@agirails/sdk 3.1.0 → 3.3.0

package/dist/adapters/X402Adapter.js

@@ -1,511 +1,700 @@
 "use strict";
 /**
- * X402Adapter - HTTP 402 Payment Required Protocol (Atomic Payments)
+ * X402Adapter — real x402 v2 protocol support.
  *
- * Implements the x402 protocol for atomic, instant API payments.
- * NO escrow, NO state machine, NO disputes - just pay and receive.
+ * Thin wrapper around official @x402/fetch + @x402/evm + @x402/core packages.
+ * Replaces the legacy custom `x-payment-*` HTTP flow (which was never real x402)
+ * with proper EIP-3009 / Permit2 wire format for full interoperability with
+ * any x402 v2 seller (Coinbase demo, third-party servers, AGIRAILS sellers).
  *
- * This is fundamentally different from ACTP:
- * - ACTP: escrow → state machine → disputes → explicit release
- * - x402: atomic payment → instant settlement → done
+ * Architecture:
+ * - Buyer signs EIP-3009 authorization or Permit2 witness OFF-CHAIN
+ * - Facilitator (server-configured) submits on-chain tx and pays gas
+ * - Buyer is always gassless for x402 by protocol design
+ * - Smart Wallet buyers use Permit2 path (ERC-1271 + ERC-6492 via viem)
+ * - EOA buyers use either path
  *
- * Use x402 for:
- * - Simple API calls (pay-per-request)
- * - Instant delivery (response IS the delivery)
- * - Low-value, high-frequency transactions
+ * Zero fee layer: payTo goes directly to seller. X402Relay is never used.
+ * Zero reputation hooks: ERC-8004 registry never touched on x402 payments.
  *
- * Use ACTP for:
- * - Complex services requiring verification
- * - High-value transactions needing dispute protection
- * - Multi-step deliveries
+ * Architecture rationale and Smart Wallet signing flow are documented in
+ * the project's internal x402 v2 implementation notes.
  *
  * @module adapters/X402Adapter
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.X402Adapter = void 0;
-const BaseAdapter_1 = require("./BaseAdapter");
-const x402_1 = require("../types/x402");
-// ============================================================================
-// X402Adapter Implementation
-// ============================================================================
+const fetch_1 = require("@x402/fetch");
+const evm_1 = require("@x402/evm");
+const X402Errors_1 = require("../errors/X402Errors");
+const Logger_1 = require("../utils/Logger");
 /**
- * X402Adapter - Atomic HTTP payment protocol.
- *
- * Key characteristics:
- * - usesEscrow: false (direct payment)
- * - supportsDisputes: false (atomic = final)
- * - settlementMode: 'atomic' (instant)
- * - releaseRequired: false (no escrow to release)
+ * Default networks if allowedNetworks is undefined.
  *
- * @example
- * ```typescript
- * const adapter = new X402Adapter(requesterAddress, {
- *   expectedNetwork: 'base-sepolia',
- *   transferFn: async (to, amount) => {
- *     const tx = await usdcContract.transfer(to, amount);
- *     return tx.hash;
- *   },
- *   feeCollector: '0x...treasury', // Required: AGIRAILS fee recipient
- * });
+ * Hand-maintained because @x402/core exposes `Network` as a structural string
+ * pattern (`${string}:${string}`), not a canonical enum. Review on each
+ * @x402/evm upgrade to keep in sync with upstream scheme support.
+ */
+const DEFAULT_EVM_NETWORKS = [
+    'eip155:1', // Ethereum mainnet
+    'eip155:8453', // Base mainnet
+    'eip155:84532', // Base Sepolia
+    'eip155:10', // Optimism
+    'eip155:42161', // Arbitrum One
+    'eip155:137', // Polygon
+];
+/**
+ * Canonical USDC contract address per supported EVM network (CAIP-2 keys).
  *
- * const result = await adapter.pay({
- *   to: 'https://api.provider.com/service',
- *   amount: '10', // Hint only, actual amount from 402
- * });
+ * Source: Circle's official deployment list as of 2026-04. Keep in sync with
+ * `DEFAULT_EVM_NETWORKS`. Used as the default `allowedAssets` allowlist so
+ * the adapter refuses to sign payments in any other token.
  *
- * // That's it! No release() needed.
- * console.log(result.response?.status); // 200
- * console.log(result.releaseRequired);  // false
- * ```
+ * Addresses stored lowercase so comparisons can use `.toLowerCase()` on
+ * server-provided asset addresses directly.
  */
-class X402Adapter extends BaseAdapter_1.BaseAdapter {
-    /**
-     * Creates a new X402Adapter instance.
-     *
-     * @param requesterAddress - The requester's Ethereum address
-     * @param config - X402-specific configuration
-     */
-    constructor(requesterAddress, config) {
-        super(requesterAddress);
+const DEFAULT_USDC_BY_NETWORK = {
+    'eip155:1': '0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48', // Ethereum USDC
+    'eip155:8453': '0x833589fcd6edb6e08f4c7c32d4f71b54bda02913', // Base USDC
+    'eip155:84532': '0x036cbd53842c5426634e7929541ec2318f3dcf7e', // Base Sepolia USDC
+    'eip155:10': '0x0b2c639c533813f4aa9d7837caf62653d097ff85', // Optimism USDC
+    'eip155:42161': '0xaf88d065e77c8cc2239327c5edb3a432268e5831', // Arbitrum USDC
+    'eip155:137': '0x3c499c542cef5e3811e1192ce70d8cc03d5c3359', // Polygon USDC
+};
+// ============================================================================
+// X402Adapter
+// ============================================================================
+class X402Adapter {
+    constructor(config) {
         this.config = config;
-        /**
-         * Adapter metadata - atomic, no escrow.
-         */
         this.metadata = {
             id: 'x402',
-            name: 'X402 Atomic Payment Adapter',
+            name: 'x402 v2',
             usesEscrow: false,
             supportsDisputes: false,
             requiresIdentity: false,
-            settlementMode: 'atomic',
+            settlementMode: 'atomic', // x402 is stateless HTTP; settlement is atomic via facilitator
             priority: 70,
         };
-        /** Local cache of payments for status lookups */
+        /** network:tokenAddress → cached approved state */
+        this.permit2ApprovedCache = new Set();
+        /** network:tokenAddress → in-flight approve promise (coalesces concurrent callers) */
+        this.permit2InflightApprovals = new Map();
+        /** Completed payment records for getStatus() lookups. Capped to prevent unbounded growth. */
         this.payments = new Map();
-        this.timeout = config.requestTimeout ?? 30000;
-        this.fetchFn = config.fetchFn ?? fetch;
-        this.defaultHeaders = config.defaultHeaders ?? {};
-        this.transferFn = config.transferFn;
+        if (typeof config.walletProvider.signTypedData !== 'function') {
+            throw new X402Errors_1.X402ConfigError('X402Adapter requires a walletProvider with signTypedData() support. ' +
+                'Both EOAWalletProvider and AutoWalletProvider implement this in @agirails/sdk@3.3.0+.');
+        }
+        const signer = this.walletProviderToClientEvmSigner(config.walletProvider);
+        const scheme = new evm_1.ExactEvmScheme(signer);
+        // I1: compute and cache allowed network list once — selectRequirements
+        // runs on every payment, so we must avoid re-resolving per-call.
