@agent-score/commerce 1.0.0

package/dist/payment/index.js

@@ -0,0 +1,691 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/payment/index.ts
+var payment_exports = {};
+__export(payment_exports, {
+  SETTLEMENT_OVERRIDES_HEADER: () => SETTLEMENT_OVERRIDES_HEADER,
+  USDC: () => USDC,
+  X402_SUPPORTED_BASE_NETWORKS: () => X402_SUPPORTED_BASE_NETWORKS,
+  X402_SUPPORTED_SVM_NETWORKS: () => X402_SUPPORTED_SVM_NETWORKS,
+  aliasAmountFields: () => aliasAmountFields,
+  buildIdempotencyKey: () => buildIdempotencyKey,
+  buildPaymentDirective: () => buildPaymentDirective,
+  buildPaymentHeaders: () => buildPaymentHeaders,
+  buildPaymentRequestBlob: () => buildPaymentRequestBlob,
+  createMppxServer: () => createMppxServer,
+  createX402Server: () => createX402Server,
+  dispatchSettlementByNetwork: () => dispatchSettlementByNetwork,
+  extractPaymentSigner: () => extractPaymentSigner,
+  lookupRail: () => lookupRail,
+  networkFamily: () => networkFamily,
+  networks: () => networks,
+  paymentDirective: () => paymentDirective,
+  paymentRequiredHeader: () => paymentRequiredHeader,
+  processX402Settle: () => processX402Settle,
+  rails: () => rails,
+  readX402PaymentHeader: () => readX402PaymentHeader,
+  registerX402SchemesV1V2: () => registerX402SchemesV1V2,
+  settlementOverrideHeader: () => settlementOverrideHeader,
+  validateX402NetworkConfig: () => validateX402NetworkConfig,
+  verifyX402Request: () => verifyX402Request,
+  wwwAuthenticateHeader: () => wwwAuthenticateHeader
+});
+module.exports = __toCommonJS(payment_exports);
+
+// src/payment/networks.ts
+var networks = {
+  base: {
+    mainnet: { caip2: "eip155:8453", chainId: 8453 },
+    sepolia: { caip2: "eip155:84532", chainId: 84532 }
+  },
+  solana: {
+    mainnet: { caip2: "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp" },
+    devnet: { caip2: "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1" }
+  },
+  tempo: {
+    mainnet: { caip2: "eip155:4217", chainId: 4217 },
+    testnet: { caip2: "eip155:42431", chainId: 42431 }
+  }
+};
+function networkFamily(caip2) {
+  if (caip2 === networks.base.mainnet.caip2 || caip2 === networks.base.sepolia.caip2) return "base";
+  if (caip2 === networks.solana.mainnet.caip2 || caip2 === networks.solana.devnet.caip2) return "solana";
+  if (caip2 === networks.tempo.mainnet.caip2 || caip2 === networks.tempo.testnet.caip2) return "tempo";
+  if (caip2.startsWith("solana:")) return "solana";
+  return null;
+}
+
+// src/payment/usdc.ts
+var USDC = {
+  base: {
+    mainnet: { address: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", decimals: 6 },
+    sepolia: { address: "0x036CbD53842c5426634e7929541eC2318f3dCF7e", decimals: 6 }
+  },
+  solana: {
+    mainnet: { mint: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", decimals: 6 },
+    devnet: { mint: "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU", decimals: 6 }
+  },
+  tempo: {
+    mainnet: { address: "0x20C000000000000000000000b9537d11c60E8b50", decimals: 6 },
+    testnet: { address: "0x20c0000000000000000000000000000000000000", decimals: 6 }
+  }
+};
+
+// src/payment/rails.ts
+var rails = {
+  "tempo-mainnet": {
+    method: "tempo",
+    network: networks.tempo.mainnet.caip2,
+    chainId: networks.tempo.mainnet.chainId,
+    currency: USDC.tempo.mainnet.address,
+    decimals: USDC.tempo.mainnet.decimals,
+    asset: USDC.tempo.mainnet.address
+  },
+  "tempo-testnet": {
+    method: "tempo",
+    network: networks.tempo.testnet.caip2,
+    chainId: networks.tempo.testnet.chainId,
+    currency: USDC.tempo.testnet.address,
+    decimals: USDC.tempo.testnet.decimals,
+    asset: USDC.tempo.testnet.address
+  },
+  "x402-base-mainnet": {
+    method: "x402",
+    network: networks.base.mainnet.caip2,
+    chainId: networks.base.mainnet.chainId,
+    currency: USDC.base.mainnet.address,
+    decimals: USDC.base.mainnet.decimals,
+    asset: USDC.base.mainnet.address
+  },
+  "x402-base-sepolia": {
+    method: "x402",
+    network: networks.base.sepolia.caip2,
+    chainId: networks.base.sepolia.chainId,
+    currency: USDC.base.sepolia.address,
+    decimals: USDC.base.sepolia.decimals,
+    asset: USDC.base.sepolia.address
+  },
+  // Upto rails — pay UP TO a max amount (Permit2-based, vs EIP-3009 for exact). Use for
+  // variable-cost APIs where the actual cost depends on output (LLM tokens, bandwidth, etc.).
