@mixrpay/merchant-sdk 0.1.0

package/dist/middleware/express.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/middleware/express.ts","../../src/verify.ts","../../src/utils.ts","../../src/receipt-fetcher.ts"],"sourcesContent":["/**\n * MixrPay Merchant SDK - Express Middleware\n * \n * Add x402 payment requirement to Express routes with a single line of code.\n * \n * @example\n * ```typescript\n * import express from 'express';\n * import { x402 } from '@mixrpay/merchant-sdk/express';\n * \n * const app = express();\n * \n * // Fixed price\n * app.post('/api/query', x402({ price: 0.05 }), (req, res) => {\n *   // This handler only runs after payment is verified\n *   res.json({ result: 'success', payer: req.x402Payment?.payer });\n * });\n * \n * // Dynamic pricing\n * app.post('/api/generate', x402({ \n *   getPrice: (ctx) => ctx.body?.premium ? 0.10 : 0.05 \n * }), handler);\n * \n * // With JWT receipts\n * app.post('/api/premium', x402({ price: 0.10, receiptMode: 'jwt' }), (req, res) => {\n *   // Receipt is set in X-Payment-Receipt header\n *   res.json({ receipt: req.x402Payment?.receipt });\n * });\n * ```\n */\n\nimport type { Request, Response, NextFunction } from 'express';\nimport { verifyX402Payment } from '../verify';\nimport { usdToMinor, generateNonce, DEFAULT_FACILITATOR } from '../utils';\nimport { fetchPaymentReceipt } from '../receipt-fetcher';\nimport type { X402Options, X402PaymentResult, X402PaymentRequired, PriceContext } from '../types';\n\n// Extend Express Request type\ndeclare global {\n  // eslint-disable-next-line @typescript-eslint/no-namespace\n  namespace Express {\n    interface Request {\n      /** Payment result after x402 verification */\n      x402Payment?: X402PaymentResult;\n    }\n  }\n}\n\n/**\n * Express middleware that adds x402 payment requirement to a route.\n * \n * When a request comes in without a valid X-PAYMENT header, it returns\n * a 402 Payment Required response with the payment details.\n * \n * When a valid X-PAYMENT header is provided, it verifies the payment\n * and calls the next handler with `req.x402Payment` containing the result.\n * \n * @param options - x402 configuration options\n * @returns Express middleware function\n */\nexport function x402(options: X402Options) {\n  return async (req: Request, res: Response, next: NextFunction) => {\n    try {\n      // Build context for callbacks\n      const context: PriceContext = {\n        path: req.path,\n        method: req.method,\n        headers: req.headers as Record<string, string | string[] | undefined>,\n        body: req.body,\n      };\n\n      // Check if we should skip payment\n      if (options.skip) {\n        const shouldSkip = await options.skip(context);\n        if (shouldSkip) {\n          return next();\n        }\n      }\n\n      // Get recipient address\n      const recipient = options.recipient || process.env.MIXRPAY_MERCHANT_ADDRESS;\n      if (!recipient) {\n        console.error('[x402] No recipient address configured. Set MIXRPAY_MERCHANT_ADDRESS env var or pass recipient option.');\n        return res.status(500).json({ \n          error: 'Payment configuration error',\n          message: 'Merchant wallet address not configured',\n        });\n      }\n\n      // Determine price\n      const price = options.getPrice \n        ? await options.getPrice(context) \n        : options.price;\n      \n      const priceMinor = usdToMinor(price);\n      const chainId = options.chainId || 8453;\n      const facilitator = options.facilitator || DEFAULT_FACILITATOR;\n\n      // Check for X-PAYMENT header\n      const paymentHeader = req.headers['x-payment'] as string | undefined;\n\n      if (!paymentHeader) {\n        // Return 402 with payment requirements\n        const nonce = generateNonce();\n        const expiresAt = Math.floor(Date.now() / 1000) + 300; // 5 minutes\n\n        const paymentRequired: X402PaymentRequired = {\n          recipient,\n          amount: priceMinor.toString(),\n          currency: 'USDC',\n          chainId,\n          facilitator,\n          nonce,\n          expiresAt,\n          description: options.description,\n        };\n\n        // Set headers per x402 spec\n        res.setHeader('X-Payment-Required', JSON.stringify(paymentRequired));\n        res.setHeader('WWW-Authenticate', `X-402 ${Buffer.from(JSON.stringify(paymentRequired)).toString('base64')}`);\n\n        return res.status(402).json({\n          error: 'Payment required',\n          payment: paymentRequired,\n        });\n      }\n\n      // Verify the payment\n      const result = await verifyX402Payment(paymentHeader, {\n        expectedAmount: priceMinor,\n        expectedRecipient: recipient,\n        chainId,\n        facilitator,\n        skipSettlement: options.testMode,\n      });\n\n      if (!result.valid) {\n        return res.status(402).json({\n          error: 'Invalid payment',\n          reason: result.error,\n        });\n      }\n\n      // Payment verified! Attach to request\n      req.x402Payment = result;\n\n      // Set response header with tx hash\n      if (result.txHash) {\n        res.setHeader('X-Payment-TxHash', result.txHash);\n      }\n\n      // Handle receipt mode\n      const receiptMode = options.receiptMode || 'webhook';\n      \n      if ((receiptMode === 'jwt' || receiptMode === 'both') && result.txHash && result.payer) {\n        try {\n          const receipt = await fetchPaymentReceipt({\n            txHash: result.txHash,\n            payer: result.payer,\n            recipient,\n            amount: priceMinor,\n            chainId,\n            apiUrl: options.mixrpayApiUrl,\n          });\n          \n          if (receipt) {\n            result.receipt = receipt;\n            res.setHeader('X-Payment-Receipt', receipt);\n          }\n        } catch (receiptError) {\n          console.warn('[x402] Failed to fetch JWT receipt:', receiptError);\n          // Continue without receipt - payment was still successful\n        }\n      }\n\n      // Call onPayment callback\n      if (options.onPayment) {\n        await options.onPayment(result);\n      }\n\n      next();\n    } catch (error) {\n      console.error('[x402] Middleware error:', error);\n      return res.status(500).json({\n        error: 'Payment processing error',\n        message: (error as Error).message,\n      });\n    }\n  };\n}\n\n// Re-export for convenience\nexport { x402 as default };\nexport type { X402Options, X402PaymentResult };\n\n","/**\n * MixrPay Merchant SDK - Payment Verification\n */\n\nimport { recoverTypedDataAddress } from 'viem';\nimport type { \n  X402PaymentResult, \n  X402PaymentPayload, \n  VerifyOptions,\n  TransferWithAuthorizationMessage,\n} from './types';\nimport { \n  getUSDCDomain, \n  TRANSFER_WITH_AUTHORIZATION_TYPES, \n  base64Decode,\n  minorToUsd,\n  DEFAULT_FACILITATOR,\n} from './utils';\n\n// =============================================================================\n// Payment Verification\n// =============================================================================\n\n/**\n * Verify an X-PAYMENT header and optionally settle the payment.\n * \n * @param paymentHeader - The X-PAYMENT header value (base64 encoded JSON)\n * @param options - Verification options\n * @returns Payment verification result\n * \n * @example\n * ```typescript\n * const result = await verifyX402Payment(req.headers['x-payment'], {\n *   expectedAmount: 50000n, // 0.05 USDC\n *   expectedRecipient: '0x...',\n * });\n * \n * if (result.valid) {\n *   console.log(`Payment from ${result.payer}: $${result.amount}`);\n * }\n * ```\n */\nexport async function verifyX402Payment(\n  paymentHeader: string,\n  options: VerifyOptions\n): Promise<X402PaymentResult> {\n  try {\n    // 1. Decode the X-PAYMENT header\n    let decoded: X402PaymentPayload;\n    try {\n      const jsonStr = base64Decode(paymentHeader);\n      decoded = JSON.parse(jsonStr);\n    } catch (e) {\n      return { valid: false, error: 'Invalid payment header encoding' };\n    }\n\n    // 2. Validate payload structure\n    if (!decoded.payload?.authorization || !decoded.payload?.signature) {\n      return { valid: false, error: 'Missing authorization or signature in payment' };\n    }\n\n    const { authorization, signature } = decoded.payload;\n    const chainId = options.chainId || 8453;\n\n    // 3. Build EIP-712 message for verification\n    const message: TransferWithAuthorizationMessage = {\n      from: authorization.from as `0x${string}`,\n      to: authorization.to as `0x${string}`,\n      value: BigInt(authorization.value),\n      validAfter: BigInt(authorization.validAfter),\n      validBefore: BigInt(authorization.validBefore),\n      nonce: authorization.nonce as `0x${string}`,\n    };\n\n    // 4. Recover signer address\n    const domain = getUSDCDomain(chainId);\n    let signerAddress: string;\n    \n    try {\n      signerAddress = await recoverTypedDataAddress({\n        domain,\n        types: TRANSFER_WITH_AUTHORIZATION_TYPES,\n        primaryType: 'TransferWithAuthorization',\n        message,\n        signature: signature as `0x${string}`,\n      });\n    } catch (e) {\n      return { valid: false, error: 'Failed to recover signer from signature' };\n    }\n\n    // 5. Verify signer matches the 'from' address\n    if (signerAddress.toLowerCase() !