@t402/core 2.3.1 → 2.4.0

package/dist/cjs/utils/index.js

@@ -21,6 +21,9 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var utils_exports = {};
 __export(utils_exports, {
   Base64EncodedRegex: () => Base64EncodedRegex,
+  cryptoRandomBigInt: () => cryptoRandomBigInt,
+  cryptoRandomHex: () => cryptoRandomHex,
+  cryptoRandomInt: () => cryptoRandomInt,
   deepEqual: () => deepEqual,
   findByNetworkAndScheme: () => findByNetworkAndScheme,
   findFacilitatorBySchemeAndNetwork: () => findFacilitatorBySchemeAndNetwork,
@@ -29,6 +32,53 @@ __export(utils_exports, {
   safeBase64Encode: () => safeBase64Encode
 });
 module.exports = __toCommonJS(utils_exports);
+function getCrypto() {
+  const cryptoObj = globalThis.crypto;
+  if (!cryptoObj || typeof cryptoObj.getRandomValues !== "function") {
+    throw new Error(
+      "Crypto API not available. Node.js 19+ or a browser with Web Crypto API is required."
+    );
+  }
+  return cryptoObj;
+}
+function cryptoRandomInt(max) {
+  if (max <= 0 || max > 4294967295 || !Number.isInteger(max)) {
+    throw new Error(`Invalid max value: ${max}. Must be positive integer <= 2^32`);
+  }
+  const crypto = getCrypto();
+  const array = new Uint32Array(1);
+  const limit = Math.floor(4294967295 / max) * max;
+  let value;
+  do {
+    crypto.getRandomValues(array);
+    value = array[0];
+  } while (value >= limit);
+  return value % max;
+}
+function cryptoRandomBigInt(bits = 64) {
+  if (bits <= 0 || bits > 256) {
+    throw new Error(`Invalid bits value: ${bits}. Must be 1-256`);
+  }
+  const crypto = getCrypto();
+  const bytes = Math.ceil(bits / 8);
+  const array = new Uint8Array(bytes);
+  crypto.getRandomValues(array);
+  let result = 0n;
+  for (let i = 0; i < bytes; i++) {
+    result = result << 8n | BigInt(array[i]);
+  }
+  const mask = (1n << BigInt(bits)) - 1n;
+  return result & mask;
+}
+function cryptoRandomHex(bytes = 16) {
+  if (bytes <= 0 || bytes > 128) {
+    throw new Error(`Invalid bytes value: ${bytes}. Must be 1-128`);
+  }
+  const crypto = getCrypto();
+  const array = new Uint8Array(bytes);
+  crypto.getRandomValues(array);
+  return Array.from(array).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
 var findSchemesByNetwork = (map, network) => {
   let implementationsByScheme = map.get(network);
   if (!implementationsByScheme) {
@@ -98,6 +148,9 @@ function deepEqual(obj1, obj2) {
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   Base64EncodedRegex,
+  cryptoRandomBigInt,
+  cryptoRandomHex,
+  cryptoRandomInt,
   deepEqual,
   findByNetworkAndScheme,
   findFacilitatorBySchemeAndNetwork,

package/dist/cjs/utils/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/utils/index.ts"],"sourcesContent":["import { Network } from \"../types\";\n\n/**\n * Scheme data structure for facilitator storage\n */\nexport interface SchemeData<T> {\n  facilitator: T;\n  networks: Set<Network>;\n  pattern: Network;\n}\n\nexport const findSchemesByNetwork = <T>(\n  map: Map<string, Map<string, T>>,\n  network: Network,\n): Map<string, T> | undefined => {\n  // Direct match first\n  let implementationsByScheme = map.get(network);\n\n  if (!implementationsByScheme) {\n    // Try pattern matching for registered network patterns\n    for (const [registeredNetworkPattern, implementations] of map.entries()) {\n      // Convert the registered network pattern to a regex\n      // e.g., \"eip155:*\" becomes /^eip155:.*$/\n      const pattern = registeredNetworkPattern\n        .replace(/[.*+?^${}()|[\\]\\\\]/g, \"\\\\$&\") // Escape special regex chars except *\n        .replace(/\\\\\\*/g, \".*\"); // Replace escaped * with .*\n\n      const regex = new RegExp(`^${pattern}$`);\n\n      if (regex.test(network)) {\n        implementationsByScheme = implementations;\n        break;\n      }\n    }\n  }\n\n  return implementationsByScheme;\n};\n\nexport const findByNetworkAndScheme = <T>(\n  map: Map<string, Map<string, T>>,\n  scheme: string,\n  network: Network,\n): T | undefined => {\n  return findSchemesByNetwork(map, network)?.get(scheme);\n};\n\n/**\n * Finds a facilitator by scheme and network using pattern matching.\n * Works with new SchemeData storage structure.\n *\n * @param schemeMap - Map of scheme names to SchemeData\n * @param scheme - The scheme to find\n * @param network - The network to match against\n * @returns The facilitator if found, undefined otherwise\n */\nexport const findFacilitatorBySchemeAndNetwork = <T>(\n  schemeMap: Map<string, SchemeData<T>>,\n  scheme: string,\n  network: Network,\n): T | undefined => {\n  const schemeData = schemeMap.get(scheme);\n  if (!schemeData) return undefined;\n\n  // Check if network is in the stored networks set\n  if (schemeData.networks.has(network)) {\n    return schemeData.facilitator;\n  }\n\n  // Try pattern matching\n  const patternRegex = new RegExp(\"^\" + schemeData.pattern.replace(\"*\", \".*\") + \"$\");\n  if (patternRegex.test(network)) {\n    return schemeData.facilitator;\n  }\n\n  return undefined;\n};\n\nexport const Base64EncodedRegex = /^[A-Za-z0-9+/]*={0,2}$/;\n\n/**\n * Encodes a string to base64 format\n *\n * @param data - The string to be encoded to base64\n * @returns The base64 encoded string\n */\nexport function safeBase64Encode(data: string): string {\n  if (typeof globalThis !== \"undefined\" && typeof globalThis.btoa === \"function\") {\n    return globalThis.btoa(data);\n  }\n  return Buffer.from(data).toString(\"base64\");\n}\n\n/**\n * Decodes a base64 string back to its original format\n *\n * @param data - The base64 encoded string to be decoded\n * @returns The decoded string in UTF-8 format\n */\nexport function safeBase64Decode(data: string): string {\n  if (typeof globalThis !