npm - punchout-simulator - Versions diffs - 0.1.5 → 0.2.0 - Mend

punchout-simulator 0.1.5 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/dist/server/cli.js CHANGED Viewed

@@ -6,7 +6,7 @@ import { serve } from "@hono/node-server";
 // src/server/app.ts
 import { existsSync as existsSync3 } from "fs";
-import { Hono as Hono7 } from "hono";
+import { Hono as Hono8 } from "hono";
 import { logger } from "hono/logger";
 import { serveStatic } from "@hono/node-server/serve-static";
@@ -50,29 +50,80 @@ var db = null;
 async function initConfig() {
   ensureDirs();
   const adapter = new JSONFile(configPath());
-  db = new Low(adapter, { connections: [] });
+  db = new Low(adapter, { buyers: [], suppliers: [], connections: [] });
   await db.read();
-  db.data ||= { connections: [] };
+  db.data ||= { buyers: [], suppliers: [], connections: [] };
+  db.data.buyers ||= [];
+  db.data.suppliers ||= [];
+  db.data.connections ||= [];
+  migrateLegacy(db.data);
   await db.write();
 }
 function requireDb() {
   if (!db) throw new Error("config store not initialized \u2014 call initConfig() first");
   return db;
 }
-function listConnections() {
-  return requireDb().data.connections;
+var now = () => (/* @__PURE__ */ new Date()).toISOString();
+var listBuyers = () => requireDb().data.buyers;
+var getBuyer = (id) => requireDb().data.buyers.find((b) => b.id === id);
+async function createBuyer(input) {
+  const buyer = { ...input, id: input.id ?? nanoid(8), createdAt: now(), updatedAt: now() };
+  const d = requireDb();
+  d.data.buyers.push(buyer);
+  await d.write();
+  return buyer;
+}
+async function updateBuyer(id, patch) {
+  const d = requireDb();
+  const existing = d.data.buyers.find((b) => b.id === id);
+  if (!existing) return void 0;
+  Object.assign(existing, patch, { id, updatedAt: now() });
+  await d.write();
+  return existing;
 }
-function getConnection(id) {
-  return requireDb().data.connections.find((c) => c.id === id);
+async function deleteBuyer(id) {
+  const d = requireDb();
+  if (d.data.connections.some((c) => c.buyerId === id)) {
+    throw new Error("buyer is referenced by a connection");
+  }
+  const before = d.data.buyers.length;
+  d.data.buyers = d.data.buyers.filter((b) => b.id !== id);
+  const removed = d.data.buyers.length < before;
+  if (removed) await d.write();
+  return removed;
 }
+var listSuppliers = () => requireDb().data.suppliers;
+var getSupplier = (id) => requireDb().data.suppliers.find((s) => s.id === id);
+async function createSupplier(input) {
+  const supplier = { ...input, id: input.id ?? nanoid(8), createdAt: now(), updatedAt: now() };
+  const d = requireDb();
+  d.data.suppliers.push(supplier);
+  await d.write();
+  return supplier;
+}
+async function updateSupplier(id, patch) {
+  const d = requireDb();
+  const existing = d.data.suppliers.find((s) => s.id === id);
+  if (!existing) return void 0;
+  Object.assign(existing, patch, { id, updatedAt: now() });
+  await d.write();
+  return existing;
+}
+async function deleteSupplier(id) {
+  const d = requireDb();
+  if (d.data.connections.some((c) => c.supplierId === id)) {
+    throw new Error("supplier is referenced by a connection");
+  }
+  const before = d.data.suppliers.length;
+  d.data.suppliers = d.data.suppliers.filter((s) => s.id !== id);
+  const removed = d.data.suppliers.length < before;
+  if (removed) await d.write();
+  return removed;
+}
+var listConnections = () => requireDb().data.connections;
+var getConnection = (id) => requireDb().data.connections.find((c) => c.id === id);
 async function createConnection(input) {
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const conn = {
-    ...input,
-    id: input.id ?? nanoid(8),
-    createdAt: now,
-    updatedAt: now
-  };
+  const conn = { ...input, id: input.id ?? nanoid(8), createdAt: now(), updatedAt: now() };
   const d = requireDb();
   d.data.connections.push(conn);
   await d.write();
@@ -82,7 +133,7 @@ async function updateConnection(id, patch) {
   const d = requireDb();
   const existing = d.data.connections.find((c) => c.id === id);
   if (!existing) return void 0;
-  Object.assign(existing, patch, { id, updatedAt: (/* @__PURE__ */ new Date()).toISOString() });
+  Object.assign(existing, patch, { id, updatedAt: now() });
   await d.write();
   return existing;
 }
@@ -94,65 +145,229 @@ async function deleteConnection(id) {
   if (removed) await d.write();
   return removed;
 }
+function resolveConnection(id) {
+  const connection = getConnection(id);
+  if (!connection) return void 0;
+  const buyer = getBuyer(connection.buyerId);
+  const supplier = getSupplier(connection.supplierId);
+  if (!buyer || !supplier) return void 0;
+  return { connection, buyer, supplier };
+}
+function findConnectionBySupplierAndBuyerIdentity(supplierId, from) {
+  const d = requireDb();
+  for (const connection of d.data.connections) {
+    if (connection.supplierId !== supplierId) continue;
+    const buyer = getBuyer(connection.buyerId);
+    if (!buyer) continue;
+    if (from && buyer.identity.domain === from.domain && buyer.identity.identity === from.identity) {
+      const supplier = getSupplier(supplierId);
+      if (supplier) return { connection, buyer, supplier };
+    }
+  }
+  return void 0;
+}
+function migrateLegacy(data) {
+  const legacy = data.connections.filter((c) => "from" in c || "to" in c);
+  if (legacy.length === 0) return;
+  const buyerKey = (c) => `${c.domain}|${c.identity}`;
+  const findOrAddBuyer = (name, identity) => {
