npm - @ampvaleo/x402-hyperliquid-server - Versions diffs - 0.1.0 - Mend

@ampvaleo/x402-hyperliquid-server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,437 @@
+// src/nonce.ts
+var InMemoryNonceStore = class {
+  used = /* @__PURE__ */ new Set();
+  async tryConsume(key) {
+    if (this.used.has(key)) {
+      return false;
+    }
+    this.used.add(key);
+    return true;
+  }
+};
+// src/requirements.ts
+import {
+  DEFAULT_USDC_TOKEN,
+  HYPERLIQUID_SENDASSET_SCHEME,
+  getChainConfig
+} from "@ampvaleo/x402-hyperliquid-core";
+function buildPaymentRequirements(input) {
+  const cfg = getChainConfig(input.chain);
+  const token = input.token ?? DEFAULT_USDC_TOKEN[input.chain];
+  return {
+    scheme: HYPERLIQUID_SENDASSET_SCHEME,
+    network: cfg.network,
+    maxAmountRequired: input.price,
+    resource: input.resource,
+    description: input.description,
+    payTo: input.payTo,
+    maxTimeoutSeconds: input.maxTimeoutSeconds ?? 300,
+    asset: "USDC",
+    extra: {
+      chain: input.chain,
+      token,
+      sourceDex: input.sourceDex,
+      destinationDex: input.destinationDex
+    }
+  };
+}
+// src/settle.ts
+var HyperliquidExchangeError = class extends Error {
+  status;
+  body;
+  constructor(message, status, body) {
+    super(message);
+    this.name = "HyperliquidExchangeError";
+    this.status = status;
+    this.body = body;
+  }
+};
+async function submitToExchange(payload, chain, options = {}) {
+  const fetchImpl = options.fetch ?? globalThis.fetch;
+  const body = {
+    action: payload.action,
+    nonce: payload.nonce,
+    signature: payload.signature
+  };
+  const res = await fetchImpl(chain.exchangeUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  const text = await res.text();
+  let json;
+  try {
+    json = text ? JSON.parse(text) : null;
+  } catch {
+    json = text;
+  }
+  if (!res.ok) {
+    throw new HyperliquidExchangeError(
+      `Hyperliquid exchange HTTP ${res.status}`,
+      res.status,
+      json
+    );
+  }
+  const obj = json;
+  if (obj && typeof obj === "object" && obj.status === "err") {
+    throw new HyperliquidExchangeError(
+      "Hyperliquid exchange returned error status",
+      res.status,
+      json
+    );
+  }
+  return json;
+}
+// src/settlementMode.ts
+var DEV_VERIFY_ONLY = "X402_HL_DEV_VERIFY_ONLY";
+var ALLOW_VERIFY_ONLY_IN_PROD = "X402_HL_ALLOW_VERIFY_ONLY_IN_PROD";
+function assertDevVerifyOnlyEnvAllowed() {
+  if (process.env[DEV_VERIFY_ONLY] !== "1") {
+    return;
+  }
+  if (process.env.NODE_ENV === "production" && process.env[ALLOW_VERIFY_ONLY_IN_PROD] !== "1") {
+    throw new Error(
+      `${DEV_VERIFY_ONLY}=1 cannot be used with NODE_ENV=production unless ${ALLOW_VERIFY_ONLY_IN_PROD}=1 is also set (acknowledges verify-only is unsafe for real paywalls).`
+    );
+  }
+}
+function resolveSettlementMode(explicitSettle) {
+  if (explicitSettle !== void 0) {
+    return {
+      settle: explicitSettle,
+      warnDevVerifyOnlyEachPaidRequest: false
+    };
+  }
+  if (process.env[DEV_VERIFY_ONLY] === "1") {
+    assertDevVerifyOnlyEnvAllowed();
+    return {
+      settle: false,
+      warnDevVerifyOnlyEachPaidRequest: true
+    };
+  }
+  return { settle: true, warnDevVerifyOnlyEachPaidRequest: false };
+}
+var DEV_VERIFY_ONLY_ENV = DEV_VERIFY_ONLY;
+var ALLOW_VERIFY_ONLY_IN_PROD_ENV = ALLOW_VERIFY_ONLY_IN_PROD;
+// src/verify.ts
+import {
+  HYPERLIQUID_SENDASSET_SCHEME as HYPERLIQUID_SENDASSET_SCHEME2,
+  VIEM_SEND_ASSET_TYPES,
+  buildSendAssetTypedData,
+  getAmountDecimalsForToken
+} from "@ampvaleo/x402-hyperliquid-core";
+import { getAddress, parseUnits, recoverTypedDataAddress } from "viem";
+function lower(a) {
+  return a.toLowerCase();
+}
+async function verifyPayment(payload, requirements, ctx) {
+  if (payload.scheme !== HYPERLIQUID_SENDASSET_SCHEME2) {
+    return { valid: false, error: "unsupported scheme" };
+  }
+  if (requirements.scheme !== HYPERLIQUID_SENDASSET_SCHEME2) {
+    return { valid: false, error: "requirements scheme mismatch" };
+  }
+  if (payload.network !== requirements.network) {
+    return { valid: false, error: "network mismatch" };
+  }
+  const chain = ctx.chain;
+  if (payload.signatureChainId !== chain.signatureChainId) {
+    return { valid: false, error: "signatureChainId mismatch" };
+  }
+  const action = payload.action;
+  if (action.type !== "sendAsset") {
+    return { valid: false, error: "invalid action type" };
+  }
+  if (action.signatureChainId !== chain.signatureChainId) {
+    return { valid: false, error: "action.signatureChainId mismatch" };
+  }
+  if (action.hyperliquidChain !== chain.hyperliquidLabel) {
+    return { valid: false, error: "hyperliquidChain mismatch" };
+  }
+  if (action.fromSubAccount !== "") {
+    return { valid: false, error: "fromSubAccount must be empty" };
+  }
+  const extra = requirements.extra;
+  if (lower(action.destination) !== lower(requirements.payTo)) {
+    return { valid: false, error: "destination does not match payTo" };
+  }
+  if (action.token !== extra.token) {
+    return { valid: false, error: "token mismatch" };
+  }
+  if (action.sourceDex !== extra.sourceDex) {
+    return { valid: false, error: "sourceDex mismatch" };
+  }
+  if (action.destinationDex !== extra.destinationDex) {
+    return { valid: false, error: "destinationDex mismatch" };
+  }
+  let unitDecimals;
+  try {
+    unitDecimals = getAmountDecimalsForToken(extra.token);
+  } catch {
+    return { valid: false, error: "unknown token amount decimals (register weiDecimals from spotMeta)" };
+  }
+  let paid;
+  let min;
+  try {
+    paid = parseUnits(action.amount, unitDecimals);
+    min = parseUnits(requirements.maxAmountRequired, unitDecimals);
+  } catch {
+    return { valid: false, error: "invalid decimal amount" };
+  }
+  if (paid < min) {
+    return { valid: false, error: "amount below maxAmountRequired" };
+  }
+  if (payload.accepted && mismatchesAcceptedAttack(payload)) {
+    return { valid: false, error: "accepted does not match signed action" };
+  }
+  const window = ctx.nonceWindowMs ?? 6e4;
+  const now = ctx.nowMs ?? Date.now();
+  if (Math.abs(now - action.nonce) > window) {
