@agent-score/commerce 2.0.1 → 2.1.0

package/dist/index.mjs

@@ -31,6 +31,27 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 
+// src/payment/network_kind.ts
+function readNetwork(input) {
+  if (typeof input === "string") return input;
+  if (input && typeof input === "object") {
+    const network = input.network;
+    return typeof network === "string" ? network : "";
+  }
+  return "";
+}
+function isEvmNetwork(input) {
+  return readNetwork(input).startsWith("eip155:");
+}
+function isSolanaNetwork(input) {
+  return readNetwork(input).startsWith("solana:");
+}
+var init_network_kind = __esm({
+  "src/payment/network_kind.ts"() {
+    "use strict";
+  }
+});
+
 // src/identity/ucp.ts
 function ucpSigningKeyFromJWKImpl(jwk) {
   if (!jwk || typeof jwk !== "object") {
@@ -160,7 +181,7 @@ function isTempoSessionRailSpec(s) {
 }
 function mppRailToNetworkEntry(spec) {
   if (isTempoSessionRailSpec(spec)) return tempoSessionToNetworkEntry(spec);
-  if ("rpcUrl" in spec || "tokenProgram" in spec || (spec.network?.startsWith("solana:") ?? false)) {
+  if ("rpcUrl" in spec || "tokenProgram" in spec || isSolanaNetwork(spec)) {
     return solanaMppToNetworkEntry(spec);
   }
   if (isTempoRailSpec(spec)) return tempoToNetworkEntry(spec);
@@ -217,6 +238,7 @@ var UCPSigningKey, DEFAULT_VERSION, AGENTSCORE_CAPABILITY_NAME, AGENTSCORE_CAPAB
 var init_ucp = __esm({
   "src/identity/ucp.ts"() {
     "use strict";
+    init_network_kind();
     UCPSigningKey = {
       fromJWK: ucpSigningKeyFromJWKImpl
     };
@@ -636,64 +658,6 @@ var init_ucp_jwks = __esm({
   }
 });
 
-// src/payment/usdc.ts
-var USDC;
-var init_usdc = __esm({
-  "src/payment/usdc.ts"() {
-    "use strict";
-    USDC = {
-      base: {
-        mainnet: { address: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", decimals: 6 },
-        sepolia: { address: "0x036CbD53842c5426634e7929541eC2318f3dCF7e", decimals: 6 }
-      },
-      solana: {
-        mainnet: { mint: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", decimals: 6 },
-        devnet: { mint: "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU", decimals: 6 }
-      },
-      tempo: {
-        mainnet: { address: "0x20C000000000000000000000b9537d11c60E8b50", decimals: 6 },
-        testnet: { address: "0x20c0000000000000000000000000000000000000", decimals: 6 }
-      }
-    };
-  }
-});
-
-// src/payment/wwwauthenticate.ts
-function paymentRequiredHeader({
-  x402Version,
-  accepts,
-  resource
-}) {
-  return Buffer.from(JSON.stringify({ x402Version, accepts, ...resource ? { resource } : {} })).toString("base64");
-}
-var init_wwwauthenticate = __esm({
-  "src/payment/wwwauthenticate.ts"() {
-    "use strict";
-  }
-});
-
-// src/payment/networks.ts
-var networks;
-var init_networks = __esm({
-  "src/payment/networks.ts"() {
-    "use strict";
-    networks = {
-      base: {
-        mainnet: { caip2: "eip155:8453", chainId: 8453 },
-        sepolia: { caip2: "eip155:84532", chainId: 84532 }
-      },
-      solana: {
-        mainnet: { caip2: "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp" },
-        devnet: { caip2: "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1" }
-      },
-      tempo: {
-        mainnet: { caip2: "eip155:4217", chainId: 4217 },
-        testnet: { caip2: "eip155:42431", chainId: 42431 }
-      }
-    };
-  }
-});
-
 // node_modules/ox/_esm/core/Abi.js
 var init_Abi = __esm({
   "node_modules/ox/_esm/core/Abi.js"() {
@@ -19692,7 +19656,7 @@ function deserialize3(value) {
   try {
     const json2 = Base64_exports.toString(prefixMatch[1]);
     const parsed = JSON.parse(json2);
-    const { opaque: challengeOpaque, request, ...challengeFields } = parsed.challenge;
+    const { opaque: challengeOpaque, request, meta: _meta, ...challengeFields } = parsed.challenge;
     const { meta: meta4, opaque } = normalizeCredentialOpaque(challengeOpaque);
     const challenge = Schema.parse({
       ...challengeFields,
@@ -20305,6 +20269,64 @@ var init_dist2 = __esm({
   }
 });
 
+// src/payment/usdc.ts
+var USDC;
+var init_usdc = __esm({
+  "src/payment/usdc.ts"() {
+    "use strict";
+    USDC = {
+      base: {
+        mainnet: { address: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", decimals: 6 },
+        sepolia: { address: "0x036CbD53842c5426634e7929541eC2318f3dCF7e", decimals: 6 }
+      },
+      solana: {
+        mainnet: { mint: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", decimals: 6 },
+        devnet: { mint: "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU", decimals: 6 }
+      },
+      tempo: {
+        mainnet: { address: "0x20C000000000000000000000b9537d11c60E8b50", decimals: 6 },
+        testnet: { address: "0x20c0000000000000000000000000000000000000", decimals: 6 }
+      }
+    };
+  }
+});
+
+// src/payment/wwwauthenticate.ts
+function paymentRequiredHeader({
+  x402Version,
+  accepts,
+  resource
+}) {
+  return Buffer.from(JSON.stringify({ x402Version, accepts, ...resource ? { resource } : {} })).toString("base64");
+}
+var init_wwwauthenticate = __esm({
+  "src/payment/wwwauthenticate.ts"() {
+    "use strict";
+  }
+});
+
+// src/payment/networks.ts
+var networks;
+var init_networks = __esm({
+  "src/payment/networks.ts"() {
+    "use strict";
+    networks = {
+      base: {
+        mainnet: { caip2: "eip155:8453", chainId: 8453 },
+        sepolia: { caip2: "eip155:84532", chainId: 84532 }
+      },
+      solana: {
+        mainnet: { caip2: "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp" },
+        devnet: { caip2: "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1" }
+      },
+      tempo: {
+        mainnet: { caip2: "eip155:4217", chainId: 4217 },
+        testnet: { caip2: "eip155:42431", chainId: 42431 }
+      }
+    };
+  }
+});
+
 // src/payment/rails.ts
 function lookupRail(name) {
   return rails[name];
@@ -21125,7 +21147,7 @@ function createAgentScoreCore(options) {
   } = options;
   const baseUrl = stripTrailingSlashes(rawBaseUrl);
   const agentMemoryHint = buildAgentMemoryHint();
-  const defaultUa = `@agent-score/commerce@${"2.0.1"}`;
+  const defaultUa = `@agent-score/commerce@${"2.1.0"}`;
   const userAgentHeader = userAgent ? `${userAgent} (${defaultUa})` : defaultUa;
   const sdk = new AgentScore({ apiKey, baseUrl, userAgent: userAgentHeader });
   const sessionSdkCache = /* @__PURE__ */ new Map();
@@ -21417,6 +21439,13 @@ function createAgentScoreCore(options) {
   return { evaluate, captureWallet, getSignerVerdict };
 }
 
+// src/_headers.ts
+function normalizeHeadersToLowercase(headers) {
+  const out = {};
+  for (const [k, v] of Object.entries(headers)) out[k.toLowerCase()] = v;
+  return out;
+}
+
 // src/signer.ts
 var TOKEN_PROGRAM = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
 var TOKEN_2022_PROGRAM = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb";
@@ -21499,13 +21528,8 @@ async function extractPaymentSignerFromAuth(authHeader, x402PaymentHeader) {
 function readX402PaymentHeader(request) {
   return request.headers.get("payment-signature") ?? request.headers.get("x-payment") ?? void 0;
 }
-function lowerHeaders(headers) {
-  const out = {};
-  for (const [k, v] of Object.entries(headers)) out[k.toLowerCase()] = v;
-  return out;
-}
 async function extractSignerForPrecheck(headers) {