== \"undefined\" && typeof globalThis.atob === \"function\") {\n    return globalThis.atob(data);\n  }\n  return Buffer.from(data, \"base64\").toString(\"utf-8\");\n}\n\n/**\n * Deep equality comparison for payment requirements\n * Uses a normalized JSON.stringify for consistent comparison\n *\n * @param obj1 - First object to compare\n * @param obj2 - Second object to compare\n * @returns True if objects are deeply equal\n */\nexport function deepEqual(obj1: unknown, obj2: unknown): boolean {\n  // Normalize and stringify both objects for comparison\n  // This handles nested objects, arrays, and different property orders\n  const normalize = (obj: unknown): string => {\n    // Handle primitives and null/undefined\n    if (obj === null || obj === undefined) return JSON.stringify(obj);\n    if (typeof obj !== \"object\") return JSON.stringify(obj);\n\n    // Handle arrays\n    if (Array.isArray(obj)) {\n      return JSON.stringify(\n        obj.map(item =>\n          typeof item === \"object\" && item !== null ? JSON.parse(normalize(item)) : item,\n        ),\n      );\n    }\n\n    // Handle objects - sort keys and recursively normalize values\n    const sorted: Record<string, unknown> = {};\n    Object.keys(obj as Record<string, unknown>)\n      .sort()\n      .forEach(key => {\n        const value = (obj as Record<string, unknown>)[key];\n        sorted[key] =\n          typeof value === \"object\" && value !== null ? JSON.parse(normalize(value)) : value;\n      });\n    return JSON.stringify(sorted);\n  };\n\n  try {\n    return normalize(obj1) === normalize(obj2);\n  } catch {\n    // Fallback to simple comparison if normalization fails\n    return JSON.stringify(obj1) === JSON.stringify(obj2);\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAWO,IAAM,uBAAuB,CAClC,KACA,YAC+B;AAE/B,MAAI,0BAA0B,IAAI,IAAI,OAAO;AAE7C,MAAI,CAAC,yBAAyB;AAE5B,eAAW,CAAC,0BAA0B,eAAe,KAAK,IAAI,QAAQ,GAAG;AAGvE,YAAM,UAAU,yBACb,QAAQ,uBAAuB,MAAM,EACrC,QAAQ,SAAS,IAAI;AAExB,YAAM,QAAQ,IAAI,OAAO,IAAI,OAAO,GAAG;AAEvC,UAAI,MAAM,KAAK,OAAO,GAAG;AACvB,kCAA0B;AAC1B;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,IAAM,yBAAyB,CACpC,KACA,QACA,YACkB;AAClB,SAAO,qBAAqB,KAAK,OAAO,GAAG,IAAI,MAAM;AACvD;AAWO,IAAM,oCAAoC,CAC/C,WACA,QACA,YACkB;AAClB,QAAM,aAAa,UAAU,IAAI,MAAM;AACvC,MAAI,CAAC,WAAY,QAAO;AAGxB,MAAI,WAAW,SAAS,IAAI,OAAO,GAAG;AACpC,WAAO,WAAW;AAAA,EACpB;AAGA,QAAM,eAAe,IAAI,OAAO,MAAM,WAAW,QAAQ,QAAQ,KAAK,IAAI,IAAI,GAAG;AACjF,MAAI,aAAa,KAAK,OAAO,GAAG;AAC9B,WAAO,WAAW;AAAA,EACpB;AAEA,SAAO;AACT;AAEO,IAAM,qBAAqB;AAQ3B,SAAS,iBAAiB,MAAsB;AACrD,MAAI,OAAO,eAAe,eAAe,OAAO,WAAW,SAAS,YAAY;AAC9E,WAAO,WAAW,KAAK,IAAI;AAAA,EAC7B;AACA,SAAO,OAAO,KAAK,IAAI,EAAE,SAAS,QAAQ;AAC5C;AAQO,SAAS,iBAAiB,MAAsB;AACrD,MAAI,OAAO,eAAe,eAAe,OAAO,WAAW,SAAS,YAAY;AAC9E,WAAO,WAAW,KAAK,IAAI;AAAA,EAC7B;AACA,SAAO,OAAO,KAAK,MAAM,QAAQ,EAAE,SAAS,OAAO;AACrD;AAUO,SAAS,UAAU,MAAe,MAAwB;AAG/D,QAAM,YAAY,CAAC,QAAyB;AAE1C,QAAI,QAAQ,QAAQ,QAAQ,OAAW,QAAO,KAAK,UAAU,GAAG;AAChE,QAAI,OAAO,QAAQ,SAAU,QAAO,KAAK,UAAU,GAAG;AAGtD,QAAI,MAAM,QAAQ,GAAG,GAAG;AACtB,aAAO,KAAK;AAAA,QACV,IAAI;AAAA,UAAI,UACN,OAAO,SAAS,YAAY,SAAS,OAAO,KAAK,MAAM,UAAU,IAAI,CAAC,IAAI;AAAA,QAC5E;AAAA,MACF;AAAA,IACF;AAGA,UAAM,SAAkC,CAAC;AACzC,WAAO,KAAK,GAA8B,EACvC,KAAK,EACL,QAAQ,SAAO;AACd,YAAM,QAAS,IAAgC,GAAG;AAClD,aAAO,GAAG,IACR,OAAO,UAAU,YAAY,UAAU,OAAO,KAAK,MAAM,UAAU,KAAK,CAAC,IAAI;AAAA,IACjF,CAAC;AACH,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AAEA,MAAI;AACF,WAAO,UAAU,IAAI,MAAM,UAAU,IAAI;AAAA,EAC3C,QAAQ;AAEN,WAAO,KAAK,UAAU,IAAI,MAAM,KAAK,UAAU,IAAI;AAAA,EACrD;AACF;","names":[]}
+{"version":3,"sources":["../../../src/utils/index.ts"],"sourcesContent":["import { Network } from \"../types\";\n\n// ============================================================================\n// Cryptographically Secure Random Utilities\n// ============================================================================\n\n/**\n * Get the crypto object, works in both browser and Node.js (19+)\n *\n * @returns The crypto object\n * @throws Error if crypto API is not available\n */\nfunction getCrypto(): Crypto {\n  const cryptoObj = globalThis.crypto;\n\n  if (!cryptoObj || typeof cryptoObj.getRandomValues !== \"function\") {\n    throw new Error(\n      \"Crypto API not available. \" + \"Node.js 19+ or a browser with Web Crypto API is required.\",\n    );\n  }\n\n  return cryptoObj;\n}\n\n/**\n * Generate a cryptographically secure random integer in range [0, max)\n *\n * Uses rejection sampling to ensure uniform distribution.\n *\n * @param max - Exclusive upper bound (must be > 0 and <= 2^32)\n * @returns Random integer in [0, max)\n * @throws Error if max is invalid or crypto unavailable\n */\nexport function cryptoRandomInt(max: number): number {\n  if (max <= 0 || max > 0xffffffff || !Number.isInteger(max)) {\n    throw new Error(`Invalid max value: ${max}. Must be positive integer <= 2^32`);\n  }\n\n  const crypto = getCrypto();\n  const array = new Uint32Array(1);\n\n  // Rejection sampling to avoid modulo bias\n  const limit = Math.floor(0xffffffff / max) * max;\n  let value: number;\n\n  do {\n    crypto.getRandomValues(array);\n    value = array[0];\n  } while (value >= limit);\n\n  return value % max;\n}\n\n/**\n * Generate a cryptographically secure random BigInt\n *\n * @param bits - Number of bits (default 64, max 256)\n * @returns Random BigInt with specified number of bits\n * @throws Error if bits is invalid or crypto unavailable\n */\nexport function cryptoRandomBigInt(bits: number = 64): bigint {\n  if (bits <= 0 || bits > 256) {\n    throw new Error(`Invalid bits value: ${bits}. Must be 1-256`);\n  }\n\n  const crypto = getCrypto();\n  const bytes = Math.ceil(bits / 8);\n  const array = new Uint8Array(bytes);\n  crypto.getRandomValues(array);\n\n  // Convert bytes to BigInt\n  let result = 0n;\n  for (let i = 0; i < bytes; i++) {\n    result = (result << 8n) | BigInt(array[i]);\n  }\n\n  // Mask to exact bit count\n  const mask = (1n << BigInt(bits)) - 1n;\n  return result & mask;\n}\n\n/**\n * Generate a cryptographically secure