+        this.allowedNetworks = resolveAllowedNetworks(config.allowedNetworks);
+        // P1-1: resolve allowed assets. Undefined → canonical USDC per network.
+        // Empty array → sentinel for "allow any asset" (explicit opt-out).
+        // Non-empty array → user-provided override.
+        if (config.allowedAssets === undefined) {
+            const defaults = this.allowedNetworks
+                .map((n) => DEFAULT_USDC_BY_NETWORK[n])
+                .filter((a) => typeof a === 'string');
+            this.allowedAssetsLc = new Set(defaults.map((a) => a.toLowerCase()));
+        }
+        else if (config.allowedAssets.length === 0) {
+            this.allowedAssetsLc = undefined; // sentinel: any asset
+        }
+        else {
+            this.allowedAssetsLc = new Set(config.allowedAssets.map((a) => a.toLowerCase()));
+        }
+        // P1-3: resolve allowed hosts. Default empty = always require opt-in.
+        this.allowedHostsLc = new Set((config.allowedHosts ?? []).map((h) => h.toLowerCase()));
+        // Build x402 client via fromConfig with all scheme registrations up front,
+        // plus our paymentRequirementsSelector. Hook is registered on the returned
+        // client instance (fromConfig does not take hooks).
+        this.x402 = fetch_1.x402Client.fromConfig({
+            schemes: this.allowedNetworks.map((network) => ({ network, client: scheme })),
+            paymentRequirementsSelector: this.selectRequirements.bind(this),
+        });
+        // onBeforePaymentCreation hook runs AFTER selectRequirements picks a
+        // requirement and BEFORE signing. We await Permit2 approve for Smart
+        // Wallet buyers inside the hook — single roundtrip, no race.
+        this.x402.onBeforePaymentCreation(this.beforePaymentCreationHook.bind(this));
+        // Wrap global fetch with the configured x402Client. This yields a fetch
+        // function that transparently retries on 402 with a signed payment payload.
+        this.fetchWithPayment = (0, fetch_1.wrapFetchWithPayment)(config.fetchImpl ?? fetch, this.x402);
+        // P1-3: hardened default cap lowered from $10 → $1. Reduces blast radius
+        // of accidental `client.pay({to: 'https://...'})` calls. Users who need
+        // higher caps must opt in explicitly via config.
+        this.maxAmountPerTx = parseUsdcAmount(config.maxAmountPerTx ?? '1');
+        this.maxAuthorizationValidSec = config.maxAuthorizationValidSec ?? 300;
     }
     // ==========================================================================
-    // IAdapter Implementation
+    // IAdapter implementation
     // ==========================================================================
     /**
-     * Check if this adapter can handle the given parameters.
+     * STRICT HTTPS ONLY. `http://` is rejected at the canHandle level to prevent
+     * MITM interception of signed payment payloads. Integration tests that need
+     * localhost use a dedicated test flag (not exposed to end users).
      *
-     * X402Adapter handles HTTPS URLs only (security requirement).
+     * P1-3: canHandle returns true for any HTTPS URL so the router can select
+     * this adapter, but `validate()` enforces explicit opt-in before payment
+     * actually executes. This keeps the declarative "any HTTPS is x402-capable"
+     * shape while protecting against accidental auto-pay.
      */
     canHandle(params) {
-        if (typeof params.to !== 'string') {
-            return false;
-        }
-        try {
-            const url = new URL(params.to);
-            return url.protocol === 'https:';
-        }
-        catch {
-            return false;
-        }
+        return /^https:\/\//i.test(params.to);
     }
-    /**
-     * Validate parameters before execution.
-     */
     validate(params) {
+        if (!params.to || typeof params.to !== 'string') {
+            throw new X402Errors_1.X402ConfigError('x402: params.to must be a non-empty string URL');
+        }
         if (!this.canHandle(params)) {
-            throw new BaseAdapter_1.ValidationError(`X402 requires HTTPS URL, got: "${params.to}". ` +
-                `HTTP endpoints are not supported for security reasons.`);
+            throw new X402Errors_1.X402ConfigError(`x402: refusing non-HTTPS target ${params.to}. Only https:// URLs are supported ` +
+                `to prevent MITM interception of signed payment payloads.`);
+        }
+        // P1-3: Explicit opt-in gate. A URL is allowed to trigger a payment only if:
+        //   (a) caller set `metadata.paymentMethod === 'x402'`, OR
+        //   (b) the target host is in the allowedHosts allowlist.
+        // Without one of these, throw so an accidental `client.pay({to: 'https://...'})`
+        // call doesn't silently cost money.
+        const explicitOptIn = params.metadata?.paymentMethod === 'x402';
+        let hostAllowed = false;
+        if (this.allowedHostsLc.size > 0) {
+            try {
+                const host = new URL(params.to).hostname.toLowerCase();
+                hostAllowed = this.allowedHostsLc.has(host);
+            }
+            catch {
+                // fall through — invalid URL will surface below
+            }
         }
-        const url = new URL(params.to);
-        if (url.username || url.password) {
-            throw new BaseAdapter_1.ValidationError('URL cannot contain embedded credentials (username:password).');
+        if (!explicitOptIn && !hostAllowed) {
+            throw new X402Errors_1.X402ConfigError(`x402: refusing to auto-pay ${params.to}. HTTPS URLs trigger x402 payments ` +
+                `only when the caller explicitly opts in. Either:\n` +
+                `  (a) pass metadata: { paymentMethod: 'x402' } to client.pay(), or\n` +
+                `  (b) add the host to X402AdapterConfig.allowedHosts.\n` +
+                `This safeguard prevents accidental charges from unrelated HTTPS calls.`);
         }
     }
-    /**
-     * Execute atomic x402 payment flow with full HTTP support.
-     *
-     * 1. Request endpoint → get 402
-     * 2. Parse payment headers
-     * 3. Execute atomic USDC transfer
-     * 4. Retry with tx hash as proof (same method/headers/body)
-     * 5. Return response (settlement complete!)
