@mixrpay/merchant-sdk 0.1.0

package/dist/index.mjs

@@ -0,0 +1,843 @@
+// src/verify.ts
+import { recoverTypedDataAddress } from "viem";
+
+// src/utils.ts
+var USDC_CONTRACTS = {
+  8453: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+  // Base Mainnet
+  84532: "0x036CbD53842c5426634e7929541eC2318f3dCF7e"
+  // Base Sepolia
+};
+var DEFAULT_FACILITATOR = "https://x402.org/facilitator";
+function getUSDCDomain(chainId) {
+  const verifyingContract = USDC_CONTRACTS[chainId];
+  if (!verifyingContract) {
+    throw new Error(`Unsupported chain ID: ${chainId}. Supported: ${Object.keys(USDC_CONTRACTS).join(", ")}`);
+  }
+  return {
+    name: "USD Coin",
+    version: "2",
+    chainId,
+    verifyingContract
+  };
+}
+var TRANSFER_WITH_AUTHORIZATION_TYPES = {
+  TransferWithAuthorization: [
+    { name: "from", type: "address" },
+    { name: "to", type: "address" },
+    { name: "value", type: "uint256" },
+    { name: "validAfter", type: "uint256" },
+    { name: "validBefore", type: "uint256" },
+    { name: "nonce", type: "bytes32" }
+  ]
+};
+function usdToMinor(usd) {
+  return BigInt(Math.round(usd * 1e6));
+}
+function minorToUsd(minor) {
+  return Number(minor) / 1e6;
+}
+function generateNonce() {
+  const bytes = new Uint8Array(32);
+  crypto.getRandomValues(bytes);
+  return `0x${Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("")}`;
+}
+function isValidAddress(address) {
+  return /^0x[a-fA-F0-9]{40}$/.test(address);
+}
+function normalizeAddress(address) {
+  if (!isValidAddress(address)) {
+    throw new Error(`Invalid address: ${address}`);
+  }
+  return address.toLowerCase();
+}
+function base64Decode(str) {
+  if (typeof Buffer !== "undefined") {
+    return Buffer.from(str, "base64").toString("utf-8");
+  }
+  return atob(str);
+}
+
+// src/verify.ts
+async function verifyX402Payment(paymentHeader, options) {
+  try {
+    let decoded;
+    try {
+      const jsonStr = base64Decode(paymentHeader);
+      decoded = JSON.parse(jsonStr);
+    } catch (e) {
+      return { valid: false, error: "Invalid payment header encoding" };
+    }
+    if (!decoded.payload?.authorization || !decoded.payload?.signature) {
+      return { valid: false, error: "Missing authorization or signature in payment" };
+    }
+    const { authorization, signature } = decoded.payload;
+    const chainId = options.chainId || 8453;
+    const message = {
+      from: authorization.from,
+      to: authorization.to,
+      value: BigInt(authorization.value),
+      validAfter: BigInt(authorization.validAfter),
+      validBefore: BigInt(authorization.validBefore),
+      nonce: authorization.nonce
+    };
+    const domain = getUSDCDomain(chainId);
+    let signerAddress;
+    try {
+      signerAddress = await recoverTypedDataAddress({
+        domain,
+        types: TRANSFER_WITH_AUTHORIZATION_TYPES,
+        primaryType: "TransferWithAuthorization",
+        message,
+        signature
+      });
+    } catch (e) {
+      return { valid: false, error: "Failed to recover signer from signature" };
+    }
+    if (signerAddress.toLowerCase() !== authorization.from.toLowerCase()) {
+      return {
+        valid: false,
+        error: `Signature mismatch: expected ${authorization.from}, got ${signerAddress}`
+      };
+    }
+    const paymentAmount = BigInt(authorization.value);
+    if (paymentAmount < options.expectedAmount) {
+      return {
+        valid: false,
+        error: `Insufficient payment: expected ${options.expectedAmount}, got ${paymentAmount}`
+      };
+    }
