x402-trust-layer 5.1.0

package/dist/lib/openapi-meta.js

@@ -0,0 +1,235 @@
+/** OpenAPI / Bazaar summaries per route */
+export const ENDPOINT_META = {
+    "/api/x402/proxy": {
+        summary: "x402 proxy: guard + security + attestation in one call",
+        tags: ["x402", "proxy", "preflight", "guard"],
+    },
+    "/api/mpp/session": {
+        summary: "MPP session v2: open, voucher, close",
+        tags: ["mpp", "batch", "solana"],
+    },
+    "/api/attestation/issue": {
+        summary: "Issue signed preflight attestation",
+        tags: ["attestation", "trust", "security"],
+    },
+    "/api/attestation/verify": {
+        summary: "Verify attestation signature",
+        tags: ["attestation", "verify"],
+    },
+    "/api/attestation/registry": {
+        summary: "Query attestation registry",
+        tags: ["attestation", "registry"],
+    },
+    "/api/guard/pre-x402": {
+        summary: "Pre-x402 guard: spend + identity + risk in one call",
+        tags: ["guard", "preflight", "policy"],
+    },
+    "/api/agent/verify": {
+        summary: "ERC-8004 TrustScore on Base mainnet",
+        tags: ["erc-8004", "identity", "trust-score"],
+    },
+    "/api/pipeline/execute": {
+        summary: "One-shot pipeline: guard, plan, facilitator, marketplace routing",
+        tags: ["pipeline", "orchestration"],
+    },
+    "/api/payment-intent/compile": {
+        summary: "Compile multi-step x402 execution plan from natural language",
+        tags: ["plan", "compiler"],
+    },
+    "/api/facilitator/failover": {
+        summary: "Rank facilitators and recommend failover path",
+        tags: ["facilitator", "failover"],
+    },
+    "/api/mpp/session-plan": {
+        summary: "Estimate MPP session vs per-call settlement savings",
+        tags: ["mpp", "estimate"],
+    },
+    "/api/spend-governor/check": {
+        summary: "Enforce agent daily and per-call spend caps",
+        tags: ["spend", "budget", "policy"],
+    },
+    "/api/identity-gate/check": {
+        summary: "Wallet identity tier and risk scoring",
+        tags: ["identity", "wallet"],
+    },
+    "/api/risk-gate/scan": {
+        summary: "Probe URL security, HTTPS, and x402 payment requirements",
+        tags: ["risk", "scan", "security"],
+    },
+    "/api/router/route": {
+        summary: "Route capability query to best x402 API",
+        tags: ["router", "marketplace"],
+    },
+    "/api/research/brief": {
+        summary: "Research pipeline plan and cost estimate",
+        tags: ["research", "brief"],
+    },
+    "/api/receipt-auditor/verify": {
+        summary: "Verify x402 settlement receipt on-chain",
+        tags: ["receipt", "audit", "settlement"],
+    },
+    "/api/refund-arbiter/evaluate": {
+        summary: "Evaluate refund eligibility from verification signals",
+        tags: ["refund", "arbiter"],
+    },
+    "/api/budget-allocator/run": {
+        summary: "Allocate shared USDC pool across agent fleet",
+        tags: ["budget", "fleet"],
+    },
+    "/api/settlement-graph/next": {
+        summary: "Recommend next paid APIs after a settlement",
+        tags: ["graph", "recommendations"],
+    },
+    "/api/quality-monitor/probe": {
+        summary: "Regression probe up to 10 x402 endpoints",
+        tags: ["monitor", "quality"],
+    },
+    "/api/evidence-locker/export": {
+        summary: "Export compliance audit bundle for settlements",
+        tags: ["compliance", "audit"],
+    },
+    "/api/agent-escrow": {
+        summary: "Create, status, or release agent-to-agent USDC escrow",
+        tags: ["escrow", "agents"],
+    },
+    "/api/a2a/execute": {
+        summary: "Agent-to-agent x402 orchestration: trust preflight then paid call to seller endpoint",
+        tags: ["a2a", "agents", "orchestration"],
+    },
+    "/api/bedrock/preflight": {
+        summary: "AWS Bedrock / enterprise agent preflight: guard, mandate, and trust bundle before x402 pay",
+        tags: ["bedrock", "enterprise", "preflight"],
+    },
+    "/api/market/buy-advisor": {
+        summary: "x402 buy quote: rank paid APIs, policy, chain, MPP before you pay",
+        tags: ["marketplace", "quote", "discovery", "jupiter-like"],
+    },
+    "/api/seller/audition-coach": {
+        summary: "Seller audition coach: OpenAPI, 402 probes, Bazaar fixes before Dexter ingest",
+        tags: ["seller", "audition", "discovery", "quality"],
+    },
+    "/api/merchant-trust/score": {
+        summary: "Know-Your-Merchant trust + wash-trading score before payment",
+        tags: ["trust", "kym", "wash-trade", "preflight"],
+    },
+    "/api/mandate/compile": {
+        summary: "Compile a signed, scoped AP2-style payment mandate from intent",