-     *
-     * @param params - Payment parameters with optional HTTP method, headers, body
-     */
     async pay(params) {
         this.validate(params);
-        const endpoint = params.to;
-        const x402Params = params;
-        // Extract HTTP options
-        const method = x402Params.method ?? 'GET';
-        const requestHeaders = x402Params.headers ?? {};
-        const requestBody = this.serializeBody(x402Params.body, x402Params.contentType);
-        const contentType = x402Params.contentType ??
-            (x402Params.body && method !== 'GET' ? 'application/json' : undefined);
-        // Step 1: Initial request
-        const initialResponse = await this.makeRequest(endpoint, method, requestHeaders, requestBody, contentType);
-        // Step 2: Check response status
-        if (initialResponse.status !== 402) {
-            if (initialResponse.ok) {
-                return this.createFreeServiceResult(params, initialResponse);
+        Logger_1.sdkLogger.debug('x402 payment attempt', { to: params.to });
+        let res;
+        try {
+            const method = params.httpMethod ?? 'GET';
+            const headers = { accept: 'application/json' };
+            if (params.httpHeaders) {
+                Object.assign(headers, params.httpHeaders);
             }
-            throw new x402_1.X402Error(`Expected 402 Payment Required, got ${initialResponse.status}`, x402_1.X402ErrorCode.NOT_402_RESPONSE, initialResponse);
-        }
-        // Step 3: Parse payment headers
-        const paymentHeaders = this.parsePaymentHeaders(initialResponse);
-        // Step 4: Validate network
-        if (paymentHeaders.network !== this.config.expectedNetwork) {
-            throw new x402_1.X402Error(`Network mismatch: expected ${this.config.expectedNetwork}, got ${paymentHeaders.network}`, x402_1.X402ErrorCode.NETWORK_MISMATCH, initialResponse);
-        }
-        // Step 5: Validate deadline
-        const now = Math.floor(Date.now() / 1000);
-        if (paymentHeaders.deadline <= now) {
-            throw new x402_1.X402Error(`Payment deadline has passed: ${new Date(paymentHeaders.deadline * 1000).toISOString()}`, x402_1.X402ErrorCode.DEADLINE_PASSED, initialResponse);
-        }
-        // Step 6: ATOMIC PAYMENT - via relay (with on-chain fee) or feeCollector (two transfers)
-        const { txHash, feeBreakdown } = await this.executeAtomicPayment(paymentHeaders);
-        // Step 7: Retry with proof (same method/headers/body + payment proof)
-        const serviceResponse = await this.retryWithProof(endpoint, txHash, method, requestHeaders, requestBody, contentType);
-        // Step 8: Cache payment record for status lookups
-        this.payments.set(txHash, {
-            txHash,
-            provider: paymentHeaders.paymentAddress.toLowerCase(),
-            requester: this.requesterAddress.toLowerCase(),
-            amount: paymentHeaders.amount,
-            timestamp: now,
-            endpoint,
-            feeBreakdown,
-        });
-        // Step 9: Return result - DONE! No release needed.
-        return {
-            txId: txHash,
-            escrowId: null, // No escrow!
-            adapter: this.metadata.id,
-            state: 'COMMITTED', // Atomic = immediately settled
-            success: true,
-            amount: this.formatAmount(paymentHeaders.amount),
-            response: serviceResponse,
-            releaseRequired: false, // KEY DIFFERENCE from ACTP
-            provider: paymentHeaders.paymentAddress.toLowerCase(),
-            requester: this.requesterAddress.toLowerCase(),
-            deadline: new Date(paymentHeaders.deadline * 1000).toISOString(),
-            feeBreakdown,
-        };
-    }
-    /**
-     * Serialize request body to string.
-     */
-    serializeBody(body, _contentType) {
-        if (body === undefined)
-            return undefined;
-        if (typeof body === 'string')
-            return body;
-        return JSON.stringify(body);
+            if (params.httpBody && typeof params.httpBody === 'string' && !headers['content-type'] && !headers['Content-Type']) {
+                headers['content-type'] = 'application/json';
+            }
+            const fetchInit = { method, headers };
+            if (params.httpBody && method !== 'GET' && method !== 'DELETE') {
+                fetchInit.body = params.httpBody;
+            }
+            res = await this.fetchWithPayment(params.to, fetchInit);
+        }
+        catch (e) {
+            // Hook aborts bubble up here as "Payment creation aborted: {reason}"
+            if (e instanceof Error && /aborted/i.test(e.message)) {
+                throw new X402Errors_1.X402PaymentFailedError(`x402 payment aborted before signing: ${e.message}`);
+            }
+            throw new X402Errors_1.X402PaymentFailedError(`x402 payment failed: ${e instanceof Error ? e.message : String(e)}`);
+        }
+        if (!res.ok) {
+            throw new X402Errors_1.X402PaymentFailedError(`x402 payment returned HTTP ${res.status} ${res.statusText}`);
+        }
+        const responseHeader = res.headers.get('payment-response');
+        return await this.mapToPayResult(res, responseHeader, params);
     }
-    /**
-     * Get payment status by transaction hash.
-     *
-     * For atomic payments, status is simple:
-     * - If tx exists → SETTLED (atomic = instant settlement)
-     */
     async getStatus(txId) {
         const record = this.payments.get(txId);
         if (!record) {
-            throw new Error(`Payment ${txId} not found. X402 payments are atomic and stateless.`);
+            throw new Error(`x402 payment ${txId} not found. x402 payments are atomic and stateless; ` +
+                `only payments made through this adapter instance are tracked.`);
         }
+        // B4: state consistency — pay() returns `UnifiedPayResult.state = 'COMMITTED'`
+        // (the type only allows 'COMMITTED' | 'IN_PROGRESS'), so getStatus() must
+        // also return 'COMMITTED' for the same tx. Despite the name, for x402 this
+        // COMMITTED is effectively SETTLED — facilitator has confirmed on-chain
+        // settlement by the time mapToPayResult writes the record here, so there's
+        // no work-in-progress phase to worry about. Callers should NOT interpret
+        // 'COMMITTED' on an x402 record as "waiting for provider" — release is
+        // not required and lifecycle methods throw.
         return {
-            state: 'SETTLED',
+            state: 'COMMITTED',
             canStartWork: false,
             canDeliver: false,
             canRelease: false,
             canDispute: false,
-            amount: this.formatAmount(record.amount),
-            provider: record.provider,
-            requester: record.requester,
+            amount: formatUsdcAmount(record.amount),
+            provider: record.payTo,
+            requester: record.payer,
         };
     }
-    /**
-     * Not applicable for atomic payments.
-     * @throws {Error} Always - x402 has no lifecycle
-     */
     async startWork(_txId) {
-        throw new Error('X402 is atomic - no lifecycle methods. ' +
-            'Payment and delivery happen atomically. Use ACTP for stateful transactions.');
+        throw new Error('x402 is stateless — no lifecycle methods. ' +
+            'The HTTP response IS the delivery. Use ACTP adapters for stateful transactions.');
     }
-    /**
-     * Not applicable for atomic payments.
