@agentcash/router 1.6.0 → 1.7.0

package/dist/index.js

@@ -9,14 +9,18 @@ var __export = (target, all) => {
 };
 
 // src/constants.ts
-var BASE_NETWORK, SOLANA_MAINNET_NETWORK, TEMPO_USDC_CURRENCY, ZERO_EVM_ADDRESS;
+var BASE_MAINNET_NETWORK, SOLANA_MAINNET_NETWORK, TEMPO_USDC_ADDRESS, TEMPO_USDC_DECIMALS, BASE_USDC_ADDRESS, BASE_USDC_DECIMALS, ZERO_EVM_ADDRESS, DEFAULT_SOLANA_FACILITATOR_URL;
 var init_constants = __esm({
   "src/constants.ts"() {
     "use strict";
-    BASE_NETWORK = "eip155:8453";
+    BASE_MAINNET_NETWORK = "eip155:8453";
     SOLANA_MAINNET_NETWORK = "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp";
-    TEMPO_USDC_CURRENCY = "0x20c000000000000000000000b9537d11c60e8b50";
+    TEMPO_USDC_ADDRESS = "0x20c000000000000000000000b9537d11c60e8b50";
+    TEMPO_USDC_DECIMALS = 6;
+    BASE_USDC_ADDRESS = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
+    BASE_USDC_DECIMALS = 6;
     ZERO_EVM_ADDRESS = "0x0000000000000000000000000000000000000000";
+    DEFAULT_SOLANA_FACILITATOR_URL = "https://facilitator.corbits.dev";
   }
 });
 
@@ -33,7 +37,7 @@ function getConfiguredX402Accepts(config) {
   return [
     {
       scheme: "exact",
-      network: config.network ?? BASE_NETWORK,
+      network: config.network ?? BASE_MAINNET_NETWORK,
       payTo: config.payeeAddress
     }
   ];
@@ -213,7 +217,10 @@ async function getAcceptsHeadersForFacilitator(facilitator) {
   return {};
 }
 function resolveX402FacilitatorTarget(config, network, defaultEvmFacilitator) {
-  return (isSolanaNetwork(network) ? config.x402?.facilitators?.solana : void 0) ?? (isEvmNetwork(network) ? config.x402?.facilitators?.evm : void 0) ?? (isSolanaNetwork(network) ? DEFAULT_SOLANA_FACILITATOR_URL : defaultEvmFacilitator);
+  if (isSolanaNetwork(network)) {
+    return config.x402?.facilitators?.solana ?? DEFAULT_SOLANA_FACILITATOR_URL;
+  }
+  return defaultEvmFacilitator;
 }
 function normalizeFacilitatorTarget(target) {
   return typeof target === "string" ? { url: target } : target;
@@ -226,19 +233,18 @@ function getNetworkFamily(network) {
 function sameFacilitatorConfig(a, b) {
   return a.url === b.url && a.createAuthHeaders === b.createAuthHeaders && a.createAcceptsHeaders === b.createAcceptsHeaders;
 }
-var DEFAULT_SOLANA_FACILITATOR_URL;
 var init_facilitators = __esm({
   "src/protocols/x402/facilitators.ts"() {
     "use strict";
     init_evm();
     init_solana();
-    DEFAULT_SOLANA_FACILITATOR_URL = "https://facilitator.corbits.dev";
+    init_constants();
   }
 });
 
-// src/server.ts
-var server_exports = {};
-__export(server_exports, {
+// src/init/x402-server.ts
+var x402_server_exports = {};
+__export(x402_server_exports, {
   createX402Server: () => createX402Server
 });
 async function createX402Server(config) {
@@ -315,8 +321,8 @@ function buildSupportedKinds(group) {
     return [exactKind, uptoKind];
   });
 }
-var init_server = __esm({
-  "src/server.ts"() {
+var init_x402_server = __esm({
+  "src/init/x402-server.ts"() {
     "use strict";
     init_evm();
     init_solana();
@@ -389,7 +395,7 @@ var AUTH_SCHEME = {
   MPP_PAYMENT: "Payment "
 };
 
-// src/plugin.ts
+// src/plugin/index.ts
 function createDefaultContext(meta) {
   const ctx = {
     requestId: meta.requestId,
@@ -425,46 +431,8 @@ function firePluginHook(plugin, method, ...args) {
     return void 0;
   }
 }
-function consolePlugin() {
-  return {
-    onRequest(meta) {
-      const ctx = createDefaultContext(meta);
-      return ctx;
-    },
-    onAuthVerified(_ctx, auth) {
-      const wallet = auth.wallet ? ` wallet=${auth.wallet}` : "";
-      console.log(`[router] AUTH ${auth.authMode} ${auth.route}${wallet}`);
-    },
-    onPaymentVerified(_ctx, payment) {
-      console.log(`[router] VERIFIED ${payment.protocol} ${payment.payer} ${payment.amount}`);
-    },
-    onPaymentSettled(_ctx, settlement) {
-      console.log(`[router] SETTLED ${settlement.protocol} tx=${settlement.transaction}`);
-    },
-    onResponse(ctx, response) {
-      const wallet = ctx.verifiedWallet ? ` wallet=${ctx.verifiedWallet}` : "";
-      console.log(
-        `[router] ${ctx.route} \u2192 ${response.statusCode} (${response.duration}ms)${wallet}`
-      );
-    },
-    onError(_ctx, error) {
-      console.error(`[router] ERROR ${error.status}: ${error.message}`);
-    },
-    onAlert(_ctx, alert) {
-      const logFn = alert.level === "critical" || alert.level === "error" ? console.error : alert.level === "warn" ? console.warn : console.log;
-      logFn(
-        `[router] ${alert.level.toUpperCase()} ${alert.route}: ${alert.message}`,
-        alert.meta ?? ""
-      );
-    },
-    onProviderQuota(_ctx, event) {
-      const logFn = event.level === "critical" ? console.error : event.level === "warn" ? console.warn : console.log;
-      logFn(`[router] QUOTA ${event.level.toUpperCase()} ${event.provider}: ${event.message}`);
-    }
-  };
-}
 
-// src/alert.ts
+// src/plugin/reporter.ts
 function createReporter(plugin, pluginCtx, route) {
   return (level, message, meta) => {
     firePluginHook(plugin, "onAlert", pluginCtx, {
@@ -476,7 +444,7 @@ function createReporter(plugin, pluginCtx, route) {
   };
 }
 
-// src/pipeline/context/preflight.ts
+// src/pipeline/steps/preflight.ts
 function preflight(routeEntry, handler, deps, request) {
   const meta = buildMeta(request, routeEntry);
   const pluginCtx = firePluginHook(deps.plugin, "onRequest", meta) ?? createDefaultContext(meta);
@@ -506,10 +474,10 @@ function buildMeta(request, routeEntry) {
   };
 }
 
-// src/pipeline/context/parse-body.ts
+// src/pipeline/steps/parse-body.ts
 import { NextResponse } from "next/server";
 
-// src/body.ts
+// src/pipeline/body.ts
 async function bufferBody(request) {
   const text = await request.text();
   if (!text) return void 0;
@@ -533,7 +501,19 @@ function validateBody(parsed, schema) {
   };
 }
 
-// src/pipeline/context/fire-plugin-response.ts
+// src/plugin/events.ts
+function fireAuthVerified(ctx, event) {
+  firePluginHook(ctx.deps.plugin, "onAuthVerified", ctx.pluginCtx, {
+    ...event,
+    route: ctx.routeEntry.key
+  });
+}
+function firePaymentVerified(ctx, event) {
+  firePluginHook(ctx.deps.plugin, "onPaymentVerified", ctx.pluginCtx, event);
+}
+function firePaymentSettled(ctx, event) {
+  firePluginHook(ctx.deps.plugin, "onPaymentSettled", ctx.pluginCtx, event);
+}
 function firePluginResponse(ctx, response, requestBody, responseBody) {
   firePluginHook(ctx.deps.plugin, "onResponse", ctx.pluginCtx, {
     statusCode: response.status,
@@ -552,8 +532,37 @@ function firePluginResponse(ctx, response, requestBody, responseBody) {
     });
   }
 }
+function fireProviderQuota(ctx, response, handlerResult) {
+  const { providerName, providerConfig } = ctx.routeEntry;
+  if (!providerName || !providerConfig?.extractQuota) return;
+  if (response.status >= 400) return;
+  try {
+    const quota = providerConfig.extractQuota(handlerResult, response.headers);
+    if (!quota) return;
+    const level = computeQuotaLevel(quota.remaining, providerConfig.warn, providerConfig.critical);
+    const overage = providerConfig.overage ?? "same-rate";
+    const event = {
+      provider: providerName,
+      route: ctx.routeEntry.key,
+      remaining: quota.remaining,
+      limit: quota.limit,
+      spend: quota.spend,
+      level,
+      overage,
+      message: quota.remaining !== null ? `${providerName}: ${quota.remaining}${quota.limit ? `/${quota.limit}` : ""} remaining` : `${providerName}: quota info unavailable`
+    };
+    firePluginHook(ctx.deps.plugin, "onProviderQuota", ctx.pluginCtx, event);
+  } catch {
+  }
+}
+function computeQuotaLevel(remaining, warn, critical) {
+  if (remaining === null) return "healthy";
+  if (critical !== void 0 && remaining <= critical) return "critical";
+  if (warn !== void 0 && remaining <= warn) return "warn";
+  return "healthy";
+}
 
