pop-pay 0.5.8 → 0.5.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/cli-dashboard.js +2 -4
- package/dist/cli-dashboard.js.map +1 -1
- package/dist/cli-main.js +3 -5
- package/dist/cli-main.js.map +1 -1
- package/dist/cli-vault.js +70 -27
- package/dist/cli-vault.js.map +1 -1
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +25 -2
- package/dist/client.js.map +1 -1
- package/dist/core/state.d.ts +1 -4
- package/dist/core/state.d.ts.map +1 -1
- package/dist/core/state.js +36 -49
- package/dist/core/state.js.map +1 -1
- package/dist/dashboard.d.ts.map +1 -1
- package/dist/dashboard.js +3 -25
- package/dist/dashboard.js.map +1 -1
- package/dist/engine/injector.d.ts +1 -0
- package/dist/engine/injector.d.ts.map +1 -1
- package/dist/engine/injector.js +41 -2
- package/dist/engine/injector.js.map +1 -1
- package/dist/engine/llm-guardrails.d.ts +11 -0
- package/dist/engine/llm-guardrails.d.ts.map +1 -1
- package/dist/engine/llm-guardrails.js +62 -17
- package/dist/engine/llm-guardrails.js.map +1 -1
- package/dist/errors.d.ts +89 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/errors.js +199 -0
- package/dist/errors.js.map +1 -0
- package/dist/mcp-server.js +68 -18
- package/dist/mcp-server.js.map +1 -1
- package/dist/providers/byoc-local.d.ts +6 -1
- package/dist/providers/byoc-local.d.ts.map +1 -1
- package/dist/providers/byoc-local.js +9 -6
- package/dist/providers/byoc-local.js.map +1 -1
- package/dist/transport.d.ts +14 -0
- package/dist/transport.d.ts.map +1 -0
- package/dist/transport.js +107 -0
- package/dist/transport.js.map +1 -0
- package/dist/vault.d.ts +40 -0
- package/dist/vault.d.ts.map +1 -1
- package/dist/vault.js +175 -25
- package/dist/vault.js.map +1 -1
- package/package.json +2 -1
package/README.md
CHANGED
|
@@ -227,7 +227,7 @@ See [THREAT_MODEL.md](./docs/THREAT_MODEL.md) for the full STRIDE analysis and [
|
|
|
227
227
|
## Documentation
|
|
228
228
|
|
|
229
229
|
- [Threat Model](docs/THREAT_MODEL.md) — STRIDE analysis, 5 security primitives, 10 attack scenarios
|
|
230
|
-
- [Guardrail Benchmark](docs/GUARDRAIL_BENCHMARK.md) —
|
|
230
|
+
- [Guardrail Benchmark](docs/GUARDRAIL_BENCHMARK.md) — Cross-model evaluation (Anthropic / OpenAI / Gemini) across 585 payloads, 11 attack categories
|
|
231
231
|
- [Compliance FAQ](docs/COMPLIANCE_FAQ.md) — PCI DSS, SOC 2, GDPR details
|
|
232
232
|
- [Environment Reference](docs/ENV_REFERENCE.md) — All POP_* environment variables
|
|
233
233
|
- [Integration Guide](docs/INTEGRATION_GUIDE.md) — Setup for Claude Code, Node.js SDK, and browser agents
|
package/dist/cli-dashboard.js
CHANGED
|
@@ -7,6 +7,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
7
7
|
const dashboard_js_1 = require("./dashboard.js");
|
|
8
8
|
const path_1 = __importDefault(require("path"));
|
|
9
9
|
const os_1 = __importDefault(require("os"));
|
|
10
|
+
const errors_js_1 = require("./errors.js");
|
|
10
11
|
const DEFAULT_DB_PATH = path_1.default.join(os_1.default.homedir(), ".config", "pop-pay", "pop_state.db");
|
|
11
12
|
function parseArgs() {
|
|
12
13
|
const args = process.argv.slice(2);
|
|
@@ -27,8 +28,5 @@ function parseArgs() {
|
|
|
27
28
|
return options;
|
|
28
29
|
}
|
|
29
30
|
const options = parseArgs();
|
|
30
|
-
(0, dashboard_js_1.main)(options).catch(err =>
|
|
31
|
-
console.error("Failed to start dashboard:", err);
|
|
32
|
-
process.exit(1);
|
|
33
|
-
});
|
|
31
|
+
(0, dashboard_js_1.main)(options).catch(err => (0, errors_js_1.handleCliError)(err));
|
|
34
32
|
//# sourceMappingURL=cli-dashboard.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli-dashboard.js","sourceRoot":"","sources":["../src/cli-dashboard.ts"],"names":[],"mappings":";;;;;;AACA,iDAAsC;AACtC,gDAAwB;AACxB,4CAAoB;
|
|
1
|
+
{"version":3,"file":"cli-dashboard.js","sourceRoot":"","sources":["../src/cli-dashboard.ts"],"names":[],"mappings":";;;;;;AACA,iDAAsC;AACtC,gDAAwB;AACxB,4CAAoB;AACpB,2CAA6C;AAE7C,MAAM,eAAe,GAAG,cAAI,CAAC,IAAI,CAAC,YAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;AAEtF,SAAS,SAAS;IAChB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG;QACd,IAAI,EAAE,IAAI;QACV,MAAM,EAAE,eAAe;KACxB,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACxC,OAAO,CAAC,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzC,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YAC7C,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC7B,CAAC,EAAE,CAAC;QACN,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,OAAO,GAAG,SAAS,EAAE,CAAC;AAC5B,IAAA,mBAAI,EAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAA,0BAAc,EAAC,GAAG,CAAC,CAAC,CAAC"}
|
package/dist/cli-main.js
CHANGED
|
@@ -7,6 +7,7 @@
|
|
|
7
7
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
8
8
|
const node_fs_1 = require("node:fs");
|
|
9
9
|
const node_path_1 = require("node:path");
|
|
10
|
+
const errors_js_1 = require("./errors.js");
|
|
10
11
|
function getVersion() {
|
|
11
12
|
try {
|
|
12
13
|
const pkgPath = (0, node_path_1.join)(__dirname, "..", "package.json");
|
|
@@ -78,13 +79,10 @@ async function main() {
|
|
|
78
79
|
process.exit(hasBlocker ? 1 : 0);
|
|
79
80
|
}
|
|
80
81
|
default:
|
|
81
|
-
|
|
82
|
+
process.stderr.write(`Unknown command: ${subcommand}\n\n`);
|
|
82
83
|
showHelp();
|
|
83
84
|
process.exit(1);
|
|
84
85
|
}
|
|
85
86
|
}
|
|
86
|
-
main().catch((err) =>
|
|
87
|
-
console.error("pop-pay:", err.message ?? err);
|
|
88
|
-
process.exit(1);
|
|
89
|
-
});
|
|
87
|
+
main().catch((err) => (0, errors_js_1.handleCliError)(err));
|
|
90
88
|
//# sourceMappingURL=cli-main.js.map
|
package/dist/cli-main.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli-main.js","sourceRoot":"","sources":["../src/cli-main.ts"],"names":[],"mappings":";;AAEA;;;GAGG;;AAEH,qCAAuC;AACvC,yCAAiC;
|
|
1
|
+