random hex string\n *\n * @param bytes - Number of random bytes (default 16)\n * @returns Hex-encoded random string\n * @throws Error if bytes is invalid or crypto unavailable\n */\nexport function cryptoRandomHex(bytes: number = 16): string {\n  if (bytes <= 0 || bytes > 128) {\n    throw new Error(`Invalid bytes value: ${bytes}. Must be 1-128`);\n  }\n\n  const crypto = getCrypto();\n  const array = new Uint8Array(bytes);\n  crypto.getRandomValues(array);\n\n  return Array.from(array)\n    .map(b => b.toString(16).padStart(2, \"0\"))\n    .join(\"\");\n}\n\n// ============================================================================\n// Network and Scheme Utilities\n// ============================================================================\n\n/**\n * Scheme data structure for facilitator storage\n */\nexport interface SchemeData<T> {\n  facilitator: T;\n  networks: Set<Network>;\n  pattern: Network;\n}\n\nexport const findSchemesByNetwork = <T>(\n  map: Map<string, Map<string, T>>,\n  network: Network,\n): Map<string, T> | undefined => {\n  // Direct match first\n  let implementationsByScheme = map.get(network);\n\n  if (!implementationsByScheme) {\n    // Try pattern matching for registered network patterns\n    for (const [registeredNetworkPattern, implementations] of map.entries()) {\n      // Convert the registered network pattern to a regex\n      // e.g., \"eip155:*\" becomes /^eip155:.*$/\n      const pattern = registeredNetworkPattern\n        .replace(/[.*+?^${}()|[\\]\\\\]/g, \"\\\\$&\") // Escape special regex chars except *\n        .replace(/\\\\\\*/g, \".*\"); // Replace escaped * with .*\n\n      const regex = new RegExp(`^${pattern}$`);\n\n      if (regex.test(network)) {\n        implementationsByScheme = implementations;\n        break;\n      }\n    }\n  }\n\n  return implementationsByScheme;\n};\n\nexport const findByNetworkAndScheme = <T>(\n  map: Map<string, Map<string, T>>,\n  scheme: string,\n  network: Network,\n): T | undefined => {\n  return findSchemesByNetwork(map, network)?.get(scheme);\n};\n\n/**\n * Finds a facilitator by scheme and network using pattern matching.\n * Works with new SchemeData storage structure.\n *\n * @param schemeMap - Map of scheme names to SchemeData\n * @param scheme - The scheme to find\n * @param network - The network to match against\n * @returns The facilitator if found, undefined otherwise\n */\nexport const findFacilitatorBySchemeAndNetwork = <T>(\n  schemeMap: Map<string, SchemeData<T>>,\n  scheme: string,\n  network: Network,\n): T | undefined => {\n  const schemeData = schemeMap.get(scheme);\n  if (!schemeData) return undefined;\n\n  // Check if network is in the stored networks set\n  if (schemeData.networks.has(network)) {\n    return schemeData.facilitator;\n  }\n\n  // Try pattern matching\n  const patternRegex = new RegExp(\"^\" + schemeData.pattern.replace(\"*\", \".*\") + \"$\");\n  if (patternRegex.test(network)) {\n    return schemeData.facilitator;\n  }\n\n  return undefined;\n};\n\nexport const Base64EncodedRegex = /^[A-Za-z0-9+/]*={0,2}$/;\n\n/**\n * Encodes a string to base64 format\n *\n * @param data - The string to be encoded to base64\n * @returns The base64 encoded string\n */\nexport function safeBase64Encode(data: string): string {\n  if (typeof globalThis !== \"undefined\" && typeof globalThis.btoa === \"function\") {\n    return globalThis.btoa(data);\n  }\n  return Buffer.from(data).toString(\"base64\");\n}\n\n/**\n * Decodes a base64 string back to its original format\n *\n * @param data - The base64 encoded string to be decoded\n * @returns The decoded string in UTF-8 format\n */\nexport function safeBase64Decode(data: string): string {\n  if (typeof globalThis !== \"undefined\" && typeof globalThis.atob === \"function\") {\n    return globalThis.atob(data);\n  }\n  return Buffer.from(data, \"base64\").toString(\"utf-8\");\n}\n\n/**\n * Deep equality comparison for payment requirements\n * Uses a normalized JSON.stringify for consistent comparison\n *\n * @param obj1 - First object to compare\n * @param obj2 - Second object to compare\n * @returns True if objects are deeply equal\n */\nexport function deepEqual(obj1: unknown, obj2: unknown): boolean {\n  // Normalize and stringify both objects for comparison\n  // This handles nested objects, arrays, and different property orders\n  const normalize = (obj: unknown): string => {\n    // Handle primitives and null/undefined\n    if (obj === null || obj === undefined) return JSON.stringify(obj);\n    if (typeof obj !== \"object\") return JSON.stringify(obj);\n\n    // Handle arrays\n    if (Array.isArray(obj)) {\n      return JSON.stringify(\n        obj.map(item =>\n          typeof item === \"object\" && item !== null ? JSON.parse(normalize(item)) : item,\n        ),\n      );\n    }\n\n    // Handle objects - sort keys and recursively normalize values\n    const sorted: Record<string, unknown> = {};\n    Object.keys(obj as Record<string, unknown>)\n      .sort()\n      .forEach(key => {\n        const value = (obj as Record<string, unknown>)[key];\n        sorted[key] =\n          typeof value === \"object\" && value !