@buildersgarden/siwa 0.0.13 → 0.0.15

package/dist/erc8128.d.ts

@@ -11,7 +11,7 @@
  */
 import type { Address, PublicClient } from 'viem';
 import { type EthHttpSigner, type NonceStore } from '@slicekit/erc8128';
-import type { Signer, SignerType } from './signer.js';
+import type { Signer, SignerType } from './signer/index.js';
 export interface VerifyOptions {
     receiptSecret: string;
     rpcUrl?: string;

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export * from './signer.js';
+export * from './signer/index.js';
 export * from './keystore.js';
 export * from './siwa.js';
 export * from './identity.js';
@@ -7,4 +7,5 @@ export * from './registry.js';
 export * from './addresses.js';
 export * from './receipt.js';
 export * from './erc8128.js';
+export * from './nonce-store.js';
 export * from './tba.js';

package/dist/index.js

@@ -1,4 +1,4 @@
-export * from './signer.js';
+export * from './signer/index.js';
 export * from './keystore.js';
 export * from './siwa.js';
 export * from './identity.js';
@@ -7,4 +7,5 @@ export * from './registry.js';
 export * from './addresses.js';
 export * from './receipt.js';
 export * from './erc8128.js';
+export * from './nonce-store.js';
 export * from './tba.js';

package/dist/nonce-store.d.ts

@@ -0,0 +1,101 @@
+/**
+ * nonce-store.ts
+ *
+ * Pluggable nonce store for SIWA sign-in replay protection.
+ *
+ * The default HMAC-based stateless nonces are convenient but can be replayed
+ * within their TTL window. A SIWANonceStore tracks issued nonces server-side
+ * so each nonce can only be consumed once.
+ *
+ * Built-in factories:
+ *   - createMemorySIWANonceStore()      — single-process (Map + TTL)
+ *   - createRedisSIWANonceStore(redis)  — ioredis / node-redis
+ *   - createKVSIWANonceStore(kv)        — Cloudflare Workers KV
+ *
+ * For databases (SQL, Prisma, Drizzle), implement the SIWANonceStore interface
+ * directly — it's just two methods.
+ *
+ * No new runtime dependencies — each factory accepts a minimal interface so
+ * users bring their own client.
+ */
+export interface SIWANonceStore {
+    /** Store an issued nonce. Returns true on success, false if already exists. */
+    issue(nonce: string, ttlMs: number): Promise<boolean>;
+    /** Atomically check-and-delete a nonce. Returns true if it existed (valid), false otherwise. */
+    consume(nonce: string): Promise<boolean>;
+}
+/**
+ * In-memory nonce store with TTL-based expiry.
+ *
+ * Suitable for single-process servers. For multi-instance deployments,
+ * implement SIWANonceStore with a shared store (Redis, database, etc.).
+ */
+export declare function createMemorySIWANonceStore(): SIWANonceStore;
+/**
+ * Minimal subset of the ioredis / node-redis API used by the nonce store.
+ * Both ioredis and node-redis v4 (with legacyMode or the `.set()` overload)
+ * satisfy this interface out of the box.
+ */
+export interface RedisLikeClient {
+    set(...args: unknown[]): Promise<unknown>;
+    del(...args: unknown[]): Promise<number>;
+}
+/**
+ * Redis-backed nonce store.
+ *
+ * Uses `SET key 1 PX ttl NX` for atomic issue (fails if key exists) and
+ * `DEL key` for atomic consume (returns 1 only on first delete).
+ *
+ * @param redis   An ioredis instance or any client matching `RedisLikeClient`.
+ * @param prefix  Optional key prefix (default `"siwa:nonce:"`).
+ *
+ * @example
+ * ```ts
+ * // ioredis
+ * import Redis from "ioredis";
+ * const redis = new Redis();
+ * const nonceStore = createRedisSIWANonceStore(redis);
+ *
+ * // node-redis v4 — wrap with a tiny adapter:
+ * import { createClient } from "redis";
+ * const client = createClient(); await client.connect();
+ * const nonceStore = createRedisSIWANonceStore({
+ *   set: (...a: unknown[]) => client.set(a[0] as string, a[1] as string,
+ *     { PX: a[3] as number, NX: true }).then(r => r ?? null),
+ *   del: (k: unknown) => client.del(k as string),
+ * });
+ * ```
+ */
+export declare function createRedisSIWANonceStore(redis: RedisLikeClient, prefix?: string): SIWANonceStore;
+/**
+ * Minimal subset of the Cloudflare KV namespace binding API.
+ */
+export interface KVNamespaceLike {
+    put(key: string, value: string, options?: {
+        expirationTtl?: number;
+    }): Promise<void>;
+    get(key: string): Promise<string | null>;
+    delete(key: string): Promise<void>;
+}
+/**
+ * Cloudflare Workers KV-backed nonce store.
+ *
+ * `issue` uses `put` with an `expirationTtl` so nonces auto-expire.
+ * `consume` does a `get` + `delete` pair — not fully atomic, but acceptable
+ * for random 128-bit nonces where collisions are astronomically unlikely.
+ *
+ * @param kv      A KV namespace binding (e.g. `env.SIWA_NONCES`).
+ * @param prefix  Optional key prefix (default `"siwa:nonce:"`).
+ *
+ * @example
+ * ```ts
+ * // In a Cloudflare Worker
+ * export default {
+ *   async fetch(request, env) {
+ *     const nonceStore = createKVSIWANonceStore(env.SIWA_NONCES);
+ *     // use with createSIWANonce / verifySIWA
+ *   },
+ * };
+ * ```
+ */
+export declare function createKVSIWANonceStore(kv: KVNamespaceLike, prefix?: string): SIWANonceStore;

