@atxp/server 0.2.5

package/README.md

@@ -0,0 +1,148 @@
+# @atxp/server
+
+ATXP Server - MCP server implementation with payment processing capabilities.
+
+## Overview
+
+The ATXP Server package provides middleware and utilities for creating MCP (Model Context Protocol) servers that require OAuth authentication and payment processing. It integrates seamlessly with Express.js applications to add payment requirements to any MCP tool.
+
+**🚀 Getting Started**: Learn more about ATXP in [the docs](https://docs.atxp.ai/atxp), and follow the [MCP Server Quickstart](https://docs.atxp.ai/server) to build your first monetized MCP server using ATXP.
+
+## Features
+
+- 🔐 **OAuth Integration**: Complete OAuth 2.0 server middleware
+- 💰 **Payment Validation**: Solana payment verification and processing
+- 🛠️ **MCP Protocol**: Full Model Context Protocol server implementation
+- 🚀 **Express Middleware**: Easy integration with existing Express applications
+- 🔄 **Challenge System**: Automatic authentication challenges for unauthorized requests
+- 📊 **Payment Tracking**: Built-in payment confirmation and tracking
+
+## Installation
+
+```bash
+npm install @atxp/server
+```
+
+## Basic Usage
+
+```typescript
+import express from 'express';
+import { ATXPServer, requirePayment } from '@atxp/server';
+
+const app = express();
+const server = new ATXPServer({
+  clientId: 'your-oauth-client-id',
+  authServerUrl: 'https://auth.atxp.ai',
+  destinationAddress: 'your-solana-wallet-address'
+});
+
+// Add MCP tools with payment requirements
+server.addTool({
+  name: 'hello_world',
+  description: 'A simple greeting tool',
+  inputSchema: {
+    type: 'object',
+    properties: {
+      name: { type: 'string' }
+    }
+  }
+}, requirePayment('0.01'), async ({ name }) => {
+  return `Hello, ${name || 'World'}!`;
+});
+
+// Mount server middleware
+app.use('/', server.middleware());
+app.listen(3010);
+```
+
+## Authentication & Payment Flow
+
+1. **Unauthenticated Request**: Client sends MCP request without auth token
+2. **OAuth Challenge**: Server responds with OAuth challenge and redirect URL
+3. **Client Authentication**: Client completes OAuth flow and obtains access token  
+4. **Authenticated Request**: Client retries request with valid access token
+5. **Payment Required**: Server responds with payment requirement (amount, destination)
+6. **Payment Processing**: Client makes Solana payment to specified address
+7. **Payment Verification**: Server confirms payment on-chain
+8. **Tool Execution**: Server executes requested tool and returns results
+
+## API Reference
+
+### ATXPServer
+
+Main server class for handling ATXP protocol requests.
+
+#### Constructor Options
+
+```typescript
+interface ATXPServerConfig {
+  clientId: string;            // OAuth client ID
+  authServerUrl?: string;      // Auth server URL (defaults to https://auth.atxp.ai)
+  destinationAddress: string;  // Solana wallet address for payments
+  oAuthDb?: OAuthDb;          // Custom OAuth database implementation
+}
+```
+
+#### Methods
+
+- `addTool(definition, middleware, handler)`: Register MCP tool with payment requirements
+- `middleware()`: Get Express middleware function
+- `handleMCPRequest(req, res)`: Process MCP protocol requests
+
+### requirePayment(amount)
+
+Middleware function that adds payment requirements to tools.
+
+```typescript
+const paymentMiddleware = requirePayment('0.01'); // 0.01 SOL/USDC
+```
+
+### Payment Verification
+
+The server automatically handles:
+- On-chain payment confirmation
+- Payment amount validation  
+- Duplicate payment prevention
+- Transaction signature verification
+
+## Tool Registration
+
+Tools can be registered with various middleware combinations:
+
+```typescript
+// Free tool (no payment required)
+server.addTool(toolDef, async (args) => {
+  return 'Free result';
+});
+
+// Paid tool with fixed amount
+server.addTool(toolDef, requirePayment('0.01'), async (args) => {
+  return 'Paid result';
+});
+
+// Custom middleware chain
+server.addTool(toolDef, 
+  requirePayment('0.05'),
+  customValidation,
+  async (args) => {
+    return 'Premium result';
+  }
+);
+```
+
+## Error Handling
+
+The server provides structured error responses for:
+- Authentication failures
+- Payment requirement notifications
+- Payment verification failures
+- Tool execution errors
+- Invalid MCP requests
+
+## Examples
+
+See the `examples/server/` directory for a complete working server implementation.
+
+## License
+
+MIT

package/dist/atxpContext.d.ts

@@ -0,0 +1,6 @@
+import { ATXPConfig, TokenCheck } from "./types.js";
+export declare function getATXPConfig(): ATXPConfig | null;
+export declare function getATXPResource(): URL | null;
+export declare function atxpAccountId(): string | null;
+export declare function withATXPContext(config: ATXPConfig, resource: URL, tokenInfo: Pick<TokenCheck, 'token' | 'data'> | null, next: () => void): Promise<void>;
+//# sourceMappingURL=atxpContext.d.ts.map