+  // Only available on EVM networks; Solana svm doesn't ship an upto scheme yet.
+  "x402-base-mainnet-upto": {
+    method: "x402-upto",
+    network: networks.base.mainnet.caip2,
+    chainId: networks.base.mainnet.chainId,
+    currency: USDC.base.mainnet.address,
+    decimals: USDC.base.mainnet.decimals,
+    asset: USDC.base.mainnet.address
+  },
+  "x402-base-sepolia-upto": {
+    method: "x402-upto",
+    network: networks.base.sepolia.caip2,
+    chainId: networks.base.sepolia.chainId,
+    currency: USDC.base.sepolia.address,
+    decimals: USDC.base.sepolia.decimals,
+    asset: USDC.base.sepolia.address
+  },
+  "x402-solana-mainnet": {
+    method: "x402",
+    network: networks.solana.mainnet.caip2,
+    currency: USDC.solana.mainnet.mint,
+    decimals: USDC.solana.mainnet.decimals,
+    asset: USDC.solana.mainnet.mint
+  },
+  "x402-solana-devnet": {
+    method: "x402",
+    network: networks.solana.devnet.caip2,
+    currency: USDC.solana.devnet.mint,
+    decimals: USDC.solana.devnet.decimals,
+    asset: USDC.solana.devnet.mint
+  },
+  "stripe-spt": {
+    method: "stripe",
+    currency: "usd",
+    decimals: 2
+  }
+};
+function lookupRail(name) {
+  return rails[name];
+}
+
+// src/payment/directive.ts
+function buildPaymentRequestBlob(input) {
+  const railDef = input.rail ? lookupRail(input.rail) : void 0;
+  const decimals = input.decimals ?? railDef?.decimals ?? 6;
+  const currency = input.currency ?? railDef?.currency ?? "usd";
+  const chainId = input.chainId ?? railDef?.chainId;
+  const amountNum = typeof input.amountUsd === "string" ? Number(input.amountUsd) : input.amountUsd;
+  const amountRaw = BigInt(Math.round(amountNum * 10 ** decimals)).toString();
+  const blob = { amount: amountRaw, currency, decimals };
+  if (input.recipient) blob.recipient = input.recipient;
+  const methodDetails = {};
+  if (chainId !== void 0) methodDetails.chainId = chainId;
+  if (input.networkId) methodDetails.networkId = input.networkId;
+  if (Object.keys(methodDetails).length > 0) blob.methodDetails = methodDetails;
+  return Buffer.from(JSON.stringify(blob)).toString("base64url");
+}
+function paymentDirective(input) {
+  const railDef = input.rail ? lookupRail(input.rail) : void 0;
+  const method = input.method ?? railDef?.method ?? "unknown";
+  const intent = input.intent ?? "charge";
+  const expires = input.expires ?? new Date(Date.now() + 5 * 60 * 1e3).toISOString();
+  return `Payment id="${input.id}", realm="${input.realm}", method="${method}", intent="${intent}", expires="${expires}", request="${input.request}"`;
+}
+function buildPaymentDirective(input) {
+  const request = buildPaymentRequestBlob({
+    rail: input.rail,
+    amountUsd: input.amountUsd,
+    currency: input.currency,
+    decimals: input.decimals,
+    recipient: input.recipient,
+    chainId: input.chainId,
+    networkId: input.networkId
+  });
+  return paymentDirective({
+    rail: input.rail,
+    id: input.id,
+    realm: input.realm,
+    method: input.method,
+    intent: input.intent,
+    expires: input.expires,
+    request
+  });
+}
+
+// src/payment/x402.ts
+function registerX402SchemesV1V2(server, network, scheme) {
+  server.register(network, scheme);
+  if (typeof server.registerV1 === "function") {
+    server.registerV1(network, scheme);
+  }
+}
+
+// src/payment/x402_server.ts
+async function createX402Server(opts = {}) {
+  for (const rail of opts.rails ?? []) {
+    if (rail.startsWith("x402-solana") && rail.endsWith("-upto")) {
+      throw new Error(`Rail "${rail}" not supported \u2014 @x402/svm does not ship an upto scheme yet (EVM-only).`);
+    }
+  }
+  const x402Core = await dynamicImport("@x402/core/server") ?? null;
+  if (!x402Core) {
+    throw new Error(
+      "@x402/core not installed \u2014 `npm install @x402/core` to use createX402Server."
