@agentcash/router 0.1.0 → 0.2.0

package/dist/index.cjs

@@ -35,12 +35,12 @@ var server_exports = {};
 __export(server_exports, {
   createX402Server: () => createX402Server
 });
-function createX402Server(config) {
-  const { x402ResourceServer, HTTPFacilitatorClient } = require("@x402/core/server");
-  const { registerExactEvmScheme } = require("@x402/evm/exact/server");
-  const { bazaarResourceServerExtension } = require("@x402/extensions/bazaar");
-  const { siwxResourceServerExtension } = require("@x402/extensions/sign-in-with-x");
-  const { facilitator: defaultFacilitator } = require("@coinbase/x402");
+async function createX402Server(config) {
+  const { x402ResourceServer, HTTPFacilitatorClient } = await import("@x402/core/server");
+  const { registerExactEvmScheme } = await import("@x402/evm/exact/server");
+  const { bazaarResourceServerExtension } = await import("@x402/extensions/bazaar");
+  const { siwxResourceServerExtension } = await import("@x402/extensions/sign-in-with-x");
+  const { facilitator: defaultFacilitator } = await import("@coinbase/x402");
   const facilitatorUrl = config.facilitatorUrl ?? defaultFacilitator;
   const client = new HTTPFacilitatorClient(facilitatorUrl);
   const server = new x402ResourceServer(client);
@@ -214,7 +214,7 @@ async function safeCallHandler(handler, ctx) {
     if (result instanceof Response) return result;
     return import_server.NextResponse.json(result);
   } catch (error) {
-    const status = error instanceof HttpError ? error.status : 500;
+    const status = error instanceof HttpError ? error.status : typeof error.status === "number" ? error.status : 500;
     const message = error instanceof Error ? error.message : "Internal error";
     return import_server.NextResponse.json({ success: false, error: message }, { status });
   }
@@ -288,8 +288,8 @@ function resolveMaxPrice(pricing) {
 }
 
 // src/protocols/x402.ts
-function buildX402Challenge(server, routeEntry, request, price, payeeAddress, network, extensions) {
-  const { encodePaymentRequiredHeader } = require("@x402/core/http");
+async function buildX402Challenge(server, routeEntry, request, price, payeeAddress, network, extensions) {
+  const { encodePaymentRequiredHeader } = await import("@x402/core/http");
   const options = {
     scheme: "exact",
     network,
@@ -314,7 +314,7 @@ function buildX402Challenge(server, routeEntry, request, price, payeeAddress, ne
   return { encoded, requirements };
 }
 async function verifyX402Payment(server, request, routeEntry, price, payeeAddress, network) {
-  const { decodePaymentSignatureHeader } = require("@x402/core/http");
+  const { decodePaymentSignatureHeader } = await import("@x402/core/http");
   const paymentHeader = request.headers.get("PAYMENT-SIGNATURE") ?? request.headers.get("X-PAYMENT");
   if (!paymentHeader) return null;
   const payload = decodePaymentSignatureHeader(paymentHeader);
@@ -340,7 +340,7 @@ async function verifyX402Payment(server, request, routeEntry, price, payeeAddres
   };
 }
 async function settleX402Payment(server, payload, requirements) {
-  const { encodePaymentResponseHeader } = require("@x402/core/http");
+  const { encodePaymentResponseHeader } = await import("@x402/core/http");
   const result = await server.settlePayment(payload, requirements);
   const encoded = encodePaymentResponseHeader(result);
   return { encoded, result };
@@ -352,22 +352,22 @@ var Challenge;
 var Credential;
 var Receipt;
 var tempo;
-function ensureMpay() {
+async function ensureMpay() {
   if (mpayLoaded) return;
   try {
-    const mpay = require("mpay");
+    const mpay = await import("mpay");
     Challenge = mpay.Challenge;
     Credential = mpay.Credential;
     Receipt = mpay.Receipt;
-    const mpayServer = require("mpay/server");
+    const mpayServer = await import("mpay/server");
     tempo = mpayServer.tempo;
     mpayLoaded = true;
   } catch {
     throw new Error("mpay package is required for MPP protocol support. Install it: pnpm add mpay");
   }
 }
-function buildMPPChallenge(routeEntry, request, mppConfig, price) {
-  ensureMpay();
+async function buildMPPChallenge(routeEntry, request, mppConfig, price) {
+  await ensureMpay();
   const intent = {
     amount: price,
     currency: mppConfig.currency,
@@ -381,7 +381,7 @@ function buildMPPChallenge(routeEntry, request, mppConfig, price) {
   return Challenge.serialize(challenge);
 }
 async function verifyMPPCredential(request, _routeEntry, mppConfig, price) {
-  ensureMpay();
+  await ensureMpay();
   const credential = Credential.fromRequest(request);
   if (!credential) return null;
   const isValid = Challenge.verify(credential, { secretKey: mppConfig.secretKey });
@@ -402,8 +402,8 @@ async function verifyMPPCredential(request, _routeEntry, mppConfig, price) {
     payer: verifyResult.payer
   };
 }
-function buildMPPReceipt(reference) {
-  ensureMpay();
+async function buildMPPReceipt(reference) {
+  await ensureMpay();
   const receipt = Receipt.from({
     method: "tempo",
     status: "success",
@@ -415,11 +415,7 @@ function buildMPPReceipt(reference) {
 
