@agentcash/router 0.1.0 → 0.2.1

package/dist/index.cjs

@@ -35,14 +35,15 @@ var server_exports = {};
 __export(server_exports, {
   createX402Server: () => createX402Server
 });
-function createX402Server(config) {
-  const { x402ResourceServer, HTTPFacilitatorClient } = require("@x402/core/server");
-  const { registerExactEvmScheme } = require("@x402/evm/exact/server");
-  const { bazaarResourceServerExtension } = require("@x402/extensions/bazaar");
-  const { siwxResourceServerExtension } = require("@x402/extensions/sign-in-with-x");
-  const { facilitator: defaultFacilitator } = require("@coinbase/x402");
-  const facilitatorUrl = config.facilitatorUrl ?? defaultFacilitator;
-  const client = new HTTPFacilitatorClient(facilitatorUrl);
+async function createX402Server(config) {
+  const { x402ResourceServer, HTTPFacilitatorClient } = await import("@x402/core/server");
+  const { registerExactEvmScheme } = await import("@x402/evm/exact/server");
+  const { bazaarResourceServerExtension } = await import("@x402/extensions/bazaar");
+  const { siwxResourceServerExtension } = await import("@x402/extensions/sign-in-with-x");
+  const { facilitator: defaultFacilitator } = await import("@coinbase/x402");
+  const raw = config.facilitatorUrl ?? defaultFacilitator;
+  const facilitatorConfig = typeof raw === "string" ? { url: raw } : raw;
+  const client = new HTTPFacilitatorClient(facilitatorConfig);
   const server = new x402ResourceServer(client);
   registerExactEvmScheme(server);
   server.registerExtension(bazaarResourceServerExtension);
@@ -53,7 +54,7 @@ function createX402Server(config) {
 async function retryInit(server, maxAttempts = 3, backoff = [1e3, 2e3, 4e3]) {
   for (let attempt = 0; attempt < maxAttempts; attempt++) {
     try {
-      await server.init();
+      await server.initialize();
       return;
     } catch (err) {
       const is429 = err instanceof Error && (err.message.includes("429") || err.message.includes("rate limit"));
@@ -214,7 +215,7 @@ async function safeCallHandler(handler, ctx) {
     if (result instanceof Response) return result;
     return import_server.NextResponse.json(result);
   } catch (error) {
-    const status = error instanceof HttpError ? error.status : 500;
+    const status = error instanceof HttpError ? error.status : typeof error.status === "number" ? error.status : 500;
     const message = error instanceof Error ? error.message : "Internal error";
     return import_server.NextResponse.json({ success: false, error: message }, { status });
   }
@@ -288,8 +289,8 @@ function resolveMaxPrice(pricing) {
 }
 
 // src/protocols/x402.ts
-function buildX402Challenge(server, routeEntry, request, price, payeeAddress, network, extensions) {
-  const { encodePaymentRequiredHeader } = require("@x402/core/http");
+async function buildX402Challenge(server, routeEntry, request, price, payeeAddress, network, extensions) {
+  const { encodePaymentRequiredHeader } = await import("@x402/core/http");
   const options = {
     scheme: "exact",
     network,
@@ -301,10 +302,10 @@ function buildX402Challenge(server, routeEntry, request, price, payeeAddress, ne
     method: routeEntry.method,
     description: routeEntry.description
   };
-  const requirements = server.buildPaymentRequirementsFromOptions(options, {
+  const requirements = await server.buildPaymentRequirementsFromOptions([options], {
     request
   });
-  const paymentRequired = server.createPaymentRequiredResponse(
+  const paymentRequired = await server.createPaymentRequiredResponse(
     requirements,
     resource,
     null,
@@ -314,7 +315,7 @@ function buildX402Challenge(server, routeEntry, request, price, payeeAddress, ne
   return { encoded, requirements };
 }
 async function verifyX402Payment(server, request, routeEntry, price, payeeAddress, network) {
-  const { decodePaymentSignatureHeader } = require("@x402/core/http");
+  const { decodePaymentSignatureHeader } = await import("@x402/core/http");
   const paymentHeader = request.headers.get("PAYMENT-SIGNATURE") ?? request.headers.get("X-PAYMENT");
   if (!paymentHeader) return null;
   const payload = decodePaymentSignatureHeader(paymentHeader);
@@ -324,7 +325,7 @@ async function verifyX402Payment(server, request, routeEntry, price, payeeAddres
     price,
     payTo: payeeAddress
   };
-  const requirements = server.buildPaymentRequirementsFromOptions(options, {
+  const requirements = await server.buildPaymentRequirementsFromOptions([options], {
     request
   });
   const matching = server.findMatchingRequirements(requirements, payload);
@@ -340,7 +341,7 @@ async function verifyX402Payment(server, request, routeEntry, price, payeeAddres
   };
 }
 async function settleX402Payment(server, payload, requirements) {
-  const { encodePaymentResponseHeader } = require("@x402/core/http");
+  const { encodePaymentResponseHeader } = await import("@x402/core/http");
   const result = await server.settlePayment(payload, requirements);
   const encoded = encodePaymentResponseHeader(result);
   return { encoded, result };
@@ -352,28 +353,28 @@ var Challenge;
 var Credential;
 var Receipt;
 var tempo;
-function ensureMpay() {
+async function ensureMpay() {
   if (mpayLoaded) return;
   try {
-    const mpay = require("mpay");
+    const mpay = await import("mpay");
     Challenge = mpay.Challenge;
     Credential = mpay.Credential;
     Receipt = mpay.Receipt;
-    const mpayServer = require("mpay/server");
+    const mpayServer = await import("mpay/server");
     tempo = mpayServer.tempo;
     mpayLoaded = true;
   } catch {
     throw new Error("mpay package is required for MPP protocol support. Install it: pnpm add mpay");
   }
 }
-function buildMPPChallenge(routeEntry, request, mppConfig, price) {
-  ensureMpay();
-  const intent = {
+async function buildMPPChallenge(routeEntry, request, mppConfig, price) {
+  await ensureMpay();
+  const methodIntent = tempo.charge({
     amount: price,
     currency: mppConfig.currency,
     recipient: mppConfig.recipient ?? ""
-  };
-  const challenge = Challenge.fromIntent(intent, {
+  });
+  const challenge = Challenge.fromIntent(methodIntent, {
     secretKey: mppConfig.secretKey,
     realm: new URL(request.url).origin,
     request
@@ -381,10 +382,10 @@ function buildMPPChallenge(routeEntry, request, mppConfig, price) {
   return Challenge.serialize(challenge);
 }
 async function verifyMPPCredential(request, _routeEntry, mppConfig, price) {
-  ensureMpay();
+  await ensureMpay();
   const credential = Credential.fromRequest(request);
   if (!credential) return null;
-  const isValid = Challenge.verify(credential, { secretKey: mppConfig.secretKey });
+  const isValid = Challenge.verify(credential.challenge, { secretKey: mppConfig.secretKey });
   if (!isValid) {
     return { valid: false, payer: null };
   }
@@ -402,24 +403,20 @@ async function verifyMPPCredential(request, _routeEntry, mppConfig, price) {
     payer: verifyResult.payer
   };
 }
-function buildMPPReceipt(reference) {
-  ensureMpay();
+async function buildMPPReceipt(reference) {
+  await ensureMpay();
   const receipt = Receipt.from({
     method: "tempo",
     status: "success",
     reference,
-    timestamp: Date.now()
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
   });
   return Receipt.serialize(receipt);
 }
 
