npm - @peac/contracts - Versions diffs - 0.10.8 → 0.10.10 - Mend

@peac/contracts 0.10.8 → 0.10.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/LICENSE +1 -1
package/dist/index.cjs +194 -0
package/dist/index.cjs.map +1 -0
package/dist/index.js +171 -226
package/dist/index.js.map +1 -1
package/package.json +15 -8
package/dist/codes.js +0 -38
package/dist/codes.js.map +0 -1
package/dist/internal/error-codes.js +0 -16
package/dist/internal/error-codes.js.map +0 -1

package/LICENSE CHANGED Viewed

@@ -175,7 +175,7 @@ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 END OF TERMS AND CONDITIONS
-Copyright 2025 PEAC Protocol Contributors
+Copyright 2025-2026 PEAC Protocol Contributors
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,194 @@
+'use strict';
+// src/codes.ts
+var CANONICAL_ERROR_CODES = {
+  // Receipt errors (402 - Payment Required)
+  RECEIPT_MISSING: "E_RECEIPT_MISSING",
+  RECEIPT_INVALID: "E_RECEIPT_INVALID",
+  RECEIPT_EXPIRED: "E_RECEIPT_EXPIRED",
+  // TAP errors (401 - Authentication)
+  TAP_SIGNATURE_MISSING: "E_TAP_SIGNATURE_MISSING",
+  TAP_SIGNATURE_INVALID: "E_TAP_SIGNATURE_INVALID",
+  TAP_TIME_INVALID: "E_TAP_TIME_INVALID",
+  TAP_WINDOW_TOO_LARGE: "E_TAP_WINDOW_TOO_LARGE",
+  TAP_TAG_UNKNOWN: "E_TAP_TAG_UNKNOWN",
+  TAP_ALGORITHM_INVALID: "E_TAP_ALGORITHM_INVALID",
+  TAP_KEY_NOT_FOUND: "E_TAP_KEY_NOT_FOUND",
+  // Replay error (409 - Conflict)
+  TAP_NONCE_REPLAY: "E_TAP_NONCE_REPLAY",
+  // Replay protection required (401 - requires config change)
+  TAP_REPLAY_PROTECTION_REQUIRED: "E_TAP_REPLAY_PROTECTION_REQUIRED",
+  // Issuer errors (403 - Forbidden)
+  ISSUER_NOT_ALLOWED: "E_ISSUER_NOT_ALLOWED",
+  // Configuration errors (500 - Server misconfiguration)
+  CONFIG_ISSUER_ALLOWLIST_REQUIRED: "E_CONFIG_ISSUER_ALLOWLIST_REQUIRED",
+  // Internal errors (500)
+  INTERNAL_ERROR: "E_INTERNAL_ERROR"
+};
+// src/internal/error-codes.ts
+var VALUES = Object.values(CANONICAL_ERROR_CODES);
+var PEAC_ERROR_CODE_SET = new Set(VALUES);
+// src/index.ts
+var PROBLEM_TYPE_BASE = "https://www.peacprotocol.org/problems";
+var CANONICAL_STATUS_MAPPINGS = {
+  // 402 - Payment Required (reserved for payment flows)
+  [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: 402,
+  [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: 402,
+  [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: 402,
+  // 401 - Authentication errors
+  [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: 401,
+  [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: 401,
+  [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: 401,
+  [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: 401,
+  [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: 401,
+  // 400 - Client errors (malformed)
+  [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: 400,
+  [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: 400,
+  [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: 400,
+  // 403 - Forbidden (issuer not in allowlist)
+  [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: 403,
+  // 409 - Conflict (replay detected)
+  [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: 409,
+  // 500 - Server errors
+  [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: 500,
+  [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: 500
+};
+var CANONICAL_TITLES = {
+  [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: "Payment Required",
+  [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: "Invalid Receipt",
+  [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: "Receipt Expired",
+  [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: "Signature Missing",
+  [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: "Invalid Signature",
+  [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: "Invalid Signature Time",
+  [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: "Signature Window Too Large",
+  [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: "Unknown TAP Tag",
+  [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: "Invalid Algorithm",
+  [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: "Key Not Found",
+  [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: "Nonce Replay Detected",
+  [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: "Replay Protection Required",
+  [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: "Issuer Not Allowed",
+  [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: "Configuration Error",
+  [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: "Internal Server Error"
+};
+var MODE_BEHAVIOR = {
+  receipt_or_tap: {
+    status: 402,
+    code: CANONICAL_ERROR_CODES.RECEIPT_MISSING,
+    action: "challenge"
+  },
+  tap_only: {
+    status: 401,
+    code: CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING,
+    action: "error"
+  }
+};
+var WWW_AUTHENTICATE_STATUSES = [401, 402];
+function problemTypeFor(code) {
+  return `${PROBLEM_TYPE_BASE}/${code}`;
+}
+var ERROR_CATALOG = {
+  [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_MISSING],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_MISSING],
+    defaultDetail: "A valid PEAC receipt is required to access this resource."
+  },
+  [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_INVALID],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_INVALID],
+    defaultDetail: "The provided receipt is invalid."
+  },
+  [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_EXPIRED],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_EXPIRED],
+    defaultDetail: "The provided receipt has expired."
+  },
+  [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING],
+    defaultDetail: "TAP signature headers are required."
+  },
+  [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID],
+    defaultDetail: "TAP signature verification failed."
+  },
+  [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_TIME_INVALID],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_TIME_INVALID],
+    defaultDetail: "TAP signature time is invalid."
+  },
+  [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE],
+    defaultDetail: "TAP signature time window exceeds maximum allowed."
+  },
+  [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN],
+    defaultDetail: "Unknown TAP tag in signature."
+  },
+  [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID],
+    defaultDetail: "TAP signature algorithm is invalid."
+  },
+  [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND],
+    defaultDetail: "TAP signing key not found."
+  },
+  [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY],
+    defaultDetail: "Nonce replay detected."
+  },
+  [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED],
+    defaultDetail: "Replay protection required but not configured. Set UNSAFE_ALLOW_NO_REPLAY=true to bypass (UNSAFE for production)."
+  },
+  [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED],
+    defaultDetail: "Issuer not in allowlist."
+  },
+  [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED],
+    defaultDetail: "Worker misconfigured: ISSUER_ALLOWLIST is required. Set UNSAFE_ALLOW_ANY_ISSUER=true to bypass (UNSAFE for production)."
+  },
+  [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.INTERNAL_ERROR],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.INTERNAL_ERROR],
+    defaultDetail: "An internal server error occurred."
+  }
+};
+function getStatusForCode(code) {
+  return CANONICAL_STATUS_MAPPINGS[code];
+}
+function requiresWwwAuthenticate(status) {
+  return WWW_AUTHENTICATE_STATUSES.includes(status);
+}
+function buildWwwAuthenticate(code, realm = "peac") {
+  return `PEAC realm="${realm}", error="${code}", error_uri="${problemTypeFor(code)}"`;
+}
+function isPeacErrorCode(x) {
+  return typeof x === "string" && PEAC_ERROR_CODE_SET.has(x);
+}
+exports.CANONICAL_ERROR_CODES = CANONICAL_ERROR_CODES;
+exports.CANONICAL_STATUS_MAPPINGS = CANONICAL_STATUS_MAPPINGS;
+exports.CANONICAL_TITLES = CANONICAL_TITLES;
+exports.ERROR_CATALOG = ERROR_CATALOG;
+exports.MODE_BEHAVIOR = MODE_BEHAVIOR;
+exports.PROBLEM_TYPE_BASE = PROBLEM_TYPE_BASE;
+exports.WWW_AUTHENTICATE_STATUSES = WWW_AUTHENTICATE_STATUSES;
+exports.buildWwwAuthenticate = buildWwwAuthenticate;
+exports.getStatusForCode = getStatusForCode;
+exports.isPeacErrorCode = isPeacErrorCode;
+exports.problemTypeFor = problemTypeFor;