 // src/auth/siwx.ts
 async function verifySIWX(request, _routeEntry, nonceStore) {
-  const {
-    parseSIWxHeader,
-    validateSIWxMessage,
-    verifySIWxSignature
-  } = require("@x402/extensions/sign-in-with-x");
+  const { parseSIWxHeader, validateSIWxMessage, verifySIWxSignature } = await import("@x402/extensions/sign-in-with-x");
   const header = request.headers.get("SIGN-IN-WITH-X");
   if (!header) return { valid: false, wallet: null };
   const payload = parseSIWxHeader(header);
@@ -427,17 +423,17 @@ async function verifySIWX(request, _routeEntry, nonceStore) {
   const validation = await validateSIWxMessage(payload, uri, {
     checkNonce: (nonce) => nonceStore.check(nonce)
   });
-  if (!validation.isValid) {
+  if (!validation.valid) {
     return { valid: false, wallet: null };
   }
   const verified = await verifySIWxSignature(payload);
-  if (!verified?.isValid) {
+  if (!verified?.valid) {
     return { valid: false, wallet: null };
   }
   return { valid: true, wallet: verified.address };
 }
-function buildSIWXExtension() {
-  const { declareSIWxExtension } = require("@x402/extensions/sign-in-with-x");
+async function buildSIWXExtension() {
+  const { declareSIWxExtension } = await import("@x402/extensions/sign-in-with-x");
   return declareSIWxExtension();
 }
 