-     * @throws {Error} Always - x402 has no lifecycle
-     */
     async deliver(_txId, _proof) {
-        throw new Error('X402 is atomic - no lifecycle methods. ' +
-            'The HTTP response IS the delivery. Use ACTP for stateful transactions.');
+        throw new Error('x402 is stateless — no lifecycle methods. ' +
+            'The HTTP response IS the delivery. Use ACTP adapters for stateful transactions.');
     }
-    /**
-     * Not applicable for atomic payments.
-     * @throws {Error} Always - x402 has no escrow
-     */
     async release(_escrowId, _attestationUID) {
-        throw new Error('X402 is atomic - no escrow to release. ' +
-            'Payment settled instantly. Use ACTP for escrow-based transactions.');
+        throw new Error('x402 has no escrow to release — payment settles instantly via the facilitator. ' +
+            'Use ACTP adapters for escrow-based transactions.');
     }
     // ==========================================================================
-    // Private Helpers
+    // @x402 hook + selector
     // ==========================================================================
     /**
-     * Make an HTTP request with full options support.
+     * Registered as `onBeforePaymentCreation` hook on the x402Client in the
+     * constructor. Runs AFTER selectRequirements has chosen a target and BEFORE
+     * the scheme client signs the payload.
+     *
+     * For Smart Wallet + Permit2 flow, this is where we ensure the one-time
+     * Permit2 approve has been submitted and confirmed. The hook is awaited by
+     * @x402/core's createPaymentPayload, so we can block signing until the
+     * approve lands — no double roundtrip, no race.
      *
-     * @param url - Request URL
-     * @param method - HTTP method
-     * @param customHeaders - Custom headers from request params
-     * @param body - Request body (optional)
-     * @param contentType - Content-Type header (optional)
-     * @param proofHeaders - Payment proof headers for retry (optional)
+     * Return `{ abort: true, reason }` to cancel the payment cleanly.
      */
-    async makeRequest(url, method, customHeaders = {}, body, contentType, proofHeaders) {
-        const controller = new AbortController();
-        const timeoutId = setTimeout(() => controller.abort(), this.timeout);
-        try {
-            // Build headers: defaults + custom + content-type + proof
-            const headers = new Headers(this.defaultHeaders);
-            // Add custom headers from request
-            for (const [key, value] of Object.entries(customHeaders)) {
-                headers.set(key, value);
-            }
-            // Add content-type if provided
-            if (contentType) {
-                headers.set('Content-Type', contentType);
-            }
-            // Add proof headers for retry
-            if (proofHeaders) {
-                for (const [key, value] of Object.entries(proofHeaders)) {
-                    headers.set(key, value);
-                }
-            }
-            const init = {
-                method,
-                headers,
-                signal: controller.signal,
-            };
-            // Add body for non-GET requests
-            if (body && method !== 'GET') {
-                init.body = body;
+    async beforePaymentCreationHook(ctx) {
+        const walletInfo = this.config.walletProvider.getWalletInfo();
+        if (walletInfo.tier !== 'auto')
+            return; // EOA doesn't need Permit2 approve
+        if (this.config.autoApprovePermit2 === false)
+            return;
+        const reqs = ctx.selectedRequirements;
+        const method = reqs.extra
+            ?.assetTransferMethod;
+        if (method !== 'permit2')
+            return; // EIP-3009 path doesn't need approve
+        // Undeployed Smart Wallets (counterfactual): skip Permit2 approve.
+        // The facilitator with deployERC4337WithEIP6492 handles deployment +
+        // Permit2 settlement atomically. Attempting approve on an undeployed
+        // contract wallet would fail (no code → paymaster rejects UserOp).
+        // The on-chain allowance check returns false for undeployed wallets
+        // (no code to call), so we detect this via getCode-like heuristic.
+        const alreadyApproved = await this.readPermit2AllowanceIsSet(reqs.asset);
+        if (!alreadyApproved) {
+            // Check if wallet is deployed — if not, skip approve entirely
+            const isDeployed = await this.isWalletDeployed();
+            if (!isDeployed) {
+                Logger_1.sdkLogger.debug('x402: Permit2 approve skipped — Smart Wallet not yet deployed (ERC-6492 facilitator handles atomically)');
+                return;
             }
-            return await this.fetchFn(url, init);
-        }
-        finally {
-            clearTimeout(timeoutId);
         }
-    }
-    /**
-     * Parse X-Payment-* headers from 402 response.
-     */
-    parsePaymentHeaders(response) {
-        const h = response.headers;
-        const requiredHeader = h.get(x402_1.X402_HEADERS.REQUIRED);
-        if (requiredHeader?.toLowerCase() !== 'true') {
-            throw new x402_1.X402Error(`Missing or invalid ${x402_1.X402_HEADERS.REQUIRED} header`, x402_1.X402ErrorCode.MISSING_HEADERS, response);
-        }
-        const address = h.get(x402_1.X402_HEADERS.ADDRESS);
-        const amount = h.get(x402_1.X402_HEADERS.AMOUNT);
-        const network = h.get(x402_1.X402_HEADERS.NETWORK);
-        const token = h.get(x402_1.X402_HEADERS.TOKEN);
-        const deadline = h.get(x402_1.X402_HEADERS.DEADLINE);
-        if (!address) {
-            throw new x402_1.X402Error(`Missing ${x402_1.X402_HEADERS.ADDRESS}`, x402_1.X402ErrorCode.MISSING_HEADERS, response);
-        }
-        if (!amount) {
-            throw new x402_1.X402Error(`Missing ${x402_1.X402_HEADERS.AMOUNT}`, x402_1.X402ErrorCode.MISSING_HEADERS, response);
-        }
-        if (!network) {
-            throw new x402_1.X402Error(`Missing ${x402_1.X402_HEADERS.NETWORK}`, x402_1.X402ErrorCode.MISSING_HEADERS, response);
-        }
-        if (!token) {
-            throw new x402_1.X402Error(`Missing ${x402_1.X402_HEADERS.TOKEN}`, x402_1.X402ErrorCode.MISSING_HEADERS, response);
-        }
-        if (!deadline) {
-            throw new x402_1.X402Error(`Missing ${x402_1.X402_HEADERS.DEADLINE}`, x402_1.X402ErrorCode.MISSING_HEADERS, response);
-        }
-        // Validate address
-        const validatedAddress = this.validatePaymentAddress(address, response);
-        // Validate amount
-        if (!/^\d+$/.test(amount)) {
-            throw new x402_1.X402Error(`Invalid ${x402_1.X402_HEADERS.AMOUNT}: "${amount}"`, x402_1.X402ErrorCode.INVALID_AMOUNT, response);
-        }
-        // Validate network
-        if (!(0, x402_1.isValidX402Network)(network)) {
-            throw new x402_1.X402Error(`Invalid ${x402_1.X402_HEADERS.NETWORK}: "${network}"`, x402_1.X402ErrorCode.INVALID_NETWORK, response);
-        }
-        // Validate token
-        if (token.toUpperCase() !== 'USDC') {
-            throw new x402_1.X402Error(`Unsupported token: "${token}". Only USDC supported.`, x402_1.X402ErrorCode.MISSING_HEADERS, response);
-        }
-        const deadlineNum = parseInt(deadline, 10);
-        if (isNaN(deadlineNum) || deadlineNum <= 0) {
-            throw new x402_1.X402Error(`Invalid ${x402_1.X402_HEADERS.DEADLINE}: "${deadline}"`, x402_1.X402ErrorCode.MISSING_HEADERS, response);
+        else {
+            // Already approved — no action needed
+            return;
         }
-        return {
-            required: true,
-            paymentAddress: validatedAddress,
-            amount,
-            network,
-            token: 'USDC',
-            deadline: deadlineNum,
-            serviceId: h.get(x402_1.X402_HEADERS.SERVICE_ID) ?? undefined,
-        };
-    }
-    /**
-     * Validate payment address from header.
