@ftptech/x402-canton-core 0.1.0

package/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for describing the origin of the Work and
+      reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Support. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or support.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2026 FTP Team
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -0,0 +1,34 @@
+# @ftptech/x402-canton-core
+
+Shared TypeScript types and helpers for the Canton x402 protocol
+stack. Used by `@ftptech/x402-canton-facilitator`,
+`@ftptech/x402-canton-client`, `@ftptech/x402-canton-express`, and
+`@ftptech/x402-canton-next`.
+
+## Install
+
+```bash
+npm i @ftptech/x402-canton-core
+```
+
+> Note: the `@ftp` npm scope is not final — it may change before the
+> first public release (see [`docs/PUBLISHING.md`](https://github.com/sunstrike228/canton-x402/blob/main/docs/PUBLISHING.md)).
+> Pin the version you install and check the README for the current
+> package name.
+
+## What's in here
+
+- `X402ResourceInfo`, `PaymentRequirements`, `CantonPaymentPayload`,
+  `FacilitatorRequest`, `VerifyResponse`, `SettleResponse`,
+  `SupportedResponse`, `CantonErrorCode` types per x402 v2.
+- `CantonNetwork` CAIP-2-style identifiers (`canton:devnet`,
+  `canton:mainnet`, `canton:<global-synchronizer-id>`).
+- `encodeBase64Json` / `decodeBase64Json` + v1/v2 header-name
+  constants (`PAYMENT-REQUIRED`, `PAYMENT-SIGNATURE`,
+  `PAYMENT-RESPONSE`, `X-PAYMENT`, `X-PAYMENT-RESPONSE`).
+
+## Project
+
+See [github.com/sunstrike228/canton-x402](https://github.com/sunstrike228/canton-x402)
+and the scheme spec at
+[`specs/scheme_exact_canton.md`](https://github.com/sunstrike228/canton-x402/blob/main/specs/scheme_exact_canton.md).

package/dist/caip2.d.ts

@@ -0,0 +1,17 @@
+/**
+ * CAIP-2-style network identifiers for Canton.
+ *
+ * x402 v2 uses CAIP-2 (`<namespace>:<reference>`) for networks: `eip155:8453`
+ * for Base mainnet, `solana:<genesis-hash>` for Solana, etc. Canton's
+ * canonical reference is the Global Synchronizer ID. For convenience we
+ * also accept the short forms `canton:devnet`, `canton:testnet`, and `canton:mainnet`.
+ */
+import type { CantonNetwork } from "./types.js";
+export declare const CANTON_NAMESPACE: "canton";
+export declare const CANTON_DEVNET: CantonNetwork;
+export declare const CANTON_TESTNET: CantonNetwork;
+export declare const CANTON_MAINNET: CantonNetwork;
+export declare function buildNetworkId(synchronizerId: string): CantonNetwork;
+export declare function isCantonNetwork(value: string): value is CantonNetwork;
+export declare function parseNetworkReference(network: CantonNetwork): string;
+//# sourceMappingURL=caip2.d.ts.map

package/dist/caip2.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"caip2.d.ts","sourceRoot":"","sources":["../src/caip2.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD,eAAO,MAAM,gBAAgB,EAAG,QAAiB,CAAC;AAElD,eAAO,MAAM,aAAa,EAAE,aAA+B,CAAC;AAC5D,eAAO,MAAM,cAAc,EAAE,aAAgC,CAAC;AAC9D,eAAO,MAAM,cAAc,EAAE,aAAgC,CAAC;AAE9D,wBAAgB,cAAc,CAAC,cAAc,EAAE,MAAM,GAAG,aAAa,CAEpE;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,KAAK,IAAI,aAAa,CAErE;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,aAAa,GAAG,MAAM,CAmBpE"}