+        tags: ["mandate", "ap2", "intent", "governance"],
+    },
+    "/api/mandate/verify": {
+        summary: "Verify mandate signature and scope a proposed payment",
+        tags: ["mandate", "verify", "governance"],
+    },
+    "/api/rail-optimizer/route": {
+        summary: "Choose best rail: Visa CLI, Stripe MPP, Circle, Base, Solana",
+        tags: ["rail", "router", "visa-cli", "mpp", "cost"],
+    },
+    "/api/compliance/ledger": {
+        summary: "CFO/SOC2-grade spend reconciliation with policy flags and tamper hash",
+        tags: ["compliance", "audit", "cfo", "ledger"],
+    },
+    "/api/dispute/resolve": {
+        summary: "Visa chargeback dossier or on-chain refund claim builder",
+        tags: ["dispute", "chargeback", "visa", "refund"],
+    },
+    "/api/quality-escrow/settle": {
+        summary: "Quality-gated escrow with response verification and auto-refund",
+        tags: ["escrow", "quality", "refund", "trust"],
+    },
+    "/api/quality-escrow/semantic-settle": {
+        summary: "Semantic delivery escrow: intent rubric + schema before release/refund",
+        tags: ["escrow", "semantic", "delivery"],
+    },
+    "/api/mandate/diff": {
+        summary: "Compare mandate scope to MCP tool trace before x402 payment",
+        tags: ["mandate", "intent", "diff"],
+    },
+    "/api/merchant-trust/certify": {
+        summary: "Certify seller: KYM pass, signed badge, buyer policy",
+        tags: ["certification", "seller", "trust-network"],
+    },
+    "/api/trust-network/buyer-gate": {
+        summary: "Certified seller buyer gate before payment",
+        tags: ["trust-network", "attestation", "gate"],
+    },
+    "/api/pipeline/trust-v2": {
+        summary: "Trust v2 bundle: mandate diff + KYM + guard + buyer gate",
+        tags: ["pipeline", "trust-v2", "orchestration"],
+    },
+    "/api/trust-network/bond/slash": {
+        summary: "Slash seller virtual bond after failed delivery",
+        tags: ["bond", "slash", "trust-network"],
+    },
+    "/api/protocol/pipeline/full-trust": {
+        summary: "Agent Trust Protocol v4 full pipeline before x402 payment",
+        tags: ["protocol", "trust", "pipeline"],
+    },
+    "/api/protocol/passport/issue": {
+        summary: "Issue Agent Passport DID verifiable credential",
+        tags: ["protocol", "did", "identity"],
+    },
+    "/api/protocol/passport/verify": {
+        summary: "Verify Agent Passport credential signature",
+        tags: ["protocol", "did", "verify"],
+    },
+    "/api/protocol/trust-score/v2": {
+        summary: "TrustScore v2 with tamper-resistant HMAC proof",
+        tags: ["protocol", "trust-score"],
+    },
+    "/api/protocol/fraud/scan": {
+        summary: "Graph fraud scan for Sybil and wash trading",
+        tags: ["protocol", "fraud"],
+    },
+    "/api/protocol/oracle/consensus": {
+        summary: "Trust oracle quorum consensus",
+        tags: ["protocol", "oracle"],
+    },
+    "/api/protocol/execution/issue": {
+        summary: "Proof of Execution task receipt",
+        tags: ["protocol", "poe"],
+    },
+    "/api/protocol/execution/verify": {
+        summary: "Verify Proof of Execution receipt",
+        tags: ["protocol", "poe", "verify"],
+    },
+    "/api/protocol/reasoning/commit": {
+        summary: "Commit reasoning audit Merkle tree",
+        tags: ["protocol", "audit", "merkle"],
+    },
+    "/api/protocol/reasoning/disclose": {
+        summary: "Selective disclosure of reasoning audit leaves",
+        tags: ["protocol", "zk", "disclosure"],
+    },
+    "/api/protocol/escrow/create": {
+        summary: "Create escrow FSM (CREATED)",
+        tags: ["protocol", "escrow"],
+    },
+    "/api/protocol/escrow/transition": {
+        summary: "Transition escrow FSM state",
+        tags: ["protocol", "escrow"],
+    },
+    "/api/protocol/escrow/status": {
+        summary: "Query escrow FSM status",
+        tags: ["protocol", "escrow"],
+    },
+    "/api/protocol/replay/bind": {
+        summary: "Replay-safe payment binding",
+        tags: ["protocol", "replay", "security"],
+    },
+    "/api/protocol/replay/verify": {
+        summary: "Verify and consume replay binding",
+        tags: ["protocol", "replay"],
+    },
+    "/api/protocol/zk/prove": {
+        summary: "ZK-style proof of budget, reputation, or compliance",
+        tags: ["protocol", "zk"],
+    },
+    "/api/protocol/credit/score": {
+        summary: "AI Agent Credit Bureau 300-900",
+        tags: ["protocol", "credit"],
+    },
+    "/api/protocol/compliance/assess": {
+        summary: "Enterprise AML/KYC compliance assess",
+        tags: ["protocol", "compliance"],
+    },
+};

