npm - @agentcash/router - Versions diffs - 1.5.2 → 1.7.0 - Mend

@agentcash/router 1.5.2 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/AGENTS.md +85 -0
package/README.md +138 -526
package/dist/index.cjs +2380 -1244
package/dist/index.d.cts +451 -317
package/dist/index.d.ts +451 -317
package/dist/index.js +2372 -1227
package/package.json +16 -24
package/.claude/CLAUDE.md +0 -229
package/.claude/skills/router-guide/SKILL.md +0 -585

package/dist/index.js CHANGED Viewed

@@ -9,14 +9,18 @@ var __export = (target, all) => {
 };
 // src/constants.ts
-var BASE_NETWORK, SOLANA_MAINNET_NETWORK, TEMPO_USDC_CURRENCY, ZERO_EVM_ADDRESS;
+var BASE_MAINNET_NETWORK, SOLANA_MAINNET_NETWORK, TEMPO_USDC_ADDRESS, TEMPO_USDC_DECIMALS, BASE_USDC_ADDRESS, BASE_USDC_DECIMALS, ZERO_EVM_ADDRESS, DEFAULT_SOLANA_FACILITATOR_URL;
 var init_constants = __esm({
   "src/constants.ts"() {
     "use strict";
-    BASE_NETWORK = "eip155:8453";
+    BASE_MAINNET_NETWORK = "eip155:8453";
     SOLANA_MAINNET_NETWORK = "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp";
-    TEMPO_USDC_CURRENCY = "0x20c000000000000000000000b9537d11c60e8b50";
+    TEMPO_USDC_ADDRESS = "0x20c000000000000000000000b9537d11c60e8b50";
+    TEMPO_USDC_DECIMALS = 6;
+    BASE_USDC_ADDRESS = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
+    BASE_USDC_DECIMALS = 6;
     ZERO_EVM_ADDRESS = "0x0000000000000000000000000000000000000000";
+    DEFAULT_SOLANA_FACILITATOR_URL = "https://facilitator.corbits.dev";
   }
 });
@@ -33,7 +37,7 @@ function getConfiguredX402Accepts(config) {
   return [
     {
       scheme: "exact",
-      network: config.network ?? BASE_NETWORK,
+      network: config.network ?? BASE_MAINNET_NETWORK,
       payTo: config.payeeAddress
     }
   ];
@@ -83,6 +87,18 @@ function buildEvmExactOptions(accepts, price) {
     payTo
   }));
 }
+function buildEvmUptoOptions(accepts, price) {
+  return accepts.filter(
+    (accept) => accept.scheme === "upto" && isEvmNetwork(accept.network)
+  ).map((accept) => ({
+    scheme: "upto",
+    network: accept.network,
+    payTo: accept.payTo,
+    price,
+    ...accept.maxTimeoutSeconds !== void 0 ? { maxTimeoutSeconds: accept.maxTimeoutSeconds } : {},
+    ...accept.extra ? { extra: accept.extra } : {}
+  }));
+}
 var init_evm = __esm({
   "src/protocols/x402/evm.ts"() {
     "use strict";
@@ -201,7 +217,10 @@ async function getAcceptsHeadersForFacilitator(facilitator) {
   return {};
 }
 function resolveX402FacilitatorTarget(config, network, defaultEvmFacilitator) {
-  return (isSolanaNetwork(network) ? config.x402?.facilitators?.solana : void 0) ?? (isEvmNetwork(network) ? config.x402?.facilitators?.evm : void 0) ?? (isSolanaNetwork(network) ? DEFAULT_SOLANA_FACILITATOR_URL : defaultEvmFacilitator);
+  if (isSolanaNetwork(network)) {
+    return config.x402?.facilitators?.solana ?? DEFAULT_SOLANA_FACILITATOR_URL;
+  }
+  return defaultEvmFacilitator;
 }
 function normalizeFacilitatorTarget(target) {
   return typeof target === "string" ? { url: target } : target;
@@ -214,19 +233,18 @@ function getNetworkFamily(network) {
 function sameFacilitatorConfig(a, b) {
   return a.url === b.url && a.createAuthHeaders === b.createAuthHeaders && a.createAcceptsHeaders === b.createAcceptsHeaders;
 }
-var DEFAULT_SOLANA_FACILITATOR_URL;
 var init_facilitators = __esm({
   "src/protocols/x402/facilitators.ts"() {
     "use strict";
     init_evm();
     init_solana();
-    DEFAULT_SOLANA_FACILITATOR_URL = "https://facilitator.corbits.dev";
+    init_constants();
   }
 });
-// src/server.ts
-var server_exports = {};
-__export(server_exports, {
+// src/init/x402-server.ts
+var x402_server_exports = {};
+__export(x402_server_exports, {
   createX402Server: () => createX402Server
 });
 async function createX402Server(config) {
@@ -267,44 +285,44 @@ async function createX402Server(config) {
     facilitatorsByNetwork
   };
 }
-function cachedClient(inner, kinds) {
+function createFacilitatorClients(facilitatorsByNetwork, HTTPFacilitatorClient) {
+  const groups = getResolvedX402FacilitatorGroups(facilitatorsByNetwork);
+  return groups.map((group) => {
+    const inner = new HTTPFacilitatorClient(group.config);
+    const kinds = buildSupportedKinds(group);
+    return hardcodedSupportedClient(inner, kinds);
+  });
+}
+function hardcodedSupportedClient(inner, kinds) {
   return {
     verify: inner.verify.bind(inner),
     settle: inner.settle.bind(inner),
-    getSupported: async () => ({
-      kinds,
-      extensions: [],
-      signers: {}
-    })
+    getSupported: async () => ({ kinds, extensions: [], signers: {} })
   };
 }
-function createFacilitatorClients(facilitatorsByNetwork, HTTPFacilitatorClient) {
-  const groups = getResolvedX402FacilitatorGroups(facilitatorsByNetwork);
-  return groups.map((group) => {
-    const inner = new HTTPFacilitatorClient(group.config);
-    const kinds = group.networks.flatMap((network) => {
-      const exactKind = {
-        x402Version: 2,
-        scheme: "exact",
-        network,
-        ...group.family === "solana" ? {
-          extra: {
-            features: {
-              xSettlementAccountSupported: true
-            }
+function buildSupportedKinds(group) {
+  return group.networks.flatMap((network) => {
+    const exactKind = {
+      x402Version: 2,
+      scheme: "exact",
+      network,
+      ...group.family === "solana" ? {
+        extra: {
+          features: {
+            xSettlementAccountSupported: true
           }
-        } : {}
-      };
-      if (group.family === "evm") {
-        return [exactKind, { x402Version: 2, scheme: "upto", network }];
-      }
-      return [exactKind];
-    });
-    return cachedClient(inner, kinds);
+        }
+      } : {}
+    };
+    const uptoKind = { x402Version: 2, scheme: "upto", network };
+    if (group.family === "evm") {
+      return [exactKind, uptoKind];
+    }
+    return [exactKind, uptoKind];
   });
 }
-var init_server = __esm({
-  "src/server.ts"() {
+var init_x402_server = __esm({
+  "src/init/x402-server.ts"() {
     "use strict";
     init_evm();
     init_solana();
@@ -313,65 +331,9 @@ var init_server = __esm({
   }
 });
-// src/upstash-rest.ts
-var upstash_rest_exports = {};
-__export(upstash_rest_exports, {
-  createUpstashRest: () => createUpstashRest
-});
-function createUpstashRest(url, token) {
-  const base = url.replace(/\/+$/, "");
-  const headers = { Authorization: `Bearer ${token}` };
-  async function get(key) {
-    const res = await fetch(`${base}/get/${key}`, { headers });
-    if (!res.ok) throw new Error(`[upstash-rest] GET ${key}: ${res.status}`);
-    const { result } = await res.json();
-    return result ?? null;
-  }
-  async function set(key, value) {
-    const res = await fetch(`${base}`, {
-      method: "POST",
-      headers: { ...headers, "Content-Type": "application/json" },
-      body: JSON.stringify(["SET", key, JSON.stringify(value)])
-    });
-    if (!res.ok) throw new Error(`[upstash-rest] SET ${key}: ${res.status}`);
-    return await res.json();
-  }
-  async function del(key) {
-    const res = await fetch(`${base}`, {
-      method: "POST",
-      headers: { ...headers, "Content-Type": "application/json" },
-      body: JSON.stringify(["DEL", key])
-    });
-    if (!res.ok) throw new Error(`[upstash-rest] DEL ${key}: ${res.status}`);
-    return await res.json();
-  }
-  return {
-    get,
-    set,
-    del,
-    async update(key, fn) {
-      const current = await get(key);
-      const change = fn(current);
-      if (change.op === "set") await set(key, change.value);
-      if (change.op === "delete") await del(key);
-      return change.result;
-    }
-  };
-}
-var init_upstash_rest = __esm({
-  "src/upstash-rest.ts"() {
-    "use strict";
-  }
-});
 // src/registry.ts
 var RouteRegistry = class {
   routes = /* @__PURE__ */ new Map();
-  // Internal map key includes the HTTP method so that POST and DELETE on the
-  // same path coexist. Within the same path+method, last-write-wins is still
-  // intentional — Next.js module loading order is non-deterministic during
-  // build and discovery stubs may register the same route in either order.
-  // Prior art: ElysiaJS uses the same pattern (silent overwrite in router.history).
   mapKey(entry) {
     return `${entry.key}:${entry.method}`;
   }
@@ -384,8 +346,6 @@ var RouteRegistry = class {
     }
     this.routes.set(k, entry);
   }
-  // Accepts either a compound key ("site/domain:DELETE") or a path-only key
-  // ("site/domain") — path-only returns the first registered method for that path.
   get(key) {
     const direct = this.routes.get(key);
     if (direct) return direct;
@@ -417,24 +377,17 @@ var RouteRegistry = class {
 // src/headers.ts
 var HEADERS = {
-  // ---- Standard HTTP ----
   AUTHORIZATION: "Authorization",
   WWW_AUTHENTICATE: "WWW-Authenticate",
-  // ---- Auth ----
   API_KEY: "X-API-Key",
-  // ---- Request meta (used by plugin/observability) ----
   WALLET_ADDRESS: "X-Wallet-Address",
   CLIENT_ID: "X-Client-ID",
   SESSION_ID: "X-Session-ID",
-  // ---- SIWX ----
   SIWX: "SIGN-IN-WITH-X",
-  // ---- x402 (payment) ----
   X402_PAYMENT_SIGNATURE: "PAYMENT-SIGNATURE",
-  /** Legacy x402 payment header — accepted alongside PAYMENT-SIGNATURE. */
   X402_PAYMENT_LEGACY: "X-PAYMENT",
   X402_PAYMENT_REQUIRED: "PAYMENT-REQUIRED",
   X402_PAYMENT_RESPONSE: "PAYMENT-RESPONSE",
-  // ---- MPP (payment) ----
   MPP_PAYMENT_RECEIPT: "Payment-Receipt"
 };
 var AUTH_SCHEME = {
@@ -442,7 +395,7 @@ var AUTH_SCHEME = {
   MPP_PAYMENT: "Payment "
 };
-// src/plugin.ts
+// src/plugin/index.ts
 function createDefaultContext(meta) {
   const ctx = {
     requestId: meta.requestId,
@@ -478,50 +431,32 @@ function firePluginHook(plugin, method, ...args) {
     return void 0;
   }
 }
-function consolePlugin() {
-  return {
-    onRequest(meta) {
-      const ctx = createDefaultContext(meta);
-      return ctx;
-    },
-    onAuthVerified(_ctx, auth) {
-      const wallet = auth.wallet ? ` wallet=${auth.wallet}` : "";
-      console.log(`[router] AUTH ${auth.authMode} ${auth.route}${wallet}`);
-    },
-    onPaymentVerified(_ctx, payment) {
-      console.log(`[router] VERIFIED ${payment.protocol} ${payment.payer} ${payment.amount}`);
-    },
-    onPaymentSettled(_ctx, settlement) {
-      console.log(`[router] SETTLED ${settlement.protocol} tx=${settlement.transaction}`);
-    },
-    onResponse(ctx, response) {
-      const wallet = ctx.verifiedWallet ? ` wallet=${ctx.verifiedWallet}` : "";
-      console.log(
-        `[router] ${ctx.route} \u2192 ${response.statusCode} (${response.duration}ms)${wallet}`
-      );
-    },
-    onError(_ctx, error) {
-      console.error(`[router] ERROR ${error.status}: ${error.message}`);
-    },
-    onAlert(_ctx, alert) {
-      const logFn = alert.level === "critical" || alert.level === "error" ? console.error : alert.level === "warn" ? console.warn : console.log;
-      logFn(
-        `[router] ${alert.level.toUpperCase()} ${alert.route}: ${alert.message}`,
-        alert.meta ?? ""
-      );
-    },
-    onProviderQuota(_ctx, event) {
-      const logFn = event.level === "critical" ? console.error : event.level === "warn" ? console.warn : console.log;
-      logFn(`[router] QUOTA ${event.level.toUpperCase()} ${event.provider}: ${event.message}`);
-    }
+// src/plugin/reporter.ts
+function createReporter(plugin, pluginCtx, route) {
+  return (level, message, meta) => {
+    firePluginHook(plugin, "onAlert", pluginCtx, {
+      level,
+      message,
+      route,
+      ...meta ? { meta } : {}
+    });
   };
 }
-// src/pipeline/context/preflight.ts
+// src/pipeline/steps/preflight.ts
 function preflight(routeEntry, handler, deps, request) {
   const meta = buildMeta(request, routeEntry);
   const pluginCtx = firePluginHook(deps.plugin, "onRequest", meta) ?? createDefaultContext(meta);
-  return { routeEntry, handler, deps, request, meta, pluginCtx };
+  return {
+    routeEntry,
+    handler,
+    deps,
+    request,
+    meta,
+    pluginCtx,
+    report: createReporter(deps.plugin, pluginCtx, routeEntry.key)
+  };
 }
 function buildMeta(request, routeEntry) {
   return {
@@ -539,10 +474,10 @@ function buildMeta(request, routeEntry) {
   };
 }
-// src/pipeline/context/parse-body.ts
+// src/pipeline/steps/parse-body.ts
 import { NextResponse } from "next/server";
-// src/body.ts
+// src/pipeline/body.ts
 async function bufferBody(request) {
   const text = await request.text();
   if (!text) return void 0;
@@ -566,46 +501,19 @@ function validateBody(parsed, schema) {
   };
 }
-// src/pipeline/context/parse-body.ts
-async function parseBody(request, routeEntry) {
-  if (!routeEntry.bodySchema) return { ok: true, data: void 0 };
-  const raw = await bufferBody(request);
-  const result = validateBody(raw, routeEntry.bodySchema);
-  if (result.success) return { ok: true, data: result.data };
-  return {
-    ok: false,
-    response: NextResponse.json(
-      { success: false, error: result.error, issues: result.issues },
-      { status: 400 }
-    )
-  };
-}
-// src/pipeline/context/parse-query.ts
-function parseQuery(request, routeEntry) {
-  if (!routeEntry.querySchema) return void 0;
-  const params = Object.fromEntries(request.nextUrl.searchParams.entries());
-  const result = routeEntry.querySchema.safeParse(params);
-  return result.success ? result.data : params;
-}
-// src/pipeline/context/errors.ts
-function errorStatus(error, fallback) {
-  const status = error?.status;
-  return typeof status === "number" ? status : fallback;
+// src/plugin/events.ts
+function fireAuthVerified(ctx, event) {
+  firePluginHook(ctx.deps.plugin, "onAuthVerified", ctx.pluginCtx, {
+    ...event,
+    route: ctx.routeEntry.key
+  });
 }
-function errorMessage(error, fallback) {
-  return error instanceof Error ? error.message : fallback;
+function firePaymentVerified(ctx, event) {
+  firePluginHook(ctx.deps.plugin, "onPaymentVerified", ctx.pluginCtx, event);
 }
-function handlerFailureError(response) {
-  const message = response.statusText || `Handler returned HTTP ${response.status}`;
-  return Object.assign(new Error(message), { status: response.status });
+function firePaymentSettled(ctx, event) {
+  firePluginHook(ctx.deps.plugin, "onPaymentSettled", ctx.pluginCtx, event);
 }
-// src/pipeline/context/fail.ts
-import { NextResponse as NextResponse2 } from "next/server";
-// src/pipeline/context/fire-plugin-response.ts
 function firePluginResponse(ctx, response, requestBody, responseBody) {
   firePluginHook(ctx.deps.plugin, "onResponse", ctx.pluginCtx, {
     statusCode: response.status,
@@ -624,15 +532,72 @@ function firePluginResponse(ctx, response, requestBody, responseBody) {
     });
   }
 }
+function fireProviderQuota(ctx, response, handlerResult) {
+  const { providerName, providerConfig } = ctx.routeEntry;
+  if (!providerName || !providerConfig?.extractQuota) return;
+  if (response.status >= 400) return;
+  try {
+    const quota = providerConfig.extractQuota(handlerResult, response.headers);
+    if (!quota) return;
+    const level = computeQuotaLevel(quota.remaining, providerConfig.warn, providerConfig.critical);
+    const overage = providerConfig.overage ?? "same-rate";
+    const event = {
+      provider: providerName,
+      route: ctx.routeEntry.key,
+      remaining: quota.remaining,
+      limit: quota.limit,
+      spend: quota.spend,
+      level,
+      overage,
+      message: quota.remaining !== null ? `${providerName}: ${quota.remaining}${quota.limit ? `/${quota.limit}` : ""} remaining` : `${providerName}: quota info unavailable`
+    };
+    firePluginHook(ctx.deps.plugin, "onProviderQuota", ctx.pluginCtx, event);
+  } catch {
+  }
+}
+function computeQuotaLevel(remaining, warn, critical) {
+  if (remaining === null) return "healthy";
+  if (critical !== void 0 && remaining <= critical) return "critical";
+  if (warn !== void 0 && remaining <= warn) return "warn";
+  return "healthy";
+}
+// src/pipeline/steps/parse-body.ts
+async function parseBody(ctx, request = ctx.request) {
+  if (!ctx.routeEntry.bodySchema) return { ok: true, data: void 0 };
+  const raw = await bufferBody(request);
+  const result = validateBody(raw, ctx.routeEntry.bodySchema);
+  if (result.success) return { ok: true, data: result.data };
+  const response = NextResponse.json(
+    { success: false, error: result.error, issues: result.issues },
+    { status: 400 }
+  );
+  firePluginResponse(ctx, response);
+  return { ok: false, response };
+}
+// src/pipeline/steps/errors.ts
+function errorStatus(error, fallback) {
+  const status = error?.status;
+  return typeof status === "number" ? status : fallback;
+}
+function errorMessage(error, fallback) {
+  return error instanceof Error ? error.message : fallback;
+}
+function handlerFailureError(response) {
+  const message = response.statusText || `Handler returned HTTP ${response.status}`;
+  return Object.assign(new Error(message), { status: response.status });
+}
-// src/pipeline/context/fail.ts
+// src/pipeline/steps/fail.ts
+import { NextResponse as NextResponse2 } from "next/server";
 function fail(ctx, status, message, requestBody) {
   const response = NextResponse2.json({ success: false, error: message }, { status });
   firePluginResponse(ctx, response, requestBody);
   return response;
 }
-// src/pipeline/context/run-validate.ts
+// src/pipeline/steps/run-validate.ts
 async function runValidate(ctx, body) {
   if (!ctx.routeEntry.validateFn) return null;
   try {
@@ -643,7 +608,7 @@ async function runValidate(ctx, body) {
   }
 }
-// src/handler.ts
+// src/pipeline/flows/static/static-invoke.ts
 import { NextResponse as NextResponse3 } from "next/server";
 // src/types.ts
@@ -655,23 +620,23 @@ var HttpError = class extends Error {
   }
 };
-// src/handler.ts
-async function safeCallHandler(handler, ctx, options = {}) {
-  try {
-    const result = await handler(ctx);
-    if (result instanceof Response) return result;
-    return NextResponse3.json(result);
-  } catch (error) {
-    options.onError?.(error);
-    const status = error instanceof HttpError ? error.status : typeof error.status === "number" ? error.status : 500;
-    const message = error instanceof Error ? error.message : "Internal error";
-    return NextResponse3.json({ success: false, error: message }, { status });
-  }
+// src/pipeline/steps/parse-query.ts
+function parseQuery(request, routeEntry) {
+  if (!routeEntry.querySchema) return void 0;
+  const params = Object.fromEntries(request.nextUrl.searchParams.entries());
+  const result = routeEntry.querySchema.safeParse(params);
+  return result.success ? result.data : params;
 }
-// src/pipeline/context/invoke.ts
-async function invoke(ctx, wallet, account, body, payment) {
-  const handlerCtx = {
+// src/pipeline/flows/static/static-invoke.ts
+function invokePaidStatic(ctx, wallet, account, body, payment) {
+  return runHandler(ctx, buildHandlerCtx(ctx, wallet, account, body, payment));
+}
+function invokeUnauthed(ctx, wallet, account, body) {
+  return runHandler(ctx, buildHandlerCtx(ctx, wallet, account, body, null));
+}
+function buildHandlerCtx(ctx, wallet, account, body, payment) {
+  return {
     body,
     query: parseQuery(ctx.request, ctx.routeEntry),
     request: ctx.request,
@@ -680,85 +645,71 @@ async function invoke(ctx, wallet, account, body, payment) {
     wallet,
     payment,
     account,
-    alert(level, message, alertMeta) {
-      firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-        level,
-        message,
-        route: ctx.routeEntry.key,
-        meta: alertMeta
-      });
-    },
+    alert: ctx.report,
     setVerifiedWallet: (addr) => ctx.pluginCtx.setVerifiedWallet(addr)
   };
-  let rawResult;
-  let handlerError;
-  const response = await safeCallHandler(
-    async (c) => {
-      rawResult = await ctx.handler(c);
-      return rawResult;
-    },
-    handlerCtx,
-    {
-      onError(error) {
-        handlerError = error;
-      }
-    }
-  );
-  return { response, rawResult, handlerError };
 }
-// src/pipeline/context/fire-provider-quota.ts
-function fireProviderQuota(ctx, response, handlerResult) {
-  const { providerName, providerConfig } = ctx.routeEntry;
-  if (!providerName || !providerConfig?.extractQuota) return;
-  if (response.status >= 400) return;
+async function runHandler(ctx, handlerCtx) {
+  let returned;
   try {
-    const quota = providerConfig.extractQuota(handlerResult, response.headers);
-    if (!quota) return;
-    const level = computeQuotaLevel(quota.remaining, providerConfig.warn, providerConfig.critical);
-    const overage = providerConfig.overage ?? "same-rate";
-    const event = {
-      provider: providerName,
-      route: ctx.routeEntry.key,
-      remaining: quota.remaining,
-      limit: quota.limit,
-      spend: quota.spend,
-      level,
-      overage,
-      message: quota.remaining !== null ? `${providerName}: ${quota.remaining}${quota.limit ? `/${quota.limit}` : ""} remaining` : `${providerName}: quota info unavailable`
-    };
-    firePluginHook(ctx.deps.plugin, "onProviderQuota", ctx.pluginCtx, event);
-  } catch {
+    returned = ctx.handler(handlerCtx);
