x402z-server 0.0.7 → 0.0.9

package/README.md

@@ -8,13 +8,19 @@ Server-side helpers for the erc7984-mind-v1 x402 scheme.
 pnpm add x402z-server
 ```
 
+## Folder map
+
+- `src/http/`: server HTTP helpers
+- `src/scheme/`: scheme implementation + registration
+- `src/index.ts`: public exports
+
 ## Usage
 
 ```ts
 import { createX402zServer } from "x402z-server";
-import { createRelayerInstance, SepoliaConfig } from "x402z-shared";
+import { createRelayer, SepoliaConfig } from "x402z-shared";
 
-const relayer = await createRelayerInstance({
+const relayer = await createRelayer({
   ...SepoliaConfig,
   network: "https://sepolia.infura.io/v3/...",
 });

package/dist/index.d.mts

@@ -4,9 +4,9 @@ import { x402ResourceServer } from '@x402/core/server';
 export { x402ResourceServer } from '@x402/core/server';
 import * as http from 'http';
 import { RelayerSigner, RelayerInstance } from 'x402z-shared';
-export { CompiledRoute, DynamicPayTo, DynamicPrice, FacilitatorClient, FacilitatorConfig, HTTPAdapter, HTTPFacilitatorClient, HTTPProcessResult, HTTPRequestContext, HTTPResponseInstructions, PaymentOption, PaywallConfig, PaywallProvider, ProcessSettleFailureResponse, ProcessSettleResultResponse, ProcessSettleSuccessResponse, RouteConfig, RouteConfigurationError, RouteValidationError, RoutesConfig, UnpaidResponseBody, UnpaidResponseResult, x402HTTPResourceServer } from '@x402/core/http';
+export { CompiledRoute, DynamicPayTo, DynamicPrice, FacilitatorClient, FacilitatorConfig, HTTPAdapter, HTTPFacilitatorClient, HTTPProcessResult, HTTPRequestContext, HTTPResponseInstructions, PaymentOption, PaywallConfig, PaywallProvider, ProcessSettleFailureResponse, ProcessSettleResultResponse, ProcessSettleSuccessResponse, RouteConfigurationError, RouteValidationError, RoutesConfig, UnpaidResponseBody, UnpaidResponseResult, x402HTTPResourceServer } from '@x402/core/http';
 
-type ConfidentialServerNetworkConfig = {
+type X402zServerNetworkOptions = {
     asset: `0x${string}`;
     eip712: {
         name: string;
@@ -16,13 +16,13 @@ type ConfidentialServerNetworkConfig = {
     resourceHash?: `0x${string}`;
     batcherAddress: `0x${string}`;
 };
-type ConfidentialServerConfig = ConfidentialServerNetworkConfig | {
-    getNetworkConfig: (network: Network) => ConfidentialServerNetworkConfig;
+type X402zServerSchemeOptions = X402zServerNetworkOptions | {
+    getNetworkConfig: (network: Network) => X402zServerNetworkOptions;
 };
-declare class ConfidentialEvmScheme implements SchemeNetworkServer {
+declare class X402zEvmServerScheme implements SchemeNetworkServer {
     readonly scheme = "erc7984-mind-v1";
     private readonly getConfig;
-    constructor(config: ConfidentialServerConfig);
+    constructor(config: X402zServerSchemeOptions);
     parsePrice(price: Price, network: Network): Promise<AssetAmount>;
     enhancePaymentRequirements(paymentRequirements: PaymentRequirements, supportedKind: {
         x402Version: number;
@@ -34,12 +34,12 @@ declare class ConfidentialEvmScheme implements SchemeNetworkServer {
     private convertToTokenAmount;
 }
 
-type ConfidentialServerRegisterConfig = ConfidentialServerConfig & {
+type X402zServerRegistrationOptions = X402zServerSchemeOptions & {
     networks?: Network[];
 };
-declare function registerConfidentialEvmScheme(server: x402ResourceServer, config: ConfidentialServerRegisterConfig): x402ResourceServer;
+declare function registerX402zEvmServerScheme(server: x402ResourceServer, config: X402zServerRegistrationOptions): x402ResourceServer;
 
