@peac/mappings-paymentauth 0.12.4

package/LICENSE

@@ -0,0 +1,190 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+Copyright 2025-2026 PEAC Protocol Contributors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

package/README.md

@@ -0,0 +1,31 @@
+# @peac/mappings-paymentauth
+
+HTTP Payment authentication scheme (paymentauth/MPP) mapping for PEAC.
+
+Envelope-first parsing of paymentauth wire artifacts with raw + normalized types. Method-specific payloads are treated as `unknown` because each payment method (card, lightning, stripe, tempo) has its own specification.
+
+## Status
+
+Experimental. The paymentauth core spec (`draft-ryan-httpauth-payment-01`) is an active individual draft (not standards-track). Discovery and JSON-RPC/MCP transport drafts are at draft-00.
+
+## Features
+
+- Parse `WWW-Authenticate: Payment` challenges (first challenge; separate header lines recommended for multiple challenges)
+- Parse `Authorization: Payment` credentials (base64url-encoded JSON)
+- Parse `Payment-Receipt` headers (base64url-encoded JSON)
+- Normalize to stable PEAC-facing types with `_raw` back-references
+- OpenAPI discovery extraction (`x-service-info`, `x-payment-info`)
+- JSON-RPC error detection (`-32042`, `-32043`)
+- MCP `_meta` key extraction (`org.paymentauth/credential`, `org.paymentauth/receipt`)
+- MCP capability advertisement typing (`experimental.payment`)
+
+## Security
+
+- Raw `Authorization: Payment` and `Payment-Receipt` values never appear in thrown errors
+- Parser limits enforced: header size, param count, payload size, JSON depth
+- Decoded bytes preserved alongside strings for non-UTF-8 safety
+- `redactPaymentauthHeader()` helper for safe logging
+
+## No Network I/O
+
+This package contains zero network calls. All functions are pure parsers and normalizers.

package/dist/carrier.d.ts

@@ -0,0 +1,80 @@
+/**
+ * Paymentauth carrier adapter for Evidence Carrier Contract.
+ *
+ * Header-only embed transport via PEAC-Receipt (compact JWS).
+ * All size limits enforce the 8 KB header ceiling (HTTP transport).
+ *
+ * receipt_ref is computed from the raw upstream artifact actually received
+ * (the literal Payment-Receipt header value), NOT assumed to be a JWS.
+ *
+ * Co-existence: PEAC PEAC-Receipt and paymentauth Payment-Receipt can
+ * appear on the same HTTP response. They serve different purposes:
+ * - PEAC-Receipt: signed PEAC interaction record (compact JWS)
+ * - Payment-Receipt: paymentauth payment receipt (base64url JSON)
+ * No semantic coupling is implied between them.
+ */
+import type { PeacEvidenceCarrier, CarrierMeta, CarrierValidationResult, CarrierAdapter } from '@peac/kernel';
+/** Paymentauth carrier size limits (HTTP header transport ceiling) */
+export declare const PAYMENTAUTH_CARRIER_LIMITS: {
+    readonly embed: 65536;
+    readonly headers: 8192;
+};
+/** Simple header map */
+export type PaymentauthHeaderMap = Record<string, string>;
+/** Paymentauth HTTP response with headers */
+export interface PaymentauthResponseLike {
+    headers?: PaymentauthHeaderMap;
+    body?: Record<string, unknown>;
+}
+/** Extraction result */
+export interface PaymentauthExtractResult {
+    receipts: PeacEvidenceCarrier[];
+    meta: CarrierMeta;
+    /**
+     * Raw Payment-Receipt header value if present (upstream artifact).
+     * This is observational upstream material and is NEVER part of
+     * receipt_jws. It is captured separately for audit/traceability only.
+     */
+    rawPaymentReceipt?: string;
+}
+/** Async extraction result */
+export interface PaymentauthExtractAsyncResult extends PaymentauthExtractResult {
+    violations: string[];
+}
+/**
+ * Attach PEAC carrier to paymentauth response headers.
+ *
+ * Sets PEAC-Receipt header with compact JWS. This is the PEAC evidence
+ * carrier; it coexists with (but is independent of) the paymentauth
+ * Payment-Receipt header.
+ */
+export declare function attachCarrierToPaymentauthHeaders(headers: PaymentauthHeaderMap, carrier: PeacEvidenceCarrier): PaymentauthHeaderMap;
+/**
+ * Extract PEAC carrier from paymentauth response headers (sync).
+ *
+ * Reads PEAC-Receipt header for compact JWS. Also captures the raw
+ * Payment-Receipt header value if present (upstream artifact, NOT
+ * stored in receipt_jws).
+ */
+export declare function extractCarrierFromPaymentauthHeaders(headers: PaymentauthHeaderMap): PaymentauthExtractResult | null;
+/**
+ * Extract PEAC carrier from paymentauth response headers (async).
+ *
+ * Computes receipt_ref from the PEAC-Receipt JWS.
+ */
+export declare function extractCarrierFromPaymentauthHeadersAsync(headers: PaymentauthHeaderMap): Promise<PaymentauthExtractAsyncResult | null>;
+/**
+ * CarrierAdapter implementation for paymentauth HTTP responses.
+ *
+ * Extracts PEAC-Receipt from response headers. Attaches PEAC-Receipt
+ * to response headers. Enforces 8 KB header size limits.
+ */
+export declare class PaymentauthCarrierAdapter implements CarrierAdapter<PaymentauthResponseLike, PaymentauthResponseLike> {
+    extract(input: PaymentauthResponseLike): {
+        receipts: PeacEvidenceCarrier[];
+        meta: CarrierMeta;
+    } | null;
+    attach(output: PaymentauthResponseLike, carriers: PeacEvidenceCarrier[], meta?: CarrierMeta): PaymentauthResponseLike;
+    validateConstraints(carrier: PeacEvidenceCarrier, meta: CarrierMeta): CarrierValidationResult;
+}
+//# sourceMappingURL=carrier.d.ts.map

