@atxp/server 0.2.5

package/dist/src/http.js

@@ -0,0 +1,51 @@
+import getRawBody from "raw-body";
+import contentType from "content-type";
+import { isJSONRPCRequest } from "@modelcontextprotocol/sdk/types.js";
+import { parseMcpMessages } from "@longrun/atxp-common";
+// Useful reference for dealing with low-level http requests:
+// https://github.com/modelcontextprotocol/typescript-sdk/blob/c6ac083b1b37b222b5bfba5563822daa5d03372e/src/server/streamableHttp.ts#L375
+// Using the same value as MCP SDK
+const MAXIMUM_MESSAGE_SIZE = "4mb";
+export async function parseMcpRequests(config, requestUrl, req, parsedBody) {
+    if (!req.method) {
+        return [];
+    }
+    if (req.method.toLowerCase() !== 'post') {
+        return [];
+    }
+    // The middleware has to be mounted at the root to serve the protected resource metadata,
+    // but the actual MCP server it's controlling is specified by the mountPath.
+    const path = requestUrl.pathname.replace(/\/$/, '');
+    const mountPath = config.mountPath.replace(/\/$/, '');
+    if (path !== mountPath && path !== `${mountPath}/message`) {
+        config.logger.debug(`Request path (${path}) does not match the mountPath (${mountPath}), skipping MCP middleware`);
+        return [];
+    }
+    parsedBody = parsedBody ?? await parseBody(req, config.logger);
+    const messages = await parseMcpMessages(parsedBody, config.logger);
+    const requests = messages.filter(msg => isJSONRPCRequest(msg));
+    if (requests.length !== messages.length) {
+        config.logger.debug(`Dropped ${messages.length - requests.length} MCP messages that were not MCP requests`);
+    }
+    return requests;
+}
+export async function parseBody(req, logger) {
+    try {
+        const ct = req.headers["content-type"];
+        let encoding = "utf-8";
+        if (ct) {
+            const parsedCt = contentType.parse(ct);
+            encoding = parsedCt.parameters.charset ?? "utf-8";
+        }
+        const body = await getRawBody(req, {
+            limit: MAXIMUM_MESSAGE_SIZE,
+            encoding,
+        });
+        return JSON.parse(body.toString());
+    }
+    catch (error) {
+        logger.error(error.message);
+        return undefined;
+    }
+}
+//# sourceMappingURL=http.js.map

package/dist/src/http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/http.ts"],"names":[],"mappings":"AACA,OAAO,UAAU,MAAM,UAAU,CAAC;AAClC,OAAO,WAAW,MAAM,cAAc,CAAC;AACvC,OAAO,EAAkB,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AAEtF,OAAO,EAAE,gBAAgB,EAAU,MAAM,sBAAsB,CAAC;AAEhE,6DAA6D;AAC7D,yIAAyI;AAEzI,kCAAkC;AAClC,MAAM,oBAAoB,GAAG,KAAK,CAAC;AAEnC,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,MAAkB,EAAE,UAAe,EAAE,GAAoB,EAAE,UAAoB;IACpH,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;QAChB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;QACxC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,yFAAyF;IACzF,4EAA4E;IAC5E,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtD,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,GAAG,SAAS,UAAU,EAAE,CAAC;QAC1D,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,IAAI,mCAAmC,SAAS,4BAA4B,CAAC,CAAC;QACnH,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,UAAU,GAAG,UAAU,IAAI,MAAM,SAAS,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAEnE,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/D,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,QAAQ,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,0CAA0C,CAAC,CAAC;IAC9G,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,GAAoB,EAAE,MAAc;IAClE,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAEvC,IAAI,QAAQ,GAAG,OAAO,CAAC;QACvB,IAAI,EAAE,EAAE,CAAC;YACP,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACvC,QAAQ,GAAG,QAAQ,CAAC,UAAU,CAAC,OAAO,IAAI,OAAO,CAAC;QACpD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE;YACjC,KAAK,EAAE,oBAAoB;YAC3B,QAAQ;SACT,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAE,KAAe,CAAC,OAAO,CAAC,CAAC;QACvC,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC"}

package/dist/src/index.d.ts

@@ -0,0 +1,5 @@
+export * from './atxpServer.js';
+export * from './types.js';
+export * from './atxpContext.js';
+export * from './requirePayment.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC;AAC3B,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC"}

package/dist/src/index.js

@@ -0,0 +1,5 @@
+export * from './atxpServer.js';
+export * from './types.js';
+export * from './atxpContext.js';
+export * from './requirePayment.js';
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC;AAC3B,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC"}

package/dist/src/oAuthChallenge.d.ts

@@ -0,0 +1,4 @@
+import { ServerResponse } from "http";
+import { TokenCheck } from "./types.js";
+export declare function sendOAuthChallenge(res: ServerResponse, tokenCheck: TokenCheck): boolean;
+//# sourceMappingURL=oAuthChallenge.d.ts.map

package/dist/src/oAuthChallenge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oAuthChallenge.d.ts","sourceRoot":"","sources":["../../src/oAuthChallenge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AACtC,OAAO,EAAE,UAAU,EAAgB,MAAM,YAAY,CAAC;AAGtD,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,cAAc,EAAE,UAAU,EAAE,UAAU,GAAG,OAAO,CAsCvF"}