+    );
+  }
+  let facilitator;
+  if (opts.facilitator === "coinbase") {
+    const cb = await dynamicImport("@coinbase/x402");
+    if (!cb?.facilitator) {
+      throw new Error(
+        '@coinbase/x402 not installed \u2014 `npm install @coinbase/x402` for facilitator: "coinbase".'
+      );
+    }
+    facilitator = new x402Core.HTTPFacilitatorClient(cb.facilitator);
+  } else if (opts.facilitator === void 0 || opts.facilitator === "http") {
+    facilitator = new x402Core.HTTPFacilitatorClient();
+  } else {
+    facilitator = opts.facilitator;
+  }
+  const server = new x402Core.x402ResourceServer(facilitator);
+  let evmExactModule = null;
+  let evmUptoModule = null;
+  let svmModule = null;
+  for (const rail of opts.rails ?? []) {
+    const isUpto = rail.endsWith("-upto");
+    if (rail.startsWith("x402-base")) {
+      const baseRail = isUpto ? rail.slice(0, -5) : rail;
+      const network = baseRail === "x402-base-mainnet" ? networks.base.mainnet.caip2 : networks.base.sepolia.caip2;
+      if (isUpto) {
+        evmUptoModule ??= await dynamicImport("@x402/evm/upto/server");
+        if (!evmUptoModule?.UptoEvmScheme) {
+          throw new Error("@x402/evm not installed \u2014 `npm install @x402/evm` for x402 base upto rails.");
+        }
+        registerX402SchemesV1V2(server, network, new evmUptoModule.UptoEvmScheme());
+      } else {
+        evmExactModule ??= await dynamicImport("@x402/evm/exact/server");
+        if (!evmExactModule?.ExactEvmScheme) {
+          throw new Error("@x402/evm not installed \u2014 `npm install @x402/evm` for x402 base rails.");
+        }
+        registerX402SchemesV1V2(server, network, new evmExactModule.ExactEvmScheme());
+      }
+    } else if (rail.startsWith("x402-solana")) {
+      svmModule ??= await dynamicImport("@x402/svm/exact/server");
+      if (!svmModule?.ExactSvmScheme) {
+        throw new Error("@x402/svm not installed \u2014 `npm install @x402/svm` for x402 solana rails.");
+      }
+      const network = rail === "x402-solana-mainnet" ? networks.solana.mainnet.caip2 : networks.solana.devnet.caip2;
+      registerX402SchemesV1V2(server, network, new svmModule.ExactSvmScheme());
+    }
+  }
+  for (const { network, scheme } of opts.schemes ?? []) {
+    registerX402SchemesV1V2(server, network, scheme);
+  }
+  if (opts.bazaar) {
+    const bazaar = await dynamicImport("@x402/extensions/bazaar");
+    if (!bazaar?.bazaarResourceServerExtension) {
+      throw new Error(
+        "@x402/extensions not installed \u2014 `npm install @x402/extensions` for bazaar discovery."
