@x402/extensions 2.2.0 → 2.3.0

package/dist/cjs/index.js

@@ -31,16 +31,64 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var src_exports = {};
 __export(src_exports, {
   BAZAAR: () => BAZAAR,
+  InMemorySIWxStorage: () => InMemorySIWxStorage,
+  PAYMENT_IDENTIFIER: () => PAYMENT_IDENTIFIER,
+  PAYMENT_ID_MAX_LENGTH: () => PAYMENT_ID_MAX_LENGTH,
+  PAYMENT_ID_MIN_LENGTH: () => PAYMENT_ID_MIN_LENGTH,
+  PAYMENT_ID_PATTERN: () => PAYMENT_ID_PATTERN,
+  SIGN_IN_WITH_X: () => SIGN_IN_WITH_X,
+  SIWxPayloadSchema: () => SIWxPayloadSchema,
+  SOLANA_DEVNET: () => SOLANA_DEVNET,
+  SOLANA_MAINNET: () => SOLANA_MAINNET,
+  SOLANA_TESTNET: () => SOLANA_TESTNET,
+  appendPaymentIdentifierToExtensions: () => appendPaymentIdentifierToExtensions,
   bazaarResourceServerExtension: () => bazaarResourceServerExtension,
+  buildSIWxSchema: () => buildSIWxSchema,
+  createSIWxClientHook: () => createSIWxClientHook,
+  createSIWxMessage: () => createSIWxMessage,
+  createSIWxPayload: () => createSIWxPayload,
+  createSIWxRequestHook: () => createSIWxRequestHook,
+  createSIWxSettleHook: () => createSIWxSettleHook,
   declareDiscoveryExtension: () => declareDiscoveryExtension,
+  declarePaymentIdentifierExtension: () => declarePaymentIdentifierExtension,
+  declareSIWxExtension: () => declareSIWxExtension,
+  decodeBase58: () => decodeBase58,
+  encodeBase58: () => encodeBase58,
+  encodeSIWxHeader: () => encodeSIWxHeader,
+  extractAndValidatePaymentIdentifier: () => extractAndValidatePaymentIdentifier,
   extractDiscoveryInfo: () => extractDiscoveryInfo,
   extractDiscoveryInfoFromExtension: () => extractDiscoveryInfoFromExtension,
   extractDiscoveryInfoV1: () => extractDiscoveryInfoV1,
+  extractEVMChainId: () => extractEVMChainId,
+  extractPaymentIdentifier: () => extractPaymentIdentifier,
   extractResourceMetadataV1: () => extractResourceMetadataV1,
+  extractSolanaChainReference: () => extractSolanaChainReference,
+  formatSIWEMessage: () => formatSIWEMessage,
+  formatSIWSMessage: () => formatSIWSMessage,
+  generatePaymentId: () => generatePaymentId,
+  getEVMAddress: () => getEVMAddress,
+  getSolanaAddress: () => getSolanaAddress,
+  hasPaymentIdentifier: () => hasPaymentIdentifier,
   isDiscoverableV1: () => isDiscoverableV1,
+  isPaymentIdentifierExtension: () => isPaymentIdentifierExtension,
+  isPaymentIdentifierRequired: () => isPaymentIdentifierRequired,
+  isValidPaymentId: () => isValidPaymentId,
+  parseSIWxHeader: () => parseSIWxHeader,
+  paymentIdentifierResourceServerExtension: () => paymentIdentifierResourceServerExtension,
+  paymentIdentifierSchema: () => paymentIdentifierSchema,
+  signEVMMessage: () => signEVMMessage,
+  signSolanaMessage: () => signSolanaMessage,
+  siwxResourceServerExtension: () => siwxResourceServerExtension,
   validateAndExtract: () => validateAndExtract,
   validateDiscoveryExtension: () => validateDiscoveryExtension,
-  withBazaar: () => withBazaar
+  validatePaymentIdentifier: () => validatePaymentIdentifier,
+  validatePaymentIdentifierRequirement: () => validatePaymentIdentifierRequirement,
+  validateSIWxMessage: () => validateSIWxMessage,
+  verifyEVMSignature: () => verifyEVMSignature,
+  verifySIWxSignature: () => verifySIWxSignature,
+  verifySolanaSignature: () => verifySolanaSignature,
+  withBazaar: () => withBazaar,
+  wrapFetchWithSIWx: () => wrapFetchWithSIWx
 });
 module.exports = __toCommonJS(src_exports);
 
@@ -412,8 +460,20 @@ function extractDiscoveryInfo(paymentPayload, paymentRequirements, validate = tr
   }
   const url = new URL(resourceUrl);
   const normalizedResourceUrl = `${url.origin}${url.pathname}`;
+  let description;
+  let mimeType;
+  if (paymentPayload.x402Version === 2) {
+    description = paymentPayload.resource?.description;
+    mimeType = paymentPayload.resource?.mimeType;
+  } else if (paymentPayload.x402Version === 1) {
+    const requirementsV1 = paymentRequirements;
+    description = requirementsV1.description;
+    mimeType = requirementsV1.mimeType;
+  }
   return {
     resourceUrl: normalizedResourceUrl,
+    description,
+    mimeType,
     method: discoveryInfo.input.method,
     x402Version: paymentPayload.x402Version,
     discoveryInfo
@@ -485,18 +545,964 @@ function withBazaar(client) {
   };
   return extended;
 }
+
+// src/sign-in-with-x/types.ts
+var import_zod = require("zod");