@@ -537,11 +533,51 @@ function createRequestHandler(routeEntry, handler, deps) {
     const protocol = detectProtocol(request);
     if (routeEntry.authMode === "siwx") {
       if (!request.headers.get("SIGN-IN-WITH-X")) {
-        const response = new import_server2.NextResponse(null, { status: 402 });
+        const url = new URL(request.url);
+        const nonce = crypto.randomUUID();
+        const siwxInfo = {
+          domain: url.hostname,
+          uri: request.url,
+          version: "1",
+          chainId: deps.network,
+          type: "eip191",
+          nonce,
+          issuedAt: (/* @__PURE__ */ new Date()).toISOString(),
+          expirationTime: new Date(Date.now() + 3e5).toISOString(),
+          statement: "Sign in to verify your wallet identity"
+        };
+        let siwxSchema;
         try {
-          if (buildSIWXExtension()) response.headers.set("X-SIWX-REQUIRED", "true");
+          siwxSchema = await buildSIWXExtension();
         } catch {
         }
+        const paymentRequired = {
+          x402Version: 2,
+          error: "SIWX authentication required",
+          resource: {
+            url: request.url,
+            description: routeEntry.description ?? "SIWX-protected endpoint",
+            mimeType: "application/json"
+          },
+          accepts: [],
+          extensions: {
+            "sign-in-with-x": {
+              info: siwxInfo,
+              ...siwxSchema ? { schema: siwxSchema } : {}
+            }
+          }
+        };
+        let encoded;
+        try {
+          const { encodePaymentRequiredHeader } = await import("@x402/core/http");
+          encoded = encodePaymentRequiredHeader(paymentRequired);
+        } catch {
+        }
+        const response = new import_server2.NextResponse(JSON.stringify(paymentRequired), {
+          status: 402,
+          headers: { "Content-Type": "application/json" }
+        });
+        if (encoded) response.headers.set("PAYMENT-REQUIRED", encoded);
         firePluginResponse(deps, pluginCtx, meta, response);
         return response;
       }
@@ -558,7 +594,7 @@ function createRequestHandler(routeEntry, handler, deps) {
       return handleAuth(siwx.wallet, void 0);
     }
     if (!protocol || protocol === "siwx") {
-      return build402(request, routeEntry, deps, meta, pluginCtx);
+      return await build402(request, routeEntry, deps, meta, pluginCtx);
     }
     const body = await parseBody(request, routeEntry);
     if (!body.ok) {
@@ -589,7 +625,7 @@ function createRequestHandler(routeEntry, handler, deps) {
         deps.payeeAddress,
         deps.network
       );
-      if (!verify?.valid) return build402(request, routeEntry, deps, meta, pluginCtx);
+      if (!verify?.valid) return await build402(request, routeEntry, deps, meta, pluginCtx);
       pluginCtx.setVerifiedWallet(verify.payer);
       firePluginHook(deps.plugin, "onPaymentVerified", pluginCtx, {
         protocol: "x402",
@@ -631,9 +667,9 @@ function createRequestHandler(routeEntry, handler, deps) {
       return response;
     }
     if (protocol === "mpp") {
-      if (!deps.mppConfig) return build402(request, routeEntry, deps, meta, pluginCtx);
+      if (!deps.mppConfig) return await build402(request, routeEntry, deps, meta, pluginCtx);
       const verify = await verifyMPPCredential(request, routeEntry, deps.mppConfig, price);
-      if (!verify?.valid) return build402(request, routeEntry, deps, meta, pluginCtx);
+      if (!verify?.valid) return await build402(request, routeEntry, deps, meta, pluginCtx);
       const wallet = verify.payer;
       pluginCtx.setVerifiedWallet(wallet);
       firePluginHook(deps.plugin, "onPaymentVerified", pluginCtx, {
@@ -652,14 +688,14 @@ function createRequestHandler(routeEntry, handler, deps) {
       );
       if (response.status < 400) {
         try {
-          response.headers.set("Payment-Receipt", buildMPPReceipt(crypto.randomUUID()));
+          response.headers.set("Payment-Receipt", await buildMPPReceipt(crypto.randomUUID()));
         } catch {
         }
       }
       finalize(response, rawResult, meta, pluginCtx);
       return response;
     }
-    return build402(request, routeEntry, deps, meta, pluginCtx);
+    return await build402(request, routeEntry, deps, meta, pluginCtx);
   };
 }
 async function parseBody(request, routeEntry) {
@@ -696,7 +732,7 @@ function parseQuery(request, routeEntry) {
   const result = routeEntry.querySchema.safeParse(params);
   return result.success ? result.data : params;
 }
-function build402(request, routeEntry, deps, meta, pluginCtx) {
+async function build402(request, routeEntry, deps, meta, pluginCtx) {
   const response = new import_server2.NextResponse(null, { status: 402 });
   let challengePrice;
   if (routeEntry.maxPrice) {
@@ -712,8 +748,8 @@ function build402(request, routeEntry, deps, meta, pluginCtx) {
   }
   let extensions;
   try {
-    const { z } = require("zod");
-    const { declareDiscoveryExtension } = require("@x402/extensions/bazaar");
+    const { z } = await import("zod");
+    const { declareDiscoveryExtension } = await import("@x402/extensions/bazaar");
     const inputSchema = routeEntry.bodySchema ? z.toJSONSchema(routeEntry.bodySchema, { target: "draft-2020-12" }) : routeEntry.querySchema ? z.toJSONSchema(routeEntry.querySchema, { target: "draft-2020-12" }) : void 0;
     const outputSchema = routeEntry.outputSchema ? z.toJSONSchema(routeEntry.outputSchema, { target: "draft-2020-12" }) : void 0;
     if (inputSchema) {
@@ -728,7 +764,7 @@ function build402(request, routeEntry, deps, meta, pluginCtx) {
   }
   if (routeEntry.protocols.includes("x402") && deps.x402Server) {
     try {
-      const { encoded } = buildX402Challenge(
+      const { encoded } = await buildX402Challenge(
         deps.x402Server,
         routeEntry,
         request,
@@ -745,7 +781,7 @@ function build402(request, routeEntry, deps, meta, pluginCtx) {
     try {
       response.headers.set(
         "WWW-Authenticate",
-        buildMPPChallenge(routeEntry, request, deps.mppConfig, challengePrice)
+        await buildMPPChallenge(routeEntry, request, deps.mppConfig, challengePrice)
       );
     } catch {
     }
@@ -932,6 +968,11 @@ var RouteBuilder = class {
     next._path = p;
     return next;
   }
+  method(m) {
+    const next = this.fork();
+    next._method = m;
+    return next;
+  }
   handler(fn) {
     const entry = {
       key: this._key,
@@ -980,12 +1021,12 @@ function createWellKnownHandler(registry, baseUrl, pricesKeys, options = {}) {
       registry.validate(pricesKeys);
       validated = true;
     }
-    const x402Resources = [];
-    const mppResources = [];
+    const x402Set = /* @__PURE__ */ new Set();
+    const mppSet = /* @__PURE__ */ new Set();
     for (const [key, entry] of registry.entries()) {
       const url = `${baseUrl}/api/${entry.path ?? key}`;
-      if (entry.protocols.includes("x402")) x402Resources.push(url);
-      if (entry.protocols.includes("mpp")) mppResources.push(url);
+      if (entry.authMode !== "unprotected") x402Set.add(url);
+      if (entry.protocols.includes("mpp")) mppSet.add(url);
     }
     let instructions;
     if (typeof options.instructions === "function") {
@@ -995,18 +1036,28 @@ function createWellKnownHandler(registry, baseUrl, pricesKeys, options = {}) {
     }
     const body = {
       version: 1,
-      resources: x402Resources
+      resources: Array.from(x402Set)
     };
+    const mppResources = Array.from(mppSet);
     if (mppResources.length > 0) {
       body.mppResources = mppResources;
     }
+    if (options.description) {
+      body.description = options.description;
+    }
     if (options.ownershipProofs) {
       body.ownershipProofs = options.ownershipProofs;
     }
     if (instructions) {
       body.instructions = instructions;
     }
-    return import_server3.NextResponse.json(body);
+    return import_server3.NextResponse.json(body, {
+      headers: {
+        "Access-Control-Allow-Origin": "*",
+        "Access-Control-Allow-Methods": "GET",
+        "Access-Control-Allow-Headers": "Content-Type"
+      }
+    });
   };
 }
 