== null ? JSON.parse(normalize(value)) : value;\n      });\n    return JSON.stringify(sorted);\n  };\n\n  try {\n    return normalize(obj1) === normalize(obj2);\n  } catch {\n    // Fallback to simple comparison if normalization fails\n    return JSON.stringify(obj1) === JSON.stringify(obj2);\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAYA,SAAS,YAAoB;AAC3B,QAAM,YAAY,WAAW;AAE7B,MAAI,CAAC,aAAa,OAAO,UAAU,oBAAoB,YAAY;AACjE,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAWO,SAAS,gBAAgB,KAAqB;AACnD,MAAI,OAAO,KAAK,MAAM,cAAc,CAAC,OAAO,UAAU,GAAG,GAAG;AAC1D,UAAM,IAAI,MAAM,sBAAsB,GAAG,oCAAoC;AAAA,EAC/E;AAEA,QAAM,SAAS,UAAU;AACzB,QAAM,QAAQ,IAAI,YAAY,CAAC;AAG/B,QAAM,QAAQ,KAAK,MAAM,aAAa,GAAG,IAAI;AAC7C,MAAI;AAEJ,KAAG;AACD,WAAO,gBAAgB,KAAK;AAC5B,YAAQ,MAAM,CAAC;AAAA,EACjB,SAAS,SAAS;AAElB,SAAO,QAAQ;AACjB;AASO,SAAS,mBAAmB,OAAe,IAAY;AAC5D,MAAI,QAAQ,KAAK,OAAO,KAAK;AAC3B,UAAM,IAAI,MAAM,uBAAuB,IAAI,iBAAiB;AAAA,EAC9D;AAEA,QAAM,SAAS,UAAU;AACzB,QAAM,QAAQ,KAAK,KAAK,OAAO,CAAC;AAChC,QAAM,QAAQ,IAAI,WAAW,KAAK;AAClC,SAAO,gBAAgB,KAAK;AAG5B,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,OAAO,KAAK;AAC9B,aAAU,UAAU,KAAM,OAAO,MAAM,CAAC,CAAC;AAAA,EAC3C;AAGA,QAAM,QAAQ,MAAM,OAAO,IAAI,KAAK;AACpC,SAAO,SAAS;AAClB;AASO,SAAS,gBAAgB,QAAgB,IAAY;AAC1D,MAAI,SAAS,KAAK,QAAQ,KAAK;AAC7B,UAAM,IAAI,MAAM,wBAAwB,KAAK,iBAAiB;AAAA,EAChE;AAEA,QAAM,SAAS,UAAU;AACzB,QAAM,QAAQ,IAAI,WAAW,KAAK;AAClC,SAAO,gBAAgB,KAAK;AAE5B,SAAO,MAAM,KAAK,KAAK,EACpB,IAAI,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EACxC,KAAK,EAAE;AACZ;AAeO,IAAM,uBAAuB,CAClC,KACA,YAC+B;AAE/B,MAAI,0BAA0B,IAAI,IAAI,OAAO;AAE7C,MAAI,CAAC,yBAAyB;AAE5B,eAAW,CAAC,0BAA0B,eAAe,KAAK,IAAI,QAAQ,GAAG;AAGvE,YAAM,UAAU,yBACb,QAAQ,uBAAuB,MAAM,EACrC,QAAQ,SAAS,IAAI;AAExB,YAAM,QAAQ,IAAI,OAAO,IAAI,OAAO,GAAG;AAEvC,UAAI,MAAM,KAAK,OAAO,GAAG;AACvB,kCAA0B;AAC1B;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,IAAM,yBAAyB,CACpC,KACA,QACA,YACkB;AAClB,SAAO,qBAAqB,KAAK,OAAO,GAAG,IAAI,MAAM;AACvD;AAWO,IAAM,oCAAoC,CAC/C,WACA,QACA,YACkB;AAClB,QAAM,aAAa,UAAU,IAAI,MAAM;AACvC,MAAI,CAAC,WAAY,QAAO;AAGxB,MAAI,WAAW,SAAS,IAAI,OAAO,GAAG;AACpC,WAAO,WAAW;AAAA,EACpB;AAGA,QAAM,eAAe,IAAI,OAAO,MAAM,WAAW,QAAQ,QAAQ,KAAK,IAAI,IAAI,GAAG;AACjF,MAAI,aAAa,KAAK,OAAO,GAAG;AAC9B,WAAO,WAAW;AAAA,EACpB;AAEA,SAAO;AACT;AAEO,IAAM,qBAAqB;AAQ3B,SAAS,iBAAiB,MAAsB;AACrD,MAAI,OAAO,eAAe,eAAe,OAAO,WAAW,SAAS,YAAY;AAC9E,WAAO,WAAW,KAAK,IAAI;AAAA,EAC7B;AACA,SAAO,OAAO,KAAK,IAAI,EAAE,SAAS,QAAQ;AAC5C;AAQO,SAAS,iBAAiB,MAAsB;AACrD,MAAI,OAAO,eAAe,eAAe,OAAO,WAAW,SAAS,YAAY;AAC9E,WAAO,WAAW,KAAK,IAAI;AAAA,EAC7B;AACA,SAAO,OAAO,KAAK,MAAM,QAAQ,EAAE,SAAS,OAAO;AACrD;AAUO,SAAS,UAAU,MAAe,MAAwB;AAG/D,QAAM,YAAY,CAAC,QAAyB;AAE1C,QAAI,QAAQ,QAAQ,QAAQ,OAAW,QAAO,KAAK,UAAU,GAAG;AAChE,QAAI,OAAO,QAAQ,SAAU,QAAO,KAAK,UAAU,GAAG;AAGtD,QAAI,MAAM,QAAQ,GAAG,GAAG;AACtB,aAAO,KAAK;AAAA,QACV,IAAI;AAAA,UAAI,UACN,OAAO,SAAS,YAAY,SAAS,OAAO,KAAK,MAAM,UAAU,IAAI,CAAC,IAAI;AAAA,QAC5E;AAAA,MACF;AAAA,IACF;AAGA,UAAM,SAAkC,CAAC;AACzC,WAAO,KAAK,GAA8B,EACvC,KAAK,EACL,QAAQ,SAAO;AACd,YAAM,QAAS,IAAgC,GAAG;AAClD,aAAO,GAAG,IACR,OAAO,UAAU,YAAY,UAAU,OAAO,KAAK,MAAM,UAAU,KAAK,CAAC,IAAI;AAAA,IACjF,CAAC;AACH,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AAEA,MAAI;AACF,WAAO,UAAU,IAAI,MAAM,UAAU,IAAI;AAAA,EAC3C,QAAQ;AAEN,WAAO,KAAK,UAAU,IAAI,MAAM,KAAK,UAAU,IAAI;AAAA,EACrD;AACF;","names":[]}

package/dist/esm/chunk-KPNYZYDS.mjs

@@ -0,0 +1,100 @@
+// src/types/schemas.ts
+import { z } from "zod";
+var NetworkSchema = z.string().regex(/^[a-z0-9-]+:[a-zA-Z0-9-]+$/, {
+  message: "Network must be in CAIP-2 format (e.g., 'eip155:1', 'solana:mainnet')"
+});
+var ResourceInfoSchema = z.object({
+  url: z.string().url({ message: "Resource URL must be a valid URL" }),
+  description: z.string().optional(),
+  mimeType: z.string().optional()
+});
+var PaymentRequirementsSchema = z.object({
+  scheme: z.string().min(1, { message: "Scheme is required" }),
+  network: NetworkSchema,
+  asset: z.string().min(1, { message: "Asset address is required" }),
+  amount: z.string().regex(/^\d+$/, { message: "Amount must be a non-negative integer string" }),
+  payTo: z.string().min(1, { message: "PayTo address is required" }),
+  maxTimeoutSeconds: z.number().int().positive({ message: "maxTimeoutSeconds must be a positive integer" }),
+  extra: z.record(z.unknown())
+});
+var PaymentRequiredSchema = z.object({
+  t402Version: z.literal(2, {
+    errorMap: () => ({ message: "t402Version must be 2 for V2 protocol" })
+  }),
+  error: z.string().optional(),
+  resource: ResourceInfoSchema,
+  accepts: z.array(PaymentRequirementsSchema).min(1, { message: "At least one payment option is required" }),
+  extensions: z.record(z.unknown()).optional()
+});
+var PaymentPayloadSchema = z.object({
+  t402Version: z.literal(2, {
+    errorMap: () => ({ message: "t402Version must be 2 for V2 protocol" })
+  }),
+  resource: ResourceInfoSchema.optional(),
+  accepted: PaymentRequirementsSchema,
+  payload: z.record(z.unknown()),
+  extensions: z.record(z.unknown()).optional()
+});
+var VerifyResponseSchema = z.object({
+  isValid: z.boolean(),
+  invalidReason: z.string().optional(),
+  payer: z.string().optional()
+});
+var SettleResponseSchema = z.object({
+  success: z.boolean(),
+  transaction: z.string(),
+  network: NetworkSchema,
+  errorReason: z.string().optional(),
+  payer: z.string().optional()
+});
+var PaymentRequirementsV1Schema = z.object({
+  scheme: z.string().min(1),
+  network: z.string().min(1),
+  asset: z.string().min(1),
+  amount: z.string().regex(/^\d+$/),
+  payTo: z.string().min(1),
+  maxTimeoutSeconds: z.number().int().positive(),
+  extra: z.record(z.unknown()).optional()
+});
+var PaymentPayloadV1Schema = z.object({
+  t402Version: z.literal(1).optional(),
+  accepted: PaymentRequirementsV1Schema,
+  payload: z.record(z.unknown())
+});
+function parsePaymentPayload(data) {
+  return PaymentPayloadSchema.parse(data);
+}
+function parsePaymentRequired(data) {
+  return PaymentRequiredSchema.parse(data);
+}
+function parsePaymentRequirements(data) {
+  return PaymentRequirementsSchema.parse(data);
+}
+function safeParsePaymentPayload(data) {
+  return PaymentPayloadSchema.safeParse(data);
+}
+function safeParsePaymentRequired(data) {
+  return PaymentRequiredSchema.safeParse(data);
+}
+function safeParsePaymentRequirements(data) {
+  return PaymentRequirementsSchema.safeParse(data);
+}
+
+export {
+  NetworkSchema,
+  ResourceInfoSchema,
+  PaymentRequirementsSchema,
+  PaymentRequiredSchema,
+  PaymentPayloadSchema,
+  VerifyResponseSchema,
+  SettleResponseSchema,
+  PaymentRequirementsV1Schema,
+  PaymentPayloadV1Schema,
+  parsePaymentPayload,
+  parsePaymentRequired,