+exports.requiresWwwAuthenticate = requiresWwwAuthenticate;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/codes.ts","../src/internal/error-codes.ts","../src/index.ts"],"names":[],"mappings":";;;AAcO,IAAM,qBAAA,GAAwB;AAAA;AAAA,EAEnC,eAAA,EAAiB,mBAAA;AAAA,EACjB,eAAA,EAAiB,mBAAA;AAAA,EACjB,eAAA,EAAiB,mBAAA;AAAA;AAAA,EAGjB,qBAAA,EAAuB,yBAAA;AAAA,EACvB,qBAAA,EAAuB,yBAAA;AAAA,EACvB,gBAAA,EAAkB,oBAAA;AAAA,EAClB,oBAAA,EAAsB,wBAAA;AAAA,EACtB,eAAA,EAAiB,mBAAA;AAAA,EACjB,qBAAA,EAAuB,yBAAA;AAAA,EACvB,iBAAA,EAAmB,qBAAA;AAAA;AAAA,EAGnB,gBAAA,EAAkB,oBAAA;AAAA;AAAA,EAGlB,8BAAA,EAAgC,kCAAA;AAAA;AAAA,EAGhC,kBAAA,EAAoB,sBAAA;AAAA;AAAA,EAGpB,gCAAA,EAAkC,oCAAA;AAAA;AAAA,EAGlC,cAAA,EAAgB;AAClB;;;AC5BA,IAAM,MAAA,GAAS,MAAA,CAAO,MAAA,CAAO,qBAAqB,CAAA;AAC3C,IAAM,mBAAA,GAAkD,IAAI,GAAA,CAAI,MAAM,CAAA;;;ACAtE,IAAM,iBAAA,GAAoB;AAa1B,IAAM,yBAAA,GAA2D;AAAA;AAAA,EAEtE,CAAC,qBAAA,CAAsB,eAAe,GAAG,GAAA;AAAA,EACzC,CAAC,qBAAA,CAAsB,eAAe,GAAG,GAAA;AAAA,EACzC,CAAC,qBAAA,CAAsB,eAAe,GAAG,GAAA;AAAA;AAAA,EAGzC,CAAC,qBAAA,CAAsB,qBAAqB,GAAG,GAAA;AAAA,EAC/C,CAAC,qBAAA,CAAsB,qBAAqB,GAAG,GAAA;AAAA,EAC/C,CAAC,qBAAA,CAAsB,gBAAgB,GAAG,GAAA;AAAA,EAC1C,CAAC,qBAAA,CAAsB,iBAAiB,GAAG,GAAA;AAAA,EAC3C,CAAC,qBAAA,CAAsB,8BAA8B,GAAG,GAAA;AAAA;AAAA,EAGxD,CAAC,qBAAA,CAAsB,oBAAoB,GAAG,GAAA;AAAA,EAC9C,CAAC,qBAAA,CAAsB,eAAe,GAAG,GAAA;AAAA,EACzC,CAAC,qBAAA,CAAsB,qBAAqB,GAAG,GAAA;AAAA;AAAA,EAG/C,CAAC,qBAAA,CAAsB,kBAAkB,GAAG,GAAA;AAAA;AAAA,EAG5C,CAAC,qBAAA,CAAsB,gBAAgB,GAAG,GAAA;AAAA;AAAA,EAG1C,CAAC,qBAAA,CAAsB,gCAAgC,GAAG,GAAA;AAAA,EAC1D,CAAC,qBAAA,CAAsB,cAAc,GAAG;AAC1C;AAKO,IAAM,gBAAA,GAAkD;AAAA,EAC7D,CAAC,qBAAA,CAAsB,eAAe,GAAG,kBAAA;AAAA,EACzC,CAAC,qBAAA,CAAsB,eAAe,GAAG,iBAAA;AAAA,EACzC,CAAC,qBAAA,CAAsB,eAAe,GAAG,iBAAA;AAAA,EAEzC,CAAC,qBAAA,CAAsB,qBAAqB,GAAG,mBAAA;AAAA,EAC/C,CAAC,qBAAA,CAAsB,qBAAqB,GAAG,mBAAA;AAAA,EAC/C,CAAC,qBAAA,CAAsB,gBAAgB,GAAG,wBAAA;AAAA,EAC1C,CAAC,qBAAA,CAAsB,oBAAoB,GAAG,4BAAA;AAAA,EAC9C,CAAC,qBAAA,CAAsB,eAAe,GAAG,iBAAA;AAAA,EACzC,CAAC,qBAAA,CAAsB,qBAAqB,GAAG,mBAAA;AAAA,EAC/C,CAAC,qBAAA,CAAsB,iBAAiB,GAAG,eAAA;AAAA,EAC3C,CAAC,qBAAA,CAAsB,gBAAgB,GAAG,uBAAA;AAAA,EAC1C,CAAC,qBAAA,CAAsB,8BAA8B,GAAG,4BAAA;AAAA,EAExD,CAAC,qBAAA,CAAsB,kBAAkB,GAAG,oBAAA;AAAA,EAE5C,CAAC,qBAAA,CAAsB,gCAAgC,GAAG,qBAAA;AAAA,EAC1D,CAAC,qBAAA,CAAsB,cAAc,GAAG;AAC1C;AAwCO,IAAM,aAAA,GAAwD;AAAA,EACnE,cAAA,EAAgB;AAAA,IACd,MAAA,EAAQ,GAAA;AAAA,IACR,MAAM,qBAAA,CAAsB,eAAA;AAAA,IAC5B,MAAA,EAAQ;AAAA,GACV;AAAA,EACA,QAAA,EAAU;AAAA,IACR,MAAA,EAAQ,GAAA;AAAA,IACR,MAAM,qBAAA,CAAsB,qBAAA;AAAA,IAC5B,MAAA,EAAQ;AAAA;AAEZ;AAOO,IAAM,yBAAA,GAA4B,CAAC,GAAA,EAAK,GAAG;AAQ3C,SAAS,eAAe,IAAA,EAA6B;AAC1D,EAAA,OAAO,CAAA,EAAG,iBAAiB,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AACrC;AAmBO,IAAM,aAAA,GAA0D;AAAA,EACrE,CAAC,qBAAA,CAAsB,eAAe,GAAG;AAAA,IACvC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,eAAe,CAAA;AAAA,IACvE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,eAAe,CAAA;AAAA,IAC7D,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,eAAe,GAAG;AAAA,IACvC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,eAAe,CAAA;AAAA,IACvE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,eAAe,CAAA;AAAA,IAC7D,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,eAAe,GAAG;AAAA,IACvC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,eAAe,CAAA;AAAA,IACvE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,eAAe,CAAA;AAAA,IAC7D,aAAA,EAAe;AAAA,GACjB;AAAA,EAEA,CAAC,qBAAA,CAAsB,qBAAqB,GAAG;AAAA,IAC7C,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,qBAAqB,CAAA;AAAA,IAC7E,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,qBAAqB,CAAA;AAAA,IACnE,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,qBAAqB,GAAG;AAAA,IAC7C,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,qBAAqB,CAAA;AAAA,IAC7E,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,qBAAqB,CAAA;AAAA,IACnE,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,gBAAgB,GAAG;AAAA,IACxC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,gBAAgB,CAAA;AAAA,IACxE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,gBAAgB,CAAA;AAAA,IAC9D,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,oBAAoB,GAAG;AAAA,IAC5C,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,oBAAoB,CAAA;AAAA,IAC5E,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,oBAAoB,CAAA;AAAA,IAClE,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,eAAe,GAAG;AAAA,IACvC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,eAAe,CAAA;AAAA,IACvE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,eAAe,CAAA;AAAA,IAC7D,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,qBAAqB,GAAG;AAAA,IAC7C,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,qBAAqB,CAAA;AAAA,IAC7E,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,qBAAqB,CAAA;AAAA,IACnE,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,iBAAiB,GAAG;AAAA,IACzC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,iBAAiB,CAAA;AAAA,IACzE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,iBAAiB,CAAA;AAAA,IAC/D,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,gBAAgB,GAAG;AAAA,IACxC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,gBAAgB,CAAA;AAAA,IACxE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,gBAAgB,CAAA;AAAA,IAC9D,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,8BAA8B,GAAG;AAAA,IACtD,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,8BAA8B,CAAA;AAAA,IACtF,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,8BAA8B,CAAA;AAAA,IAC5E,aAAA,EACE;AAAA,GACJ;AAAA,EAEA,CAAC,qBAAA,CAAsB,kBAAkB,GAAG;AAAA,IAC1C,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,kBAAkB,CAAA;AAAA,IAC1E,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,kBAAkB,CAAA;AAAA,IAChE,aAAA,EAAe;AAAA,GACjB;AAAA,EAEA,CAAC,qBAAA,CAAsB,gCAAgC,GAAG;AAAA,IACxD,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,gCAAgC,CAAA;AAAA,IACxF,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,gCAAgC,CAAA;AAAA,IAC9E,aAAA,EACE;AAAA,GACJ;AAAA,EACA,CAAC,qBAAA,CAAsB,cAAc,GAAG;AAAA,IACtC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,cAAc,CAAA;AAAA,IACtE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,cAAc,CAAA;AAAA,IAC5D,aAAA,EAAe;AAAA;AAEnB;AAQO,SAAS,iBAAiB,IAAA,EAA6B;AAC5D,EAAA,OAAO,0BAA0B,IAAI,CAAA;AACvC;AAQO,SAAS,wBAAwB,MAAA,EAAyB;AAC/D,EAAA,OAAO,yBAAA,CAA0B,SAAS,MAAmB,CAAA;AAC/D;AAWO,SAAS,oBAAA,CAAqB,IAAA,EAAqB,KAAA,GAAQ,MAAA,EAAgB;AAChF,EAAA,OAAO,eAAe,KAAK,CAAA,UAAA,EAAa,IAAI,CAAA,cAAA,EAAiB,cAAA,CAAe,IAAI,CAAC,CAAA,CAAA,CAAA;AACnF;AA4BO,SAAS,gBAAgB,CAAA,EAAgC;AAC9D,EAAA,OAAO,OAAO,CAAA,KAAM,QAAA,IAAY,mBAAA,CAAoB,IAAI,CAAkB,CAAA;AAC5E","file":"index.cjs","sourcesContent":["/**\n * Canonical PEAC error codes.\n *\n * This is the single source of truth for error code values.\n * All other modules import from here to avoid circular dependencies.\n */\n\n/**\n * Canonical PEAC error codes.\n *\n * Format: E_<CATEGORY>_<ERROR>\n *\n * All error codes use the E_ prefix for consistency with RFC/IETF error code conventions.\n */\nexport const CANONICAL_ERROR_CODES = {\n // Receipt errors (402 - Payment Required)\n RECEIPT_MISSING: 'E_RECEIPT_MISSING',\n RECEIPT_INVALID: 'E_RECEIPT_INVALID',\n RECEIPT_EXPIRED: 'E_RECEIPT_EXPIRED',\n\n // TAP errors (401 - Authentication)\n TAP_SIGNATURE_MISSING: 'E_TAP_SIGNATURE_MISSING',\n TAP_SIGNATURE_INVALID: 'E_TAP_SIGNATURE_INVALID',\n TAP_TIME_INVALID: 'E_TAP_TIME_INVALID',\n TAP_WINDOW_TOO_LARGE: 'E_TAP_WINDOW_TOO_LARGE',\n TAP_TAG_UNKNOWN: 'E_TAP_TAG_UNKNOWN',\n TAP_ALGORITHM_INVALID: 'E_TAP_ALGORITHM_INVALID',\n TAP_KEY_NOT_FOUND: 'E_TAP_KEY_NOT_FOUND',\n\n // Replay error (409 - Conflict)\n TAP_NONCE_REPLAY: 'E_TAP_NONCE_REPLAY',\n\n // Replay protection required (401 - requires config change)\n TAP_REPLAY_PROTECTION_REQUIRED: 'E_TAP_REPLAY_PROTECTION_REQUIRED',\n\n // Issuer errors (403 - Forbidden)\n ISSUER_NOT_ALLOWED: 'E_ISSUER_NOT_ALLOWED',\n\n // Configuration errors (500 - Server misconfiguration)\n CONFIG_ISSUER_ALLOWLIST_REQUIRED: 'E_CONFIG_ISSUER_ALLOWLIST_REQUIRED',\n\n // Internal errors (500)\n INTERNAL_ERROR: 'E_INTERNAL_ERROR',\n} as const;\n\n/**\n * PEAC error code type (union of all canonical error codes).\n *\n * Use this type for compile-time safety when handling error codes.\n */\nexport type PeacErrorCode = (typeof CANONICAL_ERROR_CODES)[keyof typeof CANONICAL_ERROR_CODES];\n","/**\n * Internal error code utilities.\n *\n * @internal - Not part of public API. Consumers should import from `@peac/contracts`.\n */\n\nimport { CANONICAL_ERROR_CODES, type PeacErrorCode } from '../codes.js';\n\n/**\n * Set of all canonical PEAC error codes for O(1) validation.\n *\n * Typed as ReadonlySet to prevent accidental mutation.\n *\n * @internal\n */\nconst VALUES = Object.values(CANONICAL_ERROR_CODES) as PeacErrorCode[];\nexport const PEAC_ERROR_CODE_SET: ReadonlySet<PeacErrorCode> = new Set(VALUES);\n","/**\n * PEAC Canonical Contracts\n *\n * Single source of truth for error codes, HTTP status mappings, and verification mode behavior.\n * All surface implementations MUST import from this package to prevent drift.\n *\n * @packageDocumentation\n */\n\n// Re-export canonical error codes from internal module (avoids circular dependencies)\nexport { CANONICAL_ERROR_CODES, type PeacErrorCode } from './codes.js';\nimport { CANONICAL_ERROR_CODES, type PeacErrorCode } from './codes.js';\n\n/**\n * Base URI for RFC 9457 Problem Details type field.\n */\nexport const PROBLEM_TYPE_BASE = 'https://www.peacprotocol.org/problems';\n\n/**\n * Canonical HTTP status code mappings.\n *\n * Status code semantics:\n * - 400: Client error (malformed request, invalid parameters)\n * - 401: Authentication required (missing/invalid credentials)\n * - 402: Payment Required (reserved for PEAC receipt payment flows)\n * - 403: Forbidden (authenticated but not authorized)\n * - 409: Conflict (replay detection - request conflicts with previous state)\n * - 500: Server error (configuration, internal failure)\n */\nexport const CANONICAL_STATUS_MAPPINGS: Record<PeacErrorCode, number> = {\n // 402 - Payment Required (reserved for payment flows)\n [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: 402,\n [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: 402,\n [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: 402,\n\n // 401 - Authentication errors\n [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: 401,\n [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: 401,\n [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: 401,\n [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: 401,\n [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: 401,\n\n // 400 - Client errors (malformed)\n [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: 400,\n [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: 400,\n [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: 400,\n\n // 403 - Forbidden (issuer not in allowlist)\n [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: 403,\n\n // 409 - Conflict (replay detected)\n [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: 409,\n\n // 500 - Server errors\n [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: 500,\n [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: 500,\n};\n\n/**\n * Canonical error titles for RFC 9457 Problem Details.