+    return { valid: false, error: "nonce outside allowed window" };
+  }
+  const message = {
+    hyperliquidChain: action.hyperliquidChain,
+    destination: action.destination,
+    sourceDex: action.sourceDex,
+    destinationDex: action.destinationDex,
+    token: action.token,
+    amount: action.amount,
+    fromSubAccount: action.fromSubAccount,
+    nonce: BigInt(action.nonce)
+  };
+  const typed = buildSendAssetTypedData({
+    chainId: chain.chainId,
+    message
+  });
+  const yParity = payload.signature.v >= 27 ? payload.signature.v - 27 : payload.signature.v;
+  if (yParity !== 0 && yParity !== 1) {
+    return { valid: false, error: "invalid signature v" };
+  }
+  let signer;
+  try {
+    signer = await recoverTypedDataAddress({
+      domain: typed.domain,
+      types: VIEM_SEND_ASSET_TYPES,
+      primaryType: typed.primaryType,
+      message: typed.message,
+      signature: {
+        r: payload.signature.r,
+        s: payload.signature.s,
+        yParity
+      }
+    });
+    signer = getAddress(signer);
+  } catch {
+    return { valid: false, error: "signature recovery failed" };
+  }
+  const nonceKey = `${signer}:${action.nonce}`;
+  const fresh = await ctx.nonceStore.tryConsume(nonceKey);
+  if (!fresh) {
+    return { valid: false, error: "nonce replay" };
+  }
+  return { valid: true, signer };
+}
+function mismatchesAcceptedAttack(payload) {
+  const a = payload.accepted;
+  if (!a) return false;
+  if (a.scheme !== payload.scheme || a.network !== payload.network) {
+    return true;
+  }
+  if (lower(a.payTo) !== lower(payload.action.destination)) {
+    return true;
+  }
+  if (a.extra.token !== payload.action.token) {
+    return true;
+  }
+  if (a.extra.sourceDex !== payload.action.sourceDex) {
+    return true;
+  }
+  if (a.extra.destinationDex !== payload.action.destinationDex) {
+    return true;
+  }
+  return false;
+}
+function assertValidPayment(result) {
+  if (!result.valid) {
+    throw new Error(result.error);
+  }
+}
+// src/middleware/express.ts
+import {
+  decodePaymentHeader,
+  getChainConfig as getChainConfig2
+} from "@ampvaleo/x402-hyperliquid-core";
+function x402Hyperliquid(options) {
+  const chain = getChainConfig2(options.chain);
+  const settlement = resolveSettlementMode(options.settle);
+  return async (req, res, next) => {
+    const resource = options.resource ?? `${req.protocol}://${req.get("host") ?? "localhost"}${req.originalUrl}`;
+    const requirements = buildPaymentRequirements({
+      price: options.price,
+      payTo: options.payTo,
+      chain: options.chain,
+      token: options.token,
+      sourceDex: options.sourceDex,
+      destinationDex: options.destinationDex,
+      resource,
+      description: options.description,
+      maxTimeoutSeconds: options.maxTimeoutSeconds
+    });
+    const header = req.header("X-PAYMENT");
+    if (!header) {
+      res.status(402).json({
+        error: "Payment Required",
+        accepts: [requirements]
+      });
+      return;
+    }
+    let payload;
+    try {
+      payload = decodePaymentHeader(header);
+    } catch {
+      res.status(400).json({ error: "Invalid X-PAYMENT header" });
+      return;
+    }
+    const ctx = {
+      chain,
+      nonceStore: options.nonceStore,
+      nonceWindowMs: options.nonceWindowMs
+    };
+    const result = await verifyPayment(payload, requirements, ctx);
+    if (!result.valid) {
+      res.status(402).json({
+        error: result.error,
+        accepts: [requirements]
+      });
+      return;
+    }
+    if (settlement.warnDevVerifyOnlyEachPaidRequest) {
+      console.warn(
+        "\u26A0\uFE0F  VERIFY-ONLY MODE: payment verified but NOT settled. Do not use in production."
+      );
+    }
+    if (settlement.settle) {
+      try {
+        await submitToExchange(payload, chain, { fetch: options.fetch });
+      } catch (e) {
+        res.status(502).json({
+          error: e instanceof Error ? e.message : "Settlement failed"
+        });
+        return;
+      }
+    }
+    req.x402 = {
+      signer: result.signer,
+      payload
+    };
+    next();
+  };
+}
+// src/middleware/next.ts
+import {
+  decodePaymentHeader as decodePaymentHeader2,
+  getChainConfig as getChainConfig3
+} from "@ampvaleo/x402-hyperliquid-core";
+async function runX402HyperliquidGate(request, options) {
+  const chain = getChainConfig3(options.chain);
+  const settlement = resolveSettlementMode(options.settle);
+  const url = new URL(request.url);
+  const resource = options.resource ?? `${url.origin}${url.pathname}${url.search}`;
+  const requirements = buildPaymentRequirements({
+    price: options.price,
+    payTo: options.payTo,
+    chain: options.chain,
+    token: options.token,
+    sourceDex: options.sourceDex,
+    destinationDex: options.destinationDex,
+    resource,
+    description: options.description,
+    maxTimeoutSeconds: options.maxTimeoutSeconds
+  });
+  const header = request.headers.get("X-PAYMENT");
+  if (!header) {
+    return {
+      ok: false,
+      response: new Response(
+        JSON.stringify({ error: "Payment Required", accepts: [requirements] }),
+        {
+          status: 402,
+          headers: { "Content-Type": "application/json" }
+        }
+      )
+    };
+  }
+  let payload;
+  try {
+    payload = decodePaymentHeader2(header);
+  } catch {
+    return {
+      ok: false,
+      response: new Response(JSON.stringify({ error: "Invalid X-PAYMENT header" }), {
+        status: 400,
+        headers: { "Content-Type": "application/json" }
+      })
+    };
+  }
+  const ctx = {
+    chain,
+    nonceStore: options.nonceStore,
+    nonceWindowMs: options.nonceWindowMs
+  };
+  const result = await verifyPayment(payload, requirements, ctx);
+  if (!result.valid) {
+    return {
+      ok: false,
+      response: new Response(
+        JSON.stringify({ error: result.error, accepts: [requirements] }),
+        {
+          status: 402,
+          headers: { "Content-Type": "application/json" }
+        }
+      )
+    };
+  }
+  if (settlement.warnDevVerifyOnlyEachPaidRequest) {
+    console.warn(
+      "\u26A0\uFE0F  VERIFY-ONLY MODE: payment verified but NOT settled. Do not use in production."