-type X402zRouteConfig = {
+type X402zRouteOptions = {
     accepts: {
         payTo: string;
         price: string;
@@ -57,14 +57,22 @@ type X402zRouteHandler = (args: {
     headers?: Record<string, string>;
     body: string;
 }>;
-type X402zServerConfig = ConfidentialServerRegisterConfig & {
+type X402zServerOptions = X402zServerRegistrationOptions & {
     facilitatorUrl: string;
-    routes: Record<string, X402zRouteConfig>;
+    routes: Record<string, X402zRouteOptions>;
     onPaid: X402zRouteHandler;
     signer: RelayerSigner;
     relayer: RelayerInstance;
     debug?: boolean;
+    cors?: {
+        allowOrigin: string;
+        allowMethods?: string;
+        allowHeaders?: string;
+        exposeHeaders?: string;
+        allowCredentials?: boolean;
+        maxAgeSeconds?: number;
+    };
 };
-declare function createX402zServer(config: X402zServerConfig): Promise<http.Server<typeof http.IncomingMessage, typeof http.ServerResponse>>;
+declare function createX402zServer(config: X402zServerOptions): Promise<http.Server<typeof http.IncomingMessage, typeof http.ServerResponse>>;
 
-export { ConfidentialEvmScheme, type ConfidentialServerConfig, type ConfidentialServerNetworkConfig, type ConfidentialServerRegisterConfig, type X402zRouteConfig, type X402zRouteHandler, type X402zServerConfig, createX402zServer, registerConfidentialEvmScheme };
+export { X402zEvmServerScheme, type X402zRouteHandler, type X402zRouteOptions, type X402zServerNetworkOptions, type X402zServerOptions, type X402zServerRegistrationOptions, type X402zServerSchemeOptions, createX402zServer, registerX402zEvmServerScheme };

package/dist/index.d.ts

@@ -4,9 +4,9 @@ import { x402ResourceServer } from '@x402/core/server';
 export { x402ResourceServer } from '@x402/core/server';
 import * as http from 'http';
 import { RelayerSigner, RelayerInstance } from 'x402z-shared';
-export { CompiledRoute, DynamicPayTo, DynamicPrice, FacilitatorClient, FacilitatorConfig, HTTPAdapter, HTTPFacilitatorClient, HTTPProcessResult, HTTPRequestContext, HTTPResponseInstructions, PaymentOption, PaywallConfig, PaywallProvider, ProcessSettleFailureResponse, ProcessSettleResultResponse, ProcessSettleSuccessResponse, RouteConfig, RouteConfigurationError, RouteValidationError, RoutesConfig, UnpaidResponseBody, UnpaidResponseResult, x402HTTPResourceServer } from '@x402/core/http';
+export { CompiledRoute, DynamicPayTo, DynamicPrice, FacilitatorClient, FacilitatorConfig, HTTPAdapter, HTTPFacilitatorClient, HTTPProcessResult, HTTPRequestContext, HTTPResponseInstructions, PaymentOption, PaywallConfig, PaywallProvider, ProcessSettleFailureResponse, ProcessSettleResultResponse, ProcessSettleSuccessResponse, RouteConfigurationError, RouteValidationError, RoutesConfig, UnpaidResponseBody, UnpaidResponseResult, x402HTTPResourceServer } from '@x402/core/http';
 
