@atxp/server 0.2.5 → 0.2.6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atxp/server",
-  "version": "0.2.5",
+  "version": "0.2.6",
   "description": "ATXP Server - MCP server implementation with payment processing capabilities",
   "license": "MIT",
   "repository": {
@@ -22,7 +22,7 @@
     "test": "vitest run"
   },
   "dependencies": {
-    "@atxp/common": "0.2.5",
+    "@atxp/common": "0.2.6",
     "@modelcontextprotocol/sdk": "^1.15.0",
     "@types/express": "^5.0.0",
     "bignumber.js": "^9.3.0",

package/dist/src/atxpContext.d.ts

@@ -1,6 +0,0 @@
-import { ATXPConfig, TokenCheck } from "./types.js";
-export declare function getATXPConfig(): ATXPConfig | null;
-export declare function getATXPResource(): URL | null;
-export declare function atxpAccountId(): string | null;
-export declare function withATXPContext(config: ATXPConfig, resource: URL, tokenInfo: Pick<TokenCheck, 'token' | 'data'> | null, next: () => void): Promise<void>;
-//# sourceMappingURL=atxpContext.d.ts.map

package/dist/src/atxpContext.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"atxpContext.d.ts","sourceRoot":"","sources":["../../src/atxpContext.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAWpD,wBAAgB,aAAa,IAAI,UAAU,GAAG,IAAI,CAGjD;AAED,wBAAgB,eAAe,IAAI,GAAG,GAAG,IAAI,CAG5C;AAGD,wBAAgB,aAAa,IAAI,MAAM,GAAG,IAAI,CAG7C;AAGD,wBAAsB,eAAe,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAwB9J"}

package/dist/src/atxpContext.js

@@ -1,41 +0,0 @@
-import { AsyncLocalStorage } from "async_hooks";
-const contextStorage = new AsyncLocalStorage();
-export function getATXPConfig() {
-    const context = contextStorage.getStore();
-    return context?.config ?? null;
-}
-export function getATXPResource() {
-    const context = contextStorage.getStore();
-    return context?.resource ?? null;
-}
-// Helper function to get the current request's user
-export function atxpAccountId() {
-    const context = contextStorage.getStore();
-    return context?.tokenData?.sub ?? null;
-}
-// Helper function to run code within a user context
-export async function withATXPContext(config, resource, tokenInfo, next) {
-    config.logger.debug(`Setting user context to ${tokenInfo?.data?.sub ?? 'null'}`);
-    if (tokenInfo && tokenInfo.data?.sub) {
-        if (tokenInfo.token) {
-            const dbData = {
-                accessToken: tokenInfo.token,
-                resourceUrl: ''
-            };
-            // Save the token to the oAuthDB so that other users of the DB can access it
-            // if needed (ie, for token-exchange for downstream services)
-            await config.oAuthDb.saveAccessToken(tokenInfo.data.sub, '', dbData);
-        }
-        else {
-            config.logger.warn(`Setting user context with token data, but there was no token provided. This probably indicates a bug, since the data should be derived from the token`);
-            config.logger.debug(`Token data: ${JSON.stringify(tokenInfo.data)}`);
-        }
-    }
-    const ctx = {
-        tokenData: tokenInfo?.data || null,
-        config,
-        resource
-    };
-    return contextStorage.run(ctx, next);
-}
-//# sourceMappingURL=atxpContext.js.map

package/dist/src/atxpContext.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"atxpContext.js","sourceRoot":"","sources":["../../src/atxpContext.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,MAAM,cAAc,GAAG,IAAI,iBAAiB,EAAsB,CAAC;AAQnE,MAAM,UAAU,aAAa;IAC3B,MAAM,OAAO,GAAG,cAAc,CAAC,QAAQ,EAAE,CAAC;IAC1C,OAAO,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,MAAM,OAAO,GAAG,cAAc,CAAC,QAAQ,EAAE,CAAC;IAC1C,OAAO,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC;AACnC,CAAC;AAED,oDAAoD;AACpD,MAAM,UAAU,aAAa;IAC3B,MAAM,OAAO,GAAG,cAAc,CAAC,QAAQ,EAAE,CAAC;IAC1C,OAAO,OAAO,EAAE,SAAS,EAAE,GAAG,IAAI,IAAI,CAAC;AACzC,CAAC;AAED,oDAAoD;AACpD,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,MAAkB,EAAE,QAAa,EAAE,SAAoD,EAAE,IAAgB;IAC7I,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,SAAS,EAAE,IAAI,EAAE,GAAG,IAAI,MAAM,EAAE,CAAC,CAAC;IAEjF,IAAG,SAAS,IAAI,SAAS,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC;QACpC,IAAG,SAAS,CAAC,KAAK,EAAE,CAAC;YACnB,MAAM,MAAM,GAAG;gBACb,WAAW,EAAE,SAAS,CAAC,KAAM;gBAC7B,WAAW,EAAE,EAAE;aAChB,CAAC;YACF,4EAA4E;YAC5E,6DAA6D;YAC7D,MAAM,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;QACvE,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,uJAAuJ,CAAC,CAAC;YAC5K,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAG;QACV,SAAS,EAAE,SAAS,EAAE,IAAI,IAAI,IAAI;QAClC,MAAM;QACN,QAAQ;KACT,CAAC;IACF,OAAO,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC"}

