@agentcash/router 1.5.2 → 1.6.0

package/dist/index.cjs

@@ -105,6 +105,18 @@ function buildEvmExactOptions(accepts, price) {
     payTo
   }));
 }
+function buildEvmUptoOptions(accepts, price) {
+  return accepts.filter(
+    (accept) => accept.scheme === "upto" && isEvmNetwork(accept.network)
+  ).map((accept) => ({
+    scheme: "upto",
+    network: accept.network,
+    payTo: accept.payTo,
+    price,
+    ...accept.maxTimeoutSeconds !== void 0 ? { maxTimeoutSeconds: accept.maxTimeoutSeconds } : {},
+    ...accept.extra ? { extra: accept.extra } : {}
+  }));
+}
 var init_evm = __esm({
   "src/protocols/x402/evm.ts"() {
     "use strict";
@@ -289,40 +301,40 @@ async function createX402Server(config) {
     facilitatorsByNetwork
   };
 }
-function cachedClient(inner, kinds) {
+function createFacilitatorClients(facilitatorsByNetwork, HTTPFacilitatorClient) {
+  const groups = getResolvedX402FacilitatorGroups(facilitatorsByNetwork);
+  return groups.map((group) => {
+    const inner = new HTTPFacilitatorClient(group.config);
+    const kinds = buildSupportedKinds(group);
+    return hardcodedSupportedClient(inner, kinds);
+  });
+}
+function hardcodedSupportedClient(inner, kinds) {
   return {
     verify: inner.verify.bind(inner),
     settle: inner.settle.bind(inner),
-    getSupported: async () => ({
-      kinds,
-      extensions: [],
-      signers: {}
-    })
+    getSupported: async () => ({ kinds, extensions: [], signers: {} })
   };
 }
-function createFacilitatorClients(facilitatorsByNetwork, HTTPFacilitatorClient) {
-  const groups = getResolvedX402FacilitatorGroups(facilitatorsByNetwork);
-  return groups.map((group) => {
-    const inner = new HTTPFacilitatorClient(group.config);
-    const kinds = group.networks.flatMap((network) => {
-      const exactKind = {
-        x402Version: 2,
-        scheme: "exact",
-        network,
-        ...group.family === "solana" ? {
-          extra: {
-            features: {
-              xSettlementAccountSupported: true
-            }
+function buildSupportedKinds(group) {
+  return group.networks.flatMap((network) => {
+    const exactKind = {
+      x402Version: 2,
+      scheme: "exact",
+      network,
+      ...group.family === "solana" ? {
+        extra: {
+          features: {
+            xSettlementAccountSupported: true
           }
-        } : {}
-      };
-      if (group.family === "evm") {
-        return [exactKind, { x402Version: 2, scheme: "upto", network }];
-      }
-      return [exactKind];
-    });
-    return cachedClient(inner, kinds);
+        }
+      } : {}
+    };
+    const uptoKind = { x402Version: 2, scheme: "upto", network };
+    if (group.family === "evm") {
+      return [exactKind, uptoKind];
+    }
+    return [exactKind, uptoKind];
   });
 }
 var init_server = __esm({
@@ -335,57 +347,6 @@ var init_server = __esm({
   }
 });
 
-// src/upstash-rest.ts
-var upstash_rest_exports = {};
-__export(upstash_rest_exports, {
-  createUpstashRest: () => createUpstashRest
-});
-function createUpstashRest(url, token) {
-  const base = url.replace(/\/+$/, "");
-  const headers = { Authorization: `Bearer ${token}` };
-  async function get(key) {
-    const res = await fetch(`${base}/get/${key}`, { headers });
-    if (!res.ok) throw new Error(`[upstash-rest] GET ${key}: ${res.status}`);
-    const { result } = await res.json();
-    return result ?? null;
-  }
-  async function set(key, value) {
-    const res = await fetch(`${base}`, {
-      method: "POST",
-      headers: { ...headers, "Content-Type": "application/json" },
-      body: JSON.stringify(["SET", key, JSON.stringify(value)])
-    });
-    if (!res.ok) throw new Error(`[upstash-rest] SET ${key}: ${res.status}`);
-    return await res.json();
-  }
-  async function del(key) {
-    const res = await fetch(`${base}`, {
-      method: "POST",
-      headers: { ...headers, "Content-Type": "application/json" },
-      body: JSON.stringify(["DEL", key])
-    });
-    if (!res.ok) throw new Error(`[upstash-rest] DEL ${key}: ${res.status}`);
-    return await res.json();
-  }
-  return {
-    get,
-    set,
-    del,
-    async update(key, fn) {
-      const current = await get(key);
-      const change = fn(current);
-      if (change.op === "set") await set(key, change.value);
-      if (change.op === "delete") await del(key);
-      return change.result;
-    }
-  };
-}
-var init_upstash_rest = __esm({
-  "src/upstash-rest.ts"() {
-    "use strict";
-  }
-});
-
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
@@ -402,14 +363,16 @@ __export(index_exports, {
   TEMPO_USDC_CURRENCY: () => TEMPO_USDC_CURRENCY,
   ZERO_EVM_ADDRESS: () => ZERO_EVM_ADDRESS,
   consolePlugin: () => consolePlugin,
-  createRedisEntitlementStore: () => createRedisEntitlementStore,
-  createRedisNonceStore: () => createRedisNonceStore,
+  createKvEntitlementStore: () => createKvEntitlementStore,
+  createKvMppStore: () => createKvMppStore,
+  createKvNonceStore: () => createKvNonceStore,
   createRouter: () => createRouter,
   formatRouterConfigIssues: () => formatRouterConfigIssues,
   getRouterConfigIssues: () => getRouterConfigIssues,
   mppFromEnv: () => mppFromEnv,
   paidOptionsForProtocols: () => paidOptionsForProtocols,
   validateRouterConfig: () => validateRouterConfig,
+  withPrefix: () => withPrefix,
   x402AcceptsFromEnv: () => x402AcceptsFromEnv
 });
 module.exports = __toCommonJS(index_exports);
@@ -417,11 +380,6 @@ module.exports = __toCommonJS(index_exports);
 // src/registry.ts
 var RouteRegistry = class {
   routes = /* @__PURE__ */ new Map();
-  // Internal map key includes the HTTP method so that POST and DELETE on the
-  // same path coexist. Within the same path+method, last-write-wins is still
-  // intentional — Next.js module loading order is non-deterministic during
-  // build and discovery stubs may register the same route in either order.
-  // Prior art: ElysiaJS uses the same pattern (silent overwrite in router.history).
   mapKey(entry) {
     return `${entry.key}:${entry.method}`;
   }
@@ -434,8 +392,6 @@ var RouteRegistry = class {
     }
     this.routes.set(k, entry);
   }
-  // Accepts either a compound key ("site/domain:DELETE") or a path-only key
-  // ("site/domain") — path-only returns the first registered method for that path.
   get(key) {
     const direct = this.routes.get(key);
     if (direct) return direct;
@@ -467,24 +423,17 @@ var RouteRegistry = class {
 
 // src/headers.ts
 var HEADERS = {
-  // ---- Standard HTTP ----
   AUTHORIZATION: "Authorization",
   WWW_AUTHENTICATE: "WWW-Authenticate",
-  // ---- Auth ----
   API_KEY: "X-API-Key",
-  // ---- Request meta (used by plugin/observability) ----
   WALLET_ADDRESS: "X-Wallet-Address",
   CLIENT_ID: "X-Client-ID",
   SESSION_ID: "X-Session-ID",
-  // ---- SIWX ----
   SIWX: "SIGN-IN-WITH-X",
-  // ---- x402 (payment) ----
   X402_PAYMENT_SIGNATURE: "PAYMENT-SIGNATURE",
-  /** Legacy x402 payment header — accepted alongside PAYMENT-SIGNATURE. */
   X402_PAYMENT_LEGACY: "X-PAYMENT",
   X402_PAYMENT_REQUIRED: "PAYMENT-REQUIRED",
   X402_PAYMENT_RESPONSE: "PAYMENT-RESPONSE",
-  // ---- MPP (payment) ----
   MPP_PAYMENT_RECEIPT: "Payment-Receipt"
 };
 var AUTH_SCHEME = {
@@ -567,11 +516,31 @@ function consolePlugin() {
   };
 }
 
+// src/alert.ts
+function createReporter(plugin, pluginCtx, route) {
+  return (level, message, meta) => {
+    firePluginHook(plugin, "onAlert", pluginCtx, {
+      level,
+      message,
+      route,
+      ...meta ? { meta } : {}
+    });
+  };
+}
+
 // src/pipeline/context/preflight.ts
 function preflight(routeEntry, handler, deps, request) {
   const meta = buildMeta(request, routeEntry);
   const pluginCtx = firePluginHook(deps.plugin, "onRequest", meta) ?? createDefaultContext(meta);
-  return { routeEntry, handler, deps, request, meta, pluginCtx };
+  return {
+    routeEntry,
+    handler,
+    deps,
+    request,
+    meta,
+    pluginCtx,
+    report: createReporter(deps.plugin, pluginCtx, routeEntry.key)
+  };
 }
 function buildMeta(request, routeEntry) {
   return {
@@ -616,19 +585,38 @@ function validateBody(parsed, schema) {
   };
 }
 
+// src/pipeline/context/fire-plugin-response.ts
+function firePluginResponse(ctx, response, requestBody, responseBody) {
+  firePluginHook(ctx.deps.plugin, "onResponse", ctx.pluginCtx, {
+    statusCode: response.status,
+    statusText: response.statusText,
+    duration: Date.now() - ctx.meta.startTime,
+    contentType: response.headers.get("content-type"),
+    headers: Object.fromEntries(response.headers.entries()),
+    requestBody,
+    responseBody
+  });
+  if (response.status >= 400 && response.status !== 402) {
+    firePluginHook(ctx.deps.plugin, "onError", ctx.pluginCtx, {
+      status: response.status,
+      message: response.statusText || `HTTP ${response.status}`,
+      settled: false
+    });
+  }
+}
+
 // src/pipeline/context/parse-body.ts
-async function parseBody(request, routeEntry) {
-  if (!routeEntry.bodySchema) return { ok: true, data: void 0 };
+async function parseBody(ctx, request = ctx.request) {
+  if (!ctx.routeEntry.bodySchema) return { ok: true, data: void 0 };
   const raw = await bufferBody(request);
-  const result = validateBody(raw, routeEntry.bodySchema);
+  const result = validateBody(raw, ctx.routeEntry.bodySchema);
   if (result.success) return { ok: true, data: result.data };
-  return {
-    ok: false,
-    response: import_server.NextResponse.json(
-      { success: false, error: result.error, issues: result.issues },
-      { status: 400 }
-    )
-  };
+  const response = import_server.NextResponse.json(
+    { success: false, error: result.error, issues: result.issues },
+    { status: 400 }
+  );
+  firePluginResponse(ctx, response);
+  return { ok: false, response };
 }
 
 // src/pipeline/context/parse-query.ts
@@ -654,28 +642,6 @@ function handlerFailureError(response) {
 
 // src/pipeline/context/fail.ts
 var import_server2 = require("next/server");
-
-// src/pipeline/context/fire-plugin-response.ts
-function firePluginResponse(ctx, response, requestBody, responseBody) {
-  firePluginHook(ctx.deps.plugin, "onResponse", ctx.pluginCtx, {
-    statusCode: response.status,
-    statusText: response.statusText,
-    duration: Date.now() - ctx.meta.startTime,
-    contentType: response.headers.get("content-type"),
-    headers: Object.fromEntries(response.headers.entries()),
-    requestBody,
-    responseBody
-  });
-  if (response.status >= 400 && response.status !== 402) {
-    firePluginHook(ctx.deps.plugin, "onError", ctx.pluginCtx, {
-      status: response.status,
-      message: response.statusText || `HTTP ${response.status}`,
-      settled: false
-    });
-  }
-}
-
-// src/pipeline/context/fail.ts
 function fail(ctx, status, message, requestBody) {
   const response = import_server2.NextResponse.json({ success: false, error: message }, { status });
   firePluginResponse(ctx, response, requestBody);
@@ -693,7 +659,7 @@ async function runValidate(ctx, body) {
   }
 }
 
-// src/handler.ts
+// src/pipeline/flows/static/static-invoke.ts
 var import_server3 = require("next/server");
 
 // src/types.ts
@@ -705,23 +671,15 @@ var HttpError = class extends Error {
   }
 };
 
-// src/handler.ts
-async function safeCallHandler(handler, ctx, options = {}) {
-  try {
-    const result = await handler(ctx);
-    if (result instanceof Response) return result;
-    return import_server3.NextResponse.json(result);
-  } catch (error) {
-    options.onError?.(error);
-    const status = error instanceof HttpError ? error.status : typeof error.status === "number" ? error.status : 500;
-    const message = error instanceof Error ? error.message : "Internal error";
-    return import_server3.NextResponse.json({ success: false, error: message }, { status });
-  }
+// src/pipeline/flows/static/static-invoke.ts
+function invokePaidStatic(ctx, wallet, account, body, payment) {
+  return runHandler(ctx, buildHandlerCtx(ctx, wallet, account, body, payment));
 }
-
-// src/pipeline/context/invoke.ts
-async function invoke(ctx, wallet, account, body, payment) {
-  const handlerCtx = {
+function invokeUnauthed(ctx, wallet, account, body) {
+  return runHandler(ctx, buildHandlerCtx(ctx, wallet, account, body, null));
+}
+function buildHandlerCtx(ctx, wallet, account, body, payment) {
+  return {
     body,
     query: parseQuery(ctx.request, ctx.routeEntry),
     request: ctx.request,
@@ -740,21 +698,45 @@ async function invoke(ctx, wallet, account, body, payment) {
     },
     setVerifiedWallet: (addr) => ctx.pluginCtx.setVerifiedWallet(addr)
   };
+}
+async function runHandler(ctx, handlerCtx) {
+  let returned;
+  try {
+    returned = ctx.handler(handlerCtx);
+  } catch (error) {
+    return errorResult(error);
+  }
+  if (isAsyncIterable(returned) && !isThenable(returned)) {
+    return errorResult(
+      new HttpError(
+        `route '${ctx.routeEntry.key}': streaming handlers require .paid({ dynamic: true })`,
+        500
+      )
+    );
+  }
   let rawResult;
-  let handlerError;
-  const response = await safeCallHandler(
-    async (c) => {
-      rawResult = await ctx.handler(c);
-      return rawResult;
-    },
-    handlerCtx,
-    {
-      onError(error) {
-        handlerError = error;
-      }
-    }
-  );
-  return { response, rawResult, handlerError };
+  try {
+    rawResult = await returned;
+  } catch (error) {
+    return errorResult(error);
+  }
+  const response = rawResult instanceof Response ? rawResult : import_server3.NextResponse.json(rawResult);
+  return { response, rawResult };
+}
+function errorResult(error) {
+  const status = error instanceof HttpError ? error.status : typeof error?.status === "number" ? error.status : 500;
+  const message = error instanceof Error ? error.message : "Internal error";
+  return {
+    response: import_server3.NextResponse.json({ success: false, error: message }, { status }),
+    rawResult: void 0,
+    handlerError: error
+  };
+}
+function isAsyncIterable(value) {
+  return value != null && typeof value === "object" && Symbol.asyncIterator in value;
+}
+function isThenable(value) {
+  return value != null && (typeof value === "object" || typeof value === "function") && typeof value.then === "function";
 }
 
 // src/pipeline/context/fire-provider-quota.ts
@@ -788,24 +770,24 @@ function computeQuotaLevel(remaining, warn, critical) {
   return "healthy";
 }
 
-// src/pipeline/context/finalize.ts
+// src/pipeline/context/finalize/response.ts
 function finalize(ctx, response, rawResult, requestBody) {
   fireProviderQuota(ctx, response, rawResult);
   firePluginResponse(ctx, response, requestBody, rawResult);
   return response;
 }
 
-// src/pipeline/context/run-handler-only.ts
-async function runHandlerOnly(ctx, wallet, account) {
-  const body = await parseBody(ctx.request, ctx.routeEntry);
-  if (!body.ok) {
-    firePluginResponse(ctx, body.response);
-    return body.response;
+// src/pipeline/context/grant-entitlement.ts
+async function grantEntitlementIfSiwx(ctx, wallet) {
+  if (!ctx.routeEntry.siwxEnabled) return;
+  try {
+    await ctx.deps.entitlementStore.grant(ctx.routeEntry.key, wallet);
+  } catch (error) {
+    ctx.report(
+      "warn",
+      `Entitlement grant failed: ${error instanceof Error ? error.message : String(error)}`
+    );
   }
-  const validateErr = await runValidate(ctx, body.data);
-  if (validateErr) return validateErr;
-  const result = await invoke(ctx, wallet, account, body.data, null);
-  return finalize(ctx, result.response, result.rawResult, body.data);
 }
 
 // src/pipeline/context/settlement-context.ts
@@ -822,23 +804,6 @@ function settlementContext(ctx, scope) {
   };
 }
 
-// src/pipeline/context/run-before-settle.ts
-async function runBeforeSettle(ctx, scope) {
-  const hook = ctx.routeEntry.settlement?.beforeSettle;
-  if (!hook) return null;
-  try {
-    await hook(settlementContext(ctx, scope));
-    return null;
-  } catch (error) {
-    return fail(
-      ctx,
-      errorStatus(error, 500),
-      errorMessage(error, "Pre-settlement validation failed"),
-      scope.body
-    );
-  }
-}
-
 // src/pipeline/context/run-settlement-error.ts
 async function runSettlementError(ctx, scope, error, phase) {
   const hook = ctx.routeEntry.settlement?.onSettlementError;
@@ -847,12 +812,7 @@ async function runSettlementError(ctx, scope, error, phase) {
     await hook({ ...settlementContext(ctx, scope), error, phase });
   } catch (hookError) {
     const message = errorMessage(hookError, "Settlement error hook failed");
-    console.error(`[router] ${ctx.routeEntry.key}: onSettlementError failed: ${message}`);
-    firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-      level: "error",
-      message: `Settlement error hook failed: ${message}`,
-      route: ctx.routeEntry.key
-    });
+    ctx.report("error", `Settlement error hook failed: ${message}`);
   }
 }
 
@@ -864,81 +824,145 @@ async function runAfterSettle(ctx, scope) {
     await hook(settlementContext(ctx, scope));
   } catch (error) {
     const message = errorMessage(error, "Post-settlement hook failed");
-    console.error(`[router] ${ctx.routeEntry.key}: afterSettle failed: ${message}`);
-    firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-      level: "error",
-      message: `Post-settlement hook failed: ${message}`,
-      route: ctx.routeEntry.key
-    });
+    ctx.report("error", `Post-settlement hook failed: ${message}`);
     await runSettlementError(ctx, scope, error, "afterSettle");
   }
 }
 
