tru-402 0.1.0

package/dist/bin/trux.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=trux.d.ts.map

package/dist/bin/trux.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"trux.d.ts","sourceRoot":"","sources":["../../bin/trux.ts"],"names":[],"mappings":""}

package/dist/bin/trux.js

@@ -0,0 +1,39 @@
+#!/usr/bin/env node
+import { runInit } from '../src/init/index.js';
+const args = process.argv.slice(2);
+const command = args[0];
+if (!command || command === 'init') {
+    runInit().catch((err) => {
+        console.error('Error:', err.message);
+        process.exit(1);
+    });
+}
+else if (command === '--help' || command === '-h') {
+    console.log(`
+tru-402 — One-line middleware for agent commerce
+
+Usage:
+  npx tru-402 init    Set up tru-402 in your project (register app, connect Stripe, write .env)
+
+Options:
+  --help, -h       Show this help message
+  --version, -v    Show version
+
+Learn more: https://tru.so/docs
+`);
+}
+else if (command === '--version' || command === '-v') {
+    // Read version from package.json at runtime
+    const { readFileSync } = await import('fs');
+    const { resolve, dirname } = await import('path');
+    const { fileURLToPath } = await import('url');
+    const __dirname = dirname(fileURLToPath(import.meta.url));
+    const pkg = JSON.parse(readFileSync(resolve(__dirname, '../../package.json'), 'utf-8'));
+    console.log(pkg.version);
+}
+else {
+    console.error(`Unknown command: ${command}`);
+    console.error('Run `npx tru-402 --help` for usage.');
+    process.exit(1);
+}
+//# sourceMappingURL=trux.js.map

package/dist/bin/trux.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"trux.js","sourceRoot":"","sources":["../../bin/trux.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAE/C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;AAExB,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;IACnC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACtB,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;KAAM,IAAI,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;CAWb,CAAC,CAAC;AACH,CAAC;KAAM,IAAI,OAAO,KAAK,WAAW,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;IACvD,4CAA4C;IAC5C,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;IAC5C,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;IAClD,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE,oBAAoB,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAC3B,CAAC;KAAM,CAAC;IACN,OAAO,CAAC,KAAK,CAAC,oBAAoB,OAAO,EAAE,CAAC,CAAC;IAC7C,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC"}

package/dist/src/challenge.d.ts

@@ -0,0 +1,18 @@
+import type { TruxOptions, TruxConfig } from './identity.js';
+export interface ChallengeParams {
+    options: TruxOptions;
+    config: TruxConfig;
+    requestUrl: string;
+}
+export interface ChallengeResponse {
+    /** WWW-Authenticate header value */
+    header: string;
+    /** JSON body for the 402 response */
+    body: Record<string, unknown>;
+}
+/**
+ * Generate a 402 Payment Required challenge.
+ * Produces both the WWW-Authenticate header and self-documenting JSON body.
+ */
+export declare function generateChallenge(params: ChallengeParams): ChallengeResponse;
+//# sourceMappingURL=challenge.d.ts.map

package/dist/src/challenge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"challenge.d.ts","sourceRoot":"","sources":["../../src/challenge.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAa7D,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,WAAW,CAAC;IACrB,MAAM,EAAE,UAAU,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,oCAAoC;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,qCAAqC;IACrC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/B;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,eAAe,GAAG,iBAAiB,CA+E5E"}

package/dist/src/challenge.js

@@ -0,0 +1,86 @@
+import crypto from 'crypto';
+/**
+ * Encode a JSON object to base64url (MPP-compatible request encoding).
+ */
+function toBase64Url(obj) {
+    return Buffer.from(JSON.stringify(obj))
+        .toString('base64')
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=+$/, '');
+}
+/**
+ * Generate a 402 Payment Required challenge.
+ * Produces both the WWW-Authenticate header and self-documenting JSON body.
+ */
+export function generateChallenge(params) {
+    const { options, config, requestUrl } = params;
+    const challengeId = crypto.randomUUID();
+    const amountDollars = options.amount;
+    const currency = options.currency || 'usd';
+    const expires = new Date(Date.now() + 5 * 60 * 1000).toISOString(); // 5 min
+    // MPP-compatible request encoding
+    const request = toBase64Url({
+        amount: String(amountDollars),
+        currency,
+        url: requestUrl,
+    });
+    const realm = config.serviceName || config.appId;
+    // WWW-Authenticate header
+    const header = `Payment id="${challengeId}", realm="${realm}", method="tru", intent="charge", request="${request}", expires="${expires}"`;
+    // Self-documenting body
+    const body = {
+        error: 'payment_required',
+        message: `This API costs $${amountDollars.toFixed(2)} per request. No account or API key needed — pay and get the response.`,
+        amount: amountDollars,
+        currency,
+        description: options.description || undefined,
+        how_to_pay: {
+            step_1: `POST ${config.apiUrl}/api/mpp/resolve-challenge`,
+            step_1_body: {
+                challenge: {
+                    id: challengeId,
+                    realm,
+                    method: 'tru',
+                    intent: 'charge',
+                    request,
+                    expires,
+                },
+                email: '<your_email>',
+            },
+            step_1_note: "If you don't have a tru account, open the auth_url below in the user's browser first.",
+            step_2: 'The response includes an authorization_header value',
+            step_3: 'Retry this same request with that Authorization header',
+        },
+        auth_url: `${config.apiUrl}/connect`,
+        auth_url_note: 'First-time users: open this URL to link a payment method via Stripe Link (10 seconds)',
+        challenge: {
+            id: challengeId,
+            realm,
+            method: 'tru',
+            intent: 'charge',
+            request,
+            expires,
+        },
+    };
+    // Include session info for micropayments
+    if (amountDollars < 0.50) {
+        const sessionBudget = options.sessionBudget || 5.00;
+        body.session_available = {
+            message: `For repeated requests, the first payment creates a $${sessionBudget.toFixed(2)} session. Subsequent requests use X-Tru-Session header — no re-auth needed.`,
+            budget: sessionBudget,
+            duration_minutes: 60,
+        };
+    }
+    // Include plan upsell if configured
+    if (options.plan) {
+        body.plan_available = {
+            name: options.plan.name,
+            price: options.plan.price,
+            interval: options.plan.interval,
+            message: `The ${options.plan.name} plan ($${options.plan.price}/${options.plan.interval}) gives unlimited access.`,
+        };
+    }
+    return { header, body };
+}
+//# sourceMappingURL=challenge.js.map