@@ -1029,9 +1080,7 @@ function createOpenAPIHandler(registry, baseUrl, pricesKeys, options) {
       const method = entry.method.toLowerCase();
       const tag = deriveTag(key);
       tagSet.add(tag);
-      paths[apiPath] = {
-        [method]: buildOperation(key, entry, tag)
-      };
+      paths[apiPath] = { ...paths[apiPath], [method]: buildOperation(key, entry, tag) };
     }
     cached = createDocument({
       openapi: "3.1.0",
@@ -1122,16 +1171,17 @@ function createRouter(config) {
     network,
     mppConfig: config.mpp
   };
-  try {
-    const { createX402Server: createX402Server2 } = (init_server(), __toCommonJS(server_exports));
-    const result = createX402Server2(config);
-    deps.x402Server = result.server;
-    deps.initPromise = result.initPromise.catch((err) => {
+  deps.initPromise = (async () => {
+    try {
+      const { createX402Server: createX402Server2 } = await Promise.resolve().then(() => (init_server(), server_exports));
+      const result = await createX402Server2(config);
+      deps.x402Server = result.server;
+      await result.initPromise;
+    } catch (err) {
       deps.x402Server = null;
       deps.x402InitError = err instanceof Error ? err.message : String(err);
-    });
-  } catch {
-  }
+    }
+  })();
   const pricesKeys = config.prices ? Object.keys(config.prices) : void 0;
   return {
     route(key) {

package/dist/index.d.cts

@@ -142,7 +142,7 @@ interface RouteEntry {
     outputSchema?: ZodType;
     description?: string;
     path?: string;
-    method: 'GET' | 'POST';
+    method: 'GET' | 'POST' | 'DELETE' | 'PUT' | 'PATCH';
     maxPrice?: string;
     apiKeyResolver?: (key: string) => unknown | Promise<unknown>;
     providerName?: string;
@@ -175,6 +175,7 @@ declare class RouteRegistry {
 }
 
 interface WellKnownOptions {
+    description?: string;
     instructions?: string | (() => string | Promise<string>);
     ownershipProofs?: string[];
 }
@@ -220,7 +221,7 @@ declare class RouteBuilder<TBody = undefined, TQuery = undefined, HasAuth extend
     /** @internal */ _outputSchema: ZodType | undefined;
     /** @internal */ _description: string | undefined;
     /** @internal */ _path: string | undefined;
-    /** @internal */ _method: 'GET' | 'POST';
+    /** @internal */ _method: 'GET' | 'POST' | 'DELETE' | 'PUT' | 'PATCH';
     /** @internal */ _apiKeyResolver: ((key: string) => unknown | Promise<unknown>) | undefined;
     /** @internal */ _providerName: string | undefined;
     /** @internal */ _providerConfig: ProviderConfig | undefined;
@@ -247,6 +248,7 @@ declare class RouteBuilder<TBody = undefined, TQuery = undefined, HasAuth extend
     output(schema: ZodType): this;
     description(text: string): this;
     path(p: string): this;
+    method(m: 'GET' | 'POST' | 'DELETE' | 'PUT' | 'PATCH'): this;
     handler(this: RouteBuilder<TBody, TQuery, True, true, false>, fn: never): never;
     handler(this: RouteBuilder<TBody, TQuery, false, boolean, boolean>, fn: never): never;
     handler(this: RouteBuilder<TBody, TQuery, True, False, HasBody>, fn: (ctx: HandlerContext<TBody, TQuery>) => Promise<unknown>): (request: NextRequest) => Promise<Response>;

package/dist/index.d.ts

@@ -142,7 +142,7 @@ interface RouteEntry {
     outputSchema?: ZodType;
     description?: string;
     path?: string;
-    method: 'GET' | 'POST';
+    method: 'GET' | 'POST' | 'DELETE' | 'PUT' | 'PATCH';
     maxPrice?: string;
     apiKeyResolver?: (key: string) => unknown | Promise<unknown>;
     providerName?: string;
@@ -175,6 +175,7 @@ declare class RouteRegistry {
 }
 