-// src/pipeline/context/run-settled-handler-error.ts
-async function runSettledHandlerError(ctx, scope, error = scope.handlerError ?? handlerFailureError(scope.response)) {
-  const hook = ctx.routeEntry.settlement?.onSettledHandlerError;
-  if (!hook) return;
-  try {
-    await hook({ ...settlementContext(ctx, scope), error });
-  } catch (hookError) {
-    const message = errorMessage(hookError, "Settled handler error hook failed");
-    console.error(`[router] ${ctx.routeEntry.key}: onSettledHandlerError failed: ${message}`);
-    firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-      level: "error",
-      message: `Settled handler error hook failed: ${message}`,
-      route: ctx.routeEntry.key
-    });
-  }
-}
-
-// src/pipeline/context/grant-entitlement.ts
-async function grantEntitlementIfSiwx(ctx, wallet) {
-  if (!ctx.routeEntry.siwxEnabled) return;
-  try {
-    await ctx.deps.entitlementStore.grant(ctx.routeEntry.key, wallet);
-  } catch (error) {
-    firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-      level: "warn",
-      message: `Entitlement grant failed: ${error instanceof Error ? error.message : String(error)}`,
-      route: ctx.routeEntry.key
-    });
-  }
+// src/pipeline/context/finalize/epilogue.ts
+async function runPostSettleEpilogue(args) {
+  const { ctx, strategy, wallet, settle, afterSettleScope, rawResult, body } = args;
+  await grantEntitlementIfSiwx(ctx, wallet);
+  firePluginHook(ctx.deps.plugin, "onPaymentSettled", ctx.pluginCtx, {
+    protocol: strategy.protocol,
+    payer: wallet,
+    transaction: settle.settledPayment.transaction ?? "",
+    network: settle.settledPayment.network
+  });
+  await runAfterSettle(ctx, afterSettleScope);
+  return finalize(ctx, settle.response, rawResult, body);
 }
 
-// src/pipeline/context/settle-and-finalize.ts
-async function settleAndFinalize(args) {
-  const { ctx, strategy, verifyOutcome, scope, rawResult, body, onSettleError } = args;
-  const { request, routeEntry, deps } = ctx;
+// src/pipeline/context/finalize/request.ts
+async function settleAndFinalizeRequest(args) {
+  const { ctx, strategy, verifyOutcome, scope, rawResult, body, billedAmount, onSettleError } = args;
+  const { request, routeEntry, deps, report } = ctx;
   const settle = await strategy.settle({
     request,
     response: scope.response,
     payment: verifyOutcome.payment,
     token: verifyOutcome.token,
     routeEntry,
-    deps
+    deps,
+    billedAmount,
+    report
   });
   if (!settle.ok) {
     if (onSettleError) await onSettleError(settle.error, settle.failMessage);
     return fail(ctx, settle.failStatus ?? 500, settle.failMessage, body);
   }
-  await grantEntitlementIfSiwx(ctx, verifyOutcome.wallet);
-  firePluginHook(deps.plugin, "onPaymentSettled", ctx.pluginCtx, {
-    protocol: strategy.protocol,
-    payer: verifyOutcome.wallet,
-    transaction: settle.settledPayment.transaction ?? "",
-    network: settle.settledPayment.network
+  return runPostSettleEpilogue({
+    ctx,
+    strategy,
+    wallet: verifyOutcome.wallet,
+    settle,
+    afterSettleScope: {
+      ...scope,
+      payment: settle.settledPayment,
+      response: settle.response
+    },
+    rawResult,
+    body
   });
-  await runAfterSettle(ctx, {
-    ...scope,
-    payment: settle.settledPayment,
-    response: settle.response
+}
+
+// src/pipeline/context/finalize/stream.ts
+async function settleAndFinalizeStream(args) {
+  const { ctx, strategy, verifyOutcome, source, account, body, bindChannelCharge } = args;
+  const { request, routeEntry, deps, report } = ctx;
+  if (!strategy.settleStream) {
+    return fail(ctx, 500, `${strategy.protocol} does not support streaming handlers`, body);
+  }
+  const settle = await strategy.settleStream({
+    request,
+    source,
+    payment: verifyOutcome.payment,
+    token: verifyOutcome.token,
+    routeEntry,
+    deps,
+    bindChannelCharge,
+    report
   });
-  return finalize(ctx, settle.response, rawResult, body);
+  if (!settle.ok) {
+    return fail(ctx, settle.failStatus ?? 500, settle.failMessage, body);
+  }
+  return runPostSettleEpilogue({
+    ctx,
+    strategy,
+    wallet: verifyOutcome.wallet,
+    settle,
+    afterSettleScope: {
+      wallet: verifyOutcome.wallet,
+      account,
+      body,
+      payment: settle.settledPayment,
+      response: settle.response,
+      rawResult: void 0
+    },
+    rawResult: void 0,
+    body
+  });
+}
+
+// src/pipeline/context/run-handler-only.ts
+async function runHandlerOnly(ctx, wallet, account) {
+  const body = await parseBody(ctx);
+  if (!body.ok) return body.response;
+  const validateErr = await runValidate(ctx, body.data);
+  if (validateErr) return validateErr;
+  const result = await invokeUnauthed(ctx, wallet, account, body.data);
+  return finalize(ctx, result.response, result.rawResult, body.data);
+}
+
+// src/pipeline/context/run-before-settle.ts
+async function runBeforeSettle(ctx, scope) {
+  const hook = ctx.routeEntry.settlement?.beforeSettle;
+  if (!hook) return null;
+  try {
+    await hook(settlementContext(ctx, scope));
+    return null;
+  } catch (error) {
+    return fail(
+      ctx,
+      errorStatus(error, 500),
+      errorMessage(error, "Pre-settlement validation failed"),
+      scope.body
+    );
+  }
+}
+
+// src/pipeline/context/run-settled-handler-error.ts
+async function runSettledHandlerError(ctx, scope, error = scope.handlerError ?? handlerFailureError(scope.response)) {
+  const hook = ctx.routeEntry.settlement?.onSettledHandlerError;
+  if (!hook) return;
+  try {
+    await hook({ ...settlementContext(ctx, scope), error });
+  } catch (hookError) {
+    const message = errorMessage(hookError, "Settled handler error hook failed");
+    ctx.report("error", `Settled handler error hook failed: ${message}`);
+  }
 }
 
 // src/auth/normalize-wallet.ts
 function normalizeWalletAddress(address) {
-  return /^0x/i.test(address) ? address.toLowerCase() : address;
+  const isEvm = /^0x/i.test(address);
+  return isEvm ? normalizeEvmWalletAddress(address) : normalizeSolanaWalletAddress(address);
+}
+function normalizeEvmWalletAddress(address) {
+  return address.toLowerCase();
+}
+function normalizeSolanaWalletAddress(address) {
+  return address;
 }
 
 // src/auth/siwx.ts
@@ -1018,20 +1042,18 @@ function shouldParseBodyEarly(incomingStrategy, routeEntry, pricing) {
   return (pricing?.needsBody ?? false) || !!routeEntry.validateFn;
 }
 
-// src/pipeline/context/protocol-init-error.ts
-function protocolInitError(routeEntry, deps) {
-  if (!routeEntry.pricing) return null;
-  const errors = [];
-  for (const protocol of routeEntry.protocols) {
-    if (protocol === "x402" && deps.x402InitError) {
-      errors.push(`x402: ${deps.x402InitError}`);
-    }
-    if (protocol === "mpp" && deps.mppInitError) {
-      errors.push(`mpp: ${deps.mppInitError}`);
-    }
-  }
-  if (errors.length === 0) return null;
-  return `Payment protocol initialization failed. ${errors.join("; ")}`;
+// src/pipeline/context/resolve-early-body.ts
+async function resolveEarlyBody(args) {
+  const { ctx, pricing, incomingStrategy } = args;
+  if (!shouldParseBodyEarly(incomingStrategy, ctx.routeEntry, pricing)) {
+    return { ok: true, earlyBody: void 0 };
+  }
+  const earlyClone = ctx.request.clone();
+  const earlyResult = await parseBody(ctx, earlyClone);
+  if (!earlyResult.ok) return { ok: false, response: earlyResult.response };
+  const validateErr = await runValidate(ctx, earlyResult.data);
+  if (validateErr) return { ok: false, response: validateErr };
+  return { ok: true, earlyBody: earlyResult.data };
 }
 
 // src/auth/api-key.ts
@@ -1052,6 +1074,39 @@ function extractBearerToken(header) {
   return null;
 }
 
+// src/pipeline/context/run-api-key-gate.ts
+async function runApiKeyGate(ctx) {
+  const { request, routeEntry, deps } = ctx;
+  if (!routeEntry.apiKeyResolver) return { ok: true, account: void 0 };
+  const apiKeyResult = await verifyApiKey(request, routeEntry.apiKeyResolver);
+  if (!apiKeyResult.valid) {
+    return { ok: false, response: fail(ctx, 401, "Invalid or missing API key") };
+  }
+  firePluginHook(deps.plugin, "onAuthVerified", ctx.pluginCtx, {
+    authMode: "apiKey",
+    wallet: null,
+    route: routeEntry.key,
+    account: apiKeyResult.account
+  });
+  return { ok: true, account: apiKeyResult.account };
+}
+
+// src/pipeline/context/protocol-init-error.ts
+function protocolInitError(routeEntry, deps) {
+  if (!routeEntry.pricing) return null;
+  const errors = [];
+  for (const protocol of routeEntry.protocols) {
+    if (protocol === "x402" && deps.x402InitError) {
+      errors.push(`x402: ${deps.x402InitError}`);
+    }
+    if (protocol === "mpp" && deps.mppInitError) {
+      errors.push(`mpp: ${deps.mppInitError}`);
+    }
+  }
+  if (errors.length === 0) return null;
+  return `Payment protocol initialization failed. ${errors.join("; ")}`;
+}
+
 // src/pipeline/flows/api-key-only.ts
 async function runApiKeyOnlyFlow(ctx) {
   if (!ctx.routeEntry.apiKeyResolver) {
@@ -1221,13 +1276,22 @@ function selectPricing(raw, deps = {}) {
 // src/protocols/mpp/credential.ts
 var import_mppx = require("mppx");
 var import_viem = require("viem");
+var SESSION_ACTIONS = /* @__PURE__ */ new Set(["open", "topUp", "voucher", "close"]);
 function readMppCredential(request) {
   const credential = import_mppx.Credential.fromRequest(request);
   if (!credential) return null;
   const wallet = walletFromDid(credential.source ?? "");
-  const rawType = credential.payload?.type;
+  const payload = credential.payload;
+  const rawType = payload?.type;
   const payloadType = rawType === "transaction" ? "transaction" : rawType === "hash" ? "hash" : "unknown";
-  return { credential, wallet, payloadType };
+  const rawAction = payload?.action;
+  const sessionAction = typeof rawAction === "string" && SESSION_ACTIONS.has(rawAction) ? rawAction : void 0;
+  return {
+    credential,
+    wallet,
+    payloadType,
+    ...sessionAction ? { sessionAction } : {}
+  };
 }
 function walletFromDid(rawSource) {
   const parts = rawSource.split(":");
@@ -1235,6 +1299,168 @@ function walletFromDid(rawSource) {
   return normalizeWalletAddress((0, import_viem.isAddress)(last) ? (0, import_viem.getAddress)(last) : rawSource);
 }
 
+// src/protocols/mpp/session-mode.ts
+async function verifySessionMode(args, info) {
+  const { request, deps, price, routeEntry } = args;
+  if (!deps.mppx?.sessionRequest || !deps.mppx?.sessionStream || !deps.mppSessionConfig) {
+    return {
+      ok: false,
+      kind: "config",
+      message: "MPP sessions not configured on this server (set RouterConfig.mpp.session)"
+    };
+  }
+  const tickCost = routeEntry.tickCost;
+  const unitType = routeEntry.unitType;
+  const streaming = routeEntry.streaming === true;
+  const middleware = streaming ? deps.mppx.sessionStream : deps.mppx.sessionRequest;
+  const middlewareRequest = isChannelOnlyAction(info, request) ? new Request(request.url, { method: request.method, headers: request.headers }) : request;
+  let result;
+  try {
+    result = await middleware({
+      amount: tickCost,
+      unitType,
+      suggestedDeposit: price,
+      ...streaming ? { meta: { streaming: "true" } } : {}
+    })(middlewareRequest);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return {
+      ok: false,
+      kind: "config",
+      message: `MPP session verify failed: ${message}`
+    };
+  }
+  if (result.status === 402) {
+    const failure = await readMppxProblemDetails(result.challenge);
+    return { ok: false, kind: "invalid", failure };
+  }
+  const mppRecipient = deps.mppRecipient ?? deps.payeeAddress;
+  const payment = {
+    protocol: "mpp",
+    status: "verified",
+    payer: info.wallet,
+    amount: price,
+    network: "tempo:4217",
+    ...mppRecipient ? { recipient: mppRecipient } : {}
+  };
+  const token = {
+    mode: "session",
+    streaming,
+    sessionResult: result,
+    info,
+    tickCost
+  };
+  return {
+    ok: true,
+    wallet: info.wallet,
+    payment,
+    token,
+    alreadySettled: false
+  };
+}
+async function settleSessionMode(args) {
+  const { request, response, payment, token, billedAmount } = args;
+  const sessionToken = token;
+  if (isChannelOnlyAction(sessionToken.info, request)) {
+    const wrapped2 = sessionToken.sessionResult.withReceipt(
+      new Response(null, { status: 200 })
+    );
+    return {
+      ok: true,
+      response: wrapped2,
+      settledPayment: { ...payment, status: "settled", amount: billedAmount }
+    };
+  }
+  if (sessionToken.streaming) {
+    return {
+      ok: false,
+      error: new Error("streaming session content settled via request path"),
+      failMessage: "streaming session content settled via request path",
+      failStatus: 500
+    };
+  }
+  const wrapped = sessionToken.sessionResult.withReceipt(
+    response
+  );
+  wrapped.headers.set("Cache-Control", "private");
+  const receiptHeader = wrapped.headers.get(HEADERS.MPP_PAYMENT_RECEIPT) ?? void 0;
+  const settledPayment = {
+    ...payment,
+    status: "settled",
+    amount: billedAmount,
+    ...receiptHeader ? { receipt: receiptHeader } : {}
+  };
+  return { ok: true, response: wrapped, settledPayment };
+}
+async function buildSessionChallenge(args) {
+  const { request, deps, suggestedDeposit, routeEntry, report } = args;
+  if (!deps.mppSessionConfig) return {};
+  const streaming = routeEntry.streaming === true;
+  const middleware = streaming ? deps.mppx?.sessionStream : deps.mppx?.sessionRequest;
+  if (!middleware) return {};
+  const tickCost = routeEntry.tickCost;
+  const unitType = routeEntry.unitType;
+  try {
+    const result = await middleware({
+      amount: tickCost,
+      unitType,
+      suggestedDeposit,
+      ...streaming ? { meta: { streaming: "true" } } : {}
+    })(request);
+    if (result.status === 402) {
+      const wwwAuth = result.challenge.headers.get(HEADERS.WWW_AUTHENTICATE);
+      if (wwwAuth) return { headers: { [HEADERS.WWW_AUTHENTICATE]: wwwAuth } };
+    }
+  } catch (err) {
+    report(
+      "warn",
+      `MPP session challenge build failed: ${err instanceof Error ? err.message : String(err)}`
+    );
+    throw err;
+  }
+  return {};
+}
+function isChannelOnlyAction(info, request) {
+  const action = info.sessionAction;
+  if (!action) return false;
+  if (action === "close" || action === "topUp") return true;
+  if ((action === "open" || action === "voucher") && !hasRequestBody(request)) return true;
+  return false;
+}
+async function readMppxProblemDetails(challenge) {
+  let body;
+  try {
+    body = await challenge.clone().text();
+  } catch {
+    return { reason: "mpp_session_invalid" };
+  }
+  if (!body) return { reason: "mpp_session_invalid" };
+  let parsed;
+  try {
+    parsed = JSON.parse(body);
+  } catch {
+    return { reason: "mpp_session_invalid", message: body.slice(0, 500) };
+  }
+  if (!parsed || typeof parsed !== "object") {
+    return { reason: "mpp_session_invalid" };
+  }
+  const details = parsed;
+  const typeUri = typeof details.type === "string" ? details.type : void 0;
+  const slug = typeUri ? typeUri.split("/").pop() : void 0;
+  const reason = slug ? slug.replace(/-/g, "_") : "mpp_session_invalid";
+  const message = typeof details.detail === "string" && details.detail.length > 0 ? details.detail : typeof details.title === "string" ? details.title : void 0;
+  return message ? { reason, message } : { reason };
+}
+function hasRequestBody(request) {
+  const cl = request.headers.get("content-length");
+  if (cl !== null) {
+    const n = Number.parseInt(cl.trim(), 10);
+    return Number.isFinite(n) && n > 0;
+  }
+  if (request.headers.get("transfer-encoding") !== null) return true;
+  return false;
+}
+
 // src/protocols/mpp/transaction-mode.ts
 var import_tempo = require("viem/tempo");
 var import_actions = require("viem/actions");
@@ -1262,7 +1488,7 @@ async function readChallengeReason(challenge) {
 
 // src/protocols/mpp/transaction-mode.ts
 async function verifyTxMode(args, info) {
-  const { deps, price, routeEntry } = args;
+  const { deps, price, report } = args;
   if (!deps.tempoClient) {
     return {
       ok: false,
@@ -1280,7 +1506,7 @@ async function verifyTxMode(args, info) {
     });
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
-    console.warn(`[router] ${routeEntry.key}: MPP simulation failed \u2014 ${message}`);
+    report("warn", `MPP simulation failed: ${message}`);
     return { ok: false, kind: "invalid" };
   }
   const mppRecipient = deps.mppRecipient ?? deps.payeeAddress;
@@ -1301,7 +1527,7 @@ async function verifyTxMode(args, info) {
   };
 }
 async function settleTxMode(args) {
-  const { request, response, payment, deps, routeEntry } = args;
+  const { request, response, payment, deps, report } = args;
   if (!deps.mppx) {
     return {
       ok: false,
@@ -1315,7 +1541,7 @@ async function settleTxMode(args) {
     result = await deps.mppx.charge({ amount: payment.amount })(request);
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
-    console.error(`[router] ${routeEntry.key}: MPP broadcast failed after handler: ${message}`);
+    report("error", `MPP broadcast failed after handler: ${message}`);
     return {
       ok: false,
       error: err,
@@ -1332,7 +1558,7 @@ async function settleTxMode(args) {
       mppResult: result,
       challenge: result.challenge
     });
-    console.error(`[router] ${routeEntry.key}: MPP payment failed after handler \u2014 ${detail}`);
+    report("error", `MPP payment failed after handler: ${detail}`);
     return {
       ok: false,
       error: settlementError,
@@ -1355,10 +1581,10 @@ async function settleTxMode(args) {
 