-// src/pipeline/context/parse-body.ts
+// src/pipeline/steps/parse-body.ts
 async function parseBody(ctx, request = ctx.request) {
   if (!ctx.routeEntry.bodySchema) return { ok: true, data: void 0 };
   const raw = await bufferBody(request);
@@ -567,15 +576,7 @@ async function parseBody(ctx, request = ctx.request) {
   return { ok: false, response };
 }
 
-// src/pipeline/context/parse-query.ts
-function parseQuery(request, routeEntry) {
-  if (!routeEntry.querySchema) return void 0;
-  const params = Object.fromEntries(request.nextUrl.searchParams.entries());
-  const result = routeEntry.querySchema.safeParse(params);
-  return result.success ? result.data : params;
-}
-
-// src/pipeline/context/errors.ts
+// src/pipeline/steps/errors.ts
 function errorStatus(error, fallback) {
   const status = error?.status;
   return typeof status === "number" ? status : fallback;
@@ -588,7 +589,7 @@ function handlerFailureError(response) {
   return Object.assign(new Error(message), { status: response.status });
 }
 
-// src/pipeline/context/fail.ts
+// src/pipeline/steps/fail.ts
 import { NextResponse as NextResponse2 } from "next/server";
 function fail(ctx, status, message, requestBody) {
   const response = NextResponse2.json({ success: false, error: message }, { status });
@@ -596,7 +597,7 @@ function fail(ctx, status, message, requestBody) {
   return response;
 }
 
-// src/pipeline/context/run-validate.ts
+// src/pipeline/steps/run-validate.ts
 async function runValidate(ctx, body) {
   if (!ctx.routeEntry.validateFn) return null;
   try {
@@ -619,6 +620,14 @@ var HttpError = class extends Error {
   }
 };
 
+// src/pipeline/steps/parse-query.ts
+function parseQuery(request, routeEntry) {
+  if (!routeEntry.querySchema) return void 0;
+  const params = Object.fromEntries(request.nextUrl.searchParams.entries());
+  const result = routeEntry.querySchema.safeParse(params);
+  return result.success ? result.data : params;
+}
+
 // src/pipeline/flows/static/static-invoke.ts
 function invokePaidStatic(ctx, wallet, account, body, payment) {
   return runHandler(ctx, buildHandlerCtx(ctx, wallet, account, body, payment));
@@ -636,14 +645,7 @@ function buildHandlerCtx(ctx, wallet, account, body, payment) {
     wallet,
     payment,
     account,
-    alert(level, message, alertMeta) {
-      firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-        level,
-        message,
-        route: ctx.routeEntry.key,
-        meta: alertMeta
-      });
-    },
+    alert: ctx.report,
     setVerifiedWallet: (addr) => ctx.pluginCtx.setVerifiedWallet(addr)
   };
 }
@@ -687,45 +689,14 @@ function isThenable(value) {
   return value != null && (typeof value === "object" || typeof value === "function") && typeof value.then === "function";
 }
 
-// src/pipeline/context/fire-provider-quota.ts
-function fireProviderQuota(ctx, response, handlerResult) {
-  const { providerName, providerConfig } = ctx.routeEntry;
-  if (!providerName || !providerConfig?.extractQuota) return;
-  if (response.status >= 400) return;
-  try {
-    const quota = providerConfig.extractQuota(handlerResult, response.headers);
-    if (!quota) return;
-    const level = computeQuotaLevel(quota.remaining, providerConfig.warn, providerConfig.critical);
-    const overage = providerConfig.overage ?? "same-rate";
-    const event = {
-      provider: providerName,
-      route: ctx.routeEntry.key,
-      remaining: quota.remaining,
-      limit: quota.limit,
-      spend: quota.spend,
-      level,
-      overage,
-      message: quota.remaining !== null ? `${providerName}: ${quota.remaining}${quota.limit ? `/${quota.limit}` : ""} remaining` : `${providerName}: quota info unavailable`
-    };
-    firePluginHook(ctx.deps.plugin, "onProviderQuota", ctx.pluginCtx, event);
-  } catch {
-  }
-}
-function computeQuotaLevel(remaining, warn, critical) {
-  if (remaining === null) return "healthy";
-  if (critical !== void 0 && remaining <= critical) return "critical";
-  if (warn !== void 0 && remaining <= warn) return "warn";
-  return "healthy";
-}
-
-// src/pipeline/context/finalize/response.ts
+// src/pipeline/steps/finalize/response.ts
 function finalize(ctx, response, rawResult, requestBody) {
   fireProviderQuota(ctx, response, rawResult);
   firePluginResponse(ctx, response, requestBody, rawResult);
   return response;
 }
 
-// src/pipeline/context/grant-entitlement.ts
+// src/pipeline/steps/grant-entitlement.ts
 async function grantEntitlementIfSiwx(ctx, wallet) {
   if (!ctx.routeEntry.siwxEnabled) return;
   try {
@@ -738,7 +709,7 @@ async function grantEntitlementIfSiwx(ctx, wallet) {
   }
 }
 
-// src/pipeline/context/settlement-context.ts
+// src/pipeline/steps/settlement-context.ts
 function settlementContext(ctx, scope) {
   return {
     route: ctx.routeEntry.key,
@@ -752,7 +723,7 @@ function settlementContext(ctx, scope) {
   };
 }
 
-// src/pipeline/context/run-settlement-error.ts
+// src/pipeline/steps/run-settlement-error.ts
 async function runSettlementError(ctx, scope, error, phase) {
   const hook = ctx.routeEntry.settlement?.onSettlementError;
   if (!hook) return;
@@ -764,7 +735,7 @@ async function runSettlementError(ctx, scope, error, phase) {
   }
 }
 
-// src/pipeline/context/run-after-settle.ts
+// src/pipeline/steps/run-after-settle.ts
 async function runAfterSettle(ctx, scope) {
   const hook = ctx.routeEntry.settlement?.afterSettle;
   if (!hook) return;
@@ -777,11 +748,11 @@ async function runAfterSettle(ctx, scope) {
   }
 }
 
-// src/pipeline/context/finalize/epilogue.ts
+// src/pipeline/steps/finalize/epilogue.ts
 async function runPostSettleEpilogue(args) {
   const { ctx, strategy, wallet, settle, afterSettleScope, rawResult, body } = args;
   await grantEntitlementIfSiwx(ctx, wallet);
-  firePluginHook(ctx.deps.plugin, "onPaymentSettled", ctx.pluginCtx, {
+  firePaymentSettled(ctx, {
     protocol: strategy.protocol,
     payer: wallet,
     transaction: settle.settledPayment.transaction ?? "",
@@ -791,7 +762,7 @@ async function runPostSettleEpilogue(args) {
   return finalize(ctx, settle.response, rawResult, body);
 }
 
-// src/pipeline/context/finalize/request.ts
+// src/pipeline/steps/finalize/request.ts
 async function settleAndFinalizeRequest(args) {
   const { ctx, strategy, verifyOutcome, scope, rawResult, body, billedAmount, onSettleError } = args;
   const { request, routeEntry, deps, report } = ctx;
@@ -824,7 +795,7 @@ async function settleAndFinalizeRequest(args) {
   });
 }
 