+  } catch (error) {
+    return errorResult(error);
+  }
+  if (isAsyncIterable(returned) && !isThenable(returned)) {
+    return errorResult(
+      new HttpError(
+        `route '${ctx.routeEntry.key}': streaming handlers require .paid({ dynamic: true })`,
+        500
+      )
+    );
+  }
+  let rawResult;
+  try {
+    rawResult = await returned;
+  } catch (error) {
+    return errorResult(error);
   }
+  const response = rawResult instanceof Response ? rawResult : NextResponse3.json(rawResult);
+  return { response, rawResult };
 }
-function computeQuotaLevel(remaining, warn, critical) {
-  if (remaining === null) return "healthy";
-  if (critical !== void 0 && remaining <= critical) return "critical";
-  if (warn !== void 0 && remaining <= warn) return "warn";
-  return "healthy";
+function errorResult(error) {
+  const status = error instanceof HttpError ? error.status : typeof error?.status === "number" ? error.status : 500;
+  const message = error instanceof Error ? error.message : "Internal error";
+  return {
+    response: NextResponse3.json({ success: false, error: message }, { status }),
+    rawResult: void 0,
+    handlerError: error
+  };
+}
+function isAsyncIterable(value) {
+  return value != null && typeof value === "object" && Symbol.asyncIterator in value;
+}
+function isThenable(value) {
+  return value != null && (typeof value === "object" || typeof value === "function") && typeof value.then === "function";
 }
-// src/pipeline/context/finalize.ts
+// src/pipeline/steps/finalize/response.ts
 function finalize(ctx, response, rawResult, requestBody) {
   fireProviderQuota(ctx, response, rawResult);
   firePluginResponse(ctx, response, requestBody, rawResult);
   return response;
 }
-// src/pipeline/context/run-handler-only.ts
-async function runHandlerOnly(ctx, wallet, account) {
-  const body = await parseBody(ctx.request, ctx.routeEntry);
-  if (!body.ok) {
-    firePluginResponse(ctx, body.response);
-    return body.response;
+// src/pipeline/steps/grant-entitlement.ts
+async function grantEntitlementIfSiwx(ctx, wallet) {
+  if (!ctx.routeEntry.siwxEnabled) return;
+  try {
+    await ctx.deps.entitlementStore.grant(ctx.routeEntry.key, wallet);
+  } catch (error) {
+    ctx.report(
+      "warn",
+      `Entitlement grant failed: ${error instanceof Error ? error.message : String(error)}`
+    );
   }
-  const validateErr = await runValidate(ctx, body.data);
-  if (validateErr) return validateErr;
-  const result = await invoke(ctx, wallet, account, body.data, null);
-  return finalize(ctx, result.response, result.rawResult, body.data);
 }
-// src/pipeline/context/settlement-context.ts
+// src/pipeline/steps/settlement-context.ts
 function settlementContext(ctx, scope) {
   return {
     route: ctx.routeEntry.key,
@@ -772,24 +723,7 @@ function settlementContext(ctx, scope) {
   };
 }
-// src/pipeline/context/run-before-settle.ts
-async function runBeforeSettle(ctx, scope) {
-  const hook = ctx.routeEntry.settlement?.beforeSettle;
-  if (!hook) return null;
-  try {
-    await hook(settlementContext(ctx, scope));
-    return null;
-  } catch (error) {
-    return fail(
-      ctx,
-      errorStatus(error, 500),
-      errorMessage(error, "Pre-settlement validation failed"),
-      scope.body
-    );
-  }
-}
-// src/pipeline/context/run-settlement-error.ts
+// src/pipeline/steps/run-settlement-error.ts
 async function runSettlementError(ctx, scope, error, phase) {
   const hook = ctx.routeEntry.settlement?.onSettlementError;
   if (!hook) return;
@@ -797,16 +731,11 @@ async function runSettlementError(ctx, scope, error, phase) {
     await hook({ ...settlementContext(ctx, scope), error, phase });
   } catch (hookError) {
     const message = errorMessage(hookError, "Settlement error hook failed");
-    console.error(`[router] ${ctx.routeEntry.key}: onSettlementError failed: ${message}`);
-    firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-      level: "error",
-      message: `Settlement error hook failed: ${message}`,
-      route: ctx.routeEntry.key
-    });
+    ctx.report("error", `Settlement error hook failed: ${message}`);
   }
 }
-// src/pipeline/context/run-after-settle.ts
+// src/pipeline/steps/run-after-settle.ts
 async function runAfterSettle(ctx, scope) {
   const hook = ctx.routeEntry.settlement?.afterSettle;
   if (!hook) return;
@@ -814,81 +743,145 @@ async function runAfterSettle(ctx, scope) {
     await hook(settlementContext(ctx, scope));
   } catch (error) {
     const message = errorMessage(error, "Post-settlement hook failed");
-    console.error(`[router] ${ctx.routeEntry.key}: afterSettle failed: ${message}`);
-    firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-      level: "error",
-      message: `Post-settlement hook failed: ${message}`,
-      route: ctx.routeEntry.key
-    });
+    ctx.report("error", `Post-settlement hook failed: ${message}`);
     await runSettlementError(ctx, scope, error, "afterSettle");
   }
 }
-// src/pipeline/context/run-settled-handler-error.ts
-async function runSettledHandlerError(ctx, scope, error = scope.handlerError ?? handlerFailureError(scope.response)) {
-  const hook = ctx.routeEntry.settlement?.onSettledHandlerError;
-  if (!hook) return;
-  try {
-    await hook({ ...settlementContext(ctx, scope), error });
-  } catch (hookError) {
-    const message = errorMessage(hookError, "Settled handler error hook failed");
-    console.error(`[router] ${ctx.routeEntry.key}: onSettledHandlerError failed: ${message}`);
-    firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-      level: "error",
-      message: `Settled handler error hook failed: ${message}`,
-      route: ctx.routeEntry.key
-    });
-  }
-}
-// src/pipeline/context/grant-entitlement.ts
-async function grantEntitlementIfSiwx(ctx, wallet) {
-  if (!ctx.routeEntry.siwxEnabled) return;
-  try {
-    await ctx.deps.entitlementStore.grant(ctx.routeEntry.key, wallet);
-  } catch (error) {
-    firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-      level: "warn",
-      message: `Entitlement grant failed: ${error instanceof Error ? error.message : String(error)}`,
-      route: ctx.routeEntry.key
-    });
-  }
+// src/pipeline/steps/finalize/epilogue.ts
+async function runPostSettleEpilogue(args) {
+  const { ctx, strategy, wallet, settle, afterSettleScope, rawResult, body } = args;
+  await grantEntitlementIfSiwx(ctx, wallet);
+  firePaymentSettled(ctx, {
+    protocol: strategy.protocol,
+    payer: wallet,
+    transaction: settle.settledPayment.transaction ?? "",
+    network: settle.settledPayment.network
+  });
+  await runAfterSettle(ctx, afterSettleScope);
+  return finalize(ctx, settle.response, rawResult, body);
 }
-// src/pipeline/context/settle-and-finalize.ts
-async function settleAndFinalize(args) {
-  const { ctx, strategy, verifyOutcome, scope, rawResult, body, onSettleError } = args;
-  const { request, routeEntry, deps } = ctx;
+// src/pipeline/steps/finalize/request.ts
+async function settleAndFinalizeRequest(args) {
+  const { ctx, strategy, verifyOutcome, scope, rawResult, body, billedAmount, onSettleError } = args;
+  const { request, routeEntry, deps, report } = ctx;
   const settle = await strategy.settle({
     request,
     response: scope.response,
     payment: verifyOutcome.payment,
     token: verifyOutcome.token,
     routeEntry,
-    deps
+    deps,
+    billedAmount,
+    report
   });
   if (!settle.ok) {
     if (onSettleError) await onSettleError(settle.error, settle.failMessage);
     return fail(ctx, settle.failStatus ?? 500, settle.failMessage, body);
   }
-  await grantEntitlementIfSiwx(ctx, verifyOutcome.wallet);
-  firePluginHook(deps.plugin, "onPaymentSettled", ctx.pluginCtx, {
-    protocol: strategy.protocol,
-    payer: verifyOutcome.wallet,
-    transaction: settle.settledPayment.transaction ?? "",
-    network: settle.settledPayment.network
-  });
-  await runAfterSettle(ctx, {
-    ...scope,
-    payment: settle.settledPayment,
-    response: settle.response
+  return runPostSettleEpilogue({
+    ctx,
+    strategy,
+    wallet: verifyOutcome.wallet,
+    settle,
+    afterSettleScope: {
+      ...scope,
+      payment: settle.settledPayment,
+      response: settle.response
+    },
+    rawResult,
+    body
   });
-  return finalize(ctx, settle.response, rawResult, body);
+}
+// src/pipeline/steps/finalize/stream.ts
+async function settleAndFinalizeStream(args) {
+  const { ctx, strategy, verifyOutcome, source, account, body, bindChannelCharge } = args;
+  const { request, routeEntry, deps, report } = ctx;
+  if (!strategy.settleStream) {
+    return fail(ctx, 500, `${strategy.protocol} does not support streaming handlers`, body);
+  }
+  const settle = await strategy.settleStream({
+    request,
+    source,
+    payment: verifyOutcome.payment,
+    token: verifyOutcome.token,
+    routeEntry,
+    deps,
+    bindChannelCharge,
+    report
+  });
+  if (!settle.ok) {
+    return fail(ctx, settle.failStatus ?? 500, settle.failMessage, body);
+  }
+  return runPostSettleEpilogue({
+    ctx,
+    strategy,
+    wallet: verifyOutcome.wallet,
+    settle,
+    afterSettleScope: {
+      wallet: verifyOutcome.wallet,
+      account,
+      body,
+      payment: settle.settledPayment,
+      response: settle.response,
+      rawResult: void 0
+    },
+    rawResult: void 0,
+    body
+  });
+}
+// src/pipeline/steps/run-handler-only.ts
+async function runHandlerOnly(ctx, wallet, account) {
+  const body = await parseBody(ctx);
+  if (!body.ok) return body.response;
+  const validateErr = await runValidate(ctx, body.data);
+  if (validateErr) return validateErr;
+  const result = await invokeUnauthed(ctx, wallet, account, body.data);
+  return finalize(ctx, result.response, result.rawResult, body.data);
+}
+// src/pipeline/steps/run-before-settle.ts
+async function runBeforeSettle(ctx, scope) {
+  const hook = ctx.routeEntry.settlement?.beforeSettle;
+  if (!hook) return null;
+  try {
+    await hook(settlementContext(ctx, scope));
+    return null;
+  } catch (error) {
+    return fail(
+      ctx,
+      errorStatus(error, 500),
+      errorMessage(error, "Pre-settlement validation failed"),
+      scope.body
+    );
+  }
+}
+// src/pipeline/steps/run-settled-handler-error.ts
+async function runSettledHandlerError(ctx, scope, error = scope.handlerError ?? handlerFailureError(scope.response)) {
+  const hook = ctx.routeEntry.settlement?.onSettledHandlerError;
+  if (!hook) return;
+  try {
+    await hook({ ...settlementContext(ctx, scope), error });
+  } catch (hookError) {
+    const message = errorMessage(hookError, "Settled handler error hook failed");
+    ctx.report("error", `Settled handler error hook failed: ${message}`);
+  }
 }
 // src/auth/normalize-wallet.ts
 function normalizeWalletAddress(address) {
-  return /^0x/i.test(address) ? address.toLowerCase() : address;
+  const isEvm = /^0x/i.test(address);
+  return isEvm ? normalizeEvmWalletAddress(address) : normalizeSolanaWalletAddress(address);
+}
+function normalizeEvmWalletAddress(address) {
+  return address.toLowerCase();
+}
+function normalizeSolanaWalletAddress(address) {
+  return address;
 }
 // src/auth/siwx.ts
@@ -941,7 +934,7 @@ async function buildSIWXExtension() {
   return declareSIWxExtension();
 }
-// src/pipeline/context/try-siwx-fast-path.ts
+// src/pipeline/steps/try-siwx-fast-path.ts
 async function trySiwxFastPath(ctx, account) {
   const { request, routeEntry, deps } = ctx;
   if (!routeEntry.siwxEnabled) return null;
@@ -953,35 +946,29 @@ async function trySiwxFastPath(ctx, account) {
   ctx.pluginCtx.setVerifiedWallet(wallet);
   const entitled = await deps.entitlementStore.has(routeEntry.key, wallet);
   if (!entitled) return null;
-  firePluginHook(deps.plugin, "onAuthVerified", ctx.pluginCtx, {
-    authMode: "siwx",
-    wallet,
-    route: routeEntry.key
-  });
+  fireAuthVerified(ctx, { authMode: "siwx", wallet });
   return runHandlerOnly(ctx, wallet, account);
 }
-// src/pipeline/context/should-parse-body-early.ts
+// src/pipeline/steps/should-parse-body-early.ts
 function shouldParseBodyEarly(incomingStrategy, routeEntry, pricing) {
   if (incomingStrategy) return false;
   if (!routeEntry.bodySchema) return false;
   return (pricing?.needsBody ?? false) || !!routeEntry.validateFn;
 }
-// src/pipeline/context/protocol-init-error.ts
-function protocolInitError(routeEntry, deps) {
-  if (!routeEntry.pricing) return null;
-  const errors = [];
-  for (const protocol of routeEntry.protocols) {
-    if (protocol === "x402" && deps.x402InitError) {
-      errors.push(`x402: ${deps.x402InitError}`);
-    }
-    if (protocol === "mpp" && deps.mppInitError) {
-      errors.push(`mpp: ${deps.mppInitError}`);
-    }
-  }
-  if (errors.length === 0) return null;
-  return `Payment protocol initialization failed. ${errors.join("; ")}`;
+// src/pipeline/steps/resolve-early-body.ts
+async function resolveEarlyBody(args) {
+  const { ctx, pricing, incomingStrategy } = args;
+  if (!shouldParseBodyEarly(incomingStrategy, ctx.routeEntry, pricing)) {
+    return { ok: true, earlyBody: void 0 };
+  }
+  const earlyClone = ctx.request.clone();
+  const earlyResult = await parseBody(ctx, earlyClone);
+  if (!earlyResult.ok) return { ok: false, response: earlyResult.response };
+  const validateErr = await runValidate(ctx, earlyResult.data);
+  if (validateErr) return { ok: false, response: validateErr };
+  return { ok: true, earlyBody: earlyResult.data };
 }
 // src/auth/api-key.ts
@@ -1002,6 +989,34 @@ function extractBearerToken(header) {
   return null;
 }
+// src/pipeline/steps/run-api-key-gate.ts
+async function runApiKeyGate(ctx) {
+  const { request, routeEntry } = ctx;
+  if (!routeEntry.apiKeyResolver) return { ok: true, account: void 0 };
+  const apiKeyResult = await verifyApiKey(request, routeEntry.apiKeyResolver);
+  if (!apiKeyResult.valid) {
+    return { ok: false, response: fail(ctx, 401, "Invalid or missing API key") };
+  }
+  fireAuthVerified(ctx, { authMode: "apiKey", wallet: null, account: apiKeyResult.account });
+  return { ok: true, account: apiKeyResult.account };
+}
+// src/pipeline/steps/protocol-init-error.ts
+function protocolInitError(routeEntry, deps) {
+  if (!routeEntry.pricing) return null;
+  const errors = [];
+  for (const protocol of routeEntry.protocols) {
+    if (protocol === "x402" && deps.x402InitError) {
+      errors.push(`x402: ${deps.x402InitError}`);
+    }
+    if (protocol === "mpp" && deps.mppInitError) {
+      errors.push(`mpp: ${deps.mppInitError}`);
+    }
+  }
+  if (errors.length === 0) return null;
+  return `Payment protocol initialization failed. ${errors.join("; ")}`;
+}
 // src/pipeline/flows/api-key-only.ts
 async function runApiKeyOnlyFlow(ctx) {
   if (!ctx.routeEntry.apiKeyResolver) {
@@ -1009,12 +1024,7 @@ async function runApiKeyOnlyFlow(ctx) {
   }
   const result = await verifyApiKey(ctx.request, ctx.routeEntry.apiKeyResolver);
   if (!result.valid) return fail(ctx, 401, "Invalid or missing API key");
-  firePluginHook(ctx.deps.plugin, "onAuthVerified", ctx.pluginCtx, {
-    authMode: "apiKey",
-    wallet: null,
-    route: ctx.routeEntry.key,
-    account: result.account
-  });
+  fireAuthVerified(ctx, { authMode: "apiKey", wallet: null, account: result.account });
   return runHandlerOnly(ctx, null, result.account);
 }
@@ -1171,13 +1181,22 @@ function selectPricing(raw, deps = {}) {
 // src/protocols/mpp/credential.ts
 import { Credential } from "mppx";
 import { getAddress, isAddress } from "viem";
+var SESSION_ACTIONS = /* @__PURE__ */ new Set(["open", "topUp", "voucher", "close"]);
 function readMppCredential(request) {
   const credential = Credential.fromRequest(request);
   if (!credential) return null;
   const wallet = walletFromDid(credential.source ?? "");
-  const rawType = credential.payload?.type;
+  const payload = credential.payload;
+  const rawType = payload?.type;
   const payloadType = rawType === "transaction" ? "transaction" : rawType === "hash" ? "hash" : "unknown";
-  return { credential, wallet, payloadType };
+  const rawAction = payload?.action;
+  const sessionAction = typeof rawAction === "string" && SESSION_ACTIONS.has(rawAction) ? rawAction : void 0;
+  return {
+    credential,
+    wallet,
+    payloadType,
+    ...sessionAction ? { sessionAction } : {}
+  };
 }
 function walletFromDid(rawSource) {
   const parts = rawSource.split(":");
@@ -1185,6 +1204,168 @@ function walletFromDid(rawSource) {
   return normalizeWalletAddress(isAddress(last) ? getAddress(last) : rawSource);
 }
+// src/protocols/mpp/session-mode.ts
+async function verifySessionMode(args, info) {
+  const { request, deps, price, routeEntry } = args;
+  if (!deps.mppx?.sessionRequest || !deps.mppx?.sessionStream || !deps.mppSessionConfig) {
+    return {
+      ok: false,
+      kind: "config",
+      message: "MPP sessions not configured on this server (set RouterConfig.mpp.session)"
+    };
+  }
+  const tickCost = routeEntry.tickCost;
+  const unitType = routeEntry.unitType;
+  const streaming = routeEntry.streaming === true;
+  const middleware = streaming ? deps.mppx.sessionStream : deps.mppx.sessionRequest;
+  const middlewareRequest = isChannelOnlyAction(info, request) ? new Request(request.url, { method: request.method, headers: request.headers }) : request;
+  let result;
+  try {
+    result = await middleware({
+      amount: tickCost,
+      unitType,
+      suggestedDeposit: price,
+      ...streaming ? { meta: { streaming: "true" } } : {}
+    })(middlewareRequest);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return {
+      ok: false,
+      kind: "config",
+      message: `MPP session verify failed: ${message}`
+    };
+  }
+  if (result.status === 402) {
+    const failure = await readMppxProblemDetails(result.challenge);
+    return { ok: false, kind: "invalid", failure };
+  }
+  const mppRecipient = deps.mppRecipient ?? deps.payeeAddress;
+  const payment = {
+    protocol: "mpp",
+    status: "verified",
+    payer: info.wallet,
+    amount: price,
+    network: "tempo:4217",
+    ...mppRecipient ? { recipient: mppRecipient } : {}
+  };
+  const token = {
+    mode: "session",
+    streaming,
+    sessionResult: result,
+    info,
+    tickCost
+  };
+  return {
+    ok: true,
+    wallet: info.wallet,
+    payment,
+    token,
+    alreadySettled: false
+  };
+}
+async function settleSessionMode(args) {
+  const { request, response, payment, token, billedAmount } = args;
+  const sessionToken = token;
+  if (isChannelOnlyAction(sessionToken.info, request)) {
+    const wrapped2 = sessionToken.sessionResult.withReceipt(
+      new Response(null, { status: 200 })
+    );
+    return {
+      ok: true,
+      response: wrapped2,
+      settledPayment: { ...payment, status: "settled", amount: billedAmount }
+    };
+  }
+  if (sessionToken.streaming) {
+    return {
+      ok: false,
+      error: new Error("streaming session content settled via request path"),
+      failMessage: "streaming session content settled via request path",
+      failStatus: 500
+    };
+  }
+  const wrapped = sessionToken.sessionResult.withReceipt(
+    response
+  );
+  wrapped.headers.set("Cache-Control", "private");
+  const receiptHeader = wrapped.headers.get(HEADERS.MPP_PAYMENT_RECEIPT) ?? void 0;
+  const settledPayment = {
+    ...payment,
+    status: "settled",
+    amount: billedAmount,
+    ...receiptHeader ? { receipt: receiptHeader } : {}
+  };
+  return { ok: true, response: wrapped, settledPayment };
+}
+async function buildSessionChallenge(args) {
+  const { request, deps, suggestedDeposit, routeEntry, report } = args;
+  if (!deps.mppSessionConfig) return {};
+  const streaming = routeEntry.streaming === true;
+  const middleware = streaming ? deps.mppx?.sessionStream : deps.mppx?.sessionRequest;
+  if (!middleware) return {};
+  const tickCost = routeEntry.tickCost;
+  const unitType = routeEntry.unitType;
+  try {
+    const result = await middleware({
+      amount: tickCost,
+      unitType,
+      suggestedDeposit,
+      ...streaming ? { meta: { streaming: "true" } } : {}
+    })(request);
+    if (result.status === 402) {
+      const wwwAuth = result.challenge.headers.get(HEADERS.WWW_AUTHENTICATE);
+      if (wwwAuth) return { headers: { [HEADERS.WWW_AUTHENTICATE]: wwwAuth } };
+    }
+  } catch (err) {
+    report(
+      "warn",
+      `MPP session challenge build failed: ${err instanceof Error ? err.message : String(err)}`
+    );
+    throw err;
+  }
+  return {};
+}
+function isChannelOnlyAction(info, request) {
+  const action = info.sessionAction;
+  if (!action) return false;
+  if (action === "close" || action === "topUp") return true;
+  if ((action === "open" || action === "voucher") && !hasRequestBody(request)) return true;
+  return false;
+}
+async function readMppxProblemDetails(challenge) {
+  let body;
+  try {
+    body = await challenge.clone().text();
+  } catch {
+    return { reason: "mpp_session_invalid" };
+  }
+  if (!body) return { reason: "mpp_session_invalid" };
+  let parsed;
+  try {
+    parsed = JSON.parse(body);
+  } catch {
