npm - @shroud-fi/x402 - Versions diffs - 0.1.0 - Mend

@shroud-fi/x402 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

package/LICENSE +21 -0
package/README.md +77 -0
package/dist/cjs/client.d.ts +43 -0
package/dist/cjs/client.d.ts.map +1 -0
package/dist/cjs/client.js +199 -0
package/dist/cjs/client.js.map +1 -0
package/dist/cjs/constants.d.ts +16 -0
package/dist/cjs/constants.d.ts.map +1 -0
package/dist/cjs/constants.js +19 -0
package/dist/cjs/constants.js.map +1 -0
package/dist/cjs/errors.d.ts +61 -0
package/dist/cjs/errors.d.ts.map +1 -0
package/dist/cjs/errors.js +82 -0
package/dist/cjs/errors.js.map +1 -0
package/dist/cjs/facilitator.d.ts +50 -0
package/dist/cjs/facilitator.d.ts.map +1 -0
package/dist/cjs/facilitator.js +106 -0
package/dist/cjs/facilitator.js.map +1 -0
package/dist/cjs/index.d.ts +8 -0
package/dist/cjs/index.d.ts.map +1 -0
package/dist/cjs/index.js +29 -0
package/dist/cjs/index.js.map +1 -0
package/dist/cjs/package.json +1 -0
package/dist/cjs/protocol.d.ts +117 -0
package/dist/cjs/protocol.d.ts.map +1 -0
package/dist/cjs/protocol.js +39 -0
package/dist/cjs/protocol.js.map +1 -0
package/dist/cjs/server.d.ts +49 -0
package/dist/cjs/server.d.ts.map +1 -0
package/dist/cjs/server.js +237 -0
package/dist/cjs/server.js.map +1 -0
package/dist/cjs/signing.d.ts +93 -0
package/dist/cjs/signing.d.ts.map +1 -0
package/dist/cjs/signing.js +170 -0
package/dist/cjs/signing.js.map +1 -0
package/dist/cjs/types.d.ts +93 -0
package/dist/cjs/types.d.ts.map +1 -0
package/dist/cjs/types.js +6 -0
package/dist/cjs/types.js.map +1 -0
package/dist/esm/client.d.ts +43 -0
package/dist/esm/client.d.ts.map +1 -0
package/dist/esm/client.js +196 -0
package/dist/esm/client.js.map +1 -0
package/dist/esm/constants.d.ts +16 -0
package/dist/esm/constants.d.ts.map +1 -0
package/dist/esm/constants.js +16 -0
package/dist/esm/constants.js.map +1 -0
package/dist/esm/errors.d.ts +61 -0
package/dist/esm/errors.d.ts.map +1 -0
package/dist/esm/errors.js +73 -0
package/dist/esm/errors.js.map +1 -0
package/dist/esm/facilitator.d.ts +50 -0
package/dist/esm/facilitator.d.ts.map +1 -0
package/dist/esm/facilitator.js +100 -0
package/dist/esm/facilitator.js.map +1 -0
package/dist/esm/index.d.ts +8 -0
package/dist/esm/index.d.ts.map +1 -0
package/dist/esm/index.js +12 -0
package/dist/esm/index.js.map +1 -0
package/dist/esm/protocol.d.ts +117 -0
package/dist/esm/protocol.d.ts.map +1 -0
package/dist/esm/protocol.js +36 -0
package/dist/esm/protocol.js.map +1 -0
package/dist/esm/server.d.ts +49 -0
package/dist/esm/server.d.ts.map +1 -0
package/dist/esm/server.js +234 -0
package/dist/esm/server.js.map +1 -0
package/dist/esm/signing.d.ts +93 -0
package/dist/esm/signing.d.ts.map +1 -0
package/dist/esm/signing.js +131 -0
package/dist/esm/signing.js.map +1 -0
package/dist/esm/types.d.ts +93 -0
package/dist/esm/types.d.ts.map +1 -0
package/dist/esm/types.js +5 -0
package/dist/esm/types.js.map +1 -0
package/dist/tsconfig.cjs.tsbuildinfo +1 -0
package/dist/tsconfig.esm.tsbuildinfo +1 -0
package/dist/tsconfig.tsbuildinfo +1 -0
package/package.json +64 -0