-     */
-    validatePaymentAddress(address, response) {
         try {
-            return this.validateAddress(address, x402_1.X402_HEADERS.ADDRESS);
+            await this.ensurePermit2Approved(reqs.network, reqs.asset);
         }
-        catch {
-            throw new x402_1.X402Error(`Invalid ${x402_1.X402_HEADERS.ADDRESS}: "${address}"`, x402_1.X402ErrorCode.INVALID_ADDRESS, response);
+        catch (e) {
+            const msg = e instanceof Error ? e.message : String(e);
+            Logger_1.sdkLogger.warn('x402 Permit2 approve failed, aborting payment', { error: msg });
+            return {
+                abort: true,
+                reason: msg,
+            };
         }
     }
     /**
-     * Execute atomic payment with fee splitting.
+     * Registered as `paymentRequirementsSelector` on the x402Client.
+     * Called after server's payment-required is parsed, before signing.
      *
-     * Priority: relay (atomic, 1 tx) > feeCollector (2 tx) > error
-     * Relay flow: approve relay → relay.payWithFee(provider, gross, serviceId)
-     * feeCollector flow: transferFn(provider, net) + transferFn(feeCollector, fee)
+     * Picks the best requirement from `accepts[]` based on:
+     *   1. scheme === "exact" AND network in our allowlist
+     *   2. Wallet tier: Smart Wallet prefers Permit2, EOA prefers EIP-3009
+     *   3. Amount within maxAmountPerTx safety cap
+     *   4. Clamps maxTimeoutSeconds to maxAuthorizationValidSec (MEV cap)
      */
-    async executeAtomicPayment(headers) {
-        try {
-            // Relay path: on-chain fee splitting (atomic, preferred)
-            if (this.config.relayAddress && this.config.approveFn && this.config.relayPayFn) {
-                const grossAmount = headers.amount;
-                const feeBps = this.config.platformFeeBps ?? 100;
-                const MIN_FEE = 50000n; // $0.05 USDC
-                // Calculate fee: max(gross * bps / 10000, MIN_FEE)
-                const grossBig = BigInt(grossAmount);
-                const bpsFee = (grossBig * BigInt(feeBps)) / 10000n;
-                const fee = bpsFee > MIN_FEE ? bpsFee : MIN_FEE;
-                const providerNet = grossBig - fee;
-                // 1. Approve relay for gross amount
-                await this.config.approveFn(this.config.relayAddress, grossAmount);
-                // 2. Call relay.payWithFee
-                const serviceId = headers.serviceId ?? '0x' + '0'.repeat(64);
-                const txHash = await this.config.relayPayFn(headers.paymentAddress, grossAmount, serviceId);
-                return {
-                    txHash,
-                    feeBreakdown: {
-                        grossAmount,
-                        providerNet: providerNet.toString(),
-                        platformFee: fee.toString(),
-                        feeBps,
-                        estimated: true,
-                    },
-                };
-            }
-            // feeCollector path: client-side fee splitting (non-atomic fallback)
-            if (!this.config.feeCollector) {
-                throw new x402_1.X402Error('x402 payment requires fee collection: configure either relayAddress (preferred) or feeCollector. ' +
-                    'Since v2.6.0, transferFn-only configs are no longer allowed to prevent zero-fee payments.', x402_1.X402ErrorCode.PAYMENT_FAILED);
-            }
-            const grossAmount = headers.amount;
-            const feeBps = this.config.platformFeeBps ?? 100;
-            const MIN_FEE = 50000n; // $0.05 USDC
-            const grossBig = BigInt(grossAmount);
-            // Guard: grossAmount must cover at least the minimum fee
-            if (grossBig <= MIN_FEE) {
-                throw new x402_1.X402Error(`Payment amount ${grossAmount} too small: must exceed minimum fee of ${MIN_FEE} ($0.05 USDC)`, x402_1.X402ErrorCode.PAYMENT_FAILED);
+    selectRequirements(_version, requirements) {
+        const allowed = this.allowedNetworks; // I1: cached
+        // P1-1: filter by scheme + network + asset. Asset check rejects any
+        // token that's not in our allowlist (canonical USDC per chain by default).
+        // Without this, a malicious or misconfigured server could advertise
+        // USDT/DAI/scam-token and we'd sign a payment with wrong decimals,
+        // bypassing the maxAmountPerTx cap silently.
+        const candidates = requirements.filter((r) => {
+            if (r.scheme !== 'exact')
+                return false;
+            if (!allowed.includes(r.network))
+                return false;
+            if (this.allowedAssetsLc) {
+                if (typeof r.asset !== 'string' || !this.allowedAssetsLc.has(r.asset.toLowerCase()))
+                    return false;
             }
-            const bpsFee = (grossBig * BigInt(feeBps)) / 10000n;
-            const fee = bpsFee > MIN_FEE ? bpsFee : MIN_FEE;
-            const providerNet = grossBig - fee;
-            // 1. Transfer net amount to provider
-            // NOTE: If transferFn returns a bare hash string (no { hash, success } object),
-            // we treat it as success. Integrators SHOULD return { hash, success } to enable
-            // detection of reverted/dropped transactions.
-            const transferResult = await this.transferFn(headers.paymentAddress, providerNet.toString());
-            const txHash = typeof transferResult === 'string'
-                ? transferResult
-                : transferResult.hash;
-            const transferSuccess = typeof transferResult === 'string'
-                ? true
-                : transferResult.success !== false;
-            if (!transferSuccess) {
-                throw new Error(`transferFn returned unsuccessful receipt for tx ${txHash}`);
-            }
-            // 2. Transfer fee to AGIRAILS treasury (fail-closed).