+    if (authorization.to.toLowerCase() !== options.expectedRecipient.toLowerCase()) {
+      return {
+        valid: false,
+        error: `Wrong recipient: expected ${options.expectedRecipient}, got ${authorization.to}`
+      };
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    if (Number(authorization.validBefore) < now) {
+      return { valid: false, error: "Payment authorization has expired" };
+    }
+    if (Number(authorization.validAfter) > now) {
+      return { valid: false, error: "Payment authorization is not yet valid" };
+    }
+    let txHash;
+    let settledAt;
+    if (!options.skipSettlement) {
+      const facilitatorUrl = options.facilitator || DEFAULT_FACILITATOR;
+      try {
+        const settlementResponse = await fetch(`${facilitatorUrl}/settle`, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({
+            authorization,
+            signature,
+            chainId
+          })
+        });
+        if (!settlementResponse.ok) {
+          const errorBody = await settlementResponse.text();
+          let errorMessage = "Settlement failed";
+          try {
+            const errorJson = JSON.parse(errorBody);
+            errorMessage = errorJson.message || errorJson.error || errorMessage;
+          } catch {
+            errorMessage = errorBody || errorMessage;
+          }
+          return { valid: false, error: `Settlement failed: ${errorMessage}` };
+        }
+        const settlement = await settlementResponse.json();
+        txHash = settlement.txHash || settlement.tx_hash;
+        settledAt = /* @__PURE__ */ new Date();
+      } catch (e) {
+        return {
+          valid: false,
+          error: `Settlement request failed: ${e.message}`
+        };
+      }
+    }
+    return {
+      valid: true,
+      payer: authorization.from,
+      amount: minorToUsd(paymentAmount),
+      amountMinor: paymentAmount,
+      txHash,
+      settledAt: settledAt || /* @__PURE__ */ new Date(),
+      nonce: authorization.nonce
+    };
+  } catch (error) {
+    return {
+      valid: false,
+      error: `Verification error: ${error.message}`
+    };
+  }
+}
+async function parseX402Payment(paymentHeader, chainId = 8453) {
+  try {
+    const jsonStr = base64Decode(paymentHeader);
+    const decoded = JSON.parse(jsonStr);
+    if (!decoded.payload?.authorization) {
+      return { valid: false, error: "Missing authorization in payment" };
+    }
+    const { authorization, signature } = decoded.payload;
+    const domain = getUSDCDomain(chainId);
+    const message = {
+      from: authorization.from,
+      to: authorization.to,
+      value: BigInt(authorization.value),
+      validAfter: BigInt(authorization.validAfter),
+      validBefore: BigInt(authorization.validBefore),
+      nonce: authorization.nonce
+    };
+    const signerAddress = await recoverTypedDataAddress({
+      domain,
+      types: TRANSFER_WITH_AUTHORIZATION_TYPES,
+      primaryType: "TransferWithAuthorization",
+      message,
+      signature
+    });
+    if (signerAddress.toLowerCase() !== authorization.from.toLowerCase()) {
+      return { valid: false, error: "Signature mismatch" };
+    }
+    const amountMinor = BigInt(authorization.value);
+    return {
+      valid: true,
+      payer: authorization.from,
+      recipient: authorization.to,
+      amount: minorToUsd(amountMinor),
+      amountMinor,
+      expiresAt: new Date(Number(authorization.validBefore) * 1e3)
+    };
+  } catch (error) {
+    return { valid: false, error: `Parse error: ${error.message}` };
+  }
+}
+
+// src/receipt.ts
+import * as jose from "jose";