+    const found = data.buyers.find((b) => buyerKey(b.identity) === buyerKey(identity));
+    if (found) return found.id;
+    const buyer = { id: nanoid(8), name, identity, createdAt: now(), updatedAt: now() };
+    data.buyers.push(buyer);
+    return buyer.id;
+  };
+  const findOrAddSupplier = (s) => {
+    const found = data.suppliers.find((x) => buyerKey(x.identity) === buyerKey(s.identity));
+    if (found) return found.id;
+    const supplier = {
+      id: nanoid(8),
+      name: s.name ?? "Supplier",
+      identity: s.identity,
+      punchoutUrl: s.punchoutUrl,
+      orderUrl: s.orderUrl,
+      catalog: s.catalog,
+      createdAt: now(),
+      updatedAt: now()
+    };
+    data.suppliers.push(supplier);
+    return supplier.id;
+  };
+  const migrated = [];
+  for (const c of data.connections) {
+    if (!("from" in c) && !("to" in c)) {
+      migrated.push(c);
+      continue;
+    }
+    const isSupplierMode = c.mode === "virtual-supplier";
+    const buyerCred = isSupplierMode ? c.to : c.from;
+    const supplierCred = isSupplierMode ? c.from : c.to;
+    const buyerId = findOrAddBuyer(isSupplierMode ? "Buyer" : c.name, buyerCred);
+    const supplierId = findOrAddSupplier({
+      name: isSupplierMode ? c.name : "Supplier",
+      identity: supplierCred,
+      punchoutUrl: c.punchoutUrl,
+      orderUrl: c.orderUrl,
+      catalog: c.catalog
+    });
+    migrated.push({
+      id: c.id ?? nanoid(8),
+      name: c.name ?? "Connection",
+      buyerId,
+      supplierId,
+      mode: c.mode ?? "virtual-buyer",
+      sharedSecret: c.sharedSecret ?? "",
+      senderIdentity: c.sender,
+      deploymentMode: c.deploymentMode ?? "test",
+      authStyle: c.authStyle ?? "SharedSecret",
+      createdAt: c.createdAt ?? now(),
+      updatedAt: now()
+    });
+  }
+  data.connections = migrated;
+}
 // src/server/routes/connections.ts
 var connectionsRoute = new Hono();
-var emptyCredential = () => ({ domain: "", identity: "" });
 function normalize(body) {
-  const cred = (c) => c && typeof c === "object" ? { domain: String(c.domain ?? ""), identity: String(c.identity ?? "") } : emptyCredential();
+  const sender = body?.senderIdentity && (body.senderIdentity.domain || body.senderIdentity.identity) ? { domain: String(body.senderIdentity.domain ?? ""), identity: String(body.senderIdentity.identity ?? "") } : void 0;
   return {
-    name: String(body?.name ?? "Untitled connection"),
+    name: String(body?.name ?? ""),
+    buyerId: String(body?.buyerId ?? ""),
+    supplierId: String(body?.supplierId ?? ""),
     mode: body?.mode === "virtual-supplier" ? "virtual-supplier" : "virtual-buyer",
-    from: cred(body?.from),
-    to: cred(body?.to),
-    sender: cred(body?.sender),
     sharedSecret: String(body?.sharedSecret ?? ""),
+    senderIdentity: sender,
     deploymentMode: body?.deploymentMode === "production" ? "production" : "test",
-    authStyle: body?.authStyle === "MAC" ? "MAC" : "SharedSecret",
-    punchoutUrl: body?.punchoutUrl ? String(body.punchoutUrl) : void 0,
-    orderUrl: body?.orderUrl ? String(body.orderUrl) : void 0,
-    catalog: Array.isArray(body?.catalog) ? body.catalog : void 0
+    authStyle: body?.authStyle === "MAC" ? "MAC" : "SharedSecret"
   };
 }
-function validateConnection(input) {
+function validate(input) {
   const errors = [];
-  if (!input.name.trim()) errors.push("name is required");
-  if (input.mode === "virtual-buyer") {
-    if (!input.punchoutUrl) errors.push("punchoutUrl is required for virtual-buyer");
-    if (!input.orderUrl) errors.push("orderUrl is required for virtual-buyer");
-  }
+  if (!input.buyerId || !getBuyer(input.buyerId)) errors.push("a valid buyer is required");
+  if (!input.supplierId || !getSupplier(input.supplierId)) errors.push("a valid supplier is required");
   return errors;
 }
-connectionsRoute.get("/", (c) => c.json(listConnections()));
+function withLabel(input) {
+  if (input.name.trim()) return input;
+  const buyer = getBuyer(input.buyerId);
+  const supplier = getSupplier(input.supplierId);
+  return { ...input, name: `${buyer?.name ?? "Buyer"} \u2192 ${supplier?.name ?? "Supplier"}` };
+}
+connectionsRoute.get(
+  "/",
+  (c) => c.json(
+    listConnections().map((conn) => ({
+      ...conn,
+      buyer: getBuyer(conn.buyerId),
+      supplier: getSupplier(conn.supplierId)
+    }))
+  )
+);
 connectionsRoute.post("/", async (c) => {
   const input = normalize(await c.req.json().catch(() => ({})));
-  const errors = validateConnection(input);
+  const errors = validate(input);
   if (errors.length) return c.json({ errors }, 400);
-  const created = await createConnection(input);
-  return c.json(created, 201);
+  return c.json(await createConnection(withLabel(input)), 201);
 });
 connectionsRoute.get("/:id", (c) => {
+  const resolved = resolveConnection(c.req.param("id"));
+  if (resolved) return c.json({ ...resolved.connection, buyer: resolved.buyer, supplier: resolved.supplier });
   const conn = getConnection(c.req.param("id"));
   return conn ? c.json(conn) : c.json({ error: "not found" }, 404);
 });
 connectionsRoute.put("/:id", async (c) => {
-  const id = c.req.param("id");
-  const existing = getConnection(id);
+  const existing = getConnection(c.req.param("id"));
   if (!existing) return c.json({ error: "not found" }, 404);
-  const merged = { ...existing, ...await c.req.json().catch(() => ({})) };
-  const input = normalize(merged);
-  const errors = validateConnection(input);
+  const input = normalize({ ...existing, ...await c.req.json().catch(() => ({})) });