package/dist/cjs/facilitator.js ADDED Viewed

@@ -0,0 +1,106 @@
+"use strict";
+/**
+ * Facilitator HTTP client.
+ *
+ * Two endpoints per the x402 spec:
+ *   - POST /verify  — facilitator validates signature + balance + simulation.
+ *   - POST /settle  — facilitator broadcasts the on-chain settlement tx.
+ *
+ * Privacy invariants:
+ *   - We forward only the signed PaymentPayload + the PaymentRequirements. The
+ *     facilitator never receives the recipient's main wallet — only the
+ *     freshly derived stealth address (the `payTo` field of the requirements).
+ *   - We never log request/response bodies. Tags are short strings only.
+ *   - Auth token (if any) is attached as a Bearer header. We never log the
+ *     full token; tests verify the header is set but redaction is the
+ *     operator's responsibility upstream.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveFacilitator = resolveFacilitator;
+exports.buildFacilitatorHeaders = buildFacilitatorHeaders;
+exports.facilitatorVerify = facilitatorVerify;
+exports.facilitatorSettle = facilitatorSettle;
+const protocol_js_1 = require("./protocol.js");
+const errors_js_1 = require("./errors.js");
+/** Resolve the facilitator config, defaulting to PayAI free tier. */
+function resolveFacilitator(config) {
+    if (config === undefined) {
+        return { url: protocol_js_1.PAYAI_FACILITATOR_URL };
+    }
+    return config;
+}
+/**
+ * Build standard headers for a facilitator request. When an Ed25519 auth
+ * token is configured, attach `Authorization: Bearer <token>`. Otherwise
+ * the request hits the PayAI free-tier endpoint (no auth required).
+ */
+function buildFacilitatorHeaders(config) {
+    const headers = {
+        'content-type': 'application/json',
+        accept: 'application/json',
+    };
+    if (config.ed25519AuthToken !== undefined) {
+        headers['authorization'] = `Bearer ${config.ed25519AuthToken}`;
+    }
+    return headers;
+}
+/**
+ * Call the facilitator's `/verify` endpoint. Returns the parsed verification
+ * result. Re-wraps every failure path as a tagged X402FacilitatorError so
+ * no upstream response body leaks through.
+ */
+async function facilitatorVerify(config, body, fetchImpl = fetch) {
+    const url = `${config.url.replace(/\/+$/, '')}/verify`;
+    let res;
+    try {
+        res = await fetchImpl(url, {
+            method: 'POST',
+            headers: buildFacilitatorHeaders(config),
+            body: JSON.stringify(body),
+        });
+    }
+    catch {
+        throw new errors_js_1.X402FacilitatorError('network');
+    }
+    if (!res.ok) {
+        throw new errors_js_1.X402FacilitatorError('verify');
+    }
+    let parsed;
+    try {
+        parsed = (await res.json());
+    }
+    catch {
+        throw new errors_js_1.X402FacilitatorError('verify');
+    }
+    return parsed;
+}
+/**
+ * Call the facilitator's `/settle` endpoint. Returns the parsed settle
+ * result (including the on-chain tx hash on success).
+ */
+async function facilitatorSettle(config, body, fetchImpl = fetch) {
+    const url = `${config.url.replace(/\/+$/, '')}/settle`;
+    let res;
+    try {
+        res = await fetchImpl(url, {
+            method: 'POST',
+            headers: buildFacilitatorHeaders(config),
+            body: JSON.stringify(body),
+        });
+    }
+    catch {
+        throw new errors_js_1.X402FacilitatorError('network');
+    }
+    if (!res.ok) {
+        throw new errors_js_1.X402FacilitatorError('settle');
+    }
+    let parsed;
+    try {
+        parsed = (await res.json());
+    }
+    catch {
+        throw new errors_js_1.X402FacilitatorError('settle');
+    }
+    return parsed;
+}
+//# sourceMappingURL=facilitator.js.map

package/dist/cjs/facilitator.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"facilitator.js","sourceRoot":"","sources":["../../src/facilitator.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;AAqBH,gDAOC;AAOD,0DAWC;AAOD,8CA0BC;AAMD,8CA0BC;AA5GD,+CAAkF;AAClF,2CAAmD;AAgBnD,qEAAqE;AACrE,SAAgB,kBAAkB,CAChC,MAAyC;IAEzC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,OAAO,EAAE,GAAG,EAAE,mCAAqB,EAAE,CAAC;IACxC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,SAAgB,uBAAuB,CACrC,MAA6B;IAE7B,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;QAClC,MAAM,EAAE,kBAAkB;KAC3B,CAAC;IACF,IAAI,MAAM,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,MAAM,CAAC,gBAAgB,EAAE,CAAC;IACjE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,iBAAiB,CACrC,MAA6B,EAC7B,IAAa,EACb,YAA0B,KAAK;IAE/B,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,SAAS,CAAC;IACvD,IAAI,GAAa,CAAC;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE;YACzB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,uBAAuB,CAAC,MAAM,CAAC;YACxC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,gCAAoB,CAAC,SAAS,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,gCAAoB,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA4B,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,gCAAoB,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,iBAAiB,CACrC,MAA6B,EAC7B,IAAa,EACb,YAA0B,KAAK;IAE/B,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,SAAS,CAAC;IACvD,IAAI,GAAa,CAAC;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE;YACzB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,uBAAuB,CAAC,MAAM,CAAC;YACxC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,gCAAoB,CAAC,SAAS,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,gCAAoB,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA4B,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,gCAAoB,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/cjs/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export { createX402Server } from './server.js';
+export type { X402Server, X402ServerConfig, X402Challenge, X402PaymentRequirements, X402PaymentVerification, } from './server.js';
+export { createX402Client } from './client.js';
+export type { X402Client, X402ClientConfig, X402PaymentResult, } from './client.js';
+export { X402_PAYMENT_REQUIRED_HEADER, X402_PAYMENT_SIGNATURE_HEADER, X402_PAYMENT_RESPONSE_HEADER, X402_SCHEME_EXACT, PAYAI_FACILITATOR_URL, COINBASE_FACILITATOR_URL, } from './protocol.js';
+export type { X402PaymentPayload, X402SchemeId, X402FacilitatorConfig, } from './protocol.js';
+export { X402Error, X402InvalidChallengeError, X402SignatureVerificationError, X402FacilitatorError, X402AssetNotSupportedError, X402AmountMismatchError, } from './errors.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,YAAY,EACV,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,uBAAuB,EACvB,uBAAuB,GACxB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,YAAY,EACV,UAAU,EACV,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,4BAA4B,EAC5B,6BAA6B,EAC7B,4BAA4B,EAC5B,iBAAiB,EACjB,qBAAqB,EACrB,wBAAwB,GACzB,MAAM,eAAe,CAAC;AACvB,YAAY,EACV,kBAAkB,EAClB,YAAY,EACZ,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,SAAS,EACT,yBAAyB,EACzB,8BAA8B,EAC9B,oBAAoB,EACpB,0BAA0B,EAC1B,uBAAuB,GACxB,MAAM,aAAa,CAAC"}