package/dist/caip2.js

@@ -0,0 +1,27 @@
+export const CANTON_NAMESPACE = "canton";
+export const CANTON_DEVNET = "canton:devnet";
+export const CANTON_TESTNET = "canton:testnet";
+export const CANTON_MAINNET = "canton:mainnet";
+export function buildNetworkId(synchronizerId) {
+    return `canton:${synchronizerId}`;
+}
+export function isCantonNetwork(value) {
+    return value.startsWith(`${CANTON_NAMESPACE}:`);
+}
+export function parseNetworkReference(network) {
+    // Validate the `canton:` prefix explicitly (defense-in-depth: the type says
+    // CantonNetwork, but a runtime caller could hand us a raw string). Then take
+    // EVERYTHING after the prefix — a Global Synchronizer ID like
+    // `canton:global-domain::1220abc` must survive intact, so we slice on the
+    // prefix length rather than split(":") which would truncate the embedded `::`.
+    const prefix = `${CANTON_NAMESPACE}:`;
+    if (!network.startsWith(prefix)) {
+        throw new Error(`malformed Canton network id (missing "${prefix}" prefix): ${network}`);
+    }
+    const ref = network.slice(prefix.length);
+    if (!ref) {
+        throw new Error(`malformed Canton network id (empty reference): ${network}`);
+    }
+    return ref;
+}
+//# sourceMappingURL=caip2.js.map

package/dist/caip2.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"caip2.js","sourceRoot":"","sources":["../src/caip2.ts"],"names":[],"mappings":"AAUA,MAAM,CAAC,MAAM,gBAAgB,GAAG,QAAiB,CAAC;AAElD,MAAM,CAAC,MAAM,aAAa,GAAkB,eAAe,CAAC;AAC5D,MAAM,CAAC,MAAM,cAAc,GAAkB,gBAAgB,CAAC;AAC9D,MAAM,CAAC,MAAM,cAAc,GAAkB,gBAAgB,CAAC;AAE9D,MAAM,UAAU,cAAc,CAAC,cAAsB;IACnD,OAAO,UAAU,cAAc,EAAmB,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,OAAO,KAAK,CAAC,UAAU,CAAC,GAAG,gBAAgB,GAAG,CAAC,CAAC;AAClD,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,OAAsB;IAC1D,4EAA4E;IAC5E,6EAA6E;IAC7E,8DAA8D;IAC9D,0EAA0E;IAC1E,+EAA+E;IAC/E,MAAM,MAAM,GAAG,GAAG,gBAAgB,GAAG,CAAC;IACtC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CACb,yCAAyC,MAAM,cAAc,OAAO,EAAE,CACvE,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACzC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CACb,kDAAkD,OAAO,EAAE,CAC5D,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/encoding.d.ts

@@ -0,0 +1,18 @@
+/**
+ * x402 wire-format encoding helpers.
+ *
+ * The PAYMENT-REQUIRED, PAYMENT-SIGNATURE, and PAYMENT-RESPONSE headers
+ * are all base64-encoded JSON (x402 v2 wire format).
+ */
+export declare const HEADER_PAYMENT_REQUIRED_V2 = "PAYMENT-REQUIRED";
+export declare const HEADER_PAYMENT_SIGNATURE_V2 = "PAYMENT-SIGNATURE";
+export declare const HEADER_PAYMENT_RESPONSE_V2 = "PAYMENT-RESPONSE";
+export declare function encodeBase64Json(value: unknown): string;
+/** Max accepted size of a base64 envelope before decode (defense vs.
+ *  attacker-supplied PAYMENT-SIGNATURE / X-PAYMENT headers, which arrive
+ *  OUTSIDE the server's body-size limit). x402 envelopes are a few KiB;
+ *  128 KiB is generous. Reject larger input before spending CPU/memory on
+ *  base64-decode + JSON.parse. */
+export declare const MAX_BASE64_JSON_INPUT: number;
+export declare function decodeBase64Json<T>(encoded: string): T;
+//# sourceMappingURL=encoding.d.ts.map

package/dist/encoding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding.d.ts","sourceRoot":"","sources":["../src/encoding.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,eAAO,MAAM,0BAA0B,qBAAqB,CAAC;AAC7D,eAAO,MAAM,2BAA2B,sBAAsB,CAAC;AAC/D,eAAO,MAAM,0BAA0B,qBAAqB,CAAC;AAE7D,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAEvD;AAED;;;;kCAIkC;AAClC,eAAO,MAAM,qBAAqB,QAAa,CAAC;AAEhD,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,GAAG,CAAC,CAWtD"}