 // src/auth/siwx.ts
 async function verifySIWX(request, _routeEntry, nonceStore) {
-  const {
-    parseSIWxHeader,
-    validateSIWxMessage,
-    verifySIWxSignature
-  } = require("@x402/extensions/sign-in-with-x");
+  const { parseSIWxHeader, validateSIWxMessage, verifySIWxSignature } = await import("@x402/extensions/sign-in-with-x");
   const header = request.headers.get("SIGN-IN-WITH-X");
   if (!header) return { valid: false, wallet: null };
   const payload = parseSIWxHeader(header);
@@ -427,17 +424,17 @@ async function verifySIWX(request, _routeEntry, nonceStore) {
   const validation = await validateSIWxMessage(payload, uri, {
     checkNonce: (nonce) => nonceStore.check(nonce)
   });
-  if (!validation.isValid) {
+  if (!validation.valid) {
     return { valid: false, wallet: null };
   }
   const verified = await verifySIWxSignature(payload);
-  if (!verified?.isValid) {
+  if (!verified?.valid) {
     return { valid: false, wallet: null };
   }
   return { valid: true, wallet: verified.address };
 }
-function buildSIWXExtension() {
-  const { declareSIWxExtension } = require("@x402/extensions/sign-in-with-x");
+async function buildSIWXExtension() {
+  const { declareSIWxExtension } = await import("@x402/extensions/sign-in-with-x");
   return declareSIWxExtension();
 }
 