package/dist/cjs/index.js ADDED Viewed

@@ -0,0 +1,29 @@
+"use strict";
+// Public surface — @shroud-fi/x402
+// HTTP 402 + stealth-address payment routing for AI agents on Base.
+// See packages/x402/README and docs/research/competitive/x402-spec-and-ecosystem.md.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.X402AmountMismatchError = exports.X402AssetNotSupportedError = exports.X402FacilitatorError = exports.X402SignatureVerificationError = exports.X402InvalidChallengeError = exports.X402Error = exports.COINBASE_FACILITATOR_URL = exports.PAYAI_FACILITATOR_URL = exports.X402_SCHEME_EXACT = exports.X402_PAYMENT_RESPONSE_HEADER = exports.X402_PAYMENT_SIGNATURE_HEADER = exports.X402_PAYMENT_REQUIRED_HEADER = exports.createX402Client = exports.createX402Server = void 0;
+// Server side
+var server_js_1 = require("./server.js");
+Object.defineProperty(exports, "createX402Server", { enumerable: true, get: function () { return server_js_1.createX402Server; } });
+// Client side
+var client_js_1 = require("./client.js");
+Object.defineProperty(exports, "createX402Client", { enumerable: true, get: function () { return client_js_1.createX402Client; } });
+// Protocol constants + types
+var protocol_js_1 = require("./protocol.js");
+Object.defineProperty(exports, "X402_PAYMENT_REQUIRED_HEADER", { enumerable: true, get: function () { return protocol_js_1.X402_PAYMENT_REQUIRED_HEADER; } });
+Object.defineProperty(exports, "X402_PAYMENT_SIGNATURE_HEADER", { enumerable: true, get: function () { return protocol_js_1.X402_PAYMENT_SIGNATURE_HEADER; } });
+Object.defineProperty(exports, "X402_PAYMENT_RESPONSE_HEADER", { enumerable: true, get: function () { return protocol_js_1.X402_PAYMENT_RESPONSE_HEADER; } });
+Object.defineProperty(exports, "X402_SCHEME_EXACT", { enumerable: true, get: function () { return protocol_js_1.X402_SCHEME_EXACT; } });
+Object.defineProperty(exports, "PAYAI_FACILITATOR_URL", { enumerable: true, get: function () { return protocol_js_1.PAYAI_FACILITATOR_URL; } });
+Object.defineProperty(exports, "COINBASE_FACILITATOR_URL", { enumerable: true, get: function () { return protocol_js_1.COINBASE_FACILITATOR_URL; } });
+// Errors
+var errors_js_1 = require("./errors.js");
+Object.defineProperty(exports, "X402Error", { enumerable: true, get: function () { return errors_js_1.X402Error; } });
+Object.defineProperty(exports, "X402InvalidChallengeError", { enumerable: true, get: function () { return errors_js_1.X402InvalidChallengeError; } });
+Object.defineProperty(exports, "X402SignatureVerificationError", { enumerable: true, get: function () { return errors_js_1.X402SignatureVerificationError; } });
+Object.defineProperty(exports, "X402FacilitatorError", { enumerable: true, get: function () { return errors_js_1.X402FacilitatorError; } });
+Object.defineProperty(exports, "X402AssetNotSupportedError", { enumerable: true, get: function () { return errors_js_1.X402AssetNotSupportedError; } });
+Object.defineProperty(exports, "X402AmountMismatchError", { enumerable: true, get: function () { return errors_js_1.X402AmountMismatchError; } });
+//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA,mCAAmC;AACnC,oEAAoE;AACpE,qFAAqF;;;AAErF,cAAc;AACd,yCAA+C;AAAtC,6GAAA,gBAAgB,OAAA;AASzB,cAAc;AACd,yCAA+C;AAAtC,6GAAA,gBAAgB,OAAA;AAOzB,6BAA6B;AAC7B,6CAOuB;AANrB,2HAAA,4BAA4B,OAAA;AAC5B,4HAAA,6BAA6B,OAAA;AAC7B,2HAAA,4BAA4B,OAAA;AAC5B,gHAAA,iBAAiB,OAAA;AACjB,oHAAA,qBAAqB,OAAA;AACrB,uHAAA,wBAAwB,OAAA;AAQ1B,SAAS;AACT,yCAOqB;AANnB,sGAAA,SAAS,OAAA;AACT,sHAAA,yBAAyB,OAAA;AACzB,2HAAA,8BAA8B,OAAA;AAC9B,iHAAA,oBAAoB,OAAA;AACpB,uHAAA,0BAA0B,OAAA;AAC1B,oHAAA,uBAAuB,OAAA"}

package/dist/cjs/package.json ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"type":"commonjs"}