package/dist/src/atxpServer.d.ts

@@ -1,12 +0,0 @@
-import { ATXPConfig } from "./types.js";
-import { Router } from "express";
-type RequiredATXPConfigFields = 'destination';
-type RequiredATXPConfig = Pick<ATXPConfig, RequiredATXPConfigFields>;
-type OptionalATXPConfig = Omit<ATXPConfig, RequiredATXPConfigFields>;
-export type ATXPArgs = RequiredATXPConfig & Partial<OptionalATXPConfig>;
-type BuildableATXPConfigFields = 'oAuthDb' | 'oAuthClient' | 'paymentServer' | 'logger';
-export declare const DEFAULT_CONFIG: Required<Omit<OptionalATXPConfig, BuildableATXPConfigFields>>;
-export declare function buildServerConfig(args: ATXPArgs): ATXPConfig;
-export declare function atxpServer(args: ATXPArgs): Router;
-export {};
-//# sourceMappingURL=atxpServer.d.ts.map

package/dist/src/atxpServer.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"atxpServer.d.ts","sourceRoot":"","sources":["../../src/atxpServer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAiB,MAAM,YAAY,CAAC;AAKvD,OAAO,EAAmC,MAAM,EAAE,MAAM,SAAS,CAAC;AAMlE,KAAK,wBAAwB,GAAG,aAAa,CAAC;AAC9C,KAAK,kBAAkB,GAAG,IAAI,CAAC,UAAU,EAAE,wBAAwB,CAAC,CAAC;AACrE,KAAK,kBAAkB,GAAG,IAAI,CAAC,UAAU,EAAE,wBAAwB,CAAC,CAAC;AACrE,MAAM,MAAM,QAAQ,GAAG,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;AACxE,KAAK,yBAAyB,GAAG,SAAS,GAAG,aAAa,GAAG,eAAe,GAAG,QAAQ,CAAC;AAExF,eAAO,MAAM,cAAc,EAAE,QAAQ,CAAC,IAAI,CAAC,kBAAkB,EAAE,yBAAyB,CAAC,CASxF,CAAC;AAEF,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,QAAQ,GAAG,UAAU,CAwB5D;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,QAAQ,GAAG,MAAM,CAyDjD"}

package/dist/src/atxpServer.js

@@ -1,95 +0,0 @@
-import { ConsoleLogger, OAuthResourceClient, DEFAULT_AUTHORIZATION_SERVER, MemoryOAuthDb } from "@longrun/atxp-common";
-import { checkToken } from "./token.js";
-import { sendOAuthChallenge } from "./oAuthChallenge.js";
-import { withATXPContext } from "./atxpContext.js";
-import { parseMcpRequests } from "./http.js";
-import { Router } from "express";
-import { getProtectedResourceMetadata as getPRMResponse, sendProtectedResourceMetadata } from "./protectedResourceMetadata.js";
-import { getResource } from "./getResource.js";
-import { ATXPPaymentServer } from "./paymentServer.js";
-import { getOAuthMetadata, sendOAuthMetadata } from "./oAuthMetadata.js";
-export const DEFAULT_CONFIG = {
-    mountPath: '/',
-    currency: 'USDC',
-    network: 'solana',
-    server: DEFAULT_AUTHORIZATION_SERVER,
-    atxpAuthClientToken: process.env.ATXP_AUTH_CLIENT_TOKEN,
-    payeeName: 'An ATXP Server',
-    allowHttp: process.env.NODE_ENV === 'development',
-    resource: null, // Set dynamically from the request URL
-};
-export function buildServerConfig(args) {
-    if (!args.destination) {
-        throw new Error('destination is required');
-    }
-    const withDefaults = { ...DEFAULT_CONFIG, ...args };
-    const oAuthDb = withDefaults.oAuthDb ?? new MemoryOAuthDb();
-    const oAuthClient = withDefaults.oAuthClient ?? new OAuthResourceClient({
-        db: oAuthDb,
-        allowInsecureRequests: withDefaults.allowHttp,
-        clientName: withDefaults.payeeName,
-    });
-    const logger = withDefaults.logger ?? new ConsoleLogger();
-    let paymentServer;
-    if (withDefaults.paymentServer) {
-        paymentServer = withDefaults.paymentServer;
-    }
-    else {
-        if (!withDefaults.atxpAuthClientToken) {
-            throw new Error('ATXP_AUTH_CLIENT_TOKEN is not set. If no payment server is provided, you must set ATXP_AUTH_CLIENT_TOKEN.');
-        }
-        paymentServer = new ATXPPaymentServer(withDefaults.server, withDefaults.atxpAuthClientToken, logger);
-    }
-    const built = { oAuthDb, oAuthClient, paymentServer, logger };
-    return Object.freeze({ ...withDefaults, ...built });
-}
-;
-export function atxpServer(args) {
-    const config = buildServerConfig(args);
-    const router = Router();
-    // Regular middleware
-    const atxpMiddleware = async (req, res, next) => {
-        try {
-            const logger = config.logger; // Capture logger in closure
-            const requestUrl = new URL(req.url, req.protocol + '://' + req.host);
-            logger.debug(`Handling ${req.method} ${requestUrl.toString()}`);
-            const resource = getResource(config, requestUrl);
-            const prmResponse = getPRMResponse(config, requestUrl);
-            if (sendProtectedResourceMetadata(res, prmResponse)) {
-                return;
-            }
-            // Some older clients don't use PRM and assume the MCP server is an OAuth server
-            const oAuthMetadata = await getOAuthMetadata(config, requestUrl);
-            if (sendOAuthMetadata(res, oAuthMetadata)) {
-                return;
-            }
-            const mcpRequests = await parseMcpRequests(config, requestUrl, req, req.body);
-            logger.debug(`${mcpRequests.length} MCP requests found in request`);
-            if (mcpRequests.length === 0) {
-                next();
-                return;
-            }
-            logger.debug(`Request started - ${req.method} ${req.path}`);
-            const tokenCheck = await checkToken(config, resource, req);
-            const user = tokenCheck.data?.sub ?? null;
-            // Listen for when the response is finished
-            res.on('finish', async () => {
-                logger.debug(`Request finished ${user ? `for user ${user} ` : ''}- ${req.method} ${req.path}`);
-            });
-            // Send the oauth challenge, if needed. If we do, we're done
-            if (sendOAuthChallenge(res, tokenCheck)) {
-                return;
-            }
-            return withATXPContext(config, resource, tokenCheck, next);
-        }
-        catch (error) {
-            config.logger.error(`Critical error in atxp middleware - returning HTTP 500. Error: ${error instanceof Error ? error.message : String(error)}`);
-            config.logger.debug(JSON.stringify(error, null, 2));
-            res.status(500).json({ error: 'server_error', error_description: 'An internal server error occurred' });
-        }
-    };
-    // Add middleware to the router
-    router.use(atxpMiddleware);
-    return router;
-}
-//# sourceMappingURL=atxpServer.js.map