 interface WellKnownOptions {
+    description?: string;
     instructions?: string | (() => string | Promise<string>);
     ownershipProofs?: string[];
 }
@@ -220,7 +221,7 @@ declare class RouteBuilder<TBody = undefined, TQuery = undefined, HasAuth extend
     /** @internal */ _outputSchema: ZodType | undefined;
     /** @internal */ _description: string | undefined;
     /** @internal */ _path: string | undefined;
-    /** @internal */ _method: 'GET' | 'POST';
+    /** @internal */ _method: 'GET' | 'POST' | 'DELETE' | 'PUT' | 'PATCH';
     /** @internal */ _apiKeyResolver: ((key: string) => unknown | Promise<unknown>) | undefined;
     /** @internal */ _providerName: string | undefined;
     /** @internal */ _providerConfig: ProviderConfig | undefined;
@@ -247,6 +248,7 @@ declare class RouteBuilder<TBody = undefined, TQuery = undefined, HasAuth extend
     output(schema: ZodType): this;
     description(text: string): this;
     path(p: string): this;
+    method(m: 'GET' | 'POST' | 'DELETE' | 'PUT' | 'PATCH'): this;
     handler(this: RouteBuilder<TBody, TQuery, True, true, false>, fn: never): never;
     handler(this: RouteBuilder<TBody, TQuery, false, boolean, boolean>, fn: never): never;
     handler(this: RouteBuilder<TBody, TQuery, True, False, HasBody>, fn: (ctx: HandlerContext<TBody, TQuery>) => Promise<unknown>): (request: NextRequest) => Promise<Response>;

package/dist/index.js

@@ -1,13 +1,5 @@
 var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
 var __esm = (fn, res) => function __init() {
   return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
 };
@@ -15,27 +7,18 @@ var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
 };
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/server.ts
 var server_exports = {};
 __export(server_exports, {
   createX402Server: () => createX402Server
 });
-function createX402Server(config) {
-  const { x402ResourceServer, HTTPFacilitatorClient } = __require("@x402/core/server");
-  const { registerExactEvmScheme } = __require("@x402/evm/exact/server");
-  const { bazaarResourceServerExtension } = __require("@x402/extensions/bazaar");
-  const { siwxResourceServerExtension } = __require("@x402/extensions/sign-in-with-x");
-  const { facilitator: defaultFacilitator } = __require("@coinbase/x402");
+async function createX402Server(config) {
+  const { x402ResourceServer, HTTPFacilitatorClient } = await import("@x402/core/server");
+  const { registerExactEvmScheme } = await import("@x402/evm/exact/server");
+  const { bazaarResourceServerExtension } = await import("@x402/extensions/bazaar");
+  const { siwxResourceServerExtension } = await import("@x402/extensions/sign-in-with-x");
+  const { facilitator: defaultFacilitator } = await import("@coinbase/x402");
   const facilitatorUrl = config.facilitatorUrl ?? defaultFacilitator;
   const client = new HTTPFacilitatorClient(facilitatorUrl);
   const server = new x402ResourceServer(client);
@@ -197,7 +180,7 @@ async function safeCallHandler(handler, ctx) {
     if (result instanceof Response) return result;
     return NextResponse.json(result);
   } catch (error) {
-    const status = error instanceof HttpError ? error.status : 500;
+    const status = error instanceof HttpError ? error.status : typeof error.status === "number" ? error.status : 500;
     const message = error instanceof Error ? error.message : "Internal error";
     return NextResponse.json({ success: false, error: message }, { status });
   }
@@ -271,8 +254,8 @@ function resolveMaxPrice(pricing) {
 }
 
 // src/protocols/x402.ts
-function buildX402Challenge(server, routeEntry, request, price, payeeAddress, network, extensions) {
-  const { encodePaymentRequiredHeader } = __require("@x402/core/http");
+async function buildX402Challenge(server, routeEntry, request, price, payeeAddress, network, extensions) {
+  const { encodePaymentRequiredHeader } = await import("@x402/core/http");
   const options = {
     scheme: "exact",
     network,
@@ -297,7 +280,7 @@ function buildX402Challenge(server, routeEntry, request, price, payeeAddress, ne
   return { encoded, requirements };
 }
 async function verifyX402Payment(server, request, routeEntry, price, payeeAddress, network) {
-  const { decodePaymentSignatureHeader } = __require("@x402/core/http");
+  const { decodePaymentSignatureHeader } = await import("@x402/core/http");
   const paymentHeader = request.headers.get("PAYMENT-SIGNATURE") ?? request.headers.get("X-PAYMENT");
   if (!paymentHeader) return null;
   const payload = decodePaymentSignatureHeader(paymentHeader);
@@ -323,7 +306,7 @@ async function verifyX402Payment(server, request, routeEntry, price, payeeAddres
   };
 }
 async function settleX402Payment(server, payload, requirements) {
-  const { encodePaymentResponseHeader } = __require("@x402/core/http");
+  const { encodePaymentResponseHeader } = await import("@x402/core/http");
   const result = await server.settlePayment(payload, requirements);
   const encoded = encodePaymentResponseHeader(result);
   return { encoded, result };
@@ -335,22 +318,22 @@ var Challenge;
 var Credential;
 var Receipt;
 var tempo;
-function ensureMpay() {
+async function ensureMpay() {
   if (mpayLoaded) return;
   try {
-    const mpay = __require("mpay");
+    const mpay = await import("mpay");
     Challenge = mpay.Challenge;
     Credential = mpay.Credential;
     Receipt = mpay.Receipt;
-    const mpayServer = __require("mpay/server");
+    const mpayServer = await import("mpay/server");
     tempo = mpayServer.tempo;
     mpayLoaded = true;
   } catch {
     throw new Error("mpay package is required for MPP protocol support. Install it: pnpm add mpay");
   }
 }
-function buildMPPChallenge(routeEntry, request, mppConfig, price) {
-  ensureMpay();
+async function buildMPPChallenge(routeEntry, request, mppConfig, price) {
+  await ensureMpay();
   const intent = {
     amount: price,
     currency: mppConfig.currency,
@@ -364,7 +347,7 @@ function buildMPPChallenge(routeEntry, request, mppConfig, price) {
   return Challenge.serialize(challenge);
 }
 async function verifyMPPCredential(request, _routeEntry, mppConfig, price) {
-  ensureMpay();
+  await ensureMpay();
   const credential = Credential.fromRequest(request);
   if (!credential) return null;
   const isValid = Challenge.verify(credential, { secretKey: mppConfig.secretKey });
@@ -385,8 +368,8 @@ async function verifyMPPCredential(request, _routeEntry, mppConfig, price) {
     payer: verifyResult.payer
   };
 }
-function buildMPPReceipt(reference) {
-  ensureMpay();
+async function buildMPPReceipt(reference) {
+  await ensureMpay();
   const receipt = Receipt.from({
     method: "tempo",
     status: "success",
@@ -398,11 +381,7 @@ function buildMPPReceipt(reference) {
 
