@atxp/common 0.7.4 → 0.8.1

package/dist/index.d.ts

@@ -1,16 +1,8 @@
 import * as oauth from 'oauth4webapi';
 import { McpError, JSONRPCMessage } from '@modelcontextprotocol/sdk/types.js';
 
-/**
- * Generate a JWT using the jose library and EdDSA (Ed25519) private key.
- * @param walletId - The subject (public key, wallet address, etc.)
- * @param privateKey - Ed25519 private key as a CryptoKey or Uint8Array
- * @param paymentIds - Optional array of payment IDs to include in the payload
- * @returns JWT string
- */
-declare const generateJWT: (walletId: string, privateKey: CryptoKey | Uint8Array, paymentRequestId: string, codeChallenge: string) => Promise<string>;
-
 declare const DEFAULT_AUTHORIZATION_SERVER = "https://auth.atxp.ai";
+declare const DEFAULT_ATXP_ACCOUNTS_SERVER = "https://accounts.atxp.ai";
 declare enum LogLevel {
     DEBUG = 0,
     INFO = 1,
@@ -25,21 +17,63 @@ type Logger = {
 };
 type UrlString = `http://${string}` | `https://${string}`;
 type AuthorizationServerUrl = UrlString;
-type Currency = 'USDC';
-type Network = 'solana' | 'base' | 'world' | 'base_sepolia' | 'world_sepolia' | 'atxp_base' | 'atxp_base_sepolia';
-type PaymentRequestDestination = {
+declare enum CurrencyEnum {
+    USDC = "USDC"
+}
+type Currency = `${CurrencyEnum}`;
+declare enum NetworkEnum {
+    Solana = "solana",
+    Base = "base",
+    World = "world",
+    Polygon = "polygon",
+    BaseSepolia = "base_sepolia",
+    WorldSepolia = "world_sepolia",
+    PolygonAmoy = "polygon_amoy",
+    ATXP = "atxp"
+}
+type Network = `${NetworkEnum}`;
+declare enum ChainEnum {
+    Solana = "solana",
+    Base = "base",
+    World = "world",
+    Polygon = "polygon",
+    BaseSepolia = "base_sepolia",
+    WorldSepolia = "world_sepolia",
+    PolygonAmoy = "polygon_amoy"
+}
+type Chain = `${ChainEnum}`;
+declare enum WalletTypeEnum {
+    EOA = "eoa",
+    Smart = "smart"
+}
+type WalletType = `${WalletTypeEnum}`;
+type AccountId = `${Network}:${string}`;
+type Source = {
+    address: string;
+    chain: Chain;
+    walletType: WalletType;
+};
+type PaymentRequestOption = {
     network: Network;
     currency: Currency;
     address: string;
     amount: BigNumber;
 };
+type Destination = {
+    chain: Chain;
+    currency: Currency;
+    address: string;
+    amount: BigNumber;
+};
 type PaymentRequestData = {
-    destinations?: PaymentRequestDestination[];
+    destinations?: PaymentRequestOption[];
     amount?: BigNumber;
     currency?: Currency;
     network?: Network;
     destination?: string;
     source: string;
+    sourceAccountId?: AccountId | null;
+    destinationAccountId?: AccountId | null;
     resource: URL;
     resourceName: string;
     payeeName?: string | null;
@@ -48,6 +82,7 @@ type PaymentRequestData = {
 type CustomJWTPayload = {
     code_challenge?: string;
     payment_request_id?: string;
+    account_id?: AccountId;
 };
 type ClientCredentials = {
     clientId: string;
@@ -88,6 +123,57 @@ type RequirePaymentConfig = {
     price: BigNumber;
     getExistingPaymentId?: () => Promise<string | null>;
 };
+type PaymentIdentifier = {
+    transactionId: string;
+    transactionSubId?: string;
+    chain: Chain;
+    currency: Currency;
+};
+interface PaymentMaker {
+    makePayment: (destinations: Destination[], memo: string, paymentRequestId?: string) => Promise<PaymentIdentifier | null>;