package/dist/encoding.js

@@ -0,0 +1,29 @@
+/**
+ * x402 wire-format encoding helpers.
+ *
+ * The PAYMENT-REQUIRED, PAYMENT-SIGNATURE, and PAYMENT-RESPONSE headers
+ * are all base64-encoded JSON (x402 v2 wire format).
+ */
+export const HEADER_PAYMENT_REQUIRED_V2 = "PAYMENT-REQUIRED";
+export const HEADER_PAYMENT_SIGNATURE_V2 = "PAYMENT-SIGNATURE";
+export const HEADER_PAYMENT_RESPONSE_V2 = "PAYMENT-RESPONSE";
+export function encodeBase64Json(value) {
+    return Buffer.from(JSON.stringify(value), "utf8").toString("base64");
+}
+/** Max accepted size of a base64 envelope before decode (defense vs.
+ *  attacker-supplied PAYMENT-SIGNATURE / X-PAYMENT headers, which arrive
+ *  OUTSIDE the server's body-size limit). x402 envelopes are a few KiB;
+ *  128 KiB is generous. Reject larger input before spending CPU/memory on
+ *  base64-decode + JSON.parse. */
+export const MAX_BASE64_JSON_INPUT = 128 * 1024;
+export function decodeBase64Json(encoded) {
+    if (typeof encoded !== "string") {
+        throw new Error("decodeBase64Json: input is not a string");
+    }
+    if (encoded.length > MAX_BASE64_JSON_INPUT) {
+        throw new Error(`decodeBase64Json: input too large (${encoded.length} > ${MAX_BASE64_JSON_INPUT})`);
+    }
+    const json = Buffer.from(encoded, "base64").toString("utf8");
+    return JSON.parse(json);
+}
+//# sourceMappingURL=encoding.js.map

package/dist/encoding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding.js","sourceRoot":"","sources":["../src/encoding.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,CAAC,MAAM,0BAA0B,GAAG,kBAAkB,CAAC;AAC7D,MAAM,CAAC,MAAM,2BAA2B,GAAG,mBAAmB,CAAC;AAC/D,MAAM,CAAC,MAAM,0BAA0B,GAAG,kBAAkB,CAAC;AAE7D,MAAM,UAAU,gBAAgB,CAAC,KAAc;IAC7C,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACvE,CAAC;AAED;;;;kCAIkC;AAClC,MAAM,CAAC,MAAM,qBAAqB,GAAG,GAAG,GAAG,IAAI,CAAC;AAEhD,MAAM,UAAU,gBAAgB,CAAI,OAAe;IACjD,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,qBAAqB,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CACb,sCAAsC,OAAO,CAAC,MAAM,MAAM,qBAAqB,GAAG,CACnF,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC7D,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAM,CAAC;AAC/B,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./types.js";
+export * from "./caip2.js";
+export * from "./encoding.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC"}