package/dist/cjs/protocol.d.ts ADDED Viewed

@@ -0,0 +1,117 @@
+/**
+ * x402 protocol constants + wire types.
+ *
+ * v2 spec only. See docs/research/competitive/x402-spec-and-ecosystem.md §1
+ * for the canonical field names. v1 (whitepaper, deprecated) names are not
+ * accepted by this package.
+ */
+import type { Address, Hex } from 'viem';
+/** Server → client: 402 challenge envelope (raw JSON, no base64 in v2). */
+export declare const X402_PAYMENT_REQUIRED_HEADER: "X-PAYMENT-REQUIRED";
+/**
+ * Client → server: signed PaymentPayload (base64-encoded JSON).
+ *
+ * Canonical name per the v2 spec is `X-PAYMENT`. Older drafts and some
+ * SDKs use `X-PAYMENT-SIGNATURE`; we use `X-PAYMENT` to stay aligned with
+ * the foundation SDKs (`@x402/fetch`, `@x402/axios`, `@x402/express` all
+ * read `X-PAYMENT`).
+ */
+export declare const X402_PAYMENT_SIGNATURE_HEADER: "X-PAYMENT";
+/** Server → client: settlement confirmation (base64-encoded JSON, on 2xx). */
+export declare const X402_PAYMENT_RESPONSE_HEADER: "X-PAYMENT-RESPONSE";
+/** "Exact" scheme — seller knows price up front. Only scheme we support in v1. */
+export declare const X402_SCHEME_EXACT: "exact";
+export type X402SchemeId = typeof X402_SCHEME_EXACT;
+/**
+ * PayAI Network facilitator — free tier (≤ 10k settlements/mo) requires no
+ * authentication at all. Our default.
+ */
+export declare const PAYAI_FACILITATOR_URL: "https://facilitator.payai.network";
+/**
+ * Coinbase CDP facilitator — secondary. Requires CDP API key for use.
+ * URL verified against research doc §3 (cdp.coinbase.com/platform/v2/x402).
+ */
+export declare const COINBASE_FACILITATOR_URL: "https://api.cdp.coinbase.com/platform/v2/x402";
+/**
+ * The `accepts[N]` entry from a v2 `PaymentRequired` object — the exact shape
+ * a client receives over the wire.
+ *
+ * Field names match the spec verbatim (NOT the v1 whitepaper names — see
+ * research doc §10.1 for the drift table).
+ */
+export interface X402PaymentRequirements {
+    /** Scheme id; only `'exact'` supported in v1. */
+    readonly scheme: X402SchemeId;
+    /** CAIP-2 network id, e.g. `'eip155:8453'`. */
+    readonly network: string;
+    /**
+     * Maximum payment amount in token base units (string-encoded to survive
+     * uint256). For scheme `exact`, this is the exact required amount.
+     *
+     * Spec field name: `maxAmountRequired`. We mirror it verbatim.
+     */
+    readonly maxAmountRequired: string;
+    /** ERC-20 contract address of the asset. */
+    readonly asset: Address;
+    /**
+     * Recipient address. In ShroudFi servers this is ALWAYS a freshly derived
+     * stealth address — never the server's main wallet.
+     */
+    readonly payTo: Address;
+    /** Authorization validity window (seconds). */
+    readonly maxTimeoutSeconds: number;
+    /** Resource being paid for (URL or pseudo-URL). */
+    readonly resource: string;
+    /** Optional human-readable description. */
+    readonly description?: string;
+    /**
+     * Scheme-specific extra data. For `exact` on EVM, contains the EIP-712
+     * domain `name` + `version` for the asset (so the client can rebuild the
+     * domain separator without having to look the token up).
+     */
+    readonly extra: {
+        readonly name: string;
+        readonly version: string;
+        /**
+         * ShroudFi-specific extension: emitted so a ShroudFi-aware client can
+         * relay the Announcement event after settlement. Forward-compatible —
+         * non-ShroudFi clients ignore unknown keys.
+         */
+        readonly shroudfiAnnouncement?: {
+            readonly ephemeralPubKey: Hex;
+            readonly viewTag: number;
+        };
+    };
+}
+/**
+ * The signed payload the client sends back in `X-PAYMENT`. EIP-3009
+ * `transferWithAuthorization` shape.
+ */
+export interface X402PaymentPayload {
+    readonly x402Version: 2;
+    readonly scheme: X402SchemeId;
+    readonly network: string;
+    readonly payload: {
+        readonly signature: Hex;
+        readonly authorization: {
+            readonly from: Address;
+            readonly to: Address;
+            /** uint256 as string. */
+            readonly value: string;
+            readonly validAfter: string;
+            readonly validBefore: string;
+            readonly nonce: Hex;
+        };
+    };
+}
+/**
+ * Optional facilitator config. When unset, the default is PayAI free-tier
+ * (no auth). When `ed25519AuthToken` is provided, the facilitator client
+ * attaches `Authorization: Bearer <token>` to every request — caller is
+ * responsible for minting the JWT per PayAI's spec (research doc §10.5).
+ */
+export interface X402FacilitatorConfig {
+    readonly url: string;
+    readonly ed25519AuthToken?: string;
+}
+//# sourceMappingURL=protocol.d.ts.map

package/dist/cjs/protocol.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"protocol.d.ts","sourceRoot":"","sources":["../../src/protocol.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAIzC,2EAA2E;AAC3E,eAAO,MAAM,4BAA4B,EAAG,oBAA6B,CAAC;AAE1E;;;;;;;GAOG;AACH,eAAO,MAAM,6BAA6B,EAAG,WAAoB,CAAC;AAElE,8EAA8E;AAC9E,eAAO,MAAM,4BAA4B,EAAG,oBAA6B,CAAC;AAI1E,kFAAkF;AAClF,eAAO,MAAM,iBAAiB,EAAG,OAAgB,CAAC;AAElD,MAAM,MAAM,YAAY,GAAG,OAAO,iBAAiB,CAAC;AAIpD;;;GAGG;AACH,eAAO,MAAM,qBAAqB,EAChC,mCAA4C,CAAC;AAE/C;;;GAGG;AACH,eAAO,MAAM,wBAAwB,EACnC,+CAAwD,CAAC;AAI3D;;;;;;GAMG;AACH,MAAM,WAAW,uBAAuB;IACtC,iDAAiD;IACjD,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,+CAA+C;IAC/C,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB;;;;;OAKG;IACH,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,4CAA4C;IAC5C,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,+CAA+C;IAC/C,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,mDAAmD;IACnD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,2CAA2C;IAC3C,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B;;;;OAIG;IACH,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QACzB;;;;WAIG;QACH,QAAQ,CAAC,oBAAoB,CAAC,EAAE;YAC9B,QAAQ,CAAC,eAAe,EAAE,GAAG,CAAC;YAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;SAC1B,CAAC;KACH,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;IACxB,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,SAAS,EAAE,GAAG,CAAC;QACxB,QAAQ,CAAC,aAAa,EAAE;YACtB,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;YACvB,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;YACrB,yBAAyB;YACzB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;YACvB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;YAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;YAC7B,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC;SACrB,CAAC;KACH,CAAC;CACH;AAED;;;;;GAKG;AACH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CACpC"}