+    return { reason: "mpp_session_invalid", message: body.slice(0, 500) };
+  }
+  if (!parsed || typeof parsed !== "object") {
+    return { reason: "mpp_session_invalid" };
+  }
+  const details = parsed;
+  const typeUri = typeof details.type === "string" ? details.type : void 0;
+  const slug = typeUri ? typeUri.split("/").pop() : void 0;
+  const reason = slug ? slug.replace(/-/g, "_") : "mpp_session_invalid";
+  const message = typeof details.detail === "string" && details.detail.length > 0 ? details.detail : typeof details.title === "string" ? details.title : void 0;
+  return message ? { reason, message } : { reason };
+}
+function hasRequestBody(request) {
+  const cl = request.headers.get("content-length");
+  if (cl !== null) {
+    const n = Number.parseInt(cl.trim(), 10);
+    return Number.isFinite(n) && n > 0;
+  }
+  if (request.headers.get("transfer-encoding") !== null) return true;
+  return false;
+}
 // src/protocols/mpp/transaction-mode.ts
 import { Transaction as TempoTransaction } from "viem/tempo";
 import { call as viemCall } from "viem/actions";
@@ -1212,7 +1393,7 @@ async function readChallengeReason(challenge) {
 // src/protocols/mpp/transaction-mode.ts
 async function verifyTxMode(args, info) {
-  const { deps, price, routeEntry } = args;
+  const { deps, price, report } = args;
   if (!deps.tempoClient) {
     return {
       ok: false,
@@ -1230,7 +1411,7 @@ async function verifyTxMode(args, info) {
     });
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
-    console.warn(`[router] ${routeEntry.key}: MPP simulation failed \u2014 ${message}`);
+    report("warn", `MPP simulation failed: ${message}`);
     return { ok: false, kind: "invalid" };
   }
   const mppRecipient = deps.mppRecipient ?? deps.payeeAddress;
@@ -1251,7 +1432,7 @@ async function verifyTxMode(args, info) {
   };
 }
 async function settleTxMode(args) {
-  const { request, response, payment, deps, routeEntry } = args;
+  const { request, response, payment, deps, report } = args;
   if (!deps.mppx) {
     return {
       ok: false,
@@ -1265,7 +1446,7 @@ async function settleTxMode(args) {
     result = await deps.mppx.charge({ amount: payment.amount })(request);
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
-    console.error(`[router] ${routeEntry.key}: MPP broadcast failed after handler: ${message}`);
+    report("error", `MPP broadcast failed after handler: ${message}`);
     return {
       ok: false,
       error: err,
@@ -1282,7 +1463,7 @@ async function settleTxMode(args) {
       mppResult: result,
       challenge: result.challenge
     });
-    console.error(`[router] ${routeEntry.key}: MPP payment failed after handler \u2014 ${detail}`);
+    report("error", `MPP payment failed after handler: ${detail}`);
     return {
       ok: false,
       error: settlementError,
@@ -1305,10 +1486,10 @@ async function settleTxMode(args) {
 // src/protocols/mpp/hash-mode.ts
 async function verifyHashMode(args, info) {
-  const { deps, price, routeEntry, request } = args;
+  const { deps, price, request, report } = args;
   if (!deps.mppx) {
     const reason = deps.mppInitError ? `MPP initialization failed: ${deps.mppInitError}` : "MPP not initialized \u2014 ensure mppx is installed and mpp config (secretKey, currency, recipient) is correct";
-    console.error(`[router] ${routeEntry.key}: ${reason}`);
+    report("error", reason);
     return { ok: false, kind: "config", message: reason };
   }
   let chargeResult;
@@ -1316,13 +1497,13 @@ async function verifyHashMode(args, info) {
     chargeResult = await deps.mppx.charge({ amount: price })(request);
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
-    console.error(`[router] ${routeEntry.key}: MPP charge failed: ${message}`);
+    report("error", `MPP charge failed: ${message}`);
     return { ok: false, kind: "config", message: `MPP payment processing failed: ${message}` };
   }
   if (chargeResult.status === 402) {
     const reason = await readChallengeReason(chargeResult.challenge);
     const detail = reason || "credential may be invalid, or check TEMPO_RPC_URL configuration";
-    console.warn(`[router] ${routeEntry.key}: MPP credential rejected \u2014 ${detail}`);
+    report("warn", `MPP credential rejected: ${detail}`);
     return { ok: false, kind: "invalid" };
   }
   const receiptHeader = chargeResult.withReceipt(new Response()).headers.get(
@@ -1367,9 +1548,20 @@ var mppStrategy = {
     const auth = request.headers.get(HEADERS.AUTHORIZATION);
     return Boolean(auth && auth.startsWith(AUTH_SCHEME.MPP_PAYMENT));
   },
+  preflight(request, _routeEntry) {
+    const info = readMppCredential(request);
+    if (!info?.sessionAction) return null;
+    if (!isChannelOnlyAction(info, request)) return null;
+    return { skipBody: true, skipHandler: true };
+  },
   async verify(args) {
     const info = readMppCredential(args.request);
     if (!info) return { ok: false, kind: "invalid" };
+    if (args.routeEntry.dynamicPrice) {
+      if (!info.sessionAction) return { ok: false, kind: "invalid" };
+      return verifySessionMode(args, info);
+    }
+    if (info.sessionAction) return { ok: false, kind: "invalid" };
     if (info.payloadType === "transaction" && args.deps.tempoClient) {
       return verifyTxMode(args, info);
     }
@@ -1377,28 +1569,88 @@ var mppStrategy = {
   },
   async settle(args) {
     const token = args.token;
+    if (token.mode === "session") return settleSessionMode(args);
     if (token.mode === "transaction") return settleTxMode(args);
     return settleHashMode(args);
   },
+  async settleStream(args) {
+    const token = args.token;
+    if (token.mode !== "session" || !token.streaming) {
+      return {
+        ok: false,
+        error: new Error("streaming requires a streaming-mode MPP session credential"),
+        failMessage: "streaming requires a streaming-mode MPP session credential",
+        failStatus: 400
+      };
+    }
+    const sessionToken = token;
+    const sseResult = sessionToken.sessionResult;
+    const { bindChannelCharge, source: handlerStream } = args;
+    async function* forwardHandlerStreamWithChannelDebit(channel) {
+      bindChannelCharge(channel.charge);
+      try {
+        for await (const chunk of handlerStream) {
+          yield typeof chunk === "string" ? chunk : JSON.stringify(chunk);
+        }
+      } finally {
+        bindChannelCharge(null);
+      }
+    }
+    const sse = sseResult.withReceipt(forwardHandlerStreamWithChannelDebit);
+    sse.headers.set("Cache-Control", "private");
+    const settledPayment = {
+      ...args.payment,
+      status: "settled",
+      amount: args.payment.amount
+    };
+    return { ok: true, response: sse, settledPayment };
+  },
   async buildChallenge(args) {
     if (!args.deps.mppx) return {};
-    try {
-      const result = await args.deps.mppx.charge({ amount: args.price })(args.request);
-      if (result.status === 402) {
-        const wwwAuth = result.challenge.headers.get(HEADERS.WWW_AUTHENTICATE);
-        if (wwwAuth) return { headers: { [HEADERS.WWW_AUTHENTICATE]: wwwAuth } };
-      }
-    } catch (err) {
-      console.warn(
-        `[router] MPP challenge build failed: ${err instanceof Error ? err.message : String(err)}`
-      );
-      throw err;
+    const sessionsConfigured = args.deps.mppSessionConfig && (args.deps.mppx.sessionRequest || args.deps.mppx.sessionStream);
+    if (args.routeEntry.dynamicPrice && sessionsConfigured) {
+      const tickCost = args.routeEntry.tickCost;
+      const computedDeposit = tickCost !== void 0 ? multiplyDecimal(tickCost, args.deps.mppSessionConfig.depositMultiplier) : void 0;
+      const suggestedDeposit = args.routeEntry.maxPrice ?? computedDeposit ?? args.price;
+      return buildSessionChallenge({
+        ...args,
+        suggestedDeposit
+      });
     }
-    return {};
+    return buildChargeChallenge(args);
   }
 };
+function multiplyDecimal(decimal, factor) {
+  if (!Number.isFinite(factor) || factor <= 0) return decimal;
+  const [whole, fraction = ""] = decimal.split(".");
+  const scaled = (BigInt(whole + fraction) * BigInt(factor)).toString();
+  const decimals = fraction.length;
+  if (decimals === 0) return scaled;
+  const padded = scaled.padStart(decimals + 1, "0");
+  const intPart = padded.slice(0, padded.length - decimals);
+  const fracPart = padded.slice(padded.length - decimals).replace(/0+$/, "");
+  return fracPart ? `${intPart}.${fracPart}` : intPart;
+}
+async function buildChargeChallenge(args) {
+  if (!args.deps.mppx) return {};
+  try {
+    const result = await args.deps.mppx.charge({ amount: args.price })(args.request);
+    if (result.status === 402) {
+      const wwwAuth = result.challenge.headers.get(HEADERS.WWW_AUTHENTICATE);
+      if (wwwAuth) return { headers: { [HEADERS.WWW_AUTHENTICATE]: wwwAuth } };
+    }
+  } catch (err) {
+    args.report(
+      "warn",
+      `MPP challenge build failed: ${err instanceof Error ? err.message : String(err)}`
+    );
+    throw err;
+  }
+  return {};
+}
 // src/protocols/x402/strategy.ts
+import { PERMIT2_ADDRESS } from "@x402/evm";
 init_accepts();
 // src/protocols/x402/challenge.ts
@@ -1408,20 +1660,27 @@ init_solana();
 // src/protocols/x402/requirements.ts
 init_evm();
 init_solana();
-async function buildExpectedRequirements(server, request, price, accepts) {
-  const exactRequirements = await buildExactRequirements(server, request, price, accepts);
+async function buildExpectedRequirements(server, request, price, accepts, report) {
+  const sdkRequirements = await buildSdkHandledRequirements(
+    server,
+    request,
+    price,
+    accepts,
+    report
+  );
   const customRequirements = buildCustomRequirements(price, accepts);
-  return [...exactRequirements, ...customRequirements];
+  return [...sdkRequirements, ...customRequirements];
 }
-async function buildExactRequirements(server, request, price, accepts) {
-  const exactGroups = [
+async function buildSdkHandledRequirements(server, request, price, accepts, report) {
+  const groups = [
     buildEvmExactOptions(accepts, price),
+    buildEvmUptoOptions(accepts, price),
     buildSolanaExactOptions(accepts, price)
   ].filter((options) => options.length > 0);
-  if (exactGroups.length === 0) return [];
+  if (groups.length === 0) return [];
   const requirements = [];
   const failures = [];
-  for (const options of exactGroups) {
+  for (const options of groups) {
     try {
       requirements.push(
         ...await server.buildPaymentRequirementsFromOptions(options, { request })
@@ -1429,21 +1688,31 @@ async function buildExactRequirements(server, request, price, accepts) {
     } catch (error) {
       const err = error instanceof Error ? error : new Error(String(error));
       failures.push(err);
-      if (exactGroups.length === 1) {
+      if (groups.length === 1) {
         throw err;
       }
-      console.warn(
-        `[router] Failed to build x402 exact requirements for ${options[0]?.network}: ${err.message}`
+      report?.(
+        "warn",
+        `Failed to build x402 ${options[0]?.scheme} requirements for ${options[0]?.network}: ${err.message}`
       );
     }
   }
   if (requirements.length > 0) {
     return requirements;
   }
-  throw failures[0] ?? new Error("Failed to build x402 exact requirements");
+  throw failures[0] ?? new Error("Failed to build x402 SDK-handled requirements");
 }
 function buildCustomRequirements(price, accepts) {
-  return accepts.filter((accept) => accept.scheme !== "exact").map((accept) => buildCustomRequirement(price, accept));
+  return accepts.filter((accept) => !isSdkHandled(accept)).map((accept) => buildCustomRequirement(price, accept));
+}
+function isSdkHandled(accept) {
+  if (isEvmNetwork(accept.network)) {
+    return accept.scheme === "exact" || accept.scheme === "upto";
+  }
+  if (isSolanaRequirement({ network: accept.network })) {
+    return accept.scheme === "exact";
+  }
+  return false;
 }
 function buildCustomRequirement(price, accept) {
   if (!accept.asset) {
@@ -1477,7 +1746,7 @@ function decimalToAtomicUnits(amount, decimals) {
 // src/protocols/x402/challenge.ts
 async function buildX402Challenge(opts) {
-  const { server, routeEntry, request, price, accepts, facilitatorsByNetwork, extensions } = opts;
+  const { server, routeEntry, request, price, accepts, facilitatorsByNetwork, extensions, report } = opts;
   const { encodePaymentRequiredHeader } = await import("@x402/core/http");
   const resource = buildChallengeResource(request, routeEntry);
   const requirements = await buildChallengeRequirements(
@@ -1486,7 +1755,8 @@ async function buildX402Challenge(opts) {
     price,
     accepts,
     resource,
-    facilitatorsByNetwork
+    facilitatorsByNetwork,
+    report
   );
   const paymentRequired = await server.createPaymentRequiredResponse(
     requirements,
@@ -1497,13 +1767,13 @@ async function buildX402Challenge(opts) {
   const encoded = encodePaymentRequiredHeader(paymentRequired);
   return { encoded, requirements };
 }
-async function buildChallengeRequirements(server, request, price, accepts, resource, facilitatorsByNetwork) {
-  const requirements = await buildExpectedRequirements(server, request, price, accepts);
+async function buildChallengeRequirements(server, request, price, accepts, resource, facilitatorsByNetwork, report) {
+  const requirements = await buildExpectedRequirements(server, request, price, accepts, report);
   if (!needsFacilitatorEnrichment(accepts)) return requirements;
-  return enrichChallengeRequirements(requirements, resource, facilitatorsByNetwork);
+  return enrichChallengeRequirements(requirements, resource, facilitatorsByNetwork, report);
 }
 function needsFacilitatorEnrichment(accepts) {
-  return accepts.some((accept) => accept.scheme !== "exact") || hasSolanaAccepts(accepts);
+  return hasSolanaAccepts(accepts);
 }
 async function enrichGroup(group, resource) {
   const accepted = await enrichRequirementsWithFacilitatorAccepts(
@@ -1518,7 +1788,7 @@ async function enrichGroup(group, resource) {
   }
   return accepted;
 }
-async function enrichChallengeRequirements(requirements, resource, facilitatorsByNetwork) {
+async function enrichChallengeRequirements(requirements, resource, facilitatorsByNetwork, report) {
   const groups = collectEnrichmentGroups(requirements, facilitatorsByNetwork);
   if (groups.length === 0) return requirements;
   const results = await Promise.all(
@@ -1528,8 +1798,9 @@ async function enrichChallengeRequirements(requirements, resource, facilitatorsB
       } catch (err) {
         const label = group.facilitator.url ?? group.facilitator.network;
         const reason = err instanceof Error ? err.message : String(err);
-        console.warn(
-          `[router] ${label} /accepts failed, dropping ${group.items.length} requirement(s): ${reason}`
+        report?.(
+          "warn",
+          `${label} /accepts failed, dropping ${group.items.length} requirement(s): ${reason}`
         );
         return { success: false, group };
       }
@@ -1582,7 +1853,7 @@ function getRequiredFacilitator(requirement, facilitatorsByNetwork) {
   return facilitator;
 }
 function requiresFacilitatorEnrichment(requirement) {
-  return requirement.scheme !== "exact" || isSolanaRequirement(requirement);
+  return isSolanaRequirement(requirement);
 }
 function buildChallengeResource(request, routeEntry) {
   return {
@@ -1594,33 +1865,68 @@ function buildChallengeResource(request, routeEntry) {
 }
 // src/protocols/x402/settle.ts
-async function settleX402Payment(server, payload, requirements) {
+async function settleX402Payment(server, payload, requirements, amountOverride) {
   const { encodePaymentResponseHeader } = await import("@x402/core/http");
+  if (amountOverride?.amount !== void 0) {
+    const upstreamTaggedAmount = tagBareDecimalAsDollars(amountOverride.amount);
+    const result2 = await server.settlePayment(payload, requirements, void 0, void 0, {
+      amount: upstreamTaggedAmount
+    });
+    return {
+      encoded: encodePaymentResponseHeader(result2),
+      result: result2
+    };
+  }
   const result = await server.settlePayment(payload, requirements);
-  const encoded = encodePaymentResponseHeader(result);
-  return { encoded, result };
+  return {
+    encoded: encodePaymentResponseHeader(result),
+    result
+  };
+}
+function tagBareDecimalAsDollars(amount) {
+  if (/^\d+\.\d+$/.test(amount)) return `$${amount}`;
+  return amount;
 }
 // src/protocols/x402/verify.ts
+import { VerifyError } from "@x402/core/types";
 async function verifyX402Payment(opts) {
-  const { server, request, price, accepts } = opts;
+  const { server, request, price, accepts, report } = opts;
   const payload = await readPaymentPayload(request);
   if (!payload) return null;
-  const requirements = await buildExpectedRequirements(server, request, price, accepts);
+  const requirements = await buildExpectedRequirements(server, request, price, accepts, report);
   const matching = findVerifiableRequirements(server, requirements, payload);
+  const accepted = payload.x402Version === 2 ? payload.accepted : void 0;
   if (!matching) {
-    return invalidPaymentVerification();
+    return invalidPaymentVerification({
+      reason: "requirements_mismatch",
+      message: "Signed payment requirements did not match any server-built requirement",
+      ...accepted ? { accepted } : {}
+    });
   }
   let verify;
   try {
     verify = await server.verifyPayment(payload, matching);
   } catch (err) {
-    const sc = err.statusCode;
-    if (sc && sc >= 400 && sc < 500) return invalidPaymentVerification();
+    if (err instanceof VerifyError && err.statusCode >= 400 && err.statusCode < 500) {
+      return invalidPaymentVerification({
+        reason: err.invalidReason ?? "verify_error",
+        ...err.invalidMessage ? { message: err.invalidMessage } : {},
+        ...err.payer ? { payer: err.payer } : {},
+        ...accepted ? { accepted } : {}
+      });
+    }
     throw err;
   }
-  if (!verify.isValid) return invalidPaymentVerification();
-  if (typeof verify.payer !== "string" || verify.payer.length === 0) {
+  if (!verify.isValid) {
+    return invalidPaymentVerification({
+      reason: verify.invalidReason ?? "unknown",
+      ...verify.invalidMessage ? { message: verify.invalidMessage } : {},
+      ...verify.payer ? { payer: verify.payer } : {},
+      ...accepted ? { accepted } : {}
+    });
+  }
+  if (!verify.payer) {
     throw new Error("x402 verification succeeded without a payer address");
   }
   return {
@@ -1652,11 +1958,36 @@ async function readPaymentPayload(request) {
   const { decodePaymentSignatureHeader } = await import("@x402/core/http");
   return decodePaymentSignatureHeader(paymentHeader);
 }
-function invalidPaymentVerification() {
-  return { valid: false, payload: null, requirements: null, payer: null };
+function invalidPaymentVerification(failure) {
+  return {
+    valid: false,
+    payload: null,
+    requirements: null,
+    payer: null,
+    ...failure ? { failure } : {}
+  };
 }
 // src/protocols/x402/strategy.ts
+function formatVerifyFailureMessage(failure) {
+  if (failure.reason === "permit2_allowance_required") {
+    const wallet = failure.payer ?? "<the payer wallet>";
+    const asset = failure.accepted?.asset ?? "<the asset>";
+    const amount = failure.accepted?.amount ?? "<the required amount>";
+    const network = failure.accepted?.network ?? "<the payment network>";
+    return [
+      `Payment rejected: In order for Upto to charge, the wallet ${wallet} MUST approve Permit2 to spend ${asset} on ${network}.`,
+      `Required call (one-time, on-chain): ${asset}.approve(${PERMIT2_ADDRESS}, MAX_UINT256) from ${wallet}.`,
+      `Permit2 contract address: ${PERMIT2_ADDRESS}.`,
+      `Minimum allowance for this request: ${amount} (smallest units of ${asset}); use MAX_UINT256 to avoid re-approving on every future call.`,
+      `Alternative without an on-chain transaction: the merchant can adopt the EIP-2612 gas-sponsoring extension (https://docs.x402.org/extensions/eip2612-gas-sponsoring).`
+    ].join(" ");
+  }
+  if (failure.message) {
+    return `Payment rejected (${failure.reason}): ${failure.message}`;
+  }
+  return `Payment rejected: ${failure.reason}`;
+}
 var x402Strategy = {
   protocol: "x402",
   detects(request) {
@@ -1664,129 +1995,123 @@ var x402Strategy = {
       request.headers.get(HEADERS.X402_PAYMENT_SIGNATURE) ?? request.headers.get(HEADERS.X402_PAYMENT_LEGACY)
     );
   },
-  async verify(args) {
-    const { request, body, price, routeEntry, deps } = args;
-    if (!deps.x402Server) {
-      const reason = deps.x402InitError ? `x402 facilitator initialization failed: ${deps.x402InitError}` : "x402 server not initialized \u2014 ensure @x402/core, @x402/evm, and @coinbase/x402 are installed";
-      console.error(`[router] ${routeEntry.key}: ${reason}`);
-      return { ok: false, kind: "config", message: reason };
-    }
-    const accepts = await resolveX402Accepts(
-      request,
-      routeEntry,
-      deps.x402Accepts,
-      deps.payeeAddress,
-      body
-    );