@@ -537,11 +534,56 @@ function createRequestHandler(routeEntry, handler, deps) {
     const protocol = detectProtocol(request);
     if (routeEntry.authMode === "siwx") {
       if (!request.headers.get("SIGN-IN-WITH-X")) {
-        const response = new import_server2.NextResponse(null, { status: 402 });
+        const url = new URL(request.url);
+        const nonce = crypto.randomUUID();
+        const siwxInfo = {
+          domain: url.hostname,
+          uri: request.url,
+          version: "1",
+          chainId: deps.network,
+          type: "eip191",
+          nonce,
+          issuedAt: (/* @__PURE__ */ new Date()).toISOString(),
+          expirationTime: new Date(Date.now() + 3e5).toISOString(),
+          statement: "Sign in to verify your wallet identity"
+        };
+        let siwxSchema;
         try {
-          if (buildSIWXExtension()) response.headers.set("X-SIWX-REQUIRED", "true");
+          siwxSchema = await buildSIWXExtension();
         } catch {
         }
+        const paymentRequired = {
+          x402Version: 2,
+          error: "SIWX authentication required",
+          resource: {
+            url: request.url,
+            description: routeEntry.description ?? "SIWX-protected endpoint",
+            mimeType: "application/json"
+          },
+          accepts: [],
+          extensions: {
+            "sign-in-with-x": {
+              info: siwxInfo,
+              ...siwxSchema ? { schema: siwxSchema } : {}
+            }
+          }
+        };
+        let encoded;
+        try {
+          const { encodePaymentRequiredHeader } = await import("@x402/core/http");
+          encoded = encodePaymentRequiredHeader(paymentRequired);
+        } catch (err) {
+          firePluginHook(deps.plugin, "onAlert", pluginCtx, {
+            level: "warn",
+            message: `SIWX challenge header encoding failed: ${err instanceof Error ? err.message : String(err)}`,
+            route: routeEntry.key
+          });
+        }
+        const response = new import_server2.NextResponse(JSON.stringify(paymentRequired), {
+          status: 402,
+          headers: { "Content-Type": "application/json" }
+        });
+        if (encoded) response.headers.set("PAYMENT-REQUIRED", encoded);
         firePluginResponse(deps, pluginCtx, meta, response);
         return response;
       }
@@ -558,7 +600,7 @@ function createRequestHandler(routeEntry, handler, deps) {
       return handleAuth(siwx.wallet, void 0);
     }
     if (!protocol || protocol === "siwx") {
-      return build402(request, routeEntry, deps, meta, pluginCtx);
+      return await build402(request, routeEntry, deps, meta, pluginCtx);
     }
     const body = await parseBody(request, routeEntry);
     if (!body.ok) {
@@ -589,7 +631,7 @@ function createRequestHandler(routeEntry, handler, deps) {
         deps.payeeAddress,
         deps.network
       );
-      if (!verify?.valid) return build402(request, routeEntry, deps, meta, pluginCtx);
+      if (!verify?.valid) return await build402(request, routeEntry, deps, meta, pluginCtx);
       pluginCtx.setVerifiedWallet(verify.payer);
       firePluginHook(deps.plugin, "onPaymentVerified", pluginCtx, {
         protocol: "x402",
@@ -631,9 +673,9 @@ function createRequestHandler(routeEntry, handler, deps) {
       return response;
     }
     if (protocol === "mpp") {
-      if (!deps.mppConfig) return build402(request, routeEntry, deps, meta, pluginCtx);
+      if (!deps.mppConfig) return await build402(request, routeEntry, deps, meta, pluginCtx);
       const verify = await verifyMPPCredential(request, routeEntry, deps.mppConfig, price);
-      if (!verify?.valid) return build402(request, routeEntry, deps, meta, pluginCtx);
+      if (!verify?.valid) return await build402(request, routeEntry, deps, meta, pluginCtx);
       const wallet = verify.payer;
       pluginCtx.setVerifiedWallet(wallet);
       firePluginHook(deps.plugin, "onPaymentVerified", pluginCtx, {
@@ -652,14 +694,14 @@ function createRequestHandler(routeEntry, handler, deps) {
       );
       if (response.status < 400) {
         try {
-          response.headers.set("Payment-Receipt", buildMPPReceipt(crypto.randomUUID()));
+          response.headers.set("Payment-Receipt", await buildMPPReceipt(crypto.randomUUID()));
         } catch {
         }
       }
       finalize(response, rawResult, meta, pluginCtx);
       return response;
     }
-    return build402(request, routeEntry, deps, meta, pluginCtx);
+    return await build402(request, routeEntry, deps, meta, pluginCtx);
   };
 }
 async function parseBody(request, routeEntry) {
@@ -696,7 +738,7 @@ function parseQuery(request, routeEntry) {
   const result = routeEntry.querySchema.safeParse(params);
   return result.success ? result.data : params;
 }
-function build402(request, routeEntry, deps, meta, pluginCtx) {
+async function build402(request, routeEntry, deps, meta, pluginCtx) {
   const response = new import_server2.NextResponse(null, { status: 402 });
   let challengePrice;
   if (routeEntry.maxPrice) {
@@ -712,8 +754,8 @@ function build402(request, routeEntry, deps, meta, pluginCtx) {
   }
   let extensions;
   try {
-    const { z } = require("zod");
-    const { declareDiscoveryExtension } = require("@x402/extensions/bazaar");
+    const { z } = await import("zod");
+    const { declareDiscoveryExtension } = await import("@x402/extensions/bazaar");
     const inputSchema = routeEntry.bodySchema ? z.toJSONSchema(routeEntry.bodySchema, { target: "draft-2020-12" }) : routeEntry.querySchema ? z.toJSONSchema(routeEntry.querySchema, { target: "draft-2020-12" }) : void 0;
     const outputSchema = routeEntry.outputSchema ? z.toJSONSchema(routeEntry.outputSchema, { target: "draft-2020-12" }) : void 0;
     if (inputSchema) {
@@ -728,7 +770,7 @@ function build402(request, routeEntry, deps, meta, pluginCtx) {
   }
   if (routeEntry.protocols.includes("x402") && deps.x402Server) {
     try {
-      const { encoded } = buildX402Challenge(
+      const { encoded } = await buildX402Challenge(
         deps.x402Server,
         routeEntry,
         request,
@@ -738,16 +780,26 @@ function build402(request, routeEntry, deps, meta, pluginCtx) {
         extensions
       );
       response.headers.set("PAYMENT-REQUIRED", encoded);
-    } catch {
+    } catch (err) {
+      firePluginHook(deps.plugin, "onAlert", pluginCtx, {
+        level: "critical",
+        message: `x402 challenge build failed: ${err instanceof Error ? err.message : String(err)}`,
+        route: routeEntry.key
+      });
     }
   }
   if (routeEntry.protocols.includes("mpp") && deps.mppConfig) {
     try {
       response.headers.set(
         "WWW-Authenticate",
-        buildMPPChallenge(routeEntry, request, deps.mppConfig, challengePrice)
+        await buildMPPChallenge(routeEntry, request, deps.mppConfig, challengePrice)
       );
-    } catch {
+    } catch (err) {
+      firePluginHook(deps.plugin, "onAlert", pluginCtx, {
+        level: "critical",
+        message: `MPP challenge build failed: ${err instanceof Error ? err.message : String(err)}`,
+        route: routeEntry.key
+      });
     }
   }
   firePluginResponse(deps, pluginCtx, meta, response);
@@ -932,6 +984,11 @@ var RouteBuilder = class {
     next._path = p;
     return next;
   }
+  method(m) {
+    const next = this.fork();
+    next._method = m;
+    return next;
+  }
   handler(fn) {
     const entry = {
       key: this._key,
@@ -980,12 +1037,12 @@ function createWellKnownHandler(registry, baseUrl, pricesKeys, options = {}) {
       registry.validate(pricesKeys);
       validated = true;
     }
-    const x402Resources = [];
-    const mppResources = [];
+    const x402Set = /* @__PURE__ */ new Set();
+    const mppSet = /* @__PURE__ */ new Set();
     for (const [key, entry] of registry.entries()) {
       const url = `${baseUrl}/api/${entry.path ?? key}`;
-      if (entry.protocols.includes("x402")) x402Resources.push(url);
-      if (entry.protocols.includes("mpp")) mppResources.push(url);
+      if (entry.authMode !== "unprotected") x402Set.add(url);
+      if (entry.protocols.includes("mpp")) mppSet.add(url);
     }
     let instructions;
     if (typeof options.instructions === "function") {
@@ -995,18 +1052,28 @@ function createWellKnownHandler(registry, baseUrl, pricesKeys, options = {}) {
     }
     const body = {
       version: 1,
-      resources: x402Resources
+      resources: Array.from(x402Set)
     };
+    const mppResources = Array.from(mppSet);
     if (mppResources.length > 0) {
       body.mppResources = mppResources;
     }
+    if (options.description) {
+      body.description = options.description;
+    }
     if (options.ownershipProofs) {
       body.ownershipProofs = options.ownershipProofs;
     }
     if (instructions) {
       body.instructions = instructions;
     }
-    return import_server3.NextResponse.json(body);
+    return import_server3.NextResponse.json(body, {
+      headers: {
+        "Access-Control-Allow-Origin": "*",
+        "Access-Control-Allow-Methods": "GET",
+        "Access-Control-Allow-Headers": "Content-Type"
+      }
+    });
   };
 }
 
@@ -1029,9 +1096,7 @@ function createOpenAPIHandler(registry, baseUrl, pricesKeys, options) {
       const method = entry.method.toLowerCase();
       const tag = deriveTag(key);
       tagSet.add(tag);
-      paths[apiPath] = {
-        [method]: buildOperation(key, entry, tag)
-      };
+      paths[apiPath] = { ...paths[apiPath], [method]: buildOperation(key, entry, tag) };
     }
     cached = createDocument({
       openapi: "3.1.0",
@@ -1109,7 +1174,11 @@ function createRouter(config) {
   const baseUrl = typeof globalThis.process !== "undefined" ? process.env.NEXT_PUBLIC_BASE_URL ?? "http://localhost:3000" : "http://localhost:3000";
   if (config.plugin?.init) {
     try {
-      config.plugin.init({ origin: baseUrl });
+      const result = config.plugin.init({ origin: baseUrl });
+      if (result && typeof result.catch === "function") {
+        result.catch(() => {
+        });
+      }
     } catch {
     }
   }
@@ -1122,16 +1191,17 @@ function createRouter(config) {
     network,
     mppConfig: config.mpp
   };
-  try {
-    const { createX402Server: createX402Server2 } = (init_server(), __toCommonJS(server_exports));
-    const result = createX402Server2(config);
-    deps.x402Server = result.server;
-    deps.initPromise = result.initPromise.catch((err) => {
+  deps.initPromise = (async () => {
+    try {
+      const { createX402Server: createX402Server2 } = await Promise.resolve().then(() => (init_server(), server_exports));
+      const result = await createX402Server2(config);
+      deps.x402Server = result.server;
+      await result.initPromise;
+    } catch (err) {
       deps.x402Server = null;
       deps.x402InitError = err instanceof Error ? err.message : String(err);
-    });
-  } catch {
-  }
+    }
+  })();
   const pricesKeys = config.prices ? Object.keys(config.prices) : void 0;
   return {
     route(key) {