== authorization.from.toLowerCase()) {\n      return { \n        valid: false, \n        error: `Signature mismatch: expected ${authorization.from}, got ${signerAddress}` \n      };\n    }\n\n    // 6. Verify payment amount\n    const paymentAmount = BigInt(authorization.value);\n    if (paymentAmount < options.expectedAmount) {\n      return { \n        valid: false, \n        error: `Insufficient payment: expected ${options.expectedAmount}, got ${paymentAmount}` \n      };\n    }\n\n    // 7. Verify recipient\n    if (authorization.to.toLowerCase() !== options.expectedRecipient.toLowerCase()) {\n      return { \n        valid: false, \n        error: `Wrong recipient: expected ${options.expectedRecipient}, got ${authorization.to}` \n      };\n    }\n\n    // 8. Check expiration\n    const now = Math.floor(Date.now() / 1000);\n    if (Number(authorization.validBefore) < now) {\n      return { valid: false, error: 'Payment authorization has expired' };\n    }\n\n    // 9. Check validAfter\n    if (Number(authorization.validAfter) > now) {\n      return { valid: false, error: 'Payment authorization is not yet valid' };\n    }\n\n    // 10. Submit to facilitator for settlement (unless skipped)\n    let txHash: string | undefined;\n    let settledAt: Date | undefined;\n\n    if (!options.skipSettlement) {\n      const facilitatorUrl = options.facilitator || DEFAULT_FACILITATOR;\n      \n      try {\n        const settlementResponse = await fetch(`${facilitatorUrl}/settle`, {\n          method: 'POST',\n          headers: { 'Content-Type': 'application/json' },\n          body: JSON.stringify({ \n            authorization, \n            signature,\n            chainId,\n          }),\n        });\n\n        if (!settlementResponse.ok) {\n          const errorBody = await settlementResponse.text();\n          let errorMessage = 'Settlement failed';\n          try {\n            const errorJson = JSON.parse(errorBody);\n            errorMessage = errorJson.message || errorJson.error || errorMessage;\n          } catch {\n            errorMessage = errorBody || errorMessage;\n          }\n          return { valid: false, error: `Settlement failed: ${errorMessage}` };\n        }\n\n        const settlement = await settlementResponse.json() as { txHash?: string; tx_hash?: string };\n        txHash = settlement.txHash || settlement.tx_hash;\n        settledAt = new Date();\n      } catch (e) {\n        return { \n          valid: false, \n          error: `Settlement request failed: ${(e as Error).message}` \n        };\n      }\n    }\n\n    // Success!\n    return {\n      valid: true,\n      payer: authorization.from,\n      amount: minorToUsd(paymentAmount),\n      amountMinor: paymentAmount,\n      txHash,\n      settledAt: settledAt || new Date(),\n      nonce: authorization.nonce,\n    };\n\n  } catch (error) {\n    return { \n      valid: false, \n      error: `Verification error: ${(error as Error).message}` \n    };\n  }\n}\n\n/**\n * Parse and validate an X-PAYMENT header without settlement.\n * Useful for checking if a payment is structurally valid before processing.\n */\nexport async function parseX402Payment(\n  paymentHeader: string,\n  chainId: number = 8453\n): Promise<{\n  valid: boolean;\n  error?: string;\n  payer?: string;\n  recipient?: string;\n  amount?: number;\n  amountMinor?: bigint;\n  expiresAt?: Date;\n}> {\n  try {\n    const jsonStr = base64Decode(paymentHeader);\n    const decoded: X402PaymentPayload = JSON.parse(jsonStr);\n\n    if (!decoded.payload?.authorization) {\n      return { valid: false, error: 'Missing authorization in payment' };\n    }\n\n    const { authorization, signature } = decoded.payload;\n\n    // Verify signature\n    const domain = getUSDCDomain(chainId);\n    const message: TransferWithAuthorizationMessage = {\n      from: authorization.from as `0x${string}`,\n      to: authorization.to as `0x${string}`,\n      value: BigInt(authorization.value),\n      validAfter: BigInt(authorization.validAfter),\n      validBefore: BigInt(authorization.validBefore),\n      nonce: authorization.nonce as `0x${string}`,\n    };\n\n    const signerAddress = await recoverTypedDataAddress({\n      domain,\n      types: TRANSFER_WITH_AUTHORIZATION_TYPES,\n      primaryType: 'TransferWithAuthorization',\n      message,\n      signature: signature as `0x${string}`,\n    });\n\n    if (signerAddress.toLowerCase() !== authorization.from.toLowerCase()) {\n      return { valid: false, error: 'Signature mismatch' };\n    }\n\n    const amountMinor = BigInt(authorization.value);\n    \n    return {\n      valid: true,\n      payer: authorization.from,\n      recipient: authorization.to,\n      amount: minorToUsd(amountMinor),\n      amountMinor,\n      expiresAt: new Date(Number(authorization.validBefore) * 1000),\n    };\n  } catch (error) {\n    return { valid: false, error: `Parse error: ${(error as Error).message}` };\n  }\n}\n\n","/**\n * MixrPay Merchant SDK - Utilities\n */\n\nimport type { EIP712Domain } from './types';\n\n// =============================================================================\n// USDC Constants by Chain\n// =============================================================================\n\nexport const USDC_CONTRACTS: Record<number, `0x${string}`> = {\n  8453: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913',     // Base Mainnet\n  84532: '0x036CbD53842c5426634e7929541eC2318f3dCF7e',    // Base Sepolia\n};\n\nexport const DEFAULT_FACILITATOR = 'https://x402.org/facilitator';\n\n// =============================================================================\n// EIP-712 Domain\n// =============================================================================\n\nexport function getUSDCDomain(chainId: number): EIP712Domain {\n  const verifyingContract = USDC_CONTRACTS[chainId];\n  if (!verifyingContract) {\n    throw new Error(`Unsupported chain ID: ${chainId}. Supported: ${Object.keys(USDC_CONTRACTS).join(', ')}`);\n  }\n\n  return {\n    name: 'USD Coin',\n    version: '2',\n    chainId,\n    verifyingContract,\n  };\n}\n\n// EIP-712 types for TransferWithAuthorization\nexport const TRANSFER_WITH_AUTHORIZATION_TYPES = {\n  TransferWithAuthorization: [\n    { name: 'from', type: 'address' },\n    { name: 'to', type: 'address' },\n    { name: 'value', type: 'uint256' },\n    { name: 'validAfter', type: 'uint256' },\n    { name: 'validBefore', type: 'uint256' },\n    { name: 'nonce', type: 'bytes32' },\n  ],\n} as const;\n\n// =============================================================================\n// Utility Functions\n// =============================================================================\n\n/**\n * Convert USD dollars to USDC minor units (6 decimals)\n */\nexport function usdToMinor(usd: number): bigint {\n  return BigInt(Math.round(usd * 1_000_000));\n}\n\n/**\n * Convert USDC minor units to USD dollars\n */\nexport function minorToUsd(minor: bigint): number {\n  return Number(minor) / 1_000_000;\n}\n\n/**\n * Generate a random nonce for x402 payments\n */\nexport function generateNonce(): `0x${string}` {\n  const bytes = new Uint8Array(32);\n  crypto.getRandomValues(bytes);\n  return `0x${Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join('')}` as `0x${string}`;\n}\n\n/**\n * Check if an address is valid\n */\nexport function isValidAddress(address: string): address is `0x${string}` {\n  return /^0x[a-fA-F0-9]{40}$/.test(address);\n}\n\n/**\n * Normalize an address to lowercase checksum format\n */\nexport function normalizeAddress(address: string): `0x${string}` {\n  if (!isValidAddress(address)) {\n    throw new Error(`Invalid address: ${address}`);\n  }\n  return address.toLowerCase() as `0x${string}`;\n}\n\n/**\n * Safe base64 decode that works in both Node.js and browsers\n */\nexport function base64Decode(str: string): string {\n  if (typeof Buffer !