+    generateJWT: (params: {
+        paymentRequestId: string;
+        codeChallenge: string;
+        accountId?: AccountId | null;
+    }) => Promise<string>;
+    getSourceAddress: (params: {
+        amount: BigNumber;
+        currency: Currency;
+        receiver: string;
+        memo: string;
+    }) => string | Promise<string>;
+}
+interface DestinationMaker {
+    makeDestinations: (option: PaymentRequestOption, logger: Logger, paymentRequestId: string, sources: Source[]) => Promise<Destination[]>;
+}
+type Account = {
+    accountId: AccountId;
+    paymentMakers: PaymentMaker[];
+    getSources: () => Promise<Source[]>;
+};
+/**
+ * Extract the address portion from a fully-qualified accountId
+ * @param accountId - Format: network:address
+ * @returns The address portion
+ */
+declare function extractAddressFromAccountId(accountId: AccountId): string;
+/**
+ * Extract the network portion from a fully-qualified accountId
+ * @param accountId - Format: network:address
+ * @returns The network portion
+ */
+declare function extractNetworkFromAccountId(accountId: AccountId): Network;
+
+/**
+ * Generate a JWT using the jose library and EdDSA (Ed25519) private key.
+ * @param walletId - The subject (public key, wallet address, etc.)
+ * @param privateKey - Ed25519 private key as a CryptoKey or Uint8Array
+ * @param paymentRequestId - Optional payment request ID to include in the payload
+ * @param codeChallenge - Optional code challenge for PKCE
+ * @param accountId - Optional account ID to include in the payload
+ * @returns JWT string
+ */
+declare const generateJWT: (walletId: string, privateKey: CryptoKey | Uint8Array, paymentRequestId: string, codeChallenge: string, accountId?: AccountId) => Promise<string>;
 
 declare class ConsoleLogger implements Logger {
     private readonly prefix;
@@ -293,6 +379,46 @@ declare function constructEIP1271Message({ walletAddress, timestamp, nonce, code
     paymentRequestId?: string;
 }): string;
 
+interface ES256KJWTPayload {
+    sub: string;
+    iss: string;
+    aud: string;
+    iat: number;
+    exp: number;
+    code_challenge?: string;
+    payment_request_id?: string;
+    account_id?: AccountId;
+    source_address?: string;
+}
+/**
+ * Build the unsigned JWT message that needs to be signed
+ *
+ * @param params Parameters for building the JWT message
+ * @returns Object containing the message to sign and the encoded header/payload
+ */
+declare function buildES256KJWTMessage(params: {
+    walletAddress: string;
+    codeChallenge: string;
+    paymentRequestId: string;
+    accountId?: AccountId | null;
+}): {
+    message: string;
+    headerB64: string;
+    payloadB64: string;
+};
+/**
+ * Complete an ES256K JWT with a signature
+ *
+ * @param params Parameters for completing the JWT
+ * @param params.message The message that was signed (header.payload)
+ * @param params.signature The ECDSA signature from personal_sign (0x... 130 hex chars / 65 bytes)
+ * @returns Complete ES256K JWT string
+ */
+declare function completeES256KJWT(params: {
+    message: string;
+    signature: string;
+}): string;
+
 /**
  * Cache interface for abstracting cache mechanisms
  * This allows for easy mocking in tests and potential future
@@ -333,5 +459,21 @@ declare class MemoryCache implements ICache<string> {