package/dist/index.js

@@ -0,0 +1,4 @@
+export * from "./types.js";
+export * from "./caip2.js";
+export * from "./encoding.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,167 @@
+/**
+ * Canton x402 type definitions.
+ *
+ * These mirror the v2 wire format from x402-foundation/x402, specialized
+ * for the `exact-canton` scheme. The Canton-specific bits live in
+ * `extra` (server side) and `payload` (client side); the envelope is
+ * standard x402 v2.
+ */
+/** CAIP-2-style Canton network identifier. */
+export type CantonNetwork = `canton:devnet` | `canton:mainnet` | `canton:${string}`;
+/** Which on-ledger primitive carries the actual CC movement.
+ *  external-party-amulet-rules (v1): the facilitator submits
+ *  TransferCommand_Send and pays the Global Synchronizer traffic fee.
+ *  cip56-transfer-factory: the payer submits TransferFactory_Transfer and
+ *  pays; the facilitator only verifies. A deploy advertises one via
+ *  CANTON_X402_PRIMARY_METHOD; both are handled at verify/settle. */
+export type CantonTransferMethod = "external-party-amulet-rules" | "cip56-transfer-factory";
+/** Canton-specific `extra` block in 402 PaymentRequirements. */
+export type CantonPaymentRequirementsExtra = {
+    transferMethod: "external-party-amulet-rules";
+    facilitatorParty: string;
+    synchronizerId: string;
+    merchantContractCid?: string;
+    memo?: string;
+} | {
+    transferMethod: "cip56-transfer-factory";
+    facilitatorParty: string;
+    synchronizerId: string;
+    transferFactoryCid: string;
+    /** Hash-prefixed templateId of the factory contract, same form
+     *  Canton emits on createdEvent.templateId. Lets the client submit
+     *  TransferFactory_Transfer without its own Scan registry lookup. */
+    transferFactoryTemplateId: string;
+    instrumentId: {
+        admin: string;
+        id: string;
+    };
+    memo?: string;
+};
+/** Canton-specific `payload` block in PaymentPayload. */
+export type CantonPaymentPayload = {
+    transferMethod: "external-party-amulet-rules";
+    transferCommandCid: string;
+    payerParty: string;
+    nonce: number;
+    signatureProof?: string;
+    /** updateId of the TransferCommand_Create transaction (relay path only).
+     *  When present, the facilitator records it for traffic-burn attribution
+     *  alongside the Send updateId. Optional: absent for direct-key signers. */
+    createUpdateId?: string;
+} | {
+    transferMethod: "cip56-transfer-factory";
+    payerParty: string;
+    /** Canton ledger updateId of the TransferFactory_Transfer exercise.
+     *  Required when the registry returned
+     *  TransferInstructionResult_Completed (settlement already on-ledger;
+     *  the updateId is the proof). */
+    updateId?: string;
+    /** Contract id of a TransferInstruction returned when the result is
+     *  TransferInstructionResult_Pending; /settle waits for it. */
+    transferInstructionCid?: string;
+    signatureProof?: string;
+};
+/** Resource being paid for. Echoed from the server's 402 PAYMENT-REQUIRED
+ *  header into every PaymentPayload per x402 v2. */
+export interface X402ResourceInfo {
+    url: string;
+    description?: string;
+    mimeType?: string;
+}
+/** /verify and /settle request body (x402 v2). */
+export type FacilitatorRequest = {
+    x402Version: 2;
+    paymentPayload: {
+        x402Version: 2;
+        scheme: "exact-canton";
+        network: CantonNetwork;
+        resource: X402ResourceInfo;
+        accepted: PaymentRequirements;
+        payload: CantonPaymentPayload;
+        extensions?: Record<string, unknown>;
+    };