package/dist/nonce-store.js

@@ -0,0 +1,135 @@
+/**
+ * nonce-store.ts
+ *
+ * Pluggable nonce store for SIWA sign-in replay protection.
+ *
+ * The default HMAC-based stateless nonces are convenient but can be replayed
+ * within their TTL window. A SIWANonceStore tracks issued nonces server-side
+ * so each nonce can only be consumed once.
+ *
+ * Built-in factories:
+ *   - createMemorySIWANonceStore()      — single-process (Map + TTL)
+ *   - createRedisSIWANonceStore(redis)  — ioredis / node-redis
+ *   - createKVSIWANonceStore(kv)        — Cloudflare Workers KV
+ *
+ * For databases (SQL, Prisma, Drizzle), implement the SIWANonceStore interface
+ * directly — it's just two methods.
+ *
+ * No new runtime dependencies — each factory accepts a minimal interface so
+ * users bring their own client.
+ */
+/**
+ * In-memory nonce store with TTL-based expiry.
+ *
+ * Suitable for single-process servers. For multi-instance deployments,
+ * implement SIWANonceStore with a shared store (Redis, database, etc.).
+ */
+export function createMemorySIWANonceStore() {
+    const nonces = new Map(); // nonce → expiry timestamp (ms)
+    function cleanup() {
+        const now = Date.now();
+        for (const [k, expiry] of nonces) {
+            if (expiry < now)
+                nonces.delete(k);
+        }
+    }
+    return {
+        async issue(nonce, ttlMs) {
+            cleanup();
+            if (nonces.has(nonce))
+                return false;
+            nonces.set(nonce, Date.now() + ttlMs);
+            return true;
+        },
+        async consume(nonce) {
+            cleanup();
+            if (!nonces.has(nonce))
+                return false;
+            const expiry = nonces.get(nonce);
+            nonces.delete(nonce);
+            return expiry >= Date.now();
+        },
+    };
+}
+/**
+ * Redis-backed nonce store.
+ *
+ * Uses `SET key 1 PX ttl NX` for atomic issue (fails if key exists) and
+ * `DEL key` for atomic consume (returns 1 only on first delete).
+ *
+ * @param redis   An ioredis instance or any client matching `RedisLikeClient`.
+ * @param prefix  Optional key prefix (default `"siwa:nonce:"`).
+ *
+ * @example
+ * ```ts
+ * // ioredis
+ * import Redis from "ioredis";
+ * const redis = new Redis();
+ * const nonceStore = createRedisSIWANonceStore(redis);
+ *
+ * // node-redis v4 — wrap with a tiny adapter:
+ * import { createClient } from "redis";
+ * const client = createClient(); await client.connect();
+ * const nonceStore = createRedisSIWANonceStore({
+ *   set: (...a: unknown[]) => client.set(a[0] as string, a[1] as string,
+ *     { PX: a[3] as number, NX: true }).then(r => r ?? null),
+ *   del: (k: unknown) => client.del(k as string),
+ * });
+ * ```
+ */
+export function createRedisSIWANonceStore(redis, prefix = 'siwa:nonce:') {
+    return {
+        async issue(nonce, ttlMs) {
+            // SET key "1" PX ttlMs NX → "OK" if the key was set, null otherwise
+            const result = await redis.set(prefix + nonce, '1', 'PX', ttlMs, 'NX');
+            return result === 'OK';
+        },
+        async consume(nonce) {
+            // DEL returns the number of keys removed (1 = existed, 0 = didn't)
+            const deleted = await redis.del(prefix + nonce);
+            return deleted === 1;
+        },
+    };
+}
+/**
+ * Cloudflare Workers KV-backed nonce store.
+ *
+ * `issue` uses `put` with an `expirationTtl` so nonces auto-expire.
+ * `consume` does a `get` + `delete` pair — not fully atomic, but acceptable
+ * for random 128-bit nonces where collisions are astronomically unlikely.
+ *
+ * @param kv      A KV namespace binding (e.g. `env.SIWA_NONCES`).
+ * @param prefix  Optional key prefix (default `"siwa:nonce:"`).
+ *
+ * @example
+ * ```ts
+ * // In a Cloudflare Worker
+ * export default {
+ *   async fetch(request, env) {
+ *     const nonceStore = createKVSIWANonceStore(env.SIWA_NONCES);
+ *     // use with createSIWANonce / verifySIWA
+ *   },
+ * };
+ * ```
+ */
+export function createKVSIWANonceStore(kv, prefix = 'siwa:nonce:') {
+    return {
+        async issue(nonce, ttlMs) {
+            const key = prefix + nonce;
+            // Check-before-write: KV put is unconditional, so read first
+            const existing = await kv.get(key);
+            if (existing !== null)
+                return false;
+            await kv.put(key, '1', { expirationTtl: Math.ceil(ttlMs / 1000) });
+            return true;
+        },
+        async consume(nonce) {
+            const key = prefix + nonce;
+            const value = await kv.get(key);
+            if (value === null)
+                return false;
+            await kv.delete(key);
+            return true;
+        },
+    };
+}