-// src/pipeline/context/finalize/stream.ts
+// src/pipeline/steps/finalize/stream.ts
 async function settleAndFinalizeStream(args) {
   const { ctx, strategy, verifyOutcome, source, account, body, bindChannelCharge } = args;
   const { request, routeEntry, deps, report } = ctx;
@@ -862,7 +833,7 @@ async function settleAndFinalizeStream(args) {
   });
 }
 
-// src/pipeline/context/run-handler-only.ts
+// src/pipeline/steps/run-handler-only.ts
 async function runHandlerOnly(ctx, wallet, account) {
   const body = await parseBody(ctx);
   if (!body.ok) return body.response;
@@ -872,7 +843,7 @@ async function runHandlerOnly(ctx, wallet, account) {
   return finalize(ctx, result.response, result.rawResult, body.data);
 }
 
-// src/pipeline/context/run-before-settle.ts
+// src/pipeline/steps/run-before-settle.ts
 async function runBeforeSettle(ctx, scope) {
   const hook = ctx.routeEntry.settlement?.beforeSettle;
   if (!hook) return null;
@@ -889,7 +860,7 @@ async function runBeforeSettle(ctx, scope) {
   }
 }
 
-// src/pipeline/context/run-settled-handler-error.ts
+// src/pipeline/steps/run-settled-handler-error.ts
 async function runSettledHandlerError(ctx, scope, error = scope.handlerError ?? handlerFailureError(scope.response)) {
   const hook = ctx.routeEntry.settlement?.onSettledHandlerError;
   if (!hook) return;
@@ -963,7 +934,7 @@ async function buildSIWXExtension() {
   return declareSIWxExtension();
 }
 
-// src/pipeline/context/try-siwx-fast-path.ts
+// src/pipeline/steps/try-siwx-fast-path.ts
 async function trySiwxFastPath(ctx, account) {
   const { request, routeEntry, deps } = ctx;
   if (!routeEntry.siwxEnabled) return null;
@@ -975,22 +946,18 @@ async function trySiwxFastPath(ctx, account) {
   ctx.pluginCtx.setVerifiedWallet(wallet);
   const entitled = await deps.entitlementStore.has(routeEntry.key, wallet);
   if (!entitled) return null;
-  firePluginHook(deps.plugin, "onAuthVerified", ctx.pluginCtx, {
-    authMode: "siwx",
-    wallet,
-    route: routeEntry.key
-  });
+  fireAuthVerified(ctx, { authMode: "siwx", wallet });
   return runHandlerOnly(ctx, wallet, account);
 }
 
-// src/pipeline/context/should-parse-body-early.ts
+// src/pipeline/steps/should-parse-body-early.ts
 function shouldParseBodyEarly(incomingStrategy, routeEntry, pricing) {
   if (incomingStrategy) return false;
   if (!routeEntry.bodySchema) return false;
   return (pricing?.needsBody ?? false) || !!routeEntry.validateFn;
 }
 
-// src/pipeline/context/resolve-early-body.ts
+// src/pipeline/steps/resolve-early-body.ts
 async function resolveEarlyBody(args) {
   const { ctx, pricing, incomingStrategy } = args;
   if (!shouldParseBodyEarly(incomingStrategy, ctx.routeEntry, pricing)) {
@@ -1022,24 +989,19 @@ function extractBearerToken(header) {
   return null;
 }
 
-// src/pipeline/context/run-api-key-gate.ts
+// src/pipeline/steps/run-api-key-gate.ts
 async function runApiKeyGate(ctx) {
-  const { request, routeEntry, deps } = ctx;
+  const { request, routeEntry } = ctx;
   if (!routeEntry.apiKeyResolver) return { ok: true, account: void 0 };
   const apiKeyResult = await verifyApiKey(request, routeEntry.apiKeyResolver);
   if (!apiKeyResult.valid) {
     return { ok: false, response: fail(ctx, 401, "Invalid or missing API key") };
   }
-  firePluginHook(deps.plugin, "onAuthVerified", ctx.pluginCtx, {
-    authMode: "apiKey",
-    wallet: null,
-    route: routeEntry.key,
-    account: apiKeyResult.account
-  });
+  fireAuthVerified(ctx, { authMode: "apiKey", wallet: null, account: apiKeyResult.account });
   return { ok: true, account: apiKeyResult.account };
 }
 
-// src/pipeline/context/protocol-init-error.ts
+// src/pipeline/steps/protocol-init-error.ts
 function protocolInitError(routeEntry, deps) {
   if (!routeEntry.pricing) return null;
   const errors = [];
@@ -1062,12 +1024,7 @@ async function runApiKeyOnlyFlow(ctx) {
   }
   const result = await verifyApiKey(ctx.request, ctx.routeEntry.apiKeyResolver);
   if (!result.valid) return fail(ctx, 401, "Invalid or missing API key");
-  firePluginHook(ctx.deps.plugin, "onAuthVerified", ctx.pluginCtx, {
-    authMode: "apiKey",
-    wallet: null,
-    route: ctx.routeEntry.key,
-    account: result.account
-  });
+  fireAuthVerified(ctx, { authMode: "apiKey", wallet: null, account: result.account });
   return runHandlerOnly(ctx, null, result.account);
 }
 
@@ -2157,21 +2114,6 @@ function reportSettleFailure(report, err, network) {
   });
 }
 
-// src/protocols/detect.ts
-function detectProtocol(request) {
-  if (request.headers.get(HEADERS.X402_PAYMENT_SIGNATURE) ?? request.headers.get(HEADERS.X402_PAYMENT_LEGACY)) {
-    return "x402";
-  }
-  const auth = request.headers.get(HEADERS.AUTHORIZATION);
-  if (auth && auth.startsWith(AUTH_SCHEME.MPP_PAYMENT)) {
-    return "mpp";
-  }
-  if (request.headers.get(HEADERS.SIWX)) {
-    return "siwx";
-  }
-  return null;
-}
-
 // src/protocols/index.ts
 var STRATEGIES = {
   x402: x402Strategy,
@@ -2196,9 +2138,9 @@ async function buildChallengeExtensions(ctx) {
   const { routeEntry } = ctx;
   let extensions;
   try {
-    const { z } = await import("zod");
+    const { z: z2 } = await import("zod");
     const { declareDiscoveryExtension } = await import("@x402/extensions/bazaar");
-    const toJSON = (schema) => z.toJSONSchema(schema, {
+    const toJSON = (schema) => z2.toJSONSchema(schema, {
       target: "draft-2020-12",
       unrepresentable: "any"
     });
@@ -2219,11 +2161,10 @@ async function buildChallengeExtensions(ctx) {
       extensions = declareDiscoveryExtension(config);
     }
   } catch (err) {
-    firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-      level: "warn",
-      message: `Bazaar schema generation failed: ${err instanceof Error ? err.message : String(err)}`,
-      route: routeEntry.key
-    });
+    ctx.report(
+      "warn",
+      `Bazaar schema generation failed: ${err instanceof Error ? err.message : String(err)}`
+    );
   }
   if (routeEntry.siwxEnabled) {
     try {
@@ -2357,7 +2298,7 @@ async function runDynamicChannelMgmtFlow(args) {
     return build402(ctx, pricing, parsedBody, verifyOutcome.failure);
   }
   ctx.pluginCtx.setVerifiedWallet(verifyOutcome.wallet);
-  firePluginHook(deps.plugin, "onPaymentVerified", ctx.pluginCtx, {
+  firePaymentVerified(ctx, {
     protocol: strategy.protocol,
     payer: verifyOutcome.wallet,
     amount: price,
@@ -2465,14 +2406,7 @@ async function invokeDynamic(ctx, wallet, account, body, payment) {
     wallet,
     payment,
     account,
-    alert(level, message, alertMeta) {
-      firePluginHook(ctx.deps.plugin, "onAlert", ctx.pluginCtx, {
-        level,
-        message,
-        route: ctx.routeEntry.key,
-        meta: alertMeta
-      });
-    },
+    alert: ctx.report,
     setVerifiedWallet: (addr) => ctx.pluginCtx.setVerifiedWallet(addr)
   };
   const handlerCtx = chargeContext !== null ? { ...baseHandlerCtx, charge: chargeContext.charge } : baseHandlerCtx;
@@ -2537,7 +2471,7 @@ function resolveDynamicPreflight(strategy, request, routeEntry) {
 // src/pipeline/flows/dynamic/dynamic-request.ts
 async function runDynamicRequestFlow(args) {
   const { ctx, strategy, verifyOutcome, account, body, result } = args;
-  const { deps, routeEntry } = ctx;
+  const { routeEntry } = ctx;
   const settleScope = {
     wallet: verifyOutcome.wallet,
     account,
@@ -2563,11 +2497,10 @@ async function runDynamicRequestFlow(args) {
     billedAmount,
     onSettleError: async (error, failMessage) => {
       await runSettlementError(ctx, settleScope, error, "settle");
-      firePluginHook(deps.plugin, "onAlert", ctx.pluginCtx, {
-        level: "critical",
-        message: `${strategy.protocol} ${failMessage}: ${errorMessage(error, "unknown")}`,
-        route: routeEntry.key
-      });
+      ctx.report(
+        "critical",
+        `${strategy.protocol} ${failMessage}: ${errorMessage(error, "unknown")}`
+      );
     }
   });
 }
@@ -2637,7 +2570,7 @@ async function runDynamicPaidFlow(ctx) {
     return build402(ctx, pricing, parsedBody, verifyOutcome.failure);
   }
   ctx.pluginCtx.setVerifiedWallet(verifyOutcome.wallet);
-  firePluginHook(deps.plugin, "onPaymentVerified", ctx.pluginCtx, {
+  firePaymentVerified(ctx, {
     protocol: incomingStrategy.protocol,
     payer: verifyOutcome.wallet,
     amount: price,
@@ -2703,7 +2636,6 @@ async function resolveStaticBodyAndPrice(args) {
 // src/pipeline/flows/static/static-request.ts
 async function runStaticRequestFlow(args) {
   const { ctx, strategy, verifyOutcome, account, body, price, result } = args;
-  const { deps, routeEntry } = ctx;
   const settleScope = {
     wallet: verifyOutcome.wallet,
     account,
@@ -2744,11 +2676,10 @@ async function runStaticRequestFlow(args) {
     billedAmount: price,
     onSettleError: async (error, failMessage) => {
       await runSettlementError(ctx, settleScope, error, "settle");
-      firePluginHook(deps.plugin, "onAlert", ctx.pluginCtx, {
-        level: "critical",
-        message: `${strategy.protocol} ${failMessage}: ${errorMessage(error, "unknown")}`,
-        route: routeEntry.key
-      });
+      ctx.report(
+        "critical",
+        `${strategy.protocol} ${failMessage}: ${errorMessage(error, "unknown")}`
+      );
     }
   });
 }
@@ -2794,7 +2725,7 @@ async function runStaticPaidFlow(ctx) {
     return build402(ctx, pricing, parsedBody, verifyOutcome.failure);
   }
   ctx.pluginCtx.setVerifiedWallet(verifyOutcome.wallet);
-  firePluginHook(deps.plugin, "onPaymentVerified", ctx.pluginCtx, {
+  firePaymentVerified(ctx, {
     protocol: incomingStrategy.protocol,
     payer: verifyOutcome.wallet,
     amount: price,
@@ -2978,6 +2909,21 @@ async function createKvMppStore(kv, options) {
   });
 }
 