-type ConfidentialServerNetworkConfig = {
+type X402zServerNetworkOptions = {
     asset: `0x${string}`;
     eip712: {
         name: string;
@@ -16,13 +16,13 @@ type ConfidentialServerNetworkConfig = {
     resourceHash?: `0x${string}`;
     batcherAddress: `0x${string}`;
 };
-type ConfidentialServerConfig = ConfidentialServerNetworkConfig | {
-    getNetworkConfig: (network: Network) => ConfidentialServerNetworkConfig;
+type X402zServerSchemeOptions = X402zServerNetworkOptions | {
+    getNetworkConfig: (network: Network) => X402zServerNetworkOptions;
 };
-declare class ConfidentialEvmScheme implements SchemeNetworkServer {
+declare class X402zEvmServerScheme implements SchemeNetworkServer {
     readonly scheme = "erc7984-mind-v1";
     private readonly getConfig;
-    constructor(config: ConfidentialServerConfig);
+    constructor(config: X402zServerSchemeOptions);
     parsePrice(price: Price, network: Network): Promise<AssetAmount>;
     enhancePaymentRequirements(paymentRequirements: PaymentRequirements, supportedKind: {
         x402Version: number;
@@ -34,12 +34,12 @@ declare class ConfidentialEvmScheme implements SchemeNetworkServer {
     private convertToTokenAmount;
 }
 
-type ConfidentialServerRegisterConfig = ConfidentialServerConfig & {
+type X402zServerRegistrationOptions = X402zServerSchemeOptions & {
     networks?: Network[];
 };
-declare function registerConfidentialEvmScheme(server: x402ResourceServer, config: ConfidentialServerRegisterConfig): x402ResourceServer;
+declare function registerX402zEvmServerScheme(server: x402ResourceServer, config: X402zServerRegistrationOptions): x402ResourceServer;
 
-type X402zRouteConfig = {
+type X402zRouteOptions = {
     accepts: {
         payTo: string;
         price: string;
@@ -57,14 +57,22 @@ type X402zRouteHandler = (args: {
     headers?: Record<string, string>;
     body: string;
 }>;
-type X402zServerConfig = ConfidentialServerRegisterConfig & {
+type X402zServerOptions = X402zServerRegistrationOptions & {
     facilitatorUrl: string;
-    routes: Record<string, X402zRouteConfig>;
+    routes: Record<string, X402zRouteOptions>;
     onPaid: X402zRouteHandler;
     signer: RelayerSigner;
     relayer: RelayerInstance;
     debug?: boolean;
+    cors?: {
+        allowOrigin: string;
+        allowMethods?: string;
+        allowHeaders?: string;
+        exposeHeaders?: string;
+        allowCredentials?: boolean;
+        maxAgeSeconds?: number;
+    };
 };
-declare function createX402zServer(config: X402zServerConfig): Promise<http.Server<typeof http.IncomingMessage, typeof http.ServerResponse>>;
+declare function createX402zServer(config: X402zServerOptions): Promise<http.Server<typeof http.IncomingMessage, typeof http.ServerResponse>>;
 
-export { ConfidentialEvmScheme, type ConfidentialServerConfig, type ConfidentialServerNetworkConfig, type ConfidentialServerRegisterConfig, type X402zRouteConfig, type X402zRouteHandler, type X402zServerConfig, createX402zServer, registerConfidentialEvmScheme };
+export { X402zEvmServerScheme, type X402zRouteHandler, type X402zRouteOptions, type X402zServerNetworkOptions, type X402zServerOptions, type X402zServerRegistrationOptions, type X402zServerSchemeOptions, createX402zServer, registerX402zEvmServerScheme };

package/dist/index.js

@@ -20,17 +20,17 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
-  ConfidentialEvmScheme: () => ConfidentialEvmScheme,
-  HTTPFacilitatorClient: () => import_http4.HTTPFacilitatorClient,
+  HTTPFacilitatorClient: () => import_http3.HTTPFacilitatorClient,
+  X402zEvmServerScheme: () => X402zEvmServerScheme,
   createX402zServer: () => createX402zServer,
-  registerConfidentialEvmScheme: () => registerConfidentialEvmScheme,
-  x402HTTPResourceServer: () => import_http4.x402HTTPResourceServer,
-  x402ResourceServer: () => import_server2.x402ResourceServer
+  registerX402zEvmServerScheme: () => registerX402zEvmServerScheme,
+  x402HTTPResourceServer: () => import_http3.x402HTTPResourceServer,
+  x402ResourceServer: () => import_server3.x402ResourceServer
 });
 module.exports = __toCommonJS(index_exports);
 