package/dist/carrier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"carrier.d.ts","sourceRoot":"","sources":["../src/carrier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EACV,mBAAmB,EACnB,WAAW,EACX,uBAAuB,EACvB,cAAc,EACf,MAAM,cAAc,CAAC;AActB,sEAAsE;AACtE,eAAO,MAAM,0BAA0B;;;CAG7B,CAAC;AAMX,wBAAwB;AACxB,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE1D,6CAA6C;AAC7C,MAAM,WAAW,uBAAuB;IACtC,OAAO,CAAC,EAAE,oBAAoB,CAAC;IAC/B,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChC;AAED,wBAAwB;AACxB,MAAM,WAAW,wBAAwB;IACvC,QAAQ,EAAE,mBAAmB,EAAE,CAAC;IAChC,IAAI,EAAE,WAAW,CAAC;IAClB;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,8BAA8B;AAC9B,MAAM,WAAW,6BAA8B,SAAQ,wBAAwB;IAC7E,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AA2BD;;;;;;GAMG;AACH,wBAAgB,iCAAiC,CAC/C,OAAO,EAAE,oBAAoB,EAC7B,OAAO,EAAE,mBAAmB,GAC3B,oBAAoB,CAStB;AAMD;;;;;;GAMG;AACH,wBAAgB,oCAAoC,CAClD,OAAO,EAAE,oBAAoB,GAC5B,wBAAwB,GAAG,IAAI,CA0BjC;AAED;;;;GAIG;AACH,wBAAsB,yCAAyC,CAC7D,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,6BAA6B,GAAG,IAAI,CAAC,CAuB/C;AAMD;;;;;GAKG;AACH,qBAAa,yBAA0B,YAAW,cAAc,CAC9D,uBAAuB,EACvB,uBAAuB,CACxB;IACC,OAAO,CACL,KAAK,EAAE,uBAAuB,GAC7B;QAAE,QAAQ,EAAE,mBAAmB,EAAE,CAAC;QAAC,IAAI,EAAE,WAAW,CAAA;KAAE,GAAG,IAAI;IAKhE,MAAM,CACJ,MAAM,EAAE,uBAAuB,EAC/B,QAAQ,EAAE,mBAAmB,EAAE,EAC/B,IAAI,CAAC,EAAE,WAAW,GACjB,uBAAuB;IAsB1B,mBAAmB,CAAC,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,WAAW,GAAG,uBAAuB;CAG9F"}