+// src/protocols/detect.ts
+function detectProtocol(request) {
+  if (request.headers.get(HEADERS.X402_PAYMENT_SIGNATURE) ?? request.headers.get(HEADERS.X402_PAYMENT_LEGACY)) {
+    return "x402";
+  }
+  const auth = request.headers.get(HEADERS.AUTHORIZATION);
+  if (auth && auth.startsWith(AUTH_SCHEME.MPP_PAYMENT)) {
+    return "mpp";
+  }
+  if (request.headers.get(HEADERS.SIWX)) {
+    return "siwx";
+  }
+  return null;
+}
+
 // src/protocols/mpp/siwx-mode.ts
 import { Credential as Credential2 } from "mppx";
 async function verifyMppSiwx(request, mppx) {
@@ -3017,11 +2963,7 @@ async function runSiwxOnlyFlow(ctx) {
     }
     if (mppSiwxResult.valid) {
       ctx.pluginCtx.setVerifiedWallet(mppSiwxResult.wallet);
-      firePluginHook(deps.plugin, "onAuthVerified", ctx.pluginCtx, {
-        authMode: "siwx",
-        wallet: mppSiwxResult.wallet,
-        route: routeEntry.key
-      });
+      fireAuthVerified(ctx, { authMode: "siwx", wallet: mppSiwxResult.wallet });
       const authResponse = await runHandlerOnly(ctx, mppSiwxResult.wallet, void 0);
       if (authResponse.status < 400) {
         return mppSiwxResult.withReceipt(authResponse);
@@ -3043,11 +2985,7 @@ async function runSiwxOnlyFlow(ctx) {
   }
   const wallet = normalizeWalletAddress(siwx.wallet);
   ctx.pluginCtx.setVerifiedWallet(wallet);
-  firePluginHook(deps.plugin, "onAuthVerified", ctx.pluginCtx, {
-    authMode: "siwx",
-    wallet,
-    route: routeEntry.key
-  });
+  fireAuthVerified(ctx, { authMode: "siwx", wallet });
   return runHandlerOnly(ctx, wallet, void 0);
 }
 async function buildSiwxChallenge(ctx) {
@@ -3140,7 +3078,7 @@ async function runUnprotectedFlow(ctx) {
   return runHandlerOnly(ctx, null, void 0);
 }
 
-// src/orchestrate.ts
+// src/pipeline/orchestrate.ts
 function createRequestHandler(routeEntry, handler, deps) {
   return async (request) => {
     await deps.initPromise;
@@ -3915,7 +3853,7 @@ function toProtocolObject(protocol, mppInfo) {
       mpp: {
         method: mppInfo?.method ?? "tempo",
         intent: mppInfo?.intent ?? "charge",
-        currency: mppInfo?.currency ?? TEMPO_USDC_CURRENCY
+        currency: mppInfo?.currency ?? TEMPO_USDC_ADDRESS
       }
     };
   }
@@ -3995,142 +3933,256 @@ function formatRouterConfigIssues(issues) {
   return issues.map((issue) => issue.message).join("\n");
 }
 
-// src/config/validators/x402.ts
-init_accepts();
+// src/config/schema.ts
+init_constants();
+import { z } from "zod";
 
-// src/config/validators/shared.ts
-init_evm();
-init_solana();
-init_accepts();
-function isEvmAddress(value) {
-  return /^0x[a-fA-F0-9]{40}$/.test(value);
-}
-function isEvmPrivateKey(value) {
-  return /^0x[a-fA-F0-9]{64}$/.test(value);
-}
-function isSupportedX402Network(network) {
-  return isEvmNetwork(network) || isSolanaNetwork(network);
-}
-function findPlaceholderPayee(values) {
-  return values.find((value) => value !== void 0 && /^0x0{40}$/i.test(value)) ?? null;
-}
-function usesDefaultEvmFacilitator(config) {
-  return getConfiguredX402Networks(config).some(
-    (network) => typeof network === "string" && isEvmNetwork(network)
-  ) && config.x402?.facilitators?.evm === void 0;
+// src/config/utils.ts
+import { privateKeyToAccount } from "viem/accounts";
+var EVM_ADDRESS_RE = /^0x[a-fA-F0-9]{40}$/;
+var EVM_PRIVATE_KEY_RE = /^0x[a-fA-F0-9]{64}$/;
+var SOLANA_ADDRESS_RE = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+var ZERO_EVM_ADDRESS_RE = /^0x0{40}$/i;
+function isUrl(value) {
+  try {
+    new URL(value);
+    return true;
+  } catch {
+    return false;
+  }
+}
+var isEvmAddress = (v) => EVM_ADDRESS_RE.test(v);
+var isEvmPrivateKey = (v) => EVM_PRIVATE_KEY_RE.test(v);
+var isPlaceholderEvm = (v) => ZERO_EVM_ADDRESS_RE.test(v);
+var isSolanaAddress = (v) => SOLANA_ADDRESS_RE.test(v);
+var isX402Network = (v) => v.startsWith("eip155:") || v.startsWith("solana:");
+var canonicalizeEvm = (addr) => addr.toLowerCase();
+function operatorAddressesCollide(opKey, fpKey) {
+  if (!opKey || !fpKey || !isEvmPrivateKey(opKey) || !isEvmPrivateKey(fpKey)) return null;
+  const op = privateKeyToAccount(opKey).address.toLowerCase();
+  const fp = privateKeyToAccount(fpKey).address.toLowerCase();
+  return op === fp ? op : null;
+}
+function trimAll(raw) {
+  const out = {};
+  for (const [k, v] of Object.entries(raw)) {
+    if (typeof v !== "string") {
+      out[k] = void 0;
+      continue;
+    }
+    const trimmed = v.trim();
+    out[k] = trimmed.length > 0 ? trimmed : void 0;
+  }
+  return out;
 }
 
