pop-pay 0.3.3 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +4 -1
- package/dist/client.js.map +1 -1
- package/dist/core/models.d.ts +1 -1
- package/dist/core/models.d.ts.map +1 -1
- package/dist/core/state.d.ts +5 -0
- package/dist/core/state.d.ts.map +1 -1
- package/dist/core/state.js +58 -2
- package/dist/core/state.js.map +1 -1
- package/dist/engine/injector.d.ts +44 -32
- package/dist/engine/injector.d.ts.map +1 -1
- package/dist/engine/injector.js +324 -644
- package/dist/engine/injector.js.map +1 -1
- package/dist/mcp-server.js +199 -13
- package/dist/mcp-server.js.map +1 -1
- package/package.json +6 -6
package/dist/client.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACpF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,qBAAa,SAAS;IACpB,QAAQ,EAAE,mBAAmB,CAAC;IAC9B,MAAM,EAAE,eAAe,CAAC;IACxB,YAAY,EAAE,eAAe,CAAC;IAC9B,MAAM,EAAE,eAAe,CAAC;gBAGtB,QAAQ,EAAE,mBAAmB,EAC7B,MAAM,EAAE,eAAe,EACvB,MAAM,CAAC,EAAE,eAAe,EACxB,MAAM,GAAE,MAAuB;IAQ3B,cAAc,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACpF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,qBAAa,SAAS;IACpB,QAAQ,EAAE,mBAAmB,CAAC;IAC9B,MAAM,EAAE,eAAe,CAAC;IACxB,YAAY,EAAE,eAAe,CAAC;IAC9B,MAAM,EAAE,eAAe,CAAC;gBAGtB,QAAQ,EAAE,mBAAmB,EAC7B,MAAM,EAAE,eAAe,EACvB,MAAM,CAAC,EAAE,eAAe,EACxB,MAAM,GAAE,MAAuB;IAQ3B,cAAc,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC;IAyD3D,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAOpH"}
|
package/dist/client.js
CHANGED
|
@@ -45,11 +45,14 @@ class PopClient {
|
|
|
45
45
|
this.stateTracker.recordSeal(seal.sealId, seal.authorizedAmount, intent.targetVendor, seal.status);
|
|
46
46
|
return seal;
|
|
47
47
|
}
|
|
48
|
-
// Issue card
|
|
48
|
+
// Issue card — record as Pending until injection confirms
|
|
49
49
|
const seal = await this.provider.issueCard(intent, this.policy);
|
|
50
50
|
const maskedCard = seal.cardNumber
|
|
51
51
|
? `****-****-****-${seal.cardNumber.slice(-4)}`
|
|
52
52
|
: "****-****-****-????";
|
|
53
|
+
if (seal.status !== "Rejected") {
|
|
54
|
+
seal.status = "Pending";
|
|
55
|
+
}
|
|
53
56
|
this.stateTracker.recordSeal(seal.sealId, seal.authorizedAmount, intent.targetVendor, seal.status, maskedCard, seal.expirationDate);
|
|
54
57
|
if (seal.status !== "Rejected") {
|
|
55
58
|
this.stateTracker.addSpend(intent.requestedAmount);
|
package/dist/client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":";;;AAAA,6CAAyC;AAGzC,0DAAyD;AACzD,8CAAkD;AAElD,MAAa,SAAS;IACpB,QAAQ,CAAsB;IAC9B,MAAM,CAAkB;IACxB,YAAY,CAAkB;IAC9B,MAAM,CAAkB;IAExB,YACE,QAA6B,EAC7B,MAAuB,EACvB,MAAwB,EACxB,SAAiB,cAAc;QAE/B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,YAAY,GAAG,IAAI,0BAAe,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,IAAI,+BAAe,EAAE,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAqB;QACxC,qBAAqB;QACrB,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;YACpF,MAAM,IAAI,GAAgB;gBACxB,MAAM,EAAE,IAAA,wBAAU,GAAE;gBACpB,UAAU,EAAE,IAAI;gBAChB,GAAG,EAAE,IAAI;gBACT,cAAc,EAAE,IAAI;gBACpB,gBAAgB,EAAE,GAAG;gBACrB,MAAM,EAAE,UAAU;gBAClB,eAAe,EAAE,uBAAuB;aACzC,CAAC;YACF,