moltspay 1.5.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/README.md +143 -0
  2. package/dist/cdp/index.js.map +1 -1
  3. package/dist/cdp/index.mjs.map +1 -1
  4. package/dist/{cdp-DeohBe1o.d.ts → cdp-B5PhDUTC.d.ts} +1 -1
  5. package/dist/{cdp-p_eHuQpb.d.mts → cdp-D-5Hg3y_.d.mts} +1 -1
  6. package/dist/chains/index.d.mts +37 -1
  7. package/dist/chains/index.d.ts +37 -1
  8. package/dist/chains/index.js +22 -0
  9. package/dist/chains/index.js.map +1 -1
  10. package/dist/chains/index.mjs +19 -0
  11. package/dist/chains/index.mjs.map +1 -1
  12. package/dist/cli/index.js +1941 -204
  13. package/dist/cli/index.js.map +1 -1
  14. package/dist/cli/index.mjs +1938 -201
  15. package/dist/cli/index.mjs.map +1 -1
  16. package/dist/client/index.d.mts +46 -0
  17. package/dist/client/index.d.ts +46 -0
  18. package/dist/client/index.js +1059 -118
  19. package/dist/client/index.js.map +1 -1
  20. package/dist/client/index.mjs +1055 -116
  21. package/dist/client/index.mjs.map +1 -1
  22. package/dist/client/web/index.d.mts +434 -0
  23. package/dist/client/web/index.mjs +1300 -0
  24. package/dist/client/web/index.mjs.map +1 -0
  25. package/dist/facilitators/index.d.mts +185 -6
  26. package/dist/facilitators/index.d.ts +185 -6
  27. package/dist/facilitators/index.js +497 -13
  28. package/dist/facilitators/index.js.map +1 -1
  29. package/dist/facilitators/index.mjs +492 -13
  30. package/dist/facilitators/index.mjs.map +1 -1
  31. package/dist/index.d.mts +77 -2
  32. package/dist/index.d.ts +77 -2
  33. package/dist/index.js +1865 -172
  34. package/dist/index.js.map +1 -1
  35. package/dist/index.mjs +1854 -167
  36. package/dist/index.mjs.map +1 -1
  37. package/dist/mcp/index.js +1062 -123
  38. package/dist/mcp/index.js.map +1 -1
  39. package/dist/mcp/index.mjs +1059 -120
  40. package/dist/mcp/index.mjs.map +1 -1
  41. package/dist/{registry-OsEO2dOu.d.mts → registry-DIo0WNoO.d.mts} +8 -1
  42. package/dist/{registry-OsEO2dOu.d.ts → registry-DIo0WNoO.d.ts} +8 -1
  43. package/dist/server/index.d.mts +137 -2
  44. package/dist/server/index.d.ts +137 -2
  45. package/dist/server/index.js +757 -30
  46. package/dist/server/index.js.map +1 -1
  47. package/dist/server/index.mjs +757 -30
  48. package/dist/server/index.mjs.map +1 -1
  49. package/dist/verify/index.js.map +1 -1
  50. package/dist/verify/index.mjs.map +1 -1
  51. package/dist/wallet/index.js.map +1 -1
  52. package/dist/wallet/index.mjs.map +1 -1
  53. package/package.json +15 -2
  54. package/schemas/moltspay.services.schema.json +100 -6
  55. package/scripts/postinstall.js +91 -0
@@ -26,6 +26,13 @@ interface X402PaymentPayload {
26
26
  }
27
27
  /**
28
28
  * x402 Payment Requirements (server specifies what it accepts)
29
+ *
30
+ * **Per-scheme `extra` conventions:**
31
+ * - `alipay-aipay` (2.0.0+): `extra` carries the parallel `Payment-Needed`
32
+ * contents so x402-aware clients don't need to read the separate HTTP
33
+ * header. Server side, `AlipayFacilitator.createPaymentRequirements`
34
+ * populates: `payment_needed_header` (Base64URL of nested
35
+ * `{protocol, method}` JSON), `out_trade_no`, `pay_before`, `service_id`.