package/dist/lib/otel.d.ts

@@ -0,0 +1,2 @@
+/** Start OpenTelemetry when OTEL_ENABLED=1 and packages are installed. */
+export declare function startOtelIfEnabled(): Promise<void>;

package/dist/lib/otel.js

@@ -0,0 +1,25 @@
+import { logger } from "./logger.js";
+let started = false;
+/** Start OpenTelemetry when OTEL_ENABLED=1 and packages are installed. */
+export async function startOtelIfEnabled() {
+    if (started || process.env.OTEL_ENABLED !== "1")
+        return;
+    try {
+        const spec = "@opentelemetry/sdk-node";
+        const mod = await import(/* webpackIgnore: true */ spec);
+        const autoSpec = "@opentelemetry/auto-instrumentations-node";
+        const auto = await import(/* webpackIgnore: true */ autoSpec);
+        const sdk = new mod.NodeSDK({
+            instrumentations: [auto.getNodeAutoInstrumentations()],
+        });
+        await sdk.start();
+        started = true;
+        logger.info({}, "OpenTelemetry SDK started");
+    }
+    catch (err) {
+        logger.warn({
+            err: err instanceof Error ? err.message : String(err),
+            hint: "npm install @opentelemetry/sdk-node @opentelemetry/auto-instrumentations-node",
+        }, "OpenTelemetry not started");
+    }
+}

package/dist/lib/paid-resource-url.d.ts

@@ -0,0 +1,6 @@
+import type { Request } from "express";
+/**
+ * Canonical x402 resource URL for the request being paid.
+ * Local dev: use request Host. Production: reject foreign Host headers (SSRF/metadata injection).
+ */
+export declare function resolvePaidResourceUrl(req: Request): string;

package/dist/lib/paid-resource-url.js

@@ -0,0 +1,47 @@
+import { config } from "../config.js";
+function isLocalHost(host) {
+    const h = host.toLowerCase().split(":")[0] ?? host;
+    return h === "localhost" || h === "127.0.0.1" || h === "::1";
+}
+function canonicalPublicHost() {
+    try {
+        return new URL(config.publicBaseUrl).host.toLowerCase();
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Canonical x402 resource URL for the request being paid.
+ * Local dev: use request Host. Production: reject foreign Host headers (SSRF/metadata injection).
+ */
+export function resolvePaidResourceUrl(req) {
+    const pathOnly = (req.originalUrl ?? req.url ?? req.path).split("?")[0] || req.path;
+    const path = pathOnly.startsWith("/") ? pathOnly : `/${pathOnly}`;
+    const base = config.publicBaseUrl.replace(/\/$/, "");
+    const fallback = `${base}${path}`;
+    const hostHeader = req.get("host")?.trim();
+    if (!hostHeader)
+        return fallback;
+    const reqHost = hostHeader.split(":")[0]?.toLowerCase() ?? "";
+    const publicHost = canonicalPublicHost();
+    if (isLocalHost(reqHost)) {
+        const forwarded = req.get("x-forwarded-proto")?.split(",")[0]?.trim();
+        const proto = forwarded === "https" || forwarded === "http"
+            ? forwarded
+            : req.protocol === "https"
+                ? "https"
+                : "http";
+        return `${proto}://${hostHeader}${path}`;
+    }
+    if (publicHost && reqHost !== publicHost) {
+        return fallback;
+    }
+    const forwarded = req.get("x-forwarded-proto")?.split(",")[0]?.trim();
+    const proto = forwarded === "https" || forwarded === "http"
+        ? forwarded
+        : req.protocol === "https"
+            ? "https"
+            : "http";
+    return `${proto}://${hostHeader}${path}`;
+}