-    const verifyResult = await verifyX402Payment({
-      server: deps.x402Server,
-      request,
-      price,
-      accepts
-    });
-    if (!verifyResult?.valid) return { ok: false, kind: "invalid" };
-    const wallet = normalizeWalletAddress(verifyResult.payer);
-    const matchedNetwork = getRequirementNetwork(verifyResult.requirements, deps.network);
-    const matchedRecipient = getRequirementRecipient(verifyResult.requirements);
-    const payment = {
-      protocol: "x402",
-      status: "verified",
-      payer: wallet,
-      amount: price,
-      network: matchedNetwork,
-      ...matchedRecipient ? { recipient: matchedRecipient } : {}
-    };
-    return {
-      ok: true,
-      wallet,
-      payment,
-      token: {
-        payload: verifyResult.payload,
-        requirements: verifyResult.requirements
-      }
-    };
-  },
-  async settle(args) {
-    const { response, payment, token, deps } = args;
-    const x402Token = token;
-    try {
-      const settle = await settleX402Payment(
-        deps.x402Server,
-        x402Token.payload,
-        x402Token.requirements
-      );
-      if (!settle.result?.success) {
-        const reason = settle.result?.errorReason || "x402 settlement returned success=false";
-        const error = new Error(reason);
-        error.errorReason = reason;
-        throw error;
-      }
-      response.headers.set(HEADERS.X402_PAYMENT_RESPONSE, settle.encoded);
-      response.headers.set("Cache-Control", "private");
-      const transaction = String(settle.result?.transaction ?? "");
-      const settledPayment = {
-        ...payment,
-        status: "settled",
-        ...transaction ? { transaction } : {}
+  verify: (args) => verifyX402(args),
+  settle: (args) => settleX402(args),
+  buildChallenge: (args) => buildX402ChallengeContribution(args)
+};
+async function verifyX402(args) {
+  const { request, body, price, routeEntry, deps, report } = args;
+  if (!deps.x402Server) {
+    const reason = deps.x402InitError ? `x402 facilitator initialization failed: ${deps.x402InitError}` : "x402 server not initialized \u2014 ensure @x402/core, @x402/evm, and @coinbase/x402 are installed";
+    report("error", reason);
+    return { ok: false, kind: "config", message: reason };
+  }
+  const accepts = await resolveX402Accepts(
+    request,
+    routeEntry,
+    deps.x402Accepts,
+    deps.payeeAddress,
+    body
+  );
+  const verifyResult = await verifyX402Payment({
+    server: deps.x402Server,
+    request,
+    price,
+    accepts,
+    report
+  });
+  if (!verifyResult?.valid) {
+    const failure = verifyResult?.failure;
+    if (failure) {
+      return {
+        ok: false,
+        kind: "invalid",
+        failure: {
+          reason: failure.reason,
+          message: formatVerifyFailureMessage(failure)
+        }
       };
-      return { ok: true, response, settledPayment };
-    } catch (err) {
-      const errObj = err;
-      console.error("Settlement failed", {
-        message: err instanceof Error ? err.message : String(err),
-        route: args.routeEntry.key,
-        network: payment.network,
-        errorReason: errObj.errorReason,
-        facilitatorStatus: errObj.response?.status,
-        facilitatorBody: errObj.response?.data ?? errObj.response?.body
-      });
-      return { ok: false, error: err, failMessage: "Settlement failed" };
     }
-  },
-  async buildChallenge(args) {
-    const { request, routeEntry, body, price, extensions, deps } = args;
-    if (!deps.x402Server) return {};
-    const accepts = await resolveX402Accepts(
-      request,
-      routeEntry,
-      deps.x402Accepts,
-      deps.payeeAddress,
-      body
-    );
-    const { encoded } = await buildX402Challenge({
-      server: deps.x402Server,
-      routeEntry,
-      request,
-      price,
-      accepts,
-      facilitatorsByNetwork: deps.x402FacilitatorsByNetwork,
-      extensions
-    });
-    return { headers: { [HEADERS.X402_PAYMENT_REQUIRED]: encoded } };
+    return { ok: false, kind: "invalid" };
   }
-};
-function getRequirementNetwork(requirements, fallback) {
-  const network = requirements?.network;
-  return typeof network === "string" ? network : fallback;
-}
-function getRequirementRecipient(requirements) {
-  const payTo = requirements?.payTo;
-  return typeof payTo === "string" ? payTo : void 0;
-}
-// src/protocols/detect.ts
-function detectProtocol(request) {
-  if (request.headers.get(HEADERS.X402_PAYMENT_SIGNATURE) ?? request.headers.get(HEADERS.X402_PAYMENT_LEGACY)) {
-    return "x402";
-  }
-  const auth = request.headers.get(HEADERS.AUTHORIZATION);
-  if (auth && auth.startsWith(AUTH_SCHEME.MPP_PAYMENT)) {
-    return "mpp";
-  }
-  if (request.headers.get(HEADERS.SIWX)) {
-    return "siwx";
+  const wallet = normalizeWalletAddress(verifyResult.payer);
+  const { network, payTo } = verifyResult.requirements;
+  const payment = {
+    protocol: "x402",
+    status: "verified",
+    payer: wallet,
+    amount: price,
+    network,
+    ...payTo ? { recipient: payTo } : {}
+  };
+  return {
+    ok: true,
+    wallet,
+    payment,
+    token: {
+      payload: verifyResult.payload,
+      requirements: verifyResult.requirements
+    }
+  };
+}
+async function settleX402(args) {
+  const { response, payment, token, deps, routeEntry, billedAmount, report } = args;
+  const { payload, requirements } = token;
+  const override = routeEntry.dynamicPrice ? { amount: billedAmount } : void 0;
+  try {
+    const settle = await settleX402Payment(deps.x402Server, payload, requirements, override);
+    if (!settle.result?.success) {
+      throw Object.assign(
+        new Error(settle.result?.errorReason ?? "x402 settlement returned success=false"),
+        { errorReason: settle.result?.errorReason }
+      );
+    }
+    response.headers.set(HEADERS.X402_PAYMENT_RESPONSE, settle.encoded);
+    response.headers.set("Cache-Control", "private");
+    const transaction = String(settle.result.transaction ?? "");
+    const settledPayment = {
+      ...payment,
+      status: "settled",
+      amount: billedAmount,
+      ...transaction ? { transaction } : {}
+    };
+    return { ok: true, response, settledPayment };
+  } catch (err) {
+    reportSettleFailure(report, err, payment.network);
+    return { ok: false, error: err, failMessage: "Settlement failed" };
   }
-  return null;
+}
+async function buildX402ChallengeContribution(args) {
+  const { request, routeEntry, body, price, extensions, deps, report } = args;
+  if (!deps.x402Server) return {};
+  const accepts = await resolveX402Accepts(
+    request,
+    routeEntry,
+    deps.x402Accepts,
+    deps.payeeAddress,
+    body
+  );
+  const { encoded } = await buildX402Challenge({
+    server: deps.x402Server,
+    routeEntry,
+    request,
+    price,
+    accepts,
+    facilitatorsByNetwork: deps.x402FacilitatorsByNetwork,
+    extensions,
+    report
+  });
+  return { headers: { [HEADERS.X402_PAYMENT_REQUIRED]: encoded } };
+}
+function reportSettleFailure(report, err, network) {
+  const facilitator = err ?? {};
+  report("error", "Settlement failed", {
+    error: err instanceof Error ? err.message : String(err),
+    network,
+    errorReason: facilitator.errorReason,
+    facilitatorStatus: facilitator.response?.status,
+    facilitatorBody: facilitator.response?.data ?? facilitator.response?.body
+  });
 }
 // src/protocols/index.ts
@@ -1805,9 +2130,59 @@ function getAllowedStrategies(allowed) {
   return allowed.map((name) => STRATEGIES[name]);
 }
-// src/pipeline/challenge.ts
+// src/pipeline/flows/build402.ts
 import { NextResponse as NextResponse4 } from "next/server";
-async function build402(ctx, pricing, body) {
+// src/pipeline/challenge-extensions.ts
+async function buildChallengeExtensions(ctx) {
+  const { routeEntry } = ctx;
+  let extensions;
+  try {
+    const { z: z2 } = await import("zod");
+    const { declareDiscoveryExtension } = await import("@x402/extensions/bazaar");
+    const toJSON = (schema) => z2.toJSONSchema(schema, {
+      target: "draft-2020-12",
+      unrepresentable: "any"
+    });
+    const inputSchema = routeEntry.bodySchema ? toJSON(routeEntry.bodySchema) : routeEntry.querySchema ? toJSON(routeEntry.querySchema) : void 0;
+    const outputSchema = routeEntry.outputSchema ? toJSON(routeEntry.outputSchema) : void 0;
+    if (inputSchema) {
+      const config = {
+        method: routeEntry.method,
+        bodyType: routeEntry.bodySchema ? "json" : void 0,
+        inputSchema
+      };
+      if (routeEntry.inputExample !== void 0) {
+        config.input = routeEntry.inputExample;
+      }
+      if (outputSchema && routeEntry.outputExample !== void 0) {
+        config.output = { schema: outputSchema, example: routeEntry.outputExample };
+      }
+      extensions = declareDiscoveryExtension(config);
+    }
+  } catch (err) {
+    ctx.report(
+      "warn",
+      `Bazaar schema generation failed: ${err instanceof Error ? err.message : String(err)}`
+    );
+  }
+  if (routeEntry.siwxEnabled) {
+    try {
+      const siwxExtension = await buildSIWXExtension();
+      if (siwxExtension && typeof siwxExtension === "object" && !Array.isArray(siwxExtension)) {
+        extensions = {
+          ...extensions ?? {},
+          ...siwxExtension
+        };
+      }
+    } catch {
+    }
+  }
+  return extensions;
+}
+// src/pipeline/flows/build402.ts
+async function build402(ctx, pricing, body, failure) {
   let challengePrice;
   try {
     challengePrice = pricing ? await pricing.challengeQuote(body) : "0";
@@ -1821,7 +2196,8 @@ async function build402(ctx, pricing, body) {
     return errorResponse;
   }
   const extensions = await buildChallengeExtensions(ctx);
-  const response = new NextResponse4(null, {
+  const responseBody = failure ? JSON.stringify({ error: failure.message ?? null, reason: failure.reason }) : null;
+  const response = new NextResponse4(responseBody, {
     status: 402,
     headers: {
       "Content-Type": "application/json",
@@ -1836,7 +2212,8 @@ async function build402(ctx, pricing, body) {
         body,
         price: challengePrice,
         extensions,
-        deps: ctx.deps
+        deps: ctx.deps,
+        report: ctx.report
       });
       if (contribution.headers) {
         for (const [name, value] of Object.entries(contribution.headers)) {
@@ -1845,11 +2222,7 @@ async function build402(ctx, pricing, body) {
       }
     } catch (err) {
       const message = `${strategy.protocol} challenge build failed: ${errorMessage(err, String(err))}`;
-      firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-        level: "critical",
-        message,
-        route: ctx.routeEntry.key
-      });
+      ctx.report("critical", message);
       if (strategy.protocol === "x402") {
         const errorResponse = NextResponse4.json(
           { success: false, error: message },
@@ -1863,97 +2236,470 @@ async function build402(ctx, pricing, body) {
   firePluginResponse(ctx, response);
   return response;
 }
-async function buildChallengeExtensions(ctx) {
-  const { routeEntry } = ctx;
-  let extensions;
+// src/pipeline/flows/dynamic/dynamic-body-and-price.ts
+async function resolveDynamicBodyAndPrice(args) {
+  const { ctx, pricing, skipBody } = args;
+  if (skipBody) {
+    return {
+      ok: true,
+      parsedBody: void 0,
+      price: surrogatePriceForSkippedBody(ctx.routeEntry)
+    };
+  }
+  const body = await parseBody(ctx);
+  if (!body.ok) return { ok: false, response: body.response };
+  const validateErr = await runValidate(ctx, body.data);
+  if (validateErr) {
+    return { ok: false, response: validateErr };
+  }
+  if (!pricing) {
+    return { ok: false, response: fail(ctx, 500, "Pricing not configured", body.data) };
+  }
   try {
-    const { z } = await import("zod");
-    const { declareDiscoveryExtension } = await import("@x402/extensions/bazaar");
-    const toJSON = (schema) => z.toJSONSchema(schema, {
-      target: "draft-2020-12",
-      unrepresentable: "any"
-    });
-    const inputSchema = routeEntry.bodySchema ? toJSON(routeEntry.bodySchema) : routeEntry.querySchema ? toJSON(routeEntry.querySchema) : void 0;
-    const outputSchema = routeEntry.outputSchema ? toJSON(routeEntry.outputSchema) : void 0;
-    if (inputSchema) {
-      const config = {
-        method: routeEntry.method,
-        bodyType: routeEntry.bodySchema ? "json" : void 0,
-        inputSchema
-      };
-      if (routeEntry.inputExample !== void 0) {
-        config.input = routeEntry.inputExample;
-      }
-      if (outputSchema && routeEntry.outputExample !== void 0) {
-        config.output = { schema: outputSchema, example: routeEntry.outputExample };
-      }
-      extensions = declareDiscoveryExtension(config);
-    }
+    const price = await pricing.quote(body.data);
+    return { ok: true, parsedBody: body.data, price };
   } catch (err) {
-    firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-      level: "warn",
-      message: `Bazaar schema generation failed: ${err instanceof Error ? err.message : String(err)}`,
-      route: routeEntry.key
-    });
+    return {
+      ok: false,
+      response: fail(
+        ctx,
+        errorStatus(err, 500),
+        errorMessage(err, "Price calculation failed"),
+        body.data
+      )
+    };
   }
-  if (routeEntry.siwxEnabled) {
-    try {
-      const siwxExtension = await buildSIWXExtension();
-      if (siwxExtension && typeof siwxExtension === "object" && !Array.isArray(siwxExtension)) {
-        extensions = {
-          ...extensions ?? {},
-          ...siwxExtension
-        };
-      }
-    } catch {
+}
+function surrogatePriceForSkippedBody(routeEntry) {
+  return routeEntry.maxPrice ?? routeEntry.minPrice ?? "0";
+}
+// src/pipeline/flows/dynamic/dynamic-channel-mgmt.ts
+import { NextResponse as NextResponse5 } from "next/server";
+async function runDynamicChannelMgmtFlow(args) {
+  const { ctx, strategy, account, pricing, skipBody } = args;
+  const { request, routeEntry, deps, report } = ctx;
+  const bodyAndPrice = await resolveDynamicBodyAndPrice({ ctx, pricing, skipBody });
+  if (!bodyAndPrice.ok) return bodyAndPrice.response;
+  const { parsedBody, price } = bodyAndPrice;
+  const verifyOutcome = await strategy.verify({
+    request,
+    body: parsedBody,
+    price,
+    routeEntry,
+    deps,
+    report
+  });
+  if (verifyOutcome.ok === false) {
+    if (verifyOutcome.kind === "config") {
+      return fail(ctx, 500, verifyOutcome.message, parsedBody);
     }
+    return build402(ctx, pricing, parsedBody, verifyOutcome.failure);
   }
-  return extensions;
+  ctx.pluginCtx.setVerifiedWallet(verifyOutcome.wallet);
+  firePaymentVerified(ctx, {
+    protocol: strategy.protocol,
+    payer: verifyOutcome.wallet,
+    amount: price,
+    network: verifyOutcome.payment.network
+  });
+  const synthetic = new NextResponse5(null, { status: 200 });
+  const settleScope = {
+    wallet: verifyOutcome.wallet,
+    account,
+    body: parsedBody,
+    payment: verifyOutcome.payment,
+    response: synthetic,
+    rawResult: void 0
+  };
+  const beforeErr = await runBeforeSettle(ctx, settleScope);
+  if (beforeErr) return beforeErr;
+  return settleAndFinalizeRequest({
+    ctx,
+    strategy,
+    verifyOutcome,
+    scope: settleScope,
+    rawResult: void 0,
+    body: parsedBody,
+    billedAmount: "0",
+    onSettleError: async (error, failMessage) => {
+      await runSettlementError(ctx, settleScope, error, "settle");
+      report("critical", `${strategy.protocol} ${failMessage}: ${errorMessage(error, "unknown")}`);
+    }
+  });
 }
-// src/pipeline/flows/paid.ts
-async function runPaidFlow(ctx) {
-  const { request, routeEntry, deps } = ctx;
-  let account = void 0;
-  if (routeEntry.apiKeyResolver) {
-    const apiKeyResult = await verifyApiKey(request, routeEntry.apiKeyResolver);
-    if (!apiKeyResult.valid) return fail(ctx, 401, "Invalid or missing API key");
-    account = apiKeyResult.account;
-    firePluginHook(deps.plugin, "onAuthVerified", ctx.pluginCtx, {
-      authMode: "apiKey",
-      wallet: null,
-      route: routeEntry.key,
-      account
+// src/pipeline/flows/dynamic/dynamic-invoke.ts
+import { NextResponse as NextResponse6 } from "next/server";
+// src/pricing/atomic.ts
+var USDC_DECIMALS = 6;
+function decimalToAtomic(amount) {
+  const m = /^(\d+)(?:\.(\d+))?$/.exec(amount.trim());
+  if (!m) {
+    throw Object.assign(new Error(`'${amount}' is not a valid decimal-dollar string`), {
+      status: 400
     });
   }
-  const alertFn = (level, message, meta) => {
-    firePluginHook(deps.plugin, "onAlert", ctx.pluginCtx, {
-      level,
-      message,
-      route: routeEntry.key,
-      meta
+  const whole = m[1];
+  const fraction = (m[2] ?? "").slice(0, USDC_DECIMALS).padEnd(USDC_DECIMALS, "0");
+  return BigInt(`${whole}${fraction}`.replace(/^0+(?=\d)/, "") || "0");
+}
+function atomicToDecimal(atomic) {
+  const whole = atomic / 10n ** BigInt(USDC_DECIMALS);
+  const fraction = atomic % 10n ** BigInt(USDC_DECIMALS);
+  if (fraction === 0n) return whole.toString();
+  const fractionStr = fraction.toString().padStart(USDC_DECIMALS, "0").replace(/0+$/, "");
+  return `${whole}.${fractionStr}`;
+}
+// src/pricing/charge-context.ts
+function createChargeContext(args) {
+  const { tickCost, maxPrice, route } = args;
+  const tickAtomic = decimalToAtomic(tickCost);
+  if (tickAtomic <= 0n) {
+    throw new Error(`route '${route}': tickCost '${tickCost}' must be a positive decimal string`);
+  }
+  const capAtomic = maxPrice !== void 0 ? decimalToAtomic(maxPrice) : null;
+  let ticks = 0;
+  let atomic = 0n;
+  let channelCharge = null;
+  const charge = async () => {
+    const nextAtomic = atomic + tickAtomic;
+    if (capAtomic !== null && nextAtomic > capAtomic) {
+      throw Object.assign(
+        new Error(
+          `route '${route}': charge() running total ($${atomicToDecimal(nextAtomic)}) exceeds maxPrice ($${atomicToDecimal(capAtomic)})`
+        ),
+        { status: 400, code: "CHARGE_OVER_CAP" }
+      );
+    }
+    ticks += 1;
+    atomic = nextAtomic;
+    if (channelCharge) await channelCharge();
+  };
+  return {
+    charge,
+    bindChannelCharge: (fn) => {
+      channelCharge = fn;
+    },
+    tickCount: () => ticks,
+    atomicTotal: () => atomic
+  };
+}
+// src/pipeline/flows/dynamic/dynamic-invoke.ts
+async function invokeDynamic(ctx, wallet, account, body, payment) {
+  const streaming = ctx.routeEntry.streaming === true;
+  const chargeContext = streaming ? createChargeContext({
+    tickCost: ctx.routeEntry.tickCost,
+    maxPrice: ctx.routeEntry.maxPrice,
+    route: ctx.routeEntry.key
+  }) : null;
+  const baseHandlerCtx = {
+    body,
+    query: parseQuery(ctx.request, ctx.routeEntry),
+    request: ctx.request,
+    requestId: ctx.meta.requestId,
+    route: ctx.routeEntry.key,
+    wallet,
+    payment,
+    account,
+    alert: ctx.report,
+    setVerifiedWallet: (addr) => ctx.pluginCtx.setVerifiedWallet(addr)
+  };
+  const handlerCtx = chargeContext !== null ? { ...baseHandlerCtx, charge: chargeContext.charge } : baseHandlerCtx;
+  let returned;
+  try {
+    returned = ctx.handler(handlerCtx);
+  } catch (error) {
+    return errorResult2(error, chargeContext);
+  }
+  if (isAsyncIterable2(returned) && !isThenable2(returned)) {
+    if (!chargeContext) {
+      return errorResult2(
+        new HttpError(
+          "route returned an async iterable from a non-streaming handler \u2014 use .stream(async function*(...)) instead of .handler() to opt into streaming",
+          500
+        ),
+        null
+      );
+    }
+    return {
+      kind: "stream",
+      source: returned,
+      chargeContext
+    };
+  }
+  let rawResult;
+  try {
+    rawResult = await returned;
+  } catch (error) {
+    return errorResult2(error, chargeContext);
+  }
+  const response = rawResult instanceof Response ? rawResult : NextResponse6.json(rawResult);
+  return { kind: "request", response, rawResult };
+}
+function errorResult2(error, chargeContext) {
+  const status = error instanceof HttpError ? error.status : typeof error?.status === "number" ? error.status : 500;
+  const message = error instanceof Error ? error.message : "Internal error";
+  void chargeContext;
+  return {
+    kind: "request",
+    response: NextResponse6.json({ success: false, error: message }, { status }),
+    rawResult: void 0,
+    handlerError: error
+  };
+}
+function isAsyncIterable2(value) {
+  return value != null && typeof value === "object" && Symbol.asyncIterator in value;
+}
+function isThenable2(value) {
+  return value != null && (typeof value === "object" || typeof value === "function") && typeof value.then === "function";
+}
+// src/pipeline/flows/dynamic/dynamic-preflight.ts
+function resolveDynamicPreflight(strategy, request, routeEntry) {
+  const outcome = strategy.preflight?.(request, routeEntry) ?? null;
+  return {
+    skipBody: outcome?.skipBody ?? false,
+    skipHandler: outcome?.skipHandler ?? false
+  };
+}
+// src/pipeline/flows/dynamic/dynamic-request.ts
+async function runDynamicRequestFlow(args) {