-// src/scheme.ts
-var ConfidentialEvmScheme = class {
+// src/scheme/scheme.ts
+var X402zEvmServerScheme = class {
   constructor(config) {
     this.scheme = "erc7984-mind-v1";
     if ("getNetworkConfig" in config) {
@@ -107,19 +107,19 @@ var ConfidentialEvmScheme = class {
   }
 };
 
-// src/register.ts
-function registerConfidentialEvmScheme(server, config) {
+// src/scheme/register.ts
+function registerX402zEvmServerScheme(server, config) {
   if ("networks" in config && config.networks && config.networks.length > 0) {
     for (const network of config.networks) {
-      server.register(network, new ConfidentialEvmScheme(config));
+      server.register(network, new X402zEvmServerScheme(config));
     }
     return server;
   }
-  server.register("eip155:*", new ConfidentialEvmScheme(config));
+  server.register("eip155:*", new X402zEvmServerScheme(config));
   return server;
 }
 
-// src/http.ts
+// src/http/server.ts
 var import_node_http = require("http");
 var import_node_url = require("url");
 var import_server = require("@x402/core/server");
@@ -157,7 +157,7 @@ async function createX402zServer(config) {
   const debugEnabled = config.debug ?? process.env.X402Z_DEBUG === "1";
   const facilitatorClient = new import_http2.HTTPFacilitatorClient({ url: config.facilitatorUrl });
   const resourceServer = new import_server.x402ResourceServer(facilitatorClient);
-  registerConfidentialEvmScheme(resourceServer, config);
+  registerX402zEvmServerScheme(resourceServer, config);
   const relayer = config.relayer;
   const rpcUrl = getRelayerRpcUrl(relayer);
   const routes = {};
@@ -176,10 +176,29 @@ async function createX402zServer(config) {
     const adapter = buildAdapter(req);
     const method = adapter.getMethod();
     const path = adapter.getPath();
-    const paymentHeader = adapter.getHeader("x402-payment") ?? adapter.getHeader("x-payment");
+    const paymentHeader = adapter.getHeader("payment-signature") ?? adapter.getHeader("x402-payment") ?? adapter.getHeader("x-payment");
     console.log(`[server] ${method} ${path}`);
+    const corsHeaders = config.cors ? {
+      "Access-Control-Allow-Origin": config.cors.allowOrigin,
+      "Access-Control-Allow-Methods": config.cors.allowMethods ?? "GET,POST,OPTIONS",
+      "Access-Control-Allow-Headers": config.cors.allowHeaders ?? "content-type,x402-payment,x-payment,payment-signature",
+      "Access-Control-Expose-Headers": config.cors.exposeHeaders ?? "payment-required,payment-signature,x402-payment,x-payment,x-settle,content-type",
+      "Access-Control-Max-Age": String(config.cors.maxAgeSeconds ?? 600),
+      ...config.cors.allowCredentials ? { "Access-Control-Allow-Credentials": "true" } : {}
+    } : {};
+    if (method === "OPTIONS") {
+      res.writeHead(204, corsHeaders);
+      res.end();
+      return;
+    }
     if (debugEnabled && paymentHeader) {
       console.debug("[x402z-server] payment header", paymentHeader);
+      try {
+        const decoded = (0, import_http.decodePaymentSignatureHeader)(paymentHeader);
+        console.debug("[x402z-server] payment payload", decoded);
+      } catch (error) {
+        console.debug("[x402z-server] payment payload decode failed", error);
+      }
     }
     const result = await httpServer.processHTTPRequest({
       adapter,
@@ -187,7 +206,7 @@ async function createX402zServer(config) {
       method: adapter.getMethod()
     });
     if (result.type === "payment-error") {
-      res.writeHead(result.response.status, result.response.headers);
+      res.writeHead(result.response.status, { ...corsHeaders, ...result.response.headers });
       res.end(result.response.isHtml ? result.response.body : JSON.stringify(result.response.body ?? {}));
       console.log(`[server] ${method} ${path} -> ${result.response.status}`);
       return;
@@ -195,7 +214,7 @@ async function createX402zServer(config) {
     if (result.type === "payment-verified") {
       const settle = await httpServer.processSettlement(result.paymentPayload, result.paymentRequirements);
       if (!settle.success) {
-        res.writeHead(500, { "Content-Type": "application/json" });
+        res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
         res.end(JSON.stringify({ error: settle.errorReason }));
         console.log(`[server] ${method} ${path} -> 500 settlement_failed`);
         return;
@@ -213,7 +232,7 @@ async function createX402zServer(config) {
         });
         const signerAddress = (0, import_viem.getAddress)(config.signer.address);
         if (!observer || !(0, import_viem.isAddressEqual)(observer, signerAddress)) {
-          res.writeHead(500, { "Content-Type": "application/json" });
+          res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
           res.end(JSON.stringify({ error: "observer_required" }));
           console.log(`[server] ${method} ${path} -> 500 observer_required`);
           return;
@@ -221,12 +240,12 @@ async function createX402zServer(config) {
         const batch = settle;
         const transferredHandle = batch.batch?.transferredHandle;
         if (!transferredHandle) {
-          res.writeHead(500, { "Content-Type": "application/json" });
+          res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
           res.end(JSON.stringify({ error: "missing_transferred_handle" }));
           console.log(`[server] ${method} ${path} -> 500 missing_transferred_handle`);
           return;
         }
-        const decryptedAmount = await (0, import_x402z_shared.userDecryptEuint64)(
+        const decryptedAmount = await (0, import_x402z_shared.decryptEuint64)(
           relayer,
           transferredHandle,
           result.paymentRequirements.asset,
@@ -234,13 +253,13 @@ async function createX402zServer(config) {
         );
         const expected = BigInt(result.paymentRequirements.amount);
         if (decryptedAmount !== expected) {
-          res.writeHead(500, { "Content-Type": "application/json" });
+          res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
           res.end(JSON.stringify({ error: "settlement_amount_mismatch" }));
           console.log(`[server] ${method} ${path} -> 500 settlement_amount_mismatch`);
           return;
         }
       } catch (error) {
-        res.writeHead(500, { "Content-Type": "application/json" });
+        res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
         res.end(JSON.stringify({ error: "settlement_verification_failed" }));
         console.log(`[server] ${method} ${path} -> 500 settlement_verification_failed`);
         if (debugEnabled) {
@@ -254,6 +273,7 @@ async function createX402zServer(config) {
       });
       const status = payload.status ?? 200;
       const responseHeaders = {
+        ...corsHeaders,
         "Content-Type": "text/plain",
         ...settle.headers,
         ...payload.headers ?? {}
@@ -269,21 +289,26 @@ async function createX402zServer(config) {
       console.log(`[server] ${method} ${path} -> ${status}`);
       return;
     }
-    sendText(res, 200, { "Content-Type": "text/plain" }, "no payment required");
+    sendText(
+      res,
+      200,
+      { ...corsHeaders, "Content-Type": "text/plain" },
+      "no payment required"
+    );
     console.log(`[server] ${method} ${path} -> 200`);
   });
   return server;
 }
 