package/dist/carrier.js

@@ -0,0 +1,169 @@
+"use strict";
+/**
+ * Paymentauth carrier adapter for Evidence Carrier Contract.
+ *
+ * Header-only embed transport via PEAC-Receipt (compact JWS).
+ * All size limits enforce the 8 KB header ceiling (HTTP transport).
+ *
+ * receipt_ref is computed from the raw upstream artifact actually received
+ * (the literal Payment-Receipt header value), NOT assumed to be a JWS.
+ *
+ * Co-existence: PEAC PEAC-Receipt and paymentauth Payment-Receipt can
+ * appear on the same HTTP response. They serve different purposes:
+ * - PEAC-Receipt: signed PEAC interaction record (compact JWS)
+ * - Payment-Receipt: paymentauth payment receipt (base64url JSON)
+ * No semantic coupling is implied between them.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PaymentauthCarrierAdapter = exports.PAYMENTAUTH_CARRIER_LIMITS = void 0;
+exports.attachCarrierToPaymentauthHeaders = attachCarrierToPaymentauthHeaders;
+exports.extractCarrierFromPaymentauthHeaders = extractCarrierFromPaymentauthHeaders;
+exports.extractCarrierFromPaymentauthHeadersAsync = extractCarrierFromPaymentauthHeadersAsync;
+const kernel_1 = require("@peac/kernel");
+const schema_1 = require("@peac/schema");
+const constants_js_1 = require("./constants.js");
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+/** Paymentauth carrier size limits (HTTP header transport ceiling) */
+exports.PAYMENTAUTH_CARRIER_LIMITS = {
+    embed: schema_1.CARRIER_TRANSPORT_LIMITS.acp_embed,
+    headers: schema_1.CARRIER_TRANSPORT_LIMITS.acp_headers,
+};
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function defaultMeta() {
+    return {
+        transport: 'paymentauth',
+        format: 'embed',
+        max_size: exports.PAYMENTAUTH_CARRIER_LIMITS.headers,
+    };
+}
+/** Case-insensitive header lookup (RFC 9110) */
+function findHeader(headers, target) {
+    const targetLower = target.toLowerCase();
+    const key = Object.keys(headers).find((k) => k.toLowerCase() === targetLower);
+    if (!key)
+        return null;
+    const value = headers[key];
+    return value && value.length > 0 ? value : null;
+}
+// ---------------------------------------------------------------------------
+// Attach
+// ---------------------------------------------------------------------------
+/**
+ * Attach PEAC carrier to paymentauth response headers.
+ *
+ * Sets PEAC-Receipt header with compact JWS. This is the PEAC evidence
+ * carrier; it coexists with (but is independent of) the paymentauth
+ * Payment-Receipt header.
+ */
+function attachCarrierToPaymentauthHeaders(headers, carrier) {
+    if (!carrier.receipt_jws) {
+        throw new Error('Paymentauth carrier requires receipt_jws (embed format)');
+    }
+    headers[kernel_1.PEAC_RECEIPT_HEADER] = carrier.receipt_jws;
+    if (carrier.receipt_url) {
+        headers[kernel_1.PEAC_RECEIPT_URL_HEADER] = carrier.receipt_url;
+    }
+    return headers;
+}
+// ---------------------------------------------------------------------------
+// Extract
+// ---------------------------------------------------------------------------
+/**
+ * Extract PEAC carrier from paymentauth response headers (sync).
+ *
+ * Reads PEAC-Receipt header for compact JWS. Also captures the raw
+ * Payment-Receipt header value if present (upstream artifact, NOT