     clear(): void;
 }
 
-export { BrowserCache, ConsoleLogger, DEFAULT_AUTHORIZATION_SERVER, JsonCache, LogLevel, MemoryCache, MemoryOAuthDb, OAuthResourceClient, PAYMENT_REQUIRED_ERROR_CODE, PAYMENT_REQUIRED_PREAMBLE, Servers, assertNever, constructEIP1271Message, createEIP1271AuthData, createEIP1271JWT, createLegacyEIP1271Auth, createReactNativeSafeFetch, crypto, extractJSONFromSSE, generateJWT, getIsReactNative, isBrowser, isEnumValue, isNextJS, isNode, isSSEResponse, isWebEnvironment, parseMcpMessages, parsePaymentRequests, parseSSEMessages, paymentRequiredError };
-export type { AccessToken, AuthorizationServerUrl, ClientCredentials, Currency, CustomJWTPayload, FetchLike, ICache, Logger, MemoryOAuthDbConfig, Network, OAuthDb, OAuthResourceClientConfig, OAuthResourceDb, PKCEValues, PaymentRequestData, PaymentRequestDestination, PlatformCrypto, RequirePaymentConfig, SSEMessage, TokenData, UrlString };
+declare class ATXPAccount implements Account {
+    accountId: AccountId;
+    paymentMakers: PaymentMaker[];
+    origin: string;
+    token: string;
+    fetchFn: FetchLike;
+    private unqualifiedAccountId;
+    constructor(connectionString: string, opts?: {
+        fetchFn?: FetchLike;
+    });
+    /**
+     * Get sources for this account by calling the accounts service
+     */
+    getSources(): Promise<Source[]>;
+}
+
+export { ATXPAccount, BrowserCache, ChainEnum, ConsoleLogger, CurrencyEnum, DEFAULT_ATXP_ACCOUNTS_SERVER, DEFAULT_AUTHORIZATION_SERVER, JsonCache, LogLevel, MemoryCache, MemoryOAuthDb, NetworkEnum, OAuthResourceClient, PAYMENT_REQUIRED_ERROR_CODE, PAYMENT_REQUIRED_PREAMBLE, Servers, WalletTypeEnum, assertNever, buildES256KJWTMessage, completeES256KJWT, constructEIP1271Message, createEIP1271AuthData, createEIP1271JWT, createLegacyEIP1271Auth, createReactNativeSafeFetch, crypto, extractAddressFromAccountId, extractJSONFromSSE, extractNetworkFromAccountId, generateJWT, getIsReactNative, isBrowser, isEnumValue, isNextJS, isNode, isSSEResponse, isWebEnvironment, parseMcpMessages, parsePaymentRequests, parseSSEMessages, paymentRequiredError };
+export type { AccessToken, Account, AccountId, AuthorizationServerUrl, Chain, ClientCredentials, Currency, CustomJWTPayload, Destination, DestinationMaker, ES256KJWTPayload, FetchLike, ICache, Logger, MemoryOAuthDbConfig, Network, OAuthDb, OAuthResourceClientConfig, OAuthResourceDb, PKCEValues, PaymentIdentifier, PaymentMaker, PaymentRequestData, PaymentRequestOption, PlatformCrypto, RequirePaymentConfig, SSEMessage, Source, TokenData, UrlString, WalletType };

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAGvC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAG5C,OAAO,EACL,aAAa,EACb,KAAK,mBAAmB,EACzB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,mBAAmB,EACnB,KAAK,yBAAyB,EAC/B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,oBAAoB,EACrB,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAGvC,OAAO,EACL,4BAA4B,EAC5B,QAAQ,EACR,KAAK,MAAM,EACX,KAAK,SAAS,EACd,KAAK,sBAAsB,EAC3B,KAAK,QAAQ,EACb,KAAK,OAAO,EACZ,KAAK,yBAAyB,EAC9B,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,KAAK,SAAS,EACd,KAAK,oBAAoB,EAC1B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,WAAW,EACX,WAAW,EACZ,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EACjB