+      );
+    }
+    server.registerExtension(bazaar.bazaarResourceServerExtension);
+  }
+  if (opts.initialize !== false) {
+    await server.initialize();
+  }
+  return server;
+}
+async function dynamicImport(moduleName) {
+  try {
+    return await import(moduleName);
+  } catch {
+    return null;
+  }
+}
+
+// src/payment/x402_settle.ts
+async function processX402Settle(input) {
+  const server = input.x402Server;
+  const builtRequirements = await server.buildPaymentRequirements(input.resourceConfig);
+  const matchedRequirement = builtRequirements[0];
+  if (!matchedRequirement) {
+    return { success: false, phase: "no_requirements", reason: "x402Server.buildPaymentRequirements returned empty" };
+  }
+  const transportContext = input.transportContext ?? (() => {
+    const path = new URL(input.resourceMeta.url).pathname;
+    return { method: "POST", adapter: { getPath: () => path }, routePattern: path };
+  })();
+  const enrichedExt = input.extension !== void 0 ? server.enrichExtensions(input.extension, transportContext) : void 0;
+  const verifyResult = await server.processPaymentRequest(
+    input.payload,
+    input.resourceConfig,
+    input.resourceMeta,
+    enrichedExt
+  );
+  if (!verifyResult.success) {
+    return { success: false, phase: "verify_failed", verifyResult };
+  }
+  try {
+    const settleResult = await server.settlePayment(input.payload, matchedRequirement);
+    const paymentResponseHeader = settleResult ? Buffer.from(JSON.stringify(settleResult)).toString("base64") : void 0;
+    return {
+      success: true,
+      matchedRequirement,
+      settleResult,
+      paymentResponseHeader,
+      verifyResult
+    };
+  } catch (err) {
+    return { success: false, phase: "settle_failed", error: err, matchedRequirement };
+  }
+}
+
+// src/payment/x402_validation.ts
+var X402_SUPPORTED_BASE_NETWORKS = /* @__PURE__ */ new Set([
+  networks.base.mainnet.caip2,
+  networks.base.sepolia.caip2
+]);
+var X402_SUPPORTED_SVM_NETWORKS = /* @__PURE__ */ new Set([
+  networks.solana.mainnet.caip2,
+  networks.solana.devnet.caip2
+]);
+function validateX402NetworkConfig(input) {
+  if (!X402_SUPPORTED_BASE_NETWORKS.has(input.baseNetwork)) {
+    throw new Error(
+      `X402_BASE_NETWORK=${input.baseNetwork} is not supported. Use one of: ${[...X402_SUPPORTED_BASE_NETWORKS].join(", ")}`
+    );
+  }
+  if (!X402_SUPPORTED_SVM_NETWORKS.has(input.svmNetwork)) {
+    throw new Error(
+      `X402_SVM_NETWORK=${input.svmNetwork} is not supported. Use one of: ${[...X402_SUPPORTED_SVM_NETWORKS].join(", ")}`
+    );
+  }
+  if (input.baseNetwork === input.svmNetwork) {
+    throw new Error(
+      `X402_BASE_NETWORK and X402_SVM_NETWORK must be different (both set to ${input.baseNetwork}).`
+    );
+  }
+}
+var EVM_ADDRESS_RE = /^0x[0-9a-fA-F]{40}$/;
+var SOLANA_ADDRESS_RE = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+var REGENERATE_WARNING = "If you're trying to pay with Tempo USDC, use `tempo request` (sends Authorization: Payment), not a manual X-Payment header. Do NOT use `tempo wallet transfer` \u2014 that sends USDC on-chain but will not complete the MPP handshake. For x402 on Base/Solana, use `agentscore-pay pay` so the X-Payment credential is signed and submitted; bare wallet transfers do not complete the handshake.";
+function regenerateBody(message, userMessage) {
+  return {
+    error: { code: "payment_proof_invalid", message },
+    next_steps: {
+      action: "regenerate_payment_credential",
+      user_message: userMessage,
+      warning: REGENERATE_WARNING
+    }
+  };
+}
+async function verifyX402Request(input) {
+  const headerValue = input.request.headers.get("payment-signature") ?? input.request.headers.get("x-payment");
+  if (!headerValue) {
+    return {
+      ok: false,
+      status: 400,
+      body: regenerateBody(
+        "X-Payment header missing",
+        "No X-Payment header was sent. Generate the credential from the 402 challenge and resubmit on the same endpoint."