+ * stored in receipt_jws).
+ */
+function extractCarrierFromPaymentauthHeaders(headers) {
+    const jws = findHeader(headers, kernel_1.PEAC_RECEIPT_HEADER);
+    if (!jws)
+        return null;
+    const carrier = {
+        receipt_ref: 'sha256:0000000000000000000000000000000000000000000000000000000000000000',
+        receipt_jws: jws,
+    };
+    const receiptUrl = findHeader(headers, kernel_1.PEAC_RECEIPT_URL_HEADER);
+    if (receiptUrl) {
+        carrier.receipt_url = receiptUrl;
+    }
+    // Capture raw Payment-Receipt header if present (upstream artifact)
+    const rawPaymentReceipt = findHeader(headers, constants_js_1.PAYMENT_RECEIPT_HEADER);
+    return {
+        receipts: [carrier],
+        meta: {
+            ...defaultMeta(),
+            redaction: ['receipt_ref_pending_async'],
+        },
+        rawPaymentReceipt: rawPaymentReceipt ?? undefined,
+    };
+}
+/**
+ * Extract PEAC carrier from paymentauth response headers (async).
+ *
+ * Computes receipt_ref from the PEAC-Receipt JWS.
+ */
+async function extractCarrierFromPaymentauthHeadersAsync(headers) {
+    const jws = findHeader(headers, kernel_1.PEAC_RECEIPT_HEADER);
+    if (!jws)
+        return null;
+    const ref = await (0, schema_1.computeReceiptRef)(jws);
+    const carrier = {
+        receipt_ref: ref,
+        receipt_jws: jws,
+    };
+    const receiptUrl = findHeader(headers, kernel_1.PEAC_RECEIPT_URL_HEADER);
+    if (receiptUrl) {
+        carrier.receipt_url = receiptUrl;
+    }
+    const rawPaymentReceipt = findHeader(headers, constants_js_1.PAYMENT_RECEIPT_HEADER);
+    return {
+        receipts: [carrier],
+        meta: defaultMeta(),
+        violations: [],
+        rawPaymentReceipt: rawPaymentReceipt ?? undefined,
+    };
+}
+// ---------------------------------------------------------------------------
+// PaymentauthCarrierAdapter
+// ---------------------------------------------------------------------------
+/**
+ * CarrierAdapter implementation for paymentauth HTTP responses.
+ *
+ * Extracts PEAC-Receipt from response headers. Attaches PEAC-Receipt
+ * to response headers. Enforces 8 KB header size limits.
+ */
+class PaymentauthCarrierAdapter {
+    extract(input) {
+        if (!input.headers)
+            return null;
+        return extractCarrierFromPaymentauthHeaders(input.headers);
+    }
+    attach(output, carriers, meta) {
+        if (carriers.length === 0)
+            return output;
+        const carrier = carriers[0];
+        if (!carrier.receipt_jws) {
+            throw new Error('Paymentauth carrier requires receipt_jws (embed format)');
+        }
+        const effectiveMeta = meta ?? defaultMeta();
+        const validation = (0, schema_1.validateCarrierConstraints)(carrier, effectiveMeta);
+        if (!validation.valid) {
+            throw new Error(`Carrier constraint violation: ${validation.violations.join('; ')}`);
+        }
+        if (!output.headers) {
+            output.headers = {};
+        }
+        attachCarrierToPaymentauthHeaders(output.headers, carrier);
+        return output;
+    }
+    validateConstraints(carrier, meta) {
+        return (0, schema_1.validateCarrierConstraints)(carrier, meta);
+    }
+}
+exports.PaymentauthCarrierAdapter = PaymentauthCarrierAdapter;
+//# sourceMappingURL=carrier.js.map

