npm - @peac/mappings-paymentauth - Versions diffs - 0.12.4 - Mend

@peac/mappings-paymentauth 0.12.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/dist/parse.d.ts ADDED Viewed

@@ -0,0 +1,70 @@
+/**
+ * Paymentauth header parsing: envelope-first, raw + normalized.
+ *
+ * Parses WWW-Authenticate: Payment challenges, Authorization: Payment
+ * credentials, and Payment-Receipt headers per draft-ryan-httpauth-payment-01.
+ *
+ * SECURITY:
+ * - Raw header values MUST NOT appear in thrown errors or debug output
+ * - Parser limits enforced: header size, param count, payload size, JSON depth
+ * - Decoded bytes preserved alongside strings for non-UTF-8 safety
+ * - Method-specific payloads typed as `unknown`; no eager interpretation
+ */
+import type { RawPaymentauthChallenge, RawPaymentauthCredential, RawPaymentauthReceipt, NormalizedPaymentauthChallenge, NormalizedPaymentauthCredential, NormalizedPaymentauthReceipt } from './types.js';
+/**
+ * Redact a paymentauth header value for safe logging.
+ *
+ * Preserves the scheme name and challenge id (if present) but replaces
+ * credential/receipt payload with "[REDACTED]".
+ */
+export declare function redactPaymentauthHeader(header: string): string;
+/**
+ * Parse paymentauth challenges from WWW-Authenticate header value.
+ *
+ * Parses the FIRST Payment challenge from a WWW-Authenticate header value.
+ *
+ * NOTE: RFC 9110 allows multiple challenges per header line (Section 7.3),
+ * but robust multi-challenge splitting requires a full quote-aware tokenizer.
+ * This parser extracts the first Payment challenge reliably. For headers
+ * with multiple Payment challenges, use separate WWW-Authenticate header
+ * lines (one challenge per line) which is the recommended interoperability
+ * approach per RFC 9110.
+ *
+ * Returns an array for forward compatibility; currently contains at most
+ * one challenge.
+ */
+export declare function parsePaymentauthChallenges(wwwAuthenticate: string): RawPaymentauthChallenge[];
+/**
+ * Parse paymentauth credential from Authorization header value.
+ *
+ * Format: "Payment <base64url-nopad>" (Section 5.2)
+ */
+export declare function parsePaymentauthCredential(authorization: string): RawPaymentauthCredential;
+/**
+ * Parse paymentauth receipt from Payment-Receipt header value.
+ *
+ * Format: base64url-nopad (Section 5.3)
+ */
+export declare function parsePaymentauthReceipt(headerValue: string): RawPaymentauthReceipt;
+/**
+ * Normalize a raw challenge into a stable PEAC-facing projection.
+ *
+ * Requires id, realm, method, intent, request (common envelope).
+ * All other params are optional.
+ */
+export declare function normalizeChallenge(raw: RawPaymentauthChallenge): NormalizedPaymentauthChallenge;
+/**
+ * Normalize a raw credential into a stable PEAC-facing projection.
+ *
+ * Extracts challenge.id, method, intent, and source from the decoded JSON
+ * if it is object-shaped. Method-specific payload remains `unknown`.
+ */
+export declare function normalizeCredential(raw: RawPaymentauthCredential): NormalizedPaymentauthCredential;
+/**
+ * Normalize a raw receipt into a stable PEAC-facing projection.
+ *
+ * Extracts status, method, timestamp, reference from decoded JSON.
+ * All other fields go into extras.
+ */
+export declare function normalizeReceipt(raw: RawPaymentauthReceipt): NormalizedPaymentauthReceipt;
+//# sourceMappingURL=parse.d.ts.map

package/dist/parse.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parse.d.ts","sourceRoot":"","sources":["../src/parse.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAUH,OAAO,KAAK,EACV,uBAAuB,EACvB,wBAAwB,EACxB,qBAAqB,EACrB,8BAA8B,EAC9B,+BAA+B,EAC/B,4BAA4B,EAC7B,MAAM,YAAY,CAAC;AAMpB;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAa9D;AAgKD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,0BAA0B,CAAC,eAAe,EAAE,MAAM,GAAG,uBAAuB,EAAE,CA0B7F;AAED;;;;GAIG;AACH,wBAAgB,0BAA0B,CAAC,aAAa,EAAE,MAAM,GAAG,wBAAwB,CAsC1F;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,WAAW,EAAE,MAAM,GAAG,qBAAqB,CA4BlF;AAMD;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,uBAAuB,GAAG,8BAA8B,CAsC/F;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,wBAAwB,GAC5B,+BAA+B,CAmCjC;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,qBAAqB,GAAG,4BAA4B,CAgCzF"}

package/dist/parse.js ADDED Viewed

@@ -0,0 +1,399 @@
+"use strict";
+/**
+ * Paymentauth header parsing: envelope-first, raw + normalized.
+ *
+ * Parses WWW-Authenticate: Payment challenges, Authorization: Payment
+ * credentials, and Payment-Receipt headers per draft-ryan-httpauth-payment-01.