29
36
  */
30
37
  interface X402PaymentRequirements {
31
38
  scheme: string;
@@ -230,4 +237,4 @@ declare function getDefaultRegistry(): FacilitatorRegistry;
230
237
  */
231
238
  declare function createRegistry(selection?: FacilitatorSelection): FacilitatorRegistry;
232
239
 
233
- export { BaseFacilitator as B, type Facilitator as F, type HealthCheckResult as H, type SelectionStrategy as S, type VerifyResult as V, type X402PaymentPayload as X, type FacilitatorConfig as a, type FacilitatorFee as b, FacilitatorRegistry as c, type FacilitatorSelection as d, type SettleResult as e, type X402PaymentRequirements as f, createRegistry as g, getDefaultRegistry as h };
240
+ export { BaseFacilitator as B, type FacilitatorConfig as F, type HealthCheckResult as H, type SettleResult as S, type VerifyResult as V, type X402PaymentPayload as X, type X402PaymentRequirements as a, type FacilitatorFee as b, type Facilitator as c, FacilitatorRegistry as d, type FacilitatorSelection as e, type SelectionStrategy as f, createRegistry as g, getDefaultRegistry as h };
@@ -26,6 +26,13 @@ interface X402PaymentPayload {
26
26
  }
27
27
  /**
28
28
  * x402 Payment Requirements (server specifies what it accepts)
29
+ *
30
+ * **Per-scheme `extra` conventions:**
31
+ * - `alipay-aipay` (2.0.0+): `extra` carries the parallel `Payment-Needed`
32
+ * contents so x402-aware clients don't need to read the separate HTTP
33
+ * header. Server side, `AlipayFacilitator.createPaymentRequirements`
34
+ * populates: `payment_needed_header` (Base64URL of nested
35
+ * `{protocol, method}` JSON), `out_trade_no`, `pay_before`, `service_id`.
29
36
  */
30
37
  interface X402PaymentRequirements {
31
38
  scheme: string;
@@ -230,4 +237,4 @@ declare function getDefaultRegistry(): FacilitatorRegistry;
230
237
  */
231
238
  declare function createRegistry(selection?: FacilitatorSelection): FacilitatorRegistry;
232
239
 
233
- export { BaseFacilitator as B, type Facilitator as F, type HealthCheckResult as H, type SelectionStrategy as S, type VerifyResult as V, type X402PaymentPayload as X, type FacilitatorConfig as a, type FacilitatorFee as b, FacilitatorRegistry as c, type FacilitatorSelection as d, type SettleResult as e, type X402PaymentRequirements as f, createRegistry as g, getDefaultRegistry as h };
240
+ export { BaseFacilitator as B, type FacilitatorConfig as F, type HealthCheckResult as H, type SettleResult as S, type VerifyResult as V, type X402PaymentPayload as X, type X402PaymentRequirements as a, type FacilitatorFee as b, type Facilitator as c, FacilitatorRegistry as d, type FacilitatorSelection as e, type SelectionStrategy as f, createRegistry as g, getDefaultRegistry as h };
@@ -1,4 +1,4 @@
1
- import { d as FacilitatorSelection } from '../registry-OsEO2dOu.mjs';
1
+ import { e as FacilitatorSelection } from '../registry-DIo0WNoO.mjs';
2
2
 
3
3
  /**
4
4
  * MoltsPay Server Types
@@ -22,6 +22,37 @@ interface ServiceConfig {
22
22
  command?: string;
23
23
  /** Function name to import from skill's index.js (new skill-based approach) */
24
24
  function?: string;
25
+ /**
26
+ * Alipay AI 收 per-service config (2.0.0+).
27
+ * Set when this service accepts CNY payments via the alipay rail.
28
+ * The `price`/`currency` fields above still describe USDC pricing
29
+ * for the x402 rails; `alipay.price_cny` is a separate CNY price.
30
+ */
31
+ alipay?: ServiceAlipayConfig;
32
+ }
33
+ /**
34
+ * Per-service Alipay AI 收 configuration (2.0.0+).