+    );
+  }
+  if (settlement.settle) {
+    try {
+      await submitToExchange(payload, chain, { fetch: options.fetch });
+    } catch (e) {
+      return {
+        ok: false,
+        response: new Response(
+          JSON.stringify({
+            error: e instanceof Error ? e.message : "Settlement failed"
+          }),
+          { status: 502, headers: { "Content-Type": "application/json" } }
+        )
+      };
+    }
+  }
+  return { ok: true, signer: result.signer, payload };
+}
+export {
+  ALLOW_VERIFY_ONLY_IN_PROD_ENV,
+  DEV_VERIFY_ONLY_ENV,
+  HyperliquidExchangeError,
+  InMemoryNonceStore,
+  assertDevVerifyOnlyEnvAllowed,
+  assertValidPayment,
+  buildPaymentRequirements,
+  mismatchesAcceptedAttack,
+  resolveSettlementMode,
+  runX402HyperliquidGate,
+  submitToExchange,
+  verifyPayment,
+  x402Hyperliquid
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/nonce.ts","../src/requirements.ts","../src/settle.ts","../src/settlementMode.ts","../src/verify.ts","../src/middleware/express.ts","../src/middleware/next.ts"],"sourcesContent":["/**\n * Tracks seen payment nonces to prevent replay. Keys are opaque (e.g. `signer:nonceMs`).\n */\nexport interface NonceStore {\n /** Returns true if the nonce was unused and is now recorded */\n tryConsume(key: string): Promise<boolean>;\n}\n\nexport class InMemoryNonceStore implements NonceStore {\n private readonly used = new Set<string>();\n\n async tryConsume(key: string): Promise<boolean> {\n if (this.used.has(key)) {\n return false;\n }\n this.used.add(key);\n return true;\n }\n}\n","import {\n DEFAULT_USDC_TOKEN,\n HYPERLIQUID_SENDASSET_SCHEME,\n getChainConfig,\n type HyperliquidChainName,\n type PaymentRequirements,\n} from \"@ampvaleo/x402-hyperliquid-core\";\nimport type { Hex } from \"viem\";\n\nexport interface BuildRequirementsInput {\n price: string;\n payTo: Hex;\n chain: HyperliquidChainName;\n /** Full HL token string; defaults to canonical USDC for the chain */\n token?: string;\n sourceDex: \"spot\" | \"\";\n destinationDex: \"spot\" | \"\";\n resource: string;\n description?: string;\n maxTimeoutSeconds?: number;\n}\n\nexport function buildPaymentRequirements(\n input: BuildRequirementsInput,\n): PaymentRequirements {\n const cfg = getChainConfig(input.chain);\n const token = input.token ?? DEFAULT_USDC_TOKEN[input.chain];\n return {\n scheme: HYPERLIQUID_SENDASSET_SCHEME,\n network: cfg.network,\n maxAmountRequired: input.price,\n resource: input.resource,\n description: input.description,\n payTo: input.payTo,\n maxTimeoutSeconds: input.maxTimeoutSeconds ?? 300,\n asset: \"USDC\",\n extra: {\n chain: input.chain,\n token,\n sourceDex: input.sourceDex,\n destinationDex: input.destinationDex,\n },\n };\n}\n","import type { HyperliquidChainConfig, PaymentPayload } from \"@ampvaleo/x402-hyperliquid-core\";\n\nexport class HyperliquidExchangeError extends Error {\n readonly status: number;\n readonly body: unknown;\n\n constructor(message: string, status: number, body: unknown) {\n super(message);\n this.name = \"HyperliquidExchangeError\";\n this.status = status;\n this.body = body;\n }\n}\n\nexport interface SubmitOptions {\n fetch?: typeof fetch;\n}\n\n/**\n * Submits a signed sendAsset payment to Hyperliquid's public exchange API.\n */\nexport async function submitToExchange(\n payload: PaymentPayload,\n chain: HyperliquidChainConfig,\n options: SubmitOptions = {},\n): Promise<unknown> {\n const fetchImpl = options.fetch ?? globalThis.fetch;\n const body = {\n action: payload.action,\n nonce: payload.nonce,\n signature: payload.signature,\n };\n\n const res = await fetchImpl(chain.exchangeUrl, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify(body),\n });\n\n const text = await res.text();\n let json: unknown;\n try {\n json = text ? JSON.parse(text) : null;\n } catch {\n json = text;\n }\n\n if (!res.ok) {\n throw new HyperliquidExchangeError(\n `Hyperliquid exchange HTTP ${res.status}`,\n res.status,\n json,\n );\n }\n\n const obj = json as { status?: string; response?: unknown };\n if (obj && typeof obj === \"object\" && obj.status === \"err\") {\n throw new HyperliquidExchangeError(\n \"Hyperliquid exchange returned error status\",\n res.status,\n json,\n );\n }\n\n return json;\n}\n","const DEV_VERIFY_ONLY = \"X402_HL_DEV_VERIFY_ONLY\";\nconst ALLOW_VERIFY_ONLY_IN_PROD = \"X402_HL_ALLOW_VERIFY_ONLY_IN_PROD\";\n\nexport interface SettlementMode {\n settle: boolean;\n /**\n * When true, log a loud warning on each successful verification when settlement is skipped\n * because `X402_HL_DEV_VERIFY_ONLY=1` was used (not because `settle: false` was passed explicitly).\n */\n warnDevVerifyOnlyEachPaidRequest: boolean;\n}\n\n/**\n * Throws if `X402_HL_DEV_VERIFY_ONLY=1` is set in production without the explicit escape hatch.