 // src/protocols/mpp/hash-mode.ts
 async function verifyHashMode(args, info) {
-  const { deps, price, routeEntry, request } = args;
+  const { deps, price, request, report } = args;
   if (!deps.mppx) {
     const reason = deps.mppInitError ? `MPP initialization failed: ${deps.mppInitError}` : "MPP not initialized \u2014 ensure mppx is installed and mpp config (secretKey, currency, recipient) is correct";
-    console.error(`[router] ${routeEntry.key}: ${reason}`);
+    report("error", reason);
     return { ok: false, kind: "config", message: reason };
   }
   let chargeResult;
@@ -1366,13 +1592,13 @@ async function verifyHashMode(args, info) {
     chargeResult = await deps.mppx.charge({ amount: price })(request);
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
-    console.error(`[router] ${routeEntry.key}: MPP charge failed: ${message}`);
+    report("error", `MPP charge failed: ${message}`);
     return { ok: false, kind: "config", message: `MPP payment processing failed: ${message}` };
   }
   if (chargeResult.status === 402) {
     const reason = await readChallengeReason(chargeResult.challenge);
     const detail = reason || "credential may be invalid, or check TEMPO_RPC_URL configuration";
-    console.warn(`[router] ${routeEntry.key}: MPP credential rejected \u2014 ${detail}`);
+    report("warn", `MPP credential rejected: ${detail}`);
     return { ok: false, kind: "invalid" };
   }
   const receiptHeader = chargeResult.withReceipt(new Response()).headers.get(
@@ -1417,9 +1643,20 @@ var mppStrategy = {
     const auth = request.headers.get(HEADERS.AUTHORIZATION);
     return Boolean(auth && auth.startsWith(AUTH_SCHEME.MPP_PAYMENT));
   },
+  preflight(request, _routeEntry) {
+    const info = readMppCredential(request);
+    if (!info?.sessionAction) return null;
+    if (!isChannelOnlyAction(info, request)) return null;
+    return { skipBody: true, skipHandler: true };
+  },
   async verify(args) {
     const info = readMppCredential(args.request);
     if (!info) return { ok: false, kind: "invalid" };
+    if (args.routeEntry.dynamicPrice) {
+      if (!info.sessionAction) return { ok: false, kind: "invalid" };
+      return verifySessionMode(args, info);
+    }
+    if (info.sessionAction) return { ok: false, kind: "invalid" };
     if (info.payloadType === "transaction" && args.deps.tempoClient) {
       return verifyTxMode(args, info);
     }
@@ -1427,28 +1664,88 @@ var mppStrategy = {
   },
   async settle(args) {
     const token = args.token;
+    if (token.mode === "session") return settleSessionMode(args);
     if (token.mode === "transaction") return settleTxMode(args);
     return settleHashMode(args);
   },
+  async settleStream(args) {
+    const token = args.token;
+    if (token.mode !== "session" || !token.streaming) {
+      return {
+        ok: false,
+        error: new Error("streaming requires a streaming-mode MPP session credential"),
+        failMessage: "streaming requires a streaming-mode MPP session credential",
+        failStatus: 400
+      };
+    }
+    const sessionToken = token;
+    const sseResult = sessionToken.sessionResult;
+    const { bindChannelCharge, source: handlerStream } = args;
+    async function* forwardHandlerStreamWithChannelDebit(channel) {
+      bindChannelCharge(channel.charge);
+      try {
+        for await (const chunk of handlerStream) {
+          yield typeof chunk === "string" ? chunk : JSON.stringify(chunk);
+        }
+      } finally {
+        bindChannelCharge(null);
+      }
+    }
+    const sse = sseResult.withReceipt(forwardHandlerStreamWithChannelDebit);
+    sse.headers.set("Cache-Control", "private");
+    const settledPayment = {
+      ...args.payment,
+      status: "settled",
+      amount: args.payment.amount
+    };
+    return { ok: true, response: sse, settledPayment };
+  },
   async buildChallenge(args) {
     if (!args.deps.mppx) return {};
-    try {
-      const result = await args.deps.mppx.charge({ amount: args.price })(args.request);
-      if (result.status === 402) {
-        const wwwAuth = result.challenge.headers.get(HEADERS.WWW_AUTHENTICATE);
-        if (wwwAuth) return { headers: { [HEADERS.WWW_AUTHENTICATE]: wwwAuth } };
-      }
-    } catch (err) {
-      console.warn(
-        `[router] MPP challenge build failed: ${err instanceof Error ? err.message : String(err)}`
-      );
-      throw err;
+    const sessionsConfigured = args.deps.mppSessionConfig && (args.deps.mppx.sessionRequest || args.deps.mppx.sessionStream);
+    if (args.routeEntry.dynamicPrice && sessionsConfigured) {
+      const tickCost = args.routeEntry.tickCost;
+      const computedDeposit = tickCost !== void 0 ? multiplyDecimal(tickCost, args.deps.mppSessionConfig.depositMultiplier) : void 0;
+      const suggestedDeposit = args.routeEntry.maxPrice ?? computedDeposit ?? args.price;
+      return buildSessionChallenge({
+        ...args,
+        suggestedDeposit
+      });
     }
-    return {};
+    return buildChargeChallenge(args);
   }
 };
+function multiplyDecimal(decimal, factor) {
+  if (!Number.isFinite(factor) || factor <= 0) return decimal;
+  const [whole, fraction = ""] = decimal.split(".");
+  const scaled = (BigInt(whole + fraction) * BigInt(factor)).toString();
+  const decimals = fraction.length;
+  if (decimals === 0) return scaled;
+  const padded = scaled.padStart(decimals + 1, "0");
+  const intPart = padded.slice(0, padded.length - decimals);
+  const fracPart = padded.slice(padded.length - decimals).replace(/0+$/, "");
+  return fracPart ? `${intPart}.${fracPart}` : intPart;
+}
+async function buildChargeChallenge(args) {
+  if (!args.deps.mppx) return {};
+  try {
+    const result = await args.deps.mppx.charge({ amount: args.price })(args.request);
+    if (result.status === 402) {
+      const wwwAuth = result.challenge.headers.get(HEADERS.WWW_AUTHENTICATE);
+      if (wwwAuth) return { headers: { [HEADERS.WWW_AUTHENTICATE]: wwwAuth } };
+    }
+  } catch (err) {
+    args.report(
+      "warn",
+      `MPP challenge build failed: ${err instanceof Error ? err.message : String(err)}`
+    );
+    throw err;
+  }
+  return {};
+}
 
 // src/protocols/x402/strategy.ts
+var import_evm3 = require("@x402/evm");
 init_accepts();
 
 // src/protocols/x402/challenge.ts
@@ -1458,20 +1755,27 @@ init_solana();
 // src/protocols/x402/requirements.ts
 init_evm();
 init_solana();
-async function buildExpectedRequirements(server, request, price, accepts) {
-  const exactRequirements = await buildExactRequirements(server, request, price, accepts);
+async function buildExpectedRequirements(server, request, price, accepts, report) {
+  const sdkRequirements = await buildSdkHandledRequirements(
+    server,
+    request,
+    price,
+    accepts,
+    report
+  );
   const customRequirements = buildCustomRequirements(price, accepts);
-  return [...exactRequirements, ...customRequirements];
+  return [...sdkRequirements, ...customRequirements];
 }
-async function buildExactRequirements(server, request, price, accepts) {
-  const exactGroups = [
+async function buildSdkHandledRequirements(server, request, price, accepts, report) {
+  const groups = [
     buildEvmExactOptions(accepts, price),
+    buildEvmUptoOptions(accepts, price),
     buildSolanaExactOptions(accepts, price)
   ].filter((options) => options.length > 0);
-  if (exactGroups.length === 0) return [];
+  if (groups.length === 0) return [];
   const requirements = [];
   const failures = [];
-  for (const options of exactGroups) {
+  for (const options of groups) {
     try {
       requirements.push(
         ...await server.buildPaymentRequirementsFromOptions(options, { request })
@@ -1479,21 +1783,31 @@ async function buildExactRequirements(server, request, price, accepts) {
     } catch (error) {
       const err = error instanceof Error ? error : new Error(String(error));
       failures.push(err);
-      if (exactGroups.length === 1) {
+      if (groups.length === 1) {
         throw err;
       }
-      console.warn(
-        `[router] Failed to build x402 exact requirements for ${options[0]?.network}: ${err.message}`
+      report?.(
+        "warn",
+        `Failed to build x402 ${options[0]?.scheme} requirements for ${options[0]?.network}: ${err.message}`
       );
     }
   }
   if (requirements.length > 0) {
     return requirements;
   }
-  throw failures[0] ?? new Error("Failed to build x402 exact requirements");
+  throw failures[0] ?? new Error("Failed to build x402 SDK-handled requirements");
 }
 function buildCustomRequirements(price, accepts) {
-  return accepts.filter((accept) => accept.scheme !== "exact").map((accept) => buildCustomRequirement(price, accept));
+  return accepts.filter((accept) => !isSdkHandled(accept)).map((accept) => buildCustomRequirement(price, accept));
+}
+function isSdkHandled(accept) {
+  if (isEvmNetwork(accept.network)) {
+    return accept.scheme === "exact" || accept.scheme === "upto";
+  }
+  if (isSolanaRequirement({ network: accept.network })) {
+    return accept.scheme === "exact";
+  }
+  return false;
 }
 function buildCustomRequirement(price, accept) {
   if (!accept.asset) {
@@ -1527,7 +1841,7 @@ function decimalToAtomicUnits(amount, decimals) {
 
 // src/protocols/x402/challenge.ts
 async function buildX402Challenge(opts) {
-  const { server, routeEntry, request, price, accepts, facilitatorsByNetwork, extensions } = opts;
+  const { server, routeEntry, request, price, accepts, facilitatorsByNetwork, extensions, report } = opts;
   const { encodePaymentRequiredHeader } = await import("@x402/core/http");
   const resource = buildChallengeResource(request, routeEntry);
   const requirements = await buildChallengeRequirements(
@@ -1536,7 +1850,8 @@ async function buildX402Challenge(opts) {
     price,
     accepts,
     resource,
-    facilitatorsByNetwork
+    facilitatorsByNetwork,
+    report
   );
   const paymentRequired = await server.createPaymentRequiredResponse(
     requirements,
@@ -1547,13 +1862,13 @@ async function buildX402Challenge(opts) {
   const encoded = encodePaymentRequiredHeader(paymentRequired);
   return { encoded, requirements };
 }
-async function buildChallengeRequirements(server, request, price, accepts, resource, facilitatorsByNetwork) {
-  const requirements = await buildExpectedRequirements(server, request, price, accepts);
+async function buildChallengeRequirements(server, request, price, accepts, resource, facilitatorsByNetwork, report) {
+  const requirements = await buildExpectedRequirements(server, request, price, accepts, report);
   if (!needsFacilitatorEnrichment(accepts)) return requirements;
-  return enrichChallengeRequirements(requirements, resource, facilitatorsByNetwork);
+  return enrichChallengeRequirements(requirements, resource, facilitatorsByNetwork, report);
 }
 function needsFacilitatorEnrichment(accepts) {
-  return accepts.some((accept) => accept.scheme !== "exact") || hasSolanaAccepts(accepts);
+  return hasSolanaAccepts(accepts);
 }
 async function enrichGroup(group, resource) {
   const accepted = await enrichRequirementsWithFacilitatorAccepts(
@@ -1568,7 +1883,7 @@ async function enrichGroup(group, resource) {
   }
   return accepted;
 }
-async function enrichChallengeRequirements(requirements, resource, facilitatorsByNetwork) {
+async function enrichChallengeRequirements(requirements, resource, facilitatorsByNetwork, report) {
   const groups = collectEnrichmentGroups(requirements, facilitatorsByNetwork);
   if (groups.length === 0) return requirements;
   const results = await Promise.all(
@@ -1578,8 +1893,9 @@ async function enrichChallengeRequirements(requirements, resource, facilitatorsB
       } catch (err) {
         const label = group.facilitator.url ?? group.facilitator.network;
         const reason = err instanceof Error ? err.message : String(err);
-        console.warn(
-          `[router] ${label} /accepts failed, dropping ${group.items.length} requirement(s): ${reason}`
+        report?.(
+          "warn",
+          `${label} /accepts failed, dropping ${group.items.length} requirement(s): ${reason}`
         );
         return { success: false, group };
       }
@@ -1632,7 +1948,7 @@ function getRequiredFacilitator(requirement, facilitatorsByNetwork) {
   return facilitator;
 }
 function requiresFacilitatorEnrichment(requirement) {
-  return requirement.scheme !== "exact" || isSolanaRequirement(requirement);
+  return isSolanaRequirement(requirement);
 }
 function buildChallengeResource(request, routeEntry) {
   return {
@@ -1644,33 +1960,68 @@ function buildChallengeResource(request, routeEntry) {
 }
 
 // src/protocols/x402/settle.ts
-async function settleX402Payment(server, payload, requirements) {
+async function settleX402Payment(server, payload, requirements, amountOverride) {
   const { encodePaymentResponseHeader } = await import("@x402/core/http");
+  if (amountOverride?.amount !== void 0) {
+    const upstreamTaggedAmount = tagBareDecimalAsDollars(amountOverride.amount);
+    const result2 = await server.settlePayment(payload, requirements, void 0, void 0, {
+      amount: upstreamTaggedAmount
+    });
+    return {
+      encoded: encodePaymentResponseHeader(result2),
+      result: result2
+    };
+  }
   const result = await server.settlePayment(payload, requirements);
-  const encoded = encodePaymentResponseHeader(result);
-  return { encoded, result };
+  return {
+    encoded: encodePaymentResponseHeader(result),
+    result
+  };
+}
+function tagBareDecimalAsDollars(amount) {
+  if (/^\d+\.\d+$/.test(amount)) return `$${amount}`;
+  return amount;
 }
 
 // src/protocols/x402/verify.ts
+var import_types2 = require("@x402/core/types");
 async function verifyX402Payment(opts) {
-  const { server, request, price, accepts } = opts;
+  const { server, request, price, accepts, report } = opts;
   const payload = await readPaymentPayload(request);
   if (!payload) return null;
-  const requirements = await buildExpectedRequirements(server, request, price, accepts);
+  const requirements = await buildExpectedRequirements(server, request, price, accepts, report);
   const matching = findVerifiableRequirements(server, requirements, payload);
+  const accepted = payload.x402Version === 2 ? payload.accepted : void 0;
   if (!matching) {
-    return invalidPaymentVerification();
+    return invalidPaymentVerification({
+      reason: "requirements_mismatch",
+      message: "Signed payment requirements did not match any server-built requirement",
+      ...accepted ? { accepted } : {}
+    });
   }
   let verify;
   try {
     verify = await server.verifyPayment(payload, matching);
   } catch (err) {
-    const sc = err.statusCode;
-    if (sc && sc >= 400 && sc < 500) return invalidPaymentVerification();
+    if (err instanceof import_types2.VerifyError && err.statusCode >= 400 && err.statusCode < 500) {
+      return invalidPaymentVerification({
+        reason: err.invalidReason ?? "verify_error",
+        ...err.invalidMessage ? { message: err.invalidMessage } : {},
+        ...err.payer ? { payer: err.payer } : {},
+        ...accepted ? { accepted } : {}
+      });
+    }
     throw err;
   }
-  if (!verify.isValid) return invalidPaymentVerification();
-  if (typeof verify.payer !== "string" || verify.payer.length === 0) {
+  if (!verify.isValid) {
+    return invalidPaymentVerification({
+      reason: verify.invalidReason ?? "unknown",
+      ...verify.invalidMessage ? { message: verify.invalidMessage } : {},
+      ...verify.payer ? { payer: verify.payer } : {},
+      ...accepted ? { accepted } : {}
+    });
+  }
+  if (!verify.payer) {
     throw new Error("x402 verification succeeded without a payer address");
   }
   return {
@@ -1702,11 +2053,36 @@ async function readPaymentPayload(request) {
   const { decodePaymentSignatureHeader } = await import("@x402/core/http");
   return decodePaymentSignatureHeader(paymentHeader);
 }
-function invalidPaymentVerification() {
-  return { valid: false, payload: null, requirements: null, payer: null };
+function invalidPaymentVerification(failure) {
+  return {
+    valid: false,
+    payload: null,
+    requirements: null,
+    payer: null,
+    ...failure ? { failure } : {}
+  };
 }
 
