@apicity/cost 0.2.0-alpha.1 → 0.2.0

package/dist/src/paygate.js

@@ -1,13 +1,7 @@
-import { createHash, createPublicKey, verify } from "node:crypto";
-import { readFileSync, appendFileSync, existsSync, mkdirSync } from "node:fs";
-import { join } from "node:path";
-import { homedir } from "node:os";
-import { computeEstimate } from "./compute.js";
-import { isPaidEndpoint } from "./paid-endpoints.js";
-import { SpendBoundError } from "./paid-endpoints.js";
+import { createHash, createHmac, randomBytes, timingSafeEqual, } from "node:crypto";
+import { isPaidEndpoint, PAID_ENDPOINTS } from "./paid-endpoints.js";
 /**
- * Error thrown when the pay gate blocks a request for any reason
- * other than spend bounds (which use SpendBoundError).
+ * Error thrown when the pay gate blocks a request.
  */
 export class PayGateError extends Error {
     provider;
@@ -69,16 +63,48 @@ export function canonicalHash(value) {
     const hash = createHash("sha256").update(canonical, "utf8").digest("hex");
     return `sha256:${hash}`;
 }
+/**
+ * Encode a buffer to unpadded base64url.
+ */
+function base64urlEncode(data) {
+    return data
+        .toString("base64")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/g, "");
+}
 /**
  * Decode base64url (no padding required).
  */
 function base64urlDecode(str) {
-    // Replace base64url chars with base64 chars and add padding
     const base64 = str.replace(/-/g, "+").replace(/_/g, "/");
     const padLen = (4 - (base64.length % 4)) % 4;
     const padded = base64 + "=".repeat(padLen);
     return Buffer.from(padded, "base64");
 }
+/**
+ * Parse a TTL string like "10m", "1h", "30s", "1d" into seconds.
+ */
+export function parseTtl(ttl) {
+    const match = ttl.match(/^(\d+)([smhd])$/i);
+    if (!match) {
+        throw new Error(`Invalid TTL format: ${ttl}. Expected format like 10m, 1h, 30s.`);
+    }
+    const value = parseInt(match[1], 10);
+    const unit = match[2].toLowerCase();
+    switch (unit) {
+        case "s":
+            return value;
+        case "m":
+            return value * 60;
+        case "h":
+            return value * 60 * 60;
+        case "d":
+            return value * 60 * 60 * 24;
+        default:
+            throw new Error(`Unknown TTL unit: ${unit}`);
+    }
+}
 /**
  * Parse an OTP envelope: `<base64url(payloadJson)>.<base64url(signature)>`.
  * Returns the payload object and raw signature bytes.
@@ -99,23 +125,13 @@ export function parseOtp(otp) {
     }
     if (typeof payload !== "object" ||
         payload === null ||
-        !("v" in payload) ||
         payload.v !== 1 ||
-        !("jti" in payload) ||
         typeof payload.jti !== "string" ||
-        !("provider" in payload) ||
         typeof payload.provider !== "string" ||
-        !("method" in payload) ||
         typeof payload.method !== "string" ||
-        !("dotPath" in payload) ||
         typeof payload.dotPath !== "string" ||
-        !("requestHash" in payload) ||
         typeof payload.requestHash !== "string" ||
-        !("maxSpendUsd" in payload) ||
-        typeof payload.maxSpendUsd !== "number" ||
-        !("iat" in payload) ||
         typeof payload.iat !== "number" ||
-        !("exp" in payload) ||
         typeof payload.exp !== "number") {
         throw new Error("OTP payload missing required fields");
     }
@@ -125,154 +141,196 @@ export function parseOtp(otp) {
     };
 }
 /**
- * Verify the Ed25519 signature of an OTP payload segment.
- * `publicKey` is the PEM string read from the public key file.
+ * Compute the HMAC-SHA256 of an OTP payload segment with the shared secret.
  */
-export function verifyOtpSignature(payloadSegmentBase64url, signature, publicKeyPem) {
-    const key = createPublicKey(publicKeyPem);
-    const data = Buffer.from(payloadSegmentBase64url, "utf8");
-    return verify(null, data, key, signature);
+function signPayloadSegment(payloadSegment, secret) {
+    return createHmac("sha256", secret).update(payloadSegment, "utf8").digest();
 }
 /**
- * Resolve the default replay ledger path.
+ * Constant-time verification of an OTP payload segment's HMAC signature.
  */
-function defaultLedgerPath() {
-    const xdg = process.env.XDG_STATE_HOME;
-    if (xdg) {
-        return join(xdg, "apicity", "paygate-used.jsonl");
+function verifyPayloadSignature(payloadSegment, signature, secret) {
+    const expected = signPayloadSegment(payloadSegment, secret);
+    if (expected.length !== signature.length) {
+        return false;
     }
-    return join(homedir(), ".local", "state", "apicity", "paygate-used.jsonl");
+    return timingSafeEqual(expected, signature);
 }
 /**
- * Check whether a jti has already been consumed.
- *
- * @param jti - The OTP jti to check
- * @param ledgerPath - Optional override path; defaults to XDG_STATE_HOME or ~/.local/state
+ * Create an in-process, single-use replay store backed by a `Set`.
+ * Scoped to whatever holds the reference (typically one provider instance).