package/dist/index.d.cts

@@ -82,6 +82,28 @@ interface AlertEvent {
     meta?: Record<string, unknown>;
 }
 type AlertFn = (level: AlertLevel, message: string, meta?: Record<string, unknown>) => void;
+interface X402Server {
+    initialize(): Promise<void>;
+    buildPaymentRequirementsFromOptions(options: Array<{
+        scheme: string;
+        network: string;
+        price: string;
+        payTo: string;
+    }>, context: {
+        request: Request;
+    }): Promise<unknown[]>;
+    createPaymentRequiredResponse(requirements: unknown[], resource: {
+        url: string;
+        method: string;
+        description?: string;
+    }, error: string | null, extensions?: Record<string, unknown>): Promise<unknown>;
+    findMatchingRequirements(requirements: unknown[], payload: unknown): unknown;
+    verifyPayment(payload: unknown, requirements: unknown): Promise<{
+        isValid: boolean;
+        payer?: string;
+    }>;
+    settlePayment(payload: unknown, requirements: unknown): Promise<unknown>;
+}
 type ProtocolType = 'x402' | 'mpp';
 type AuthMode = 'paid' | 'siwx' | 'apiKey' | 'unprotected';
 interface TierConfig {
@@ -142,7 +164,7 @@ interface RouteEntry {
     outputSchema?: ZodType;
     description?: string;
     path?: string;
-    method: 'GET' | 'POST';
+    method: 'GET' | 'POST' | 'DELETE' | 'PUT' | 'PATCH';
     maxPrice?: string;
     apiKeyResolver?: (key: string) => unknown | Promise<unknown>;
     providerName?: string;
@@ -175,6 +197,7 @@ declare class RouteRegistry {
 }
 
 interface WellKnownOptions {
+    description?: string;
     instructions?: string | (() => string | Promise<string>);
     ownershipProofs?: string[];
 }
@@ -191,7 +214,7 @@ interface OpenAPIOptions {
 }
 
 interface OrchestrateDeps {
-    x402Server: Record<string, Function> | null;
+    x402Server: X402Server | null;
     initPromise: Promise<void>;
     x402InitError?: string;
     plugin?: RouterPlugin;
@@ -220,7 +243,7 @@ declare class RouteBuilder<TBody = undefined, TQuery = undefined, HasAuth extend
     /** @internal */ _outputSchema: ZodType | undefined;
     /** @internal */ _description: string | undefined;
     /** @internal */ _path: string | undefined;
-    /** @internal */ _method: 'GET' | 'POST';
+    /** @internal */ _method: 'GET' | 'POST' | 'DELETE' | 'PUT' | 'PATCH';
     /** @internal */ _apiKeyResolver: ((key: string) => unknown | Promise<unknown>) | undefined;
     /** @internal */ _providerName: string | undefined;
     /** @internal */ _providerConfig: ProviderConfig | undefined;
@@ -247,6 +270,7 @@ declare class RouteBuilder<TBody = undefined, TQuery = undefined, HasAuth extend
     output(schema: ZodType): this;
     description(text: string): this;
     path(p: string): this;
+    method(m: 'GET' | 'POST' | 'DELETE' | 'PUT' | 'PATCH'): this;
     handler(this: RouteBuilder<TBody, TQuery, True, true, false>, fn: never): never;
     handler(this: RouteBuilder<TBody, TQuery, false, boolean, boolean>, fn: never): never;
     handler(this: RouteBuilder<TBody, TQuery, True, False, HasBody>, fn: (ctx: HandlerContext<TBody, TQuery>) => Promise<unknown>): (request: NextRequest) => Promise<Response>;
@@ -270,4 +294,4 @@ interface ServiceRouter {
 }
 declare function createRouter(config: RouterConfig): ServiceRouter;
 
-export { type AlertEvent, type AlertFn, type AlertLevel, type AuthMode, type ErrorEvent, type HandlerContext, HttpError, MemoryNonceStore, type MonitorEntry, type NonceStore, type OveragePolicy, type PaidOptions, type PaymentEvent, type PluginContext, type PricingConfig, type ProtocolType, type ProviderConfig, type ProviderQuotaEvent, type QuotaInfo, type QuotaLevel, type RequestMeta, type ResponseMeta, RouteBuilder, type RouteEntry, RouteRegistry, type RouterConfig, type RouterPlugin, type ServiceRouter, type SettlementEvent, type TierConfig, consolePlugin, createRouter };
+export { type AlertEvent, type AlertFn, type AlertLevel, type AuthMode, type ErrorEvent, type HandlerContext, HttpError, MemoryNonceStore, type MonitorEntry, type NonceStore, type OveragePolicy, type PaidOptions, type PaymentEvent, type PluginContext, type PricingConfig, type ProtocolType, type ProviderConfig, type ProviderQuotaEvent, type QuotaInfo, type QuotaLevel, type RequestMeta, type ResponseMeta, RouteBuilder, type RouteEntry, RouteRegistry, type RouterConfig, type RouterPlugin, type ServiceRouter, type SettlementEvent, type TierConfig, type X402Server, consolePlugin, createRouter };

package/dist/index.d.ts

@@ -82,6 +82,28 @@ interface AlertEvent {
     meta?: Record<string, unknown>;
 }
 type AlertFn = (level: AlertLevel, message: string, meta?: Record<string, unknown>) => void;
+interface X402Server {
+    initialize(): Promise<void>;
+    buildPaymentRequirementsFromOptions(options: Array<{
+        scheme: string;
+        network: string;
+        price: string;
+        payTo: string;
+    }>, context: {
+        request: Request;
+    }): Promise<unknown[]>;
+    createPaymentRequiredResponse(requirements: unknown[], resource: {
+        url: string;
+        method: string;
+        description?: string;
+    }, error: string | null, extensions?: Record<string, unknown>): Promise<unknown>;
+    findMatchingRequirements(requirements: unknown[], payload: unknown): unknown;
+    verifyPayment(payload: unknown, requirements: unknown): Promise<{
+        isValid: boolean;
+        payer?: string;
+    }>;
+    settlePayment(payload: unknown, requirements: unknown): Promise<unknown>;
+}
 type ProtocolType = 'x402' | 'mpp';
 type AuthMode = 'paid' | 'siwx' | 'apiKey' | 'unprotected';
 interface TierConfig {
@@ -142,7 +164,7 @@ interface RouteEntry {
     outputSchema?: ZodType;
     description?: string;
     path?: string;
-    method: 'GET' | 'POST';
+    method: 'GET' | 'POST' | 'DELETE' | 'PUT' | 'PATCH';
     maxPrice?: string;
     apiKeyResolver?: (key: string) => unknown | Promise<unknown>;
     providerName?: string;
@@ -175,6 +197,7 @@ declare class RouteRegistry {
 }
 