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,KAAK,UAAU,EACf,gBAAgB,EAChB,kBAAkB,EAClB,aAAa,EACd,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,KAAK,cAAc,EACnB,gBAAgB,EAChB,MAAM,EACN,SAAS,EACT,QAAQ,EACR,gBAAgB,EAChB,0BAA0B,EAC1B,MAAM,EACP,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,qBAAqB,EACrB,uBAAuB,EACxB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,KAAK,MAAM,EACX,SAAS,EACT,YAAY,EACZ,WAAW,EACZ,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAGvC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAG5C,OAAO,EACL,aAAa,EACb,KAAK,mBAAmB,EACzB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,mBAAmB,EACnB,KAAK,yBAAyB,EAC/B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,oBAAoB,EACrB,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAGvC,OAAO,EACL,4BAA4B,EAC5B,4BAA4B,EAC5B,QAAQ,EACR,KAAK,MAAM,EACX,KAAK,SAAS,EACd,KAAK,sBAAsB,EAC3B,YAAY,EACZ,KAAK,QAAQ,EACb,WAAW,EACX,KAAK,OAAO,EACZ,SAAS,EACT,KAAK,KAAK,EACV,cAAc,EACd,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,oBAAoB,EACzB,KAAK,WAAW,EAChB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,KAAK,SAAS,EACd,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,KAAK,YAAY,EACjB,KAAK,gBAAgB,EACrB,KAAK,OAAO,EACZ,KAAK,MAAM,EACX,2BAA2B,EAC3B,2BAA2B,EAC5B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,WAAW,EACX,WAAW,EACZ,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EACjB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,KAAK,UAAU,EACf,gBAAgB,EAChB,kBAAkB,EAClB,aAAa,EACd,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,KAAK,cAAc,EACnB,gBAAgB,EAChB,MAAM,EACN,SAAS,EACT,QAAQ,EACR,gBAAgB,EAChB,0BAA0B,EAC1B,MAAM,EACP,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,qBAAqB,EACrB,uBAAuB,EACxB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,KAAK,gBAAgB,EACtB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,KAAK,MAAM,EACX,SAAS,EACT,YAAY,EACZ,WAAW,EACZ,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,WAAW,EACZ,MAAM,kBAAkB,CAAC"}

package/dist/index.js

@@ -4,16 +4,18 @@ import { McpError, isJSONRPCError, isJSONRPCResponse, JSONRPCMessageSchema } fro
 import { ZodError } from 'zod';
 
 // TODO: revisit this
-const ISSUER = 'atxp.ai';
-const AUDIENCE = 'https://auth.atxp.ai';
+const ISSUER$1 = 'atxp.ai';
+const AUDIENCE$1 = 'https://auth.atxp.ai';
 /**
  * Generate a JWT using the jose library and EdDSA (Ed25519) private key.
  * @param walletId - The subject (public key, wallet address, etc.)
  * @param privateKey - Ed25519 private key as a CryptoKey or Uint8Array
- * @param paymentIds - Optional array of payment IDs to include in the payload
+ * @param paymentRequestId - Optional payment request ID to include in the payload
+ * @param codeChallenge - Optional code challenge for PKCE
+ * @param accountId - Optional account ID to include in the payload
  * @returns JWT string
  */
-const generateJWT = async (walletId, privateKey, paymentRequestId, codeChallenge) => {
+const generateJWT = async (walletId, privateKey, paymentRequestId, codeChallenge, accountId) => {
     const payload = {
         code_challenge: codeChallenge,
     };
@@ -21,11 +23,13 @@ const generateJWT = async (walletId, privateKey, paymentRequestId, codeChallenge
         payload.payment_request_id = paymentRequestId;
     if (codeChallenge)
         payload.code_challenge = codeChallenge;