35
+ *
36
+ * Sample:
37
+ * ```json
38
+ * "alipay": {
39
+ * "service_id": "API_0EA6DC4FC99A4DF7",
40
+ * "price_cny": "7.00",
41
+ * "goods_name": "产品演示视频 - 系列一"
42
+ * }
43
+ * ```
44
+ */
45
+ interface ServiceAlipayConfig {
46
+ /** Per-service service_id (defaults to provider.alipay.service_id_default). */
47
+ service_id?: string;
48
+ /**
49
+ * CNY price as decimal string in **元** (e.g. `"7.00"` = 7 CNY).
50
+ * NOT cents: `"100"` means 100 元, not 100 分.
51
+ * Must match `/^\d+(\.\d{1,2})?$/`.
52
+ */
53
+ price_cny: string;
54
+ /** Goods name shown to the user in the Alipay app. */
55
+ goods_name: string;
25
56
  }
26
57
  interface InputField {
27
58
  type: 'string' | 'number' | 'boolean' | 'object';
@@ -45,6 +76,49 @@ interface ProviderConfig {
45
76
  solana_wallet?: string;
46
77
  chain?: string;
47
78
  chains?: ChainConfig[];
79
+ /**
80
+ * Alipay AI 收 provider-level config (2.0.0+).
81
+ * Required when `chains` includes `"alipay"`.
82
+ * Server validates `private_key_path` / `alipay_public_key_path` are
83
+ * readable + parse as RSA PEM at startup; rejects start otherwise.
84
+ */
85
+ alipay?: ProviderAlipayConfig;
86
+ }
87
+ /**
88
+ * Provider-level Alipay AI 收 configuration (2.0.0+).
89
+ *
90
+ * The user-facing form uses FILE PATHS for both PEM keys; the server
91
+ * resolves them to PEM strings before constructing AlipayFacilitator.
92
+ *
93
+ * Sample:
94
+ * ```json
95
+ * "alipay": {
96
+ * "seller_id": "2088641494699428",
97
+ * "app_id": "2021006150642142",
98
+ * "seller_name": "上海超响应数字科技有限公司",
99
+ * "service_id_default": "API_0EA6DC4FC99A4DF7",
100
+ * "private_key_path": "./cert/ALIPAY_PRIVATE_KEY.txt",
101
+ * "alipay_public_key_path": "./cert/ALIPAY_PUBLIC_KEY.txt"
102
+ * }
103
+ * ```
104
+ */
105
+ interface ProviderAlipayConfig {
106
+ /** Merchant Alipay ID (16 digits, e.g. `"2088641494699428"`). */
107
+ seller_id: string;
108
+ /** Application ID from Alipay Open Platform. */
109
+ app_id: string;
110
+ /** Merchant legal name; appears in `method.seller_name` of the 402 challenge. */
111
+ seller_name: string;
112
+ /** Default `service_id` when a `services[].alipay` entry doesn't override it. */
113
+ service_id_default: string;
114
+ /** Path to the RSA2 merchant private key PEM file (relative to moltspay.services.json). */
115
+ private_key_path: string;
116
+ /** Path to the Alipay platform public key PEM file (relative to moltspay.services.json). */
117
+ alipay_public_key_path: string;
118
+ /** Open API gateway URL. Defaults to `"https://openapi.alipay.com/gateway.do"`. */
119
+ gateway_url?: string;
120
+ /** Signature algorithm. Only `"RSA2"` is supported in 2.0.0. */
121
+ sign_type?: 'RSA2';
48
122
  }
49
123
  interface ServicesManifest {
50
124
  provider: ProviderConfig;
@@ -84,12 +158,39 @@ interface Charge {
84
158
  paidAt?: number;
85
159
  completedAt?: number;
86
160
  }
161
+ /**
162
+ * CORS configuration. See MoltsPayServerOptions.cors.
163
+ * Fine-grained shape for providers that need allowlist origins or custom control.