+  const errors = validate(input);
   if (errors.length) return c.json({ errors }, 400);
-  const updated = await updateConnection(id, input);
-  return c.json(updated);
+  return c.json(await updateConnection(c.req.param("id"), withLabel(input)));
 });
 connectionsRoute.delete("/:id", async (c) => {
   const ok = await deleteConnection(c.req.param("id"));
   return ok ? c.json({ ok: true }) : c.json({ error: "not found" }, 404);
 });
-// src/server/routes/flow.ts
+// src/server/routes/parties.ts
 import { Hono as Hono2 } from "hono";
+var cred = (c) => ({
+  domain: String(c?.domain ?? ""),
+  identity: String(c?.identity ?? "")
+});
+var buyersRoute = new Hono2();
+function normalizeBuyer(body) {
+  return { name: String(body?.name ?? "Untitled buyer"), identity: cred(body?.identity) };
+}
+buyersRoute.get("/", (c) => c.json(listBuyers()));
+buyersRoute.post("/", async (c) => {
+  const input = normalizeBuyer(await c.req.json().catch(() => ({})));
+  if (!input.name.trim()) return c.json({ errors: ["name is required"] }, 400);
+  return c.json(await createBuyer(input), 201);
+});
+buyersRoute.get("/:id", (c) => {
+  const b = getBuyer(c.req.param("id"));
+  return b ? c.json(b) : c.json({ error: "not found" }, 404);
+});
+buyersRoute.put("/:id", async (c) => {
+  if (!getBuyer(c.req.param("id"))) return c.json({ error: "not found" }, 404);
+  const input = normalizeBuyer(await c.req.json().catch(() => ({})));
+  return c.json(await updateBuyer(c.req.param("id"), input));
+});
+buyersRoute.delete("/:id", async (c) => {
+  try {
+    const ok = await deleteBuyer(c.req.param("id"));
+    return ok ? c.json({ ok: true }) : c.json({ error: "not found" }, 404);
+  } catch (e) {
+    return c.json({ error: e instanceof Error ? e.message : String(e) }, 409);
+  }
+});
+var suppliersRoute = new Hono2();
+function normalizeSupplier(body) {
+  const catalog = Array.isArray(body?.catalog) ? body.catalog.map((it) => ({
+    supplierPartId: String(it?.supplierPartId ?? ""),
+    description: String(it?.description ?? ""),
+    unitPrice: Number(it?.unitPrice ?? 0) || 0,
+    currency: String(it?.currency ?? "USD"),
+    uom: String(it?.uom ?? "EA"),
+    unspsc: String(it?.unspsc ?? ""),
+    manufacturerPartId: it?.manufacturerPartId ? String(it.manufacturerPartId) : void 0,
+    manufacturerName: it?.manufacturerName ? String(it.manufacturerName) : void 0
+  })) : void 0;
+  return {
+    name: String(body?.name ?? "Untitled supplier"),
+    identity: cred(body?.identity),
+    punchoutUrl: body?.punchoutUrl ? String(body.punchoutUrl) : void 0,
+    orderUrl: body?.orderUrl ? String(body.orderUrl) : void 0,
+    catalog
+  };
+}
+suppliersRoute.get("/", (c) => c.json(listSuppliers()));
+suppliersRoute.post("/", async (c) => {
+  const input = normalizeSupplier(await c.req.json().catch(() => ({})));
+  if (!input.name.trim()) return c.json({ errors: ["name is required"] }, 400);
+  return c.json(await createSupplier(input), 201);
+});
+suppliersRoute.get("/:id", (c) => {
+  const s = getSupplier(c.req.param("id"));
+  return s ? c.json(s) : c.json({ error: "not found" }, 404);
+});
+suppliersRoute.put("/:id", async (c) => {
+  if (!getSupplier(c.req.param("id"))) return c.json({ error: "not found" }, 404);
+  const input = normalizeSupplier(await c.req.json().catch(() => ({})));
+  return c.json(await updateSupplier(c.req.param("id"), input));
+});
+suppliersRoute.delete("/:id", async (c) => {
+  try {
+    const ok = await deleteSupplier(c.req.param("id"));
+    return ok ? c.json({ ok: true }) : c.json({ error: "not found" }, 404);
+  } catch (e) {
+    return c.json({ error: e instanceof Error ? e.message : String(e) }, 409);
+  }
+});
+// src/server/routes/flow.ts
+import { Hono as Hono3 } from "hono";
 import { nanoid as nanoid5 } from "nanoid";
 // src/server/store/log.ts
@@ -718,9 +933,9 @@ function getDocType(doc) {
   return "Unknown";
 }
 function credentialOf(node) {
-  const cred = node?.Credential;
-  if (!cred) return void 0;
-  const first = Array.isArray(cred) ? cred[0] : cred;
+  const cred2 = node?.Credential;
+  if (!cred2) return void 0;
+  const first = Array.isArray(cred2) ? cred2[0] : cred2;
   return {
     domain: attr(first, "domain") ?? "",
     identity: text(first?.Identity) ?? ""
@@ -859,9 +1074,9 @@ function credEq(a, b) {
   if (!a || !b) return false;
   return a.domain === b.domain && a.identity === b.identity;
 }
-function credKnown(c, conn) {
+function credKnown(c, exp) {
   if (!c) return false;
-  return [conn.from, conn.to, conn.sender].some((k) => credEq(c, k));
+  return [exp.from, exp.to, exp.sender].some((k) => credEq(c, k));
 }
 function checkGeneral(doc, ctx, issues) {
   const payloadId = getPayloadId(doc);
@@ -877,8 +1092,8 @@ function checkGeneral(doc, ctx, issues) {
   if (!getTimestamp(doc)) {
     issues.error("missing-timestamp", "cXML/@timestamp is missing", "cXML/@timestamp");
   }
-  if (!ctx.connection) return;
-  const conn = ctx.connection;
+  if (!ctx.expected) return;
+  const exp = ctx.expected;
   const creds = getHeaderCredentials(doc);
   for (const [name, c] of [
     ["From", creds.from],
@@ -895,7 +1110,7 @@ function checkGeneral(doc, ctx, issues) {
     if (!c.identity) {
       issues.warn("credential-identity", `Header/${name}/Credential/Identity is empty`, `cXML/Header/${name}`);
     }
-    if (c.domain && c.identity && !credKnown(c, conn)) {
+    if (c.domain && c.identity && !credKnown(c, exp)) {
       issues.warn(
         "credential-mismatch",