package/dist/src/oAuthChallenge.js

@@ -0,0 +1,39 @@
+import { TokenProblem } from "./types.js";
+import { assertNever } from "@longrun/atxp-common";
+export function sendOAuthChallenge(res, tokenCheck) {
+    if (tokenCheck.passes) {
+        return false;
+    }
+    let status = 401;
+    let body = {};
+    // https://datatracker.ietf.org/doc/html/rfc6750#section-3.1
+    switch (tokenCheck.problem) {
+        case TokenProblem.NO_TOKEN:
+            break;
+        case TokenProblem.NON_BEARER_AUTH_HEADER:
+            status = 400;
+            body = { error: 'invalid_request', error_description: 'Authorization header did not include a Bearer token' };
+            break;
+        case TokenProblem.INVALID_TOKEN:
+            body = { error: 'invalid_token', error_description: 'Token is not active' };
+            break;
+        case TokenProblem.INVALID_AUDIENCE:
+            body = { error: 'invalid_token', error_description: 'Token is does not match the expected audience' };
+            break;
+        case TokenProblem.NON_SUFFICIENT_FUNDS:
+            status = 403;
+            body = { error: 'insufficient_scope', error_description: 'Non sufficient funds' };
+            break;
+        case TokenProblem.INTROSPECT_ERROR:
+            status = 502;
+            body = { error: 'server_error', error_description: 'An internal server error occurred' };
+            break;
+        default:
+            assertNever(tokenCheck.problem);
+    }
+    res.setHeader('WWW-Authenticate', `Bearer resource_metadata="${tokenCheck.resourceMetadataUrl}"`);
+    res.writeHead(status);
+    res.end(JSON.stringify(body));
+    return true;
+}
+//# sourceMappingURL=oAuthChallenge.js.map

package/dist/src/oAuthChallenge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oAuthChallenge.js","sourceRoot":"","sources":["../../src/oAuthChallenge.ts"],"names":[],"mappings":"AACA,OAAO,EAAc,YAAY,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD,MAAM,UAAU,kBAAkB,CAAC,GAAmB,EAAE,UAAsB;IAC5E,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,MAAM,GAAG,GAAG,CAAC;IACjB,IAAI,IAAI,GAAkE,EAAE,CAAC;IAC7E,4DAA4D;IAC5D,QAAQ,UAAU,CAAC,OAAO,EAAE,CAAC;QAC3B,KAAK,YAAY,CAAC,QAAQ;YACxB,MAAM;QACR,KAAK,YAAY,CAAC,sBAAsB;YACtC,MAAM,GAAG,GAAG,CAAC;YACb,IAAI,GAAG,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,qDAAqD,EAAE,CAAC;YAC9G,MAAM;QACR,KAAK,YAAY,CAAC,aAAa;YAC7B,IAAI,GAAG,EAAE,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,CAAC;YAC5E,MAAM;QACR,KAAK,YAAY,CAAC,gBAAgB;YAChC,IAAI,GAAG,EAAE,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,+CAA+C,EAAE,CAAC;YACtG,MAAM;QACR,KAAK,YAAY,CAAC,oBAAoB;YACpC,MAAM,GAAG,GAAG,CAAC;YACb,IAAI,GAAG,EAAE,KAAK,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,CAAC;YAClF,MAAM;QACR,KAAK,YAAY,CAAC,gBAAgB;YAChC,MAAM,GAAG,GAAG,CAAC;YACb,IAAI,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,mCAAmC,EAAE,CAAC;YACzF,MAAM;QACR;YACE,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IAED,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,6BAA6B,UAAU,CAAC,mBAAmB,GAAG,CAAC,CAAC;IAClG,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACtB,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAE9B,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/src/oAuthMetadata.d.ts

@@ -0,0 +1,6 @@
+import { ATXPConfig } from "./types.js";
+import * as oauth from 'oauth4webapi';
+import { ServerResponse } from "http";
+export declare function sendOAuthMetadata(res: ServerResponse, metadata: oauth.AuthorizationServer | null): boolean;
+export declare function getOAuthMetadata(config: ATXPConfig, requestUrl: URL): Promise<oauth.AuthorizationServer | null>;
+//# sourceMappingURL=oAuthMetadata.d.ts.map

package/dist/src/oAuthMetadata.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oAuthMetadata.d.ts","sourceRoot":"","sources":["../../src/oAuthMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,KAAK,KAAK,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAGtC,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,EAAE,KAAK,CAAC,mBAAmB,GAAG,IAAI,GAAG,OAAO,CAQ1G;AAED,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAyBrH"}