 // src/auth/siwx.ts
 async function verifySIWX(request, _routeEntry, nonceStore) {
-  const {
-    parseSIWxHeader,
-    validateSIWxMessage,
-    verifySIWxSignature
-  } = __require("@x402/extensions/sign-in-with-x");
+  const { parseSIWxHeader, validateSIWxMessage, verifySIWxSignature } = await import("@x402/extensions/sign-in-with-x");
   const header = request.headers.get("SIGN-IN-WITH-X");
   if (!header) return { valid: false, wallet: null };
   const payload = parseSIWxHeader(header);
@@ -410,17 +389,17 @@ async function verifySIWX(request, _routeEntry, nonceStore) {
   const validation = await validateSIWxMessage(payload, uri, {
     checkNonce: (nonce) => nonceStore.check(nonce)
   });
-  if (!validation.isValid) {
+  if (!validation.valid) {
     return { valid: false, wallet: null };
   }
   const verified = await verifySIWxSignature(payload);
-  if (!verified?.isValid) {
+  if (!verified?.valid) {
     return { valid: false, wallet: null };
   }
   return { valid: true, wallet: verified.address };
 }
-function buildSIWXExtension() {
-  const { declareSIWxExtension } = __require("@x402/extensions/sign-in-with-x");
+async function buildSIWXExtension() {
+  const { declareSIWxExtension } = await import("@x402/extensions/sign-in-with-x");
   return declareSIWxExtension();
 }
 