package/dist/src/challenge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"challenge.js","sourceRoot":"","sources":["../../src/challenge.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAG5B;;GAEG;AACH,SAAS,WAAW,CAAC,GAA4B;IAC/C,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;SACpC,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAeD;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAuB;IACvD,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC;IAC/C,MAAM,WAAW,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IACxC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IACrC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ;IAE5E,kCAAkC;IAClC,MAAM,OAAO,GAAG,WAAW,CAAC;QAC1B,MAAM,EAAE,MAAM,CAAC,aAAa,CAAC;QAC7B,QAAQ;QACR,GAAG,EAAE,UAAU;KAChB,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,KAAK,CAAC;IAEjD,0BAA0B;IAC1B,MAAM,MAAM,GAAG,eAAe,WAAW,aAAa,KAAK,8CAA8C,OAAO,eAAe,OAAO,GAAG,CAAC;IAE1I,wBAAwB;IACxB,MAAM,IAAI,GAA4B;QACpC,KAAK,EAAE,kBAAkB;QACzB,OAAO,EAAE,mBAAmB,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,wEAAwE;QAC5H,MAAM,EAAE,aAAa;QACrB,QAAQ;QACR,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,SAAS;QAE7C,UAAU,EAAE;YACV,MAAM,EAAE,QAAQ,MAAM,CAAC,MAAM,4BAA4B;YACzD,WAAW,EAAE;gBACX,SAAS,EAAE;oBACT,EAAE,EAAE,WAAW;oBACf,KAAK;oBACL,MAAM,EAAE,KAAK;oBACb,MAAM,EAAE,QAAQ;oBAChB,OAAO;oBACP,OAAO;iBACR;gBACD,KAAK,EAAE,cAAc;aACtB;YACD,WAAW,EAAE,uFAAuF;YACpG,MAAM,EAAE,qDAAqD;YAC7D,MAAM,EAAE,wDAAwD;SACjE;QAED,QAAQ,EAAE,GAAG,MAAM,CAAC,MAAM,UAAU;QACpC,aAAa,EAAE,uFAAuF;QAEtG,SAAS,EAAE;YACT,EAAE,EAAE,WAAW;YACf,KAAK;YACL,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,QAAQ;YAChB,OAAO;YACP,OAAO;SACR;KACF,CAAC;IAEF,yCAAyC;IACzC,IAAI,aAAa,GAAG,IAAI,EAAE,CAAC;QACzB,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,IAAI,CAAC;QACpD,IAAI,CAAC,iBAAiB,GAAG;YACvB,OAAO,EAAE,uDAAuD,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,6EAA6E;YACrK,MAAM,EAAE,aAAa;YACrB,gBAAgB,EAAE,EAAE;SACrB,CAAC;IACJ,CAAC;IAED,oCAAoC;IACpC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,IAAI,CAAC,cAAc,GAAG;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI;YACvB,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK;YACzB,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ;YAC/B,OAAO,EAAE,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,WAAW,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,2BAA2B;SACnH,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC1B,CAAC"}

package/dist/src/identity.d.ts

@@ -0,0 +1,51 @@
+/**
+ * TruIdentity — populated on req.tru for every paid or authenticated request.
+ */
+export interface TruIdentity {
+    email: string;
+    name: string;
+    userId: string;
+    cardBrand: string;
+    cardLast4: string;
+    agentName: string;
+    chargeId: string;
+    sessionId?: string;
+}
+/**
+ * Plan configuration for subscription upsell.
+ */
+export interface TruxPlan {
+    name: string;
+    price: number;
+    interval: 'month' | 'year';
+    suggestAfter?: number;
+}
+/**
+ * Options passed to the trux() middleware factory.
+ */
+export interface TruxOptions {
+    amount: number;
+    currency?: string;
+    description?: string;
+    plan?: TruxPlan;
+    sessionBudget?: number;
+    passthrough?: (req: any) => boolean;
+}
+/**
+ * Internal config resolved from env vars.
+ */
+export interface TruxConfig {
+    appId: string;
+    apiKey: string;
+    apiUrl: string;
+    appSecret?: string;
+    serviceName?: string;
+}
+declare global {
+    namespace Express {
+        interface Request {
+            tru?: TruIdentity;
+        }
+    }
+}
+//# sourceMappingURL=identity.d.ts.map

package/dist/src/identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/identity.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,GAAG,MAAM,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,OAAO,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAGD,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,OAAO;YACf,GAAG,CAAC,EAAE,WAAW,CAAC;SACnB;KACF;CACF"}

package/dist/src/identity.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=identity.js.map

package/dist/src/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/identity.ts"],"names":[],"mappings":""}

package/dist/src/index.d.ts

@@ -0,0 +1,6 @@
+export { createMiddleware as trux } from './middleware.js';
+export type { TruIdentity, TruxOptions, TruxPlan, TruxConfig } from './identity.js';
+export { generateChallenge } from './challenge.js';
+export { verifyCredential } from './verify.js';
+export { debitSession, createSession } from './session.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,IAAI,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAC3D,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AACpF,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC"}

package/dist/src/index.js

@@ -0,0 +1,5 @@
+export { createMiddleware as trux } from './middleware.js';
+export { generateChallenge } from './challenge.js';
+export { verifyCredential } from './verify.js';
+export { debitSession, createSession } from './session.js';
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,IAAI,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC"}

package/dist/src/init/discovery.d.ts

@@ -0,0 +1,10 @@
+import type { ProjectInfo } from './scan.js';
+/**
+ * Generate an agent.md file from discovered routes.
+ */
+export declare function generateAgentMd(project: ProjectInfo, serviceName: string, apiUrl: string): string;
+/**
+ * Generate an llms.txt file for LLM discovery.
+ */
+export declare function generateLlmsTxt(project: ProjectInfo, serviceName: string, apiUrl: string): string;
+//# sourceMappingURL=discovery.d.ts.map

package/dist/src/init/discovery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../../../src/init/discovery.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAE7C;;GAEG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,WAAW,EACpB,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,MAAM,GACb,MAAM,CA6CR;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,WAAW,EACpB,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,MAAM,GACb,MAAM,CAkCR"}