 // src/protocols/x402/strategy.ts
+function formatVerifyFailureMessage(failure) {
+  if (failure.reason === "permit2_allowance_required") {
+    const wallet = failure.payer ?? "<the payer wallet>";
+    const asset = failure.accepted?.asset ?? "<the asset>";
+    const amount = failure.accepted?.amount ?? "<the required amount>";
+    const network = failure.accepted?.network ?? "<the payment network>";
+    return [
+      `Payment rejected: In order for Upto to charge, the wallet ${wallet} MUST approve Permit2 to spend ${asset} on ${network}.`,
+      `Required call (one-time, on-chain): ${asset}.approve(${import_evm3.PERMIT2_ADDRESS}, MAX_UINT256) from ${wallet}.`,
+      `Permit2 contract address: ${import_evm3.PERMIT2_ADDRESS}.`,
+      `Minimum allowance for this request: ${amount} (smallest units of ${asset}); use MAX_UINT256 to avoid re-approving on every future call.`,
+      `Alternative without an on-chain transaction: the merchant can adopt the EIP-2612 gas-sponsoring extension (https://docs.x402.org/extensions/eip2612-gas-sponsoring).`
+    ].join(" ");
+  }
+  if (failure.message) {
+    return `Payment rejected (${failure.reason}): ${failure.message}`;
+  }
+  return `Payment rejected: ${failure.reason}`;
+}
 var x402Strategy = {
   protocol: "x402",
   detects(request) {
@@ -1714,114 +2090,123 @@ var x402Strategy = {
       request.headers.get(HEADERS.X402_PAYMENT_SIGNATURE) ?? request.headers.get(HEADERS.X402_PAYMENT_LEGACY)
     );
   },
-  async verify(args) {
-    const { request, body, price, routeEntry, deps } = args;
-    if (!deps.x402Server) {
-      const reason = deps.x402InitError ? `x402 facilitator initialization failed: ${deps.x402InitError}` : "x402 server not initialized \u2014 ensure @x402/core, @x402/evm, and @coinbase/x402 are installed";
-      console.error(`[router] ${routeEntry.key}: ${reason}`);
-      return { ok: false, kind: "config", message: reason };
-    }
-    const accepts = await resolveX402Accepts(
-      request,
-      routeEntry,
-      deps.x402Accepts,
-      deps.payeeAddress,
-      body
-    );
-    const verifyResult = await verifyX402Payment({
-      server: deps.x402Server,
-      request,
-      price,
-      accepts
-    });
-    if (!verifyResult?.valid) return { ok: false, kind: "invalid" };
-    const wallet = normalizeWalletAddress(verifyResult.payer);
-    const matchedNetwork = getRequirementNetwork(verifyResult.requirements, deps.network);
-    const matchedRecipient = getRequirementRecipient(verifyResult.requirements);
-    const payment = {
-      protocol: "x402",
-      status: "verified",
-      payer: wallet,
-      amount: price,
-      network: matchedNetwork,
-      ...matchedRecipient ? { recipient: matchedRecipient } : {}
-    };
-    return {
-      ok: true,
-      wallet,
-      payment,
-      token: {
-        payload: verifyResult.payload,
-        requirements: verifyResult.requirements
-      }
-    };
-  },
-  async settle(args) {
-    const { response, payment, token, deps } = args;
-    const x402Token = token;
-    try {
-      const settle = await settleX402Payment(
-        deps.x402Server,
-        x402Token.payload,
-        x402Token.requirements
-      );
-      if (!settle.result?.success) {
-        const reason = settle.result?.errorReason || "x402 settlement returned success=false";
-        const error = new Error(reason);
-        error.errorReason = reason;
-        throw error;
-      }
-      response.headers.set(HEADERS.X402_PAYMENT_RESPONSE, settle.encoded);
-      response.headers.set("Cache-Control", "private");
-      const transaction = String(settle.result?.transaction ?? "");
-      const settledPayment = {
-        ...payment,
-        status: "settled",
-        ...transaction ? { transaction } : {}
+  verify: (args) => verifyX402(args),
+  settle: (args) => settleX402(args),
+  buildChallenge: (args) => buildX402ChallengeContribution(args)
+};
+async function verifyX402(args) {
+  const { request, body, price, routeEntry, deps, report } = args;
+  if (!deps.x402Server) {
+    const reason = deps.x402InitError ? `x402 facilitator initialization failed: ${deps.x402InitError}` : "x402 server not initialized \u2014 ensure @x402/core, @x402/evm, and @coinbase/x402 are installed";
+    report("error", reason);
+    return { ok: false, kind: "config", message: reason };
+  }
+  const accepts = await resolveX402Accepts(
+    request,
+    routeEntry,
+    deps.x402Accepts,
+    deps.payeeAddress,
+    body
+  );
+  const verifyResult = await verifyX402Payment({
+    server: deps.x402Server,
+    request,
+    price,
+    accepts,
+    report
+  });
+  if (!verifyResult?.valid) {
+    const failure = verifyResult?.failure;
+    if (failure) {
+      return {
+        ok: false,
+        kind: "invalid",
+        failure: {
+          reason: failure.reason,
+          message: formatVerifyFailureMessage(failure)
+        }
       };
-      return { ok: true, response, settledPayment };
-    } catch (err) {
-      const errObj = err;
-      console.error("Settlement failed", {
-        message: err instanceof Error ? err.message : String(err),
-        route: args.routeEntry.key,
-        network: payment.network,
-        errorReason: errObj.errorReason,
-        facilitatorStatus: errObj.response?.status,
-        facilitatorBody: errObj.response?.data ?? errObj.response?.body
-      });
-      return { ok: false, error: err, failMessage: "Settlement failed" };
     }
-  },
-  async buildChallenge(args) {
-    const { request, routeEntry, body, price, extensions, deps } = args;
-    if (!deps.x402Server) return {};
-    const accepts = await resolveX402Accepts(
-      request,
-      routeEntry,
-      deps.x402Accepts,
-      deps.payeeAddress,
-      body
-    );
-    const { encoded } = await buildX402Challenge({
-      server: deps.x402Server,
-      routeEntry,
-      request,
-      price,
-      accepts,
-      facilitatorsByNetwork: deps.x402FacilitatorsByNetwork,
-      extensions
-    });
-    return { headers: { [HEADERS.X402_PAYMENT_REQUIRED]: encoded } };
+    return { ok: false, kind: "invalid" };
+  }
+  const wallet = normalizeWalletAddress(verifyResult.payer);
+  const { network, payTo } = verifyResult.requirements;
+  const payment = {
+    protocol: "x402",
+    status: "verified",
+    payer: wallet,
+    amount: price,
+    network,
+    ...payTo ? { recipient: payTo } : {}
+  };
+  return {
+    ok: true,
+    wallet,
+    payment,
+    token: {
+      payload: verifyResult.payload,
+      requirements: verifyResult.requirements
+    }
+  };
+}
+async function settleX402(args) {
+  const { response, payment, token, deps, routeEntry, billedAmount, report } = args;
+  const { payload, requirements } = token;
+  const override = routeEntry.dynamicPrice ? { amount: billedAmount } : void 0;
+  try {
+    const settle = await settleX402Payment(deps.x402Server, payload, requirements, override);
+    if (!settle.result?.success) {
+      throw Object.assign(
+        new Error(settle.result?.errorReason ?? "x402 settlement returned success=false"),
+        { errorReason: settle.result?.errorReason }
+      );
+    }
+    response.headers.set(HEADERS.X402_PAYMENT_RESPONSE, settle.encoded);
+    response.headers.set("Cache-Control", "private");
+    const transaction = String(settle.result.transaction ?? "");
+    const settledPayment = {
+      ...payment,
+      status: "settled",
+      amount: billedAmount,
+      ...transaction ? { transaction } : {}
+    };
+    return { ok: true, response, settledPayment };
+  } catch (err) {
+    reportSettleFailure(report, err, payment.network);
+    return { ok: false, error: err, failMessage: "Settlement failed" };
   }
-};
-function getRequirementNetwork(requirements, fallback) {
-  const network = requirements?.network;
-  return typeof network === "string" ? network : fallback;
 }
-function getRequirementRecipient(requirements) {
-  const payTo = requirements?.payTo;
-  return typeof payTo === "string" ? payTo : void 0;
+async function buildX402ChallengeContribution(args) {
+  const { request, routeEntry, body, price, extensions, deps, report } = args;
+  if (!deps.x402Server) return {};
+  const accepts = await resolveX402Accepts(
+    request,
+    routeEntry,
+    deps.x402Accepts,
+    deps.payeeAddress,
+    body
+  );
+  const { encoded } = await buildX402Challenge({
+    server: deps.x402Server,
+    routeEntry,
+    request,
+    price,
+    accepts,
+    facilitatorsByNetwork: deps.x402FacilitatorsByNetwork,
+    extensions,
+    report
+  });
+  return { headers: { [HEADERS.X402_PAYMENT_REQUIRED]: encoded } };
+}
+function reportSettleFailure(report, err, network) {
+  const facilitator = err ?? {};
+  report("error", "Settlement failed", {
+    error: err instanceof Error ? err.message : String(err),
+    network,
+    errorReason: facilitator.errorReason,
+    facilitatorStatus: facilitator.response?.status,
+    facilitatorBody: facilitator.response?.data ?? facilitator.response?.body
+  });
 }
 
 // src/protocols/detect.ts
@@ -1855,23 +2240,75 @@ function getAllowedStrategies(allowed) {
   return allowed.map((name) => STRATEGIES[name]);
 }
 
-// src/pipeline/challenge.ts
+// src/pipeline/flows/build402.ts
 var import_server4 = require("next/server");
-async function build402(ctx, pricing, body) {
-  let challengePrice;
+
+// src/pipeline/challenge-extensions.ts
+async function buildChallengeExtensions(ctx) {
+  const { routeEntry } = ctx;
+  let extensions;
   try {
-    challengePrice = pricing ? await pricing.challengeQuote(body) : "0";
+    const { z } = await import("zod");
+    const { declareDiscoveryExtension } = await import("@x402/extensions/bazaar");
+    const toJSON = (schema) => z.toJSONSchema(schema, {
+      target: "draft-2020-12",
+      unrepresentable: "any"
+    });
+    const inputSchema = routeEntry.bodySchema ? toJSON(routeEntry.bodySchema) : routeEntry.querySchema ? toJSON(routeEntry.querySchema) : void 0;
+    const outputSchema = routeEntry.outputSchema ? toJSON(routeEntry.outputSchema) : void 0;
+    if (inputSchema) {
+      const config = {
+        method: routeEntry.method,
+        bodyType: routeEntry.bodySchema ? "json" : void 0,
+        inputSchema
+      };
+      if (routeEntry.inputExample !== void 0) {
+        config.input = routeEntry.inputExample;
+      }
+      if (outputSchema && routeEntry.outputExample !== void 0) {
+        config.output = { schema: outputSchema, example: routeEntry.outputExample };
+      }
+      extensions = declareDiscoveryExtension(config);
+    }
   } catch (err) {
-    const message = errorMessage(err, "Price calculation failed");
-    const errorResponse = import_server4.NextResponse.json(
-      { success: false, error: message },
-      { status: errorStatus(err, 500) }
-    );
-    firePluginResponse(ctx, errorResponse);
-    return errorResponse;
-  }
-  const extensions = await buildChallengeExtensions(ctx);
-  const response = new import_server4.NextResponse(null, {
+    firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
+      level: "warn",
+      message: `Bazaar schema generation failed: ${err instanceof Error ? err.message : String(err)}`,
+      route: routeEntry.key
+    });
+  }
+  if (routeEntry.siwxEnabled) {
+    try {
+      const siwxExtension = await buildSIWXExtension();
+      if (siwxExtension && typeof siwxExtension === "object" && !Array.isArray(siwxExtension)) {
+        extensions = {
+          ...extensions ?? {},
+          ...siwxExtension
+        };
+      }
+    } catch {
+    }
+  }
+  return extensions;
+}
+
+// src/pipeline/flows/build402.ts
+async function build402(ctx, pricing, body, failure) {
+  let challengePrice;
+  try {
+    challengePrice = pricing ? await pricing.challengeQuote(body) : "0";
+  } catch (err) {
+    const message = errorMessage(err, "Price calculation failed");
+    const errorResponse = import_server4.NextResponse.json(
+      { success: false, error: message },
+      { status: errorStatus(err, 500) }
+    );
+    firePluginResponse(ctx, errorResponse);
+    return errorResponse;
+  }
+  const extensions = await buildChallengeExtensions(ctx);
+  const responseBody = failure ? JSON.stringify({ error: failure.message ?? null, reason: failure.reason }) : null;
+  const response = new import_server4.NextResponse(responseBody, {
     status: 402,
     headers: {
       "Content-Type": "application/json",
@@ -1886,7 +2323,8 @@ async function build402(ctx, pricing, body) {
         body,
         price: challengePrice,
         extensions,
-        deps: ctx.deps
+        deps: ctx.deps,
+        report: ctx.report
       });
       if (contribution.headers) {
         for (const [name, value] of Object.entries(contribution.headers)) {
@@ -1895,11 +2333,7 @@ async function build402(ctx, pricing, body) {
       }
     } catch (err) {
       const message = `${strategy.protocol} challenge build failed: ${errorMessage(err, String(err))}`;
-      firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-        level: "critical",
-        message,
-        route: ctx.routeEntry.key
-      });
+      ctx.report("critical", message);
       if (strategy.protocol === "x402") {
         const errorResponse = import_server4.NextResponse.json(
           { success: false, error: message },
@@ -1913,97 +2347,313 @@ async function build402(ctx, pricing, body) {
   firePluginResponse(ctx, response);
   return response;
 }
-async function buildChallengeExtensions(ctx) {
-  const { routeEntry } = ctx;
-  let extensions;
+
+// src/pipeline/flows/dynamic/dynamic-body-and-price.ts
+async function resolveDynamicBodyAndPrice(args) {
+  const { ctx, pricing, skipBody } = args;
+  if (skipBody) {
+    return {
+      ok: true,
+      parsedBody: void 0,
+      price: surrogatePriceForSkippedBody(ctx.routeEntry)
+    };
+  }
+  const body = await parseBody(ctx);
+  if (!body.ok) return { ok: false, response: body.response };
+  const validateErr = await runValidate(ctx, body.data);
+  if (validateErr) {
+    return { ok: false, response: validateErr };
+  }
+  if (!pricing) {
+    return { ok: false, response: fail(ctx, 500, "Pricing not configured", body.data) };
+  }
   try {
-    const { z } = await import("zod");
-    const { declareDiscoveryExtension } = await import("@x402/extensions/bazaar");
-    const toJSON = (schema) => z.toJSONSchema(schema, {
-      target: "draft-2020-12",
-      unrepresentable: "any"
-    });
-    const inputSchema = routeEntry.bodySchema ? toJSON(routeEntry.bodySchema) : routeEntry.querySchema ? toJSON(routeEntry.querySchema) : void 0;
-    const outputSchema = routeEntry.outputSchema ? toJSON(routeEntry.outputSchema) : void 0;
-    if (inputSchema) {
-      const config = {
-        method: routeEntry.method,
-        bodyType: routeEntry.bodySchema ? "json" : void 0,
-        inputSchema
-      };
-      if (routeEntry.inputExample !== void 0) {
-        config.input = routeEntry.inputExample;
-      }
-      if (outputSchema && routeEntry.outputExample !== void 0) {
-        config.output = { schema: outputSchema, example: routeEntry.outputExample };
-      }
-      extensions = declareDiscoveryExtension(config);
-    }
+    const price = await pricing.quote(body.data);
+    return { ok: true, parsedBody: body.data, price };
   } catch (err) {
-    firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-      level: "warn",
-      message: `Bazaar schema generation failed: ${err instanceof Error ? err.message : String(err)}`,
-      route: routeEntry.key
-    });
+    return {
+      ok: false,
+      response: fail(
+        ctx,
+        errorStatus(err, 500),
+        errorMessage(err, "Price calculation failed"),
+        body.data
+      )
+    };
   }
-  if (routeEntry.siwxEnabled) {
-    try {
-      const siwxExtension = await buildSIWXExtension();
-      if (siwxExtension && typeof siwxExtension === "object" && !Array.isArray(siwxExtension)) {
-        extensions = {
-          ...extensions ?? {},
-          ...siwxExtension
-        };
-      }
-    } catch {
+}
+function surrogatePriceForSkippedBody(routeEntry) {
+  return routeEntry.maxPrice ?? routeEntry.minPrice ?? "0";
+}
+
+// src/pipeline/flows/dynamic/dynamic-channel-mgmt.ts
+var import_server5 = require("next/server");
+async function runDynamicChannelMgmtFlow(args) {
+  const { ctx, strategy, account, pricing, skipBody } = args;
+  const { request, routeEntry, deps, report } = ctx;
+  const bodyAndPrice = await resolveDynamicBodyAndPrice({ ctx, pricing, skipBody });
+  if (!bodyAndPrice.ok) return bodyAndPrice.response;
+  const { parsedBody, price } = bodyAndPrice;
+  const verifyOutcome = await strategy.verify({
+    request,
+    body: parsedBody,
+    price,
+    routeEntry,
+    deps,
+    report
+  });
+  if (verifyOutcome.ok === false) {
+    if (verifyOutcome.kind === "config") {
+      return fail(ctx, 500, verifyOutcome.message, parsedBody);
     }
+    return build402(ctx, pricing, parsedBody, verifyOutcome.failure);
   }
-  return extensions;
+  ctx.pluginCtx.setVerifiedWallet(verifyOutcome.wallet);
+  firePluginHook(deps.plugin, "onPaymentVerified", ctx.pluginCtx, {
+    protocol: strategy.protocol,
+    payer: verifyOutcome.wallet,
+    amount: price,
+    network: verifyOutcome.payment.network
+  });
+  const synthetic = new import_server5.NextResponse(null, { status: 200 });
+  const settleScope = {
+    wallet: verifyOutcome.wallet,
+    account,
+    body: parsedBody,
+    payment: verifyOutcome.payment,
+    response: synthetic,
+    rawResult: void 0
+  };
+  const beforeErr = await runBeforeSettle(ctx, settleScope);
+  if (beforeErr) return beforeErr;
+  return settleAndFinalizeRequest({
+    ctx,
+    strategy,
+    verifyOutcome,
+    scope: settleScope,
+    rawResult: void 0,
+    body: parsedBody,
+    billedAmount: "0",
+    onSettleError: async (error, failMessage) => {
+      await runSettlementError(ctx, settleScope, error, "settle");
+      report("critical", `${strategy.protocol} ${failMessage}: ${errorMessage(error, "unknown")}`);
+    }
+  });
 }
 