-  const lower = lowerHeaders(headers);
+  const lower = normalizeHeadersToLowercase(headers);
   const x402 = lower["payment-signature"] ?? lower["x-payment"];
   if (x402) {
     const signer = await extractPaymentSignerFromAuth(void 0, x402);
@@ -21520,7 +21544,7 @@ async function extractSignerForPrecheck(headers) {
 
 // src/identity/a2a.ts
 var PROTOCOL_VERSION = "1.0";
-var DEFAULT_PROTOCOL_BINDING = "HTTP+JSON";
+var DEFAULT_TRANSPORT = "JSONRPC";
 var DEFAULT_INPUT_MODE = "application/json";
 var DEFAULT_OUTPUT_MODE = "application/json";
 var UCP_A2A_EXTENSION_URI = "https://ucp.dev/2026-04-08/specification/reference";
@@ -21540,30 +21564,33 @@ function buildA2AAgentCard(input) {
   }
   const capabilities = {};
   if (input.streaming !== void 0) capabilities.streaming = input.streaming;
-  if (input.push_notifications !== void 0) capabilities.push_notifications = input.push_notifications;
+  if (input.pushNotifications !== void 0) capabilities.pushNotifications = input.pushNotifications;
+  if (input.stateTransitionHistory !== void 0) capabilities.stateTransitionHistory = input.stateTransitionHistory;
   if (input.extensions && input.extensions.length > 0) capabilities.extensions = input.extensions;
-  if (input.extended_agent_card !== void 0) capabilities.extended_agent_card = input.extended_agent_card;
-  const primaryInterface = {
-    url: input.url,
-    protocol_binding: input.protocol_binding ?? DEFAULT_PROTOCOL_BINDING,
-    protocol_version: input.a2a_protocol_version ?? PROTOCOL_VERSION
-  };
   const card = {
     name: input.name,
     description: input.description,
-    supported_interfaces: [primaryInterface],
+    url: input.url,
+    preferredTransport: input.preferredTransport ?? "HTTP+JSON",
+    protocolVersion: input.protocolVersion ?? PROTOCOL_VERSION,
     version: input.version ?? "1.0.0",
     capabilities,
-    default_input_modes: input.default_input_modes ?? [DEFAULT_INPUT_MODE],
-    default_output_modes: input.default_output_modes ?? [DEFAULT_OUTPUT_MODE],
+    defaultInputModes: input.defaultInputModes ?? [DEFAULT_INPUT_MODE],
+    defaultOutputModes: input.defaultOutputModes ?? [DEFAULT_OUTPUT_MODE],
     skills: input.skills
   };
+  if (input.additionalInterfaces !== void 0 && input.additionalInterfaces.length > 0) {
+    card.additionalInterfaces = input.additionalInterfaces;
+  }
   if (input.provider !== void 0) card.provider = input.provider;
-  if (input.documentation_url !== void 0) card.documentation_url = input.documentation_url;
-  if (input.icon_url !== void 0) card.icon_url = input.icon_url;
+  if (input.documentationUrl !== void 0) card.documentationUrl = input.documentationUrl;
+  if (input.iconUrl !== void 0) card.iconUrl = input.iconUrl;
+  if (input.supportsAuthenticatedExtendedCard !== void 0) {
+    card.supportsAuthenticatedExtendedCard = input.supportsAuthenticatedExtendedCard;
+  }
   if (input.signatures !== void 0 && input.signatures.length > 0) card.signatures = input.signatures;
-  if (input.security_schemes !== void 0) card.security_schemes = input.security_schemes;
-  if (input.security_requirements !== void 0) card.security_requirements = input.security_requirements;
+  if (input.security !== void 0) card.security = input.security;
+  if (input.securitySchemes !== void 0) card.securitySchemes = input.securitySchemes;
   if (input.extras) {
     for (const [k, v] of Object.entries(input.extras)) {
       card[k] = v;
@@ -21571,6 +21598,8 @@ function buildA2AAgentCard(input) {
   }
   return card;
 }
+var A2A_PROTOCOL_VERSION = PROTOCOL_VERSION;
+var A2A_DEFAULT_TRANSPORT = DEFAULT_TRANSPORT;
 
 // src/index.ts
 init_ucp();
@@ -21579,6 +21608,34 @@ init_ucp_jwks();
 // src/checkout.ts
 import { randomUUID } from "crypto";
 
+// src/_mppx_receipt.ts
+function extractMppxReceiptHeaderFromRaw(raw) {
+  if (!raw || typeof raw !== "object" || !("withReceipt" in raw)) return null;
+  const fn = raw.withReceipt;
+  if (typeof fn !== "function") return null;
+  try {
+    const wrapped = fn.call(raw, new Response());
+    return wrapped.headers.get("Payment-Receipt");
+  } catch {
+    return null;
+  }
+}
+async function extractMppxReceiptMethod(header) {
+  try {
+    const { Receipt } = await Promise.resolve().then(() => (init_dist2(), dist_exports));
+    return Receipt.deserialize(header).method;
+  } catch {
+    return void 0;
+  }
+}
+async function deriveMppxReceiptMethod(raw) {
+  const direct = raw?.receipt?.method;
+  if (direct) return direct;
+  const header = extractMppxReceiptHeaderFromRaw(raw);
+  if (!header) return void 0;
+  return extractMppxReceiptMethod(header);
+}
+
 // src/payment/rail_spec.ts
 init_usdc();
 async function resolveRecipient(r) {
@@ -21803,10 +21860,13 @@ function buildHowToPay({
   totalUsd,
   rails: rails2,
   opTokenPlaceholder,
-  maxSpend
+  maxSpend,
+  decimals
 }) {
   const totalNum = typeof totalUsd === "string" ? Number(totalUsd) : totalUsd;
-  const maxSpendStr = String(maxSpend ?? (Math.ceil(totalNum) + 1).toFixed(2));
+  const d = decimals ?? 2;
+  const defaultMaxSpend = totalNum >= 1 ? (Math.ceil(totalNum) + 1).toFixed(d) : totalNum.toFixed(d);
+  const maxSpendStr = String(maxSpend ?? defaultMaxSpend);
   const opToken = opTokenPlaceholder ?? "<your_opc_token>";
   const block = {};
   if (rails2.tempo) {
@@ -21899,26 +21959,26 @@ function buildPricingBlock({
   totalCents,
   taxRate,
   taxState,
-  currency
+  currency,
+  decimals
 }) {
   const shipping = shippingCents ?? 0;
   const discount = discountCents ?? 0;
   const total = totalCents ?? Math.max(0, subtotalCents + taxCents + shipping - discount);
+  const d = decimals ?? 2;
+  const fmt = (cents) => (cents / 100).toFixed(d);
   const block = {
-    subtotal: formatCents(subtotalCents),
-    tax: formatCents(taxCents),
-    total: formatCents(total)
+    subtotal: fmt(subtotalCents),
+    tax: fmt(taxCents),
+    total: fmt(total)
   };
-  if (shippingCents !== void 0) block.shipping = formatCents(shipping);
-  if (discountCents !== void 0) block.discount = formatCents(discount);
+  if (shippingCents !== void 0) block.shipping = fmt(shipping);
+  if (discountCents !== void 0) block.discount = fmt(discount);
   if (taxRate !== void 0) block.tax_rate = taxRate;
   if (taxState !== void 0) block.tax_state = taxState;
   if (currency !== void 0) block.currency = currency;
   return block;
 }
-function formatCents(cents) {
-  return (cents / 100).toFixed(2);
-}
 
 // src/challenge/respond_402.ts
 init_wwwauthenticate();
@@ -21927,10 +21987,7 @@ function respond402({
   body,
   x402
 }) {
-  const headers = {};
-  for (const [k, v] of Object.entries(mppxChallengeHeaders)) {
-    headers[k.toLowerCase()] = v;
-  }
+  const headers = normalizeHeadersToLowercase(mppxChallengeHeaders);
   headers["content-type"] = "application/json";
   if (x402) {
     headers["payment-required"] = paymentRequiredHeader(x402);
@@ -21993,7 +22050,8 @@ function isSolanaMppRailSpec(s) {
   return s.network?.startsWith("solana:") ?? false;
 }
 function solanaNetworkFromCAIP2(caip2) {
-  if (caip2 === networks.solana.devnet.caip2) return "devnet";
+  if (caip2 === "devnet" || caip2 === networks.solana.devnet.caip2) return "devnet";
+  if (caip2 === "localnet") return "localnet";
   return "mainnet-beta";
 }
 function solanaDefaultRpcUrl(network) {
