@shroud-fi/x402 0.1.0

package/dist/esm/server.js

@@ -0,0 +1,234 @@
+/**
+ * x402 server — challenge generation + signed-payment verification.
+ *
+ * Privacy invariants enforced here:
+ *   - Every challenge derives a FRESH stealth address from the recipient's
+ *     meta-address. The recipient's main wallet NEVER appears in the
+ *     PaymentRequired body.
+ *   - The facilitator is only ever shown the stealth `payTo` — same property.
+ *   - Error paths never include amount values, signature bytes, or the
+ *     server's spend key.
+ */
+import { decodeMetaAddress } from '@shroud-fi/core';
+import { prepareStealthPayment } from '@shroud-fi/payments';
+import { getUSDC, getUSDCDomain } from '@shroud-fi/transport';
+import { X402_PAYMENT_REQUIRED_HEADER, X402_SCHEME_EXACT, } from './protocol.js';
+import { X402_VERSION, DEFAULT_MAX_TIMEOUT_SECS } from './constants.js';
+import { X402AssetNotSupportedError, X402InvalidChallengeError, } from './errors.js';
+import { facilitatorSettle, facilitatorVerify, resolveFacilitator, } from './facilitator.js';
+import { verifyTransferWithAuthorizationSignature, } from './signing.js';
+/**
+ * Encode a CAIP-2 network id from a chain id. EVM only.
+ */
+function caip2(chainId) {
+    return `eip155:${chainId}`;
+}
+/**
+ * Robust bigint coercion that accepts decimal strings, hex strings,
+ * numbers, and bigints. Throws X402InvalidChallengeError on anything else.
+ */
+function toBigInt(v) {
+    if (typeof v === 'bigint')
+        return v;
+    if (typeof v === 'number')
+        return BigInt(v);
+    if (typeof v === 'string') {
+        try {
+            return BigInt(v);
+        }
+        catch {
+            throw new X402InvalidChallengeError();
+        }
+    }
+    throw new X402InvalidChallengeError();
+}
+/**
+ * Build an X402Server bound to a single recipient meta-address + asset.
+ */
+export function createX402Server(config) {
+    // Validate asset is canonical USDC for the chain. Fail-fast at construction.
+    const canonicalUsdc = getUSDC(config.chainId);
+    const usdcDomain = getUSDCDomain(config.chainId);
+    if (canonicalUsdc === undefined || usdcDomain === undefined) {
+        throw new X402AssetNotSupportedError();
+    }
+    if (config.asset.toLowerCase() !== canonicalUsdc.toLowerCase()) {
+        throw new X402AssetNotSupportedError();
+    }
+    // Pre-decode the meta-address ONCE — repeated decodes would waste cycles.
+    // The decode validates curve membership; downstream errors become
+    // X402InvalidChallengeError.
+    let decoded;
+    try {
+        decoded = decodeMetaAddress(config.recipientMetaAddress);
+    }
+    catch {
+        throw new X402InvalidChallengeError();
+    }
+    const facilitator = resolveFacilitator(config.facilitator);
+    return {
+        async challenge({ resource, description, priceAtomic }) {
+            const price = priceAtomic ?? config.defaultPriceAtomic;
+            // Derive a fresh stealth address per call. prepareStealthPayment hashes
+            // a fresh ephemeral key internally — uniqueness is built in.
+            const prepared = prepareStealthPayment(decoded);
+            const requirements = {
+                scheme: X402_SCHEME_EXACT,
+                network: caip2(config.chainId),
+                maxAmountRequired: price.toString(),
+                asset: config.asset,
+                payTo: prepared.stealthAddress,
+                maxTimeoutSeconds: DEFAULT_MAX_TIMEOUT_SECS,
+                resource,
+                ...(description !== undefined ? { description } : {}),
+                extra: {
+                    name: usdcDomain.name,
+                    version: usdcDomain.version,
+                    shroudfiAnnouncement: {
+                        ephemeralPubKey: prepared.ephemeralPubKey,
+                        viewTag: prepared.viewTag,
+                    },
+                },
+            };
+            const body = {
+                x402Version: X402_VERSION,
+                error: 'Payment required',
+                accepts: [requirements],
+            };
+            return {
+                status: 402,
+                headers: {
+                    [X402_PAYMENT_REQUIRED_HEADER]: JSON.stringify(body),
+                    'content-type': 'application/json',
+                },
+                body,
+                announcement: {
+                    ephemeralPubKey: prepared.ephemeralPubKey,
+                    viewTag: prepared.viewTag,
+                    stealthAddress: prepared.stealthAddress,
+                },
+            };
+        },
+        async verify({ signedPayload, challenge, skipFacilitator }) {
+            // 1. Decode incoming payload.
