@ampersend_ai/ampersend-sdk 0.0.22 → 0.0.25

package/dist/x402/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/x402/index.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAA;AAK5G,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAGzC,yBAAyB;AACzB,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAA;AAG9F,mBAAmB;AACnB,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,iBAAiB,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/x402/index.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAA;AAK5G,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAGzC,yBAAyB;AACzB,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAA;AAG9F,mBAAmB;AACnB,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,iBAAiB,CAAA;AAGxB,6BAA6B;AAC7B,OAAO,EAAE,gBAAgB,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAA"}

package/dist/x402/siwx.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Sign-In-With-X (SIWX) integration for Ampersend smart accounts.
+ *
+ * Every ERC-1271 signature out of an Ampersend Safe is gated by
+ * CoSignerValidator (session key + service key). This module wires that
+ * dual-sig requirement into the SIWX client flow: session key signs the SIWE
+ * message hash locally, the API co-signs the same hash, the pair is packed
+ * into a CoSignerValidator envelope, and the result becomes the SIWX
+ * signature. Servers MUST verify via ERC-1271 (e.g. `publicClient.verifyMessage`).
+ */
+import { type EVMSigner } from "@x402/extensions/sign-in-with-x";
+import { type Address, type Hex } from "viem";
+export interface SiwxSignerConfig {
+    /** Smart account address — the SIWX-claimed identity and the payment-history address. */
+    smartAccountAddress: Address;
+    /** Session key authorized via CoSignerValidator to sign for the smart account. */
+    sessionKeyPrivateKey: Hex;
+    /** Ampersend API base URL. */
+    apiUrl: string;
+    /** CoSignerValidator address. Defaults to the standard CoSignerValidator. */
+    validatorAddress?: Address;
+    /** Client name for product-analytics attribution. Defaults to `sdk-typescript`. */
+    clientName?: string;
+}
+/**
+ * Build an EVMSigner that signs SIWX messages as the smart account.
+ *
+ * Each `signMessage` call dispatches a co-sign request to the Ampersend API,
+ * so SIWX inherits the same liveness + policy boundary as payments. The
+ * returned signature is a CoSignerValidator ERC-1271 envelope: server
+ * verifiers call the Safe's `isValidSignature`, which routes to
+ * CoSignerValidator, which recovers both keys against `hashMessage(message)`.
+ */
+export declare function createSiwxSigner(config: SiwxSignerConfig): EVMSigner;
+/**
+ * Wrap a fetch implementation so SIWX 402 challenges are satisfied
+ * automatically, signing as the configured smart account.
+ *
+ * Pair with `wrapFetchWithPayment` from `@x402/fetch`, putting SIWX **inside**
+ * the payment wrapper. SIWX handles auth-only routes and re-entry to
+ * previously-paid resources; anything else (no SIWX extension, signature
+ * rejected) falls through unchanged to the payment wrapper.
+ *
+ * @example
+ * ```ts
+ * const fetchWithSiwx = wrapFetchWithAmpersendSiwx(fetch, {
+ *   smartAccountAddress,
+ *   sessionKeyPrivateKey,
+ *   apiUrl,
+ * })
+ * const fetchWithPayment = wrapFetchWithPayment(fetchWithSiwx, ampersendClient)
+ * ```
+ */
+export declare function wrapFetchWithAmpersendSiwx(fetchImpl: typeof globalThis.fetch, config: SiwxSignerConfig): typeof globalThis.fetch;
+//# sourceMappingURL=siwx.d.ts.map

package/dist/x402/siwx.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"siwx.d.ts","sourceRoot":"","sources":["../../src/x402/siwx.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,EAIL,KAAK,SAAS,EAEf,MAAM,iCAAiC,CAAA;AACxC,OAAO,EAAe,KAAK,OAAO,EAAE,KAAK,GAAG,EAAwB,MAAM,MAAM,CAAA;AAOhF,MAAM,WAAW,gBAAgB;IAC/B,yFAAyF;IACzF,mBAAmB,EAAE,OAAO,CAAA;IAC5B,kFAAkF;IAClF,oBAAoB,EAAE,GAAG,CAAA;IACzB,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAA;IACd,6EAA6E;IAC7E,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAC1B,mFAAmF;IACnF,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAYD;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,GAAG,SAAS,CA6BpE;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,0BAA0B,CACxC,SAAS,EAAE,OAAO,UAAU,CAAC,KAAK,EAClC,MAAM,EAAE,gBAAgB,GACvB,OAAO,UAAU,CAAC,KAAK,CA0CzB"}