+  const { ctx, strategy, verifyOutcome, account, body, result } = args;
+  const { routeEntry } = ctx;
+  const settleScope = {
+    wallet: verifyOutcome.wallet,
+    account,
+    body,
+    payment: verifyOutcome.payment,
+    response: result.response,
+    rawResult: result.rawResult,
+    handlerError: result.handlerError
+  };
+  if (result.response.status >= 400) {
+    return finalize(ctx, result.response, result.rawResult, body);
+  }
+  const beforeErr = await runBeforeSettle(ctx, settleScope);
+  if (beforeErr) return beforeErr;
+  const billedAmount = routeEntry.tickCost;
+  return settleAndFinalizeRequest({
+    ctx,
+    strategy,
+    verifyOutcome,
+    scope: settleScope,
+    rawResult: result.rawResult,
+    body,
+    billedAmount,
+    onSettleError: async (error, failMessage) => {
+      await runSettlementError(ctx, settleScope, error, "settle");
+      ctx.report(
+        "critical",
+        `${strategy.protocol} ${failMessage}: ${errorMessage(error, "unknown")}`
+      );
+    }
+  });
+}
+// src/pipeline/flows/dynamic/dynamic-stream.ts
+async function runDynamicStreamFlow(args) {
+  const { ctx, strategy, verifyOutcome, account, body, result } = args;
+  return settleAndFinalizeStream({
+    ctx,
+    strategy,
+    verifyOutcome,
+    source: result.source,
+    account,
+    body,
+    bindChannelCharge: result.chargeContext.bindChannelCharge
+  });
+}
+// src/pipeline/flows/dynamic/dynamic-paid.ts
+async function runDynamicPaidFlow(ctx) {
+  const { request, routeEntry, deps, report } = ctx;
+  const apiKeyGate = await runApiKeyGate(ctx);
+  if (!apiKeyGate.ok) return apiKeyGate.response;
+  const { account } = apiKeyGate;
+  const pricing = selectPricing(routeEntry.pricing, {
+    alert: report,
+    maxPrice: routeEntry.maxPrice,
+    minPrice: routeEntry.minPrice,
+    route: routeEntry.key
+  });
+  const incomingStrategy = selectIncomingStrategy(request, routeEntry.protocols);
+  const earlyResolution = await resolveEarlyBody({ ctx, pricing, incomingStrategy });
+  if (!earlyResolution.ok) return earlyResolution.response;
+  const { earlyBody } = earlyResolution;
+  const siwxFastPath = await trySiwxFastPath(ctx, account);
+  if (siwxFastPath) return siwxFastPath;
+  if (!incomingStrategy) {
+    const initError = protocolInitError(routeEntry, deps);
+    if (initError) return fail(ctx, 500, initError);
+    return build402(ctx, pricing, earlyBody);
+  }
+  const { skipBody, skipHandler } = resolveDynamicPreflight(incomingStrategy, request, routeEntry);
+  if (skipHandler) {
+    return runDynamicChannelMgmtFlow({
+      ctx,
+      strategy: incomingStrategy,
+      account,
+      pricing,
+      skipBody
     });
+  }
+  const bodyAndPrice = await resolveDynamicBodyAndPrice({ ctx, pricing, skipBody });
+  if (!bodyAndPrice.ok) return bodyAndPrice.response;
+  const { parsedBody, price } = bodyAndPrice;
+  const verifyOutcome = await incomingStrategy.verify({
+    request,
+    body: parsedBody,
+    price,
+    routeEntry,
+    deps,
+    report
+  });
+  if (verifyOutcome.ok === false) {
+    if (verifyOutcome.kind === "config") {
+      return fail(ctx, 500, verifyOutcome.message, parsedBody);
+    }
+    return build402(ctx, pricing, parsedBody, verifyOutcome.failure);
+  }
+  ctx.pluginCtx.setVerifiedWallet(verifyOutcome.wallet);
+  firePaymentVerified(ctx, {
+    protocol: incomingStrategy.protocol,
+    payer: verifyOutcome.wallet,
+    amount: price,
+    network: verifyOutcome.payment.network
+  });
+  const result = await invokeDynamic(
+    ctx,
+    verifyOutcome.wallet,
+    account,
+    parsedBody,
+    verifyOutcome.payment
+  );
+  switch (result.kind) {
+    case "stream":
+      return runDynamicStreamFlow({
+        ctx,
+        strategy: incomingStrategy,
+        verifyOutcome,
+        account,
+        body: parsedBody,
+        result
+      });
+    case "request":
+      return runDynamicRequestFlow({
+        ctx,
+        strategy: incomingStrategy,
+        verifyOutcome,
+        account,
+        body: parsedBody,
+        result
+      });
+  }
+}
+// src/pipeline/flows/static/static-body-and-price.ts
+async function resolveStaticBodyAndPrice(args) {
+  const { ctx, pricing } = args;
+  const body = await parseBody(ctx);
+  if (!body.ok) return { ok: false, response: body.response };
+  const validateErr = await runValidate(ctx, body.data);
+  if (validateErr) {
+    return { ok: false, response: validateErr };
+  }
+  if (!pricing) {
+    return { ok: false, response: fail(ctx, 500, "Pricing not configured", body.data) };
+  }
+  try {
+    const price = await pricing.quote(body.data);
+    return { ok: true, parsedBody: body.data, price };
+  } catch (err) {
+    return {
+      ok: false,
+      response: fail(
+        ctx,
+        errorStatus(err, 500),
+        errorMessage(err, "Price calculation failed"),
+        body.data
+      )
+    };
+  }
+}
+// src/pipeline/flows/static/static-request.ts
+async function runStaticRequestFlow(args) {
+  const { ctx, strategy, verifyOutcome, account, body, price, result } = args;
+  const settleScope = {
+    wallet: verifyOutcome.wallet,
+    account,
+    body,
+    payment: verifyOutcome.payment,
+    response: result.response,
+    rawResult: result.rawResult,
+    handlerError: result.handlerError
   };
+  if (verifyOutcome.alreadySettled) {
+    if (result.response.status >= 400) {
+      const settledScope = settleScope;
+      await runSettledHandlerError(ctx, settledScope);
+      return finalize(ctx, result.response, result.rawResult, body);
+    }
+    return settleAndFinalizeRequest({
+      ctx,
+      strategy,
+      verifyOutcome,
+      scope: settleScope,
+      rawResult: result.rawResult,
+      body,
+      billedAmount: price
+    });
+  }
+  if (result.response.status >= 400) {
+    return finalize(ctx, result.response, result.rawResult, body);
+  }
+  const beforeErr = await runBeforeSettle(ctx, settleScope);
+  if (beforeErr) return beforeErr;
+  return settleAndFinalizeRequest({
+    ctx,
+    strategy,
+    verifyOutcome,
+    scope: settleScope,
+    rawResult: result.rawResult,
+    body,
+    billedAmount: price,
+    onSettleError: async (error, failMessage) => {
+      await runSettlementError(ctx, settleScope, error, "settle");
+      ctx.report(
+        "critical",
+        `${strategy.protocol} ${failMessage}: ${errorMessage(error, "unknown")}`
+      );
+    }
+  });
+}
+// src/pipeline/flows/static/static-paid.ts
+async function runStaticPaidFlow(ctx) {
+  const { request, routeEntry, deps, report } = ctx;
+  const apiKeyGate = await runApiKeyGate(ctx);
+  if (!apiKeyGate.ok) return apiKeyGate.response;
+  const { account } = apiKeyGate;
   const pricing = selectPricing(routeEntry.pricing, {
-    alert: alertFn,
+    alert: report,
     maxPrice: routeEntry.maxPrice,
     minPrice: routeEntry.minPrice,
     route: routeEntry.key
   });
   const incomingStrategy = selectIncomingStrategy(request, routeEntry.protocols);
-  let earlyBody = void 0;
-  if (shouldParseBodyEarly(incomingStrategy, routeEntry, pricing)) {
-    const earlyClone = request.clone();
-    const earlyResult = await parseBody(earlyClone, routeEntry);
-    if (earlyResult.ok) {
-      earlyBody = earlyResult.data;
-      const validateErr2 = await runValidate(ctx, earlyBody);
-      if (validateErr2) return validateErr2;
-    } else {
-      firePluginResponse(ctx, earlyResult.response);
-      return earlyResult.response;
-    }
-  }
+  const earlyResolution = await resolveEarlyBody({ ctx, pricing, incomingStrategy });
+  if (!earlyResolution.ok) return earlyResolution.response;
+  const { earlyBody } = earlyResolution;
   const siwxFastPath = await trySiwxFastPath(ctx, account);
   if (siwxFastPath) return siwxFastPath;
   if (!incomingStrategy) {
@@ -1961,99 +2707,139 @@ async function runPaidFlow(ctx) {
     if (initError) return fail(ctx, 500, initError);
     return build402(ctx, pricing, earlyBody);
   }
-  const body = await parseBody(request, routeEntry);
-  if (!body.ok) {
-    firePluginResponse(ctx, body.response);
-    return body.response;
-  }
-  const validateErr = await runValidate(ctx, body.data);
-  if (validateErr) return validateErr;
-  if (!pricing) {
-    return fail(ctx, 500, "Pricing not configured", body.data);
-  }
-  let price;
-  try {
-    price = await pricing.quote(body.data);
-  } catch (err) {
-    return fail(
-      ctx,
-      errorStatus(err, 500),
-      errorMessage(err, "Price calculation failed"),
-      body.data
-    );
-  }
+  const bodyAndPrice = await resolveStaticBodyAndPrice({ ctx, pricing });
+  if (!bodyAndPrice.ok) return bodyAndPrice.response;
+  const { parsedBody, price } = bodyAndPrice;
   const verifyOutcome = await incomingStrategy.verify({
     request,
-    body: body.data,
+    body: parsedBody,
     price,
     routeEntry,
-    deps
+    deps,
+    report
   });
   if (verifyOutcome.ok === false) {
     if (verifyOutcome.kind === "config") {
-      return fail(ctx, 500, verifyOutcome.message, body.data);
+      return fail(ctx, 500, verifyOutcome.message, parsedBody);
     }
-    return build402(ctx, pricing, body.data);
+    return build402(ctx, pricing, parsedBody, verifyOutcome.failure);
   }
   ctx.pluginCtx.setVerifiedWallet(verifyOutcome.wallet);
-  firePluginHook(deps.plugin, "onPaymentVerified", ctx.pluginCtx, {
+  firePaymentVerified(ctx, {
     protocol: incomingStrategy.protocol,
     payer: verifyOutcome.wallet,
     amount: price,
     network: verifyOutcome.payment.network
   });
-  const result = await invoke(ctx, verifyOutcome.wallet, account, body.data, verifyOutcome.payment);
-  const settleScope = {
-    wallet: verifyOutcome.wallet,
+  const result = await invokePaidStatic(
+    ctx,
+    verifyOutcome.wallet,
     account,
-    body: body.data,
-    payment: verifyOutcome.payment,
-    response: result.response,
-    rawResult: result.rawResult,
-    handlerError: result.handlerError
-  };
-  if (verifyOutcome.alreadySettled) {
-    if (result.response.status >= 400) {
-      const settledScope = settleScope;
-      await runSettledHandlerError(ctx, settledScope);
-      return finalize(ctx, result.response, result.rawResult, body.data);
-    }
-    return settleAndFinalize({
-      ctx,
-      strategy: incomingStrategy,
-      verifyOutcome,
-      scope: settleScope,
-      rawResult: result.rawResult,
-      body: body.data
-    });
-  }
-  if (result.response.status >= 400) {
-    return finalize(ctx, result.response, result.rawResult, body.data);
-  }
-  const beforeErr = await runBeforeSettle(ctx, settleScope);
-  if (beforeErr) return beforeErr;
-  return settleAndFinalize({
+    parsedBody,
+    verifyOutcome.payment
+  );
+  return runStaticRequestFlow({
     ctx,
     strategy: incomingStrategy,
     verifyOutcome,
-    scope: settleScope,
-    rawResult: result.rawResult,
-    body: body.data,
-    onSettleError: async (error, failMessage) => {
-      await runSettlementError(ctx, settleScope, error, "settle");
-      firePluginHook(deps.plugin, "onAlert", ctx.pluginCtx, {
-        level: "critical",
-        message: `${incomingStrategy.protocol} ${failMessage}: ${errorMessage(error, "unknown")}`,
-        route: routeEntry.key
-      });
-    }
+    account,
+    body: parsedBody,
+    price,
+    result
   });
 }
+// src/pipeline/flows/paid.ts
+async function runPaidFlow(ctx) {
+  const dynamicPrice = ctx.routeEntry.dynamicPrice ?? false;
+  switch (dynamicPrice) {
+    case true:
+      return runDynamicPaidFlow(ctx);
+    case false:
+      return runStaticPaidFlow(ctx);
+  }
+}
 // src/pipeline/flows/siwx-only.ts
-import { NextResponse as NextResponse5 } from "next/server";
+import { NextResponse as NextResponse7 } from "next/server";
+// src/kv-store/client.ts
+function restKvStore(url, token) {
+  const base = url.replace(/\/+$/, "");
+  const authHeader = { Authorization: `Bearer ${token}` };
+  const jsonHeaders = { ...authHeader, "Content-Type": "application/json" };
+  async function exec(command) {
+    const res = await fetch(base, {
+      method: "POST",
+      headers: jsonHeaders,
+      body: JSON.stringify(command)
+    });
+    if (!res.ok) {
+      throw new Error(`[kv-store] ${command[0]} ${command[1] ?? ""}: ${res.status}`);
+    }
+    const body = await res.json();
+    if (body.error) throw new Error(`[kv-store] ${command[0]}: ${body.error}`);
+    return body.result ?? null;
+  }
+  async function get(key) {
+    const res = await fetch(`${base}/get/${encodeURIComponent(key)}`, { headers: authHeader });
+    if (!res.ok) throw new Error(`[kv-store] GET ${key}: ${res.status}`);
+    const { result } = await res.json();
+    return result ?? null;
+  }
+  async function set(key, value) {
+    await exec(["SET", key, JSON.stringify(value)]);
+  }
+  async function del(key) {
+    await exec(["DEL", key]);
+  }
+  async function setNxEx(key, value, ttlSeconds) {
+    const result = await exec(["SET", key, JSON.stringify(value), "EX", ttlSeconds, "NX"]);
+    return result === "OK";
+  }
+  async function sadd(key, member) {
+    await exec(["SADD", key, member]);
+  }
+  async function sismember(key, member) {
+    const result = await exec(["SISMEMBER", key, member]);
+    return result === 1;
+  }
+  async function update(key, fn) {
+    const current = await get(key);
+    const change = fn(current);
+    if (change.op === "set") await set(key, change.value);
+    if (change.op === "delete") await del(key);
+    return change.result;
+  }
+  return { get, set, del, setNxEx, sadd, sismember, update };
+}
+function isRestConfig(input) {
+  return typeof input === "object" && input !== null && typeof input.url === "string" && typeof input.token === "string" && typeof input.get !== "function";
+}
+function resolveKvStore(input, env = process.env) {
+  if (input) {
+    if (isRestConfig(input)) return restKvStore(input.url, input.token);
+    return input;
+  }
+  const url = env.KV_REST_API_URL;
+  const token = env.KV_REST_API_TOKEN;
+  if (url && token) return restKvStore(url, token);
+  return void 0;
+}
+function withPrefix(kv, prefix) {
+  const k = (key) => `${prefix}${key}`;
+  return {
+    get: (key) => kv.get(k(key)),
+    set: (key, value) => kv.set(k(key), value),
+    del: (key) => kv.del(k(key)),
+    setNxEx: (key, value, ttl) => kv.setNxEx(k(key), value, ttl),
+    sadd: (key, member) => kv.sadd(k(key), member),
+    sismember: (key, member) => kv.sismember(k(key), member),
+    update: (key, fn) => kv.update(k(key), fn)
+  };
+}
-// src/auth/nonce.ts
+// src/kv-store/nonce.ts
 var SIWX_CHALLENGE_EXPIRY_MS = 5 * 60 * 1e3;
 var MemoryNonceStore = class {
   seen = /* @__PURE__ */ new Map();
@@ -2070,48 +2856,74 @@ var MemoryNonceStore = class {
     }
   }
 };
-function detectRedisClientType(client) {
-  if (!client || typeof client !== "object") {
-    throw new Error(
-      "createRedisNonceStore requires a Redis client. Supported: @upstash/redis, ioredis. Pass your Redis client instance as the first argument."
-    );
-  }
-  if ("options" in client && "status" in client) {
-    return "ioredis";
-  }
-  const constructor = client.constructor?.name;
-  if (constructor === "Redis" && "url" in client) {
-    return "upstash";
+function createKvNonceStore(kv, options) {
+  const prefix = options?.prefix ?? "siwx:nonce:";
+  const ttlSeconds = Math.ceil((options?.ttlMs ?? SIWX_CHALLENGE_EXPIRY_MS) / 1e3);
+  return {
+    async check(nonce) {
+      return kv.setNxEx(`${prefix}${nonce}`, 1, ttlSeconds);
+    }
+  };
+}
+// src/kv-store/entitlement.ts
+var MemoryEntitlementStore = class {
+  routeToWallets = /* @__PURE__ */ new Map();
+  async has(route, wallet) {
+    const wallets = this.routeToWallets.get(route);
+    if (!wallets) return false;
+    return wallets.has(normalizeWalletAddress(wallet));
   }
-  if (typeof client.set === "function") {
-    return "upstash";
+  async grant(route, wallet) {
+    const normalized = normalizeWalletAddress(wallet);
+    let wallets = this.routeToWallets.get(route);
+    if (!wallets) {
+      wallets = /* @__PURE__ */ new Set();
+      this.routeToWallets.set(route, wallets);
+    }
+    wallets.add(normalized);
   }
-  throw new Error(
-    "Unrecognized Redis client. Supported: @upstash/redis, ioredis. If using a different client, implement NonceStore interface directly."
-  );
-}
-function createRedisNonceStore(client, opts) {
-  const prefix = opts?.prefix ?? "siwx:nonce:";
-  const ttlSeconds = Math.ceil((opts?.ttlMs ?? SIWX_CHALLENGE_EXPIRY_MS) / 1e3);
-  const clientType = detectRedisClientType(client);
+};
+function createKvEntitlementStore(kv, options) {
+  const prefix = options?.prefix ?? "siwx:ent:";
   return {
-    async check(nonce) {
-      const key = `${prefix}${nonce}`;
-      if (clientType === "upstash") {
-        const redis = client;
-        const result = await redis.set(key, "1", { ex: ttlSeconds, nx: true });
-        return result !== null;
-      }
-      if (clientType === "ioredis") {
-        const redis = client;
-        const result = await redis.set(key, "1", "EX", ttlSeconds, "NX");
-        return result === "OK";
-      }
-      throw new Error("Unknown Redis client type");
+    async has(route, wallet) {
+      return kv.sismember(`${prefix}${route}`, normalizeWalletAddress(wallet));
+    },
+    async grant(route, wallet) {
+      await kv.sadd(`${prefix}${route}`, normalizeWalletAddress(wallet));
     }
   };
 }
+// src/kv-store/mpp.ts
+async function createKvMppStore(kv, options) {
+  const prefix = options?.prefix ?? "mpp:";
+  const namespaced = withPrefix(kv, prefix);
+  const { Store: StoreNs } = await import("mppx");
+  return StoreNs.upstash({
+    get: (key) => namespaced.get(key),
+    set: (key, value) => namespaced.set(key, value),
+    del: (key) => namespaced.del(key),
+    update: (key, fn) => namespaced.update(key, fn)
+  });
+}
+// src/protocols/detect.ts
+function detectProtocol(request) {
+  if (request.headers.get(HEADERS.X402_PAYMENT_SIGNATURE) ?? request.headers.get(HEADERS.X402_PAYMENT_LEGACY)) {
+    return "x402";
+  }
+  const auth = request.headers.get(HEADERS.AUTHORIZATION);
+  if (auth && auth.startsWith(AUTH_SCHEME.MPP_PAYMENT)) {
+    return "mpp";
+  }
+  if (request.headers.get(HEADERS.SIWX)) {
+    return "siwx";
+  }
+  return null;
+}
 // src/protocols/mpp/siwx-mode.ts
 import { Credential as Credential2 } from "mppx";
 async function verifyMppSiwx(request, mppx) {
@@ -2130,12 +2942,11 @@ async function runSiwxOnlyFlow(ctx) {
   const { request, routeEntry, deps } = ctx;
   if (routeEntry.validateFn && routeEntry.bodySchema && !request.headers.get(HEADERS.SIWX)) {
     const earlyClone = request.clone();
-    const earlyBody = await parseBody(earlyClone, routeEntry);
+    const earlyBody = await parseBody(ctx, earlyClone);
     if (earlyBody.ok) {
       const validateErr = await runValidate(ctx, earlyBody.data);
       if (validateErr) return validateErr;
     } else {
-      firePluginResponse(ctx, earlyBody.response);
       return earlyBody.response;
     }
   }
@@ -2147,20 +2958,12 @@ async function runSiwxOnlyFlow(ctx) {
       mppSiwxResult = await verifyMppSiwx(request, deps.mppx);
     } catch (err) {
       const message = err instanceof Error ? err.message : String(err);
-      firePluginHook(deps.plugin, "onAlert", ctx.pluginCtx, {
-        level: "critical",
-        message: `MPP SIWX verification failed: ${message}`,
-        route: routeEntry.key
-      });
+      ctx.report("critical", `MPP SIWX verification failed: ${message}`);
       return fail(ctx, 500, `MPP SIWX verification failed: ${message}`);
     }
     if (mppSiwxResult.valid) {
       ctx.pluginCtx.setVerifiedWallet(mppSiwxResult.wallet);
-      firePluginHook(deps.plugin, "onAuthVerified", ctx.pluginCtx, {
-        authMode: "siwx",
-        wallet: mppSiwxResult.wallet,
-        route: routeEntry.key
-      });
+      fireAuthVerified(ctx, { authMode: "siwx", wallet: mppSiwxResult.wallet });
       const authResponse = await runHandlerOnly(ctx, mppSiwxResult.wallet, void 0);
       if (authResponse.status < 400) {
         return mppSiwxResult.withReceipt(authResponse);
@@ -2173,7 +2976,7 @@ async function runSiwxOnlyFlow(ctx) {
   }
   const siwx = await verifySIWX(request, routeEntry, deps.nonceStore);
   if (!siwx.valid) {
-    const response = NextResponse5.json(
+    const response = NextResponse7.json(
       { error: siwx.code, message: SIWX_ERROR_MESSAGES[siwx.code] },
       { status: 402 }
     );
@@ -2182,11 +2985,7 @@ async function runSiwxOnlyFlow(ctx) {
   }
   const wallet = normalizeWalletAddress(siwx.wallet);
   ctx.pluginCtx.setVerifiedWallet(wallet);
-  firePluginHook(deps.plugin, "onAuthVerified", ctx.pluginCtx, {
-    authMode: "siwx",
-    wallet,
-    route: routeEntry.key
-  });
+  fireAuthVerified(ctx, { authMode: "siwx", wallet });
   return runHandlerOnly(ctx, wallet, void 0);
 }
 async function buildSiwxChallenge(ctx) {
@@ -2223,7 +3022,6 @@ async function buildSiwxChallenge(ctx) {
     extensions: {
       "sign-in-with-x": {
         info: siwxInfo,
-        // Required by MCP tools at the top level for chain detection.
