB,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QACnD,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAElD,QAAQ;QACR,IAAI,aAAa,CAAC,IAAI,IAAI,kBAAkB,EAAE,CAAC;YAC7C,IAAI,MAAM,GAAkB,IAAI,CAAC;YACjC,IAAI,UAAU,GAAG,QAAQ,CAAC;YAC1B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,aAAa,EAAE,CAAC;gBACnC,IAAI,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;oBACvC,MAAM,GAAG,CAAC,CAAC;oBACX,UAAU,GAAG,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACrC,CAAC;YACH,CAAC;YACD,IAAI,MAAM;gBAAE,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC3C,CAAC;QACD,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAEzE,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,8BAA8B,CAAC,CAAC;QAC7D,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;IAED,SAAS,eAAe,CAAC,GAAW;QAClC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAC5B,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACnD,OAAO,mCAAmC,CAAC;YAC7C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,cAAc,CAAC;QACxB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,aAAa;IACb,MAAM,MAAM,GAAG,IAAI,kBAAS,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;IAEpE,MAAM,CAAC,IAAI,CACT,sBAAsB,EACtB,sIAAsI,EACtI;QACE,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;QACvE,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sDAAsD,CAAC;QAC1F,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;QACjE,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;KACtE,EACD,KAAK,EAAE,EAAE,gBAAgB,EAAE,aAAa,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE;QACjE,gBAAgB;QAChB,IAAI,QAAQ,GAAG,EAAE,CAAC;QAClB,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC3C,IAAI,UAAU,CAAC;YACf,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;gBACtE,UAAU,GAAG;oBACX,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,UAAU,EAAE,MAAM,CAAC,UAAU;oBAC7B,IAAI,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,8BAA8B,CAAC;oBAC5D,KAAK,EAAE,IAAI;iBACZ,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,UAAU,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxC,CAAC;YACD,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,2CAA2C,UAAU,CAAC,KAAK,iBAAiB,UAAU,CAAC,UAAU,GAAG;yBAC3G;qBACF;iBACF,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;gBACrB,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,kFAAkF,UAAU,CAAC,UAAU,YAAY,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,8BAA8B;yBACnL;qBACF;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,sDAAsD,CAAC;QACpE,CAAC;QAED,MAAM,MAAM,GAAkB;YAC5B,OAAO,EAAE,WAAW;YACpB,eAAe,EAAE,gBAAgB;YACjC,YAAY,EAAE,aAAa;YAC3B,SAAS;YACT,OAAO,EAAE,QAAQ,IAAI,IAAI;SAC1B,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAEjD,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC/B,OAAO;gBACL,OAAO,EAAE;oBACP,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,2CAA2C,IAAI,CAAC,eAAe,EAAE,EAAE;iBACnG;aACF,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;QACnD,MAAM,UAAU,GAAG,kBAAkB,KAAK,EAAE,CAAC;QAE7C,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,kCAAkC,UAAU,aAAa,IAAI,CAAC,cAAc,aAAa,IAAI,CAAC,gBAAgB,GAAG,QAAQ,EAAE;iBAClI;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,wBAAwB,EACxB,8KAA8K,EAC9K;QACE,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,qCAAqC,CAAC;QACzE,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;QAC5D,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4BAA4B,CAAC;KACxE,EACD,KAAK,EAAE,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;QAC/C,MAAM,UAAU,GAAG,QAAQ;YACzB,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;YAChE,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,aAAa,GAAG,IAAA,2BAAW,EAAC,aAAa,EAAE,iBAAiB,EAAE,UAAU,CAAC,CAAC;QAChF,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,WAAW,aAAa,+EAA+E;qBAC9G;iBACF;aACF,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,0CAA0C,aAAa,6GAA6G;iBAC3K;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,sBAAsB,EACtB,sEAAsE,EACtE;QACE,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QACxD,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oBAAoB,CAAC;QACtD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;KACzD,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE,EAAE;QAC3C,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;QACxD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,6EAA6E;qBACpF;iBACF;aACF,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;QAC/C,IAAI,SAAS,EAAE,CAAC;YACd,OAAO;gBACL,OAAO,EAAE;oBACP,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,kDAAkD,SAAS,EAAE,EAAE;iBAC/F;aACF,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAkB;YAC5B,OAAO,EAAE,gBAAgB;YACzB,eAAe,EAAE,MAAM;YACvB,YAAY,EAAE,WAAW;YACzB,SAAS;YACT,OAAO,EAAE,WAAW;SACrB,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAEjD,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC/B,OAAO;gBACL,OAAO,EAAE;oBACP,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,gDAAgD,IAAI,CAAC,eAAe,EAAE,EAAE;iBACxG;aACF,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,4CAA4C,IAAI,CAAC,MAAM,aAAa,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,WAAW,gEAAgE;iBACxL;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,wBAAwB;IACxB,MAAM,SAAS,GAAG,IAAI,+BAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAEhC,CAAC,CAAC,WAAW;AAEb,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,GAAG,IAAI,CAAC,CAAC;IACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
1	+ {"version":3,"file":"mcp-server.js","sourceRoot":"","sources":["../src/mcp-server.ts"],"names":[],"mappings":";;AACA;;;GAGG;;AAEH,oEAAoE;AACpE,wEAAiF;AACjF,6BAAwB;AACxB,6CAAyC;AACzC,mCAAgC;AAChC,qCAAqC;AACrC,yCAAiC;AACjC,qCAAkC;AAGlC,2CAAwC;AACxC,+DAAgE;AAChE,6DAA+D;AAC/D,0DAAsE;AACtE,sDAA0D;AAG1D,KAAK,UAAU,IAAI;IAEnB,iDAAiD;IACjD,MAAM,SAAS,GAAG,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IAChE,IAAI,IAAA,oBAAU,EAAC,SAAS,CAAC,EAAE,CAAC;QAC1B,IAAA,eAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,IAAA,eAAM,GAAE,CAAC;IACX,CAAC;IAED,yBAAyB;IACzB,IAAI,UAAU,GAA2B,EAAE,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,kBAAkB,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QAC/F,IAAI,WAAW,EAAE,EAAE,CAAC;YAClB,MAAM,UAAU,GAAG,MAAM,kBAAkB,EAAE,CAAC;YAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YACpC,CAAC;YACD,UAAU,GAAG,MAAM,SAAS,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IAEV,kCAAkC;IAClC,IAAI,UAAU,CAAC,WAAW;QAAE,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,UAAU,CAAC,WAAW,CAAC;IACnF,IAAI,UAAU,CAAC,GAAG;QAAE,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,UAAU,CAAC,GAAG,CAAC;IAChE,IAAI,UAAU,CAAC,SAAS;QAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,UAAU,CAAC,SAAS,CAAC;IAClF,IAAI,UAAU,CAAC,QAAQ;QAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,UAAU,CAAC,QAAQ,CAAC;IAE/E,gBAAgB;IAChB,MAAM,iBAAiB,GAAa,IAAI,CAAC,KAAK,CAC5C,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,uBAAuB,CAC9D,CAAC;IACF,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC,CAAC;IAClE,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,MAAM,CAAC,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC;IACpF,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC7C,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAI,CAAC;IAEvD,MAAM,MAAM,GAAoB;QAC9B,iBAAiB;QACjB,cAAc,EAAE,QAAQ;QACxB,cAAc,EAAE,QAAQ;QACxB,uBAAuB,EAAE,UAAU;QACnC,UAAU;KACX,CAAC;IAEF,qBAAqB;IACrB,IAAI,QAA6B,CAAC;IAClC,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAAC,4BAA4B,CAAC,CAAC;QAC7E,QAAQ,GAAG,IAAI,qBAAqB,CAAC,SAAS,CAAC,CAAC;IAClD,CAAC;SAAM,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;QACvC,QAAQ,GAAG,IAAI,kCAAkB,EAAE,CAAC;IACtC,CAAC;SAAM,CAAC;QACN,QAAQ,GAAG,IAAI,mCAAkB,EAAE,CAAC;IACtC,CAAC;IAED,mBAAmB;IACnB,IAAI,MAAuB,CAAC;IAC5B,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;IACjF,IAAI,UAAU,KAAK,KAAK,EAAE,CAAC;QACzB,MAAM,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,4BAA4B,CAAC,CAAC;QACjG,MAAM,GAAG,IAAI,qBAAqB,CAChC,IAAI,kBAAkB,CAAC;YACrB,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE;YACzC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,SAAS;YAClD,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,aAAa;YACjD,WAAW,EAAE,IAAI;SAClB,CAAC,CACI,CAAC;IACX,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,IAAI,+BAAe,EAAE,CAAC;IACjC,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,qBAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAEvD,qEAAqE;IACrE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,uBAAuB,CAAC;IAClE,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,OAAO,CAAC,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC;IACrF,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,gCAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAEpE,oCAAoC;IACpC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAoE,CAAC;IAClG,MAAM,kBAAkB,GAAG,GAAG,CAAC;IAE/B,iCAAiC;IACjC,MAAM,eAAe,GACnB,0OAA0O,CAAC;IAC7O,MAAM,QAAQ,GAAG,2CAA2C,CAAC;IAE7D,KAAK,UAAU,QAAQ,CAAC,OAAe;QAMrC,MAAM,UAAU,GAAG,IAAA,wBAAU,GAAE,CAAC;QAChC,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,aAAa;QACb,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;YAChC,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACjC,OAAO,EAAE,KAAK,EAAE,CAAC,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC;YAC3G,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,KAAK,EAAE,CAAC,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;QACpF,CAAC;QAED,aAAa;QACb,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC9F,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;YACjC,IAAI,QAAQ,CAAC,QAAQ,KAAK,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAC3C,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAC1B,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,wBAAwB,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;QACxF,CAAC;QAED,wBAAwB;QACxB,MAAM,mBAAmB,GAAG;YAC1B,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ;SAC9F,CAAC;QACF,IAAI,0BAA0B,GAAG,KAAK,CAAC;QACvC,IAAI,KAAK,CAAC;QACV,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACpD,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACxC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;YAC7G,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;gBAC3D,0BAA0B,GAAG,IAAI,CAAC;gBAClC,MAAM;YACR,CAAC;QACH,CAAC;QACD,IAAI,0BAA0B;YAAE,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAE3E,iBAAiB;QACjB,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QACnD,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAElD,QAAQ;QACR,IAAI,aAAa,CAAC,IAAI,IAAI,kBAAkB,EAAE,CAAC;YAC7C,IAAI,MAAM,GAAkB,IAAI,CAAC;YACjC,IAAI,UAAU,GAAG,QAAQ,CAAC;YAC1B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,aAAa,EAAE,CAAC;gBACnC,IAAI,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;oBACvC,MAAM,GAAG,CAAC,CAAC;oBACX,UAAU,GAAG,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACrC,CAAC;YACH,CAAC;YACD,IAAI,MAAM;gBAAE,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC3C,CAAC;QACD,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAEzE,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,8BAA8B,CAAC,CAAC;QAC7D,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;IAED,SAAS,eAAe,CAAC,GAAW;QAClC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAC5B,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACnD,OAAO,mCAAmC,CAAC;YAC7C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,cAAc,CAAC;QACxB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,aAAa;IACb,MAAM,MAAM,GAAG,IAAI,kBAAS,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;IAEpE,MAAM,CAAC,IAAI,CACT,sBAAsB,EACtB,sIAAsI,EACtI;QACE,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;QACvE,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sDAAsD,CAAC;QAC1F,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;QACjE,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;KACtE,EACD,KAAK,EAAE,EAAE,gBAAgB,EAAE,aAAa,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE;QACjE,gBAAgB;QAChB,IAAI,QAAQ,GAAG,EAAE,CAAC;QAClB,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC3C,IAAI,UAAU,CAAC;YACf,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;gBACtE,UAAU,GAAG;oBACX,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,UAAU,EAAE,MAAM,CAAC,UAAU;oBAC7B,IAAI,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,8BAA8B,CAAC;oBAC5D,KAAK,EAAE,IAAI;iBACZ,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,UAAU,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxC,CAAC;YACD,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,2CAA2C,UAAU,CAAC,KAAK,iBAAiB,UAAU,CAAC,UAAU,GAAG;yBAC3G;qBACF;iBACF,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;gBACrB,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,kFAAkF,UAAU,CAAC,UAAU,YAAY,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,8BAA8B;yBACnL;qBACF;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,sDAAsD,CAAC;QACpE,CAAC;QAED,MAAM,MAAM,GAAkB;YAC5B,OAAO,EAAE,WAAW;YACpB,eAAe,EAAE,gBAAgB;YACjC,YAAY,EAAE,aAAa;YAC3B,SAAS;YACT,OAAO,EAAE,QAAQ,IAAI,IAAI;SAC1B,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAEjD,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC/B,OAAO;gBACL,OAAO,EAAE;oBACP,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,2CAA2C,IAAI,CAAC,eAAe,EAAE,EAAE;iBACnG;aACF,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;QACnD,MAAM,UAAU,GAAG,kBAAkB,KAAK,EAAE,CAAC;QAE7C,sDAAsD;QACtD,IAAI,QAAQ,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACnE,MAAM,eAAe,GAAG,MAAM,QAAQ,CAAC,iBAAiB,CAAC;gBACvD,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,cAAc,EAAE,IAAI,CAAC,cAAc;gBACnC,OAAO,EAAE,QAAQ;gBACjB,cAAc,EAAE,aAAa;aAC9B,CAAC,CAAC;YAEH,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE,CAAC;gBAChC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC1C,IAAI,eAAe,CAAC,aAAa,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;oBACjE,MAAM,MAAM,GAAG,eAAe,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAC9D,OAAO;wBACL,OAAO,EAAE,CAAC;gCACR,IAAI,EAAE,MAAe;gCACrB,IAAI,EAAE,mDAAmD,MAAM,qCAAqC,aAAa,kBAAkB;6BACpI,CAAC;qBACH,CAAC;gBACJ,CAAC;gBACD,OAAO;oBACL,OAAO,EAAE,CAAC;4BACR,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