package/dist/src/atxpServer.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"atxpServer.js","sourceRoot":"","sources":["../../src/atxpServer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,4BAA4B,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAEvH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAmC,MAAM,EAAE,MAAM,SAAS,CAAC;AAClE,OAAO,EAAE,4BAA4B,IAAI,cAAc,EAAE,6BAA6B,EAAE,MAAM,gCAAgC,CAAC;AAC/H,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAQzE,MAAM,CAAC,MAAM,cAAc,GAAkE;IAC3F,SAAS,EAAE,GAAG;IACd,QAAQ,EAAE,MAAe;IACzB,OAAO,EAAE,QAAiB;IAC1B,MAAM,EAAE,4BAA4B;IACpC,mBAAmB,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;IACvD,SAAS,EAAE,gBAAgB;IAC3B,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa;IACjD,QAAQ,EAAE,IAAI,EAAE,uCAAuC;CACxD,CAAC;AAEF,MAAM,UAAU,iBAAiB,CAAC,IAAc;IAC9C,IAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,MAAM,YAAY,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,IAAI,EAAE,CAAC;IACpD,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,IAAI,IAAI,aAAa,EAAE,CAAA;IAC3D,MAAM,WAAW,GAAG,YAAY,CAAC,WAAW,IAAI,IAAI,mBAAmB,CAAC;QACtE,EAAE,EAAE,OAAO;QACX,qBAAqB,EAAE,YAAY,CAAC,SAAS;QAC7C,UAAU,EAAE,YAAY,CAAC,SAAS;KACnC,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;IAC1D,IAAI,aAAwC,CAAC;IAC7C,IAAI,YAAY,CAAC,aAAa,EAAG,CAAC;QAChC,aAAa,GAAG,YAAY,CAAC,aAAa,CAAC;IAC7C,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,YAAY,CAAC,mBAAmB,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,2GAA2G,CAAC,CAAC;QAC/H,CAAC;QACD,aAAa,GAAG,IAAI,iBAAiB,CAAC,YAAY,CAAC,MAAM,EAAE,YAAY,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;IACvG,CAAC;IACD,MAAM,KAAK,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,EAAC,CAAC;IAC7D,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,YAAY,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC;AACtD,CAAC;AAAA,CAAC;AAEF,MAAM,UAAU,UAAU,CAAC,IAAc;IACvC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,qBAAqB;IACrB,MAAM,cAAc,GAAG,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC/E,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAE,4BAA4B;YAC3D,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,QAAQ,GAAG,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;YACrE,MAAM,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,MAAM,IAAI,UAAU,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YAEhE,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YACjD,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YACvD,IAAI,6BAA6B,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE,CAAC;gBACpD,OAAO;YACT,CAAC;YAED,gFAAgF;YAChF,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YACjE,IAAG,iBAAiB,CAAC,GAAG,EAAE,aAAa,CAAC,EAAE,CAAC;gBACzC,OAAO;YACT,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAC9E,MAAM,CAAC,KAAK,CAAC,GAAG,WAAW,CAAC,MAAM,gCAAgC,CAAC,CAAC;YAEpE,IAAG,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC5B,IAAI,EAAE,CAAC;gBACP,OAAO;YACT,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,qBAAqB,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;YAC5D,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;YAC3D,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,IAAI,IAAI,CAAC;YAE1C,2CAA2C;YAC3C,GAAG,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;gBAC1B,MAAM,CAAC,KAAK,CAAC,oBAAoB,IAAI,CAAC,CAAC,CAAC,YAAY,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;YACjG,CAAC,CAAC,CAAC;YAEH,4DAA4D;YAC5D,IAAI,kBAAkB,CAAC,GAAG,EAAE,UAAU,CAAC,EAAE,CAAC;gBACxC,OAAO;YACT,CAAC;YAED,OAAO,eAAe,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;QAC7D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,kEAAkE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAChJ,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACpD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,mCAAmC,EAAE,CAAC,CAAC;QAC1G,CAAC;IACH,CAAC,CAAC;IAEF,+BAA+B;IAC/B,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAE3B,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/src/getResource.d.ts