== 'undefined') {\n    return Buffer.from(str, 'base64').toString('utf-8');\n  }\n  return atob(str);\n}\n\n/**\n * Safe base64 encode that works in both Node.js and browsers\n */\nexport function base64Encode(str: string): string {\n  if (typeof Buffer !== 'undefined') {\n    return Buffer.from(str, 'utf-8').toString('base64');\n  }\n  return btoa(str);\n}\n\n","/**\n * MixrPay Merchant SDK - Receipt Fetcher\n * \n * Internal utility to fetch JWT receipts from MixrPay API after settlement.\n * Used by x402 middleware to get receipts for the X-Payment-Receipt header.\n */\n\n// =============================================================================\n// Constants\n// =============================================================================\n\nconst DEFAULT_MIXRPAY_API_URL = process.env.MIXRPAY_BASE_URL || 'http://localhost:3000';\n\n// =============================================================================\n// Types\n// =============================================================================\n\nexport interface FetchReceiptParams {\n  /** Settlement transaction hash */\n  txHash: string;\n  /** Payer address */\n  payer: string;\n  /** Recipient address */\n  recipient: string;\n  /** Amount in USDC minor units */\n  amount: bigint;\n  /** Chain ID */\n  chainId: number;\n  /** Custom MixrPay API URL (optional) */\n  apiUrl?: string;\n}\n\ninterface ReceiptResponse {\n  receipt: string;\n  expiresAt: string;\n}\n\n// =============================================================================\n// Receipt Fetching\n// =============================================================================\n\n/**\n * Fetch a JWT payment receipt from MixrPay API.\n * \n * This is called by the x402 middleware after successful payment verification\n * when receiptMode is 'jwt' or 'both'.\n * \n * @param params - Receipt request parameters\n * @returns JWT receipt string, or null if not available\n */\nexport async function fetchPaymentReceipt(params: FetchReceiptParams): Promise<string | null> {\n  const apiUrl = params.apiUrl || DEFAULT_MIXRPAY_API_URL;\n  const endpoint = `${apiUrl}/api/v1/receipts`;\n\n  try {\n    const response = await fetch(endpoint, {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/json',\n      },\n      body: JSON.stringify({\n        tx_hash: params.txHash,\n        payer: params.payer,\n        recipient: params.recipient,\n        amount: params.amount.toString(),\n        chain_id: params.chainId,\n      }),\n    });\n\n    if (!response.ok) {\n      // Log but don't throw - receipt is optional\n      console.warn(`[x402] Receipt fetch failed: ${response.status} ${response.statusText}`);\n      return null;\n    }\n\n    const data = await response.json() as ReceiptResponse;\n    return data.receipt || null;\n  } catch (error) {\n    // Log but don't throw - payment was successful, receipt is optional\n    console.warn('[x402] Receipt fetch error:', (error as Error).message);\n    return null;\n  }\n}\n\n/**\n * Generate a local receipt for testing purposes.\n * \n * WARNING: This generates an unsigned receipt that will NOT verify.\n * Use only for local development and testing.\n * \n * @param params - Receipt parameters\n * @returns Mock JWT-like string (not cryptographically signed)\n */\nexport function generateMockReceipt(params: FetchReceiptParams): string {\n  const header = {\n    alg: 'none',\n    typ: 'JWT',\n  };\n\n  const payload = {\n    paymentId: `mock_${Date.now()}`,\n    amount: params.amount.toString(),\n    amountUsd: Number(params.amount) / 1_000_000,\n    payer: params.payer,\n    recipient: params.recipient,\n    chainId: params.chainId,\n    txHash: params.txHash,\n    settledAt: new Date().toISOString(),\n    iat: Math.floor(Date.now() / 1000),\n    exp: Math.floor(Date.now() / 1000) + 3600,\n    _mock: true,\n  };\n\n  const base64Header = Buffer.from(JSON.stringify(header)).toString('base64url');\n  const base64Payload = Buffer.from(JSON.stringify(payload)).toString('base64url');\n\n  // Mock signature (not cryptographically valid)\n  return `${base64Header}.${base64Payload}.mock_signature_for_testing_only`;\n}\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACIA,kBAAwC;;;ACMjC,IAAM,iBAAgD;AAAA,EAC3D,MAAM;AAAA;AAAA,EACN,OAAO;AAAA;AACT;AAEO,IAAM,sBAAsB;AAM5B,SAAS,cAAc,SAA+B;AAC3D,QAAM,oBAAoB,eAAe,OAAO;AAChD,MAAI,CAAC,mBAAmB;AACtB,UAAM,IAAI,MAAM,yBAAyB,OAAO,gBAAgB,OAAO,KAAK,cAAc,EAAE,KAAK,IAAI,CAAC,EAAE;AAAA,EAC1G;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,SAAS;AAAA,IACT;AAAA,IACA;AAAA,EACF;AACF;AAGO,IAAM,oCAAoC;AAAA,EAC/C,2BAA2B;AAAA,IACzB,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,IAChC,EAAE,MAAM,MAAM,MAAM,UAAU;AAAA,IAC9B,EAAE,MAAM,SAAS,MAAM,UAAU;AAAA,IACjC,EAAE,MAAM,cAAc,MAAM,UAAU;AAAA,IACtC,EAAE,MAAM,eAAe,MAAM,UAAU;AAAA,IACvC,EAAE,MAAM,SAAS,MAAM,UAAU;AAAA,EACnC;AACF;AASO,SAAS,WAAW,KAAqB;AAC9C,SAAO,OAAO,KAAK,MAAM,MAAM,GAAS,CAAC;AAC3C;AAKO,SAAS,WAAW,OAAuB;AAChD,SAAO,OAAO,KAAK,IAAI;AACzB;AAKO,SAAS,gBAA+B;AAC7C,QAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,SAAO,gBAAgB,KAAK;AAC5B,SAAO,KAAK,MAAM,KAAK,KAAK,EAAE,IAAI,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC;AAClF;AAsBO,SAAS,aAAa,KAAqB;AAChD,MAAI,OAAO,WAAW,aAAa;AACjC,WAAO,OAAO,KAAK,KAAK,QAAQ,EAAE,SAAS,OAAO;AAAA,EACpD;AACA,SAAO,KAAK,GAAG;AACjB;;;ADzDA,eAAsB,kBACpB,eACA,SAC4B;AAC5B,MAAI;AAEF,QAAI;AACJ,QAAI;AACF,YAAM,UAAU,aAAa,aAAa;AAC1C,gBAAU,KAAK,MAAM,OAAO;AAAA,IAC9B,SAAS,GAAG;AACV,aAAO,EAAE,OAAO,OAAO,OAAO,kCAAkC;AAAA,IAClE;AAGA,QAAI,CAAC,QAAQ,SAAS,iBAAiB,CAAC,QAAQ,SAAS,WAAW;AAClE,aAAO,EAAE,OAAO,OAAO,OAAO,gDAAgD;AAAA,IAChF;AAEA,UAAM,EAAE,eAAe,UAAU,IAAI,QAAQ;AAC7C,UAAM,UAAU,QAAQ,WAAW;AAGnC,UAAM,UAA4C;AAAA,MAChD,MAAM,cAAc;AAAA,MACpB,IAAI,cAAc;AAAA,MAClB,OAAO,OAAO,cAAc,KAAK;AAAA,MACjC,YAAY,OAAO,cAAc,UAAU;AAAA,MAC3C,aAAa,OAAO,cAAc,WAAW;AAAA,MAC7C,OAAO,cAAc;AAAA,IACvB;AAGA,UAAM,SAAS,cAAc,OAAO;AACpC,QAAI;AAEJ,QAAI;AACF,sBAAgB,UAAM,qCAAwB;AAAA,QAC5C;AAAA,QACA,OAAO;AAAA,QACP,aAAa;AAAA,QACb;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,SAAS,GAAG;AACV,aAAO,EAAE,OAAO,OAAO,OAAO,0CAA0C;AAAA,IAC1E;AAGA,QAAI,cAAc,YAAY,MAAM,cAAc,KAAK,YAAY,GAAG;AACpE,aAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO,gCAAgC,cAAc,IAAI,SAAS,aAAa;AAAA,MACjF;AAAA,IACF;AAGA,UAAM,gBAAgB,OAAO,cAAc,KAAK;AAChD,QAAI,gBAAgB,QAAQ,gBAAgB;AAC1C,aAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO,kCAAkC,QAAQ,cAAc,SAAS,aAAa;AAAA,MACvF;AAAA,IACF;AAGA,QAAI,cAAc,GAAG,YAAY,MAAM,QAAQ,kBAAkB,YAAY,GAAG;AAC9E,aAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO,6BAA6B,QAAQ,iBAAiB,SAAS,cAAc,EAAE;AAAA,MACxF;AAAA,IACF;AAGA,UAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACxC,QAAI,OAAO,cAAc,WAAW,IAAI,KAAK;AAC3C,aAAO,EAAE,OAAO,OAAO,OAAO,oCAAoC;AAAA,IACpE;AAGA,QAAI,OAAO,cAAc,UAAU,IAAI,KAAK;AAC1C,aAAO,EAAE,OAAO,OAAO,OAAO,yCAAyC;AAAA,IACzE;AAGA,QAAI;AACJ,QAAI;AAEJ,QAAI,CAAC,QAAQ,gBAAgB;AAC3B,YAAM,iBAAiB,QAAQ,eAAe;AAE9C,UAAI;AACF,cAAM,qBAAqB,MAAM,MAAM,GAAG,cAAc,WAAW;AAAA,UACjE,QAAQ;AAAA,UACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,UAC9C,MAAM,KAAK,UAAU;AAAA,YACnB;AAAA,YACA;AAAA,YACA;AAAA,UACF,CAAC;AAAA,QACH,CAAC;AAED,YAAI,CAAC,mBAAmB,IAAI;AAC1B,gBAAM,YAAY,MAAM,mBAAmB,KAAK;AAChD,cAAI,eAAe;AACnB,cAAI;AACF,kBAAM,YAAY,KAAK,MAAM,SAAS;AACtC,2BAAe,UAAU,WAAW,UAAU,SAAS;AAAA,UACzD,QAAQ;AACN,2BAAe,aAAa;AAAA,UAC9B;AACA,iBAAO,EAAE,OAAO,OAAO,OAAO,sBAAsB,YAAY,GAAG;AAAA,QACrE;AAEA,cAAM,aAAa,MAAM,mBAAmB,KAAK;AACjD,iBAAS,WAAW,UAAU,WAAW;AACzC,oBAAY,oBAAI,KAAK;AAAA,MACvB,SAAS,GAAG;AACV,eAAO;AAAA,UACL,OAAO;AAAA,UACP,OAAO,8BAA+B,EAAY,OAAO;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AAGA,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,cAAc;AAAA,MACrB,QAAQ,WAAW,aAAa;AAAA,MAChC,aAAa;AAAA,MACb;AAAA,MACA,WAAW,aAAa,oBAAI,KAAK;AAAA,MACjC,OAAO,cAAc;AAAA,IACvB;AAAA,EAEF,SAAS,OAAO;AACd,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,uBAAwB,MAAgB,OAAO;AAAA,IACxD;AAAA,EACF;AACF;;;AE7KA,IAAM,0BAA0B,QAAQ,IAAI,oBAAoB;AAuChE,eAAsB,oBAAoB,QAAoD;AAC5F,QAAM,SAAS,OAAO,UAAU;AAChC,QAAM,WAAW,GAAG,MAAM;AAE1B,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,UAAU;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,KAAK,UAAU;AAAA,QACnB,SAAS,OAAO;AAAA,QAChB,OAAO,OAAO;AAAA,QACd,WAAW,OAAO;AAAA,QAClB,QAAQ,OAAO,OAAO,SAAS;AAAA,QAC/B,UAAU,OAAO;AAAA,MACnB,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAEhB,cAAQ,KAAK,gCAAgC,SAAS,MAAM,IAAI,SAAS,UAAU,EAAE;AACrF,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,WAAO,KAAK,WAAW;AAAA,EACzB,SAAS,OAAO;AAEd,YAAQ,KAAK,+BAAgC,MAAgB,OAAO;AACpE,WAAO;AAAA,EACT;AACF;;;AHtBO,SAAS,KAAK,SAAsB;AACzC,SAAO,OAAO,KAAc,KAAe,SAAuB;AAChE,QAAI;AAEF,YAAM,UAAwB;AAAA,QAC5B,MAAM,IAAI;AAAA,QACV,QAAQ,IAAI;AAAA,QACZ,SAAS,IAAI;AAAA,QACb,MAAM,IAAI;AAAA,MACZ;AAGA,UAAI,QAAQ,MAAM;AAChB,cAAM,aAAa,MAAM,QAAQ,KAAK,OAAO;AAC7C,YAAI,YAAY;AACd,iBAAO,KAAK;AAAA,QACd;AAAA,MACF;AAGA,YAAM,YAAY,QAAQ,aAAa,QAAQ,IAAI;AACnD,UAAI,CAAC,WAAW;AACd,gBAAQ,MAAM,wGAAwG;AACtH,eAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UAC1B,OAAO;AAAA,UACP,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AAGA,YAAM,QAAQ,QAAQ,WAClB,MAAM,QAAQ,SAAS,OAAO,IAC9B,QAAQ;AAEZ,YAAM,aAAa,WAAW,KAAK;AACnC,YAAM,UAAU,QAAQ,WAAW;AACnC,YAAM,cAAc,QAAQ,eAAe;AAG3C,YAAM,gBAAgB,IAAI,QAAQ,WAAW;AAE7C,UAAI,CAAC,eAAe;AAElB,cAAM,QAAQ,cAAc;AAC5B,cAAM,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI;AAElD,cAAM,kBAAuC;AAAA,UAC3C;AAAA,UACA,QAAQ,WAAW,SAAS;AAAA,UAC5B,UAAU;AAAA,UACV;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA,aAAa,QAAQ;AAAA,QACvB;AAGA,YAAI,UAAU,sBAAsB,KAAK,UAAU,eAAe,CAAC;AACnE,YAAI,UAAU,oBAAoB,SAAS,OAAO,KAAK,KAAK,UAAU,eAAe,CAAC,EAAE,SAAS,QAAQ,CAAC,EAAE;AAE5G,eAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UAC1B,OAAO;AAAA,UACP,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AAGA,YAAM,SAAS,MAAM,kBAAkB,eAAe;AAAA,QACpD,gBAAgB;AAAA,QAChB,mBAAmB;AAAA,QACnB;AAAA,QACA;AAAA,QACA,gBAAgB,QAAQ;AAAA,MAC1B,CAAC;AAED,UAAI,CAAC,OAAO,OAAO;AACjB,eAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UAC1B,OAAO;AAAA,UACP,QAAQ,OAAO;AAAA,QACjB,CAAC;AAAA,MACH;AAGA,UAAI,cAAc;AAGlB,UAAI,OAAO,QAAQ;AACjB,YAAI,UAAU,oBAAoB,OAAO,MAAM;AAAA,MACjD;AAGA,YAAM,cAAc,QAAQ,eAAe;AAE3C,WAAK,gBAAgB,SAAS,gBAAgB,WAAW,OAAO,UAAU,OAAO,OAAO;AACtF,YAAI;AACF,gBAAM,UAAU,MAAM,oBAAoB;AAAA,YACxC,QAAQ,OAAO;AAAA,YACf,OAAO,OAAO;AAAA,YACd;AAAA,YACA,QAAQ;AAAA,YACR;AAAA,YACA,QAAQ,QAAQ;AAAA,UAClB,CAAC;AAED,cAAI,SAAS;AACX,mBAAO,UAAU;AACjB,gBAAI,UAAU,qBAAqB,OAAO;AAAA,UAC5C;AAAA,QACF,SAAS,cAAc;AACrB,kBAAQ,KAAK,uCAAuC,YAAY;AAAA,QAElE;AAAA,MACF;AAGA,UAAI,QAAQ,WAAW;AACrB,cAAM,QAAQ,UAAU,MAAM;AAAA,MAChC;AAEA,WAAK;AAAA,IACP,SAAS,OAAO;AACd,cAAQ,MAAM,4BAA4B,KAAK;AAC/C,aAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,QAC1B,OAAO;AAAA,QACP,SAAU,MAAgB;AAAA,MAC5B,CAAC;AAAA,IACH;AAAA,EACF;AACF;","names":[]}

package/dist/middleware/express.mjs

@@ -0,0 +1,299 @@
+// src/verify.ts
+import { recoverTypedDataAddress } from "viem";
+
+// src/utils.ts
+var USDC_CONTRACTS = {
+  8453: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+  // Base Mainnet
+  84532: "0x036CbD53842c5426634e7929541eC2318f3dCF7e"
+  // Base Sepolia
+};
+var DEFAULT_FACILITATOR = "https://x402.org/facilitator";
+function getUSDCDomain(chainId) {
+  const verifyingContract = USDC_CONTRACTS[chainId];
+  if (!verifyingContract) {
+    throw new Error(`Unsupported chain ID: ${chainId}. Supported: ${Object.keys(USDC_CONTRACTS).join(", ")}`);
+  }
+  return {
+    name: "USD Coin",
+    version: "2",
+    chainId,
+    verifyingContract
+  };
+}
+var TRANSFER_WITH_AUTHORIZATION_TYPES = {
+  TransferWithAuthorization: [
+    { name: "from", type: "address" },
+    { name: "to", type: "address" },
+    { name: "value", type: "uint256" },
+    { name: "validAfter", type: "uint256" },
+    { name: "validBefore", type: "uint256" },
+    { name: "nonce", type: "bytes32" }
+  ]
+};
+function usdToMinor(usd) {
+  return BigInt(Math.round(usd * 1e6));
+}
+function minorToUsd(minor) {
+  return Number(minor) / 1e6;
+}
+function generateNonce() {
+  const bytes = new Uint8Array(32);
+  crypto.getRandomValues(bytes);
+  return `0x${Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("")}`;
+}
+function base64Decode(str) {
+  if (typeof Buffer !== "undefined") {
+    return Buffer.from(str, "base64").toString("utf-8");
+  }
+  return atob(str);
+}
+
+// src/verify.ts
+async function verifyX402Payment(paymentHeader, options) {
+  try {
+    let decoded;
+    try {
+      const jsonStr = base64Decode(paymentHeader);
+      decoded = JSON.parse(jsonStr);
+    } catch (e) {
+      return { valid: false, error: "Invalid payment header encoding" };
+    }
+    if (!decoded.payload?.authorization || !decoded.payload?.signature) {
+      return { valid: false, error: "Missing authorization or signature in payment" };
+    }
+    const { authorization, signature } = decoded.payload;
+    const chainId = options.chainId || 8453;
+    const message = {
+      from: authorization.from,
+      to: authorization.to,
+      value: BigInt(authorization.value),
+      validAfter: BigInt(authorization.validAfter),
+      validBefore: BigInt(authorization.validBefore),
+      nonce: authorization.nonce
+    };
+    const domain = getUSDCDomain(chainId);
+    let signerAddress;
+    try {
+      signerAddress = await recoverTypedDataAddress({
+        domain,
+        types: TRANSFER_WITH_AUTHORIZATION_TYPES,
+        primaryType: "TransferWithAuthorization",
+        message,
+        signature
+      });
+    } catch (e) {
+      return { valid: false, error: "Failed to recover signer from signature" };
+    }
+    if (signerAddress.toLowerCase() !== authorization.from.toLowerCase()) {
+      return {
+        valid: false,
+        error: `Signature mismatch: expected ${authorization.from}, got ${signerAddress}`
+      };
+    }
+    const paymentAmount = BigInt(authorization.value);
+    if (paymentAmount < options.expectedAmount) {
+      return {
+        valid: false,
+        error: `Insufficient payment: expected ${options.expectedAmount}, got ${paymentAmount}`
+      };
+    }
+    if (authorization.to.toLowerCase() !== options.expectedRecipient.toLowerCase()) {
+      return {
+        valid: false,
+        error: `Wrong recipient: expected ${options.expectedRecipient}, got ${authorization.to}`
+      };
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    if (Number(authorization.validBefore) < now) {
+      return { valid: false, error: "Payment authorization has expired" };
+    }
+    if (Number(authorization.validAfter) > now) {
+      return { valid: false, error: "Payment authorization is not yet valid" };
+    }
+    let txHash;
+    let settledAt;
+    if (!options.skipSettlement) {
+      const facilitatorUrl = options.facilitator || DEFAULT_FACILITATOR;
+      try {
+        const settlementResponse = await fetch(`${facilitatorUrl}/settle`, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({
+            authorization,
+            signature,
+            chainId
+          })
+        });
+        if (!settlementResponse.ok) {
+          const errorBody = await settlementResponse.text();
+          let errorMessage = "Settlement failed";
+          try {
+            const errorJson = JSON.parse(errorBody);
+            errorMessage = errorJson.message || errorJson.error || errorMessage;
+          } catch {
+            errorMessage = errorBody || errorMessage;
+          }
+          return { valid: false, error: `Settlement failed: ${errorMessage}` };
+        }
+        const settlement = await settlementResponse.json();
+        txHash = settlement.txHash || settlement.tx_hash;
+        settledAt = /* @__PURE__ */ new Date();
+      } catch (e) {
+        return {
+          valid: false,
+          error: `Settlement request failed: ${e.message}`
+        };
+      }
+    }
+    return {
+      valid: true,
+      payer: authorization.from,
+      amount: minorToUsd(paymentAmount),
+      amountMinor: paymentAmount,
+      txHash,
+      settledAt: settledAt || /* @__PURE__ */ new Date(),
+      nonce: authorization.nonce
+    };
+  } catch (error) {
+    return {
+      valid: false,
+      error: `Verification error: ${error.message}`
+    };
+  }
+}
+
+// src/receipt-fetcher.ts
+var DEFAULT_MIXRPAY_API_URL = process.env.MIXRPAY_BASE_URL || "http://localhost:3000";
+async function fetchPaymentReceipt(params) {
+  const apiUrl = params.apiUrl || DEFAULT_MIXRPAY_API_URL;
+  const endpoint = `${apiUrl}/api/v1/receipts`;
+  try {
+    const response = await fetch(endpoint, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        tx_hash: params.txHash,
+        payer: params.payer,
+        recipient: params.recipient,
+        amount: params.amount.toString(),
+        chain_id: params.chainId
+      })
+    });
+    if (!response.ok) {
+      console.warn(`[x402] Receipt fetch failed: ${response.status} ${response.statusText}`);
+      return null;
+    }
+    const data = await response.json();
+    return data.receipt || null;
+  } catch (error) {
+    console.warn("[x402] Receipt fetch error:", error.message);
+    return null;
+  }
+}
+
+// src/middleware/express.ts
+function x402(options) {
+  return async (req, res, next) => {
+    try {
+      const context = {
+        path: req.path,
+        method: req.method,
+        headers: req.headers,
+        body: req.body
+      };
+      if (options.skip) {
+        const shouldSkip = await options.skip(context);
+        if (shouldSkip) {