+    if (accountId)
+        payload.account_id = accountId;
     return await new SignJWT(payload)
         .setProtectedHeader({ alg: 'EdDSA', typ: 'JWT' })
         .setIssuedAt()
-        .setIssuer(ISSUER)
-        .setAudience(AUDIENCE)
+        .setIssuer(ISSUER$1)
+        .setAudience(AUDIENCE$1)
         .setSubject(walletId)
         .setExpirationTime('2m')
         .sign(privateKey);
@@ -56,6 +60,7 @@ function isEnumValue(enumObj, value) {
 }
 
 const DEFAULT_AUTHORIZATION_SERVER = 'https://auth.atxp.ai';
+const DEFAULT_ATXP_ACCOUNTS_SERVER = 'https://accounts.atxp.ai';
 var LogLevel;
 (function (LogLevel) {
     LogLevel[LogLevel["DEBUG"] = 0] = "DEBUG";
@@ -63,6 +68,61 @@ var LogLevel;
     LogLevel[LogLevel["WARN"] = 2] = "WARN";
     LogLevel[LogLevel["ERROR"] = 3] = "ERROR";
 })(LogLevel || (LogLevel = {}));
+// Enums provide runtime access to valid values
+var CurrencyEnum;
+(function (CurrencyEnum) {
+    CurrencyEnum["USDC"] = "USDC";
+})(CurrencyEnum || (CurrencyEnum = {}));
+var NetworkEnum;
+(function (NetworkEnum) {
+    NetworkEnum["Solana"] = "solana";
+    NetworkEnum["Base"] = "base";
+    NetworkEnum["World"] = "world";
+    NetworkEnum["Polygon"] = "polygon";
+    NetworkEnum["BaseSepolia"] = "base_sepolia";
+    NetworkEnum["WorldSepolia"] = "world_sepolia";
+    NetworkEnum["PolygonAmoy"] = "polygon_amoy";
+    NetworkEnum["ATXP"] = "atxp";
+})(NetworkEnum || (NetworkEnum = {}));
+var ChainEnum;
+(function (ChainEnum) {
+    ChainEnum["Solana"] = "solana";
+    ChainEnum["Base"] = "base";
+    ChainEnum["World"] = "world";
+    ChainEnum["Polygon"] = "polygon";
+    ChainEnum["BaseSepolia"] = "base_sepolia";
+    ChainEnum["WorldSepolia"] = "world_sepolia";
+    ChainEnum["PolygonAmoy"] = "polygon_amoy";
+})(ChainEnum || (ChainEnum = {}));
+var WalletTypeEnum;
+(function (WalletTypeEnum) {
+    WalletTypeEnum["EOA"] = "eoa";
+    WalletTypeEnum["Smart"] = "smart";
+})(WalletTypeEnum || (WalletTypeEnum = {}));
+/**
+ * Extract the address portion from a fully-qualified accountId
+ * @param accountId - Format: network:address
+ * @returns The address portion
+ */
+function extractAddressFromAccountId(accountId) {
+    const parts = accountId.split(':');
+    if (parts.length !== 2) {
+        throw new Error(`Invalid accountId format: ${accountId}. Expected format: network:address`);
+    }
+    return parts[1];
+}
+/**
+ * Extract the network portion from a fully-qualified accountId
+ * @param accountId - Format: network:address
+ * @returns The network portion
+ */
+function extractNetworkFromAccountId(accountId) {
+    const parts = accountId.split(':');
+    if (parts.length !== 2) {
+        throw new Error(`Invalid accountId format: ${accountId}. Expected format: network:address`);
+    }
+    return parts[0];
+}
 
 /* eslint-disable no-console */
 class ConsoleLogger {
@@ -990,6 +1050,139 @@ function constructEIP1271Message({ walletAddress, timestamp, nonce, codeChalleng
     return messageParts.join('\n');
 }
 
+/**
+ * ES256K JWT Helper for Browser Wallets
+ *
+ * This module provides functions to create ES256K JWTs for Ethereum EOA (Externally Owned Account)
+ * wallets in browser environments. Unlike EIP-1271 which is designed for smart contract wallets,
+ * ES256K works with standard ECDSA signatures from wallets like MetaMask.