  */
-export function isJtiConsumed(jti, ledgerPath = defaultLedgerPath()) {
-    if (!existsSync(ledgerPath)) {
-        return false;
-    }
-    const content = readFileSync(ledgerPath, "utf8");
-    for (const line of content.split("\n")) {
-        const trimmed = line.trim();
-        if (!trimmed)
-            continue;
-        try {
-            const entry = JSON.parse(trimmed);
-            if (entry.jti === jti) {
-                return true;
-            }
-        }
-        catch {
-            // Skip malformed lines
-        }
-    }
-    return false;
+export function createReplayStore() {
+    const seen = new Set();
+    return {
+        has: (jti) => seen.has(jti),
+        add: (jti) => {
+            seen.add(jti);
+        },
+    };
 }
+const DEFAULT_TTL_SECONDS = 600;
 /**
- * Append a jti to the replay ledger.
- *
- * @param jti - The OTP jti to consume
- * @param ledgerPath - Optional override path; defaults to XDG_STATE_HOME or ~/.local/state
+ * Resolve `(provider, method, dotPath)` for a mint call. When the caller omits
+ * provider/method, the dotPath must match exactly one entry in
+ * `PAID_ENDPOINTS`.
  */
-export function consumeJti(jti, ledgerPath = defaultLedgerPath()) {
-    const dir = join(ledgerPath, "..");
-    if (!existsSync(dir)) {
-        mkdirSync(dir, { recursive: true });
+function resolveCallKey(call) {
+    if (call.provider && call.method) {
+        return {
+            provider: call.provider,
+            method: call.method,
+            dotPath: call.dotPath,
+        };
     }
-    const entry = JSON.stringify({
-        jti,
-        consumedAt: Math.floor(Date.now() / 1000),
-    });
-    appendFileSync(ledgerPath, entry + "\n", "utf8");
+    const matches = PAID_ENDPOINTS.filter((e) => e.key.dotPath === call.dotPath &&
+        (call.method === undefined || e.key.method === call.method) &&
+        (call.provider === undefined || e.key.provider === call.provider));
+    if (matches.length === 1) {
+        const key = matches[0].key;
+        return {
+            provider: call.provider ?? key.provider,
+            method: call.method ?? key.method,
+            dotPath: call.dotPath,
+        };
+    }
+    throw new Error(`Cannot resolve provider/method for dotPath "${call.dotPath}". ` +
+        `Pass { provider, method } explicitly.`);
 }
 /**
- * Load the Ed25519 public key PEM from the configured path.
+ * Mint an OTP for a specific request, signed with the shared HMAC secret.
+ *
+ * Pure and env-free: the secret is passed explicitly. The OTP binds to the
+ * exact request via its canonical hash, so changing any byte of the request
+ * invalidates the token.
  */
-function loadPublicKey() {
-    const path = process.env.APICITY_PAYGATE_PUBLIC_KEY_PATH;
-    if (!path) {
-        return undefined;
+export function mintOtp(secret, call) {
+    if (!secret) {
+        throw new Error("mintOtp requires a non-empty secret");
     }
-    return readFileSync(path, "utf8");
+    const key = resolveCallKey(call);
+    const ttlSeconds = call.ttl === undefined
+        ? DEFAULT_TTL_SECONDS
+        : typeof call.ttl === "number"
+            ? call.ttl
+            : parseTtl(call.ttl);
+    const iat = Math.floor(Date.now() / 1000);
+    const payload = {
+        v: 1,
+        jti: randomBytes(16).toString("hex"),
+        provider: key.provider,
+        method: key.method,
+        dotPath: key.dotPath,
+        requestHash: canonicalHash(call.request),
+        iat,
+        exp: iat + ttlSeconds,
+    };
+    const payloadSegment = base64urlEncode(Buffer.from(JSON.stringify(payload), "utf8"));
+    const signatureSegment = base64urlEncode(signPayloadSegment(payloadSegment, secret));
+    return `${payloadSegment}.${signatureSegment}`;
 }
 /**
- * Verify an OTP against the public key, checking signature, expiry,
- * request binding, and replay.
+ * Pure verification of an OTP against expected request context.
+ *
+ * Returns a tagged-union `VerifyResult` — never throws. The caller is
+ * responsible for converting `{ ok: false }` into a `PayGateError` at the
+ * boundary.