{"version":3,"file":"cli-main.js","sourceRoot":"","sources":["../src/cli-main.ts"],"names":[],"mappings":";;AAEA;;;GAGG;;AAEH,qCAAuC;AACvC,yCAAiC;AACjC,2CAA6C;AAE7C,SAAS,UAAU;IACjB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;QACtD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;QACtD,OAAO,GAAG,CAAC,OAAO,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,QAAQ;IACf,OAAO,CAAC,GAAG,CAAC,YAAY,UAAU,EAAE;;;;;;;;;;;;;;yCAcG,CAAC,CAAC;AAC3C,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEnC,IAAI,CAAC,UAAU,IAAI,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QAClE,QAAQ,EAAE,CAAC;QACX,OAAO;IACT,CAAC;IAED,IAAI,UAAU,KAAK,WAAW,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;QAC1B,OAAO;IACT,CAAC;IAED,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,YAAY;YACf,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1B,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;YAChC,MAAM;QAER,KAAK,QAAQ,CAAC;QACd,KAAK,YAAY;YACf,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1B,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;YACzB,MAAM;QAER,KAAK,YAAY,CAAC;QAClB,KAAK,gBAAgB;YACnB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1B,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;YAC/B,MAAM;QAER,KAAK,QAAQ,CAAC;QACd,KAAK,YAAY;YACf,sFAAsF;YACtF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC;YAC3B,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;YAC/B,MAAM;QAER,KAAK,WAAW;YACd,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1B,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;YACnC,MAAM;QAER,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1B,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC7C,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;YACzC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC;YACxE,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC;QAED;YACE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,UAAU,MAAM,CAAC,CAAC;YAC3D,QAAQ,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,0BAAc,EAAC,GAAG,CAAC,CAAC,CAAC"}
|
package/dist/cli-vault.js
CHANGED
|
@@ -10,6 +10,7 @@ const node_readline_1 = require("node:readline");
|
|
|
10
10
|
const node_os_1 = require("node:os");
|
|
11
11
|
const node_path_1 = require("node:path");
|
|
12
12
|
const vault_js_1 = require("./vault.js");
|
|
13
|
+
const errors_js_1 = require("./errors.js");
|
|
13
14
|
const VAULT_DIR = (0, node_path_1.join)((0, node_os_1.homedir)(), ".config", "pop-pay");
|
|
14
15
|
const VAULT_PATH = (0, node_path_1.join)(VAULT_DIR, "vault.enc");
|
|
15
16
|
function prompt(question) {
|
|
@@ -71,6 +72,34 @@ async function cmdInitVault() {
|
|
|
71
72
|
process.exit(0);
|
|
72
73
|
}
|
|
73
74
|
}
|
|
75
|
+
// F3: OSS salt consent gate at init time. If not using passphrase AND the
|
|
76
|
+
// native extension isn't hardened, require explicit consent — either
|
|
77
|
+
// POP_ACCEPT_OSS_SALT=1 or interactive y/N when stdin is a TTY.
|
|
78
|
+
if (!usePassphrase) {
|
|
79
|
+
let hardened = false;
|
|
80
|
+
try {
|
|
81
|
+
const native = require("../native/pop-pay-native.node");
|
|
82
|
+
hardened = native.isHardened?.() ?? false;
|
|
83
|
+
}
|
|
84
|
+
catch { }
|
|
85
|
+
if (!hardened) {
|
|
86
|
+
if (process.env.POP_ACCEPT_OSS_SALT === "1") {
|
|
87
|
+
// pre-acknowledged — proceed
|
|
88
|
+
}
|
|
89
|
+
else if (process.stdin.isTTY) {
|
|
90
|
+
const ack = await prompt("Proceed with OSS public salt? This offers weaker protection than --passphrase. [y/N]: ");
|
|
91
|
+
if (ack.toLowerCase() !== "y") {
|
|
92
|
+
console.log("Aborted. Re-run with --passphrase, or set POP_ACCEPT_OSS_SALT=1.");
|
|
93
|
+
process.exit(1);
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
else {
|
|
97
|
+
console.error("pop-init-vault: OSS public salt requires consent. " +
|
|
98
|
+
"Set POP_ACCEPT_OSS_SALT=1 or pass --passphrase.");
|
|
99
|
+
process.exit(1);
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
}
|
|
74
103
|
let keyOverride;
|
|
75
104
|
if (usePassphrase) {
|
|
76
105
|
console.log("\nPassphrase mode: your vault will be encrypted with a passphrase.");
|
|
@@ -107,13 +136,7 @@ async function cmdInitVault() {
|
|
|
107
136
|
expiration_date: `${expMonth}/${expYear}`,
|
|
108
137
|
};
|
|
109
138
|
console.log("\nEncrypting and writing vault...");
|
|
110
|
-
|
|
111
|
-
(0, vault_js_1.saveVault)(creds, keyOverride);
|
|
112
|
-
}
|
|
113
|
-
catch (e) {
|
|
114
|
-
console.error(`ERROR: ${e.message}`);
|
|
115
|
-
process.exit(1);
|
|
116
|
-
}
|
|
139
|
+
(0, vault_js_1.saveVault)(creds, keyOverride);
|
|
117
140
|
console.log(`Vault written to ${VAULT_PATH}`);
|
|
118
141
|
// Handle policy .env
|
|
119
142
|
const policyEnvPath = (0, node_path_1.join)(VAULT_DIR, ".env");
|
|
@@ -143,7 +166,7 @@ async function cmdInitVault() {
|
|
|
143
166
|
# Card credentials are stored in vault.enc — do not add them here.
|
|
144
167
|
|
|
145
168
|
# Vendors the agent is allowed to pay (JSON array)
|
|
146
|
-
POP_ALLOWED_CATEGORIES=["aws", "cloudflare", "openai", "github", "Wikipedia", "donation", "Wikimedia"]
|
|
169
|
+
POP_ALLOWED_CATEGORIES='["aws", "cloudflare", "openai", "github", "Wikipedia", "donation", "Wikimedia"]'
|
|
147
170
|
|
|
148
171
|
# Spending limits
|
|
149
172
|
POP_MAX_PER_TX=100.0
|
|
@@ -163,8 +186,8 @@ POP_CDP_URL=http://localhost:9222
|
|
|
163
186
|
# POP_BILLING_EMAIL=bob@example.com
|
|
164
187
|
# POP_BILLING_PHONE_COUNTRY_CODE=+1
|
|
165
188
|
# POP_BILLING_PHONE=+14155551234
|
|
166
|
-
# POP_BILLING_STREET=123 Main St
|
|
167
|
-
# POP_BILLING_CITY=Redwood City
|
|
189
|
+
# POP_BILLING_STREET="123 Main St"
|
|
190
|
+
# POP_BILLING_CITY="Redwood City"
|
|
168
191
|
# POP_BILLING_ZIP=94043
|
|
169
192
|
# POP_BILLING_STATE=CA
|
|
170
193
|
# POP_BILLING_COUNTRY=US
|
|
@@ -192,22 +215,24 @@ async function cmdUnlock() {
|
|
|
192
215
|
return;
|
|
193
216
|
}
|
|
194
217
|
if (!(0, vault_js_1.vaultExists)()) {
|
|
195
|
-
|
|
196
|
-
process.exit(1);
|
|
218
|
+
throw new errors_js_1.VaultNotFound();
|
|
197
219
|
}
|
|
198
220
|
const passphrase = await promptHidden("Vault passphrase: ");
|
|
199
221
|
if (!passphrase) {
|
|
200
|
-
|
|
201
|
-
process.exit(1);
|
|
222
|
+
throw new errors_js_1.VaultDecryptFailed("Passphrase cannot be empty.");
|
|
202
223
|
}
|
|
203
224
|
const key = (0, vault_js_1.deriveKeyFromPassphrase)(passphrase);
|
|
225
|
+