 // src/index.ts
-var import_server2 = require("@x402/core/server");
-var import_http4 = require("@x402/core/http");
+var import_server3 = require("@x402/core/server");
+var import_http3 = require("@x402/core/http");
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  ConfidentialEvmScheme,
   HTTPFacilitatorClient,
+  X402zEvmServerScheme,
   createX402zServer,
-  registerConfidentialEvmScheme,
+  registerX402zEvmServerScheme,
   x402HTTPResourceServer,
   x402ResourceServer
 });

package/dist/index.mjs

@@ -1,5 +1,5 @@
-// src/scheme.ts
-var ConfidentialEvmScheme = class {
+// src/scheme/scheme.ts
+var X402zEvmServerScheme = class {
   constructor(config) {
     this.scheme = "erc7984-mind-v1";
     if ("getNetworkConfig" in config) {
@@ -76,25 +76,25 @@ var ConfidentialEvmScheme = class {
   }
 };
 
-// src/register.ts
-function registerConfidentialEvmScheme(server, config) {
+// src/scheme/register.ts
+function registerX402zEvmServerScheme(server, config) {
   if ("networks" in config && config.networks && config.networks.length > 0) {
     for (const network of config.networks) {
-      server.register(network, new ConfidentialEvmScheme(config));
+      server.register(network, new X402zEvmServerScheme(config));
     }
     return server;
   }
-  server.register("eip155:*", new ConfidentialEvmScheme(config));
+  server.register("eip155:*", new X402zEvmServerScheme(config));
   return server;
 }
 