package/dist/atxpContext.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"atxpContext.d.ts","sourceRoot":"","sources":["../src/atxpContext.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAWpD,wBAAgB,aAAa,IAAI,UAAU,GAAG,IAAI,CAGjD;AAED,wBAAgB,eAAe,IAAI,GAAG,GAAG,IAAI,CAG5C;AAGD,wBAAgB,aAAa,IAAI,MAAM,GAAG,IAAI,CAG7C;AAGD,wBAAsB,eAAe,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAwB9J"}

package/dist/atxpContext.js

@@ -0,0 +1,41 @@
+import { AsyncLocalStorage } from "async_hooks";
+const contextStorage = new AsyncLocalStorage();
+export function getATXPConfig() {
+    const context = contextStorage.getStore();
+    return context?.config ?? null;
+}
+export function getATXPResource() {
+    const context = contextStorage.getStore();
+    return context?.resource ?? null;
+}
+// Helper function to get the current request's user
+export function atxpAccountId() {
+    const context = contextStorage.getStore();
+    return context?.tokenData?.sub ?? null;
+}
+// Helper function to run code within a user context
+export async function withATXPContext(config, resource, tokenInfo, next) {
+    config.logger.debug(`Setting user context to ${tokenInfo?.data?.sub ?? 'null'}`);
+    if (tokenInfo && tokenInfo.data?.sub) {
+        if (tokenInfo.token) {
+            const dbData = {
+                accessToken: tokenInfo.token,
+                resourceUrl: ''
+            };
+            // Save the token to the oAuthDB so that other users of the DB can access it
+            // if needed (ie, for token-exchange for downstream services)
+            await config.oAuthDb.saveAccessToken(tokenInfo.data.sub, '', dbData);
+        }
+        else {
+            config.logger.warn(`Setting user context with token data, but there was no token provided. This probably indicates a bug, since the data should be derived from the token`);
+            config.logger.debug(`Token data: ${JSON.stringify(tokenInfo.data)}`);
+        }
+    }
+    const ctx = {
+        tokenData: tokenInfo?.data || null,
+        config,
+        resource
+    };
+    return contextStorage.run(ctx, next);
+}
+//# sourceMappingURL=atxpContext.js.map

package/dist/atxpContext.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"atxpContext.js","sourceRoot":"","sources":["../src/atxpContext.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,MAAM,cAAc,GAAG,IAAI,iBAAiB,EAAsB,CAAC;AAQnE,MAAM,UAAU,aAAa;IAC3B,MAAM,OAAO,GAAG,cAAc,CAAC,QAAQ,EAAE,CAAC;IAC1C,OAAO,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,MAAM,OAAO,GAAG,cAAc,CAAC,QAAQ,EAAE,CAAC;IAC1C,OAAO,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC;AACnC,CAAC;AAED,oDAAoD;AACpD,MAAM,UAAU,aAAa;IAC3B,MAAM,OAAO,GAAG,cAAc,CAAC,QAAQ,EAAE,CAAC;IAC1C,OAAO,OAAO,EAAE,SAAS,EAAE,GAAG,IAAI,IAAI,CAAC;AACzC,CAAC;AAED,oDAAoD;AACpD,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,MAAkB,EAAE,QAAa,EAAE,SAAoD,EAAE,IAAgB;IAC7I,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,SAAS,EAAE,IAAI,EAAE,GAAG,IAAI,MAAM,EAAE,CAAC,CAAC;IAEjF,IAAG,SAAS,IAAI,SAAS,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC;QACpC,IAAG,SAAS,CAAC,KAAK,EAAE,CAAC;YACnB,MAAM,MAAM,GAAG;gBACb,WAAW,EAAE,SAAS,CAAC,KAAM;gBAC7B,WAAW,EAAE,EAAE;aAChB,CAAC;YACF,4EAA4E;YAC5E,6DAA6D;YAC7D,MAAM,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;QACvE,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,uJAAuJ,CAAC,CAAC;YAC5K,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAG;QACV,SAAS,EAAE,SAAS,EAAE,IAAI,IAAI,IAAI;QAClC,MAAM;QACN,QAAQ;KACT,CAAC;IACF,OAAO,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC"}

package/dist/atxpServer.d.ts

@@ -0,0 +1,12 @@
+import { ATXPConfig } from "./types.js";
+import { Router } from "express";
+type RequiredATXPConfigFields = 'destination';
+type RequiredATXPConfig = Pick<ATXPConfig, RequiredATXPConfigFields>;
+type OptionalATXPConfig = Omit<ATXPConfig, RequiredATXPConfigFields>;
+export type ATXPArgs = RequiredATXPConfig & Partial<OptionalATXPConfig>;
+type BuildableATXPConfigFields = 'oAuthDb' | 'oAuthClient' | 'paymentServer' | 'logger';
+export declare const DEFAULT_CONFIG: Required<Omit<OptionalATXPConfig, BuildableATXPConfigFields>>;
+export declare function buildServerConfig(args: ATXPArgs): ATXPConfig;
+export declare function atxpServer(args: ATXPArgs): Router;
+export {};
+//# sourceMappingURL=atxpServer.d.ts.map