+var DEFAULT_JWKS_URL = process.env.MIXRPAY_JWKS_URL || "http://localhost:3000/.well-known/jwks";
+var JWKS_CACHE_TTL_MS = 60 * 60 * 1e3;
+var jwksCache = /* @__PURE__ */ new Map();
+async function getJWKS(jwksUrl) {
+  const cached = jwksCache.get(jwksUrl);
+  const now = Date.now();
+  if (cached && now - cached.fetchedAt < JWKS_CACHE_TTL_MS) {
+    return cached.jwks;
+  }
+  const response = await fetch(jwksUrl);
+  if (!response.ok) {
+    throw new Error(`Failed to fetch JWKS from ${jwksUrl}: ${response.status} ${response.statusText}`);
+  }
+  const jwks = await response.json();
+  if (!jwks.keys || !Array.isArray(jwks.keys) || jwks.keys.length === 0) {
+    throw new Error("Invalid JWKS: missing or empty keys array");
+  }
+  jwksCache.set(jwksUrl, { jwks, fetchedAt: now });
+  return jwks;
+}
+async function createKeySet(jwksUrl) {
+  const jwks = await getJWKS(jwksUrl);
+  return jose.createLocalJWKSet(jwks);
+}
+async function verifyPaymentReceipt(receipt, options) {
+  const jwksUrl = options?.jwksUrl || DEFAULT_JWKS_URL;
+  try {
+    const keySet = await createKeySet(jwksUrl);
+    const verifyOptions = {
+      algorithms: ["RS256"]
+    };
+    if (options?.issuer) {
+      verifyOptions.issuer = options.issuer;
+    }
+    const { payload } = await jose.jwtVerify(receipt, keySet, verifyOptions);
+    const requiredFields = ["paymentId", "amount", "amountUsd", "payer", "recipient", "chainId", "txHash", "settledAt"];
+    for (const field of requiredFields) {
+      if (!(field in payload)) {
+        throw new Error(`Missing required field in receipt: ${field}`);
+      }
+    }
+    return {
+      paymentId: payload.paymentId,
+      amount: payload.amount,
+      amountUsd: payload.amountUsd,
+      payer: payload.payer,
+      recipient: payload.recipient,
+      chainId: payload.chainId,
+      txHash: payload.txHash,
+      settledAt: payload.settledAt,
+      issuedAt: new Date(payload.iat * 1e3),
+      expiresAt: new Date(payload.exp * 1e3)
+    };
+  } catch (error) {
+    if (error instanceof jose.errors.JWTExpired) {
+      throw new Error("Payment receipt has expired");
+    }
+    if (error instanceof jose.errors.JWTClaimValidationFailed) {
+      throw new Error(`Receipt validation failed: ${error.message}`);
+    }
+    if (error instanceof jose.errors.JWSSignatureVerificationFailed) {
+      throw new Error("Invalid receipt signature");
+    }
+    throw error;
+  }
+}
+function parsePaymentReceipt(receipt) {
+  const decoded = jose.decodeJwt(receipt);
+  return {
+    paymentId: decoded.paymentId,
+    amount: decoded.amount,
+    amountUsd: decoded.amountUsd,
+    payer: decoded.payer,
+    recipient: decoded.recipient,
+    chainId: decoded.chainId,
+    txHash: decoded.txHash,
+    settledAt: decoded.settledAt,
+    issuedAt: decoded.iat ? new Date(decoded.iat * 1e3) : void 0,
+    expiresAt: decoded.exp ? new Date(decoded.exp * 1e3) : void 0
+  };
+}
+function isReceiptExpired(receipt) {
+  const parsed = typeof receipt === "string" ? parsePaymentReceipt(receipt) : receipt;
+  if (!parsed.expiresAt) {
+    return false;
+  }
+  return parsed.expiresAt.getTime() < Date.now();
+}
+function clearJWKSCache() {
+  jwksCache.clear();
+}
+function getDefaultJWKSUrl() {
+  return DEFAULT_JWKS_URL;
+}
+
+// src/charges.ts
+import crypto2 from "crypto";
+var ChargesClient = class {
+  constructor(options) {
+    this.apiKey = options.apiKey;
+    this.baseUrl = options.baseUrl || process.env.MIXRPAY_BASE_URL || "http://localhost:3000";
+  }
+  /**
+   * Create a new charge.