\n * Call once at process startup (e.g. when creating middleware) or before handling traffic.\n */\nexport function assertDevVerifyOnlyEnvAllowed(): void {\n if (process.env[DEV_VERIFY_ONLY] !== \"1\") {\n return;\n }\n if (\n process.env.NODE_ENV === \"production\" &&\n process.env[ALLOW_VERIFY_ONLY_IN_PROD] !== \"1\"\n ) {\n throw new Error(\n `${DEV_VERIFY_ONLY}=1 cannot be used with NODE_ENV=production unless ${ALLOW_VERIFY_ONLY_IN_PROD}=1 is also set (acknowledges verify-only is unsafe for real paywalls).`,\n );\n }\n}\n\n/**\n * Resolves whether to POST to Hyperliquid after verification.\n *\n * - If `explicitSettle` is set, it wins (no env). No dev-verify warning.\n * - Otherwise, if `X402_HL_DEV_VERIFY_ONLY=1`, settlement is off and warnings apply (after assert).\n * - Default: settle (direct mode).\n */\nexport function resolveSettlementMode(\n explicitSettle?: boolean,\n): SettlementMode {\n if (explicitSettle !== undefined) {\n return {\n settle: explicitSettle,\n warnDevVerifyOnlyEachPaidRequest: false,\n };\n }\n if (process.env[DEV_VERIFY_ONLY] === \"1\") {\n assertDevVerifyOnlyEnvAllowed();\n return {\n settle: false,\n warnDevVerifyOnlyEachPaidRequest: true,\n };\n }\n return { settle: true, warnDevVerifyOnlyEachPaidRequest: false };\n}\n\nexport const DEV_VERIFY_ONLY_ENV = DEV_VERIFY_ONLY;\nexport const ALLOW_VERIFY_ONLY_IN_PROD_ENV = ALLOW_VERIFY_ONLY_IN_PROD;\n","import {\n HYPERLIQUID_SENDASSET_SCHEME,\n VIEM_SEND_ASSET_TYPES,\n buildSendAssetTypedData,\n getAmountDecimalsForToken,\n type HyperliquidChainConfig,\n type PaymentPayload,\n type PaymentRequirements,\n} from \"@ampvaleo/x402-hyperliquid-core\";\nimport type { Address } from \"viem\";\nimport { getAddress, parseUnits, recoverTypedDataAddress } from \"viem\";\n\nimport type { NonceStore } from \"./nonce.js\";\n\nexport interface VerifyContext {\n chain: HyperliquidChainConfig;\n nonceStore: NonceStore;\n /** Max age of nonce timestamp in ms from now (default 60_000) */\n nonceWindowMs?: number;\n nowMs?: number;\n}\n\nfunction lower(a: string): string {\n return a.toLowerCase();\n}\n\n/**\n * Verifies EIP-712 signature and that `payload.action` matches server `requirements`.\n * Does **not** trust `payload.accepted` — compare only against `requirements`.\n */\nexport async function verifyPayment(\n payload: PaymentPayload,\n requirements: PaymentRequirements,\n ctx: VerifyContext,\n): Promise<\n { valid: true; signer: Address } | { valid: false; error: string }\n> {\n if (payload.scheme !== HYPERLIQUID_SENDASSET_SCHEME) {\n return { valid: false, error: \"unsupported scheme\" };\n }\n if (requirements.scheme !== HYPERLIQUID_SENDASSET_SCHEME) {\n return { valid: false, error: \"requirements scheme mismatch\" };\n }\n if (payload.network !== requirements.network) {\n return { valid: false, error: \"network mismatch\" };\n }\n\n const chain = ctx.chain;\n if (payload.signatureChainId !== chain.signatureChainId) {\n return { valid: false, error: \"signatureChainId mismatch\" };\n }\n\n const action = payload.action;\n if (action.type !== \"sendAsset\") {\n return { valid: false, error: \"invalid action type\" };\n }\n if (action.signatureChainId !== chain.signatureChainId) {\n return { valid: false, error: \"action.signatureChainId mismatch\" };\n }\n if (action.hyperliquidChain !== chain.hyperliquidLabel) {\n return { valid: false, error: \"hyperliquidChain mismatch\" };\n }\n if (action.fromSubAccount !== \"\") {\n return { valid: false, error: \"fromSubAccount must be empty\" };\n }\n\n const extra = requirements.extra;\n if (lower(action.destination) !== lower(requirements.payTo)) {\n return { valid: false, error: \"destination does not match payTo\" };\n }\n if (action.token !== extra.token) {\n return { valid: false, error: \"token mismatch\" };\n }\n if (action.sourceDex !== extra.sourceDex) {\n return { valid: false, error: \"sourceDex mismatch\" };\n }\n if (action.destinationDex !== extra.destinationDex) {\n return { valid: false, error: \"destinationDex mismatch\" };\n }\n\n let unitDecimals: number;\n try {\n unitDecimals = getAmountDecimalsForToken(extra.token);\n } catch {\n return { valid: false, error: \"unknown token amount decimals (register weiDecimals from spotMeta)\" };\n }\n let paid: bigint;\n let min: bigint;\n try {\n paid = parseUnits(action.amount, unitDecimals);\n min = parseUnits(requirements.maxAmountRequired, unitDecimals);\n } catch {\n return { valid: false, error: \"invalid decimal amount\" };\n }\n if (paid < min) {\n return { valid: false, error: \"amount below maxAmountRequired\" };\n }\n\n if (payload.accepted && mismatchesAcceptedAttack(payload)) {\n return { valid: false, error: \"accepted does not match signed action\" };\n }\n\n const window = ctx.nonceWindowMs ?? 