+ *
+ * SECURITY:
+ * - Raw header values MUST NOT appear in thrown errors or debug output
+ * - Parser limits enforced: header size, param count, payload size, JSON depth
+ * - Decoded bytes preserved alongside strings for non-UTF-8 safety
+ * - Method-specific payloads typed as `unknown`; no eager interpretation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.redactPaymentauthHeader = redactPaymentauthHeader;
+exports.parsePaymentauthChallenges = parsePaymentauthChallenges;
+exports.parsePaymentauthCredential = parsePaymentauthCredential;
+exports.parsePaymentauthReceipt = parsePaymentauthReceipt;
+exports.normalizeChallenge = normalizeChallenge;
+exports.normalizeCredential = normalizeCredential;
+exports.normalizeReceipt = normalizeReceipt;
+const constants_js_1 = require("./constants.js");
+const errors_js_1 = require("./errors.js");
+// ---------------------------------------------------------------------------
+// Redaction
+// ---------------------------------------------------------------------------
+/**
+ * Redact a paymentauth header value for safe logging.
+ *
+ * Preserves the scheme name and challenge id (if present) but replaces
+ * credential/receipt payload with "[REDACTED]".
+ */
+function redactPaymentauthHeader(header) {
+    if (!header)
+        return '[empty]';
+    const schemeEnd = header.indexOf(' ');
+    if (schemeEnd === -1)
+        return header;
+    const scheme = header.substring(0, schemeEnd);
+    // For challenges (WWW-Authenticate), try to preserve id param
+    const idMatch = header.match(/\bid="([^"]{1,64})"/);
+    if (idMatch) {
+        return `${scheme} id="${idMatch[1]}" [REDACTED]`;
+    }
+    return `${scheme} [REDACTED]`;
+}
+// ---------------------------------------------------------------------------
+// Base64url Helpers
+// ---------------------------------------------------------------------------
+/**
+ * Decode base64url without padding (RFC 4648 Section 5).
+ * Returns raw bytes as Uint8Array.
+ */
+function decodeBase64url(input) {
+    // Validate characters
+    if (!/^[A-Za-z0-9_-]*$/.test(input)) {
+        throw new errors_js_1.PaymentauthError('PARSE_INVALID_BASE64URL', 'Invalid base64url characters');
+    }
+    try {
+        // Add padding
+        const padded = input + '==='.slice(0, (4 - (input.length % 4)) % 4);
+        const standard = padded.replace(/-/g, '+').replace(/_/g, '/');
+        // Use Buffer in Node.js for predictable server-side behavior
+        if (typeof Buffer !== 'undefined') {
+            return new Uint8Array(Buffer.from(standard, 'base64'));
+        }
+        // Fallback to atob for non-Node environments
+        const binaryStr = atob(standard);
+        const bytes = new Uint8Array(binaryStr.length);
+        for (let i = 0; i < binaryStr.length; i++) {
+            bytes[i] = binaryStr.charCodeAt(i);
+        }
+        return bytes;
+    }
+    catch {
+        throw new errors_js_1.PaymentauthError('PARSE_INVALID_BASE64URL', 'Failed to decode base64url value');
+    }
+}
+/**
+ * Try to decode bytes as UTF-8 string.
+ * Returns null if bytes are not valid UTF-8.
+ */
+function tryDecodeUtf8(bytes) {
+    try {
+        const decoder = new TextDecoder('utf-8', { fatal: true });
+        return decoder.decode(bytes);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Try to parse a string as JSON with depth checking.
+ * Returns undefined on any failure.
+ */
+function tryParseJsonBounded(str, maxDepth) {
+    if (str.length > constants_js_1.MAX_DECODED_PAYLOAD_BYTES) {
+        return undefined;
+    }
+    try {
+        const parsed = JSON.parse(str);
+        if (!checkJsonDepth(parsed, maxDepth, 0)) {
+            return undefined;
+        }
+        return parsed;
+    }
+    catch {
+        return undefined;
+    }
+}
+function checkJsonDepth(value, maxDepth, current) {
+    if (current > maxDepth)
+        return false;
+    if (value === null || typeof value !== 'object')
+        return true;
+    if (Array.isArray(value)) {
+        return value.every((v) => checkJsonDepth(v, maxDepth, current + 1));
+    }
+    return Object.values(value).every((v) => checkJsonDepth(v, maxDepth, current + 1));
+}
+// ---------------------------------------------------------------------------
+// Auth-param Parsing (RFC 9110 Section 11)
+// ---------------------------------------------------------------------------
+/**
+ * Parse auth-params from a challenge string.
+ *
+ * Handles both token and quoted-string values per RFC 9110.
+ * Rejects duplicate params. Bounds-checks param count.