package/dist/receipt.d.ts

@@ -14,7 +14,7 @@
  * Format: base64url(json).base64url(hmac-sha256)
  * Same token format as nonce tokens in siwa.ts.
  */
-import type { SignerType } from './signer.js';
+import type { SignerType } from './signer/index.js';
 export interface ReceiptPayload {
     address: string;
     agentId: number;

package/dist/registry.d.ts

@@ -8,7 +8,7 @@
  *   npm install viem
  */
 import { type PublicClient } from 'viem';
-import type { TransactionSigner } from './signer.js';
+import type { TransactionSigner } from './signer/index.js';
 /** Service endpoint types defined in ERC-8004 */
 export type ServiceType = 'web' | 'A2A' | 'MCP' | 'OASF' | 'ENS' | 'DID' | 'email';
 /** Trust models defined in ERC-8004 */

package/dist/{express.d.ts → server-side-wrappers/express.d.ts}

@@ -15,8 +15,8 @@
  * ```
  */
 import type { RequestHandler } from 'express';
-import { type SiwaAgent, type VerifyOptions } from './erc8128.js';
-import type { SignerType } from './signer.js';
+import { type SiwaAgent, type VerifyOptions } from '../erc8128.js';
+import type { SignerType } from '../signer/index.js';
 export type { SiwaAgent };
 declare global {
     namespace Express {

package/dist/{express.js → server-side-wrappers/express.js}

@@ -15,7 +15,7 @@
  * ```
  */
 import express from 'express';
-import { verifyAuthenticatedRequest, expressToFetchRequest, resolveReceiptSecret, } from './erc8128.js';
+import { verifyAuthenticatedRequest, expressToFetchRequest, resolveReceiptSecret, } from '../erc8128.js';
 // ---------------------------------------------------------------------------
 // CORS middleware
 // ---------------------------------------------------------------------------