@@ -1,4 +0,0 @@
-import { ATXPConfig } from "./types.js";
-export declare function getPath(url: URL): string;
-export declare function getResource(config: ATXPConfig, requestUrl: URL): URL;
-//# sourceMappingURL=getResource.d.ts.map

package/dist/src/getResource.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"getResource.d.ts","sourceRoot":"","sources":["../../src/getResource.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC,wBAAgB,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM,CAGxC;AAED,wBAAgB,WAAW,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,GAAG,GAAG,CAapE"}

package/dist/src/getResource.js

@@ -1,17 +0,0 @@
-export function getPath(url) {
-    const fullPath = url.pathname.replace(/^\/$/, '');
-    return fullPath;
-}
-export function getResource(config, requestUrl) {
-    if (config.resource) {
-        return new URL(config.resource);
-    }
-    const protocol = process.env.NODE_ENV === 'development' ? requestUrl.protocol : 'https:';
-    const url = new URL(`${protocol}//${requestUrl.host}${requestUrl.pathname}`);
-    const fullPath = getPath(url);
-    // If this is a PRM path, convert it into the path for the resource this is the metadata for
-    const resourcePath = fullPath.replace('/.well-known/oauth-protected-resource', '').replace(/\/$/, '');
-    const resource = new URL(`${protocol}//${requestUrl.host}${resourcePath}`);
-    return resource;
-}
-//# sourceMappingURL=getResource.js.map

package/dist/src/getResource.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"getResource.js","sourceRoot":"","sources":["../../src/getResource.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,OAAO,CAAC,GAAQ;IAC9B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAClD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,MAAkB,EAAE,UAAe;IAC7D,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,OAAO,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;IACzF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,QAAQ,KAAK,UAAU,CAAC,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;IAE7E,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAC9B,4FAA4F;IAC5F,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,uCAAuC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAEtG,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,QAAQ,KAAK,UAAU,CAAC,IAAI,GAAG,YAAY,EAAE,CAAC,CAAC;IAC3E,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/src/http.d.ts

@@ -1,7 +0,0 @@
-import { IncomingMessage } from "node:http";
-import { JSONRPCRequest } from "@modelcontextprotocol/sdk/types.js";
-import { ATXPConfig } from "./types.js";
-import { Logger } from "@longrun/atxp-common";
-export declare function parseMcpRequests(config: ATXPConfig, requestUrl: URL, req: IncomingMessage, parsedBody?: unknown): Promise<JSONRPCRequest[]>;
-export declare function parseBody(req: IncomingMessage, logger: Logger): Promise<unknown>;
-//# sourceMappingURL=http.d.ts.map

package/dist/src/http.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../src/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAG5C,OAAO,EAAE,cAAc,EAAoB,MAAM,oCAAoC,CAAC;AACtF,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAoB,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAQhE,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,UAAU,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,CA0BjJ;AAED,wBAAsB,SAAS,CAAC,GAAG,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAmBtF"}

package/dist/src/http.js

@@ -1,51 +0,0 @@
-import getRawBody from "raw-body";
-import contentType from "content-type";
-import { isJSONRPCRequest } from "@modelcontextprotocol/sdk/types.js";
-import { parseMcpMessages } from "@longrun/atxp-common";
-// Useful reference for dealing with low-level http requests:
-// https://github.com/modelcontextprotocol/typescript-sdk/blob/c6ac083b1b37b222b5bfba5563822daa5d03372e/src/server/streamableHttp.ts#L375
-// Using the same value as MCP SDK
-const MAXIMUM_MESSAGE_SIZE = "4mb";
-export async function parseMcpRequests(config, requestUrl, req, parsedBody) {
-    if (!req.method) {
-        return [];
-    }
-    if (req.method.toLowerCase() !== 'post') {
-        return [];
-    }
-    // The middleware has to be mounted at the root to serve the protected resource metadata,
-    // but the actual MCP server it's controlling is specified by the mountPath.
-    const path = requestUrl.pathname.replace(/\/$/, '');
-    const mountPath = config.mountPath.replace(/\/$/, '');
-    if (path !== mountPath && path !== `${mountPath}/message`) {
-        config.logger.debug(`Request path (${path}) does not match the mountPath (${mountPath}), skipping MCP middleware`);
-        return [];
-    }
-    parsedBody = parsedBody ?? await parseBody(req, config.logger);
-    const messages = await parseMcpMessages(parsedBody, config.logger);
-    const requests = messages.filter(msg => isJSONRPCRequest(msg));
-    if (requests.length !== messages.length) {
-        config.logger.debug(`Dropped ${messages.length - requests.length} MCP messages that were not MCP requests`);
-    }
-    return requests;
-}
-export async function parseBody(req, logger) {
-    try {
-        const ct = req.headers["content-type"];
-        let encoding = "utf-8";
-        if (ct) {
-            const parsedCt = contentType.parse(ct);
-            encoding = parsedCt.parameters.charset ?? "utf-8";
-        }
-        const body = await getRawBody(req, {
-            limit: MAXIMUM_MESSAGE_SIZE,
-            encoding,
-        });
-        return JSON.parse(body.toString());
-    }
-    catch (error) {
-        logger.error(error.message);
-        return undefined;
-    }
-}
-//# sourceMappingURL=http.js.map

