@agentcash/router 0.6.3 → 0.6.5

package/.claude/CLAUDE.md

@@ -131,6 +131,20 @@ router
 
 ## Environment Variables
 
+### Base URL Resolution
+
+`baseUrl` is auto-detected — most consumers don't need to pass it:
+
+1. **`config.baseUrl`** — Explicit override (for non-Vercel deployments)
+2. **`VERCEL_URL`** — Auto-detected on Vercel (set by the platform on every build and deployment)
+3. **`localhost:PORT`** — Fallback for local dev (`PORT` env var, defaults to 3000)
+
+In production on a non-Vercel host, pass `baseUrl` explicitly. On Vercel, it just works. In dev, it just works. No custom env vars needed.
+
+**Do NOT use `NEXT_PUBLIC_BASE_URL`.** It was removed in 0.6.5. The library handles base URL resolution internally.
+
+### CDP API Keys
+
 The router uses the default facilitator from `@coinbase/x402`, which requires CDP API keys in `process.env`:
 
 - `CDP_API_KEY_ID` — Coinbase Developer Platform API key ID

package/dist/index.cjs

@@ -382,7 +382,8 @@ async function buildX402Challenge(server, routeEntry, request, price, payeeAddre
   const resource = {
     url: request.url,
     method: routeEntry.method,
-    description: routeEntry.description
+    description: routeEntry.description,
+    mimeType: "application/json"
   };
   const requirements = await server.buildPaymentRequirementsFromOptions([options], {
     request
@@ -605,18 +606,16 @@ function createRequestHandler(routeEntry, handler, deps) {
     if (needsEarlyParse) {
       const requestForPricing = request.clone();
       const earlyBodyResult = await parseBody(requestForPricing, routeEntry);
-      if (!earlyBodyResult.ok) {
-        firePluginResponse(deps, pluginCtx, meta, earlyBodyResult.response);
-        return earlyBodyResult.response;
-      }
-      earlyBodyData = earlyBodyResult.data;
-      if (routeEntry.validateFn) {
-        try {
-          await routeEntry.validateFn(earlyBodyData);
-        } catch (err) {
-          const status = err.status ?? 400;
-          const message = err instanceof Error ? err.message : "Validation failed";
-          return fail(status, message, meta, pluginCtx, earlyBodyData);
+      if (earlyBodyResult.ok) {
+        earlyBodyData = earlyBodyResult.data;
+        if (routeEntry.validateFn) {
+          try {
+            await routeEntry.validateFn(earlyBodyData);
+          } catch (err) {
+            const status = err.status ?? 400;
+            const message = err instanceof Error ? err.message : "Validation failed";
+            return fail(status, message, meta, pluginCtx, earlyBodyData);
+          }
         }
       }
     }
@@ -624,16 +623,14 @@ function createRequestHandler(routeEntry, handler, deps) {
       if (routeEntry.validateFn && routeEntry.bodySchema && !request.headers.get("SIGN-IN-WITH-X")) {
         const requestForValidation = request.clone();
         const earlyBodyResult = await parseBody(requestForValidation, routeEntry);
-        if (!earlyBodyResult.ok) {
-          firePluginResponse(deps, pluginCtx, meta, earlyBodyResult.response);
-          return earlyBodyResult.response;
-        }
-        try {
-          await routeEntry.validateFn(earlyBodyResult.data);
-        } catch (err) {
-          const status = err.status ?? 400;
-          const message = err instanceof Error ? err.message : "Validation failed";
-          return fail(status, message, meta, pluginCtx, earlyBodyResult.data);
+        if (earlyBodyResult.ok) {
+          try {
+            await routeEntry.validateFn(earlyBodyResult.data);
+          } catch (err) {
+            const status = err.status ?? 400;
+            const message = err instanceof Error ? err.message : "Validation failed";
+            return fail(status, message, meta, pluginCtx, earlyBodyResult.data);
+          }
         }
       }
       if (!request.headers.get("SIGN-IN-WITH-X")) {
@@ -1470,20 +1467,21 @@ function createRouter(config) {
   const registry = new RouteRegistry();
   const nonceStore = config.siwx?.nonceStore ?? new MemoryNonceStore();
   const network = config.network ?? "eip155:8453";
-  const baseUrl = config.baseUrl ?? (typeof globalThis.process !== "undefined" ? process.env.NEXT_PUBLIC_BASE_URL : void 0);
+  const baseUrl = config.baseUrl ?? (typeof globalThis.process !== "undefined" && process.env.VERCEL_URL ? `https://${process.env.VERCEL_URL}` : void 0);
   if (config.protocols && config.protocols.length === 0) {
     throw new Error(
       "RouterConfig.protocols cannot be empty. Omit the field to use default ['x402'] or specify protocols explicitly."
     );
   }
-  if (!baseUrl) {
-    const msg = "baseUrl is required. Pass it in RouterConfig or set NEXT_PUBLIC_BASE_URL (e.g. https://myapp.com). It is used for discovery URLs, OpenAPI servers, and MPP realm.";
-    if (process.env.NODE_ENV === "production") {
-      throw new Error(msg);
-    }
-    console.warn(`[router] ${msg}`);
+  if (!baseUrl && process.env.NODE_ENV === "production") {
+    console.warn(
+      "[router] baseUrl was not provided and VERCEL_URL is not set. Falling back to localhost. Pass baseUrl in RouterConfig for non-Vercel deployments."
+    );
   }
-  const resolvedBaseUrl = (baseUrl ?? "http://localhost:3000").replace(/\/+$/, "");
+  const resolvedBaseUrl = (baseUrl ?? `http://localhost:${process.env.PORT ?? 3e3}`).replace(
+    /\/+$/,
+    ""
+  );
   let x402ConfigError;
   let mppConfigError;
   if ((!config.protocols || config.protocols.includes("x402")) && !config.payeeAddress) {