\n */\nexport const CANONICAL_TITLES: Record<PeacErrorCode, string> = {\n [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: 'Payment Required',\n [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: 'Invalid Receipt',\n [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: 'Receipt Expired',\n\n [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: 'Signature Missing',\n [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: 'Invalid Signature',\n [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: 'Invalid Signature Time',\n [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: 'Signature Window Too Large',\n [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: 'Unknown TAP Tag',\n [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: 'Invalid Algorithm',\n [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: 'Key Not Found',\n [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: 'Nonce Replay Detected',\n [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: 'Replay Protection Required',\n\n [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: 'Issuer Not Allowed',\n\n [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: 'Configuration Error',\n [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: 'Internal Server Error',\n};\n\n/**\n * Verification mode.\n *\n * Determines behavior when TAP headers are missing:\n * - tap_only: Missing TAP → 401 + E_TAP_SIGNATURE_MISSING (authentication required)\n * - receipt_or_tap: Missing TAP → 402 + E_RECEIPT_MISSING (payment remedy)\n */\nexport type VerificationMode = 'tap_only' | 'receipt_or_tap';\n\n/**\n * Handler action type.\n *\n * Determines how the handler should respond:\n * - error: Authentication/authorization error\n * - challenge: Payment challenge (402 only)\n * - pass: Bypass verification (bypass paths)\n * - forward: Verification succeeded, forward request\n */\nexport type HandlerAction = 'error' | 'challenge' | 'pass' | 'forward';\n\n/**\n * Mode behavior for missing TAP headers.\n */\nexport interface ModeBehavior {\n /** HTTP status code */\n status: number;\n /** PEAC error code */\n code: PeacErrorCode;\n /** Handler action */\n action: HandlerAction;\n}\n\n/**\n * Verification mode behavior contract.\n *\n * Defines expected HTTP status, error code, and action when no TAP headers are present.\n * This is the canonical source of truth for mode-based behavior.\n */\nexport const MODE_BEHAVIOR: Record<VerificationMode, ModeBehavior> = {\n receipt_or_tap: {\n status: 402,\n code: CANONICAL_ERROR_CODES.RECEIPT_MISSING,\n action: 'challenge',\n },\n tap_only: {\n status: 401,\n code: CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING,\n action: 'error',\n },\n} as const;\n\n/**\n * HTTP status codes that require WWW-Authenticate header.\n *\n * Per v0.9.27 decision: WWW-Authenticate is sent on both 401 (auth required) and 402 (payment remedy).\n */\nexport const WWW_AUTHENTICATE_STATUSES = [401, 402] as const;\n\n/**\n * Get RFC 9457 Problem Details type URI for an error code.\n *\n * @param code - PEAC error code\n * @returns Problem Details type URI (e.g., \"https://www.peacprotocol.org/problems/E_TAP_SIGNATURE_MISSING\")\n */\nexport function problemTypeFor(code: PeacErrorCode): string {\n return `${PROBLEM_TYPE_BASE}/${code}`;\n}\n\n/**\n * Error catalog entry.\n */\nexport interface ErrorCatalogEntry {\n /** HTTP status code */\n status: number;\n /** RFC 9457 title */\n title: string;\n /** Default detail message (can be overridden at runtime) */\n defaultDetail?: string;\n}\n\n/**\n * Error catalog with HTTP status, title, and default detail for each error code.\n *\n * Use this for constructing RFC 9457 Problem Details responses.\n */\nexport const ERROR_CATALOG: Record<PeacErrorCode, ErrorCatalogEntry> = {\n [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_MISSING],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_MISSING],\n defaultDetail: 'A valid PEAC receipt is required to access this resource.',\n },\n [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_INVALID],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_INVALID],\n defaultDetail: 'The provided receipt is invalid.',\n },\n [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_EXPIRED],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_EXPIRED],\n defaultDetail: 'The provided receipt has expired.',\n },\n\n [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING],\n defaultDetail: 'TAP signature headers are required.',\n },\n [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID],\n defaultDetail: 'TAP signature verification failed.',\n },\n [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_TIME_INVALID],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_TIME_INVALID],\n defaultDetail: 'TAP signature time is invalid.',\n },\n [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE],\n defaultDetail: 'TAP signature time window exceeds maximum allowed.',\n },\n [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN],\n defaultDetail: 'Unknown TAP tag in signature.',\n },\n [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID],\n defaultDetail: 'TAP signature algorithm is invalid.',\n },\n [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND],\n defaultDetail: 'TAP signing key not found.',\n },\n [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY],\n defaultDetail: 'Nonce replay detected.',\n },\n [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED],\n defaultDetail:\n 'Replay protection required but not configured. Set UNSAFE_ALLOW_NO_REPLAY=true to bypass (UNSAFE for production).',\n },\n\n [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED],\n defaultDetail: 'Issuer not in allowlist.',\n },\n\n [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED],\n defaultDetail:\n 'Worker misconfigured: ISSUER_ALLOWLIST is required. Set UNSAFE_ALLOW_ANY_ISSUER=true to bypass (UNSAFE for production).',\n },\n [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.INTERNAL_ERROR],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.INTERNAL_ERROR],\n defaultDetail: 'An internal server error occurred.',\n },\n};\n\n/**\n * Get HTTP status code for a PEAC error code.\n *\n * @param code - PEAC error code\n * @returns HTTP status code\n */\nexport function getStatusForCode(code: PeacErrorCode): number {\n return CANONICAL_STATUS_MAPPINGS[code];\n}\n\n/**\n * Check if HTTP status requires WWW-Authenticate header.\n *\n * @param status - HTTP status code\n * @returns true if WWW-Authenticate header is required\n */\nexport function requiresWwwAuthenticate(status: number): boolean {\n return WWW_AUTHENTICATE_STATUSES.includes(status as 401 | 402);\n}\n\n/**\n * Build canonical WWW-Authenticate header value.\n *\n * Format: PEAC realm=\"<realm>\", error=\"<code>\", error_uri=\"<uri>\"\n *\n * @param code - PEAC error code\n * @param realm - Authentication realm (default: \"peac\")\n * @returns Canonical WWW-Authenticate header value\n */\nexport function buildWwwAuthenticate(code: PeacErrorCode, realm = 'peac'): string {\n return `PEAC realm=\"${realm}\", error=\"${code}\", error_uri=\"${problemTypeFor(code)}\"`;\n}\n\n/**\n * Valid PEAC HTTP status codes.\n *\n * All status codes that can be returned by PEAC verification handlers.\n */\nexport type PeacHttpStatus = 400 | 401 | 402 | 403 | 409 | 500;\n\n// Internal Set import - NOT re-exported\nimport { PEAC_ERROR_CODE_SET } from './internal/error-codes.js';\n\n/**\n * Type guard to check if a value is a valid PEAC error code.\n *\n * Uses O(1) Set lookup for performance.\n *\n * @param x - Value to check\n * @returns true if x is a valid PeacErrorCode\n *\n * @example\n * ```typescript\n * if (isPeacErrorCode(code)) {\n * // TypeScript now knows code is PeacErrorCode\n * const status = getStatusForCode(code);\n * }\n * ```\n */\nexport function isPeacErrorCode(x: unknown): x is PeacErrorCode {\n return typeof x === 'string' && PEAC_ERROR_CODE_SET.has(x as PeacErrorCode);\n}\n"]}

package/dist/index.js CHANGED Viewed

@@ -1,236 +1,181 @@
-/**
- * PEAC Canonical Contracts
- *
- * Single source of truth for error codes, HTTP status mappings, and verification mode behavior.
- * All surface implementations MUST import from this package to prevent drift.
- *
- * @packageDocumentation
- */
-// Re-export canonical error codes from internal module (avoids circular dependencies)
-export { CANONICAL_ERROR_CODES } from './codes.js';
-import { CANONICAL_ERROR_CODES } from './codes.js';
-/**
- * Base URI for RFC 9457 Problem Details type field.
- */
-export const PROBLEM_TYPE_BASE = 'https://www.peacprotocol.org/problems';
-/**
- * Canonical HTTP status code mappings.