+    paymentRequirements: PaymentRequirements;
+};
+/** /verify response (200 regardless of validity; success carried in `isValid`). */
+export type VerifyResponse = {
+    isValid: true;
+    payer: string;
+} | {
+    isValid: false;
+    invalidReason: CantonErrorCode;
+    payer?: string;
+};
+/** /settle response. */
+export type SettleResponse = {
+    success: true;
+    payer: string;
+    transaction: string;
+    network: CantonNetwork;
+    amount?: string;
+    extensions?: Record<string, unknown>;
+} | {
+    success: false;
+    errorReason: CantonErrorCode;
+    transaction: "";
+};
+/** /supported response. */
+export type SupportedResponse = {
+    kinds: Array<{
+        x402Version: 1 | 2;
+        scheme: "exact-canton";
+        network: CantonNetwork;
+        extra?: {
+            transferMethods: CantonTransferMethod[];
+        };
+    }>;
+    extensions: string[];
+    signers: Record<string, string[]>;
+};
+/** PaymentRequirements entry as advertised in an `accepts[]` array. */
+export type PaymentRequirements = {
+    scheme: "exact-canton";
+    network: CantonNetwork;
+    amount: string;
+    asset: string;
+    payTo: string;
+    maxTimeoutSeconds: number;
+    extra: CantonPaymentRequirementsExtra;
+};
+/** Canton-specific x402 error codes. Prefix `invalid_exact_canton_*`. */
+export type CantonErrorCode = "invalid_exact_canton_transfer_command_not_found" | "invalid_exact_canton_amount_mismatch" | "invalid_exact_canton_asset_mismatch" | "invalid_exact_canton_expired" | "invalid_exact_canton_nonce_reuse" | "invalid_exact_canton_payer_mismatch" | "invalid_exact_canton_merchant_mismatch" | "invalid_exact_canton_signature" | "invalid_exact_canton_resource_url_mismatch" | "invalid_exact_canton_merchant_not_registered" | "invalid_exact_canton_counter_not_ready" | "invalid_exact_canton_transfer_instruction_not_found" | "invalid_exact_canton_transfer_completed_not_visible" | "invalid_exact_canton_transfer_instruction_pending" | "invalid_exact_canton_instrument_id_mismatch" | "invalid_exact_canton_transfer_factory_not_found" | "invalid_exact_canton_missing_proof" | "invalid_exact_canton_holding_locked" | "invalid_exact_canton_payment_already_settled" | "unexpected_canton_ledger_error";
+/**
+ * Pick the server's OWN PaymentRequirements entry that a client claims to
+ * be paying against — defeating client tampering of price / recipient.
+ *
+ * SECURITY (audit SEC-1): the facilitator is a generic relay that
+ * validates an on-ledger transfer against whatever `paymentRequirements`
+ * it is handed. The resource-server middleware receives the client's
+ * claimed `accepted` block from INSIDE the client-controlled
+ * PAYMENT-SIGNATURE envelope. If the middleware forwards that claimed
+ * block to the facilitator unchecked, an attacker can set `amount: "1"`
+ * (or `payTo: <self>`), submit a matching tiny on-ledger transfer, and
+ * still unlock the gated resource. The middleware MUST instead pin the
+ * requirements to its own configured `accepts` list.
+ *
+ * Returns the matching SERVER entry (authoritative on every field), or
+ * `null` if the client's claim does not correspond to any configured
+ * entry — in which case the middleware must respond 402 and never call
+ * the facilitator with the client's numbers.
+ *
+ * Matching is on the money-critical fields only: scheme, network, amount,
+ * asset, payTo, and extra.{transferMethod, facilitatorParty,
+ * synchronizerId, instrumentId}. `maxTimeoutSeconds` / `memo` / discovery
+ * cids are not part of the price contract.
+ */