+ */
+function parseAuthParams(paramStr) {
+    const params = {};
+    let pos = 0;
+    let count = 0;
+    while (pos < paramStr.length) {
+        // Skip whitespace and commas
+        while (pos < paramStr.length && /[\s,]/.test(paramStr[pos]))
+            pos++;
+        if (pos >= paramStr.length)
+            break;
+        // Parse token (key)
+        const keyStart = pos;
+        while (pos < paramStr.length && /[A-Za-z0-9!#$%&'*+\-.^_`|~]/.test(paramStr[pos]))
+            pos++;
+        const key = paramStr.substring(keyStart, pos).toLowerCase();
+        if (!key)
+            break;
+        // Skip BWS = BWS
+        while (pos < paramStr.length && /\s/.test(paramStr[pos]))
+            pos++;
+        if (paramStr[pos] !== '=')
+            break;
+        pos++; // skip =
+        while (pos < paramStr.length && /\s/.test(paramStr[pos]))
+            pos++;
+        // Parse value: quoted-string or token
+        let value;
+        if (paramStr[pos] === '"') {
+            // Quoted string
+            pos++; // skip opening quote
+            let escaped = '';
+            while (pos < paramStr.length && paramStr[pos] !== '"') {
+                if (paramStr[pos] === '\\' && pos + 1 < paramStr.length) {
+                    pos++;
+                    escaped += paramStr[pos];
+                }
+                else {
+                    escaped += paramStr[pos];
+                }
+                pos++;
+            }
+            if (paramStr[pos] === '"')
+                pos++; // skip closing quote
+            value = escaped;
+        }
+        else {
+            // Token value
+            const valStart = pos;
+            while (pos < paramStr.length && !/[\s,]/.test(paramStr[pos]))
+                pos++;
+            value = paramStr.substring(valStart, pos);
+        }
+        count++;
+        if (count > constants_js_1.MAX_AUTH_PARAMS) {
+            throw new errors_js_1.PaymentauthError('PARSE_TOO_MANY_PARAMS', `Challenge exceeds maximum param count (${constants_js_1.MAX_AUTH_PARAMS})`);
+        }
+        if (key in params) {
+            throw new errors_js_1.PaymentauthError('PARSE_TOO_MANY_PARAMS', `Duplicate auth-param: ${key}`);
+        }
+        params[key] = value;
+    }
+    return params;
+}
+// ---------------------------------------------------------------------------
+// Challenge Parsing
+// ---------------------------------------------------------------------------
+/**
+ * Parse paymentauth challenges from WWW-Authenticate header value.
+ *
+ * Parses the FIRST Payment challenge from a WWW-Authenticate header value.
+ *
+ * NOTE: RFC 9110 allows multiple challenges per header line (Section 7.3),
+ * but robust multi-challenge splitting requires a full quote-aware tokenizer.
+ * This parser extracts the first Payment challenge reliably. For headers
+ * with multiple Payment challenges, use separate WWW-Authenticate header
+ * lines (one challenge per line) which is the recommended interoperability
+ * approach per RFC 9110.
+ *
+ * Returns an array for forward compatibility; currently contains at most
+ * one challenge.
+ */
+function parsePaymentauthChallenges(wwwAuthenticate) {
+    const headerBytes = new TextEncoder().encode(wwwAuthenticate);
+    if (headerBytes.length > constants_js_1.MAX_HEADER_BYTES) {
+        throw new errors_js_1.PaymentauthError('PARSE_HEADER_TOO_LARGE', `Header exceeds ${constants_js_1.MAX_HEADER_BYTES} bytes`);
+    }
+    // Find the first "Payment " occurrence (case-insensitive per RFC 9110)
+    const schemePattern = new RegExp(`\\b${constants_js_1.PAYMENTAUTH_SCHEME}\\s+`, 'i');
+    const match = schemePattern.exec(wwwAuthenticate);
+    if (!match)
+        return [];
+    const paramStart = match.index + match[0].length;
+    const paramStr = wwwAuthenticate.substring(paramStart).trim();
+    const params = parseAuthParams(paramStr);
+    return [
+        {
+            rawHeader: wwwAuthenticate,
+            rawSegment: wwwAuthenticate.substring(match.index),
+            params,
+        },
+    ];
+}
+/**
+ * Parse paymentauth credential from Authorization header value.
+ *
+ * Format: "Payment <base64url-nopad>" (Section 5.2)
+ */
+function parsePaymentauthCredential(authorization) {
+    const headerBytes = new TextEncoder().encode(authorization);
+    if (headerBytes.length > constants_js_1.MAX_HEADER_BYTES) {
+        throw new errors_js_1.PaymentauthError('PARSE_HEADER_TOO_LARGE', `Header exceeds ${constants_js_1.MAX_HEADER_BYTES} bytes`);
+    }
+    // RFC 9110: authentication scheme tokens are case-insensitive
+    const schemePrefixLen = constants_js_1.PAYMENTAUTH_SCHEME.length + 1; // "Payment "
+    const headerPrefix = authorization.substring(0, schemePrefixLen);
+    if (headerPrefix.toLowerCase() !== `${constants_js_1.PAYMENTAUTH_SCHEME.toLowerCase()} `) {
+        throw new errors_js_1.PaymentauthError('PARSE_MISSING_SCHEME', `Expected "${constants_js_1.PAYMENTAUTH_SCHEME}" scheme prefix (case-insensitive)`);
+    }
+    const rawValue = authorization.substring(schemePrefixLen).trim();
+    if (!rawValue) {
+        throw new errors_js_1.PaymentauthError('PARSE_INVALID_BASE64URL', 'Empty credential value');
+    }
+    const decodedBytes = decodeBase64url(rawValue);
+    if (decodedBytes.length > constants_js_1.MAX_DECODED_PAYLOAD_BYTES) {
+        throw new errors_js_1.PaymentauthError('PARSE_PAYLOAD_TOO_LARGE', `Decoded payload exceeds ${constants_js_1.MAX_DECODED_PAYLOAD_BYTES} bytes`);
+    }
+    const decodedString = tryDecodeUtf8(decodedBytes);
+    const parsedJson = decodedString
+        ? tryParseJsonBounded(decodedString, constants_js_1.MAX_JSON_NESTING_DEPTH)
+        : undefined;
+    return { rawValue, decodedBytes, decodedString, parsedJson };
+}
+/**
+ * Parse paymentauth receipt from Payment-Receipt header value.