         `Header/${name} (${c.domain}/${c.identity}) does not match any identity configured on the connection`,
@@ -905,9 +1120,8 @@ function checkGeneral(doc, ctx, issues) {
   }
 }
 function checkSharedSecret(doc, ctx, issues) {
-  if (!ctx.connection) return;
-  const conn = ctx.connection;
-  if (conn.authStyle !== "SharedSecret") return;
+  const exp = ctx.expected;
+  if (!exp || exp.authStyle !== "SharedSecret") return;
   const creds = getHeaderCredentials(doc);
   if (!creds.sharedSecret) {
     issues.warn(
@@ -915,7 +1129,7 @@ function checkSharedSecret(doc, ctx, issues) {
       "Sender/Credential/SharedSecret is absent (required for SharedSecret auth)",
       "cXML/Header/Sender/Credential/SharedSecret"
     );
-  } else if (conn.sharedSecret && creds.sharedSecret !== conn.sharedSecret) {
+  } else if (exp.sharedSecret && creds.sharedSecret !== exp.sharedSecret) {
     issues.error(
       "sharedsecret-mismatch",
       "Sender SharedSecret does not match the connection's configured shared secret",
@@ -1149,7 +1363,7 @@ function validateDocument(raw, ctx = {}) {
 }
 // src/server/routes/flow.ts
-var flowRoute = new Hono2();
+var flowRoute = new Hono3();
 function host() {
   try {
     return new URL(getPublicUrl()).host;
@@ -1157,54 +1371,69 @@ function host() {
     return "punchout-simulator";
   }
 }
-function requireVirtualBuyer(conn) {
-  if (!conn) return "connection not found";
-  if (conn.mode !== "virtual-buyer") return "connection is not in virtual-buyer mode";
-  return null;
+function buyerContext(r) {
+  const { connection, buyer, supplier } = r;
+  const from = buyer.identity;
+  const to = supplier.identity;
+  const sender = connection.senderIdentity ?? buyer.identity;
+  return {
+    from,
+    to,
+    sender,
+    sharedSecret: connection.sharedSecret,
+    punchoutUrl: supplier.punchoutUrl,
+    orderUrl: supplier.orderUrl,
+    deploymentMode: connection.deploymentMode,
+    connectionId: connection.id,
+    expected: { from, to, sender, sharedSecret: connection.sharedSecret, authStyle: connection.authStyle }
+  };
+}
+function resolveVirtualBuyer(id) {
+  const r = resolveConnection(id);
+  if (!r) return { error: "connection not found (or its buyer/supplier is missing)" };
+  if (r.connection.mode !== "virtual-buyer") return { error: "connection is not in virtual-buyer mode" };
+  return { ctx: buyerContext(r) };
 }
 flowRoute.get("/:id/setup/preview", (c) => {
-  const conn = getConnection(c.req.param("id"));
-  const err = requireVirtualBuyer(conn);
-  if (err) return c.json({ error: err }, 400);
+  const r = resolveVirtualBuyer(c.req.param("id"));
+  if ("error" in r) return c.json({ error: r.error }, 400);
+  const { ctx } = r;
   const buyerCookie = c.req.query("buyerCookie") || `pos-${nanoid5(16)}`;
   const xml = buildSetupRequest({
-    from: conn.from,
-    to: conn.to,
-    sender: conn.sender,
-    sharedSecret: conn.sharedSecret,
+    from: ctx.from,
+    to: ctx.to,
+    sender: ctx.sender,
+    sharedSecret: ctx.sharedSecret,
     buyerCookie,
     browserFormPostUrl: browserFormPostUrl(),
     payloadId: makePayloadId(host(), (/* @__PURE__ */ new Date()).toISOString()),
     timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-    deploymentMode: conn.deploymentMode
+    deploymentMode: ctx.deploymentMode
   });
   return c.json({ buyerCookie, xml, browserFormPostUrl: browserFormPostUrl() });
 });
 flowRoute.post("/:id/setup", async (c) => {
-  const conn = getConnection(c.req.param("id"));
-  const err = requireVirtualBuyer(conn);
-  if (err) return c.json({ error: err }, 400);
+  const r = resolveVirtualBuyer(c.req.param("id"));
+  if ("error" in r) return c.json({ error: r.error }, 400);
+  const { ctx } = r;
   const body = await c.req.json().catch(() => ({}));
   const buyerCookie = body.buyerCookie || `pos-${nanoid5(16)}`;
   const xml = body.xml || buildSetupRequest({
-    from: conn.from,
-    to: conn.to,
-    sender: conn.sender,
-    sharedSecret: conn.sharedSecret,
+    from: ctx.from,
+    to: ctx.to,
+    sender: ctx.sender,
+    sharedSecret: ctx.sharedSecret,
     buyerCookie,
     browserFormPostUrl: browserFormPostUrl(),
     payloadId: makePayloadId(host(), (/* @__PURE__ */ new Date()).toISOString()),
     timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-    deploymentMode: conn.deploymentMode
-  });
-  rememberSessionConnection(buyerCookie, conn.id);
-  const reqValidation = validateDocument(xml, {
-    connection: conn,
-    forceDocType: "SetupRequest"
+    deploymentMode: ctx.deploymentMode
   });
+  rememberSessionConnection(buyerCookie, ctx.connectionId);
+  const reqValidation = validateDocument(xml, { expected: ctx.expected, forceDocType: "SetupRequest" });
   const reqLog = appendLog({
     sessionId: buyerCookie,
-    connectionId: conn.id,
+    connectionId: ctx.connectionId,
     direction: "out",
     docType: "SetupRequest",
     headers: { "Content-Type": "text/xml; charset=UTF-8" },
@@ -1212,11 +1441,12 @@ flowRoute.post("/:id/setup", async (c) => {
     contentType: "text/xml",
     validation: reqValidation
   });
-  const res = await sendCxml(conn.punchoutUrl, xml);
-  const respValidation = res.error ? void 0 : validateDocument(res.body, { connection: conn, forceDocType: "SetupResponse" });
+  if (!ctx.punchoutUrl) return c.json({ error: "supplier has no punchoutUrl configured" }, 400);
+  const res = await sendCxml(ctx.punchoutUrl, xml);
+  const respValidation = res.error ? void 0 : validateDocument(res.body, { expected: ctx.expected, forceDocType: "SetupResponse" });