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YACnG,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kBAAkB;QAClB,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACjF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,GAAgB;gBACxB,MAAM,EAAE,IAAA,wBAAU,GAAE;gBACpB,UAAU,EAAE,IAAI;gBAChB,GAAG,EAAE,IAAI;gBACT,cAAc,EAAE,IAAI;gBACpB,gBAAgB,EAAE,GAAG;gBACrB,MAAM,EAAE,UAAU;gBAClB,eAAe,EAAE,MAAM;aACxB,CAAC;YACF,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YACnG,OAAO,IAAI,CAAC;QACd,CAAC;QAED,
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":";;;AAAA,6CAAyC;AAGzC,0DAAyD;AACzD,8CAAkD;AAElD,MAAa,SAAS;IACpB,QAAQ,CAAsB;IAC9B,MAAM,CAAkB;IACxB,YAAY,CAAkB;IAC9B,MAAM,CAAkB;IAExB,YACE,QAA6B,EAC7B,MAAuB,EACvB,MAAwB,EACxB,SAAiB,cAAc;QAE/B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,YAAY,GAAG,IAAI,0BAAe,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,IAAI,+BAAe,EAAE,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAqB;QACxC,qBAAqB;QACrB,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;YACpF,MAAM,IAAI,GAAgB;gBACxB,MAAM,EAAE,IAAA,wBAAU,GAAE;gBACpB,UAAU,EAAE,IAAI;gBAChB,GAAG,EAAE,IAAI;gBACT,cAAc,EAAE,IAAI;gBACpB,gBAAgB,EAAE,GAAG;gBACrB,MAAM,EAAE,UAAU;gBAClB,eAAe,EAAE,uBAAuB;aACzC,CAAC;YACF,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YACnG,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kBAAkB;QAClB,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACjF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,GAAgB;gBACxB,MAAM,EAAE,IAAA,wBAAU,GAAE;gBACpB,UAAU,EAAE,IAAI;gBAChB,GAAG,EAAE,IAAI;gBACT,cAAc,EAAE,IAAI;gBACpB,gBAAgB,EAAE,GAAG;gBACrB,MAAM,EAAE,UAAU;gBAClB,eAAe,EAAE,MAAM;aACxB,CAAC;YACF,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YACnG,OAAO,IAAI,CAAC;QACd,CAAC;QAED,0DAA0D;QAC1D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU;YAChC,CAAC,CAAC,kBAAkB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;YAC/C,CAAC,CAAC,qBAAqB,CAAC;QAE1B,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC/B,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,UAAU,CAC1B,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,gBAAgB,EACrB,MAAM,CAAC,YAAY,EACnB,IAAI,CAAC,MAAM,EACX,UAAU,EACV,IAAI,CAAC,cAAc,CACpB,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC/B,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,MAAc;QACjD,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACnC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IACvC,CAAC;CACF;AAlFD,8BAkFC"}
|
package/dist/core/models.d.ts
CHANGED
|
@@ -45,7 +45,7 @@ export interface VirtualSeal {
|
|
|
45
45
|
cvv: string | null;
|
|
46
46
|
expirationDate: string | null;
|
|
47
47
|
authorizedAmount: number;
|
|
48
|
-
status: "Issued" | "Rejected" | "Revoked" | "Used";
|
|
48
|
+
status: "Issued" | "Rejected" | "Revoked" | "Used" | "Pending";
|
|
49
49
|
rejectionReason: string | null;
|
|
50
50
|
}
|
|
51
51
|