package/dist/x402/siwx.js

@@ -0,0 +1,122 @@
+/**
+ * Sign-In-With-X (SIWX) integration for Ampersend smart accounts.
+ *
+ * Every ERC-1271 signature out of an Ampersend Safe is gated by
+ * CoSignerValidator (session key + service key). This module wires that
+ * dual-sig requirement into the SIWX client flow: session key signs the SIWE
+ * message hash locally, the API co-signs the same hash, the pair is packed
+ * into a CoSignerValidator envelope, and the result becomes the SIWX
+ * signature. Servers MUST verify via ERC-1271 (e.g. `publicClient.verifyMessage`).
+ */
+import { decodePaymentRequiredHeader } from "@x402/core/http";
+import { createSIWxPayload, encodeSIWxHeader, SIGN_IN_WITH_X, } from "@x402/extensions/sign-in-with-x";
+import { hashMessage } from "viem";
+import { privateKeyToAccount } from "viem/accounts";
+import { ApiClient } from "../ampersend/client.js";
+import { COSIGNER_VALIDATOR } from "../smart-account/constants.js";
+import { encodeCoSignerEnvelope } from "./wallets/smart-account/cosigned.js";
+/**
+ * Normalize viem's `SignableMessage` to the raw string SIWE produces.
+ * SIWX message bodies are always strings per CAIP-122; reject the `{ raw }`
+ * shape rather than guess what to send to the API for parsing.
+ */
+function requireStringMessage(message) {
+    if (typeof message === "string")
+        return message;
+    throw new Error("SIWX signer received a non-string message; SIWE messages must be strings");
+}
+/**
+ * Build an EVMSigner that signs SIWX messages as the smart account.
+ *
+ * Each `signMessage` call dispatches a co-sign request to the Ampersend API,
+ * so SIWX inherits the same liveness + policy boundary as payments. The
+ * returned signature is a CoSignerValidator ERC-1271 envelope: server
+ * verifiers call the Safe's `isValidSignature`, which routes to
+ * CoSignerValidator, which recovers both keys against `hashMessage(message)`.
+ */
+export function createSiwxSigner(config) {
+    const validatorAddress = config.validatorAddress ?? COSIGNER_VALIDATOR;
+    const sessionKeyAccount = privateKeyToAccount(config.sessionKeyPrivateKey);
+    const apiClient = new ApiClient({
+        baseUrl: config.apiUrl,
+        sessionKeyPrivateKey: config.sessionKeyPrivateKey,
+        agentAddress: config.smartAccountAddress,
+        ...(config.clientName !== undefined ? { clientName: config.clientName } : {}),
+    });
+    return {
+        address: config.smartAccountAddress,
+        signMessage: async ({ message }) => {
+            const messageString = requireStringMessage(message);
+            // viem's verifyMessage passes hashMessage(message) to the Safe's
+            // isValidSignature; CoSignerValidator's `_validateDualSignature` then
+            // calls `ECDSA.recover(hash, sig)` directly — no further EIP-191
+            // wrapping. Both signatures MUST be raw ECDSA over this exact hash,
+            // not signMessage({ raw }) (which would re-prefix and recover wrong).
+            const messageHash = hashMessage(messageString);
+            const [agentSignature, { serverSignature }] = await Promise.all([
+                sessionKeyAccount.sign({ hash: messageHash }),
+                apiClient.signSiwxChallenge(messageString),
+            ]);
+            return encodeCoSignerEnvelope(agentSignature, serverSignature, validatorAddress);
+        },
+    };
+}
+/**
+ * Wrap a fetch implementation so SIWX 402 challenges are satisfied
+ * automatically, signing as the configured smart account.
+ *
+ * Pair with `wrapFetchWithPayment` from `@x402/fetch`, putting SIWX **inside**
+ * the payment wrapper. SIWX handles auth-only routes and re-entry to
+ * previously-paid resources; anything else (no SIWX extension, signature
+ * rejected) falls through unchanged to the payment wrapper.
+ *
+ * @example
+ * ```ts
+ * const fetchWithSiwx = wrapFetchWithAmpersendSiwx(fetch, {
+ *   smartAccountAddress,
+ *   sessionKeyPrivateKey,
+ *   apiUrl,
+ * })
+ * const fetchWithPayment = wrapFetchWithPayment(fetchWithSiwx, ampersendClient)
+ * ```
+ */
+export function wrapFetchWithAmpersendSiwx(fetchImpl, config) {
+    const signer = createSiwxSigner(config);
+    // Upstream `wrapFetchWithSIWx` keys chain selection off `accepts[0].network`,
+    // which breaks auth-only routes (`accepts: []`) — they hand off to the
+    // payment wrapper which then errors on the empty accepts array. We pick the
+    // chain from `accepts[0]` when present, otherwise fall back to the first
+    // entry in `supportedChains`. Loop guard via the SIWX header is preserved.
+    return async (input, init) => {
+        const request = new Request(input, init);
+        const clonedRequest = request.clone();
+        const response = await fetchImpl(request);
+        if (response.status !== 402)
+            return response;
+        const paymentRequiredHeader = response.headers.get("PAYMENT-REQUIRED");
+        if (!paymentRequiredHeader)
+            return response;
+        const paymentRequired = decodePaymentRequiredHeader(paymentRequiredHeader);
+        const siwxExtension = paymentRequired.extensions?.[SIGN_IN_WITH_X];
+        if (!siwxExtension?.supportedChains?.length)
+            return response;
+        if (clonedRequest.headers.has(SIGN_IN_WITH_X)) {
+            throw new Error("SIWX authentication already attempted");
+        }
+        const paymentNetwork = paymentRequired.accepts?.[0]?.network;
+        const matchingChain = paymentNetwork
+            ? siwxExtension.supportedChains.find((c) => c.chainId === paymentNetwork)
+            : siwxExtension.supportedChains[0];
+        if (!matchingChain)
+            return response;
+        const completeInfo = {
+            ...siwxExtension.info,
+            chainId: matchingChain.chainId,
+            type: matchingChain.type,
+        };
+        const payload = await createSIWxPayload(completeInfo, signer);
+        clonedRequest.headers.set(SIGN_IN_WITH_X, encodeSIWxHeader(payload));
+        return fetchImpl(clonedRequest);
+    };
+}
+//# sourceMappingURL=siwx.js.map