-            // IMPORTANT: Provider is already paid at this point. If fee transfer fails,
-            // we throw PROVIDER_PAID_FEE_FAILED (NOT PAYMENT_FAILED) so callers know
-            // NOT to retry — retrying would double-pay the provider.
+            return true;
+        });
+        if (candidates.length === 0) {
+            const seen = requirements
+                .map((r) => `${r.scheme}@${r.network}(${(r.asset ?? '').slice(0, 10)}...)`)
+                .join(', ');
+            const assetInfo = this.allowedAssetsLc
+                ? `, allowed assets: [${[...this.allowedAssetsLc].map((a) => a.slice(0, 10) + '...').join(', ')}]`
+                : '';
+            throw new X402Errors_1.X402NetworkNotAllowedError(`x402: no accepted requirement. Server offered [${seen}], ` +
+                `allowed networks: [${allowed.join(', ')}]${assetInfo}.`);
+        }
+        // Wallet-tier-aware ordering
+        const walletInfo = this.config.walletProvider.getWalletInfo();
+        const isPermit2 = (r) => r.extra?.assetTransferMethod === 'permit2';
+        // Smart Wallet prefers Permit2 (EIP-3009 won't validate on contract addresses).
+        // EOA prefers EIP-3009 (simpler, no one-time approve needed).
+        const prioritized = walletInfo.tier === 'auto'
+            ? [...candidates].sort((a, b) => Number(isPermit2(b)) - Number(isPermit2(a)))
+            : [...candidates].sort((a, b) => Number(isPermit2(a)) - Number(isPermit2(b)));
+        // Note: we do NOT inject assetTransferMethod into requirements here.
+        // @x402/evm ExactEvmScheme client auto-selects EIP-3009 vs Permit2
+        // based on the signer type (EOA vs contract wallet). Injecting it
+        // would cause a requirements mismatch between buyer and server,
+        // breaking the facilitator's verify check.
+        const chosen = prioritized[0];
+        const amountBig = BigInt(chosen.amount);
+        if (amountBig > this.maxAmountPerTx) {
+            throw new X402Errors_1.X402AmountExceededError(`x402: required amount ${chosen.amount} (${formatUsdcAmount(amountBig)} USD) ` +
+                `exceeds maxAmountPerTx ${this.maxAmountPerTx.toString()} ` +
+                `(${this.config.maxAmountPerTx ?? '1'} USD).`);
+        }
+        // MEV hard cap on authorization validity
+        const serverTimeout = chosen.maxTimeoutSeconds ?? this.maxAuthorizationValidSec;
+        return {
+            ...chosen,
+            maxTimeoutSeconds: Math.min(serverTimeout, this.maxAuthorizationValidSec),
+        };
+    }
+    // ==========================================================================
+    // Permit2 approve (lazy, one-time, coalesced)
+    // ==========================================================================
+    async ensurePermit2Approved(network, token) {
+        const key = `${network}:${token.toLowerCase()}`;
+        if (this.permit2ApprovedCache.has(key))
+            return;
+        // Coalesce concurrent calls for the same (network, token).
+        // B1 fix: register the inflight promise BEFORE the IIFE's first await
+        // so concurrent callers that arrive mid-construction see it and wait
+        // instead of launching a duplicate approve.
+        const inflight = this.permit2InflightApprovals.get(key);
+        if (inflight)
+            return await inflight;
+        const doApprove = async () => {
             try {
-                const feeResult = await this.transferFn(this.config.feeCollector, fee.toString());
-                const feeSuccess = typeof feeResult === 'string'
-                    ? true
-                    : feeResult.success !== false;
-                if (!feeSuccess) {
-                    throw new x402_1.X402Error(`Fee transfer failed after provider payment tx ${txHash}. DO NOT RETRY — provider already paid.`, x402_1.X402ErrorCode.PROVIDER_PAID_FEE_FAILED, undefined, { providerPaidTxHash: txHash });
+                // P1-2: check on-chain allowance BEFORE sending approve. The in-memory
+                // `permit2ApprovedCache` is only a fast path — after a process restart
+                // or horizontal scale, the cache is empty but the on-chain allowance
+                // may already be set from a prior run. Without this check we'd pay
+                // for the approve again.
+                const alreadyApproved = await this.readPermit2AllowanceIsSet(token);
+                if (alreadyApproved) {
+                    this.permit2ApprovedCache.add(key);
+                    Logger_1.sdkLogger.debug('x402 Permit2 approve: allowance already set on-chain, skipping', {
+                        network,
+                        token,
+                    });
+                    return;
+                }
+                Logger_1.sdkLogger.info('x402 Permit2 approve: submitting one-time USDC approve', {
+                    network,
+                    token,
+                });
+                // Verified v4.2 spike: createPermit2ApprovalTx takes positional
+                // tokenAddress (0x${string}), returns { to, data, value? }.
+                const approvalTx = (0, evm_1.createPermit2ApprovalTx)(token);
+                const receipt = await this.config.walletProvider.sendTransaction({
+                    to: approvalTx.to,
+                    data: approvalTx.data,
+                    value: '0',
+                });
+                if (receipt && typeof receipt === 'object' && 'success' in receipt && !receipt.success) {
+                    throw new X402Errors_1.X402ApprovalFailedError(`Permit2 approve transaction reverted on-chain for ${network}:${token}`);
                 }
+                this.permit2ApprovedCache.add(key);
+                Logger_1.sdkLogger.info('x402 Permit2 approve confirmed', { network, token });
             }
-            catch (error) {
-                if (error instanceof x402_1.X402Error)
-                    throw error;
-                throw new x402_1.X402Error(`Fee transfer failed after provider payment tx ${txHash}. DO NOT RETRY — provider already paid.`, x402_1.X402ErrorCode.PROVIDER_PAID_FEE_FAILED, undefined, { providerPaidTxHash: txHash });
+            catch (e) {
+                if (e instanceof X402Errors_1.X402ApprovalFailedError)
+                    throw e; // don't double-wrap
+                if ((0, X402Errors_1.isPaymasterGateError)(e)) {
+                    throw new X402Errors_1.X402PublishRequiredError();
+                }
+                throw new X402Errors_1.X402ApprovalFailedError(`Permit2 approve failed for ${network}:${token}: ${e instanceof Error ? e.message : String(e)}`);
             }
-            return {
-                txHash,
-                feeBreakdown: {
-                    grossAmount,
-                    // providerNet is always gross - fee (that's what was transferred)
-                    providerNet: providerNet.toString(),
-                    // platformFee reflects the fee that was collected when payment succeeds.