         supportedChains,
         ...siwxSchema ? { schema: siwxSchema } : {}
       }
@@ -2234,13 +3032,12 @@ async function buildSiwxChallenge(ctx) {
     const { encodePaymentRequiredHeader } = await import("@x402/core/http");
     encoded = encodePaymentRequiredHeader(paymentRequired);
   } catch (err) {
-    firePluginHook(deps.plugin, "onAlert", ctx.pluginCtx, {
-      level: "warn",
-      message: `SIWX challenge header encoding failed: ${err instanceof Error ? err.message : String(err)}`,
-      route: routeEntry.key
-    });
+    ctx.report(
+      "warn",
+      `SIWX challenge header encoding failed: ${err instanceof Error ? err.message : String(err)}`
+    );
   }
-  const response = new NextResponse5(JSON.stringify(paymentRequired), {
+  const response = new NextResponse7(JSON.stringify(paymentRequired), {
     status: 402,
     headers: { "Content-Type": "application/json", "Cache-Control": "no-store" }
   });
@@ -2281,7 +3078,7 @@ async function runUnprotectedFlow(ctx) {
   return runHandlerOnly(ctx, null, void 0);
 }
-// src/orchestrate.ts
+// src/pipeline/orchestrate.ts
 function createRequestHandler(routeEntry, handler, deps) {
   return async (request) => {
     await deps.initPromise;
@@ -2346,6 +3143,12 @@ var RouteBuilder = class {
   /** @internal */
   _minPrice;
   /** @internal */
+  _dynamicPrice = false;
+  /** @internal */
+  _tickCost;
+  /** @internal */
+  _unitType;
+  /** @internal */
   _payTo;
   /** @internal */
   _bodySchema;
@@ -2390,7 +3193,8 @@ var RouteBuilder = class {
     next._protocols = [...this._protocols];
     return next;
   }
-  paid(pricing, options) {
+  paid(pricingOrOptions, options) {
+    const { pricing, resolvedOptions } = resolvePaidArgs(this._key, pricingOrOptions, options);
     if (this._authMode === "unprotected") {
       throw new Error(
         `route '${this._key}': Cannot combine .unprotected() and .paid() on the same route.`
@@ -2404,16 +3208,24 @@ var RouteBuilder = class {
     const next = this.fork();
     next._authMode = "paid";
     next._pricing = pricing;
-    if (options?.protocols) {
-      next._protocols = [...options.protocols];
+    if (resolvedOptions?.protocols) {
+      next._protocols = [...resolvedOptions.protocols];
     } else if (next._protocols.length === 0) {
       next._protocols = ["x402"];
     }
-    if (options?.maxPrice) next._maxPrice = options.maxPrice;
-    if (options?.minPrice) next._minPrice = options.minPrice;
-    if (options?.payTo) next._payTo = options.payTo;
-    if (options?.mpp) next._mppInfo = options.mpp;
+    if (resolvedOptions?.maxPrice) next._maxPrice = resolvedOptions.maxPrice;
+    if (resolvedOptions?.minPrice) next._minPrice = resolvedOptions.minPrice;
+    if (resolvedOptions?.payTo) next._payTo = resolvedOptions.payTo;
+    if (resolvedOptions?.mpp) next._mppInfo = resolvedOptions.mpp;
+    if (resolvedOptions?.dynamic) next._dynamicPrice = true;
+    if (resolvedOptions?.tickCost) next._tickCost = resolvedOptions.tickCost;
+    if (resolvedOptions?.unitType) next._unitType = resolvedOptions.unitType;
     if (typeof pricing === "object" && "tiers" in pricing) {
+      if (next._dynamicPrice) {
+        throw new Error(
+          `route '${this._key}': .paid({ dynamic: true }) is incompatible with tiered pricing`
+        );
+      }
       for (const [tierKey, tierConfig] of Object.entries(pricing.tiers)) {
         if (!tierKey) {
           throw new Error(`route '${this._key}': tier key cannot be empty`);
@@ -2426,16 +3238,40 @@ var RouteBuilder = class {
         }
       }
     }
-    if (options?.maxPrice !== void 0) {
-      const parsed = parseFloat(options.maxPrice);
+    if (resolvedOptions?.maxPrice !== void 0) {
+      const parsed = parseFloat(resolvedOptions.maxPrice);
+      if (isNaN(parsed) || parsed <= 0) {
+        throw new Error(
+          `route '${this._key}': maxPrice '${resolvedOptions.maxPrice}' must be a positive decimal string`
+        );
+      }
+    }
+    if (resolvedOptions?.tickCost !== void 0) {
+      const parsed = parseFloat(resolvedOptions.tickCost);
       if (isNaN(parsed) || parsed <= 0) {
         throw new Error(
-          `route '${this._key}': maxPrice '${options.maxPrice}' must be a positive decimal string`
+          `route '${this._key}': tickCost '${resolvedOptions.tickCost}' must be a positive decimal string`
         );
       }
     }
+    if (next._dynamicPrice && !next._maxPrice) {
+      throw new Error(`route '${this._key}': .paid({ dynamic: true }) requires maxPrice`);
+    }
+    if (next._dynamicPrice && !next._tickCost) {
+      throw new Error(`route '${this._key}': .paid({ dynamic: true }) requires tickCost`);
+    }
     return next;
   }
+  /**
+   * Require Sign-In-with-X wallet identity on this route — clients prove
+   * control of a wallet via a signed challenge. Combine with `.paid()` to gate
+   * a paid route on a verified wallet identity.
+   *
+   * @example
+   * ```ts
+   * router.route('profile').siwx().handler(async ({ wallet }) => getProfile(wallet));
+   * ```
+   */
   siwx() {
     if (this._authMode === "unprotected") {
       throw new Error(
@@ -2458,6 +3294,19 @@ var RouteBuilder = class {
     next._protocols = [];
     return next;
   }
+  /**
+   * Require an `X-API-Key` header (or `Authorization: Bearer <key>`); the
+   * resolver returns the account record, or `null` for 401. Composes with
+   * `.paid()` — key is checked first, payment second.
+   *
+   * @example
+   * ```ts
+   * router
+   *   .route('admin/users')
+   *   .apiKey(async (key) => db.admin.findByKey(key))
+   *   .handler(async ({ account }) => db.user.list(account.orgId));
+   * ```
+   */
   apiKey(resolver) {
     if (this._siwxEnabled) {
       throw new Error(
@@ -2469,6 +3318,15 @@ var RouteBuilder = class {
     next._apiKeyResolver = resolver;
     return next;
   }
+  /**
+   * Mark the route as public — no auth, no payment, no SIWX. The handler
+   * receives `null` for `wallet`, `payment`, and `account`.
+   *
+   * @example
+   * ```ts
+   * router.route('health').unprotected().handler(async () => ({ status: 'ok' }));
+   * ```
+   */
   unprotected() {
     if (this._authMode && this._authMode !== "unprotected") {
       throw new Error(
@@ -2485,60 +3343,82 @@ var RouteBuilder = class {
     next._protocols = [];
     return next;
   }
-  // -------------------------------------------------------------------------
-  // Provider monitoring
-  // -------------------------------------------------------------------------
+  /**
+   * Tag the route with an upstream provider for discovery and provider-side
+   * monitoring. The provider name and config surface in `well-known` and
+   * OpenAPI output.
+   *
+   * @example
+   * ```ts
+   * router
+   *   .route('search')
+   *   .paid('0.01')
+   *   .provider('exa', { quotaPerMonth: 1000 })
+   *   .handler(handler);
+   * ```
+   */
   provider(name, config) {
     const next = this.fork();
     next._providerName = name;
     next._providerConfig = config ?? {};
     return next;
   }
-  body(schema, example) {
+  /**
+   * Declare the request body's Zod schema. Parsed body is typed as `ctx.body`
+   * in the handler. Use `.inputExample()` to attach a discovery example.
+   *
+   * @example
+   * ```ts
+   * .body(z.object({ query: z.string() }))
+   *   .handler(async ({ body }) => search(body.query));
+   * ```
+   */
+  body(schema) {
     const next = this.fork();
     next._bodySchema = schema;
-    if (example !== void 0) {
-      next._inputExample = example;
-      next._hasInputExample = true;
-    }
     return next;
   }
-  query(schema, example) {
+  /**
+   * Declare a query-string Zod schema and switch the route to `GET`. Parsed
+   * query is typed as `ctx.query` in the handler. Use `.inputExample()` to
+   * attach a discovery example.
+   *
+   * @example
+   * ```ts
+   * .query(z.object({ id: z.string() }))
+   *   .handler(async ({ query }) => getById(query.id));
+   * ```
+   */
+  query(schema) {
     const next = this.fork();
     next._querySchema = schema;
-    if (example !== void 0) {
-      next._inputExample = example;
-      next._hasInputExample = true;
-    }
     next._method = "GET";
     return next;
   }
-  output(schema, example) {
+  /**
+   * Declare the response output's Zod schema for OpenAPI generation. The
+   * runtime does not validate handler return values — use Zod's `.parse()`
+   * inside the handler if strict output validation is required. Use
+   * `.outputExample()` to attach a discovery example.
+   *
+   * @example
+   * ```ts
+   * .output(z.object({ result: z.string() }))
+   *   .handler(async () => ({ result: 'ok' }));
+   * ```
+   */
+  output(schema) {
     const next = this.fork();
     next._outputSchema = schema;
-    if (example !== void 0) {
-      next._outputExample = example;
-      next._hasOutputExample = true;
-    }
     return next;
   }
   /**
-   * Provide a conforming example of the request input (body or query params).
-   *
-   * Optional. When provided, the example is validated against the request schema
-   * at route registration and embedded in the bazaar discovery extension so
-   * indexers can advertise a working sample call.
-   *
-   * For the common case, pass the example directly to `.body(schema, example)` or
-   * `.query(schema, example)` instead.
+   * Attach an example of the request body or query for discovery output,
+   * validated against the registered schema at registration.
    *
    * @example
    * ```ts
-   * router.route('search')
-   *   .paid('0.01')
-   *   .body(z.object({ q: z.string() }))
-   *   .inputExample({ q: 'hello world' })
-   *   .handler(async ({ body }) => { ... });
+   * .body(searchSchema).inputExample({ query: 'cats' });
    * ```
    */
   inputExample(example) {
@@ -2548,32 +3428,12 @@ var RouteBuilder = class {
     return next;
   }
   /**
-   * Provide a conforming example of the response output.
-   *
-   * Optional. When provided, the example is validated against the output schema
-   * at route registration and embedded in the bazaar discovery extension so
-   * indexers can advertise the response shape.
-   *
-   * For the common case, pass the example directly to `.output(schema, example)` instead.
-   *
-   * Accepts any JSON value (objects, arrays, or primitives) — top-level array
-   * or primitive responses (e.g. `z.array(...)`) are supported alongside the
-   * common object case.
+   * Attach an example response for discovery output, validated against the
+   * registered output schema at registration.
    *
    * @example
    * ```ts
-   * router.route('search')
-   *   .paid('0.01')
-   *   .output(z.object({ results: z.array(z.string()) }))
-   *   .outputExample({ results: ['a', 'b'] })
-   *   .handler(async () => { ... });
-   *
-   * // Top-level array response
-   * router.route('chains')
-   *   .paid('0.01')
-   *   .output(z.array(z.object({ name: z.string() })))
-   *   .outputExample([{ name: 'Ethereum' }])
-   *   .handler(async () => { ... });
+   * .output(resultSchema).outputExample({ result: 'ok' });
    * ```
    */
   outputExample(example) {
@@ -2582,71 +3442,125 @@ var RouteBuilder = class {
     next._hasOutputExample = true;
     return next;
   }
+  /**
+   * Set a human-readable summary of the route. Surfaces in OpenAPI,
+   * `well-known`, and `llms.txt` discovery output.
+   *
+   * @example
+   * ```ts
+   * .description('Search indexed web pages by full-text query');
+   * ```
+   */
   description(text) {
     const next = this.fork();
     next._description = text;
     return next;
   }
+  /**
+   * Override the URL path advertised in discovery output. Defaults to the
+   * registry key passed to `.route()`.
+   *
+   * @example
+   * ```ts
+   * router.route('search').path('/v2/search').handler(handler);
+   * ```
+   */
   path(p) {
     const next = this.fork();
     next._path = p;
     return next;
   }
+  /**
+   * Override the HTTP method advertised in discovery. Defaults to `POST`, or
+   * `GET` when `.query()` has been called.
+   *
+   * @example
+   * ```ts
+   * router.route('items/delete').method('DELETE').handler(handler);
+   * ```
+   */
   method(m) {
     const next = this.fork();
     next._method = m;
     return next;
   }
-  // -------------------------------------------------------------------------
-  // Pre-payment validation
-  // -------------------------------------------------------------------------
   /**
-   * Add pre-payment validation that runs after body parsing but before the 402
-   * challenge is shown. Use this for async business logic like "is this resource
-   * available?" or "has this user hit their rate limit?".
+   * Run validation against the parsed body before the 402 challenge. Throw
+   * `Object.assign(new Error('...'), { status })` to reject with a custom
+   * status code; defaults to 400. Requires `.body()` to be called first.
+   *
+   * @example
+   * ```ts
+   * .body(RegisterSchema).validate(async (body) => {
+   *   if (await isTaken(body.name)) {
+   *     throw Object.assign(new Error('taken'), { status: 409 });
+   *   }
+   * });
+   * ```
+   */
+  validate(fn) {
+    const next = this.fork();
+    next._validateFn = fn;
+    return next;
+  }
+  /**
+   * Hook into the settlement lifecycle. `beforeSettle` runs after the handler
+   * succeeds but before on-chain settlement and can cancel the charge;
+   * `afterSettle` runs after settlement completes (success or failure).
    *
-   * Requires `.body()` — call `.body()` before `.validate()` for type inference.
+   * @example
+   * ```ts
+   * .settlement({
+   *   beforeSettle: ({ result }) => (result.refund ? 'skip' : 'continue'),
+   *   afterSettle: ({ tx }) => analytics.track('settled', { tx }),
+   * });
+   * ```
+   */
+  settlement(lifecycle) {
+    const next = this.fork();
+    next._settlement = lifecycle;
+    return next;
+  }
+  /**
+   * Register the request handler and return the Next.js route function. The
+   * handler receives a typed context and may return a value (serialized to
+   * JSON), a raw `Response`, or throw an `HttpError` for a non-2xx status.
    *
    * @example
-   * ```typescript
-   * router
-   *   .route('domain/register')
-   *   .paid(calculatePrice)
-   *   .body(RegisterSchema)  // .body() first for type inference
-   *   .validate(async (body) => {
-   *     if (await isDomainTaken(body.domain)) {
-   *       throw Object.assign(new Error('Domain taken'), { status: 409 });
-   *     }
-   *   })
-   *   .handler(async ({ body }) => { ... });
+   * ```ts
+   * export const POST = router
+   *   .route('search')
+   *   .paid('0.01')
+   *   .body(schema)
+   *   .handler(async ({ body, wallet }) => searchService(body, wallet));
    * ```
    */
-  validate(fn) {
-    const next = this.fork();
-    next._validateFn = fn;
-    return next;
+  handler(fn) {
+    return this.register(fn, false);
   }
-  // -------------------------------------------------------------------------
-  // Settlement lifecycle
-  // -------------------------------------------------------------------------
   /**
-   * Add route-specific settlement hooks.
+   * Register a streaming handler (`async function*`) and return the Next.js
+   * route function. Each `charge()` call bills one tick (`tickCost` USDC) up
+   * to `maxPrice`; requires `.paid({ dynamic: true, ... })` and MPP session mode.
    *
-   * `beforeSettle` runs after a successful handler response but before
-   * router-controlled settlement/broadcast, so it can still prevent the charge
-   * for x402 and MPP transaction-payload flows. `afterSettle` runs after
-   * settlement and is intended for durable ledgers or app-owned refund queues.
+   * @example
+   * ```ts
+   * export const POST = router
+   *   .route('llm/stream')
+   *   .paid({ dynamic: true, tickCost: '0.0001', unitType: 'token', maxPrice: '0.05' })
+   *   .body(schema)
+   *   .stream(async function* ({ body, charge }) {
+   *     for await (const token of streamLLM(body.prompt)) {
+   *       await charge();
+   *       yield token;
+   *     }
+   *   });
+   * ```
    */
-  settlement(lifecycle) {
-    const next = this.fork();
-    next._settlement = lifecycle;
-    return next;
+  stream(fn) {
+    return this.register(fn, true);
   }
-  // -------------------------------------------------------------------------
-  // Terminal method
-  // -------------------------------------------------------------------------
-  handler(fn) {
-    const handlerFn = fn;
+  register(handlerFn, streaming) {
     if (!this._authMode) {
       throw new Error(
         `route '${this._key}': Select an auth mode: .paid(pricing), .siwx(), .apiKey(resolver), or .unprotected()`
@@ -2660,6 +3574,26 @@ var RouteBuilder = class {
     if (this._settlement && !this._pricing) {
       throw new Error(`route '${this._key}': .settlement() requires a paid route`);
     }
+    if (this._dynamicPrice && this._protocols.includes("x402")) {
+      const hasUpto = this._deps.x402Accepts.some((accept) => accept.scheme === "upto");
+      if (!hasUpto) {
+        throw new Error(
+          `route '${this._key}': .paid({ dynamic: true }) on an x402 route requires an 'upto' accept on at least one configured network. Add { scheme: 'upto', network, asset } to RouterConfig.x402.accepts.`
+        );
+      }
+    }
+    if (this._dynamicPrice && this._protocols.includes("mpp")) {
+      if (!this._deps.mppSessionConfig) {
+        throw new Error(
+          `route '${this._key}': .paid({ dynamic: true }) on an MPP route requires session mode. Set RouterConfig.mpp.session = {} and provide mpp.operatorKey.`
+        );
+      }
+    }
+    if (streaming && !this._dynamicPrice) {
+      throw new Error(
+        `route '${this._key}': .stream() requires .paid({ dynamic: true }) \u2014 static/free routes can't meter per-chunk billing.`
+      );
+    }
     validateExamples(
       this._key,
       this._bodySchema,
@@ -2675,6 +3609,8 @@ var RouteBuilder = class {
       authMode: this._authMode,
       siwxEnabled: this._siwxEnabled,
       pricing: this._pricing,
+      dynamicPrice: this._dynamicPrice ? true : void 0,
+      streaming: streaming ? true : void 0,
       protocols: this._protocols,
       bodySchema: this._bodySchema,
       querySchema: this._querySchema,
@@ -2692,81 +3628,28 @@ var RouteBuilder = class {
       providerConfig: this._providerConfig,
       validateFn: this._validateFn,
       settlement: this._settlement,
-      mppInfo: this._mppInfo
+      mppInfo: this._mppInfo,
+      tickCost: this._tickCost,
+      unitType: this._unitType
     };
     this._registry.register(entry);
-    return createRequestHandler(
-      entry,
-      handlerFn,
-      this._deps
-    );
+    return createRequestHandler(entry, handlerFn, this._deps);
   }
 };
-// src/auth/entitlement.ts
-var MemoryEntitlementStore = class {
-  routeToWallets = /* @__PURE__ */ new Map();
-  async has(route, wallet) {
-    const wallets = this.routeToWallets.get(route);
-    if (!wallets) return false;
-    return wallets.has(normalizeWalletAddress(wallet));
-  }
-  async grant(route, wallet) {
-    const normalized = normalizeWalletAddress(wallet);
-    let wallets = this.routeToWallets.get(route);
-    if (!wallets) {
-      wallets = /* @__PURE__ */ new Set();
-      this.routeToWallets.set(route, wallets);
+function resolvePaidArgs(routeKey, pricingOrOptions, options) {
+  const isHandlerDynamicShape = typeof pricingOrOptions === "object" && pricingOrOptions !== null && typeof pricingOrOptions !== "function" && !("tiers" in pricingOrOptions) && "dynamic" in pricingOrOptions && pricingOrOptions.dynamic;
+  if (isHandlerDynamicShape) {
+    const opts = pricingOrOptions;
+    if (!opts.maxPrice) {
+      throw new Error(`route '${routeKey}': .paid({ dynamic: true }) requires maxPrice`);
     }
-    wallets.add(normalized);
-  }
-};
-function detectRedisClientType2(client) {
-  if (!client || typeof client !== "object") {
-    throw new Error(
-      "createRedisEntitlementStore requires a Redis client. Supported: @upstash/redis, ioredis."