164
+ */
165
+ interface CorsOptions {
166
+ /** Explicit origin allowlist. Either an array of origins, or a predicate function. */
167
+ origins: string[] | ((origin: string) => boolean);
168
+ /** Emit `Access-Control-Allow-Credentials: true`. Default false. */
169
+ credentials?: boolean;
170
+ /** Preflight cache seconds (`Access-Control-Max-Age`). Default 600. */
171
+ maxAge?: number;
172
+ }
87
173
  interface MoltsPayServerOptions {
88
174
  port?: number;
89
175
  host?: string;
90
176
  chargeExpirySecs?: number;
91
177
  /** x402 Facilitator URL (default: https://x402.org/facilitator) */
92
178
  facilitatorUrl?: string;
179
+ /**
180
+ * CORS configuration.
181
+ *
182
+ * - `undefined` or `true` (default): allow any origin (`Access-Control-Allow-Origin: *`).
183
+ * This matches the 1.5.x behavior — browser clients from any origin can call this server.
184
+ * - `false`: emit no CORS headers (same-origin only).
185
+ * - `string[]`: explicit origin allowlist. Request's Origin must match an entry.
186
+ * - `CorsOptions` object: fine-grained control (origins + credentials + maxAge).
187
+ *
188
+ * When CORS is active, the server always exposes the following response headers via
189
+ * `Access-Control-Expose-Headers`: `X-Payment-Required`, `X-Payment-Response`,
190
+ * `WWW-Authenticate`, `Payment-Receipt`. These are required for browser clients to
191
+ * read the 402 challenge and the payment receipt on successful responses.
192
+ */
193
+ cors?: boolean | string[] | CorsOptions;
93
194
  }
94
195
 
95
196
  /**
@@ -122,6 +223,8 @@ declare class MoltsPayServer {
122
223
  private registry;
123
224
  private networkId;
124
225
  private useMainnet;
226
+ /** Alipay AI 收 facilitator instance, set when `provider.alipay` is configured (2.0.0). */
227
+ private alipayFacilitator;
125
228
  constructor(servicesPath: string, options?: MoltsPayServerOptionsExtended);
126
229
  /**
127
230
  * Register a skill handler for a service
@@ -144,6 +247,21 @@ declare class MoltsPayServer {
144
247
  * Start HTTP server
145
248
  */
146
249
  listen(port?: number): void;
250
+ /**
251
+ * Apply CORS response headers according to the `cors` option.
252
+ *
253
+ * Default (`cors` unset or `true`): `Access-Control-Allow-Origin: *`. Matches 1.5.x behavior
254
+ * and works for every browser client whose origin does not need to send cookies.
255
+ *
256
+ * `cors: false`: emit no CORS headers. Same-origin only.
257
+ * `cors: string[]`: origin allowlist — echo the origin back iff it matches.
258
+ * `cors: CorsOptions`: full control (allowlist + credentials + maxAge).
259
+ *
260
+ * The required-for-Web response headers are always exposed when CORS is active:
261
+ * `X-Payment-Required, X-Payment-Response, WWW-Authenticate, Payment-Receipt`.
262
+ */
263
+ private applyCorsHeaders;
264
+ private writeCorsHeaders;
147
265
  /**
148
266
  * Handle incoming request
149
267
  */
@@ -164,6 +282,23 @@ declare class MoltsPayServer {
164
282
  * POST /execute - Execute service with x402 payment
165
283
  */
166
284
  private handleExecute;
285
+ /**
286
+ * Execute a service paid via the Alipay AI 收 fiat rail (2.0.0).
287
+ *
288
+ * Differs from the EVM/SVM path: no token detection, no EIP-3009/permit
289
+ * validation. Verify hits the Alipay Open API (`payment.verify`). Settlement
290
+ * (`fulfillment.confirm`) is FIRE-AND-FORGET per ALIPAY-INTEGRATION-DESIGN
291
+ * §5.1: a confirm failure is logged but does NOT fail the already-delivered
292
+ * response (the buyer's payment proof was already verified).