+var SIGN_IN_WITH_X = "sign-in-with-x";
+var SIWxPayloadSchema = import_zod.z.object({
+  domain: import_zod.z.string(),
+  address: import_zod.z.string(),
+  statement: import_zod.z.string().optional(),
+  uri: import_zod.z.string(),
+  version: import_zod.z.string(),
+  chainId: import_zod.z.string(),
+  type: import_zod.z.enum(["eip191", "ed25519"]),
+  nonce: import_zod.z.string(),
+  issuedAt: import_zod.z.string(),
+  expirationTime: import_zod.z.string().optional(),
+  notBefore: import_zod.z.string().optional(),
+  requestId: import_zod.z.string().optional(),
+  resources: import_zod.z.array(import_zod.z.string()).optional(),
+  signatureScheme: import_zod.z.enum(["eip191", "eip1271", "eip6492", "siws"]).optional(),
+  signature: import_zod.z.string()
+});
+
+// src/sign-in-with-x/solana.ts
+var import_base = require("@scure/base");
+var import_tweetnacl = __toESM(require("tweetnacl"));
+var SOLANA_MAINNET = "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp";
+var SOLANA_DEVNET = "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1";
+var SOLANA_TESTNET = "solana:4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z";
+function extractSolanaChainReference(chainId) {
+  const [, reference] = chainId.split(":");
+  return reference;
+}
+function formatSIWSMessage(info, address) {
+  const lines = [
+    `${info.domain} wants you to sign in with your Solana account:`,
+    address,
+    ""
+  ];
+  if (info.statement) {
+    lines.push(info.statement, "");
+  }
+  lines.push(
+    `URI: ${info.uri}`,
+    `Version: ${info.version}`,
+    `Chain ID: ${extractSolanaChainReference(info.chainId)}`,
+    `Nonce: ${info.nonce}`,
+    `Issued At: ${info.issuedAt}`
+  );
+  if (info.expirationTime) {
+    lines.push(`Expiration Time: ${info.expirationTime}`);
+  }
+  if (info.notBefore) {
+    lines.push(`Not Before: ${info.notBefore}`);
+  }
+  if (info.requestId) {
+    lines.push(`Request ID: ${info.requestId}`);
+  }
+  if (info.resources && info.resources.length > 0) {
+    lines.push("Resources:");
+    for (const resource of info.resources) {
+      lines.push(`- ${resource}`);
+    }
+  }
+  return lines.join("\n");
+}
+function verifySolanaSignature(message, signature, publicKey) {
+  const messageBytes = new TextEncoder().encode(message);
+  return import_tweetnacl.default.sign.detached.verify(messageBytes, signature, publicKey);
+}
+function decodeBase58(encoded) {
+  return import_base.base58.decode(encoded);
+}
+function encodeBase58(bytes) {
+  return import_base.base58.encode(bytes);
+}
+
+// src/sign-in-with-x/schema.ts
+function buildSIWxSchema() {
+  return {
+    $schema: "https://json-schema.org/draft/2020-12/schema",
+    type: "object",
+    properties: {
+      domain: { type: "string" },
+      address: { type: "string" },
+      statement: { type: "string" },
+      uri: { type: "string", format: "uri" },
+      version: { type: "string" },
+      chainId: { type: "string" },
+      type: { type: "string" },
+      nonce: { type: "string" },
+      issuedAt: { type: "string", format: "date-time" },
+      expirationTime: { type: "string", format: "date-time" },
+      notBefore: { type: "string", format: "date-time" },
+      requestId: { type: "string" },
+      resources: { type: "array", items: { type: "string", format: "uri" } },
+      signature: { type: "string" }
+    },
+    required: [
+      "domain",
+      "address",
+      "uri",
+      "version",
+      "chainId",
+      "type",
+      "nonce",
+      "issuedAt",
+      "signature"
+    ]
+  };
+}
+
+// src/sign-in-with-x/declare.ts
+function getSignatureType(network) {
+  return network.startsWith("solana:") ? "ed25519" : "eip191";
+}
+function declareSIWxExtension(options = {}) {
+  const info = {
+    version: options.version ?? "1"
+  };
+  if (options.domain) {
+    info.domain = options.domain;
+  }
+  if (options.resourceUri) {
+    info.uri = options.resourceUri;
+    info.resources = [options.resourceUri];
+  }
+  if (options.statement) {
+    info.statement = options.statement;
+  }
+  let supportedChains = [];
+  if (options.network) {
+    const networks = Array.isArray(options.network) ? options.network : [options.network];
+    supportedChains = networks.map((network) => ({
+      chainId: network,
+      type: getSignatureType(network)
+    }));
+  }
+  const declaration = {
+    info,