//# sourceMappingURL=models.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"models.d.ts","sourceRoot":"","sources":["../../src/core/models.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;EAMhC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;EAM9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,gBAAgB,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"models.d.ts","sourceRoot":"","sources":["../../src/core/models.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;EAMhC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;EAM9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,gBAAgB,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;IAC/D,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;CAChC"}
|
package/dist/core/state.d.ts
CHANGED
|
@@ -1,13 +1,18 @@
|
|
|
1
1
|
export declare class PopStateTracker {
|
|
2
2
|
private db;
|
|
3
|
+
private encryptionKey;
|
|
3
4
|
dailySpendTotal: number;
|
|
4
5
|
constructor(dbPath?: string);
|
|
6
|
+
private deriveEncryptionKey;
|
|
7
|
+
private encryptField;
|
|
8
|
+
private decryptField;
|
|
5
9
|
private initDb;
|
|
6
10
|
private getTodaySpent;
|
|
7
11
|
canSpend(amount: number, maxDailyBudget: number): boolean;
|
|
8
12
|
addSpend(amount: number): void;
|
|
9
13
|
recordSeal(sealId: string, amount: number, vendor: string, status?: string, maskedCard?: string | null, expirationDate?: string | null): void;
|
|
10
14
|
getSealMaskedCard(sealId: string): string;
|
|
15
|
+
updateSealStatus(sealId: string, status: string): void;
|
|
11
16
|
markUsed(sealId: string): void;
|
|
12
17
|
isUsed(sealId: string): boolean;
|
|
13
18
|
close(): void;
|
package/dist/core/state.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../../src/core/state.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../../src/core/state.ts"],"names":[],"mappings":"AAIA,qBAAa,eAAe;IAC1B,OAAO,CAAC,EAAE,CAAoB;IAC9B,OAAO,CAAC,aAAa,CAAS;IAC9B,eAAe,EAAE,MAAM,CAAC;gBAEZ,MAAM,GAAE,MAAuB;IAQ3C,OAAO,CAAC,mBAAmB;IAa3B,OAAO,CAAC,YAAY;IAapB,OAAO,CAAC,YAAY;IAyBpB,OAAO,CAAC,MAAM;IAoBd,OAAO,CAAC,aAAa;IAQrB,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO;IAKzD,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAY9B,UAAU,CACR,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,MAAiB,EACzB,UAAU,GAAE,MAAM,GAAG,IAAW,EAChC,cAAc,GAAE,MAAM,GAAG,IAAW,GACnC,IAAI;IAUP,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IASzC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAMtD,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAM9B,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAO/B,KAAK,IAAI,IAAI;CAGd"}
|
package/dist/core/state.js
CHANGED
|
@@ -5,15 +5,63 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.PopStateTracker = void 0;
|
|
7
7
|
const better_sqlite3_1 = __importDefault(require("better-sqlite3"));
|
|
8
|
+
const crypto_1 = __importDefault(require("crypto"));
|
|
9
|
+
const os_1 = __importDefault(require("os"));
|
|
8
10
|
class PopStateTracker {
|
|
9
11
|
db;
|
|
12
|
+
encryptionKey;
|
|
10
13
|
dailySpendTotal;
|
|
11
14
|
constructor(dbPath = "pop_state.db") {
|
|
12
15
|
this.db = new better_sqlite3_1.default(dbPath);
|
|
13
16
|
this.db.pragma("journal_mode = WAL");
|
|
17
|
+
this.encryptionKey = this.deriveEncryptionKey();
|
|
14
18
|
this.initDb();
|
|
15
19
|