 interface WellKnownOptions {
+    description?: string;
     instructions?: string | (() => string | Promise<string>);
     ownershipProofs?: string[];
 }
@@ -191,7 +214,7 @@ interface OpenAPIOptions {
 }
 
 interface OrchestrateDeps {
-    x402Server: Record<string, Function> | null;
+    x402Server: X402Server | null;
     initPromise: Promise<void>;
     x402InitError?: string;
     plugin?: RouterPlugin;
@@ -220,7 +243,7 @@ declare class RouteBuilder<TBody = undefined, TQuery = undefined, HasAuth extend
     /** @internal */ _outputSchema: ZodType | undefined;
     /** @internal */ _description: string | undefined;
     /** @internal */ _path: string | undefined;
-    /** @internal */ _method: 'GET' | 'POST';
+    /** @internal */ _method: 'GET' | 'POST' | 'DELETE' | 'PUT' | 'PATCH';
     /** @internal */ _apiKeyResolver: ((key: string) => unknown | Promise<unknown>) | undefined;
     /** @internal */ _providerName: string | undefined;
     /** @internal */ _providerConfig: ProviderConfig | undefined;
@@ -247,6 +270,7 @@ declare class RouteBuilder<TBody = undefined, TQuery = undefined, HasAuth extend
     output(schema: ZodType): this;
     description(text: string): this;
     path(p: string): this;
+    method(m: 'GET' | 'POST' | 'DELETE' | 'PUT' | 'PATCH'): this;
     handler(this: RouteBuilder<TBody, TQuery, True, true, false>, fn: never): never;
     handler(this: RouteBuilder<TBody, TQuery, false, boolean, boolean>, fn: never): never;
     handler(this: RouteBuilder<TBody, TQuery, True, False, HasBody>, fn: (ctx: HandlerContext<TBody, TQuery>) => Promise<unknown>): (request: NextRequest) => Promise<Response>;
@@ -270,4 +294,4 @@ interface ServiceRouter {
 }
 declare function createRouter(config: RouterConfig): ServiceRouter;
 
-export { type AlertEvent, type AlertFn, type AlertLevel, type AuthMode, type ErrorEvent, type HandlerContext, HttpError, MemoryNonceStore, type MonitorEntry, type NonceStore, type OveragePolicy, type PaidOptions, type PaymentEvent, type PluginContext, type PricingConfig, type ProtocolType, type ProviderConfig, type ProviderQuotaEvent, type QuotaInfo, type QuotaLevel, type RequestMeta, type ResponseMeta, RouteBuilder, type RouteEntry, RouteRegistry, type RouterConfig, type RouterPlugin, type ServiceRouter, type SettlementEvent, type TierConfig, consolePlugin, createRouter };
+export { type AlertEvent, type AlertFn, type AlertLevel, type AuthMode, type ErrorEvent, type HandlerContext, HttpError, MemoryNonceStore, type MonitorEntry, type NonceStore, type OveragePolicy, type PaidOptions, type PaymentEvent, type PluginContext, type PricingConfig, type ProtocolType, type ProviderConfig, type ProviderQuotaEvent, type QuotaInfo, type QuotaLevel, type RequestMeta, type ResponseMeta, RouteBuilder, type RouteEntry, RouteRegistry, type RouterConfig, type RouterPlugin, type ServiceRouter, type SettlementEvent, type TierConfig, type X402Server, consolePlugin, createRouter };

package/dist/index.js

@@ -1,13 +1,5 @@
 var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
 var __esm = (fn, res) => function __init() {
   return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
 };
@@ -15,29 +7,21 @@ var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
 };
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/server.ts
 var server_exports = {};
 __export(server_exports, {
   createX402Server: () => createX402Server
 });
-function createX402Server(config) {
-  const { x402ResourceServer, HTTPFacilitatorClient } = __require("@x402/core/server");
-  const { registerExactEvmScheme } = __require("@x402/evm/exact/server");
-  const { bazaarResourceServerExtension } = __require("@x402/extensions/bazaar");
-  const { siwxResourceServerExtension } = __require("@x402/extensions/sign-in-with-x");
-  const { facilitator: defaultFacilitator } = __require("@coinbase/x402");
-  const facilitatorUrl = config.facilitatorUrl ?? defaultFacilitator;
-  const client = new HTTPFacilitatorClient(facilitatorUrl);
+async function createX402Server(config) {
+  const { x402ResourceServer, HTTPFacilitatorClient } = await import("@x402/core/server");
+  const { registerExactEvmScheme } = await import("@x402/evm/exact/server");
+  const { bazaarResourceServerExtension } = await import("@x402/extensions/bazaar");
+  const { siwxResourceServerExtension } = await import("@x402/extensions/sign-in-with-x");
+  const { facilitator: defaultFacilitator } = await import("@coinbase/x402");
+  const raw = config.facilitatorUrl ?? defaultFacilitator;
+  const facilitatorConfig = typeof raw === "string" ? { url: raw } : raw;
+  const client = new HTTPFacilitatorClient(facilitatorConfig);
   const server = new x402ResourceServer(client);
   registerExactEvmScheme(server);
   server.registerExtension(bazaarResourceServerExtension);
@@ -48,7 +32,7 @@ function createX402Server(config) {
 async function retryInit(server, maxAttempts = 3, backoff = [1e3, 2e3, 4e3]) {
   for (let attempt = 0; attempt < maxAttempts; attempt++) {
     try {
-      await server.init();
+      await server.initialize();
       return;
     } catch (err) {
       const is429 = err instanceof Error && (err.message.includes("429") || err.message.includes("rate limit"));
@@ -197,7 +181,7 @@ async function safeCallHandler(handler, ctx) {
     if (result instanceof Response) return result;
     return NextResponse.json(result);
   } catch (error) {
-    const status = error instanceof HttpError ? error.status : 500;
+    const status = error instanceof HttpError ? error.status : typeof error.status === "number" ? error.status : 500;
     const message = error instanceof Error ? error.message : "Internal error";
     return NextResponse.json({ success: false, error: message }, { status });
   }
@@ -271,8 +255,8 @@ function resolveMaxPrice(pricing) {
 }
 