+  parsePaymentRequirements,
+  safeParsePaymentPayload,
+  safeParsePaymentRequired,
+  safeParsePaymentRequirements
+};
+//# sourceMappingURL=chunk-KPNYZYDS.mjs.map

package/dist/esm/chunk-KPNYZYDS.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/types/schemas.ts"],"sourcesContent":["import { z } from \"zod\";\n\n/**\n * Zod schemas for T402 protocol types.\n * Used for runtime validation of incoming data.\n */\n\n// Network format: \"namespace:reference\" (CAIP-2)\nexport const NetworkSchema = z.string().regex(/^[a-z0-9-]+:[a-zA-Z0-9-]+$/, {\n  message: \"Network must be in CAIP-2 format (e.g., 'eip155:1', 'solana:mainnet')\",\n});\n\n// Resource info for V2 protocol\nexport const ResourceInfoSchema = z.object({\n  url: z.string().url({ message: \"Resource URL must be a valid URL\" }),\n  description: z.string().optional(),\n  mimeType: z.string().optional(),\n});\n\n// Payment requirements (what the server needs)\nexport const PaymentRequirementsSchema = z.object({\n  scheme: z.string().min(1, { message: \"Scheme is required\" }),\n  network: NetworkSchema,\n  asset: z.string().min(1, { message: \"Asset address is required\" }),\n  amount: z.string().regex(/^\\d+$/, { message: \"Amount must be a non-negative integer string\" }),\n  payTo: z.string().min(1, { message: \"PayTo address is required\" }),\n  maxTimeoutSeconds: z\n    .number()\n    .int()\n    .positive({ message: \"maxTimeoutSeconds must be a positive integer\" }),\n  extra: z.record(z.unknown()),\n});\n\n// Payment required response (402 response)\nexport const PaymentRequiredSchema = z.object({\n  t402Version: z.literal(2, {\n    errorMap: () => ({ message: \"t402Version must be 2 for V2 protocol\" }),\n  }),\n  error: z.string().optional(),\n  resource: ResourceInfoSchema,\n  accepts: z\n    .array(PaymentRequirementsSchema)\n    .min(1, { message: \"At least one payment option is required\" }),\n  extensions: z.record(z.unknown()).optional(),\n});\n\n// Payment payload (client's signed payment)\nexport const PaymentPayloadSchema = z.object({\n  t402Version: z.literal(2, {\n    errorMap: () => ({ message: \"t402Version must be 2 for V2 protocol\" }),\n  }),\n  resource: ResourceInfoSchema.optional(),\n  accepted: PaymentRequirementsSchema,\n  payload: z.record(z.unknown()),\n  extensions: z.record(z.unknown()).optional(),\n});\n\n// Verify response from facilitator\nexport const VerifyResponseSchema = z.object({\n  isValid: z.boolean(),\n  invalidReason: z.string().optional(),\n  payer: z.string().optional(),\n});\n\n// Settle response from facilitator\nexport const SettleResponseSchema = z.object({\n  success: z.boolean(),\n  transaction: z.string(),\n  network: NetworkSchema,\n  errorReason: z.string().optional(),\n  payer: z.string().optional(),\n});\n\n// V1 schemas for backward compatibility\nexport const PaymentRequirementsV1Schema = z.object({\n  scheme: z.string().min(1),\n  network: z.string().min(1),\n  asset: z.string().min(1),\n  amount: z.string().regex(/^\\d+$/),\n  payTo: z.string().min(1),\n  maxTimeoutSeconds: z.number().int().positive(),\n  extra: z.record(z.unknown()).optional(),\n});\n\nexport const PaymentPayloadV1Schema = z.object({\n  t402Version: z.literal(1).optional(),\n  accepted: PaymentRequirementsV1Schema,\n  payload: z.record(z.unknown()),\n});\n\n// Type inference helpers\nexport type ValidatedPaymentPayload = z.infer<typeof PaymentPayloadSchema>;\nexport type ValidatedPaymentRequired = z.infer<typeof PaymentRequiredSchema>;\nexport type ValidatedPaymentRequirements = z.infer<typeof PaymentRequirementsSchema>;\nexport type ValidatedVerifyResponse = z.infer<typeof VerifyResponseSchema>;\nexport type ValidatedSettleResponse = z.infer<typeof SettleResponseSchema>;\n\n/**\n * Parse and validate a PaymentPayload.\n *\n * @param data - The data to parse\n * @returns The validated payment payload\n * @throws ZodError if validation fails\n */\nexport function parsePaymentPayload(data: unknown): ValidatedPaymentPayload {\n  return PaymentPayloadSchema.parse(data);\n}\n\n/**\n * Parse and validate a PaymentRequired response.\n *\n * @param data - The data to parse\n * @returns The validated payment required response\n * @throws ZodError if validation fails\n */\nexport function parsePaymentRequired(data: unknown): ValidatedPaymentRequired {\n  return PaymentRequiredSchema.parse(data);\n}\n\n/**\n * Parse and validate PaymentRequirements.\n *\n * @param data - The data to parse\n * @returns The validated payment requirements\n * @throws ZodError if validation fails\n */\nexport function parsePaymentRequirements(data: unknown): ValidatedPaymentRequirements {\n  return PaymentRequirementsSchema.parse(data);\n}\n\n/**\n * Safely parse a PaymentPayload, returning a result object.\n *\n * @param data - The data to parse\n * @returns The safe parse result\n */\nexport function safeParsePaymentPayload(\n  data: unknown,\n): z.SafeParseReturnType<unknown, ValidatedPaymentPayload> {\n  return PaymentPayloadSchema.safeParse(data);\n}\n\n/**\n * Safely parse a PaymentRequired response, returning a result object.\n *\n * @param data - The data to parse\n * @returns The safe parse result\n */\nexport function safeParsePaymentRequired(\n  data: unknown,\n): z.SafeParseReturnType<unknown, ValidatedPaymentRequired> {\n  return PaymentRequiredSchema.safeParse(data);\n}\n\n/**\n * Safely parse PaymentRequirements, returning a result object.