  */
-function verifyOtp(provider, method, dotPath, payload, otp, publicKeyPem) {
+export function verifyOtp(input) {
     let parsed;
     try {
-        parsed = parseOtp(otp);
+        parsed = parseOtp(input.otp);
     }
     catch (e) {
-        throw new PayGateError(provider, method, dotPath, "otp-malformed", e instanceof Error ? e.message : "OTP is malformed");
+        return {
+            ok: false,
+            code: "otp-malformed",
+            message: e instanceof Error ? e.message : "OTP is malformed",
+        };
     }
-    const { payload: otpPayload, signature } = parsed;
-    const parts = otp.split(".");
-    const payloadSegment = parts[0];
-    const sigOk = verifyOtpSignature(payloadSegment, signature, publicKeyPem);
-    if (!sigOk) {
-        throw new PayGateError(provider, method, dotPath, "otp-invalid-signature", "OTP signature is invalid");
+    const { payload, signature } = parsed;
+    const payloadSegment = input.otp.split(".")[0];
+    if (!verifyPayloadSignature(payloadSegment, signature, input.secret)) {
+        return {
+            ok: false,
+            code: "otp-invalid-signature",
+            message: "OTP signature is invalid",
+        };
     }
-    const now = Math.floor(Date.now() / 1000);
-    if (otpPayload.exp < now) {
-        throw new PayGateError(provider, method, dotPath, "otp-expired", `OTP expired at ${otpPayload.exp} (now is ${now})`);
+    if (payload.exp < input.nowSeconds) {
+        return {
+            ok: false,
+            code: "otp-expired",
+            message: `OTP expired at ${payload.exp} (now is ${input.nowSeconds})`,
+        };
     }
-    if (otpPayload.provider !== provider ||
-        otpPayload.method !== method ||
-        otpPayload.dotPath !== dotPath) {
-        throw new PayGateError(provider, method, dotPath, "otp-mismatched-request", `OTP bound to ${otpPayload.provider} ${otpPayload.method} ${otpPayload.dotPath}, ` +
-            `but call is ${provider} ${method} ${dotPath}`);
+    if (payload.provider !== input.expected.provider ||
+        payload.method !== input.expected.method ||
+        payload.dotPath !== input.expected.dotPath) {
+        return {
+            ok: false,
+            code: "otp-mismatched-request",
+            message: `OTP bound to ${payload.provider} ${payload.method} ${payload.dotPath}, ` +
+                `but call is ${input.expected.provider} ${input.expected.method} ${input.expected.dotPath}`,
+        };
     }
-    const expectedHash = canonicalHash(payload);
-    if (otpPayload.requestHash !== expectedHash) {
-        throw new PayGateError(provider, method, dotPath, "otp-mismatched-request", `OTP request hash mismatch: expected ${expectedHash}, got ${otpPayload.requestHash}`);
+    if (payload.requestHash !== input.payloadHash) {
+        return {
+            ok: false,
+            code: "otp-mismatched-request",
+            message: `OTP request hash mismatch: expected ${input.payloadHash}, got ${payload.requestHash}`,
+        };
     }
-    if (isJtiConsumed(otpPayload.jti)) {
-        throw new PayGateError(provider, method, dotPath, "otp-replayed", `OTP jti ${otpPayload.jti} has already been consumed`);
+    if (input.isJtiConsumed(payload.jti)) {
+        return {
+            ok: false,
+            code: "otp-replayed",
+            message: `OTP jti ${payload.jti} has already been consumed`,
+        };
     }
-    return otpPayload;
+    return { ok: true, jti: payload.jti };
 }
 /**
  * Wrap a provider network dispatch with the OTP-based paid-endpoint gate.
  *
  * Free/unlisted endpoints return `dispatch()` immediately without OTP or
- * pay gate configuration.
+ * pay-gate configuration.
  *
  * Paid endpoints fail closed: if the pay gate is not configured, or the OTP
- * is missing, invalid, expired, replayed, mismatched, or the cost exceeds the
- * OTP's maxSpendUsd, the call throws before dispatch runs.
+ * is missing, invalid, expired, replayed, or mismatched, the call throws
+ * before dispatch runs. This is the "no bypass" guarantee — a paid call cannot
+ * fire without a configured secret and a valid, human/code-client-minted OTP.
+ *
+ * The OTP jti is consumed BEFORE dispatch. If dispatch later fails for any
+ * reason, the jti remains consumed and the caller must mint a fresh OTP to
+ * retry. This is intentional — without it, a hostile caller could replay an
+ * OTP on every transient failure.
  */
-export async function dispatchWithPaidGate(provider, method, dotPath, payload, approval, dispatch) {
+export async function dispatchWithPaidGate(provider, method, dotPath, payload, approval, dispatch, config) {
     if (!isPaidEndpoint(provider, method, dotPath)) {
         return dispatch();
     }
-    const publicKeyPem = loadPublicKey();
-    if (!publicKeyPem) {
-        throw new PayGateError(provider, method, dotPath, "paygate-not-configured", "Pay gate is not configured: APICITY_PAYGATE_PUBLIC_KEY_PATH is not set");
+    if (!config || !config.secret) {
+        throw new PayGateError(provider, method, dotPath, "paygate-not-configured", `Paid endpoint ${provider} ${method} ${dotPath} requires a pay gate. ` +
+            `Construct the provider with { paygate: { secret } }.`);
     }
     if (!approval || !approval.otp) {
         throw new PayGateError(provider, method, dotPath, "otp-missing", "Paid endpoint requires an OTP approval. Pass { otp: '...' }.");
     }
-    const otpPayload = verifyOtp(provider, method, dotPath, payload, approval.otp, publicKeyPem);
-    const estimate = computeEstimate({
-        provider: provider,
-        payload,
+    const store = config.replayStore ?? createReplayStore();
+    const now = config.now ?? (() => Date.now());
+    const result = verifyOtp({
+        nowSeconds: Math.floor(now() / 1000),
+        secret: config.secret,
+        expected: { provider, method, dotPath },
+        payloadHash: canonicalHash(payload),
+        otp: approval.otp,
+        isJtiConsumed: (jti) => store.has(jti),
     });
-    if (estimate.warnings.length > 0) {
-        throw new SpendBoundError(provider, method, dotPath, otpPayload.maxSpendUsd, estimate.usd, `Endpoint ${provider} ${method} ${dotPath} spend cannot be bounded ` +
-            `from the payload: ${estimate.warnings.join("; ")}. ` +
-            `Pass an OTP with a higher maxSpendUsd, ` +
-            `or adjust the payload so the cost can be estimated.`);
-    }
-    if (estimate.usd > otpPayload.maxSpendUsd) {
-        throw new SpendBoundError(provider, method, dotPath, otpPayload.maxSpendUsd, estimate.usd, `Endpoint ${provider} ${method} ${dotPath} estimated cost ` +
-            `(${estimate.usd} USD) exceeds OTP maxSpendUsd (${otpPayload.maxSpendUsd} USD).`);
+    if (!result.ok) {
+        throw new PayGateError(provider, method, dotPath, result.code, result.message);
     }
-    // Consume the OTP immediately before dispatch.