package/dist/lib/parse-with-verifier-fallback.d.ts

@@ -0,0 +1,3 @@
+import { z } from "zod";
+/** Zod safeParse with canonical VERIFY_EXAMPLES merge (x402gle partial bodies). */
+export declare function parseWithVerifierFallback<T extends z.ZodTypeAny>(path: string, schema: T, body: unknown): z.SafeParseReturnType<z.infer<T>, z.infer<T>>;

package/dist/lib/parse-with-verifier-fallback.js

@@ -0,0 +1,13 @@
+import { mergeCompatibleProbeInput } from "./apply-verifier-body.js";
+import { VERIFY_EXAMPLES } from "./verify-examples.js";
+/** Zod safeParse with canonical VERIFY_EXAMPLES merge (x402gle partial bodies). */
+export function parseWithVerifierFallback(path, schema, body) {
+    const ex = VERIFY_EXAMPLES[path];
+    const raw = body && typeof body === "object" && !Array.isArray(body)
+        ? body
+        : {};
+    if (ex && typeof ex === "object" && !Array.isArray(ex)) {
+        return schema.safeParse(mergeCompatibleProbeInput(ex, raw));
+    }
+    return schema.safeParse(body);
+}

package/dist/lib/payment-request-context.d.ts

@@ -0,0 +1,10 @@
+import { AsyncLocalStorage } from "node:async_hooks";
+import type { Request } from "express";
+export type PaymentRequestStore = Request & {
+    x402PendingNonce?: {
+        nonce: string;
+        network: string;
+    };
+};
+export declare const paymentRequestAls: AsyncLocalStorage<PaymentRequestStore>;
+export declare function getPaymentRequestStore(): PaymentRequestStore | undefined;

package/dist/lib/payment-request-context.js

@@ -0,0 +1,5 @@
+import { AsyncLocalStorage } from "node:async_hooks";
+export const paymentRequestAls = new AsyncLocalStorage();
+export function getPaymentRequestStore() {
+    return paymentRequestAls.getStore();
+}

package/dist/lib/payment-response.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Parse x402 v2 PAYMENT-RESPONSE header (base64 JSON).
+ */
+export type ParsedPaymentResponse = {
+    transaction?: string;
+    txHash?: string;
+    payer?: string;
+    network?: string;
+    amountUsdc?: number;
+    raw: Record<string, unknown>;
+};
+export declare function parsePaymentResponseHeader(headerValue: string | null): ParsedPaymentResponse | null;
+export declare function paymentResponseFromHeaders(headers: Headers): ParsedPaymentResponse | null;

package/dist/lib/payment-response.js

@@ -0,0 +1,39 @@
+export function parsePaymentResponseHeader(headerValue) {
+    if (!headerValue?.trim())
+        return null;
+    try {
+        const json = Buffer.from(headerValue.trim(), "base64").toString("utf8");
+        const raw = JSON.parse(json);
+        const tx = (typeof raw.transaction === "string" && raw.transaction) ||
+            (typeof raw.txHash === "string" && raw.txHash) ||
+            undefined;
+        let amountUsdc;
+        if (typeof raw.amount === "number")
+            amountUsdc = raw.amount;
+        else if (typeof raw.amountUsdc === "number")
+            amountUsdc = raw.amountUsdc;
+        else if (typeof raw.amount === "string") {
+            amountUsdc = Number(raw.amount) / 1_000_000;
+        }
+        else if (typeof raw.maxAmountRequired === "string") {
+            amountUsdc = Number(raw.maxAmountRequired) / 1_000_000;
+        }
+        if (raw.success === true && !amountUsdc)
+            amountUsdc = 1;
+        return {
+            transaction: tx,
+            txHash: tx,
+            payer: typeof raw.payer === "string" ? raw.payer : undefined,
+            network: typeof raw.network === "string" ? raw.network : undefined,
+            amountUsdc,
+            raw,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+export function paymentResponseFromHeaders(headers) {
+    const h = headers.get("PAYMENT-RESPONSE") ?? headers.get("payment-response");
+    return parsePaymentResponseHeader(h);
+}