\n *\n * @param data - The data to parse\n * @returns The safe parse result\n */\nexport function safeParsePaymentRequirements(\n  data: unknown,\n): z.SafeParseReturnType<unknown, ValidatedPaymentRequirements> {\n  return PaymentRequirementsSchema.safeParse(data);\n}\n"],"mappings":";AAAA,SAAS,SAAS;AAQX,IAAM,gBAAgB,EAAE,OAAO,EAAE,MAAM,8BAA8B;AAAA,EAC1E,SAAS;AACX,CAAC;AAGM,IAAM,qBAAqB,EAAE,OAAO;AAAA,EACzC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,mCAAmC,CAAC;AAAA,EACnE,aAAa,EAAE,OAAO,EAAE,SAAS;AAAA,EACjC,UAAU,EAAE,OAAO,EAAE,SAAS;AAChC,CAAC;AAGM,IAAM,4BAA4B,EAAE,OAAO;AAAA,EAChD,QAAQ,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS,qBAAqB,CAAC;AAAA,EAC3D,SAAS;AAAA,EACT,OAAO,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS,4BAA4B,CAAC;AAAA,EACjE,QAAQ,EAAE,OAAO,EAAE,MAAM,SAAS,EAAE,SAAS,+CAA+C,CAAC;AAAA,EAC7F,OAAO,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS,4BAA4B,CAAC;AAAA,EACjE,mBAAmB,EAChB,OAAO,EACP,IAAI,EACJ,SAAS,EAAE,SAAS,+CAA+C,CAAC;AAAA,EACvE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC;AAC7B,CAAC;AAGM,IAAM,wBAAwB,EAAE,OAAO;AAAA,EAC5C,aAAa,EAAE,QAAQ,GAAG;AAAA,IACxB,UAAU,OAAO,EAAE,SAAS,wCAAwC;AAAA,EACtE,CAAC;AAAA,EACD,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,UAAU;AAAA,EACV,SAAS,EACN,MAAM,yBAAyB,EAC/B,IAAI,GAAG,EAAE,SAAS,0CAA0C,CAAC;AAAA,EAChE,YAAY,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,SAAS;AAC7C,CAAC;AAGM,IAAM,uBAAuB,EAAE,OAAO;AAAA,EAC3C,aAAa,EAAE,QAAQ,GAAG;AAAA,IACxB,UAAU,OAAO,EAAE,SAAS,wCAAwC;AAAA,EACtE,CAAC;AAAA,EACD,UAAU,mBAAmB,SAAS;AAAA,EACtC,UAAU;AAAA,EACV,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC;AAAA,EAC7B,YAAY,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,SAAS;AAC7C,CAAC;AAGM,IAAM,uBAAuB,EAAE,OAAO;AAAA,EAC3C,SAAS,EAAE,QAAQ;AAAA,EACnB,eAAe,EAAE,OAAO,EAAE,SAAS;AAAA,EACnC,OAAO,EAAE,OAAO,EAAE,SAAS;AAC7B,CAAC;AAGM,IAAM,uBAAuB,EAAE,OAAO;AAAA,EAC3C,SAAS,EAAE,QAAQ;AAAA,EACnB,aAAa,EAAE,OAAO;AAAA,EACtB,SAAS;AAAA,EACT,aAAa,EAAE,OAAO,EAAE,SAAS;AAAA,EACjC,OAAO,EAAE,OAAO,EAAE,SAAS;AAC7B,CAAC;AAGM,IAAM,8BAA8B,EAAE,OAAO;AAAA,EAClD,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACxB,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACzB,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACvB,QAAQ,EAAE,OAAO,EAAE,MAAM,OAAO;AAAA,EAChC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACvB,mBAAmB,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EAC7C,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,SAAS;AACxC,CAAC;AAEM,IAAM,yBAAyB,EAAE,OAAO;AAAA,EAC7C,aAAa,EAAE,QAAQ,CAAC,EAAE,SAAS;AAAA,EACnC,UAAU;AAAA,EACV,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC;AAC/B,CAAC;AAgBM,SAAS,oBAAoB,MAAwC;AAC1E,SAAO,qBAAqB,MAAM,IAAI;AACxC;AASO,SAAS,qBAAqB,MAAyC;AAC5E,SAAO,sBAAsB,MAAM,IAAI;AACzC;AASO,SAAS,yBAAyB,MAA6C;AACpF,SAAO,0BAA0B,MAAM,IAAI;AAC7C;AAQO,SAAS,wBACd,MACyD;AACzD,SAAO,qBAAqB,UAAU,IAAI;AAC5C;AAQO,SAAS,yBACd,MAC0D;AAC1D,SAAO,sBAAsB,UAAU,IAAI;AAC7C;AAQO,SAAS,6BACd,MAC8D;AAC9D,SAAO,0BAA0B,UAAU,IAAI;AACjD;","names":[]}

package/dist/esm/{chunk-3IUBYRYG.mjs → chunk-LJ4M5Z5U.mjs}

@@ -1,4 +1,51 @@
 // src/utils/index.ts
+function getCrypto() {
+  const cryptoObj = globalThis.crypto;
+  if (!cryptoObj || typeof cryptoObj.getRandomValues !== "function") {
+    throw new Error(
+      "Crypto API not available. Node.js 19+ or a browser with Web Crypto API is required."
+    );
+  }
+  return cryptoObj;
+}
+function cryptoRandomInt(max) {
+  if (max <= 0 || max > 4294967295 || !Number.isInteger(max)) {
+    throw new Error(`Invalid max value: ${max}. Must be positive integer <= 2^32`);
+  }
+  const crypto = getCrypto();
+  const array = new Uint32Array(1);
+  const limit = Math.floor(4294967295 / max) * max;
+  let value;
+  do {
+    crypto.getRandomValues(array);
+    value = array[0];
+  } while (value >= limit);
+  return value % max;
+}
+function cryptoRandomBigInt(bits = 64) {
+  if (bits <= 0 || bits > 256) {
+    throw new Error(`Invalid bits value: ${bits}. Must be 1-256`);
+  }
+  const crypto = getCrypto();
+  const bytes = Math.ceil(bits / 8);
+  const array = new Uint8Array(bytes);
+  crypto.getRandomValues(array);
+  let result = 0n;
+  for (let i = 0; i < bytes; i++) {
+    result = result << 8n | BigInt(array[i]);
+  }
+  const mask = (1n << BigInt(bits)) - 1n;
+  return result & mask;
+}
+function cryptoRandomHex(bytes = 16) {
+  if (bytes <= 0 || bytes > 128) {
+    throw new Error(`Invalid bytes value: ${bytes}. Must be 1-128`);
+  }
+  const crypto = getCrypto();
+  const array = new Uint8Array(bytes);
+  crypto.getRandomValues(array);
+  return Array.from(array).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
 var findSchemesByNetwork = (map, network) => {
   let implementationsByScheme = map.get(network);
   if (!implementationsByScheme) {
@@ -67,6 +114,9 @@ function deepEqual(obj1, obj2) {
 }
 
 export {
+  cryptoRandomInt,
+  cryptoRandomBigInt,
+  cryptoRandomHex,
   findSchemesByNetwork,
   findByNetworkAndScheme,
   findFacilitatorBySchemeAndNetwork,
@@ -75,4 +125,4 @@ export {
   safeBase64Decode,
   deepEqual
 };
-//# sourceMappingURL=chunk-3IUBYRYG.mjs.map
+//# sourceMappingURL=chunk-LJ4M5Z5U.mjs.map

package/dist/esm/chunk-LJ4M5Z5U.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utils/index.ts"],"sourcesContent":["import { Network } from \"../types\";\n\n// ============================================================================\n// Cryptographically Secure Random Utilities\n// ============================================================================\n\n/**\n * Get the crypto object, works in both browser and Node.js (19+)\n *\n * @returns The crypto object\n * @throws Error if crypto API is not available\n */\nfunction getCrypto(): Crypto {\n  const cryptoObj = globalThis.crypto;\n\n  if (!cryptoObj || typeof cryptoObj.getRandomValues !== \"function\") {\n    throw new Error(\n      \"Crypto API not available. \" + \"Node.js 19+ or a browser with Web Crypto API is required.\",\n    );\n  }\n\n  return cryptoObj;\n}\n\n/**\n * Generate a cryptographically secure random integer in range [0, max)\n *\n * Uses rejection sampling to ensure uniform distribution.