 // src/protocols/x402.ts
-function buildX402Challenge(server, routeEntry, request, price, payeeAddress, network, extensions) {
-  const { encodePaymentRequiredHeader } = __require("@x402/core/http");
+async function buildX402Challenge(server, routeEntry, request, price, payeeAddress, network, extensions) {
+  const { encodePaymentRequiredHeader } = await import("@x402/core/http");
   const options = {
     scheme: "exact",
     network,
@@ -284,10 +268,10 @@ function buildX402Challenge(server, routeEntry, request, price, payeeAddress, ne
     method: routeEntry.method,
     description: routeEntry.description
   };
-  const requirements = server.buildPaymentRequirementsFromOptions(options, {
+  const requirements = await server.buildPaymentRequirementsFromOptions([options], {
     request
   });
-  const paymentRequired = server.createPaymentRequiredResponse(
+  const paymentRequired = await server.createPaymentRequiredResponse(
     requirements,
     resource,
     null,
@@ -297,7 +281,7 @@ function buildX402Challenge(server, routeEntry, request, price, payeeAddress, ne
   return { encoded, requirements };
 }
 async function verifyX402Payment(server, request, routeEntry, price, payeeAddress, network) {
-  const { decodePaymentSignatureHeader } = __require("@x402/core/http");
+  const { decodePaymentSignatureHeader } = await import("@x402/core/http");
   const paymentHeader = request.headers.get("PAYMENT-SIGNATURE") ?? request.headers.get("X-PAYMENT");
   if (!paymentHeader) return null;
   const payload = decodePaymentSignatureHeader(paymentHeader);
@@ -307,7 +291,7 @@ async function verifyX402Payment(server, request, routeEntry, price, payeeAddres
     price,
     payTo: payeeAddress
   };
-  const requirements = server.buildPaymentRequirementsFromOptions(options, {
+  const requirements = await server.buildPaymentRequirementsFromOptions([options], {
     request
   });
   const matching = server.findMatchingRequirements(requirements, payload);
@@ -323,7 +307,7 @@ async function verifyX402Payment(server, request, routeEntry, price, payeeAddres
   };
 }
 async function settleX402Payment(server, payload, requirements) {
-  const { encodePaymentResponseHeader } = __require("@x402/core/http");
+  const { encodePaymentResponseHeader } = await import("@x402/core/http");
   const result = await server.settlePayment(payload, requirements);
   const encoded = encodePaymentResponseHeader(result);
   return { encoded, result };
@@ -335,28 +319,28 @@ var Challenge;
 var Credential;
 var Receipt;
 var tempo;
-function ensureMpay() {
+async function ensureMpay() {
   if (mpayLoaded) return;
   try {
-    const mpay = __require("mpay");
+    const mpay = await import("mpay");
     Challenge = mpay.Challenge;
     Credential = mpay.Credential;
     Receipt = mpay.Receipt;
-    const mpayServer = __require("mpay/server");
+    const mpayServer = await import("mpay/server");
     tempo = mpayServer.tempo;
     mpayLoaded = true;
   } catch {
     throw new Error("mpay package is required for MPP protocol support. Install it: pnpm add mpay");
   }
 }
-function buildMPPChallenge(routeEntry, request, mppConfig, price) {
-  ensureMpay();
-  const intent = {
+async function buildMPPChallenge(routeEntry, request, mppConfig, price) {
+  await ensureMpay();
+  const methodIntent = tempo.charge({
     amount: price,
     currency: mppConfig.currency,
     recipient: mppConfig.recipient ?? ""
-  };
-  const challenge = Challenge.fromIntent(intent, {
+  });
+  const challenge = Challenge.fromIntent(methodIntent, {
     secretKey: mppConfig.secretKey,
     realm: new URL(request.url).origin,
     request
@@ -364,10 +348,10 @@ function buildMPPChallenge(routeEntry, request, mppConfig, price) {
   return Challenge.serialize(challenge);
 }
 async function verifyMPPCredential(request, _routeEntry, mppConfig, price) {
-  ensureMpay();
+  await ensureMpay();
   const credential = Credential.fromRequest(request);
   if (!credential) return null;
-  const isValid = Challenge.verify(credential, { secretKey: mppConfig.secretKey });
+  const isValid = Challenge.verify(credential.challenge, { secretKey: mppConfig.secretKey });
   if (!isValid) {
     return { valid: false, payer: null };
   }
@@ -385,24 +369,20 @@ async function verifyMPPCredential(request, _routeEntry, mppConfig, price) {
     payer: verifyResult.payer
   };
 }
-function buildMPPReceipt(reference) {
-  ensureMpay();
+async function buildMPPReceipt(reference) {
+  await ensureMpay();
   const receipt = Receipt.from({
     method: "tempo",
     status: "success",
     reference,
-    timestamp: Date.now()
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
   });
   return Receipt.serialize(receipt);
 }
 
 // src/auth/siwx.ts
 async function verifySIWX(request, _routeEntry, nonceStore) {
-  const {
-    parseSIWxHeader,
-    validateSIWxMessage,
-    verifySIWxSignature
-  } = __require("@x402/extensions/sign-in-with-x");
+  const { parseSIWxHeader, validateSIWxMessage, verifySIWxSignature } = await import("@x402/extensions/sign-in-with-x");
   const header = request.headers.get("SIGN-IN-WITH-X");
   if (!header) return { valid: false, wallet: null };
   const payload = parseSIWxHeader(header);
@@ -410,17 +390,17 @@ async function verifySIWX(request, _routeEntry, nonceStore) {
   const validation = await validateSIWxMessage(payload, uri, {
     checkNonce: (nonce) => nonceStore.check(nonce)
   });
-  if (!validation.isValid) {
+  if (!validation.valid) {
     return { valid: false, wallet: null };
   }
   const verified = await verifySIWxSignature(payload);
-  if (!verified?.isValid) {
+  if (!verified?.valid) {
     return { valid: false, wallet: null };
   }
   return { valid: true, wallet: verified.address };
 }
-function buildSIWXExtension() {
-  const { declareSIWxExtension } = __require("@x402/extensions/sign-in-with-x");
+async function buildSIWXExtension() {
+  const { declareSIWxExtension } = await import("@x402/extensions/sign-in-with-x");
   return declareSIWxExtension();
 }
 