+export declare function selectServerRequirements(accepts: PaymentRequirements[], clientAccepted: unknown): PaymentRequirements | null;
+/**
+ * Config-time consistency guard (audit L1). On the CIP-56 path the facilitator
+ * validates against `extra.instrumentId` and ignores `asset`, so if an operator
+ * configures an `asset` of the structured `<admin>::<id>` form that disagrees
+ * with `extra.instrumentId`, the mismatch is silent and the instrumentId wins.
+ * Catch it at middleware setup instead. `asset` may also be a symbolic value
+ * such as "canton-coin" (see PaymentRequirements.asset) — only the `::` form is
+ * cross-checked. Throws on a mismatch; no-op when consistent or not applicable.
+ */
+export declare function assertAssetInstrumentConsistency(req: PaymentRequirements): void;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,8CAA8C;AAC9C,MAAM,MAAM,aAAa,GACrB,eAAe,GACf,gBAAgB,GAChB,UAAU,MAAM,EAAE,CAAC;AAEvB;;;;;qEAKqE;AACrE,MAAM,MAAM,oBAAoB,GAC5B,6BAA6B,GAC7B,wBAAwB,CAAC;AAE7B,gEAAgE;AAChE,MAAM,MAAM,8BAA8B,GACtC;IACE,cAAc,EAAE,6BAA6B,CAAC;IAC9C,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,GACD;IACE,cAAc,EAAE,wBAAwB,CAAC;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B;;yEAEqE;IACrE,yBAAyB,EAAE,MAAM,CAAC;IAClC,YAAY,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5C,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAEN,yDAAyD;AACzD,MAAM,MAAM,oBAAoB,GAC5B;IACE,cAAc,EAAE,6BAA6B,CAAC;IAC9C,kBAAkB,EAAE,MAAM,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;gFAE4E;IAC5E,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GACD;IACE,cAAc,EAAE,wBAAwB,CAAC;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB;;;sCAGkC;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;mEAC+D;IAC/D,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEN;oDACoD;AACpD,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,kDAAkD;AAClD,MAAM,MAAM,kBAAkB,GAAG;IAC/B,WAAW,EAAE,CAAC,CAAC;IACf,cAAc,EAAE;QACd,WAAW,EAAE,CAAC,CAAC;QACf,MAAM,EAAE,cAAc,CAAC;QACvB,OAAO,EAAE,aAAa,CAAC;QACvB,QAAQ,EAAE,gBAAgB,CAAC;QAC3B,QAAQ,EAAE,mBAAmB,CAAC;QAC9B,OAAO,EAAE,oBAAoB,CAAC;QAC9B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACtC,CAAC;IACF,mBAAmB,EAAE,mBAAmB,CAAC;CAC1C,CAAC;AAEF,mFAAmF;AACnF,MAAM,MAAM,cAAc,GACtB;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAChC;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,aAAa,EAAE,eAAe,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvE,wBAAwB;AACxB,MAAM,MAAM,cAAc,GACtB;IACE,OAAO,EAAE,IAAI,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,aAAa,CAAC;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC,GACD;IACE,OAAO,EAAE,KAAK,CAAC;IACf,WAAW,EAAE,eAAe,CAAC;IAC7B,WAAW,EAAE,EAAE,CAAC;CACjB,CAAC;AAEN,2BAA2B;AAC3B,MAAM,MAAM,iBAAiB,GAAG;IAC9B,KAAK,EAAE,KAAK,CAAC;QACX,WAAW,EAAE,CAAC,GAAG,CAAC,CAAC;QACnB,MAAM,EAAE,cAAc,CAAC;QACvB,OAAO,EAAE,aAAa,CAAC;QACvB,KAAK,CAAC,EAAE;YAAE,eAAe,EAAE,oBAAoB,EAAE,CAAA;SAAE,CAAC;KACrD,CAAC,CAAC;IACH,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;CACnC,CAAC;AAEF,uEAAuE;AACvE,MAAM,MAAM,mBAAmB,GAAG;IAChC,MAAM,EAAE,cAAc,CAAC;IACvB,OAAO,EAAE,aAAa,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,8BAA8B,CAAC;CACvC,CAAC;AAEF,yEAAyE;AACzE,MAAM,MAAM,eAAe,GACvB,iDAAiD,GACjD,sCAAsC,GACtC,qCAAqC,GACrC,8BAA8B,GAC9B,kCAAkC,GAClC,qCAAqC,GACrC,wCAAwC,GACxC,gCAAgC,GAChC,4CAA4C,GAC5C,8CAA8C,GAC9C,wCAAwC,GAExC,qDAAqD,GACrD,qDAAqD,GAOrD,mDAAmD,GACnD,6CAA6C,GAC7C,iDAAiD,GACjD,oCAAoC,GAOpC,qCAAqC,GAGrC,8CAA8C,GAC9C,gCAAgC,CAAC;AAErC;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,mBAAmB,EAAE,EAC9B,cAAc,EAAE,OAAO,GACtB,mBAAmB,GAAG,IAAI,CAoC5B;AAED;;;;;;;;GAQG;AACH,wBAAgB,gCAAgC,CAC9C,GAAG,EAAE,mBAAmB,GACvB,IAAI,CAeN"}