+ *
+ * Format: base64url-nopad (Section 5.3)
+ */
+function parsePaymentauthReceipt(headerValue) {
+    const headerBytes = new TextEncoder().encode(headerValue);
+    if (headerBytes.length > constants_js_1.MAX_HEADER_BYTES) {
+        throw new errors_js_1.PaymentauthError('PARSE_HEADER_TOO_LARGE', `Header exceeds ${constants_js_1.MAX_HEADER_BYTES} bytes`);
+    }
+    const rawValue = headerValue.trim();
+    if (!rawValue) {
+        throw new errors_js_1.PaymentauthError('PARSE_INVALID_BASE64URL', 'Empty receipt value');
+    }
+    const decodedBytes = decodeBase64url(rawValue);
+    if (decodedBytes.length > constants_js_1.MAX_DECODED_PAYLOAD_BYTES) {
+        throw new errors_js_1.PaymentauthError('PARSE_PAYLOAD_TOO_LARGE', `Decoded payload exceeds ${constants_js_1.MAX_DECODED_PAYLOAD_BYTES} bytes`);
+    }
+    const decodedString = tryDecodeUtf8(decodedBytes);
+    const parsedJson = decodedString
+        ? tryParseJsonBounded(decodedString, constants_js_1.MAX_JSON_NESTING_DEPTH)
+        : undefined;
+    return { rawValue, decodedBytes, decodedString, parsedJson };
+}
+// ---------------------------------------------------------------------------
+// Normalization
+// ---------------------------------------------------------------------------
+/**
+ * Normalize a raw challenge into a stable PEAC-facing projection.
+ *
+ * Requires id, realm, method, intent, request (common envelope).
+ * All other params are optional.
+ */
+function normalizeChallenge(raw) {
+    const { params } = raw;
+    const required = ['id', 'realm', 'method', 'intent', 'request'];
+    for (const key of required) {
+        if (!params[key]) {
+            throw new errors_js_1.PaymentauthError('NORMALIZE_MISSING_FIELD', `Missing required challenge param: ${key}`);
+        }
+    }
+    // Decode the request param (base64url JSON)
+    let decodedRequest;
+    try {
+        const requestBytes = decodeBase64url(params.request);
+        const requestStr = tryDecodeUtf8(requestBytes);
+        decodedRequest = requestStr
+            ? tryParseJsonBounded(requestStr, constants_js_1.MAX_JSON_NESTING_DEPTH)
+            : undefined;
+    }
+    catch {
+        decodedRequest = undefined;
+    }
+    return {
+        id: params.id,
+        realm: params.realm,
+        method: params.method,
+        intent: params.intent,
+        requestRaw: params.request,
+        decodedRequest,
+        expires: params.expires,
+        digest: params.digest,
+        description: params.description,
+        opaque: params.opaque,
+        _raw: raw,
+    };
+}
+/**
+ * Normalize a raw credential into a stable PEAC-facing projection.
+ *
+ * Extracts challenge.id, method, intent, and source from the decoded JSON
+ * if it is object-shaped. Method-specific payload remains `unknown`.
+ */
+function normalizeCredential(raw) {
+    const obj = raw.parsedJson;
+    if (!obj || typeof obj !== 'object' || Array.isArray(obj)) {
+        throw new errors_js_1.PaymentauthError('NORMALIZE_MISSING_FIELD', 'Credential decoded JSON is not an object');
+    }
+    const cred = obj;
+    const challenge = cred.challenge;
+    if (!challenge || typeof challenge !== 'object') {
+        throw new errors_js_1.PaymentauthError('NORMALIZE_MISSING_FIELD', 'Credential missing challenge object');
+    }
+    // Require essential envelope fields; do not coerce missing to empty string
+    if (typeof challenge.id !== 'string' || !challenge.id) {
+        throw new errors_js_1.PaymentauthError('NORMALIZE_MISSING_FIELD', 'Credential challenge.id is missing');
+    }
+    if (typeof challenge.method !== 'string' || !challenge.method) {
+        throw new errors_js_1.PaymentauthError('NORMALIZE_MISSING_FIELD', 'Credential challenge.method is missing');
+    }
+    if (typeof challenge.intent !== 'string' || !challenge.intent) {
+        throw new errors_js_1.PaymentauthError('NORMALIZE_MISSING_FIELD', 'Credential challenge.intent is missing');
+    }
+    return {
+        challengeId: challenge.id,
+        method: challenge.method,
+        intent: challenge.intent,
+        source: typeof cred.source === 'string' ? cred.source : undefined,
+        payload: cred.payload,
+        _raw: raw,
+    };
+}
+/**
+ * Normalize a raw receipt into a stable PEAC-facing projection.