+      )
+    };
+  }
+  let payload;
+  try {
+    payload = JSON.parse(Buffer.from(headerValue, "base64").toString());
+  } catch {
+    return {
+      ok: false,
+      status: 400,
+      body: regenerateBody(
+        "X-Payment header is not valid base64 JSON",
+        "The payment credential could not be decoded. Reconstruct the credential from the 402 challenge and retry."
+      )
+    };
+  }
+  const signedNetwork = payload.accepted?.network;
+  const signedPayTo = payload.accepted?.payTo;
+  if (!signedNetwork || signedNetwork !== input.acceptedNetworks.base && signedNetwork !== input.acceptedNetworks.svm) {
+    return {
+      ok: false,
+      status: 400,
+      body: regenerateBody(
+        `Unsupported x402 network ${signedNetwork ?? "<missing>"}; this server accepts ${input.acceptedNetworks.base} (Base) and ${input.acceptedNetworks.svm} (Solana)`,
+        "The credential signed for an unsupported network. Pick one of the accepted networks from the 402 challenge and re-sign."
+      )
+    };
+  }
+  const isSolana = networkFamily(signedNetwork) === "solana";
+  const addressShapeOk = isSolana ? typeof signedPayTo === "string" && SOLANA_ADDRESS_RE.test(signedPayTo) : typeof signedPayTo === "string" && EVM_ADDRESS_RE.test(signedPayTo);
+  if (!signedPayTo || !addressShapeOk) {
+    return {
+      ok: false,
+      status: 400,
+      body: regenerateBody(
+        `Payment payload missing or malformed accepted.payTo address for network ${signedNetwork}`,
+        "The credential payload is missing or malformed payTo for the signed network. Reconstruct the credential from the 402 challenge."
+      )
+    };
+  }
+  if (!await input.isCachedAddress(signedPayTo)) {
+    return {
+      ok: false,
+      status: 400,
+      body: regenerateBody(
+        "payTo address not found in cache or expired. Request a fresh 402 challenge and retry.",
+        "The deposit address is unknown or expired on this server. Request a fresh 402 challenge and re-sign against the new payTo."
+      )
+    };
+  }
+  return { ok: true, payload, signedNetwork, signedPayTo, isSolana };
+}
+
+// src/stripe-multichain/mppx_stripe.ts
+async function createMppxStripe(input) {
+  const moduleName = "mppx/server";
+  const mppx = await import(moduleName).catch(() => null);
+  if (!mppx?.stripe?.charge) {
+    throw new Error(
+      "mppx not installed \u2014 install with `npm install mppx` to use createMppxStripe."
+    );
+  }
+  return mppx.stripe.charge({
+    networkId: input.profileId,
+    paymentMethodTypes: input.paymentMethodTypes ?? ["card", "link"],
+    secretKey: input.secretKey
+  });
+}
+
+// src/payment/mppx_server.ts
+async function createMppxServer(opts) {
+  const mppx = await dynamicImport2("mppx/server");
+  if (!mppx?.Mppx?.create) {
+    throw new Error("mppx not installed \u2014 `npm install mppx` to use createMppxServer.");
+  }
+  const methods = [...opts.methods ?? []];
+  if (opts.rails?.tempo) {
+    if (!mppx.tempo?.charge) {
+      throw new Error("mppx.tempo.charge not available \u2014 check installed mppx version.");
+    }
+    const t = opts.rails.tempo;
+    const defaultCurrency = t.testnet ? USDC.tempo.testnet.address : USDC.tempo.mainnet.address;
+    methods.push(
+      mppx.tempo.charge({
+        currency: t.currency ?? defaultCurrency,
+        recipient: t.recipient,
+        testnet: t.testnet ?? false
+      })
+    );
+  }
+  if (opts.rails?.tempo_session) {
+    if (!mppx.tempo?.session) {
+      throw new Error(
+        "mppx.tempo.session not available \u2014 your mppx version may not support sessions yet. Upgrade with `npm install mppx@latest`."