60_000;\n const now = ctx.nowMs ?? Date.now();\n if (Math.abs(now - action.nonce) > window) {\n return { valid: false, error: \"nonce outside allowed window\" };\n }\n\n const message = {\n hyperliquidChain: action.hyperliquidChain,\n destination: action.destination,\n sourceDex: action.sourceDex,\n destinationDex: action.destinationDex,\n token: action.token,\n amount: action.amount,\n fromSubAccount: action.fromSubAccount,\n nonce: BigInt(action.nonce),\n };\n\n const typed = buildSendAssetTypedData({\n chainId: chain.chainId,\n message,\n });\n\n const yParity =\n payload.signature.v >= 27 ? payload.signature.v - 27 : payload.signature.v;\n if (yParity !== 0 && yParity !== 1) {\n return { valid: false, error: \"invalid signature v\" };\n }\n\n let signer: Address;\n try {\n signer = await recoverTypedDataAddress({\n domain: typed.domain,\n types: VIEM_SEND_ASSET_TYPES,\n primaryType: typed.primaryType,\n message: typed.message as unknown as Record<string, unknown>,\n signature: {\n r: payload.signature.r,\n s: payload.signature.s,\n yParity: yParity as 0 | 1,\n },\n });\n signer = getAddress(signer);\n } catch {\n return { valid: false, error: \"signature recovery failed\" };\n }\n\n const nonceKey = `${signer}:${action.nonce}`;\n const fresh = await ctx.nonceStore.tryConsume(nonceKey);\n if (!fresh) {\n return { valid: false, error: \"nonce replay\" };\n }\n\n return { valid: true, signer };\n}\n\n/**\n * Detects the case where the client tampers with `accepted` so it no longer reflects\n * the signed `action` (servers must never rely on `accepted` alone).\n */\nexport function mismatchesAcceptedAttack(payload: PaymentPayload): boolean {\n const a = payload.accepted;\n if (!a) return false;\n if (a.scheme !== payload.scheme || a.network !== payload.network) {\n return true;\n }\n if (lower(a.payTo) !== lower(payload.action.destination)) {\n return true;\n }\n if (a.extra.token !== payload.action.token) {\n return true;\n }\n if (a.extra.sourceDex !== payload.action.sourceDex) {\n return true;\n }\n if (a.extra.destinationDex !== payload.action.destinationDex) {\n return true;\n }\n return false;\n}\n\nexport function assertValidPayment(\n result: { valid: true; signer: Address } | { valid: false; error: string },\n): asserts result is { valid: true; signer: Address } {\n if (!result.valid) {\n throw new Error(result.error);\n }\n}\n","import {\n decodePaymentHeader,\n getChainConfig,\n type HyperliquidChainName,\n} from \"@ampvaleo/x402-hyperliquid-core\";\nimport type { PaymentPayload } from \"@ampvaleo/x402-hyperliquid-core\";\nimport type { Address } from \"viem\";\n\nimport type { NonceStore } from \"../nonce.js\";\nimport { buildPaymentRequirements, type BuildRequirementsInput } from \"../requirements.js\";\nimport { submitToExchange, type SubmitOptions } from \"../settle.js\";\nimport { resolveSettlementMode } from \"../settlementMode.js\";\nimport { verifyPayment, type VerifyContext } from \"../verify.js\";\n\nexport interface X402HyperliquidExpressOptions\n extends Omit<BuildRequirementsInput, \"resource\"> {\n /** Defaults to request URL */\n resource?: string;\n nonceStore: NonceStore;\n nonceWindowMs?: number;\n /**\n * When set, forces settlement on/off. When omitted, `X402_HL_DEV_VERIFY_ONLY=1` can disable\n * settlement for local dev (see `settlementMode.ts`).\n */\n settle?: boolean;\n fetch?: SubmitOptions[\"fetch\"];\n}\n\nexport type X402ExpressLocals = {\n signer: Address;\n payload: PaymentPayload;\n};\n\n/** Express middleware — returns 402 + `accepts` when unpaid; verifies + settles (default) when `X-PAYMENT` present */\nexport function x402Hyperliquid(options: X402HyperliquidExpressOptions) {\n const chain = getChainConfig(options.chain);\n const settlement = resolveSettlementMode(options.settle);\n\n return async (\n req: import(\"express\").Request,\n res: import(\"express\").Response,\n next: import(\"express\").NextFunction,\n ): Promise<void> => {\n const resource =\n options.resource ??\n `${req.protocol}://${req.get(\"host\") ?? \"localhost\"}${req.originalUrl}`;\n\n const requirements = buildPaymentRequirements({\n price: options.price,\n payTo: options.payTo,\n chain: options.chain as HyperliquidChainName,\n token: options.token,\n sourceDex: options.sourceDex,\n destinationDex: options.destinationDex,\n resource,\n description: options.description,\n maxTimeoutSeconds: options.maxTimeoutSeconds,\n });\n\n const header = req.header(\"X-PAYMENT\");\n if (!header) {\n res.status(402).json({\n error: \"Payment Required\",\n accepts: [requirements],\n });\n return;\n }\n\n let payload: import(\"@ampvaleo/x402-hyperliquid-core\").PaymentPayload;\n try {\n payload = decodePaymentHeader(header);\n } catch {\n res.status(400).json({ error: \"Invalid X-PAYMENT header\" });\n return;\n }\n\n const ctx: VerifyContext = {\n chain,\n nonceStore: options.nonceStore,\n nonceWindowMs: options.nonceWindowMs,\n };\n\n const result = await verifyPayment(payload, requirements, ctx);\n if (!result.valid) {\n res.status(402).json({\n error: result.error,\n accepts: [requirements],\n });\n return;\n }\n\n if (settlement.warnDevVerifyOnlyEachPaidRequest) {\n // eslint-disable-next-line no-console\n console.warn(\n \"⚠️ VERIFY-ONLY MODE: payment verified but NOT settled. Do not use in production.