-// src/pipeline/flows/paid.ts
-async function runPaidFlow(ctx) {
-  const { request, routeEntry, deps } = ctx;
-  let account = void 0;
-  if (routeEntry.apiKeyResolver) {
-    const apiKeyResult = await verifyApiKey(request, routeEntry.apiKeyResolver);
-    if (!apiKeyResult.valid) return fail(ctx, 401, "Invalid or missing API key");
-    account = apiKeyResult.account;
-    firePluginHook(deps.plugin, "onAuthVerified", ctx.pluginCtx, {
-      authMode: "apiKey",
-      wallet: null,
-      route: routeEntry.key,
-      account
+// src/pipeline/flows/dynamic/dynamic-invoke.ts
+var import_server6 = require("next/server");
+
+// src/pricing/atomic.ts
+var USDC_DECIMALS = 6;
+function decimalToAtomic(amount) {
+  const m = /^(\d+)(?:\.(\d+))?$/.exec(amount.trim());
+  if (!m) {
+    throw Object.assign(new Error(`'${amount}' is not a valid decimal-dollar string`), {
+      status: 400
     });
   }
-  const alertFn = (level, message, meta) => {
-    firePluginHook(deps.plugin, "onAlert", ctx.pluginCtx, {
-      level,
-      message,
-      route: routeEntry.key,
-      meta
-    });
+  const whole = m[1];
+  const fraction = (m[2] ?? "").slice(0, USDC_DECIMALS).padEnd(USDC_DECIMALS, "0");
+  return BigInt(`${whole}${fraction}`.replace(/^0+(?=\d)/, "") || "0");
+}
+function atomicToDecimal(atomic) {
+  const whole = atomic / 10n ** BigInt(USDC_DECIMALS);
+  const fraction = atomic % 10n ** BigInt(USDC_DECIMALS);
+  if (fraction === 0n) return whole.toString();
+  const fractionStr = fraction.toString().padStart(USDC_DECIMALS, "0").replace(/0+$/, "");
+  return `${whole}.${fractionStr}`;
+}
+
+// src/pricing/charge-context.ts
+function createChargeContext(args) {
+  const { tickCost, maxPrice, route } = args;
+  const tickAtomic = decimalToAtomic(tickCost);
+  if (tickAtomic <= 0n) {
+    throw new Error(`route '${route}': tickCost '${tickCost}' must be a positive decimal string`);
+  }
+  const capAtomic = maxPrice !== void 0 ? decimalToAtomic(maxPrice) : null;
+  let ticks = 0;
+  let atomic = 0n;
+  let channelCharge = null;
+  const charge = async () => {
+    const nextAtomic = atomic + tickAtomic;
+    if (capAtomic !== null && nextAtomic > capAtomic) {
+      throw Object.assign(
+        new Error(
+          `route '${route}': charge() running total ($${atomicToDecimal(nextAtomic)}) exceeds maxPrice ($${atomicToDecimal(capAtomic)})`
+        ),
+        { status: 400, code: "CHARGE_OVER_CAP" }
+      );
+    }
+    ticks += 1;
+    atomic = nextAtomic;
+    if (channelCharge) await channelCharge();
   };
+  return {
+    charge,
+    bindChannelCharge: (fn) => {
+      channelCharge = fn;
+    },
+    tickCount: () => ticks,
+    atomicTotal: () => atomic
+  };
+}
+
+// src/pipeline/flows/dynamic/dynamic-invoke.ts
+async function invokeDynamic(ctx, wallet, account, body, payment) {
+  const streaming = ctx.routeEntry.streaming === true;
+  const chargeContext = streaming ? createChargeContext({
+    tickCost: ctx.routeEntry.tickCost,
+    maxPrice: ctx.routeEntry.maxPrice,
+    route: ctx.routeEntry.key
+  }) : null;
+  const baseHandlerCtx = {
+    body,
+    query: parseQuery(ctx.request, ctx.routeEntry),
+    request: ctx.request,
+    requestId: ctx.meta.requestId,
+    route: ctx.routeEntry.key,
+    wallet,
+    payment,
+    account,
+    alert(level, message, alertMeta) {
+      firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
+        level,
+        message,
+        route: ctx.routeEntry.key,
+        meta: alertMeta
+      });
+    },
+    setVerifiedWallet: (addr) => ctx.pluginCtx.setVerifiedWallet(addr)
+  };
+  const handlerCtx = chargeContext !== null ? { ...baseHandlerCtx, charge: chargeContext.charge } : baseHandlerCtx;
+  let returned;
+  try {
+    returned = ctx.handler(handlerCtx);
+  } catch (error) {
+    return errorResult2(error, chargeContext);
+  }
+  if (isAsyncIterable2(returned) && !isThenable2(returned)) {
+    if (!chargeContext) {
+      return errorResult2(
+        new HttpError(
+          "route returned an async iterable from a non-streaming handler \u2014 use .stream(async function*(...)) instead of .handler() to opt into streaming",
+          500
+        ),
+        null
+      );
+    }
+    return {
+      kind: "stream",
+      source: returned,
+      chargeContext
+    };
+  }
+  let rawResult;
+  try {
+    rawResult = await returned;
+  } catch (error) {
+    return errorResult2(error, chargeContext);
+  }
+  const response = rawResult instanceof Response ? rawResult : import_server6.NextResponse.json(rawResult);
+  return { kind: "request", response, rawResult };
+}
+function errorResult2(error, chargeContext) {
+  const status = error instanceof HttpError ? error.status : typeof error?.status === "number" ? error.status : 500;
+  const message = error instanceof Error ? error.message : "Internal error";
+  void chargeContext;
+  return {
+    kind: "request",
+    response: import_server6.NextResponse.json({ success: false, error: message }, { status }),
+    rawResult: void 0,
+    handlerError: error
+  };
+}
+function isAsyncIterable2(value) {
+  return value != null && typeof value === "object" && Symbol.asyncIterator in value;
+}
+function isThenable2(value) {
+  return value != null && (typeof value === "object" || typeof value === "function") && typeof value.then === "function";
+}
+
+// src/pipeline/flows/dynamic/dynamic-preflight.ts
+function resolveDynamicPreflight(strategy, request, routeEntry) {
+  const outcome = strategy.preflight?.(request, routeEntry) ?? null;
+  return {
+    skipBody: outcome?.skipBody ?? false,
+    skipHandler: outcome?.skipHandler ?? false
+  };
+}
+
+// src/pipeline/flows/dynamic/dynamic-request.ts
+async function runDynamicRequestFlow(args) {
+  const { ctx, strategy, verifyOutcome, account, body, result } = args;
+  const { deps, routeEntry } = ctx;
+  const settleScope = {
+    wallet: verifyOutcome.wallet,
+    account,
+    body,
+    payment: verifyOutcome.payment,
+    response: result.response,
+    rawResult: result.rawResult,
+    handlerError: result.handlerError
+  };
+  if (result.response.status >= 400) {
+    return finalize(ctx, result.response, result.rawResult, body);
+  }
+  const beforeErr = await runBeforeSettle(ctx, settleScope);
+  if (beforeErr) return beforeErr;
+  const billedAmount = routeEntry.tickCost;
+  return settleAndFinalizeRequest({
+    ctx,
+    strategy,
+    verifyOutcome,
+    scope: settleScope,
+    rawResult: result.rawResult,
+    body,
+    billedAmount,
+    onSettleError: async (error, failMessage) => {
+      await runSettlementError(ctx, settleScope, error, "settle");
+      firePluginHook(deps.plugin, "onAlert", ctx.pluginCtx, {
+        level: "critical",
+        message: `${strategy.protocol} ${failMessage}: ${errorMessage(error, "unknown")}`,
+        route: routeEntry.key
+      });
+    }
+  });
+}
+
+// src/pipeline/flows/dynamic/dynamic-stream.ts
+async function runDynamicStreamFlow(args) {
+  const { ctx, strategy, verifyOutcome, account, body, result } = args;
+  return settleAndFinalizeStream({
+    ctx,
+    strategy,
+    verifyOutcome,
+    source: result.source,
+    account,
+    body,
+    bindChannelCharge: result.chargeContext.bindChannelCharge
+  });
+}
+
+// src/pipeline/flows/dynamic/dynamic-paid.ts
+async function runDynamicPaidFlow(ctx) {
+  const { request, routeEntry, deps, report } = ctx;
+  const apiKeyGate = await runApiKeyGate(ctx);
+  if (!apiKeyGate.ok) return apiKeyGate.response;
+  const { account } = apiKeyGate;
   const pricing = selectPricing(routeEntry.pricing, {
-    alert: alertFn,
+    alert: report,
     maxPrice: routeEntry.maxPrice,
     minPrice: routeEntry.minPrice,
     route: routeEntry.key
   });
   const incomingStrategy = selectIncomingStrategy(request, routeEntry.protocols);
-  let earlyBody = void 0;
-  if (shouldParseBodyEarly(incomingStrategy, routeEntry, pricing)) {
-    const earlyClone = request.clone();
-    const earlyResult = await parseBody(earlyClone, routeEntry);
-    if (earlyResult.ok) {
-      earlyBody = earlyResult.data;
-      const validateErr2 = await runValidate(ctx, earlyBody);
-      if (validateErr2) return validateErr2;
-    } else {
-      firePluginResponse(ctx, earlyResult.response);
-      return earlyResult.response;
-    }
-  }
+  const earlyResolution = await resolveEarlyBody({ ctx, pricing, incomingStrategy });
+  if (!earlyResolution.ok) return earlyResolution.response;
+  const { earlyBody } = earlyResolution;
   const siwxFastPath = await trySiwxFastPath(ctx, account);
   if (siwxFastPath) return siwxFastPath;
   if (!incomingStrategy) {
@@ -2011,39 +2661,32 @@ async function runPaidFlow(ctx) {
     if (initError) return fail(ctx, 500, initError);
     return build402(ctx, pricing, earlyBody);
   }
-  const body = await parseBody(request, routeEntry);
-  if (!body.ok) {
-    firePluginResponse(ctx, body.response);
-    return body.response;
-  }
-  const validateErr = await runValidate(ctx, body.data);
-  if (validateErr) return validateErr;
-  if (!pricing) {
-    return fail(ctx, 500, "Pricing not configured", body.data);
-  }
-  let price;
-  try {
-    price = await pricing.quote(body.data);
-  } catch (err) {
-    return fail(
+  const { skipBody, skipHandler } = resolveDynamicPreflight(incomingStrategy, request, routeEntry);
+  if (skipHandler) {
+    return runDynamicChannelMgmtFlow({
       ctx,
-      errorStatus(err, 500),
-      errorMessage(err, "Price calculation failed"),
-      body.data
-    );
+      strategy: incomingStrategy,
+      account,
+      pricing,
+      skipBody
+    });
   }
+  const bodyAndPrice = await resolveDynamicBodyAndPrice({ ctx, pricing, skipBody });
+  if (!bodyAndPrice.ok) return bodyAndPrice.response;
+  const { parsedBody, price } = bodyAndPrice;
   const verifyOutcome = await incomingStrategy.verify({
     request,
-    body: body.data,
+    body: parsedBody,
     price,
     routeEntry,
-    deps
+    deps,
+    report
   });
   if (verifyOutcome.ok === false) {
     if (verifyOutcome.kind === "config") {
-      return fail(ctx, 500, verifyOutcome.message, body.data);
+      return fail(ctx, 500, verifyOutcome.message, parsedBody);
     }
-    return build402(ctx, pricing, body.data);
+    return build402(ctx, pricing, parsedBody, verifyOutcome.failure);
   }
   ctx.pluginCtx.setVerifiedWallet(verifyOutcome.wallet);
   firePluginHook(deps.plugin, "onPaymentVerified", ctx.pluginCtx, {
@@ -2052,11 +2695,71 @@ async function runPaidFlow(ctx) {
     amount: price,
     network: verifyOutcome.payment.network
   });
-  const result = await invoke(ctx, verifyOutcome.wallet, account, body.data, verifyOutcome.payment);
+  const result = await invokeDynamic(
+    ctx,
+    verifyOutcome.wallet,
+    account,
+    parsedBody,
+    verifyOutcome.payment
+  );
+  switch (result.kind) {
+    case "stream":
+      return runDynamicStreamFlow({
+        ctx,
+        strategy: incomingStrategy,
+        verifyOutcome,
+        account,
+        body: parsedBody,
+        result
+      });
+    case "request":
+      return runDynamicRequestFlow({
+        ctx,
+        strategy: incomingStrategy,
+        verifyOutcome,
+        account,
+        body: parsedBody,
+        result
+      });
+  }
+}
+
+// src/pipeline/flows/static/static-body-and-price.ts
+async function resolveStaticBodyAndPrice(args) {
+  const { ctx, pricing } = args;
+  const body = await parseBody(ctx);
+  if (!body.ok) return { ok: false, response: body.response };
+  const validateErr = await runValidate(ctx, body.data);
+  if (validateErr) {
+    return { ok: false, response: validateErr };
+  }
+  if (!pricing) {
+    return { ok: false, response: fail(ctx, 500, "Pricing not configured", body.data) };
+  }
+  try {
+    const price = await pricing.quote(body.data);
+    return { ok: true, parsedBody: body.data, price };
+  } catch (err) {
+    return {
+      ok: false,
+      response: fail(
+        ctx,
+        errorStatus(err, 500),
+        errorMessage(err, "Price calculation failed"),
+        body.data
+      )
+    };
+  }
+}
+
+// src/pipeline/flows/static/static-request.ts
+async function runStaticRequestFlow(args) {
+  const { ctx, strategy, verifyOutcome, account, body, price, result } = args;
+  const { deps, routeEntry } = ctx;
   const settleScope = {
     wallet: verifyOutcome.wallet,
     account,
-    body: body.data,
+    body,
     payment: verifyOutcome.payment,
     response: result.response,
     rawResult: result.rawResult,
@@ -2066,44 +2769,198 @@ async function runPaidFlow(ctx) {
     if (result.response.status >= 400) {
       const settledScope = settleScope;
       await runSettledHandlerError(ctx, settledScope);
-      return finalize(ctx, result.response, result.rawResult, body.data);
+      return finalize(ctx, result.response, result.rawResult, body);
     }
-    return settleAndFinalize({
+    return settleAndFinalizeRequest({
       ctx,
-      strategy: incomingStrategy,
+      strategy,
       verifyOutcome,
       scope: settleScope,
       rawResult: result.rawResult,
-      body: body.data
+      body,
+      billedAmount: price
     });
   }
   if (result.response.status >= 400) {
-    return finalize(ctx, result.response, result.rawResult, body.data);
+    return finalize(ctx, result.response, result.rawResult, body);
   }
   const beforeErr = await runBeforeSettle(ctx, settleScope);
   if (beforeErr) return beforeErr;
-  return settleAndFinalize({
+  return settleAndFinalizeRequest({
     ctx,
-    strategy: incomingStrategy,
+    strategy,
     verifyOutcome,
     scope: settleScope,
     rawResult: result.rawResult,
-    body: body.data,
+    body,
+    billedAmount: price,
     onSettleError: async (error, failMessage) => {
       await runSettlementError(ctx, settleScope, error, "settle");
       firePluginHook(deps.plugin, "onAlert", ctx.pluginCtx, {
         level: "critical",
-        message: `${incomingStrategy.protocol} ${failMessage}: ${errorMessage(error, "unknown")}`,
+        message: `${strategy.protocol} ${failMessage}: ${errorMessage(error, "unknown")}`,
         route: routeEntry.key
       });
     }
   });
 }
 
+// src/pipeline/flows/static/static-paid.ts
+async function runStaticPaidFlow(ctx) {
+  const { request, routeEntry, deps, report } = ctx;
+  const apiKeyGate = await runApiKeyGate(ctx);
+  if (!apiKeyGate.ok) return apiKeyGate.response;
+  const { account } = apiKeyGate;
+  const pricing = selectPricing(routeEntry.pricing, {
+    alert: report,
+    maxPrice: routeEntry.maxPrice,
+    minPrice: routeEntry.minPrice,
+    route: routeEntry.key
+  });
+  const incomingStrategy = selectIncomingStrategy(request, routeEntry.protocols);
+  const earlyResolution = await resolveEarlyBody({ ctx, pricing, incomingStrategy });
+  if (!earlyResolution.ok) return earlyResolution.response;
+  const { earlyBody } = earlyResolution;
+  const siwxFastPath = await trySiwxFastPath(ctx, account);
+  if (siwxFastPath) return siwxFastPath;
+  if (!incomingStrategy) {
+    const initError = protocolInitError(routeEntry, deps);
+    if (initError) return fail(ctx, 500, initError);
+    return build402(ctx, pricing, earlyBody);
+  }
+  const bodyAndPrice = await resolveStaticBodyAndPrice({ ctx, pricing });
+  if (!bodyAndPrice.ok) return bodyAndPrice.response;
+  const { parsedBody, price } = bodyAndPrice;
+  const verifyOutcome = await incomingStrategy.verify({
+    request,
+    body: parsedBody,
+    price,
+    routeEntry,
+    deps,
+    report
+  });
+  if (verifyOutcome.ok === false) {
+    if (verifyOutcome.kind === "config") {
+      return fail(ctx, 500, verifyOutcome.message, parsedBody);
+    }
+    return build402(ctx, pricing, parsedBody, verifyOutcome.failure);
+  }
+  ctx.pluginCtx.setVerifiedWallet(verifyOutcome.wallet);
+  firePluginHook(deps.plugin, "onPaymentVerified", ctx.pluginCtx, {
+    protocol: incomingStrategy.protocol,
+    payer: verifyOutcome.wallet,
+    amount: price,
+    network: verifyOutcome.payment.network
+  });
+  const result = await invokePaidStatic(
+    ctx,
+    verifyOutcome.wallet,
+    account,
+    parsedBody,
+    verifyOutcome.payment
+  );
+  return runStaticRequestFlow({
+    ctx,
+    strategy: incomingStrategy,
+    verifyOutcome,
+    account,
+    body: parsedBody,
+    price,
+    result
+  });
+}
+
+// src/pipeline/flows/paid.ts
+async function runPaidFlow(ctx) {
+  const dynamicPrice = ctx.routeEntry.dynamicPrice ?? false;
+  switch (dynamicPrice) {
+    case true:
+      return runDynamicPaidFlow(ctx);
+    case false:
+      return runStaticPaidFlow(ctx);
+  }
+}
+
 // src/pipeline/flows/siwx-only.ts
-var import_server5 = require("next/server");
+var import_server7 = require("next/server");
+
+// src/kv-store/client.ts
+function restKvStore(url, token) {
+  const base = url.replace(/\/+$/, "");
+  const authHeader = { Authorization: `Bearer ${token}` };
+  const jsonHeaders = { ...authHeader, "Content-Type": "application/json" };
+  async function exec(command) {
+    const res = await fetch(base, {
+      method: "POST",
+      headers: jsonHeaders,
+      body: JSON.stringify(command)
+    });
+    if (!res.ok) {
+      throw new Error(`[kv-store] ${command[0]} ${command[1] ?? ""}: ${res.status}`);
+    }
+    const body = await res.json();
+    if (body.error) throw new Error(`[kv-store] ${command[0]}: ${body.error}`);
+    return body.result ?? null;
+  }
+  async function get(key) {
+    const res = await fetch(`${base}/get/${encodeURIComponent(key)}`, { headers: authHeader });
+    if (!res.ok) throw new Error(`[kv-store] GET ${key}: ${res.status}`);
+    const { result } = await res.json();
+    return result ?? null;
+  }
+  async function set(key, value) {
+    await exec(["SET", key, JSON.stringify(value)]);
+  }
+  async function del(key) {
+    await exec(["DEL", key]);
+  }
+  async function setNxEx(key, value, ttlSeconds) {
+    const result = await exec(["SET", key, JSON.stringify(value), "EX", ttlSeconds, "NX"]);
+    return result === "OK";
+  }
+  async function sadd(key, member) {
+    await exec(["SADD", key, member]);
+  }
+  async function sismember(key, member) {
+    const result = await exec(["SISMEMBER", key, member]);
+    return result === 1;
+  }
+  async function update(key, fn) {
+    const current = await get(key);
+    const change = fn(current);
+    if (change.op === "set") await set(key, change.value);
+    if (change.op === "delete") await del(key);
+    return change.result;
+  }
+  return { get, set, del, setNxEx, sadd, sismember, update };
+}
+function isRestConfig(input) {
+  return typeof input === "object" && input !== null && typeof input.url === "string" && typeof input.token === "string" && typeof input.get !== "function";
+}
+function resolveKvStore(input, env = process.env) {
+  if (input) {
+    if (isRestConfig(input)) return restKvStore(input.url, input.token);
+    return input;
+  }
+  const url = env.KV_REST_API_URL;
+  const token = env.KV_REST_API_TOKEN;
+  if (url && token) return restKvStore(url, token);
+  return void 0;
+}
+function withPrefix(kv, prefix) {
+  const k = (key) => `${prefix}${key}`;
+  return {
+    get: (key) => kv.get(k(key)),
+    set: (key, value) => kv.set(k(key), value),
+    del: (key) => kv.del(k(key)),
+    setNxEx: (key, value, ttl) => kv.setNxEx(k(key), value, ttl),
+    sadd: (key, member) => kv.sadd(k(key), member),
+    sismember: (key, member) => kv.sismember(k(key), member),
+    update: (key, fn) => kv.update(k(key), fn)
+  };
+}
 
-// src/auth/nonce.ts
+// src/kv-store/nonce.ts
 var SIWX_CHALLENGE_EXPIRY_MS = 5 * 60 * 1e3;
 var MemoryNonceStore = class {
   seen = /* @__PURE__ */ new Map();
@@ -2120,48 +2977,59 @@ var MemoryNonceStore = class {
     }
   }
 };
-function detectRedisClientType(client) {
-  if (!client || typeof client !== "object") {
-    throw new Error(
-      "createRedisNonceStore requires a Redis client. Supported: @upstash/redis, ioredis. Pass your Redis client instance as the first argument."
-    );
-  }
-  if ("options" in client && "status" in client) {
-    return "ioredis";
-  }
-  const constructor = client.constructor?.name;
-  if (constructor === "Redis" && "url" in client) {
-    return "upstash";
+function createKvNonceStore(kv, options) {
+  const prefix = options?.prefix ?? "siwx:nonce:";
+  const ttlSeconds = Math.ceil((options?.ttlMs ?? SIWX_CHALLENGE_EXPIRY_MS) / 1e3);
+  return {
+    async check(nonce) {
+      return kv.setNxEx(`${prefix}${nonce}`, 1, ttlSeconds);
+    }
+  };
+}
+
+// src/kv-store/entitlement.ts
+var MemoryEntitlementStore = class {
+  routeToWallets = /* @__PURE__ */ new Map();
+  async has(route, wallet) {
+    const wallets = this.routeToWallets.get(route);
+    if (!wallets) return false;
+    return wallets.has(normalizeWalletAddress(wallet));
   }
-  if (typeof client.set === "function") {
-    return "upstash";
+  async grant(route, wallet) {
+    const normalized = normalizeWalletAddress(wallet);
+    let wallets = this.routeToWallets.get(route);
+    if (!wallets) {
+      wallets = /* @__PURE__ */ new Set();
+      this.routeToWallets.set(route, wallets);
+    }
+    wallets.add(normalized);
   }
-  throw new Error(
-    "Unrecognized Redis client. Supported: @upstash/redis, ioredis. If using a different client, implement NonceStore interface directly."
-  );
-}
-function createRedisNonceStore(client, opts) {
-  const prefix = opts?.prefix ?? "siwx:nonce:";
-  const ttlSeconds = Math.ceil((opts?.ttlMs ?? SIWX_CHALLENGE_EXPIRY_MS) / 1e3);
-  const clientType = detectRedisClientType(client);
+};
+function createKvEntitlementStore(kv, options) {
+  const prefix = options?.prefix ?? "siwx:ent:";
   return {
-    async check(nonce) {
-      const key = `${prefix}${nonce}`;
-      if (clientType === "upstash") {
-        const redis = client;
-        const result = await redis.set(key, "1", { ex: ttlSeconds, nx: true });
-        return result !== null;
-      }
-      if (clientType === "ioredis") {
-        const redis = client;
-        const result = await redis.set(key, "1", "EX", ttlSeconds, "NX");
-        return result === "OK";
-      }
-      throw new Error("Unknown Redis client type");
+    async has(route, wallet) {
+      return kv.sismember(`${prefix}${route}`, normalizeWalletAddress(wallet));
+    },
+    async grant(route, wallet) {
+      await kv.sadd(`${prefix}${route}`, normalizeWalletAddress(wallet));
     }
   };
 }
 