package/dist/src/http.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/http.ts"],"names":[],"mappings":"AACA,OAAO,UAAU,MAAM,UAAU,CAAC;AAClC,OAAO,WAAW,MAAM,cAAc,CAAC;AACvC,OAAO,EAAkB,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AAEtF,OAAO,EAAE,gBAAgB,EAAU,MAAM,sBAAsB,CAAC;AAEhE,6DAA6D;AAC7D,yIAAyI;AAEzI,kCAAkC;AAClC,MAAM,oBAAoB,GAAG,KAAK,CAAC;AAEnC,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,MAAkB,EAAE,UAAe,EAAE,GAAoB,EAAE,UAAoB;IACpH,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;QAChB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;QACxC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,yFAAyF;IACzF,4EAA4E;IAC5E,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtD,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,GAAG,SAAS,UAAU,EAAE,CAAC;QAC1D,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,IAAI,mCAAmC,SAAS,4BAA4B,CAAC,CAAC;QACnH,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,UAAU,GAAG,UAAU,IAAI,MAAM,SAAS,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAEnE,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/D,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,QAAQ,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,0CAA0C,CAAC,CAAC;IAC9G,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,GAAoB,EAAE,MAAc;IAClE,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAEvC,IAAI,QAAQ,GAAG,OAAO,CAAC;QACvB,IAAI,EAAE,EAAE,CAAC;YACP,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACvC,QAAQ,GAAG,QAAQ,CAAC,UAAU,CAAC,OAAO,IAAI,OAAO,CAAC;QACpD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE;YACjC,KAAK,EAAE,oBAAoB;YAC3B,QAAQ;SACT,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAE,KAAe,CAAC,OAAO,CAAC,CAAC;QACvC,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC"}

package/dist/src/index.d.ts

@@ -1,5 +0,0 @@
-export * from './atxpServer.js';
-export * from './types.js';
-export * from './atxpContext.js';
-export * from './requirePayment.js';
-//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC;AAC3B,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC"}

package/dist/src/index.js

@@ -1,5 +0,0 @@
-export * from './atxpServer.js';
-export * from './types.js';
-export * from './atxpContext.js';
-export * from './requirePayment.js';
-//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC;AAC3B,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC"}

package/dist/src/oAuthChallenge.d.ts

@@ -1,4 +0,0 @@
-import { ServerResponse } from "http";
-import { TokenCheck } from "./types.js";
-export declare function sendOAuthChallenge(res: ServerResponse, tokenCheck: TokenCheck): boolean;
-//# sourceMappingURL=oAuthChallenge.d.ts.map

package/dist/src/oAuthChallenge.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"oAuthChallenge.d.ts","sourceRoot":"","sources":["../../src/oAuthChallenge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AACtC,OAAO,EAAE,UAAU,EAAgB,MAAM,YAAY,CAAC;AAGtD,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,cAAc,EAAE,UAAU,EAAE,UAAU,GAAG,OAAO,CAsCvF"}

package/dist/src/oAuthChallenge.js

@@ -1,39 +0,0 @@
-import { TokenProblem } from "./types.js";
-import { assertNever } from "@longrun/atxp-common";
-export function sendOAuthChallenge(res, tokenCheck) {
-    if (tokenCheck.passes) {
-        return false;
-    }
-    let status = 401;
-    let body = {};
-    // https://datatracker.ietf.org/doc/html/rfc6750#section-3.1
-    switch (tokenCheck.problem) {
-        case TokenProblem.NO_TOKEN:
-            break;
-        case TokenProblem.NON_BEARER_AUTH_HEADER:
-            status = 400;
-            body = { error: 'invalid_request', error_description: 'Authorization header did not include a Bearer token' };
-            break;
-        case TokenProblem.INVALID_TOKEN:
-            body = { error: 'invalid_token', error_description: 'Token is not active' };
-            break;
-        case TokenProblem.INVALID_AUDIENCE:
-            body = { error: 'invalid_token', error_description: 'Token is does not match the expected audience' };
-            break;
-        case TokenProblem.NON_SUFFICIENT_FUNDS:
-            status = 403;
-            body = { error: 'insufficient_scope', error_description: 'Non sufficient funds' };
-            break;
-        case TokenProblem.INTROSPECT_ERROR:
-            status = 502;
-            body = { error: 'server_error', error_description: 'An internal server error occurred' };
-            break;
-        default:
-            assertNever(tokenCheck.problem);
-    }
-    res.setHeader('WWW-Authenticate', `Bearer resource_metadata="${tokenCheck.resourceMetadataUrl}"`);
-    res.writeHead(status);
-    res.end(JSON.stringify(body));
-    return true;
-}
-//# sourceMappingURL=oAuthChallenge.js.map

package/dist/src/oAuthChallenge.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"oAuthChallenge.js","sourceRoot":"","sources":["../../src/oAuthChallenge.ts"],"names":[],"mappings":"AACA,OAAO,EAAc,YAAY,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD,MAAM,UAAU,kBAAkB,CAAC,GAAmB,EAAE,UAAsB;IAC5E,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,MAAM,GAAG,GAAG,CAAC;IACjB,IAAI,IAAI,GAAkE,EAAE,CAAC;IAC7E,4DAA4D;IAC5D,QAAQ,UAAU,CAAC,OAAO,EAAE,CAAC;QAC3B,KAAK,YAAY,CAAC,QAAQ;YACxB,MAAM;QACR,KAAK,YAAY,CAAC,sBAAsB;YACtC,MAAM,GAAG,GAAG,CAAC;YACb,IAAI,GAAG,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,qDAAqD,EAAE,CAAC;YAC9G,MAAM;QACR,KAAK,YAAY,CAAC,aAAa;YAC7B,IAAI,GAAG,EAAE,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,CAAC;YAC5E,MAAM;QACR,KAAK,YAAY,CAAC,gBAAgB;YAChC,IAAI,GAAG,EAAE,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,+CAA+C,EAAE,CAAC;YACtG,MAAM;QACR,KAAK,YAAY,CAAC,oBAAoB;YACpC,MAAM,GAAG,GAAG,CAAC;YACb,IAAI,GAAG,EAAE,KAAK,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,CAAC;YAClF,MAAM;QACR,KAAK,YAAY,CAAC,gBAAgB;YAChC,MAAM,GAAG,GAAG,CAAC;YACb,IAAI,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,mCAAmC,EAAE,CAAC;YACzF,MAAM;QACR;YACE,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IAED,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,6BAA6B,UAAU,CAAC,mBAAmB,GAAG,CAAC,CAAC;IAClG,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACtB,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAE9B,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/src/oAuthMetadata.d.ts