package/dist/src/oAuthMetadata.js

@@ -0,0 +1,41 @@
+import { getPath } from "./getResource.js";
+export function sendOAuthMetadata(res, metadata) {
+    if (!metadata) {
+        return false;
+    }
+    res.setHeader('Content-Type', 'application/json');
+    res.writeHead(200);
+    res.end(JSON.stringify(metadata));
+    return true;
+}
+export async function getOAuthMetadata(config, requestUrl) {
+    if (isOAuthMetadataRequest(config, requestUrl)) {
+        try {
+            const authServer = await config.oAuthClient.authorizationServerFromUrl(new URL(config.server));
+            return {
+                issuer: config.server,
+                authorization_endpoint: authServer.authorization_endpoint,
+                response_types_supported: authServer.response_types_supported,
+                grant_types_supported: authServer.grant_types_supported,
+                token_endpoint: authServer.token_endpoint,
+                token_endpoint_auth_methods_supported: authServer.token_endpoint_auth_methods_supported,
+                registration_endpoint: authServer.registration_endpoint,
+                revocation_endpoint: authServer.revocation_endpoint,
+                introspection_endpoint: authServer.introspection_endpoint,
+                introspection_endpoint_auth_methods_supported: authServer.introspection_endpoint_auth_methods_supported,
+                code_challenge_methods_supported: authServer.code_challenge_methods_supported,
+                scopes_supported: authServer.scopes_supported
+            };
+        }
+        catch (error) {
+            config.logger.error(`Error fetching authorization server configuration from ${config.server}: ${error}`);
+            throw error;
+        }
+    }
+    return null;
+}
+function isOAuthMetadataRequest(config, requestUrl) {
+    const path = getPath(requestUrl).replace(/\/$/, '');
+    return path === '/.well-known/oauth-authorization-server';
+}
+//# sourceMappingURL=oAuthMetadata.js.map

package/dist/src/oAuthMetadata.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oAuthMetadata.js","sourceRoot":"","sources":["../../src/oAuthMetadata.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAE3C,MAAM,UAAU,iBAAiB,CAAC,GAAmB,EAAE,QAA0C;IAC/F,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;IACD,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IAClD,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACnB,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,MAAkB,EAAE,UAAe;IACxE,IAAI,sBAAsB,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,0BAA0B,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YAE/F,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,sBAAsB,EAAE,UAAU,CAAC,sBAAsB;gBACzD,wBAAwB,EAAE,UAAU,CAAC,wBAAwB;gBAC7D,qBAAqB,EAAE,UAAU,CAAC,qBAAqB;gBACvD,cAAc,EAAE,UAAU,CAAC,cAAc;gBACzC,qCAAqC,EAAE,UAAU,CAAC,qCAAqC;gBACvF,qBAAqB,EAAE,UAAU,CAAC,qBAAqB;gBACvD,mBAAmB,EAAE,UAAU,CAAC,mBAAmB;gBACnD,sBAAsB,EAAE,UAAU,CAAC,sBAAsB;gBACzD,6CAA6C,EAAE,UAAU,CAAC,6CAA6C;gBACvG,gCAAgC,EAAE,UAAU,CAAC,gCAAgC;gBAC7E,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;aAC9C,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,0DAA0D,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC,CAAC;YACzG,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,sBAAsB,CAAC,MAAkB,EAAE,UAAe;IACjE,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACpD,OAAO,IAAI,KAAK,yCAAyC,CAAC;AAC5D,CAAC"}

package/dist/src/paymentServer.d.ts

@@ -0,0 +1,68 @@
+import { PaymentServer, ChargeResponse } from "./types.js";
+import { Network, Currency, AuthorizationServerUrl, FetchLike, Logger } from "@longrun/atxp-common";
+import BigNumber from "bignumber.js";
+/**
+ * ATXP Payment Server implementation
+ *
+ * This class handles payment operations with the ATXP authorization server.
+ *
+ * **Required Environment Variable:**
+ * - `ATXP_AUTH_CLIENT_TOKEN`: Authentication token for the ATXP authorization server.
+ *   This token is used to authenticate API calls to the ATXP server for payment operations.
+ *   Must be set when using this class, otherwise an error will be thrown.
+ *
+ * @example
+ * ```typescript
+ * // Ensure ATXP_AUTH_CLIENT_TOKEN is set in your environment
+ * const paymentServer = new ATXPPaymentServer(
+ *   'https://auth.atxp.ai',
+ *   oAuthDb,
+ *   logger
+ * );
+ * ```
+ */
+export declare class ATXPPaymentServer implements PaymentServer {
+    private readonly server;
+    private readonly authCredentials;
+    private readonly logger;
+    private readonly fetchFn;
+    constructor(server: AuthorizationServerUrl, authCredentials: string, logger: Logger, fetchFn?: FetchLike);
+    charge: ({ source, destination, network, currency, amount }: {
+        source: string;
+        destination: string;
+        network: Network;
+        currency: Currency;
+        amount: BigNumber;
+    }) => Promise<ChargeResponse>;
+    createPaymentRequest: ({ source, destination, network, currency, amount }: {
+        source: string;
+        destination: string;
+        network: Network;
+        currency: Currency;
+        amount: BigNumber;
+    }) => Promise<string>;
+    /**
+     * Makes authenticated requests to the ATXP authorization server
+     *
+     * This method automatically includes the `ATXP_AUTH_CLIENT_TOKEN` from environment variables
+     * in the Authorization header for all requests.
+     *
+     * @param method - HTTP method ('GET' or 'POST')
+     * @param path - API endpoint path
+     * @param body - Request body (for POST requests)
+     * @returns Promise<Response> - The HTTP response from the server
+     * @throws {Error} When `ATXP_AUTH_CLIENT_TOKEN` environment variable is not set
+     *
+     * @example
+     * ```typescript
+     * // Ensure ATXP_AUTH_CLIENT_TOKEN is set in your environment
+     * const response = await paymentServer.makeRequest('POST', '/charge', {
+     *   source: 'user123',
+     *   destination: 'merchant456',
+     *   amount: new BigNumber('0.01')
+     * });
+     * ```
+     */
+    protected makeRequest: (method: "GET" | "POST", path: string, body: unknown) => Promise<Response>;
+}
+//# sourceMappingURL=paymentServer.d.ts.map