-    );
+    return { pricing: opts.maxPrice, resolvedOptions: opts };
   }
-  if ("options" in client && "status" in client) return "ioredis";
-  const constructor = client.constructor?.name;
-  if (constructor === "Redis" && "url" in client) return "upstash";
-  if (typeof client.sadd === "function" && typeof client.sismember === "function") {
-    return "upstash";
-  }
-  throw new Error("Unrecognized Redis client for entitlement store.");
-}
-function createRedisEntitlementStore(client, options) {
-  const clientType = detectRedisClientType2(client);
-  const prefix = options?.prefix ?? "siwx:entitlement:";
-  return {
-    async has(route, wallet) {
-      const key = `${prefix}${route}`;
-      const normalized = normalizeWalletAddress(wallet);
-      if (clientType === "upstash") {
-        const redis2 = client;
-        const result2 = await redis2.sismember(key, normalized);
-        return result2 === 1 || result2 === true;
-      }
-      const redis = client;
-      const result = await redis.sismember(key, normalized);
-      return result === 1;
-    },
-    async grant(route, wallet) {
-      const key = `${prefix}${route}`;
-      const normalized = normalizeWalletAddress(wallet);
-      if (clientType === "upstash") {
-        const redis2 = client;
-        await redis2.sadd(key, normalized);
-        return;
-      }
-      const redis = client;
-      await redis.sadd(key, normalized);
-    }
-  };
+  return { pricing: pricingOrOptions, resolvedOptions: options };
 }
 // src/discovery/well-known.ts
-import { NextResponse as NextResponse6 } from "next/server";
+import { NextResponse as NextResponse8 } from "next/server";
 // src/discovery/utils/guidance.ts
 async function resolveGuidance(discovery) {
@@ -2810,7 +3693,7 @@ function createWellKnownHandler(registry, baseUrl, pricesKeys, discovery) {
     if (instructions) {
       body.instructions = instructions;
     }
-    return NextResponse6.json(body, {
+    return NextResponse8.json(body, {
       headers: {
         "Access-Control-Allow-Origin": "*",
         "Access-Control-Allow-Methods": "GET",
@@ -2828,13 +3711,13 @@ function toDiscoveryResource(method, url, mode) {
 // src/discovery/openapi.ts
 init_constants();
-import { NextResponse as NextResponse7 } from "next/server";
+import { NextResponse as NextResponse9 } from "next/server";
 function createOpenAPIHandler(registry, baseUrl, pricesKeys, discovery) {
   const normalizedBase = baseUrl.replace(/\/+$/, "");
   let cached = null;
   let validated = false;
   return async (_request) => {
-    if (cached) return NextResponse7.json(cached);
+    if (cached) return NextResponse9.json(cached);
     if (!validated && pricesKeys) {
       registry.validate(pricesKeys);
       validated = true;
@@ -2897,7 +3780,7 @@ function createOpenAPIHandler(registry, baseUrl, pricesKeys, discovery) {
       paths
     };
     cached = createDocument(openApiDocument);
-    return NextResponse7.json(cached);
+    return NextResponse9.json(cached);
   };
 }
 function deriveTag(routeKey) {
@@ -2970,7 +3853,7 @@ function toProtocolObject(protocol, mppInfo) {
       mpp: {
         method: mppInfo?.method ?? "tempo",
         intent: mppInfo?.intent ?? "charge",
-        currency: mppInfo?.currency ?? TEMPO_USDC_CURRENCY
+        currency: mppInfo?.currency ?? TEMPO_USDC_ADDRESS
       }
     };
   }
@@ -3020,11 +3903,11 @@ function buildPricingInfo(entry) {
 }
 // src/discovery/llms-txt.ts
-import { NextResponse as NextResponse8 } from "next/server";
+import { NextResponse as NextResponse10 } from "next/server";
 function createLlmsTxtHandler(discovery) {
   return async (_request) => {
     const guidance = await resolveGuidance(discovery) ?? "";
-    return new NextResponse8(guidance, {
+    return new NextResponse10(guidance, {
       headers: {
         "Content-Type": "text/plain; charset=utf-8",
         "Access-Control-Allow-Origin": "*"
@@ -3037,11 +3920,7 @@ function createLlmsTxtHandler(discovery) {
 init_accepts();
 init_constants();
-// src/config.ts
-init_constants();
-init_evm();
-init_solana();
-init_accepts();
+// src/config/error.ts
 var RouterConfigError = class extends Error {
   issues;
   constructor(issues) {
@@ -3050,184 +3929,260 @@ var RouterConfigError = class extends Error {
     this.issues = issues;
   }
 };
-function validateRouterConfig(config, options = {}) {
-  const issues = getRouterConfigIssues(config, options);
-  if (issues.length > 0) throw new RouterConfigError(issues);
+function formatRouterConfigIssues(issues) {
+  return issues.map((issue) => issue.message).join("\n");
 }
-function getRouterConfigIssues(config, options = {}) {
-  const env = options.env ?? process.env;
-  const issues = [];
-  const protocols = config.protocols ?? ["x402"];
-  if (!config.baseUrl) {
-    issues.push({
-      code: "missing_base_url",
-      message: '[router] baseUrl is required in RouterConfig. Set it to your production domain (e.g., "https://api.example.com"). The realm is used for payment matching and must be correct.'
-    });
+// src/config/schema.ts
+init_constants();
+import { z } from "zod";
+// src/config/utils.ts
+import { privateKeyToAccount } from "viem/accounts";
+var EVM_ADDRESS_RE = /^0x[a-fA-F0-9]{40}$/;
+var EVM_PRIVATE_KEY_RE = /^0x[a-fA-F0-9]{64}$/;
+var SOLANA_ADDRESS_RE = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+var ZERO_EVM_ADDRESS_RE = /^0x0{40}$/i;
+function isUrl(value) {
+  try {
+    new URL(value);
+    return true;
+  } catch {
+    return false;
+  }
+}
+var isEvmAddress = (v) => EVM_ADDRESS_RE.test(v);
+var isEvmPrivateKey = (v) => EVM_PRIVATE_KEY_RE.test(v);
+var isPlaceholderEvm = (v) => ZERO_EVM_ADDRESS_RE.test(v);
+var isSolanaAddress = (v) => SOLANA_ADDRESS_RE.test(v);
+var isX402Network = (v) => v.startsWith("eip155:") || v.startsWith("solana:");
+var canonicalizeEvm = (addr) => addr.toLowerCase();
+function operatorAddressesCollide(opKey, fpKey) {
+  if (!opKey || !fpKey || !isEvmPrivateKey(opKey) || !isEvmPrivateKey(fpKey)) return null;
+  const op = privateKeyToAccount(opKey).address.toLowerCase();
+  const fp = privateKeyToAccount(fpKey).address.toLowerCase();
+  return op === fp ? op : null;
+}
+function trimAll(raw) {
+  const out = {};
+  for (const [k, v] of Object.entries(raw)) {
+    if (typeof v !== "string") {
+      out[k] = void 0;
+      continue;
+    }
+    const trimmed = v.trim();
+    out[k] = trimmed.length > 0 ? trimmed : void 0;
   }
-  if (config.protocols && config.protocols.length === 0) {
-    issues.push({
-      code: "empty_protocols",
-      message: "RouterConfig.protocols cannot be empty. Omit the field to use default ['x402'] or specify protocols explicitly."
-    });
+  return out;
+}
+// src/config/schema.ts
+function addIssue(ctx, params, message, path = []) {
+  ctx.addIssue({ code: "custom", path, params, message });
+}
+var x402 = { protocol: "x402" };
+var mpp = { protocol: "mpp" };
+var envShape = {
+  BASE_URL: z.string().refine(isUrl, {
+    params: { code: "invalid_base_url" },
+    message: "BASE_URL must be a valid URL \u2014 the public origin used as the 402 realm, OpenAPI server URL, and MPP memo prefix. Must match the public domain."
+  }).optional(),
+  EVM_PAYEE_ADDRESS: z.string().refine(isEvmAddress, {
+    params: { code: "invalid_x402_payee", ...x402 },
+    message: "EVM_PAYEE_ADDRESS must be a 0x-prefixed 20-byte EVM address \u2014 the wallet that receives x402 and MPP payments."
+  }).refine((v) => !isPlaceholderEvm(v), {
+    params: { code: "placeholder_payee", ...x402 },
+    message: "EVM_PAYEE_ADDRESS is the zero address (0x000\u2026000) \u2014 payments to this address are unrecoverable. Set it to a wallet you control."
+  }).optional(),
+  CDP_API_KEY_ID: z.string().optional(),
+  CDP_API_KEY_SECRET: z.string().optional(),
+  SOLANA_PAYEE_ADDRESS: z.string().refine(isSolanaAddress, {
+    params: { code: "invalid_solana_payee", ...x402 },
+    message: "SOLANA_PAYEE_ADDRESS must be a base58 Solana address (32\u201344 chars). When set, the router also accepts Solana payments."
+  }).optional(),
+  SOLANA_FACILITATOR_URL: z.string().refine(isUrl, {
+    params: { code: "invalid_solana_facilitator_url", ...x402 },
+    message: "SOLANA_FACILITATOR_URL must be a valid URL \u2014 override for the Solana x402 facilitator. Defaults to DEFAULT_SOLANA_FACILITATOR_URL."
+  }).optional(),
+  MPP_SECRET_KEY: z.string().optional(),
+  MPP_CURRENCY: z.string().refine(isEvmAddress, {
+    params: { code: "invalid_mpp_currency", ...mpp },
+    message: "MPP_CURRENCY must be a 0x-prefixed 20-byte Tempo currency address \u2014 the token contract MPP charges in. Use TEMPO_USDC_ADDRESS for Tempo USDC."
+  }).optional(),
+  TEMPO_RPC_URL: z.string().refine(isUrl, {
+    params: { code: "invalid_mpp_rpc_url", ...mpp },
+    message: "TEMPO_RPC_URL must be a valid URL \u2014 authenticated Tempo JSON-RPC endpoint. Public rpc.tempo.xyz returns 401."
+  }).optional(),
+  MPP_OPERATOR_KEY: z.string().refine(isEvmPrivateKey, {
+    params: { code: "invalid_mpp_operator_key", ...mpp },
+    message: "MPP_OPERATOR_KEY must be a 0x-prefixed 32-byte EVM private key \u2014 signs server-side close/settle; presence enables MPP session mode."
+  }).optional(),
+  MPP_FEE_PAYER_KEY: z.string().refine(isEvmPrivateKey, {
+    params: { code: "invalid_mpp_fee_payer_key", ...mpp },
+    message: "MPP_FEE_PAYER_KEY must be a 0x-prefixed 32-byte EVM private key \u2014 sponsors client gas for channel open/topUp. Must resolve to a different address than MPP_OPERATOR_KEY."
+  }).optional(),
+  KV_REST_API_URL: z.string().optional(),
+  KV_REST_API_TOKEN: z.string().optional(),
+  NODE_ENV: z.string().optional()
+};
+var ENV_KEYS = Object.keys(envShape);
+var EnvInputSchema = z.object(envShape).passthrough().superRefine((env, ctx) => {
+  if (env.BASE_URL === void 0) {
+    addIssue(
+      ctx,
+      { code: "missing_base_url" },
+      "BASE_URL is required \u2014 the public origin used as the 402 realm, OpenAPI server URL, and MPP memo prefix. Set it to your production domain.",
+      ["BASE_URL"]
+    );
+  }
+  if (env.EVM_PAYEE_ADDRESS === void 0) {
+    addIssue(
+      ctx,
+      { code: "missing_x402_payee", ...x402 },
+      "EVM_PAYEE_ADDRESS is required \u2014 the EVM address that receives x402 and MPP payments.",
+      ["EVM_PAYEE_ADDRESS"]
+    );
   }
-  if (protocols.includes("x402")) {
-    issues.push(...validateX402Config(config, env, options));
+  if (env.MPP_SECRET_KEY) {
+    if (env.MPP_CURRENCY === void 0) {
+      addIssue(
+        ctx,
+        { code: "missing_mpp_currency", ...mpp },
+        "MPP_CURRENCY is required when MPP is enabled \u2014 the Tempo currency address MPP charges in. Use TEMPO_USDC_ADDRESS for Tempo USDC.",
+        ["MPP_CURRENCY"]
+      );
+    }
+    if (env.TEMPO_RPC_URL === void 0) {
+      addIssue(
+        ctx,
+        { code: "missing_mpp_rpc_url", ...mpp },
+        "TEMPO_RPC_URL is required when MPP is enabled \u2014 authenticated Tempo JSON-RPC endpoint. Public rpc.tempo.xyz returns 401.",
+        ["TEMPO_RPC_URL"]
+      );
+    }
   }
-  if (protocols.includes("mpp")) {
-    issues.push(...validateMppConfig(config, env));
+  const collision = operatorAddressesCollide(env.MPP_OPERATOR_KEY, env.MPP_FEE_PAYER_KEY);
+  if (collision) {
+    addIssue(
+      ctx,
+      { code: "mpp_operator_equals_fee_payer", ...mpp },
+      `MPP_OPERATOR_KEY and MPP_FEE_PAYER_KEY resolve to the same address (${collision}). Tempo rejects fee-delegated txs with sender === feePayer. Use two distinct wallets, or unset MPP_FEE_PAYER_KEY to let clients pay their own gas.`,
+      ["MPP_FEE_PAYER_KEY"]
+    );
   }
-  return issues;
-}
-function formatRouterConfigIssues(issues) {
-  return issues.map((issue) => issue.message).join("\n");
-}
-function mppFromEnv(env, options = {}) {
-  const secretKey = env.MPP_SECRET_KEY;
-  const currency = env.MPP_CURRENCY;
-  const rpcUrl = env.TEMPO_RPC_URL;
-  const feePayerKey = options.feePayerKey ?? env.MPP_FEE_PAYER_KEY;
-  const feePayerKeySource = options.feePayerKey !== void 0 ? "feePayerKey" : "MPP_FEE_PAYER_KEY";
-  const hasAnyMppEnv = Boolean(secretKey || currency || rpcUrl || options.require);
-  if (!hasAnyMppEnv) return void 0;
-  const missing = [
-    secretKey ? null : "MPP_SECRET_KEY",
-    currency ? null : "MPP_CURRENCY",
-    rpcUrl ? null : "TEMPO_RPC_URL"
-  ].filter(Boolean);
-  if (missing.length > 0) {
-    throw new Error(`MPP env is incomplete. Missing: ${missing.join(", ")}`);
-  }
-  if (!isEvmAddress(currency)) {
-    throw new Error("MPP_CURRENCY must be a 0x-prefixed 20-byte Tempo currency address");
-  }
-  if (options.recipient && !isEvmAddress(options.recipient)) {
-    throw new Error("MPP recipient must be a 0x-prefixed EVM address");
-  }
-  if (feePayerKey && !isEvmPrivateKey(feePayerKey)) {
-    throw new Error(`${feePayerKeySource} must be a 0x-prefixed 32-byte EVM private key`);
+});
+function collectKvWarnings(env, kvStoreOptionProvided) {
+  if (kvStoreOptionProvided) return [];
+  const warn = (code, message) => ({
+    code,
+    severity: "warning",
+    message
+  });
+  if (env.KV_REST_API_URL && !env.KV_REST_API_TOKEN) {
+    return [
+      warn(
+        "kv_url_without_token",
+        "KV_REST_API_URL is set but KV_REST_API_TOKEN is missing \u2014 falling back to in-memory KV (unsafe in serverless production)."
+      )
+    ];
   }
-  return {
-    secretKey,
-    currency,
-    rpcUrl,
-    ...options.recipient ? { recipient: options.recipient } : {},
-    ...feePayerKey ? { feePayerKey } : {},
-    ...options.useDefaultStore !== void 0 ? { useDefaultStore: options.useDefaultStore } : {}
-  };
-}
-function x402AcceptsFromEnv(env, options = {}) {
-  const payeeEnv = options.payeeEnv ?? "X402_WALLET_ADDRESS";
-  const solanaPayeeEnv = options.solanaPayeeEnv ?? "SOLANA_PAYEE_ADDRESS";
-  const payeeAddress = options.payeeAddress ?? env[payeeEnv];
-  if (!payeeAddress) {
-    throw new Error(`${payeeEnv} is required to build x402 accepts`);
+  if (env.KV_REST_API_TOKEN && !env.KV_REST_API_URL) {
+    return [
+      warn(
+        "kv_token_without_url",
+        "KV_REST_API_TOKEN is set but KV_REST_API_URL is missing \u2014 falling back to in-memory KV (unsafe in serverless production)."
+      )
+    ];
   }
-  const accepts = [
+  if (env.KV_REST_API_URL && env.KV_REST_API_TOKEN && !isUrl(env.KV_REST_API_URL)) {
+    return [
+      warn(
+        "invalid_kv_url",
+        `KV_REST_API_URL is not a valid URL \u2014 KV calls will fail at request time. Got: ${env.KV_REST_API_URL}`
+      )
+    ];
+  }
+  if (!env.KV_REST_API_URL && !env.KV_REST_API_TOKEN && env.NODE_ENV === "production") {
+    return [
+      warn(
+        "missing_kv_in_production",
+        "No KV_REST_API_URL/KV_REST_API_TOKEN set in production \u2014 using the in-memory KV store. SIWX nonce, SIWX entitlement, and MPP replay state will be lost across instances. Configure Upstash/Vercel KV or pass a custom kvStore."
+      )
+    ];
+  }
+  return [];
+}
+function getConfiguredX402Accepts2(config) {
+  if (config.x402?.accepts?.length) return [...config.x402.accepts];
+  return [
     {
       scheme: "exact",
-      network: options.network ?? BASE_NETWORK,
-      payTo: payeeAddress
+      network: config.network ?? BASE_MAINNET_NETWORK,
+      payTo: config.payeeAddress
     }
   ];
-  const solanaPayeeAddress = options.solanaPayeeAddress ?? env[solanaPayeeEnv];
-  if (solanaPayeeAddress) {
-    accepts.push({
-      scheme: "exact",
-      network: SOLANA_MAINNET_NETWORK,
-      payTo: solanaPayeeAddress
-    });
-  }
-  return accepts;
-}
-function paidOptionsForProtocols(protocols) {
-  return { protocols: [...protocols] };
 }
 function validateX402Config(config, env, options) {
+  const accepts = getConfiguredX402Accepts2(config);
   const issues = [];
-  const accepts = getConfiguredX402Accepts(config);
+  const push = (code, message) => issues.push({ code, protocol: "x402", message });
   if (accepts.length === 0) {
-    issues.push({
-      code: "missing_x402_accepts",
-      protocol: "x402",
-      message: "x402 requires at least one accept configuration."
-    });
+    push("missing_x402_accepts", "x402 requires at least one accept configuration.");
     return issues;
   }
-  const acceptWithoutNetwork = accepts.find((accept) => !accept.network);
-  if (acceptWithoutNetwork) {
-    issues.push({
-      code: "missing_x402_network",
-      protocol: "x402",
-      message: "x402 accepts require a network."
-    });
+  if (accepts.some((a) => !a.network)) {
+    push("missing_x402_network", "x402 accepts require a network.");
   }
-  const unsupported = accepts.find(
-    (accept) => accept.network && !isSupportedX402Network(accept.network)
-  );
+  const unsupported = accepts.find((a) => a.network && !isX402Network(a.network));
   if (unsupported) {
-    issues.push({
-      code: "unsupported_x402_network",
-      protocol: "x402",
-      message: `unsupported x402 network '${unsupported.network}'. Use eip155:* or solana:*.`
-    });
+    push(
+      "unsupported_x402_network",
+      `unsupported x402 network '${unsupported.network}'. Use eip155:* or solana:*.`
+    );
   }
-  const missingAsset = accepts.find(
-    (accept) => (accept.scheme ?? "exact") !== "exact" && !accept.asset
-  );
-  if (missingAsset) {
-    issues.push({
-      code: "missing_x402_asset",
-      protocol: "x402",
-      message: "non-exact x402 accepts require an asset."
-    });
+  if (accepts.some((a) => (a.scheme ?? "exact") !== "exact" && !a.asset)) {
+    push("missing_x402_asset", "non-exact x402 accepts require an asset.");
   }
-  const invalidDecimals = accepts.find(
-    (accept) => accept.decimals !== void 0 && (!Number.isInteger(accept.decimals) || accept.decimals < 0)
-  );
-  if (invalidDecimals) {
-    issues.push({
-      code: "invalid_x402_decimals",
-      protocol: "x402",
-      message: "x402 accept decimals must be a non-negative integer."
-    });
+  if (accepts.some(
+    (a) => a.decimals !== void 0 && (!Number.isInteger(a.decimals) || a.decimals < 0)
+  )) {
+    push("invalid_x402_decimals", "x402 accept decimals must be a non-negative integer.");
   }
-  if (accepts.some((accept) => !accept.payTo) && !config.payeeAddress) {
-    issues.push({
-      code: "missing_x402_payee",
-      protocol: "x402",
-      message: "x402 requires payeeAddress in router config or payTo on every x402 accept."
-    });
+  if (!config.payeeAddress && accepts.some((a) => !a.payTo)) {
+    push(
+      "missing_x402_payee",
+      "x402 requires payeeAddress in router config or payTo on every x402 accept."
+    );
   }
-  const placeholder = findPlaceholderPayee([
+  const placeholder = [
     config.payeeAddress,
-    ...accepts.map((accept) => typeof accept.payTo === "string" ? accept.payTo : void 0)
-  ]);
+    ...accepts.map((a) => typeof a.payTo === "string" ? a.payTo : void 0)
+  ].find((v) => v !== void 0 && isPlaceholderEvm(v));
   if (placeholder) {
-    issues.push({
-      code: "placeholder_payee",
-      protocol: "x402",
-      message: `x402 payee '${placeholder}' is a placeholder address and cannot receive payments.`
-    });
+    push(
+      "placeholder_payee",
+      `x402 payee '${placeholder}' is a placeholder address and cannot receive payments.`
+    );
   }
-  if (options.requireCdpKeys !== false && usesDefaultEvmFacilitator(config)) {
-    const missing = [
-      env.CDP_API_KEY_ID ? null : "CDP_API_KEY_ID",
-      env.CDP_API_KEY_SECRET ? null : "CDP_API_KEY_SECRET"
-    ].filter(Boolean);
-    if (missing.length > 0) {
-      issues.push({
-        code: "missing_cdp_keys",
-        protocol: "x402",
-        message: `default EVM x402 facilitator requires ${missing.join(" and ")}.`
-      });
+  if (options.requireCdpKeys !== false) {
+    const hasEvm = accepts.some(
+      (a) => typeof a.network === "string" && a.network.startsWith("eip155:")
+    );
+    if (hasEvm) {
+      const missing = ["CDP_API_KEY_ID", "CDP_API_KEY_SECRET"].filter((k) => !env[k]);
+      if (missing.length > 0) {
+        push(
+          "missing_cdp_keys",
+          `x402 EVM facilitator (Coinbase) requires ${missing.join(" and ")}.`
+        );
+      }
     }
   }
   return issues;
 }
-function validateMppConfig(config, env) {
-  const issues = [];
-  const mpp = config.mpp;
-  if (!mpp) {
+function validateMppConfig(config) {
+  const m = config.mpp;
+  if (!m) {
     return [
       {
         code: "missing_mpp_config",
@@ -3236,98 +4191,343 @@ function validateMppConfig(config, env) {
       }
     ];
   }
-  if (!mpp.secretKey) {
-    issues.push({
-      code: "missing_mpp_secret_key",
-      protocol: "mpp",
-      message: "MPP requires secretKey. Set MPP_SECRET_KEY or pass mpp.secretKey."