package/dist/x402/siwx.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"siwx.js","sourceRoot":"","sources":["../../src/x402/siwx.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,2BAA2B,EAAE,MAAM,iBAAiB,CAAA;AAC7D,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,cAAc,GAGf,MAAM,iCAAiC,CAAA;AACxC,OAAO,EAAE,WAAW,EAAgD,MAAM,MAAM,CAAA;AAChF,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAA;AAEnD,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAA;AAClE,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAA;AAe5E;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,OAAwB;IACpD,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAA;IAC/C,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAA;AAC7F,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAwB;IACvD,MAAM,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,IAAI,kBAAkB,CAAA;IACtE,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAA;IAC1E,MAAM,SAAS,GAAG,IAAI,SAAS,CAAC;QAC9B,OAAO,EAAE,MAAM,CAAC,MAAM;QACtB,oBAAoB,EAAE,MAAM,CAAC,oBAAoB;QACjD,YAAY,EAAE,MAAM,CAAC,mBAAmB;QACxC,GAAG,CAAC,MAAM,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9E,CAAC,CAAA;IAEF,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,mBAAmB;QACnC,WAAW,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;YACjC,MAAM,aAAa,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;YACnD,iEAAiE;YACjE,sEAAsE;YACtE,iEAAiE;YACjE,oEAAoE;YACpE,sEAAsE;YACtE,MAAM,WAAW,GAAG,WAAW,CAAC,aAAa,CAAC,CAAA;YAE9C,MAAM,CAAC,cAAc,EAAE,EAAE,eAAe,EAAE,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBAC9D,iBAAiB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;gBAC7C,SAAS,CAAC,iBAAiB,CAAC,aAAa,CAAC;aAC3C,CAAC,CAAA;YAEF,OAAO,sBAAsB,CAAC,cAAc,EAAE,eAAsB,EAAE,gBAAgB,CAAC,CAAA;QACzF,CAAC;KACF,CAAA;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,0BAA0B,CACxC,SAAkC,EAClC,MAAwB;IAExB,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAA;IAEvC,8EAA8E;IAC9E,uEAAuE;IACvE,4EAA4E;IAC5E,yEAAyE;IACzE,2EAA2E;IAC3E,OAAO,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAC3B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;QACxC,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,EAAE,CAAA;QAErC,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,CAAA;QACzC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,QAAQ,CAAA;QAE5C,MAAM,qBAAqB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;QACtE,IAAI,CAAC,qBAAqB;YAAE,OAAO,QAAQ,CAAA;QAE3C,MAAM,eAAe,GAAG,2BAA2B,CAAC,qBAAqB,CAAC,CAAA;QAC1E,MAAM,aAAa,GAAG,eAAe,CAAC,UAAU,EAAE,CAAC,cAAc,CAA8B,CAAA;QAC/F,IAAI,CAAC,aAAa,EAAE,eAAe,EAAE,MAAM;YAAE,OAAO,QAAQ,CAAA;QAE5D,IAAI,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAA;QAC1D,CAAC;QAED,MAAM,cAAc,GAAG,eAAe,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,CAAA;QAC5D,MAAM,aAAa,GAAG,cAAc;YAClC,CAAC,CAAC,aAAa,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,cAAc,CAAC;YACzE,CAAC,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,CAAA;QACpC,IAAI,CAAC,aAAa;YAAE,OAAO,QAAQ,CAAA;QAEnC,MAAM,YAAY,GAAG;YACnB,GAAG,aAAa,CAAC,IAAI;YACrB,OAAO,EAAE,aAAa,CAAC,OAAO;YAC9B,IAAI,EAAE,aAAa,CAAC,IAAI;SACzB,CAAA;QAED,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;QAC7D,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAA;QACpE,OAAO,SAAS,CAAC,aAAa,CAAC,CAAA;IACjC,CAAC,CAAA;AACH,CAAC"}