+            let payload;
+            if (typeof signedPayload === 'string') {
+                try {
+                    // Spec: header value is base64-encoded JSON.
+                    const decodedJson = Buffer.from(signedPayload, 'base64').toString('utf-8');
+                    payload = JSON.parse(decodedJson);
+                }
+                catch {
+                    return { valid: false, error: 'malformed_payload' };
+                }
+            }
+            else {
+                payload = signedPayload;
+            }
+            // 2. Structural checks. Tagged failures only — no field values in errors.
+            if (payload.x402Version !== 2 ||
+                payload.scheme !== X402_SCHEME_EXACT ||
+                payload.network !== caip2(config.chainId)) {
+                return { valid: false, error: 'scheme_mismatch' };
+            }
+            const auth = payload.payload?.authorization;
+            const sig = payload.payload?.signature;
+            if (auth === undefined || sig === undefined) {
+                return { valid: false, error: 'malformed_payload' };
+            }
+            const accepted = challenge.body.accepts[0];
+            if (accepted === undefined) {
+                return { valid: false, error: 'malformed_challenge' };
+            }
+            // 3. Authorization fields must address the same stealth `payTo` and the
+            //    exact required amount.
+            let value;
+            let validAfter;
+            let validBefore;
+            try {
+                value = toBigInt(auth.value);
+                validAfter = toBigInt(auth.validAfter);
+                validBefore = toBigInt(auth.validBefore);
+            }
+            catch {
+                return { valid: false, error: 'malformed_payload' };
+            }
+            if (auth.to.toLowerCase() !== accepted.payTo.toLowerCase()) {
+                return { valid: false, error: 'recipient_mismatch' };
+            }
+            let requiredAmount;
+            try {
+                requiredAmount = toBigInt(accepted.maxAmountRequired);
+            }
+            catch {
+                return { valid: false, error: 'malformed_challenge' };
+            }
+            if (value !== requiredAmount) {
+                return { valid: false, error: 'amount_mismatch' };
+            }
+            // 4. Time window.
+            const nowSecs = BigInt(Math.floor(Date.now() / 1000));
+            if (validBefore <= nowSecs) {
+                return { valid: false, error: 'expired' };
+            }
+            if (validAfter > nowSecs) {
+                return { valid: false, error: 'not_yet_valid' };
+            }
+            // 5. Signature recovery.
+            const authInput = {
+                from: auth.from,
+                to: auth.to,
+                value,
+                validAfter,
+                validBefore,
+                nonce: auth.nonce,
+            };
+            const recovered = await verifyTransferWithAuthorizationSignature({
+                chainId: config.chainId,
+                verifyingContract: config.asset,
+                authorization: authInput,
+                signature: sig,
+            });
+            if (recovered === null ||
+                recovered.toLowerCase() !== auth.from.toLowerCase()) {
+                return { valid: false, error: 'signature_invalid' };
+            }
+            // 6a. Self-settle mode: caller handles on-chain settlement, we return
+            // valid:true after signature recovery. No facilitator contact.
+            if (skipFacilitator === true) {
+                return { valid: true };
+            }
+            // 6b. Facilitator submission. Caller gets the settled tx hash.
+            // We send the facilitator only what it needs: the requirements + the
+            // signed payload. The recipient's main wallet is never in this body
+            // because `accepted.payTo` is the freshly derived stealth address.
+            try {
+                const verifyResult = await facilitatorVerify(facilitator, {
+                    x402Version: X402_VERSION,
+                    paymentRequirements: accepted,
+                    paymentPayload: payload,
+                });
+                if (!verifyResult.isValid) {
+                    return { valid: false, error: 'facilitator_rejected' };
+                }
+                const settle = await facilitatorSettle(facilitator, {
+                    x402Version: X402_VERSION,
+                    paymentRequirements: accepted,
+                    paymentPayload: payload,
+                });
+                if (!settle.success || settle.txHash === undefined) {
+                    return { valid: false, error: 'facilitator_settle_failed' };
+                }
+                return { valid: true, settledTxHash: settle.txHash };
+            }
+            catch {
+                // Facilitator unreachable / non-2xx. Return signature-verified=true
+                // so the caller can decide whether to retry or fall back. The signed
+                // payload remains cryptographically valid even when the facilitator
+                // path failed.