+    supportedChains,
+    schema: buildSIWxSchema(),
+    _options: options
+  };
+  return { [SIGN_IN_WITH_X]: declaration };
+}
+
+// src/sign-in-with-x/server.ts
+var import_crypto = require("crypto");
+var siwxResourceServerExtension = {
+  key: SIGN_IN_WITH_X,
+  enrichPaymentRequiredResponse: async (declaration, context) => {
+    const decl = declaration;
+    const opts = decl._options ?? {};
+    const resourceUri = opts.resourceUri ?? context.resourceInfo.url;
+    let domain = opts.domain;
+    if (!domain && resourceUri) {
+      try {
+        domain = new URL(resourceUri).hostname;
+      } catch {
+      }
+    }
+    let networks;
+    if (opts.network) {
+      networks = Array.isArray(opts.network) ? opts.network : [opts.network];
+    } else {
+      networks = [...new Set(context.requirements.map((r) => r.network))];
+    }
+    const nonce = (0, import_crypto.randomBytes)(16).toString("hex");
+    const issuedAt = (/* @__PURE__ */ new Date()).toISOString();
+    const expirationSeconds = opts.expirationSeconds;
+    const expirationTime = expirationSeconds !== void 0 ? new Date(Date.now() + expirationSeconds * 1e3).toISOString() : void 0;
+    const info = {
+      domain: domain ?? "",
+      uri: resourceUri,
+      version: opts.version ?? "1",
+      nonce,
+      issuedAt,
+      resources: [resourceUri]
+    };
+    if (expirationTime) {
+      info.expirationTime = expirationTime;
+    }
+    if (opts.statement) {
+      info.statement = opts.statement;
+    }
+    const supportedChains = networks.map((network) => ({
+      chainId: network,
+      type: getSignatureType(network)
+    }));
+    return {
+      info,
+      supportedChains,
+      schema: buildSIWxSchema()
+    };
+  }
+};
+
+// src/sign-in-with-x/parse.ts
+var import_utils = require("@x402/core/utils");
+function parseSIWxHeader(header) {
+  if (!import_utils.Base64EncodedRegex.test(header)) {
+    throw new Error("Invalid SIWX header: not valid base64");
+  }
+  const jsonStr = (0, import_utils.safeBase64Decode)(header);
+  let rawPayload;
+  try {
+    rawPayload = JSON.parse(jsonStr);
+  } catch (error) {
+    if (error instanceof SyntaxError) {
+      throw new Error("Invalid SIWX header: not valid JSON");
+    }
+    throw error;
+  }
+  const parsed = SIWxPayloadSchema.safeParse(rawPayload);
+  if (!parsed.success) {
+    const issues = parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(", ");
+    throw new Error(`Invalid SIWX header: ${issues}`);
+  }
+  return parsed.data;
+}
+
+// src/sign-in-with-x/validate.ts
+var DEFAULT_MAX_AGE_MS = 5 * 60 * 1e3;
+async function validateSIWxMessage(message, expectedResourceUri, options = {}) {
+  const expectedUrl = new URL(expectedResourceUri);
+  const maxAge = options.maxAge ?? DEFAULT_MAX_AGE_MS;
+  if (message.domain !== expectedUrl.hostname) {
+    return {
+      valid: false,
+      error: `Domain mismatch: expected "${expectedUrl.hostname}", got "${message.domain}"`
+    };
+  }
+  if (!message.uri.startsWith(expectedUrl.origin)) {
+    return {
+      valid: false,
+      error: `URI mismatch: expected origin "${expectedUrl.origin}", got "${message.uri}"`
+    };
+  }
+  const issuedAt = new Date(message.issuedAt);
+  if (isNaN(issuedAt.getTime())) {
+    return {
+      valid: false,
+      error: "Invalid issuedAt timestamp"
+    };
+  }
+  const age = Date.now() - issuedAt.getTime();
+  if (age > maxAge) {
+    return {
+      valid: false,
+      error: `Message too old: ${Math.round(age / 1e3)}s exceeds ${maxAge / 1e3}s limit`
+    };
+  }
+  if (age < 0) {
+    return {
+      valid: false,
+      error: "issuedAt is in the future"
+    };
+  }
+  if (message.expirationTime) {
+    const expiration = new Date(message.expirationTime);
+    if (isNaN(expiration.getTime())) {
+      return {
+        valid: false,
+        error: "Invalid expirationTime timestamp"
+      };
+    }
+    if (expiration < /* @__PURE__ */ new Date()) {
+      return {
+        valid: false,
+        error: "Message expired"
+      };
+    }
+  }
+  if (message.notBefore) {
+    const notBefore = new Date(message.notBefore);
+    if (isNaN(notBefore.getTime())) {
+      return {
+        valid: false,
+        error: "Invalid notBefore timestamp"
+      };
+    }
+    if (/* @__PURE__ */ new Date() < notBefore) {
+      return {
+        valid: false,