package/dist/src/init/discovery.js

@@ -0,0 +1,77 @@
+/**
+ * Generate an agent.md file from discovered routes.
+ */
+export function generateAgentMd(project, serviceName, apiUrl) {
+    const lines = [];
+    lines.push(`# ${project.displayName || project.name}`);
+    lines.push('');
+    if (project.description) {
+        lines.push(`> ${project.description}`);
+        lines.push('');
+    }
+    lines.push('## Authentication');
+    lines.push('');
+    lines.push('This API uses [tru](https://tru.so) for payment-based authentication.');
+    lines.push('No API key or account needed. Unauthenticated requests return HTTP 402 with payment instructions.');
+    lines.push('');
+    lines.push('### How to pay');
+    lines.push('');
+    lines.push('1. Make a request to any endpoint below');
+    lines.push('2. If you get a 402, read the JSON body — it contains `how_to_pay` instructions');
+    lines.push(`3. POST the challenge to \`${apiUrl}/api/mpp/resolve-challenge\` with your email`);
+    lines.push('4. Use the returned `authorization_header` to retry your request');
+    lines.push('');
+    lines.push('First-time users: the 402 response includes an `auth_url` to link a payment method (10 seconds via Stripe Link).');
+    lines.push('');
+    if (project.routes.length > 0) {
+        lines.push('## Endpoints');
+        lines.push('');
+        for (const route of project.routes) {
+            lines.push(`### ${route.method} ${route.path}`);
+            if (route.description) {
+                lines.push(`${route.description}`);
+            }
+            lines.push(`- **Cost:** $${route.amount.toFixed(2)} per request`);
+            lines.push('');
+        }
+    }
+    lines.push('## Pricing');
+    lines.push('');
+    lines.push('All endpoints use per-request pricing. Amounts under $0.50 are batched into sessions (one charge per session, not per request).');
+    lines.push('');
+    return lines.join('\n');
+}
+/**
+ * Generate an llms.txt file for LLM discovery.
+ */
+export function generateLlmsTxt(project, serviceName, apiUrl) {
+    const lines = [];
+    lines.push(`# ${project.displayName || project.name}`);
+    lines.push('');
+    if (project.description) {
+        lines.push(`> ${project.description}`);
+        lines.push('');
+    }
+    lines.push('## Docs');
+    lines.push('');
+    lines.push(`- [Agent Guide](./agent.md): How to authenticate and use this API`);
+    lines.push(`- [tru Platform](${apiUrl}): Payment and identity provider`);
+    lines.push('');
+    if (project.routes.length > 0) {
+        lines.push('## API Endpoints');
+        lines.push('');
+        for (const route of project.routes) {
+            const desc = route.description || route.path;
+            lines.push(`- ${route.method} ${route.path}: ${desc} ($${route.amount.toFixed(2)}/request)`);
+        }
+        lines.push('');
+    }
+    lines.push('## Payment');
+    lines.push('');
+    lines.push('All endpoints return HTTP 402 for unauthenticated requests.');
+    lines.push('The 402 response body contains self-documenting payment instructions.');
+    lines.push(`No API key or tru account needed — resolve the payment challenge at ${apiUrl}/api/mpp/resolve-challenge.`);
+    lines.push('');
+    return lines.join('\n');
+}
+//# sourceMappingURL=discovery.js.map

package/dist/src/init/discovery.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery.js","sourceRoot":"","sources":["../../../src/init/discovery.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAoB,EACpB,WAAmB,EACnB,MAAc;IAEd,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,KAAK,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACvD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QACvC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAChC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;IACpF,KAAK,CAAC,IAAI,CAAC,mGAAmG,CAAC,CAAC;IAChH,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;IACtD,KAAK,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;IAC9F,KAAK,CAAC,IAAI,CAAC,8BAA8B,MAAM,8CAA8C,CAAC,CAAC;IAC/F,KAAK,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;IAC/E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,kHAAkH,CAAC,CAAC;IAC/H,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,OAAO,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAChD,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;YACrC,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,gBAAgB,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,iIAAiI,CAAC,CAAC;IAC9I,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAoB,EACpB,WAAmB,EACnB,MAAc;IAEd,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,KAAK,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACvD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QACvC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACtB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;IAChF,KAAK,CAAC,IAAI,CAAC,oBAAoB,MAAM,kCAAkC,CAAC,CAAC;IACzE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,IAAI,CAAC;YAC7C,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,IAAI,MAAM,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QAC/F,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;IAC1E,KAAK,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;IACpF,KAAK,CAAC,IAAI,CAAC,uEAAuE,MAAM,6BAA6B,CAAC,CAAC;IACvH,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/src/init/env.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Read existing .env file into a key-value map.
+ */
+export declare function readEnvFile(cwd: string): Record<string, string>;
+/**
+ * Write/merge values into .env file.
+ * Preserves existing values and comments.
+ */
+export declare function writeEnvFile(cwd: string, values: Record<string, string>): void;
+//# sourceMappingURL=env.d.ts.map

package/dist/src/init/env.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../../src/init/env.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAyB/D;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,QA4BvE"}

package/dist/src/init/env.js

@@ -0,0 +1,64 @@
+import { readFileSync, writeFileSync, existsSync } from 'fs';
+import { resolve } from 'path';
+/**
+ * Read existing .env file into a key-value map.
+ */
+export function readEnvFile(cwd) {
+    const envPath = resolve(cwd, '.env');
+    const result = {};
+    if (!existsSync(envPath))
+        return result;
+    try {
+        const content = readFileSync(envPath, 'utf-8');
+        for (const line of content.split('\n')) {
+            const trimmed = line.trim();
+            if (!trimmed || trimmed.startsWith('#'))
+                continue;
+            const eqIdx = trimmed.indexOf('=');
+            if (eqIdx === -1)
+                continue;
+            const key = trimmed.slice(0, eqIdx).trim();
+            let value = trimmed.slice(eqIdx + 1).trim();
+            // Remove surrounding quotes
+            if ((value.startsWith('"') && value.endsWith('"')) ||
+                (value.startsWith("'") && value.endsWith("'"))) {
+                value = value.slice(1, -1);
+            }
+            result[key] = value;
+        }
+    }
+    catch { /* ignore */ }
+    return result;
+}
+/**
+ * Write/merge values into .env file.
+ * Preserves existing values and comments.
+ */
+export function writeEnvFile(cwd, values) {
+    const envPath = resolve(cwd, '.env');
+    let content = '';
+    if (existsSync(envPath)) {
+        content = readFileSync(envPath, 'utf-8');
+    }
+    // Add a trux section header if we're adding new keys
+    const existingKeys = new Set(Object.keys(readEnvFile(cwd)));
+    const newKeys = Object.keys(values).filter(k => !existingKeys.has(k));
+    if (newKeys.length > 0) {
+        if (content && !content.endsWith('\n'))
+            content += '\n';
+        if (content)
+            content += '\n# trux\n';
+    }
+    for (const [key, value] of Object.entries(values)) {
+        if (existingKeys.has(key)) {
+            // Update existing key
+            const regex = new RegExp(`^${key}\\s*=.*$`, 'm');
+            content = content.replace(regex, `${key}=${value}`);
+        }
+        else {
+            content += `${key}=${value}\n`;
+        }
+    }
+    writeFileSync(envPath, content);
+}
+//# sourceMappingURL=env.js.map

package/dist/src/init/env.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.js","sourceRoot":"","sources":["../../../src/init/env.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAE/B;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACrC,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,MAAM,CAAC;IAExC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC/C,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAClD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACnC,IAAI,KAAK,KAAK,CAAC,CAAC;gBAAE,SAAS;YAC3B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3C,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5C,4BAA4B;YAC5B,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAC9C,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACnD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC7B,CAAC;YACD,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACtB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IAExB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW,EAAE,MAA8B;IACtE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACrC,IAAI,OAAO,GAAG,EAAE,CAAC;IAEjB,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,qDAAqD;IACrD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC5D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEtE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,IAAI,CAAC;QACxD,IAAI,OAAO;YAAE,OAAO,IAAI,YAAY,CAAC;IACvC,CAAC;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAClD,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,GAAG,UAAU,EAAE,GAAG,CAAC,CAAC;YACjD,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,GAAG,GAAG,IAAI,KAAK,IAAI,CAAC;QACjC,CAAC;IACH,CAAC;IAED,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAClC,CAAC"}