package/dist/atxpServer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"atxpServer.d.ts","sourceRoot":"","sources":["../src/atxpServer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAiB,MAAM,YAAY,CAAC;AAKvD,OAAO,EAAmC,MAAM,EAAE,MAAM,SAAS,CAAC;AAMlE,KAAK,wBAAwB,GAAG,aAAa,CAAC;AAC9C,KAAK,kBAAkB,GAAG,IAAI,CAAC,UAAU,EAAE,wBAAwB,CAAC,CAAC;AACrE,KAAK,kBAAkB,GAAG,IAAI,CAAC,UAAU,EAAE,wBAAwB,CAAC,CAAC;AACrE,MAAM,MAAM,QAAQ,GAAG,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;AACxE,KAAK,yBAAyB,GAAG,SAAS,GAAG,aAAa,GAAG,eAAe,GAAG,QAAQ,CAAC;AAExF,eAAO,MAAM,cAAc,EAAE,QAAQ,CAAC,IAAI,CAAC,kBAAkB,EAAE,yBAAyB,CAAC,CASxF,CAAC;AAEF,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,QAAQ,GAAG,UAAU,CA8B5D;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,QAAQ,GAAG,MAAM,CAyDjD"}

package/dist/atxpServer.js

@@ -0,0 +1,101 @@
+import { ConsoleLogger, OAuthResourceClient, DEFAULT_AUTHORIZATION_SERVER, MemoryOAuthDb } from "@atxp/common";
+import { checkToken } from "./token.js";
+import { sendOAuthChallenge } from "./oAuthChallenge.js";
+import { withATXPContext } from "./atxpContext.js";
+import { parseMcpRequests } from "./http.js";
+import { Router } from "express";
+import { getProtectedResourceMetadata as getPRMResponse, sendProtectedResourceMetadata } from "./protectedResourceMetadata.js";
+import { getResource } from "./getResource.js";
+import { ATXPPaymentServer } from "./paymentServer.js";
+import { getOAuthMetadata, sendOAuthMetadata } from "./oAuthMetadata.js";
+export const DEFAULT_CONFIG = {
+    mountPath: '/',
+    currency: 'USDC',
+    network: 'solana',
+    server: DEFAULT_AUTHORIZATION_SERVER,
+    atxpAuthClientToken: undefined, // Will be set in buildServerConfig
+    payeeName: 'An ATXP Server',
+    allowHttp: false, // May be overridden in buildServerConfig by process.env.NODE_ENV
+    resource: null, // Set dynamically from the request URL
+};
+export function buildServerConfig(args) {
+    if (!args.destination) {
+        throw new Error('destination is required');
+    }
+    // Read environment variables at runtime, not module load time
+    const envDefaults = {
+        ...DEFAULT_CONFIG,
+        atxpAuthClientToken: process.env.ATXP_AUTH_CLIENT_TOKEN,
+        allowHttp: process.env.NODE_ENV === 'development',
+    };
+    const withDefaults = { ...envDefaults, ...args };
+    const oAuthDb = withDefaults.oAuthDb ?? new MemoryOAuthDb();
+    const oAuthClient = withDefaults.oAuthClient ?? new OAuthResourceClient({
+        db: oAuthDb,
+        allowInsecureRequests: withDefaults.allowHttp,
+        clientName: withDefaults.payeeName,
+    });
+    const logger = withDefaults.logger ?? new ConsoleLogger();
+    let paymentServer;
+    if (withDefaults.paymentServer) {
+        paymentServer = withDefaults.paymentServer;
+    }
+    else {
+        if (!withDefaults.atxpAuthClientToken) {
+            throw new Error('ATXP_AUTH_CLIENT_TOKEN is not set. If no payment server is provided, you must set ATXP_AUTH_CLIENT_TOKEN.');
+        }
+        paymentServer = new ATXPPaymentServer(withDefaults.server, withDefaults.atxpAuthClientToken, logger);
+    }
+    const built = { oAuthDb, oAuthClient, paymentServer, logger };
+    return Object.freeze({ ...withDefaults, ...built });
+}
+;
+export function atxpServer(args) {
+    const config = buildServerConfig(args);
+    const router = Router();
+    // Regular middleware
+    const atxpMiddleware = async (req, res, next) => {
+        try {
+            const logger = config.logger; // Capture logger in closure
+            const requestUrl = new URL(req.url, req.protocol + '://' + req.host);
+            logger.debug(`Handling ${req.method} ${requestUrl.toString()}`);
+            const resource = getResource(config, requestUrl);
+            const prmResponse = getPRMResponse(config, requestUrl);
+            if (sendProtectedResourceMetadata(res, prmResponse)) {
+                return;
+            }
+            // Some older clients don't use PRM and assume the MCP server is an OAuth server
+            const oAuthMetadata = await getOAuthMetadata(config, requestUrl);
+            if (sendOAuthMetadata(res, oAuthMetadata)) {
+                return;
+            }
+            const mcpRequests = await parseMcpRequests(config, requestUrl, req, req.body);
+            logger.debug(`${mcpRequests.length} MCP requests found in request`);
+            if (mcpRequests.length === 0) {
+                next();
+                return;
+            }
+            logger.debug(`Request started - ${req.method} ${req.path}`);
+            const tokenCheck = await checkToken(config, resource, req);
+            const user = tokenCheck.data?.sub ?? null;
+            // Listen for when the response is finished
+            res.on('finish', async () => {
+                logger.debug(`Request finished ${user ? `for user ${user} ` : ''}- ${req.method} ${req.path}`);
+            });
+            // Send the oauth challenge, if needed. If we do, we're done
+            if (sendOAuthChallenge(res, tokenCheck)) {
+                return;
+            }
+            return withATXPContext(config, resource, tokenCheck, next);
+        }
+        catch (error) {
+            config.logger.error(`Critical error in atxp middleware - returning HTTP 500. Error: ${error instanceof Error ? error.message : String(error)}`);
+            config.logger.debug(JSON.stringify(error, null, 2));
+            res.status(500).json({ error: 'server_error', error_description: 'An internal server error occurred' });
+        }
+    };
+    // Add middleware to the router
+    router.use(atxpMiddleware);
+    return router;
+}
+//# sourceMappingURL=atxpServer.js.map