+        error: "Message not yet valid (notBefore is in the future)"
+      };
+    }
+  }
+  if (options.checkNonce) {
+    const nonceValid = await options.checkNonce(message.nonce);
+    if (!nonceValid) {
+      return {
+        valid: false,
+        error: "Nonce validation failed (possible replay attack)"
+      };
+    }
+  }
+  return { valid: true };
+}
+
+// src/sign-in-with-x/evm.ts
+var import_viem = require("viem");
+var import_siwe = require("siwe");
+function extractEVMChainId(chainId) {
+  const match = /^eip155:(\d+)$/.exec(chainId);
+  if (!match) {
+    throw new Error(`Invalid EVM chainId format: ${chainId}. Expected eip155:<number>`);
+  }
+  return parseInt(match[1], 10);
+}
+function formatSIWEMessage(info, address) {
+  const numericChainId = extractEVMChainId(info.chainId);
+  const siweMessage = new import_siwe.SiweMessage({
+    domain: info.domain,
+    address,
+    statement: info.statement,
+    uri: info.uri,
+    version: info.version,
+    chainId: numericChainId,
+    nonce: info.nonce,
+    issuedAt: info.issuedAt,
+    expirationTime: info.expirationTime,
+    notBefore: info.notBefore,
+    requestId: info.requestId,
+    resources: info.resources
+  });
+  return siweMessage.prepareMessage();
+}
+async function verifyEVMSignature(message, address, signature, verifier) {
+  const args = {
+    address,
+    message,
+    signature
+  };
+  if (verifier) {
+    return verifier(args);
+  }
+  return (0, import_viem.verifyMessage)(args);
+}
+
+// src/sign-in-with-x/verify.ts
+async function verifySIWxSignature(payload, options) {
+  try {
+    if (payload.chainId.startsWith("eip155:")) {
+      return verifyEVMPayload(payload, options?.evmVerifier);
+    }
+    if (payload.chainId.startsWith("solana:")) {
+      return verifySolanaPayload(payload);
+    }
+    return {
+      valid: false,
+      error: `Unsupported chain namespace: ${payload.chainId}. Supported: eip155:* (EVM), solana:* (Solana)`
+    };
+  } catch (error) {
+    return {
+      valid: false,
+      error: error instanceof Error ? error.message : "Verification failed"
+    };
+  }
+}
+async function verifyEVMPayload(payload, verifier) {
+  const message = formatSIWEMessage(
+    {
+      domain: payload.domain,
+      uri: payload.uri,
+      statement: payload.statement,
+      version: payload.version,
+      chainId: payload.chainId,
+      type: payload.type,
+      nonce: payload.nonce,
+      issuedAt: payload.issuedAt,
+      expirationTime: payload.expirationTime,
+      notBefore: payload.notBefore,
+      requestId: payload.requestId,
+      resources: payload.resources
+    },
+    payload.address
+  );
+  try {
+    const valid = await verifyEVMSignature(message, payload.address, payload.signature, verifier);
+    if (!valid) {
+      return {
+        valid: false,
+        error: "Signature verification failed"
+      };
+    }
+    return {
+      valid: true,
+      address: payload.address
+    };
+  } catch (error) {
+    return {
+      valid: false,
+      error: error instanceof Error ? error.message : "Signature verification failed"
+    };
+  }
+}
+function verifySolanaPayload(payload) {
+  const message = formatSIWSMessage(
+    {
+      domain: payload.domain,
+      uri: payload.uri,
+      statement: payload.statement,
+      version: payload.version,
+      chainId: payload.chainId,
+      type: payload.type,
+      nonce: payload.nonce,
+      issuedAt: payload.issuedAt,
+      expirationTime: payload.expirationTime,
+      notBefore: payload.notBefore,
+      requestId: payload.requestId,
+      resources: payload.resources
+    },
+    payload.address
+  );
+  let signature;
+  let publicKey;
+  try {
+    signature = decodeBase58(payload.signature);
+    publicKey = decodeBase58(payload.address);
+  } catch (error) {
+    return {
+      valid: false,
+      error: `Invalid Base58 encoding: ${error instanceof Error ? error.message : "decode failed"}`
+    };
+  }
+  if (signature.length !== 64) {
+    return {
+      valid: false,
+      error: `Invalid signature length: expected 64 bytes, got ${signature.length}`
+    };
+  }
+  if (publicKey.length !== 32) {
+    return {
+      valid: false,
+      error: `Invalid public key length: expected 32 bytes, got ${publicKey.length}`
+    };
+  }
+  const valid = verifySolanaSignature(message, signature, publicKey);