@@ -22277,6 +22335,41 @@ function lazyMppxServer(opts) {
   };
 }
 
+// src/checkout.ts
+init_network_kind();
+
+// src/payment/payment_header.ts
+function toTitleCase(name) {
+  return name.replace(/(^|-)([a-z])/g, (_m, sep, c) => sep + c.toUpperCase());
+}
+function readHeader(headers, name) {
+  if (typeof headers.get === "function") {
+    return headers.get(name);
+  }
+  const rec = headers;
+  const v = rec[name] ?? rec[name.toLowerCase()] ?? rec[toTitleCase(name)];
+  if (typeof v === "string") return v;
+  if (Array.isArray(v) && typeof v[0] === "string") return v[0];
+  return null;
+}
+function asHeaders(input) {
+  return typeof input.headers === "object" && input instanceof Request ? input.headers : input;
+}
+function hasPaymentHeader(input) {
+  const headers = asHeaders(input);
+  return Boolean(
+    readHeader(headers, "payment-signature") || readHeader(headers, "x-payment") || readHeader(headers, "authorization")?.startsWith("Payment ")
+  );
+}
+function hasX402Header(input) {
+  const headers = asHeaders(input);
+  return Boolean(readHeader(headers, "payment-signature") || readHeader(headers, "x-payment"));
+}
+function hasMppxHeader(input) {
+  const headers = asHeaders(input);
+  return Boolean(readHeader(headers, "authorization")?.startsWith("Payment "));
+}
+
 // src/payment/x402_settle.ts
 function classifyX402SettleResult(result) {
   if (result.success) return null;
@@ -22568,12 +22661,14 @@ function pricingResult(opts) {
       ...opts.discountCents !== void 0 && { discountCents: opts.discountCents },
       ...opts.taxRate !== void 0 && { taxRate: opts.taxRate },
       ...opts.taxState !== void 0 && { taxState: opts.taxState },
-      currency
+      currency,
+      ...opts.decimals !== void 0 && { decimals: opts.decimals }
     });
     return {
       amountUsd: derivedAmount,
       currency,
       block,
+      ...opts.decimals !== void 0 && { decimals: opts.decimals },
       ...opts.product !== void 0 && { product: opts.product },
       ...opts.bodyExtras !== void 0 && { bodyExtras: opts.bodyExtras }
     };
@@ -22584,6 +22679,7 @@ function pricingResult(opts) {
   return {
     amountUsd: opts.amountUsd,
     currency,
+    ...opts.decimals !== void 0 && { decimals: opts.decimals },
     ...opts.product !== void 0 && { product: opts.product },
     ...opts.bodyExtras !== void 0 && { bodyExtras: opts.bodyExtras }
   };
@@ -22609,21 +22705,8 @@ var CheckoutValidationError = class extends Error {
     this.extra = opts.extra;
   }
 };
-function lowerHeaders2(headers) {
-  const out = {};
-  for (const [k, v] of Object.entries(headers)) out[k.toLowerCase()] = v;
-  return out;
-}
-function hasX402Header(headers) {
-  const h = lowerHeaders2(headers);
-  return Boolean(h["payment-signature"] ?? h["x-payment"]);
-}
-function hasMppxHeader(headers) {
-  const h = lowerHeaders2(headers);
-  return (h["authorization"] ?? "").startsWith("Payment ");
-}
 function resolveIdentityMetadata(ctx) {
-  const h = lowerHeaders2(ctx.request.headers);
+  const h = normalizeHeadersToLowercase(ctx.request.headers);
   const wallet = h["x-wallet-address"];
   if (!wallet) return void 0;
   let linkedWallets;
@@ -22652,26 +22735,24 @@ function isTempoSessionRailSpec3(s) {
 function specRailKey(spec) {
   if (isStripeRailSpec2(spec)) return "stripe";
   if (isTempoSessionRailSpec3(spec)) return "tempo_mpp";
-  const network = spec.network ?? "";
-  if (network.startsWith("eip155:")) return "x402_base";
-  if (network.startsWith("solana:") || "rpcUrl" in spec) return "solana_mpp";
+  if (isEvmNetwork(spec)) return "x402_base";
+  if (isSolanaNetwork(spec) || "rpcUrl" in spec) return "solana_mpp";
   return "tempo_mpp";
 }
 function specMethodName(spec) {
   if (isStripeRailSpec2(spec)) return "stripe/spt";
   if (isTempoSessionRailSpec3(spec)) return "tempo/charge";
-  const network = spec.network ?? "";
-  if (network.startsWith("eip155:")) return "x402/exact (base)";
-  if (network.startsWith("solana:") || "rpcUrl" in spec) return "solana/charge";
+  if (isEvmNetwork(spec)) return "x402/exact (base)";
+  if (isSolanaNetwork(spec) || "rpcUrl" in spec) return "solana/charge";
   return "tempo/charge";
 }
 function makeMppxComposeHook(opts) {
   return async (ctx) => {
     if (ctx.pricing === null) return { status: 402 };
     const mpp = await opts.serverGetter();
-    const lower = lowerHeaders2(ctx.request.headers);
+    const lower = normalizeHeadersToLowercase(ctx.request.headers);
     const authorization = lower["authorization"];
-    const amountStr = ctx.pricing.amountUsd.toFixed(2);
+    const amountStr = ctx.pricing.amountUsd.toFixed(ctx.pricing.decimals ?? 2);
     let result;
     try {
       result = await mpp.charge({ authorization, amount: amountStr });
@@ -22755,7 +22836,7 @@ var Checkout = class {
     let x402ServerGetter;
     if (x402Server === void 0) {
       const baseSpec = Object.values(opts.rails).find(
-        (s) => !isTempoSessionRailSpec3(s) && !isStripeRailSpec2(s) && "recipient" in s && (s.network ?? "").startsWith("eip155:")
+        (s) => !isTempoSessionRailSpec3(s) && !isStripeRailSpec2(s) && "recipient" in s && isEvmNetwork(s)
       );
       if (baseSpec !== void 0) {
         x402ServerGetter = lazyX402Server({
@@ -22845,7 +22926,7 @@ var Checkout = class {
    *  `"x402_base"` when no match found. */
   x402RailKey() {
     for (const [k, v] of Object.entries(this.rails)) {
-      if (!isStripeRailSpec2(v) && !isTempoSessionRailSpec3(v) && (v.network ?? "").startsWith("eip155:")) {
+      if (!isStripeRailSpec2(v) && !isTempoSessionRailSpec3(v) && isEvmNetwork(v)) {
         return k;
       }
     }
@@ -22854,18 +22935,47 @@ var Checkout = class {
   /** Return the rails-dict key for the primary MPP rail. */
   mppRailKey() {
     for (const [k, v] of Object.entries(this.rails)) {
-      const network = v.network ?? "";
-      if (!isStripeRailSpec2(v) && !network.startsWith("eip155:")) return k;
+      if (!isStripeRailSpec2(v) && !isEvmNetwork(v)) return k;
     }
     return "tempo";
   }
+  /** Map an mppx credential `method` (`tempo` | `solana` | `stripe`) to the
+   *  merchant's rails-dict key. Used in handleMppx so onSettled outcomes
+   *  distinguish Solana from Tempo (both settle under `rail: 'mpp'`) and from
+   *  Stripe SPT. Returns the first matching key or `undefined` when no rail in
+   *  the merchant's config corresponds to that method. */
+  railsKeyForMppxMethod(method) {
+    if (method === "stripe") {
+      for (const [k, v] of Object.entries(this.rails)) {
+        if (isStripeRailSpec2(v)) return k;
+      }
+      return void 0;
+    }
+    if (method === "solana") {
+      for (const [k, v] of Object.entries(this.rails)) {
+        if (isStripeRailSpec2(v) || isTempoSessionRailSpec3(v)) continue;
+        if (isSolanaNetwork(v) || "rpcUrl" in v || "tokenProgram" in v) return k;
+      }
+      return void 0;
+    }
+    if (method === "tempo") {
+      for (const [k, v] of Object.entries(this.rails)) {
+        if (isStripeRailSpec2(v)) continue;
+        if (isSolanaNetwork(v) || "rpcUrl" in v || "tokenProgram" in v) continue;
+        if (isEvmNetwork(v)) continue;
+        return k;
+      }
+      return void 0;
+    }
+    return void 0;
+  }
   /** CAIP-2 read from `rails['x402_base'].network` (or its default).