package/dist/src/paymentServer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"paymentServer.d.ts","sourceRoot":"","sources":["../../src/paymentServer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC3D,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,sBAAsB,EAAE,SAAS,EAAE,MAAM,EAAsB,MAAM,sBAAsB,CAAC;AACxH,OAAO,SAAS,MAAM,cAAc,CAAC;AAErC;;;;;;;;;;;;;;;;;;;GAmBG;AACH,qBAAa,iBAAkB,YAAW,aAAa;IAEnD,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,OAAO;gBAHP,MAAM,EAAE,sBAAsB,EAC9B,eAAe,EAAE,MAAM,EACvB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,SAAiB;IAM7C,MAAM,GAAS,oDACb;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,QAAQ,CAAC;QAAC,MAAM,EAAE,SAAS,CAAA;KAAC,KAAG,OAAO,CAAC,cAAc,CAAC,CAczH;IAED,oBAAoB,GAAS,oDAC3B;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,QAAQ,CAAC;QAAC,MAAM,EAAE,SAAS,CAAA;KAAC,KAAG,OAAO,CAAC,MAAM,CAAC,CAajH;IAED;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,SAAS,CAAC,WAAW,GAAS,QAAQ,KAAK,GAAG,MAAM,EAAE,MAAM,MAAM,EAAE,MAAM,OAAO,KAAG,OAAO,CAAC,QAAQ,CAAC,CAWpG;CACF"}

package/dist/src/paymentServer.js

@@ -0,0 +1,97 @@
+/**
+ * ATXP Payment Server implementation
+ *
+ * This class handles payment operations with the ATXP authorization server.
+ *
+ * **Required Environment Variable:**
+ * - `ATXP_AUTH_CLIENT_TOKEN`: Authentication token for the ATXP authorization server.
+ *   This token is used to authenticate API calls to the ATXP server for payment operations.
+ *   Must be set when using this class, otherwise an error will be thrown.
+ *
+ * @example
+ * ```typescript
+ * // Ensure ATXP_AUTH_CLIENT_TOKEN is set in your environment
+ * const paymentServer = new ATXPPaymentServer(
+ *   'https://auth.atxp.ai',
+ *   oAuthDb,
+ *   logger
+ * );
+ * ```
+ */
+export class ATXPPaymentServer {
+    constructor(server, authCredentials, logger, fetchFn = fetch) {
+        this.server = server;
+        this.authCredentials = authCredentials;
+        this.logger = logger;
+        this.fetchFn = fetchFn;
+        this.charge = async ({ source, destination, network, currency, amount }) => {
+            const body = { source, destination, network, currency, amount };
+            const chargeResponse = await this.makeRequest('POST', '/charge', body);
+            const json = await chargeResponse.json();
+            if (chargeResponse.status === 200) {
+                return { success: true, requiredPayment: null };
+            }
+            else if (chargeResponse.status === 402) {
+                return { success: false, requiredPayment: json };
+            }
+            else {
+                const msg = `Unexpected status code ${chargeResponse.status} from payment server POST /charge endpoint`;
+                this.logger.warn(msg);
+                this.logger.debug(`Response body: ${JSON.stringify(json)}`);
+                throw new Error(msg);
+            }
+        };
+        this.createPaymentRequest = async ({ source, destination, network, currency, amount }) => {
+            const body = { source, destination, network, currency, amount };
+            const response = await this.makeRequest('POST', '/payment-request', body);
+            const json = await response.json();
+            if (response.status !== 200) {
+                this.logger.warn(`POST /payment-request responded with unexpected HTTP status ${response.status}`);
+                this.logger.debug(`Response body: ${JSON.stringify(json)}`);
+                throw new Error(`POST /payment-request responded with unexpected HTTP status ${response.status}`);
+            }
+            if (!json.id) {
+                throw new Error(`POST /payment-request response did not contain an id`);
+            }
+            return json.id;
+        };
+        /**
+         * Makes authenticated requests to the ATXP authorization server
+         *
+         * This method automatically includes the `ATXP_AUTH_CLIENT_TOKEN` from environment variables
+         * in the Authorization header for all requests.
+         *
+         * @param method - HTTP method ('GET' or 'POST')
+         * @param path - API endpoint path
+         * @param body - Request body (for POST requests)
+         * @returns Promise<Response> - The HTTP response from the server
+         * @throws {Error} When `ATXP_AUTH_CLIENT_TOKEN` environment variable is not set
+         *
+         * @example
+         * ```typescript
+         * // Ensure ATXP_AUTH_CLIENT_TOKEN is set in your environment
+         * const response = await paymentServer.makeRequest('POST', '/charge', {
+         *   source: 'user123',
+         *   destination: 'merchant456',
+         *   amount: new BigNumber('0.01')
+         * });
+         * ```
+         */
+        this.makeRequest = async (method, path, body) => {
+            const url = new URL(path, this.server);
+            const response = await this.fetchFn(url, {
+                method,
+                headers: {
+                    'Authorization': `Bearer ${this.authCredentials}`,
+                    'Content-Type': 'application/json'
+                },
+                body: JSON.stringify(body)
+            });
+            return response;
+        };
+        if (!authCredentials || authCredentials.trim() === '') {
+            throw new Error('Auth credentials are required');
+        }
+    }
+}
+//# sourceMappingURL=paymentServer.js.map