+   * 
+   * @example
+   * ```typescript
+   * const result = await charges.create({
+   *   sessionId: 'sk_xxx',
+   *   amountUsd: 0.05,
+   *   reference: 'image_gen_123',
+   *   metadata: { feature: 'image_generation' }
+   * });
+   * 
+   * if (result.success) {
+   *   console.log(`Charged ${result.charge.amountUsdc}`);
+   *   console.log(`TX: ${result.charge.explorerUrl}`);
+   * }
+   * ```
+   */
+  async create(params) {
+    const response = await fetch(`${this.baseUrl}/api/v1/charges`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Bearer ${this.apiKey}`
+      },
+      body: JSON.stringify({
+        session_id: params.sessionId,
+        amount_usd: params.amountUsd,
+        reference: params.reference,
+        metadata: params.metadata
+      })
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      return {
+        success: false,
+        error: data.error,
+        details: data.details
+      };
+    }
+    return {
+      success: data.success,
+      charge: data.charge_id ? {
+        id: data.charge_id,
+        status: data.status,
+        amountUsd: data.amount_usd ?? 0,
+        amountUsdc: data.amount_usdc ?? "0",
+        txHash: data.tx_hash,
+        explorerUrl: data.explorer_url,
+        fromAddress: "",
+        toAddress: "",
+        reference: params.reference,
+        createdAt: (/* @__PURE__ */ new Date()).toISOString()
+      } : void 0,
+      idempotentReplay: data.idempotent_replay,
+      error: data.error
+    };
+  }
+  /**
+   * Get a charge by ID.
+   * 
+   * @example
+   * ```typescript
+   * const charge = await charges.get('chg_xxx');
+   * console.log(charge.status); // 'confirmed'
+   * ```
+   */
+  async get(chargeId) {
+    const response = await fetch(`${this.baseUrl}/api/v1/charges?id=${chargeId}`, {
+      headers: {
+        "Authorization": `Bearer ${this.apiKey}`
+      }
+    });
+    if (!response.ok) {
+      if (response.status === 404) {
+        return null;
+      }
+      throw new Error(`Failed to get charge: ${response.statusText}`);
+    }
+    const data = await response.json();
+    return {
+      id: data.id,
+      status: data.status,
+      amountUsd: data.amount_usd,
+      amountUsdc: data.amount_usdc,
+      txHash: data.tx_hash,
+      explorerUrl: data.explorer_url,
+      fromAddress: data.from_address,
+      toAddress: data.to_address,
+      reference: data.reference,
+      createdAt: data.created_at,
+      confirmedAt: data.confirmed_at,
+      sessionName: data.session_name,
+      userWallet: data.user_wallet
+    };
+  }
+  /**
+   * Get a charge by transaction hash.
+   */
+  async getByTxHash(txHash) {
+    const response = await fetch(`${this.baseUrl}/api/v1/charges?tx_hash=${txHash}`, {
+      headers: {
+        "Authorization": `Bearer ${this.apiKey}`
+      }
+    });
+    if (!response.ok) {
+      if (response.status === 404) {
+        return null;
+      }
+      throw new Error(`Failed to get charge: ${response.statusText}`);
+    }
+    const data = await response.json();
+    return {
+      id: data.id,
+      status: data.status,
+      amountUsd: data.amount_usd,
+      amountUsdc: data.amount_usdc,
+      txHash: data.tx_hash,
+      explorerUrl: data.explorer_url,
+      fromAddress: data.from_address,
+      toAddress: data.to_address,
+      reference: data.reference,
+      createdAt: data.created_at,
+      confirmedAt: data.confirmed_at,
+      sessionName: data.session_name,
+      userWallet: data.user_wallet
+    };
+  }
+};
+function verifySessionWebhook(payload, signature, secret) {
+  const expectedSignature = crypto2.createHmac("sha256", secret).update(payload).digest("hex");
+  return crypto2.timingSafeEqual(
+    Buffer.from(signature),
+    Buffer.from(expectedSignature)
+  );
+}
+function parseSessionGrant(payload) {
+  if (payload.event !== "session.granted") {
+    throw new Error(`Unexpected event type: ${payload.event}`);
+  }
+  return {
+    sessionId: payload.session_id,
+    userWallet: payload.user_wallet,
+    merchantWallet: payload.merchant_wallet,
+    limits: {