    *  Defined only when an `X402BaseRailSpec` is present in rails AND a server
    *  is configured (explicit or auto-derived); otherwise `null`. */
   get x402BaseNetwork() {
     if (!this.x402ServerAvailable()) return null;
     for (const spec of Object.values(this.rails)) {
-      if (!isStripeRailSpec2(spec) && !isTempoSessionRailSpec3(spec) && (spec.network ?? "").startsWith("eip155:")) {
+      if (!isStripeRailSpec2(spec) && !isTempoSessionRailSpec3(spec) && isEvmNetwork(spec)) {
         return spec.network ?? "eip155:8453";
       }
     }
@@ -22917,8 +23027,8 @@ var Checkout = class {
         throw err;
       }
     }
-    const hasPaymentHeader = hasX402Header(request.headers) || hasMppxHeader(request.headers);
-    if (this.gate !== void 0 && hasPaymentHeader) {
+    const hasPaymentHeader2 = hasX402Header(request.headers) || hasMppxHeader(request.headers);
+    if (this.gate !== void 0 && hasPaymentHeader2) {
       const denial = await this.runGate(ctx);
       if (denial !== null) {
         return {
@@ -23008,7 +23118,7 @@ var Checkout = class {
       ...policyOverride ?? {}
     };
     const core = createAgentScoreCore(coreOpts);
-    const headers = lowerHeaders2(ctx.request.headers);
+    const headers = normalizeHeadersToLowercase(ctx.request.headers);
     const walletAddress = headers["x-wallet-address"];
     const operatorToken = headers["x-operator-token"];
     const identity = walletAddress !== void 0 || operatorToken !== void 0 ? {
@@ -23070,7 +23180,7 @@ var Checkout = class {
     if (!this.zeroSettleCarveOut || ctx.pricing === null) return null;
     const cents = Math.round(ctx.pricing.amountUsd * 100);
     if (cents !== 0) return null;
-    const headers = lowerHeaders2(ctx.request.headers);
+    const headers = normalizeHeadersToLowercase(ctx.request.headers);
     let zero;
     if (rail === "x402-base") {
       const x402Header = headers["payment-signature"] ?? headers["x-payment"];
@@ -23144,7 +23254,7 @@ var Checkout = class {
       resourceConfig: {
         scheme: "exact",
         network: verified.signedNetwork,
-        price: `$${ctx.pricing.amountUsd.toFixed(2)}`,
+        price: `$${ctx.pricing.amountUsd.toFixed(ctx.pricing.decimals ?? 2)}`,
         payTo: verified.signedPayTo,
         maxTimeoutSeconds: 300
       },
@@ -23205,15 +23315,20 @@ var Checkout = class {
     }
     const composed = await this.composeMppx(ctx);
     if (composed.status === 200) {
+      const paymentReceiptHeader = composed.paymentReceiptHeader ?? extractMppxReceiptHeaderFromRaw(composed.raw);
+      const directMethod = composed.raw?.receipt?.method;
+      const headerMethod = paymentReceiptHeader ? await extractMppxReceiptMethod(paymentReceiptHeader) : void 0;
+      const receiptMethod = directMethod ?? headerMethod;
+      const derivedKey = typeof receiptMethod === "string" ? this.railsKeyForMppxMethod(receiptMethod) : void 0;
       const outcome = {
         rail: "mpp",
         paymentResponseHeader: composed.paymentResponseHeader ?? null,
-        paymentReceiptHeader: composed.paymentReceiptHeader ?? extractMppxReceiptHeaderFromRaw(composed.raw),
+        paymentReceiptHeader,
         raw: composed.raw,
         txHash: composed.txHash ?? null,
         signerAddress: composed.signerAddress ?? null,
         signerNetwork: composed.signerNetwork ?? null,
-        railKey: composed.railKey ?? this.mppRailKey()
+        railKey: derivedKey ?? composed.railKey ?? this.mppRailKey()
       };
       return await this.buildSuccess(ctx, outcome);
     }
@@ -23248,15 +23363,18 @@ var Checkout = class {
         howToPayRails[k] = v;
       }
     }
+    const pricingDecimals = ctx.pricing.decimals ?? 2;
     const howToPay = buildHowToPay({
       url: this.url,
       retryBodyJson: JSON.stringify(ctx.request.body),
-      totalUsd: ctx.pricing.amountUsd.toFixed(2),
-      rails: howToPayRails
+      totalUsd: ctx.pricing.amountUsd.toFixed(pricingDecimals),
+      rails: howToPayRails,
+      ...ctx.pricing.decimals !== void 0 && { decimals: ctx.pricing.decimals }
     });
     const pricingBlock = ctx.pricing.block ?? buildPricingBlock({
-      subtotalCents: Math.round(ctx.pricing.amountUsd * 100),
-      currency: ctx.pricing.currency ?? "USD"
+      subtotalCents: ctx.pricing.amountUsd * 100,
+      currency: ctx.pricing.currency ?? "USD",
+      ...ctx.pricing.decimals !== void 0 && { decimals: ctx.pricing.decimals }
     });
     let x402Accepts = [];
     let x402Resource;
@@ -23269,7 +23387,7 @@ var Checkout = class {
         try {
           x402Accepts = await buildX402AcceptsFor402(x402Server, {
             network: baseNetwork,
-            price: `$${ctx.pricing.amountUsd.toFixed(2)}`,
+            price: `$${ctx.pricing.amountUsd.toFixed(pricingDecimals)}`,
             payTo: recipient,
             maxTimeoutSeconds: 300
           });
@@ -23285,7 +23403,7 @@ var Checkout = class {
       agentInstructions: buildAgentInstructions({ howToPay }),
       ...identityMetadata !== void 0 ? { identityMetadata } : {},
       pricing: pricingBlock,
-      amountUsd: ctx.pricing.amountUsd.toFixed(2),
+      amountUsd: ctx.pricing.amountUsd.toFixed(pricingDecimals),
       retryBody: ctx.request.body,
       agentMemory: firstEncounterAgentMemory({ firstEncounter: true }),
       ...ctx.pricing.product ? { product: ctx.pricing.product } : {},
@@ -23393,17 +23511,6 @@ function stripContentType(headers) {
   }
   return out;
 }
-function extractMppxReceiptHeaderFromRaw(raw) {
-  if (!raw || typeof raw !== "object" || !("withReceipt" in raw)) return null;
-  const fn = raw.withReceipt;
-  if (typeof fn !== "function") return null;
-  try {
-    const wrapped = fn.call(raw, new Response());