\n *\n * @param max - Exclusive upper bound (must be > 0 and <= 2^32)\n * @returns Random integer in [0, max)\n * @throws Error if max is invalid or crypto unavailable\n */\nexport function cryptoRandomInt(max: number): number {\n  if (max <= 0 || max > 0xffffffff || !Number.isInteger(max)) {\n    throw new Error(`Invalid max value: ${max}. Must be positive integer <= 2^32`);\n  }\n\n  const crypto = getCrypto();\n  const array = new Uint32Array(1);\n\n  // Rejection sampling to avoid modulo bias\n  const limit = Math.floor(0xffffffff / max) * max;\n  let value: number;\n\n  do {\n    crypto.getRandomValues(array);\n    value = array[0];\n  } while (value >= limit);\n\n  return value % max;\n}\n\n/**\n * Generate a cryptographically secure random BigInt\n *\n * @param bits - Number of bits (default 64, max 256)\n * @returns Random BigInt with specified number of bits\n * @throws Error if bits is invalid or crypto unavailable\n */\nexport function cryptoRandomBigInt(bits: number = 64): bigint {\n  if (bits <= 0 || bits > 256) {\n    throw new Error(`Invalid bits value: ${bits}. Must be 1-256`);\n  }\n\n  const crypto = getCrypto();\n  const bytes = Math.ceil(bits / 8);\n  const array = new Uint8Array(bytes);\n  crypto.getRandomValues(array);\n\n  // Convert bytes to BigInt\n  let result = 0n;\n  for (let i = 0; i < bytes; i++) {\n    result = (result << 8n) | BigInt(array[i]);\n  }\n\n  // Mask to exact bit count\n  const mask = (1n << BigInt(bits)) - 1n;\n  return result & mask;\n}\n\n/**\n * Generate a cryptographically secure random hex string\n *\n * @param bytes - Number of random bytes (default 16)\n * @returns Hex-encoded random string\n * @throws Error if bytes is invalid or crypto unavailable\n */\nexport function cryptoRandomHex(bytes: number = 16): string {\n  if (bytes <= 0 || bytes > 128) {\n    throw new Error(`Invalid bytes value: ${bytes}. Must be 1-128`);\n  }\n\n  const crypto = getCrypto();\n  const array = new Uint8Array(bytes);\n  crypto.getRandomValues(array);\n\n  return Array.from(array)\n    .map(b => b.toString(16).padStart(2, \"0\"))\n    .join(\"\");\n}\n\n// ============================================================================\n// Network and Scheme Utilities\n// ============================================================================\n\n/**\n * Scheme data structure for facilitator storage\n */\nexport interface SchemeData<T> {\n  facilitator: T;\n  networks: Set<Network>;\n  pattern: Network;\n}\n\nexport const findSchemesByNetwork = <T>(\n  map: Map<string, Map<string, T>>,\n  network: Network,\n): Map<string, T> | undefined => {\n  // Direct match first\n  let implementationsByScheme = map.get(network);\n\n  if (!implementationsByScheme) {\n    // Try pattern matching for registered network patterns\n    for (const [registeredNetworkPattern, implementations] of map.entries()) {\n      // Convert the registered network pattern to a regex\n      // e.g., \"eip155:*\" becomes /^eip155:.*$/\n      const pattern = registeredNetworkPattern\n        .replace(/[.*+?^${}()|[\\]\\\\]/g, \"\\\\$&\") // Escape special regex chars except *\n        .replace(/\\\\\\*/g, \".*\"); // Replace escaped * with .*\n\n      const regex = new RegExp(`^${pattern}$`);\n\n      if (regex.test(network)) {\n        implementationsByScheme = implementations;\n        break;\n      }\n    }\n  }\n\n  return implementationsByScheme;\n};\n\nexport const findByNetworkAndScheme = <T>(\n  map: Map<string, Map<string, T>>,\n  scheme: string,\n  network: Network,\n): T | undefined => {\n  return findSchemesByNetwork(map, network)?.get(scheme);\n};\n\n/**\n * Finds a facilitator by scheme and network using pattern matching.\n * Works with new SchemeData storage structure.\n *\n * @param schemeMap - Map of scheme names to SchemeData\n * @param scheme - The scheme to find\n * @param network - The network to match against\n * @returns The facilitator if found, undefined otherwise\n */\nexport const findFacilitatorBySchemeAndNetwork = <T>(\n  schemeMap: Map<string, SchemeData<T>>,\n  scheme: string,\n  network: Network,\n): T | undefined => {\n  const schemeData = schemeMap.get(scheme);\n  if (!schemeData) return undefined;\n\n  // Check if network is in the stored networks set\n  if (schemeData.networks.has(network)) {\n    return schemeData.facilitator;\n  }\n\n  // Try pattern matching\n  const patternRegex = new RegExp(\"^\" + schemeData.pattern.replace(\"*\", \".*\") + \"$\");\n  if (patternRegex.test(network)) {\n    return schemeData.facilitator;\n  }\n\n  return undefined;\n};\n\nexport const Base64EncodedRegex = /^[A-Za-z0-9+/]*={0,2}$/;\n\n/**\n * Encodes a string to base64 format\n *\n * @param data - The string to be encoded to base64\n * @returns The base64 encoded string\n */\nexport function safeBase64Encode(data: string): string {\n  if (typeof globalThis !== \"undefined\" && typeof globalThis.btoa === \"function\") {\n    return globalThis.btoa(data);\n  }\n  return Buffer.from(data).toString(\"base64\");\n}\n\n/**\n * Decodes a base64 string back to its original format\n *\n * @param data - The base64 encoded string to be decoded\n * @returns The decoded string in UTF-8 format\n */\nexport function safeBase64Decode(data: string): string {\n  if (typeof globalThis !== \"undefined\" && typeof globalThis.atob === \"function\") {\n    return globalThis.atob(data);\n  }\n  return Buffer.from(data, \"base64\").toString(\"utf-8\");\n}\n\n/**\n * Deep equality comparison for payment requirements\n * Uses a normalized JSON.stringify for consistent comparison\n *\n * @param obj1 - First object to compare\n * @param obj2 - Second object to compare\n * @returns True if objects are deeply equal\n */\nexport function deepEqual(obj1: unknown, obj2: unknown): boolean {\n  // Normalize and stringify both objects for comparison\n  // This handles nested objects, arrays, and different property orders\n  const normalize = (obj: unknown): string => {\n    // Handle primitives and null/undefined\n    if (obj === null || obj === undefined) return JSON.stringify(obj);\n    if (typeof obj !