package/dist/cjs/protocol.js ADDED Viewed

@@ -0,0 +1,39 @@
+"use strict";
+/**
+ * x402 protocol constants + wire types.
+ *
+ * v2 spec only. See docs/research/competitive/x402-spec-and-ecosystem.md §1
+ * for the canonical field names. v1 (whitepaper, deprecated) names are not
+ * accepted by this package.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.COINBASE_FACILITATOR_URL = exports.PAYAI_FACILITATOR_URL = exports.X402_SCHEME_EXACT = exports.X402_PAYMENT_RESPONSE_HEADER = exports.X402_PAYMENT_SIGNATURE_HEADER = exports.X402_PAYMENT_REQUIRED_HEADER = void 0;
+// ─── HTTP header names ───────────────────────────────────────────────────────
+/** Server → client: 402 challenge envelope (raw JSON, no base64 in v2). */
+exports.X402_PAYMENT_REQUIRED_HEADER = 'X-PAYMENT-REQUIRED';
+/**
+ * Client → server: signed PaymentPayload (base64-encoded JSON).
+ *
+ * Canonical name per the v2 spec is `X-PAYMENT`. Older drafts and some
+ * SDKs use `X-PAYMENT-SIGNATURE`; we use `X-PAYMENT` to stay aligned with
+ * the foundation SDKs (`@x402/fetch`, `@x402/axios`, `@x402/express` all
+ * read `X-PAYMENT`).
+ */
+exports.X402_PAYMENT_SIGNATURE_HEADER = 'X-PAYMENT';
+/** Server → client: settlement confirmation (base64-encoded JSON, on 2xx). */
+exports.X402_PAYMENT_RESPONSE_HEADER = 'X-PAYMENT-RESPONSE';
+// ─── Scheme identifiers ──────────────────────────────────────────────────────
+/** "Exact" scheme — seller knows price up front. Only scheme we support in v1. */
+exports.X402_SCHEME_EXACT = 'exact';
+// ─── Facilitator URLs ────────────────────────────────────────────────────────
+/**
+ * PayAI Network facilitator — free tier (≤ 10k settlements/mo) requires no
+ * authentication at all. Our default.
+ */
+exports.PAYAI_FACILITATOR_URL = 'https://facilitator.payai.network';
+/**
+ * Coinbase CDP facilitator — secondary. Requires CDP API key for use.
+ * URL verified against research doc §3 (cdp.coinbase.com/platform/v2/x402).
+ */
+exports.COINBASE_FACILITATOR_URL = 'https://api.cdp.coinbase.com/platform/v2/x402';
+//# sourceMappingURL=protocol.js.map

package/dist/cjs/protocol.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"protocol.js","sourceRoot":"","sources":["../../src/protocol.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAIH,gFAAgF;AAEhF,2EAA2E;AAC9D,QAAA,4BAA4B,GAAG,oBAA6B,CAAC;AAE1E;;;;;;;GAOG;AACU,QAAA,6BAA6B,GAAG,WAAoB,CAAC;AAElE,8EAA8E;AACjE,QAAA,4BAA4B,GAAG,oBAA6B,CAAC;AAE1E,gFAAgF;AAEhF,kFAAkF;AACrE,QAAA,iBAAiB,GAAG,OAAgB,CAAC;AAIlD,gFAAgF;AAEhF;;;GAGG;AACU,QAAA,qBAAqB,GAChC,mCAA4C,CAAC;AAE/C;;;GAGG;AACU,QAAA,wBAAwB,GACnC,+CAAwD,CAAC"}

package/dist/cjs/server.d.ts ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * x402 server — challenge generation + signed-payment verification.
+ *
+ * Privacy invariants enforced here:
+ *   - Every challenge derives a FRESH stealth address from the recipient's
+ *     meta-address. The recipient's main wallet NEVER appears in the
+ *     PaymentRequired body.
+ *   - The facilitator is only ever shown the stealth `payTo` — same property.
+ *   - Error paths never include amount values, signature bytes, or the
+ *     server's spend key.
+ */
+import { type X402PaymentPayload } from './protocol.js';
+import type { X402Challenge, X402PaymentVerification, X402ServerConfig } from './types.js';
+export interface X402Server {
+    /**
+     * Build a 402 challenge for a given resource. Each call derives a fresh
+     * stealth address — calls are deliberately non-idempotent.
+     */
+    challenge(args: {
+        resource: string;
+        description?: string;
+        priceAtomic?: bigint;
+    }): Promise<X402Challenge>;
+    /**
+     * Verify a signed payload submitted by the client. Optionally settles via
+     * the configured facilitator.
+     *
+     * When `skipFacilitator: true` is passed, verify returns `valid: true` after
+     * signature recovery succeeds and does NOT contact the facilitator. The
+     * caller is then responsible for settling the EIP-3009 authorization on-chain
+     * itself (e.g. by calling `USDC.transferWithAuthorization` directly through
+     * its own walletClient). Use this when the operator runs its own settler EOA
+     * and does not want a facilitator in the trust chain — e.g. headless
+     * agent-to-agent demos, anon-stack deployments.
+     */
+    verify(args: {
+        signedPayload: string | X402PaymentPayload;
+        challenge: X402Challenge;
+        skipFacilitator?: boolean;
+    }): Promise<X402PaymentVerification>;
+}
+/**
+ * Build an X402Server bound to a single recipient meta-address + asset.
+ */
+export declare function createX402Server(config: X402ServerConfig): X402Server;
+/** Re-export so consumers don't have to dig into types.ts. */
+export type { X402Challenge, X402PaymentVerification, X402ServerConfig, } from './types.js';
+export type { X402PaymentRequirements } from './protocol.js';
+//# sourceMappingURL=server.d.ts.map