+      maxTotalUsd: payload.limits.max_total_usd,
+      maxPerTxUsd: payload.limits.max_per_tx_usd,
+      expiresAt: payload.limits.expires_at
+    },
+    grantedAt: payload.granted_at
+  };
+}
+
+// src/receipt-fetcher.ts
+var DEFAULT_MIXRPAY_API_URL = process.env.MIXRPAY_BASE_URL || "http://localhost:3000";
+async function fetchPaymentReceipt(params) {
+  const apiUrl = params.apiUrl || DEFAULT_MIXRPAY_API_URL;
+  const endpoint = `${apiUrl}/api/v1/receipts`;
+  try {
+    const response = await fetch(endpoint, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        tx_hash: params.txHash,
+        payer: params.payer,
+        recipient: params.recipient,
+        amount: params.amount.toString(),
+        chain_id: params.chainId
+      })
+    });
+    if (!response.ok) {
+      console.warn(`[x402] Receipt fetch failed: ${response.status} ${response.statusText}`);
+      return null;
+    }
+    const data = await response.json();
+    return data.receipt || null;
+  } catch (error) {
+    console.warn("[x402] Receipt fetch error:", error.message);
+    return null;
+  }
+}
+
+// src/middleware/express.ts
+function x402(options) {
+  return async (req, res, next) => {
+    try {
+      const context = {
+        path: req.path,
+        method: req.method,
+        headers: req.headers,
+        body: req.body
+      };
+      if (options.skip) {
+        const shouldSkip = await options.skip(context);
+        if (shouldSkip) {
+          return next();
+        }
+      }
+      const recipient = options.recipient || process.env.MIXRPAY_MERCHANT_ADDRESS;
+      if (!recipient) {
+        console.error("[x402] No recipient address configured. Set MIXRPAY_MERCHANT_ADDRESS env var or pass recipient option.");
+        return res.status(500).json({
+          error: "Payment configuration error",
+          message: "Merchant wallet address not configured"
+        });
+      }
+      const price = options.getPrice ? await options.getPrice(context) : options.price;
+      const priceMinor = usdToMinor(price);
+      const chainId = options.chainId || 8453;
+      const facilitator = options.facilitator || DEFAULT_FACILITATOR;
+      const paymentHeader = req.headers["x-payment"];
+      if (!paymentHeader) {
+        const nonce = generateNonce();
+        const expiresAt = Math.floor(Date.now() / 1e3) + 300;
+        const paymentRequired = {
+          recipient,
+          amount: priceMinor.toString(),
+          currency: "USDC",
+          chainId,
+          facilitator,
+          nonce,
+          expiresAt,
+          description: options.description
+        };
+        res.setHeader("X-Payment-Required", JSON.stringify(paymentRequired));
+        res.setHeader("WWW-Authenticate", `X-402 ${Buffer.from(JSON.stringify(paymentRequired)).toString("base64")}`);
+        return res.status(402).json({
+          error: "Payment required",
+          payment: paymentRequired
+        });
+      }
+      const result = await verifyX402Payment(paymentHeader, {
+        expectedAmount: priceMinor,
+        expectedRecipient: recipient,
+        chainId,
+        facilitator,
+        skipSettlement: options.testMode
+      });
+      if (!result.valid) {
+        return res.status(402).json({
+          error: "Invalid payment",
+          reason: result.error
+        });
+      }
+      req.x402Payment = result;
+      if (result.txHash) {
+        res.setHeader("X-Payment-TxHash", result.txHash);
+      }
+      const receiptMode = options.receiptMode || "webhook";
+      if ((receiptMode === "jwt" || receiptMode === "both") && result.txHash && result.payer) {
+        try {
+          const receipt = await fetchPaymentReceipt({
+            txHash: result.txHash,
+            payer: result.payer,
+            recipient,
+            amount: priceMinor,
+            chainId,
+            apiUrl: options.mixrpayApiUrl
+          });
+          if (receipt) {
+            result.receipt = receipt;
+            res.setHeader("X-Payment-Receipt", receipt);
+          }
+        } catch (receiptError) {