+          return next();
+        }
+      }
+      const recipient = options.recipient || process.env.MIXRPAY_MERCHANT_ADDRESS;
+      if (!recipient) {
+        console.error("[x402] No recipient address configured. Set MIXRPAY_MERCHANT_ADDRESS env var or pass recipient option.");
+        return res.status(500).json({
+          error: "Payment configuration error",
+          message: "Merchant wallet address not configured"
+        });
+      }
+      const price = options.getPrice ? await options.getPrice(context) : options.price;
+      const priceMinor = usdToMinor(price);
+      const chainId = options.chainId || 8453;
+      const facilitator = options.facilitator || DEFAULT_FACILITATOR;
+      const paymentHeader = req.headers["x-payment"];
+      if (!paymentHeader) {
+        const nonce = generateNonce();
+        const expiresAt = Math.floor(Date.now() / 1e3) + 300;
+        const paymentRequired = {
+          recipient,
+          amount: priceMinor.toString(),
+          currency: "USDC",
+          chainId,
+          facilitator,
+          nonce,
+          expiresAt,
+          description: options.description
+        };
+        res.setHeader("X-Payment-Required", JSON.stringify(paymentRequired));
+        res.setHeader("WWW-Authenticate", `X-402 ${Buffer.from(JSON.stringify(paymentRequired)).toString("base64")}`);
+        return res.status(402).json({
+          error: "Payment required",
+          payment: paymentRequired
+        });
+      }
+      const result = await verifyX402Payment(paymentHeader, {
+        expectedAmount: priceMinor,
+        expectedRecipient: recipient,
+        chainId,
+        facilitator,
+        skipSettlement: options.testMode
+      });
+      if (!result.valid) {
+        return res.status(402).json({
+          error: "Invalid payment",
+          reason: result.error
+        });
+      }
+      req.x402Payment = result;
+      if (result.txHash) {
+        res.setHeader("X-Payment-TxHash", result.txHash);
+      }
+      const receiptMode = options.receiptMode || "webhook";
+      if ((receiptMode === "jwt" || receiptMode === "both") && result.txHash && result.payer) {
+        try {
+          const receipt = await fetchPaymentReceipt({
+            txHash: result.txHash,
+            payer: result.payer,
+            recipient,
+            amount: priceMinor,
+            chainId,
+            apiUrl: options.mixrpayApiUrl
+          });
+          if (receipt) {
+            result.receipt = receipt;
+            res.setHeader("X-Payment-Receipt", receipt);
+          }
+        } catch (receiptError) {
+          console.warn("[x402] Failed to fetch JWT receipt:", receiptError);
+        }
+      }
+      if (options.onPayment) {
+        await options.onPayment(result);
+      }
+      next();
+    } catch (error) {
+      console.error("[x402] Middleware error:", error);
+      return res.status(500).json({
+        error: "Payment processing error",
+        message: error.message
+      });
+    }
+  };
+}
+export {
+  x402 as default,
+  x402
+};
+//# sourceMappingURL=express.mjs.map

package/dist/middleware/express.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/verify.ts","../../src/utils.ts","../../src/receipt-fetcher.ts","../../src/middleware/express.ts"],"sourcesContent":["/**\n * MixrPay Merchant SDK - Payment Verification\n */\n\nimport { recoverTypedDataAddress } from 'viem';\nimport type { \n  X402PaymentResult, \n  X402PaymentPayload, \n  VerifyOptions,\n  TransferWithAuthorizationMessage,\n} from './types';\nimport { \n  getUSDCDomain, \n  TRANSFER_WITH_AUTHORIZATION_TYPES, \n  base64Decode,\n  minorToUsd,\n  DEFAULT_FACILITATOR,\n} from './utils';\n\n// =============================================================================\n// Payment Verification\n// =============================================================================\n\n/**\n * Verify an X-PAYMENT header and optionally settle the payment.\n * \n * @param paymentHeader - The X-PAYMENT header value (base64 encoded JSON)\n * @param options - Verification options\n * @returns Payment verification result\n * \n * @example\n * ```typescript\n * const result = await verifyX402Payment(req.headers['x-payment'], {\n *   expectedAmount: 50000n, // 0.05 USDC\n *   expectedRecipient: '0x...',\n * });\n * \n * if (result.valid) {\n *   console.log(`Payment from ${result.payer}: $${result.amount}`);\n * }\n * ```\n */\nexport async function verifyX402Payment(\n  paymentHeader: string,\n  options: VerifyOptions\n): Promise<X402PaymentResult> {\n  try {\n    // 1. Decode the X-PAYMENT header\n    let decoded: X402PaymentPayload;\n    try {\n      const jsonStr = base64Decode(paymentHeader);\n      decoded = JSON.parse(jsonStr);\n    } catch (e) {\n      return { valid: false, error: 'Invalid payment header encoding' };\n    }\n\n    // 2. Validate payload structure\n    if (!decoded.payload?.authorization || !decoded.payload?.signature) {\n      return { valid: false, error: 'Missing authorization or signature in payment' };\n    }\n\n    const { authorization, signature } = decoded.payload;\n    const chainId = options.chainId || 8453;\n\n    // 3. Build EIP-712 message for verification\n    const message: TransferWithAuthorizationMessage = {\n      from: authorization.from as `0x${string}`,\n      to: authorization.to as `0x${string}`,\n      value: BigInt(authorization.value),\n      validAfter: BigInt(authorization.validAfter),\n      validBefore: BigInt(authorization.validBefore),\n      nonce: authorization.nonce as `0x${string}`,\n    };\n\n    // 4. Recover signer address\n    const domain = getUSDCDomain(chainId);\n    let signerAddress: string;\n    \n    try {\n      signerAddress = await recoverTypedDataAddress({\n        domain,\n        types: TRANSFER_WITH_AUTHORIZATION_TYPES,\n        primaryType: 'TransferWithAuthorization',\n        message,\n        signature: signature as `0x${string}`,\n      });\n    } catch (e) {\n      return { valid: false, error: 'Failed to recover signer from signature' };\n    }\n\n    // 5. Verify signer matches the 'from' address\n    if (signerAddress.toLowerCase() !== authorization.from.toLowerCase()) {\n      return { \n        valid: false, \n        error: `Signature mismatch: expected ${authorization.from}, got ${signerAddress}` \n      };\n    }\n\n    // 6. Verify payment amount\n    const paymentAmount = BigInt(authorization.value);\n    if (paymentAmount < options.expectedAmount) {\n      return { \n        valid: false, \n        error: `Insufficient payment: expected ${options.expectedAmount}, got ${paymentAmount}` \n      };\n    }\n\n    // 7. Verify recipient\n    if (authorization.to.toLowerCase() !== options.expectedRecipient.toLowerCase()) {\n      return { \n        valid: false, \n        error: `Wrong recipient: expected ${options.expectedRecipient}, got ${authorization.to}` \n      };\n    }\n\n    // 8. Check expiration\n    const now = Math.floor(Date.now() / 1000);\n    if (Number(authorization.validBefore) < now) {\n      return { valid: false, error: 'Payment authorization has expired' };\n    }\n\n    // 9. Check validAfter\n    if (Number(authorization.validAfter) > now) {\n      return { valid: false, error: 'Payment authorization is not yet valid' };\n    }\n\n    // 10. Submit to facilitator for settlement (unless skipped)\n    let txHash: string | undefined;\n    let settledAt: Date | undefined;\n\n    if (!options.skipSettlement) {\n      const facilitatorUrl = options.facilitator || DEFAULT_FACILITATOR;\n      \n      try {\n        const settlementResponse = await fetch(`${facilitatorUrl}/settle`, {\n          method: 'POST',\n          headers: { 'Content-Type': 'application/json' },\n          body: JSON.stringify({ \n            authorization, \n            signature,\n            chainId,\n          }),\n        });\n\n        if (!settlementResponse.ok) {\n          const errorBody = await settlementResponse.text();\n          let errorMessage = 'Settlement failed';\n          try {\n            const errorJson = JSON.parse(errorBody);\n            errorMessage = errorJson.message || errorJson.error || errorMessage;\n          } catch {\n            errorMessage = errorBody || errorMessage;\n          }\n          return { valid: false, error: `Settlement failed: ${errorMessage}` };\n        }\n\n        const settlement = await settlementResponse.json() as { txHash?: string; tx_hash?: string };\n        txHash = settlement.txHash || settlement.tx_hash;\n        settledAt = new Date();\n      } catch (e) {\n        return { \n          valid: false, \n          error: `Settlement request failed: ${(e as Error).message}` \n        };\n      }\n    }\n\n    // Success!