package/dist/carrier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"carrier.js","sourceRoot":"","sources":["../src/carrier.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;AAyFH,8EAYC;AAaD,oFA4BC;AAOD,8FAyBC;AAtKD,yCAA4E;AAC5E,yCAIsB;AAEtB,iDAAwD;AAExD,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,sEAAsE;AACzD,QAAA,0BAA0B,GAAG;IACxC,KAAK,EAAE,iCAAwB,CAAC,SAAS;IACzC,OAAO,EAAE,iCAAwB,CAAC,WAAW;CACrC,CAAC;AAgCX,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,WAAW;IAClB,OAAO;QACL,SAAS,EAAE,aAAa;QACxB,MAAM,EAAE,OAAO;QACf,QAAQ,EAAE,kCAA0B,CAAC,OAAO;KAC7C,CAAC;AACJ,CAAC;AAED,gDAAgD;AAChD,SAAS,UAAU,CAAC,OAA6B,EAAE,MAAc;IAC/D,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IACzC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,WAAW,CAAC,CAAC;IAC9E,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAC3B,OAAO,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AAClD,CAAC;AAED,8EAA8E;AAC9E,SAAS;AACT,8EAA8E;AAE9E;;;;;;GAMG;AACH,SAAgB,iCAAiC,CAC/C,OAA6B,EAC7B,OAA4B;IAE5B,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,CAAC,4BAAmB,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC;IACnD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,OAAO,CAAC,gCAAuB,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC;IACzD,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E;;;;;;GAMG;AACH,SAAgB,oCAAoC,CAClD,OAA6B;IAE7B,MAAM,GAAG,GAAG,UAAU,CAAC,OAAO,EAAE,4BAAmB,CAAC,CAAC;IACrD,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,MAAM,OAAO,GAAwB;QACnC,WAAW,EACT,yEAA+G;QACjH,WAAW,EAAE,GAAG;KACjB,CAAC;IAEF,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,EAAE,gCAAuB,CAAC,CAAC;IAChE,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,CAAC,WAAW,GAAG,UAAU,CAAC;IACnC,CAAC;IAED,oEAAoE;IACpE,MAAM,iBAAiB,GAAG,UAAU,CAAC,OAAO,EAAE,qCAAsB,CAAC,CAAC;IAEtE,OAAO;QACL,QAAQ,EAAE,CAAC,OAAO,CAAC;QACnB,IAAI,EAAE;YACJ,GAAG,WAAW,EAAE;YAChB,SAAS,EAAE,CAAC,2BAA2B,CAAC;SACzC;QACD,iBAAiB,EAAE,iBAAiB,IAAI,SAAS;KAClD,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,yCAAyC,CAC7D,OAA6B;IAE7B,MAAM,GAAG,GAAG,UAAU,CAAC,OAAO,EAAE,4BAAmB,CAAC,CAAC;IACrD,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,MAAM,GAAG,GAAG,MAAM,IAAA,0BAAiB,EAAC,GAAG,CAAC,CAAC;IACzC,MAAM,OAAO,GAAwB;QACnC,WAAW,EAAE,GAAG;QAChB,WAAW,EAAE,GAAG;KACjB,CAAC;IAEF,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,EAAE,gCAAuB,CAAC,CAAC;IAChE,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,CAAC,WAAW,GAAG,UAAU,CAAC;IACnC,CAAC;IAED,MAAM,iBAAiB,GAAG,UAAU,CAAC,OAAO,EAAE,qCAAsB,CAAC,CAAC;IAEtE,OAAO;QACL,QAAQ,EAAE,CAAC,OAAO,CAAC;QACnB,IAAI,EAAE,WAAW,EAAE;QACnB,UAAU,EAAE,EAAE;QACd,iBAAiB,EAAE,iBAAiB,IAAI,SAAS;KAClD,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAa,yBAAyB;IAIpC,OAAO,CACL,KAA8B;QAE9B,IAAI,CAAC,KAAK,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAChC,OAAO,oCAAoC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,CACJ,MAA+B,EAC/B,QAA+B,EAC/B,IAAkB;QAElB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,MAAM,CAAC;QAEzC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,IAAI,WAAW,EAAE,CAAC;QAC5C,MAAM,UAAU,GAAG,IAAA,mCAA0B,EAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACtE,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,iCAAiC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvF,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,CAAC,OAAO,GAAG,EAAE,CAAC;QACtB,CAAC;QACD,iCAAiC,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAE3D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,mBAAmB,CAAC,OAA4B,EAAE,IAAiB;QACjE,OAAO,IAAA,mCAA0B,EAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IACnD,CAAC;CACF;AAxCD,8DAwCC"}