-    return wrapped.headers.get("Payment-Receipt");
-  } catch {
-    return null;
-  }
-}
 function headersToRecord(h) {
   if (h === void 0) return {};
   if (h instanceof Headers) {
@@ -23717,6 +23824,15 @@ import { createHash } from "crypto";
 function hashOperatorToken(plaintext) {
   return createHash("sha256").update(plaintext, "utf8").digest("hex");
 }
+function extractOwnerScope(input) {
+  const headers = asHeaders(input);
+  const walletAddress = readHeader(headers, "x-wallet-address");
+  const operatorToken = readHeader(headers, "x-operator-token");
+  return {
+    ...walletAddress ? { walletAddress } : {},
+    ...operatorToken ? { operatorTokenHash: hashOperatorToken(operatorToken) } : {}
+  };
+}
 
 // src/payment/index.ts
 init_directive();
@@ -23730,8 +23846,45 @@ init_directive();
 init_wwwauthenticate();
 
 // src/payment/amounts.ts
-function formatUsdCents(cents) {
-  return (cents / 100).toFixed(2);
+function usdToAtomic(usd, opts) {
+  const { decimals } = opts;
+  if (!Number.isInteger(decimals) || decimals < 0) {
+    throw new RangeError(`decimals must be a non-negative integer, got ${decimals}`);
+  }
+  if (typeof usd === "number") {
+    if (!Number.isFinite(usd)) {
+      throw new RangeError(`usd must be finite, got ${usd}`);
+    }
+    if (usd < 0) {
+      throw new RangeError(`usd must be non-negative, got ${usd}`);
+    }
+  }
+  const s = (typeof usd === "number" ? usd.toString() : usd).trim();
+  if (s.startsWith("-")) {
+    throw new RangeError(`usd must be non-negative, got ${s}`);
+  }
+  if (s === "NaN" || s === "Infinity") {
+    throw new RangeError(`usd must be finite, got ${s}`);
+  }
+  const match = /^(\d*)(?:\.(\d*))?$/.exec(s);
+  if (!match || match[1] === "" && (match[2] === void 0 || match[2] === "")) {
+    throw new SyntaxError(`invalid usd value: ${JSON.stringify(usd)}`);
+  }
+  const intPart = match[1] || "0";
+  const fracPart = match[2] ?? "";
+  if (fracPart.length <= decimals) {
+    return BigInt(intPart + fracPart.padEnd(decimals, "0"));
+  }
+  const kept = fracPart.slice(0, decimals);
+  const roundDigit = fracPart[decimals];
+  let result = BigInt(intPart + kept);
+  if (roundDigit >= "5") {
+    result += 1n;
+  }
+  return result;
+}
+function formatUsdCents(cents, decimals = 2) {
+  return (cents / 100).toFixed(decimals);
 }
 
 // src/payment/solana.ts
@@ -23754,7 +23907,631 @@ async function loadSolanaFeePayer(opts) {
   }
   return kit.createKeyPairSignerFromPrivateKeyBytes(bytes);
 }
+
+// src/payment/compose_rails.ts
+init_usdc();
+function buildMppxComposeRails(opts) {
+  const rails2 = [];
+  if (opts.tempoRecipient) {
+    rails2.push(["tempo/charge", {
+      amount: opts.amountUsd,
+      currency: opts.tempoTokenAddress ?? USDC.tempo.mainnet.address,
+      decimals: 6,
+      recipient: opts.tempoRecipient
+    }]);
+  }
+  if (opts.solanaRecipient) {
+    const atomic = usdToAtomic(opts.amountUsd, { decimals: 6 });
+    rails2.push(["solana/charge", {
+      amount: atomic.toString(),
+      currency: opts.solanaTokenMint ?? USDC.solana.mainnet.mint,
+      decimals: 6,
+      recipient: opts.solanaRecipient,
+      network: opts.solanaNetwork ?? "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp"
+    }]);
+  }
+  if (opts.includeStripe !== false) {
+    rails2.push(["stripe/charge", { amount: opts.amountUsd, currency: "usd", decimals: 2 }]);
+  }
+  return rails2;
+}
+
+// src/payment/default_rails.ts
+init_networks();
+init_usdc();
+function buildDefaultCheckoutRails(opts) {
+  const out = {};
+  if (opts.tempo) {
+    out.tempo = { recipient: "", ...RAIL_SPEC_DEFAULTS.tempo, ...opts.tempo };
+  }
+  if (opts.x402Base) {
+    const merged = { recipient: "", ...RAIL_SPEC_DEFAULTS.x402Base, ...opts.x402Base };
+    if (merged.network === networks.base.sepolia.caip2) {
+      if (opts.x402Base.chainId === void 0) merged.chainId = networks.base.sepolia.chainId;
+      if (opts.x402Base.token === void 0) merged.token = USDC.base.sepolia.address;
+    } else if (merged.network === networks.base.mainnet.caip2) {
+      if (opts.x402Base.chainId === void 0) merged.chainId = networks.base.mainnet.chainId;
+      if (opts.x402Base.token === void 0) merged.token = USDC.base.mainnet.address;
+    }
+    out.x402_base = merged;
+  }
+  if (opts.solanaMpp) {
+    const merged = { recipient: "", ...RAIL_SPEC_DEFAULTS.solanaMpp, ...opts.solanaMpp };
+    const isDevnet = merged.network === "devnet" || merged.network === networks.solana.devnet.caip2;
+    if (isDevnet && opts.solanaMpp.token === void 0) {
+      merged.token = USDC.solana.devnet.mint;
+    }
+    out.solana_mpp = merged;
+  }
+  if (opts.stripe) {
+    out.stripe = { ...RAIL_SPEC_DEFAULTS.stripe, ...opts.stripe };
+  }
+  return out;
+}
+
+// src/payment/index.ts
+init_network_kind();
+
+// src/checkout_compute_first.ts
+import { randomUUID as randomUUID2 } from "crypto";
+
+// src/discovery/index.ts
+init_probe();
+
+// src/discovery/agentscore_content.ts
+var PURCHASE_MODE_NOTES = Object.freeze({
+  redemption_only: "Requires a single-use redemption code (printed on a mailer or other out-of-band delivery). Submit the code in the request body as `redemption_code`. Without a valid code the order is rejected.",
+  coupon_applicable: "Codes are optional. Without one, settle at list price. With a valid code the discount is applied automatically (percent_off, fixed_off, or fixed_settle).",
+  paid_only: "Codes are NOT accepted. Settle at the listed price. Submitting a `redemption_code` field returns 400 codes_not_accepted."
+});
+function buildSuccessNextSteps(opts) {
+  const out = {
+    action: "done",
+    user_message: opts.userMessage ?? "Payment complete. Your AgentScore Passport is now active across every AgentScore-gated merchant."