package/dist/src/init/index.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Main init orchestrator for `npx tru-402 init`.
+ */
+export declare function runInit(): Promise<void>;
+//# sourceMappingURL=index.d.ts.map

package/dist/src/init/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/init/index.ts"],"names":[],"mappings":"AAQA;;GAEG;AACH,wBAAsB,OAAO,kBAwJ5B"}

package/dist/src/init/index.js

@@ -0,0 +1,163 @@
+import { scanProject } from './scan.js';
+import { writeEnvFile, readEnvFile } from './env.js';
+import { generateAgentMd, generateLlmsTxt } from './discovery.js';
+import { readFileSync, writeFileSync, existsSync } from 'fs';
+import { resolve } from 'path';
+const TRU_API_URL = process.env.TRU_API_URL || 'https://tru.so';
+/**
+ * Main init orchestrator for `npx tru-402 init`.
+ */
+export async function runInit() {
+    console.log('\n  tru-402 — One-line middleware for agent commerce\n');
+    // 1. Scan project
+    console.log('  Scanning project...');
+    const project = scanProject(process.cwd());
+    console.log(`  Found: ${project.name} (${project.framework})`);
+    if (project.routes.length > 0) {
+        console.log(`  Detected ${project.routes.length} route(s) with trux() middleware`);
+    }
+    // 2. Check if already initialized
+    const existingEnv = readEnvFile(process.cwd());
+    if (existingEnv.TRU_APP_ID && existingEnv.TRU_API_KEY) {
+        console.log('\n  Already initialized! Found TRU_APP_ID and TRU_API_KEY in .env');
+        console.log('  To re-initialize, remove those values from .env first.\n');
+        return;
+    }
+    // 3. Register app via browser flow
+    console.log('\n  Step 1: Register your app with tru');
+    console.log('  Opening browser for authentication...\n');
+    let registerResult;
+    try {
+        // Dynamic import of tru-cli auth module
+        const { registerViaBrowser } = await import('tru-cli/auth');
+        const serviceName = project.name
+            .toLowerCase()
+            .replace(/[^a-z0-9-]/g, '-')
+            .replace(/-+/g, '-')
+            .replace(/^-|-$/g, '');
+        registerResult = await registerViaBrowser({
+            service_name: serviceName,
+            display_name: project.displayName || project.name,
+            description: project.description || `${project.name} API`,
+        });
+        console.log(`  App registered: ${registerResult.app.display_name} (${registerResult.app.service_name})`);
+    }
+    catch (err) {
+        if (err.code === 'MODULE_NOT_FOUND') {
+            console.log('  tru-cli not found. Installing...');
+            const { execSync } = await import('child_process');
+            execSync('npm install -g tru-cli', { stdio: 'inherit' });
+            console.log('\n  Please run `npx tru-402 init` again.');
+            return;
+        }
+        throw err;
+    }
+    // 4. Connect Stripe
+    console.log('\n  Step 2: Connect your Stripe account');
+    console.log('  Opening Stripe Connect...\n');
+    try {
+        const { getConnectOAuthUrl } = await import('tru-cli/api-client');
+        const connectResult = await getConnectOAuthUrl(registerResult.app.service_name);
+        if (connectResult.url) {
+            const { exec } = await import('child_process');
+            const platform = process.platform;
+            const cmd = platform === 'darwin' ? 'open' : platform === 'win32' ? 'start' : 'xdg-open';
+            exec(`${cmd} "${connectResult.url}"`);
+            console.log('  Stripe Connect OAuth opened in browser.');
+            console.log(`  If it didn't open: ${connectResult.url}`);
+            console.log('\n  Complete the Stripe connection, then come back here.');
+            // Poll for connection (check every 3s for up to 5 min)
+            const { lookupAppByServiceName } = await import('tru-cli/api-client');
+            let connected = false;
+            for (let i = 0; i < 100; i++) {
+                await new Promise(r => setTimeout(r, 3000));
+                try {
+                    const app = await lookupAppByServiceName(registerResult.app.service_name);
+                    if (app.app?.stripe_connected) {
+                        connected = true;
+                        console.log('  Stripe connected!');
+                        break;
+                    }
+                }
+                catch { /* keep polling */ }
+            }
+            if (!connected) {
+                console.log('\n  Stripe connection timed out. You can connect later via the tru dashboard.');
+            }
+        }
+        else if (connectResult.already_connected) {
+            console.log('  Stripe already connected!');
+        }
+    }
+    catch (err) {
+        console.log(`  Stripe Connect skipped: ${err.message}`);
+        console.log('  You can connect later via the tru dashboard.');
+    }
+    // 5. Write .env
+    console.log('\n  Step 3: Writing configuration...');
+    writeEnvFile(process.cwd(), {
+        TRU_APP_ID: registerResult.app.id,
+        TRU_API_KEY: registerResult.api_key,
+        TRU_APP_SECRET: registerResult.app_secret,
+        TRU_SERVICE_NAME: registerResult.app.service_name,
+        TRU_API_URL,
+    });
+    console.log('  Written to .env');
+    // 6. Add .env to .gitignore
+    ensureGitignore(process.cwd());
+    // 7. Generate agent.md from detected routes
+    if (project.routes.length > 0) {
+        console.log('\n  Step 4: Generating discovery files...');
+        const agentMd = generateAgentMd(project, registerResult.app.service_name, TRU_API_URL);
+        const agentMdPath = resolve(process.cwd(), 'agent.md');
+        writeFileSync(agentMdPath, agentMd);
+        console.log('  Generated agent.md');
+        const llmsTxt = generateLlmsTxt(project, registerResult.app.service_name, TRU_API_URL);
+        const publicDir = resolve(process.cwd(), 'public');
+        if (existsSync(publicDir)) {
+            writeFileSync(resolve(publicDir, 'llms.txt'), llmsTxt);
+            console.log('  Generated public/llms.txt');
+        }
+        else {
+            writeFileSync(resolve(process.cwd(), 'llms.txt'), llmsTxt);
+            console.log('  Generated llms.txt');
+        }
+    }
+    // 8. Done!
+    console.log(`
+  Done! Your endpoints now accept agent payments.
+
+  Usage:
+    const { trux } = require('tru-402');
+    // or: import { trux } from 'tru-402';
+
+    app.post('/api/generate', trux({ amount: 0.05 }), (req, res) => {
+      console.log(req.tru); // { email, name, userId, cardBrand, cardLast4, agentName, chargeId }
+      res.json({ result: '...' });
+    });
+
+  What happens:
+    - Unauthenticated requests get a 402 with payment instructions
+    - Agents pay via tru and retry with an Authorization header
+    - req.tru contains verified identity on every paid request
+    - Existing auth (API keys, sessions) passes through unchanged
+
+  Dashboard: ${TRU_API_URL}/admin
+  Docs: https://tru.so/docs
+`);
+}
+function ensureGitignore(cwd) {
+    const gitignorePath = resolve(cwd, '.gitignore');
+    if (existsSync(gitignorePath)) {
+        const content = readFileSync(gitignorePath, 'utf-8');
+        if (!content.includes('.env')) {
+            writeFileSync(gitignorePath, content + '\n.env\n');
+            console.log('  Added .env to .gitignore');
+        }
+    }
+    else {
+        writeFileSync(gitignorePath, '.env\nnode_modules/\n');
+        console.log('  Created .gitignore with .env');
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/src/init/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/init/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAoB,MAAM,WAAW,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAE/B,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,gBAAgB,CAAC;AAEhE;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO;IAC3B,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;IAEtE,kBAAkB;IAClB,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;IACrC,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,YAAY,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;IAE/D,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,CAAC,MAAM,CAAC,MAAM,kCAAkC,CAAC,CAAC;IACrF,CAAC;IAED,kCAAkC;IAClC,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC/C,IAAI,WAAW,CAAC,UAAU,IAAI,WAAW,CAAC,WAAW,EAAE,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAC;QACjF,OAAO,CAAC,GAAG,CAAC,4DAA4D,CAAC,CAAC;QAC1E,OAAO;IACT,CAAC;IAED,mCAAmC;IACnC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;IAEzD,IAAI,cAAmB,CAAC;IACxB,IAAI,CAAC;QACH,wCAAwC;QACxC,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC;QAE5D,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI;aAC7B,WAAW,EAAE;aACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC;aAC3B,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAEzB,cAAc,GAAG,MAAM,kBAAkB,CAAC;YACxC,YAAY,EAAE,WAAW;YACzB,YAAY,EAAE,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,IAAI;YACjD,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,GAAG,OAAO,CAAC,IAAI,MAAM;SAC1D,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,qBAAqB,cAAc,CAAC,GAAG,CAAC,YAAY,KAAK,cAAc,CAAC,GAAG,CAAC,YAAY,GAAG,CAAC,CAAC;IAC3G,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,IAAI,GAAG,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;YAClD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;YACnD,QAAQ,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;YACzD,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;YACxD,OAAO;QACT,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,oBAAoB;IACpB,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;IACvD,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;IAE7C,IAAI,CAAC;QACH,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QAClE,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAEhF,IAAI,aAAa,CAAC,GAAG,EAAE,CAAC;YACtB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;YAC/C,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YAClC,MAAM,GAAG,GAAG,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC;YACzF,IAAI,CAAC,GAAG,GAAG,KAAK,aAAa,CAAC,GAAG,GAAG,CAAC,CAAC;YACtC,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;YACzD,OAAO,CAAC,GAAG,CAAC,wBAAwB,aAAa,CAAC,GAAG,EAAE,CAAC,CAAC;YACzD,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;YAExE,uDAAuD;YACvD,MAAM,EAAE,sBAAsB,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;YACtE,IAAI,SAAS,GAAG,KAAK,CAAC;YACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC7B,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;gBAC5C,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,MAAM,sBAAsB,CAAC,cAAc,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBAC1E,IAAI,GAAG,CAAC,GAAG,EAAE,gBAAgB,EAAE,CAAC;wBAC9B,SAAS,GAAG,IAAI,CAAC;wBACjB,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;wBACnC,MAAM;oBACR,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,+EAA+E,CAAC,CAAC;YAC/F,CAAC;QACH,CAAC;aAAM,IAAI,aAAa,CAAC,iBAAiB,EAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,6BAA6B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;IAChE,CAAC;IAED,gBAAgB;IAChB,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;IAEpD,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE;QAC1B,UAAU,EAAE,cAAc,CAAC,GAAG,CAAC,EAAE;QACjC,WAAW,EAAE,cAAc,CAAC,OAAO;QACnC,cAAc,EAAE,cAAc,CAAC,UAAU;QACzC,gBAAgB,EAAE,cAAc,CAAC,GAAG,CAAC,YAAY;QACjD,WAAW;KACZ,CAAC,CAAC;IACH,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IAEjC,4BAA4B;IAC5B,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAE/B,4CAA4C;IAC5C,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;QAEzD,MAAM,OAAO,GAAG,eAAe,CAAC,OAAO,EAAE,cAAc,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;QACvF,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;QACvD,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QAEpC,MAAM,OAAO,GAAG,eAAe,CAAC,OAAO,EAAE,cAAc,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;QACvF,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC;QACnD,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1B,aAAa,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,OAAO,CAAC,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,EAAE,OAAO,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,WAAW;IACX,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;eAkBC,WAAW;;CAEzB,CAAC,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IACjD,IAAI,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACrD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9B,aAAa,CAAC,aAAa,EAAE,OAAO,GAAG,UAAU,CAAC,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,aAAa,EAAE,uBAAuB,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;IAChD,CAAC;AACH,CAAC"}