+ *
+ * The auth server verifies these JWTs using cryptographic signature recovery, which:
+ * - Works with standard 65-byte ECDSA signatures (r, s, v)
+ * - Doesn't require smart contract calls
+ * - Is faster and more efficient for EOA wallets
+ */
+const ISSUER = 'atxp.ai';
+const AUDIENCE = 'https://auth.atxp.ai';
+/**
+ * Build the unsigned JWT message that needs to be signed
+ *
+ * @param params Parameters for building the JWT message
+ * @returns Object containing the message to sign and the encoded header/payload
+ */
+function buildES256KJWTMessage(params) {
+    const now = Math.floor(Date.now() / 1000);
+    // Build the payload
+    const payload = {
+        sub: params.accountId || params.walletAddress,
+        iss: ISSUER,
+        aud: AUDIENCE,
+        iat: now,
+        exp: now + 120, // 2 minutes expiration
+    };
+    // Add optional fields only if they have values
+    if (params.codeChallenge) {
+        payload.code_challenge = params.codeChallenge;
+    }
+    if (params.paymentRequestId) {
+        payload.payment_request_id = params.paymentRequestId;
+    }
+    if (params.accountId) {
+        payload.account_id = params.accountId;
+        payload.source_address = params.walletAddress;
+    }
+    // Create JWT header
+    const header = {
+        alg: 'ES256K',
+        typ: 'JWT'
+    };
+    // Encode header and payload as base64url
+    const headerB64 = base64urlEncode(JSON.stringify(header));
+    const payloadB64 = base64urlEncode(JSON.stringify(payload));
+    // The message to sign is header.payload
+    const message = `${headerB64}.${payloadB64}`;
+    return { message, headerB64, payloadB64 };
+}
+/**
+ * Complete an ES256K JWT with a signature
+ *
+ * @param params Parameters for completing the JWT
+ * @param params.message The message that was signed (header.payload)
+ * @param params.signature The ECDSA signature from personal_sign (0x... 130 hex chars / 65 bytes)
+ * @returns Complete ES256K JWT string
+ */
+function completeES256KJWT(params) {
+    // Convert the signature from hex to base64url
+    // The signature from personal_sign is in format: 0x + r (32 bytes) + s (32 bytes) + v (1 byte)
+    // For JWT ES256K, we need just r + s in base64url format (v is implicit)
+    let signature = params.signature;
+    if (signature.startsWith('0x')) {
+        signature = signature.slice(2);
+    }
+    // Validate signature length (should be 130 hex chars = 65 bytes)
+    if (signature.length !== 130) {
+        throw new Error(`Invalid signature length: expected 130 hex chars, got ${signature.length}`);
+    }
+    // Extract r and s (first 64 bytes, ignore v which is the last byte)
+    const rHex = signature.slice(0, 64);
+    const sHex = signature.slice(64, 128);
+    const vHex = signature.slice(128, 130);
+    // Convert r and s to bytes
+    const rBytes = hexToBytes(rHex);
+    const sBytes = hexToBytes(sHex);
+    const vByte = parseInt(vHex, 16);
+    // Normalize v to 0 or 1 (MetaMask returns 27/28, but we need 0/1)
+    const vNormalized = vByte >= 27 ? vByte - 27 : vByte;
+    // Combine r + s + v as a single byte array
+    const signatureBytes = new Uint8Array(65);
+    signatureBytes.set(rBytes, 0);
+    signatureBytes.set(sBytes, 32);
+    signatureBytes[64] = vNormalized;
+    // Encode as base64url
+    const signatureB64 = base64urlEncodeBytes(signatureBytes);
+    // Construct the JWT
+    return `${params.message}.${signatureB64}`;
+}
+/**
+ * Base64URL encode a string
+ */
+function base64urlEncode(str) {
+    // Convert string to bytes
+    const bytes = new TextEncoder().encode(str);
+    return base64urlEncodeBytes(bytes);
+}
+/**
+ * Base64URL encode a byte array
+ */
+function base64urlEncodeBytes(bytes) {
+    // Convert to base64
+    let base64 = '';
+    if (typeof Buffer !== 'undefined') {
+        // Node.js environment
+        base64 = Buffer.from(bytes).toString('base64');
+    }
+    else {
+        // Browser environment