package/dist/server-side-wrappers/fastify.d.ts

@@ -0,0 +1,58 @@
+/**
+ * fastify.ts
+ *
+ * Server-side wrappers for Fastify applications.
+ * Uses preHandler hooks for authentication.
+ *
+ * @example
+ * ```ts
+ * import Fastify from "fastify";
+ * import { siwaPlugin, siwaAuth } from "@buildersgarden/siwa/fastify";
+ *
+ * const fastify = Fastify();
+ * await fastify.register(siwaPlugin);
+ *
+ * fastify.post("/api/protected", { preHandler: siwaAuth() }, async (req) => {
+ *   return { agent: req.agent };
+ * });
+ * ```
+ */
+import type { FastifyPluginAsync, preHandlerHookHandler } from 'fastify';
+import { type SiwaAgent, type VerifyOptions } from '../erc8128.js';
+import type { SignerType } from '../signer/index.js';
+export type { SiwaAgent };
+declare module 'fastify' {
+    interface FastifyRequest {
+        agent?: SiwaAgent;
+    }
+}
+export interface SiwaAuthOptions {
+    /** HMAC secret for receipt verification. Defaults to RECEIPT_SECRET or SIWA_SECRET env. */
+    receiptSecret?: string;
+    /** RPC URL for optional onchain verification. */
+    rpcUrl?: string;
+    /** Enable onchain ownerOf check. */
+    verifyOnchain?: boolean;
+    /** Public client for ERC-1271 or onchain checks. */
+    publicClient?: VerifyOptions['publicClient'];
+    /** Allowed signer types. Omit to accept all. */
+    allowedSignerTypes?: SignerType[];
+}
+export interface SiwaPluginOptions {
+    /** CORS allowed origin(s). Defaults to true (reflect origin). */
+    origin?: boolean | string | string[];
+    /** Allowed headers including SIWA-specific ones. */
+    allowedHeaders?: string[];
+}
+/**
+ * Fastify plugin that sets up CORS with SIWA-specific headers.
+ * Requires @fastify/cors to be installed.
+ */
+export declare const siwaPlugin: FastifyPluginAsync<SiwaPluginOptions>;
+/**
+ * Fastify preHandler that verifies ERC-8128 HTTP Message Signatures + SIWA receipt.
+ *
+ * On success, sets `req.agent` with the verified agent identity.
+ * On failure, responds with 401.
+ */
+export declare function siwaAuth(options?: SiwaAuthOptions): preHandlerHookHandler;

package/dist/server-side-wrappers/fastify.js

@@ -0,0 +1,111 @@
+/**
+ * fastify.ts
+ *
+ * Server-side wrappers for Fastify applications.
+ * Uses preHandler hooks for authentication.
+ *
+ * @example
+ * ```ts
+ * import Fastify from "fastify";
+ * import { siwaPlugin, siwaAuth } from "@buildersgarden/siwa/fastify";
+ *
+ * const fastify = Fastify();
+ * await fastify.register(siwaPlugin);
+ *
+ * fastify.post("/api/protected", { preHandler: siwaAuth() }, async (req) => {
+ *   return { agent: req.agent };
+ * });
+ * ```
+ */
+import { verifyAuthenticatedRequest, resolveReceiptSecret, } from '../erc8128.js';
+// ---------------------------------------------------------------------------
+// CORS headers
+// ---------------------------------------------------------------------------
+const DEFAULT_SIWA_HEADERS = [
+    'Content-Type',
+    'X-SIWA-Receipt',
+    'Signature',
+    'Signature-Input',
+    'Content-Digest',
+];
+// ---------------------------------------------------------------------------
+// Request conversion helper
+// ---------------------------------------------------------------------------
+/**
+ * Convert a Fastify request to a Fetch Request for verification.
+ */
+function toFetchRequest(req) {
+    const url = `${req.protocol}://${req.hostname}${req.url}`;
+    return new Request(url, {
+        method: req.method,
+        headers: req.headers,
+        body: req.method !== 'GET' && req.method !== 'HEAD'
+            ? JSON.stringify(req.body)
+            : undefined,
+    });
+}
+// ---------------------------------------------------------------------------
+// Fastify plugin
+// ---------------------------------------------------------------------------
+/**
+ * Fastify plugin that sets up CORS with SIWA-specific headers.
+ * Requires @fastify/cors to be installed.
+ */
+export const siwaPlugin = async (fastify, options) => {
+    // Try to register @fastify/cors if available
+    try {
+        const cors = await import('@fastify/cors');
+        await fastify.register(cors.default ?? cors, {
+            origin: options?.origin ?? true,
+            allowedHeaders: options?.allowedHeaders ?? DEFAULT_SIWA_HEADERS,
+        });
+    }
+    catch {
+        // @fastify/cors not installed, set headers manually
+        fastify.addHook('onSend', async (req, reply) => {
+            reply.header('Access-Control-Allow-Origin', '*');
+            reply.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+            reply.header('Access-Control-Allow-Headers', (options?.allowedHeaders ?? DEFAULT_SIWA_HEADERS).join(', '));
+        });
+        // Handle OPTIONS preflight
+        fastify.options('*', async (req, reply) => {
+            reply.status(204).send();
+        });
+    }
+};
+// ---------------------------------------------------------------------------
+// Auth preHandler
+// ---------------------------------------------------------------------------
+/**
+ * Fastify preHandler that verifies ERC-8128 HTTP Message Signatures + SIWA receipt.
+ *
+ * On success, sets `req.agent` with the verified agent identity.
+ * On failure, responds with 401.
+ */
+export function siwaAuth(options) {
+    return async (req, reply) => {
+        const hasSignature = req.headers['signature'] && req.headers['x-siwa-receipt'];
+        if (!hasSignature) {
+            return reply.status(401).send({
+                error: 'Unauthorized — provide ERC-8128 Signature + X-SIWA-Receipt headers',
+            });
+        }
+        try {
+            const secret = resolveReceiptSecret(options?.receiptSecret);
+            const result = await verifyAuthenticatedRequest(toFetchRequest(req), {
+                receiptSecret: secret,
+                rpcUrl: options?.rpcUrl,
+                verifyOnchain: options?.verifyOnchain,
+                publicClient: options?.publicClient,
+                allowedSignerTypes: options?.allowedSignerTypes,
+            });
+            if (!result.valid) {
+                return reply.status(401).send({ error: result.error });
+            }
+            req.agent = result.agent;
+        }
+        catch (err) {
+            return reply.status(401).send({ error: `ERC-8128 auth failed: ${err.message}` });
+        }
+    };
+}