package/dist/src/init/scan.d.ts

@@ -0,0 +1,21 @@
+export interface RouteInfo {
+    method: string;
+    path: string;
+    amount: number;
+    description?: string;
+    file: string;
+    line: number;
+}
+export interface ProjectInfo {
+    name: string;
+    displayName?: string;
+    description?: string;
+    framework: string;
+    routes: RouteInfo[];
+    productionUrl?: string;
+}
+/**
+ * Scan a project directory for package.json info and trux() middleware usage.
+ */
+export declare function scanProject(cwd: string): ProjectInfo;
+//# sourceMappingURL=scan.d.ts.map

package/dist/src/init/scan.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../../src/init/scan.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,SAAS,EAAE,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,CAiCpD"}

package/dist/src/init/scan.js

@@ -0,0 +1,128 @@
+import { readFileSync, existsSync, readdirSync, statSync } from 'fs';
+import { resolve, join, extname } from 'path';
+/**
+ * Scan a project directory for package.json info and trux() middleware usage.
+ */
+export function scanProject(cwd) {
+    const info = {
+        name: 'my-app',
+        framework: 'unknown',
+        routes: [],
+    };
+    // Read package.json
+    const pkgPath = resolve(cwd, 'package.json');
+    if (existsSync(pkgPath)) {
+        try {
+            const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+            info.name = pkg.name || 'my-app';
+            info.displayName = pkg.name?.replace(/[-_]/g, ' ').replace(/\b\w/g, (c) => c.toUpperCase());
+            info.description = pkg.description;
+            // Detect framework from dependencies
+            const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+            if (deps.express)
+                info.framework = 'express';
+            else if (deps.fastify)
+                info.framework = 'fastify';
+            else if (deps.koa)
+                info.framework = 'koa';
+            else if (deps.hono)
+                info.framework = 'hono';
+        }
+        catch { /* ignore parse errors */ }
+    }
+    // Scan source files for trux() middleware usage
+    const sourceFiles = findSourceFiles(cwd);
+    for (const file of sourceFiles) {
+        const routes = scanFileForTrux(file);
+        info.routes.push(...routes);
+    }
+    return info;
+}
+/**
+ * Find TypeScript/JavaScript source files in common locations.
+ */
+function findSourceFiles(cwd) {
+    const files = [];
+    const dirs = ['src', 'routes', 'api', 'lib', 'server', 'app'];
+    // Also scan root-level .ts/.js files
+    try {
+        for (const entry of readdirSync(cwd)) {
+            const ext = extname(entry);
+            if (['.ts', '.js', '.mjs'].includes(ext) && !entry.startsWith('.')) {
+                files.push(resolve(cwd, entry));
+            }
+        }
+    }
+    catch { /* ignore */ }
+    for (const dir of dirs) {
+        const dirPath = resolve(cwd, dir);
+        if (existsSync(dirPath)) {
+            walkDir(dirPath, files, 3); // max depth 3
+        }
+    }
+    return files;
+}
+function walkDir(dir, files, depth) {
+    if (depth <= 0)
+        return;
+    try {
+        for (const entry of readdirSync(dir)) {
+            if (entry.startsWith('.') || entry === 'node_modules' || entry === 'dist')
+                continue;
+            const full = join(dir, entry);
+            const stat = statSync(full);
+            if (stat.isDirectory()) {
+                walkDir(full, files, depth - 1);
+            }
+            else {
+                const ext = extname(entry);
+                if (['.ts', '.js', '.mjs'].includes(ext)) {
+                    files.push(full);
+                }
+            }
+        }
+    }
+    catch { /* ignore permission errors */ }
+}
+/**
+ * Scan a single file for trux() middleware calls.
+ * Matches patterns like: app.post('/path', trux({ amount: 0.05 }), handler)
+ */
+function scanFileForTrux(filePath) {
+    const routes = [];
+    try {
+        const content = readFileSync(filePath, 'utf-8');
+        const lines = content.split('\n');
+        // Match: app.METHOD('path', trux({ amount: N.NN ... }), ...)
+        // or: router.METHOD('path', trux({ amount: N.NN ... }), ...)
+        const pattern = /\.(get|post|put|patch|delete)\s*\(\s*['"`]([^'"`]+)['"`]\s*,\s*trux\s*\(\s*\{([^}]+)\}/g;
+        for (let i = 0; i < lines.length; i++) {
+            // Check multi-line by joining with next few lines
+            const chunk = lines.slice(i, i + 5).join(' ');
+            let match;
+            pattern.lastIndex = 0;
+            while ((match = pattern.exec(chunk)) !== null) {
+                const method = match[1];
+                const path = match[2];
+                const optionsStr = match[3];
+                // Extract amount
+                const amountMatch = optionsStr.match(/amount\s*:\s*([\d.]+)/);
+                const amount = amountMatch ? parseFloat(amountMatch[1]) : 0;
+                // Extract description
+                const descMatch = optionsStr.match(/description\s*:\s*['"`]([^'"`]+)['"`]/);
+                const description = descMatch ? descMatch[1] : undefined;
+                routes.push({
+                    method: method.toUpperCase(),
+                    path,
+                    amount,
+                    description,
+                    file: filePath,
+                    line: i + 1,
+                });
+            }
+        }
+    }
+    catch { /* ignore read errors */ }
+    return routes;
+}
+//# sourceMappingURL=scan.js.map

package/dist/src/init/scan.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../../src/init/scan.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACrE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAoB9C;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,MAAM,IAAI,GAAgB;QACxB,IAAI,EAAE,QAAQ;QACd,SAAS,EAAE,SAAS;QACpB,MAAM,EAAE,EAAE;KACX,CAAC;IAEF,oBAAoB;IACpB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;IAC7C,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YACvD,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,QAAQ,CAAC;YACjC,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YACpG,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC;YAEnC,qCAAqC;YACrC,MAAM,IAAI,GAAG,EAAE,GAAG,GAAG,CAAC,YAAY,EAAE,GAAG,GAAG,CAAC,eAAe,EAAE,CAAC;YAC7D,IAAI,IAAI,CAAC,OAAO;gBAAE,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;iBACxC,IAAI,IAAI,CAAC,OAAO;gBAAE,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;iBAC7C,IAAI,IAAI,CAAC,GAAG;gBAAE,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;iBACrC,IAAI,IAAI,CAAC,IAAI;gBAAE,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC,CAAC,yBAAyB,CAAC,CAAC;IACvC,CAAC;IAED,gDAAgD;IAChD,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IACzC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,IAAI,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAE9D,qCAAqC;IACrC,IAAI,CAAC;QACH,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;YAC3B,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IAExB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAClC,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc;QAC5C,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,OAAO,CAAC,GAAW,EAAE,KAAe,EAAE,KAAa;IAC1D,IAAI,KAAK,IAAI,CAAC;QAAE,OAAO;IACvB,IAAI,CAAC;QACH,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;YACrC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,KAAK,cAAc,IAAI,KAAK,KAAK,MAAM;gBAAE,SAAS;YACpF,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC9B,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC5B,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;gBACvB,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YAClC,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC3B,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACzC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,8BAA8B,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,QAAgB;IACvC,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,6DAA6D;QAC7D,6DAA6D;QAC7D,MAAM,OAAO,GAAG,yFAAyF,CAAC;QAE1G,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,kDAAkD;YAClD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC9C,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YAEtB,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC9C,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACxB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAE5B,iBAAiB;gBACjB,MAAM,WAAW,GAAG,UAAU,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;gBAC9D,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAE5D,sBAAsB;gBACtB,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;gBAC5E,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;gBAEzD,MAAM,CAAC,IAAI,CAAC;oBACV,MAAM,EAAE,MAAM,CAAC,WAAW,EAAE;oBAC5B,IAAI;oBACJ,MAAM;oBACN,WAAW;oBACX,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;iBACZ,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,wBAAwB,CAAC,CAAC;IAEpC,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/src/middleware.d.ts