-    });
+  const issues = [];
+  const push = (code, message) => issues.push({ code, protocol: "mpp", message });
+  if (!m.secretKey) {
+    push(
+      "missing_mpp_secret_key",
+      "MPP requires secretKey. Set MPP_SECRET_KEY or pass mpp.secretKey."
+    );
   }
-  if (!mpp.currency) {
-    issues.push({
-      code: "missing_mpp_currency",
-      protocol: "mpp",
-      message: "MPP requires currency. Set MPP_CURRENCY or pass mpp.currency."
-    });
-  } else if (!isEvmAddress(mpp.currency)) {
-    issues.push({
-      code: "invalid_mpp_currency",
-      protocol: "mpp",
-      message: "MPP currency must be a 0x-prefixed 20-byte Tempo currency address. Use TEMPO_USDC_CURRENCY for Tempo USDC."
+  if (!m.currency) {
+    push("missing_mpp_currency", "MPP requires currency. Set MPP_CURRENCY or pass mpp.currency.");
+  } else if (!isEvmAddress(m.currency)) {
+    push(
+      "invalid_mpp_currency",
+      "MPP currency must be a 0x-prefixed 20-byte Tempo currency address. Use TEMPO_USDC_ADDRESS for Tempo USDC."
+    );
+  }
+  const recipient = m.recipient ?? config.payeeAddress;
+  if (!recipient) {
+    push(
+      "missing_mpp_recipient",
+      "MPP requires a recipient address. Set mpp.recipient or payeeAddress in your router config."
+    );
+  } else if (!isEvmAddress(recipient)) {
+    push(
+      "invalid_mpp_recipient",
+      "MPP recipient must be a 0x-prefixed EVM address. Solana recipients require x402."
+    );
+  }
+  const placeholder = [m.recipient, config.payeeAddress].find(
+    (v) => typeof v === "string" && isPlaceholderEvm(v)
+  );
+  if (placeholder) {
+    push(
+      "placeholder_payee",
+      `MPP recipient '${placeholder}' is a placeholder address and cannot receive payments.`
+    );
+  }
+  if (!m.rpcUrl) {
+    push(
+      "missing_mpp_rpc_url",
+      "MPP requires an authenticated Tempo RPC URL. Set TEMPO_RPC_URL env var or pass rpcUrl in the mpp config object."
+    );
+  }
+  if (m.feePayerKey && !isEvmPrivateKey(m.feePayerKey)) {
+    push(
+      "invalid_mpp_fee_payer_key",
+      "MPP feePayerKey must be a 0x-prefixed 32-byte EVM private key."
+    );
+  }
+  if (m.operatorKey && !isEvmPrivateKey(m.operatorKey)) {
+    push(
+      "invalid_mpp_operator_key",
+      "MPP operatorKey must be a 0x-prefixed 32-byte EVM private key."
+    );
+  }
+  const collision = operatorAddressesCollide(m.operatorKey, m.feePayerKey);
+  if (collision) {
+    push(
+      "mpp_operator_equals_fee_payer",
+      `MPP operatorKey and feePayerKey resolve to the same address (${collision}). Tempo rejects fee-delegated txs with sender === feePayer, so channel close/settle would fail at runtime. Either use two distinct wallets, or omit feePayerKey to disable gas sponsorship (clients then pay their own gas).`
+    );
+  }
+  return issues;
+}
+function translateZodIssues(error) {
+  return error.issues.map((issue) => {
+    const params = issue.params;
+    if (!params?.code) {
+      throw new Error(
+        `[router] schema issue missing params.code (path=${issue.path.join(".")}, message=${issue.message}). Every refinement / addIssue call must set params.code.`
+      );
+    }
+    return {
+      code: params.code,
+      message: issue.message,
+      ...params.protocol ? { protocol: params.protocol } : {},
+      ...params.severity ? { severity: params.severity } : {}
+    };
+  });
+}
+function routerConfigFromEnv(options) {
+  const rawEnv = options.env ?? process.env;
+  const env = trimAll(rawEnv);
+  const optionIssues = [];
+  if (!options.title?.trim()) {
+    optionIssues.push({
+      code: "missing_discovery_title",
+      message: "discovery `title` is required. Pass a short product name."
     });
   }
-  const mppRecipient = mpp.recipient ?? config.payeeAddress;
-  if (!mppRecipient) {
-    issues.push({
-      code: "missing_mpp_recipient",
-      protocol: "mpp",
-      message: "MPP requires a recipient address. Set mpp.recipient or payeeAddress in your router config."
+  if (!options.description?.trim()) {
+    optionIssues.push({
+      code: "missing_discovery_description",
+      message: "discovery `description` is required. One sentence is enough."
     });
-  } else if (!isEvmAddress(mppRecipient)) {
-    issues.push({
-      code: "invalid_mpp_recipient",
-      protocol: "mpp",
-      message: "MPP recipient must be a 0x-prefixed EVM address. Solana recipients require x402."
+  }
+  if (options.guidance === void 0) {
+    optionIssues.push({
+      code: "missing_discovery_guidance",
+      message: "discovery `guidance` is required. Provide an empty string to opt out of `/llms.txt`."
     });
   }
-  const placeholder = findPlaceholderPayee([mpp.recipient, config.payeeAddress]);
-  if (placeholder) {
-    issues.push({
-      code: "placeholder_payee",
-      protocol: "mpp",
-      message: `MPP recipient '${placeholder}' is a placeholder address and cannot receive payments.`
+  if (options.serverUrl !== void 0 && !isUrl(options.serverUrl)) {
+    optionIssues.push({
+      code: "invalid_server_url",
+      message: `discovery \`serverUrl\` must be a valid URL. Got: ${options.serverUrl}`
     });
   }
-  if (!(mpp.rpcUrl ?? env.TEMPO_RPC_URL)) {
-    issues.push({
-      code: "missing_mpp_rpc_url",
-      protocol: "mpp",
-      message: "MPP requires an authenticated Tempo RPC URL. Set TEMPO_RPC_URL env var or pass rpcUrl in the mpp config object."
+  const parsed = EnvInputSchema.safeParse(env);
+  const envIssues = parsed.success ? [] : translateZodIssues(parsed.error);
+  const issues = [...envIssues, ...optionIssues];
+  if (issues.length > 0) throw new RouterConfigError(issues);
+  for (const warning of collectKvWarnings(env, options.kvStore !== void 0)) {
+    console.warn(`[router] ${warning.message}`);
+  }
+  const payeeAddress = canonicalizeEvm(env.EVM_PAYEE_ADDRESS);
+  const accepts = [
+    { scheme: "exact", network: BASE_MAINNET_NETWORK, payTo: payeeAddress },
+    {
+      scheme: "upto",
+      network: BASE_MAINNET_NETWORK,
+      payTo: payeeAddress,
+      asset: BASE_USDC_ADDRESS,
+      decimals: BASE_USDC_DECIMALS
+    }
+  ];
+  if (env.SOLANA_PAYEE_ADDRESS) {
+    accepts.push({
+      scheme: "exact",
+      network: SOLANA_MAINNET_NETWORK,
+      payTo: env.SOLANA_PAYEE_ADDRESS
     });
   }
-  if (mpp.feePayerKey && !isEvmPrivateKey(mpp.feePayerKey)) {
+  const configuredSolanaFacilitator = options.x402Facilitators?.solana;
+  const solanaFacilitator = typeof configuredSolanaFacilitator === "string" ? configuredSolanaFacilitator : configuredSolanaFacilitator ?? env.SOLANA_FACILITATOR_URL ?? DEFAULT_SOLANA_FACILITATOR_URL;
+  const mppEnabled = options.protocols?.includes("mpp") ?? Boolean(env.MPP_SECRET_KEY);
+  const protocols = options.protocols ? [...options.protocols] : mppEnabled ? ["x402", "mpp"] : ["x402"];
+  const mppConfig = mppEnabled ? {
+    secretKey: env.MPP_SECRET_KEY,
+    currency: canonicalizeEvm(env.MPP_CURRENCY),
+    rpcUrl: env.TEMPO_RPC_URL,
+    recipient: payeeAddress,
+    ...env.MPP_FEE_PAYER_KEY ? { feePayerKey: env.MPP_FEE_PAYER_KEY } : {},
+    ...env.MPP_OPERATOR_KEY ? { operatorKey: env.MPP_OPERATOR_KEY, session: {} } : {}
+  } : void 0;
+  return {
+    payeeAddress,
+    baseUrl: env.BASE_URL,
+    network: BASE_MAINNET_NETWORK,
+    protocols,
+    x402: {
+      accepts,
+      facilitators: {
+        ...options.x402Facilitators,
+        solana: solanaFacilitator
+      }
+    },
+    ...mppConfig ? { mpp: mppConfig } : {},
+    discovery: {
+      title: options.title,
+      version: options.version ?? "1.0.0",
+      description: options.description,
+      guidance: options.guidance,
+      ...options.contact ? { contact: options.contact } : {},
+      ...options.ownershipProofs ? { ownershipProofs: options.ownershipProofs } : {},
+      ...options.methodHints ? { methodHints: options.methodHints } : {},
+      ...options.serverUrl ? { serverUrl: options.serverUrl } : {}
+    },
+    ...options.prices ? { prices: options.prices } : {},
+    ...options.plugin ? { plugin: options.plugin } : {},
+    ...options.kvStore ? { kvStore: options.kvStore } : {},
+    strictRoutes: options.strictRoutes ?? false
+  };
+}
+function getRouterConfigIssues(config, options = {}) {
+  const env = options.env ?? {};
+  const protocols = config.protocols ?? ["x402"];
+  const issues = [];
+  if (!config.baseUrl) {
     issues.push({
-      code: "invalid_mpp_fee_payer_key",
-      protocol: "mpp",
-      message: "MPP feePayerKey must be a 0x-prefixed 32-byte EVM private key."
+      code: "missing_base_url",
+      message: '[router] baseUrl is required in RouterConfig. Set it to your production domain (e.g., "https://api.example.com"). The realm is used for payment matching and must be correct.'
     });
   }
-  if (mpp.useDefaultStore && !mpp.store && (!env.KV_REST_API_URL || !env.KV_REST_API_TOKEN)) {
+  if (config.protocols && config.protocols.length === 0) {
     issues.push({
-      code: "missing_mpp_default_store_env",
-      protocol: "mpp",
-      message: "mpp.useDefaultStore requires KV_REST_API_URL and KV_REST_API_TOKEN environment variables. These are automatically set by Vercel KV."
+      code: "empty_protocols",
+      message: "RouterConfig.protocols cannot be empty. Omit the field to use default ['x402'] or specify protocols explicitly."
     });
   }
+  if (protocols.includes("x402")) issues.push(...validateX402Config(config, env, options));
+  if (protocols.includes("mpp")) issues.push(...validateMppConfig(config));
   return issues;
 }
-function usesDefaultEvmFacilitator(config) {
-  return getConfiguredX402Networks(config).some(
-    (network) => typeof network === "string" && isEvmNetwork(network)
-  ) && config.x402?.facilitators?.evm === void 0;
-}
-function isSupportedX402Network(network) {
-  return isEvmNetwork(network) || isSolanaNetwork(network);
+// src/init/x402.ts
+async function initX402(config, configError) {
+  if (configError) return { initError: configError };
+  try {
+    const { createX402Server: createX402Server2 } = await Promise.resolve().then(() => (init_x402_server(), x402_server_exports));
+    const result = await createX402Server2(config);
+    await result.initPromise;
+    return {
+      server: result.server,
+      facilitatorsByNetwork: result.facilitatorsByNetwork
+    };
+  } catch (err) {
+    return { initError: err instanceof Error ? err.message : String(err) };
+  }
 }
-function isEvmAddress(value) {
-  return /^0x[a-fA-F0-9]{40}$/.test(value);
+// src/init/mppx.ts
+function getMppxRequestContext(args) {
+  const {
+    Mppx,
+    tempo,
+    mppConfig,
+    payeeAddress,
+    getClient,
+    feePayerAccount,
+    resolvedStore,
+    sessionEnabled,
+    sharedSessionParams,
+    realm
+  } = args;
+  const instance = Mppx.create({
+    methods: [
+      tempo.charge({
+        currency: mppConfig.currency,
+        recipient: mppConfig.recipient ?? payeeAddress,
+        getClient,
+        ...feePayerAccount ? { feePayer: feePayerAccount } : {},
+        ...resolvedStore ? { store: resolvedStore } : {}
+      }),
+      ...sessionEnabled ? [
+        tempo.session({
+          ...sharedSessionParams,
+          sse: false
+        })
+      ] : []
+    ],
+    secretKey: mppConfig.secretKey,
+    realm
+  });
+  return instance;
+}
+function getMppxStreamingContext(args) {
+  if (!args.sessionEnabled) return null;
+  const { Mppx, tempo, mppConfig, sharedSessionParams, realm } = args;
+  const instance = Mppx.create({
+    methods: [
+      tempo.session({
+        ...sharedSessionParams,
+        sse: true
+      })
+    ],
+    secretKey: mppConfig.secretKey,
+    realm
+  });
+  return instance;
 }
-function isEvmPrivateKey(value) {
-  return /^0x[a-fA-F0-9]{64}$/.test(value);
+// src/init/mpp.ts
+async function initMpp(config, resolvedBaseUrl, kvStore, configError) {
+  if (configError) return { initError: configError };
+  if (!config.mpp) return {};
+  try {
+    const { Mppx, tempo } = await import("mppx/server");
+    const { createClient, http } = await import("viem");
+    const { tempo: tempoChain } = await import("viem/chains");
+    const { privateKeyToAccount: privateKeyToAccount2 } = await import("viem/accounts");
+    const rpcUrl = config.mpp.rpcUrl ?? process.env.TEMPO_RPC_URL;
+    const tempoClient = createClient({ chain: tempoChain, transport: http(rpcUrl) });
+    const getClient = async () => tempoClient;
+    const operatorAccount = config.mpp.operatorKey ? privateKeyToAccount2(config.mpp.operatorKey) : void 0;
+    const feePayerAccount = config.mpp.feePayerKey ? privateKeyToAccount2(config.mpp.feePayerKey) : void 0;
+    if (config.mpp.session && operatorAccount) {
+      assertOperatorMatchesRecipient(config, operatorAccount.address);
+    }
+    const resolvedStore = kvStore ? await createKvMppStore(kvStore) : void 0;
+    const realm = new URL(resolvedBaseUrl).host;
+    const mppConfig = config.mpp;
+    const sessionEnabled = !!(mppConfig.session && operatorAccount);
+    const sharedSessionParams = {
+      currency: mppConfig.currency,
+      decimals: 6,
+      recipient: mppConfig.recipient ?? config.payeeAddress,
+      getClient,
+      ...operatorAccount ? { account: operatorAccount } : {},
+      ...feePayerAccount ? { feePayer: feePayerAccount } : {},
+      ...resolvedStore ? { store: resolvedStore } : {}
+    };
+    const mppxArgs = {
+      Mppx,
+      tempo,
+      mppConfig,
+      payeeAddress: config.payeeAddress ?? "",
+      getClient,
+      feePayerAccount,
+      resolvedStore,
+      sessionEnabled,
+      sharedSessionParams,
+      realm
+    };
+    const primary = getMppxRequestContext(mppxArgs);
+    const streaming = getMppxStreamingContext(mppxArgs);
+    const mppx = {
+      charge: primary.charge,
+      ...primary.session ? { sessionRequest: primary.session } : {},
+      ...streaming?.session ? { sessionStream: streaming.session } : {}
+    };
+    return { mppx, tempoClient };
+  } catch (err) {
+    return { initError: err instanceof Error ? err.message : String(err) };
+  }
 }
-function findPlaceholderPayee(values) {
-  return values.find((value) => value !== void 0 && /^0x0{40}$/i.test(value)) ?? null;
+function assertOperatorMatchesRecipient(config, operatorAddress) {
+  const recipient = (config.mpp?.recipient ?? config.payeeAddress)?.toLowerCase();
+  const opAddr = operatorAddress.toLowerCase();
+  if (recipient && opAddr !== recipient) {
+    throw new Error(
+      `MPP session config mismatch: operator address ${operatorAddress} must equal recipient/payee ${recipient}. mppx's channel-close handler asserts sender === payee. Set mpp.operatorKey to the private key for ${recipient}, or set mpp.recipient/payeeAddress to ${operatorAddress}.`
+    );
+  }
 }
 // src/index.ts
 init_constants();
 function createRouter(config) {
   const registry = new RouteRegistry();
-  const nonceStore = config.siwx?.nonceStore ?? new MemoryNonceStore();
-  const entitlementStore = config.siwx?.entitlementStore ?? new MemoryEntitlementStore();
-  const network = config.network ?? BASE_NETWORK;
+  const kvStore = resolveKvStore(config.kvStore);
+  const nonceStore = kvStore ? createKvNonceStore(kvStore) : new MemoryNonceStore();
+  const entitlementStore = kvStore ? createKvEntitlementStore(kvStore) : new MemoryEntitlementStore();
+  const network = config.network ?? BASE_MAINNET_NETWORK;
   const x402Accepts = getConfiguredX402Accepts(config);
   const configIssues = getRouterConfigIssues(config, {
+    env: process.env,
     requireCdpKeys: process.env.NODE_ENV === "production"
   });
   const baseUrlIssue = configIssues.find((issue) => issue.code === "missing_base_url");
@@ -3370,69 +4570,20 @@ function createRouter(config) {
     x402FacilitatorsByNetwork: void 0,
     x402Accepts,
     mppx: null,
-    tempoClient: null
+    tempoClient: null,
+    mppSessionConfig: config.mpp?.session ? { depositMultiplier: config.mpp.session.depositMultiplier ?? 10 } : null
   };
   deps.initPromise = (async () => {
-    if (x402ConfigError) {
-      deps.x402InitError = x402ConfigError;
-    } else {
-      try {
-        const { createX402Server: createX402Server2 } = await Promise.resolve().then(() => (init_server(), server_exports));
-        const result = await createX402Server2(config);
-        deps.x402Server = result.server;
-        deps.x402FacilitatorsByNetwork = result.facilitatorsByNetwork;
-        await result.initPromise;
-      } catch (err) {
-        deps.x402Server = null;
-        deps.x402InitError = err instanceof Error ? err.message : String(err);
-      }
-    }
-    if (mppConfigError) {
-      deps.mppInitError = mppConfigError;
-    } else if (config.mpp) {
-      try {
-        const { Mppx, tempo } = await import("mppx/server");
-        const rpcUrl = config.mpp.rpcUrl ?? process.env.TEMPO_RPC_URL;
-        const { createClient, http } = await import("viem");
-        const { tempo: tempoChain } = await import("viem/chains");
-        deps.tempoClient = createClient({ chain: tempoChain, transport: http(rpcUrl) });
-        const getClient = async () => deps.tempoClient;
-        let feePayerAccount;
-        if (config.mpp.feePayerKey) {
-          const { privateKeyToAccount } = await import("viem/accounts");
-          feePayerAccount = privateKeyToAccount(config.mpp.feePayerKey);
-        }
-        let resolvedStore = config.mpp.store;
-        if (!resolvedStore && config.mpp.useDefaultStore) {
-          const kvUrl = process.env.KV_REST_API_URL;
-          const kvToken = process.env.KV_REST_API_TOKEN;
-          if (!kvUrl || !kvToken) {
-            throw new Error(
-              "mpp.useDefaultStore requires KV_REST_API_URL and KV_REST_API_TOKEN environment variables. These are automatically set by Vercel KV."
-            );
-          }
-          const { Store } = await import("mppx");
-          const { createUpstashRest: createUpstashRest2 } = await Promise.resolve().then(() => (init_upstash_rest(), upstash_rest_exports));
-          resolvedStore = Store.upstash(createUpstashRest2(kvUrl, kvToken));
-        }
-        deps.mppx = Mppx.create({
-          methods: [
-            tempo.charge({
-              currency: config.mpp.currency,
-              recipient: config.mpp.recipient ?? config.payeeAddress,
-              getClient,
-              ...feePayerAccount ? { feePayer: feePayerAccount } : {},
-              ...resolvedStore ? { store: resolvedStore } : {}
-            })
-          ],
-          secretKey: config.mpp.secretKey,
-          realm: new URL(resolvedBaseUrl).host
-        });
-      } catch (err) {
-        deps.mppx = null;
-        deps.mppInitError = err instanceof Error ? err.message : String(err);
-        console.error(`[router] MPP initialization failed: ${deps.mppInitError}`);
-      }
+    const x402Result = await initX402(config, x402ConfigError);
+    deps.x402Server = x402Result.server ?? null;
+    deps.x402FacilitatorsByNetwork = x402Result.facilitatorsByNetwork;
+    if (x402Result.initError) deps.x402InitError = x402Result.initError;
+    const mppResult = await initMpp(config, resolvedBaseUrl, kvStore, mppConfigError);
+    deps.mppx = mppResult.mppx ?? null;
+    deps.tempoClient = mppResult.tempoClient ?? null;
+    if (mppResult.initError) {
+      deps.mppInitError = mppResult.initError;
+      console.error(`[router] MPP initialization failed: ${mppResult.initError}`);
     }
   })();
   const pricesKeys = config.prices ? Object.keys(config.prices) : void 0;
@@ -3499,27 +4650,21 @@ function normalizePath(path) {
   normalized = normalized.replace(/^api\/+/, "");
   return normalized.replace(/\/+$/, "");
 }
+function createRouterFromEnv(options) {
+  return createRouter(routerConfigFromEnv(options));
+}
 export {
-  BASE_NETWORK,
+  BASE_MAINNET_NETWORK,
+  BASE_USDC_ADDRESS,
+  BASE_USDC_DECIMALS,
+  DEFAULT_SOLANA_FACILITATOR_URL,
   HttpError,
-  MemoryEntitlementStore,
-  MemoryNonceStore,
-  RouteBuilder,
-  RouteRegistry,
   RouterConfigError,
-  SIWX_CHALLENGE_EXPIRY_MS,
-  SIWX_ERROR_MESSAGES,
   SOLANA_MAINNET_NETWORK,
-  TEMPO_USDC_CURRENCY,
+  TEMPO_USDC_ADDRESS,
+  TEMPO_USDC_DECIMALS,
   ZERO_EVM_ADDRESS,
-  consolePlugin,
-  createRedisEntitlementStore,
-  createRedisNonceStore,
   createRouter,
-  formatRouterConfigIssues,
-  getRouterConfigIssues,
-  mppFromEnv,
-  paidOptionsForProtocols,
-  validateRouterConfig,
-  x402AcceptsFromEnv
+  createRouterFromEnv,
+  routerConfigFromEnv
 };