-    consumeJti(otpPayload.jti);
+    store.add(result.jti);
     return dispatch();
 }
 //# sourceMappingURL=paygate.js.map

package/dist/src/paygate.js.map

@@ -1 +1 @@
-{"version":3,"file":"paygate.js","sourceRoot":"","sources":["../../src/paygate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAC9E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AA0BnD;;;GAGG;AACH,MAAM,OAAO,YAAa,SAAQ,KAAK;IAC5B,QAAQ,CAAS;IACjB,MAAM,CAAS;IACf,OAAO,CAAS;IAChB,IAAI,CAOM;IAEnB,YACE,QAAgB,EAChB,MAAc,EACd,OAAe,EACf,IAA0B,EAC1B,OAAe;QAEf,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;QAC3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAc;IAC7C,MAAM,IAAI,GAAG,IAAI,OAAO,EAAU,CAAC;IAEnC,SAAS,IAAI,CAAC,CAAU;QACtB,IACE,CAAC,KAAK,IAAI;YACV,OAAO,CAAC,KAAK,SAAS;YACtB,OAAO,CAAC,KAAK,QAAQ;YACrB,OAAO,CAAC,KAAK,QAAQ,EACrB,CAAC;YACD,OAAO,CAAC,CAAC;QACX,CAAC;QACD,IACE,OAAO,CAAC,KAAK,WAAW;YACxB,OAAO,CAAC,KAAK,UAAU;YACvB,OAAO,CAAC,KAAK,QAAQ,EACrB,CAAC;YACD,MAAM,IAAI,SAAS,CAAC,sCAAsC,GAAG,OAAO,CAAC,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChB,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAC;YAChE,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACZ,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACzC,MAAM,GAAG,GAA4B,EAAE,CAAC;YACxC,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAE,CAA6B,CAAC,CAAC,CAAC,CAAC,CAAC;YACnD,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,MAAM,IAAI,SAAS,CAAC,uCAAuC,GAAG,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1E,OAAO,UAAU,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,GAAW;IAClC,4DAA4D;IAC5D,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3C,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,GAAW;IAIlC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IACD,MAAM,WAAW,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAChE,MAAM,SAAS,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;IAC7C,IAAI,OAAgB,CAAC;IACrB,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,IACE,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,KAAK,IAAI;QAChB,CAAC,CAAC,GAAG,IAAI,OAAO,CAAC;QAChB,OAAmC,CAAC,CAAC,KAAK,CAAC;QAC5C,CAAC,CAAC,KAAK,IAAI,OAAO,CAAC;QACnB,OAAQ,OAAmC,CAAC,GAAG,KAAK,QAAQ;QAC5D,CAAC,CAAC,UAAU,IAAI,OAAO,CAAC;QACxB,OAAQ,OAAmC,CAAC,QAAQ,KAAK,QAAQ;QACjE,CAAC,CAAC,QAAQ,IAAI,OAAO,CAAC;QACtB,OAAQ,OAAmC,CAAC,MAAM,KAAK,QAAQ;QAC/D,CAAC,CAAC,SAAS,IAAI,OAAO,CAAC;QACvB,OAAQ,OAAmC,CAAC,OAAO,KAAK,QAAQ;QAChE,CAAC,CAAC,aAAa,IAAI,OAAO,CAAC;QAC3B,OAAQ,OAAmC,CAAC,WAAW,KAAK,QAAQ;QACpE,CAAC,CAAC,aAAa,IAAI,OAAO,CAAC;QAC3B,OAAQ,OAAmC,CAAC,WAAW,KAAK,QAAQ;QACpE,CAAC,CAAC,KAAK,IAAI,OAAO,CAAC;QACnB,OAAQ,OAAmC,CAAC,GAAG,KAAK,QAAQ;QAC5D,CAAC,CAAC,KAAK,IAAI,OAAO,CAAC;QACnB,OAAQ,OAAmC,CAAC,GAAG,KAAK,QAAQ,EAC5D,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IACD,OAAO;QACL,OAAO,EAAE,OAA4B;QACrC,SAAS;KACV,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,uBAA+B,EAC/B,SAAiB,EACjB,YAAoB;IAEpB,MAAM,GAAG,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB;IACxB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IACvC,IAAI,GAAG,EAAE,CAAC;QACR,OAAO,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,oBAAoB,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,oBAAoB,CAAC,CAAC;AAC7E,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAC3B,GAAW,EACX,aAAqB,iBAAiB,EAAE;IAExC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACjD,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAqB,CAAC;YACtD,IAAI,KAAK,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;gBACtB,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CACxB,GAAW,EACX,aAAqB,iBAAiB,EAAE;IAExC,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IACnC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC;QAC3B,GAAG;QACH,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;KAC1C,CAAC,CAAC;IACH,cAAc,CAAC,UAAU,EAAE,KAAK,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,SAAS,aAAa;IACpB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC;IACzD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC;AAED;;;GAGG;AACH,SAAS,SAAS,CAChB,QAAgB,EAChB,MAAc,EACd,OAAe,EACf,OAAgC,EAChC,GAAW,EACX,YAAoB;IAEpB,IAAI,MAAyD,CAAC;IAC9D,IAAI,CAAC;QACH,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,eAAe,EACf,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,kBAAkB,CACpD,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAClD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,MAAM,cAAc,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAEjC,MAAM,KAAK,GAAG,kBAAkB,CAAC,cAAc,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