+                return { valid: false, error: 'facilitator_unreachable' };
+            }
+        },
+    };
+}
+//# sourceMappingURL=server.js.map

package/dist/esm/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,EACL,4BAA4B,EAC5B,iBAAiB,GAGlB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,YAAY,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AACxE,OAAO,EACL,0BAA0B,EAC1B,yBAAyB,GAC1B,MAAM,aAAa,CAAC;AAMrB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,wCAAwC,GAEzC,MAAM,cAAc,CAAC;AAEtB;;GAEG;AACH,SAAS,KAAK,CAAC,OAAe;IAC5B,OAAO,UAAU,OAAO,EAAE,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,SAAS,QAAQ,CAAC,CAAU;IAC1B,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC;IACpC,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;IAC5C,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,yBAAyB,EAAE,CAAC;QACxC,CAAC;IACH,CAAC;IACD,MAAM,IAAI,yBAAyB,EAAE,CAAC;AACxC,CAAC;AA+BD;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAwB;IACvD,6EAA6E;IAC7E,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACjD,IAAI,aAAa,KAAK,SAAS,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC5D,MAAM,IAAI,0BAA0B,EAAE,CAAC;IACzC,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,aAAa,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/D,MAAM,IAAI,0BAA0B,EAAE,CAAC;IACzC,CAAC;IAED,0EAA0E;IAC1E,kEAAkE;IAClE,6BAA6B;IAC7B,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,yBAAyB,EAAE,CAAC;IACxC,CAAC;IAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAE3D,OAAO;QACL,KAAK,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE;YACpD,MAAM,KAAK,GAAG,WAAW,IAAI,MAAM,CAAC,kBAAkB,CAAC;YAEvD,wEAAwE;YACxE,6DAA6D;YAC7D,MAAM,QAAQ,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;YAEhD,MAAM,YAAY,GAA4B;gBAC5C,MAAM,EAAE,iBAAiB;gBACzB,OAAO,EAAE,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC;gBAC9B,iBAAiB,EAAE,KAAK,CAAC,QAAQ,EAAE;gBACnC,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,KAAK,EAAE,QAAQ,CAAC,cAAc;gBAC9B,iBAAiB,EAAE,wBAAwB;gBAC3C,QAAQ;gBACR,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrD,KAAK,EAAE;oBACL,IAAI,EAAE,UAAU,CAAC,IAAI;oBACrB,OAAO,EAAE,UAAU,CAAC,OAAO;oBAC3B,oBAAoB,EAAE;wBACpB,eAAe,EAAE,QAAQ,CAAC,eAAe;wBACzC,OAAO,EAAE,QAAQ,CAAC,OAAO;qBAC1B;iBACF;aACF,CAAC;YAEF,MAAM,IAAI,GAAG;gBACX,WAAW,EAAE,YAAY;gBACzB,KAAK,EAAE,kBAAkB;gBACzB,OAAO,EAAE,CAAC,YAAY,CAAU;aACxB,CAAC;YAEX,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE;oBACP,CAAC,4BAA4B,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;oBACpD,cAAc,EAAE,kBAAkB;iBACnC;gBACD,IAAI;gBACJ,YAAY,EAAE;oBACZ,eAAe,EAAE,QAAQ,CAAC,eAAe;oBACzC,OAAO,EAAE,QAAQ,CAAC,OAAO;oBACzB,cAAc,EAAE,QAAQ,CAAC,cAAc;iBACxC;aACF,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,EAAE,aAAa,EAAE,SAAS,EAAE,eAAe,EAAE;YACxD,8BAA8B;YAC9B,IAAI,OAA2B,CAAC;YAChC,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;gBACtC,IAAI,CAAC;oBACH,6CAA6C;oBAC7C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAC/D,OAAO,CACR,CAAC;oBACF,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAuB,CAAC;gBAC1D,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;gBACtD,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,GAAG,aAAa,CAAC;YAC1B,CAAC;YAED,0EAA0E;YAC1E,IACE,OAAO,CAAC,WAAW,KAAK,CAAC;gBACzB,OAAO,CAAC,MAAM,KAAK,iBAAiB;gBACpC,OAAO,CAAC,OAAO,KAAK,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,EACzC,CAAC;gBACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC;YACpD,CAAC;YACD,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC;YAC5C,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC;YACvC,IAAI,IAAI,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBAC5C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;YACtD,CAAC;YAED,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;YACxD,CAAC;YAED,wEAAwE;YACxE,4BAA4B;YAC5B,IAAI,KAAa,CAAC;YAClB,IAAI,UAAkB,CAAC;YACvB,IAAI,WAAmB,CAAC;YACxB,IAAI,CAAC;gBACH,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC7B,UAAU,GAAG,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBACvC,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC3C,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;YACtD,CAAC;YAED,IACE,IAAI,CAAC,EAAE,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC,KAAK,CAAC,WAAW,EAAE,EACtD,CAAC;gBACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACvD,CAAC;YACD,IAAI,cAAsB,CAAC;YAC3B,IAAI,CAAC;gBACH,cAAc,GAAG,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;YACxD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;YACxD,CAAC;YACD,IAAI,KAAK,KAAK,cAAc,EAAE,CAAC;gBAC7B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC;YACpD,CAAC;YAED,kBAAkB;YAClB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;YACtD,IAAI,WAAW,IAAI,OAAO,EAAE,CAAC;gBAC3B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;YAC5C,CAAC;YACD,IAAI,UAAU,GAAG,OAAO,EAAE,CAAC;gBACzB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;YAClD,CAAC;YAED,yBAAyB;YACzB,MAAM,SAAS,GAAmC;gBAChD,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,KAAK;gBACL,UAAU;gBACV,WAAW;gBACX,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CAAC;YACF,MAAM,SAAS,GAAG,MAAM,wCAAwC,CAAC;gBAC/D,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,iBAAiB,EAAE,MAAM,CAAC,KAAK;gBAC/B,aAAa,EAAE,SAAS;gBACxB,SAAS,EAAE,GAAG;aACf,CAAC,CAAC;YACH,IACE,SAAS,KAAK,IAAI;gBAClB,SAAS,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,EACnD,CAAC;gBACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;YACtD,CAAC;YAED,sEAAsE;YACtE,+DAA+D;YAC/D,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;gBAC7B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;YACzB,CAAC;YAED,+DAA+D;YAC/D,qEAAqE;YACrE,oEAAoE;YACpE,mEAAmE;YACnE,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE;oBACxD,WAAW,EAAE,YAAY;oBACzB,mBAAmB,EAAE,QAAQ;oBAC7B,cAAc,EAAE,OAAO;iBACxB,CAAC,CAAC;gBACH,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;oBAC1B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;gBACzD,CAAC;gBACD,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE;oBAClD,WAAW,EAAE,YAAY;oBACzB,mBAAmB,EAAE,QAAQ;oBAC7B,cAAc,EAAE,OAAO;iBACxB,CAAC,CAAC;gBACH,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;oBACnD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;gBAC9D,CAAC;gBACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,oEAAoE;gBACpE,qEAAqE;gBACrE,oEAAoE;gBACpE,eAAe;gBACf,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;YAC5D,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/esm/signing.d.ts

@@ -0,0 +1,93 @@
+/**
+ * EIP-3009 `TransferWithAuthorization` typed-data signing for x402.
+ *
+ * Privacy invariants:
+ *   - The private key never leaves the viem `account` object. We do not
+ *     extract it, log it, or attach it to errors.
+ *   - The signed payload (`signature`, `nonce`, `value`) is never logged,
+ *     stringified into errors, or stored. Caller is responsible for sending
+ *     it directly to the server in the `X-PAYMENT` header.
+ *   - `nonce` is a fresh 32 bytes per call via `crypto.getRandomValues`,
+ *     never reused.
+ */
+import type { Account, Address, Chain, Hex } from 'viem';
+/**
+ * EIP-3009 `TransferWithAuthorization` typed-data types.
+ * Exported for tests; the runtime signer constructs the same object inline.