+          console.warn("[x402] Failed to fetch JWT receipt:", receiptError);
+        }
+      }
+      if (options.onPayment) {
+        await options.onPayment(result);
+      }
+      next();
+    } catch (error) {
+      console.error("[x402] Middleware error:", error);
+      return res.status(500).json({
+        error: "Payment processing error",
+        message: error.message
+      });
+    }
+  };
+}
+
+// src/middleware/nextjs.ts
+import { NextResponse } from "next/server";
+function withX402(config, handler) {
+  return async (req) => {
+    try {
+      const recipient = config.recipient || process.env.MIXRPAY_MERCHANT_ADDRESS;
+      if (!recipient) {
+        console.error("[x402] No recipient address configured");
+        return NextResponse.json(
+          { error: "Payment configuration error" },
+          { status: 500 }
+        );
+      }
+      const price = config.getPrice ? await config.getPrice(req) : config.price;
+      const priceMinor = usdToMinor(price);
+      const chainId = config.chainId || 8453;
+      const facilitator = config.facilitator || DEFAULT_FACILITATOR;
+      const paymentHeader = req.headers.get("x-payment");
+      if (!paymentHeader) {
+        const nonce = generateNonce();
+        const expiresAt = Math.floor(Date.now() / 1e3) + 300;
+        const paymentRequired = {
+          recipient,
+          amount: priceMinor.toString(),
+          currency: "USDC",
+          chainId,
+          facilitator,
+          nonce,
+          expiresAt,
+          description: config.description
+        };
+        return NextResponse.json(
+          { error: "Payment required", payment: paymentRequired },
+          {
+            status: 402,
+            headers: {
+              "X-Payment-Required": JSON.stringify(paymentRequired),
+              "WWW-Authenticate": `X-402 ${Buffer.from(JSON.stringify(paymentRequired)).toString("base64")}`
+            }
+          }
+        );
+      }
+      const result = await verifyX402Payment(paymentHeader, {
+        expectedAmount: priceMinor,
+        expectedRecipient: recipient,
+        chainId,
+        facilitator,
+        skipSettlement: config.testMode
+      });
+      if (!result.valid) {
+        return NextResponse.json(
+          { error: "Invalid payment", reason: result.error },
+          { status: 402 }
+        );
+      }
+      const receiptMode = config.receiptMode || "webhook";
+      if ((receiptMode === "jwt" || receiptMode === "both") && result.txHash && result.payer) {
+        try {
+          const receipt = await fetchPaymentReceipt({
+            txHash: result.txHash,
+            payer: result.payer,
+            recipient,
+            amount: priceMinor,
+            chainId,
+            apiUrl: config.mixrpayApiUrl
+          });
+          if (receipt) {
+            result.receipt = receipt;
+          }
+        } catch (receiptError) {
+          console.warn("[x402] Failed to fetch JWT receipt:", receiptError);
+        }
+      }
+      if (config.onPayment) {
+        await config.onPayment(result, req);
+      }
+      const response = await handler(req, result);
+      if (result.txHash) {
+        response.headers.set("X-Payment-TxHash", result.txHash);
+      }
+      if (result.receipt) {
+        response.headers.set("X-Payment-Receipt", result.receipt);
+      }
+      return response;
+    } catch (error) {
+      console.error("[x402] Handler error:", error);
+      return NextResponse.json(
+        { error: "Payment processing error" },
+        { status: 500 }
+      );
+    }
+  };
+}
+function createPaymentRequired(options) {
+  const priceMinor = usdToMinor(options.amount);
+  const nonce = generateNonce();
+  const expiresAt = Math.floor(Date.now() / 1e3) + 300;
+  const paymentRequired = {
+    recipient: options.recipient,
+    amount: priceMinor.toString(),
+    currency: "USDC",
+    chainId: options.chainId || 8453,
+    facilitator: options.facilitator || DEFAULT_FACILITATOR,
+    nonce,
+    expiresAt,
+    description: options.description
+  };
+  return NextResponse.json(