+ *
+ * Extracts status, method, timestamp, reference from decoded JSON.
+ * All other fields go into extras.
+ */
+function normalizeReceipt(raw) {
+    const obj = raw.parsedJson;
+    if (!obj || typeof obj !== 'object' || Array.isArray(obj)) {
+        throw new errors_js_1.PaymentauthError('NORMALIZE_MISSING_FIELD', 'Receipt decoded JSON is not an object');
+    }
+    const receipt = obj;
+    const knownKeys = new Set(['status', 'method', 'timestamp', 'reference']);
+    const extras = {};
+    for (const [key, value] of Object.entries(receipt)) {
+        if (!knownKeys.has(key)) {
+            extras[key] = value;
+        }
+    }
+    // Require essential receipt envelope fields
+    if (typeof receipt.status !== 'string' || !receipt.status) {
+        throw new errors_js_1.PaymentauthError('NORMALIZE_MISSING_FIELD', 'Receipt status is missing');
+    }
+    if (typeof receipt.method !== 'string' || !receipt.method) {
+        throw new errors_js_1.PaymentauthError('NORMALIZE_MISSING_FIELD', 'Receipt method is missing');
+    }
+    return {
+        status: receipt.status,
+        method: receipt.method,
+        timestamp: typeof receipt.timestamp === 'string' ? receipt.timestamp : undefined,
+        reference: typeof receipt.reference === 'string' ? receipt.reference : undefined,
+        extras,
+        _raw: raw,
+    };
+}
+//# sourceMappingURL=parse.js.map

package/dist/parse.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parse.js","sourceRoot":"","sources":["../src/parse.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;AA6BH,0DAaC;AA+KD,gEA0BC;AAOD,gEAsCC;AAOD,0DA4BC;AAYD,gDAsCC;AAQD,kDAqCC;AAQD,4CAgCC;AAxcD,iDAMwB;AACxB,2CAA+C;AAU/C,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E;;;;;GAKG;AACH,SAAgB,uBAAuB,CAAC,MAAc;IACpD,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IAC9B,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,SAAS,KAAK,CAAC,CAAC;QAAE,OAAO,MAAM,CAAC;IACpC,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAE9C,8DAA8D;IAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACpD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,GAAG,MAAM,QAAQ,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC;IACnD,CAAC;IAED,OAAO,GAAG,MAAM,aAAa,CAAC;AAChC,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;;GAGG;AACH,SAAS,eAAe,CAAC,KAAa;IACpC,sBAAsB;IACtB,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,4BAAgB,CAAC,yBAAyB,EAAE,8BAA8B,CAAC,CAAC;IACxF,CAAC;IAED,IAAI,CAAC;QACH,cAAc;QACd,MAAM,MAAM,GAAG,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACpE,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAE9D,6DAA6D;QAC7D,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;QACzD,CAAC;QAED,6CAA6C;QAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAC/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,KAAK,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,4BAAgB,CAAC,yBAAyB,EAAE,kCAAkC,CAAC,CAAC;IAC5F,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,KAAiB;IACtC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,GAAW,EAAE,QAAgB;IACxD,IAAI,GAAG,CAAC,MAAM,GAAG,wCAAyB,EAAE,CAAC;QAC3C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC,EAAE,CAAC;YACzC,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,KAAc,EAAE,QAAgB,EAAE,OAAe;IACvE,IAAI,OAAO,GAAG,QAAQ;QAAE,OAAO,KAAK,CAAC;IACrC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC;IACtE,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,KAAgC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CACjE,cAAc,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,GAAG,CAAC,CAAC,CACzC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,2CAA2C;AAC3C,8EAA8E;AAE9E;;;;;GAKG;AACH,SAAS,eAAe,CAAC,QAAgB;IACvC,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,KAAK,GAAG,CAAC,CAAC;IAEd,OAAO,GAAG,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC7B,6BAA6B;QAC7B,OAAO,GAAG,GAAG,QAAQ,CAAC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAAE,GAAG,EAAE,CAAC;QACnE,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM;YAAE,MAAM;QAElC,oBAAoB;QACpB,MAAM,QAAQ,GAAG,GAAG,CAAC;QACrB,OAAO,GAAG,GAAG,QAAQ,CAAC,MAAM,IAAI,6BAA6B,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAAE,GAAG,EAAE,CAAC;QACzF,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;QAC5D,IAAI,CAAC,GAAG;YAAE,MAAM;QAEhB,iBAAiB;QACjB,OAAO,GAAG,GAAG,QAAQ,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAAE,GAAG,EAAE,CAAC;QAChE,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,GAAG;YAAE,MAAM;QACjC,GAAG,EAAE,CAAC,CAAC,SAAS;QAChB,OAAO,GAAG,GAAG,QAAQ,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAAE,GAAG,EAAE,CAAC;QAEhE,sCAAsC;QACtC,IAAI,KAAa,CAAC;QAClB,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC;YAC1B,gBAAgB;YAChB,GAAG,EAAE,CAAC,CAAC,qBAAqB;YAC5B,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,OAAO,GAAG,GAAG,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC;gBACtD,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,IAAI,IAAI,GAAG,GAAG,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;oBACxD,GAAG,EAAE,CAAC;oBACN,OAAO,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAC3B,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAC3B,CAAC;gBACD,GAAG,EAAE,CAAC;YACR,CAAC;YACD,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,GAAG;gBAAE,GAAG,EAAE,CAAC,CAAC,qBAAqB;YACvD,KAAK,GAAG,OAAO,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,cAAc;YACd,MAAM,QAAQ,GAAG,GAAG,CAAC;YACrB,OAAO,GAAG,GAAG,QAAQ,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAAE,GAAG,EAAE,CAAC;YACpE,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC5C,CAAC;QAED,KAAK,EAAE,CAAC;QACR,IAAI,KAAK,GAAG,8BAAe,EAAE,CAAC;YAC5B,MAAM,IAAI,4BAAgB,CACxB,uBAAuB,EACvB,0CAA0C,8BAAe,GAAG,CAC7D,CAAC;QACJ,CAAC;QAED,IAAI,GAAG,IAAI,MAAM,EAAE,CAAC;YAClB,MAAM,IAAI,4BAAgB,CAAC,uBAAuB,EAAE,yBAAyB,GAAG,EAAE,CAAC,CAAC;QACtF,CAAC;QAED,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;;;;;;;;;;;;;GAcG;AACH,SAAgB,0BAA0B,CAAC,eAAuB;IAChE,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAC9D,IAAI,WAAW,CAAC,MAAM,GAAG,+BAAgB,EAAE,CAAC;QAC1C,MAAM,IAAI,4BAAgB,CACxB,wBAAwB,EACxB,kBAAkB,+BAAgB,QAAQ,CAC3C,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,MAAM,iCAAkB,MAAM,EAAE,GAAG,CAAC,CAAC;IACtE,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAClD,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IAEtB,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IACjD,MAAM,QAAQ,GAAG,eAAe,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC;IAE9D,MAAM,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IAEzC,OAAO;QACL;YACE,SAAS,EAAE,eAAe;YAC1B,UAAU,EAAE,eAAe,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC;YAClD,MAAM;SACP;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAgB,0BAA0B,CAAC,aAAqB;IAC9D,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAC5D,IAAI,WAAW,CAAC,MAAM,GAAG,+BAAgB,EAAE,CAAC;QAC1C,MAAM,IAAI,4BAAgB,CACxB,wBAAwB,EACxB,kBAAkB,+BAAgB,QAAQ,CAC3C,CAAC;IACJ,CAAC;IAED,8DAA8D;IAC9D,MAAM,eAAe,GAAG,iCAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,aAAa;IACpE,MAAM,YAAY,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;IACjE,IAAI,YAAY,CAAC,WAAW,EAAE,KAAK,GAAG,iCAAkB,CAAC,WAAW,EAAE,GAAG,EAAE,CAAC;QAC1E,MAAM,IAAI,4BAAgB,CACxB,sBAAsB,EACtB,aAAa,iCAAkB,oCAAoC,CACpE,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,aAAa,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC,IAAI,EAAE,CAAC;IACjE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,4BAAgB,CAAC,yBAAyB,EAAE,wBAAwB,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,YAAY,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC/C,IAAI,YAAY,CAAC,MAAM,GAAG,wCAAyB,EAAE,CAAC;QACpD,MAAM,IAAI,4BAAgB,CACxB,yBAAyB,EACzB,2BAA2B,wCAAyB,QAAQ,CAC7D,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,aAAa,CAAC,YAAY,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG,aAAa;QAC9B,CAAC,CAAC,mBAAmB,CAAC,aAAa,EAAE,qCAAsB,CAAC;QAC5D,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC;AAC/D,CAAC;AAED;;;;GAIG;AACH,SAAgB,uBAAuB,CAAC,WAAmB;IACzD,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC1D,IAAI,WAAW,CAAC,MAAM,GAAG,+BAAgB,EAAE,CAAC;QAC1C,MAAM,IAAI,4BAAgB,CACxB,wBAAwB,EACxB,kBAAkB,+BAAgB,QAAQ,CAC3C,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC;IACpC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,4BAAgB,CAAC,yBAAyB,EAAE,qBAAqB,CAAC,CAAC;IAC/E,CAAC;IAED,MAAM,YAAY,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC/C,IAAI,YAAY,CAAC,MAAM,GAAG,wCAAyB,EAAE,CAAC;QACpD,MAAM,IAAI,4BAAgB,CACxB,yBAAyB,EACzB,2BAA2B,wCAAyB,QAAQ,CAC7D,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,aAAa,CAAC,YAAY,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG,aAAa;QAC9B,CAAC,CAAC,mBAAmB,CAAC,aAAa,EAAE,qCAAsB,CAAC;QAC5D,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC;AAC/D,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E;;;;;GAKG;AACH,SAAgB,kBAAkB,CAAC,GAA4B;IAC7D,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;IAEvB,MAAM,QAAQ,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAU,CAAC;IACzE,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACjB,MAAM,IAAI,4BAAgB,CACxB,yBAAyB,EACzB,qCAAqC,GAAG,EAAE,CAC3C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,4CAA4C;IAC5C,IAAI,cAAuB,CAAC;IAC5B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACrD,MAAM,UAAU,GAAG,aAAa,CAAC,YAAY,CAAC,CAAC;QAC/C,cAAc,GAAG,UAAU;YACzB,CAAC,CAAC,mBAAmB,CAAC,UAAU,EAAE,qCAAsB,CAAC;YACzD,CAAC,CAAC,SAAS,