+  };
+  if (opts.orderStatusUrl) out.order_status_url = opts.orderStatusUrl;
+  if (opts.fulfillmentEta !== void 0) out.fulfillment_eta = opts.fulfillmentEta;
+  return out;
+}
+
+// src/discovery/index.ts
+init_well_known();
+
+// src/quote_cache.ts
+import { createHash as createHash2 } from "crypto";
+
+// src/_redis.ts
+async function tryCreateRedis(opts) {
+  const url2 = opts.url ?? process.env.REDIS_URL;
+  if (!url2) return null;
+  try {
+    const mod = await import("ioredis");
+    const client = new mod.default(url2, {
+      connectTimeout: opts.connectTimeout ?? 3e3,
+      maxRetriesPerRequest: opts.maxRetriesPerRequest ?? 1,
+      tls: url2.startsWith("rediss://") ? {} : void 0
+    });
+    client.on("error", (err) => console.error(`[${opts.label}] Redis error:`, err.message));
+    return client;
+  } catch {
+    return null;
+  }
+}
+function memoizedRedis(opts) {
+  let promise2 = null;
+  return () => {
+    if (!promise2) promise2 = tryCreateRedis(opts);
+    return promise2;
+  };
+}
+
+// src/quote_cache.ts
+function canonicalize2(value) {
+  if (Array.isArray(value)) return value.map(canonicalize2);
+  if (value && typeof value === "object") {
+    const sorted = {};
+    for (const key of Object.keys(value).sort()) {
+      sorted[key] = canonicalize2(value[key]);
+    }
+    return sorted;
+  }
+  return value;
+}
+function createQuoteCache(opts = {}) {
+  const ttlMs = opts.ttlMs ?? 5 * 6e4;
+  const keyPrefix = opts.keyPrefix ?? "quote:";
+  const memMap = /* @__PURE__ */ new Map();
+  const getRedis = memoizedRedis({ url: opts.redisUrl, label: "quote-cache" });
+  const evictExpired = () => {
+    const now = Date.now();
+    for (const [k, v] of memMap.entries()) {
+      if (v.expiresAt <= now) memMap.delete(k);
+    }
+  };
+  return {
+    bodyHashKey(prefix, body) {
+      const canonical = JSON.stringify(canonicalize2(body));
+      const hash3 = createHash2("sha256").update(`${prefix}::${canonical}`).digest("hex").slice(0, 24);
+      return `${prefix}::${hash3}`;
+    },
+    async read(key) {
+      const r = await getRedis();
+      if (r) {
+        try {
+          const raw = await r.get(`${keyPrefix}${key}`);
+          if (!raw) return null;
+          return JSON.parse(raw);
+        } catch {
+        }
+      }
+      evictExpired();
+      const entry = memMap.get(key);
+      return entry ? entry.entry : null;
+    },
+    async write(key, body, priceCents, recipients = {}) {
+      const cached2 = { body, priceCents, recipients };
+      const r = await getRedis();
+      if (r) {
+        try {
+          await r.set(`${keyPrefix}${key}`, JSON.stringify(cached2), "PX", ttlMs);
+          return;
+        } catch {
+        }
+      }
+      memMap.set(key, { entry: cached2, expiresAt: Date.now() + ttlMs });
+    },
+    async clear() {
+      memMap.clear();
+      const r = await getRedis();
+      if (r) {
+        try {
+          await r.flushdb();
+        } catch {
+        }
+      }
+    }
+  };
+}
+
+// src/checkout_compute_first.ts
+var DEFAULT_TTL_MS = 5 * 6e4;
+function decimalsForUnit(unitPriceCents) {
+  if (Number.isInteger(unitPriceCents)) return 2;
+  const str = unitPriceCents.toString();
+  const dotIdx = str.indexOf(".");
+  const frac = dotIdx === -1 ? 0 : str.length - dotIdx - 1;
+  return 2 + frac;
+}
+function computeFirstCheckout(opts) {
+  const cache = opts.cache ?? createQuoteCache({ ttlMs: opts.cacheTtlMs ?? DEFAULT_TTL_MS });
+  const decimals = opts.decimals ?? decimalsForUnit(opts.unitPriceCents);
+  const appUrl = opts.appUrl ?? new URL(opts.url).origin;
+  async function mintAndResolveRecipients(req, body, priceCents) {
+    const minted = opts.mintRecipients ? await opts.mintRecipients({ request: req, body, priceCents }) : {};
+    const out = {};
+    const tempo = minted.tempo ?? (opts.rails.tempo ? await resolveRecipient(opts.rails.tempo.recipient) : void 0);
+    const x402Base = minted.x402_base ?? (opts.rails.x402_base ? await resolveRecipient(opts.rails.x402_base.recipient) : void 0);
+    const solana = minted.solana_mpp ?? (opts.rails.solana_mpp ? await resolveRecipient(opts.rails.solana_mpp.recipient) : void 0);
+    if (tempo) out.tempo = tempo;
+    if (x402Base) out.x402_base = x402Base;
+    if (solana) out.solana_mpp = solana;
+    return out;
+  }
+  async function emit402(req, body, priceCents, recipients) {
+    const totalUsd = formatUsdCents(priceCents, decimals);
+    const tempoRecipient = recipients.tempo;
+    const x402BaseRecipient = recipients.x402_base;
+    const solanaRecipient = recipients.solana_mpp;
+    const accepted = await buildAcceptedMethods({
+      ...tempoRecipient && opts.rails.tempo && { tempo: { ...opts.rails.tempo, recipient: tempoRecipient } },
+      ...solanaRecipient && opts.rails.solana_mpp && { solana_mpp: { ...opts.rails.solana_mpp, recipient: solanaRecipient } },
+      ...opts.rails.stripe && { stripe: opts.rails.stripe }
+    });
+    if (x402BaseRecipient && opts.rails.x402_base) {
+      try {
+        const resolvedX402PayTo = await resolveRecipient(x402BaseRecipient);
+        const x402Entries = await buildX402AcceptsFor402(opts.x402Server, {
+          network: opts.rails.x402_base.network ?? "eip155:8453",
+          price: `$${totalUsd}`,
+          payTo: resolvedX402PayTo,
+          maxTimeoutSeconds: 300
+        });
+        accepted.push(...x402Entries);
+      } catch (err) {
+        console.warn(
+          `[${opts.name}.computeFirst] buildX402AcceptsFor402 failed; dropping x402 from accepts:`,
+          err instanceof Error ? err.message : err
+        );
+      }
+    }
+    const howToPay = buildHowToPay({
+      url: opts.url,
+      retryBodyJson: JSON.stringify(body),
+      totalUsd,
+      decimals,
+      rails: {
+        ...tempoRecipient && opts.rails.tempo && { tempo: { ...opts.rails.tempo, recipient: tempoRecipient } },
+        ...x402BaseRecipient && opts.rails.x402_base && { x402_base: { ...opts.rails.x402_base, recipient: x402BaseRecipient } },
+        ...solanaRecipient && opts.rails.solana_mpp && { solana_mpp: { ...opts.rails.solana_mpp, recipient: solanaRecipient } },
+        ...opts.rails.stripe && { stripe: opts.rails.stripe }
+      }
+    });
+    const pricing = buildPricingBlock({ subtotalCents: priceCents, currency: "USD", decimals });
+    const agentInstructions = buildAgentInstructions({
+      howToPay,
+      warnings: [
+        "The quoted price is exact: it was derived from the actual number of results returned by the work on the probe leg.",
+        "The merchant cached the result against a hash of this request body. Retry with the same body within the quote TTL (default 5 min) to settle and receive the cached results; if the quote expires, re-probe."