@@ -520,11 +500,56 @@ function createRequestHandler(routeEntry, handler, deps) {
     const protocol = detectProtocol(request);
     if (routeEntry.authMode === "siwx") {
       if (!request.headers.get("SIGN-IN-WITH-X")) {
-        const response = new NextResponse2(null, { status: 402 });
+        const url = new URL(request.url);
+        const nonce = crypto.randomUUID();
+        const siwxInfo = {
+          domain: url.hostname,
+          uri: request.url,
+          version: "1",
+          chainId: deps.network,
+          type: "eip191",
+          nonce,
+          issuedAt: (/* @__PURE__ */ new Date()).toISOString(),
+          expirationTime: new Date(Date.now() + 3e5).toISOString(),
+          statement: "Sign in to verify your wallet identity"
+        };
+        let siwxSchema;
         try {
-          if (buildSIWXExtension()) response.headers.set("X-SIWX-REQUIRED", "true");
+          siwxSchema = await buildSIWXExtension();
         } catch {
         }
+        const paymentRequired = {
+          x402Version: 2,
+          error: "SIWX authentication required",
+          resource: {
+            url: request.url,
+            description: routeEntry.description ?? "SIWX-protected endpoint",
+            mimeType: "application/json"
+          },
+          accepts: [],
+          extensions: {
+            "sign-in-with-x": {
+              info: siwxInfo,
+              ...siwxSchema ? { schema: siwxSchema } : {}
+            }
+          }
+        };
+        let encoded;
+        try {
+          const { encodePaymentRequiredHeader } = await import("@x402/core/http");
+          encoded = encodePaymentRequiredHeader(paymentRequired);
+        } catch (err) {
+          firePluginHook(deps.plugin, "onAlert", pluginCtx, {
+            level: "warn",
+            message: `SIWX challenge header encoding failed: ${err instanceof Error ? err.message : String(err)}`,
+            route: routeEntry.key
+          });
+        }
+        const response = new NextResponse2(JSON.stringify(paymentRequired), {
+          status: 402,
+          headers: { "Content-Type": "application/json" }
+        });
+        if (encoded) response.headers.set("PAYMENT-REQUIRED", encoded);
         firePluginResponse(deps, pluginCtx, meta, response);
         return response;
       }
@@ -541,7 +566,7 @@ function createRequestHandler(routeEntry, handler, deps) {
       return handleAuth(siwx.wallet, void 0);
     }
     if (!protocol || protocol === "siwx") {
-      return build402(request, routeEntry, deps, meta, pluginCtx);
+      return await build402(request, routeEntry, deps, meta, pluginCtx);
     }
     const body = await parseBody(request, routeEntry);
     if (!body.ok) {
@@ -572,7 +597,7 @@ function createRequestHandler(routeEntry, handler, deps) {
         deps.payeeAddress,
         deps.network
       );
-      if (!verify?.valid) return build402(request, routeEntry, deps, meta, pluginCtx);
+      if (!verify?.valid) return await build402(request, routeEntry, deps, meta, pluginCtx);
       pluginCtx.setVerifiedWallet(verify.payer);
       firePluginHook(deps.plugin, "onPaymentVerified", pluginCtx, {
         protocol: "x402",
@@ -614,9 +639,9 @@ function createRequestHandler(routeEntry, handler, deps) {
       return response;
     }
     if (protocol === "mpp") {
-      if (!deps.mppConfig) return build402(request, routeEntry, deps, meta, pluginCtx);
+      if (!deps.mppConfig) return await build402(request, routeEntry, deps, meta, pluginCtx);
       const verify = await verifyMPPCredential(request, routeEntry, deps.mppConfig, price);
-      if (!verify?.valid) return build402(request, routeEntry, deps, meta, pluginCtx);
+      if (!verify?.valid) return await build402(request, routeEntry, deps, meta, pluginCtx);
       const wallet = verify.payer;
       pluginCtx.setVerifiedWallet(wallet);
       firePluginHook(deps.plugin, "onPaymentVerified", pluginCtx, {
@@ -635,14 +660,14 @@ function createRequestHandler(routeEntry, handler, deps) {
       );
       if (response.status < 400) {
         try {
-          response.headers.set("Payment-Receipt", buildMPPReceipt(crypto.randomUUID()));
+          response.headers.set("Payment-Receipt", await buildMPPReceipt(crypto.randomUUID()));
         } catch {
         }
       }
       finalize(response, rawResult, meta, pluginCtx);
       return response;
     }
-    return build402(request, routeEntry, deps, meta, pluginCtx);
+    return await build402(request, routeEntry, deps, meta, pluginCtx);
   };
 }
 async function parseBody(request, routeEntry) {
@@ -679,7 +704,7 @@ function parseQuery(request, routeEntry) {
   const result = routeEntry.querySchema.safeParse(params);
   return result.success ? result.data : params;
 }
-function build402(request, routeEntry, deps, meta, pluginCtx) {
+async function build402(request, routeEntry, deps, meta, pluginCtx) {
   const response = new NextResponse2(null, { status: 402 });
   let challengePrice;
   if (routeEntry.maxPrice) {
@@ -695,8 +720,8 @@ function build402(request, routeEntry, deps, meta, pluginCtx) {
   }
   let extensions;
   try {
-    const { z } = __require("zod");
-    const { declareDiscoveryExtension } = __require("@x402/extensions/bazaar");
+    const { z } = await import("zod");
+    const { declareDiscoveryExtension } = await import("@x402/extensions/bazaar");
     const inputSchema = routeEntry.bodySchema ? z.toJSONSchema(routeEntry.bodySchema, { target: "draft-2020-12" }) : routeEntry.querySchema ? z.toJSONSchema(routeEntry.querySchema, { target: "draft-2020-12" }) : void 0;
     const outputSchema = routeEntry.outputSchema ? z.toJSONSchema(routeEntry.outputSchema, { target: "draft-2020-12" }) : void 0;
     if (inputSchema) {
@@ -711,7 +736,7 @@ function build402(request, routeEntry, deps, meta, pluginCtx) {
   }
   if (routeEntry.protocols.includes("x402") && deps.x402Server) {
     try {
-      const { encoded } = buildX402Challenge(
+      const { encoded } = await buildX402Challenge(
         deps.x402Server,
         routeEntry,
         request,
@@ -721,16 +746,26 @@ function build402(request, routeEntry, deps, meta, pluginCtx) {
         extensions
       );
       response.headers.set("PAYMENT-REQUIRED", encoded);
-    } catch {
+    } catch (err) {
+      firePluginHook(deps.plugin, "onAlert", pluginCtx, {
+        level: "critical",
+        message: `x402 challenge build failed: ${err instanceof Error ? err.message : String(err)}`,
+        route: routeEntry.key
+      });
     }
   }
   if (routeEntry.protocols.includes("mpp") && deps.mppConfig) {
     try {
       response.headers.set(
         "WWW-Authenticate",
-        buildMPPChallenge(routeEntry, request, deps.mppConfig, challengePrice)
+        await buildMPPChallenge(routeEntry, request, deps.mppConfig, challengePrice)
       );
-    } catch {
+    } catch (err) {
+      firePluginHook(deps.plugin, "onAlert", pluginCtx, {
+        level: "critical",
+        message: `MPP challenge build failed: ${err instanceof Error ? err.message : String(err)}`,
+        route: routeEntry.key
+      });
     }
   }
   firePluginResponse(deps, pluginCtx, meta, response);
@@ -915,6 +950,11 @@ var RouteBuilder = class {
     next._path = p;
     return next;
   }
+  method(m) {
+    const next = this.fork();
+    next._method = m;
+    return next;
+  }
   handler(fn) {
     const entry = {
       key: this._key,
@@ -963,12 +1003,12 @@ function createWellKnownHandler(registry, baseUrl, pricesKeys, options = {}) {
       registry.validate(pricesKeys);
       validated = true;
     }
-    const x402Resources = [];
-    const mppResources = [];
+    const x402Set = /* @__PURE__ */ new Set();
+    const mppSet = /* @__PURE__ */ new Set();
     for (const [key, entry] of registry.entries()) {
       const url = `${baseUrl}/api/${entry.path ?? key}`;
-      if (entry.protocols.includes("x402")) x402Resources.push(url);
-      if (entry.protocols.includes("mpp")) mppResources.push(url);
+      if (entry.authMode !== "unprotected") x402Set.add(url);
+      if (entry.protocols.includes("mpp")) mppSet.add(url);
     }
     let instructions;
     if (typeof options.instructions === "function") {
@@ -978,18 +1018,28 @@ function createWellKnownHandler(registry, baseUrl, pricesKeys, options = {}) {
     }
     const body = {
       version: 1,
-      resources: x402Resources
+      resources: Array.from(x402Set)
     };
+    const mppResources = Array.from(mppSet);
     if (mppResources.length > 0) {
       body.mppResources = mppResources;
     }
+    if (options.description) {
+      body.description = options.description;
+    }
     if (options.ownershipProofs) {
       body.ownershipProofs = options.ownershipProofs;
     }
     if (instructions) {
       body.instructions = instructions;
     }
-    return NextResponse3.json(body);
+    return NextResponse3.json(body, {
+      headers: {
+        "Access-Control-Allow-Origin": "*",
+        "Access-Control-Allow-Methods": "GET",
+        "Access-Control-Allow-Headers": "Content-Type"
+      }
+    });
   };
 }
 