+      );
+    }
+    const s = opts.rails.tempo_session;
+    const defaultCurrency = s.testnet ? USDC.tempo.testnet.address : USDC.tempo.mainnet.address;
+    methods.push(
+      mppx.tempo.session({
+        currency: s.currency ?? defaultCurrency,
+        recipient: s.recipient,
+        escrowContract: s.escrowContract,
+        store: s.store,
+        testnet: s.testnet ?? false,
+        ...s.chains ? { chains: s.chains } : {}
+      })
+    );
+  }
+  if (opts.rails?.stripe) {
+    const stripeMethod = await createMppxStripe(opts.rails.stripe);
+    methods.push(stripeMethod);
+  }
+  return mppx.Mppx.create({ methods, secretKey: opts.secretKey });
+}
+async function dynamicImport2(moduleName) {
+  try {
+    return await import(moduleName);
+  } catch {
+    return null;
+  }
+}
+
+// src/payment/dispatch.ts
+async function dispatchSettlementByNetwork(payload, handlers) {
+  const network = payload.accepted.network;
+  if (network.startsWith("eip155:")) {
+    if (!handlers.evm) {
+      throw new Error(`No EVM settlement handler registered (network: ${network})`);
+    }
+    return handlers.evm(payload);
+  }
+  if (network.startsWith("solana:")) {
+    if (!handlers.svm) {
+      throw new Error(`No Solana settlement handler registered (network: ${network})`);
+    }
+    return handlers.svm(payload);
+  }
+  throw new Error(`Unrecognized network in settlement payload: ${network}`);
+}
+
+// src/payment/wwwauthenticate.ts
+function wwwAuthenticateHeader(directives) {
+  return directives.join(", ");
+}
+function aliasAmountFields(accepts) {
+  return accepts.map((entry) => {
+    if (entry === null || typeof entry !== "object") return entry;
+    const e = entry;
+    const hasAmount = e.amount !== void 0;
+    const hasMaxAmount = e.maxAmountRequired !== void 0;
+    if (hasAmount && !hasMaxAmount) return { ...e, maxAmountRequired: e.amount };
+    if (hasMaxAmount && !hasAmount) return { ...e, amount: e.maxAmountRequired };
+    return e;
+  });
+}
+function paymentRequiredHeader(input) {
+  return Buffer.from(JSON.stringify(input)).toString("base64");
+}
+
+// src/payment/headers.ts
+function buildPaymentHeaders(input) {
+  const directives = input.rails.map((rail) => {
+    const directiveInput = {
+      id: `${input.orderId}-${rail.rail}`,
+      realm: input.realm,
+      rail: rail.rail,
+      amountUsd: rail.amountUsd
+    };
+    if (rail.recipient !== void 0) directiveInput.recipient = rail.recipient;
+    if (rail.networkId !== void 0) directiveInput.networkId = rail.networkId;
+    if (rail.chainId !== void 0) directiveInput.chainId = rail.chainId;
+    if (rail.currency !== void 0) directiveInput.currency = rail.currency;
+    if (rail.decimals !== void 0) directiveInput.decimals = rail.decimals;
+    if (rail.method !== void 0) directiveInput.method = rail.method;
+    if (rail.intent !== void 0) directiveInput.intent = rail.intent;
+    if (rail.expires !== void 0) directiveInput.expires = rail.expires;
+    return buildPaymentDirective(directiveInput);
+  });
+  const result = {
+    "www-authenticate": wwwAuthenticateHeader(directives)
+  };
+  if (input.x402) {
+    result["PAYMENT-REQUIRED"] = paymentRequiredHeader({
+      x402Version: input.x402.version ?? 2,
+      accepts: input.x402.accepts,
+      ...input.x402.resource ? { resource: input.x402.resource } : {}
+    });
+  }
+  return result;
+}
+
+// src/payment/idempotency.ts
+var SERVER_IDEMPOTENCY_KEY_MAX = 200;
+function buildIdempotencyKey(input) {
+  const prefix = input.prefix ? `${input.prefix}-` : "";
+  if (input.paymentIntentId) {
+    const key = `${prefix}${input.paymentIntentId}`;
+    return clampKey(key);
+  }
+  if (input.orderId) {
+    const amountSuffix = input.amountCents !== void 0 ? `-${input.amountCents}` : "";