293
+ */
294
+ private handleAlipayExecute;
295
+ /**
296
+ * Build the Alipay 402 challenge for a service, or null when the alipay rail
297
+ * isn't configured for this server or this service. Returns the x402
298
+ * `accepts[]` entry plus the Base64URL `Payment-Needed` header value so the
299
+ * 402 responders can dual-emit both the x402 and legacy alipay-bot formats.
300
+ */
301
+ private buildAlipayChallenge;
167
302
  /**
168
303
  * Handle MPP (Machine Payments Protocol) request
169
304
  * Supports both x402 and MPP protocols on service endpoints
@@ -242,4 +377,4 @@ declare class MoltsPayServer {
242
377
  private sendProxyPaymentRequired;
243
378
  }
244
379
 
245
- export { type ChainConfig, type Charge, type ChargeStatus, type InputField, MoltsPayServer, type MoltsPayServerOptions, type MoltsPayServerOptionsExtended, type OutputField, type PaymentRequest, type ProviderConfig, type RegisteredSkill, type ServiceConfig, type ServicesManifest, type SkillFunction, type TokenSymbol, type VerifyRequest };
380
+ export { type ChainConfig, type Charge, type ChargeStatus, type CorsOptions, type InputField, MoltsPayServer, type MoltsPayServerOptions, type MoltsPayServerOptionsExtended, type OutputField, type PaymentRequest, type ProviderAlipayConfig, type ProviderConfig, type RegisteredSkill, type ServiceAlipayConfig, type ServiceConfig, type ServicesManifest, type SkillFunction, type TokenSymbol, type VerifyRequest };
@@ -1,4 +1,4 @@
1
- import { d as FacilitatorSelection } from '../registry-OsEO2dOu.js';
1
+ import { e as FacilitatorSelection } from '../registry-DIo0WNoO.js';
2
2
 
3
3
  /**
4
4
  * MoltsPay Server Types
@@ -22,6 +22,37 @@ interface ServiceConfig {
22
22
  command?: string;
23
23
  /** Function name to import from skill's index.js (new skill-based approach) */
24
24
  function?: string;
25
+ /**
26
+ * Alipay AI 收 per-service config (2.0.0+).
27
+ * Set when this service accepts CNY payments via the alipay rail.
28
+ * The `price`/`currency` fields above still describe USDC pricing
29
+ * for the x402 rails; `alipay.price_cny` is a separate CNY price.
30
+ */
31
+ alipay?: ServiceAlipayConfig;
32
+ }
33
+ /**
34
+ * Per-service Alipay AI 收 configuration (2.0.0+).
35
+ *
36
+ * Sample:
37
+ * ```json
38
+ * "alipay": {
39
+ * "service_id": "API_0EA6DC4FC99A4DF7",
40
+ * "price_cny": "7.00",
41
+ * "goods_name": "产品演示视频 - 系列一"
42
+ * }
43
+ * ```
44
+ */
45
+ interface ServiceAlipayConfig {
46
+ /** Per-service service_id (defaults to provider.alipay.service_id_default). */
47
+ service_id?: string;
48
+ /**
49
+ * CNY price as decimal string in **元** (e.g. `"7.00"` = 7 CNY).
50
+ * NOT cents: `"100"` means 100 元, not 100 分.
51
+ * Must match `/^\d+(\.\d{1,2})?$/`.
52
+ */
53
+ price_cny: string;
54
+ /** Goods name shown to the user in the Alipay app. */
55
+ goods_name: string;
25
56
  }
26
57
  interface InputField {
27
58
  type: 'string' | 'number' | 'boolean' | 'object';
@@ -45,6 +76,49 @@ interface ProviderConfig {
45
76
  solana_wallet?: string;
46
77
  chain?: string;
47
78
  chains?: ChainConfig[];
79
+ /**
80
+ * Alipay AI 收 provider-level config (2.0.0+).
81
+ * Required when `chains` includes `"alipay"`.
82
+ * Server validates `private_key_path` / `alipay_public_key_path` are
83
+ * readable + parse as RSA PEM at startup; rejects start otherwise.