-// src/http.ts
+// src/http/server.ts
 import { createServer } from "http";
 import { URL } from "url";
 import { x402ResourceServer } from "@x402/core/server";
-import { x402HTTPResourceServer } from "@x402/core/http";
+import { decodePaymentSignatureHeader, x402HTTPResourceServer } from "@x402/core/http";
 import { HTTPFacilitatorClient } from "@x402/core/http";
-import { confidentialTokenAbi, userDecryptEuint64 } from "x402z-shared";
+import { confidentialTokenAbi, decryptEuint64 } from "x402z-shared";
 import { createPublicClient, getAddress, http, isAddressEqual } from "viem";
 function getRelayerRpcUrl(relayer) {
   const network = relayer.network;
@@ -126,7 +126,7 @@ async function createX402zServer(config) {
   const debugEnabled = config.debug ?? process.env.X402Z_DEBUG === "1";
   const facilitatorClient = new HTTPFacilitatorClient({ url: config.facilitatorUrl });
   const resourceServer = new x402ResourceServer(facilitatorClient);
-  registerConfidentialEvmScheme(resourceServer, config);
+  registerX402zEvmServerScheme(resourceServer, config);
   const relayer = config.relayer;
   const rpcUrl = getRelayerRpcUrl(relayer);
   const routes = {};
@@ -145,10 +145,29 @@ async function createX402zServer(config) {
     const adapter = buildAdapter(req);
     const method = adapter.getMethod();
     const path = adapter.getPath();
-    const paymentHeader = adapter.getHeader("x402-payment") ?? adapter.getHeader("x-payment");
+    const paymentHeader = adapter.getHeader("payment-signature") ?? adapter.getHeader("x402-payment") ?? adapter.getHeader("x-payment");
     console.log(`[server] ${method} ${path}`);
+    const corsHeaders = config.cors ? {
+      "Access-Control-Allow-Origin": config.cors.allowOrigin,
+      "Access-Control-Allow-Methods": config.cors.allowMethods ?? "GET,POST,OPTIONS",
+      "Access-Control-Allow-Headers": config.cors.allowHeaders ?? "content-type,x402-payment,x-payment,payment-signature",
+      "Access-Control-Expose-Headers": config.cors.exposeHeaders ?? "payment-required,payment-signature,x402-payment,x-payment,x-settle,content-type",
+      "Access-Control-Max-Age": String(config.cors.maxAgeSeconds ?? 600),
+      ...config.cors.allowCredentials ? { "Access-Control-Allow-Credentials": "true" } : {}
+    } : {};
+    if (method === "OPTIONS") {
+      res.writeHead(204, corsHeaders);
+      res.end();
+      return;
+    }
     if (debugEnabled && paymentHeader) {
       console.debug("[x402z-server] payment header", paymentHeader);
+      try {
+        const decoded = decodePaymentSignatureHeader(paymentHeader);
+        console.debug("[x402z-server] payment payload", decoded);
+      } catch (error) {
+        console.debug("[x402z-server] payment payload decode failed", error);
+      }
     }
     const result = await httpServer.processHTTPRequest({
       adapter,
@@ -156,7 +175,7 @@ async function createX402zServer(config) {
       method: adapter.getMethod()
     });
     if (result.type === "payment-error") {
-      res.writeHead(result.response.status, result.response.headers);
+      res.writeHead(result.response.status, { ...corsHeaders, ...result.response.headers });
       res.end(result.response.isHtml ? result.response.body : JSON.stringify(result.response.body ?? {}));
       console.log(`[server] ${method} ${path} -> ${result.response.status}`);
       return;
@@ -164,7 +183,7 @@ async function createX402zServer(config) {
     if (result.type === "payment-verified") {
       const settle = await httpServer.processSettlement(result.paymentPayload, result.paymentRequirements);
       if (!settle.success) {
-        res.writeHead(500, { "Content-Type": "application/json" });
+        res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
         res.end(JSON.stringify({ error: settle.errorReason }));