@@ -1,6 +0,0 @@
-import { ATXPConfig } from "./types.js";
-import * as oauth from 'oauth4webapi';
-import { ServerResponse } from "http";
-export declare function sendOAuthMetadata(res: ServerResponse, metadata: oauth.AuthorizationServer | null): boolean;
-export declare function getOAuthMetadata(config: ATXPConfig, requestUrl: URL): Promise<oauth.AuthorizationServer | null>;
-//# sourceMappingURL=oAuthMetadata.d.ts.map

package/dist/src/oAuthMetadata.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"oAuthMetadata.d.ts","sourceRoot":"","sources":["../../src/oAuthMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,KAAK,KAAK,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAGtC,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,EAAE,KAAK,CAAC,mBAAmB,GAAG,IAAI,GAAG,OAAO,CAQ1G;AAED,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAyBrH"}

package/dist/src/oAuthMetadata.js

@@ -1,41 +0,0 @@
-import { getPath } from "./getResource.js";
-export function sendOAuthMetadata(res, metadata) {
-    if (!metadata) {
-        return false;
-    }
-    res.setHeader('Content-Type', 'application/json');
-    res.writeHead(200);
-    res.end(JSON.stringify(metadata));
-    return true;
-}
-export async function getOAuthMetadata(config, requestUrl) {
-    if (isOAuthMetadataRequest(config, requestUrl)) {
-        try {
-            const authServer = await config.oAuthClient.authorizationServerFromUrl(new URL(config.server));
-            return {
-                issuer: config.server,
-                authorization_endpoint: authServer.authorization_endpoint,
-                response_types_supported: authServer.response_types_supported,
-                grant_types_supported: authServer.grant_types_supported,
-                token_endpoint: authServer.token_endpoint,
-                token_endpoint_auth_methods_supported: authServer.token_endpoint_auth_methods_supported,
-                registration_endpoint: authServer.registration_endpoint,
-                revocation_endpoint: authServer.revocation_endpoint,
-                introspection_endpoint: authServer.introspection_endpoint,
-                introspection_endpoint_auth_methods_supported: authServer.introspection_endpoint_auth_methods_supported,
-                code_challenge_methods_supported: authServer.code_challenge_methods_supported,
-                scopes_supported: authServer.scopes_supported
-            };
-        }
-        catch (error) {
-            config.logger.error(`Error fetching authorization server configuration from ${config.server}: ${error}`);
-            throw error;
-        }
-    }
-    return null;
-}
-function isOAuthMetadataRequest(config, requestUrl) {
-    const path = getPath(requestUrl).replace(/\/$/, '');
-    return path === '/.well-known/oauth-authorization-server';
-}
-//# sourceMappingURL=oAuthMetadata.js.map

package/dist/src/oAuthMetadata.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"oAuthMetadata.js","sourceRoot":"","sources":["../../src/oAuthMetadata.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAE3C,MAAM,UAAU,iBAAiB,CAAC,GAAmB,EAAE,QAA0C;IAC/F,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;IACD,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IAClD,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACnB,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,MAAkB,EAAE,UAAe;IACxE,IAAI,sBAAsB,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,0BAA0B,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YAE/F,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,sBAAsB,EAAE,UAAU,CAAC,sBAAsB;gBACzD,wBAAwB,EAAE,UAAU,CAAC,wBAAwB;gBAC7D,qBAAqB,EAAE,UAAU,CAAC,qBAAqB;gBACvD,cAAc,EAAE,UAAU,CAAC,cAAc;gBACzC,qCAAqC,EAAE,UAAU,CAAC,qCAAqC;gBACvF,qBAAqB,EAAE,UAAU,CAAC,qBAAqB;gBACvD,mBAAmB,EAAE,UAAU,CAAC,mBAAmB;gBACnD,sBAAsB,EAAE,UAAU,CAAC,sBAAsB;gBACzD,6CAA6C,EAAE,UAAU,CAAC,6CAA6C;gBACvG,gCAAgC,EAAE,UAAU,CAAC,gCAAgC;gBAC7E,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;aAC9C,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,0DAA0D,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC,CAAC;YACzG,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,sBAAsB,CAAC,MAAkB,EAAE,UAAe;IACjE,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACpD,OAAO,IAAI,KAAK,yCAAyC,CAAC;AAC5D,CAAC"}