@@ -0,0 +1,12 @@
+import type { Request, Response, NextFunction } from 'express';
+import type { TruxOptions } from './identity.js';
+/**
+ * Create the trux Express middleware.
+ *
+ * Usage:
+ * ```
+ * app.post('/api/generate', trux({ amount: 0.05 }), handler);
+ * ```
+ */
+export declare function createMiddleware(options: TruxOptions): (req: Request, res: Response, next: NextFunction) => Promise<void>;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/src/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,KAAK,EAAE,WAAW,EAAc,MAAM,eAAe,CAAC;AA0E7D;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,WAAW,IAGrC,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,mBA8C9D"}

package/dist/src/middleware.js

@@ -0,0 +1,117 @@
+import { generateChallenge } from './challenge.js';
+import { verifyCredential } from './verify.js';
+import { debitSession } from './session.js';
+/**
+ * Resolve trux config from environment variables.
+ */
+function resolveConfig() {
+    const appId = process.env.TRU_APP_ID;
+    const apiKey = process.env.TRU_API_KEY;
+    if (!appId || !apiKey) {
+        throw new Error('tru-402: TRU_APP_ID and TRU_API_KEY environment variables are required. Run `npx tru-402 init` to set them up.');
+    }
+    return {
+        appId,
+        apiKey,
+        apiUrl: process.env.TRU_API_URL || 'https://tru.so',
+        appSecret: process.env.TRU_APP_SECRET,
+        serviceName: process.env.TRU_SERVICE_NAME,
+    };
+}
+// Lazy-loaded config singleton
+let _config = null;
+function getConfig() {
+    if (!_config)
+        _config = resolveConfig();
+    return _config;
+}
+/**
+ * Extract credential from Authorization header.
+ * Supports: "Payment <credential>" and "Bearer <credential>" (where credential starts with spt_)
+ */
+function extractCredential(authHeader) {
+    if (!authHeader)
+        return null;
+    if (authHeader.startsWith('Payment ')) {
+        return authHeader.slice(8).trim();
+    }
+    if (authHeader.startsWith('Bearer spt_')) {
+        return authHeader.slice(7).trim();
+    }
+    return null;
+}
+/**
+ * Check if request has existing auth that should bypass payment.
+ * Looks for API keys, session cookies, or other standard auth mechanisms.
+ */
+function hasExistingAuth(req, options) {
+    // Custom passthrough check
+    if (options.passthrough?.(req))
+        return true;
+    // Standard auth headers (non-SPT bearer tokens, basic auth, API keys)
+    const auth = req.headers.authorization;
+    if (auth && !auth.startsWith('Payment ') && !auth.startsWith('Bearer spt_')) {
+        return true;
+    }
+    // Common API key headers
+    if (req.headers['x-api-key'] || req.headers['api-key'])
+        return true;
+    // Session cookies
+    if (req.cookies?.session || req.cookies?.token)
+        return true;
+    return false;
+}
+/**
+ * Create the trux Express middleware.
+ *
+ * Usage:
+ * ```
+ * app.post('/api/generate', trux({ amount: 0.05 }), handler);
+ * ```
+ */
+export function createMiddleware(options) {
+    const amountCents = Math.round(options.amount * 100);
+    return async (req, res, next) => {
+        try {
+            const config = getConfig();
+            // 1. Passthrough for existing auth (existing customers unaffected)
+            if (hasExistingAuth(req, options)) {
+                return next();
+            }
+            // 2. Check for SPT credential (Authorization: Payment <spt_xxx>)
+            const credential = extractCredential(req.headers.authorization);
+            if (credential) {
+                const result = await verifyCredential(credential, amountCents, config);
+                if (result.valid && result.identity) {
+                    req.tru = result.identity;
+                    return next();
+                }
+                // Invalid credential — fall through to 402
+            }
+            // 3. Check for session header (X-Tru-Session)
+            const sessionId = req.headers['x-tru-session'];
+            if (sessionId) {
+                const result = await debitSession(sessionId, amountCents, config);
+                if (result.ok && result.identity) {
+                    req.tru = result.identity;
+                    return next();
+                }
+                // Session exhausted or invalid — fall through to 402
+            }
+            // 4. No valid auth — return 402 with self-documenting challenge
+            const requestUrl = `${req.protocol}://${req.get('host')}${req.originalUrl}`;
+            const challenge = generateChallenge({
+                options,
+                config,
+                requestUrl,
+            });
+            res.status(402)
+                .set('WWW-Authenticate', challenge.header)
+                .json(challenge.body);
+        }
+        catch (err) {
+            next(err);
+        }
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/src/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/middleware.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAE5C;;GAEG;AACH,SAAS,aAAa;IACpB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IACrC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;IAEvC,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK;QACL,MAAM;QACN,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,gBAAgB;QACnD,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc;QACrC,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB;KAC1C,CAAC;AACJ,CAAC;AAED,+BAA+B;AAC/B,IAAI,OAAO,GAAsB,IAAI,CAAC;AACtC,SAAS,SAAS;IAChB,IAAI,CAAC,OAAO;QAAE,OAAO,GAAG,aAAa,EAAE,CAAC;IACxC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CAAC,UAA8B;IACvD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAE7B,IAAI,UAAU,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACtC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACpC,CAAC;IACD,IAAI,UAAU,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACzC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACpC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,GAAY,EAAE,OAAoB;IACzD,2BAA2B;IAC3B,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAE5C,sEAAsE;IACtE,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IACvC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QAC5E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yBAAyB;IACzB,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAEpE,kBAAkB;IAClB,IAAI,GAAG,CAAC,OAAO,EAAE,OAAO,IAAI,GAAG,CAAC,OAAO,EAAE,KAAK;QAAE,OAAO,IAAI,CAAC;IAE5D,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAoB;IACnD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;IAErD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC/D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAE3B,mEAAmE;YACnE,IAAI,eAAe,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,CAAC;gBAClC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;YAED,iEAAiE;YACjE,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAChE,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,UAAU,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;gBACvE,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;oBACpC,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC;oBAC1B,OAAO,IAAI,EAAE,CAAC;gBAChB,CAAC;gBACD,2CAA2C;YAC7C,CAAC;YAED,8CAA8C;YAC9C,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAuB,CAAC;YACrE,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;gBAClE,IAAI,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;oBACjC,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC;oBAC1B,OAAO,IAAI,EAAE,CAAC;gBAChB,CAAC;gBACD,qDAAqD;YACvD,CAAC;YAED,gEAAgE;YAChE,MAAM,UAAU,GAAG,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YAC5E,MAAM,SAAS,GAAG,iBAAiB,CAAC;gBAClC,OAAO;gBACP,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;YAEH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC;iBACZ,GAAG,CAAC,kBAAkB,EAAE,SAAS,CAAC,MAAM,CAAC;iBACzC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAC;QACZ,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/src/session.d.ts