package/dist/cjs/server.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,EAGL,KAAK,kBAAkB,EAExB,MAAM,eAAe,CAAC;AAMvB,OAAO,KAAK,EACV,aAAa,EACb,uBAAuB,EACvB,gBAAgB,EACjB,MAAM,YAAY,CAAC;AAmCpB,MAAM,WAAW,UAAU;IACzB;;;OAGG;IACH,SAAS,CAAC,IAAI,EAAE;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAC3B;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,IAAI,EAAE;QACX,aAAa,EAAE,MAAM,GAAG,kBAAkB,CAAC;QAC3C,SAAS,EAAE,aAAa,CAAC;QACzB,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;CACtC;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,GAAG,UAAU,CA2MrE;AAED,8DAA8D;AAC9D,YAAY,EACV,aAAa,EACb,uBAAuB,EACvB,gBAAgB,GACjB,MAAM,YAAY,CAAC;AACpB,YAAY,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC"}

package/dist/cjs/server.js ADDED Viewed

@@ -0,0 +1,237 @@
+"use strict";
+/**
+ * x402 server — challenge generation + signed-payment verification.
+ *
+ * Privacy invariants enforced here:
+ *   - Every challenge derives a FRESH stealth address from the recipient's
+ *     meta-address. The recipient's main wallet NEVER appears in the
+ *     PaymentRequired body.
+ *   - The facilitator is only ever shown the stealth `payTo` — same property.
+ *   - Error paths never include amount values, signature bytes, or the
+ *     server's spend key.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createX402Server = createX402Server;
+const core_1 = require("@shroud-fi/core");
+const payments_1 = require("@shroud-fi/payments");
+const transport_1 = require("@shroud-fi/transport");
+const protocol_js_1 = require("./protocol.js");
+const constants_js_1 = require("./constants.js");
+const errors_js_1 = require("./errors.js");
+const facilitator_js_1 = require("./facilitator.js");
+const signing_js_1 = require("./signing.js");
+/**
+ * Encode a CAIP-2 network id from a chain id. EVM only.
+ */
+function caip2(chainId) {
+    return `eip155:${chainId}`;
+}
+/**
+ * Robust bigint coercion that accepts decimal strings, hex strings,
+ * numbers, and bigints. Throws X402InvalidChallengeError on anything else.
+ */
+function toBigInt(v) {
+    if (typeof v === 'bigint')
+        return v;
+    if (typeof v === 'number')
+        return BigInt(v);
+    if (typeof v === 'string') {
+        try {
+            return BigInt(v);
+        }
+        catch {
+            throw new errors_js_1.X402InvalidChallengeError();
+        }
+    }
+    throw new errors_js_1.X402InvalidChallengeError();
+}
+/**
+ * Build an X402Server bound to a single recipient meta-address + asset.
+ */
+function createX402Server(config) {
+    // Validate asset is canonical USDC for the chain. Fail-fast at construction.
+    const canonicalUsdc = (0, transport_1.getUSDC)(config.chainId);
+    const usdcDomain = (0, transport_1.getUSDCDomain)(config.chainId);
+    if (canonicalUsdc === undefined || usdcDomain === undefined) {
+        throw new errors_js_1.X402AssetNotSupportedError();
+    }
+    if (config.asset.toLowerCase() !== canonicalUsdc.toLowerCase()) {
+        throw new errors_js_1.X402AssetNotSupportedError();
+    }
+    // Pre-decode the meta-address ONCE — repeated decodes would waste cycles.
+    // The decode validates curve membership; downstream errors become
+    // X402InvalidChallengeError.
+    let decoded;
+    try {
+        decoded = (0, core_1.decodeMetaAddress)(config.recipientMetaAddress);
+    }
+    catch {
+        throw new errors_js_1.X402InvalidChallengeError();
+    }
+    const facilitator = (0, facilitator_js_1.resolveFacilitator)(config.facilitator);
+    return {
+        async challenge({ resource, description, priceAtomic }) {
+            const price = priceAtomic ?? config.defaultPriceAtomic;
+            // Derive a fresh stealth address per call. prepareStealthPayment hashes
+            // a fresh ephemeral key internally — uniqueness is built in.
+            const prepared = (0, payments_1.prepareStealthPayment)(decoded);
+            const requirements = {
+                scheme: protocol_js_1.X402_SCHEME_EXACT,
+                network: caip2(config.chainId),
+                maxAmountRequired: price.toString(),
+                asset: config.asset,
+                payTo: prepared.stealthAddress,
+                maxTimeoutSeconds: constants_js_1.DEFAULT_MAX_TIMEOUT_SECS,
+                resource,
+                ...(description !== undefined ? { description } : {}),
+                extra: {
+                    name: usdcDomain.name,
+                    version: usdcDomain.version,
+                    shroudfiAnnouncement: {
+                        ephemeralPubKey: prepared.ephemeralPubKey,
+                        viewTag: prepared.viewTag,
+                    },
+                },
+            };
+            const body = {
+                x402Version: constants_js_1.X402_VERSION,
+                error: 'Payment required',
+                accepts: [requirements],
+            };
+            return {
+                status: 402,
+                headers: {
+                    [protocol_js_1.X402_PAYMENT_REQUIRED_HEADER]: JSON.stringify(body),
+                    'content-type': 'application/json',
+                },
+                body,
+                announcement: {
+                    ephemeralPubKey: prepared.ephemeralPubKey,
+                    viewTag: prepared.viewTag,
+                    stealthAddress: prepared.stealthAddress,
+                },
+            };
+        },
+        async verify({ signedPayload, challenge, skipFacilitator }) {
+            // 1. Decode incoming payload.