package/dist/index.d.cts

@@ -235,11 +235,11 @@ interface RouteEntry {
 interface RouterConfig {
     payeeAddress: string;
     /**
-     * Production origin URL (e.g. `https://myapp.com`).
+     * Origin URL (e.g. `https://myapp.com`).
      * Used for discovery URLs, OpenAPI servers, and MPP realm.
      *
-     * Falls back to `NEXT_PUBLIC_BASE_URL` env var.
-     * Required in production — `next build` will fail without it.
+     * Auto-detected on Vercel via `VERCEL_URL`. Falls back to `localhost:PORT` in dev.
+     * Only needed for non-Vercel production deployments.
      */
     baseUrl?: string;
     network?: string;

package/dist/index.d.ts

@@ -235,11 +235,11 @@ interface RouteEntry {
 interface RouterConfig {
     payeeAddress: string;
     /**
-     * Production origin URL (e.g. `https://myapp.com`).
+     * Origin URL (e.g. `https://myapp.com`).
      * Used for discovery URLs, OpenAPI servers, and MPP realm.
      *
-     * Falls back to `NEXT_PUBLIC_BASE_URL` env var.
-     * Required in production — `next build` will fail without it.
+     * Auto-detected on Vercel via `VERCEL_URL`. Falls back to `localhost:PORT` in dev.
+     * Only needed for non-Vercel production deployments.
      */
     baseUrl?: string;
     network?: string;