package/dist/constants.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Constants for paymentauth/MPP mapping.
+ *
+ * The normative HTTP authentication scheme name is "Payment".
+ * "paymentauth" is the PEAC registry identifier.
+ * "MPP" is ecosystem branding and not used as a protocol identifier.
+ */
+/** HTTP authentication scheme name (normative per draft-ryan-httpauth-payment) */
+export declare const PAYMENTAUTH_SCHEME: "Payment";
+/** WWW-Authenticate header name */
+export declare const WWW_AUTHENTICATE: "WWW-Authenticate";
+/** Authorization header name */
+export declare const AUTHORIZATION: "Authorization";
+/** Payment-Receipt response header name */
+export declare const PAYMENT_RECEIPT_HEADER: "Payment-Receipt";
+/** Maximum header byte length (8 KB per paymentauth size considerations, Section 9.4) */
+export declare const MAX_HEADER_BYTES = 8192;
+/** Maximum decoded payload byte length */
+export declare const MAX_DECODED_PAYLOAD_BYTES = 65536;
+/** Maximum JSON nesting depth for decoded payloads */
+export declare const MAX_JSON_NESTING_DEPTH = 10;
+/** Maximum auth-param count per challenge */
+export declare const MAX_AUTH_PARAMS = 32;
+/** PEAC payment rail identifier for paymentauth */
+export declare const PAYMENTAUTH_RAIL: "paymentauth";
+/** JSON-RPC error code: Payment Required */
+export declare const JSONRPC_PAYMENT_REQUIRED = -32042;
+/** JSON-RPC error code: Verification Failed */
+export declare const JSONRPC_VERIFICATION_FAILED = -32043;
+/** MCP _meta key for paymentauth credential */
+export declare const MCP_META_CREDENTIAL: "org.paymentauth/credential";
+/** MCP _meta key for paymentauth receipt */
+export declare const MCP_META_RECEIPT: "org.paymentauth/receipt";
+//# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,kFAAkF;AAClF,eAAO,MAAM,kBAAkB,EAAG,SAAkB,CAAC;AAErD,mCAAmC;AACnC,eAAO,MAAM,gBAAgB,EAAG,kBAA2B,CAAC;AAE5D,gCAAgC;AAChC,eAAO,MAAM,aAAa,EAAG,eAAwB,CAAC;AAEtD,2CAA2C;AAC3C,eAAO,MAAM,sBAAsB,EAAG,iBAA0B,CAAC;AAMjE,yFAAyF;AACzF,eAAO,MAAM,gBAAgB,OAAQ,CAAC;AAEtC,0CAA0C;AAC1C,eAAO,MAAM,yBAAyB,QAAS,CAAC;AAEhD,sDAAsD;AACtD,eAAO,MAAM,sBAAsB,KAAK,CAAC;AAEzC,6CAA6C;AAC7C,eAAO,MAAM,eAAe,KAAK,CAAC;AAElC,mDAAmD;AACnD,eAAO,MAAM,gBAAgB,EAAG,aAAsB,CAAC;AAMvD,4CAA4C;AAC5C,eAAO,MAAM,wBAAwB,SAAS,CAAC;AAE/C,+CAA+C;AAC/C,eAAO,MAAM,2BAA2B,SAAS,CAAC;AAMlD,+CAA+C;AAC/C,eAAO,MAAM,mBAAmB,EAAG,4BAAqC,CAAC;AAEzE,4CAA4C;AAC5C,eAAO,MAAM,gBAAgB,EAAG,yBAAkC,CAAC"}