-// src/config/validators/x402.ts
-var CHECKS = [
-  checkAcceptNetworkPresent,
-  checkAcceptNetworkSupported,
-  checkNonExactRequiresAsset,
-  checkDecimalsAreValid,
-  checkPayee,
-  checkPlaceholderPayeeAddress,
-  checkCdpKeys
-];
-function validateX402Config(config, env, options) {
-  const accepts = getConfiguredX402Accepts(config);
-  if (accepts.length === 0) {
+// src/config/schema.ts
+function addIssue(ctx, params, message, path = []) {
+  ctx.addIssue({ code: "custom", path, params, message });
+}
+var x402 = { protocol: "x402" };
+var mpp = { protocol: "mpp" };
+var envShape = {
+  BASE_URL: z.string().refine(isUrl, {
+    params: { code: "invalid_base_url" },
+    message: "BASE_URL must be a valid URL \u2014 the public origin used as the 402 realm, OpenAPI server URL, and MPP memo prefix. Must match the public domain."
+  }).optional(),
+  EVM_PAYEE_ADDRESS: z.string().refine(isEvmAddress, {
+    params: { code: "invalid_x402_payee", ...x402 },
+    message: "EVM_PAYEE_ADDRESS must be a 0x-prefixed 20-byte EVM address \u2014 the wallet that receives x402 and MPP payments."
+  }).refine((v) => !isPlaceholderEvm(v), {
+    params: { code: "placeholder_payee", ...x402 },
+    message: "EVM_PAYEE_ADDRESS is the zero address (0x000\u2026000) \u2014 payments to this address are unrecoverable. Set it to a wallet you control."
+  }).optional(),
+  CDP_API_KEY_ID: z.string().optional(),
+  CDP_API_KEY_SECRET: z.string().optional(),
+  SOLANA_PAYEE_ADDRESS: z.string().refine(isSolanaAddress, {
+    params: { code: "invalid_solana_payee", ...x402 },
+    message: "SOLANA_PAYEE_ADDRESS must be a base58 Solana address (32\u201344 chars). When set, the router also accepts Solana payments."
+  }).optional(),
+  SOLANA_FACILITATOR_URL: z.string().refine(isUrl, {
+    params: { code: "invalid_solana_facilitator_url", ...x402 },
+    message: "SOLANA_FACILITATOR_URL must be a valid URL \u2014 override for the Solana x402 facilitator. Defaults to DEFAULT_SOLANA_FACILITATOR_URL."
+  }).optional(),
+  MPP_SECRET_KEY: z.string().optional(),
+  MPP_CURRENCY: z.string().refine(isEvmAddress, {
+    params: { code: "invalid_mpp_currency", ...mpp },
+    message: "MPP_CURRENCY must be a 0x-prefixed 20-byte Tempo currency address \u2014 the token contract MPP charges in. Use TEMPO_USDC_ADDRESS for Tempo USDC."
+  }).optional(),
+  TEMPO_RPC_URL: z.string().refine(isUrl, {
+    params: { code: "invalid_mpp_rpc_url", ...mpp },
+    message: "TEMPO_RPC_URL must be a valid URL \u2014 authenticated Tempo JSON-RPC endpoint. Public rpc.tempo.xyz returns 401."
+  }).optional(),
+  MPP_OPERATOR_KEY: z.string().refine(isEvmPrivateKey, {
+    params: { code: "invalid_mpp_operator_key", ...mpp },
+    message: "MPP_OPERATOR_KEY must be a 0x-prefixed 32-byte EVM private key \u2014 signs server-side close/settle; presence enables MPP session mode."
+  }).optional(),
+  MPP_FEE_PAYER_KEY: z.string().refine(isEvmPrivateKey, {
+    params: { code: "invalid_mpp_fee_payer_key", ...mpp },
+    message: "MPP_FEE_PAYER_KEY must be a 0x-prefixed 32-byte EVM private key \u2014 sponsors client gas for channel open/topUp. Must resolve to a different address than MPP_OPERATOR_KEY."
+  }).optional(),
+  KV_REST_API_URL: z.string().optional(),
+  KV_REST_API_TOKEN: z.string().optional(),
+  NODE_ENV: z.string().optional()
+};
+var ENV_KEYS = Object.keys(envShape);
+var EnvInputSchema = z.object(envShape).passthrough().superRefine((env, ctx) => {
+  if (env.BASE_URL === void 0) {
+    addIssue(
+      ctx,
+      { code: "missing_base_url" },
+      "BASE_URL is required \u2014 the public origin used as the 402 realm, OpenAPI server URL, and MPP memo prefix. Set it to your production domain.",
+      ["BASE_URL"]
+    );
+  }
+  if (env.EVM_PAYEE_ADDRESS === void 0) {
+    addIssue(
+      ctx,
+      { code: "missing_x402_payee", ...x402 },
+      "EVM_PAYEE_ADDRESS is required \u2014 the EVM address that receives x402 and MPP payments.",
+      ["EVM_PAYEE_ADDRESS"]
+    );
+  }
+  if (env.MPP_SECRET_KEY) {
+    if (env.MPP_CURRENCY === void 0) {
+      addIssue(
+        ctx,
+        { code: "missing_mpp_currency", ...mpp },
+        "MPP_CURRENCY is required when MPP is enabled \u2014 the Tempo currency address MPP charges in. Use TEMPO_USDC_ADDRESS for Tempo USDC.",
+        ["MPP_CURRENCY"]
+      );
+    }
+    if (env.TEMPO_RPC_URL === void 0) {
+      addIssue(
+        ctx,
+        { code: "missing_mpp_rpc_url", ...mpp },
+        "TEMPO_RPC_URL is required when MPP is enabled \u2014 authenticated Tempo JSON-RPC endpoint. Public rpc.tempo.xyz returns 401.",
+        ["TEMPO_RPC_URL"]
+      );
+    }
+  }
+  const collision = operatorAddressesCollide(env.MPP_OPERATOR_KEY, env.MPP_FEE_PAYER_KEY);
+  if (collision) {
+    addIssue(
+      ctx,
+      { code: "mpp_operator_equals_fee_payer", ...mpp },
+      `MPP_OPERATOR_KEY and MPP_FEE_PAYER_KEY resolve to the same address (${collision}). Tempo rejects fee-delegated txs with sender === feePayer. Use two distinct wallets, or unset MPP_FEE_PAYER_KEY to let clients pay their own gas.`,
+      ["MPP_FEE_PAYER_KEY"]
+    );
+  }
+});
+function collectKvWarnings(env, kvStoreOptionProvided) {
+  if (kvStoreOptionProvided) return [];
+  const warn = (code, message) => ({
+    code,
+    severity: "warning",
+    message
+  });
+  if (env.KV_REST_API_URL && !env.KV_REST_API_TOKEN) {
     return [
-      {
-        code: "missing_x402_accepts",
-        protocol: "x402",
-        message: "x402 requires at least one accept configuration."
-      }
+      warn(
+        "kv_url_without_token",
+        "KV_REST_API_URL is set but KV_REST_API_TOKEN is missing \u2014 falling back to in-memory KV (unsafe in serverless production)."
+      )
     ];
   }
-  const args = { config, accepts, env, options };
-  return CHECKS.map((check) => check(args)).filter(
-    (issue) => issue !== null
-  );
-}
-function checkAcceptNetworkPresent({ accepts }) {
-  return accepts.some((accept) => !accept.network) ? { code: "missing_x402_network", protocol: "x402", message: "x402 accepts require a network." } : null;
-}
-function checkAcceptNetworkSupported({ accepts }) {
-  const unsupported = accepts.find(
-    (accept) => accept.network && !isSupportedX402Network(accept.network)
-  );
-  if (!unsupported) return null;
-  return {
-    code: "unsupported_x402_network",
-    protocol: "x402",
-    message: `unsupported x402 network '${unsupported.network}'. Use eip155:* or solana:*.`
-  };
-}
-function checkNonExactRequiresAsset({ accepts }) {
-  return accepts.some((accept) => (accept.scheme ?? "exact") !== "exact" && !accept.asset) ? {
-    code: "missing_x402_asset",
-    protocol: "x402",
-    message: "non-exact x402 accepts require an asset."
-  } : null;
+  if (env.KV_REST_API_TOKEN && !env.KV_REST_API_URL) {
+    return [
+      warn(
+        "kv_token_without_url",
+        "KV_REST_API_TOKEN is set but KV_REST_API_URL is missing \u2014 falling back to in-memory KV (unsafe in serverless production)."
+      )
+    ];
+  }
+  if (env.KV_REST_API_URL && env.KV_REST_API_TOKEN && !isUrl(env.KV_REST_API_URL)) {
+    return [
+      warn(
+        "invalid_kv_url",
+        `KV_REST_API_URL is not a valid URL \u2014 KV calls will fail at request time. Got: ${env.KV_REST_API_URL}`
+      )
+    ];
+  }
+  if (!env.KV_REST_API_URL && !env.KV_REST_API_TOKEN && env.NODE_ENV === "production") {
+    return [
+      warn(
+        "missing_kv_in_production",
+        "No KV_REST_API_URL/KV_REST_API_TOKEN set in production \u2014 using the in-memory KV store. SIWX nonce, SIWX entitlement, and MPP replay state will be lost across instances. Configure Upstash/Vercel KV or pass a custom kvStore."
+      )
+    ];
+  }
+  return [];
 }
-function checkDecimalsAreValid({ accepts }) {
-  const invalid = accepts.find(
-    (accept) => accept.decimals !== void 0 && (!Number.isInteger(accept.decimals) || accept.decimals < 0)
-  );
-  if (!invalid) return null;
-  return {
-    code: "invalid_x402_decimals",
-    protocol: "x402",
-    message: "x402 accept decimals must be a non-negative integer."
-  };
+function getConfiguredX402Accepts2(config) {
+  if (config.x402?.accepts?.length) return [...config.x402.accepts];
+  return [
+    {
+      scheme: "exact",
+      network: config.network ?? BASE_MAINNET_NETWORK,
+      payTo: config.payeeAddress
+    }
+  ];
 }
-function checkPayee({ config, accepts }) {
-  if (config.payeeAddress) return null;
-  return accepts.some((accept) => !accept.payTo) ? {
-    code: "missing_x402_payee",
-    protocol: "x402",
-    message: "x402 requires payeeAddress in router config or payTo on every x402 accept."
-  } : null;
-}
-function checkPlaceholderPayeeAddress({
-  config,
-  accepts
-}) {
-  const placeholder = findPlaceholderPayee([
+function validateX402Config(config, env, options) {
+  const accepts = getConfiguredX402Accepts2(config);
+  const issues = [];
+  const push = (code, message) => issues.push({ code, protocol: "x402", message });
+  if (accepts.length === 0) {
+    push("missing_x402_accepts", "x402 requires at least one accept configuration.");
+    return issues;
+  }
+  if (accepts.some((a) => !a.network)) {
+    push("missing_x402_network", "x402 accepts require a network.");
+  }
+  const unsupported = accepts.find((a) => a.network && !isX402Network(a.network));
+  if (unsupported) {
+    push(
+      "unsupported_x402_network",
+      `unsupported x402 network '${unsupported.network}'. Use eip155:* or solana:*.`
+    );
+  }
+  if (accepts.some((a) => (a.scheme ?? "exact") !== "exact" && !a.asset)) {
+    push("missing_x402_asset", "non-exact x402 accepts require an asset.");
+  }
+  if (accepts.some(
+    (a) => a.decimals !== void 0 && (!Number.isInteger(a.decimals) || a.decimals < 0)
+  )) {
+    push("invalid_x402_decimals", "x402 accept decimals must be a non-negative integer.");
+  }
+  if (!config.payeeAddress && accepts.some((a) => !a.payTo)) {
+    push(
+      "missing_x402_payee",
+      "x402 requires payeeAddress in router config or payTo on every x402 accept."
+    );
+  }
+  const placeholder = [
     config.payeeAddress,
-    ...accepts.map((accept) => typeof accept.payTo === "string" ? accept.payTo : void 0)
-  ]);
-  if (!placeholder) return null;
-  return {
-    code: "placeholder_payee",
-    protocol: "x402",
-    message: `x402 payee '${placeholder}' is a placeholder address and cannot receive payments.`
-  };
-}
-function checkCdpKeys({ config, env, options }) {
-  if (options.requireCdpKeys === false) return null;
-  if (!usesDefaultEvmFacilitator(config)) return null;
-  const missing = [
-    env.CDP_API_KEY_ID ? null : "CDP_API_KEY_ID",
-    env.CDP_API_KEY_SECRET ? null : "CDP_API_KEY_SECRET"
-  ].filter(Boolean);
-  if (missing.length === 0) return null;
-  return {
-    code: "missing_cdp_keys",
-    protocol: "x402",
-    message: `default EVM x402 facilitator requires ${missing.join(" and ")}.`
-  };
+    ...accepts.map((a) => typeof a.payTo === "string" ? a.payTo : void 0)
+  ].find((v) => v !== void 0 && isPlaceholderEvm(v));
+  if (placeholder) {
+    push(
+      "placeholder_payee",
+      `x402 payee '${placeholder}' is a placeholder address and cannot receive payments.`
+    );
+  }
+  if (options.requireCdpKeys !== false) {
+    const hasEvm = accepts.some(
+      (a) => typeof a.network === "string" && a.network.startsWith("eip155:")
+    );
+    if (hasEvm) {
+      const missing = ["CDP_API_KEY_ID", "CDP_API_KEY_SECRET"].filter((k) => !env[k]);
+      if (missing.length > 0) {
+        push(
+          "missing_cdp_keys",
+          `x402 EVM facilitator (Coinbase) requires ${missing.join(" and ")}.`
+        );
+      }
+    }