package/dist/src/paymentServer.d.ts

@@ -1,68 +0,0 @@
-import { PaymentServer, ChargeResponse } from "./types.js";
-import { Network, Currency, AuthorizationServerUrl, FetchLike, Logger } from "@longrun/atxp-common";
-import BigNumber from "bignumber.js";
-/**
- * ATXP Payment Server implementation
- *
- * This class handles payment operations with the ATXP authorization server.
- *
- * **Required Environment Variable:**
- * - `ATXP_AUTH_CLIENT_TOKEN`: Authentication token for the ATXP authorization server.
- *   This token is used to authenticate API calls to the ATXP server for payment operations.
- *   Must be set when using this class, otherwise an error will be thrown.
- *
- * @example
- * ```typescript
- * // Ensure ATXP_AUTH_CLIENT_TOKEN is set in your environment
- * const paymentServer = new ATXPPaymentServer(
- *   'https://auth.atxp.ai',
- *   oAuthDb,
- *   logger
- * );
- * ```
- */
-export declare class ATXPPaymentServer implements PaymentServer {
-    private readonly server;
-    private readonly authCredentials;
-    private readonly logger;
-    private readonly fetchFn;
-    constructor(server: AuthorizationServerUrl, authCredentials: string, logger: Logger, fetchFn?: FetchLike);
-    charge: ({ source, destination, network, currency, amount }: {
-        source: string;
-        destination: string;
-        network: Network;
-        currency: Currency;
-        amount: BigNumber;
-    }) => Promise<ChargeResponse>;
-    createPaymentRequest: ({ source, destination, network, currency, amount }: {
-        source: string;
-        destination: string;
-        network: Network;
-        currency: Currency;
-        amount: BigNumber;
-    }) => Promise<string>;
-    /**
-     * Makes authenticated requests to the ATXP authorization server
-     *
-     * This method automatically includes the `ATXP_AUTH_CLIENT_TOKEN` from environment variables
-     * in the Authorization header for all requests.
-     *
-     * @param method - HTTP method ('GET' or 'POST')
-     * @param path - API endpoint path
-     * @param body - Request body (for POST requests)
-     * @returns Promise<Response> - The HTTP response from the server
-     * @throws {Error} When `ATXP_AUTH_CLIENT_TOKEN` environment variable is not set
-     *
-     * @example
-     * ```typescript
-     * // Ensure ATXP_AUTH_CLIENT_TOKEN is set in your environment
-     * const response = await paymentServer.makeRequest('POST', '/charge', {
-     *   source: 'user123',
-     *   destination: 'merchant456',
-     *   amount: new BigNumber('0.01')
-     * });
-     * ```
-     */
-    protected makeRequest: (method: "GET" | "POST", path: string, body: unknown) => Promise<Response>;
-}
-//# sourceMappingURL=paymentServer.d.ts.map

package/dist/src/paymentServer.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"paymentServer.d.ts","sourceRoot":"","sources":["../../src/paymentServer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC3D,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,sBAAsB,EAAE,SAAS,EAAE,MAAM,EAAsB,MAAM,sBAAsB,CAAC;AACxH,OAAO,SAAS,MAAM,cAAc,CAAC;AAErC;;;;;;;;;;;;;;;;;;;GAmBG;AACH,qBAAa,iBAAkB,YAAW,aAAa;IAEnD,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,OAAO;gBAHP,MAAM,EAAE,sBAAsB,EAC9B,eAAe,EAAE,MAAM,EACvB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,SAAiB;IAM7C,MAAM,GAAS,oDACb;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,QAAQ,CAAC;QAAC,MAAM,EAAE,SAAS,CAAA;KAAC,KAAG,OAAO,CAAC,cAAc,CAAC,CAczH;IAED,oBAAoB,GAAS,oDAC3B;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,QAAQ,CAAC;QAAC,MAAM,EAAE,SAAS,CAAA;KAAC,KAAG,OAAO,CAAC,MAAM,CAAC,CAajH;IAED;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,SAAS,CAAC,WAAW,GAAS,QAAQ,KAAK,GAAG,MAAM,EAAE,MAAM,MAAM,EAAE,MAAM,OAAO,KAAG,OAAO,CAAC,QAAQ,CAAC,CAWpG;CACF"}