   const respLog = appendLog({
     sessionId: buyerCookie,
-    connectionId: conn.id,
+    connectionId: ctx.connectionId,
     direction: "in",
     docType: "SetupResponse",
     status: res.status,
@@ -1237,7 +1467,7 @@ flowRoute.post("/:id/setup", async (c) => {
     response: respLog
   });
 });
-function buildOrderXml(conn, body) {
+function buildOrderXml(ctx, body) {
   const items = body.items ?? [];
   const currency = body.currency || items[0]?.currency || "USD";
   const total = body.total ?? items.reduce((s, it) => s + (it.unitPriceAmount ?? 0) * it.quantity, 0);
@@ -1247,15 +1477,15 @@ function buildOrderXml(conn, body) {
     scope: a.scope === "order" || a.scope == null ? "order" : { itemIndex: Number(a.scope) }
   }));
   const xml = buildOrderRequest({
-    from: conn.from,
-    to: conn.to,
-    sender: conn.sender,
-    sharedSecret: conn.sharedSecret,
+    from: ctx.from,
+    to: ctx.to,
+    sender: ctx.sender,
+    sharedSecret: ctx.sharedSecret,
     orderId,
     orderDate: (/* @__PURE__ */ new Date()).toISOString(),
     payloadId: makePayloadId(host(), (/* @__PURE__ */ new Date()).toISOString()),
     timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-    deploymentMode: conn.deploymentMode,
+    deploymentMode: ctx.deploymentMode,
     currency,
     total,
     items,
@@ -1266,22 +1496,21 @@ function buildOrderXml(conn, body) {
   return { xml, orderId };
 }
 flowRoute.post("/:id/order/preview", async (c) => {
-  const conn = getConnection(c.req.param("id"));
-  const err = requireVirtualBuyer(conn);
-  if (err) return c.json({ error: err }, 400);
+  const r = resolveVirtualBuyer(c.req.param("id"));
+  if ("error" in r) return c.json({ error: r.error }, 400);
   const body = await c.req.json().catch(() => ({}));
-  const { xml, orderId } = buildOrderXml(conn, body);
+  const { xml, orderId } = buildOrderXml(r.ctx, body);
   return c.json({ xml, orderId });
 });
 flowRoute.post("/:id/order", async (c) => {
-  const conn = getConnection(c.req.param("id"));
-  const err = requireVirtualBuyer(conn);
-  if (err) return c.json({ error: err }, 400);
+  const r = resolveVirtualBuyer(c.req.param("id"));
+  if ("error" in r) return c.json({ error: r.error }, 400);
+  const { ctx } = r;
   const body = await c.req.json().catch(() => ({}));
   const sessionId = body.sessionId || `pos-${nanoid5(16)}`;
   const dangling = !!body.danglingCid;
   const inputAtts = body.attachments ?? [];
-  const xml = body.xml || buildOrderXml(conn, body).xml;
+  const xml = body.xml || buildOrderXml(ctx, body).xml;
   let wireBody = xml;
   let wireContentType = "text/xml; charset=UTF-8";
   const availableContentIds = /* @__PURE__ */ new Set();
@@ -1310,13 +1539,13 @@ flowRoute.post("/:id/order", async (c) => {
     wireContentType = built.contentType;
   }
   const reqValidation = validateDocument(xml, {
-    connection: conn,
+    expected: ctx.expected,
     forceDocType: "OrderRequest",
     availableContentIds: inputAtts.length > 0 ? availableContentIds : void 0
   });
   const reqLog = appendLog({
     sessionId,
-    connectionId: conn.id,
+    connectionId: ctx.connectionId,
     direction: "out",
     docType: "OrderRequest",
     headers: { "Content-Type": wireContentType },
@@ -1326,11 +1555,12 @@ flowRoute.post("/:id/order", async (c) => {
     attachments: savedRefs,
     note: dangling ? "dangling-cid test" : void 0
   });
-  const res = await sendCxml(conn.orderUrl, wireBody, wireContentType);
-  const respValidation = res.error ? void 0 : validateDocument(res.body, { connection: conn, forceDocType: "OrderResponse" });
+  if (!ctx.orderUrl) return c.json({ error: "supplier has no orderUrl configured" }, 400);
+  const res = await sendCxml(ctx.orderUrl, wireBody, wireContentType);
+  const respValidation = res.error ? void 0 : validateDocument(res.body, { expected: ctx.expected, forceDocType: "OrderResponse" });
   const respLog = appendLog({
     sessionId,
-    connectionId: conn.id,
+    connectionId: ctx.connectionId,
     direction: "in",
     docType: "OrderResponse",
     status: res.status,
@@ -1351,8 +1581,8 @@ flowRoute.post("/:id/order", async (c) => {
 });
 // src/server/routes/punchout-return.ts
-import { Hono as Hono3 } from "hono";
-var punchoutReturnRoute = new Hono3();
+import { Hono as Hono4 } from "hono";
+var punchoutReturnRoute = new Hono4();
 async function extractCxml(c) {
   const ct = (c.req.header("content-type") ?? "").toLowerCase();
   if (ct.includes("application/x-www-form-urlencoded") || ct.includes("multipart/form-data")) {
@@ -1392,9 +1622,15 @@ punchoutReturnRoute.post("/return", async (c) => {
   const cart = parseCart(doc);
   const sessionId = cart.sessionId || text(root(doc)?.Message?.PunchOutOrderMessage?.BuyerCookie) || "unknown";
   const connectionId = connectionForSession(sessionId);
-  const conn = connectionId ? getConnection(connectionId) : void 0;
+  const resolved = connectionId ? resolveConnection(connectionId) : void 0;
+  const expected = resolved ? {
+    from: resolved.buyer.identity,
+    to: resolved.supplier.identity,
+    sender: resolved.connection.senderIdentity ?? resolved.supplier.identity,
+    authStyle: resolved.connection.authStyle
+  } : void 0;
   const validation = validateDocument(xml, {
-    connection: conn,
+    expected,
     expectedBuyerCookie: sessionId,
     forceDocType: "PunchOutOrderMessage"
   });
@@ -1415,9 +1651,9 @@ punchoutReturnRoute.post("/return", async (c) => {
 });
 // src/server/routes/stream.ts