- *
- * Status code semantics:
- * - 400: Client error (malformed request, invalid parameters)
- * - 401: Authentication required (missing/invalid credentials)
- * - 402: Payment Required (reserved for PEAC receipt payment flows)
- * - 403: Forbidden (authenticated but not authorized)
- * - 409: Conflict (replay detection - request conflicts with previous state)
- * - 500: Server error (configuration, internal failure)
- */
-export const CANONICAL_STATUS_MAPPINGS = {
-    // 402 - Payment Required (reserved for payment flows)
-    [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: 402,
-    [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: 402,
-    [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: 402,
-    // 401 - Authentication errors
-    [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: 401,
-    [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: 401,
-    [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: 401,
-    [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: 401,
-    [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: 401,
-    // 400 - Client errors (malformed)
-    [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: 400,
-    [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: 400,
-    [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: 400,
-    // 403 - Forbidden (issuer not in allowlist)
-    [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: 403,
-    // 409 - Conflict (replay detected)
-    [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: 409,
-    // 500 - Server errors
-    [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: 500,
-    [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: 500,
+// src/codes.ts
+var CANONICAL_ERROR_CODES = {
+  // Receipt errors (402 - Payment Required)
+  RECEIPT_MISSING: "E_RECEIPT_MISSING",
+  RECEIPT_INVALID: "E_RECEIPT_INVALID",
+  RECEIPT_EXPIRED: "E_RECEIPT_EXPIRED",
+  // TAP errors (401 - Authentication)
+  TAP_SIGNATURE_MISSING: "E_TAP_SIGNATURE_MISSING",
+  TAP_SIGNATURE_INVALID: "E_TAP_SIGNATURE_INVALID",
+  TAP_TIME_INVALID: "E_TAP_TIME_INVALID",
+  TAP_WINDOW_TOO_LARGE: "E_TAP_WINDOW_TOO_LARGE",
+  TAP_TAG_UNKNOWN: "E_TAP_TAG_UNKNOWN",
+  TAP_ALGORITHM_INVALID: "E_TAP_ALGORITHM_INVALID",
+  TAP_KEY_NOT_FOUND: "E_TAP_KEY_NOT_FOUND",
+  // Replay error (409 - Conflict)
+  TAP_NONCE_REPLAY: "E_TAP_NONCE_REPLAY",
+  // Replay protection required (401 - requires config change)
+  TAP_REPLAY_PROTECTION_REQUIRED: "E_TAP_REPLAY_PROTECTION_REQUIRED",
+  // Issuer errors (403 - Forbidden)
+  ISSUER_NOT_ALLOWED: "E_ISSUER_NOT_ALLOWED",
+  // Configuration errors (500 - Server misconfiguration)
+  CONFIG_ISSUER_ALLOWLIST_REQUIRED: "E_CONFIG_ISSUER_ALLOWLIST_REQUIRED",
+  // Internal errors (500)
+  INTERNAL_ERROR: "E_INTERNAL_ERROR"
 };
-/**
- * Canonical error titles for RFC 9457 Problem Details.
- */
-export const CANONICAL_TITLES = {
-    [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: 'Payment Required',
-    [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: 'Invalid Receipt',
-    [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: 'Receipt Expired',
-    [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: 'Signature Missing',
-    [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: 'Invalid Signature',
-    [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: 'Invalid Signature Time',
-    [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: 'Signature Window Too Large',
-    [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: 'Unknown TAP Tag',
-    [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: 'Invalid Algorithm',
-    [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: 'Key Not Found',
-    [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: 'Nonce Replay Detected',
-    [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: 'Replay Protection Required',
-    [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: 'Issuer Not Allowed',
-    [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: 'Configuration Error',
-    [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: 'Internal Server Error',
+// src/internal/error-codes.ts
+var VALUES = Object.values(CANONICAL_ERROR_CODES);
+var PEAC_ERROR_CODE_SET = new Set(VALUES);
+// src/index.ts
+var PROBLEM_TYPE_BASE = "https://www.peacprotocol.org/problems";
+var CANONICAL_STATUS_MAPPINGS = {
+  // 402 - Payment Required (reserved for payment flows)
+  [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: 402,
+  [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: 402,
+  [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: 402,
+  // 401 - Authentication errors
+  [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: 401,
+  [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: 401,
+  [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: 401,
+  [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: 401,
+  [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: 401,
+  // 400 - Client errors (malformed)
+  [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: 400,
+  [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: 400,
+  [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: 400,
+  // 403 - Forbidden (issuer not in allowlist)
+  [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: 403,
+  // 409 - Conflict (replay detected)
+  [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: 409,
+  // 500 - Server errors
+  [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: 500,
+  [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: 500
 };
-/**
- * Verification mode behavior contract.
- *
- * Defines expected HTTP status, error code, and action when no TAP headers are present.
- * This is the canonical source of truth for mode-based behavior.
- */
-export const MODE_BEHAVIOR = {
-    receipt_or_tap: {
-        status: 402,
-        code: CANONICAL_ERROR_CODES.RECEIPT_MISSING,
-        action: 'challenge',
-    },
-    tap_only: {
-        status: 401,
-        code: CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING,
-        action: 'error',
-    },
+var CANONICAL_TITLES = {
+  [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: "Payment Required",
+  [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: "Invalid Receipt",
+  [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: "Receipt Expired",
+  [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: "Signature Missing",
+  [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: "Invalid Signature",
+  [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: "Invalid Signature Time",
+  [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: "Signature Window Too Large",
+  [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: "Unknown TAP Tag",
+  [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: "Invalid Algorithm",
+  [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: "Key Not Found",
+  [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: "Nonce Replay Detected",
+  [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: "Replay Protection Required",
+  [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: "Issuer Not Allowed",
+  [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: "Configuration Error",
+  [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: "Internal Server Error"
 };
-/**
- * HTTP status codes that require WWW-Authenticate header.
- *
- * Per v0.9.27 decision: WWW-Authenticate is sent on both 401 (auth required) and 402 (payment remedy).
- */
-export const WWW_AUTHENTICATE_STATUSES = [401, 402];
-/**
- * Get RFC 9457 Problem Details type URI for an error code.
- *
- * @param code - PEAC error code
- * @returns Problem Details type URI (e.g., "https://www.peacprotocol.org/problems/E_TAP_SIGNATURE_MISSING")
- */
-export function problemTypeFor(code) {
-    return `${PROBLEM_TYPE_BASE}/${code}`;
+var MODE_BEHAVIOR = {
+  receipt_or_tap: {
+    status: 402,
+    code: CANONICAL_ERROR_CODES.RECEIPT_MISSING,
+    action: "challenge"
+  },
+  tap_only: {
+    status: 401,
+    code: CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING,
+    action: "error"
+  }
+};
+var WWW_AUTHENTICATE_STATUSES = [401, 402];
+function problemTypeFor(code) {
+  return `${PROBLEM_TYPE_BASE}/${code}`;
 }
-/**
- * Error catalog with HTTP status, title, and default detail for each error code.
- *
- * Use this for constructing RFC 9457 Problem Details responses.
- */
-export const ERROR_CATALOG = {
-    [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_MISSING],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_MISSING],
-        defaultDetail: 'A valid PEAC receipt is required to access this resource.',
-    },
-    [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_INVALID],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_INVALID],
-        defaultDetail: 'The provided receipt is invalid.',
-    },
-    [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_EXPIRED],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_EXPIRED],
-        defaultDetail: 'The provided receipt has expired.',
-    },
-    [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING],
-        defaultDetail: 'TAP signature headers are required.',
-    },
-    [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID],
-        defaultDetail: 'TAP signature verification failed.',
-    },
-    [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_TIME_INVALID],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_TIME_INVALID],
-        defaultDetail: 'TAP signature time is invalid.',
-    },
-    [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE],
-        defaultDetail: 'TAP signature time window exceeds maximum allowed.',
-    },
-    [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN],
-        defaultDetail: 'Unknown TAP tag in signature.',
-    },
-    [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID],
-        defaultDetail: 'TAP signature algorithm is invalid.',
-    },
-    [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND],
-        defaultDetail: 'TAP signing key not found.',
-    },
-    [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY],
-        defaultDetail: 'Nonce replay detected.',
-    },
-    [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED],
-        defaultDetail: 'Replay protection required but not configured. Set UNSAFE_ALLOW_NO_REPLAY=true to bypass (UNSAFE for production).',
-    },
-    [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED],
-        defaultDetail: 'Issuer not in allowlist.',
-    },
-    [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED],
-        defaultDetail: 'Worker misconfigured: ISSUER_ALLOWLIST is required. Set UNSAFE_ALLOW_ANY_ISSUER=true to bypass (UNSAFE for production).',
-    },
-    [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: {
-        status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.INTERNAL_ERROR],
-        title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.INTERNAL_ERROR],
-        defaultDetail: 'An internal server error occurred.',
-    },
+var ERROR_CATALOG = {
+  [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_MISSING],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_MISSING],
+    defaultDetail: "A valid PEAC receipt is required to access this resource."
+  },
+  [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_INVALID],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_INVALID],
+    defaultDetail: "The provided receipt is invalid."
+  },
+  [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_EXPIRED],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_EXPIRED],
+    defaultDetail: "The provided receipt has expired."
+  },
+  [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING],
+    defaultDetail: "TAP signature headers are required."
+  },
+  [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID],
+    defaultDetail: "TAP signature verification failed."
+  },
+  [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_TIME_INVALID],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_TIME_INVALID],
+    defaultDetail: "TAP signature time is invalid."
+  },
+  [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE],
+    defaultDetail: "TAP signature time window exceeds maximum allowed."
+  },
+  [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN],
+    defaultDetail: "Unknown TAP tag in signature."
+  },
+  [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID],
+    defaultDetail: "TAP signature algorithm is invalid."
+  },
+  [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND],
+    defaultDetail: "TAP signing key not found."
+  },
+  [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY],
+    defaultDetail: "Nonce replay detected."
+  },
+  [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED],
+    defaultDetail: "Replay protection required but not configured. Set UNSAFE_ALLOW_NO_REPLAY=true to bypass (UNSAFE for production)."
+  },
+  [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED],
+    defaultDetail: "Issuer not in allowlist."