package/dist/src/paymentServer.js

@@ -1,97 +0,0 @@
-/**
- * ATXP Payment Server implementation
- *
- * This class handles payment operations with the ATXP authorization server.
- *
- * **Required Environment Variable:**
- * - `ATXP_AUTH_CLIENT_TOKEN`: Authentication token for the ATXP authorization server.
- *   This token is used to authenticate API calls to the ATXP server for payment operations.
- *   Must be set when using this class, otherwise an error will be thrown.
- *
- * @example
- * ```typescript
- * // Ensure ATXP_AUTH_CLIENT_TOKEN is set in your environment
- * const paymentServer = new ATXPPaymentServer(
- *   'https://auth.atxp.ai',
- *   oAuthDb,
- *   logger
- * );
- * ```
- */
-export class ATXPPaymentServer {
-    constructor(server, authCredentials, logger, fetchFn = fetch) {
-        this.server = server;
-        this.authCredentials = authCredentials;
-        this.logger = logger;
-        this.fetchFn = fetchFn;
-        this.charge = async ({ source, destination, network, currency, amount }) => {
-            const body = { source, destination, network, currency, amount };
-            const chargeResponse = await this.makeRequest('POST', '/charge', body);
-            const json = await chargeResponse.json();
-            if (chargeResponse.status === 200) {
-                return { success: true, requiredPayment: null };
-            }
-            else if (chargeResponse.status === 402) {
-                return { success: false, requiredPayment: json };
-            }
-            else {
-                const msg = `Unexpected status code ${chargeResponse.status} from payment server POST /charge endpoint`;
-                this.logger.warn(msg);
-                this.logger.debug(`Response body: ${JSON.stringify(json)}`);
-                throw new Error(msg);
-            }
-        };
-        this.createPaymentRequest = async ({ source, destination, network, currency, amount }) => {
-            const body = { source, destination, network, currency, amount };
-            const response = await this.makeRequest('POST', '/payment-request', body);
-            const json = await response.json();
-            if (response.status !== 200) {
-                this.logger.warn(`POST /payment-request responded with unexpected HTTP status ${response.status}`);
-                this.logger.debug(`Response body: ${JSON.stringify(json)}`);
-                throw new Error(`POST /payment-request responded with unexpected HTTP status ${response.status}`);
-            }
-            if (!json.id) {
-                throw new Error(`POST /payment-request response did not contain an id`);
-            }
-            return json.id;
-        };
-        /**
-         * Makes authenticated requests to the ATXP authorization server
-         *
-         * This method automatically includes the `ATXP_AUTH_CLIENT_TOKEN` from environment variables
-         * in the Authorization header for all requests.
-         *
-         * @param method - HTTP method ('GET' or 'POST')
-         * @param path - API endpoint path
-         * @param body - Request body (for POST requests)
-         * @returns Promise<Response> - The HTTP response from the server
-         * @throws {Error} When `ATXP_AUTH_CLIENT_TOKEN` environment variable is not set
-         *
-         * @example
-         * ```typescript
-         * // Ensure ATXP_AUTH_CLIENT_TOKEN is set in your environment
-         * const response = await paymentServer.makeRequest('POST', '/charge', {
-         *   source: 'user123',
-         *   destination: 'merchant456',
-         *   amount: new BigNumber('0.01')
-         * });
-         * ```
-         */
-        this.makeRequest = async (method, path, body) => {
-            const url = new URL(path, this.server);
-            const response = await this.fetchFn(url, {
-                method,
-                headers: {
-                    'Authorization': `Bearer ${this.authCredentials}`,
-                    'Content-Type': 'application/json'
-                },
-                body: JSON.stringify(body)
-            });
-            return response;
-        };
-        if (!authCredentials || authCredentials.trim() === '') {
-            throw new Error('Auth credentials are required');
-        }
-    }
-}
-//# sourceMappingURL=paymentServer.js.map

package/dist/src/paymentServer.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"paymentServer.js","sourceRoot":"","sources":["../../src/paymentServer.ts"],"names":[],"mappings":"AAIA;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,OAAO,iBAAiB;IAC5B,YACmB,MAA8B,EAC9B,eAAuB,EACvB,MAAc,EACd,UAAqB,KAAK;QAH1B,WAAM,GAAN,MAAM,CAAwB;QAC9B,oBAAe,GAAf,eAAe,CAAQ;QACvB,WAAM,GAAN,MAAM,CAAQ;QACd,YAAO,GAAP,OAAO,CAAmB;QAM7C,WAAM,GAAG,KAAK,EAAC,EAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EACkC,EAA2B,EAAE;YAC3H,MAAM,IAAI,GAAG,EAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAC,CAAC;YAC9D,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;YACvE,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,IAAI,EAA+B,CAAC;YACtE,IAAI,cAAc,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAClC,OAAO,EAAC,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAC,CAAC;YAChD,CAAC;iBAAM,IAAI,cAAc,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACzC,OAAO,EAAC,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,IAAI,EAAC,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,GAAG,0BAA0B,cAAc,CAAC,MAAM,4CAA4C,CAAC;gBACxG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACtB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC5D,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC;QACH,CAAC,CAAA;QAED,yBAAoB,GAAG,KAAK,EAAC,EAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EACoB,EAAmB,EAAE;YACnH,MAAM,IAAI,GAAG,EAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,kBAAkB,EAAE,IAAI,CAAC,CAAC;YAC1E,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAmB,CAAC;YACpD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+DAA+D,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;gBACnG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC5D,MAAM,IAAI,KAAK,CAAC,+DAA+D,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACpG,CAAC;YACD,IAAG,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;YAC1E,CAAC;YACD,OAAO,IAAI,CAAC,EAAE,CAAC;QACjB,CAAC,CAAA;QAED;;;;;;;;;;;;;;;;;;;;;WAqBG;QACO,gBAAW,GAAG,KAAK,EAAC,MAAsB,EAAE,IAAY,EAAE,IAAa,EAAqB,EAAE;YACtG,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YACvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE;gBACvC,MAAM;gBACN,OAAO,EAAE;oBACP,eAAe,EAAE,UAAU,IAAI,CAAC,eAAe,EAAE;oBACjD,cAAc,EAAE,kBAAkB;iBACnC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;aAC3B,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC;QAClB,CAAC,CAAA;QAvEC,IAAI,CAAC,eAAe,IAAI,eAAe,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;CAqEF"}

package/dist/src/protectedResourceMetadata.d.ts

@@ -1,5 +0,0 @@
-import { ATXPConfig, ProtectedResourceMetadata } from "./types.js";
-import { ServerResponse } from "http";
-export declare function sendProtectedResourceMetadata(res: ServerResponse, metadata: ProtectedResourceMetadata | null): boolean;
-export declare function getProtectedResourceMetadata(config: ATXPConfig, requestUrl: URL): ProtectedResourceMetadata | null;
-//# sourceMappingURL=protectedResourceMetadata.d.ts.map

package/dist/src/protectedResourceMetadata.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"protectedResourceMetadata.d.ts","sourceRoot":"","sources":["../../src/protectedResourceMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAGtC,wBAAgB,6BAA6B,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,EAAE,yBAAyB,GAAG,IAAI,GAAG,OAAO,CAQtH;AAED,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,GAAG,yBAAyB,GAAG,IAAI,CAYlH"}