+// src/kv-store/mpp.ts
+async function createKvMppStore(kv, options) {
+  const prefix = options?.prefix ?? "mpp:";
+  const namespaced = withPrefix(kv, prefix);
+  const { Store: StoreNs } = await import("mppx");
+  return StoreNs.upstash({
+    get: (key) => namespaced.get(key),
+    set: (key, value) => namespaced.set(key, value),
+    del: (key) => namespaced.del(key),
+    update: (key, fn) => namespaced.update(key, fn)
+  });
+}
+
 // src/protocols/mpp/siwx-mode.ts
 var import_mppx3 = require("mppx");
 async function verifyMppSiwx(request, mppx) {
@@ -2180,12 +3048,11 @@ async function runSiwxOnlyFlow(ctx) {
   const { request, routeEntry, deps } = ctx;
   if (routeEntry.validateFn && routeEntry.bodySchema && !request.headers.get(HEADERS.SIWX)) {
     const earlyClone = request.clone();
-    const earlyBody = await parseBody(earlyClone, routeEntry);
+    const earlyBody = await parseBody(ctx, earlyClone);
     if (earlyBody.ok) {
       const validateErr = await runValidate(ctx, earlyBody.data);
       if (validateErr) return validateErr;
     } else {
-      firePluginResponse(ctx, earlyBody.response);
       return earlyBody.response;
     }
   }
@@ -2197,11 +3064,7 @@ async function runSiwxOnlyFlow(ctx) {
       mppSiwxResult = await verifyMppSiwx(request, deps.mppx);
     } catch (err) {
       const message = err instanceof Error ? err.message : String(err);
-      firePluginHook(deps.plugin, "onAlert", ctx.pluginCtx, {
-        level: "critical",
-        message: `MPP SIWX verification failed: ${message}`,
-        route: routeEntry.key
-      });
+      ctx.report("critical", `MPP SIWX verification failed: ${message}`);
       return fail(ctx, 500, `MPP SIWX verification failed: ${message}`);
     }
     if (mppSiwxResult.valid) {
@@ -2223,7 +3086,7 @@ async function runSiwxOnlyFlow(ctx) {
   }
   const siwx = await verifySIWX(request, routeEntry, deps.nonceStore);
   if (!siwx.valid) {
-    const response = import_server5.NextResponse.json(
+    const response = import_server7.NextResponse.json(
       { error: siwx.code, message: SIWX_ERROR_MESSAGES[siwx.code] },
       { status: 402 }
     );
@@ -2273,7 +3136,6 @@ async function buildSiwxChallenge(ctx) {
     extensions: {
       "sign-in-with-x": {
         info: siwxInfo,
-        // Required by MCP tools at the top level for chain detection.
         supportedChains,
         ...siwxSchema ? { schema: siwxSchema } : {}
       }
@@ -2284,13 +3146,12 @@ async function buildSiwxChallenge(ctx) {
     const { encodePaymentRequiredHeader } = await import("@x402/core/http");
     encoded = encodePaymentRequiredHeader(paymentRequired);
   } catch (err) {
-    firePluginHook(deps.plugin, "onAlert", ctx.pluginCtx, {
-      level: "warn",
-      message: `SIWX challenge header encoding failed: ${err instanceof Error ? err.message : String(err)}`,
-      route: routeEntry.key
-    });
+    ctx.report(
+      "warn",
+      `SIWX challenge header encoding failed: ${err instanceof Error ? err.message : String(err)}`
+    );
   }
-  const response = new import_server5.NextResponse(JSON.stringify(paymentRequired), {
+  const response = new import_server7.NextResponse(JSON.stringify(paymentRequired), {
     status: 402,
     headers: { "Content-Type": "application/json", "Cache-Control": "no-store" }
   });
@@ -2396,6 +3257,12 @@ var RouteBuilder = class {
   /** @internal */
   _minPrice;
   /** @internal */
+  _dynamicPrice = false;
+  /** @internal */
+  _tickCost;
+  /** @internal */
+  _unitType;
+  /** @internal */
   _payTo;
   /** @internal */
   _bodySchema;
@@ -2440,7 +3307,8 @@ var RouteBuilder = class {
     next._protocols = [...this._protocols];
     return next;
   }
-  paid(pricing, options) {
+  paid(pricingOrOptions, options) {
+    const { pricing, resolvedOptions } = resolvePaidArgs(this._key, pricingOrOptions, options);
     if (this._authMode === "unprotected") {
       throw new Error(
         `route '${this._key}': Cannot combine .unprotected() and .paid() on the same route.`
@@ -2454,16 +3322,24 @@ var RouteBuilder = class {
     const next = this.fork();
     next._authMode = "paid";
     next._pricing = pricing;
-    if (options?.protocols) {
-      next._protocols = [...options.protocols];
+    if (resolvedOptions?.protocols) {
+      next._protocols = [...resolvedOptions.protocols];
     } else if (next._protocols.length === 0) {
       next._protocols = ["x402"];
     }
-    if (options?.maxPrice) next._maxPrice = options.maxPrice;
-    if (options?.minPrice) next._minPrice = options.minPrice;
-    if (options?.payTo) next._payTo = options.payTo;
-    if (options?.mpp) next._mppInfo = options.mpp;
+    if (resolvedOptions?.maxPrice) next._maxPrice = resolvedOptions.maxPrice;
+    if (resolvedOptions?.minPrice) next._minPrice = resolvedOptions.minPrice;
+    if (resolvedOptions?.payTo) next._payTo = resolvedOptions.payTo;
+    if (resolvedOptions?.mpp) next._mppInfo = resolvedOptions.mpp;
+    if (resolvedOptions?.dynamic) next._dynamicPrice = true;
+    if (resolvedOptions?.tickCost) next._tickCost = resolvedOptions.tickCost;
+    if (resolvedOptions?.unitType) next._unitType = resolvedOptions.unitType;
     if (typeof pricing === "object" && "tiers" in pricing) {
+      if (next._dynamicPrice) {
+        throw new Error(
+          `route '${this._key}': .paid({ dynamic: true }) is incompatible with tiered pricing`
+        );
+      }
       for (const [tierKey, tierConfig] of Object.entries(pricing.tiers)) {
         if (!tierKey) {
           throw new Error(`route '${this._key}': tier key cannot be empty`);
@@ -2476,16 +3352,40 @@ var RouteBuilder = class {
         }
       }
     }
-    if (options?.maxPrice !== void 0) {
-      const parsed = parseFloat(options.maxPrice);
+    if (resolvedOptions?.maxPrice !== void 0) {
+      const parsed = parseFloat(resolvedOptions.maxPrice);
       if (isNaN(parsed) || parsed <= 0) {
         throw new Error(
-          `route '${this._key}': maxPrice '${options.maxPrice}' must be a positive decimal string`
+          `route '${this._key}': maxPrice '${resolvedOptions.maxPrice}' must be a positive decimal string`
         );
       }
     }
+    if (resolvedOptions?.tickCost !== void 0) {
+      const parsed = parseFloat(resolvedOptions.tickCost);
+      if (isNaN(parsed) || parsed <= 0) {
+        throw new Error(
+          `route '${this._key}': tickCost '${resolvedOptions.tickCost}' must be a positive decimal string`
+        );
+      }
+    }
+    if (next._dynamicPrice && !next._maxPrice) {
+      throw new Error(`route '${this._key}': .paid({ dynamic: true }) requires maxPrice`);
+    }
+    if (next._dynamicPrice && !next._tickCost) {
+      throw new Error(`route '${this._key}': .paid({ dynamic: true }) requires tickCost`);
+    }
     return next;
   }
+  /**
+   * Require Sign-In-with-X wallet identity on this route — clients prove
+   * control of a wallet via a signed challenge. Combine with `.paid()` to gate
+   * a paid route on a verified wallet identity.
+   *
+   * @example
+   * ```ts
+   * router.route('profile').siwx().handler(async ({ wallet }) => getProfile(wallet));
+   * ```
+   */
   siwx() {
     if (this._authMode === "unprotected") {
       throw new Error(
@@ -2508,6 +3408,19 @@ var RouteBuilder = class {
     next._protocols = [];
     return next;
   }
+  /**
+   * Require an `X-API-Key` header (or `Authorization: Bearer <key>`); the
+   * resolver returns the account record, or `null` for 401. Composes with
+   * `.paid()` — key is checked first, payment second.
+   *
+   * @example
+   * ```ts
+   * router
+   *   .route('admin/users')
+   *   .apiKey(async (key) => db.admin.findByKey(key))
+   *   .handler(async ({ account }) => db.user.list(account.orgId));
+   * ```
+   */
   apiKey(resolver) {
     if (this._siwxEnabled) {
       throw new Error(
@@ -2519,6 +3432,15 @@ var RouteBuilder = class {
     next._apiKeyResolver = resolver;
     return next;
   }
+  /**
+   * Mark the route as public — no auth, no payment, no SIWX. The handler
+   * receives `null` for `wallet`, `payment`, and `account`.
+   *
+   * @example
+   * ```ts
+   * router.route('health').unprotected().handler(async () => ({ status: 'ok' }));
+   * ```
+   */
   unprotected() {
     if (this._authMode && this._authMode !== "unprotected") {
       throw new Error(
@@ -2535,60 +3457,82 @@ var RouteBuilder = class {
     next._protocols = [];
     return next;
   }
-  // -------------------------------------------------------------------------
-  // Provider monitoring
-  // -------------------------------------------------------------------------
+  /**
+   * Tag the route with an upstream provider for discovery and provider-side
+   * monitoring. The provider name and config surface in `well-known` and
+   * OpenAPI output.
+   *
+   * @example
+   * ```ts
+   * router
+   *   .route('search')
+   *   .paid('0.01')
+   *   .provider('exa', { quotaPerMonth: 1000 })
+   *   .handler(handler);
+   * ```
+   */
   provider(name, config) {
     const next = this.fork();
     next._providerName = name;
     next._providerConfig = config ?? {};
     return next;
   }
-  body(schema, example) {
+  /**
+   * Declare the request body's Zod schema. Parsed body is typed as `ctx.body`
+   * in the handler. Use `.inputExample()` to attach a discovery example.
+   *
+   * @example
+   * ```ts
+   * .body(z.object({ query: z.string() }))
+   *   .handler(async ({ body }) => search(body.query));
+   * ```
+   */
+  body(schema) {
     const next = this.fork();
     next._bodySchema = schema;
-    if (example !== void 0) {
-      next._inputExample = example;
-      next._hasInputExample = true;
-    }
     return next;
   }
-  query(schema, example) {
+  /**
+   * Declare a query-string Zod schema and switch the route to `GET`. Parsed
+   * query is typed as `ctx.query` in the handler. Use `.inputExample()` to
+   * attach a discovery example.
+   *
+   * @example
+   * ```ts
+   * .query(z.object({ id: z.string() }))
+   *   .handler(async ({ query }) => getById(query.id));
+   * ```
+   */
+  query(schema) {
     const next = this.fork();
     next._querySchema = schema;
-    if (example !== void 0) {
-      next._inputExample = example;
-      next._hasInputExample = true;
-    }
     next._method = "GET";
     return next;
   }
-  output(schema, example) {
+  /**
+   * Declare the response output's Zod schema for OpenAPI generation. The
+   * runtime does not validate handler return values — use Zod's `.parse()`
+   * inside the handler if strict output validation is required. Use
+   * `.outputExample()` to attach a discovery example.
+   *
+   * @example
+   * ```ts
+   * .output(z.object({ result: z.string() }))
+   *   .handler(async () => ({ result: 'ok' }));
+   * ```
+   */
+  output(schema) {
     const next = this.fork();
     next._outputSchema = schema;
-    if (example !== void 0) {
-      next._outputExample = example;
-      next._hasOutputExample = true;
-    }
     return next;
   }
   /**
-   * Provide a conforming example of the request input (body or query params).
-   *
-   * Optional. When provided, the example is validated against the request schema
-   * at route registration and embedded in the bazaar discovery extension so
-   * indexers can advertise a working sample call.
-   *
-   * For the common case, pass the example directly to `.body(schema, example)` or
-   * `.query(schema, example)` instead.
+   * Attach an example of the request body or query for discovery output,
+   * validated against the registered schema at registration.
    *
    * @example
    * ```ts
-   * router.route('search')
-   *   .paid('0.01')
-   *   .body(z.object({ q: z.string() }))
-   *   .inputExample({ q: 'hello world' })
-   *   .handler(async ({ body }) => { ... });
+   * .body(searchSchema).inputExample({ query: 'cats' });
    * ```
    */
   inputExample(example) {
@@ -2598,32 +3542,12 @@ var RouteBuilder = class {
     return next;
   }
   /**
-   * Provide a conforming example of the response output.
-   *
-   * Optional. When provided, the example is validated against the output schema
-   * at route registration and embedded in the bazaar discovery extension so
-   * indexers can advertise the response shape.
-   *
-   * For the common case, pass the example directly to `.output(schema, example)` instead.
-   *
-   * Accepts any JSON value (objects, arrays, or primitives) — top-level array
-   * or primitive responses (e.g. `z.array(...)`) are supported alongside the
-   * common object case.
+   * Attach an example response for discovery output, validated against the
+   * registered output schema at registration.
    *
    * @example
    * ```ts
-   * router.route('search')
-   *   .paid('0.01')
-   *   .output(z.object({ results: z.array(z.string()) }))
-   *   .outputExample({ results: ['a', 'b'] })
-   *   .handler(async () => { ... });
-   *
-   * // Top-level array response
-   * router.route('chains')
-   *   .paid('0.01')
-   *   .output(z.array(z.object({ name: z.string() })))
-   *   .outputExample([{ name: 'Ethereum' }])
-   *   .handler(async () => { ... });
+   * .output(resultSchema).outputExample({ result: 'ok' });
    * ```
    */
   outputExample(example) {
@@ -2632,43 +3556,60 @@ var RouteBuilder = class {
     next._hasOutputExample = true;
     return next;
   }
+  /**
+   * Set a human-readable summary of the route. Surfaces in OpenAPI,
+   * `well-known`, and `llms.txt` discovery output.
+   *
+   * @example
+   * ```ts
+   * .description('Search indexed web pages by full-text query');
+   * ```
+   */
   description(text) {
     const next = this.fork();
     next._description = text;
     return next;
   }
+  /**
+   * Override the URL path advertised in discovery output. Defaults to the
+   * registry key passed to `.route()`.
+   *
+   * @example
+   * ```ts
+   * router.route('search').path('/v2/search').handler(handler);
+   * ```
+   */
   path(p) {
     const next = this.fork();
     next._path = p;
     return next;
   }
+  /**
+   * Override the HTTP method advertised in discovery. Defaults to `POST`, or
+   * `GET` when `.query()` has been called.
+   *
+   * @example
+   * ```ts
+   * router.route('items/delete').method('DELETE').handler(handler);
+   * ```
+   */
   method(m) {
     const next = this.fork();
     next._method = m;
     return next;
   }
-  // -------------------------------------------------------------------------
-  // Pre-payment validation
-  // -------------------------------------------------------------------------
   /**
-   * Add pre-payment validation that runs after body parsing but before the 402
-   * challenge is shown. Use this for async business logic like "is this resource
-   * available?" or "has this user hit their rate limit?".
-   *
-   * Requires `.body()` — call `.body()` before `.validate()` for type inference.
+   * Run validation against the parsed body before the 402 challenge. Throw
+   * `Object.assign(new Error('...'), { status })` to reject with a custom
+   * status code; defaults to 400. Requires `.body()` to be called first.
    *
    * @example
-   * ```typescript
-   * router
-   *   .route('domain/register')
-   *   .paid(calculatePrice)
-   *   .body(RegisterSchema)  // .body() first for type inference
-   *   .validate(async (body) => {
-   *     if (await isDomainTaken(body.domain)) {
-   *       throw Object.assign(new Error('Domain taken'), { status: 409 });
-   *     }
-   *   })
-   *   .handler(async ({ body }) => { ... });
+   * ```ts
+   * .body(RegisterSchema).validate(async (body) => {
+   *   if (await isTaken(body.name)) {
+   *     throw Object.assign(new Error('taken'), { status: 409 });
+   *   }
+   * });
    * ```
    */
   validate(fn) {
@@ -2676,27 +3617,64 @@ var RouteBuilder = class {
     next._validateFn = fn;
     return next;
   }
-  // -------------------------------------------------------------------------
-  // Settlement lifecycle
-  // -------------------------------------------------------------------------
   /**
-   * Add route-specific settlement hooks.
+   * Hook into the settlement lifecycle. `beforeSettle` runs after the handler
+   * succeeds but before on-chain settlement and can cancel the charge;
+   * `afterSettle` runs after settlement completes (success or failure).
    *
-   * `beforeSettle` runs after a successful handler response but before
-   * router-controlled settlement/broadcast, so it can still prevent the charge
-   * for x402 and MPP transaction-payload flows. `afterSettle` runs after
-   * settlement and is intended for durable ledgers or app-owned refund queues.
+   * @example
+   * ```ts
+   * .settlement({
+   *   beforeSettle: ({ result }) => (result.refund ? 'skip' : 'continue'),
+   *   afterSettle: ({ tx }) => analytics.track('settled', { tx }),
+   * });
+   * ```
    */
   settlement(lifecycle) {
     const next = this.fork();
     next._settlement = lifecycle;
     return next;
   }
-  // -------------------------------------------------------------------------
-  // Terminal method
-  // -------------------------------------------------------------------------
+  /**
+   * Register the request handler and return the Next.js route function. The
+   * handler receives a typed context and may return a value (serialized to
+   * JSON), a raw `Response`, or throw an `HttpError` for a non-2xx status.
+   *
+   * @example
+   * ```ts
+   * export const POST = router
+   *   .route('search')
+   *   .paid('0.01')
+   *   .body(schema)
+   *   .handler(async ({ body, wallet }) => searchService(body, wallet));
+   * ```
+   */
   handler(fn) {
-    const handlerFn = fn;
+    return this.register(fn, false);
+  }
+  /**
+   * Register a streaming handler (`async function*`) and return the Next.js
+   * route function. Each `charge()` call bills one tick (`tickCost` USDC) up
+   * to `maxPrice`; requires `.paid({ dynamic: true, ... })` and MPP session mode.
+   *
+   * @example
+   * ```ts
+   * export const POST = router
+   *   .route('llm/stream')
+   *   .paid({ dynamic: true, tickCost: '0.0001', unitType: 'token', maxPrice: '0.05' })
+   *   .body(schema)
+   *   .stream(async function* ({ body, charge }) {
+   *     for await (const token of streamLLM(body.prompt)) {
+   *       await charge();
+   *       yield token;
+   *     }
+   *   });
+   * ```
+   */
+  stream(fn) {
+    return this.register(fn, true);
+  }
+  register(handlerFn, streaming) {
     if (!this._authMode) {
       throw new Error(
         `route '${this._key}': Select an auth mode: .paid(pricing), .siwx(), .apiKey(resolver), or .unprotected()`
@@ -2710,6 +3688,26 @@ var RouteBuilder = class {
     if (this._settlement && !this._pricing) {
       throw new Error(`route '${this._key}': .settlement() requires a paid route`);
     }
+    if (this._dynamicPrice && this._protocols.includes("x402")) {
+      const hasUpto = this._deps.x402Accepts.some((accept) => accept.scheme === "upto");
+      if (!hasUpto) {
+        throw new Error(
+          `route '${this._key}': .paid({ dynamic: true }) on an x402 route requires an 'upto' accept on at least one configured network. Add { scheme: 'upto', network, asset } to RouterConfig.x402.accepts.`
+        );
+      }
+    }
+    if (this._dynamicPrice && this._protocols.includes("mpp")) {
+      if (!this._deps.mppSessionConfig) {
+        throw new Error(
+          `route '${this._key}': .paid({ dynamic: true }) on an MPP route requires session mode. Set RouterConfig.mpp.session = {} and provide mpp.operatorKey.`
+        );
+      }
+    }
+    if (streaming && !this._dynamicPrice) {
+      throw new Error(
+        `route '${this._key}': .stream() requires .paid({ dynamic: true }) \u2014 static/free routes can't meter per-chunk billing.`
+      );
+    }
     validateExamples(
       this._key,
       this._bodySchema,
@@ -2725,6 +3723,8 @@ var RouteBuilder = class {
       authMode: this._authMode,
       siwxEnabled: this._siwxEnabled,
       pricing: this._pricing,
+      dynamicPrice: this._dynamicPrice ? true : void 0,
+      streaming: streaming ? true : void 0,
       protocols: this._protocols,
       bodySchema: this._bodySchema,
       querySchema: this._querySchema,
@@ -2742,81 +3742,28 @@ var RouteBuilder = class {
       providerConfig: this._providerConfig,
       validateFn: this._validateFn,
       settlement: this._settlement,
-      mppInfo: this._mppInfo
+      mppInfo: this._mppInfo,
+      tickCost: this._tickCost,
+      unitType: this._unitType
     };
     this._registry.register(entry);
-    return createRequestHandler(
-      entry,
-      handlerFn,
-      this._deps
-    );
+    return createRequestHandler(entry, handlerFn, this._deps);
   }
 };
-
-// src/auth/entitlement.ts
-var MemoryEntitlementStore = class {
-  routeToWallets = /* @__PURE__ */ new Map();
-  async has(route, wallet) {
-    const wallets = this.routeToWallets.get(route);
-    if (!wallets) return false;
-    return wallets.has(normalizeWalletAddress(wallet));
-  }
-  async grant(route, wallet) {
-    const normalized = normalizeWalletAddress(wallet);
-    let wallets = this.routeToWallets.get(route);
-    if (!wallets) {
-      wallets = /* @__PURE__ */ new Set();
-      this.routeToWallets.set(route, wallets);
+function resolvePaidArgs(routeKey, pricingOrOptions, options) {
+  const isHandlerDynamicShape = typeof pricingOrOptions === "object" && pricingOrOptions !== null && typeof pricingOrOptions !== "function" && !("tiers" in pricingOrOptions) && "dynamic" in pricingOrOptions && pricingOrOptions.dynamic;
+  if (isHandlerDynamicShape) {
+    const opts = pricingOrOptions;
+    if (!opts.maxPrice) {
+      throw new Error(`route '${routeKey}': .paid({ dynamic: true }) requires maxPrice`);
     }
-    wallets.add(normalized);
+    return { pricing: opts.maxPrice, resolvedOptions: opts };
   }
-};
-function detectRedisClientType2(client) {
-  if (!client || typeof client !== "object") {
-    throw new Error(
-      "createRedisEntitlementStore requires a Redis client. Supported: @upstash/redis, ioredis."
-    );
-  }
-  if ("options" in client && "status" in client) return "ioredis";
-  const constructor = client.constructor?.name;
-  if (constructor === "Redis" && "url" in client) return "upstash";
-  if (typeof client.sadd === "function" && typeof client.sismember === "function") {
-    return "upstash";
-  }
-  throw new Error("Unrecognized Redis client for entitlement store.");
-}
-function createRedisEntitlementStore(client, options) {
-  const clientType = detectRedisClientType2(client);
-  const prefix = options?.prefix ?? "siwx:entitlement:";
-  return {
-    async has(route, wallet) {
-      const key = `${prefix}${route}`;
-      const normalized = normalizeWalletAddress(wallet);
-      if (clientType === "upstash") {
-        const redis2 = client;
-        const result2 = await redis2.sismember(key, normalized);
-        return result2 === 1 || result2 === true;
-      }
-      const redis = client;
-      const result = await redis.sismember(key, normalized);
-      return result === 1;
-    },
-    async grant(route, wallet) {
-      const key = `${prefix}${route}`;
-      const normalized = normalizeWalletAddress(wallet);
-      if (clientType === "upstash") {
-        const redis2 = client;
-        await redis2.sadd(key, normalized);
-        return;
-      }
-      const redis = client;
-      await redis.sadd(key, normalized);
-    }
-  };
+  return { pricing: pricingOrOptions, resolvedOptions: options };
 }
 