;IAC1E,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,uBAAuB,EACvB,0BAA0B,CAC3B,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,IAAI,UAAU,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;QACzB,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,aAAa,EACb,kBAAkB,UAAU,CAAC,GAAG,YAAY,GAAG,GAAG,CACnD,CAAC;IACJ,CAAC;IAED,IACE,UAAU,CAAC,QAAQ,KAAK,QAAQ;QAChC,UAAU,CAAC,MAAM,KAAK,MAAM;QAC5B,UAAU,CAAC,OAAO,KAAK,OAAO,EAC9B,CAAC;QACD,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,wBAAwB,EACxB,gBAAgB,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,MAAM,IAAI,UAAU,CAAC,OAAO,IAAI;YAChF,eAAe,QAAQ,IAAI,MAAM,IAAI,OAAO,EAAE,CACjD,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAC5C,IAAI,UAAU,CAAC,WAAW,KAAK,YAAY,EAAE,CAAC;QAC5C,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,wBAAwB,EACxB,uCAAuC,YAAY,SAAS,UAAU,CAAC,WAAW,EAAE,CACrF,CAAC;IACJ,CAAC;IAED,IAAI,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,cAAc,EACd,WAAW,UAAU,CAAC,GAAG,4BAA4B,CACtD,CAAC;IACJ,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,QAAgB,EAChB,MAAc,EACd,OAAe,EACf,OAAgC,EAChC,QAAqC,EACrC,QAA0B;IAE1B,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;QAC/C,OAAO,QAAQ,EAAE,CAAC;IACpB,CAAC;IAED,MAAM,YAAY,GAAG,aAAa,EAAE,CAAC;IACrC,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,wBAAwB,EACxB,wEAAwE,CACzE,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;QAC/B,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,aAAa,EACb,8DAA8D,CAC/D,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,SAAS,CAC1B,QAAQ,EACR,MAAM,EACN,OAAO,EACP,OAAO,EACP,QAAQ,CAAC,GAAG,EACZ,YAAY,CACb,CAAC;IAEF,MAAM,QAAQ,GAAG,eAAe,CAAC;QAC/B,QAAQ,EAAE,QAAuC;QACjD,OAAO;KACR,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,eAAe,CACvB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,UAAU,CAAC,WAAW,EACtB,QAAQ,CAAC,GAAG,EACZ,YAAY,QAAQ,IAAI,MAAM,IAAI,OAAO,2BAA2B;YAClE,qBAAqB,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;YACrD,yCAAyC;YACzC,qDAAqD,CACxD,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,CAAC,GAAG,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;QAC1C,MAAM,IAAI,eAAe,CACvB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,UAAU,CAAC,WAAW,EACtB,QAAQ,CAAC,GAAG,EACZ,YAAY,QAAQ,IAAI,MAAM,IAAI,OAAO,kBAAkB;YACzD,IAAI,QAAQ,CAAC,GAAG,kCAAkC,UAAU,CAAC,WAAW,QAAQ,CACnF,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAE3B,OAAO,QAAQ,EAAE,CAAC;AACpB,CAAC"}
+{"version":3,"file":"paygate.js","sourceRoot":"","sources":["../../src/paygate.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,UAAU,EACV,WAAW,EACX,eAAe,GAChB,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAiDlE;;GAEG;AACH,MAAM,OAAO,YAAa,SAAQ,KAAK;IAC5B,QAAQ,CAAS;IACjB,MAAM,CAAS;IACf,OAAO,CAAS;IAChB,IAAI,CAOM;IAEnB,YACE,QAAgB,EAChB,MAAc,EACd,OAAe,EACf,IAA0B,EAC1B,OAAe;QAEf,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;QAC3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AAkCD;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAc;IAC7C,MAAM,IAAI,GAAG,IAAI,OAAO,EAAU,CAAC;IAEnC,SAAS,IAAI,CAAC,CAAU;QACtB,IACE,CAAC,KAAK,IAAI;YACV,OAAO,CAAC,KAAK,SAAS;YACtB,OAAO,CAAC,KAAK,QAAQ;YACrB,OAAO,CAAC,KAAK,QAAQ,EACrB,CAAC;YACD,OAAO,CAAC,CAAC;QACX,CAAC;QACD,IACE,OAAO,CAAC,KAAK,WAAW;YACxB,OAAO,CAAC,KAAK,UAAU;YACvB,OAAO,CAAC,KAAK,QAAQ,EACrB,CAAC;YACD,MAAM,IAAI,SAAS,CAAC,sCAAsC,GAAG,OAAO,CAAC,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChB,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAC;YAChE,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACZ,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACzC,MAAM,GAAG,GAA4B,EAAE,CAAC;YACxC,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAE,CAA6B,CAAC,CAAC,CAAC,CAAC,CAAC;YACnD,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,MAAM,IAAI,SAAS,CAAC,uCAAuC,GAAG,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1E,OAAO,UAAU,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,IAAY;IACnC,OAAO,IAAI;SACR,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3C,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,GAAW;IAClC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,uBAAuB,GAAG,sCAAsC,CACjE,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC;IACrC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,GAAG;YACN,OAAO,KAAK,CAAC;QACf,KAAK,GAAG;YACN,OAAO,KAAK,GAAG,EAAE,CAAC;QACpB,KAAK,GAAG;YACN,OAAO,KAAK,GAAG,EAAE,GAAG,EAAE,CAAC;QACzB,KAAK,GAAG;YACN,OAAO,KAAK,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;QAC9B;YACE,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,GAAW;IAIlC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IACD,MAAM,WAAW,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAChE,MAAM,SAAS,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;IAC7C,IAAI,OAAgB,CAAC;IACrB,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,IACE,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,KAAK,IAAI;QACf,OAAmC,CAAC,CAAC,KAAK,CAAC;QAC5C,OAAQ,OAAmC,CAAC,GAAG,KAAK,QAAQ;QAC5D,OAAQ,OAAmC,CAAC,QAAQ,KAAK,QAAQ;QACjE,OAAQ,OAAmC,CAAC,MAAM,KAAK,QAAQ;QAC/D,OAAQ,OAAmC,CAAC,OAAO,KAAK,QAAQ;QAChE,OAAQ,OAAmC,CAAC,WAAW,KAAK,QAAQ;QACpE,OAAQ,OAAmC,CAAC,GAAG,KAAK,QAAQ;QAC5D,OAAQ,OAAmC,CAAC,GAAG,KAAK,QAAQ,EAC5D,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IACD,OAAO;QACL,OAAO,EAAE,OAA4B;QACrC,SAAS;KACV,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,cAAsB,EAAE,MAAc;IAChE,OAAO,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;AAC9E,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAC7B,cAAsB,EACtB,SAAiB,EACjB,MAAc;IAEd,MAAM,QAAQ,GAAG,kBAAkB,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IAC5D,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM,EAAE,CAAC;QACzC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,eAAe,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AAC9C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,OAAO;QACL,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;QAC3B,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE;YACX,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChB,CAAC;KACF,CAAC;AACJ,CAAC;AAgBD,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAEhC;;;;GAIG;AACH,SAAS,cAAc,CAAC,IAAa;IAKnC,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QACjC,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,CACnC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,GAAG,CAAC,OAAO,KAAK,IAAI,CAAC,OAAO;QAC9B,CAAC,IAAI,CAAC,MAAM,KAAK,SAAS,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,CAAC;QAC3D,CAAC,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,CAAC,CACpE,CAAC;IACF,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC,GAAG,CAAC;QAC5B,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ;YACvC,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM;YACjC,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,KAAK,CACb,+CAA+C,IAAI,CAAC,OAAO,KAAK;QAC9D,uCAAuC,CAC1C,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,OAAO,CAAC,MAAc,EAAE,IAAa;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,GAAG,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,UAAU,GACd,IAAI,CAAC,GAAG,KAAK,SAAS;QACpB,CAAC,CAAC,mBAAmB;QACrB,CAAC,CAAC,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ;YAC5B,CAAC,CAAC,IAAI,CAAC,GAAG;YACV,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAsB;QACjC,CAAC,EAAE,CAAC;QACJ,GAAG,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;QACpC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,WAAW,EAAE,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;QACxC,GAAG;QACH,GAAG,EAAE,GAAG,GAAG,UAAU;KACtB,CAAC;IACF,MAAM,cAAc,GAAG,eAAe,CACpC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAC7C,CAAC;IACF,MAAM,gBAAgB,GAAG,eAAe,CACtC,kBAAkB,CAAC,cAAc,EAAE,MAAM,CAAC,CAC3C,CAAC;IACF,OAAO,GAAG,cAAc,IAAI,gBAAgB,EAAE,CAAC;AACjD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CAAC,KAAqB;IAC7C,IAAI,MAAyD,CAAC;IAC9D,IAAI,CAAC;QACH,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO;YACL,EAAE,EAAE,KAAK;YACT,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,kBAAkB;SAC7D,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IACtC,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;IAEhD,IAAI,CAAC,sBAAsB,CAAC,cAAc,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QACrE,OAAO;YACL,EAAE,EAAE,KAAK;YACT,IAAI,EAAE,uBAAuB;YAC7B,OAAO,EAAE,0BAA0B;SACpC,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,GAAG,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC;QACnC,OAAO;YACL,EAAE,EAAE,KAAK;YACT,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,kBAAkB,OAAO,CAAC,GAAG,YAAY,KAAK,CAAC,UAAU,GAAG;SACtE,CAAC;IACJ,CAAC;IAED,IACE,OAAO,CAAC,QAAQ,KAAK,KAAK,CAAC,QAAQ,CAAC,QAAQ;QAC5C,OAAO,CAAC,MAAM,KAAK,KAAK,CAAC,QAAQ,CAAC,MAAM;QACxC,OAAO,CAAC,OAAO,KAAK,KAAK,CAAC,QAAQ,CAAC,OAAO,EAC1C,CAAC;QACD,OAAO;YACL,EAAE,EAAE,KAAK;YACT,IAAI,EAAE,wBAAwB;YAC9B,OAAO,EACL,gBAAgB,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,OAAO,IAAI;gBACzE,eAAe,KAAK,CAAC,QAAQ,CAAC,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,EAAE;SAC9F,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,WAAW,KAAK,KAAK,CAAC,WAAW,EAAE,CAAC;QAC9C,OAAO;YACL,EAAE,EAAE,KAAK;YACT,IAAI,EAAE,wBAAwB;YAC9B,OAAO,EAAE,uCAAuC,KAAK,CAAC,WAAW,SAAS,OAAO,CAAC,WAAW,EAAE;SAChG,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,OAAO;YACL,EAAE,EAAE,KAAK;YACT,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,WAAW,OAAO,CAAC,GAAG,4BAA4B;SAC5D,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;AACxC,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,QAAgB,EAChB,MAAc,EACd,OAAe,EACf,OAAgC,EAChC,QAAqC,EACrC,QAA0B,EAC1B,MAAsB;IAEtB,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;QAC/C,OAAO,QAAQ,EAAE,CAAC;IACpB,CAAC;IAED,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9B,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,wBAAwB,EACxB,iBAAiB,QAAQ,IAAI,MAAM,IAAI,OAAO,wBAAwB;YACpE,sDAAsD,CACzD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;QAC/B,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,aAAa,EACb,8DAA8D,CAC/D,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,IAAI,iBAAiB,EAAE,CAAC;IACxD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAE7C,MAAM,MAAM,GAAG,SAAS,CAAC;QACvB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QACpC,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,QAAQ,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE;QACvC,WAAW,EAAE,aAAa,CAAC,OAAO,CAAC;QACnC,GAAG,EAAE,QAAQ,CAAC,GAAG;QACjB,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC;KACvC,CAAC,CAAC;IACH,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,MAAM,CAAC,IAAI,EACX,MAAM,CAAC,OAAO,CACf,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAEtB,OAAO,QAAQ,EAAE,CAAC;AACpB,CAAC"}

package/dist/src/with-paid-gate.d.ts

@@ -0,0 +1,27 @@
+import { type PayGateConfig } from "./paygate";
+export interface WithPaidGateOptions {
+    /**
+     * Top-level keys to recurse into. Default: HTTP-method buckets.
+     */
+    roots?: readonly string[];
+    /**
+     * Pay-gate configuration (shared HMAC secret + optional replay store/clock)
+     * forwarded to every gated dispatch. When omitted, paid endpoints fail closed
+     * with `paygate-not-configured`.
+     */
+    config?: PayGateConfig;
+}
+/**
+ * Walk a provider tree once and route every paid-endpoint leaf through
+ * `dispatchWithPaidGate`. Free leaves are returned untouched. Callable
+ * namespaces (functions with child properties — e.g. `xai.v1.models` is a
+ * function with `.languageModels` children) preserve all children and their
+ * `.schema` attachments.
+ *
+ * @param providerName  Provider identifier matching `PAID_ENDPOINTS`.
+ * @param tree          The provider object returned by the factory.
+ * @param opts          Optional roots allowlist and IO injection.
+ * @returns A new tree of the same shape; paid leaves accept `(req, approval?)`.
+ */
+export declare function withPaidGate<T extends object>(providerName: string, tree: T, opts?: WithPaidGateOptions): T;
+//# sourceMappingURL=with-paid-gate.d.ts.map

package/dist/src/with-paid-gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"with-paid-gate.d.ts","sourceRoot":"","sources":["../../src/with-paid-gate.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,KAAK,aAAa,EACnB,MAAM,WAAW,CAAC;AAWnB,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,KAAK,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC1B;;;;OAIG;IACH,MAAM,CAAC,EAAE,aAAa,CAAC;CACxB;AAMD;;;;;;;;;;;GAWG;AACH,wBAAgB,YAAY,CAAC,CAAC,SAAS,MAAM,EAC3C,YAAY,EAAE,MAAM,EACpB,IAAI,EAAE,CAAC,EACP,IAAI,CAAC,EAAE,mBAAmB,GACzB,CAAC,CAoBH"}

package/dist/src/with-paid-gate.js

@@ -0,0 +1,91 @@
+import { dispatchWithPaidGate, createReplayStore, } from "./paygate.js";
+import { isPaidEndpoint } from "./paid-endpoints.js";
+/**
+ * HTTP-method roots that the walker will descend into. Properties outside
+ * this allowlist (sub-providers like `kie.veo`, schema collections like
+ * `kie.modelInputSchemas`, attached helpers like `kie.examples`) are
+ * returned by reference and never wrapped.
+ */
+const DEFAULT_ROOTS = ["post", "get", "delete", "patch", "put"];
+/**
+ * Walk a provider tree once and route every paid-endpoint leaf through
+ * `dispatchWithPaidGate`. Free leaves are returned untouched. Callable
+ * namespaces (functions with child properties — e.g. `xai.v1.models` is a
+ * function with `.languageModels` children) preserve all children and their
+ * `.schema` attachments.
+ *
+ * @param providerName  Provider identifier matching `PAID_ENDPOINTS`.
+ * @param tree          The provider object returned by the factory.
+ * @param opts          Optional roots allowlist and IO injection.