this.dailySpendTotal = this.getTodaySpent();
|
|
16
20
|
}
|
|
21
|
+
deriveEncryptionKey() {
|
|
22
|
+
const envKey = process.env.POP_STATE_ENCRYPTION_KEY;
|
|
23
|
+
if (envKey) {
|
|
24
|
+
return Buffer.from(envKey, "hex");
|
|
25
|
+
}
|
|
26
|
+
// Fallback: Deterministic key derived from hostname
|
|
27
|
+
const hostname = os_1.default.hostname();
|
|
28
|
+
return crypto_1.default
|
|
29
|
+
.createHmac("sha256", "pop-pay-state-salt")
|
|
30
|
+
.update(hostname)
|
|
31
|
+
.digest();
|
|
32
|
+
}
|
|
33
|
+
encryptField(value) {
|
|
34
|
+
if (!value)
|
|
35
|
+
return null;
|
|
36
|
+
const iv = crypto_1.default.randomBytes(12);
|
|
37
|
+
const cipher = crypto_1.default.createCipheriv("aes-256-gcm", this.encryptionKey, iv);
|
|
38
|
+
const encrypted = Buffer.concat([
|
|
39
|
+
cipher.update(value, "utf8"),
|
|
40
|
+
cipher.final(),
|
|
41
|
+
]);
|
|
42
|
+
const authTag = cipher.getAuthTag();
|
|
43
|
+
// Structure: IV (12b) + AuthTag (16b) + Ciphertext
|
|
44
|
+
return Buffer.concat([iv, authTag, encrypted]).toString("base64");
|
|
45
|
+
}
|
|
46
|
+
decryptField(encryptedBase64) {
|
|
47
|
+
if (!encryptedBase64)
|
|
48
|
+
return null;
|
|
49
|
+
try {
|
|
50
|
+
const data = Buffer.from(encryptedBase64, "base64");
|
|
51
|
+
if (data.length < 28)
|
|
52
|
+
return encryptedBase64; // Too short for IV+Tag+Data, probably raw
|
|
53
|
+
const iv = data.subarray(0, 12);
|
|
54
|
+
const authTag = data.subarray(12, 28);
|
|
55
|
+
const ciphertext = data.subarray(28);
|
|
56
|
+
const decipher = crypto_1.default.createDecipheriv("aes-256-gcm", this.encryptionKey, iv);
|
|
57
|
+
decipher.setAuthTag(authTag);
|
|
58
|
+
return (decipher.update(ciphertext, undefined, "utf8") +
|
|
59
|
+
decipher.final("utf8"));
|
|
60
|
+
}
|
|
61
|
+
catch (e) {
|
|
62
|
+
return encryptedBase64; // Fallback to raw value if decryption fails
|
|
63
|
+
}
|
|
64
|
+
}
|
|
17
65
|
initDb() {
|
|
18
66
|
this.db.exec(`
|
|
19
67
|
CREATE TABLE IF NOT EXISTS daily_budget (
|
|
@@ -54,16 +102,24 @@ class PopStateTracker {
|
|
|
54
102
|
this.dailySpendTotal = this.getTodaySpent();
|
|
55
103
|
}
|
|
56
104
|
recordSeal(sealId, amount, vendor, status = "Issued", maskedCard = null, expirationDate = null) {
|
|
105
|
+
const encryptedMasked = this.encryptField(maskedCard);
|
|
57
106
|
this.db
|
|
58
107
|
.prepare(`INSERT INTO issued_seals (seal_id, amount, vendor, status, masked_card, expiration_date)
|
|
59
108
|
VALUES (?, ?, ?, ?, ?, ?)`)
|
|
60
|
-
.run(sealId, amount, vendor, status,
|
|
109
|
+
.run(sealId, amount, vendor, status, encryptedMasked, expirationDate);
|
|
61
110
|
}
|
|
62
111
|
getSealMaskedCard(sealId) {
|
|
63
112
|
const row = this.db
|
|
64
113
|
.prepare("SELECT masked_card FROM issued_seals WHERE seal_id = ?")
|
|
65
114
|
.get(sealId);
|
|
66
|
-
|
|
115
|
+
if (!row || !row.masked_card)
|
|
116
|
+
return "";
|
|
117
|
+
return this.decryptField(row.masked_card) ?? "";
|
|
118
|
+
}
|
|
119
|
+
updateSealStatus(sealId, status) {
|
|
120
|
+
this.db
|
|
121
|
+
.prepare("UPDATE issued_seals SET status = ? WHERE seal_id = ?")