+        const binary = Array.from(bytes).map(b => String.fromCharCode(b)).join('');
+        base64 = btoa(binary);
+    }
+    // Convert base64 to base64url (replace +/= with -_)
+    return base64
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=/g, '');
+}
+/**
+ * Convert hex string to bytes
+ */
+function hexToBytes(hex) {
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < hex.length; i += 2) {
+        bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
+    }
+    return bytes;
+}
+
 /**
  * Type-safe cache wrapper for JSON data
  */
@@ -1060,5 +1253,159 @@ class MemoryCache {
     }
 }
 
-export { BrowserCache, ConsoleLogger, DEFAULT_AUTHORIZATION_SERVER, JsonCache, LogLevel, MemoryCache, MemoryOAuthDb, OAuthResourceClient, PAYMENT_REQUIRED_ERROR_CODE, PAYMENT_REQUIRED_PREAMBLE, Servers, assertNever, constructEIP1271Message, createEIP1271AuthData, createEIP1271JWT, createLegacyEIP1271Auth, createReactNativeSafeFetch, crypto, extractJSONFromSSE, generateJWT, getIsReactNative, isBrowser, isEnumValue, isNextJS, isNode, isSSEResponse, isWebEnvironment, parseMcpMessages, parsePaymentRequests, parseSSEMessages, paymentRequiredError };
+function toBasicAuth(token) {
+    // Basic auth is base64("username:password"), password is blank
+    const b64 = Buffer.from(`${token}:`).toString('base64');
+    return `Basic ${b64}`;
+}
+function parseConnectionString(connectionString) {
+    const url = new URL(connectionString);
+    const origin = url.origin;
+    const token = url.searchParams.get('connection_token') || '';
+    const accountId = url.searchParams.get('account_id');
+    if (!token) {
+        throw new Error('ATXPAccount: connection string missing connection token');
+    }
+    if (!accountId) {
+        throw new Error('ATXPAccount: connection string missing account id');
+    }
+    return { origin, token, accountId };
+}
+class ATXPHttpPaymentMaker {
+    constructor(origin, token, fetchFn = fetch) {
+        this.origin = origin;
+        this.token = token;
+        this.fetchFn = fetchFn;
+    }
+    async getSourceAddress(params) {
+        // Call the /address_for_payment endpoint to get the source address for this account
+        const response = await this.fetchFn(`${this.origin}/address_for_payment`, {
+            method: 'POST',
+            headers: {
+                'Authorization': toBasicAuth(this.token),
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                amount: params.amount.toString(),
+                currency: params.currency,
+                receiver: params.receiver,
+                memo: params.memo,
+            }),
+        });
+        if (!response.ok) {
+            const text = await response.text();
+            throw new Error(`ATXPAccount: /address_for_payment failed: ${response.status} ${response.statusText} ${text}`);
+        }
+        const json = await response.json();
+        if (!json?.sourceAddress) {
+            throw new Error('ATXPAccount: /address_for_payment did not return sourceAddress');
+        }
+        return json.sourceAddress;
+    }
+    async makePayment(destinations, memo, paymentRequestId) {
+        // Make a payment via the /pay endpoint with multiple destinations
+        const response = await this.fetchFn(`${this.origin}/pay`, {
+            method: 'POST',
+            headers: {
+                'Authorization': toBasicAuth(this.token),
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                destinations: destinations.map(d => ({
+                    chain: d.chain,
+                    address: d.address,
+                    amount: d.amount.toString(),
+                    currency: d.currency
+                })),
+                memo,
+                ...(paymentRequestId && { paymentRequestId })
+            }),
+        });
+        if (!response.ok) {
+            const text = await response.text();
+            throw new Error(`ATXPAccount: /pay failed: ${response.status} ${response.statusText} ${text}`);
+        }
+        const json = await response.json();