+ */
+export declare const TransferWithAuthorizationTypes: {
+    readonly TransferWithAuthorization: readonly [{
+        readonly name: "from";
+        readonly type: "address";
+    }, {
+        readonly name: "to";
+        readonly type: "address";
+    }, {
+        readonly name: "value";
+        readonly type: "uint256";
+    }, {
+        readonly name: "validAfter";
+        readonly type: "uint256";
+    }, {
+        readonly name: "validBefore";
+        readonly type: "uint256";
+    }, {
+        readonly name: "nonce";
+        readonly type: "bytes32";
+    }];
+};
+/**
+ * The cleartext authorization fields. Caller passes them in; signer hashes,
+ * signs, and returns both signature + the authorization (so the caller can
+ * forward the unsigned data alongside the signature).
+ */
+export interface TransferWithAuthorizationInput {
+    readonly from: Address;
+    readonly to: Address;
+    readonly value: bigint;
+    readonly validAfter: bigint;
+    readonly validBefore: bigint;
+    readonly nonce: Hex;
+}
+export interface SignedTransferWithAuthorization {
+    readonly signature: Hex;
+    readonly nonce: Hex;
+    readonly from: Address;
+    readonly to: Address;
+    readonly value: bigint;
+    readonly validAfter: bigint;
+    readonly validBefore: bigint;
+}
+/**
+ * Generate a fresh 32-byte nonce for EIP-3009. Uses Web Crypto (available in
+ * Node 20+ and all browsers). Never reuse — each authorization needs a
+ * unique nonce to avoid replay.
+ */
+export declare function generateAuthorizationNonce(): Hex;
+/**
+ * Sign an EIP-3009 `TransferWithAuthorization` over USDC. Returns the
+ * 65-byte signature + the authorization fields the server will replay.
+ *
+ * @throws X402AssetNotSupportedError if USDC is not configured for this chain.
+ */
+export declare function signTransferWithAuthorization(args: {
+    readonly account: Account;
+    readonly chain: Chain;
+    readonly verifyingContract: Address;
+    readonly input: TransferWithAuthorizationInput;
+}): Promise<SignedTransferWithAuthorization>;
+/**
+ * Verify a `TransferWithAuthorization` signature on the server side.
+ * Returns the recovered signer address (`from`) or `null` on failure.
+ *
+ * NOTE: we do NOT throw on failure — caller maps `null` → verify.valid=false
+ * with an error tag. Throwing here would risk leaking signature bytes via
+ * thrown error stacks.
+ */
+export declare function verifyTransferWithAuthorizationSignature(args: {
+    readonly chainId: number;
+    readonly verifyingContract: Address;
+    readonly authorization: TransferWithAuthorizationInput;
+    readonly signature: Hex;
+}): Promise<Address | null>;
+//# sourceMappingURL=signing.d.ts.map

package/dist/esm/signing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signing.d.ts","sourceRoot":"","sources":["../../src/signing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAIzD;;;GAGG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;CASjC,CAAC;AAEX;;;;GAIG;AACH,MAAM,WAAW,8BAA8B;IAC7C,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC;CACrB;AAED,MAAM,WAAW,+BAA+B;IAC9C,QAAQ,CAAC,SAAS,EAAE,GAAG,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED;;;;GAIG;AACH,wBAAgB,0BAA0B,IAAI,GAAG,CAUhD;AAED;;;;;GAKG;AACH,wBAAsB,6BAA6B,CAAC,IAAI,EAAE;IACxD,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,KAAK,EAAE,8BAA8B,CAAC;CAChD,GAAG,OAAO,CAAC,+BAA+B,CAAC,CA4C3C;AAED;;;;;;;GAOG;AACH,wBAAsB,wCAAwC,CAAC,IAAI,EAAE;IACnE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,aAAa,EAAE,8BAA8B,CAAC;IACvD,QAAQ,CAAC,SAAS,EAAE,GAAG,CAAC;CACzB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CA6B1B"}

package/dist/esm/signing.js

@@ -0,0 +1,131 @@
+/**
+ * EIP-3009 `TransferWithAuthorization` typed-data signing for x402.
+ *
+ * Privacy invariants:
+ *   - The private key never leaves the viem `account` object. We do not
+ *     extract it, log it, or attach it to errors.
+ *   - The signed payload (`signature`, `nonce`, `value`) is never logged,
+ *     stringified into errors, or stored. Caller is responsible for sending
+ *     it directly to the server in the `X-PAYMENT` header.