+  if (!valid) {
+    return {
+      valid: false,
+      error: "Solana signature verification failed"
+    };
+  }
+  return {
+    valid: true,
+    address: payload.address
+  };
+}
+
+// src/sign-in-with-x/message.ts
+function createSIWxMessage(serverInfo, address) {
+  if (serverInfo.chainId.startsWith("eip155:")) {
+    return formatSIWEMessage(serverInfo, address);
+  }
+  if (serverInfo.chainId.startsWith("solana:")) {
+    return formatSIWSMessage(serverInfo, address);
+  }
+  throw new Error(
+    `Unsupported chain namespace: ${serverInfo.chainId}. Supported: eip155:* (EVM), solana:* (Solana)`
+  );
+}
+
+// src/sign-in-with-x/sign.ts
+function getEVMAddress(signer) {
+  if (signer.account?.address) {
+    return signer.account.address;
+  }
+  if (signer.address) {
+    return signer.address;
+  }
+  throw new Error("EVM signer missing address");
+}
+function getSolanaAddress(signer) {
+  const pk = signer.publicKey;
+  return typeof pk === "string" ? pk : pk.toBase58();
+}
+async function signEVMMessage(message, signer) {
+  if (signer.account) {
+    return signer.signMessage({ message, account: signer.account });
+  }
+  return signer.signMessage({ message });
+}
+async function signSolanaMessage(message, signer) {
+  const messageBytes = new TextEncoder().encode(message);
+  const signatureBytes = await signer.signMessage(messageBytes);
+  return encodeBase58(signatureBytes);
+}
+
+// src/sign-in-with-x/client.ts
+async function createSIWxPayload(serverExtension, signer) {
+  const isSolana = serverExtension.chainId.startsWith("solana:");
+  const address = isSolana ? getSolanaAddress(signer) : getEVMAddress(signer);
+  const message = createSIWxMessage(serverExtension, address);
+  const signature = isSolana ? await signSolanaMessage(message, signer) : await signEVMMessage(message, signer);
+  return {
+    domain: serverExtension.domain,
+    address,
+    statement: serverExtension.statement,
+    uri: serverExtension.uri,
+    version: serverExtension.version,
+    chainId: serverExtension.chainId,
+    type: serverExtension.type,
+    nonce: serverExtension.nonce,
+    issuedAt: serverExtension.issuedAt,
+    expirationTime: serverExtension.expirationTime,
+    notBefore: serverExtension.notBefore,
+    requestId: serverExtension.requestId,
+    resources: serverExtension.resources,
+    signatureScheme: serverExtension.signatureScheme,
+    signature
+  };
+}
+
+// src/sign-in-with-x/encode.ts
+var import_utils2 = require("@x402/core/utils");
+function encodeSIWxHeader(payload) {
+  return (0, import_utils2.safeBase64Encode)(JSON.stringify(payload));
+}
+
+// src/sign-in-with-x/fetch.ts
+var import_http = require("@x402/core/http");
+function wrapFetchWithSIWx(fetch2, signer) {
+  return async (input, init) => {
+    const request = new Request(input, init);
+    const clonedRequest = request.clone();
+    const response = await fetch2(request);
+    if (response.status !== 402) {
+      return response;
+    }
+    const paymentRequiredHeader = response.headers.get("PAYMENT-REQUIRED");
+    if (!paymentRequiredHeader) {
+      return response;
+    }
+    const paymentRequired = (0, import_http.decodePaymentRequiredHeader)(paymentRequiredHeader);
+    const siwxExtension = paymentRequired.extensions?.[SIGN_IN_WITH_X];
+    if (!siwxExtension?.supportedChains) {
+      return response;
+    }
+    if (clonedRequest.headers.has(SIGN_IN_WITH_X)) {
+      throw new Error("SIWX authentication already attempted");
+    }
+    const paymentNetwork = paymentRequired.accepts?.[0]?.network;
+    if (!paymentNetwork) {
+      return response;
+    }
+    const matchingChain = siwxExtension.supportedChains.find(
+      (chain) => chain.chainId === paymentNetwork
+    );
+    if (!matchingChain) {
+      return response;
+    }
+    const completeInfo = {
+      ...siwxExtension.info,
+      chainId: matchingChain.chainId,
+      type: matchingChain.type
+    };
+    const payload = await createSIWxPayload(completeInfo, signer);
+    const siwxHeader = encodeSIWxHeader(payload);
+    clonedRequest.headers.set(SIGN_IN_WITH_X, siwxHeader);
+    return fetch2(clonedRequest);
+  };
+}
+
+// src/sign-in-with-x/storage.ts
+var InMemorySIWxStorage = class {
+  constructor() {
+    this.paidAddresses = /* @__PURE__ */ new Map();
+  }
+  /**
+   * Check if an address has paid for a resource.