+ * @returns A new tree of the same shape; paid leaves accept `(req, approval?)`.
+ */
+export function withPaidGate(providerName, tree, opts) {
+    const roots = opts?.roots ?? DEFAULT_ROOTS;
+    // Normalize the config once so every gated dispatch on this provider instance
+    // shares a single replay store (single-use OTPs must be remembered across
+    // calls). A custom store passed by the code client is preserved.
+    const config = opts?.config
+        ? {
+            ...opts.config,
+            replayStore: opts.config.replayStore ?? createReplayStore(),
+        }
+        : undefined;
+    const out = {};
+    for (const [key, value] of Object.entries(tree)) {
+        if (roots.includes(key) && value && typeof value === "object") {
+            out[key] = walk(providerName, [key], value, config);
+        }
+        else {
+            out[key] = value;
+        }
+    }
+    return out;
+}
+function walk(providerName, path, node, config) {
+    if (typeof node === "function") {
+        return wrapCallable(providerName, path, node, config);
+    }
+    if (node && typeof node === "object" && !Array.isArray(node)) {
+        const out = {};
+        for (const [k, v] of Object.entries(node)) {
+            out[k] = walk(providerName, [...path, k], v, config);
+        }
+        return out;
+    }
+    return node;
+}
+/**
+ * Wrap a callable leaf. If the path resolves to a paid endpoint, the returned
+ * function routes through `dispatchWithPaidGate`. Otherwise the original
+ * function is returned. Either way, any properties hanging off the function
+ * (`.schema`, callable-namespace children) are preserved and recursively
+ * walked so nested paid leaves are also gated.
+ */
+function wrapCallable(providerName, path, fn, config) {
+    const method = path[0].toUpperCase();
+    const dotPath = path.slice(1).join(".");
+    const paid = dotPath.length > 0 && isPaidEndpoint(providerName, method, dotPath);
+    const base = paid
+        ? (...args) => {
+            const [req, approval] = args;
+            return dispatchWithPaidGate(providerName, method, dotPath, req, approval, () => fn(req), config);
+        }
+        : fn;
+    // For callable namespaces (functions with own properties), only recurse into
+    // function-typed children — those are sub-endpoints that may themselves be
+    // paid. Non-function props (`.schema`, other metadata) are preserved by
+    // reference so test assertions and runtime callers can compare by identity.
+    const children = {};
+    for (const [k, v] of Object.entries(fn)) {
+        if (typeof v === "function") {
+            children[k] = walk(providerName, [...path, k], v, config);
+        }
+        else {
+            children[k] = v;
+        }
+    }
+    // If `base === fn` we still merge children, but they're already attached;
+    // the assignment is a no-op for own enumerable keys.
+    return Object.assign(base, children);
+}
+//# sourceMappingURL=with-paid-gate.js.map

package/dist/src/with-paid-gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"with-paid-gate.js","sourceRoot":"","sources":["../../src/with-paid-gate.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,iBAAiB,GAGlB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD;;;;;GAKG;AACH,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,CAAU,CAAC;AAmBzE;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,YAAY,CAC1B,YAAoB,EACpB,IAAO,EACP,IAA0B;IAE1B,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,IAAI,aAAa,CAAC;IAC3C,8EAA8E;IAC9E,0EAA0E;IAC1E,iEAAiE;IACjE,MAAM,MAAM,GAA8B,IAAI,EAAE,MAAM;QACpD,CAAC,CAAC;YACE,GAAG,IAAI,CAAC,MAAM;YACd,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,iBAAiB,EAAE;SAC5D;QACH,CAAC,CAAC,SAAS,CAAC;IACd,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9D,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACnB,CAAC;IACH,CAAC;IACD,OAAO,GAAQ,CAAC;AAClB,CAAC;AAED,SAAS,IAAI,CACX,YAAoB,EACpB,IAAc,EACd,IAAa,EACb,MAAiC;IAEjC,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,OAAO,YAAY,CAAC,YAAY,EAAE,IAAI,EAAE,IAAkB,EAAE,MAAM,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7D,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1C,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;QACvD,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,SAAS,YAAY,CACnB,YAAoB,EACpB,IAAc,EACd,EAAc,EACd,MAAiC;IAEjC,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,IAAI,GACR,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,cAAc,CAAC,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAEtE,MAAM,IAAI,GAAe,IAAI;QAC3B,CAAC,CAAC,CAAC,GAAG,IAAe,EAAE,EAAE;YACrB,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,IAA8C,CAAC;YACvE,OAAO,oBAAoB,CACzB,YAAY,EACZ,MAAM,EACN,OAAO,EACP,GAA8B,EAC9B,QAAQ,EACR,GAAG,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EACb,MAAM,CACP,CAAC;QACJ,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;IAEP,6EAA6E;IAC7E,2EAA2E;IAC3E,wEAAwE;IACxE,4EAA4E;IAC5E,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC;QACxC,IAAI,OAAO,CAAC,KAAK,UAAU,EAAE,CAAC;YAC5B,QAAQ,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IACD,0EAA0E;IAC1E,qDAAqD;IACrD,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AACvC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@apicity/cost",
-  "version": "0.2.0-alpha.1",
+  "version": "0.2.0",
   "description": "Pure-table cost & token estimation across @apicity providers — zero network calls, all rates bundled.",
   "license": "MIT",
   "repository": {