+ *   - `nonce` is a fresh 32 bytes per call via `crypto.getRandomValues`,
+ *     never reused.
+ */
+import { getUSDCDomain } from '@shroud-fi/transport';
+import { X402AssetNotSupportedError } from './errors.js';
+/**
+ * EIP-3009 `TransferWithAuthorization` typed-data types.
+ * Exported for tests; the runtime signer constructs the same object inline.
+ */
+export const TransferWithAuthorizationTypes = {
+    TransferWithAuthorization: [
+        { name: 'from', type: 'address' },
+        { name: 'to', type: 'address' },
+        { name: 'value', type: 'uint256' },
+        { name: 'validAfter', type: 'uint256' },
+        { name: 'validBefore', type: 'uint256' },
+        { name: 'nonce', type: 'bytes32' },
+    ],
+};
+/**
+ * Generate a fresh 32-byte nonce for EIP-3009. Uses Web Crypto (available in
+ * Node 20+ and all browsers). Never reuse — each authorization needs a
+ * unique nonce to avoid replay.
+ */
+export function generateAuthorizationNonce() {
+    const bytes = new Uint8Array(32);
+    // Web Crypto is globally available on Node 20+; deliberately not using
+    // `node:crypto.randomBytes` so the module stays runtime-agnostic.
+    globalThis.crypto.getRandomValues(bytes);
+    let hex = '0x';
+    for (const b of bytes) {
+        hex += b.toString(16).padStart(2, '0');
+    }
+    return hex;
+}
+/**
+ * Sign an EIP-3009 `TransferWithAuthorization` over USDC. Returns the
+ * 65-byte signature + the authorization fields the server will replay.
+ *
+ * @throws X402AssetNotSupportedError if USDC is not configured for this chain.
+ */
+export async function signTransferWithAuthorization(args) {
+    const { account, chain, verifyingContract, input } = args;
+    const usdcDomain = getUSDCDomain(chain.id);
+    if (usdcDomain === undefined) {
+        throw new X402AssetNotSupportedError();
+    }
+    const domain = {
+        name: usdcDomain.name,
+        version: usdcDomain.version,
+        chainId: chain.id,
+        verifyingContract,
+    };
+    if (account.signTypedData === undefined) {
+        // Local account; viem provides .signTypedData for privateKeyToAccount.
+        // For JSON-RPC accounts the caller must provide a wrapper. Treat as
+        // unsupported configuration rather than leaking the underlying error.
+        throw new X402AssetNotSupportedError();
+    }
+    const signature = await account.signTypedData({
+        domain,
+        types: TransferWithAuthorizationTypes,
+        primaryType: 'TransferWithAuthorization',
+        message: {
+            from: input.from,
+            to: input.to,
+            value: input.value,
+            validAfter: input.validAfter,
+            validBefore: input.validBefore,
+            nonce: input.nonce,
+        },
+    });
+    return {
+        signature,
+        nonce: input.nonce,
+        from: input.from,
+        to: input.to,
+        value: input.value,
+        validAfter: input.validAfter,
+        validBefore: input.validBefore,
+    };
+}
+/**
+ * Verify a `TransferWithAuthorization` signature on the server side.
+ * Returns the recovered signer address (`from`) or `null` on failure.
+ *
+ * NOTE: we do NOT throw on failure — caller maps `null` → verify.valid=false
+ * with an error tag. Throwing here would risk leaking signature bytes via
+ * thrown error stacks.