@@ -0,0 +1,20 @@
+import type { TruIdentity, TruxConfig } from './identity.js';
+interface SessionDebitResult {
+    ok: boolean;
+    remaining_cents?: number;
+    identity?: TruIdentity;
+    error?: string;
+}
+/**
+ * Debit from an existing trux session.
+ */
+export declare function debitSession(sessionId: string, amountCents: number, config: TruxConfig): Promise<SessionDebitResult>;
+/**
+ * Create a new trux session after initial 402 resolution.
+ */
+export declare function createSession(userEmail: string, budgetCents: number, chargeRequestId: string, stripeSptId: string, agentName: string | undefined, config: TruxConfig): Promise<{
+    sessionId: string;
+    expiresAt: string;
+} | null>;
+export {};
+//# sourceMappingURL=session.d.ts.map

package/dist/src/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE7D,UAAU,kBAAkB;IAC1B,EAAE,EAAE,OAAO,CAAC;IACZ,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,WAAW,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,wBAAsB,YAAY,CAChC,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,kBAAkB,CAAC,CAiC7B;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,eAAe,EAAE,MAAM,EACvB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAkB1D"}

package/dist/src/session.js

@@ -0,0 +1,57 @@
+/**
+ * Debit from an existing trux session.
+ */
+export async function debitSession(sessionId, amountCents, config) {
+    const res = await fetch(`${config.apiUrl}/api/mpp/session-debit`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'X-API-Key': config.apiKey,
+        },
+        body: JSON.stringify({
+            session_id: sessionId,
+            amount_cents: amountCents,
+        }),
+    });
+    const data = await res.json();
+    if (!res.ok || !data.ok) {
+        return { ok: false, error: data.error || `HTTP ${res.status}` };
+    }
+    return {
+        ok: true,
+        remaining_cents: data.remaining_cents,
+        identity: data.identity ? {
+            email: data.identity.email,
+            name: data.identity.name,
+            userId: data.identity.userId,
+            cardBrand: data.identity.cardBrand,
+            cardLast4: data.identity.cardLast4,
+            agentName: data.identity.agentName,
+            chargeId: data.identity.chargeId,
+            sessionId,
+        } : undefined,
+    };
+}
+/**
+ * Create a new trux session after initial 402 resolution.
+ */
+export async function createSession(userEmail, budgetCents, chargeRequestId, stripeSptId, agentName, config) {
+    const res = await fetch(`${config.apiUrl}/api/mpp/sessions`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'X-API-Key': config.apiKey,
+        },
+        body: JSON.stringify({
+            user_email: userEmail,
+            budget_cents: budgetCents,
+            charge_request_id: chargeRequestId,
+            stripe_spt_id: stripeSptId,
+            agent_name: agentName,
+        }),
+    });
+    if (!res.ok)
+        return null;
+    return res.json();
+}
+//# sourceMappingURL=session.js.map

package/dist/src/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AASA;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,SAAiB,EACjB,WAAmB,EACnB,MAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,CAAC,MAAM,wBAAwB,EAAE;QAChE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,WAAW,EAAE,MAAM,CAAC,MAAM;SAC3B;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,UAAU,EAAE,SAAS;YACrB,YAAY,EAAE,WAAW;SAC1B,CAAC;KACH,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;IAE9B,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QACxB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;IAClE,CAAC;IAED,OAAO;QACL,EAAE,EAAE,IAAI;QACR,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YACxB,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK;YAC1B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;YACxB,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM;YAC5B,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS;YAClC,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS;YAClC,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS;YAClC,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ;YAChC,SAAS;SACV,CAAC,CAAC,CAAC,SAAS;KACd,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,SAAiB,EACjB,WAAmB,EACnB,eAAuB,EACvB,WAAmB,EACnB,SAA6B,EAC7B,MAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,CAAC,MAAM,mBAAmB,EAAE;QAC3D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,WAAW,EAAE,MAAM,CAAC,MAAM;SAC3B;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,UAAU,EAAE,SAAS;YACrB,YAAY,EAAE,WAAW;YACzB,iBAAiB,EAAE,eAAe;YAClC,aAAa,EAAE,WAAW;YAC1B,UAAU,EAAE,SAAS;SACtB,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IACzB,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;AACpB,CAAC"}

package/dist/src/verify.d.ts

@@ -0,0 +1,12 @@
+import type { TruIdentity, TruxConfig } from './identity.js';
+interface VerifyResult {
+    valid: boolean;
+    identity?: TruIdentity;
+    error?: string;
+}
+/**
+ * Verify an SPT credential with the tru API and return user identity.
+ */
+export declare function verifyCredential(credential: string, amountCents: number, config: TruxConfig): Promise<VerifyResult>;
+export {};
+//# sourceMappingURL=verify.d.ts.map

package/dist/src/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/verify.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE7D,UAAU,YAAY;IACpB,KAAK,EAAE,OAAO,CAAC;IACf,QAAQ,CAAC,EAAE,WAAW,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,CAoCvB"}

package/dist/src/verify.js

@@ -0,0 +1,38 @@
+/**
+ * Verify an SPT credential with the tru API and return user identity.
+ */
+export async function verifyCredential(credential, amountCents, config) {
+    const res = await fetch(`${config.apiUrl}/api/mpp/verify-credential`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'X-API-Key': config.apiKey,
+        },
+        body: JSON.stringify({
+            credential,
+            amount_cents: amountCents,
+            app_id: config.appId,
+        }),
+    });
+    if (!res.ok) {
+        const err = await res.json().catch(() => ({ error: 'Verification failed' }));
+        return { valid: false, error: err.error || `HTTP ${res.status}` };
+    }
+    const data = await res.json();
+    if (!data.valid) {
+        return { valid: false, error: data.error };
+    }
+    return {
+        valid: true,
+        identity: {
+            email: data.identity.email,
+            name: data.identity.name,
+            userId: data.identity.userId,
+            cardBrand: data.identity.cardBrand,
+            cardLast4: data.identity.cardLast4,
+            agentName: data.identity.agentName,
+            chargeId: data.identity.chargeId,
+        },
+    };
+}
+//# sourceMappingURL=verify.js.map

package/dist/src/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/verify.ts"],"names":[],"mappings":"AAQA;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,UAAkB,EAClB,WAAmB,EACnB,MAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,CAAC,MAAM,4BAA4B,EAAE;QACpE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,WAAW,EAAE,MAAM,CAAC,MAAM;SAC3B;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,UAAU;YACV,YAAY,EAAE,WAAW;YACzB,MAAM,EAAE,MAAM,CAAC,KAAK;SACrB,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC,CAAC;QAC7E,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;IACpE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAChB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;IAC7C,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE;YACR,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK;YAC1B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;YACxB,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM;YAC5B,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS;YAClC,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS;YAClC,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS;YAClC,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ;SACjC;KACF,CAAC;AACJ,CAAC"}

package/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "tru-402",
+  "version": "0.1.0",
+  "description": "One-line middleware for agent commerce. Add paid endpoints with identity — no setup flow, no API keys for buyers.",
+  "type": "module",
+  "bin": {
+    "tru-402": "dist/bin/trux.js"
+  },
+  "exports": {
+    ".": "./dist/src/index.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {
+    "@types/express": "^5.0.0",
+    "@types/node": "^22.10.7",
+    "typescript": "^5.7.3"
+  },
+  "peerDependencies": {
+    "express": ">=4.0.0"
+  },
+  "keywords": [
+    "agent",
+    "commerce",
+    "middleware",
+    "402",
+    "payment",
+    "tru",
+    "mpp",
+    "stripe",
+    "express"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/dwurtz/tru"
+  },
+  "author": "Very Tru, LLC",
+  "license": "MIT"
+}