+   *
+   * @param resource - The resource path
+   * @param address - The wallet address to check
+   * @returns True if the address has paid
+   */
+  hasPaid(resource, address) {
+    return this.paidAddresses.get(resource)?.has(address.toLowerCase()) ?? false;
+  }
+  /**
+   * Record that an address has paid for a resource.
+   *
+   * @param resource - The resource path
+   * @param address - The wallet address that paid
+   */
+  recordPayment(resource, address) {
+    if (!this.paidAddresses.has(resource)) {
+      this.paidAddresses.set(resource, /* @__PURE__ */ new Set());
+    }
+    this.paidAddresses.get(resource).add(address.toLowerCase());
+  }
+};
+
+// src/sign-in-with-x/hooks.ts
+function createSIWxSettleHook(options) {
+  const { storage, onEvent } = options;
+  return async (ctx) => {
+    if (!ctx.result.success) return;
+    const address = ctx.result.payer;
+    if (!address) return;
+    const resource = new URL(ctx.paymentPayload.resource.url).pathname;
+    await storage.recordPayment(resource, address);
+    onEvent?.({ type: "payment_recorded", resource, address });
+  };
+}
+function createSIWxRequestHook(options) {
+  const { storage, verifyOptions, onEvent } = options;
+  const hasUsedNonce = typeof storage.hasUsedNonce === "function";
+  const hasRecordNonce = typeof storage.recordNonce === "function";
+  if (hasUsedNonce !== hasRecordNonce) {
+    throw new Error(
+      "SIWxStorage nonce tracking requires both hasUsedNonce and recordNonce to be implemented"
+    );
+  }
+  return async (context) => {
+    const header = context.adapter.getHeader(SIGN_IN_WITH_X) || context.adapter.getHeader(SIGN_IN_WITH_X.toLowerCase());
+    if (!header) return;
+    try {
+      const payload = parseSIWxHeader(header);
+      const resourceUri = context.adapter.getUrl();
+      const validation = await validateSIWxMessage(payload, resourceUri);
+      if (!validation.valid) {
+        onEvent?.({ type: "validation_failed", resource: context.path, error: validation.error });
+        return;
+      }
+      const verification = await verifySIWxSignature(payload, verifyOptions);
+      if (!verification.valid || !verification.address) {
+        onEvent?.({ type: "validation_failed", resource: context.path, error: verification.error });
+        return;
+      }
+      if (storage.hasUsedNonce) {
+        const nonceUsed = await storage.hasUsedNonce(payload.nonce);
+        if (nonceUsed) {
+          onEvent?.({ type: "nonce_reused", resource: context.path, nonce: payload.nonce });
+          return;
+        }
+      }
+      const hasPaid = await storage.hasPaid(context.path, verification.address);
+      if (hasPaid) {
+        if (storage.recordNonce) {
+          await storage.recordNonce(payload.nonce);
+        }
+        onEvent?.({
+          type: "access_granted",
+          resource: context.path,
+          address: verification.address
+        });
+        return { grantAccess: true };
+      }
+    } catch (err) {
+      onEvent?.({
+        type: "validation_failed",
+        resource: context.path,
+        error: err instanceof Error ? err.message : "Unknown error"
+      });
+    }
+  };
+}
+function createSIWxClientHook(signer) {
+  return async (context) => {
+    const extensions = context.paymentRequired.extensions ?? {};
+    const siwxExtension = extensions[SIGN_IN_WITH_X];
+    if (!siwxExtension?.supportedChains) return;
+    try {
+      const paymentNetwork = context.paymentRequired.accepts?.[0]?.network;
+      if (!paymentNetwork) return;
+      const matchingChain = siwxExtension.supportedChains.find(
+        (chain) => chain.chainId === paymentNetwork
+      );
+      if (!matchingChain) {
+        return;
+      }
+      const completeInfo = {
+        ...siwxExtension.info,
+        chainId: matchingChain.chainId,
+        type: matchingChain.type
+      };
+      const payload = await createSIWxPayload(completeInfo, signer);
+      const header = encodeSIWxHeader(payload);