package/dist/src/paymentServer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paymentServer.js","sourceRoot":"","sources":["../../src/paymentServer.ts"],"names":[],"mappings":"AAIA;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,OAAO,iBAAiB;IAC5B,YACmB,MAA8B,EAC9B,eAAuB,EACvB,MAAc,EACd,UAAqB,KAAK;QAH1B,WAAM,GAAN,MAAM,CAAwB;QAC9B,oBAAe,GAAf,eAAe,CAAQ;QACvB,WAAM,GAAN,MAAM,CAAQ;QACd,YAAO,GAAP,OAAO,CAAmB;QAM7C,WAAM,GAAG,KAAK,EAAC,EAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EACkC,EAA2B,EAAE;YAC3H,MAAM,IAAI,GAAG,EAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAC,CAAC;YAC9D,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;YACvE,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,IAAI,EAA+B,CAAC;YACtE,IAAI,cAAc,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAClC,OAAO,EAAC,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAC,CAAC;YAChD,CAAC;iBAAM,IAAI,cAAc,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACzC,OAAO,EAAC,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,IAAI,EAAC,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,GAAG,0BAA0B,cAAc,CAAC,MAAM,4CAA4C,CAAC;gBACxG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACtB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC5D,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC;QACH,CAAC,CAAA;QAED,yBAAoB,GAAG,KAAK,EAAC,EAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EACoB,EAAmB,EAAE;YACnH,MAAM,IAAI,GAAG,EAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,kBAAkB,EAAE,IAAI,CAAC,CAAC;YAC1E,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAmB,CAAC;YACpD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+DAA+D,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;gBACnG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC5D,MAAM,IAAI,KAAK,CAAC,+DAA+D,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACpG,CAAC;YACD,IAAG,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;YAC1E,CAAC;YACD,OAAO,IAAI,CAAC,EAAE,CAAC;QACjB,CAAC,CAAA;QAED;;;;;;;;;;;;;;;;;;;;;WAqBG;QACO,gBAAW,GAAG,KAAK,EAAC,MAAsB,EAAE,IAAY,EAAE,IAAa,EAAqB,EAAE;YACtG,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YACvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE;gBACvC,MAAM;gBACN,OAAO,EAAE;oBACP,eAAe,EAAE,UAAU,IAAI,CAAC,eAAe,EAAE;oBACjD,cAAc,EAAE,kBAAkB;iBACnC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;aAC3B,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC;QAClB,CAAC,CAAA;QAvEC,IAAI,CAAC,eAAe,IAAI,eAAe,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;CAqEF"}

package/dist/src/protectedResourceMetadata.d.ts

@@ -0,0 +1,5 @@
+import { ATXPConfig, ProtectedResourceMetadata } from "./types.js";
+import { ServerResponse } from "http";
+export declare function sendProtectedResourceMetadata(res: ServerResponse, metadata: ProtectedResourceMetadata | null): boolean;
+export declare function getProtectedResourceMetadata(config: ATXPConfig, requestUrl: URL): ProtectedResourceMetadata | null;
+//# sourceMappingURL=protectedResourceMetadata.d.ts.map

package/dist/src/protectedResourceMetadata.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protectedResourceMetadata.d.ts","sourceRoot":"","sources":["../../src/protectedResourceMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAGtC,wBAAgB,6BAA6B,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,EAAE,yBAAyB,GAAG,IAAI,GAAG,OAAO,CAQtH;AAED,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,GAAG,yBAAyB,GAAG,IAAI,CAYlH"}

package/dist/src/protectedResourceMetadata.js

@@ -0,0 +1,40 @@
+import { getPath, getResource } from "./getResource.js";
+export function sendProtectedResourceMetadata(res, metadata) {
+    if (!metadata) {
+        return false;
+    }
+    res.setHeader('Content-Type', 'application/json');
+    res.writeHead(200);
+    res.end(JSON.stringify(metadata));
+    return true;
+}
+export function getProtectedResourceMetadata(config, requestUrl) {
+    if (isProtectedResourceMetadataRequest(config, requestUrl)) {
+        const resource = getResource(config, requestUrl);
+        return {
+            resource,
+            resource_name: config.payeeName || resource.toString(),
+            authorization_servers: [config.server],
+            bearer_methods_supported: ['header'],
+            scopes_supported: ['read', 'write'],
+        };
+    }
+    return null;
+}
+function isProtectedResourceMetadataRequest(config, requestUrl) {
+    const path = getPath(requestUrl);
+    if (!path.startsWith('/.well-known/oauth-protected-resource')) {
+        return false;
+    }
+    const resource = getResource(config, requestUrl);
+    const resourcePath = getPath(resource);
+    const mountPath = config.mountPath.replace(/\/$/, '');
+    if (resourcePath === mountPath) {
+        return true;
+    }
+    if (resourcePath === `${mountPath}/message`) {
+        return true;
+    }
+    return false;
+}
+//# sourceMappingURL=protectedResourceMetadata.js.map