+  }
+  return issues;
 }
-
-// src/config/validators/mpp.ts
-import { privateKeyToAccount } from "viem/accounts";
-var CHECKS2 = [
-  checkSecretKey,
-  checkCurrency,
-  checkRecipient,
-  checkPlaceholderRecipient,
-  checkRpcUrl,
-  checkFeePayerKey,
-  checkOperatorKey,
-  checkOperatorMatchesFeePayer
-];
-function validateMppConfig(config, env) {
-  const mpp = config.mpp;
-  if (!mpp) {
+function validateMppConfig(config) {
+  const m = config.mpp;
+  if (!m) {
     return [
       {
         code: "missing_mpp_config",
@@ -4139,109 +4191,184 @@ function validateMppConfig(config, env) {
       }
     ];
   }
-  const args = { config, mpp, env };
-  return CHECKS2.map((check) => check(args)).filter(
-    (issue) => issue !== null
+  const issues = [];
+  const push = (code, message) => issues.push({ code, protocol: "mpp", message });
+  if (!m.secretKey) {
+    push(
+      "missing_mpp_secret_key",
+      "MPP requires secretKey. Set MPP_SECRET_KEY or pass mpp.secretKey."
+    );
+  }
+  if (!m.currency) {
+    push("missing_mpp_currency", "MPP requires currency. Set MPP_CURRENCY or pass mpp.currency.");
+  } else if (!isEvmAddress(m.currency)) {
+    push(
+      "invalid_mpp_currency",
+      "MPP currency must be a 0x-prefixed 20-byte Tempo currency address. Use TEMPO_USDC_ADDRESS for Tempo USDC."
+    );
+  }
+  const recipient = m.recipient ?? config.payeeAddress;
+  if (!recipient) {
+    push(
+      "missing_mpp_recipient",
+      "MPP requires a recipient address. Set mpp.recipient or payeeAddress in your router config."
+    );
+  } else if (!isEvmAddress(recipient)) {
+    push(
+      "invalid_mpp_recipient",
+      "MPP recipient must be a 0x-prefixed EVM address. Solana recipients require x402."
+    );
+  }
+  const placeholder = [m.recipient, config.payeeAddress].find(
+    (v) => typeof v === "string" && isPlaceholderEvm(v)
   );
-}
-function checkSecretKey({ mpp }) {
-  if (mpp.secretKey) return null;
-  return {
-    code: "missing_mpp_secret_key",
-    protocol: "mpp",
-    message: "MPP requires secretKey. Set MPP_SECRET_KEY or pass mpp.secretKey."
-  };
-}
-function checkCurrency({ mpp }) {
-  if (!mpp.currency) {
-    return {
-      code: "missing_mpp_currency",
-      protocol: "mpp",
-      message: "MPP requires currency. Set MPP_CURRENCY or pass mpp.currency."
-    };
+  if (placeholder) {
+    push(
+      "placeholder_payee",
+      `MPP recipient '${placeholder}' is a placeholder address and cannot receive payments.`
+    );
   }
-  if (!isEvmAddress(mpp.currency)) {
-    return {
-      code: "invalid_mpp_currency",
-      protocol: "mpp",
-      message: "MPP currency must be a 0x-prefixed 20-byte Tempo currency address. Use TEMPO_USDC_CURRENCY for Tempo USDC."
-    };
+  if (!m.rpcUrl) {
+    push(
+      "missing_mpp_rpc_url",
+      "MPP requires an authenticated Tempo RPC URL. Set TEMPO_RPC_URL env var or pass rpcUrl in the mpp config object."
+    );
   }
-  return null;
+  if (m.feePayerKey && !isEvmPrivateKey(m.feePayerKey)) {
+    push(
+      "invalid_mpp_fee_payer_key",
+      "MPP feePayerKey must be a 0x-prefixed 32-byte EVM private key."
+    );
+  }
+  if (m.operatorKey && !isEvmPrivateKey(m.operatorKey)) {
+    push(
+      "invalid_mpp_operator_key",
+      "MPP operatorKey must be a 0x-prefixed 32-byte EVM private key."
+    );
+  }
+  const collision = operatorAddressesCollide(m.operatorKey, m.feePayerKey);
+  if (collision) {
+    push(
+      "mpp_operator_equals_fee_payer",
+      `MPP operatorKey and feePayerKey resolve to the same address (${collision}). Tempo rejects fee-delegated txs with sender === feePayer, so channel close/settle would fail at runtime. Either use two distinct wallets, or omit feePayerKey to disable gas sponsorship (clients then pay their own gas).`
+    );
+  }
+  return issues;
 }
-function checkRecipient({ config, mpp }) {
-  const recipient = mpp.recipient ?? config.payeeAddress;
-  if (!recipient) {
+function translateZodIssues(error) {
+  return error.issues.map((issue) => {
+    const params = issue.params;
+    if (!params?.code) {
+      throw new Error(
+        `[router] schema issue missing params.code (path=${issue.path.join(".")}, message=${issue.message}). Every refinement / addIssue call must set params.code.`
+      );
+    }
     return {
-      code: "missing_mpp_recipient",
-      protocol: "mpp",
-      message: "MPP requires a recipient address. Set mpp.recipient or payeeAddress in your router config."
+      code: params.code,
+      message: issue.message,
+      ...params.protocol ? { protocol: params.protocol } : {},
+      ...params.severity ? { severity: params.severity } : {}
     };
+  });
+}
+function routerConfigFromEnv(options) {
+  const rawEnv = options.env ?? process.env;
+  const env = trimAll(rawEnv);
+  const optionIssues = [];
+  if (!options.title?.trim()) {
+    optionIssues.push({
+      code: "missing_discovery_title",
+      message: "discovery `title` is required. Pass a short product name."
+    });
   }
-  if (!isEvmAddress(recipient)) {
-    return {
-      code: "invalid_mpp_recipient",
-      protocol: "mpp",
-      message: "MPP recipient must be a 0x-prefixed EVM address. Solana recipients require x402."
-    };
+  if (!options.description?.trim()) {
+    optionIssues.push({
+      code: "missing_discovery_description",
+      message: "discovery `description` is required. One sentence is enough."
+    });
   }
-  return null;
-}
-function checkPlaceholderRecipient({ config, mpp }) {
-  const placeholder = findPlaceholderPayee([mpp.recipient, config.payeeAddress]);
-  if (!placeholder) return null;
-  return {
-    code: "placeholder_payee",
-    protocol: "mpp",
-    message: `MPP recipient '${placeholder}' is a placeholder address and cannot receive payments.`
-  };
-}
-function checkRpcUrl({ mpp, env }) {
-  if (mpp.rpcUrl ?? env.TEMPO_RPC_URL) return null;
-  return {
-    code: "missing_mpp_rpc_url",
-    protocol: "mpp",
-    message: "MPP requires an authenticated Tempo RPC URL. Set TEMPO_RPC_URL env var or pass rpcUrl in the mpp config object."
-  };
-}
-function checkFeePayerKey({ mpp }) {
-  if (!mpp.feePayerKey || isEvmPrivateKey(mpp.feePayerKey)) return null;
-  return {
-    code: "invalid_mpp_fee_payer_key",
-    protocol: "mpp",
-    message: "MPP feePayerKey must be a 0x-prefixed 32-byte EVM private key."
-  };
-}
-function checkOperatorKey({ mpp }) {
-  if (!mpp.operatorKey || isEvmPrivateKey(mpp.operatorKey)) return null;
-  return {
-    code: "invalid_mpp_operator_key",
-    protocol: "mpp",
-    message: "MPP operatorKey must be a 0x-prefixed 32-byte EVM private key."
-  };
-}
-function checkOperatorMatchesFeePayer({ mpp }) {
-  if (!mpp.operatorKey || !mpp.feePayerKey) return null;
-  if (!isEvmPrivateKey(mpp.operatorKey) || !isEvmPrivateKey(mpp.feePayerKey)) return null;
-  const opAddr = privateKeyToAccount(mpp.operatorKey).address.toLowerCase();
-  const fpAddr = privateKeyToAccount(mpp.feePayerKey).address.toLowerCase();
-  if (opAddr !== fpAddr) return null;
+  if (options.guidance === void 0) {
+    optionIssues.push({
+      code: "missing_discovery_guidance",
+      message: "discovery `guidance` is required. Provide an empty string to opt out of `/llms.txt`."
+    });
+  }
+  if (options.serverUrl !== void 0 && !isUrl(options.serverUrl)) {
+    optionIssues.push({
+      code: "invalid_server_url",
+      message: `discovery \`serverUrl\` must be a valid URL. Got: ${options.serverUrl}`
+    });
+  }
+  const parsed = EnvInputSchema.safeParse(env);
+  const envIssues = parsed.success ? [] : translateZodIssues(parsed.error);
+  const issues = [...envIssues, ...optionIssues];
+  if (issues.length > 0) throw new RouterConfigError(issues);
+  for (const warning of collectKvWarnings(env, options.kvStore !== void 0)) {
+    console.warn(`[router] ${warning.message}`);
+  }
+  const payeeAddress = canonicalizeEvm(env.EVM_PAYEE_ADDRESS);
+  const accepts = [
+    { scheme: "exact", network: BASE_MAINNET_NETWORK, payTo: payeeAddress },
+    {
+      scheme: "upto",
+      network: BASE_MAINNET_NETWORK,
+      payTo: payeeAddress,
+      asset: BASE_USDC_ADDRESS,
+      decimals: BASE_USDC_DECIMALS
+    }
+  ];
+  if (env.SOLANA_PAYEE_ADDRESS) {
+    accepts.push({
+      scheme: "exact",
+      network: SOLANA_MAINNET_NETWORK,
+      payTo: env.SOLANA_PAYEE_ADDRESS
+    });
+  }
+  const configuredSolanaFacilitator = options.x402Facilitators?.solana;
+  const solanaFacilitator = typeof configuredSolanaFacilitator === "string" ? configuredSolanaFacilitator : configuredSolanaFacilitator ?? env.SOLANA_FACILITATOR_URL ?? DEFAULT_SOLANA_FACILITATOR_URL;
+  const mppEnabled = options.protocols?.includes("mpp") ?? Boolean(env.MPP_SECRET_KEY);
+  const protocols = options.protocols ? [...options.protocols] : mppEnabled ? ["x402", "mpp"] : ["x402"];
+  const mppConfig = mppEnabled ? {
+    secretKey: env.MPP_SECRET_KEY,
+    currency: canonicalizeEvm(env.MPP_CURRENCY),
+    rpcUrl: env.TEMPO_RPC_URL,
+    recipient: payeeAddress,
+    ...env.MPP_FEE_PAYER_KEY ? { feePayerKey: env.MPP_FEE_PAYER_KEY } : {},
+    ...env.MPP_OPERATOR_KEY ? { operatorKey: env.MPP_OPERATOR_KEY, session: {} } : {}
+  } : void 0;
   return {
-    code: "mpp_operator_equals_fee_payer",
-    protocol: "mpp",
-    message: `MPP operatorKey and feePayerKey resolve to the same address (${opAddr}). Tempo rejects fee-delegated txs with sender === feePayer, so channel close/settle would fail at runtime. Either use two distinct wallets, or omit feePayerKey to disable gas sponsorship (clients then pay their own gas).`
+    payeeAddress,
+    baseUrl: env.BASE_URL,
+    network: BASE_MAINNET_NETWORK,
+    protocols,
+    x402: {
+      accepts,
+      facilitators: {
+        ...options.x402Facilitators,
+        solana: solanaFacilitator
+      }
+    },
+    ...mppConfig ? { mpp: mppConfig } : {},
+    discovery: {
+      title: options.title,
+      version: options.version ?? "1.0.0",
+      description: options.description,
+      guidance: options.guidance,
+      ...options.contact ? { contact: options.contact } : {},
+      ...options.ownershipProofs ? { ownershipProofs: options.ownershipProofs } : {},
+      ...options.methodHints ? { methodHints: options.methodHints } : {},
+      ...options.serverUrl ? { serverUrl: options.serverUrl } : {}
+    },
+    ...options.prices ? { prices: options.prices } : {},
+    ...options.plugin ? { plugin: options.plugin } : {},
+    ...options.kvStore ? { kvStore: options.kvStore } : {},
+    strictRoutes: options.strictRoutes ?? false
   };
 }
-
-// src/config/validate.ts
-function validateRouterConfig(config, options = {}) {
-  const issues = getRouterConfigIssues(config, options);
-  if (issues.length > 0) throw new RouterConfigError(issues);
-}
 function getRouterConfigIssues(config, options = {}) {
-  const env = options.env ?? process.env;
-  const issues = [];
+  const env = options.env ?? {};
   const protocols = config.protocols ?? ["x402"];
+  const issues = [];
   if (!config.baseUrl) {
     issues.push({
       code: "missing_base_url",
@@ -4254,83 +4381,16 @@ function getRouterConfigIssues(config, options = {}) {
       message: "RouterConfig.protocols cannot be empty. Omit the field to use default ['x402'] or specify protocols explicitly."
     });
   }
-  if (protocols.includes("x402")) {
-    issues.push(...validateX402Config(config, env, options));
-  }
-  if (protocols.includes("mpp")) {
-    issues.push(...validateMppConfig(config, env));
-  }
+  if (protocols.includes("x402")) issues.push(...validateX402Config(config, env, options));
+  if (protocols.includes("mpp")) issues.push(...validateMppConfig(config));
   return issues;
 }
 