-import { Hono as Hono4 } from "hono";
+import { Hono as Hono5 } from "hono";
 import { streamSSE } from "hono/streaming";
-var streamRoute = new Hono4();
+var streamRoute = new Hono5();
 streamRoute.get("/stream", (c) => {
   return streamSSE(c, async (stream) => {
     let open = true;
@@ -1444,8 +1680,8 @@ streamRoute.get("/stream", (c) => {
 });
 // src/server/routes/data.ts
-import { Hono as Hono5 } from "hono";
-var dataRoute = new Hono5();
+import { Hono as Hono6 } from "hono";
+var dataRoute = new Hono6();
 dataRoute.get("/health", (c) => c.json({ ok: true }));
 dataRoute.get(
   "/runtime",
@@ -1469,38 +1705,13 @@ dataRoute.get("/attachments/:hash", (c) => {
 });
 // src/server/routes/sim.ts
-import { Hono as Hono6 } from "hono";
+import { Hono as Hono7 } from "hono";
 import { nanoid as nanoid6 } from "nanoid";
-var simRoute = new Hono6();
+var simRoute = new Hono7();
 var DEMO_CATALOG = [
-  {
-    supplierPartId: "WIDGET-001",
-    description: "Premium Steel Widget",
-    unitPrice: 12.5,
-    currency: "USD",
-    uom: "EA",
-    unspsc: "31161500",
-    manufacturerPartId: "MFR-W001",
-    manufacturerName: "Acme Manufacturing"
-  },
-  {
-    supplierPartId: "BOLT-250",
-    description: "M8 Hex Bolt (pack of 250)",
-    unitPrice: 34,
-    currency: "USD",
-    uom: "PK",
-    unspsc: "31161600",
-    manufacturerPartId: "MFR-B250",
-    manufacturerName: "Acme Manufacturing"
-  },
-  {
-    supplierPartId: "TAPE-RED",
-    description: "Industrial Marking Tape, Red",
-    unitPrice: 5.75,
-    currency: "USD",
-    uom: "RL",
-    unspsc: "31201500"
-  }
+  { supplierPartId: "WIDGET-001", description: "Premium Steel Widget", unitPrice: 12.5, currency: "USD", uom: "EA", unspsc: "31161500", manufacturerPartId: "MFR-W001", manufacturerName: "Acme Manufacturing" },
+  { supplierPartId: "BOLT-250", description: "M8 Hex Bolt (pack of 250)", unitPrice: 34, currency: "USD", uom: "PK", unspsc: "31161600", manufacturerPartId: "MFR-B250", manufacturerName: "Acme Manufacturing" },
+  { supplierPartId: "TAPE-RED", description: "Industrial Marking Tape, Red", unitPrice: 5.75, currency: "USD", uom: "RL", unspsc: "31201500" }
 ];
 function host2() {
   try {
@@ -1509,59 +1720,58 @@ function host2() {
     return "punchout-simulator";
   }
 }
+var catalogOf = (s) => s.catalog && s.catalog.length > 0 ? s.catalog : DEMO_CATALOG;
 function safeHttpUrl(u) {
   if (!u) return "";
   try {
-    const parsed = new URL(u.trim());
-    return parsed.protocol === "http:" || parsed.protocol === "https:" ? u.trim() : "";
+    const p = new URL(u.trim());
+    return p.protocol === "http:" || p.protocol === "https:" ? u.trim() : "";
   } catch {
     return "";
   }
 }
-function catalogOf(conn) {
-  return conn.catalog && conn.catalog.length > 0 ? conn.catalog : DEMO_CATALOG;
-}
-function requireSupplier(conn) {
-  if (!conn) return "connection not found";
-  if (conn.mode !== "virtual-supplier") return "connection is not in virtual-supplier mode";
-  return null;
+function expectedFor(supplierId, from) {
+  const r = findConnectionBySupplierAndBuyerIdentity(supplierId, from);
+  if (!r) return void 0;
+  return {
+    from: r.buyer.identity,
+    to: r.supplier.identity,
+    sender: r.connection.senderIdentity ?? r.buyer.identity,
+    sharedSecret: r.connection.sharedSecret,
+    authStyle: r.connection.authStyle
+  };
 }
 simRoute.post("/:id/punchout", async (c) => {
-  const conn = getConnection(c.req.param("id"));
-  const err = requireSupplier(conn);
-  if (err) return c.text(err, 400);
+  const supplier = getSupplier(c.req.param("id"));
+  if (!supplier) return c.text("supplier not found", 404);
   const reqXml = await c.req.text();
   const doc = parseXml(reqXml);
   const reqRoot = root(doc)?.Request?.PunchOutSetupRequest;
   const buyerCookie = text(reqRoot?.BuyerCookie) || `pos-${nanoid6(16)}`;
   const formPost = safeHttpUrl(text(reqRoot?.BrowserFormPost?.URL));
-  const reqValidation = validateDocument(reqXml, {
-    connection: conn,
-    forceDocType: "SetupRequest"
-  });
+  const from = getHeaderCredentials(doc).from;
   appendLog({
     sessionId: buyerCookie,
-    connectionId: conn.id,
+    connectionId: supplier.id,
     direction: "in",
     docType: "SetupRequest",
     headers: { "Content-Type": c.req.header("content-type") ?? "" },
     body: reqXml,
-    validation: reqValidation
+    validation: validateDocument(reqXml, { expected: expectedFor(supplier.id, from), forceDocType: "SetupRequest" })
   });
-  const startPageUrl = `${getPublicUrl()}/sim/${conn.id}/catalog?cookie=${encodeURIComponent(
-    buyerCookie
-  )}&formpost=${encodeURIComponent(formPost)}`;
+  const buyerCred = from ?? { domain: "", identity: "" };
+  const startPageUrl = `${getPublicUrl()}/sim/${supplier.id}/catalog?cookie=${encodeURIComponent(buyerCookie)}&formpost=${encodeURIComponent(formPost)}&bd=${encodeURIComponent(buyerCred.domain)}&bi=${encodeURIComponent(buyerCred.identity)}`;
   const respXml = buildSetupResponse({
     payloadId: makePayloadId(host2(), (/* @__PURE__ */ new Date()).toISOString()),
     timestamp: (/* @__PURE__ */ new Date()).toISOString(),
     startPageUrl,
-    from: conn.from,
-    to: conn.to,
-    sender: conn.sender
+    from: supplier.identity,
+    to: buyerCred,
+    sender: supplier.identity
   });
   appendLog({
     sessionId: buyerCookie,
-    connectionId: conn.id,
+    connectionId: supplier.id,
     direction: "out",
     docType: "SetupResponse",
     headers: { "Content-Type": "text/xml; charset=UTF-8" },