package/dist/lib/payto-guard.d.ts

@@ -0,0 +1,10 @@
+export declare function isTrustedPayTo(payTo: string | undefined): boolean;
+export declare function validateIncomingPaymentRequirements(requirements: {
+    payTo?: string;
+    network?: string;
+}): {
+    ok: true;
+} | {
+    ok: false;
+    error: string;
+};

package/dist/lib/payto-guard.js

@@ -0,0 +1,20 @@
+import { config, isAllowedNetwork } from "../config.js";
+export function isTrustedPayTo(payTo) {
+    if (!payTo)
+        return false;
+    const lower = payTo.toLowerCase();
+    return (lower === config.payTo.toLowerCase() ||
+        (!!config.payToEvm && lower === config.payToEvm.toLowerCase()));
+}
+export function validateIncomingPaymentRequirements(requirements) {
+    if (requirements.network && !isAllowedNetwork(requirements.network)) {
+        return { ok: false, error: `Network not allowed: ${requirements.network}` };
+    }
+    if (requirements.payTo && !isTrustedPayTo(requirements.payTo)) {
+        return {
+            ok: false,
+            error: "Payment address mismatch — possible payTo redirect attack",
+        };
+    }
+    return { ok: true };
+}

package/dist/lib/probe.d.ts

@@ -0,0 +1,29 @@
+export type PaymentOption = {
+    priceUsdc: number;
+    network: string;
+    payTo: string | null;
+    scheme: string | null;
+};
+export type ProbeResult = {
+    url: string;
+    status: number;
+    requiresPayment: boolean;
+    authMode: "paid" | "unprotected" | "unknown";
+    priceUsdc: number | null;
+    network: string | null;
+    payTo: string | null;
+    paymentOptions: PaymentOption[];
+    warnings: string[];
+};
+export type ProbeOptions = {
+    method?: "GET" | "POST" | "HEAD";
+    body?: string;
+    contentType?: string;
+    /** Skip network I/O — used for Dexter/x402gle verifier audits */
+    fastSynthetic?: boolean;
+    timeoutMs?: number;
+};
+export declare function probeEndpoint(targetUrl: string, options?: ProbeOptions): Promise<ProbeResult>;
+/** Pick cheapest payment rail; prefer eip155:8453 when within 5% of minimum. */
+export declare function pickCheapestRail(options: PaymentOption[], preferNetwork?: string): PaymentOption | null;
+export declare function hostOf(url: string): string | null;