-// src/config/env.ts
-init_constants();
-function mppFromEnv(env, options = {}) {
-  const secretKey = env.MPP_SECRET_KEY;
-  const currency = env.MPP_CURRENCY;
-  const rpcUrl = env.TEMPO_RPC_URL;
-  const feePayerKey = options.feePayerKey ?? env.MPP_FEE_PAYER_KEY;
-  const feePayerKeySource = options.feePayerKey !== void 0 ? "feePayerKey" : "MPP_FEE_PAYER_KEY";
-  const hasAnyMppEnv = Boolean(secretKey || currency || rpcUrl || options.require);
-  if (!hasAnyMppEnv) return void 0;
-  const missing = [
-    secretKey ? null : "MPP_SECRET_KEY",
-    currency ? null : "MPP_CURRENCY",
-    rpcUrl ? null : "TEMPO_RPC_URL"
-  ].filter(Boolean);
-  if (missing.length > 0) {
-    throw new Error(`MPP env is incomplete. Missing: ${missing.join(", ")}`);
-  }
-  if (!isEvmAddress(currency)) {
-    throw new Error("MPP_CURRENCY must be a 0x-prefixed 20-byte Tempo currency address");
-  }
-  if (options.recipient && !isEvmAddress(options.recipient)) {
-    throw new Error("MPP recipient must be a 0x-prefixed EVM address");
-  }
-  if (feePayerKey && !isEvmPrivateKey(feePayerKey)) {
-    throw new Error(`${feePayerKeySource} must be a 0x-prefixed 32-byte EVM private key`);
-  }
-  return {
-    secretKey,
-    currency,
-    rpcUrl,
-    ...options.recipient ? { recipient: options.recipient } : {},
-    ...feePayerKey ? { feePayerKey } : {}
-  };
-}
-function x402AcceptsFromEnv(env, options = {}) {
-  const payeeEnv = options.payeeEnv ?? "X402_WALLET_ADDRESS";
-  const solanaPayeeEnv = options.solanaPayeeEnv ?? "SOLANA_PAYEE_ADDRESS";
-  const payeeAddress = options.payeeAddress ?? env[payeeEnv];
-  if (!payeeAddress) {
-    throw new Error(`${payeeEnv} is required to build x402 accepts`);
-  }
-  const accepts = [
-    {
-      scheme: "exact",
-      network: options.network ?? BASE_NETWORK,
-      payTo: payeeAddress
-    }
-  ];
-  const solanaPayeeAddress = options.solanaPayeeAddress ?? env[solanaPayeeEnv];
-  if (solanaPayeeAddress) {
-    accepts.push({
-      scheme: "exact",
-      network: SOLANA_MAINNET_NETWORK,
-      payTo: solanaPayeeAddress
-    });
-  }
-  return accepts;
-}
-function paidOptionsForProtocols(protocols) {
-  return { protocols: [...protocols] };
-}
-
 // src/init/x402.ts
 async function initX402(config, configError) {
   if (configError) return { initError: configError };
   try {
-    const { createX402Server: createX402Server2 } = await Promise.resolve().then(() => (init_server(), server_exports));
+    const { createX402Server: createX402Server2 } = await Promise.resolve().then(() => (init_x402_server(), x402_server_exports));
     const result = await createX402Server2(config);
     await result.initPromise;
     return {
@@ -4342,7 +4402,7 @@ async function initX402(config, configError) {
   }
 }
 