+    const key = `${prefix}pi-${input.orderId}${amountSuffix}`;
+    return clampKey(key);
+  }
+  return void 0;
+}
+function clampKey(key) {
+  if (key.length <= SERVER_IDEMPOTENCY_KEY_MAX) return key;
+  console.warn(
+    `[agentscore-commerce] idempotency key longer than ${SERVER_IDEMPOTENCY_KEY_MAX} chars \u2014 server will truncate, may cause silent collisions if multiple keys share the first ${SERVER_IDEMPOTENCY_KEY_MAX} chars.`
+  );
+  return key;
+}
+
+// src/signer.ts
+async function extractPaymentSigner(request, x402PaymentHeader) {
+  const authHeader = request.headers.get("authorization");
+  if (authHeader) {
+    try {
+      const moduleName = "mppx";
+      const mppx = await import(moduleName).catch(() => null);
+      if (mppx?.Credential?.extractPaymentScheme(authHeader)) {
+        const credential = mppx.Credential.fromRequest(request);
+        const source = credential.source;
+        const match = source?.match(/^did:pkh:eip155:\d+:(0x[0-9a-fA-F]{40})$/);
+        if (match) return { address: match[1].toLowerCase(), network: "evm" };
+      }
+    } catch (err) {
+      console.warn("[gate] MPP signer extraction failed:", err instanceof Error ? err.message : err);
+    }
+  }
+  if (x402PaymentHeader) {
+    try {
+      const decoded = atob(x402PaymentHeader);
+      const parsed = JSON.parse(decoded);
+      const network = parsed?.accepted?.network ?? "";
+      if (network.startsWith("eip155:")) {
+        const from = parsed?.payload?.authorization?.from;
+        if (typeof from === "string" && /^0x[0-9a-fA-F]{40}$/.test(from)) {
+          return { address: from.toLowerCase(), network: "evm" };
+        }
+      } else if (network.startsWith("solana:")) {
+        const transaction = parsed?.payload?.transaction;
+        if (typeof transaction === "string") {
+          const moduleName = "@x402/svm";
+          const svm = await import(moduleName).catch(() => null);
+          if (svm?.decodeTransactionFromPayload && svm.getTokenPayerFromTransaction) {
+            const tx = svm.decodeTransactionFromPayload({ transaction });
+            const payer = svm.getTokenPayerFromTransaction(tx);
+            if (typeof payer === "string" && payer.length > 0) return { address: payer, network: "solana" };
+          }
+        }
+      } else {
+        const from = parsed?.payload?.authorization?.from;
+        if (typeof from === "string" && /^0x[0-9a-fA-F]{40}$/.test(from)) {
+          return { address: from.toLowerCase(), network: "evm" };
+        }
+      }
+    } catch (err) {
+      console.warn("[gate] x402 signer extraction failed:", err instanceof Error ? err.message : err);
+    }
+  }
+  return null;
+}
+function readX402PaymentHeader(request) {
+  return request.headers.get("payment-signature") ?? request.headers.get("x-payment") ?? void 0;
+}
+
+// src/payment/settlement_override.ts
+var SETTLEMENT_OVERRIDES_HEADER = "Settlement-Overrides";
+function settlementOverrideHeader(overrides) {
+  return { name: SETTLEMENT_OVERRIDES_HEADER, value: JSON.stringify(overrides) };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  SETTLEMENT_OVERRIDES_HEADER,
+  USDC,
+  X402_SUPPORTED_BASE_NETWORKS,
+  X402_SUPPORTED_SVM_NETWORKS,
+  aliasAmountFields,
+  buildIdempotencyKey,
+  buildPaymentDirective,
+  buildPaymentHeaders,
+  buildPaymentRequestBlob,
+  createMppxServer,
+  createX402Server,
+  dispatchSettlementByNetwork,
+  extractPaymentSigner,
+  lookupRail,
+  networkFamily,
+  networks,
+  paymentDirective,
+  paymentRequiredHeader,
+  processX402Settle,
+  rails,
+  readX402PaymentHeader,
+  registerX402SchemesV1V2,
+  settlementOverrideHeader,
+  validateX402NetworkConfig,
+  verifyX402Request,
+  wwwAuthenticateHeader
+});
+//# sourceMappingURL=index.js.map