-                    platformFee: fee.toString(),
-                    feeBps,
-                    estimated: false,
-                },
-            };
-        }
-        catch (error) {
-            if (error instanceof x402_1.X402Error)
-                throw error;
-            throw new x402_1.X402Error(`Atomic payment failed: ${error instanceof Error ? error.message : 'Unknown error'}`, x402_1.X402ErrorCode.PAYMENT_FAILED);
-        }
+            finally {
+                this.permit2InflightApprovals.delete(key);
+            }
+        };
+        // Register BEFORE invoking — Promise constructor is synchronous so any
+        // concurrent caller that polls `.get(key)` after this line sees it.
+        const approvalPromise = doApprove();
+        this.permit2InflightApprovals.set(key, approvalPromise);
+        return await approvalPromise;
     }
     /**
-     * Retry request with payment proof (tx hash).
-     * Uses the same HTTP method, headers, and body as the original request.
+     * P1-2: Read `USDC.allowance(smartWallet, PERMIT2_ADDRESS)` via the wallet
+     * provider's read provider and return true if already >= a sensible threshold
+     * (half of max uint256 — Permit2 approves are typically MAX_UINT256).
+     *
+     * Returns false if the wallet provider doesn't expose a read provider
+     * (older wallet implementations) — callers then fall back to submitting
+     * the approve unconditionally, which is the safe (but slightly wasteful)
+     * default.
      *
-     * @param endpoint - Request URL
-     * @param txHash - Payment transaction hash as proof
-     * @param method - Original HTTP method
-     * @param customHeaders - Original custom headers
-     * @param body - Original request body
-     * @param contentType - Original content-type
+     * Uses eth_call with the standard ERC-20 allowance ABI selector to avoid
+     * pulling in additional contract ABIs.
      */
-    async retryWithProof(endpoint, txHash, method = 'GET', customHeaders = {}, body, contentType) {
-        // Add payment proof headers
-        const proofHeaders = {
-            [x402_1.X402_PROOF_HEADERS.TX_ID]: txHash,
-            // No escrow ID for atomic payments
-        };
-        const response = await this.makeRequest(endpoint, method, customHeaders, body, contentType, proofHeaders);
-        if (!response.ok) {
-            throw new x402_1.X402Error(`Retry failed: ${response.status} ${response.statusText}`, x402_1.X402ErrorCode.RETRY_FAILED, response);
+    async readPermit2AllowanceIsSet(token) {
+        if (typeof this.config.walletProvider.getReadProvider !== 'function') {
+            return false; // no read capability — submit approve unconditionally
+        }
+        const rawProvider = this.config.walletProvider.getReadProvider();
+        // Duck-type: ethers v6 provider has `.call({to, data}): Promise<string>`.
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const providerAny = rawProvider;
+        if (!providerAny || typeof providerAny.call !== 'function')
+            return false;
+        // ERC-20 allowance(address owner, address spender) — selector 0xdd62ed3e
+        const owner = this.config.walletProvider.getAddress().toLowerCase().replace(/^0x/, '');
+        const spender = evm_1.PERMIT2_ADDRESS.toLowerCase().replace(/^0x/, '');
+        const data = '0xdd62ed3e' +
+            owner.padStart(64, '0') +
+            spender.padStart(64, '0');
+        try {
+            const result = await providerAny.call({ to: token, data });
+            if (!result || result === '0x')
+                return false;
+            const allowance = BigInt(result);
+            // Permit2 approve is typically MAX_UINT256. Treat any value above
+            // half-max as "already approved" to tolerate partial-spend scenarios.
+            const THRESHOLD = (1n << 255n);
+            return allowance >= THRESHOLD;
+        }
+        catch (e) {
+            Logger_1.sdkLogger.debug('x402 allowance read failed, falling back to submit', {
+                error: e instanceof Error ? e.message : String(e),
+            });
+            return false;
         }
-        return response;
     }
     /**
-     * Create result for free services (200 on initial request).
+     * Check if the Smart Wallet is deployed on-chain (has code).
+     * Returns true for EOA wallets (they're always "deployed" in a loose sense)
+     * and for deployed Smart Wallets. Returns false for counterfactual wallets.
      */
-    createFreeServiceResult(params, response) {
+    async isWalletDeployed() {
+        if (typeof this.config.walletProvider.getReadProvider !== 'function') {
+            return true; // can't check — assume deployed (safe default: attempt approve)
+        }
+        const rawProvider = this.config.walletProvider.getReadProvider();
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const providerAny = rawProvider;
+        if (!providerAny || typeof providerAny.getCode !== 'function')
+            return true;
+        try {
+            const code = await providerAny.getCode(this.config.walletProvider.getAddress());
+            return code !== '0x' && code !== null && code !== undefined && code.length > 2;
+        }
+        catch {
+            return true; // can't check — assume deployed
+        }
+    }
+    // ==========================================================================
+    // Response mapping
+    // ==========================================================================
+    async mapToPayResult(res, paymentResponseHeader, params) {
+        // FIX v4.1: missing payment-response header is NOT silent success.
+        // x402 spec: facilitator sets this header ONLY after on-chain settlement
+        // is confirmed. Without it we have no settlement proof — reorg, pending
+        // mempool, facilitator bug, or malicious server could all be causes.
+        if (!paymentResponseHeader) {
+            throw new X402Errors_1.X402SettlementProofMissingError();
+        }
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        let decoded;
+        try {
+            decoded = (0, fetch_1.decodePaymentResponseHeader)(paymentResponseHeader);
+        }
+        catch (e) {
+            throw new X402Errors_1.X402SettlementProofMissingError(`Failed to decode payment-response header: ${e instanceof Error ? e.message : String(e)}`);
+        }
+        const rawTxHash = decoded?.transaction;
+        const rawNetwork = decoded?.network;
+        const rawPayer = decoded?.payer;
+        const payTo = decoded?.payTo;
+        const amount = decoded?.amount;
+        // P1: Validate critical settlement proof fields instead of falling back
+        // to empty values. Without a valid tx hash we have no on-chain proof.
+        const missing = [];
+        if (!rawTxHash || !/^0x[0-9a-f]{64}$/i.test(rawTxHash))
+            missing.push('transaction');
+        if (!rawNetwork)
+            missing.push('network');
+        if (!rawPayer || !/^0x[0-9a-f]{40}$/i.test(rawPayer))
+            missing.push('payer');
+        // payTo is optional in x402 spec — Coinbase facilitator omits it
+        if (missing.length > 0) {
+            throw new X402Errors_1.X402SettlementProofMissingError(`payment-response header decoded but missing/invalid fields: ${missing.join(', ')}. ` +
+                `Decoded values: transaction=${rawTxHash ?? 'undefined'}, network=${rawNetwork ?? 'undefined'}, ` +
+                `payer=${rawPayer ?? 'undefined'}. Do not treat as settled.`);
+        }
+        // After validation gate, these are guaranteed non-undefined.