84
+ */
85
+ alipay?: ProviderAlipayConfig;
86
+ }
87
+ /**
88
+ * Provider-level Alipay AI 收 configuration (2.0.0+).
89
+ *
90
+ * The user-facing form uses FILE PATHS for both PEM keys; the server
91
+ * resolves them to PEM strings before constructing AlipayFacilitator.
92
+ *
93
+ * Sample:
94
+ * ```json
95
+ * "alipay": {
96
+ * "seller_id": "2088641494699428",
97
+ * "app_id": "2021006150642142",
98
+ * "seller_name": "上海超响应数字科技有限公司",
99
+ * "service_id_default": "API_0EA6DC4FC99A4DF7",
100
+ * "private_key_path": "./cert/ALIPAY_PRIVATE_KEY.txt",
101
+ * "alipay_public_key_path": "./cert/ALIPAY_PUBLIC_KEY.txt"
102
+ * }
103
+ * ```
104
+ */
105
+ interface ProviderAlipayConfig {
106
+ /** Merchant Alipay ID (16 digits, e.g. `"2088641494699428"`). */
107
+ seller_id: string;
108
+ /** Application ID from Alipay Open Platform. */
109
+ app_id: string;
110
+ /** Merchant legal name; appears in `method.seller_name` of the 402 challenge. */
111
+ seller_name: string;
112
+ /** Default `service_id` when a `services[].alipay` entry doesn't override it. */
113
+ service_id_default: string;
114
+ /** Path to the RSA2 merchant private key PEM file (relative to moltspay.services.json). */
115
+ private_key_path: string;
116
+ /** Path to the Alipay platform public key PEM file (relative to moltspay.services.json). */
117
+ alipay_public_key_path: string;
118
+ /** Open API gateway URL. Defaults to `"https://openapi.alipay.com/gateway.do"`. */
119
+ gateway_url?: string;
120
+ /** Signature algorithm. Only `"RSA2"` is supported in 2.0.0. */
121
+ sign_type?: 'RSA2';
48
122
  }
49
123
  interface ServicesManifest {
50
124
  provider: ProviderConfig;
@@ -84,12 +158,39 @@ interface Charge {
84
158
  paidAt?: number;
85
159
  completedAt?: number;
86
160
  }
161
+ /**
162
+ * CORS configuration. See MoltsPayServerOptions.cors.
163
+ * Fine-grained shape for providers that need allowlist origins or custom control.
164
+ */
165
+ interface CorsOptions {
166
+ /** Explicit origin allowlist. Either an array of origins, or a predicate function. */
167
+ origins: string[] | ((origin: string) => boolean);
168
+ /** Emit `Access-Control-Allow-Credentials: true`. Default false. */
169
+ credentials?: boolean;
170
+ /** Preflight cache seconds (`Access-Control-Max-Age`). Default 600. */
171
+ maxAge?: number;
172
+ }
87
173
  interface MoltsPayServerOptions {
88
174
  port?: number;
89
175
  host?: string;
90
176
  chargeExpirySecs?: number;
91
177
  /** x402 Facilitator URL (default: https://x402.org/facilitator) */
92
178
  facilitatorUrl?: string;
179
+ /**
180
+ * CORS configuration.
181
+ *
182
+ * - `undefined` or `true` (default): allow any origin (`Access-Control-Allow-Origin: *`).
183
+ * This matches the 1.5.x behavior — browser clients from any origin can call this server.
184
+ * - `false`: emit no CORS headers (same-origin only).
185
+ * - `string[]`: explicit origin allowlist. Request's Origin must match an entry.
186
+ * - `CorsOptions` object: fine-grained control (origins + credentials + maxAge).
187
+ *
188
+ * When CORS is active, the server always exposes the following response headers via
189
+ * `Access-Control-Expose-Headers`: `X-Payment-Required`, `X-Payment-Response`,
190
+ * `WWW-Authenticate`, `Payment-Receipt`. These are required for browser clients to
191
+ * read the 402 challenge and the payment receipt on successful responses.