const blob = (0, node_fs_1.readFileSync)(VAULT_PATH);
|
|
204
226
|
try {
|
|
205
|
-
const blob = (0, node_fs_1.readFileSync)(VAULT_PATH);
|
|
206
227
|
(0, vault_js_1.decryptCredentials)(blob, undefined, key);
|
|
207
228
|
}
|
|
208
|
-
catch {
|
|
209
|
-
|
|
210
|
-
|
|
229
|
+
catch (e) {
|
|
230
|
+
if (e instanceof errors_js_1.VaultDecryptFailed) {
|
|
231
|
+
throw new errors_js_1.VaultDecryptFailed("Wrong passphrase — vault not unlocked.", {
|
|
232
|
+
cause: e,
|
|
233
|
+
});
|
|
234
|
+
}
|
|
235
|
+
throw e;
|
|
211
236
|
}
|
|
212
237
|
(0, vault_js_1.storeKeyInKeyring)(key);
|
|
213
238
|
console.log("Vault unlocked for this session.");
|
|
@@ -215,19 +240,37 @@ async function cmdUnlock() {
|
|
|
215
240
|
console.log("Run `pop-unlock --lock` to re-lock when done.");
|
|
216
241
|
}
|
|
217
242
|
// ---------------------------------------------------------------------------
|
|
243
|
+
// pop-init-vault --wipe (F8)
|
|
244
|
+
// ---------------------------------------------------------------------------
|
|
245
|
+
async function cmdWipe() {
|
|
246
|
+
if (!process.argv.includes("--yes") && process.stdin.isTTY) {
|
|
247
|
+
const ack = await prompt("Wipe ALL pop-pay vault artifacts (vault.enc, .vault_mode, keyring, stale .tmp)? [y/N]: ");
|
|
248
|
+
if (ack.toLowerCase() !== "y") {
|
|
249
|
+
console.log("Aborted.");
|
|
250
|
+
process.exit(0);
|
|
251
|
+
}
|
|
252
|
+
}
|
|
253
|
+
const wiped = await (0, vault_js_1.wipeVaultArtifacts)();
|
|
254
|
+
if (wiped.length === 0) {
|
|
255
|
+
console.log("No vault artifacts found.");
|
|
256
|
+
}
|
|
257
|
+
else {
|
|
258
|
+
for (const p of wiped)
|
|
259
|
+
console.log(`wiped: ${p}`);
|
|
260
|
+
}
|
|
261
|
+
console.log("Keyring entry cleared.");
|
|
262
|
+
}
|
|
263
|
+
// ---------------------------------------------------------------------------
|
|
218
264
|
// Main dispatch
|
|
219
265
|
// ---------------------------------------------------------------------------
|
|
220
266
|
const command = process.argv[1] ?? "";
|
|
221
|
-
if (
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
267
|
+
if (process.argv.includes("--wipe")) {
|
|
268
|
+
cmdWipe().catch((e) => (0, errors_js_1.handleCliError)(e));
|
|
269
|
+
}
|
|
270
|
+
else if (command.includes("pop-unlock") || process.argv.includes("unlock")) {
|
|
271
|
+
cmdUnlock().catch((e) => (0, errors_js_1.handleCliError)(e));
|
|
226
272
|
}
|
|
227
273
|
else {
|
|
228
|
-
cmdInitVault().catch((e) =>
|
|
229
|
-
console.error(e);
|
|
230
|
-
process.exit(1);
|
|
231
|
-
});
|
|
274
|
+
cmdInitVault().catch((e) => (0, errors_js_1.handleCliError)(e));
|
|
232
275
|
}
|
|
233
276
|
//# sourceMappingURL=cli-vault.js.map
|
package/dist/cli-vault.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli-vault.js","sourceRoot":"","sources":["../src/cli-vault.ts"],"names":[],"mappings":";;AACA;;;GAGG;;AAEH,qCAAwF;AACxF,iDAAgD;AAChD,qCAAkC;AAClC,yCAAiC;AAEjC,
|
|
1
|
+
{"version":3,"file":"cli-vault.js","sourceRoot":"","sources":["../src/cli-vault.ts"],"names":[],"mappings":";;AACA;;;GAGG;;AAEH,qCAAwF;AACxF,iDAAgD;AAChD,qCAAkC;AAClC,yCAAiC;AAEjC,yCAWoB;AACpB,2CAAgF;AAEhF,MAAM,SAAS,GAAG,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;AACxD,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,WAAW,CAAC,CAAC;AAEhD,SAAS,MAAM,CAAC,QAAgB;IAC9B,MAAM,EAAE,GAAG,IAAA,+BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,EAAE;YAC/B,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,YAAY,CAAC,QAAgB;IACpC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC;QAC3B,IAAI,KAAK,CAAC,KAAK;YAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACxC,KAAK,CAAC,MAAM,EAAE,CAAC;QAEf,IAAI,KAAK,GAAG,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,CAAC,IAAY,EAAE,EAAE;YAC9B,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAChC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC/C,IAAI,KAAK,CAAC,KAAK;oBAAE,KAAK,CAAC,UAAU,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC;gBACnD,KAAK,CAAC,KAAK,EAAE,CAAC;gBACd,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBACrC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC3B,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACxB,CAAC;iBAAM,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC1B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;iBAAM,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBACxC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC7B,CAAC;iBAAM,CAAC;gBACN,KAAK,IAAI,CAAC,CAAC;YACb,CAAC;QACH,CAAC,CAAC;QACF,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAC9E,KAAK,UAAU,YAAY;IACzB,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAE5D,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,KAAK,UAAU,EAAE,CAAC,CAAC;IAC/B,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,CAAC;IAEzB,IAAI,IAAA,sBAAW,GAAE,EAAE,CAAC;QAClB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,4CAA4C,CAAC,CAAC;QAC7E,IAAI,SAAS,CAAC,WAAW,EAAE,KAAK,GAAG,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,qEAAqE;IACrE,gEAAgE;IAChE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,OAAO,CAAC,+BAA+B,CAAC,CAAC;YACxD,QAAQ,GAAG,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,KAAK,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QACV,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,GAAG,EAAE,CAAC;gBAC5C,6BAA6B;YAC/B,CAAC;iBAAM,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;gBAC/B,MAAM,GAAG,GAAG,MAAM,MAAM,CACtB,wFAAwF,CACzF,CAAC;gBACF,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,GAAG,EAAE,CAAC;oBAC9B,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;oBAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CACX,oDAAoD;oBACpD,iDAAiD,CAClD,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,WAA+B,CAAC;IACpC,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,oEAAoE,CAAC,CAAC;QAClF,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;QAC3E,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC,uBAAuB,CAAC,CAAC;YACvD,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC,wBAAwB,CAAC,CAAC;YACxD,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;gBACtD,SAAS;YACX,CAAC;YACD,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;gBAC3D,SAAS;YACX,CAAC;YACD,WAAW,GAAG,IAAA,kCAAuB,EAAC,EAAE,CAAC,CAAC;YAC1C,IAAA,4BAAiB,EAAC,WAAW,CAAC,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;YAClE,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;IAC9D,MAAM,UAAU,GAAG,CAAC,MAAM,YAAY,CAAC,iBAAiB,CAAC,CAAC;SACvD,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;SAClB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACrB,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,uBAAuB,CAAC,CAAC;IAC7D,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,sBAAsB,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,SAAS,CAAC,CAAC;IAE1C,MAAM,KAAK,GAA2B;QACpC,WAAW,EAAE,UAAU;QACvB,GAAG;QACH,SAAS,EAAE,QAAQ;QACnB,QAAQ,EAAE,OAAO;QACjB,eAAe,EAAE,GAAG,QAAQ,IAAI,OAAO,EAAE;KAC1C,CAAC;IAEF,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACjD,IAAA,oBAAS,EAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IAC9B,OAAO,CAAC,GAAG,CAAC,oBAAoB,UAAU,EAAE,CAAC,CAAC;IAE9C,qBAAqB;IACrB,MAAM,aAAa,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC9C,MAAM,aAAa,GAAG,CAAC,aAAa,EAAE,IAAA,gBAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IAEnE,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,IAAI,IAAA,oBAAU,EAAC,OAAO,CAAC,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,IAAA,sBAAY,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC9C,IAAI,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC5E,MAAM,IAAI,GAAG,MAAM,MAAM,CACvB,eAAe,OAAO,8DAA8D,CACrF,CAAC;gBACF,IAAI,IAAI,CAAC,WAAW,EAAE,KAAK,GAAG,EAAE,CAAC;oBAC/B,IAAA,wBAAa,EAAC,OAAO,CAAC,CAAC;oBACvB,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,SAAS,CAAC,CAAC;oBACjC,IAAI,OAAO,KAAK,aAAa;wBAAE,cAAc,GAAG,IAAI,CAAC;gBACvD,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,CAAC,IAAA,oBAAU,EAAC,aAAa,CAAC,IAAI,cAAc,EAAE,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,+BAA+B,aAAa,GAAG,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,wCAAwC,CAAC,CAAC;QACtE,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,GAAG,EAAE,CAAC;YACjC,IAAA,mBAAS,EAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC1C,IAAA,uBAAa,EACX,aAAa,EACb;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6BP,EACO,EAAE,IAAI,EAAE,KAAK,EAAE,CAChB,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,uBAAuB,aAAa,6BAA6B,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAED,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;IACtE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,0EAA0E,CAAC,CAAC;IAC1F,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAC9E,KAAK,UAAU,SAAS;IACtB,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAE/C,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,IAAA,uBAAY,GAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;QAChD,OAAO;IACT,CAAC;IAED,IAAI,CAAC,IAAA,sBAAW,GAAE,EAAE,CAAC;QACnB,MAAM,IAAI,yBAAa,EAAE,CAAC;IAC5B,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,oBAAoB,CAAC,CAAC;IAC5D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,8BAAkB,CAAC,6BAA6B,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,kCAAuB,EAAC,UAAU,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,IAAA,sBAAY,EAAC,UAAU,CAAC,CAAC;IACtC,IAAI,CAAC;QACH,IAAA,6BAAkB,EAAC,IAAI,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,YAAY,8BAAkB,EAAE,CAAC;YACpC,MAAM,IAAI,8BAAkB,CAAC,wCAAwC,EAAE;gBACrE,KAAK,EAAE,CAAC;aACT,CAAC,CAAC;QACL,CAAC;QACD,MAAM,CAAC,CAAC;IACV,CAAC;IAED,IAAA,4BAAiB,EAAC,GAAG,CAAC,CAAC;IACvB,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,gFAAgF,CAAC,CAAC;IAC9F,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;AAC/D,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAC9E,KAAK,UAAU,OAAO;IACpB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QAC3D,MAAM,GAAG,GAAG,MAAM,MAAM,CACtB,yFAAyF,CAC1F,CAAC;QACF,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,GAAG,EAAE,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,IAAA,6BAAkB,GAAE,CAAC;IACzC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,CAAC,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;AACxC,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAC9E,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AACtC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;IACpC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,0BAAc,EAAC,CAAC,CAAC,CAAC,CAAC;AAC5C,CAAC;KAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC7E,SAAS,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,0BAAc,EAAC,CAAC,CAAC,CAAC,CAAC;AAC9C,CAAC;KAAM,CAAC;IACN,YAAY,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,0BAAc,EAAC,CAAC,CAAC,CAAC,CAAC;AACjD,CAAC"}
|
package/dist/client.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACpF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACpF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAGlD,qBAAa,SAAS;IACpB,QAAQ,EAAE,mBAAmB,CAAC;IAC9B,MAAM,EAAE,eAAe,CAAC;IACxB,YAAY,EAAE,eAAe,CAAC;IAC9B,MAAM,EAAE,eAAe,CAAC;gBAGtB,QAAQ,EAAE,mBAAmB,EAC7B,MAAM,EAAE,eAAe,EACvB,MAAM,CAAC,EAAE,eAAe,EACxB,MAAM,CAAC,EAAE,MAAM;IAaX,cAAc,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC;IAuG3D,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAOpH"}
|
package/dist/client.js
CHANGED
|
@@ -4,6 +4,7 @@ exports.PopClient = void 0;
|
|
|
4
4
|
const node_crypto_1 = require("node:crypto");
|
|
5
5
|
const guardrails_js_1 = require("./engine/guardrails.js");
|
|
6
6
|
const state_js_1 = require("./core/state.js");
|
|
7
|
+
const errors_js_1 = require("./errors.js");
|
|
7
8
|
class PopClient {
|
|
8
9
|
provider;
|
|
9
10
|
policy;
|
|
@@ -35,8 +36,30 @@ class PopClient {
|
|
|
35
36
|
this.stateTracker.recordSeal(seal.sealId, seal.authorizedAmount, intent.targetVendor, seal.status, null, null, seal.rejectionReason);
|
|
36
37
|
return seal;
|
|
37
38
|
}
|
|
38
|
-
// Evaluate intent
|
|
39
|
-
|
|
39
|
+
// Evaluate intent. Typed PopPayLLMError (RetryExhausted / ProviderUnreachable /
|
|
40
|
+
// InvalidResponse) must surface as evaluation-failure, not a guardrail block —
|
|
41
|
+
// otherwise quota burn or transport faults masquerade as policy rejections.