package/dist/lib/probe.js

@@ -0,0 +1,157 @@
+import { assertSafeOutboundUrl, UnsafeUrlError } from "./ssrf.js";
+function parsePaymentOptions(body) {
+    if (!body || typeof body !== "object")
+        return [];
+    const record = body;
+    const raw = Array.isArray(record.paymentOptions)
+        ? record.paymentOptions
+        : Array.isArray(record.accepts)
+            ? record.accepts
+            : [];
+    const out = [];
+    for (const item of raw) {
+        if (!item || typeof item !== "object")
+            continue;
+        const o = item;
+        const raw = typeof o.price === "number"
+            ? o.price
+            : Number(o.maxAmountRequired ?? o.price ?? 0);
+        const price = raw >= 1000 ? raw / 1_000_000 : raw > 0 ? raw : null;
+        const network = typeof o.network === "string" ? o.network : null;
+        if (price == null || !network)
+            continue;
+        out.push({
+            priceUsdc: price,
+            network,
+            payTo: typeof o.payTo === "string" ? o.payTo : null,
+            scheme: typeof o.scheme === "string" ? o.scheme : null,
+        });
+    }
+    return out;
+}
+function firstOption(options) {
+    const first = options[0];
+    if (!first)
+        return { priceUsdc: null, network: null, payTo: null };
+    return {
+        priceUsdc: first.priceUsdc,
+        network: first.network,
+        payTo: first.payTo,
+    };
+}
+export async function probeEndpoint(targetUrl, options = {}) {
+    if (options.fastSynthetic) {
+        const { syntheticPaidProbe } = await import("./verifier-fast-path.js");
+        return syntheticPaidProbe(targetUrl);
+    }
+    const warnings = [];
+    let status = 0;
+    let body = null;
+    try {
+        assertSafeOutboundUrl(targetUrl);
+    }
+    catch (err) {
+        const msg = err instanceof UnsafeUrlError ? err.message : "URL blocked by policy";
+        warnings.push(msg);
+        return {
+            url: targetUrl,
+            status: 0,
+            requiresPayment: false,
+            authMode: "unknown",
+            priceUsdc: null,
+            network: null,
+            payTo: null,
+            paymentOptions: [],
+            warnings,
+        };
+    }
+    try {
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), options.timeoutMs ?? 6_000);
+        const method = options.method ?? "GET";
+        const headers = { accept: "application/json" };
+        const init = { method, redirect: "manual", signal: controller.signal, headers };
+        if (method === "POST") {
+            headers["content-type"] = options.contentType ?? "application/json";
+            init.body = options.body ?? "{}";
+        }
+        const res = await fetch(targetUrl, init);
+        clearTimeout(timer);
+        if (res.status >= 300 && res.status < 400) {
+            warnings.push(`Redirects not followed (HTTP ${res.status}) — supply final URL directly`);
+            status = res.status;
+            return {
+                url: targetUrl,
+                status,
+                requiresPayment: false,
+                authMode: "unknown",
+                priceUsdc: null,
+                network: null,
+                payTo: null,
+                paymentOptions: [],
+                warnings,
+            };
+        }
+        status = res.status;
+        const text = await res.text();
+        try {
+            body = text ? JSON.parse(text) : null;
+        }
+        catch {
+            body = { raw: text.slice(0, 500) };
+        }
+    }
+    catch (err) {
+        warnings.push(`Probe failed: ${err instanceof Error ? err.message : String(err)}`);
+        return {
+            url: targetUrl,
+            status: 0,
+            requiresPayment: false,
+            authMode: "unknown",
+            priceUsdc: null,
+            network: null,
+            payTo: null,
+            paymentOptions: [],
+            warnings,
+        };
+    }
+    const paymentOptions = parsePaymentOptions(body);
+    const parsed = firstOption(paymentOptions);
+    const requiresPayment = status === 402;
+    if (requiresPayment && paymentOptions.length === 0) {
+        warnings.push("402 without parseable paymentOptions/accepts");
+    }
+    return {
+        url: targetUrl,
+        status,
+        requiresPayment,
+        authMode: requiresPayment ? "paid" : status === 200 ? "unprotected" : "unknown",
+        priceUsdc: parsed.priceUsdc,
+        network: parsed.network,
+        payTo: parsed.payTo,
+        paymentOptions,
+        warnings,
+    };
+}
+/** Pick cheapest payment rail; prefer eip155:8453 when within 5% of minimum. */
+export function pickCheapestRail(options, preferNetwork) {
+    if (options.length === 0)
+        return null;
+    const sorted = [...options].sort((a, b) => a.priceUsdc - b.priceUsdc);
+    const min = sorted[0];
+    if (!preferNetwork)
+        return min;
+    const pref = preferNetwork.toLowerCase();
+    const preferred = sorted.find((o) => o.network.toLowerCase().includes(pref));
+    if (preferred && preferred.priceUsdc <= min.priceUsdc * 1.05)
+        return preferred;
+    return min;
+}
+export function hostOf(url) {
+    try {
+        return new URL(url).hostname.toLowerCase();
+    }
+    catch {
+        return null;
+    }
+}

package/dist/lib/problem-detail.d.ts

@@ -0,0 +1,10 @@
+export type ProblemDetail = {
+    type: string;
+    title: string;
+    status: number;
+    detail?: string;
+    instance?: string;
+    suggestion?: string;
+};
+export declare function problemDetail(status: number, title: string, detail?: string, suggestion?: string): ProblemDetail;
+export declare function sendProblem(res: import("express").Response, status: number, title: string, detail?: string, suggestion?: string): void;

package/dist/lib/problem-detail.js

@@ -0,0 +1,14 @@
+export function problemDetail(status, title, detail, suggestion) {
+    return {
+        type: `https://x402trustlayer.xyz/errors/${title.toLowerCase().replace(/\s+/g, "-")}`,
+        title,
+        status,
+        detail,
+        instance: undefined,
+        suggestion,
+    };
+}
+export function sendProblem(res, status, title, detail, suggestion) {
+    const body = problemDetail(status, title, detail, suggestion);
+    res.status(status).type("application/problem+json").json(body);
+}