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,cAAc,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,UAAU,EAAE,MAAM,CAAC,OAAO;QAC1B,cAAc;QACd,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,IAAI,EAAE,GAAG;KACV,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CACjC,GAA6B;IAE7B,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC;IAC3B,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,4BAAgB,CACxB,yBAAyB,EACzB,0CAA0C,CAC3C,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,GAA8B,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAgD,CAAC;IAExE,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,IAAI,4BAAgB,CAAC,yBAAyB,EAAE,qCAAqC,CAAC,CAAC;IAC/F,CAAC;IAED,2EAA2E;IAC3E,IAAI,OAAO,SAAS,CAAC,EAAE,KAAK,QAAQ,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;QACtD,MAAM,IAAI,4BAAgB,CAAC,yBAAyB,EAAE,oCAAoC,CAAC,CAAC;IAC9F,CAAC;IACD,IAAI,OAAO,SAAS,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,IAAI,4BAAgB,CAAC,yBAAyB,EAAE,wCAAwC,CAAC,CAAC;IAClG,CAAC;IACD,IAAI,OAAO,SAAS,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,IAAI,4BAAgB,CAAC,yBAAyB,EAAE,wCAAwC,CAAC,CAAC;IAClG,CAAC;IAED,OAAO;QACL,WAAW,EAAE,SAAS,CAAC,EAAE;QACzB,MAAM,EAAE,SAAS,CAAC,MAAM;QACxB,MAAM,EAAE,SAAS,CAAC,MAAM;QACxB,MAAM,EAAE,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;QACjE,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,IAAI,EAAE,GAAG;KACV,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,GAA0B;IACzD,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC;IAC3B,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,4BAAgB,CAAC,yBAAyB,EAAE,uCAAuC,CAAC,CAAC;IACjG,CAAC;IAED,MAAM,OAAO,GAAG,GAA8B,CAAC;IAE/C,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;IAC1E,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACtB,CAAC;IACH,CAAC;IAED,4CAA4C;IAC5C,IAAI,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1D,MAAM,IAAI,4BAAgB,CAAC,yBAAyB,EAAE,2BAA2B,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1D,MAAM,IAAI,4BAAgB,CAAC,yBAAyB,EAAE,2BAA2B,CAAC,CAAC;IACrF,CAAC;IAED,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,SAAS,EAAE,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChF,SAAS,EAAE,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChF,MAAM;QACN,IAAI,EAAE,GAAG;KACV,CAAC;AACJ,CAAC"}

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,139 @@
+/**
+ * Paymentauth wire types: raw + normalized.
+ *
+ * Envelope-first design: the stable surface is the common envelope
+ * (id, realm, method, intent, request, expires, digest, opaque).
+ * Method-specific payloads (request content, credential payload,
+ * receipt details) are typed as `unknown` because each payment method
+ * (card, lightning, stripe, tempo) has its own draft spec.
+ *
+ * Raw types preserve the original wire form exactly.
+ * Normalized types project a stable PEAC-facing structure.
+ * Every normalized type retains a `_raw` field for traceability.
+ */
+/**
+ * Raw paymentauth challenge from WWW-Authenticate header.
+ *
+ * Preserves the original header string and parsed auth-params.
+ * The `request` field is kept as raw base64url (not decoded).
+ */
+export interface RawPaymentauthChallenge {
+    /** Original full header string (for redaction and traceability) */
+    rawHeader: string;
+    /** Raw segment of the header corresponding to this challenge (for precise tracing) */
+    rawSegment: string;
+    /** Parsed auth-param key-value pairs */
+    params: Record<string, string>;
+}
+/**
+ * Raw paymentauth credential from Authorization header.
+ *
+ * The decoded JSON payload is typed as `unknown` because the
+ * credential structure contains method-specific `payload` fields.
+ */
+export interface RawPaymentauthCredential {
+    /** Original base64url-encoded header value (after scheme prefix) */
+    rawValue: string;
+    /** Decoded bytes as Uint8Array (preserved for non-UTF-8 safety) */
+    decodedBytes: Uint8Array;
+    /** Decoded UTF-8 string, or null if bytes are not valid UTF-8 */
+    decodedString: string | null;
+    /** Parsed JSON object if decoding and parsing succeeded, otherwise undefined */
+    parsedJson: unknown;
+}
+/**
+ * Raw paymentauth receipt from Payment-Receipt header.
+ *
+ * Same raw preservation pattern as credential.
+ */
+export interface RawPaymentauthReceipt {
+    /** Original base64url-encoded header value */
+    rawValue: string;
+    /** Decoded bytes as Uint8Array */
+    decodedBytes: Uint8Array;
+    /** Decoded UTF-8 string, or null if bytes are not valid UTF-8 */
+    decodedString: string | null;
+    /** Parsed JSON object if decoding and parsing succeeded */
+    parsedJson: unknown;
+}
+/**
+ * Normalized paymentauth challenge.