|
|
42
|
+
let approved;
|
|
43
|
+
let reason;
|
|
44
|
+
try {
|
|
45
|
+
[approved, reason] = await this.engine.evaluateIntent(intent, this.policy);
|
|
46
|
+
}
|
|
47
|
+
catch (e) {
|
|
48
|
+
if (e instanceof errors_js_1.PopPayLLMError) {
|
|
49
|
+
const seal = {
|
|
50
|
+
sealId: (0, node_crypto_1.randomUUID)(),
|
|
51
|
+
cardNumber: null,
|
|
52
|
+
cvv: null,
|
|
53
|
+
expirationDate: null,
|
|
54
|
+
authorizedAmount: 0.0,
|
|
55
|
+
status: "Rejected",
|
|
56
|
+
rejectionReason: `evaluation_failed:${e.code}:${e.message}`,
|
|
57
|
+
};
|
|
58
|
+
this.stateTracker.recordSeal(seal.sealId, seal.authorizedAmount, intent.targetVendor, seal.status, null, null, seal.rejectionReason);
|
|
59
|
+
return seal;
|
|
60
|
+
}
|
|
61
|
+
throw e;
|
|
62
|
+
}
|
|
40
63
|
if (!approved) {
|
|
41
64
|
const seal = {
|
|
42
65
|
sealId: (0, node_crypto_1.randomUUID)(),
|
package/dist/client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":";;;AAAA,6CAAyC;AAGzC,0DAAyD;AACzD,8CAAkD;
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":";;;AAAA,6CAAyC;AAGzC,0DAAyD;AACzD,8CAAkD;AAClD,2CAA6C;AAE7C,MAAa,SAAS;IACpB,QAAQ,CAAsB;IAC9B,MAAM,CAAkB;IACxB,YAAY,CAAkB;IAC9B,MAAM,CAAkB;IAExB,YACE,QAA6B,EAC7B,MAAuB,EACvB,MAAwB,EACxB,MAAe;QAEf,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,yEAAyE;QACzE,wEAAwE;QACxE,2EAA2E;QAC3E,wEAAwE;QACxE,+DAA+D;QAC/D,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,0BAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,0BAAe,EAAE,CAAC;QACjF,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,IAAI,+BAAe,EAAE,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAqB;QACxC,qBAAqB;QACrB,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;YACpF,MAAM,IAAI,GAAgB;gBACxB,MAAM,EAAE,IAAA,wBAAU,GAAE;gBACpB,UAAU,EAAE,IAAI;gBAChB,GAAG,EAAE,IAAI;gBACT,cAAc,EAAE,IAAI;gBACpB,gBAAgB,EAAE,GAAG;gBACrB,MAAM,EAAE,UAAU;gBAClB,eAAe,EAAE,uBAAuB;aACzC,CAAC;YACF,IAAI,CAAC,YAAY,CAAC,UAAU,CAC1B,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,gBAAgB,EACrB,MAAM,CAAC,YAAY,EACnB,IAAI,CAAC,MAAM,EACX,IAAI,EACJ,IAAI,EACJ,IAAI,CAAC,eAAe,CACrB,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,gFAAgF;QAChF,+EAA+E;QAC/E,4EAA4E;QAC5E,IAAI,QAAiB,CAAC;QACtB,IAAI,MAAc,CAAC;QACnB,IAAI,CAAC;YACH,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7E,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,YAAY,0BAAc,EAAE,CAAC;gBAChC,MAAM,IAAI,GAAgB;oBACxB,MAAM,EAAE,IAAA,wBAAU,GAAE;oBACpB,UAAU,EAAE,IAAI;oBAChB,GAAG,EAAE,IAAI;oBACT,cAAc,EAAE,IAAI;oBACpB,gBAAgB,EAAE,GAAG;oBACrB,MAAM,EAAE,UAAU;oBAClB,eAAe,EAAE,qBAAqB,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,EAAE;iBAC5D,CAAC;gBACF,IAAI,CAAC,YAAY,CAAC,UAAU,CAC1B,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,gBAAgB,EACrB,MAAM,CAAC,YAAY,EACnB,IAAI,CAAC,MAAM,EACX,IAAI,EACJ,IAAI,EACJ,IAAI,CAAC,eAAe,CACrB,CAAC;gBACF,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,CAAC,CAAC;QACV,CAAC;QACD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,GAAgB;gBACxB,MAAM,EAAE,IAAA,wBAAU,GAAE;gBACpB,UAAU,EAAE,IAAI;gBAChB,GAAG,EAAE,IAAI;gBACT,cAAc,EAAE,IAAI;gBACpB,gBAAgB,EAAE,GAAG;gBACrB,MAAM,EAAE,UAAU;gBAClB,eAAe,EAAE,MAAM;aACxB,CAAC;YACF,IAAI,CAAC,YAAY,CAAC,UAAU,CAC1B,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,gBAAgB,EACrB,MAAM,CAAC,YAAY,EACnB,IAAI,CAAC,MAAM,EACX,IAAI,EACJ,IAAI,EACJ,IAAI,CAAC,eAAe,CACrB,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,0DAA0D;QAC1D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU;YAChC,CAAC,CAAC,kBAAkB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;YAC/C,CAAC,CAAC,qBAAqB,CAAC;QAE1B,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC/B,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,UAAU,CAC1B,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,gBAAgB,EACrB,MAAM,CAAC,YAAY,EACnB,IAAI,CAAC,MAAM,EACX,UAAU,EACV,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,eAAe,CACrB,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC/B,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,MAAc;QACjD,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACnC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IACvC,CAAC;CACF;AArID,8BAqIC"}
|
package/dist/core/state.d.ts
CHANGED
|
@@ -1,11 +1,8 @@
|
|
|
1
1
|
export declare class PopStateTracker {
|
|
2
2
|
private db;
|
|
3
|
-
private encryptionKey;
|
|
4
3
|
dailySpendTotal: number;
|
|
5
4
|
constructor(dbPath?: string);
|
|
6
|
-
private
|
|
7
|
-
private encryptField;
|
|
8
|
-
private decryptField;
|
|
5
|
+
private applyOwnerOnlyPermissions;
|
|
9
6
|
private utcNowIso;
|
|
10
7
|
private initDb;
|
|
11
8
|
private migrateSchema;
|
package/dist/core/state.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../../src/core/state.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../../src/core/state.ts"],"names":[],"mappings":"AAOA,qBAAa,eAAe;IAC1B,OAAO,CAAC,EAAE,CAAoB;IAC9B,eAAe,EAAE,MAAM,CAAC;gBAEZ,MAAM,GAAE,MAAwB;IAY5C,OAAO,CAAC,yBAAyB;IAWjC,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,MAAM;IAqCd,OAAO,CAAC,aAAa;IAyFrB,OAAO,CAAC,aAAa;IAQrB,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO;IAKzD,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAY9B,UAAU,CACR,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,MAAiB,EACzB,UAAU,GAAE,MAAM,GAAG,IAAW,EAChC,cAAc,GAAE,MAAM,GAAG,IAAW,EACpC,eAAe,GAAE,MAAM,GAAG,IAAW,GACpC,IAAI;IAcP,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IASzC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAMtD,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAM9B,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAO/B;;;;;;;;;;;OAWG;IACH,gBAAgB,CACd,SAAS,EAAE,MAAM,EACjB,MAAM,GAAE,MAAM,GAAG,IAAW,EAC5B,SAAS,GAAE,MAAM,GAAG,IAAW,EAC/B,OAAO,GAAE,MAAM,GAAG,IAAW,EAC7B,eAAe,GAAE,MAAM,GAAG,IAAW,GACpC,MAAM;IAWT,cAAc,CAAC,KAAK,GAAE,MAAY,GAAG,KAAK,CAAC;QACzC,EAAE,EAAE,MAAM,CAAC;QACX,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;QACtB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;QACvB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;QAChC,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IASF,KAAK,IAAI,IAAI;CAGd"}
|
package/dist/core/state.js
CHANGED
|
@@ -5,71 +5,45 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.PopStateTracker = void 0;
|
|
7
7
|
const better_sqlite3_1 = __importDefault(require("better-sqlite3"));
|
|
8
|
-
const crypto_1 = __importDefault(require("crypto"));
|
|
9
8
|
const os_1 = __importDefault(require("os"));
|
|
10
9
|
const path_1 = __importDefault(require("path"));
|
|
11
10
|
const fs_1 = __importDefault(require("fs"));
|
|
12
11
|
const DEFAULT_DB_PATH = path_1.default.join(os_1.default.homedir(), ".config", "pop-pay", "pop_state.db");
|
|
13
12
|
class PopStateTracker {
|
|
14
13
|
db;
|
|
15
|
-
encryptionKey;
|
|
16
14
|
dailySpendTotal;
|
|
17
15
|
constructor(dbPath = DEFAULT_DB_PATH) {
|
|
18
16
|
fs_1.default.mkdirSync(path_1.default.dirname(dbPath), { recursive: true });
|
|
19
17
|
this.db = new better_sqlite3_1.default(dbPath);
|
|
20
18
|
this.db.pragma("journal_mode = WAL");
|
|
21
|
-
this.encryptionKey = this.deriveEncryptionKey();
|
|
22
19
|
this.initDb();
|
|
23
20
|
this.dailySpendTotal = this.getTodaySpent();
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
const iv = crypto_1.default.randomBytes(12);
|
|
41
|
-
const cipher = crypto_1.default.createCipheriv("aes-256-gcm", this.encryptionKey, iv);
|
|
42
|
-
const encrypted = Buffer.concat([
|
|
43
|
-
cipher.update(value, "utf8"),
|
|
44
|
-
cipher.final(),
|
|
45
|
-
]);
|
|
46
|
-
const authTag = cipher.getAuthTag();
|
|
47
|
-
// Structure: IV (12b) + AuthTag (16b) + Ciphertext
|
|
48
|
-
return Buffer.concat([iv, authTag, encrypted]).toString("base64");
|
|
49
|
-
}
|
|
50
|
-
decryptField(encryptedBase64) {
|
|
51
|
-
if (!encryptedBase64)
|
|
52
|
-
return null;
|
|
53
|
-
try {
|
|
54
|
-
const data = Buffer.from(encryptedBase64, "base64");
|
|
55
|
-
if (data.length < 28)
|
|
56
|
-
return encryptedBase64; // Too short for IV+Tag+Data, probably raw
|
|
57
|
-
const iv = data.subarray(0, 12);
|
|
58
|
-
const authTag = data.subarray(12, 28);
|
|
59
|
-
const ciphertext = data.subarray(28);
|
|
60
|
-
const decipher = crypto_1.default.createDecipheriv("aes-256-gcm", this.encryptionKey, iv);
|
|
61
|
-
decipher.setAuthTag(authTag);
|
|
62
|
-
return (decipher.update(ciphertext, undefined, "utf8") +
|
|
63
|
-
decipher.final("utf8"));
|
|
64
|
-
}
|
|
65
|
-
catch (e) {
|
|
66
|
-
return encryptedBase64; // Fallback to raw value if decryption fails
|
|
21
|
+
// RT-2 R2 N2: owner-only permissions on the DB file + WAL sidecars.