+      return { headers: { [SIGN_IN_WITH_X]: header } };
+    } catch {
+    }
+  };
+}
+
+// src/payment-identifier/types.ts
+var PAYMENT_IDENTIFIER = "payment-identifier";
+var PAYMENT_ID_MIN_LENGTH = 16;
+var PAYMENT_ID_MAX_LENGTH = 128;
+var PAYMENT_ID_PATTERN = /^[a-zA-Z0-9_-]+$/;
+
+// src/payment-identifier/schema.ts
+var paymentIdentifierSchema = {
+  $schema: "https://json-schema.org/draft/2020-12/schema",
+  type: "object",
+  properties: {
+    required: {
+      type: "boolean"
+    },
+    id: {
+      type: "string",
+      minLength: PAYMENT_ID_MIN_LENGTH,
+      maxLength: PAYMENT_ID_MAX_LENGTH,
+      pattern: "^[a-zA-Z0-9_-]+$"
+    }
+  },
+  required: ["required"]
+};
+
+// src/payment-identifier/utils.ts
+function generatePaymentId(prefix = "pay_") {
+  const uuid = crypto.randomUUID().replace(/-/g, "");
+  return `${prefix}${uuid}`;
+}
+function isValidPaymentId(id) {
+  if (typeof id !== "string") {
+    return false;
+  }
+  if (id.length < PAYMENT_ID_MIN_LENGTH || id.length > PAYMENT_ID_MAX_LENGTH) {
+    return false;
+  }
+  return PAYMENT_ID_PATTERN.test(id);
+}
+
+// src/payment-identifier/validation.ts
+var import__2 = __toESM(require("ajv/dist/2020.js"));
+function isPaymentIdentifierExtension(extension) {
+  if (!extension || typeof extension !== "object") {
+    return false;
+  }
+  const ext = extension;
+  if (!ext.info || typeof ext.info !== "object") {
+    return false;
+  }
+  const info = ext.info;
+  if (typeof info.required !== "boolean") {
+    return false;
+  }
+  return true;
+}
+function validatePaymentIdentifier(extension) {
+  if (!extension || typeof extension !== "object") {
+    return {
+      valid: false,
+      errors: ["Extension must be an object"]
+    };
+  }
+  const ext = extension;
+  if (!ext.info || typeof ext.info !== "object") {
+    return {
+      valid: false,
+      errors: ["Extension must have an 'info' property"]
+    };
+  }
+  const info = ext.info;
+  if (typeof info.required !== "boolean") {
+    return {
+      valid: false,
+      errors: ["Extension info must have a 'required' boolean property"]
+    };
+  }
+  if (info.id !== void 0 && typeof info.id !== "string") {
+    return {
+      valid: false,
+      errors: ["Extension info 'id' must be a string if provided"]
+    };
+  }
+  if (info.id !== void 0 && !isValidPaymentId(info.id)) {
+    return {
+      valid: false,
+      errors: [
+        `Invalid payment ID format. ID must be 16-128 characters and contain only alphanumeric characters, hyphens, and underscores.`
+      ]
+    };
+  }
+  if (ext.schema) {
+    try {
+      const ajv = new import__2.default({ strict: false, allErrors: true });
+      const validate = ajv.compile(ext.schema);
+      const valid = validate(ext.info);
+      if (!valid && validate.errors) {
+        const errors = validate.errors?.map((err) => {
+          const path = err.instancePath || "(root)";
+          return `${path}: ${err.message}`;
+        }) || ["Unknown validation error"];
+        return { valid: false, errors };
+      }
+    } catch (error) {
+      return {
+        valid: false,
+        errors: [
+          `Schema validation failed: ${error instanceof Error ? error.message : String(error)}`
+        ]
+      };
+    }
+  }
+  return { valid: true };
+}
+function extractPaymentIdentifier(paymentPayload, validate = true) {
+  if (!paymentPayload.extensions) {
+    return null;
+  }
+  const extension = paymentPayload.extensions[PAYMENT_IDENTIFIER];
+  if (!extension || typeof extension !== "object") {
+    return null;
+  }
+  const ext = extension;
+  if (!ext.info || typeof ext.info !== "object") {
+    return null;
+  }
+  const info = ext.info;
+  if (typeof info.id !== "string") {
+    return null;
+  }
+  if (validate && !isValidPaymentId(info.id)) {
+    return null;
+  }
+  return info.id;
+}
+function extractAndValidatePaymentIdentifier(paymentPayload) {
+  if (!paymentPayload.extensions) {