+            let payload;
+            if (typeof signedPayload === 'string') {
+                try {
+                    // Spec: header value is base64-encoded JSON.
+                    const decodedJson = Buffer.from(signedPayload, 'base64').toString('utf-8');
+                    payload = JSON.parse(decodedJson);
+                }
+                catch {
+                    return { valid: false, error: 'malformed_payload' };
+                }
+            }
+            else {
+                payload = signedPayload;
+            }
+            // 2. Structural checks. Tagged failures only — no field values in errors.
+            if (payload.x402Version !== 2 ||
+                payload.scheme !== protocol_js_1.X402_SCHEME_EXACT ||
+                payload.network !== caip2(config.chainId)) {
+                return { valid: false, error: 'scheme_mismatch' };
+            }
+            const auth = payload.payload?.authorization;
+            const sig = payload.payload?.signature;
+            if (auth === undefined || sig === undefined) {
+                return { valid: false, error: 'malformed_payload' };
+            }
+            const accepted = challenge.body.accepts[0];
+            if (accepted === undefined) {
+                return { valid: false, error: 'malformed_challenge' };
+            }
+            // 3. Authorization fields must address the same stealth `payTo` and the
+            //    exact required amount.
+            let value;
+            let validAfter;
+            let validBefore;
+            try {
+                value = toBigInt(auth.value);
+                validAfter = toBigInt(auth.validAfter);
+                validBefore = toBigInt(auth.validBefore);
+            }
+            catch {
+                return { valid: false, error: 'malformed_payload' };
+            }
+            if (auth.to.toLowerCase() !== accepted.payTo.toLowerCase()) {
+                return { valid: false, error: 'recipient_mismatch' };
+            }
+            let requiredAmount;
+            try {
+                requiredAmount = toBigInt(accepted.maxAmountRequired);
+            }
+            catch {
+                return { valid: false, error: 'malformed_challenge' };
+            }
+            if (value !== requiredAmount) {
+                return { valid: false, error: 'amount_mismatch' };
+            }
+            // 4. Time window.
+            const nowSecs = BigInt(Math.floor(Date.now() / 1000));
+            if (validBefore <= nowSecs) {
+                return { valid: false, error: 'expired' };
+            }
+            if (validAfter > nowSecs) {
+                return { valid: false, error: 'not_yet_valid' };
+            }
+            // 5. Signature recovery.
+            const authInput = {
+                from: auth.from,
+                to: auth.to,
+                value,
+                validAfter,
+                validBefore,
+                nonce: auth.nonce,
+            };
+            const recovered = await (0, signing_js_1.verifyTransferWithAuthorizationSignature)({
+                chainId: config.chainId,
+                verifyingContract: config.asset,
+                authorization: authInput,
+                signature: sig,
+            });
+            if (recovered === null ||
+                recovered.toLowerCase() !== auth.from.toLowerCase()) {
+                return { valid: false, error: 'signature_invalid' };
+            }
+            // 6a. Self-settle mode: caller handles on-chain settlement, we return
+            // valid:true after signature recovery. No facilitator contact.
+            if (skipFacilitator === true) {
+                return { valid: true };
+            }
+            // 6b. Facilitator submission. Caller gets the settled tx hash.
+            // We send the facilitator only what it needs: the requirements + the
+            // signed payload. The recipient's main wallet is never in this body
+            // because `accepted.payTo` is the freshly derived stealth address.
+            try {
+                const verifyResult = await (0, facilitator_js_1.facilitatorVerify)(facilitator, {
+                    x402Version: constants_js_1.X402_VERSION,
+                    paymentRequirements: accepted,
+                    paymentPayload: payload,
+                });
+                if (!verifyResult.isValid) {
+                    return { valid: false, error: 'facilitator_rejected' };
+                }
+                const settle = await (0, facilitator_js_1.facilitatorSettle)(facilitator, {
+                    x402Version: constants_js_1.X402_VERSION,
+                    paymentRequirements: accepted,
+                    paymentPayload: payload,
+                });
+                if (!settle.success || settle.txHash === undefined) {
+                    return { valid: false, error: 'facilitator_settle_failed' };
+                }
+                return { valid: true, settledTxHash: settle.txHash };
+            }
+            catch {
+                // Facilitator unreachable / non-2xx. Return signature-verified=true
+                // so the caller can decide whether to retry or fall back. The signed
+                // payload remains cryptographically valid even when the facilitator
+                // path failed.
+                return { valid: false, error: 'facilitator_unreachable' };
+            }
+        },
+    };
+}
+//# sourceMappingURL=server.js.map