 // src/discovery/well-known.ts
-var import_server6 = require("next/server");
+var import_server8 = require("next/server");
 
 // src/discovery/utils/guidance.ts
 async function resolveGuidance(discovery) {
@@ -2860,7 +3807,7 @@ function createWellKnownHandler(registry, baseUrl, pricesKeys, discovery) {
     if (instructions) {
       body.instructions = instructions;
     }
-    return import_server6.NextResponse.json(body, {
+    return import_server8.NextResponse.json(body, {
       headers: {
         "Access-Control-Allow-Origin": "*",
         "Access-Control-Allow-Methods": "GET",
@@ -2877,14 +3824,14 @@ function toDiscoveryResource(method, url, mode) {
 }
 
 // src/discovery/openapi.ts
-var import_server7 = require("next/server");
+var import_server9 = require("next/server");
 init_constants();
 function createOpenAPIHandler(registry, baseUrl, pricesKeys, discovery) {
   const normalizedBase = baseUrl.replace(/\/+$/, "");
   let cached = null;
   let validated = false;
   return async (_request) => {
-    if (cached) return import_server7.NextResponse.json(cached);
+    if (cached) return import_server9.NextResponse.json(cached);
     if (!validated && pricesKeys) {
       registry.validate(pricesKeys);
       validated = true;
@@ -2947,7 +3894,7 @@ function createOpenAPIHandler(registry, baseUrl, pricesKeys, discovery) {
       paths
     };
     cached = createDocument(openApiDocument);
-    return import_server7.NextResponse.json(cached);
+    return import_server9.NextResponse.json(cached);
   };
 }
 function deriveTag(routeKey) {
@@ -3009,97 +3956,336 @@ function buildOperation(routeKey, entry, tag) {
     };
   }
   return {
-    operation,
-    requiresSiwxScheme,
-    requiresApiKeyScheme
+    operation,
+    requiresSiwxScheme,
+    requiresApiKeyScheme
+  };
+}
+function toProtocolObject(protocol, mppInfo) {
+  if (protocol === "mpp") {
+    return {
+      mpp: {
+        method: mppInfo?.method ?? "tempo",
+        intent: mppInfo?.intent ?? "charge",
+        currency: mppInfo?.currency ?? TEMPO_USDC_CURRENCY
+      }
+    };
+  }
+  return { [protocol]: {} };
+}
+function buildPricingInfo(entry) {
+  if (!entry.pricing) return void 0;
+  if (typeof entry.pricing === "string") {
+    return {
+      price: { mode: "fixed", currency: "USD", amount: entry.pricing }
+    };
+  }
+  if (typeof entry.pricing === "function") {
+    return {
+      price: {
+        mode: "dynamic",
+        currency: "USD",
+        min: entry.minPrice ?? "0",
+        max: entry.maxPrice ?? "0"
+      }
+    };
+  }
+  if ("tiers" in entry.pricing) {
+    const tierPrices = Object.values(entry.pricing.tiers).map((tier) => parseFloat(tier.price));
+    const min = Math.min(...tierPrices);
+    const max = Math.max(...tierPrices);
+    if (Number.isFinite(min) && Number.isFinite(max)) {
+      if (min === max) {
+        return {
+          price: { mode: "fixed", currency: "USD", amount: String(min) }
+        };
+      }
+      return {
+        price: { mode: "dynamic", currency: "USD", min: String(min), max: String(max) }
+      };
+    }
+    return {
+      price: {
+        mode: "dynamic",
+        currency: "USD",
+        min: "0",
+        max: entry.maxPrice ?? "0"
+      }
+    };
+  }
+  return void 0;
+}
+
+// src/discovery/llms-txt.ts
+var import_server10 = require("next/server");
+function createLlmsTxtHandler(discovery) {
+  return async (_request) => {
+    const guidance = await resolveGuidance(discovery) ?? "";
+    return new import_server10.NextResponse(guidance, {
+      headers: {
+        "Content-Type": "text/plain; charset=utf-8",
+        "Access-Control-Allow-Origin": "*"
+      }
+    });
+  };
+}
+
+// src/index.ts
+init_accepts();
+init_constants();
+
+// src/config/error.ts
+var RouterConfigError = class extends Error {
+  issues;
+  constructor(issues) {
+    super(formatRouterConfigIssues(issues));
+    this.name = "RouterConfigError";
+    this.issues = issues;
+  }
+};
+function formatRouterConfigIssues(issues) {
+  return issues.map((issue) => issue.message).join("\n");
+}
+
+// src/config/validators/x402.ts
+init_accepts();
+
+// src/config/validators/shared.ts
+init_evm();
+init_solana();
+init_accepts();
+function isEvmAddress(value) {
+  return /^0x[a-fA-F0-9]{40}$/.test(value);
+}
+function isEvmPrivateKey(value) {
+  return /^0x[a-fA-F0-9]{64}$/.test(value);
+}
+function isSupportedX402Network(network) {
+  return isEvmNetwork(network) || isSolanaNetwork(network);
+}
+function findPlaceholderPayee(values) {
+  return values.find((value) => value !== void 0 && /^0x0{40}$/i.test(value)) ?? null;
+}
+function usesDefaultEvmFacilitator(config) {
+  return getConfiguredX402Networks(config).some(
+    (network) => typeof network === "string" && isEvmNetwork(network)
+  ) && config.x402?.facilitators?.evm === void 0;
+}
+
+// src/config/validators/x402.ts
+var CHECKS = [
+  checkAcceptNetworkPresent,
+  checkAcceptNetworkSupported,
+  checkNonExactRequiresAsset,
+  checkDecimalsAreValid,
+  checkPayee,
+  checkPlaceholderPayeeAddress,
+  checkCdpKeys
+];
+function validateX402Config(config, env, options) {
+  const accepts = getConfiguredX402Accepts(config);
+  if (accepts.length === 0) {
+    return [
+      {
+        code: "missing_x402_accepts",
+        protocol: "x402",
+        message: "x402 requires at least one accept configuration."
+      }
+    ];
+  }
+  const args = { config, accepts, env, options };
+  return CHECKS.map((check) => check(args)).filter(
+    (issue) => issue !== null
+  );
+}
+function checkAcceptNetworkPresent({ accepts }) {
+  return accepts.some((accept) => !accept.network) ? { code: "missing_x402_network", protocol: "x402", message: "x402 accepts require a network." } : null;
+}
+function checkAcceptNetworkSupported({ accepts }) {
+  const unsupported = accepts.find(
+    (accept) => accept.network && !isSupportedX402Network(accept.network)
+  );
+  if (!unsupported) return null;
+  return {
+    code: "unsupported_x402_network",
+    protocol: "x402",
+    message: `unsupported x402 network '${unsupported.network}'. Use eip155:* or solana:*.`
+  };
+}
+function checkNonExactRequiresAsset({ accepts }) {
+  return accepts.some((accept) => (accept.scheme ?? "exact") !== "exact" && !accept.asset) ? {
+    code: "missing_x402_asset",
+    protocol: "x402",
+    message: "non-exact x402 accepts require an asset."
+  } : null;
+}
+function checkDecimalsAreValid({ accepts }) {
+  const invalid = accepts.find(
+    (accept) => accept.decimals !== void 0 && (!Number.isInteger(accept.decimals) || accept.decimals < 0)
+  );
+  if (!invalid) return null;
+  return {
+    code: "invalid_x402_decimals",
+    protocol: "x402",
+    message: "x402 accept decimals must be a non-negative integer."
+  };
+}
+function checkPayee({ config, accepts }) {
+  if (config.payeeAddress) return null;
+  return accepts.some((accept) => !accept.payTo) ? {
+    code: "missing_x402_payee",
+    protocol: "x402",
+    message: "x402 requires payeeAddress in router config or payTo on every x402 accept."
+  } : null;
+}
+function checkPlaceholderPayeeAddress({
+  config,
+  accepts
+}) {
+  const placeholder = findPlaceholderPayee([
+    config.payeeAddress,
+    ...accepts.map((accept) => typeof accept.payTo === "string" ? accept.payTo : void 0)
+  ]);
+  if (!placeholder) return null;
+  return {
+    code: "placeholder_payee",
+    protocol: "x402",
+    message: `x402 payee '${placeholder}' is a placeholder address and cannot receive payments.`
+  };
+}
+function checkCdpKeys({ config, env, options }) {
+  if (options.requireCdpKeys === false) return null;
+  if (!usesDefaultEvmFacilitator(config)) return null;
+  const missing = [
+    env.CDP_API_KEY_ID ? null : "CDP_API_KEY_ID",
+    env.CDP_API_KEY_SECRET ? null : "CDP_API_KEY_SECRET"
+  ].filter(Boolean);
+  if (missing.length === 0) return null;
+  return {
+    code: "missing_cdp_keys",
+    protocol: "x402",
+    message: `default EVM x402 facilitator requires ${missing.join(" and ")}.`
+  };
+}
+
+// src/config/validators/mpp.ts
+var import_accounts = require("viem/accounts");
+var CHECKS2 = [
+  checkSecretKey,
+  checkCurrency,
+  checkRecipient,
+  checkPlaceholderRecipient,
+  checkRpcUrl,
+  checkFeePayerKey,
+  checkOperatorKey,
+  checkOperatorMatchesFeePayer
+];
+function validateMppConfig(config, env) {
+  const mpp = config.mpp;
+  if (!mpp) {
+    return [
+      {
+        code: "missing_mpp_config",
+        protocol: "mpp",
+        message: 'protocols includes "mpp" but mpp config is missing. Add mpp: { secretKey, currency, recipient } to your router config.'
+      }
+    ];
+  }
+  const args = { config, mpp, env };
+  return CHECKS2.map((check) => check(args)).filter(
+    (issue) => issue !== null
+  );
+}
+function checkSecretKey({ mpp }) {
+  if (mpp.secretKey) return null;
+  return {
+    code: "missing_mpp_secret_key",
+    protocol: "mpp",
+    message: "MPP requires secretKey. Set MPP_SECRET_KEY or pass mpp.secretKey."
   };
 }
-function toProtocolObject(protocol, mppInfo) {
-  if (protocol === "mpp") {
+function checkCurrency({ mpp }) {
+  if (!mpp.currency) {
     return {
-      mpp: {
-        method: mppInfo?.method ?? "tempo",
-        intent: mppInfo?.intent ?? "charge",
-        currency: mppInfo?.currency ?? TEMPO_USDC_CURRENCY
-      }
+      code: "missing_mpp_currency",
+      protocol: "mpp",
+      message: "MPP requires currency. Set MPP_CURRENCY or pass mpp.currency."
     };
   }
-  return { [protocol]: {} };
-}
-function buildPricingInfo(entry) {
-  if (!entry.pricing) return void 0;
-  if (typeof entry.pricing === "string") {
+  if (!isEvmAddress(mpp.currency)) {
     return {
-      price: { mode: "fixed", currency: "USD", amount: entry.pricing }
+      code: "invalid_mpp_currency",
+      protocol: "mpp",
+      message: "MPP currency must be a 0x-prefixed 20-byte Tempo currency address. Use TEMPO_USDC_CURRENCY for Tempo USDC."
     };
   }
-  if (typeof entry.pricing === "function") {
+  return null;
+}
+function checkRecipient({ config, mpp }) {
+  const recipient = mpp.recipient ?? config.payeeAddress;
+  if (!recipient) {
     return {
-      price: {
-        mode: "dynamic",
-        currency: "USD",
-        min: entry.minPrice ?? "0",
-        max: entry.maxPrice ?? "0"
-      }
+      code: "missing_mpp_recipient",
+      protocol: "mpp",
+      message: "MPP requires a recipient address. Set mpp.recipient or payeeAddress in your router config."
     };
   }
-  if ("tiers" in entry.pricing) {
-    const tierPrices = Object.values(entry.pricing.tiers).map((tier) => parseFloat(tier.price));
-    const min = Math.min(...tierPrices);
-    const max = Math.max(...tierPrices);
-    if (Number.isFinite(min) && Number.isFinite(max)) {
-      if (min === max) {
-        return {
-          price: { mode: "fixed", currency: "USD", amount: String(min) }
-        };
-      }
-      return {
-        price: { mode: "dynamic", currency: "USD", min: String(min), max: String(max) }
-      };
-    }
+  if (!isEvmAddress(recipient)) {
     return {
-      price: {
-        mode: "dynamic",
-        currency: "USD",
-        min: "0",
-        max: entry.maxPrice ?? "0"
-      }
+      code: "invalid_mpp_recipient",
+      protocol: "mpp",
+      message: "MPP recipient must be a 0x-prefixed EVM address. Solana recipients require x402."
     };
   }
-  return void 0;
+  return null;
 }
-
-// src/discovery/llms-txt.ts
-var import_server8 = require("next/server");
-function createLlmsTxtHandler(discovery) {
-  return async (_request) => {
-    const guidance = await resolveGuidance(discovery) ?? "";
-    return new import_server8.NextResponse(guidance, {
-      headers: {
-        "Content-Type": "text/plain; charset=utf-8",
-        "Access-Control-Allow-Origin": "*"
-      }
-    });
+function checkPlaceholderRecipient({ config, mpp }) {
+  const placeholder = findPlaceholderPayee([mpp.recipient, config.payeeAddress]);
+  if (!placeholder) return null;
+  return {
+    code: "placeholder_payee",
+    protocol: "mpp",
+    message: `MPP recipient '${placeholder}' is a placeholder address and cannot receive payments.`
+  };
+}
+function checkRpcUrl({ mpp, env }) {
+  if (mpp.rpcUrl ?? env.TEMPO_RPC_URL) return null;
+  return {
+    code: "missing_mpp_rpc_url",
+    protocol: "mpp",
+    message: "MPP requires an authenticated Tempo RPC URL. Set TEMPO_RPC_URL env var or pass rpcUrl in the mpp config object."
+  };
+}
+function checkFeePayerKey({ mpp }) {
+  if (!mpp.feePayerKey || isEvmPrivateKey(mpp.feePayerKey)) return null;
+  return {
+    code: "invalid_mpp_fee_payer_key",
+    protocol: "mpp",
+    message: "MPP feePayerKey must be a 0x-prefixed 32-byte EVM private key."
+  };
+}
+function checkOperatorKey({ mpp }) {
+  if (!mpp.operatorKey || isEvmPrivateKey(mpp.operatorKey)) return null;
+  return {
+    code: "invalid_mpp_operator_key",
+    protocol: "mpp",
+    message: "MPP operatorKey must be a 0x-prefixed 32-byte EVM private key."
+  };
+}
+function checkOperatorMatchesFeePayer({ mpp }) {
+  if (!mpp.operatorKey || !mpp.feePayerKey) return null;
+  if (!isEvmPrivateKey(mpp.operatorKey) || !isEvmPrivateKey(mpp.feePayerKey)) return null;
+  const opAddr = (0, import_accounts.privateKeyToAccount)(mpp.operatorKey).address.toLowerCase();
+  const fpAddr = (0, import_accounts.privateKeyToAccount)(mpp.feePayerKey).address.toLowerCase();
+  if (opAddr !== fpAddr) return null;
+  return {
+    code: "mpp_operator_equals_fee_payer",
+    protocol: "mpp",
+    message: `MPP operatorKey and feePayerKey resolve to the same address (${opAddr}). Tempo rejects fee-delegated txs with sender === feePayer, so channel close/settle would fail at runtime. Either use two distinct wallets, or omit feePayerKey to disable gas sponsorship (clients then pay their own gas).`
   };
 }
 