package/dist/server-side-wrappers/hono.d.ts

@@ -0,0 +1,54 @@
+/**
+ * hono.ts
+ *
+ * Server-side wrappers for Hono applications.
+ * Uses web standard Request/Response APIs.
+ *
+ * @example
+ * ```ts
+ * import { Hono } from "hono";
+ * import { siwaMiddleware, siwaCors } from "@buildersgarden/siwa/hono";
+ *
+ * const app = new Hono();
+ * app.use("*", siwaCors());
+ * app.post("/api/protected", siwaMiddleware(), (c) => {
+ *   return c.json({ agent: c.get("agent") });
+ * });
+ * ```
+ */
+import type { MiddlewareHandler } from 'hono';
+import { type SiwaAgent, type VerifyOptions } from '../erc8128.js';
+import type { SignerType } from '../signer/index.js';
+export type { SiwaAgent };
+export interface SiwaMiddlewareOptions {
+    /** HMAC secret for receipt verification. Defaults to RECEIPT_SECRET or SIWA_SECRET env. */
+    receiptSecret?: string;
+    /** RPC URL for optional onchain verification. */
+    rpcUrl?: string;
+    /** Enable onchain ownerOf check. */
+    verifyOnchain?: boolean;
+    /** Public client for ERC-1271 or onchain checks. */
+    publicClient?: VerifyOptions['publicClient'];
+    /** Allowed signer types. Omit to accept all. */
+    allowedSignerTypes?: SignerType[];
+}
+export interface SiwaCorsOptions {
+    /** Allowed origin(s). Defaults to "*". */
+    origin?: string;
+    /** Allowed HTTP methods. */
+    methods?: string[];
+    /** Allowed headers. */
+    headers?: string[];
+}
+/**
+ * CORS middleware pre-configured with SIWA-specific headers.
+ * Handles OPTIONS preflight automatically.
+ */
+export declare function siwaCors(options?: SiwaCorsOptions): MiddlewareHandler;
+/**
+ * Hono middleware that verifies ERC-8128 HTTP Message Signatures + SIWA receipt.
+ *
+ * On success, sets `c.set("agent", agent)` with the verified agent identity.
+ * On failure, responds with 401.
+ */
+export declare function siwaMiddleware(options?: SiwaMiddlewareOptions): MiddlewareHandler;