+    { error: "Payment required", payment: paymentRequired },
+    {
+      status: 402,
+      headers: {
+        "X-Payment-Required": JSON.stringify(paymentRequired)
+      }
+    }
+  );
+}
+
+// src/middleware/fastify.ts
+var x402Plugin = (fastify, options, done) => {
+  fastify.decorateRequest("x402Payment", null);
+  fastify.decorate("x402Defaults", {
+    recipient: options.recipient || process.env.MIXRPAY_MERCHANT_ADDRESS,
+    chainId: options.chainId || 8453,
+    facilitator: options.facilitator || DEFAULT_FACILITATOR
+  });
+  done();
+};
+function x4022(options) {
+  return async (request, reply) => {
+    const context = {
+      path: request.url,
+      method: request.method,
+      headers: request.headers,
+      body: request.body
+    };
+    if (options.skip) {
+      const shouldSkip = await options.skip(context);
+      if (shouldSkip) {
+        return;
+      }
+    }
+    const defaults = request.server.x402Defaults || {};
+    const recipient = options.recipient || defaults.recipient || process.env.MIXRPAY_MERCHANT_ADDRESS;
+    if (!recipient) {
+      request.log.error("[x402] No recipient address configured");
+      return reply.status(500).send({
+        error: "Payment configuration error",
+        message: "Merchant wallet address not configured"
+      });
+    }
+    const price = options.getPrice ? await options.getPrice(context) : options.price;
+    const priceMinor = usdToMinor(price);
+    const chainId = options.chainId || defaults.chainId || 8453;
+    const facilitator = options.facilitator || defaults.facilitator || DEFAULT_FACILITATOR;
+    const paymentHeader = request.headers["x-payment"];
+    if (!paymentHeader) {
+      const nonce = generateNonce();
+      const expiresAt = Math.floor(Date.now() / 1e3) + 300;
+      const paymentRequired = {
+        recipient,
+        amount: priceMinor.toString(),
+        currency: "USDC",
+        chainId,
+        facilitator,
+        nonce,
+        expiresAt,
+        description: options.description
+      };
+      reply.header("X-Payment-Required", JSON.stringify(paymentRequired));
+      reply.header("WWW-Authenticate", `X-402 ${Buffer.from(JSON.stringify(paymentRequired)).toString("base64")}`);
+      return reply.status(402).send({
+        error: "Payment required",
+        payment: paymentRequired
+      });
+    }
+    const result = await verifyX402Payment(paymentHeader, {
+      expectedAmount: priceMinor,
+      expectedRecipient: recipient,
+      chainId,
+      facilitator,
+      skipSettlement: options.testMode
+    });
+    if (!result.valid) {
+      return reply.status(402).send({
+        error: "Invalid payment",
+        reason: result.error
+      });
+    }
+    request.x402Payment = result;
+    if (result.txHash) {
+      reply.header("X-Payment-TxHash", result.txHash);
+    }
+    const receiptMode = options.receiptMode || "webhook";
+    if ((receiptMode === "jwt" || receiptMode === "both") && result.txHash && result.payer) {
+      try {
+        const receipt = await fetchPaymentReceipt({
+          txHash: result.txHash,
+          payer: result.payer,
+          recipient,
+          amount: priceMinor,
+          chainId,
+          apiUrl: options.mixrpayApiUrl
+        });
+        if (receipt) {
+          result.receipt = receipt;
+          reply.header("X-Payment-Receipt", receipt);
+        }
+      } catch (receiptError) {
+        request.log.warn({ err: receiptError }, "[x402] Failed to fetch JWT receipt");
+      }
+    }
+    if (options.onPayment) {
+      await options.onPayment(result);
+    }
+  };
+}
+export {
+  ChargesClient,
+  DEFAULT_FACILITATOR,
+  USDC_CONTRACTS,
+  clearJWKSCache,
+  createPaymentRequired,
+  x402 as expressX402,
+  x4022 as fastifyX402,
+  generateNonce,
+  getDefaultJWKSUrl,
+  isReceiptExpired,
+  isValidAddress,
+  minorToUsd,
+  normalizeAddress,
+  parsePaymentReceipt,
+  parseSessionGrant,
+  parseX402Payment,
+  usdToMinor,
+  verifyPaymentReceipt,
+  verifySessionWebhook,
+  verifyX402Payment,
+  withX402,
+  x402Plugin
+};
+//# sourceMappingURL=index.mjs.map