+ *
+ * Only common envelope fields are typed. Method-specific data within
+ * the decoded request is typed as `unknown`.
+ */
+export interface NormalizedPaymentauthChallenge {
+    id: string;
+    realm: string;
+    method: string;
+    intent: string;
+    /** Raw base64url string of the request parameter */
+    requestRaw: string;
+    /**
+     * Decoded request payload. Typed as `unknown` first; best-effort
+     * `Record<string, unknown>` when JSON parsing succeeds and result is object-shaped.
+     * Preserves raw base64url + decoded string alongside.
+     */
+    decodedRequest: unknown;
+    expires?: string;
+    digest?: string;
+    description?: string;
+    opaque?: string;
+    /** Back-reference to the raw form */
+    _raw: RawPaymentauthChallenge;
+}
+/**
+ * Normalized paymentauth credential.
+ *
+ * Stable projection of the credential envelope.
+ * Method-specific payload typed as `unknown`.
+ */
+export interface NormalizedPaymentauthCredential {
+    challengeId: string;
+    method: string;
+    intent: string;
+    /** Payer identifier (DID format recommended per spec) */
+    source?: string;
+    /** Method-specific payment proof (typed as `unknown`) */
+    payload: unknown;
+    /** Back-reference to the raw form */
+    _raw: RawPaymentauthCredential;
+}
+/**
+ * Normalized paymentauth receipt.
+ *
+ * Stable projection of the receipt envelope.
+ * Method-specific fields typed as `unknown` via extras.
+ */
+export interface NormalizedPaymentauthReceipt {
+    status: string;
+    method: string;
+    timestamp?: string;
+    reference?: string;
+    /** Any additional fields from the receipt (method-specific) */
+    extras: Record<string, unknown>;
+    /** Back-reference to the raw form */
+    _raw: RawPaymentauthReceipt;
+}
+/**
+ * Parsed x-service-info from OpenAPI document.
+ */
+export interface PaymentauthServiceInfo {
+    categories?: string[];
+    docs?: {
+        apiReference?: string;
+        homepage?: string;
+        llms?: string;
+    };
+}
+/**
+ * Parsed x-payment-info from OpenAPI operation.
+ */
+export interface PaymentauthPaymentInfo {
+    intent?: string;
+    method?: string;
+    amount?: string | null;
+    currency?: string;
+    description?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH;;;;;GAKG;AACH,MAAM,WAAW,uBAAuB;IACtC,mEAAmE;IACnE,SAAS,EAAE,MAAM,CAAC;IAClB,sFAAsF;IACtF,UAAU,EAAE,MAAM,CAAC;IACnB,wCAAwC;IACxC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC;AAED;;;;;GAKG;AACH,MAAM,WAAW,wBAAwB;IACvC,oEAAoE;IACpE,QAAQ,EAAE,MAAM,CAAC;IACjB,mEAAmE;IACnE,YAAY,EAAE,UAAU,CAAC;IACzB,iEAAiE;IACjE,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,gFAAgF;IAChF,UAAU,EAAE,OAAO,CAAC;CACrB;AAED;;;;GAIG;AACH,MAAM,WAAW,qBAAqB;IACpC,8CAA8C;IAC9C,QAAQ,EAAE,MAAM,CAAC;IACjB,kCAAkC;IAClC,YAAY,EAAE,UAAU,CAAC;IACzB,iEAAiE;IACjE,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,2DAA2D;IAC3D,UAAU,EAAE,OAAO,CAAC;CACrB;AAMD;;;;;GAKG;AACH,MAAM,WAAW,8BAA8B;IAC7C,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,oDAAoD;IACpD,UAAU,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,cAAc,EAAE,OAAO,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qCAAqC;IACrC,IAAI,EAAE,uBAAuB,CAAC;CAC/B;AAED;;;;;GAKG;AACH,MAAM,WAAW,+BAA+B;IAC9C,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yDAAyD;IACzD,OAAO,EAAE,OAAO,CAAC;IACjB,qCAAqC;IACrC,IAAI,EAAE,wBAAwB,CAAC;CAChC;AAED;;;;;GAKG;AACH,MAAM,WAAW,4BAA4B;IAC3C,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,+DAA+D;IAC/D,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,qCAAqC;IACrC,IAAI,EAAE,qBAAqB,CAAC;CAC7B;AAMD;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,IAAI,CAAC,EAAE;QACL,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB"}

package/dist/types.js ADDED Viewed

@@ -0,0 +1,16 @@
+"use strict";
+/**
+ * Paymentauth wire types: raw + normalized.
+ *
+ * Envelope-first design: the stable surface is the common envelope
+ * (id, realm, method, intent, request, expires, digest, opaque).
+ * Method-specific payloads (request content, credential payload,
+ * receipt details) are typed as `unknown` because each payment method
+ * (card, lightning, stripe, tempo) has its own draft spec.
+ *
+ * Raw types preserve the original wire form exactly.
+ * Normalized types project a stable PEAC-facing structure.
+ * Every normalized type retains a `_raw` field for traceability.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG"}