package/dist/src/protectedResourceMetadata.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protectedResourceMetadata.js","sourceRoot":"","sources":["../../src/protectedResourceMetadata.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAExD,MAAM,UAAU,6BAA6B,CAAC,GAAmB,EAAE,QAA0C;IAC3G,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;IACD,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IAClD,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACnB,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,MAAkB,EAAE,UAAe;IAC9E,IAAI,kCAAkC,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;QAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACjD,OAAO;YACL,QAAQ;YACR,aAAa,EAAE,MAAM,CAAC,SAAS,IAAI,QAAQ,CAAC,QAAQ,EAAE;YACtD,qBAAqB,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC;YACtC,wBAAwB,EAAE,CAAC,QAAQ,CAAC;YACpC,gBAAgB,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;SACpC,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kCAAkC,CAAC,MAAkB,EAAE,UAAe;IAC7E,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IACjC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,uCAAuC,CAAC,EAAE,CAAC;QAC9D,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACjD,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtD,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,YAAY,KAAK,GAAG,SAAS,UAAU,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/src/requirePayment.d.ts

@@ -0,0 +1,3 @@
+import { RequirePaymentConfig } from "@longrun/atxp-common";
+export declare function requirePayment(paymentConfig: RequirePaymentConfig): Promise<void>;
+//# sourceMappingURL=requirePayment.d.ts.map

package/dist/src/requirePayment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"requirePayment.d.ts","sourceRoot":"","sources":["../../src/requirePayment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAwB,MAAM,sBAAsB,CAAC;AAGlF,wBAAsB,cAAc,CAAC,aAAa,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CAmCvF"}

package/dist/src/requirePayment.js

@@ -0,0 +1,35 @@
+import { paymentRequiredError } from "@longrun/atxp-common";
+import { getATXPConfig, atxpAccountId } from "./atxpContext.js";
+export async function requirePayment(paymentConfig) {
+    const config = getATXPConfig();
+    if (!config) {
+        throw new Error('No config found');
+    }
+    const user = atxpAccountId();
+    if (!user) {
+        config.logger.error('No user found');
+        throw new Error('No user found');
+    }
+    const charge = {
+        amount: paymentConfig.price,
+        currency: config.currency,
+        network: config.network,
+        destination: config.destination,
+        source: user
+    };
+    config.logger.debug(`Charging amount ${charge.amount}, destination ${charge.destination}, source ${charge.source}`);
+    const chargeResponse = await config.paymentServer.charge(charge);
+    if (chargeResponse.success) {
+        config.logger.info(`Charged ${charge.amount} for source ${charge.source}`);
+        return;
+    }
+    const existingPaymentId = await paymentConfig.getExistingPaymentId?.();
+    if (existingPaymentId) {
+        config.logger.info(`Found existing payment ID ${existingPaymentId}`);
+        throw paymentRequiredError(config.server, existingPaymentId);
+    }
+    const paymentId = await config.paymentServer.createPaymentRequest(charge);
+    config.logger.info(`Created payment request ${paymentId}`);
+    throw paymentRequiredError(config.server, paymentId);
+}
+//# sourceMappingURL=requirePayment.js.map

package/dist/src/requirePayment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"requirePayment.js","sourceRoot":"","sources":["../../src/requirePayment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEhE,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,aAAmC;IACtE,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;IAC/B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;IACD,MAAM,IAAI,GAAG,aAAa,EAAE,CAAC;IAC7B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;IACnC,CAAC;IAED,MAAM,MAAM,GAAG;QACb,MAAM,EAAE,aAAa,CAAC,KAAK;QAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,MAAM,EAAE,IAAI;KACb,CAAC;IAEF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,MAAM,CAAC,MAAM,iBAAiB,MAAM,CAAC,WAAW,YAAY,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACpH,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACjE,IAAI,cAAc,CAAC,OAAO,EAAE,CAAC;QAC3B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,MAAM,eAAe,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3E,OAAO;IACT,CAAC;IAED,MAAM,iBAAiB,GAAG,MAAM,aAAa,CAAC,oBAAoB,EAAE,EAAE,CAAC;IACvE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,6BAA6B,iBAAiB,EAAE,CAAC,CAAC;QACrE,MAAM,oBAAoB,CAAC,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAA;IAC9D,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAC1E,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B,SAAS,EAAE,CAAC,CAAC;IAC3D,MAAM,oBAAoB,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC"}