+ */
+export async function verifyTransferWithAuthorizationSignature(args) {
+    const { chainId, verifyingContract, authorization, signature } = args;
+    const usdcDomain = getUSDCDomain(chainId);
+    if (usdcDomain === undefined)
+        return null;
+    const { recoverTypedDataAddress } = await import('viem');
+    try {
+        return await recoverTypedDataAddress({
+            domain: {
+                name: usdcDomain.name,
+                version: usdcDomain.version,
+                chainId,
+                verifyingContract,
+            },
+            types: TransferWithAuthorizationTypes,
+            primaryType: 'TransferWithAuthorization',
+            message: {
+                from: authorization.from,
+                to: authorization.to,
+                value: authorization.value,
+                validAfter: authorization.validAfter,
+                validBefore: authorization.validBefore,
+                nonce: authorization.nonce,
+            },
+            signature,
+        });
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=signing.js.map

package/dist/esm/signing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signing.js","sourceRoot":"","sources":["../../src/signing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,0BAA0B,EAAE,MAAM,aAAa,CAAC;AAEzD;;;GAGG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG;IAC5C,yBAAyB,EAAE;QACzB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE;QACjC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE;QAC/B,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE;QAClC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE;QACvC,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE;QACxC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE;KACnC;CACO,CAAC;AA0BX;;;;GAIG;AACH,MAAM,UAAU,0BAA0B;IACxC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,uEAAuE;IACvE,kEAAkE;IAClE,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IACzC,IAAI,GAAG,GAAG,IAAI,CAAC;IACf,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,GAAG,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;IACD,OAAO,GAAU,CAAC;AACpB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B,CAAC,IAKnD;IACC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;IAC1D,MAAM,UAAU,GAAG,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC3C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,IAAI,0BAA0B,EAAE,CAAC;IACzC,CAAC;IAED,MAAM,MAAM,GAAG;QACb,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,OAAO,EAAE,KAAK,CAAC,EAAE;QACjB,iBAAiB;KACT,CAAC;IAEX,IAAI,OAAO,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QACxC,uEAAuE;QACvE,oEAAoE;QACpE,sEAAsE;QACtE,MAAM,IAAI,0BAA0B,EAAE,CAAC;IACzC,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC;QAC5C,MAAM;QACN,KAAK,EAAE,8BAA8B;QACrC,WAAW,EAAE,2BAA2B;QACxC,OAAO,EAAE;YACP,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,KAAK,EAAE,KAAK,CAAC,KAAK;SACnB;KACF,CAAC,CAAC;IAEH,OAAO;QACL,SAAS;QACT,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,WAAW,EAAE,KAAK,CAAC,WAAW;KAC/B,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,wCAAwC,CAAC,IAK9D;IACC,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;IACtE,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAC1C,IAAI,UAAU,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAE1C,MAAM,EAAE,uBAAuB,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,OAAO,MAAM,uBAAuB,CAAC;YACnC,MAAM,EAAE;gBACN,IAAI,EAAE,UAAU,CAAC,IAAI;gBACrB,OAAO,EAAE,UAAU,CAAC,OAAO;gBAC3B,OAAO;gBACP,iBAAiB;aAClB;YACD,KAAK,EAAE,8BAA8B;YACrC,WAAW,EAAE,2BAA2B;YACxC,OAAO,EAAE;gBACP,IAAI,EAAE,aAAa,CAAC,IAAI;gBACxB,EAAE,EAAE,aAAa,CAAC,EAAE;gBACpB,KAAK,EAAE,aAAa,CAAC,KAAK;gBAC1B,UAAU,EAAE,aAAa,CAAC,UAAU;gBACpC,WAAW,EAAE,aAAa,CAAC,WAAW;gBACtC,KAAK,EAAE,aAAa,CAAC,KAAK;aAC3B;YACD,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/esm/types.d.ts

@@ -0,0 +1,93 @@
+/**
+ * Shared types used by both server and client.
+ */
+import type { Address, Hex } from 'viem';
+import type { X402FacilitatorConfig, X402PaymentRequirements } from './protocol.js';
+/**
+ * Hint object returned alongside a freshly generated challenge.
+ *
+ * The server uses these values to emit an ERC-5564 Announcement event AFTER
+ * the payment settles (out-of-scope for this milestone — operator wires the
+ * on-chain emit). Carrying it on the challenge object lets the server
+ * correlate "this challenge → this announcement" without re-derivation.
+ *
+ * Privacy: contains only the ephemeral public key + view tag + the freshly
+ * derived stealth address. None of these leak the recipient's main wallet.
+ */
+export interface X402StealthAnnouncementHint {
+    readonly ephemeralPubKey: Hex;
+    readonly viewTag: number;
+    readonly stealthAddress: Address;
+}
+/**
+ * The full server-side challenge object. Comes out of `x402.challenge(...)`.
+ *
+ * `status` + `headers` + `body` are wire-shaped — operator's HTTP framework
+ * adapter simply spreads them onto its response. `announcement` is internal
+ * metadata for the operator's scanner integration.