package/dist/types.js

@@ -0,0 +1,93 @@
+/**
+ * Canton x402 type definitions.
+ *
+ * These mirror the v2 wire format from x402-foundation/x402, specialized
+ * for the `exact-canton` scheme. The Canton-specific bits live in
+ * `extra` (server side) and `payload` (client side); the envelope is
+ * standard x402 v2.
+ */
+/**
+ * Pick the server's OWN PaymentRequirements entry that a client claims to
+ * be paying against — defeating client tampering of price / recipient.
+ *
+ * SECURITY (audit SEC-1): the facilitator is a generic relay that
+ * validates an on-ledger transfer against whatever `paymentRequirements`
+ * it is handed. The resource-server middleware receives the client's
+ * claimed `accepted` block from INSIDE the client-controlled
+ * PAYMENT-SIGNATURE envelope. If the middleware forwards that claimed
+ * block to the facilitator unchecked, an attacker can set `amount: "1"`
+ * (or `payTo: <self>`), submit a matching tiny on-ledger transfer, and
+ * still unlock the gated resource. The middleware MUST instead pin the
+ * requirements to its own configured `accepts` list.
+ *
+ * Returns the matching SERVER entry (authoritative on every field), or
+ * `null` if the client's claim does not correspond to any configured
+ * entry — in which case the middleware must respond 402 and never call
+ * the facilitator with the client's numbers.
+ *
+ * Matching is on the money-critical fields only: scheme, network, amount,
+ * asset, payTo, and extra.{transferMethod, facilitatorParty,
+ * synchronizerId, instrumentId}. `maxTimeoutSeconds` / `memo` / discovery
+ * cids are not part of the price contract.
+ */
+export function selectServerRequirements(accepts, clientAccepted) {
+    if (typeof clientAccepted !== "object" || clientAccepted === null) {
+        return null;
+    }
+    const c = clientAccepted;
+    const cExtra = (c.extra ?? {});
+    for (const r of accepts) {
+        const rExtra = r.extra;
+        if (r.scheme !== c.scheme)
+            continue;
+        if (r.network !== c.network)
+            continue;
+        if (r.amount !== c.amount)
+            continue;
+        if (r.asset !== c.asset)
+            continue;
+        if (r.payTo !== c.payTo)
+            continue;
+        if (rExtra.transferMethod !== cExtra.transferMethod)
+            continue;
+        if (rExtra.facilitatorParty !== cExtra.facilitatorParty)
+            continue;
+        if (rExtra.synchronizerId !== cExtra.synchronizerId)
+            continue;
+        // instrumentId (CIP-56): if either side carries it, both must match.
+        const rInst = rExtra.instrumentId;
+        const cInst = cExtra.instrumentId;
+        if (rInst || cInst) {
+            if (!rInst || !cInst)
+                continue;
+            if (rInst.admin !== cInst.admin || rInst.id !== cInst.id)
+                continue;
+        }
+        return r;
+    }
+    return null;
+}
+/**
+ * Config-time consistency guard (audit L1). On the CIP-56 path the facilitator
+ * validates against `extra.instrumentId` and ignores `asset`, so if an operator
+ * configures an `asset` of the structured `<admin>::<id>` form that disagrees
+ * with `extra.instrumentId`, the mismatch is silent and the instrumentId wins.
+ * Catch it at middleware setup instead. `asset` may also be a symbolic value
+ * such as "canton-coin" (see PaymentRequirements.asset) — only the `::` form is
+ * cross-checked. Throws on a mismatch; no-op when consistent or not applicable.
+ */
+export function assertAssetInstrumentConsistency(req) {
+    const inst = req.extra.instrumentId;
+    if (!inst)
+        return;
+    if (!req.asset.includes("::"))
+        return; // symbolic asset (e.g. "canton-coin")
+    const expected = `${inst.admin}::${inst.id}`;
+    if (req.asset !== expected) {
+        throw new Error(`payment requirements asset "${req.asset}" disagrees with ` +
+            `extra.instrumentId ("${expected}"). On the CIP-56 path instrumentId ` +
+            `is authoritative, so a mismatched asset is an operator misconfig — ` +
+            `make asset and extra.instrumentId.{admin,id} consistent.`);
+    }
+}
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA4KH;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,UAAU,wBAAwB,CACtC,OAA8B,EAC9B,cAAuB;IAEvB,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAClE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,CAAC,GAAG,cAA8C,CAAC;IACzD,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAK3B,CAAC;IACH,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,CAAC,CAAC,KAKhB,CAAC;QACF,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;YAAE,SAAS;QACpC,IAAI,CAAC,CAAC,OAAO,KAAK,CAAC,CAAC,OAAO;YAAE,SAAS;QACtC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;YAAE,SAAS;QACpC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK;YAAE,SAAS;QAClC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK;YAAE,SAAS;QAClC,IAAI,MAAM,CAAC,cAAc,KAAK,MAAM,CAAC,cAAc;YAAE,SAAS;QAC9D,IAAI,MAAM,CAAC,gBAAgB,KAAK,MAAM,CAAC,gBAAgB;YAAE,SAAS;QAClE,IAAI,MAAM,CAAC,cAAc,KAAK,MAAM,CAAC,cAAc;YAAE,SAAS;QAC9D,qEAAqE;QACrE,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC;QAClC,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC;QAClC,IAAI,KAAK,IAAI,KAAK,EAAE,CAAC;YACnB,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK;gBAAE,SAAS;YAC/B,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,EAAE,KAAK,KAAK,CAAC,EAAE;gBAAE,SAAS;QACrE,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,gCAAgC,CAC9C,GAAwB;IAExB,MAAM,IAAI,GACR,GAAG,CAAC,KACL,CAAC,YAAY,CAAC;IACf,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,sCAAsC;IAC7E,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;IAC7C,IAAI,GAAG,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,+BAA+B,GAAG,CAAC,KAAK,mBAAmB;YACzD,wBAAwB,QAAQ,sCAAsC;YACtE,qEAAqE;YACrE,0DAA0D,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC"}

package/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "@ftptech/x402-canton-core",
+  "version": "0.1.0",
+  "description": "Shared types and helpers for the Canton x402 stack",
+  "license": "Apache-2.0",
+  "author": "FTP team",
+  "homepage": "https://github.com/sunstrike228/canton-x402#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/sunstrike228/canton-x402.git",
+    "directory": "packages/core"
+  },
+  "bugs": {
+    "url": "https://github.com/sunstrike228/canton-x402/issues"
+  },
+  "keywords": [
+    "x402",
+    "canton",
+    "canton-network",
+    "payment",
+    "http",
+    "402"
+  ],
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "typecheck": "tsc -p tsconfig.json --noEmit",
+    "test": "vitest run --passWithNoTests",
+    "lint": "eslint src --max-warnings 0"
+  }
+}