\",\n );\n }\n\n if (settlement.settle) {\n try {\n await submitToExchange(payload, chain, { fetch: options.fetch });\n } catch (e) {\n res.status(502).json({\n error: e instanceof Error ? e.message : \"Settlement failed\",\n });\n return;\n }\n }\n\n (req as import(\"express\").Request & { x402: X402ExpressLocals }).x402 = {\n signer: result.signer,\n payload,\n };\n next();\n };\n}\n","import {\n decodePaymentHeader,\n getChainConfig,\n type HyperliquidChainName,\n} from \"@ampvaleo/x402-hyperliquid-core\";\nimport type { Address } from \"viem\";\n\nimport type { NonceStore } from \"../nonce.js\";\nimport {\n buildPaymentRequirements,\n type BuildRequirementsInput,\n} from \"../requirements.js\";\nimport { submitToExchange, type SubmitOptions } from \"../settle.js\";\nimport { resolveSettlementMode } from \"../settlementMode.js\";\nimport { verifyPayment, type VerifyContext } from \"../verify.js\";\n\nexport interface X402HyperliquidNextOptions\n extends Omit<BuildRequirementsInput, \"resource\"> {\n resource?: string;\n nonceStore: NonceStore;\n nonceWindowMs?: number;\n settle?: boolean;\n fetch?: SubmitOptions[\"fetch\"];\n}\n\nexport type X402GateResult =\n | { ok: true; signer: Address; payload: import(\"@ampvaleo/x402-hyperliquid-core\").PaymentPayload }\n | { ok: false; response: Response };\n\n/**\n * App Router / edge-friendly gate: returns a `Response` to return early (402/400/502),\n * or `{ ok: true, ... }` when the caller should continue the route.\n */\nexport async function runX402HyperliquidGate(\n request: Request,\n options: X402HyperliquidNextOptions,\n): Promise<X402GateResult> {\n const chain = getChainConfig(options.chain);\n const settlement = resolveSettlementMode(options.settle);\n const url = new URL(request.url);\n const resource =\n options.resource ?? `${url.origin}${url.pathname}${url.search}`;\n\n const requirements = buildPaymentRequirements({\n price: options.price,\n payTo: options.payTo,\n chain: options.chain as HyperliquidChainName,\n token: options.token,\n sourceDex: options.sourceDex,\n destinationDex: options.destinationDex,\n resource,\n description: options.description,\n maxTimeoutSeconds: options.maxTimeoutSeconds,\n });\n\n const header = request.headers.get(\"X-PAYMENT\");\n if (!header) {\n return {\n ok: false,\n response: new Response(\n JSON.stringify({ error: \"Payment Required\", accepts: [requirements] }),\n {\n status: 402,\n headers: { \"Content-Type\": \"application/json\" },\n },\n ),\n };\n }\n\n let payload: import(\"@ampvaleo/x402-hyperliquid-core\").PaymentPayload;\n try {\n payload = decodePaymentHeader(header);\n } catch {\n return {\n ok: false,\n response: new Response(JSON.stringify({ error: \"Invalid X-PAYMENT header\" }), {\n status: 400,\n headers: { \"Content-Type\": \"application/json\" },\n }),\n };\n }\n\n const ctx: VerifyContext = {\n chain,\n nonceStore: options.nonceStore,\n nonceWindowMs: options.nonceWindowMs,\n };\n\n const result = await verifyPayment(payload, requirements, ctx);\n if (!result.valid) {\n return {\n ok: false,\n response: new Response(\n JSON.stringify({ error: result.error, accepts: [requirements] }),\n {\n status: 402,\n headers: { \"Content-Type\": \"application/json\" },\n },\n ),\n };\n }\n\n if (settlement.warnDevVerifyOnlyEachPaidRequest) {\n // eslint-disable-next-line no-console\n console.warn(\n \"⚠️ VERIFY-ONLY MODE: payment verified but NOT settled. Do not use in production.\",\n );\n }\n\n if (settlement.settle) {\n try {\n await submitToExchange(payload, chain, { fetch: options.fetch });\n } catch (e) {\n return {\n ok: false,\n response: new Response(\n JSON.stringify({\n error: e instanceof Error ? e.message : \"Settlement failed\",\n }),\n { status: 502, headers: { \"Content-Type\": \"application/json\" } },\n ),\n };\n }\n }\n\n return { ok: true, signer: result.signer, payload };\n}\n"],"mappings":";AAQO,IAAM,qBAAN,MAA+C;AAAA,EACnC,OAAO,oBAAI,IAAY;AAAA,EAExC,MAAM,WAAW,KAA+B;AAC9C,QAAI,KAAK,KAAK,IAAI,GAAG,GAAG;AACtB,aAAO;AAAA,IACT;AACA,SAAK,KAAK,IAAI,GAAG;AACjB,WAAO;AAAA,EACT;AACF;;;AClBA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OAGK;AAgBA,SAAS,yBACd,OACqB;AACrB,QAAM,MAAM,eAAe,MAAM,KAAK;AACtC,QAAM,QAAQ,MAAM,SAAS,mBAAmB,MAAM,KAAK;AAC3D,SAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS,IAAI;AAAA,IACb,mBAAmB,MAAM;AAAA,IACzB,UAAU,MAAM;AAAA,IAChB,aAAa,MAAM;AAAA,IACnB,OAAO,MAAM;AAAA,IACb,mBAAmB,MAAM,qBAAqB;AAAA,IAC9C,OAAO;AAAA,IACP,OAAO;AAAA,MACL,OAAO,MAAM;AAAA,MACb;AAAA,MACA,WAAW,MAAM;AAAA,MACjB,gBAAgB,MAAM;AAAA,IACxB;AAAA,EACF;AACF;;;ACzCO,IAAM,2BAAN,cAAuC,MAAM;AAAA,EACzC;AAAA,EACA;AAAA,EAET,YAAY,SAAiB,QAAgB,MAAe;AAC1D,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,OAAO;AAAA,EACd;AACF;AASA,eAAsB,iBACpB,SACA,OACA,UAAyB,CAAC,GACR;AAClB,QAAM,YAAY,QAAQ,SAAS,WAAW;AAC9C,QAAM,OAAO;AAAA,IACX,QAAQ,QAAQ;AAAA,IAChB,OAAO,QAAQ;AAAA,IACf,WAAW,QAAQ;AAAA,EACrB;AAEA,QAAM,MAAM,MAAM,UAAU,MAAM,aAAa;AAAA,IAC7C,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU,IAAI;AAAA,EAC3B,CAAC;AAED,QAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,MAAI;AACJ,MAAI;AACF,WAAO,OAAO,KAAK,MAAM,IAAI,IAAI;AAAA,EACnC,QAAQ;AACN,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,IAAI;AAAA,MACR,6BAA6B,IAAI,MAAM;AAAA,MACvC,IAAI;AAAA,MACJ;AAAA,IACF;AAAA,EACF;AAEA,QAAM,MAAM;AACZ,MAAI,OAAO,OAAO,QAAQ,YAAY,IAAI,WAAW,OAAO;AAC1D,UAAM,IAAI;AAAA,MACR;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;;;ACjEA,IAAM,kBAAkB;AACxB,IAAM,4BAA4B;AAe3B,SAAS,gCAAsC;AACpD,MAAI,QAAQ,IAAI,eAAe,MAAM,KAAK;AACxC;AAAA,EACF;AACA,MACE,QAAQ,IAAI,aAAa,gBACzB,QAAQ,IAAI,yBAAyB,MAAM,KAC3C;AACA,UAAM,IAAI;AAAA,MACR,GAAG,eAAe,qDAAqD,yBAAyB;AAAA,IAClG;AAAA,EACF;AACF;AASO,SAAS,sBACd,gBACgB;AAChB,MAAI,mBAAmB,QAAW;AAChC,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,kCAAkC;AAAA,IACpC;AAAA,EACF;AACA,MAAI,QAAQ,IAAI,eAAe,MAAM,KAAK;AACxC,kCAA8B;AAC9B,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,kCAAkC;AAAA,IACpC;AAAA,EACF;AACA,SAAO,EAAE,QAAQ,MAAM,kCAAkC,MAAM;AACjE;AAEO,IAAM,sBAAsB;AAC5B,IAAM,gCAAgC;;;ACzD7C;AAAA,EACE,gCAAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAIK;AAEP,SAAS,YAAY,YAAY,+BAA+B;AAYhE,SAAS,MAAM,GAAmB;AAChC,SAAO,EAAE,YAAY;AACvB;AAMA,eAAsB,cACpB,SACA,cACA,KAGA;AACA,MAAI,QAAQ,WAAWA,+BAA8B;AACnD,WAAO,EAAE,OAAO,OAAO,OAAO,qBAAqB;AAAA,EACrD;AACA,MAAI,aAAa,WAAWA,+BAA8B;AACxD,WAAO,EAAE,OAAO,OAAO,OAAO,+BAA+B;AAAA,EAC/D;AACA,MAAI,QAAQ,YAAY,aAAa,SAAS;AAC5C,WAAO,EAAE,OAAO,OAAO,OAAO,mBAAmB;AAAA,EACnD;AAEA,QAAM,QAAQ,IAAI;AAClB,MAAI,QAAQ,qBAAqB,MAAM,kBAAkB;AACvD,WAAO,EAAE,OAAO,OAAO,OAAO,4BAA4B;AAAA,EAC5D;AAEA,QAAM,SAAS,QAAQ;AACvB,MAAI,OAAO,SAAS,aAAa;AAC/B,WAAO,EAAE,OAAO,OAAO,OAAO,sBAAsB;AAAA,EACtD;AACA,MAAI,OAAO,qBAAqB,MAAM,kBAAkB;AACtD,WAAO,EAAE,OAAO,OAAO,OAAO,mCAAmC;AAAA,EACnE;AACA,MAAI,OAAO,qBAAqB,MAAM,kBAAkB;AACtD,WAAO,EAAE,OAAO,OAAO,OAAO,4BAA4B;AAAA,EAC5D;AACA,MAAI,OAAO,mBAAmB,IAAI;AAChC,WAAO,EAAE,OAAO,OAAO,OAAO,+BAA+B;AAAA,EAC/D;AAEA,QAAM,QAAQ,aAAa;AAC3B,MAAI,MAAM,OAAO,WAAW,MAAM,MAAM,aAAa,KAAK,GAAG;AAC3D,WAAO,EAAE,OAAO,OAAO,OAAO,mCAAmC;AAAA,EACnE;AACA,MAAI,OAAO,UAAU,MAAM,OAAO;AAChC,WAAO,EAAE,OAAO,OAAO,OAAO,iBAAiB;AAAA,EACjD;AACA,MAAI,OAAO,cAAc,MAAM,WAAW;AACxC,WAAO,EAAE,OAAO,OAAO,OAAO,qBAAqB;AAAA,EACrD;AACA,MAAI,OAAO,mBAAmB,MAAM,gBAAgB;AAClD,WAAO,EAAE,OAAO,OAAO,OAAO,0BAA0B;AAAA,EAC1D;AAEA,MAAI;AACJ,MAAI;AACF,mBAAe,0BAA0B,MAAM,KAAK;AAAA,EACtD,QAAQ;AACN,WAAO,EAAE,OAAO,OAAO,OAAO,qEAAqE;AAAA,EACrG;AACA,MAAI;AACJ,MAAI;AACJ,MAAI;AACF,WAAO,WAAW,OAAO,QAAQ,YAAY;AAC7C,UAAM,WAAW,aAAa,mBAAmB,YAAY;AAAA,EAC/D,QAAQ;AACN,WAAO,EAAE,OAAO,OAAO,OAAO,yBAAyB;AAAA,EACzD;AACA,MAAI,OAAO,KAAK;AACd,WAAO,EAAE,OAAO,OAAO,OAAO,iCAAiC;AAAA,EACjE;AAEA,MAAI,QAAQ,YAAY,yBAAyB,OAAO,GAAG;AACzD,WAAO,EAAE,OAAO,OAAO,OAAO,wCAAwC;AAAA,EACxE;AAEA,QAAM,SAAS,IAAI,iBAAiB;AACpC,QAAM,MAAM,IAAI,SAAS,KAAK,IAAI;AAClC,MAAI,KAAK,IAAI,MAAM,OAAO,KAAK,IAAI,QAAQ;AACzC,WAAO,EAAE,OAAO,OAAO,OAAO,+BAA+B;AAAA,EAC/D;AAEA,QAAM,UAAU;AAAA,IACd,kBAAkB,OAAO;AAAA,IACzB,aAAa,OAAO;AAAA,IACpB,WAAW,OAAO;AAAA,IAClB,gBAAgB,OAAO;AAAA,IACvB,OAAO,OAAO;AAAA,IACd,QAAQ,OAAO;AAAA,IACf,gBAAgB,OAAO;AAAA,IACvB,OAAO,OAAO,OAAO,KAAK;AAAA,EAC5B;AAEA,QAAM,QAAQ,wBAAwB;AAAA,IACpC,SAAS,MAAM;AAAA,IACf;AAAA,EACF,CAAC;AAED,QAAM,UACJ,QAAQ,UAAU,KAAK,KAAK,QAAQ,UAAU,IAAI,KAAK,QAAQ,UAAU;AAC3E,MAAI,YAAY,KAAK,YAAY,GAAG;AAClC,WAAO,EAAE,OAAO,OAAO,OAAO,sBAAsB;AAAA,EACtD;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,MAAM,wBAAwB;AAAA,MACrC,QAAQ,MAAM;AAAA,MACd,OAAO;AAAA,MACP,aAAa,MAAM;AAAA,MACnB,SAAS,MAAM;AAAA,MACf,WAAW;AAAA,QACT,GAAG,QAAQ,UAAU;AAAA,QACrB,GAAG,QAAQ,UAAU;AAAA,QACrB;AAAA,MACF;AAAA,IACF,CAAC;AACD,aAAS,WAAW,MAAM;AAAA,EAC5B,QAAQ;AACN,WAAO,EAAE,OAAO,OAAO,OAAO,4BAA4B;AAAA,EAC5D;AAEA,QAAM,WAAW,GAAG,MAAM,IAAI,OAAO,KAAK;AAC1C,QAAM,QAAQ,MAAM,IAAI,WAAW,WAAW,QAAQ;AACtD,MAAI,CAAC,OAAO;AACV,WAAO,EAAE,OAAO,OAAO,OAAO,eAAe;AAAA,EAC/C;AAEA,SAAO,EAAE,OAAO,MAAM,OAAO;AAC/B;AAMO,SAAS,yBAAyB,SAAkC;AACzE,QAAM,IAAI,QAAQ;AAClB,MAAI,CAAC,EAAG,QAAO;AACf,MAAI,EAAE,WAAW,QAAQ,UAAU,EAAE,YAAY,QAAQ,SAAS;AAChE,WAAO;AAAA,EACT;AACA,MAAI,MAAM,EAAE,KAAK,MAAM,MAAM,QAAQ,OAAO,WAAW,GAAG;AACxD,WAAO;AAAA,EACT;AACA,MAAI,EAAE,MAAM,UAAU,QAAQ,OAAO,OAAO;AAC1C,WAAO;AAAA,EACT;AACA,MAAI,EAAE,MAAM,cAAc,QAAQ,OAAO,WAAW;AAClD,WAAO;AAAA,EACT;AACA,MAAI,EAAE,MAAM,mBAAmB,QAAQ,OAAO,gBAAgB;AAC5D,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,mBACd,QACoD;AACpD,MAAI,CAAC,OAAO,OAAO;AACjB,UAAM,IAAI,MAAM,OAAO,KAAK;AAAA,EAC9B;AACF;;;AC5LA;AAAA,EACE;AAAA,EACA,kBAAAC;AAAA,OAEK;AA8BA,SAAS,gBAAgB,SAAwC;AACtE,QAAM,QAAQC,gBAAe,QAAQ,KAAK;AAC1C,QAAM,aAAa,sBAAsB,QAAQ,MAAM;AAEvD,SAAO,OACL,KACA,KACA,SACkB;AAClB,UAAM,WACJ,QAAQ,YACR,GAAG,IAAI,QAAQ,MAAM,IAAI,IAAI,MAAM,KAAK,WAAW,GAAG,IAAI,WAAW;AAEvE,UAAM,eAAe,yBAAyB;AAAA,MAC5C,OAAO,QAAQ;AAAA,MACf,OAAO,QAAQ;AAAA,MACf,OAAO,QAAQ;AAAA,MACf,OAAO,QAAQ;AAAA,MACf,WAAW,QAAQ;AAAA,MACnB,gBAAgB,QAAQ;AAAA,MACxB;AAAA,MACA,aAAa,QAAQ;AAAA,MACrB,mBAAmB,QAAQ;AAAA,IAC7B,CAAC;AAED,UAAM,SAAS,IAAI,OAAO,WAAW;AACrC,QAAI,CAAC,QAAQ;AACX,UAAI,OAAO,GAAG,EAAE,KAAK;AAAA,QACnB,OAAO;AAAA,QACP,SAAS,CAAC,YAAY;AAAA,MACxB,CAAC;AACD;AAAA,IACF;AAEA,QAAI;AACJ,QAAI;AACF,gBAAU,oBAAoB,MAAM;AAAA,IACtC,QAAQ;AACN,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,2BAA2B,CAAC;AAC1D;AAAA,IACF;AAEA,UAAM,MAAqB;AAAA,MACzB;AAAA,MACA,YAAY,QAAQ;AAAA,MACpB,eAAe,QAAQ;AAAA,IACzB;AAEA,UAAM,SAAS,MAAM,cAAc,SAAS,cAAc,GAAG;AAC7D,QAAI,CAAC,OAAO,OAAO;AACjB,UAAI,OAAO,GAAG,EAAE,KAAK;AAAA,QACnB,OAAO,OAAO;AAAA,QACd,SAAS,CAAC,YAAY;AAAA,MACxB,CAAC;AACD;AAAA,IACF;AAEA,QAAI,WAAW,kCAAkC;AAE/C,cAAQ;AAAA,QACN;AAAA,MACF;AAAA,IACF;AAEA,QAAI,WAAW,QAAQ;AACrB,UAAI;AACF,cAAM,iBAAiB,SAAS,OAAO,EAAE,OAAO,QAAQ,MAAM,CAAC;AAAA,MACjE,SAAS,GAAG;AACV,YAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UACnB,OAAO,aAAa,QAAQ,EAAE,UAAU;AAAA,QAC1C,CAAC;AACD;AAAA,MACF;AAAA,IACF;AAEA,IAAC,IAAgE,OAAO;AAAA,MACtE,QAAQ,OAAO;AAAA,MACf;AAAA,IACF;AACA,SAAK;AAAA,EACP;AACF;;;ACnHA;AAAA,EACE,uBAAAC;AAAA,EACA,kBAAAC;AAAA,OAEK;AA6BP,eAAsB,uBACpB,SACA,SACyB;AACzB,QAAM,QAAQC,gBAAe,QAAQ,KAAK;AAC1C,QAAM,aAAa,sBAAsB,QAAQ,MAAM;AACvD,QAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,QAAM,WACJ,QAAQ,YAAY,GAAG,IAAI,MAAM,GAAG,IAAI,QAAQ,GAAG,IAAI,MAAM;AAE/D,QAAM,eAAe,yBAAyB;AAAA,IAC5C,OAAO,QAAQ;AAAA,IACf,OAAO,QAAQ;AAAA,IACf,OAAO,QAAQ;AAAA,IACf,OAAO,QAAQ;AAAA,IACf,WAAW,QAAQ;AAAA,IACnB,gBAAgB,QAAQ;AAAA,IACxB;AAAA,IACA,aAAa,QAAQ;AAAA,IACrB,mBAAmB,QAAQ;AAAA,EAC7B,CAAC;AAED,QAAM,SAAS,QAAQ,QAAQ,IAAI,WAAW;AAC9C,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,UAAU,IAAI;AAAA,QACZ,KAAK,UAAU,EAAE,OAAO,oBAAoB,SAAS,CAAC,YAAY,EAAE,CAAC;AAAA,QACrE;AAAA,UACE,QAAQ;AAAA,UACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAChD;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACJ,MAAI;AACF,cAAUC,qBAAoB,MAAM;AAAA,EACtC,QAAQ;AACN,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,UAAU,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,2BAA2B,CAAC,GAAG;AAAA,QAC5E,QAAQ;AAAA,QACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAChD,CAAC;AAAA,IACH;AAAA,EACF;AAEA,QAAM,MAAqB;AAAA,IACzB;AAAA,IACA,YAAY,QAAQ;AAAA,IACpB,eAAe,QAAQ;AAAA,EACzB;AAEA,QAAM,SAAS,MAAM,cAAc,SAAS,cAAc,GAAG;AAC7D,MAAI,CAAC,OAAO,OAAO;AACjB,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,UAAU,IAAI;AAAA,QACZ,KAAK,UAAU,EAAE,OAAO,OAAO,OAAO,SAAS,CAAC,YAAY,EAAE,CAAC;AAAA,QAC/D;AAAA,UACE,QAAQ;AAAA,UACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAChD;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,MAAI,WAAW,kCAAkC;AAE/C,YAAQ;AAAA,MACN;AAAA,IACF;AAAA,EACF;AAEA,MAAI,WAAW,QAAQ;AACrB,QAAI;AACF,YAAM,iBAAiB,SAAS,OAAO,EAAE,OAAO,QAAQ,MAAM,CAAC;AAAA,IACjE,SAAS,GAAG;AACV,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,UAAU,IAAI;AAAA,UACZ,KAAK,UAAU;AAAA,YACb,OAAO,aAAa,QAAQ,EAAE,UAAU;AAAA,UAC1C,CAAC;AAAA,UACD,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,QACjE;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,SAAO,EAAE,IAAI,MAAM,QAAQ,OAAO,QAAQ,QAAQ;AACpD;","names":["HYPERLIQUID_SENDASSET_SCHEME","getChainConfig","getChainConfig","decodePaymentHeader","getChainConfig","getChainConfig","decodePaymentHeader"]}

package/package.json ADDED Viewed

@@ -0,0 +1,58 @@
+{
+  "name": "@ampvaleo/x402-hyperliquid-server",
+  "version": "0.1.0",
+  "description": "Verify, settle, and middleware for x402 on Hyperliquid HyperCore",
+  "author": "Valeo Protocol",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/valeo-cash/x402-hyperliquid.git",
+    "directory": "packages/server"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "dependencies": {
+    "viem": "^2.21.54",
+    "@ampvaleo/x402-hyperliquid-core": "0.1.0"
+  },
+  "peerDependencies": {
+    "express": "^4.0.0 || ^5.0.0",
+    "next": "^14.0.0 || ^15.0.0"
+  },
+  "peerDependenciesMeta": {
+    "express": {
+      "optional": true
+    },
+    "next": {
+      "optional": true
+    }
+  },
+  "devDependencies": {
+    "@types/express": "^5.0.0",
+    "@types/node": "^22.10.2",
+    "express": "^4.21.2",
+    "tsup": "^8.3.5",
+    "typescript": "^5.7.2",
+    "vitest": "^2.1.8"
+  },
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest run"
+  }
+}