+      ]
+    });
+    let mppChallengeHeaders = {};
+    if (opts.composeMppx) {
+      try {
+        const mppResult = await opts.composeMppx({
+          request: req,
+          cachedBody: body,
+          priceCents,
+          priceUsd: totalUsd,
+          recipients
+        });
+        if (mppResult.status === 402 && mppResult.headers) {
+          mppChallengeHeaders = mppResult.headers;
+        }
+      } catch (err) {
+        console.warn(
+          `[${opts.name}.computeFirst] composeMppx probe-leg failed; dropping MPP rails from 402 challenge:`,
+          err instanceof Error ? err.message : err
+        );
+      }
+    }
+    const body402 = build402Body({
+      product: { id: opts.name, name: opts.name },
+      acceptedMethods: accepted,
+      pricing,
+      agentInstructions,
+      amountUsd: totalUsd,
+      currency: "USD",
+      orderId: null,
+      retryBody: body
+    });
+    const headers = new Headers({ "Content-Type": "application/json" });
+    for (const [k, v] of Object.entries(mppChallengeHeaders)) headers.set(k, v);
+    headers.set(
+      "PAYMENT-REQUIRED",
+      paymentRequiredHeader({ x402Version: 2, accepts: accepted, resource: { url: opts.url } })
+    );
+    return new Response(JSON.stringify(body402), { status: 402, headers });
+  }
+  async function handleX402Settle(req, referenceId, cachedBody, priceCents, recipients) {
+    const verified = await verifyX402Request({
+      request: req,
+      isCachedAddress: async () => true,
+      acceptedNetwork: opts.rails.x402_base?.network ?? "eip155:8453"
+    });
+    if (!verified.ok) {
+      return new Response(JSON.stringify(verified.body), {
+        status: verified.status,
+        headers: { "Content-Type": "application/json" }
+      });
+    }
+    const actualUsd = formatUsdCents(priceCents, decimals);
+    const settle = await processX402Settle({
+      x402Server: opts.x402Server,
+      payload: verified.payload,
+      resourceConfig: {
+        scheme: "exact",
+        network: verified.signedNetwork,
+        price: `$${actualUsd}`,
+        payTo: verified.signedPayTo,
+        maxTimeoutSeconds: 300
+      },
+      resourceMeta: {
+        url: req.url,
+        description: `Agent purchase via x402-exact (${opts.name})`,
+        mimeType: "application/json"
+      }
+    });
+    if (!settle.success) {
+      const detail = settle.error?.message ?? "unknown";
+      return new Response(
+        JSON.stringify({
+          id: referenceId,
+          endpoint: opts.name,
+          created_at: (/* @__PURE__ */ new Date()).toISOString(),
+          payment_status: "failed",
+          charged_usd: "0.00",
+          rail: `x402-base (${verified.signedNetwork})`,
+          error: {
+            code: "settle_failed",
+            message: "Facilitator rejected the exact settle; no on-chain capture occurred.",
+            detail
+          }
+        }),
+        { status: 502, headers: { "Content-Type": "application/json" } }
+      );
+    }
+    const signer = await extractPaymentSigner(req, readX402PaymentHeader(req));
+    const signerInfo = signer ? { address: signer.address, network: signer.network } : void 0;
+    const railLabel = `Base (${verified.signedNetwork})`;
+    if (opts.onSettled) {
+      try {
+        await opts.onSettled({
+          request: req,
+          rail: "x402",
+          cachedBody,
+          priceCents,
+          priceUsd: actualUsd,
+          recipients,
+          ...signerInfo ? { signer: signerInfo } : {}
+        });
+      } catch (err) {
+        console.warn(`[${opts.name}.computeFirst.onSettled] x402 side-effect failed:`, err instanceof Error ? err.message : err);
+      }
+    }
+    const buildBody = opts.buildSuccessBody ?? defaultSuccessBody(appUrl);
+    const body = buildBody({
+      referenceId,
+      endpoint: opts.name,
+      chargedUsd: actualUsd,
+      rail: railLabel,
+      ...signerInfo ? { signer: signerInfo } : {},
+      cachedBody
+    });
+    return new Response(JSON.stringify(body), { status: 200, headers: { "Content-Type": "application/json" } });
+  }
+  function mppRailLabel(method) {
+    const scheme = method?.split("/")[0];
+    if (scheme === "tempo") {
+      const networkName = opts.rails.tempo?.testnet ? "tempo-testnet" : opts.rails.tempo?.network ?? "tempo-mainnet";
+      return `Tempo (${networkName})`;
+    }
+    if (scheme === "solana") {
+      const networkName = opts.rails.solana_mpp?.network ?? "solana";
+      return `Solana (${networkName})`;
+    }
+    if (scheme === "stripe") return "Stripe (card+link)";
+    return "MPP";
+  }
+  async function handleMppSettle(req, referenceId, cachedBody, priceCents, recipients) {
+    if (!opts.composeMppx) {
+      return new Response(
+        JSON.stringify({
+          id: referenceId,
+          endpoint: opts.name,
+          created_at: (/* @__PURE__ */ new Date()).toISOString(),
+          payment_status: "failed",
+          charged_usd: "0.00",
+          error: { code: "mpp_unavailable", message: "MPP settle hook not configured on this endpoint." }
+        }),
+        { status: 503, headers: { "Content-Type": "application/json" } }
+      );
+    }
+    const priceUsd = formatUsdCents(priceCents, decimals);
+    const result = await opts.composeMppx({ request: req, cachedBody, priceCents, priceUsd, recipients });
+    if (result.status !== 200) {
+      const headers = result.headers ?? {};
+      return new Response(
+        JSON.stringify({
+          id: referenceId,
+          endpoint: opts.name,
+          created_at: (/* @__PURE__ */ new Date()).toISOString(),
+          payment_status: "failed",
+          charged_usd: "0.00",
+          error: { code: "mpp_settle_failed", message: "MPP compose did not return 200; credential rejected." }
+        }),
+        { status: 400, headers: { "Content-Type": "application/json", ...headers } }
+      );
+    }
+    const signer = result.signerAddress ? { address: result.signerAddress, network: result.signerNetwork ?? "evm" } : await extractPaymentSigner(req, readX402PaymentHeader(req)).then((s) => s ? { address: s.address, network: s.network } : void 0);
+    const method = await deriveMppxReceiptMethod(result.raw);
+    const railLabel = mppRailLabel(method);
+    if (opts.onSettled) {
+      try {
+        await opts.onSettled({
+          request: req,
+          rail: "mpp",
+          mppMethod: method,
+          cachedBody,
+          priceCents,
+          priceUsd,
+          recipients,
+          ...signer ? { signer } : {},
+          ...result.txHash ? { paymentIntentId: result.txHash } : {}
+        });
+      } catch (err) {
+        console.warn(`[${opts.name}.computeFirst.onSettled] MPP side-effect failed:`, err instanceof Error ? err.message : err);
+      }
+    }
+    const buildBody = opts.buildSuccessBody ?? defaultSuccessBody(appUrl);
+    const body = buildBody({
+      referenceId,
+      endpoint: opts.name,
+      chargedUsd: priceUsd,
+      rail: railLabel,
+      ...result.txHash ? { paymentIntentId: result.txHash } : {},
+      ...signer ? { signer } : {},
+      cachedBody
+    });
+    return new Response(JSON.stringify(body), { status: 200, headers: { "Content-Type": "application/json" } });
+  }
+  async function handle(req) {
+    const referenceId = `${opts.name}_${randomUUID2()}`;
+    let body;
+    try {
+      body = await req.clone().json();
+    } catch {
+      body = {};
+    }
+    try {
+      opts.validateInput?.(body);
+    } catch (err) {
+      if (err instanceof CheckoutValidationError) {
+        return new Response(
+          JSON.stringify({
+            error: { code: err.code, message: err.message },
+            ...err.action ? { next_steps: { action: err.action, user_message: err.message } } : {},
+            ...err.extra
+          }),
+          { status: err.status, headers: { "Content-Type": "application/json" } }
+        );
+      }
+      throw err;
+    }
+    const cacheKey2 = cache.bodyHashKey(opts.name, body);
+    if (hasX402Header(req.headers) || hasMppxHeader(req.headers)) {
+      const quote2 = await cache.read(cacheKey2);
+      if (!quote2) {
+        return new Response(
+          JSON.stringify({
+            id: referenceId,
+            endpoint: opts.name,
+            created_at: (/* @__PURE__ */ new Date()).toISOString(),
+            payment_status: "failed",
+            charged_usd: "0.00",
+            error: {
+              code: "stale_quote",
+              message: "No active quote for this request body. The quote may have expired or the body changed since the probe."