+  },
+  [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED],
+    defaultDetail: "Worker misconfigured: ISSUER_ALLOWLIST is required. Set UNSAFE_ALLOW_ANY_ISSUER=true to bypass (UNSAFE for production)."
+  },
+  [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: {
+    status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.INTERNAL_ERROR],
+    title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.INTERNAL_ERROR],
+    defaultDetail: "An internal server error occurred."
+  }
 };
-/**
- * Get HTTP status code for a PEAC error code.
- *
- * @param code - PEAC error code
- * @returns HTTP status code
- */
-export function getStatusForCode(code) {
-    return CANONICAL_STATUS_MAPPINGS[code];
+function getStatusForCode(code) {
+  return CANONICAL_STATUS_MAPPINGS[code];
 }
-/**
- * Check if HTTP status requires WWW-Authenticate header.
- *
- * @param status - HTTP status code
- * @returns true if WWW-Authenticate header is required
- */
-export function requiresWwwAuthenticate(status) {
-    return WWW_AUTHENTICATE_STATUSES.includes(status);
+function requiresWwwAuthenticate(status) {
+  return WWW_AUTHENTICATE_STATUSES.includes(status);
 }
-/**
- * Build canonical WWW-Authenticate header value.
- *
- * Format: PEAC realm="<realm>", error="<code>", error_uri="<uri>"
- *
- * @param code - PEAC error code
- * @param realm - Authentication realm (default: "peac")
- * @returns Canonical WWW-Authenticate header value
- */
-export function buildWwwAuthenticate(code, realm = 'peac') {
-    return `PEAC realm="${realm}", error="${code}", error_uri="${problemTypeFor(code)}"`;
+function buildWwwAuthenticate(code, realm = "peac") {
+  return `PEAC realm="${realm}", error="${code}", error_uri="${problemTypeFor(code)}"`;
 }
-// Internal Set import - NOT re-exported
-import { PEAC_ERROR_CODE_SET } from './internal/error-codes.js';
-/**
- * Type guard to check if a value is a valid PEAC error code.
- *
- * Uses O(1) Set lookup for performance.
- *
- * @param x - Value to check
- * @returns true if x is a valid PeacErrorCode
- *
- * @example
- * ```typescript
- * if (isPeacErrorCode(code)) {
- *   // TypeScript now knows code is PeacErrorCode
- *   const status = getStatusForCode(code);
- * }
- * ```
- */
-export function isPeacErrorCode(x) {
-    return typeof x === 'string' && PEAC_ERROR_CODE_SET.has(x);
+function isPeacErrorCode(x) {
+  return typeof x === "string" && PEAC_ERROR_CODE_SET.has(x);
 }
+export { CANONICAL_ERROR_CODES, CANONICAL_STATUS_MAPPINGS, CANONICAL_TITLES, ERROR_CATALOG, MODE_BEHAVIOR, PROBLEM_TYPE_BASE, WWW_AUTHENTICATE_STATUSES, buildWwwAuthenticate, getStatusForCode, isPeacErrorCode, problemTypeFor, requiresWwwAuthenticate };
+//# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,sFAAsF;AACtF,OAAO,EAAE,qBAAqB,EAAsB,MAAM,YAAY,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAsB,MAAM,YAAY,CAAC;AAEvE;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,uCAAuC,CAAC;AAEzE;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAkC;IACtE,sDAAsD;IACtD,CAAC,qBAAqB,CAAC,eAAe,CAAC,EAAE,GAAG;IAC5C,CAAC,qBAAqB,CAAC,eAAe,CAAC,EAAE,GAAG;IAC5C,CAAC,qBAAqB,CAAC,eAAe,CAAC,EAAE,GAAG;IAE5C,8BAA8B;IAC9B,CAAC,qBAAqB,CAAC,qBAAqB,CAAC,EAAE,GAAG;IAClD,CAAC,qBAAqB,CAAC,qBAAqB,CAAC,EAAE,GAAG;IAClD,CAAC,qBAAqB,CAAC,gBAAgB,CAAC,EAAE,GAAG;IAC7C,CAAC,qBAAqB,CAAC,iBAAiB,CAAC,EAAE,GAAG;IAC9C,CAAC,qBAAqB,CAAC,8BAA8B,CAAC,EAAE,GAAG;IAE3D,kCAAkC;IAClC,CAAC,qBAAqB,CAAC,oBAAoB,CAAC,EAAE,GAAG;IACjD,CAAC,qBAAqB,CAAC,eAAe,CAAC,EAAE,GAAG;IAC5C,CAAC,qBAAqB,CAAC,qBAAqB,CAAC,EAAE,GAAG;IAElD,4CAA4C;IAC5C,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,EAAE,GAAG;IAE/C,mCAAmC;IACnC,CAAC,qBAAqB,CAAC,gBAAgB,CAAC,EAAE,GAAG;IAE7C,sBAAsB;IACtB,CAAC,qBAAqB,CAAC,gCAAgC,CAAC,EAAE,GAAG;IAC7D,CAAC,qBAAqB,CAAC,cAAc,CAAC,EAAE,GAAG;CAC5C,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAkC;IAC7D,CAAC,qBAAqB,CAAC,eAAe,CAAC,EAAE,kBAAkB;IAC3D,CAAC,qBAAqB,CAAC,eAAe,CAAC,EAAE,iBAAiB;IAC1D,CAAC,qBAAqB,CAAC,eAAe,CAAC,EAAE,iBAAiB;IAE1D,CAAC,qBAAqB,CAAC,qBAAqB,CAAC,EAAE,mBAAmB;IAClE,CAAC,qBAAqB,CAAC,qBAAqB,CAAC,EAAE,mBAAmB;IAClE,CAAC,qBAAqB,CAAC,gBAAgB,CAAC,EAAE,wBAAwB;IAClE,CAAC,qBAAqB,CAAC,oBAAoB,CAAC,EAAE,4BAA4B;IAC1E,CAAC,qBAAqB,CAAC,eAAe,CAAC,EAAE,iBAAiB;IAC1D,CAAC,qBAAqB,CAAC,qBAAqB,CAAC,EAAE,mBAAmB;IAClE,CAAC,qBAAqB,CAAC,iBAAiB,CAAC,EAAE,eAAe;IAC1D,CAAC,qBAAqB,CAAC,gBAAgB,CAAC,EAAE,uBAAuB;IACjE,CAAC,qBAAqB,CAAC,8BAA8B,CAAC,EAAE,4BAA4B;IAEpF,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,EAAE,oBAAoB;IAEhE,CAAC,qBAAqB,CAAC,gCAAgC,CAAC,EAAE,qBAAqB;IAC/E,CAAC,qBAAqB,CAAC,cAAc,CAAC,EAAE,uBAAuB;CAChE,CAAC;AAkCF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,aAAa,GAA2C;IACnE,cAAc,EAAE;QACd,MAAM,EAAE,GAAG;QACX,IAAI,EAAE,qBAAqB,CAAC,eAAe;QAC3C,MAAM,EAAE,WAAW;KACpB;IACD,QAAQ,EAAE;QACR,MAAM,EAAE,GAAG;QACX,IAAI,EAAE,qBAAqB,CAAC,qBAAqB;QACjD,MAAM,EAAE,OAAO;KAChB;CACO,CAAC;AAEX;;;;GAIG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,GAAG,EAAE,GAAG,CAAU,CAAC;AAE7D;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,IAAmB;IAChD,OAAO,GAAG,iBAAiB,IAAI,IAAI,EAAE,CAAC;AACxC,CAAC;AAcD;;;;GAIG;AACH,MAAM,CAAC,MAAM,aAAa,GAA6C;IACrE,CAAC,qBAAqB,CAAC,eAAe,CAAC,EAAE;QACvC,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,eAAe,CAAC;QACxE,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,eAAe,CAAC;QAC9D,aAAa,EAAE,2DAA2D;KAC3E;IACD,CAAC,qBAAqB,CAAC,eAAe,CAAC,EAAE;QACvC,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,eAAe,CAAC;QACxE,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,eAAe,CAAC;QAC9D,aAAa,EAAE,kCAAkC;KAClD;IACD,CAAC,qBAAqB,CAAC,eAAe,CAAC,EAAE;QACvC,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,eAAe,CAAC;QACxE,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,eAAe,CAAC;QAC9D,aAAa,EAAE,mCAAmC;KACnD;IAED,CAAC,qBAAqB,CAAC,qBAAqB,CAAC,EAAE;QAC7C,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,qBAAqB,CAAC;QAC9E,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,qBAAqB,CAAC;QACpE,aAAa,EAAE,qCAAqC;KACrD;IACD,CAAC,qBAAqB,CAAC,qBAAqB,CAAC,EAAE;QAC7C,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,qBAAqB,CAAC;QAC9E,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,qBAAqB,CAAC;QACpE,aAAa,EAAE,oCAAoC;KACpD;IACD,CAAC,qBAAqB,CAAC,gBAAgB,CAAC,EAAE;QACxC,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,gBAAgB,CAAC;QACzE,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,gBAAgB,CAAC;QAC/D,aAAa,EAAE,gCAAgC;KAChD;IACD,CAAC,qBAAqB,CAAC,oBAAoB,CAAC,EAAE;QAC5C,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,oBAAoB,CAAC;QAC7E,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,oBAAoB,CAAC;QACnE,aAAa,EAAE,oDAAoD;KACpE;IACD,CAAC,qBAAqB,CAAC,eAAe,CAAC,EAAE;QACvC,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,eAAe,CAAC;QACxE,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,eAAe,CAAC;QAC9D,aAAa,EAAE,+BAA+B;KAC/C;IACD,CAAC,qBAAqB,CAAC,qBAAqB,CAAC,EAAE;QAC7C,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,qBAAqB,CAAC;QAC9E,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,qBAAqB,CAAC;QACpE,aAAa,EAAE,qCAAqC;KACrD;IACD,CAAC,qBAAqB,CAAC,iBAAiB,CAAC,EAAE;QACzC,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,iBAAiB,CAAC;QAC1E,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,iBAAiB,CAAC;QAChE,aAAa,EAAE,4BAA4B;KAC5C;IACD,CAAC,qBAAqB,CAAC,gBAAgB,CAAC,EAAE;QACxC,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,gBAAgB,CAAC;QACzE,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,gBAAgB,CAAC;QAC/D,aAAa,EAAE,wBAAwB;KACxC;IACD,CAAC,qBAAqB,CAAC,8BAA8B,CAAC,EAAE;QACtD,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,8BAA8B,CAAC;QACvF,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,8BAA8B,CAAC;QAC7E,aAAa,EACX,mHAAmH;KACtH;IAED,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,EAAE;QAC1C,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,kBAAkB,CAAC;QAC3E,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,kBAAkB,CAAC;QACjE,aAAa,EAAE,0BAA0B;KAC1C;IAED,CAAC,qBAAqB,CAAC,gCAAgC,CAAC,EAAE;QACxD,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,gCAAgC,CAAC;QACzF,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,gCAAgC,CAAC;QAC/E,aAAa,EACX,yHAAyH;KAC5H;IACD,CAAC,qBAAqB,CAAC,cAAc,CAAC,EAAE;QACtC,MAAM,EAAE,yBAAyB,CAAC,qBAAqB,CAAC,cAAc,CAAC;QACvE,KAAK,EAAE,gBAAgB,CAAC,qBAAqB,CAAC,cAAc,CAAC;QAC7D,aAAa,EAAE,oCAAoC;KACpD;CACF,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAmB;IAClD,OAAO,yBAAyB,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,MAAc;IACpD,OAAO,yBAAyB,CAAC,QAAQ,CAAC,MAAmB,CAAC,CAAC;AACjE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAAC,IAAmB,EAAE,KAAK,GAAG,MAAM;IACtE,OAAO,eAAe,KAAK,aAAa,IAAI,iBAAiB,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC;AACvF,CAAC;AASD,wCAAwC;AACxC,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAEhE;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,eAAe,CAAC,CAAU;IACxC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,mBAAmB,CAAC,GAAG,CAAC,CAAkB,CAAC,CAAC;AAC9E,CAAC"}