|
|
122
|
+
.run(status, sealId);
|
|
67
123
|
}
|
|
68
124
|
markUsed(sealId) {
|
|
69
125
|
this.db
|
package/dist/core/state.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"state.js","sourceRoot":"","sources":["../../src/core/state.ts"],"names":[],"mappings":";;;;;;AAAA,oEAAsC;
|
|
1
|
+
{"version":3,"file":"state.js","sourceRoot":"","sources":["../../src/core/state.ts"],"names":[],"mappings":";;;;;;AAAA,oEAAsC;AACtC,oDAA4B;AAC5B,4CAAoB;AAEpB,MAAa,eAAe;IAClB,EAAE,CAAoB;IACtB,aAAa,CAAS;IAC9B,eAAe,CAAS;IAExB,YAAY,SAAiB,cAAc;QACzC,IAAI,CAAC,EAAE,GAAG,IAAI,wBAAQ,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACrC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAChD,IAAI,CAAC,MAAM,EAAE,CAAC;QACd,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IAC9C,CAAC;IAEO,mBAAmB;QACzB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;QACpD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACpC,CAAC;QACD,oDAAoD;QACpD,MAAM,QAAQ,GAAG,YAAE,CAAC,QAAQ,EAAE,CAAC;QAC/B,OAAO,gBAAM;aACV,UAAU,CAAC,QAAQ,EAAE,oBAAoB,CAAC;aAC1C,MAAM,CAAC,QAAQ,CAAC;aAChB,MAAM,EAAE,CAAC;IACd,CAAC;IAEO,YAAY,CAAC,KAAoB;QACvC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,MAAM,EAAE,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,gBAAM,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAC5E,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;YAC9B,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC;YAC5B,MAAM,CAAC,KAAK,EAAE;SACf,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACpC,mDAAmD;QACnD,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACpE,CAAC;IAEO,YAAY,CAAC,eAA8B;QACjD,IAAI,CAAC,eAAe;YAAE,OAAO,IAAI,CAAC;QAClC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;YACpD,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE;gBAAE,OAAO,eAAe,CAAC,CAAC,0CAA0C;YAExF,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAChC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;YACtC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAErC,MAAM,QAAQ,GAAG,gBAAM,CAAC,gBAAgB,CACtC,aAAa,EACb,IAAI,CAAC,aAAa,EAClB,EAAE,CACH,CAAC;YACF,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAC7B,OAAO,CACL,QAAQ,CAAC,MAAM,CAAC,UAAiB,EAAE,SAAS,EAAE,MAAM,CAAC;gBACrD,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CACvB,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,eAAe,CAAC,CAAC,4CAA4C;QACtE,CAAC;IACH,CAAC;IAEO,MAAM;QACZ,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;;;;;KAKZ,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;KAUZ,CAAC,CAAC;IACL,CAAC;IAEO,aAAa;QACnB,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,sDAAsD,CAAC;aAC/D,GAAG,CAAC,KAAK,CAAyC,CAAC;QACtD,OAAO,GAAG,EAAE,YAAY,IAAI,GAAG,CAAC;IAClC,CAAC;IAED,QAAQ,CAAC,MAAc,EAAE,cAAsB;QAC7C,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACxC,OAAO,UAAU,GAAG,MAAM,IAAI,cAAc,CAAC;IAC/C,CAAC;IAED,QAAQ,CAAC,MAAc;QACrB,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;yEAEiE,CAClE;aACA,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9B,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IAC9C,CAAC;IAED,UAAU,CACR,MAAc,EACd,MAAc,EACd,MAAc,EACd,SAAiB,QAAQ,EACzB,aAA4B,IAAI,EAChC,iBAAgC,IAAI;QAEpC,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QACtD,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;mCAC2B,CAC5B;aACA,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,cAAc,CAAC,CAAC;IAC1E,CAAC;IAED,iBAAiB,CAAC,MAAc;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,wDAAwD,CAAC;aACjE,GAAG,CAAC,MAAM,CAA+C,CAAC;QAE7D,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW;YAAE,OAAO,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;IAClD,CAAC;IAED,gBAAgB,CAAC,MAAc,EAAE,MAAc;QAC7C,IAAI,CAAC,EAAE;aACJ,OAAO,CAAC,sDAAsD,CAAC;aAC/D,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzB,CAAC;IAED,QAAQ,CAAC,MAAc;QACrB,IAAI,CAAC,EAAE;aACJ,OAAO,CAAC,2DAA2D,CAAC;aACpE,GAAG,CAAC,MAAM,CAAC,CAAC;IACjB,CAAC;IAED,MAAM,CAAC,MAAc;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,mDAAmD,CAAC;aAC5D,GAAG,CAAC,MAAM,CAAmC,CAAC;QACjD,OAAO,GAAG,EAAE,MAAM,KAAK,MAAM,CAAC;IAChC,CAAC;IAED,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;CACF;AA7JD,0CA6JC"}
|
|
@@ -1,12 +1,11 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* PopBrowserInjector:
|
|
2
|
+
* PopBrowserInjector: Playwright-based browser injector for payment and billing fields.