|
|
22
|
+
// POSIX only; Windows ACLs are intentionally out of scope for this fix.
|
|
23
|
+
// WAL + SHM sidecars exist after the initDb() write path above.
|
|
24
|
+
this.applyOwnerOnlyPermissions(dbPath);
|
|
25
|
+
}
|
|
26
|
+
applyOwnerOnlyPermissions(dbPath) {
|
|
27
|
+
if (dbPath === ":memory:" || process.platform === "win32")
|
|
28
|
+
return;
|
|
29
|
+
for (const p of [dbPath, `${dbPath}-wal`, `${dbPath}-shm`]) {
|
|
30
|
+
try {
|
|
31
|
+
if (fs_1.default.existsSync(p))
|
|
32
|
+
fs_1.default.chmodSync(p, 0o600);
|
|
33
|
+
}
|
|
34
|
+
catch {
|
|
35
|
+
// best effort — chmod is a hardening layer, not a hard precondition
|
|
36
|
+
}
|
|
67
37
|
}
|
|
68
38
|
}
|
|
69
39
|
utcNowIso() {
|
|
70
40
|
return new Date().toISOString();
|
|
71
41
|
}
|
|
72
42
|
initDb() {
|
|
43
|
+
// RT-2 R2 N1: secure_delete overwrites freed pages during DELETE and
|
|
44
|
+
// VACUUM, so legacy card_number residue in the freelist is zeroed rather
|
|
45
|
+
// than left as readable plaintext.
|
|
46
|
+
this.db.pragma("secure_delete = ON");
|
|
73
47
|
this.db.exec(`
|
|
74
48
|
CREATE TABLE IF NOT EXISTS daily_budget (
|
|
75
49
|
date TEXT PRIMARY KEY,
|
|
@@ -169,6 +143,16 @@ class PopStateTracker {
|
|
|
169
143
|
if (!auditColumnNames.has("rejection_reason")) {
|
|
170
144
|
this.db.exec("ALTER TABLE audit_log ADD COLUMN rejection_reason TEXT");
|
|
171
145
|
}
|
|
146
|
+
// RT-2 R2 N1: one-time VACUUM to rewrite all pages, including the freelist
|
|
147
|
+
// pages that still hold plaintext card_number data after the legacy
|
|
148
|
+
// DROP TABLE + RENAME. secure_delete (set in initDb) determines the fill
|
|
149
|
+
// pattern for freed pages. Idempotent via user_version — re-opening an
|
|
150
|
+
// already-migrated DB skips the VACUUM.
|
|
151
|
+
const userVersion = this.db.pragma("user_version", { simple: true }) ?? 0;
|
|
152
|
+
if (userVersion < 2) {
|
|
153
|
+
this.db.exec("VACUUM");
|
|
154
|
+
this.db.pragma("user_version = 2");
|
|
155
|
+
}
|
|
172
156
|
}
|
|
173
157
|
getTodaySpent() {
|
|
174
158
|
const today = new Date().toISOString().slice(0, 10);
|
|
@@ -191,12 +175,15 @@ class PopStateTracker {
|
|
|
191
175
|
this.dailySpendTotal = this.getTodaySpent();
|
|
192
176
|
}
|
|
193
177
|
recordSeal(sealId, amount, vendor, status = "Issued", maskedCard = null, expirationDate = null, rejectionReason = null) {
|
|
194
|
-
|
|
178
|
+
// RT-2 R2 Fix 4: masked_card is a PCI-DSS 3.3 permitted last-4 projection
|
|
179
|
+
// (already redacted). Prior AES-GCM-over-hostname-HMAC added no meaningful
|
|
180
|
+
// protection over the N2 0600 file mode and impeded auditability. Stored
|
|
181
|
+
// plaintext from v0.5.10 forward.