package/dist/constants.js

@@ -0,0 +1,46 @@
+"use strict";
+/**
+ * Constants for paymentauth/MPP mapping.
+ *
+ * The normative HTTP authentication scheme name is "Payment".
+ * "paymentauth" is the PEAC registry identifier.
+ * "MPP" is ecosystem branding and not used as a protocol identifier.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MCP_META_RECEIPT = exports.MCP_META_CREDENTIAL = exports.JSONRPC_VERIFICATION_FAILED = exports.JSONRPC_PAYMENT_REQUIRED = exports.PAYMENTAUTH_RAIL = exports.MAX_AUTH_PARAMS = exports.MAX_JSON_NESTING_DEPTH = exports.MAX_DECODED_PAYLOAD_BYTES = exports.MAX_HEADER_BYTES = exports.PAYMENT_RECEIPT_HEADER = exports.AUTHORIZATION = exports.WWW_AUTHENTICATE = exports.PAYMENTAUTH_SCHEME = void 0;
+/** HTTP authentication scheme name (normative per draft-ryan-httpauth-payment) */
+exports.PAYMENTAUTH_SCHEME = 'Payment';
+/** WWW-Authenticate header name */
+exports.WWW_AUTHENTICATE = 'WWW-Authenticate';
+/** Authorization header name */
+exports.AUTHORIZATION = 'Authorization';
+/** Payment-Receipt response header name */
+exports.PAYMENT_RECEIPT_HEADER = 'Payment-Receipt';
+// ---------------------------------------------------------------------------
+// Parser Limits (security hardening)
+// ---------------------------------------------------------------------------
+/** Maximum header byte length (8 KB per paymentauth size considerations, Section 9.4) */
+exports.MAX_HEADER_BYTES = 8_192;
+/** Maximum decoded payload byte length */
+exports.MAX_DECODED_PAYLOAD_BYTES = 65_536;
+/** Maximum JSON nesting depth for decoded payloads */
+exports.MAX_JSON_NESTING_DEPTH = 10;
+/** Maximum auth-param count per challenge */
+exports.MAX_AUTH_PARAMS = 32;
+/** PEAC payment rail identifier for paymentauth */
+exports.PAYMENTAUTH_RAIL = 'paymentauth';
+// ---------------------------------------------------------------------------
+// JSON-RPC Error Codes (draft-payment-transport-mcp-00)
+// ---------------------------------------------------------------------------
+/** JSON-RPC error code: Payment Required */
+exports.JSONRPC_PAYMENT_REQUIRED = -32042;
+/** JSON-RPC error code: Verification Failed */
+exports.JSONRPC_VERIFICATION_FAILED = -32043;
+// ---------------------------------------------------------------------------
+// MCP _meta Keys (draft-payment-transport-mcp-00)
+// ---------------------------------------------------------------------------
+/** MCP _meta key for paymentauth credential */
+exports.MCP_META_CREDENTIAL = 'org.paymentauth/credential';
+/** MCP _meta key for paymentauth receipt */
+exports.MCP_META_RECEIPT = 'org.paymentauth/receipt';
+//# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAEH,kFAAkF;AACrE,QAAA,kBAAkB,GAAG,SAAkB,CAAC;AAErD,mCAAmC;AACtB,QAAA,gBAAgB,GAAG,kBAA2B,CAAC;AAE5D,gCAAgC;AACnB,QAAA,aAAa,GAAG,eAAwB,CAAC;AAEtD,2CAA2C;AAC9B,QAAA,sBAAsB,GAAG,iBAA0B,CAAC;AAEjE,8EAA8E;AAC9E,qCAAqC;AACrC,8EAA8E;AAE9E,yFAAyF;AAC5E,QAAA,gBAAgB,GAAG,KAAK,CAAC;AAEtC,0CAA0C;AAC7B,QAAA,yBAAyB,GAAG,MAAM,CAAC;AAEhD,sDAAsD;AACzC,QAAA,sBAAsB,GAAG,EAAE,CAAC;AAEzC,6CAA6C;AAChC,QAAA,eAAe,GAAG,EAAE,CAAC;AAElC,mDAAmD;AACtC,QAAA,gBAAgB,GAAG,aAAsB,CAAC;AAEvD,8EAA8E;AAC9E,wDAAwD;AACxD,8EAA8E;AAE9E,4CAA4C;AAC/B,QAAA,wBAAwB,GAAG,CAAC,KAAK,CAAC;AAE/C,+CAA+C;AAClC,QAAA,2BAA2B,GAAG,CAAC,KAAK,CAAC;AAElD,8EAA8E;AAC9E,kDAAkD;AAClD,8EAA8E;AAE9E,+CAA+C;AAClC,QAAA,mBAAmB,GAAG,4BAAqC,CAAC;AAEzE,4CAA4C;AAC/B,QAAA,gBAAgB,GAAG,yBAAkC,CAAC"}

package/dist/discovery.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Paymentauth discovery extraction from OpenAPI documents.
+ *
+ * Parses x-service-info and x-payment-info extensions per
+ * draft-payment-discovery-00. Pure extraction; no network I/O.
+ *
+ * The OpenAPI document is useful for discovery, but the live 402
+ * challenge is always authoritative (per discovery spec).
+ */
+import type { PaymentauthServiceInfo, PaymentauthPaymentInfo } from './types.js';
+/**
+ * Extract x-service-info from an OpenAPI document root.
+ *
+ * Returns null if the extension is absent or malformed.
+ */
+export declare function extractServiceInfo(openapiDoc: unknown): PaymentauthServiceInfo | null;
+/**
+ * Extract x-payment-info from an OpenAPI operation.
+ *
+ * Returns null if the extension is absent or malformed.
+ */
+export declare function extractPaymentInfo(operation: unknown): PaymentauthPaymentInfo | null;
+//# sourceMappingURL=discovery.d.ts.map

package/dist/discovery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../src/discovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,sBAAsB,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAEjF;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,OAAO,GAAG,sBAAsB,GAAG,IAAI,CA2BrF;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,OAAO,GAAG,sBAAsB,GAAG,IAAI,CAuBpF"}