1	+ {"version":3,"sources":["../src/codes.ts","../src/internal/error-codes.ts","../src/index.ts"],"names":[],"mappings":";AAcO,IAAM,qBAAA,GAAwB;AAAA;AAAA,EAEnC,eAAA,EAAiB,mBAAA;AAAA,EACjB,eAAA,EAAiB,mBAAA;AAAA,EACjB,eAAA,EAAiB,mBAAA;AAAA;AAAA,EAGjB,qBAAA,EAAuB,yBAAA;AAAA,EACvB,qBAAA,EAAuB,yBAAA;AAAA,EACvB,gBAAA,EAAkB,oBAAA;AAAA,EAClB,oBAAA,EAAsB,wBAAA;AAAA,EACtB,eAAA,EAAiB,mBAAA;AAAA,EACjB,qBAAA,EAAuB,yBAAA;AAAA,EACvB,iBAAA,EAAmB,qBAAA;AAAA;AAAA,EAGnB,gBAAA,EAAkB,oBAAA;AAAA;AAAA,EAGlB,8BAAA,EAAgC,kCAAA;AAAA;AAAA,EAGhC,kBAAA,EAAoB,sBAAA;AAAA;AAAA,EAGpB,gCAAA,EAAkC,oCAAA;AAAA;AAAA,EAGlC,cAAA,EAAgB;AAClB;;;AC5BA,IAAM,MAAA,GAAS,MAAA,CAAO,MAAA,CAAO,qBAAqB,CAAA;AAC3C,IAAM,mBAAA,GAAkD,IAAI,GAAA,CAAI,MAAM,CAAA;;;ACAtE,IAAM,iBAAA,GAAoB;AAa1B,IAAM,yBAAA,GAA2D;AAAA;AAAA,EAEtE,CAAC,qBAAA,CAAsB,eAAe,GAAG,GAAA;AAAA,EACzC,CAAC,qBAAA,CAAsB,eAAe,GAAG,GAAA;AAAA,EACzC,CAAC,qBAAA,CAAsB,eAAe,GAAG,GAAA;AAAA;AAAA,EAGzC,CAAC,qBAAA,CAAsB,qBAAqB,GAAG,GAAA;AAAA,EAC/C,CAAC,qBAAA,CAAsB,qBAAqB,GAAG,GAAA;AAAA,EAC/C,CAAC,qBAAA,CAAsB,gBAAgB,GAAG,GAAA;AAAA,EAC1C,CAAC,qBAAA,CAAsB,iBAAiB,GAAG,GAAA;AAAA,EAC3C,CAAC,qBAAA,CAAsB,8BAA8B,GAAG,GAAA;AAAA;AAAA,EAGxD,CAAC,qBAAA,CAAsB,oBAAoB,GAAG,GAAA;AAAA,EAC9C,CAAC,qBAAA,CAAsB,eAAe,GAAG,GAAA;AAAA,EACzC,CAAC,qBAAA,CAAsB,qBAAqB,GAAG,GAAA;AAAA;AAAA,EAG/C,CAAC,qBAAA,CAAsB,kBAAkB,GAAG,GAAA;AAAA;AAAA,EAG5C,CAAC,qBAAA,CAAsB,gBAAgB,GAAG,GAAA;AAAA;AAAA,EAG1C,CAAC,qBAAA,CAAsB,gCAAgC,GAAG,GAAA;AAAA,EAC1D,CAAC,qBAAA,CAAsB,cAAc,GAAG;AAC1C;AAKO,IAAM,gBAAA,GAAkD;AAAA,EAC7D,CAAC,qBAAA,CAAsB,eAAe,GAAG,kBAAA;AAAA,EACzC,CAAC,qBAAA,CAAsB,eAAe,GAAG,iBAAA;AAAA,EACzC,CAAC,qBAAA,CAAsB,eAAe,GAAG,iBAAA;AAAA,EAEzC,CAAC,qBAAA,CAAsB,qBAAqB,GAAG,mBAAA;AAAA,EAC/C,CAAC,qBAAA,CAAsB,qBAAqB,GAAG,mBAAA;AAAA,EAC/C,CAAC,qBAAA,CAAsB,gBAAgB,GAAG,wBAAA;AAAA,EAC1C,CAAC,qBAAA,CAAsB,oBAAoB,GAAG,4BAAA;AAAA,EAC9C,CAAC,qBAAA,CAAsB,eAAe,GAAG,iBAAA;AAAA,EACzC,CAAC,qBAAA,CAAsB,qBAAqB,GAAG,mBAAA;AAAA,EAC/C,CAAC,qBAAA,CAAsB,iBAAiB,GAAG,eAAA;AAAA,EAC3C,CAAC,qBAAA,CAAsB,gBAAgB,GAAG,uBAAA;AAAA,EAC1C,CAAC,qBAAA,CAAsB,8BAA8B,GAAG,4BAAA;AAAA,EAExD,CAAC,qBAAA,CAAsB,kBAAkB,GAAG,oBAAA;AAAA,EAE5C,CAAC,qBAAA,CAAsB,gCAAgC,GAAG,qBAAA;AAAA,EAC1D,CAAC,qBAAA,CAAsB,cAAc,GAAG;AAC1C;AAwCO,IAAM,aAAA,GAAwD;AAAA,EACnE,cAAA,EAAgB;AAAA,IACd,MAAA,EAAQ,GAAA;AAAA,IACR,MAAM,qBAAA,CAAsB,eAAA;AAAA,IAC5B,MAAA,EAAQ;AAAA,GACV;AAAA,EACA,QAAA,EAAU;AAAA,IACR,MAAA,EAAQ,GAAA;AAAA,IACR,MAAM,qBAAA,CAAsB,qBAAA;AAAA,IAC5B,MAAA,EAAQ;AAAA;AAEZ;AAOO,IAAM,yBAAA,GAA4B,CAAC,GAAA,EAAK,GAAG;AAQ3C,SAAS,eAAe,IAAA,EAA6B;AAC1D,EAAA,OAAO,CAAA,EAAG,iBAAiB,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AACrC;AAmBO,IAAM,aAAA,GAA0D;AAAA,EACrE,CAAC,qBAAA,CAAsB,eAAe,GAAG;AAAA,IACvC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,eAAe,CAAA;AAAA,IACvE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,eAAe,CAAA;AAAA,IAC7D,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,eAAe,GAAG;AAAA,IACvC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,eAAe,CAAA;AAAA,IACvE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,eAAe,CAAA;AAAA,IAC7D,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,eAAe,GAAG;AAAA,IACvC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,eAAe,CAAA;AAAA,IACvE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,eAAe,CAAA;AAAA,IAC7D,aAAA,EAAe;AAAA,GACjB;AAAA,EAEA,CAAC,qBAAA,CAAsB,qBAAqB,GAAG;AAAA,IAC7C,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,qBAAqB,CAAA;AAAA,IAC7E,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,qBAAqB,CAAA;AAAA,IACnE,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,qBAAqB,GAAG;AAAA,IAC7C,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,qBAAqB,CAAA;AAAA,IAC7E,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,qBAAqB,CAAA;AAAA,IACnE,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,gBAAgB,GAAG;AAAA,IACxC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,gBAAgB,CAAA;AAAA,IACxE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,gBAAgB,CAAA;AAAA,IAC9D,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,oBAAoB,GAAG;AAAA,IAC5C,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,oBAAoB,CAAA;AAAA,IAC5E,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,oBAAoB,CAAA;AAAA,IAClE,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,eAAe,GAAG;AAAA,IACvC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,eAAe,CAAA;AAAA,IACvE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,eAAe,CAAA;AAAA,IAC7D,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,qBAAqB,GAAG;AAAA,IAC7C,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,qBAAqB,CAAA;AAAA,IAC7E,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,qBAAqB,CAAA;AAAA,IACnE,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,iBAAiB,GAAG;AAAA,IACzC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,iBAAiB,CAAA;AAAA,IACzE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,iBAAiB,CAAA;AAAA,IAC/D,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,gBAAgB,GAAG;AAAA,IACxC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,gBAAgB,CAAA;AAAA,IACxE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,gBAAgB,CAAA;AAAA,IAC9D,aAAA,EAAe;AAAA,GACjB;AAAA,EACA,CAAC,qBAAA,CAAsB,8BAA8B,GAAG;AAAA,IACtD,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,8BAA8B,CAAA;AAAA,IACtF,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,8BAA8B,CAAA;AAAA,IAC5E,aAAA,EACE;AAAA,GACJ;AAAA,EAEA,CAAC,qBAAA,CAAsB,kBAAkB,GAAG;AAAA,IAC1C,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,kBAAkB,CAAA;AAAA,IAC1E,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,kBAAkB,CAAA;AAAA,IAChE,aAAA,EAAe;AAAA,GACjB;AAAA,EAEA,CAAC,qBAAA,CAAsB,gCAAgC,GAAG;AAAA,IACxD,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,gCAAgC,CAAA;AAAA,IACxF,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,gCAAgC,CAAA;AAAA,IAC9E,aAAA,EACE;AAAA,GACJ;AAAA,EACA,CAAC,qBAAA,CAAsB,cAAc,GAAG;AAAA,IACtC,MAAA,EAAQ,yBAAA,CAA0B,qBAAA,CAAsB,cAAc,CAAA;AAAA,IACtE,KAAA,EAAO,gBAAA,CAAiB,qBAAA,CAAsB,cAAc,CAAA;AAAA,IAC5D,aAAA,EAAe;AAAA;AAEnB;AAQO,SAAS,iBAAiB,IAAA,EAA6B;AAC5D,EAAA,OAAO,0BAA0B,IAAI,CAAA;AACvC;AAQO,SAAS,wBAAwB,MAAA,EAAyB;AAC/D,EAAA,OAAO,yBAAA,CAA0B,SAAS,MAAmB,CAAA;AAC/D;AAWO,SAAS,oBAAA,CAAqB,IAAA,EAAqB,KAAA,GAAQ,MAAA,EAAgB;AAChF,EAAA,OAAO,eAAe,KAAK,CAAA,UAAA,EAAa,IAAI,CAAA,cAAA,EAAiB,cAAA,CAAe,IAAI,CAAC,CAAA,CAAA,CAAA;AACnF;AA4BO,SAAS,gBAAgB,CAAA,EAAgC;AAC9D,EAAA,OAAO,OAAO,CAAA,KAAM,QAAA,IAAY,mBAAA,CAAoB,IAAI,CAAkB,CAAA;AAC5E","file":"index.js","sourcesContent":["/*\n Canonical PEAC error codes.\n \n This is the single source of truth for error code values.\n * All other modules import from here to avoid circular dependencies.\n /\n\n/\n Canonical PEAC error codes.\n \n Format: E_<CATEGORY>_<ERROR>\n \n All error codes use the E_ prefix for consistency with RFC/IETF error code conventions.\n /\nexport const CANONICAL_ERROR_CODES = {\n // Receipt errors (402 - Payment Required)\n RECEIPT_MISSING: 'E_RECEIPT_MISSING',\n RECEIPT_INVALID: 'E_RECEIPT_INVALID',\n RECEIPT_EXPIRED: 'E_RECEIPT_EXPIRED',\n\n // TAP errors (401 - Authentication)\n TAP_SIGNATURE_MISSING: 'E_TAP_SIGNATURE_MISSING',\n TAP_SIGNATURE_INVALID: 'E_TAP_SIGNATURE_INVALID',\n TAP_TIME_INVALID: 'E_TAP_TIME_INVALID',\n TAP_WINDOW_TOO_LARGE: 'E_TAP_WINDOW_TOO_LARGE',\n TAP_TAG_UNKNOWN: 'E_TAP_TAG_UNKNOWN',\n TAP_ALGORITHM_INVALID: 'E_TAP_ALGORITHM_INVALID',\n TAP_KEY_NOT_FOUND: 'E_TAP_KEY_NOT_FOUND',\n\n // Replay error (409 - Conflict)\n TAP_NONCE_REPLAY: 'E_TAP_NONCE_REPLAY',\n\n // Replay protection required (401 - requires config change)\n TAP_REPLAY_PROTECTION_REQUIRED: 'E_TAP_REPLAY_PROTECTION_REQUIRED',\n\n // Issuer errors (403 - Forbidden)\n ISSUER_NOT_ALLOWED: 'E_ISSUER_NOT_ALLOWED',\n\n // Configuration errors (500 - Server misconfiguration)\n CONFIG_ISSUER_ALLOWLIST_REQUIRED: 'E_CONFIG_ISSUER_ALLOWLIST_REQUIRED',\n\n // Internal errors (500)\n INTERNAL_ERROR: 'E_INTERNAL_ERROR',\n} as const;\n\n/\n PEAC error code type (union of all canonical error codes).