+    return { id: null, validation: { valid: true } };
+  }
+  const extension = paymentPayload.extensions[PAYMENT_IDENTIFIER];
+  if (!extension) {
+    return { id: null, validation: { valid: true } };
+  }
+  const validation = validatePaymentIdentifier(extension);
+  if (!validation.valid) {
+    return { id: null, validation };
+  }
+  const ext = extension;
+  return { id: ext.info.id ?? null, validation: { valid: true } };
+}
+function hasPaymentIdentifier(paymentPayload) {
+  return !!(paymentPayload.extensions && paymentPayload.extensions[PAYMENT_IDENTIFIER]);
+}
+function isPaymentIdentifierRequired(extension) {
+  if (!extension || typeof extension !== "object") {
+    return false;
+  }
+  const ext = extension;
+  if (!ext.info || typeof ext.info !== "object") {
+    return false;
+  }
+  return ext.info.required === true;
+}
+function validatePaymentIdentifierRequirement(paymentPayload, serverRequired) {
+  if (!serverRequired) {
+    return { valid: true };
+  }
+  const id = extractPaymentIdentifier(paymentPayload, false);
+  if (!id) {
+    return {
+      valid: false,
+      errors: ["Server requires a payment identifier but none was provided"]
+    };
+  }
+  if (!isValidPaymentId(id)) {
+    return {
+      valid: false,
+      errors: [
+        `Invalid payment ID format. ID must be 16-128 characters and contain only alphanumeric characters, hyphens, and underscores.`
+      ]
+    };
+  }
+  return { valid: true };
+}
+
+// src/payment-identifier/client.ts
+function appendPaymentIdentifierToExtensions(extensions, id) {
+  const extension = extensions[PAYMENT_IDENTIFIER];
+  if (!isPaymentIdentifierExtension(extension)) {
+    return extensions;
+  }
+  const paymentId = id ?? generatePaymentId();
+  if (!isValidPaymentId(paymentId)) {
+    throw new Error(
+      `Invalid payment ID: "${paymentId}". ID must be 16-128 characters and contain only alphanumeric characters, hyphens, and underscores.`
+    );
+  }
+  extension.info.id = paymentId;
+  return extensions;
+}
+
+// src/payment-identifier/resourceServer.ts
+function declarePaymentIdentifierExtension(required = false) {
+  return {
+    info: { required },
+    schema: paymentIdentifierSchema
+  };
+}
+var paymentIdentifierResourceServerExtension = {
+  key: PAYMENT_IDENTIFIER
+  // No enrichment needed - the declaration is static
+  // Future hooks for idempotency could be added here if needed
+};
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   BAZAAR,
+  InMemorySIWxStorage,
+  PAYMENT_IDENTIFIER,
+  PAYMENT_ID_MAX_LENGTH,
+  PAYMENT_ID_MIN_LENGTH,
+  PAYMENT_ID_PATTERN,
+  SIGN_IN_WITH_X,
+  SIWxPayloadSchema,
+  SOLANA_DEVNET,
+  SOLANA_MAINNET,
+  SOLANA_TESTNET,
+  appendPaymentIdentifierToExtensions,
   bazaarResourceServerExtension,
+  buildSIWxSchema,
+  createSIWxClientHook,
+  createSIWxMessage,
+  createSIWxPayload,
+  createSIWxRequestHook,
+  createSIWxSettleHook,
   declareDiscoveryExtension,
+  declarePaymentIdentifierExtension,
+  declareSIWxExtension,
+  decodeBase58,
+  encodeBase58,
+  encodeSIWxHeader,
+  extractAndValidatePaymentIdentifier,
   extractDiscoveryInfo,
   extractDiscoveryInfoFromExtension,
   extractDiscoveryInfoV1,
+  extractEVMChainId,
+  extractPaymentIdentifier,
   extractResourceMetadataV1,
+  extractSolanaChainReference,
+  formatSIWEMessage,
+  formatSIWSMessage,
+  generatePaymentId,
+  getEVMAddress,
+  getSolanaAddress,
+  hasPaymentIdentifier,
   isDiscoverableV1,
+  isPaymentIdentifierExtension,
+  isPaymentIdentifierRequired,
+  isValidPaymentId,
+  parseSIWxHeader,
+  paymentIdentifierResourceServerExtension,
+  paymentIdentifierSchema,
+  signEVMMessage,
+  signSolanaMessage,
+  siwxResourceServerExtension,
   validateAndExtract,
   validateDiscoveryExtension,
-  withBazaar
+  validatePaymentIdentifier,
+  validatePaymentIdentifierRequirement,
+  validateSIWxMessage,
+  verifyEVMSignature,
+  verifySIWxSignature,
+  verifySolanaSignature,
+  withBazaar,
+  wrapFetchWithSIWx
 });
 //# sourceMappingURL=index.js.map