         console.log(`[server] ${method} ${path} -> 500 settlement_failed`);
         return;
@@ -182,7 +201,7 @@ async function createX402zServer(config) {
         });
         const signerAddress = getAddress(config.signer.address);
         if (!observer || !isAddressEqual(observer, signerAddress)) {
-          res.writeHead(500, { "Content-Type": "application/json" });
+          res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
           res.end(JSON.stringify({ error: "observer_required" }));
           console.log(`[server] ${method} ${path} -> 500 observer_required`);
           return;
@@ -190,12 +209,12 @@ async function createX402zServer(config) {
         const batch = settle;
         const transferredHandle = batch.batch?.transferredHandle;
         if (!transferredHandle) {
-          res.writeHead(500, { "Content-Type": "application/json" });
+          res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
           res.end(JSON.stringify({ error: "missing_transferred_handle" }));
           console.log(`[server] ${method} ${path} -> 500 missing_transferred_handle`);
           return;
         }
-        const decryptedAmount = await userDecryptEuint64(
+        const decryptedAmount = await decryptEuint64(
           relayer,
           transferredHandle,
           result.paymentRequirements.asset,
@@ -203,13 +222,13 @@ async function createX402zServer(config) {
         );
         const expected = BigInt(result.paymentRequirements.amount);
         if (decryptedAmount !== expected) {
-          res.writeHead(500, { "Content-Type": "application/json" });
+          res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
           res.end(JSON.stringify({ error: "settlement_amount_mismatch" }));
           console.log(`[server] ${method} ${path} -> 500 settlement_amount_mismatch`);
           return;
         }
       } catch (error) {
-        res.writeHead(500, { "Content-Type": "application/json" });
+        res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
         res.end(JSON.stringify({ error: "settlement_verification_failed" }));
         console.log(`[server] ${method} ${path} -> 500 settlement_verification_failed`);
         if (debugEnabled) {
@@ -223,6 +242,7 @@ async function createX402zServer(config) {
       });
       const status = payload.status ?? 200;
       const responseHeaders = {
+        ...corsHeaders,
         "Content-Type": "text/plain",
         ...settle.headers,
         ...payload.headers ?? {}
@@ -238,7 +258,12 @@ async function createX402zServer(config) {
       console.log(`[server] ${method} ${path} -> ${status}`);
       return;
     }
-    sendText(res, 200, { "Content-Type": "text/plain" }, "no payment required");
+    sendText(
+      res,
+      200,
+      { ...corsHeaders, "Content-Type": "text/plain" },
+      "no payment required"
+    );
     console.log(`[server] ${method} ${path} -> 200`);
   });
   return server;
@@ -251,10 +276,10 @@ import {
   x402HTTPResourceServer as x402HTTPResourceServer2
 } from "@x402/core/http";
 export {
-  ConfidentialEvmScheme,
   HTTPFacilitatorClient2 as HTTPFacilitatorClient,
+  X402zEvmServerScheme,
   createX402zServer,
-  registerConfidentialEvmScheme,
+  registerX402zEvmServerScheme,
   x402HTTPResourceServer2 as x402HTTPResourceServer,
   x402ResourceServer2 as x402ResourceServer
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "x402z-server",
-  "version": "0.0.7",
+  "version": "0.0.9",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
   "types": "./dist/index.d.ts",
@@ -10,7 +10,7 @@
   "dependencies": {
     "@x402/core": "^2.0.0",
     "viem": "^2.43.3",
-    "x402z-shared": "0.0.7"
+    "x402z-shared": "0.0.9"
   },
   "devDependencies": {
     "jest": "^29.7.0",