,wKAAwK;yBAC/K,CAAC;iBACH,CAAC;YACJ,CAAC;YAED,IAAI,WAAW,GAAG,EAAE,CAAC;YACrB,IAAI,eAAe,CAAC,aAAa,IAAI,eAAe,CAAC,cAAc,EAAE,CAAC;gBACpE,MAAM,MAAM,GAAG,eAAe,CAAC,cAAc,CAAC,MAAM,CAAC;gBACrD,MAAM,MAAM,GAAG,eAAe,CAAC,cAAc,CAAC,MAAM,CAAC;gBACrD,WAAW,GAAG,oBAAoB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC;gBAC5D,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;oBAAE,WAAW,IAAI,YAAY,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC;YAC9E,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,qEAAqE,WAAW,GAAG,QAAQ,gEAAgE,UAAU,EAAE;qBAC9K,CAAC;aACH,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,kCAAkC,UAAU,aAAa,IAAI,CAAC,cAAc,aAAa,IAAI,CAAC,gBAAgB,GAAG,QAAQ,EAAE;iBAClI;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,wBAAwB,EACxB,8KAA8K,EAC9K;QACE,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,qCAAqC,CAAC;QACzE,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;QAC5D,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4BAA4B,CAAC;KACxE,EACD,KAAK,EAAE,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;QAC/C,MAAM,UAAU,GAAG,QAAQ;YACzB,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;YAChE,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,aAAa,GAAG,IAAA,2BAAW,EAAC,aAAa,EAAE,iBAAiB,EAAE,UAAU,CAAC,CAAC;QAChF,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,WAAW,aAAa,+EAA+E;qBAC9G;iBACF;aACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,4HAA4H;qBACnI,CAAC;aACH,CAAC;QACJ,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,QAAQ,CAAC,iBAAiB,CAAC;YACvD,OAAO,EAAE,QAAQ;YACjB,cAAc,EAAE,aAAa;SAC9B,CAAC,CAAC;QAEH,IAAI,eAAe,CAAC,aAAa,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACjE,MAAM,MAAM,GAAG,eAAe,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9D,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,iCAAiC,MAAM,qCAAqC,aAAa,kBAAkB;qBAClH,CAAC;aACH,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,eAAe,CAAC,aAAa,EAAE,CAAC;YACnC,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,iIAAiI;qBACxI,CAAC;aACH,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,yCAAyC,aAAa,gKAAgK;iBAC7N,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,sBAAsB,EACtB,sEAAsE,EACtE;QACE,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QACxD,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oBAAoB,CAAC;QACtD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;KACzD,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE,EAAE;QAC3C,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;QACxD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,6EAA6E;qBACpF;iBACF;aACF,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;QAC/C,IAAI,SAAS,EAAE,CAAC;YACd,OAAO;gBACL,OAAO,EAAE;oBACP,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,kDAAkD,SAAS,EAAE,EAAE;iBAC/F;aACF,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAkB;YAC5B,OAAO,EAAE,gBAAgB;YACzB,eAAe,EAAE,MAAM;YACvB,YAAY,EAAE,WAAW;YACzB,SAAS;YACT,OAAO,EAAE,WAAW;SACrB,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAEjD,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC/B,OAAO;gBACL,OAAO,EAAE;oBACP,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,gDAAgD,IAAI,CAAC,eAAe,EAAE,EAAE;iBACxG;aACF,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,4CAA4C,IAAI,CAAC,MAAM,aAAa,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,WAAW,gEAAgE;iBACxL;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,eAAe,EACf,iMAAiM,EACjM;QACE,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kDAAkD,CAAC;KAClF,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;QACrB,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;YACrB,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,oBAAoB,UAAU,CAAC,KAAK,iBAAiB,UAAU,CAAC,UAAU,GAAG;qBACpF,CAAC;aACH,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAG,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;YAC9C,CAAC,CAAC,UAAU,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;YAC1C,CAAC,CAAC,oBAAoB,CAAC;QAEzB,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,iCAAiC,UAAU,CAAC,IAAI,KAAK,YAAY,iBAAiB,UAAU,CAAC,UAAU,GAAG;iBACjH,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,wBAAwB;IACxB,MAAM,SAAS,GAAG,IAAI,+BAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAEhC,CAAC,CAAC,WAAW;AAEb,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,GAAG,IAAI,CAAC,CAAC;IACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/providers/lithic.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { VirtualCardProvider } from "./base.js";
+import type { PaymentIntent, GuardrailPolicy, VirtualSeal } from "../core/models.js";
+/**
+ * LithicProvider — multi-issuer adapter skeleton for Lithic virtual cards.