@@ -1572,24 +1782,23 @@ simRoute.post("/:id/punchout", async (c) => {
   return c.body(respXml);
 });
 simRoute.get("/:id/catalog", (c) => {
-  const conn = getConnection(c.req.param("id"));
-  const err = requireSupplier(conn);
-  if (err) return c.text(err, 400);
+  const supplier = getSupplier(c.req.param("id"));
+  if (!supplier) return c.text("supplier not found", 404);
   const cookie = c.req.query("cookie") ?? "";
-  const formpost = c.req.query("formpost") ?? "";
-  const items = catalogOf(conn);
+  const formpost = safeHttpUrl(c.req.query("formpost") ?? "");
+  const bd = c.req.query("bd") ?? "";
+  const bi = c.req.query("bi") ?? "";
+  const items = catalogOf(supplier);
   const rows = items.map(
     (it, i) => `<tr>
-      <td><strong>${escapeHtml(it.description)}</strong><br><small>${escapeHtml(
-      it.supplierPartId
-    )} \xB7 ${escapeHtml(it.uom)} \xB7 UNSPSC ${escapeHtml(it.unspsc)}</small></td>
-      <td class="price">${it.currency} ${it.unitPrice.toFixed(2)}</td>
+      <td><strong>${escapeXml(it.description)}</strong><br><small>${escapeXml(it.supplierPartId)} \xB7 ${escapeXml(it.uom)} \xB7 UNSPSC ${escapeXml(it.unspsc)}</small></td>
+      <td class="price">${escapeXml(it.currency)} ${it.unitPrice.toFixed(2)}</td>
       <td><input type="number" name="q_${i}" value="0" min="0" step="1" inputmode="numeric"></td>
     </tr>`
   ).join("\n");
   return c.html(`<!doctype html><html lang="en"><head><meta charset="utf-8">
 <meta name="viewport" content="width=device-width, initial-scale=1">
-<title>${escapeHtml(conn.name)} \u2014 mock catalog</title>
+<title>${escapeXml(supplier.name)} \u2014 mock catalog</title>
 <style>
   body{font-family:system-ui,sans-serif;background:#0f172a;color:#e2e8f0;margin:0;padding:2rem}
   .wrap{max-width:720px;margin:0 auto}
@@ -1598,17 +1807,17 @@ simRoute.get("/:id/catalog", (c) => {
   th,td{padding:.75rem 1rem;text-align:left;border-bottom:1px solid #334155}
   th{background:#0b1220;font-size:.8rem;text-transform:uppercase;letter-spacing:.05em;color:#94a3b8}
   .price{white-space:nowrap;color:#fbbf24}
-  input[type=number]{width:5rem;background:#0b1220;border:1px solid #334155;color:#e2e8f0;
-    border-radius:6px;padding:.35rem .5rem}
-  button{margin-top:1.5rem;background:#6366f1;color:#fff;border:0;border-radius:8px;
-    padding:.7rem 1.4rem;font-size:1rem;cursor:pointer}
+  input[type=number]{width:5rem;background:#0b1220;border:1px solid #334155;color:#e2e8f0;border-radius:6px;padding:.35rem .5rem}
+  button{margin-top:1.5rem;background:#6366f1;color:#fff;border:0;border-radius:8px;padding:.7rem 1.4rem;font-size:1rem;cursor:pointer}
   button:hover{background:#4f46e5}
 </style></head><body><div class="wrap">
-  <h1>${escapeHtml(conn.name)} <small>(virtual supplier)</small></h1>
+  <h1>${escapeXml(supplier.name)} <small>(virtual supplier)</small></h1>
   <div class="sub">Mock catalog served by punchout-simulator. Set quantities and return the cart.</div>
-  <form method="post" action="${getPublicUrl()}/sim/${conn.id}/checkout">
-    <input type="hidden" name="cookie" value="${escapeHtml(cookie)}">
-    <input type="hidden" name="formpost" value="${escapeHtml(formpost)}">
+  <form method="post" action="${getPublicUrl()}/sim/${supplier.id}/checkout">
+    <input type="hidden" name="cookie" value="${escapeXml(cookie)}">
+    <input type="hidden" name="formpost" value="${escapeXml(formpost)}">
+    <input type="hidden" name="bd" value="${escapeXml(bd)}">
+    <input type="hidden" name="bi" value="${escapeXml(bi)}">
     <table><thead><tr><th>Item</th><th>Price</th><th>Qty</th></tr></thead>
     <tbody>${rows}</tbody></table>
     <button type="submit">Return cart to buyer \u2192</button>
@@ -1616,13 +1825,13 @@ simRoute.get("/:id/catalog", (c) => {
 </div></body></html>`);
 });
 simRoute.post("/:id/checkout", async (c) => {
-  const conn = getConnection(c.req.param("id"));
-  const err = requireSupplier(conn);
-  if (err) return c.text(err, 400);
+  const supplier = getSupplier(c.req.param("id"));
+  if (!supplier) return c.text("supplier not found", 404);
   const form = await c.req.parseBody();
   const cookie = String(form.cookie ?? `pos-${nanoid6(16)}`);
   const formpost = safeHttpUrl(String(form.formpost ?? ""));
-  const catalog = catalogOf(conn);
+  const buyerCred = { domain: String(form.bd ?? ""), identity: String(form.bi ?? "") };
+  const catalog = catalogOf(supplier);
   const items = [];
   catalog.forEach((it, i) => {
     const qty = Number(form[`q_${i}`] ?? 0);
@@ -1643,9 +1852,9 @@ simRoute.post("/:id/checkout", async (c) => {
   });
   const currency = items[0]?.currency ?? "USD";
   const xml = buildPunchOutOrderMessage({
-    from: conn.from,
-    to: conn.to,
-    sender: conn.sender,
+    from: supplier.identity,
+    to: buyerCred,
+    sender: supplier.identity,
     buyerCookie: cookie,
     payloadId: makePayloadId(host2(), (/* @__PURE__ */ new Date()).toISOString()),
     timestamp: (/* @__PURE__ */ new Date()).toISOString(),
@@ -1654,27 +1863,26 @@ simRoute.post("/:id/checkout", async (c) => {
   });
   appendLog({
     sessionId: cookie,
-    connectionId: conn.id,
+    connectionId: supplier.id,
     direction: "out",
     docType: "PunchOutOrderMessage",
     headers: { "Content-Type": "application/x-www-form-urlencoded" },
     body: xml,
-    validation: validateDocument(xml, { connection: conn, forceDocType: "PunchOutOrderMessage" })
+    validation: validateDocument(xml, { forceDocType: "PunchOutOrderMessage" })
   });