|
|
3
3
|
*
|
|
4
4
|
* Connects to an already-running Chromium browser (via --remote-debugging-port)
|
|
5
|
-
* and auto-fills credit card fields
|
|
6
|
-
* Stripe and other third-party payment iframes. Also fills billing detail fields
|
|
7
|
-
* (name, address, email) that live in the main page frame.
|
|
5
|
+
* using playwright-core and auto-fills credit card fields across all frames.
|
|
8
6
|
*
|
|
9
|
-
*
|
|
7
|
+
* This version replaces the raw CDP WebSocket implementation with Playwright's
|
|
8
|
+
* connectOverCDP, providing better isolation and cross-origin iframe support.
|
|
10
9
|
*/
|
|
11
10
|
export declare const CARD_NUMBER_SELECTORS: string[];
|
|
12
11
|
export declare const EXPIRY_SELECTORS: string[];
|
|
@@ -23,16 +22,6 @@ export declare const COUNTRY_SELECTORS: string[];
|
|
|
23
22
|
export declare const STATE_SELECTORS: string[];
|
|
24
23
|
export declare const CITY_SELECTORS: string[];
|
|
25
24
|
export declare function ssrfValidateUrl(url: string): string | null;
|
|
26
|
-
export interface InjectionResult {
|
|
27
|
-
cardFilled: boolean;
|
|
28
|
-
billingFilled: boolean;
|
|
29
|
-
blockedReason: string;
|
|
30
|
-
billingDetails?: {
|
|
31
|
-
filled: string[];
|
|
32
|
-
failed: string[];
|
|
33
|
-
skipped: string[];
|
|
34
|
-
};
|
|
35
|
-
}
|
|
36
25
|
export interface BillingInfo {
|
|
37
26
|
firstName: string;
|
|
38
27
|
lastName: string;
|
|
@@ -45,6 +34,16 @@ export interface BillingInfo {
|
|
|
45
34
|
phone: string;
|
|
46
35
|
phoneCountryCode: string;
|
|
47
36
|
}
|
|
37
|
+
export interface InjectionResult {
|
|
38
|
+
cardFilled: boolean;
|
|
39
|
+
billingFilled: boolean;
|
|
40
|
+
blockedReason: string;
|
|
41
|
+
billingDetails?: {
|
|
42
|
+
filled: string[];
|
|
43
|
+
failed: string[];
|
|
44
|
+
skipped: string[];
|
|
45
|
+
};
|
|
46
|
+
}
|
|
48
47
|
export interface PageSnapshot {
|
|
49
48
|
url: string;
|
|
50
49
|
title: string;
|
|
@@ -57,32 +56,45 @@ export interface PageSnapshot {
|
|
|
57
56
|
export declare function verifyDomainToctou(pageUrl: string, approvedVendor: string): string | null;
|
|
58
57
|
export declare class PopBrowserInjector {
|
|
59
58
|
private cdpUrl;
|
|
60
|
-
private
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
59
|
+
private defaultBillingInfo?;
|
|
60
|
+
private browser;
|
|
61
|
+
constructor(cdpUrl?: string, billingInfoOrHeadless?: BillingInfo | boolean);
|
|
62
|
+
/**
|
|
63
|
+
* Inject payment info into the current page.
|
|
64
|
+
* Supports both positional and object-based signatures for compatibility.
|
|
65
|
+
*/
|
|
66
|
+
injectPaymentInfo(optsOrCard: string | {
|
|
64
67
|
cardNumber: string;
|
|
68
|
+
expiry?: string;
|
|
69
|
+
expirationDate?: string;
|
|
65
70
|
cvv: string;
|
|
66
|
-
|
|
67
|
-
pageUrl?: string;
|
|
71
|
+
vendor?: string;
|
|
68
72
|
approvedVendor?: string;
|
|
69
|
-
|
|
73
|
+
pageUrl?: string;
|
|
74
|
+
billingInfo?: BillingInfo;
|
|
75
|
+
sealId?: string;
|
|
76
|
+
}, expiry?: string, cvv?: string, vendor?: string, pageUrl?: string, billingInfo?: BillingInfo): Promise<InjectionResult>;
|
|
77
|
+
/**
|
|
78
|
+
* Internal method used by mcp-server.ts. Kept for compatibility but marked internal.