+ */
+export interface X402Challenge {
+    readonly status: 402;
+    readonly headers: Readonly<Record<string, string>>;
+    readonly body: {
+        readonly x402Version: 2;
+        readonly error: string;
+        readonly accepts: readonly X402PaymentRequirements[];
+    };
+    readonly announcement: X402StealthAnnouncementHint;
+}
+/**
+ * Result of `x402.verify(...)`.
+ *
+ * Privacy: no amount, no signature, no nonce. `error` is a short tag string
+ * only ('signature_invalid', 'amount_mismatch', 'expired', etc) — never the
+ * full underlying error or any bytes.
+ */
+export interface X402PaymentVerification {
+    readonly valid: boolean;
+    readonly settledTxHash?: Hex;
+    readonly error?: string;
+}
+/**
+ * `createX402Server` config.
+ *
+ * Privacy: the `recipientMetaAddress` is the server agent's PUBLIC meta-address
+ * (`st:base:0x...`). No private keys ever appear in this config.
+ */
+export interface X402ServerConfig {
+    /** Transport for reads + chain id lookups. */
+    readonly transport: import('@shroud-fi/transport').ShroudFiTransport;
+    /** ERC-6538 meta-address string (`st:base:0x...`) for the receiving agent. */
+    readonly recipientMetaAddress: string;
+    /** ERC-20 asset address (must be the canonical USDC for the chain). */
+    readonly asset: Address;
+    /** EVM chain id (must match the asset's deployment). */
+    readonly chainId: number;
+    /** Default price in token base units (uint256). */
+    readonly defaultPriceAtomic: bigint;
+    /** Optional facilitator override; defaults to PayAI free-tier. */
+    readonly facilitator?: X402FacilitatorConfig;
+}
+/**
+ * `createX402Client` config.
+ *
+ * Privacy: the client uses the transport's `walletClient.account` for
+ * signing. The private key never appears here directly — it lives inside
+ * the viem account, scoped to the transport's lifetime.
+ */
+export interface X402ClientConfig {
+    /** Transport with a configured `walletClient` (account required). */
+    readonly transport: import('@shroud-fi/transport').ShroudFiTransport;
+    /** Optional facilitator override; defaults to PayAI free-tier. */
+    readonly facilitator?: X402FacilitatorConfig;
+}
+/**
+ * What a client `.fetch(...)` call surfaces beyond the standard Response.
+ * Non-standard `x402Settlement` property is attached when the server returned
+ * `X-PAYMENT-RESPONSE`. Optional — present only on successful auto-pay.
+ */
+export interface X402PaymentResult {
+    readonly txHash: Hex;
+    readonly settledAt: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/esm/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AACzC,OAAO,KAAK,EACV,qBAAqB,EACrB,uBAAuB,EACxB,MAAM,eAAe,CAAC;AAEvB;;;;;;;;;;GAUG;AACH,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,eAAe,EAAE,GAAG,CAAC;IAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC;CAClC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC;IACrB,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACnD,QAAQ,CAAC,IAAI,EAAE;QACb,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QACxB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,OAAO,EAAE,SAAS,uBAAuB,EAAE,CAAC;KACtD,CAAC;IACF,QAAQ,CAAC,YAAY,EAAE,2BAA2B,CAAC;CACpD;AAED;;;;;;GAMG;AACH,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,aAAa,CAAC,EAAE,GAAG,CAAC;IAC7B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8CAA8C;IAC9C,QAAQ,CAAC,SAAS,EAAE,OAAO,sBAAsB,EAAE,iBAAiB,CAAC;IACrE,8EAA8E;IAC9E,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IACtC,uEAAuE;IACvE,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,wDAAwD;IACxD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,mDAAmD;IACnD,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,kEAAkE;IAClE,QAAQ,CAAC,WAAW,CAAC,EAAE,qBAAqB,CAAC;CAC9C;AAED;;;;;;GAMG;AACH,MAAM,WAAW,gBAAgB;IAC/B,qEAAqE;IACrE,QAAQ,CAAC,SAAS,EAAE,OAAO,sBAAsB,EAAE,iBAAiB,CAAC;IACrE,kEAAkE;IAClE,QAAQ,CAAC,WAAW,CAAC,EAAE,qBAAqB,CAAC;CAC9C;AAED;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC;IACrB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B"}

package/dist/esm/types.js

@@ -0,0 +1,5 @@
+/**
+ * Shared types used by both server and client.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/esm/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}