+            },
+            next_steps: {
+              action: "re_probe",
+              suggestion: "Send the same body without a payment header to get a fresh 402 quote, then retry with the payment credential."
+            }
+          }),
+          { status: 400, headers: { "Content-Type": "application/json" } }
+        );
+      }
+      if (hasX402Header(req.headers)) return handleX402Settle(req, referenceId, quote2.body, quote2.priceCents, quote2.recipients);
+      return handleMppSettle(req, referenceId, quote2.body, quote2.priceCents, quote2.recipients);
+    }
+    let quote = await cache.read(cacheKey2);
+    if (!quote) {
+      let outcome;
+      try {
+        outcome = await opts.runWork(body, { request: req });
+      } catch {
+        return new Response(
+          JSON.stringify({
+            id: referenceId,
+            endpoint: opts.name,
+            created_at: (/* @__PURE__ */ new Date()).toISOString(),
+            payment_status: "no_charge",
+            charged_usd: "0.00",
+            result: { matches: [], total: 0 },
+            error: {
+              code: "upstream_failed",
+              message: "The wrapped endpoint failed; no charge was applied."
+            }
+          }),
+          { status: 200, headers: { "Content-Type": "application/json" } }
+        );
+      }
+      if (outcome.resultCount === 0) {
+        return new Response(
+          JSON.stringify({
+            id: referenceId,
+            endpoint: opts.name,
+            created_at: (/* @__PURE__ */ new Date()).toISOString(),
+            payment_status: "no_charge",
+            charged_usd: "0.00",
+            result: outcome.body
+          }),
+          { status: 200, headers: { "Content-Type": "application/json" } }
+        );
+      }
+      const priceCents = opts.unitPriceCents * outcome.resultCount;
+      const recipients = await mintAndResolveRecipients(req, body, priceCents);
+      await cache.write(cacheKey2, outcome.body, priceCents, recipients);
+      quote = { body: outcome.body, priceCents, recipients };
+    }
+    return emit402(req, body, quote.priceCents, quote.recipients);
+  }
+  return {
+    handleWeb: handle,
+    async handleHono(c) {
+      return handle(c.req.raw);
+    }
+  };
+}
+function defaultSuccessBody(appUrl) {
+  return ({ referenceId, endpoint, chargedUsd, rail, paymentIntentId, signer, cachedBody }) => ({
+    id: referenceId,
+    endpoint,
+    created_at: (/* @__PURE__ */ new Date()).toISOString(),
+    payment_status: "completed",
+    charged_usd: chargedUsd,
+    rail,
+    ...paymentIntentId ? { payment_intent_id: paymentIntentId } : {},
+    ...signer ? { signer } : {},
+    result: cachedBody,
+    next_steps: buildSuccessNextSteps({ orderStatusUrl: `${appUrl}/health` }),
+    agent_memory: firstEncounterAgentMemory({ firstEncounter: true })
+  });
+}
+
+// src/identity/default_denied.ts
+function createDefaultOnDenied(opts) {
+  const supportContext = opts.supportContext ?? "Contact support if you believe this denial is in error.";
+  const paymentRequiredMessage = opts.paymentRequiredMessage ?? "AgentScore tier does not support assess. Contact support.";
+  const walletNotTrustedMessage = opts.walletNotTrustedMessage ?? `Identity check did not satisfy policy for ${opts.merchantName}.`;
+  return function defaultOnDenied(reason) {
+    if (reason.code === "wallet_signer_mismatch" || reason.code === "wallet_auth_requires_wallet_signing") {
+      const body = buildSignerMismatchBody({
+        result: {
+          kind: reason.code,
+          claimedOperator: reason.claimed_operator ?? null,
+          actualSignerOperator: reason.actual_signer_operator ?? null,
+          expectedSigner: reason.expected_signer ?? "",
+          actualSigner: reason.actual_signer ?? "",
+          linkedWallets: reason.linked_wallets ?? [],
+          agentInstructions: reason.agent_instructions ?? "",
+          claimedWallet: reason.expected_signer ?? ""
+        }
+      });
+      return { status: 403, body: body ?? denialReasonToBody(reason) };
+    }
+    if (reason.code === "wallet_not_trusted") {
+      return {
+        status: 403,
+        body: {
+          error: { code: "compliance_denied", message: walletNotTrustedMessage },
+          reasons: reason.reasons ?? [],
+          policy_result: reason.data?.policy_result,
+          verify_url: reason.verify_url,
+          next_steps: buildContactSupportNextSteps(opts.supportEmail, supportContext)
+        }
+      };
+    }
+    if (reason.code === "payment_required") {
+      return {
+        status: 403,
+        body: {
+          ...denialReasonToBody(reason),
+          error: { code: "compliance_error", message: paymentRequiredMessage }
+        }
+      };
+    }
+    const status = reason.code === "token_expired" || reason.code === "invalid_credential" ? 401 : reason.code === "api_error" ? 503 : 403;
+    return {
+      status,
+      body: denialReasonToBody(reason),
+      ...status >= 500 && { headers: { "Cache-Control": "no-store" } }
+    };
+  };
+}
+function defaultReadOnlyOnDenied(reason) {
+  const message = reason.code === "missing_identity" ? "X-Wallet-Address or X-Operator-Token header required" : "Invalid identity";
+  return {
+    status: 401,
+    body: {
+      ...denialReasonToBody(reason),
+      error: { code: "unauthorized", message }
+    },
+    headers: { "Cache-Control": "no-store" }
+  };
+}
 export {
+  A2A_DEFAULT_TRANSPORT,
+  A2A_PROTOCOL_VERSION,
   AGENTSCORE_UCP_CAPABILITY,
   Checkout,
   CheckoutValidationError,
@@ -23765,18 +24542,28 @@ export {
   buildA2AAgentCard,
   buildAgentMemoryHint,
   buildContactSupportNextSteps,
+  buildDefaultCheckoutRails,
   buildGateFromPolicy,
   buildJWKSResponse,
+  buildMppxComposeRails,
   buildSignerMismatchBody,
   buildUCPProfile,
+  computeFirstCheckout,
+  createDefaultOnDenied,
+  createQuoteCache,
+  defaultReadOnlyOnDenied,
   denialReasonStatus,
   denialReasonToBody,
+  extractOwnerScope,
   extractPaymentSigner,
   extractPaymentSignerFromAuth,
   extractSignerForPrecheck,
   formatUsdCents,
   generateUCPSigningKey,
   getIdentityStatus,
+  hasMppxHeader,
+  hasPaymentHeader,
+  hasX402Header,
   hashOperatorToken,
   isFixableDenial,
   loadSolanaFeePayer,