-// src/mppx-init.ts
+// src/init/mppx.ts
 function getMppxRequestContext(args) {
   const {
     Mppx,
@@ -4464,9 +4524,10 @@ function createRouter(config) {
   const kvStore = resolveKvStore(config.kvStore);
   const nonceStore = kvStore ? createKvNonceStore(kvStore) : new MemoryNonceStore();
   const entitlementStore = kvStore ? createKvEntitlementStore(kvStore) : new MemoryEntitlementStore();
-  const network = config.network ?? BASE_NETWORK;
+  const network = config.network ?? BASE_MAINNET_NETWORK;
   const x402Accepts = getConfiguredX402Accepts(config);
   const configIssues = getRouterConfigIssues(config, {
+    env: process.env,
     requireCdpKeys: process.env.NODE_ENV === "production"
   });
   const baseUrlIssue = configIssues.find((issue) => issue.code === "missing_base_url");
@@ -4589,29 +4650,21 @@ function normalizePath(path) {
   normalized = normalized.replace(/^api\/+/, "");
   return normalized.replace(/\/+$/, "");
 }
+function createRouterFromEnv(options) {
+  return createRouter(routerConfigFromEnv(options));
+}
 export {
-  BASE_NETWORK,
+  BASE_MAINNET_NETWORK,
+  BASE_USDC_ADDRESS,
+  BASE_USDC_DECIMALS,
+  DEFAULT_SOLANA_FACILITATOR_URL,
   HttpError,
-  MemoryEntitlementStore,
-  MemoryNonceStore,
-  RouteBuilder,
-  RouteRegistry,
   RouterConfigError,
-  SIWX_CHALLENGE_EXPIRY_MS,
-  SIWX_ERROR_MESSAGES,
   SOLANA_MAINNET_NETWORK,
-  TEMPO_USDC_CURRENCY,
+  TEMPO_USDC_ADDRESS,
+  TEMPO_USDC_DECIMALS,
   ZERO_EVM_ADDRESS,
-  consolePlugin,
-  createKvEntitlementStore,
-  createKvMppStore,
-  createKvNonceStore,
   createRouter,
-  formatRouterConfigIssues,
-  getRouterConfigIssues,
-  mppFromEnv,
-  paidOptionsForProtocols,
-  validateRouterConfig,
-  withPrefix,
-  x402AcceptsFromEnv
+  createRouterFromEnv,
+  routerConfigFromEnv
 };