+        const transactionId = json.transactionId;
+        if (!transactionId) {
+            throw new Error('ATXPAccount: /pay did not return transactionId or txHash');
+        }
+        if (!json?.chain) {
+            throw new Error('ATXPAccount: /pay did not return chain');
+        }
+        if (!json?.currency) {
+            throw new Error('ATXPAccount: /pay did not return currency');
+        }
+        return {
+            transactionId,
+            ...(json.transactionSubId ? { transactionSubId: json.transactionSubId } : {}),
+            chain: json.chain,
+            currency: json.currency
+        };
+    }
+    async generateJWT(params) {
+        const response = await this.fetchFn(`${this.origin}/sign`, {
+            method: 'POST',
+            headers: {
+                'Authorization': toBasicAuth(this.token),
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                paymentRequestId: params.paymentRequestId,
+                codeChallenge: params.codeChallenge,
+                ...(params.accountId ? { accountId: params.accountId } : {}),
+            }),
+        });
+        if (!response.ok) {
+            const text = await response.text();
+            throw new Error(`ATXPAccount: /sign failed: ${response.status} ${response.statusText} ${text}`);
+        }
+        const json = await response.json();
+        if (!json?.jwt) {
+            throw new Error('ATXPAccount: /sign did not return jwt');
+        }
+        return json.jwt;
+    }
+}
+class ATXPAccount {
+    constructor(connectionString, opts) {
+        const { origin, token, accountId } = parseConnectionString(connectionString);
+        const fetchFn = opts?.fetchFn ?? fetch;
+        // Store for use in X402 payment creation
+        this.origin = origin;
+        this.token = token;
+        this.fetchFn = fetchFn;
+        // Format accountId as network:address
+        // Connection string provides just the atxp_acct_xxx part (no prefix for UI)
+        this.unqualifiedAccountId = accountId;
+        this.accountId = `atxp:${accountId}`;
+        this.paymentMakers = [
+            new ATXPHttpPaymentMaker(origin, token, fetchFn)
+        ];
+    }
+    /**
+     * Get sources for this account by calling the accounts service
+     */
+    async getSources() {
+        // Use the unqualified account ID (without atxp: prefix) for the API call
+        const response = await this.fetchFn(`${this.origin}/account/${this.unqualifiedAccountId}/sources`, {
+            method: 'GET',
+            headers: {
+                'Accept': 'application/json',
+            }
+        });
+        if (!response.ok) {
+            const text = await response.text();
+            throw new Error(`ATXPAccount: /account/${this.unqualifiedAccountId}/sources failed: ${response.status} ${response.statusText} ${text}`);
+        }
+        const json = await response.json();
+        // The accounts service returns the sources array directly, not wrapped in an object
+        if (!Array.isArray(json)) {
+            throw new Error(`ATXPAccount: /account/${this.unqualifiedAccountId}/sources did not return sources array`);
+        }
+        return json;
+    }
+}
+
+export { ATXPAccount, BrowserCache, ChainEnum, ConsoleLogger, CurrencyEnum, DEFAULT_ATXP_ACCOUNTS_SERVER, DEFAULT_AUTHORIZATION_SERVER, JsonCache, LogLevel, MemoryCache, MemoryOAuthDb, NetworkEnum, OAuthResourceClient, PAYMENT_REQUIRED_ERROR_CODE, PAYMENT_REQUIRED_PREAMBLE, Servers, WalletTypeEnum, assertNever, buildES256KJWTMessage, completeES256KJWT, constructEIP1271Message, createEIP1271AuthData, createEIP1271JWT, createLegacyEIP1271Auth, createReactNativeSafeFetch, crypto, extractAddressFromAccountId, extractJSONFromSSE, extractNetworkFromAccountId, generateJWT, getIsReactNative, isBrowser, isEnumValue, isNextJS, isNode, isSSEResponse, isWebEnvironment, parseMcpMessages, parsePaymentRequests, parseSSEMessages, paymentRequiredError };
 //# sourceMappingURL=index.js.map