   return c.html(`<!doctype html><html lang="en"><head><meta charset="utf-8">
 <title>Returning cart\u2026</title></head>
 <body onload="document.forms[0].submit()" style="font-family:system-ui;background:#0f172a;color:#e2e8f0">
   <p style="padding:2rem">Returning cart to the buyer\u2026</p>
-  <form method="post" action="${escapeHtml(formpost)}">
-    <input type="hidden" name="cxml-urlencoded" value="${escapeHtml(xml)}">
+  <form method="post" action="${escapeXml(formpost)}">
+    <input type="hidden" name="cxml-urlencoded" value="${escapeXml(xml)}">
     <noscript><button type="submit">Continue</button></noscript>
   </form>
 </body></html>`);
 });
 simRoute.post("/:id/order", async (c) => {
-  const conn = getConnection(c.req.param("id"));
-  const err = requireSupplier(conn);
-  if (err) return c.text(err, 400);
+  const supplier = getSupplier(c.req.param("id"));
+  if (!supplier) return c.text("supplier not found", 404);
   const ct = c.req.header("content-type") ?? "";
   const raw = Buffer.from(await c.req.arrayBuffer());
   let xml;
@@ -1687,26 +1895,22 @@ simRoute.post("/:id/order", async (c) => {
       if (part === mp.root) continue;
       const cid = normalizeContentId(part.contentId);
       if (cid) availableContentIds.add(cid);
-      savedRefs.push(
-        saveAttachment(part.body, {
-          contentId: cid,
-          contentType: part.contentType ?? "application/octet-stream"
-        })
-      );
+      savedRefs.push(saveAttachment(part.body, { contentId: cid, contentType: part.contentType ?? "application/octet-stream" }));
     }
   } else {
     xml = raw.toString("utf8");
   }
   const doc = parseXml(xml);
+  const from = getHeaderCredentials(doc).from;
   const sessionId = findSessionForOrder(doc) ?? `order-${nanoid6(8)}`;
   const validation = validateDocument(xml, {
-    connection: conn,
+    expected: expectedFor(supplier.id, from),
     forceDocType: "OrderRequest",
     availableContentIds: isMultipart(ct) ? availableContentIds : void 0
   });
   appendLog({
     sessionId,
-    connectionId: conn.id,
+    connectionId: supplier.id,
     direction: "in",
     docType: "OrderRequest",
     headers: { "Content-Type": ct },
@@ -1721,13 +1925,13 @@ simRoute.post("/:id/order", async (c) => {
     timestamp: (/* @__PURE__ */ new Date()).toISOString(),
     statusCode: ok ? "200" : "400",
     statusText: ok ? "OK" : "Bad Request",
-    from: conn.from,
-    to: conn.to,
-    sender: conn.sender
+    from: supplier.identity,
+    to: from ?? { domain: "", identity: "" },
+    sender: supplier.identity
   });
   appendLog({
     sessionId,
-    connectionId: conn.id,
+    connectionId: supplier.id,
     direction: "out",
     docType: "OrderResponse",
     headers: { "Content-Type": "text/xml; charset=UTF-8" },
@@ -1739,22 +1943,17 @@ simRoute.post("/:id/order", async (c) => {
 });
 function findSessionForOrder(doc) {
   const header2 = root(doc)?.Request?.OrderRequest?.OrderRequestHeader;
-  const orderId = header2 ? attrOf(header2, "orderID") : void 0;
-  return orderId ? `order-${orderId}` : void 0;
-}
-function attrOf(node, name) {
-  const v = node?.[`@_${name}`];
-  return v == null ? void 0 : String(v);
-}
-function escapeHtml(s) {
-  return escapeXml(s);
+  const orderId = header2?.["@_orderID"];
+  return orderId ? `order-${String(orderId)}` : void 0;
 }
 // src/server/app.ts
 import { relative } from "path";
 function createApp(opts = {}) {
-  const app = new Hono7();
+  const app = new Hono8();
   if (!opts.quiet) app.use("*", logger());
+  app.route("/api/buyers", buyersRoute);
+  app.route("/api/suppliers", suppliersRoute);
   app.route("/api/connections", connectionsRoute);
   app.route("/api/connections", flowRoute);
   app.route("/api", dataRoute);
@@ -1782,34 +1981,28 @@ function relativeToCwd(abs) {
 // src/server/seed.ts
 async function seedDemoIfEmpty() {
   if (listConnections().length > 0) return;
-  const supplier = await createConnection({
+  const buyer = await createBuyer({
+    id: "demo-buyer",
+    name: "Demo Buyer",
+    identity: { domain: "DUNS", identity: "123456789" }
+  });
+  const supplier = await createSupplier({
     id: "demo-supplier",
     name: "Demo Supplier (built-in mock)",
-    mode: "virtual-supplier",
-    from: { domain: "DUNS", identity: "987654321" },
-    // supplier identity (the tool)
-    to: { domain: "DUNS", identity: "123456789" },
-    // buyer identity (counterparty)
-    sender: { domain: "DUNS", identity: "987654321" },
-    sharedSecret: "demo-secret",
-    deploymentMode: "test",
-    authStyle: "SharedSecret",
+    identity: { domain: "DUNS", identity: "987654321" },
+    punchoutUrl: `${getPublicUrl()}/sim/demo-supplier/punchout`,
+    orderUrl: `${getPublicUrl()}/sim/demo-supplier/order`,
     catalog: []
   });
   await createConnection({
-    id: "demo-buyer",
-    name: "Demo Buyer \u2192 built-in supplier",
+    id: "demo",
+    name: "Demo Buyer \u2192 Demo Supplier",
+    buyerId: buyer.id,
+    supplierId: supplier.id,
     mode: "virtual-buyer",
-    from: { domain: "DUNS", identity: "123456789" },
-    // buyer identity (the tool)
-    to: { domain: "DUNS", identity: "987654321" },
-    // supplier identity (counterparty)
-    sender: { domain: "DUNS", identity: "123456789" },
     sharedSecret: "demo-secret",
     deploymentMode: "test",
-    authStyle: "SharedSecret",
-    punchoutUrl: `${getPublicUrl()}/sim/${supplier.id}/punchout`,
-    orderUrl: `${getPublicUrl()}/sim/${supplier.id}/order`
+    authStyle: "SharedSecret"
   });
 }