|
|
195
182
|
const timestamp = this.utcNowIso();
|
|
196
183
|
this.db
|
|
197
184
|
.prepare(`INSERT INTO issued_seals (seal_id, amount, vendor, status, masked_card, expiration_date, timestamp, rejection_reason)
|
|
198
185
|
VALUES (?, ?, ?, ?, ?, ?, ?, ?)`)
|
|
199
|
-
.run(sealId, amount, vendor, status,
|
|
186
|
+
.run(sealId, amount, vendor, status, maskedCard, expirationDate, timestamp, rejectionReason);
|
|
200
187
|
}
|
|
201
188
|
getSealMaskedCard(sealId) {
|
|
202
189
|
const row = this.db
|
|
@@ -204,7 +191,7 @@ class PopStateTracker {
|
|
|
204
191
|
.get(sealId);
|
|
205
192
|
if (!row || !row.masked_card)
|
|
206
193
|
return "";
|
|
207
|
-
return
|
|
194
|
+
return row.masked_card;
|
|
208
195
|
}
|
|
209
196
|
updateSealStatus(sealId, status) {
|
|
210
197
|
this.db
|
package/dist/core/state.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"state.js","sourceRoot":"","sources":["../../src/core/state.ts"],"names":[],"mappings":";;;;;;AAAA,oEAAsC;AACtC,
|
|
1
|
+
{"version":3,"file":"state.js","sourceRoot":"","sources":["../../src/core/state.ts"],"names":[],"mappings":";;;;;;AAAA,oEAAsC;AACtC,4CAAoB;AACpB,gDAAwB;AACxB,4CAAoB;AAEpB,MAAM,eAAe,GAAG,cAAI,CAAC,IAAI,CAAC,YAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;AAEtF,MAAa,eAAe;IAClB,EAAE,CAAoB;IAC9B,eAAe,CAAS;IAExB,YAAY,SAAiB,eAAe;QAC1C,YAAE,CAAC,SAAS,CAAC,cAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,EAAE,GAAG,IAAI,wBAAQ,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,EAAE,CAAC;QACd,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAC5C,oEAAoE;QACpE,wEAAwE;QACxE,gEAAgE;QAChE,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAEO,yBAAyB,CAAC,MAAc;QAC9C,IAAI,MAAM,KAAK,UAAU,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;YAAE,OAAO;QAClE,KAAK,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,MAAM,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC;gBACH,IAAI,YAAE,CAAC,UAAU,CAAC,CAAC,CAAC;oBAAE,YAAE,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;YAC/C,CAAC;YAAC,MAAM,CAAC;gBACP,oEAAoE;YACtE,CAAC;QACH,CAAC;IACH,CAAC;IAEO,SAAS;QACf,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAClC,CAAC;IAEO,MAAM;QACZ,qEAAqE;QACrE,yEAAyE;QACzE,mCAAmC;QACnC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACrC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;;;;;KAKZ,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;KAWZ,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;KAUZ,CAAC,CAAC;QACH,IAAI,CAAC,aAAa,EAAE,CAAC;IACvB,CAAC;IAEO,aAAa;QACnB,IAAI,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAAC,GAAG,EAAW,CAAC;QAChF,IAAI,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAEtD,IAAI,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7D,gDAAgD;YAChD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;gBACpC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;YACvE,CAAC;YACD,uDAAuD;YACvD,IAAI,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;gBACnC,IAAI,CAAC,EAAE,CAAC,IAAI,CACV,qFAAqF;oBACrF,uDAAuD,CACxD,CAAC;YACJ,CAAC;YACD,2EAA2E;YAC3E,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;OAWZ,CAAC,CAAC;YACH,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;;;;OAIZ,CAAC,CAAC;YACH,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;YACxC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;QACtE,CAAC;QAED,kFAAkF;QAClF,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAAC,GAAG,EAAW,CAAC;QAC5E,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAElD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;QAC5E,CAAC;QAED,4CAA4C;QAC5C,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,sJAAsJ,CAAC,CAAC;QAErK,8DAA8D;QAC9D,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;KAUZ,CAAC,CAAC;QAEH,yEAAyE;QACzE,+EAA+E;QAC/E,yEAAyE;QACzE,0EAA0E;QAC1E,wDAAwD;QACxD,MAAM,YAAY,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC,GAAG,EAAW,CAAC;QACpF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAClE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACrC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;YAC9D,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;QACjF,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QACzE,CAAC;QAED,2EAA2E;QAC3E,oEAAoE;QACpE,yEAAyE;QACzE,uEAAuE;QACvE,wCAAwC;QACxC,MAAM,WAAW,GAAI,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAY,IAAI,CAAC,CAAC;QACtF,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;YACpB,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IAEO,aAAa;QACnB,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,sDAAsD,CAAC;aAC/D,GAAG,CAAC,KAAK,CAAyC,CAAC;QACtD,OAAO,GAAG,EAAE,YAAY,IAAI,GAAG,CAAC;IAClC,CAAC;IAED,QAAQ,CAAC,MAAc,EAAE,cAAsB;QAC7C,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACxC,OAAO,UAAU,GAAG,MAAM,IAAI,cAAc,CAAC;IAC/C,CAAC;IAED,QAAQ,CAAC,MAAc;QACrB,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;yEAEiE,CAClE;aACA,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9B,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IAC9C,CAAC;IAED,UAAU,CACR,MAAc,EACd,MAAc,EACd,MAAc,EACd,SAAiB,QAAQ,EACzB,aAA4B,IAAI,EAChC,iBAAgC,IAAI,EACpC,kBAAiC,IAAI;QAErC,0EAA0E;QAC1E,2EAA2E;QAC3E,yEAAyE;QACzE,kCAAkC;QAClC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QACnC,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;yCACiC,CAClC;aACA,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IACjG,CAAC;IAED,iBAAiB,CAAC,MAAc;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,wDAAwD,CAAC;aACjE,GAAG,CAAC,MAAM,CAA+C,CAAC;QAE7D,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW;YAAE,OAAO,EAAE,CAAC;QACxC,OAAO,GAAG,CAAC,WAAW,CAAC;IACzB,CAAC;IAED,gBAAgB,CAAC,MAAc,EAAE,MAAc;QAC7C,IAAI,CAAC,EAAE;aACJ,OAAO,CAAC,sDAAsD,CAAC;aAC/D,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzB,CAAC;IAED,QAAQ,CAAC,MAAc;QACrB,IAAI,CAAC,EAAE;aACJ,OAAO,CAAC,2DAA2D,CAAC;aACpE,GAAG,CAAC,MAAM,CAAC,CAAC;IACjB,CAAC;IAED,MAAM,CAAC,MAAc;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,mDAAmD,CAAC;aAC5D,GAAG,CAAC,MAAM,CAAmC,CAAC;QACjD,OAAO,GAAG,EAAE,MAAM,KAAK,MAAM,CAAC;IAChC,CAAC;IAED;;;;;;;;;;;OAWG;IACH,gBAAgB,CACd,SAAiB,EACjB,SAAwB,IAAI,EAC5B,YAA2B,IAAI,EAC/B,UAAyB,IAAI,EAC7B,kBAAiC,IAAI;QAErC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;mCAC2B,CAC5B;aACA,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,eAAe,EAAE,SAAS,CAAC,CAAC;QAC1E,OAAO,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACtC,CAAC;IAED,cAAc,CAAC,QAAgB,GAAG;QAShC,OAAO,IAAI,CAAC,EAAE;aACX,OAAO,CACN,iFAAiF;YACjF,yDAAyD,CAC1D;aACA,GAAG,CAAC,KAAK,CAAQ,CAAC;IACvB,CAAC;IAED,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;CACF;AAzRD,0CAyRC"}
|
package/dist/dashboard.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dashboard.d.ts","sourceRoot":"","sources":["../src/dashboard.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"dashboard.d.ts","sourceRoot":"","sources":["../src/dashboard.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAO7B,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,wBAAsB,IAAI,CAAC,OAAO,EAAE,gBAAgB,GAAG;IAAE,QAAQ,CAAC,EAAE,OAAO,CAAA;CAAE,iFA2I5E"}
|
package/dist/dashboard.js
CHANGED
|
@@ -7,8 +7,6 @@ exports.main = main;
|
|
|
7
7
|
const node_http_1 = __importDefault(require("node:http"));
|
|
8
8
|
const node_fs_1 = __importDefault(require("node:fs"));
|
|
9
9
|
const node_path_1 = __importDefault(require("node:path"));
|
|
10
|
-
const node_crypto_1 = __importDefault(require("node:crypto"));
|
|
11
|
-
const node_os_1 = __importDefault(require("node:os"));
|
|
12
10
|
const node_child_process_1 = require("node:child_process");
|
|
13
11
|
const better_sqlite3_1 = __importDefault(require("better-sqlite3"));
|
|
14
12
|
const state_js_1 = require("./core/state.js");
|
|
@@ -72,29 +70,9 @@ async function main(options) {
|
|
|
72
70
|
else {
|
|
73
71
|
seals = db.prepare(`SELECT ${columns} FROM issued_seals ORDER BY timestamp DESC`).all();
|
|
74
72
|
}
|
|
75
|
-
//
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
.update(node_os_1.default.hostname())
|
|
79
|
-
.digest();
|
|
80
|
-
for (const seal of seals) {
|
|
81
|
-
if (seal.masked_card) {
|
|
82
|
-
try {
|
|
83
|
-
const data = Buffer.from(seal.masked_card, "base64");
|
|
84
|
-
if (data.length >= 28) {
|
|
85
|
-
const iv = data.subarray(0, 12);
|
|
86
|
-
const authTag = data.subarray(12, 28);
|
|
87
|
-
const ciphertext = data.subarray(28);
|
|
88
|
-
const decipher = node_crypto_1.default.createDecipheriv("aes-256-gcm", encKey, iv);
|
|
89
|
-
decipher.setAuthTag(authTag);
|
|
90
|
-
seal.masked_card = decipher.update(ciphertext, undefined, "utf8") + decipher.final("utf8");
|
|
91
|
-
}
|
|
92
|
-
}
|
|
93
|
-
catch {
|
|
94
|
-
// Already plaintext or corrupt — leave as-is
|
|
95
|
-
}
|
|
96
|
-
}
|
|
97
|
-
}
|
|
73
|
+
// RT-2 R2 Fix 4: masked_card is now stored plaintext. Legacy
|
|
74
|
+
// base64-encrypted values from v0.5.9 and earlier render as base64;
|
|
75
|
+
// a reset-state CLI path is the supported remediation.