192
+ */
193
+ cors?: boolean | string[] | CorsOptions;
93
194
  }
94
195
 
95
196
  /**
@@ -122,6 +223,8 @@ declare class MoltsPayServer {
122
223
  private registry;
123
224
  private networkId;
124
225
  private useMainnet;
226
+ /** Alipay AI 收 facilitator instance, set when `provider.alipay` is configured (2.0.0). */
227
+ private alipayFacilitator;
125
228
  constructor(servicesPath: string, options?: MoltsPayServerOptionsExtended);
126
229
  /**
127
230
  * Register a skill handler for a service
@@ -144,6 +247,21 @@ declare class MoltsPayServer {
144
247
  * Start HTTP server
145
248
  */
146
249
  listen(port?: number): void;
250
+ /**
251
+ * Apply CORS response headers according to the `cors` option.
252
+ *
253
+ * Default (`cors` unset or `true`): `Access-Control-Allow-Origin: *`. Matches 1.5.x behavior
254
+ * and works for every browser client whose origin does not need to send cookies.
255
+ *
256
+ * `cors: false`: emit no CORS headers. Same-origin only.
257
+ * `cors: string[]`: origin allowlist — echo the origin back iff it matches.
258
+ * `cors: CorsOptions`: full control (allowlist + credentials + maxAge).
259
+ *
260
+ * The required-for-Web response headers are always exposed when CORS is active:
261
+ * `X-Payment-Required, X-Payment-Response, WWW-Authenticate, Payment-Receipt`.
262
+ */
263
+ private applyCorsHeaders;
264
+ private writeCorsHeaders;
147
265
  /**
148
266
  * Handle incoming request
149
267
  */
@@ -164,6 +282,23 @@ declare class MoltsPayServer {
164
282
  * POST /execute - Execute service with x402 payment
165
283
  */
166
284
  private handleExecute;
285
+ /**
286
+ * Execute a service paid via the Alipay AI 收 fiat rail (2.0.0).
287
+ *
288
+ * Differs from the EVM/SVM path: no token detection, no EIP-3009/permit
289
+ * validation. Verify hits the Alipay Open API (`payment.verify`). Settlement
290
+ * (`fulfillment.confirm`) is FIRE-AND-FORGET per ALIPAY-INTEGRATION-DESIGN
291
+ * §5.1: a confirm failure is logged but does NOT fail the already-delivered
292
+ * response (the buyer's payment proof was already verified).
293
+ */
294
+ private handleAlipayExecute;
295
+ /**
296
+ * Build the Alipay 402 challenge for a service, or null when the alipay rail
297
+ * isn't configured for this server or this service. Returns the x402
298
+ * `accepts[]` entry plus the Base64URL `Payment-Needed` header value so the
299
+ * 402 responders can dual-emit both the x402 and legacy alipay-bot formats.
300
+ */
301
+ private buildAlipayChallenge;
167
302
  /**
168
303
  * Handle MPP (Machine Payments Protocol) request
169
304
  * Supports both x402 and MPP protocols on service endpoints
@@ -242,4 +377,4 @@ declare class MoltsPayServer {
242
377
  private sendProxyPaymentRequired;
243
378
  }
244
379
 
245
- export { type ChainConfig, type Charge, type ChargeStatus, type InputField, MoltsPayServer, type MoltsPayServerOptions, type MoltsPayServerOptionsExtended, type OutputField, type PaymentRequest, type ProviderConfig, type RegisteredSkill, type ServiceConfig, type ServicesManifest, type SkillFunction, type TokenSymbol, type VerifyRequest };
380
+ export { type ChainConfig, type Charge, type ChargeStatus, type CorsOptions, type InputField, MoltsPayServer, type MoltsPayServerOptions, type MoltsPayServerOptionsExtended, type OutputField, type PaymentRequest, type ProviderAlipayConfig, type ProviderConfig, type RegisteredSkill, type ServiceAlipayConfig, type ServiceConfig, type ServicesManifest, type SkillFunction, type TokenSymbol, type VerifyRequest };