|
|
79
|
+
* @internal
|
|
80
|
+
*/
|
|
70
81
|
injectBillingOnly(opts: {
|
|
71
82
|
pageUrl?: string;
|
|
72
83
|
approvedVendor?: string;
|
|
73
84
|
}): Promise<InjectionResult>;
|
|
74
|
-
pageSnapshot(
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
private
|
|
78
|
-
private
|
|
85
|
+
pageSnapshot(url?: string): Promise<PageSnapshot | null>;
|
|
86
|
+
close(): Promise<void>;
|
|
87
|
+
static maskedCard(cardNumber: string): string;
|
|
88
|
+
private findBestPage;
|
|
89
|
+
private fillAcrossFrames;
|
|
90
|
+
private fillInFrame;
|
|
91
|
+
private findVisibleLocator;
|
|
79
92
|
private fillCardInShadowDom;
|
|
80
|
-
private fillInputViaEval;
|
|
81
|
-
private selectOption;
|
|
82
|
-
private fillBillingField;
|
|
83
93
|
private fillBillingFields;
|
|
84
|
-
private
|
|
94
|
+
private fillField;
|
|
95
|
+
private selectOption;
|
|
96
|
+
private dispatchEvents;
|
|
85
97
|
private enableBlackout;
|
|
86
|
-
|
|
98
|
+
private loadBillingFromEnv;
|
|
87
99
|
}
|
|
88
100
|
//# sourceMappingURL=injector.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"injector.d.ts","sourceRoot":"","sources":["../../src/engine/injector.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"injector.d.ts","sourceRoot":"","sources":["../../src/engine/injector.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAuDH,eAAO,MAAM,qBAAqB,UAUjC,CAAC;AAEF,eAAO,MAAM,gBAAgB,UAS5B,CAAC;AAEF,eAAO,MAAM,aAAa,UAUzB,CAAC;AAEF,eAAO,MAAM,oBAAoB,UAMhC,CAAC;AAEF,eAAO,MAAM,mBAAmB,UAM/B,CAAC;AAEF,eAAO,MAAM,mBAAmB,UAM/B,CAAC;AAEF,eAAO,MAAM,gBAAgB,UAQ5B,CAAC;AAEF,eAAO,MAAM,aAAa,UAQzB,CAAC;AAEF,eAAO,MAAM,eAAe,UAM3B,CAAC;AAEF,eAAO,MAAM,eAAe,UAQ3B,CAAC;AAEF,eAAO,MAAM,4BAA4B,UAQxC,CAAC;AAEF,eAAO,MAAM,iBAAiB,UAM7B,CAAC;AAEF,eAAO,MAAM,eAAe,UAQ3B,CAAC;AAEF,eAAO,MAAM,cAAc,UAO1B,CAAC;AAsBF,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAuB1D;AAKD,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,OAAO,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CAC5E;AAED,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACzC;AAKD,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,MAAM,GACrB,MAAM,GAAG,IAAI,CA2Df;AAKD,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,kBAAkB,CAAC,CAAc;IACzC,OAAO,CAAC,OAAO,CAAwB;gBAE3B,MAAM,GAAE,MAAgC,EAAE,qBAAqB,CAAC,EAAE,WAAW,GAAG,OAAO;IAOnG;;;OAGG;IACG,iBAAiB,CACrB,UAAU,EAAE,MAAM,GAAG;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,cAAc,CAAC,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,cAAc,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,WAAW,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,EAC1M,MAAM,CAAC,EAAE,MAAM,EACf,GAAG,CAAC,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,EAChB,WAAW,CAAC,EAAE,WAAW,GACxB,OAAO,CAAC,eAAe,CAAC;IA+E3B;;;OAGG;IACG,iBAAiB,CAAC,IAAI,EAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,cAAc,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,eAAe,CAAC;IA+BhG,YAAY,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IA4BxD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAS5B,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAS7C,OAAO,CAAC,YAAY;YAcN,gBAAgB;YAqBhB,WAAW;YAeX,kBAAkB;YAYlB,mBAAmB;YAyDnB,iBAAiB;YA6CjB,SAAS;YAmCT,YAAY;YA+CZ,cAAc;YAQd,cAAc;IAyB5B,OAAO,CAAC,kBAAkB;CAc3B"}
|