@@ -520,11 +499,51 @@ function createRequestHandler(routeEntry, handler, deps) {
     const protocol = detectProtocol(request);
     if (routeEntry.authMode === "siwx") {
       if (!request.headers.get("SIGN-IN-WITH-X")) {
-        const response = new NextResponse2(null, { status: 402 });
+        const url = new URL(request.url);
+        const nonce = crypto.randomUUID();
+        const siwxInfo = {
+          domain: url.hostname,
+          uri: request.url,
+          version: "1",
+          chainId: deps.network,
+          type: "eip191",
+          nonce,
+          issuedAt: (/* @__PURE__ */ new Date()).toISOString(),
+          expirationTime: new Date(Date.now() + 3e5).toISOString(),
+          statement: "Sign in to verify your wallet identity"
+        };
+        let siwxSchema;
         try {
-          if (buildSIWXExtension()) response.headers.set("X-SIWX-REQUIRED", "true");
+          siwxSchema = await buildSIWXExtension();
         } catch {
         }
+        const paymentRequired = {
+          x402Version: 2,
+          error: "SIWX authentication required",
+          resource: {
+            url: request.url,
+            description: routeEntry.description ?? "SIWX-protected endpoint",
+            mimeType: "application/json"
+          },
+          accepts: [],
+          extensions: {
+            "sign-in-with-x": {
+              info: siwxInfo,
+              ...siwxSchema ? { schema: siwxSchema } : {}
+            }
+          }
+        };
+        let encoded;
+        try {
+          const { encodePaymentRequiredHeader } = await import("@x402/core/http");
+          encoded = encodePaymentRequiredHeader(paymentRequired);
+        } catch {
+        }
+        const response = new NextResponse2(JSON.stringify(paymentRequired), {
+          status: 402,
+          headers: { "Content-Type": "application/json" }
+        });
+        if (encoded) response.headers.set("PAYMENT-REQUIRED", encoded);
         firePluginResponse(deps, pluginCtx, meta, response);
         return response;
       }
@@ -541,7 +560,7 @@ function createRequestHandler(routeEntry, handler, deps) {
       return handleAuth(siwx.wallet, void 0);
     }
     if (!protocol || protocol === "siwx") {
-      return build402(request, routeEntry, deps, meta, pluginCtx);
+      return await build402(request, routeEntry, deps, meta, pluginCtx);
     }
     const body = await parseBody(request, routeEntry);
     if (!body.ok) {
@@ -572,7 +591,7 @@ function createRequestHandler(routeEntry, handler, deps) {
         deps.payeeAddress,
         deps.network
       );
-      if (!verify?.valid) return build402(request, routeEntry, deps, meta, pluginCtx);
+      if (!verify?.valid) return await build402(request, routeEntry, deps, meta, pluginCtx);
       pluginCtx.setVerifiedWallet(verify.payer);
       firePluginHook(deps.plugin, "onPaymentVerified", pluginCtx, {
         protocol: "x402",
@@ -614,9 +633,9 @@ function createRequestHandler(routeEntry, handler, deps) {
       return response;
     }
     if (protocol === "mpp") {
-      if (!deps.mppConfig) return build402(request, routeEntry, deps, meta, pluginCtx);
+      if (!deps.mppConfig) return await build402(request, routeEntry, deps, meta, pluginCtx);
       const verify = await verifyMPPCredential(request, routeEntry, deps.mppConfig, price);
-      if (!verify?.valid) return build402(request, routeEntry, deps, meta, pluginCtx);
+      if (!verify?.valid) return await build402(request, routeEntry, deps, meta, pluginCtx);
       const wallet = verify.payer;
       pluginCtx.setVerifiedWallet(wallet);
       firePluginHook(deps.plugin, "onPaymentVerified", pluginCtx, {
@@ -635,14 +654,14 @@ function createRequestHandler(routeEntry, handler, deps) {
       );
       if (response.status < 400) {
         try {
-          response.headers.set("Payment-Receipt", buildMPPReceipt(crypto.randomUUID()));
+          response.headers.set("Payment-Receipt", await buildMPPReceipt(crypto.randomUUID()));
         } catch {
         }
       }
       finalize(response, rawResult, meta, pluginCtx);
       return response;
     }
-    return build402(request, routeEntry, deps, meta, pluginCtx);
+    return await build402(request, routeEntry, deps, meta, pluginCtx);
   };
 }
 async function parseBody(request, routeEntry) {
@@ -679,7 +698,7 @@ function parseQuery(request, routeEntry) {
   const result = routeEntry.querySchema.safeParse(params);
   return result.success ? result.data : params;
 }
-function build402(request, routeEntry, deps, meta, pluginCtx) {
+async function build402(request, routeEntry, deps, meta, pluginCtx) {
   const response = new NextResponse2(null, { status: 402 });
   let challengePrice;
   if (routeEntry.maxPrice) {
@@ -695,8 +714,8 @@ function build402(request, routeEntry, deps, meta, pluginCtx) {
   }
   let extensions;
   try {
-    const { z } = __require("zod");
-    const { declareDiscoveryExtension } = __require("@x402/extensions/bazaar");
+    const { z } = await import("zod");
+    const { declareDiscoveryExtension } = await import("@x402/extensions/bazaar");
     const inputSchema = routeEntry.bodySchema ? z.toJSONSchema(routeEntry.bodySchema, { target: "draft-2020-12" }) : routeEntry.querySchema ? z.toJSONSchema(routeEntry.querySchema, { target: "draft-2020-12" }) : void 0;
     const outputSchema = routeEntry.outputSchema ? z.toJSONSchema(routeEntry.outputSchema, { target: "draft-2020-12" }) : void 0;
     if (inputSchema) {
@@ -711,7 +730,7 @@ function build402(request, routeEntry, deps, meta, pluginCtx) {
   }
   if (routeEntry.protocols.includes("x402") && deps.x402Server) {
     try {
-      const { encoded } = buildX402Challenge(
+      const { encoded } = await buildX402Challenge(
         deps.x402Server,
         routeEntry,
         request,
@@ -728,7 +747,7 @@ function build402(request, routeEntry, deps, meta, pluginCtx) {
     try {
       response.headers.set(
         "WWW-Authenticate",
-        buildMPPChallenge(routeEntry, request, deps.mppConfig, challengePrice)
+        await buildMPPChallenge(routeEntry, request, deps.mppConfig, challengePrice)
       );
     } catch {
     }
@@ -915,6 +934,11 @@ var RouteBuilder = class {
     next._path = p;
     return next;
   }
+  method(m) {
+    const next = this.fork();
+    next._method = m;
+    return next;
+  }
   handler(fn) {
     const entry = {
       key: this._key,
@@ -963,12 +987,12 @@ function createWellKnownHandler(registry, baseUrl, pricesKeys, options = {}) {
       registry.validate(pricesKeys);
       validated = true;
     }
-    const x402Resources = [];
-    const mppResources = [];
+    const x402Set = /* @__PURE__ */ new Set();
+    const mppSet = /* @__PURE__ */ new Set();
     for (const [key, entry] of registry.entries()) {
       const url = `${baseUrl}/api/${entry.path ?? key}`;
-      if (entry.protocols.includes("x402")) x402Resources.push(url);
-      if (entry.protocols.includes("mpp")) mppResources.push(url);
+      if (entry.authMode !== "unprotected") x402Set.add(url);
+      if (entry.protocols.includes("mpp")) mppSet.add(url);
     }
     let instructions;
     if (typeof options.instructions === "function") {
@@ -978,18 +1002,28 @@ function createWellKnownHandler(registry, baseUrl, pricesKeys, options = {}) {
     }
     const body = {
       version: 1,
-      resources: x402Resources
+      resources: Array.from(x402Set)
     };
+    const mppResources = Array.from(mppSet);
     if (mppResources.length > 0) {
       body.mppResources = mppResources;
     }
+    if (options.description) {
+      body.description = options.description;
+    }
     if (options.ownershipProofs) {
       body.ownershipProofs = options.ownershipProofs;
     }
     if (instructions) {
       body.instructions = instructions;
     }
-    return NextResponse3.json(body);
+    return NextResponse3.json(body, {
+      headers: {
+        "Access-Control-Allow-Origin": "*",
+        "Access-Control-Allow-Methods": "GET",
+        "Access-Control-Allow-Headers": "Content-Type"
+      }
+    });
   };
 }
 