package/dist/atxpServer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"atxpServer.js","sourceRoot":"","sources":["../src/atxpServer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,4BAA4B,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAE/G,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAmC,MAAM,EAAE,MAAM,SAAS,CAAC;AAClE,OAAO,EAAE,4BAA4B,IAAI,cAAc,EAAE,6BAA6B,EAAE,MAAM,gCAAgC,CAAC;AAC/H,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAQzE,MAAM,CAAC,MAAM,cAAc,GAAkE;IAC3F,SAAS,EAAE,GAAG;IACd,QAAQ,EAAE,MAAe;IACzB,OAAO,EAAE,QAAiB;IAC1B,MAAM,EAAE,4BAA4B;IACpC,mBAAmB,EAAE,SAA6B,EAAE,mCAAmC;IACvF,SAAS,EAAE,gBAAgB;IAC3B,SAAS,EAAE,KAAK,EAAE,iEAAiE;IACnF,QAAQ,EAAE,IAAI,EAAE,uCAAuC;CACxD,CAAC;AAEF,MAAM,UAAU,iBAAiB,CAAC,IAAc;IAC9C,IAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,8DAA8D;IAC9D,MAAM,WAAW,GAAG;QAClB,GAAG,cAAc;QACjB,mBAAmB,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QACvD,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa;KAClD,CAAC;IACF,MAAM,YAAY,GAAG,EAAE,GAAG,WAAW,EAAE,GAAG,IAAI,EAAE,CAAC;IACjD,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,IAAI,IAAI,aAAa,EAAE,CAAA;IAC3D,MAAM,WAAW,GAAG,YAAY,CAAC,WAAW,IAAI,IAAI,mBAAmB,CAAC;QACtE,EAAE,EAAE,OAAO;QACX,qBAAqB,EAAE,YAAY,CAAC,SAAS;QAC7C,UAAU,EAAE,YAAY,CAAC,SAAS;KACnC,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;IAC1D,IAAI,aAAwC,CAAC;IAC7C,IAAI,YAAY,CAAC,aAAa,EAAG,CAAC;QAChC,aAAa,GAAG,YAAY,CAAC,aAAa,CAAC;IAC7C,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,YAAY,CAAC,mBAAmB,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,2GAA2G,CAAC,CAAC;QAC/H,CAAC;QACD,aAAa,GAAG,IAAI,iBAAiB,CAAC,YAAY,CAAC,MAAM,EAAE,YAAY,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;IACvG,CAAC;IACD,MAAM,KAAK,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,EAAC,CAAC;IAC7D,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,YAAY,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC;AACtD,CAAC;AAAA,CAAC;AAEF,MAAM,UAAU,UAAU,CAAC,IAAc;IACvC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,qBAAqB;IACrB,MAAM,cAAc,GAAG,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC/E,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAE,4BAA4B;YAC3D,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,QAAQ,GAAG,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;YACrE,MAAM,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,MAAM,IAAI,UAAU,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YAEhE,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YACjD,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YACvD,IAAI,6BAA6B,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE,CAAC;gBACpD,OAAO;YACT,CAAC;YAED,gFAAgF;YAChF,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YACjE,IAAG,iBAAiB,CAAC,GAAG,EAAE,aAAa,CAAC,EAAE,CAAC;gBACzC,OAAO;YACT,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAC9E,MAAM,CAAC,KAAK,CAAC,GAAG,WAAW,CAAC,MAAM,gCAAgC,CAAC,CAAC;YAEpE,IAAG,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC5B,IAAI,EAAE,CAAC;gBACP,OAAO;YACT,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,qBAAqB,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;YAC5D,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;YAC3D,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,IAAI,IAAI,CAAC;YAE1C,2CAA2C;YAC3C,GAAG,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;gBAC1B,MAAM,CAAC,KAAK,CAAC,oBAAoB,IAAI,CAAC,CAAC,CAAC,YAAY,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;YACjG,CAAC,CAAC,CAAC;YAEH,4DAA4D;YAC5D,IAAI,kBAAkB,CAAC,GAAG,EAAE,UAAU,CAAC,EAAE,CAAC;gBACxC,OAAO;YACT,CAAC;YAED,OAAO,eAAe,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;QAC7D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,kEAAkE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAChJ,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACpD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,mCAAmC,EAAE,CAAC,CAAC;QAC1G,CAAC;IACH,CAAC,CAAC;IAEF,+BAA+B;IAC/B,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAE3B,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/getResource.d.ts