\n \n Use this type for compile-time safety when handling error codes.\n /\nexport type PeacErrorCode = (typeof CANONICAL_ERROR_CODES)[keyof typeof CANONICAL_ERROR_CODES];\n","/\n Internal error code utilities.\n \n @internal - Not part of public API. Consumers should import from `@peac/contracts`.\n /\n\nimport { CANONICAL_ERROR_CODES, type PeacErrorCode } from '../codes.js';\n\n/\n Set of all canonical PEAC error codes for O(1) validation.\n \n Typed as ReadonlySet to prevent accidental mutation.\n \n @internal\n /\nconst VALUES = Object.values(CANONICAL_ERROR_CODES) as PeacErrorCode[];\nexport const PEAC_ERROR_CODE_SET: ReadonlySet<PeacErrorCode> = new Set(VALUES);\n","/\n PEAC Canonical Contracts\n \n Single source of truth for error codes, HTTP status mappings, and verification mode behavior.\n * All surface implementations MUST import from this package to prevent drift.\n \n @packageDocumentation\n /\n\n// Re-export canonical error codes from internal module (avoids circular dependencies)\nexport { CANONICAL_ERROR_CODES, type PeacErrorCode } from './codes.js';\nimport { CANONICAL_ERROR_CODES, type PeacErrorCode } from './codes.js';\n\n/\n Base URI for RFC 9457 Problem Details type field.\n /\nexport const PROBLEM_TYPE_BASE = 'https://www.peacprotocol.org/problems';\n\n/\n Canonical HTTP status code mappings.\n \n Status code semantics:\n * - 400: Client error (malformed request, invalid parameters)\n * - 401: Authentication required (missing/invalid credentials)\n * - 402: Payment Required (reserved for PEAC receipt payment flows)\n * - 403: Forbidden (authenticated but not authorized)\n * - 409: Conflict (replay detection - request conflicts with previous state)\n * - 500: Server error (configuration, internal failure)\n /\nexport const CANONICAL_STATUS_MAPPINGS: Record<PeacErrorCode, number> = {\n // 402 - Payment Required (reserved for payment flows)\n [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: 402,\n [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: 402,\n [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: 402,\n\n // 401 - Authentication errors\n [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: 401,\n [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: 401,\n [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: 401,\n [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: 401,\n [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: 401,\n\n // 400 - Client errors (malformed)\n [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: 400,\n [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: 400,\n [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: 400,\n\n // 403 - Forbidden (issuer not in allowlist)\n [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: 403,\n\n // 409 - Conflict (replay detected)\n [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: 409,\n\n // 500 - Server errors\n [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: 500,\n [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: 500,\n};\n\n/\n Canonical error titles for RFC 9457 Problem Details.\n /\nexport const CANONICAL_TITLES: Record<PeacErrorCode, string> = {\n [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: 'Payment Required',\n [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: 'Invalid Receipt',\n [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: 'Receipt Expired',\n\n [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: 'Signature Missing',\n [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: 'Invalid Signature',\n [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: 'Invalid Signature Time',\n [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: 'Signature Window Too Large',\n [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: 'Unknown TAP Tag',\n [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: 'Invalid Algorithm',\n [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: 'Key Not Found',\n [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: 'Nonce Replay Detected',\n [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: 'Replay Protection Required',\n\n [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: 'Issuer Not Allowed',\n\n [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: 'Configuration Error',\n [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: 'Internal Server Error',\n};\n\n/\n Verification mode.\n \n Determines behavior when TAP headers are missing:\n * - tap_only: Missing TAP → 401 + E_TAP_SIGNATURE_MISSING (authentication required)\n * - receipt_or_tap: Missing TAP → 402 + E_RECEIPT_MISSING (payment remedy)\n /\nexport type VerificationMode = 'tap_only' \| 'receipt_or_tap';\n\n/\n Handler action type.\n \n Determines how the handler should respond:\n * - error: Authentication/authorization error\n * - challenge: Payment challenge (402 only)\n * - pass: Bypass verification (bypass paths)\n * - forward: Verification succeeded, forward request\n /\nexport type HandlerAction = 'error' \| 'challenge' \| 'pass' \| 'forward';\n\n/\n Mode behavior for missing TAP headers.\n /\nexport interface ModeBehavior {\n /* HTTP status code /\n status: number;\n /* PEAC error code /\n code: PeacErrorCode;\n /* Handler action /\n action: HandlerAction;\n}\n\n/\n Verification mode behavior contract.\n \n Defines expected HTTP status, error code, and action when no TAP headers are present.\n * This is the canonical source of truth for mode-based behavior.\n /\nexport const MODE_BEHAVIOR: Record<VerificationMode, ModeBehavior> = {\n receipt_or_tap: {\n status: 402,\n code: CANONICAL_ERROR_CODES.RECEIPT_MISSING,\n action: 'challenge',\n },\n tap_only: {\n status: 401,\n code: CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING,\n action: 'error',\n },\n} as const;\n\n/\n HTTP status codes that require WWW-Authenticate header.\n \n Per v0.9.27 decision: WWW-Authenticate is sent on both 401 (auth required) and 402 (payment remedy).\n /\nexport const WWW_AUTHENTICATE_STATUSES = [401, 402] as const;\n\n/\n Get RFC 9457 Problem Details type URI for an error code.\n \n @param code - PEAC error code\n * @returns Problem Details type URI (e.g., \"https://www.peacprotocol.org/problems/E_TAP_SIGNATURE_MISSING\")\n /\nexport function problemTypeFor(code: PeacErrorCode): string {\n return `${PROBLEM_TYPE_BASE}/${code}`;\n}\n\n/\n Error catalog entry.\n /\nexport interface ErrorCatalogEntry {\n /* HTTP status code /\n status: number;\n /* RFC 9457 title /\n title: string;\n /* Default detail message (can be overridden at runtime) /\n defaultDetail?: string;\n}\n\n/\n Error catalog with HTTP status, title, and default detail for each error code.\n \n Use this for constructing RFC 9457 Problem Details responses.