@@ -1012,9 +1046,7 @@ function createOpenAPIHandler(registry, baseUrl, pricesKeys, options) {
       const method = entry.method.toLowerCase();
       const tag = deriveTag(key);
       tagSet.add(tag);
-      paths[apiPath] = {
-        [method]: buildOperation(key, entry, tag)
-      };
+      paths[apiPath] = { ...paths[apiPath], [method]: buildOperation(key, entry, tag) };
     }
     cached = createDocument({
       openapi: "3.1.0",
@@ -1105,16 +1137,17 @@ function createRouter(config) {
     network,
     mppConfig: config.mpp
   };
-  try {
-    const { createX402Server: createX402Server2 } = (init_server(), __toCommonJS(server_exports));
-    const result = createX402Server2(config);
-    deps.x402Server = result.server;
-    deps.initPromise = result.initPromise.catch((err) => {
+  deps.initPromise = (async () => {
+    try {
+      const { createX402Server: createX402Server2 } = await Promise.resolve().then(() => (init_server(), server_exports));
+      const result = await createX402Server2(config);
+      deps.x402Server = result.server;
+      await result.initPromise;
+    } catch (err) {
       deps.x402Server = null;
       deps.x402InitError = err instanceof Error ? err.message : String(err);
-    });
-  } catch {
-  }
+    }
+  })();
   const pricesKeys = config.prices ? Object.keys(config.prices) : void 0;
   return {
     route(key) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentcash/router",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Unified route builder for Next.js App Router APIs with x402, MPP, SIWX, and API key auth",
   "type": "module",
   "exports": {
@@ -21,6 +21,17 @@
   "files": [
     "dist"
   ],
+  "scripts": {
+    "build": "tsup",
+    "typecheck": "tsc --noEmit",
+    "lint": "eslint src/",
+    "lint:fix": "eslint src/ --fix",
+    "format": "prettier --write 'src/**/*.ts' 'tests/**/*.ts' '*.json' '*.mjs'",
+    "format:check": "prettier --check 'src/**/*.ts' 'tests/**/*.ts' '*.json' '*.mjs'",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "check": "pnpm format:check && pnpm lint && pnpm typecheck && pnpm build && pnpm test"
+  },
   "peerDependencies": {
     "@coinbase/x402": "^2.1.0",
     "@x402/core": "^2.3.0",
@@ -55,20 +66,10 @@
     "zod": "^4.0.0",
     "zod-openapi": "^5.0.0"
   },
+  "packageManager": "pnpm@10.28.0",
   "license": "MIT",
   "repository": {
     "type": "git",
     "url": "https://github.com/merit-systems/agentcash-router"
-  },
-  "scripts": {
-    "build": "tsup",
-    "typecheck": "tsc --noEmit",
-    "lint": "eslint src/",
-    "lint:fix": "eslint src/ --fix",
-    "format": "prettier --write 'src/**/*.ts' 'tests/**/*.ts' '*.json' '*.mjs'",
-    "format:check": "prettier --check 'src/**/*.ts' 'tests/**/*.ts' '*.json' '*.mjs'",
-    "test": "vitest run",
-    "test:watch": "vitest",
-    "check": "pnpm format:check && pnpm lint && pnpm typecheck && pnpm build && pnpm test"
   }
-}
+}