\n    return {\n      valid: true,\n      payer: authorization.from,\n      amount: minorToUsd(paymentAmount),\n      amountMinor: paymentAmount,\n      txHash,\n      settledAt: settledAt || new Date(),\n      nonce: authorization.nonce,\n    };\n\n  } catch (error) {\n    return { \n      valid: false, \n      error: `Verification error: ${(error as Error).message}` \n    };\n  }\n}\n\n/**\n * Parse and validate an X-PAYMENT header without settlement.\n * Useful for checking if a payment is structurally valid before processing.\n */\nexport async function parseX402Payment(\n  paymentHeader: string,\n  chainId: number = 8453\n): Promise<{\n  valid: boolean;\n  error?: string;\n  payer?: string;\n  recipient?: string;\n  amount?: number;\n  amountMinor?: bigint;\n  expiresAt?: Date;\n}> {\n  try {\n    const jsonStr = base64Decode(paymentHeader);\n    const decoded: X402PaymentPayload = JSON.parse(jsonStr);\n\n    if (!decoded.payload?.authorization) {\n      return { valid: false, error: 'Missing authorization in payment' };\n    }\n\n    const { authorization, signature } = decoded.payload;\n\n    // Verify signature\n    const domain = getUSDCDomain(chainId);\n    const message: TransferWithAuthorizationMessage = {\n      from: authorization.from as `0x${string}`,\n      to: authorization.to as `0x${string}`,\n      value: BigInt(authorization.value),\n      validAfter: BigInt(authorization.validAfter),\n      validBefore: BigInt(authorization.validBefore),\n      nonce: authorization.nonce as `0x${string}`,\n    };\n\n    const signerAddress = await recoverTypedDataAddress({\n      domain,\n      types: TRANSFER_WITH_AUTHORIZATION_TYPES,\n      primaryType: 'TransferWithAuthorization',\n      message,\n      signature: signature as `0x${string}`,\n    });\n\n    if (signerAddress.toLowerCase() !== authorization.from.toLowerCase()) {\n      return { valid: false, error: 'Signature mismatch' };\n    }\n\n    const amountMinor = BigInt(authorization.value);\n    \n    return {\n      valid: true,\n      payer: authorization.from,\n      recipient: authorization.to,\n      amount: minorToUsd(amountMinor),\n      amountMinor,\n      expiresAt: new Date(Number(authorization.validBefore) * 1000),\n    };\n  } catch (error) {\n    return { valid: false, error: `Parse error: ${(error as Error).message}` };\n  }\n}\n\n","/**\n * MixrPay Merchant SDK - Utilities\n */\n\nimport type { EIP712Domain } from './types';\n\n// =============================================================================\n// USDC Constants by Chain\n// =============================================================================\n\nexport const USDC_CONTRACTS: Record<number, `0x${string}`> = {\n  8453: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913',     // Base Mainnet\n  84532: '0x036CbD53842c5426634e7929541eC2318f3dCF7e',    // Base Sepolia\n};\n\nexport const DEFAULT_FACILITATOR = 'https://x402.org/facilitator';\n\n// =============================================================================\n// EIP-712 Domain\n// =============================================================================\n\nexport function getUSDCDomain(chainId: number): EIP712Domain {\n  const verifyingContract = USDC_CONTRACTS[chainId];\n  if (!verifyingContract) {\n    throw new Error(`Unsupported chain ID: ${chainId}. Supported: ${Object.keys(USDC_CONTRACTS).join(', ')}`);\n  }\n\n  return {\n    name: 'USD Coin',\n    version: '2',\n    chainId,\n    verifyingContract,\n  };\n}\n\n// EIP-712 types for TransferWithAuthorization\nexport const TRANSFER_WITH_AUTHORIZATION_TYPES = {\n  TransferWithAuthorization: [\n    { name: 'from', type: 'address' },\n    { name: 'to', type: 'address' },\n    { name: 'value', type: 'uint256' },\n    { name: 'validAfter', type: 'uint256' },\n    { name: 'validBefore', type: 'uint256' },\n    { name: 'nonce', type: 'bytes32' },\n  ],\n} as const;\n\n// =============================================================================\n// Utility Functions\n// =============================================================================\n\n/**\n * Convert USD dollars to USDC minor units (6 decimals)\n */\nexport function usdToMinor(usd: number): bigint {\n  return BigInt(Math.round(usd * 1_000_000));\n}\n\n/**\n * Convert USDC minor units to USD dollars\n */\nexport function minorToUsd(minor: bigint): number {\n  return Number(minor) / 1_000_000;\n}\n\n/**\n * Generate a random nonce for x402 payments\n */\nexport function generateNonce(): `0x${string}` {\n  const bytes = new Uint8Array(32);\n  crypto.getRandomValues(bytes);\n  return `0x${Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join('')}` as `0x${string}`;\n}\n\n/**\n * Check if an address is valid\n */\nexport function isValidAddress(address: string): address is `0x${string}` {\n  return /^0x[a-fA-F0-9]{40}$/.test(address);\n}\n\n/**\n * Normalize an address to lowercase checksum format\n */\nexport function normalizeAddress(address: string): `0x${string}` {\n  if (!isValidAddress(address)) {\n    throw new Error(`Invalid address: ${address}`);\n  }\n  return address.toLowerCase() as `0x${string}`;\n}\n\n/**\n * Safe base64 decode that works in both Node.js and browsers\n */\nexport function base64Decode(str: string): string {\n  if (typeof Buffer !== 'undefined') {\n    return Buffer.from(str, 'base64').toString('utf-8');\n  }\n  return atob(str);\n}\n\n/**\n * Safe base64 encode that works in both Node.js and browsers\n */\nexport function base64Encode(str: string): string {\n  if (typeof Buffer !== 'undefined') {\n    return Buffer.from(str, 'utf-8').toString('base64');\n  }\n  return btoa(str);\n}\n\n","/**\n * MixrPay Merchant SDK - Receipt Fetcher\n * \n * Internal utility to fetch JWT receipts from MixrPay API after settlement.\n * Used by x402 middleware to get receipts for the X-Payment-Receipt header.\n */\n\n// =============================================================================\n// Constants\n// =============================================================================\n\nconst DEFAULT_MIXRPAY_API_URL = process.env.MIXRPAY_BASE_URL || 'http://localhost:3000';\n\n// =============================================================================\n// Types\n// =============================================================================\n\nexport interface FetchReceiptParams {\n  /** Settlement transaction hash */\n  txHash: string;\n  /** Payer address */\n  payer: string;\n  /** Recipient address */\n  recipient: string;\n  /** Amount in USDC minor units */\n  amount: bigint;\n  /** Chain ID */\n  chainId: number;\n  /** Custom MixrPay API URL (optional) */\n  apiUrl?: string;\n}\n\ninterface ReceiptResponse {\n  receipt: string;\n  expiresAt: string;\n}\n\n// =============================================================================\n// Receipt Fetching\n// =============================================================================\n\n/**\n * Fetch a JWT payment receipt from MixrPay API.\n * \n * This is called by the x402 middleware after successful payment verification\n * when receiptMode is 'jwt' or 'both'.\n * \n * @param params - Receipt request parameters\n * @returns JWT receipt string, or null if not available\n */\nexport async function fetchPaymentReceipt(params: FetchReceiptParams): Promise<string | null> {\n  const apiUrl = params.apiUrl || DEFAULT_MIXRPAY_API_URL;\n  const endpoint = `${apiUrl}/api/v1/receipts`;\n\n  try {\n    const response = await fetch(endpoint, {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/json',\n      },\n      body: JSON.stringify({\n        tx_hash: params.txHash,\n        payer: params.payer,\n        recipient: params.recipient,\n        amount: params.amount.toString(),\n        chain_id: params.chainId,\n      }),\n    });\n\n    if (!response.ok) {\n      // Log but don't throw - receipt is optional\n      console.warn(`[x402] Receipt fetch failed: ${response.status} ${response.statusText}`);\n      return null;\n    }\n\n    const data = await response.json() as ReceiptResponse;\n    return data.receipt || null;\n  } catch (error) {\n    // Log but don't throw - payment was successful, receipt is optional\n    console.warn('[x402] Receipt fetch error:', (error as Error).message);\n    return null;\n  }\n}\n\n/**\n * Generate a local receipt for testing purposes.\n * \n * WARNING: This generates an unsigned receipt that will NOT verify.\n * Use only for local development and testing.