-// src/index.ts
-init_accepts();
-init_constants();
-
-// src/config.ts
-init_constants();
-init_evm();
-init_solana();
-init_accepts();
-var RouterConfigError = class extends Error {
-  issues;
-  constructor(issues) {
-    super(formatRouterConfigIssues(issues));
-    this.name = "RouterConfigError";
-    this.issues = issues;
-  }
-};
+// src/config/validate.ts
 function validateRouterConfig(config, options = {}) {
   const issues = getRouterConfigIssues(config, options);
   if (issues.length > 0) throw new RouterConfigError(issues);
@@ -3128,9 +4314,9 @@ function getRouterConfigIssues(config, options = {}) {
   }
   return issues;
 }
-function formatRouterConfigIssues(issues) {
-  return issues.map((issue) => issue.message).join("\n");
-}
+
+// src/config/env.ts
+init_constants();
 function mppFromEnv(env, options = {}) {
   const secretKey = env.MPP_SECRET_KEY;
   const currency = env.MPP_CURRENCY;
@@ -3161,8 +4347,7 @@ function mppFromEnv(env, options = {}) {
     currency,
     rpcUrl,
     ...options.recipient ? { recipient: options.recipient } : {},
-    ...feePayerKey ? { feePayerKey } : {},
-    ...options.useDefaultStore !== void 0 ? { useDefaultStore: options.useDefaultStore } : {}
+    ...feePayerKey ? { feePayerKey } : {}
   };
 }
 function x402AcceptsFromEnv(env, options = {}) {
@@ -3192,189 +4377,145 @@ function x402AcceptsFromEnv(env, options = {}) {
 function paidOptionsForProtocols(protocols) {
   return { protocols: [...protocols] };
 }
-function validateX402Config(config, env, options) {
-  const issues = [];
-  const accepts = getConfiguredX402Accepts(config);
-  if (accepts.length === 0) {
-    issues.push({
-      code: "missing_x402_accepts",
-      protocol: "x402",
-      message: "x402 requires at least one accept configuration."
-    });
-    return issues;
-  }
-  const acceptWithoutNetwork = accepts.find((accept) => !accept.network);
-  if (acceptWithoutNetwork) {
-    issues.push({
-      code: "missing_x402_network",
-      protocol: "x402",
-      message: "x402 accepts require a network."
-    });
-  }
-  const unsupported = accepts.find(
-    (accept) => accept.network && !isSupportedX402Network(accept.network)
-  );
-  if (unsupported) {
-    issues.push({
-      code: "unsupported_x402_network",
-      protocol: "x402",
-      message: `unsupported x402 network '${unsupported.network}'. Use eip155:* or solana:*.`
-    });
-  }
-  const missingAsset = accepts.find(
-    (accept) => (accept.scheme ?? "exact") !== "exact" && !accept.asset
-  );
-  if (missingAsset) {
-    issues.push({
-      code: "missing_x402_asset",
-      protocol: "x402",
-      message: "non-exact x402 accepts require an asset."
-    });
-  }
-  const invalidDecimals = accepts.find(
-    (accept) => accept.decimals !== void 0 && (!Number.isInteger(accept.decimals) || accept.decimals < 0)
-  );
-  if (invalidDecimals) {
-    issues.push({
-      code: "invalid_x402_decimals",
-      protocol: "x402",
-      message: "x402 accept decimals must be a non-negative integer."
-    });
-  }
-  if (accepts.some((accept) => !accept.payTo) && !config.payeeAddress) {
-    issues.push({
-      code: "missing_x402_payee",
-      protocol: "x402",
-      message: "x402 requires payeeAddress in router config or payTo on every x402 accept."
-    });
-  }
-  const placeholder = findPlaceholderPayee([
-    config.payeeAddress,
-    ...accepts.map((accept) => typeof accept.payTo === "string" ? accept.payTo : void 0)
-  ]);
-  if (placeholder) {
-    issues.push({
-      code: "placeholder_payee",
-      protocol: "x402",
-      message: `x402 payee '${placeholder}' is a placeholder address and cannot receive payments.`
-    });
+
+// src/init/x402.ts
+async function initX402(config, configError) {
+  if (configError) return { initError: configError };
+  try {
+    const { createX402Server: createX402Server2 } = await Promise.resolve().then(() => (init_server(), server_exports));
+    const result = await createX402Server2(config);
+    await result.initPromise;
+    return {
+      server: result.server,
+      facilitatorsByNetwork: result.facilitatorsByNetwork
+    };
+  } catch (err) {
+    return { initError: err instanceof Error ? err.message : String(err) };
   }
-  if (options.requireCdpKeys !== false && usesDefaultEvmFacilitator(config)) {
-    const missing = [
-      env.CDP_API_KEY_ID ? null : "CDP_API_KEY_ID",
-      env.CDP_API_KEY_SECRET ? null : "CDP_API_KEY_SECRET"
-    ].filter(Boolean);
-    if (missing.length > 0) {
-      issues.push({
-        code: "missing_cdp_keys",
-        protocol: "x402",
-        message: `default EVM x402 facilitator requires ${missing.join(" and ")}.`
-      });
+}
+
+// src/mppx-init.ts
+function getMppxRequestContext(args) {
+  const {
+    Mppx,
+    tempo,
+    mppConfig,
+    payeeAddress,
+    getClient,
+    feePayerAccount,
+    resolvedStore,
+    sessionEnabled,
+    sharedSessionParams,
+    realm
+  } = args;
+  const instance = Mppx.create({
+    methods: [
+      tempo.charge({
+        currency: mppConfig.currency,
+        recipient: mppConfig.recipient ?? payeeAddress,
+        getClient,
+        ...feePayerAccount ? { feePayer: feePayerAccount } : {},
+        ...resolvedStore ? { store: resolvedStore } : {}
+      }),
+      ...sessionEnabled ? [
+        tempo.session({
+          ...sharedSessionParams,
+          sse: false
+        })
+      ] : []
+    ],
+    secretKey: mppConfig.secretKey,
+    realm
+  });
+  return instance;
+}
+function getMppxStreamingContext(args) {
+  if (!args.sessionEnabled) return null;
+  const { Mppx, tempo, mppConfig, sharedSessionParams, realm } = args;
+  const instance = Mppx.create({
+    methods: [
+      tempo.session({
+        ...sharedSessionParams,
+        sse: true
+      })
+    ],
+    secretKey: mppConfig.secretKey,
+    realm
+  });
+  return instance;
+}
+
+// src/init/mpp.ts
+async function initMpp(config, resolvedBaseUrl, kvStore, configError) {
+  if (configError) return { initError: configError };
+  if (!config.mpp) return {};
+  try {
+    const { Mppx, tempo } = await import("mppx/server");
+    const { createClient, http } = await import("viem");
+    const { tempo: tempoChain } = await import("viem/chains");
+    const { privateKeyToAccount: privateKeyToAccount2 } = await import("viem/accounts");
+    const rpcUrl = config.mpp.rpcUrl ?? process.env.TEMPO_RPC_URL;
+    const tempoClient = createClient({ chain: tempoChain, transport: http(rpcUrl) });
+    const getClient = async () => tempoClient;
+    const operatorAccount = config.mpp.operatorKey ? privateKeyToAccount2(config.mpp.operatorKey) : void 0;
+    const feePayerAccount = config.mpp.feePayerKey ? privateKeyToAccount2(config.mpp.feePayerKey) : void 0;
+    if (config.mpp.session && operatorAccount) {
+      assertOperatorMatchesRecipient(config, operatorAccount.address);
     }
+    const resolvedStore = kvStore ? await createKvMppStore(kvStore) : void 0;
+    const realm = new URL(resolvedBaseUrl).host;
+    const mppConfig = config.mpp;
+    const sessionEnabled = !!(mppConfig.session && operatorAccount);
+    const sharedSessionParams = {
+      currency: mppConfig.currency,
+      decimals: 6,
+      recipient: mppConfig.recipient ?? config.payeeAddress,
+      getClient,
+      ...operatorAccount ? { account: operatorAccount } : {},
+      ...feePayerAccount ? { feePayer: feePayerAccount } : {},
+      ...resolvedStore ? { store: resolvedStore } : {}
+    };
+    const mppxArgs = {
+      Mppx,
+      tempo,
+      mppConfig,
+      payeeAddress: config.payeeAddress ?? "",
+      getClient,
+      feePayerAccount,
+      resolvedStore,
+      sessionEnabled,
+      sharedSessionParams,
+      realm
+    };
+    const primary = getMppxRequestContext(mppxArgs);
+    const streaming = getMppxStreamingContext(mppxArgs);
+    const mppx = {
+      charge: primary.charge,
+      ...primary.session ? { sessionRequest: primary.session } : {},
+      ...streaming?.session ? { sessionStream: streaming.session } : {}
+    };
+    return { mppx, tempoClient };
+  } catch (err) {
+    return { initError: err instanceof Error ? err.message : String(err) };
   }
-  return issues;
 }
-function validateMppConfig(config, env) {
-  const issues = [];
-  const mpp = config.mpp;
-  if (!mpp) {
-    return [
-      {
-        code: "missing_mpp_config",
-        protocol: "mpp",
-        message: 'protocols includes "mpp" but mpp config is missing. Add mpp: { secretKey, currency, recipient } to your router config.'
-      }
-    ];
-  }
-  if (!mpp.secretKey) {
-    issues.push({
-      code: "missing_mpp_secret_key",
-      protocol: "mpp",
-      message: "MPP requires secretKey. Set MPP_SECRET_KEY or pass mpp.secretKey."
-    });
-  }
-  if (!mpp.currency) {
-    issues.push({
-      code: "missing_mpp_currency",
-      protocol: "mpp",
-      message: "MPP requires currency. Set MPP_CURRENCY or pass mpp.currency."
-    });
-  } else if (!isEvmAddress(mpp.currency)) {
-    issues.push({
-      code: "invalid_mpp_currency",
-      protocol: "mpp",
-      message: "MPP currency must be a 0x-prefixed 20-byte Tempo currency address. Use TEMPO_USDC_CURRENCY for Tempo USDC."
-    });
-  }
-  const mppRecipient = mpp.recipient ?? config.payeeAddress;
-  if (!mppRecipient) {
-    issues.push({
-      code: "missing_mpp_recipient",
-      protocol: "mpp",
-      message: "MPP requires a recipient address. Set mpp.recipient or payeeAddress in your router config."
-    });
-  } else if (!isEvmAddress(mppRecipient)) {
-    issues.push({
-      code: "invalid_mpp_recipient",
-      protocol: "mpp",
-      message: "MPP recipient must be a 0x-prefixed EVM address. Solana recipients require x402."
-    });
-  }
-  const placeholder = findPlaceholderPayee([mpp.recipient, config.payeeAddress]);
-  if (placeholder) {
-    issues.push({
-      code: "placeholder_payee",
-      protocol: "mpp",
-      message: `MPP recipient '${placeholder}' is a placeholder address and cannot receive payments.`
-    });
-  }
-  if (!(mpp.rpcUrl ?? env.TEMPO_RPC_URL)) {
-    issues.push({
-      code: "missing_mpp_rpc_url",
-      protocol: "mpp",
-      message: "MPP requires an authenticated Tempo RPC URL. Set TEMPO_RPC_URL env var or pass rpcUrl in the mpp config object."
-    });
-  }
-  if (mpp.feePayerKey && !isEvmPrivateKey(mpp.feePayerKey)) {
-    issues.push({
-      code: "invalid_mpp_fee_payer_key",
-      protocol: "mpp",
-      message: "MPP feePayerKey must be a 0x-prefixed 32-byte EVM private key."
-    });
-  }
-  if (mpp.useDefaultStore && !mpp.store && (!env.KV_REST_API_URL || !env.KV_REST_API_TOKEN)) {
-    issues.push({
-      code: "missing_mpp_default_store_env",
-      protocol: "mpp",
-      message: "mpp.useDefaultStore requires KV_REST_API_URL and KV_REST_API_TOKEN environment variables. These are automatically set by Vercel KV."
-    });
+function assertOperatorMatchesRecipient(config, operatorAddress) {
+  const recipient = (config.mpp?.recipient ?? config.payeeAddress)?.toLowerCase();
+  const opAddr = operatorAddress.toLowerCase();
+  if (recipient && opAddr !== recipient) {
+    throw new Error(
+      `MPP session config mismatch: operator address ${operatorAddress} must equal recipient/payee ${recipient}. mppx's channel-close handler asserts sender === payee. Set mpp.operatorKey to the private key for ${recipient}, or set mpp.recipient/payeeAddress to ${operatorAddress}.`
+    );
   }
-  return issues;
-}
-function usesDefaultEvmFacilitator(config) {
-  return getConfiguredX402Networks(config).some(
-    (network) => typeof network === "string" && isEvmNetwork(network)
-  ) && config.x402?.facilitators?.evm === void 0;
-}
-function isSupportedX402Network(network) {
-  return isEvmNetwork(network) || isSolanaNetwork(network);
-}
-function isEvmAddress(value) {
-  return /^0x[a-fA-F0-9]{40}$/.test(value);
-}
-function isEvmPrivateKey(value) {
-  return /^0x[a-fA-F0-9]{64}$/.test(value);
-}
-function findPlaceholderPayee(values) {
-  return values.find((value) => value !== void 0 && /^0x0{40}$/i.test(value)) ?? null;
 }
 
 // src/index.ts
 init_constants();
 function createRouter(config) {
   const registry = new RouteRegistry();
-  const nonceStore = config.siwx?.nonceStore ?? new MemoryNonceStore();
-  const entitlementStore = config.siwx?.entitlementStore ?? new MemoryEntitlementStore();
+  const kvStore = resolveKvStore(config.kvStore);
+  const nonceStore = kvStore ? createKvNonceStore(kvStore) : new MemoryNonceStore();
+  const entitlementStore = kvStore ? createKvEntitlementStore(kvStore) : new MemoryEntitlementStore();
   const network = config.network ?? BASE_NETWORK;
   const x402Accepts = getConfiguredX402Accepts(config);
   const configIssues = getRouterConfigIssues(config, {
@@ -3420,69 +4561,20 @@ function createRouter(config) {
     x402FacilitatorsByNetwork: void 0,
     x402Accepts,
     mppx: null,
-    tempoClient: null
+    tempoClient: null,
+    mppSessionConfig: config.mpp?.session ? { depositMultiplier: config.mpp.session.depositMultiplier ?? 10 } : null
   };
   deps.initPromise = (async () => {
-    if (x402ConfigError) {
-      deps.x402InitError = x402ConfigError;
-    } else {
-      try {
-        const { createX402Server: createX402Server2 } = await Promise.resolve().then(() => (init_server(), server_exports));
-        const result = await createX402Server2(config);
-        deps.x402Server = result.server;
-        deps.x402FacilitatorsByNetwork = result.facilitatorsByNetwork;
-        await result.initPromise;
-      } catch (err) {
-        deps.x402Server = null;
-        deps.x402InitError = err instanceof Error ? err.message : String(err);
-      }
-    }
-    if (mppConfigError) {
-      deps.mppInitError = mppConfigError;
-    } else if (config.mpp) {
-      try {
-        const { Mppx, tempo } = await import("mppx/server");
-        const rpcUrl = config.mpp.rpcUrl ?? process.env.TEMPO_RPC_URL;
-        const { createClient, http } = await import("viem");
-        const { tempo: tempoChain } = await import("viem/chains");
-        deps.tempoClient = createClient({ chain: tempoChain, transport: http(rpcUrl) });
-        const getClient = async () => deps.tempoClient;
-        let feePayerAccount;
-        if (config.mpp.feePayerKey) {
-          const { privateKeyToAccount } = await import("viem/accounts");
-          feePayerAccount = privateKeyToAccount(config.mpp.feePayerKey);
-        }
-        let resolvedStore = config.mpp.store;
-        if (!resolvedStore && config.mpp.useDefaultStore) {
-          const kvUrl = process.env.KV_REST_API_URL;
-          const kvToken = process.env.KV_REST_API_TOKEN;
-          if (!kvUrl || !kvToken) {
-            throw new Error(
-              "mpp.useDefaultStore requires KV_REST_API_URL and KV_REST_API_TOKEN environment variables. These are automatically set by Vercel KV."
-            );
-          }
-          const { Store } = await import("mppx");
-          const { createUpstashRest: createUpstashRest2 } = await Promise.resolve().then(() => (init_upstash_rest(), upstash_rest_exports));
-          resolvedStore = Store.upstash(createUpstashRest2(kvUrl, kvToken));
-        }
-        deps.mppx = Mppx.create({
-          methods: [
-            tempo.charge({
-              currency: config.mpp.currency,
-              recipient: config.mpp.recipient ?? config.payeeAddress,
-              getClient,
-              ...feePayerAccount ? { feePayer: feePayerAccount } : {},
-              ...resolvedStore ? { store: resolvedStore } : {}
-            })
-          ],
-          secretKey: config.mpp.secretKey,
-          realm: new URL(resolvedBaseUrl).host
-        });
-      } catch (err) {
-        deps.mppx = null;
-        deps.mppInitError = err instanceof Error ? err.message : String(err);
-        console.error(`[router] MPP initialization failed: ${deps.mppInitError}`);
-      }
+    const x402Result = await initX402(config, x402ConfigError);
+    deps.x402Server = x402Result.server ?? null;
+    deps.x402FacilitatorsByNetwork = x402Result.facilitatorsByNetwork;
+    if (x402Result.initError) deps.x402InitError = x402Result.initError;
+    const mppResult = await initMpp(config, resolvedBaseUrl, kvStore, mppConfigError);
+    deps.mppx = mppResult.mppx ?? null;
+    deps.tempoClient = mppResult.tempoClient ?? null;
+    if (mppResult.initError) {
+      deps.mppInitError = mppResult.initError;
+      console.error(`[router] MPP initialization failed: ${mppResult.initError}`);
     }
   })();
   const pricesKeys = config.prices ? Object.keys(config.prices) : void 0;
@@ -3564,13 +4656,15 @@ function normalizePath(path) {
   TEMPO_USDC_CURRENCY,
   ZERO_EVM_ADDRESS,
   consolePlugin,
-  createRedisEntitlementStore,
-  createRedisNonceStore,
+  createKvEntitlementStore,
+  createKvMppStore,
+  createKvNonceStore,
   createRouter,
   formatRouterConfigIssues,
   getRouterConfigIssues,
   mppFromEnv,
   paidOptionsForProtocols,
   validateRouterConfig,
+  withPrefix,
   x402AcceptsFromEnv
 });