== \"object\") return JSON.stringify(obj);\n\n    // Handle arrays\n    if (Array.isArray(obj)) {\n      return JSON.stringify(\n        obj.map(item =>\n          typeof item === \"object\" && item !== null ? JSON.parse(normalize(item)) : item,\n        ),\n      );\n    }\n\n    // Handle objects - sort keys and recursively normalize values\n    const sorted: Record<string, unknown> = {};\n    Object.keys(obj as Record<string, unknown>)\n      .sort()\n      .forEach(key => {\n        const value = (obj as Record<string, unknown>)[key];\n        sorted[key] =\n          typeof value === \"object\" && value !== null ? JSON.parse(normalize(value)) : value;\n      });\n    return JSON.stringify(sorted);\n  };\n\n  try {\n    return normalize(obj1) === normalize(obj2);\n  } catch {\n    // Fallback to simple comparison if normalization fails\n    return JSON.stringify(obj1) === JSON.stringify(obj2);\n  }\n}\n"],"mappings":";AAYA,SAAS,YAAoB;AAC3B,QAAM,YAAY,WAAW;AAE7B,MAAI,CAAC,aAAa,OAAO,UAAU,oBAAoB,YAAY;AACjE,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAWO,SAAS,gBAAgB,KAAqB;AACnD,MAAI,OAAO,KAAK,MAAM,cAAc,CAAC,OAAO,UAAU,GAAG,GAAG;AAC1D,UAAM,IAAI,MAAM,sBAAsB,GAAG,oCAAoC;AAAA,EAC/E;AAEA,QAAM,SAAS,UAAU;AACzB,QAAM,QAAQ,IAAI,YAAY,CAAC;AAG/B,QAAM,QAAQ,KAAK,MAAM,aAAa,GAAG,IAAI;AAC7C,MAAI;AAEJ,KAAG;AACD,WAAO,gBAAgB,KAAK;AAC5B,YAAQ,MAAM,CAAC;AAAA,EACjB,SAAS,SAAS;AAElB,SAAO,QAAQ;AACjB;AASO,SAAS,mBAAmB,OAAe,IAAY;AAC5D,MAAI,QAAQ,KAAK,OAAO,KAAK;AAC3B,UAAM,IAAI,MAAM,uBAAuB,IAAI,iBAAiB;AAAA,EAC9D;AAEA,QAAM,SAAS,UAAU;AACzB,QAAM,QAAQ,KAAK,KAAK,OAAO,CAAC;AAChC,QAAM,QAAQ,IAAI,WAAW,KAAK;AAClC,SAAO,gBAAgB,KAAK;AAG5B,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,OAAO,KAAK;AAC9B,aAAU,UAAU,KAAM,OAAO,MAAM,CAAC,CAAC;AAAA,EAC3C;AAGA,QAAM,QAAQ,MAAM,OAAO,IAAI,KAAK;AACpC,SAAO,SAAS;AAClB;AASO,SAAS,gBAAgB,QAAgB,IAAY;AAC1D,MAAI,SAAS,KAAK,QAAQ,KAAK;AAC7B,UAAM,IAAI,MAAM,wBAAwB,KAAK,iBAAiB;AAAA,EAChE;AAEA,QAAM,SAAS,UAAU;AACzB,QAAM,QAAQ,IAAI,WAAW,KAAK;AAClC,SAAO,gBAAgB,KAAK;AAE5B,SAAO,MAAM,KAAK,KAAK,EACpB,IAAI,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EACxC,KAAK,EAAE;AACZ;AAeO,IAAM,uBAAuB,CAClC,KACA,YAC+B;AAE/B,MAAI,0BAA0B,IAAI,IAAI,OAAO;AAE7C,MAAI,CAAC,yBAAyB;AAE5B,eAAW,CAAC,0BAA0B,eAAe,KAAK,IAAI,QAAQ,GAAG;AAGvE,YAAM,UAAU,yBACb,QAAQ,uBAAuB,MAAM,EACrC,QAAQ,SAAS,IAAI;AAExB,YAAM,QAAQ,IAAI,OAAO,IAAI,OAAO,GAAG;AAEvC,UAAI,MAAM,KAAK,OAAO,GAAG;AACvB,kCAA0B;AAC1B;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,IAAM,yBAAyB,CACpC,KACA,QACA,YACkB;AAClB,SAAO,qBAAqB,KAAK,OAAO,GAAG,IAAI,MAAM;AACvD;AAWO,IAAM,oCAAoC,CAC/C,WACA,QACA,YACkB;AAClB,QAAM,aAAa,UAAU,IAAI,MAAM;AACvC,MAAI,CAAC,WAAY,QAAO;AAGxB,MAAI,WAAW,SAAS,IAAI,OAAO,GAAG;AACpC,WAAO,WAAW;AAAA,EACpB;AAGA,QAAM,eAAe,IAAI,OAAO,MAAM,WAAW,QAAQ,QAAQ,KAAK,IAAI,IAAI,GAAG;AACjF,MAAI,aAAa,KAAK,OAAO,GAAG;AAC9B,WAAO,WAAW;AAAA,EACpB;AAEA,SAAO;AACT;AAEO,IAAM,qBAAqB;AAQ3B,SAAS,iBAAiB,MAAsB;AACrD,MAAI,OAAO,eAAe,eAAe,OAAO,WAAW,SAAS,YAAY;AAC9E,WAAO,WAAW,KAAK,IAAI;AAAA,EAC7B;AACA,SAAO,OAAO,KAAK,IAAI,EAAE,SAAS,QAAQ;AAC5C;AAQO,SAAS,iBAAiB,MAAsB;AACrD,MAAI,OAAO,eAAe,eAAe,OAAO,WAAW,SAAS,YAAY;AAC9E,WAAO,WAAW,KAAK,IAAI;AAAA,EAC7B;AACA,SAAO,OAAO,KAAK,MAAM,QAAQ,EAAE,SAAS,OAAO;AACrD;AAUO,SAAS,UAAU,MAAe,MAAwB;AAG/D,QAAM,YAAY,CAAC,QAAyB;AAE1C,QAAI,QAAQ,QAAQ,QAAQ,OAAW,QAAO,KAAK,UAAU,GAAG;AAChE,QAAI,OAAO,QAAQ,SAAU,QAAO,KAAK,UAAU,GAAG;AAGtD,QAAI,MAAM,QAAQ,GAAG,GAAG;AACtB,aAAO,KAAK;AAAA,QACV,IAAI;AAAA,UAAI,UACN,OAAO,SAAS,YAAY,SAAS,OAAO,KAAK,MAAM,UAAU,IAAI,CAAC,IAAI;AAAA,QAC5E;AAAA,MACF;AAAA,IACF;AAGA,UAAM,SAAkC,CAAC;AACzC,WAAO,KAAK,GAA8B,EACvC,KAAK,EACL,QAAQ,SAAO;AACd,YAAM,QAAS,IAAgC,GAAG;AAClD,aAAO,GAAG,IACR,OAAO,UAAU,YAAY,UAAU,OAAO,KAAK,MAAM,UAAU,KAAK,CAAC,IAAI;AAAA,IACjF,CAAC;AACH,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AAEA,MAAI;AACF,WAAO,UAAU,IAAI,MAAM,UAAU,IAAI;AAAA,EAC3C,QAAQ;AAEN,WAAO,KAAK,UAAU,IAAI,MAAM,KAAK,UAAU,IAAI;AAAA,EACrD;AACF;","names":[]}

package/dist/esm/{chunk-773TNE2Y.mjs → chunk-REMGOG6C.mjs}

@@ -1,11 +1,16 @@
 import {
   t402Version
 } from "./chunk-3VTYR43U.mjs";
+import {
+  PaymentPayloadSchema,
+  PaymentRequiredSchema,
+  SettleResponseSchema
+} from "./chunk-KPNYZYDS.mjs";
 import {
   Base64EncodedRegex,
   safeBase64Decode,
   safeBase64Encode
-} from "./chunk-3IUBYRYG.mjs";
+} from "./chunk-LJ4M5Z5U.mjs";
 import {
   __publicField,
   __require
@@ -694,7 +699,9 @@ function decodePaymentSignatureHeader(paymentSignatureHeader) {
   if (!Base64EncodedRegex.test(paymentSignatureHeader)) {
     throw new Error("Invalid payment signature header");
   }
-  return JSON.parse(safeBase64Decode(paymentSignatureHeader));
+  const parsed = JSON.parse(safeBase64Decode(paymentSignatureHeader));
+  PaymentPayloadSchema.parse(parsed);
+  return parsed;
 }
 function encodePaymentRequiredHeader(paymentRequired) {
   return safeBase64Encode(JSON.stringify(paymentRequired));
@@ -703,7 +710,9 @@ function decodePaymentRequiredHeader(paymentRequiredHeader) {
   if (!Base64EncodedRegex.test(paymentRequiredHeader)) {
     throw new Error("Invalid payment required header");
   }
-  return JSON.parse(safeBase64Decode(paymentRequiredHeader));
+  const parsed = JSON.parse(safeBase64Decode(paymentRequiredHeader));
+  PaymentRequiredSchema.parse(parsed);
+  return parsed;
 }
 function encodePaymentResponseHeader(paymentResponse) {
   return safeBase64Encode(JSON.stringify(paymentResponse));
@@ -712,7 +721,9 @@ function decodePaymentResponseHeader(paymentResponseHeader) {
   if (!Base64EncodedRegex.test(paymentResponseHeader)) {
     throw new Error("Invalid payment response header");
   }
-  return JSON.parse(safeBase64Decode(paymentResponseHeader));
+  const parsed = JSON.parse(safeBase64Decode(paymentResponseHeader));
+  SettleResponseSchema.parse(parsed);
+  return parsed;
 }
 
 export {
@@ -727,4 +738,4 @@ export {
   decodePaymentResponseHeader,
   t402HTTPClient
 };
-//# sourceMappingURL=chunk-773TNE2Y.mjs.map
+//# sourceMappingURL=chunk-REMGOG6C.mjs.map