\n * \n * @param params - Receipt parameters\n * @returns Mock JWT-like string (not cryptographically signed)\n */\nexport function generateMockReceipt(params: FetchReceiptParams): string {\n  const header = {\n    alg: 'none',\n    typ: 'JWT',\n  };\n\n  const payload = {\n    paymentId: `mock_${Date.now()}`,\n    amount: params.amount.toString(),\n    amountUsd: Number(params.amount) / 1_000_000,\n    payer: params.payer,\n    recipient: params.recipient,\n    chainId: params.chainId,\n    txHash: params.txHash,\n    settledAt: new Date().toISOString(),\n    iat: Math.floor(Date.now() / 1000),\n    exp: Math.floor(Date.now() / 1000) + 3600,\n    _mock: true,\n  };\n\n  const base64Header = Buffer.from(JSON.stringify(header)).toString('base64url');\n  const base64Payload = Buffer.from(JSON.stringify(payload)).toString('base64url');\n\n  // Mock signature (not cryptographically valid)\n  return `${base64Header}.${base64Payload}.mock_signature_for_testing_only`;\n}\n\n","/**\n * MixrPay Merchant SDK - Express Middleware\n * \n * Add x402 payment requirement to Express routes with a single line of code.\n * \n * @example\n * ```typescript\n * import express from 'express';\n * import { x402 } from '@mixrpay/merchant-sdk/express';\n * \n * const app = express();\n * \n * // Fixed price\n * app.post('/api/query', x402({ price: 0.05 }), (req, res) => {\n *   // This handler only runs after payment is verified\n *   res.json({ result: 'success', payer: req.x402Payment?.payer });\n * });\n * \n * // Dynamic pricing\n * app.post('/api/generate', x402({ \n *   getPrice: (ctx) => ctx.body?.premium ? 0.10 : 0.05 \n * }), handler);\n * \n * // With JWT receipts\n * app.post('/api/premium', x402({ price: 0.10, receiptMode: 'jwt' }), (req, res) => {\n *   // Receipt is set in X-Payment-Receipt header\n *   res.json({ receipt: req.x402Payment?.receipt });\n * });\n * ```\n */\n\nimport type { Request, Response, NextFunction } from 'express';\nimport { verifyX402Payment } from '../verify';\nimport { usdToMinor, generateNonce, DEFAULT_FACILITATOR } from '../utils';\nimport { fetchPaymentReceipt } from '../receipt-fetcher';\nimport type { X402Options, X402PaymentResult, X402PaymentRequired, PriceContext } from '../types';\n\n// Extend Express Request type\ndeclare global {\n  // eslint-disable-next-line @typescript-eslint/no-namespace\n  namespace Express {\n    interface Request {\n      /** Payment result after x402 verification */\n      x402Payment?: X402PaymentResult;\n    }\n  }\n}\n\n/**\n * Express middleware that adds x402 payment requirement to a route.\n * \n * When a request comes in without a valid X-PAYMENT header, it returns\n * a 402 Payment Required response with the payment details.\n * \n * When a valid X-PAYMENT header is provided, it verifies the payment\n * and calls the next handler with `req.x402Payment` containing the result.\n * \n * @param options - x402 configuration options\n * @returns Express middleware function\n */\nexport function x402(options: X402Options) {\n  return async (req: Request, res: Response, next: NextFunction) => {\n    try {\n      // Build context for callbacks\n      const context: PriceContext = {\n        path: req.path,\n        method: req.method,\n        headers: req.headers as Record<string, string | string[] | undefined>,\n        body: req.body,\n      };\n\n      // Check if we should skip payment\n      if (options.skip) {\n        const shouldSkip = await options.skip(context);\n        if (shouldSkip) {\n          return next();\n        }\n      }\n\n      // Get recipient address\n      const recipient = options.recipient || process.env.MIXRPAY_MERCHANT_ADDRESS;\n      if (!recipient) {\n        console.error('[x402] No recipient address configured. Set MIXRPAY_MERCHANT_ADDRESS env var or pass recipient option.');\n        return res.status(500).json({ \n          error: 'Payment configuration error',\n          message: 'Merchant wallet address not configured',\n        });\n      }\n\n      // Determine price\n      const price = options.getPrice \n        ? await options.getPrice(context) \n        : options.price;\n      \n      const priceMinor = usdToMinor(price);\n      const chainId = options.chainId || 8453;\n      const facilitator = options.facilitator || DEFAULT_FACILITATOR;\n\n      // Check for X-PAYMENT header\n      const paymentHeader = req.headers['x-payment'] as string | undefined;\n\n      if (!paymentHeader) {\n        // Return 402 with payment requirements\n        const nonce = generateNonce();\n        const expiresAt = Math.floor(Date.now() / 1000) + 300; // 5 minutes\n\n        const paymentRequired: X402PaymentRequired = {\n          recipient,\n          amount: priceMinor.toString(),\n          currency: 'USDC',\n          chainId,\n          facilitator,\n          nonce,\n          expiresAt,\n          description: options.description,\n        };\n\n        // Set headers per x402 spec\n        res.setHeader('X-Payment-Required', JSON.stringify(paymentRequired));\n        res.setHeader('WWW-Authenticate', `X-402 ${Buffer.from(JSON.stringify(paymentRequired)).toString('base64')}`);\n\n        return res.status(402).json({\n          error: 'Payment required',\n          payment: paymentRequired,\n        });\n      }\n\n      // Verify the payment\n      const result = await verifyX402Payment(paymentHeader, {\n        expectedAmount: priceMinor,\n        expectedRecipient: recipient,\n        chainId,\n        facilitator,\n        skipSettlement: options.testMode,\n      });\n\n      if (!result.valid) {\n        return res.status(402).json({\n          error: 'Invalid payment',\n          reason: result.error,\n        });\n      }\n\n      // Payment verified! Attach to request\n      req.x402Payment = result;\n\n      // Set response header with tx hash\n      if (result.txHash) {\n        res.setHeader('X-Payment-TxHash', result.txHash);\n      }\n\n      // Handle receipt mode\n      const receiptMode = options.receiptMode || 'webhook';\n      \n      if ((receiptMode === 'jwt' || receiptMode === 'both') && result.txHash && result.payer) {\n        try {\n          const receipt = await fetchPaymentReceipt({\n            txHash: result.txHash,\n            payer: result.payer,\n            recipient,\n            amount: priceMinor,\n            chainId,\n            apiUrl: options.mixrpayApiUrl,\n          });\n          \n          if (receipt) {\n            result.receipt = receipt;\n            res.setHeader('X-Payment-Receipt', receipt);\n          }\n        } catch (receiptError) {\n          console.warn('[x402] Failed to fetch JWT receipt:', receiptError);\n          // Continue without receipt - payment was still successful\n        }\n      }\n\n      // Call onPayment callback\n      if (options.onPayment) {\n        await options.onPayment(result);\n      }\n\n      next();\n    } catch (error) {\n      console.error('[x402] Middleware error:', error);\n      return res.status(500).json({\n        error: 'Payment processing error',\n        message: (error as Error).message,\n      });\n    }\n  };\n}\n\n// Re-export for convenience\nexport { x402 as default };\nexport type { X402Options, X402PaymentResult };\n\n"],"mappings":";AAIA,SAAS,+BAA+B;;;ACMjC,IAAM,iBAAgD;AAAA,EAC3D,MAAM;AAAA;AAAA,EACN,OAAO;AAAA;AACT;AAEO,IAAM,sBAAsB;AAM5B,SAAS,cAAc,SAA+B;AAC3D,QAAM,oBAAoB,eAAe,OAAO;AAChD,MAAI,CAAC,mBAAmB;AACtB,UAAM,IAAI,MAAM,yBAAyB,OAAO,gBAAgB,OAAO,KAAK,cAAc,EAAE,KAAK,IAAI,CAAC,EAAE;AAAA,EAC1G;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,SAAS;AAAA,IACT;AAAA,IACA;AAAA,EACF;AACF;AAGO,IAAM,oCAAoC;AAAA,EAC/C,2BAA2B;AAAA,IACzB,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,IAChC,EAAE,MAAM,MAAM,MAAM,UAAU;AAAA,IAC9B,EAAE,MAAM,SAAS,MAAM,UAAU;AAAA,IACjC,EAAE,MAAM,cAAc,MAAM,UAAU;AAAA,IACtC,EAAE,MAAM,eAAe,MAAM,UAAU;AAAA,IACvC,EAAE,MAAM,SAAS,MAAM,UAAU;AAAA,EACnC;AACF;AASO,SAAS,WAAW,KAAqB;AAC9C,SAAO,OAAO,KAAK,MAAM,MAAM,GAAS,CAAC;AAC3C;AAKO,SAAS,WAAW,OAAuB;AAChD,SAAO,OAAO,KAAK,IAAI;AACzB;AAKO,SAAS,gBAA+B;AAC7C,QAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,SAAO,gBAAgB,KAAK;AAC5B,SAAO,KAAK,MAAM,KAAK,KAAK,EAAE,IAAI,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC;AAClF;AAsBO,SAAS,aAAa,KAAqB;AAChD,MAAI,OAAO,WAAW,aAAa;AACjC,WAAO,OAAO,KAAK,KAAK,QAAQ,EAAE,SAAS,OAAO;AAAA,EACpD;AACA,SAAO,KAAK,GAAG;AACjB;;;ADzDA,eAAsB,kBACpB,eACA,SAC4B;AAC5B,MAAI;AAEF,QAAI;AACJ,QAAI;AACF,YAAM,UAAU,aAAa,aAAa;AAC1C,gBAAU,KAAK,MAAM,OAAO;AAAA,IAC9B,SAAS,GAAG;AACV,aAAO,EAAE,OAAO,OAAO,OAAO,kCAAkC;AAAA,IAClE;AAGA,QAAI,CAAC,QAAQ,SAAS,iBAAiB,CAAC,QAAQ,SAAS,WAAW;AAClE,aAAO,EAAE,OAAO,OAAO,OAAO,gDAAgD;AAAA,IAChF;AAEA,UAAM,EAAE,eAAe,UAAU,IAAI,QAAQ;AAC7C,UAAM,