package/dist/cjs/server.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/server.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;AAuFH,4CA2MC;AAhSD,0CAAoD;AACpD,kDAA4D;AAC5D,oDAA8D;AAC9D,+CAKuB;AACvB,iDAAwE;AACxE,2CAGqB;AAMrB,qDAI0B;AAC1B,6CAGsB;AAEtB;;GAEG;AACH,SAAS,KAAK,CAAC,OAAe;IAC5B,OAAO,UAAU,OAAO,EAAE,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,SAAS,QAAQ,CAAC,CAAU;IAC1B,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC;IACpC,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;IAC5C,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,qCAAyB,EAAE,CAAC;QACxC,CAAC;IACH,CAAC;IACD,MAAM,IAAI,qCAAyB,EAAE,CAAC;AACxC,CAAC;AA+BD;;GAEG;AACH,SAAgB,gBAAgB,CAAC,MAAwB;IACvD,6EAA6E;IAC7E,MAAM,aAAa,GAAG,IAAA,mBAAO,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAG,IAAA,yBAAa,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACjD,IAAI,aAAa,KAAK,SAAS,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC5D,MAAM,IAAI,sCAA0B,EAAE,CAAC;IACzC,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,aAAa,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/D,MAAM,IAAI,sCAA0B,EAAE,CAAC;IACzC,CAAC;IAED,0EAA0E;IAC1E,kEAAkE;IAClE,6BAA6B;IAC7B,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,IAAA,wBAAiB,EAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,qCAAyB,EAAE,CAAC;IACxC,CAAC;IAED,MAAM,WAAW,GAAG,IAAA,mCAAkB,EAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAE3D,OAAO;QACL,KAAK,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE;YACpD,MAAM,KAAK,GAAG,WAAW,IAAI,MAAM,CAAC,kBAAkB,CAAC;YAEvD,wEAAwE;YACxE,6DAA6D;YAC7D,MAAM,QAAQ,GAAG,IAAA,gCAAqB,EAAC,OAAO,CAAC,CAAC;YAEhD,MAAM,YAAY,GAA4B;gBAC5C,MAAM,EAAE,+BAAiB;gBACzB,OAAO,EAAE,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC;gBAC9B,iBAAiB,EAAE,KAAK,CAAC,QAAQ,EAAE;gBACnC,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,KAAK,EAAE,QAAQ,CAAC,cAAc;gBAC9B,iBAAiB,EAAE,uCAAwB;gBAC3C,QAAQ;gBACR,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrD,KAAK,EAAE;oBACL,IAAI,EAAE,UAAU,CAAC,IAAI;oBACrB,OAAO,EAAE,UAAU,CAAC,OAAO;oBAC3B,oBAAoB,EAAE;wBACpB,eAAe,EAAE,QAAQ,CAAC,eAAe;wBACzC,OAAO,EAAE,QAAQ,CAAC,OAAO;qBAC1B;iBACF;aACF,CAAC;YAEF,MAAM,IAAI,GAAG;gBACX,WAAW,EAAE,2BAAY;gBACzB,KAAK,EAAE,kBAAkB;gBACzB,OAAO,EAAE,CAAC,YAAY,CAAU;aACxB,CAAC;YAEX,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE;oBACP,CAAC,0CAA4B,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;oBACpD,cAAc,EAAE,kBAAkB;iBACnC;gBACD,IAAI;gBACJ,YAAY,EAAE;oBACZ,eAAe,EAAE,QAAQ,CAAC,eAAe;oBACzC,OAAO,EAAE,QAAQ,CAAC,OAAO;oBACzB,cAAc,EAAE,QAAQ,CAAC,cAAc;iBACxC;aACF,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,EAAE,aAAa,EAAE,SAAS,EAAE,eAAe,EAAE;YACxD,8BAA8B;YAC9B,IAAI,OAA2B,CAAC;YAChC,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;gBACtC,IAAI,CAAC;oBACH,6CAA6C;oBAC7C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAC/D,OAAO,CACR,CAAC;oBACF,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAuB,CAAC;gBAC1D,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;gBACtD,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,GAAG,aAAa,CAAC;YAC1B,CAAC;YAED,0EAA0E;YAC1E,IACE,OAAO,CAAC,WAAW,KAAK,CAAC;gBACzB,OAAO,CAAC,MAAM,KAAK,+BAAiB;gBACpC,OAAO,CAAC,OAAO,KAAK,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,EACzC,CAAC;gBACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC;YACpD,CAAC;YACD,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC;YAC5C,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC;YACvC,IAAI,IAAI,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBAC5C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;YACtD,CAAC;YAED,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;YACxD,CAAC;YAED,wEAAwE;YACxE,4BAA4B;YAC5B,IAAI,KAAa,CAAC;YAClB,IAAI,UAAkB,CAAC;YACvB,IAAI,WAAmB,CAAC;YACxB,IAAI,CAAC;gBACH,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC7B,UAAU,GAAG,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBACvC,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC3C,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;YACtD,CAAC;YAED,IACE,IAAI,CAAC,EAAE,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC,KAAK,CAAC,WAAW,EAAE,EACtD,CAAC;gBACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACvD,CAAC;YACD,IAAI,cAAsB,CAAC;YAC3B,IAAI,CAAC;gBACH,cAAc,GAAG,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;YACxD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;YACxD,CAAC;YACD,IAAI,KAAK,KAAK,cAAc,EAAE,CAAC;gBAC7B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC;YACpD,CAAC;YAED,kBAAkB;YAClB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;YACtD,IAAI,WAAW,IAAI,OAAO,EAAE,CAAC;gBAC3B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;YAC5C,CAAC;YACD,IAAI,UAAU,GAAG,OAAO,EAAE,CAAC;gBACzB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;YAClD,CAAC;YAED,yBAAyB;YACzB,MAAM,SAAS,GAAmC;gBAChD,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,KAAK;gBACL,UAAU;gBACV,WAAW;gBACX,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CAAC;YACF,MAAM,SAAS,GAAG,MAAM,IAAA,qDAAwC,EAAC;gBAC/D,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,iBAAiB,EAAE,MAAM,CAAC,KAAK;gBAC/B,aAAa,EAAE,SAAS;gBACxB,SAAS,EAAE,GAAG;aACf,CAAC,CAAC;YACH,IACE,SAAS,KAAK,IAAI;gBAClB,SAAS,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,EACnD,CAAC;gBACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;YACtD,CAAC;YAED,sEAAsE;YACtE,+DAA+D;YAC/D,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;gBAC7B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;YACzB,CAAC;YAED,+DAA+D;YAC/D,qEAAqE;YACrE,oEAAoE;YACpE,mEAAmE;YACnE,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,IAAA,kCAAiB,EAAC,WAAW,EAAE;oBACxD,WAAW,EAAE,2BAAY;oBACzB,mBAAmB,EAAE,QAAQ;oBAC7B,cAAc,EAAE,OAAO;iBACxB,CAAC,CAAC;gBACH,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;oBAC1B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;gBACzD,CAAC;gBACD,MAAM,MAAM,GAAG,MAAM,IAAA,kCAAiB,EAAC,WAAW,EAAE;oBAClD,WAAW,EAAE,2BAAY;oBACzB,mBAAmB,EAAE,QAAQ;oBAC7B,cAAc,EAAE,OAAO;iBACxB,CAAC,CAAC;gBACH,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;oBACnD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;gBAC9D,CAAC;gBACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,oEAAoE;gBACpE,qEAAqE;gBACrE,oEAAoE;gBACpE,eAAe;gBACf,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;YAC5D,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC"}