+ *
+ * Lithic provides an API for issuing virtual debit and credit cards.
+ * This is a skeleton implementation; replace TODO sections with real API calls
+ * once the Lithic SDK integration is ready.
+ */
+export declare class LithicProvider implements VirtualCardProvider {
+    private apiKey;
+    constructor(apiKey: string);
+    issueCard(intent: PaymentIntent, policy: GuardrailPolicy): Promise<VirtualSeal>;
+}
+//# sourceMappingURL=lithic.d.ts.map

package/dist/providers/lithic.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"lithic.d.ts","sourceRoot":"","sources":["../../src/providers/lithic.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AACrD,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErF;;;;;;GAMG;AACH,qBAAa,cAAe,YAAW,mBAAmB;IACxD,OAAO,CAAC,MAAM,CAAS;gBAEX,MAAM,EAAE,MAAM;IAIpB,SAAS,CAAC,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC,WAAW,CAAC;CAwBtF"}

package/dist/providers/lithic.js ADDED Viewed

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LithicProvider = void 0;
+const node_crypto_1 = require("node:crypto");
+/**
+ * LithicProvider — multi-issuer adapter skeleton for Lithic virtual cards.
+ *
+ * Lithic provides an API for issuing virtual debit and credit cards.
+ * This is a skeleton implementation; replace TODO sections with real API calls
+ * once the Lithic SDK integration is ready.
+ */
+class LithicProvider {
+    apiKey;
+    constructor(apiKey) {
+        this.apiKey = apiKey;
+    }
+    async issueCard(intent, policy) {
+        if (intent.requestedAmount > policy.maxAmountPerTx) {
+            return {
+                sealId: (0, node_crypto_1.randomUUID)(),
+                cardNumber: null,
+                cvv: null,
+                expirationDate: null,
+                authorizedAmount: 0.0,
+                status: "Rejected",
+                rejectionReason: "Amount exceeds policy limit",
+            };
+        }
+        // TODO: Replace with real Lithic API call
+        // const card = await lithicClient.cards.create({
+        //   type: "VIRTUAL",
+        //   spend_limit: Math.round(intent.requestedAmount * 100),
+        //   spend_limit_duration: "TRANSACTION",
+        // });
+        throw new Error("LithicProvider is a skeleton — real Lithic API integration not yet implemented. " +
+            "Set POP_PROVIDER=stripe or POP_PROVIDER=byoc for working providers.");
+    }
+}
+exports.LithicProvider = LithicProvider;
+//# sourceMappingURL=lithic.js.map

package/dist/providers/lithic.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"lithic.js","sourceRoot":"","sources":["../../src/providers/lithic.ts"],"names":[],"mappings":";;;AAAA,6CAAyC;AAIzC;;;;;;GAMG;AACH,MAAa,cAAc;IACjB,MAAM,CAAS;IAEvB,YAAY,MAAc;QACxB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,MAAqB,EAAE,MAAuB;QAC5D,IAAI,MAAM,CAAC,eAAe,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;YACnD,OAAO;gBACL,MAAM,EAAE,IAAA,wBAAU,GAAE;gBACpB,UAAU,EAAE,IAAI;gBAChB,GAAG,EAAE,IAAI;gBACT,cAAc,EAAE,IAAI;gBACpB,gBAAgB,EAAE,GAAG;gBACrB,MAAM,EAAE,UAAU;gBAClB,eAAe,EAAE,6BAA6B;aAC/C,CAAC;QACJ,CAAC;QAED,0CAA0C;QAC1C,iDAAiD;QACjD,qBAAqB;QACrB,2DAA2D;QAC3D,yCAAyC;QACzC,MAAM;QACN,MAAM,IAAI,KAAK,CACb,kFAAkF;YAClF,qEAAqE,CACtE,CAAC;IACJ,CAAC;CACF;AA/BD,wCA+BC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pop-pay",
-  "version": "0.1.5",
+  "version": "0.2.0",
   "description": "Point One Percent - Semantic Payment Guardrail for AI Agents. It only takes 0.1% of hallucination to drain 100% of your wallet.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",