\n /\nexport const ERROR_CATALOG: Record<PeacErrorCode, ErrorCatalogEntry> = {\n [CANONICAL_ERROR_CODES.RECEIPT_MISSING]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_MISSING],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_MISSING],\n defaultDetail: 'A valid PEAC receipt is required to access this resource.',\n },\n [CANONICAL_ERROR_CODES.RECEIPT_INVALID]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_INVALID],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_INVALID],\n defaultDetail: 'The provided receipt is invalid.',\n },\n [CANONICAL_ERROR_CODES.RECEIPT_EXPIRED]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.RECEIPT_EXPIRED],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.RECEIPT_EXPIRED],\n defaultDetail: 'The provided receipt has expired.',\n },\n\n [CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_SIGNATURE_MISSING],\n defaultDetail: 'TAP signature headers are required.',\n },\n [CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_SIGNATURE_INVALID],\n defaultDetail: 'TAP signature verification failed.',\n },\n [CANONICAL_ERROR_CODES.TAP_TIME_INVALID]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_TIME_INVALID],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_TIME_INVALID],\n defaultDetail: 'TAP signature time is invalid.',\n },\n [CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_WINDOW_TOO_LARGE],\n defaultDetail: 'TAP signature time window exceeds maximum allowed.',\n },\n [CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_TAG_UNKNOWN],\n defaultDetail: 'Unknown TAP tag in signature.',\n },\n [CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_ALGORITHM_INVALID],\n defaultDetail: 'TAP signature algorithm is invalid.',\n },\n [CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_KEY_NOT_FOUND],\n defaultDetail: 'TAP signing key not found.',\n },\n [CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_NONCE_REPLAY],\n defaultDetail: 'Nonce replay detected.',\n },\n [CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.TAP_REPLAY_PROTECTION_REQUIRED],\n defaultDetail:\n 'Replay protection required but not configured. Set UNSAFE_ALLOW_NO_REPLAY=true to bypass (UNSAFE for production).',\n },\n\n [CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.ISSUER_NOT_ALLOWED],\n defaultDetail: 'Issuer not in allowlist.',\n },\n\n [CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.CONFIG_ISSUER_ALLOWLIST_REQUIRED],\n defaultDetail:\n 'Worker misconfigured: ISSUER_ALLOWLIST is required. Set UNSAFE_ALLOW_ANY_ISSUER=true to bypass (UNSAFE for production).',\n },\n [CANONICAL_ERROR_CODES.INTERNAL_ERROR]: {\n status: CANONICAL_STATUS_MAPPINGS[CANONICAL_ERROR_CODES.INTERNAL_ERROR],\n title: CANONICAL_TITLES[CANONICAL_ERROR_CODES.INTERNAL_ERROR],\n defaultDetail: 'An internal server error occurred.',\n },\n};\n\n/\n Get HTTP status code for a PEAC error code.\n \n @param code - PEAC error code\n * @returns HTTP status code\n /\nexport function getStatusForCode(code: PeacErrorCode): number {\n return CANONICAL_STATUS_MAPPINGS[code];\n}\n\n/\n Check if HTTP status requires WWW-Authenticate header.\n \n @param status - HTTP status code\n * @returns true if WWW-Authenticate header is required\n /\nexport function requiresWwwAuthenticate(status: number): boolean {\n return WWW_AUTHENTICATE_STATUSES.includes(status as 401 \| 402);\n}\n\n/\n Build canonical WWW-Authenticate header value.\n \n Format: PEAC realm=\"<realm>\", error=\"<code>\", error_uri=\"<uri>\"\n \n @param code - PEAC error code\n * @param realm - Authentication realm (default: \"peac\")\n * @returns Canonical WWW-Authenticate header value\n /\nexport function buildWwwAuthenticate(code: PeacErrorCode, realm = 'peac'): string {\n return `PEAC realm=\"${realm}\", error=\"${code}\", error_uri=\"${problemTypeFor(code)}\"`;\n}\n\n/\n Valid PEAC HTTP status codes.\n \n All status codes that can be returned by PEAC verification handlers.\n /\nexport type PeacHttpStatus = 400 \| 401 \| 402 \| 403 \| 409 \| 500;\n\n// Internal Set import - NOT re-exported\nimport { PEAC_ERROR_CODE_SET } from './internal/error-codes.js';\n\n/\n Type guard to check if a value is a valid PEAC error code.\n \n Uses O(1) Set lookup for performance.\n \n @param x - Value to check\n * @returns true if x is a valid PeacErrorCode\n \n @example\n * ```typescript\n * if (isPeacErrorCode(code)) {\n * // TypeScript now knows code is PeacErrorCode\n * const status = getStatusForCode(code);\n * }\n * ```\n */\nexport function isPeacErrorCode(x: unknown): x is PeacErrorCode {\n return typeof x === 'string' && PEAC_ERROR_CODE_SET.has(x as PeacErrorCode);\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,15 +1,18 @@
 {
   "name": "@peac/contracts",
-  "version": "0.10.8",
+  "version": "0.10.10",
   "description": "PEAC canonical error codes and verification mode contracts",
   "type": "module",
-  "main": "./dist/index.js",
-  "types": "./dist/index.d.ts",
+  "main": "dist/index.cjs",
+  "types": "dist/index.d.ts",
   "exports": {
     ".": {
+      "types": "./dist/index.d.ts",
       "import": "./dist/index.js",
-      "types": "./dist/index.d.ts"
-    }
+      "require": "./dist/index.cjs",
+      "default": "./dist/index.js"
+    },
+    "./package.json": "./package.json"
   },
   "files": [
     "dist"
@@ -30,12 +33,16 @@
   },
   "devDependencies": {
     "typescript": "^5.3.3",
-    "vitest": "^2.0.0"
+    "vitest": "^4.0.0",
+    "tsup": "^8.0.0"
   },
   "scripts": {
-    "build": "tsc",
+    "prebuild": "rm -rf dist",
+    "build": "pnpm run build:js && pnpm run build:types",
     "typecheck": "tsc --noEmit",
     "test": "vitest run",
-    "test:watch": "vitest"
+    "test:watch": "vitest",
+    "build:js": "tsup",
+    "build:types": "rm -f dist/.tsbuildinfo && tsc && rm -f dist/.tsbuildinfo"
   }
 }

package/dist/codes.js DELETED Viewed

@@ -1,38 +0,0 @@
-/**
- * Canonical PEAC error codes.
- *
- * This is the single source of truth for error code values.
- * All other modules import from here to avoid circular dependencies.
- */
-/**
- * Canonical PEAC error codes.
- *
- * Format: E_<CATEGORY>_<ERROR>
- *
- * All error codes use the E_ prefix for consistency with RFC/IETF error code conventions.
- */
-export const CANONICAL_ERROR_CODES = {
-    // Receipt errors (402 - Payment Required)
-    RECEIPT_MISSING: 'E_RECEIPT_MISSING',
-    RECEIPT_INVALID: 'E_RECEIPT_INVALID',
-    RECEIPT_EXPIRED: 'E_RECEIPT_EXPIRED',
-    // TAP errors (401 - Authentication)
-    TAP_SIGNATURE_MISSING: 'E_TAP_SIGNATURE_MISSING',
-    TAP_SIGNATURE_INVALID: 'E_TAP_SIGNATURE_INVALID',
-    TAP_TIME_INVALID: 'E_TAP_TIME_INVALID',
-    TAP_WINDOW_TOO_LARGE: 'E_TAP_WINDOW_TOO_LARGE',
-    TAP_TAG_UNKNOWN: 'E_TAP_TAG_UNKNOWN',
-    TAP_ALGORITHM_INVALID: 'E_TAP_ALGORITHM_INVALID',
-    TAP_KEY_NOT_FOUND: 'E_TAP_KEY_NOT_FOUND',
-    // Replay error (409 - Conflict)
-    TAP_NONCE_REPLAY: 'E_TAP_NONCE_REPLAY',
-    // Replay protection required (401 - requires config change)
-    TAP_REPLAY_PROTECTION_REQUIRED: 'E_TAP_REPLAY_PROTECTION_REQUIRED',
-    // Issuer errors (403 - Forbidden)
-    ISSUER_NOT_ALLOWED: 'E_ISSUER_NOT_ALLOWED',
-    // Configuration errors (500 - Server misconfiguration)
-    CONFIG_ISSUER_ALLOWLIST_REQUIRED: 'E_CONFIG_ISSUER_ALLOWLIST_REQUIRED',
-    // Internal errors (500)
-    INTERNAL_ERROR: 'E_INTERNAL_ERROR',
-};
-//# sourceMappingURL=codes.js.map

package/dist/codes.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"codes.js","sourceRoot":"","sources":["../src/codes.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,0CAA0C;IAC1C,eAAe,EAAE,mBAAmB;IACpC,eAAe,EAAE,mBAAmB;IACpC,eAAe,EAAE,mBAAmB;IAEpC,oCAAoC;IACpC,qBAAqB,EAAE,yBAAyB;IAChD,qBAAqB,EAAE,yBAAyB;IAChD,gBAAgB,EAAE,oBAAoB;IACtC,oBAAoB,EAAE,wBAAwB;IAC9C,eAAe,EAAE,mBAAmB;IACpC,qBAAqB,EAAE,yBAAyB;IAChD,iBAAiB,EAAE,qBAAqB;IAExC,gCAAgC;IAChC,gBAAgB,EAAE,oBAAoB;IAEtC,4DAA4D;IAC5D,8BAA8B,EAAE,kCAAkC;IAElE,kCAAkC;IAClC,kBAAkB,EAAE,sBAAsB;IAE1C,uDAAuD;IACvD,gCAAgC,EAAE,oCAAoC;IAEtE,wBAAwB;IACxB,cAAc,EAAE,kBAAkB;CAC1B,CAAC"}

package/dist/internal/error-codes.js DELETED Viewed

@@ -1,16 +0,0 @@
-/**
- * Internal error code utilities.
- *
- * @internal - Not part of public API. Consumers should import from `@peac/contracts`.
- */
-import { CANONICAL_ERROR_CODES } from '../codes.js';
-/**
- * Set of all canonical PEAC error codes for O(1) validation.
- *
- * Typed as ReadonlySet to prevent accidental mutation.
- *
- * @internal
- */
-const VALUES = Object.values(CANONICAL_ERROR_CODES);
-export const PEAC_ERROR_CODE_SET = new Set(VALUES);
-//# sourceMappingURL=error-codes.js.map

package/dist/internal/error-codes.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"error-codes.js","sourceRoot":"","sources":["../../src/internal/error-codes.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,qBAAqB,EAAsB,MAAM,aAAa,CAAC;AAExE;;;;;;GAMG;AACH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAoB,CAAC;AACvE,MAAM,CAAC,MAAM,mBAAmB,GAA+B,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC"}