@@ -0,0 +1,4 @@
+import { ATXPConfig } from "./types.js";
+export declare function getPath(url: URL): string;
+export declare function getResource(config: ATXPConfig, requestUrl: URL): URL;
+//# sourceMappingURL=getResource.d.ts.map

package/dist/getResource.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"getResource.d.ts","sourceRoot":"","sources":["../src/getResource.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC,wBAAgB,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM,CAGxC;AAED,wBAAgB,WAAW,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,GAAG,GAAG,CAapE"}

package/dist/getResource.js

@@ -0,0 +1,17 @@
+export function getPath(url) {
+    const fullPath = url.pathname.replace(/^\/$/, '');
+    return fullPath;
+}
+export function getResource(config, requestUrl) {
+    if (config.resource) {
+        return new URL(config.resource);
+    }
+    const protocol = process.env.NODE_ENV === 'development' ? requestUrl.protocol : 'https:';
+    const url = new URL(`${protocol}//${requestUrl.host}${requestUrl.pathname}`);
+    const fullPath = getPath(url);
+    // If this is a PRM path, convert it into the path for the resource this is the metadata for
+    const resourcePath = fullPath.replace('/.well-known/oauth-protected-resource', '').replace(/\/$/, '');
+    const resource = new URL(`${protocol}//${requestUrl.host}${resourcePath}`);
+    return resource;
+}
+//# sourceMappingURL=getResource.js.map

package/dist/getResource.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"getResource.js","sourceRoot":"","sources":["../src/getResource.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,OAAO,CAAC,GAAQ;IAC9B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAClD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,MAAkB,EAAE,UAAe;IAC7D,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,OAAO,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;IACzF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,QAAQ,KAAK,UAAU,CAAC,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;IAE7E,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAC9B,4FAA4F;IAC5F,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,uCAAuC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAEtG,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,QAAQ,KAAK,UAAU,CAAC,IAAI,GAAG,YAAY,EAAE,CAAC,CAAC;IAC3E,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/http.d.ts

@@ -0,0 +1,7 @@
+import { IncomingMessage } from "node:http";
+import { JSONRPCRequest } from "@modelcontextprotocol/sdk/types.js";
+import { ATXPConfig } from "./types.js";
+import { Logger } from "@atxp/common";
+export declare function parseMcpRequests(config: ATXPConfig, requestUrl: URL, req: IncomingMessage, parsedBody?: unknown): Promise<JSONRPCRequest[]>;
+export declare function parseBody(req: IncomingMessage, logger: Logger): Promise<unknown>;
+//# sourceMappingURL=http.d.ts.map

package/dist/http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAG5C,OAAO,EAAE,cAAc,EAAoB,MAAM,oCAAoC,CAAC;AACtF,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAoB,MAAM,EAAE,MAAM,cAAc,CAAC;AAQxD,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,UAAU,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,CA0BjJ;AAED,wBAAsB,SAAS,CAAC,GAAG,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAmBtF"}