package/dist/server-side-wrappers/hono.js

@@ -0,0 +1,82 @@
+/**
+ * hono.ts
+ *
+ * Server-side wrappers for Hono applications.
+ * Uses web standard Request/Response APIs.
+ *
+ * @example
+ * ```ts
+ * import { Hono } from "hono";
+ * import { siwaMiddleware, siwaCors } from "@buildersgarden/siwa/hono";
+ *
+ * const app = new Hono();
+ * app.use("*", siwaCors());
+ * app.post("/api/protected", siwaMiddleware(), (c) => {
+ *   return c.json({ agent: c.get("agent") });
+ * });
+ * ```
+ */
+import { verifyAuthenticatedRequest, resolveReceiptSecret, } from '../erc8128.js';
+// ---------------------------------------------------------------------------
+// CORS middleware
+// ---------------------------------------------------------------------------
+const DEFAULT_SIWA_HEADERS = [
+    'Content-Type',
+    'X-SIWA-Receipt',
+    'Signature',
+    'Signature-Input',
+    'Content-Digest',
+];
+/**
+ * CORS middleware pre-configured with SIWA-specific headers.
+ * Handles OPTIONS preflight automatically.
+ */
+export function siwaCors(options) {
+    const origin = options?.origin ?? '*';
+    const methods = options?.methods ?? ['GET', 'POST', 'OPTIONS'];
+    const headers = options?.headers ?? DEFAULT_SIWA_HEADERS;
+    return async (c, next) => {
+        c.header('Access-Control-Allow-Origin', origin);
+        c.header('Access-Control-Allow-Methods', methods.join(', '));
+        c.header('Access-Control-Allow-Headers', headers.join(', '));
+        if (c.req.method === 'OPTIONS') {
+            return c.body(null, 204);
+        }
+        await next();
+    };
+}
+// ---------------------------------------------------------------------------
+// Auth middleware
+// ---------------------------------------------------------------------------
+/**
+ * Hono middleware that verifies ERC-8128 HTTP Message Signatures + SIWA receipt.
+ *
+ * On success, sets `c.set("agent", agent)` with the verified agent identity.
+ * On failure, responds with 401.
+ */
+export function siwaMiddleware(options) {
+    return async (c, next) => {
+        const hasSignature = c.req.header('signature') && c.req.header('x-siwa-receipt');
+        if (!hasSignature) {
+            return c.json({ error: 'Unauthorized — provide ERC-8128 Signature + X-SIWA-Receipt headers' }, 401);
+        }
+        try {
+            const secret = resolveReceiptSecret(options?.receiptSecret);
+            const result = await verifyAuthenticatedRequest(c.req.raw, {
+                receiptSecret: secret,
+                rpcUrl: options?.rpcUrl,
+                verifyOnchain: options?.verifyOnchain,
+                publicClient: options?.publicClient,
+                allowedSignerTypes: options?.allowedSignerTypes,
+            });
+            if (!result.valid) {
+                return c.json({ error: result.error }, 401);
+            }
+            c.set('agent', result.agent);
+            await next();
+        }
+        catch (err) {
+            return c.json({ error: `ERC-8128 auth failed: ${err.message}` }, 401);
+        }
+    };
+}

package/dist/{next.d.ts → server-side-wrappers/next.d.ts}

@@ -16,8 +16,8 @@
  * export { siwaOptions as OPTIONS };
  * ```
  */
-import { type SiwaAgent } from './erc8128.js';
-import type { SignerType } from './signer.js';
+import { type SiwaAgent } from '../erc8128.js';
+import type { SignerType } from '../signer/index.js';
 export type { SiwaAgent };
 export interface WithSiwaOptions {
     /** HMAC secret for receipt verification. Defaults to RECEIPT_SECRET or SIWA_SECRET env. */

package/dist/{next.js → server-side-wrappers/next.js}

@@ -16,7 +16,7 @@
  * export { siwaOptions as OPTIONS };
  * ```
  */
-import { verifyAuthenticatedRequest, nextjsToFetchRequest, resolveReceiptSecret, } from './erc8128.js';
+import { verifyAuthenticatedRequest, nextjsToFetchRequest, resolveReceiptSecret, } from '../erc8128.js';
 // ---------------------------------------------------------------------------
 // CORS helpers
 // ---------------------------------------------------------------------------