|
|
98
76
|
res.writeHead(200, { "Content-Type": "application/json" });
|
|
99
77
|
res.end(JSON.stringify(seals));
|
|
100
78
|
return;
|
package/dist/dashboard.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dashboard.js","sourceRoot":"","sources":["../src/dashboard.ts"],"names":[],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"dashboard.js","sourceRoot":"","sources":["../src/dashboard.ts"],"names":[],"mappings":";;;;;AAYA,oBA2IC;AAvJD,0DAA6B;AAC7B,sDAAyB;AACzB,0DAA6B;AAC7B,2DAA0C;AAC1C,oEAAsC;AACtC,8CAAkD;AAO3C,KAAK,UAAU,IAAI,CAAC,OAAkD;IAC3E,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAE3C,oEAAoE;IACpE,mEAAmE;IACnE,mDAAmD;IACnD,MAAM,WAAW,GAAG,IAAI,0BAAe,CAAC,MAAM,CAAC,CAAC;IAChD,WAAW,CAAC,KAAK,EAAE,CAAC;IAEpB,MAAM,EAAE,GAAG,IAAI,wBAAQ,CAAC,MAAM,CAAC,CAAC;IAChC,EAAE,CAAC,IAAI,CAAC;;;;;GAKP,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,mBAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC5C,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;QAC5B,MAAM,QAAQ,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;QAE9E,sBAAsB;QACtB,IAAI,MAAM,KAAK,KAAK,IAAI,CAAC,QAAQ,KAAK,GAAG,IAAI,QAAQ,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YAChH,IAAI,QAAQ,GAAG,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC;YAC3D,IAAI,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;gBACvC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;YAClD,CAAC;YAED,MAAM,QAAQ,GAAG,mBAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;YAEnE,IAAI,iBAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,iBAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC9D,MAAM,GAAG,GAAG,mBAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBACnC,MAAM,SAAS,GAA2B;oBACxC,OAAO,EAAE,WAAW;oBACpB,KAAK,EAAE,wBAAwB;oBAC/B,MAAM,EAAE,UAAU;oBAClB,MAAM,EAAE,WAAW;oBACnB,MAAM,EAAE,YAAY;iBACrB,CAAC;gBACF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,SAAS,CAAC,GAAG,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC;gBACvE,iBAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACxC,OAAO;YACT,CAAC;QACH,CAAC;QAED,aAAa;QACb,IAAI,MAAM,KAAK,KAAK,IAAI,QAAQ,KAAK,mBAAmB,EAAE,CAAC;YACzD,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACpD,MAAM,QAAQ,GAAG,EAAE,CAAC,OAAO,CAAC,sDAAsD,CAAC,CAAC,GAAG,CAAC,KAAK,CAAyC,CAAC;YACvI,MAAM,KAAK,GAAG,QAAQ,EAAE,YAAY,IAAI,CAAC,CAAC;YAE1C,MAAM,MAAM,GAAG,EAAE,CAAC,OAAO,CAAC,qEAAqE,CAAC,CAAC,GAAG,EAAmC,CAAC;YACxI,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YAEpD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC;YAChE,OAAO;QACT,CAAC;QAED,IAAI,MAAM,KAAK,KAAK,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;YAClD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,GAAI,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC;YAC5E,MAAM,YAAY,GAAG,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAEhD,MAAM,OAAO,GAAG,4FAA4F,CAAC;YAC7G,IAAI,KAAY,CAAC;YACjB,IAAI,YAAY,EAAE,CAAC;gBACjB,KAAK,GAAG,EAAE,CAAC,OAAO,CAAC,UAAU,OAAO,2EAA2E,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YACrI,CAAC;iBAAM,CAAC;gBACN,KAAK,GAAG,EAAE,CAAC,OAAO,CAAC,UAAU,OAAO,4CAA4C,CAAC,CAAC,GAAG,EAAE,CAAC;YAC1F,CAAC;YAED,6DAA6D;YAC7D,oEAAoE;YACpE,uDAAuD;YACvD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;YAC/B,OAAO;QACT,CAAC;QAED,IAAI,MAAM,KAAK,KAAK,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;YAClD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,GAAI,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC;YAC5E,IAAI,KAAK,GAAG,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,EAAE,EAAE,CAAC,CAAC;YAC7D,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC;gBAAE,KAAK,GAAG,GAAG,CAAC;YAC5C,uEAAuE;YACvE,qEAAqE;YACrE,wCAAwC;YACxC,MAAM,SAAS,GAAG,EAAE,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC,GAAG,EAAW,CAAC;YAC5E,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5D,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBAClC,EAAE,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;YAC3D,CAAC;YACD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC3C,EAAE,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;YACpE,CAAC;YACD,MAAM,IAAI,GAAG,EAAE;iBACZ,OAAO,CACN,wIAAwI,CACzI;iBACA,GAAG,CAAC,KAAK,CAAC,CAAC;YACd,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,IAAI,MAAM,KAAK,KAAK,IAAI,QAAQ,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC9D,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;YACnD,IAAI,IAAI,GAAG,EAAE,CAAC;YACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC;YACvC,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,IAAI,CAAC;oBACH,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBACnC,EAAE,CAAC,OAAO,CAAC,oGAAoG,CAAC;yBAC7G,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,QAAQ,EAAE,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;oBAEhD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;gBAC1C,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;gBAC1B,CAAC;YACH,CAAC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,OAAO,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,EAAE;QAC1C,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;YACvB,MAAM,GAAG,GAAG,oBAAoB,IAAI,EAAE,CAAC;YACvC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,EAAE,CAAC,CAAC;gBAC3C,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC;gBAC3G,IAAA,yBAAI,EAAC,GAAG,KAAK,IAAI,GAAG,EAAE,CAAC,CAAC;YAC1B,CAAC;YACD,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
* connectOverCDP, providing better isolation and cross-origin iframe support.
|
|
9
9
|
*/
|
|
10
10
|
export declare function redactPanInString(s: string): string;
|
|
11
|
+
export declare function detectRiskyChromeFlags(): string;
|
|
11
12
|
export declare const CARD_NUMBER_SELECTORS: string[];
|
|
12
13
|
export declare const EXPIRY_SELECTORS: string[];
|
|
13
14
|
export declare const CVV_SELECTORS: string[];
|