package/dist/src/serverTestHelpers.d.ts

@@ -0,0 +1,55 @@
+import { IncomingHttpHeaders, IncomingMessage, ServerResponse } from 'http';
+import { JSONRPCRequest } from '@modelcontextprotocol/sdk/types.js';
+import { OAuthResourceClient, TokenData, Logger, Currency, Network } from '@longrun/atxp-common';
+import { Charge, ATXPConfig, TokenCheck, TokenProblem, McpMethod, McpName, PaymentServer } from './types.js';
+import * as oauth from 'oauth4webapi';
+export declare const DESTINATION = "testDestination";
+export declare const SOURCE = "testSource";
+export declare function charge({ amount, currency, network, destination, source }?: {
+    amount?: BigNumber;
+    currency?: Currency;
+    network?: Network;
+    destination?: string;
+    source?: string;
+}): Charge;
+export declare const oneCentCharge: Charge;
+export declare const zeroCharge: Charge;
+export declare function logger(): Logger;
+export declare function config(args?: Partial<ATXPConfig>): ATXPConfig;
+export declare function paymentServer({ charge, createPaymentRequest }?: {
+    charge?: import("vitest").Mock<(...args: any[]) => any> | undefined;
+    createPaymentRequest?: import("vitest").Mock<(...args: any[]) => any> | undefined;
+}): PaymentServer;
+export declare function mcpRequest({ method, params, id }?: {
+    method?: McpMethod;
+    params?: any;
+    id?: string;
+}): JSONRPCRequest;
+export declare function mcpToolRequest({ toolName, args, }?: {
+    toolName?: McpName;
+    args?: any;
+}): JSONRPCRequest;
+export declare function incomingMessage({ body, method, url, headers }?: {
+    body?: any;
+    method?: 'POST' | 'GET' | 'PUT' | 'DELETE' | 'PATCH' | 'OPTIONS';
+    url?: string;
+    headers?: IncomingHttpHeaders;
+}): IncomingMessage;
+export declare function incomingToolMessage({ authHeader, url, }?: {
+    authHeader?: string;
+    url?: string;
+}): IncomingMessage;
+export declare function oAuthClient({ introspectResult, authorizationServer }?: {
+    introspectResult?: TokenData;
+    authorizationServer?: oauth.AuthorizationServer;
+}): OAuthResourceClient;
+export declare function tokenData({ active, sub, scope, aud }?: Partial<TokenData>): TokenData;
+export declare function tokenCheck({ data, token, passes, problem, resourceMetadataUrl }?: {
+    data?: TokenData;
+    token?: string | null;
+    passes?: boolean;
+    problem?: TokenProblem;
+    resourceMetadataUrl?: string;
+}): TokenCheck;
+export declare function serverResponse(): ServerResponse;
+//# sourceMappingURL=serverTestHelpers.d.ts.map

package/dist/src/serverTestHelpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"serverTestHelpers.d.ts","sourceRoot":"","sources":["../../src/serverTestHelpers.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAEjG,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAkC,YAAY,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAG7I,OAAO,KAAK,KAAK,MAAM,cAAc,CAAC;AAEtC,eAAO,MAAM,WAAW,oBAAoB,CAAC;AAC7C,eAAO,MAAM,MAAM,eAAe,CAAC;AAEnC,wBAAgB,MAAM,CAAC,EACnB,MAAwB,EACxB,QAAiB,EACjB,OAAkB,EAClB,WAAyB,EACzB,MAAe,EAChB,GAAE;IACD,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAA;CACX,GAAG,MAAM,CAGhB;AAED,eAAO,MAAM,aAAa,QAAoC,CAAC;AAE/D,eAAO,MAAM,UAAU,QAAiC,CAAC;AAEzD,wBAAgB,MAAM,IAAI,MAAM,CAO/B;AAED,wBAAgB,MAAM,CAAC,IAAI,GAAE,OAAO,CAAC,UAAU,CAAM,GAAG,UAAU,CAMjE;AAED,wBAAgB,aAAa,CAAC,EAC5B,MAA4E,EAC5E,oBAA2E,EAC5E;;;CAAK,GAAI,aAAa,CAKtB;AAED,wBAAgB,UAAU,CAAC,EAAC,MAAqB,EAAE,MAAW,EAAE,EAAa,EAAC,GAAE;IAC9E,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB,MAAM,CAAC,EAAE,GAAG,CAAC;IACb,EAAE,CAAC,EAAE,MAAM,CAAA;CACP,GAAG,cAAc,CAGtB;AAED,wBAAgB,cAAc,CAAC,EAC3B,QAAqB,EACrB,IAAyB,GAC1B,GAAE;IACD,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,IAAI,CAAC,EAAE,GAAG,CAAC;CACP,GAAG,cAAc,CAGxB;AAED,wBAAgB,eAAe,CAAC,EAC5B,IAAS,EACT,MAAe,EACf,GAAS,EACT,OAA8C,EAC/C,GAAG;IACF,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,MAAM,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,GAAG,QAAQ,GAAG,OAAO,GAAG,SAAS,CAAC;IACjE,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,mBAAmB,CAAA;CACzB,GAAG,eAAe,CAazB;AAED,wBAAgB,mBAAmB,CAAC,EAChC,UAAsB,EACtB,GAAS,GACV,GAAE;IACD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;CACT,GAAG,eAAe,CAOzB;AAED,wBAAgB,WAAW,CAAC,EAC1B,gBAA8B,EAC9B,mBAEC,EACF,GAAE;IACD,gBAAgB,CAAC,EAAE,SAAS,CAAA;IAC5B,mBAAmB,CAAC,EAAE,KAAK,CAAC,mBAAmB,CAAA;CAC3C,GAAG,mBAAmB,CAK3B;AAED,wBAAgB,SAAS,CAAC,EACtB,MAAa,EACb,GAAiB,EACjB,KAAoB,EACpB,GAA2B,EAC5B,GAAE,OAAO,CAAC,SAAS,CAAM,GAAG,SAAS,CAGvC;AAED,wBAAgB,UAAU,CAAC,EACzB,IAAkB,EAClB,KAAoB,EACpB,MAAa,EACb,OAA+B,EAC/B,mBAAgF,EACjF,GAAG;IACF,IAAI,CAAC,EAAE,SAAS,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,YAAY,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAA;CACxB,GAAG,UAAU,CAMlB;AAED,wBAAgB,cAAc,IAAI,cAAc,CAO/C"}