package/dist/http.js

@@ -0,0 +1,51 @@
+import getRawBody from "raw-body";
+import contentType from "content-type";
+import { isJSONRPCRequest } from "@modelcontextprotocol/sdk/types.js";
+import { parseMcpMessages } from "@atxp/common";
+// Useful reference for dealing with low-level http requests:
+// https://github.com/modelcontextprotocol/typescript-sdk/blob/c6ac083b1b37b222b5bfba5563822daa5d03372e/src/server/streamableHttp.ts#L375
+// Using the same value as MCP SDK
+const MAXIMUM_MESSAGE_SIZE = "4mb";
+export async function parseMcpRequests(config, requestUrl, req, parsedBody) {
+    if (!req.method) {
+        return [];
+    }
+    if (req.method.toLowerCase() !== 'post') {
+        return [];
+    }
+    // The middleware has to be mounted at the root to serve the protected resource metadata,
+    // but the actual MCP server it's controlling is specified by the mountPath.
+    const path = requestUrl.pathname.replace(/\/$/, '');
+    const mountPath = config.mountPath.replace(/\/$/, '');
+    if (path !== mountPath && path !== `${mountPath}/message`) {
+        config.logger.debug(`Request path (${path}) does not match the mountPath (${mountPath}), skipping MCP middleware`);
+        return [];
+    }
+    parsedBody = parsedBody ?? await parseBody(req, config.logger);
+    const messages = await parseMcpMessages(parsedBody, config.logger);
+    const requests = messages.filter(msg => isJSONRPCRequest(msg));
+    if (requests.length !== messages.length) {
+        config.logger.debug(`Dropped ${messages.length - requests.length} MCP messages that were not MCP requests`);
+    }
+    return requests;
+}
+export async function parseBody(req, logger) {
+    try {
+        const ct = req.headers["content-type"];
+        let encoding = "utf-8";
+        if (ct) {
+            const parsedCt = contentType.parse(ct);
+            encoding = parsedCt.parameters.charset ?? "utf-8";
+        }
+        const body = await getRawBody(req, {
+            limit: MAXIMUM_MESSAGE_SIZE,
+            encoding,
+        });
+        return JSON.parse(body.toString());
+    }
+    catch (error) {
+        logger.error(error.message);
+        return undefined;
+    }
+}
+//# sourceMappingURL=http.js.map

package/dist/http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AACA,OAAO,UAAU,MAAM,UAAU,CAAC;AAClC,OAAO,WAAW,MAAM,cAAc,CAAC;AACvC,OAAO,EAAkB,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AAEtF,OAAO,EAAE,gBAAgB,EAAU,MAAM,cAAc,CAAC;AAExD,6DAA6D;AAC7D,yIAAyI;AAEzI,kCAAkC;AAClC,MAAM,oBAAoB,GAAG,KAAK,CAAC;AAEnC,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,MAAkB,EAAE,UAAe,EAAE,GAAoB,EAAE,UAAoB;IACpH,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;QAChB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;QACxC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,yFAAyF;IACzF,4EAA4E;IAC5E,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtD,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,GAAG,SAAS,UAAU,EAAE,CAAC;QAC1D,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,IAAI,mCAAmC,SAAS,4BAA4B,CAAC,CAAC;QACnH,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,UAAU,GAAG,UAAU,IAAI,MAAM,SAAS,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAEnE,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/D,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,QAAQ,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,0CAA0C,CAAC,CAAC;IAC9G,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,GAAoB,EAAE,MAAc;IAClE,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAEvC,IAAI,QAAQ,GAAG,OAAO,CAAC;QACvB,IAAI,EAAE,EAAE,CAAC;YACP,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACvC,QAAQ,GAAG,QAAQ,CAAC,UAAU,CAAC,OAAO,IAAI,OAAO,CAAC;QACpD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE;YACjC,KAAK,EAAE,oBAAoB;YAC3B,QAAQ;SACT,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAE,KAAe,CAAC,OAAO,CAAC,CAAC;QACvC,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export * from './atxpServer.js';
+export * from './types.js';
+export * from './atxpContext.js';
+export * from './requirePayment.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC;AAC3B,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC"}

package/dist/index.js

@@ -0,0 +1,5 @@
+export * from './atxpServer.js';
+export * from './types.js';
+export * from './atxpContext.js';
+export * from './requirePayment.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC;AAC3B,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC"}

package/dist/oAuthChallenge.d.ts

@@ -0,0 +1,4 @@
+import { ServerResponse } from "http";
+import { TokenCheck } from "./types.js";
+export declare function sendOAuthChallenge(res: ServerResponse, tokenCheck: TokenCheck): boolean;
+//# sourceMappingURL=oAuthChallenge.d.ts.map

package/dist/oAuthChallenge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oAuthChallenge.d.ts","sourceRoot":"","sources":["../src/oAuthChallenge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AACtC,OAAO,EAAE,UAAU,EAAgB,MAAM,YAAY,CAAC;AAGtD,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,cAAc,EAAE,UAAU,EAAE,UAAU,GAAG,OAAO,CAsCvF"}