+        const txHash = rawTxHash;
+        const network = rawNetwork;
+        const payer = rawPayer;
+        // Replay detection: payer must match our wallet address
+        const ourAddress = this.config.walletProvider.getAddress().toLowerCase();
+        if (payer.toLowerCase() !== ourAddress) {
+            throw new X402Errors_1.X402SettlementProofMissingError(`payment-response payer ${payer} does not match our wallet ${ourAddress}. ` +
+                `Possible replay of another client's settlement.`);
+        }
+        const amountBig = safeBigInt(amount ?? '0');
+        this.payments.set(txHash, {
+            txId: txHash,
+            amount: amountBig,
+            network,
+            payer,
+            payTo: payTo ?? '',
+            settledAt: Date.now(),
+        });
+        // Evict oldest entry if over cap to prevent unbounded memory growth
+        if (this.payments.size > X402Adapter.MAX_PAYMENT_RECORDS) {
+            const oldest = this.payments.keys().next().value;
+            if (oldest)
+                this.payments.delete(oldest);
+        }
+        Logger_1.sdkLogger.info('x402 settlement confirmed', {
+            txHash,
+            network,
+            amount: String(amount ?? '0'),
+        });
         return {
-            txId: '0x' + '0'.repeat(64),
+            txId: txHash,
             escrowId: null,
-            adapter: this.metadata.id,
+            adapter: 'x402',
             state: 'COMMITTED',
             success: true,
-            amount: '0.00 USDC',
-            response,
+            amount: formatUsdcAmount(amountBig),
+            response: res,
             releaseRequired: false,
-            provider: '0x' + '0'.repeat(40),
-            requester: this.requesterAddress.toLowerCase(),
-            deadline: new Date(Date.now() + 86400000).toISOString(),
+            provider: payTo || params.to,
+            requester: payer,
+            deadline: new Date().toISOString(), // x402 is atomic — settled at return time, no future deadline
+            erc8004AgentId: params.erc8004AgentId,
+        };
+    }
+    // ==========================================================================
+    // Helpers
+    // ==========================================================================
+    /**
+     * Bridge our IWalletProvider.signTypedData to @x402/evm's ClientEvmSigner
+     * structural type. Only `address` + `signTypedData` are required for the
+     * `exact` scheme flow we use.
+     *
+     * B3: no outer try/catch here — each IWalletProvider implementation is the
+     * error-converting boundary and already throws X402SignatureFailedError on
+     * failure. Wrapping here would produce double-nested error messages like
+     * "walletProvider.signTypedData failed: EOA signTypedData failed: ...".
+     */
+    walletProviderToClientEvmSigner(wp) {
+        return {
+            address: wp.getAddress(),
+            async signTypedData(params) {
+                const typedData = {
+                    domain: params.domain,
+                    types: params.types,
+                    primaryType: params.primaryType,
+                    message: params.message,
+                };
+                const sig = await wp.signTypedData(typedData);
+                return sig;
+            },
         };
     }
 }
 exports.X402Adapter = X402Adapter;
+X402Adapter.MAX_PAYMENT_RECORDS = 10000;
+// ============================================================================
+// Local helpers
+// ============================================================================
+/**
+ * Parse human-readable USD amount like "10" or "0.50" to USDC 6-decimal bigint.
+ */
+function parseUsdcAmount(usd) {
+    const trimmed = usd.trim().replace(/^\$/, '');
+    if (!/^\d+(\.\d{1,6})?$/.test(trimmed)) {
+        throw new X402Errors_1.X402ConfigError(`Invalid maxAmountPerTx "${usd}" — must be a non-negative decimal with at most 6 digits after the point.`);
+    }
+    const [whole, frac = ''] = trimmed.split('.');
+    const fracPadded = (frac + '000000').slice(0, 6);
+    return BigInt(whole + fracPadded);
+}
+/**
+ * Format USDC 6-decimal bigint back to human-readable USD string.
+ */
+function formatUsdcAmount(amount) {
+    const whole = amount / 1000000n;
+    const frac = amount % 1000000n;
+    if (frac === 0n)
+        return whole.toString();
+    const fracStr = frac.toString().padStart(6, '0').replace(/0+$/, '');
+    return `${whole}.${fracStr}`;
+}
+/**
+ * Resolve the effective allowed-network list. Undefined / empty user config
+ * means "allow all EVM networks @x402/evm supports" — maximal interop default.
+ */
+function resolveAllowedNetworks(allowed) {
+    if (allowed && allowed.length > 0)
+        return allowed;
+    return DEFAULT_EVM_NETWORKS;
+}
+/**
+ * Parse any reasonable amount representation (raw int string, decimal string,
+ * bigint, or number) into a USDC 6-decimal bigint.
+ *
+ * B2 fix: the previous version rejected decimal strings (regex `^\d+$`) and
+ * silently returned 0n, which caused zero-amount records when a facilitator
+ * reported settlement amounts like `"0.01"` instead of `"10000"`.
+ *
+ * Behavior:
+ *   - "10000"   → 10000n (raw 6-decimal)
+ *   - "0.01"    → 10000n (parsed as USD, normalized to 6 decimals)
+ *   - "10"      → 10000000n (treated as whole-USD if no decimal)
+ *   - number 5  → 5000000n
+ *   - 5n        → 5n (bigint passed through)
+ *
+ * Ambiguity warning: a bare integer string like "10" could be either raw
+ * 6-decimal (0.00001 USDC) or whole USD (10 USDC). We use a heuristic: if
+ * the string contains a decimal point, parse as USD. Otherwise parse as raw.
+ * This matches the x402 spec which uses raw 6-decimal strings consistently.
+ */
+function safeBigInt(v) {
+    try {
+        if (typeof v === 'bigint')
+            return v;
+        if (typeof v === 'number') {
+            if (!Number.isFinite(v) || v < 0)
+                return 0n;
+            // Whole number: treat as raw 6-decimal (spec-compliant shape)
+            if (Number.isInteger(v))
+                return BigInt(v);
+            // Decimal number: treat as USD, convert to 6-decimal
+            return parseUsdcAmount(v.toString());
+        }
+        if (typeof v === 'string') {
+            const trimmed = v.trim().replace(/^\$/, '');
+            if (/^\d+$/.test(trimmed))
+                return BigInt(trimmed);
+            if (/^\d+\.\d{1,6}$/.test(trimmed))
+                return parseUsdcAmount(trimmed);
+        }
+    }
+    catch {
+        // fall through
+    }
+    return 0n;
+}
 //# sourceMappingURL=X402Adapter.js.map