package/dist/index.js

@@ -345,7 +345,8 @@ async function buildX402Challenge(server, routeEntry, request, price, payeeAddre
   const resource = {
     url: request.url,
     method: routeEntry.method,
-    description: routeEntry.description
+    description: routeEntry.description,
+    mimeType: "application/json"
   };
   const requirements = await server.buildPaymentRequirementsFromOptions([options], {
     request
@@ -568,18 +569,16 @@ function createRequestHandler(routeEntry, handler, deps) {
     if (needsEarlyParse) {
       const requestForPricing = request.clone();
       const earlyBodyResult = await parseBody(requestForPricing, routeEntry);
-      if (!earlyBodyResult.ok) {
-        firePluginResponse(deps, pluginCtx, meta, earlyBodyResult.response);
-        return earlyBodyResult.response;
-      }
-      earlyBodyData = earlyBodyResult.data;
-      if (routeEntry.validateFn) {
-        try {
-          await routeEntry.validateFn(earlyBodyData);
-        } catch (err) {
-          const status = err.status ?? 400;
-          const message = err instanceof Error ? err.message : "Validation failed";
-          return fail(status, message, meta, pluginCtx, earlyBodyData);
+      if (earlyBodyResult.ok) {
+        earlyBodyData = earlyBodyResult.data;
+        if (routeEntry.validateFn) {
+          try {
+            await routeEntry.validateFn(earlyBodyData);
+          } catch (err) {
+            const status = err.status ?? 400;
+            const message = err instanceof Error ? err.message : "Validation failed";
+            return fail(status, message, meta, pluginCtx, earlyBodyData);
+          }
         }
       }
     }
@@ -587,16 +586,14 @@ function createRequestHandler(routeEntry, handler, deps) {
       if (routeEntry.validateFn && routeEntry.bodySchema && !request.headers.get("SIGN-IN-WITH-X")) {
         const requestForValidation = request.clone();
         const earlyBodyResult = await parseBody(requestForValidation, routeEntry);
-        if (!earlyBodyResult.ok) {
-          firePluginResponse(deps, pluginCtx, meta, earlyBodyResult.response);
-          return earlyBodyResult.response;
-        }
-        try {
-          await routeEntry.validateFn(earlyBodyResult.data);
-        } catch (err) {
-          const status = err.status ?? 400;
-          const message = err instanceof Error ? err.message : "Validation failed";
-          return fail(status, message, meta, pluginCtx, earlyBodyResult.data);
+        if (earlyBodyResult.ok) {
+          try {
+            await routeEntry.validateFn(earlyBodyResult.data);
+          } catch (err) {
+            const status = err.status ?? 400;
+            const message = err instanceof Error ? err.message : "Validation failed";
+            return fail(status, message, meta, pluginCtx, earlyBodyResult.data);
+          }
         }
       }
       if (!request.headers.get("SIGN-IN-WITH-X")) {
@@ -1433,20 +1430,21 @@ function createRouter(config) {
   const registry = new RouteRegistry();
   const nonceStore = config.siwx?.nonceStore ?? new MemoryNonceStore();
   const network = config.network ?? "eip155:8453";
-  const baseUrl = config.baseUrl ?? (typeof globalThis.process !== "undefined" ? process.env.NEXT_PUBLIC_BASE_URL : void 0);
+  const baseUrl = config.baseUrl ?? (typeof globalThis.process !== "undefined" && process.env.VERCEL_URL ? `https://${process.env.VERCEL_URL}` : void 0);
   if (config.protocols && config.protocols.length === 0) {
     throw new Error(
       "RouterConfig.protocols cannot be empty. Omit the field to use default ['x402'] or specify protocols explicitly."
     );
   }
-  if (!baseUrl) {
-    const msg = "baseUrl is required. Pass it in RouterConfig or set NEXT_PUBLIC_BASE_URL (e.g. https://myapp.com). It is used for discovery URLs, OpenAPI servers, and MPP realm.";
-    if (process.env.NODE_ENV === "production") {
-      throw new Error(msg);
-    }
-    console.warn(`[router] ${msg}`);
+  if (!baseUrl && process.env.NODE_ENV === "production") {
+    console.warn(
+      "[router] baseUrl was not provided and VERCEL_URL is not set. Falling back to localhost. Pass baseUrl in RouterConfig for non-Vercel deployments."
+    );
   }
-  const resolvedBaseUrl = (baseUrl ?? "http://localhost:3000").replace(/\/+$/, "");
+  const resolvedBaseUrl = (baseUrl ?? `http://localhost:${process.env.PORT ?? 3e3}`).replace(
+    /\/+$/,
+    ""
+  );
   let x402ConfigError;
   let mppConfigError;
   if ((!config.protocols || config.protocols.includes("x402")) && !config.payeeAddress) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentcash/router",
-  "version": "0.6.3",
+  "version": "0.6.5",
   "description": "Unified route builder for Next.js App Router APIs with x402, MPP, SIWX, and API key auth",
   "type": "module",
   "exports": {