package/dist/oAuthChallenge.js

@@ -0,0 +1,39 @@
+import { TokenProblem } from "./types.js";
+import { assertNever } from "@atxp/common";
+export function sendOAuthChallenge(res, tokenCheck) {
+    if (tokenCheck.passes) {
+        return false;
+    }
+    let status = 401;
+    let body = {};
+    // https://datatracker.ietf.org/doc/html/rfc6750#section-3.1
+    switch (tokenCheck.problem) {
+        case TokenProblem.NO_TOKEN:
+            break;
+        case TokenProblem.NON_BEARER_AUTH_HEADER:
+            status = 400;
+            body = { error: 'invalid_request', error_description: 'Authorization header did not include a Bearer token' };
+            break;
+        case TokenProblem.INVALID_TOKEN:
+            body = { error: 'invalid_token', error_description: 'Token is not active' };
+            break;
+        case TokenProblem.INVALID_AUDIENCE:
+            body = { error: 'invalid_token', error_description: 'Token is does not match the expected audience' };
+            break;
+        case TokenProblem.NON_SUFFICIENT_FUNDS:
+            status = 403;
+            body = { error: 'insufficient_scope', error_description: 'Non sufficient funds' };
+            break;
+        case TokenProblem.INTROSPECT_ERROR:
+            status = 502;
+            body = { error: 'server_error', error_description: 'An internal server error occurred' };
+            break;
+        default:
+            assertNever(tokenCheck.problem);
+    }
+    res.setHeader('WWW-Authenticate', `Bearer resource_metadata="${tokenCheck.resourceMetadataUrl}"`);
+    res.writeHead(status);
+    res.end(JSON.stringify(body));
+    return true;
+}
+//# sourceMappingURL=oAuthChallenge.js.map

package/dist/oAuthChallenge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oAuthChallenge.js","sourceRoot":"","sources":["../src/oAuthChallenge.ts"],"names":[],"mappings":"AACA,OAAO,EAAc,YAAY,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE3C,MAAM,UAAU,kBAAkB,CAAC,GAAmB,EAAE,UAAsB;IAC5E,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,MAAM,GAAG,GAAG,CAAC;IACjB,IAAI,IAAI,GAAkE,EAAE,CAAC;IAC7E,4DAA4D;IAC5D,QAAQ,UAAU,CAAC,OAAO,EAAE,CAAC;QAC3B,KAAK,YAAY,CAAC,QAAQ;YACxB,MAAM;QACR,KAAK,YAAY,CAAC,sBAAsB;YACtC,MAAM,GAAG,GAAG,CAAC;YACb,IAAI,GAAG,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,qDAAqD,EAAE,CAAC;YAC9G,MAAM;QACR,KAAK,YAAY,CAAC,aAAa;YAC7B,IAAI,GAAG,EAAE,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,CAAC;YAC5E,MAAM;QACR,KAAK,YAAY,CAAC,gBAAgB;YAChC,IAAI,GAAG,EAAE,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,+CAA+C,EAAE,CAAC;YACtG,MAAM;QACR,KAAK,YAAY,CAAC,oBAAoB;YACpC,MAAM,GAAG,GAAG,CAAC;YACb,IAAI,GAAG,EAAE,KAAK,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,CAAC;YAClF,MAAM;QACR,KAAK,YAAY,CAAC,gBAAgB;YAChC,MAAM,GAAG,GAAG,CAAC;YACb,IAAI,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,mCAAmC,EAAE,CAAC;YACzF,MAAM;QACR;YACE,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IAED,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,6BAA6B,UAAU,CAAC,mBAAmB,GAAG,CAAC,CAAC;IAClG,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACtB,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAE9B,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/oAuthMetadata.d.ts

@@ -0,0 +1,6 @@
+import { ATXPConfig } from "./types.js";
+import * as oauth from 'oauth4webapi';
+import { ServerResponse } from "http";
+export declare function sendOAuthMetadata(res: ServerResponse, metadata: oauth.AuthorizationServer | null): boolean;
+export declare function getOAuthMetadata(config: ATXPConfig, requestUrl: URL): Promise<oauth.AuthorizationServer | null>;
+//# sourceMappingURL=oAuthMetadata.d.ts.map

package/dist/oAuthMetadata.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oAuthMetadata.d.ts","sourceRoot":"","sources":["../src/oAuthMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,KAAK,KAAK,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAGtC,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,EAAE,KAAK,CAAC,mBAAmB,GAAG,IAAI,GAAG,OAAO,CAQ1G;AAED,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAyBrH"}

package/dist/oAuthMetadata.js

@@ -0,0 +1,41 @@
+import { getPath } from "./getResource.js";
+export function sendOAuthMetadata(res, metadata) {
+    if (!metadata) {
+        return false;
+    }
+    res.setHeader('Content-Type', 'application/json');
+    res.writeHead(200);
+    res.end(JSON.stringify(metadata));
+    return true;
+}
+export async function getOAuthMetadata(config, requestUrl) {
+    if (isOAuthMetadataRequest(config, requestUrl)) {
+        try {
+            const authServer = await config.oAuthClient.authorizationServerFromUrl(new URL(config.server));
+            return {
+                issuer: config.server,
+                authorization_endpoint: authServer.authorization_endpoint,
+                response_types_supported: authServer.response_types_supported,
+                grant_types_supported: authServer.grant_types_supported,
+                token_endpoint: authServer.token_endpoint,
+                token_endpoint_auth_methods_supported: authServer.token_endpoint_auth_methods_supported,
+                registration_endpoint: authServer.registration_endpoint,
+                revocation_endpoint: authServer.revocation_endpoint,
+                introspection_endpoint: authServer.introspection_endpoint,
+                introspection_endpoint_auth_methods_supported: authServer.introspection_endpoint_auth_methods_supported,
+                code_challenge_methods_supported: authServer.code_challenge_methods_supported,
+                scopes_supported: authServer.scopes_supported
+            };
+        }
+        catch (error) {
+            config.logger.error(`Error fetching authorization server configuration from ${config.server}: ${error}`);
+            throw error;
+        }
+    }
+    return null;
+}
+function isOAuthMetadataRequest(config, requestUrl) {
+    const path = getPath(requestUrl).replace(/\/$/, '');
+    return path === '/.well-known/oauth-authorization-server';
+}
+//# sourceMappingURL=oAuthMetadata.js.map