@@ -1012,9 +1062,7 @@ function createOpenAPIHandler(registry, baseUrl, pricesKeys, options) {
       const method = entry.method.toLowerCase();
       const tag = deriveTag(key);
       tagSet.add(tag);
-      paths[apiPath] = {
-        [method]: buildOperation(key, entry, tag)
-      };
+      paths[apiPath] = { ...paths[apiPath], [method]: buildOperation(key, entry, tag) };
     }
     cached = createDocument({
       openapi: "3.1.0",
@@ -1092,7 +1140,11 @@ function createRouter(config) {
   const baseUrl = typeof globalThis.process !== "undefined" ? process.env.NEXT_PUBLIC_BASE_URL ?? "http://localhost:3000" : "http://localhost:3000";
   if (config.plugin?.init) {
     try {
-      config.plugin.init({ origin: baseUrl });
+      const result = config.plugin.init({ origin: baseUrl });
+      if (result && typeof result.catch === "function") {
+        result.catch(() => {
+        });
+      }
     } catch {
     }
   }
@@ -1105,16 +1157,17 @@ function createRouter(config) {
     network,
     mppConfig: config.mpp
   };
-  try {
-    const { createX402Server: createX402Server2 } = (init_server(), __toCommonJS(server_exports));
-    const result = createX402Server2(config);
-    deps.x402Server = result.server;
-    deps.initPromise = result.initPromise.catch((err) => {
+  deps.initPromise = (async () => {
+    try {
+      const { createX402Server: createX402Server2 } = await Promise.resolve().then(() => (init_server(), server_exports));
+      const result = await createX402Server2(config);
+      deps.x402Server = result.server;
+      await result.initPromise;
+    } catch (err) {
       deps.x402Server = null;
       deps.x402InitError = err instanceof Error ? err.message : String(err);
-    });
-  } catch {
-  }
+    }
+  })();
   const pricesKeys = config.prices ? Object.keys(config.prices) : void 0;
   return {
     route(key) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentcash/router",
-  "version": "0.1.0",
+  "version": "0.2.1",
   "description": "Unified route builder for Next.js App Router APIs with x402, MPP, SIWX, and API key auth",
   "type": "module",
   "exports": {
@@ -21,6 +21,17 @@
   "files": [
     "dist"
   ],
+  "scripts": {
+    "build": "tsup",
+    "typecheck": "tsc --noEmit",
+    "lint": "eslint src/",
+    "lint:fix": "eslint src/ --fix",
+    "format": "prettier --write 'src/**/*.ts' 'tests/**/*.ts' '*.json' '*.mjs'",
+    "format:check": "prettier --check 'src/**/*.ts' 'tests/**/*.ts' '*.json' '*.mjs'",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "check": "pnpm format:check && pnpm lint && pnpm typecheck && pnpm build && pnpm test"
+  },
   "peerDependencies": {
     "@coinbase/x402": "^2.1.0",
     "@x402/core": "^2.3.0",
@@ -55,20 +66,10 @@
     "zod": "^4.0.0",
     "zod-openapi": "^5.0.0"
   },
+  "packageManager": "pnpm@10.28.0",
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://github.com/merit-systems/agentcash-router"
-  },
-  "scripts": {
-    "build": "tsup",
-    "typecheck": "tsc --noEmit",
-    "lint": "eslint src/",
-    "lint:fix": "eslint src/ --fix",
-    "format": "prettier --write 'src/**/*.ts' 'tests/**/*.ts' '*.json' '*.mjs'",
-    "format:check": "prettier --check 'src/**/*.ts' 'tests/**/*.ts' '*.json' '*.mjs'",
-    "test": "vitest run",
-    "test:watch": "vitest",
-    "check": "pnpm format:check && pnpm lint && pnpm typecheck && pnpm build && pnpm test"
+    "url": "git+https://github.com/merit-systems/agentcash-router.git"
   }
-}
+}