package/dist/src/serverTestHelpers.js

@@ -0,0 +1,88 @@
+/* eslint-disable @typescript-eslint/no-explicit-any, no-console */
+import { Readable } from 'stream';
+import { vi } from 'vitest';
+import { TokenProblem } from './types.js';
+import { buildServerConfig } from './atxpServer.js';
+import { BigNumber } from 'bignumber.js';
+export const DESTINATION = 'testDestination';
+export const SOURCE = 'testSource';
+export function charge({ amount = BigNumber(0.01), currency = 'USDC', network = 'solana', destination = DESTINATION, source = SOURCE } = {}) {
+    return { amount, currency, network, destination, source };
+}
+export const oneCentCharge = charge({ amount: BigNumber(0.01) });
+export const zeroCharge = charge({ amount: BigNumber(0) });
+export function logger() {
+    return {
+        debug: vi.fn().mockImplementation((msg) => { console.debug(msg); }),
+        info: vi.fn().mockImplementation((msg) => { console.info(msg); }),
+        warn: vi.fn().mockImplementation((msg) => { console.warn(msg); }),
+        error: vi.fn().mockImplementation((msg) => { console.error(msg); }),
+    };
+}
+export function config(args = {}) {
+    return buildServerConfig({
+        ...args,
+        destination: args.destination ?? DESTINATION,
+        atxpAuthClientToken: args.atxpAuthClientToken ?? 'test-auth-token'
+    });
+}
+export function paymentServer({ charge = vi.fn().mockResolvedValue({ success: true, requiredPaymentId: null }), createPaymentRequest = vi.fn().mockResolvedValue('test-payment-request-id') } = {}) {
+    return {
+        charge,
+        createPaymentRequest,
+    };
+}
+export function mcpRequest({ method = 'tools/call', params = {}, id = 'call-1' } = {}) {
+    return { jsonrpc: "2.0", method, params, id };
+}
+export function mcpToolRequest({ toolName = 'testTool', args = { paramOne: 'test' }, } = {}) {
+    return mcpRequest({ method: 'tools/call', params: { name: toolName, arguments: args } });
+}
+export function incomingMessage({ body = {}, method = 'POST', url = '/', headers = { 'content-type': 'application/json' } } = {}) {
+    const bodyString = JSON.stringify(body);
+    const stream = new Readable({
+        read() {
+            this.push(bodyString);
+            this.push(null);
+        }
+    });
+    stream.method = method;
+    stream.url = url;
+    stream.headers = headers;
+    return stream;
+}
+export function incomingToolMessage({ authHeader = undefined, url = '/', } = {}) {
+    return incomingMessage({
+        body: mcpToolRequest({ toolName: 'testTool' }),
+        headers: { 'authorization': authHeader, 'content-type': 'application/json' },
+        url
+    });
+}
+export function oAuthClient({ introspectResult = tokenData(), authorizationServer = {
+    issuer: 'https://auth.atxp.ai',
+} } = {}) {
+    return {
+        introspectToken: vi.fn().mockResolvedValue(introspectResult),
+        authorizationServerFromUrl: vi.fn().mockResolvedValue(authorizationServer)
+    };
+}
+export function tokenData({ active = true, sub = 'test-user', scope = 'tools:read', aud = 'https://example.com' } = {}) {
+    return { active, sub, scope, aud };
+}
+export function tokenCheck({ data = tokenData(), token = 'test-token', passes = true, problem = TokenProblem.NO_TOKEN, resourceMetadataUrl = 'https://example.com/.well-known/oauth-protected-resource' } = {}) {
+    if (passes) {
+        return { passes, token, data, };
+    }
+    else {
+        return { passes, token, data, problem, resourceMetadataUrl };
+    }
+}
+export function serverResponse() {
+    return {
+        getHeader: vi.fn(),
+        setHeader: vi.fn(),
+        writeHead: vi.fn(),
+        end: vi.fn(),
+    };
+}
+//# sourceMappingURL=serverTestHelpers.js.map