package/dist/oAuthMetadata.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oAuthMetadata.js","sourceRoot":"","sources":["../src/oAuthMetadata.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAE3C,MAAM,UAAU,iBAAiB,CAAC,GAAmB,EAAE,QAA0C;IAC/F,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;IACD,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IAClD,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACnB,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,MAAkB,EAAE,UAAe;IACxE,IAAI,sBAAsB,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,0BAA0B,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YAE/F,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,sBAAsB,EAAE,UAAU,CAAC,sBAAsB;gBACzD,wBAAwB,EAAE,UAAU,CAAC,wBAAwB;gBAC7D,qBAAqB,EAAE,UAAU,CAAC,qBAAqB;gBACvD,cAAc,EAAE,UAAU,CAAC,cAAc;gBACzC,qCAAqC,EAAE,UAAU,CAAC,qCAAqC;gBACvF,qBAAqB,EAAE,UAAU,CAAC,qBAAqB;gBACvD,mBAAmB,EAAE,UAAU,CAAC,mBAAmB;gBACnD,sBAAsB,EAAE,UAAU,CAAC,sBAAsB;gBACzD,6CAA6C,EAAE,UAAU,CAAC,6CAA6C;gBACvG,gCAAgC,EAAE,UAAU,CAAC,gCAAgC;gBAC7E,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;aAC9C,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,0DAA0D,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC,CAAC;YACzG,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,sBAAsB,CAAC,MAAkB,EAAE,UAAe;IACjE,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACpD,OAAO,IAAI,KAAK,yCAAyC,CAAC;AAC5D,CAAC"}

package/dist/paymentServer.d.ts

@@ -0,0 +1,68 @@
+import { PaymentServer, ChargeResponse } from "./types.js";
+import { Network, Currency, AuthorizationServerUrl, FetchLike, Logger } from "@atxp/common";
+import BigNumber from "bignumber.js";
+/**
+ * ATXP Payment Server implementation
+ *
+ * This class handles payment operations with the ATXP authorization server.
+ *
+ * **Required Environment Variable:**
+ * - `ATXP_AUTH_CLIENT_TOKEN`: Authentication token for the ATXP authorization server.
+ *   This token is used to authenticate API calls to the ATXP server for payment operations.
+ *   Must be set when using this class, otherwise an error will be thrown.
+ *
+ * @example
+ * ```typescript
+ * // Ensure ATXP_AUTH_CLIENT_TOKEN is set in your environment
+ * const paymentServer = new ATXPPaymentServer(
+ *   'https://auth.atxp.ai',
+ *   oAuthDb,
+ *   logger
+ * );
+ * ```
+ */
+export declare class ATXPPaymentServer implements PaymentServer {
+    private readonly server;
+    private readonly authCredentials;
+    private readonly logger;
+    private readonly fetchFn;
+    constructor(server: AuthorizationServerUrl, authCredentials: string, logger: Logger, fetchFn?: FetchLike);
+    charge: ({ source, destination, network, currency, amount }: {
+        source: string;
+        destination: string;
+        network: Network;
+        currency: Currency;
+        amount: BigNumber;
+    }) => Promise<ChargeResponse>;
+    createPaymentRequest: ({ source, destination, network, currency, amount }: {
+        source: string;
+        destination: string;
+        network: Network;
+        currency: Currency;
+        amount: BigNumber;
+    }) => Promise<string>;
+    /**
+     * Makes authenticated requests to the ATXP authorization server
+     *
+     * This method automatically includes the `ATXP_AUTH_CLIENT_TOKEN` from environment variables
+     * in the Authorization header for all requests.
+     *
+     * @param method - HTTP method ('GET' or 'POST')
+     * @param path - API endpoint path
+     * @param body - Request body (for POST requests)
+     * @returns Promise<Response> - The HTTP response from the server
+     * @throws {Error} When `ATXP_AUTH_CLIENT_TOKEN` environment variable is not set
+     *
+     * @example
+     * ```typescript
+     * // Ensure ATXP_AUTH_CLIENT_TOKEN is set in your environment
+     * const response = await paymentServer.makeRequest('POST', '/charge', {
+     *   source: 'user123',
+     *   destination: 'merchant456',
+     *   amount: new BigNumber('0.01')
+     * });
+     * ```
+     */
+    protected makeRequest: (method: "GET" | "POST", path: string, body: unknown) => Promise<Response>;
+}
+//# sourceMappingURL=paymentServer.d.ts.map