UAAU,QAAQ,WAAW;AAGnC,UAAM,UAA4C;AAAA,MAChD,MAAM,cAAc;AAAA,MACpB,IAAI,cAAc;AAAA,MAClB,OAAO,OAAO,cAAc,KAAK;AAAA,MACjC,YAAY,OAAO,cAAc,UAAU;AAAA,MAC3C,aAAa,OAAO,cAAc,WAAW;AAAA,MAC7C,OAAO,cAAc;AAAA,IACvB;AAGA,UAAM,SAAS,cAAc,OAAO;AACpC,QAAI;AAEJ,QAAI;AACF,sBAAgB,MAAM,wBAAwB;AAAA,QAC5C;AAAA,QACA,OAAO;AAAA,QACP,aAAa;AAAA,QACb;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,SAAS,GAAG;AACV,aAAO,EAAE,OAAO,OAAO,OAAO,0CAA0C;AAAA,IAC1E;AAGA,QAAI,cAAc,YAAY,MAAM,cAAc,KAAK,YAAY,GAAG;AACpE,aAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO,gCAAgC,cAAc,IAAI,SAAS,aAAa;AAAA,MACjF;AAAA,IACF;AAGA,UAAM,gBAAgB,OAAO,cAAc,KAAK;AAChD,QAAI,gBAAgB,QAAQ,gBAAgB;AAC1C,aAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO,kCAAkC,QAAQ,cAAc,SAAS,aAAa;AAAA,MACvF;AAAA,IACF;AAGA,QAAI,cAAc,GAAG,YAAY,MAAM,QAAQ,kBAAkB,YAAY,GAAG;AAC9E,aAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO,6BAA6B,QAAQ,iBAAiB,SAAS,cAAc,EAAE;AAAA,MACxF;AAAA,IACF;AAGA,UAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACxC,QAAI,OAAO,cAAc,WAAW,IAAI,KAAK;AAC3C,aAAO,EAAE,OAAO,OAAO,OAAO,oCAAoC;AAAA,IACpE;AAGA,QAAI,OAAO,cAAc,UAAU,IAAI,KAAK;AAC1C,aAAO,EAAE,OAAO,OAAO,OAAO,yCAAyC;AAAA,IACzE;AAGA,QAAI;AACJ,QAAI;AAEJ,QAAI,CAAC,QAAQ,gBAAgB;AAC3B,YAAM,iBAAiB,QAAQ,eAAe;AAE9C,UAAI;AACF,cAAM,qBAAqB,MAAM,MAAM,GAAG,cAAc,WAAW;AAAA,UACjE,QAAQ;AAAA,UACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,UAC9C,MAAM,KAAK,UAAU;AAAA,YACnB;AAAA,YACA;AAAA,YACA;AAAA,UACF,CAAC;AAAA,QACH,CAAC;AAED,YAAI,CAAC,mBAAmB,IAAI;AAC1B,gBAAM,YAAY,MAAM,mBAAmB,KAAK;AAChD,cAAI,eAAe;AACnB,cAAI;AACF,kBAAM,YAAY,KAAK,MAAM,SAAS;AACtC,2BAAe,UAAU,WAAW,UAAU,SAAS;AAAA,UACzD,QAAQ;AACN,2BAAe,aAAa;AAAA,UAC9B;AACA,iBAAO,EAAE,OAAO,OAAO,OAAO,sBAAsB,YAAY,GAAG;AAAA,QACrE;AAEA,cAAM,aAAa,MAAM,mBAAmB,KAAK;AACjD,iBAAS,WAAW,UAAU,WAAW;AACzC,oBAAY,oBAAI,KAAK;AAAA,MACvB,SAAS,GAAG;AACV,eAAO;AAAA,UACL,OAAO;AAAA,UACP,OAAO,8BAA+B,EAAY,OAAO;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AAGA,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,cAAc;AAAA,MACrB,QAAQ,WAAW,aAAa;AAAA,MAChC,aAAa;AAAA,MACb;AAAA,MACA,WAAW,aAAa,oBAAI,KAAK;AAAA,MACjC,OAAO,cAAc;AAAA,IACvB;AAAA,EAEF,SAAS,OAAO;AACd,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,uBAAwB,MAAgB,OAAO;AAAA,IACxD;AAAA,EACF;AACF;;;AE7KA,IAAM,0BAA0B,QAAQ,IAAI,oBAAoB;AAuChE,eAAsB,oBAAoB,QAAoD;AAC5F,QAAM,SAAS,OAAO,UAAU;AAChC,QAAM,WAAW,GAAG,MAAM;AAE1B,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,UAAU;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,KAAK,UAAU;AAAA,QACnB,SAAS,OAAO;AAAA,QAChB,OAAO,OAAO;AAAA,QACd,WAAW,OAAO;AAAA,QAClB,QAAQ,OAAO,OAAO,SAAS;AAAA,QAC/B,UAAU,OAAO;AAAA,MACnB,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAEhB,cAAQ,KAAK,gCAAgC,SAAS,MAAM,IAAI,SAAS,UAAU,EAAE;AACrF,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,WAAO,KAAK,WAAW;AAAA,EACzB,SAAS,OAAO;AAEd,YAAQ,KAAK,+BAAgC,MAAgB,OAAO;AACpE,WAAO;AAAA,EACT;AACF;;;ACtBO,SAAS,KAAK,SAAsB;AACzC,SAAO,OAAO,KAAc,KAAe,SAAuB;AAChE,QAAI;AAEF,YAAM,UAAwB;AAAA,QAC5B,MAAM,IAAI;AAAA,QACV,QAAQ,IAAI;AAAA,QACZ,SAAS,IAAI;AAAA,QACb,MAAM,IAAI;AAAA,MACZ;AAGA,UAAI,QAAQ,MAAM;AAChB,cAAM,aAAa,MAAM,QAAQ,KAAK,OAAO;AAC7C,YAAI,YAAY;AACd,iBAAO,KAAK;AAAA,QACd;AAAA,MACF;AAGA,YAAM,YAAY,QAAQ,aAAa,QAAQ,IAAI;AACnD,UAAI,CAAC,WAAW;AACd,gBAAQ,MAAM,wGAAwG;AACtH,eAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UAC1B,OAAO;AAAA,UACP,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AAGA,YAAM,QAAQ,QAAQ,WAClB,MAAM,QAAQ,SAAS,OAAO,IAC9B,QAAQ;AAEZ,YAAM,aAAa,WAAW,KAAK;AACnC,YAAM,UAAU,QAAQ,WAAW;AACnC,YAAM,cAAc,QAAQ,eAAe;AAG3C,YAAM,gBAAgB,IAAI,QAAQ,WAAW;AAE7C,UAAI,CAAC,eAAe;AAElB,cAAM,QAAQ,cAAc;AAC5B,cAAM,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI;AAElD,cAAM,kBAAuC;AAAA,UAC3C;AAAA,UACA,QAAQ,WAAW,SAAS;AAAA,UAC5B,UAAU;AAAA,UACV;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA,aAAa,QAAQ;AAAA,QACvB;AAGA,YAAI,UAAU,sBAAsB,KAAK,UAAU,eAAe,CAAC;AACnE,YAAI,UAAU,oBAAoB,SAAS,OAAO,KAAK,KAAK,UAAU,eAAe,CAAC,EAAE,SAAS,QAAQ,CAAC,EAAE;AAE5G,eAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UAC1B,OAAO;AAAA,UACP,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AAGA,YAAM,SAAS,MAAM,kBAAkB,eAAe;AAAA,QACpD,gBAAgB;AAAA,QAChB,mBAAmB;AAAA,QACnB;AAAA,QACA;AAAA,QACA,gBAAgB,QAAQ;AAAA,MAC1B,CAAC;AAED,UAAI,CAAC,OAAO,OAAO;AACjB,eAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UAC1B,OAAO;AAAA,UACP,QAAQ,OAAO;AAAA,QACjB,CAAC;AAAA,MACH;AAGA,UAAI,cAAc;AAGlB,UAAI,OAAO,QAAQ;AACjB,YAAI,UAAU,oBAAoB,OAAO,MAAM;AAAA,MACjD;AAGA,YAAM,cAAc,QAAQ,eAAe;AAE3C,WAAK,gBAAgB,SAAS,gBAAgB,WAAW,OAAO,UAAU,OAAO,OAAO;AACtF,YAAI;AACF,gBAAM,UAAU,MAAM,oBAAoB;AAAA,YACxC,QAAQ,OAAO;AAAA,YACf,OAAO,OAAO;AAAA,YACd;AAAA,YACA,QAAQ;AAAA,YACR;AAAA,YACA,QAAQ,QAAQ;AAAA,UAClB,CAAC;AAED,cAAI,SAAS;AACX,mBAAO,UAAU;AACjB,gBAAI,UAAU,qBAAqB,OAAO;AAAA,UAC5C;AAAA,QACF,SAAS,cAAc;AACrB,kBAAQ,KAAK,uCAAuC,YAAY;AAAA,QAElE;AAAA,MACF;AAGA,UAAI,QAAQ,WAAW;AACrB,cAAM,QAAQ,UAAU,MAAM;AAAA,MAChC;AAEA,WAAK;AAAA,IACP,SAAS,OAAO;AACd,cAAQ,MAAM,4BAA4B,KAAK;AAC/C,aAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,QAC1B,OAAO;AAAA,QACP,SAAU,MAAgB;AAAA,MAC5B,CAAC;AAAA,IACH;AAAA,EACF;AACF;","names":[]}

package/dist/middleware/fastify.d.mts

@@ -0,0 +1,56 @@
+import { FastifyPluginCallback, FastifyRequest, FastifyReply } from 'fastify';
+import { X as X402PaymentResult, b as X402Options } from '../types-BJNy6Hhb.mjs';
+
+/**
+ * MixrPay Merchant SDK - Fastify Plugin
+ *
+ * Add x402 payment requirement to Fastify routes.
+ *
+ * @example
+ * ```typescript
+ * import Fastify from 'fastify';
+ * import { x402Plugin, x402 } from '@mixrpay/merchant-sdk/fastify';
+ *
+ * const app = Fastify();
+ *
+ * // Register the plugin
+ * app.register(x402Plugin, {
+ *   recipient: '0x...',  // or use MIXRPAY_MERCHANT_ADDRESS env var
+ * });
+ *
+ * // Use on routes
+ * app.post('/api/query', { preHandler: x402({ price: 0.05 }) }, async (req, reply) => {
+ *   return { result: 'success', payer: req.x402Payment?.payer };
+ * });
+ *
+ * // With JWT receipts
+ * app.post('/api/premium', { preHandler: x402({ price: 0.10, receiptMode: 'jwt' }) }, handler);
+ * ```
+ */
+
+declare module 'fastify' {
+    interface FastifyRequest {
+        x402Payment?: X402PaymentResult;
+    }
+}
+interface X402PluginOptions {
+    /** Default recipient address (can be overridden per route) */
+    recipient?: string;
+    /** Default chain ID */
+    chainId?: number;
+    /** Default facilitator URL */
+    facilitator?: string;
+}
+/**
+ * Fastify plugin that adds x402 payment support.
+ */
+declare const x402Plugin: FastifyPluginCallback<X402PluginOptions>;
+/**
+ * Create a preHandler hook that requires x402 payment.
+ *
+ * @param options - x402 configuration options
+ * @returns Fastify preHandler function
+ */
+declare function x402(options: X402Options): (request: FastifyRequest, reply: FastifyReply) => Promise<undefined>;
+
+export { X402Options, X402PaymentResult, type X402PluginOptions, x402, x402Plugin };

package/dist/middleware/fastify.d.ts

@@ -0,0 +1,56 @@
+import { FastifyPluginCallback, FastifyRequest, FastifyReply } from 'fastify';
+import { X as X402PaymentResult, b as X402Options } from '../types-BJNy6Hhb.js';
+
+/**
+ * MixrPay Merchant SDK - Fastify Plugin
+ *
+ * Add x402 payment requirement to Fastify routes.
+ *
+ * @example
+ * ```typescript
+ * import Fastify from 'fastify';
+ * import { x402Plugin, x402 } from '@mixrpay/merchant-sdk/fastify';
+ *
+ * const app = Fastify();
+ *
+ * // Register the plugin
+ * app.register(x402Plugin, {
+ *   recipient: '0x...',  // or use MIXRPAY_MERCHANT_ADDRESS env var
+ * });
+ *
+ * // Use on routes
+ * app.post('/api/query', { preHandler: x402({ price: 0.05 }) }, async (req, reply) => {
+ *   return { result: 'success', payer: req.x402Payment?.payer };
+ * });
+ *
+ * // With JWT receipts
+ * app.post('/api/premium', { preHandler: x402({ price: 0.10, receiptMode: 'jwt' }) }, handler);
+ * ```
+ */
+
+declare module 'fastify' {
+    interface FastifyRequest {
+        x402Payment?: X402PaymentResult;
+    }
+}
+interface X402PluginOptions {
+    /** Default recipient address (can be overridden per route) */
+    recipient?: string;
+    /** Default chain ID */
+    chainId?: number;
+    /** Default facilitator URL */
+    facilitator?: string;
+}
+/**
+ * Fastify plugin that adds x402 payment support.
+ */
+declare const x402Plugin: FastifyPluginCallback<X402PluginOptions>;
+/**
+ * Create a preHandler hook that requires x402 payment.
+ *
+ * @param options - x402 configuration options
+ * @returns Fastify preHandler function
+ */
+declare function x402(options: X402Options): (request: FastifyRequest, reply: FastifyReply) => Promise<undefined>;
+
+export { X402Options, X402PaymentResult, type X402PluginOptions, x402, x402Plugin };