package/dist/x402/wallets/smart-account/cosigned.d.ts

@@ -7,8 +7,15 @@ export interface CoSignedPaymentConfig {
     coSignerValidatorAddress: Address;
 }
 /**
- * CoSignerValidator ERC-1271 signature: agent signs → `abi.encode(agentSig, serverSig)`
- * → `encodePacked(validator, combined)`.
+ * Pack a pair of ECDSA signatures into a CoSignerValidator ERC-1271 envelope:
+ * `abi.encode(agentSig, serverSig)` then `encodePacked(validator, combined)`
+ * (ERC-7579 nested-validator framing). Both signatures MUST be over the same
+ * digest that the validator will recover against.
+ */
+export declare function encodeCoSignerEnvelope(agentSignature: Hex, serverSignature: Hex, validator: Address): Hex;
+/**
+ * CoSignerValidator ERC-1271 signature for EIP-712 typed data: agent signs the
+ * typed data, then the pair is packed via {@link encodeCoSignerEnvelope}.
  */
 export declare function encodeCoSignedERC1271Signature(agentPrivateKey: Hex, typedDataParams: TypedDataDefinition, serverSignature: Hex, coSignerValidatorAddress: Address): Promise<Hex>;
 /**

package/dist/x402/wallets/smart-account/cosigned.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cosigned.d.ts","sourceRoot":"","sources":["../../../../src/x402/wallets/smart-account/cosigned.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqC,KAAK,OAAO,EAAE,KAAK,GAAG,EAAE,KAAK,mBAAmB,EAAE,MAAM,MAAM,CAAA;AAI1G,OAAO,EAAkC,KAAK,oBAAoB,EAAE,KAAK,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AACvH,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAA;AAG7D,MAAM,WAAW,qBAAqB;IACpC,mBAAmB,EAAE,OAAO,CAAA;IAC5B,oBAAoB,EAAE,GAAG,CAAA;IACzB,wBAAwB,EAAE,OAAO,CAAA;CAClC;AAED;;;GAGG;AACH,wBAAsB,8BAA8B,CAClD,eAAe,EAAE,GAAG,EACpB,eAAe,EAAE,mBAAmB,EACpC,eAAe,EAAE,GAAG,EACpB,wBAAwB,EAAE,OAAO,GAChC,OAAO,CAAC,GAAG,CAAC,CAUd;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CACzC,WAAW,EAAE,kBAAkB,EAC/B,MAAM,EAAE,qBAAqB,EAC7B,mBAAmB,EAAE,uBAAuB,GAC3C,OAAO,CAAC,oBAAoB,CAAC,CAyD/B"}
+{"version":3,"file":"cosigned.d.ts","sourceRoot":"","sources":["../../../../src/x402/wallets/smart-account/cosigned.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqC,KAAK,OAAO,EAAE,KAAK,GAAG,EAAE,KAAK,mBAAmB,EAAE,MAAM,MAAM,CAAA;AAI1G,OAAO,EAAkC,KAAK,oBAAoB,EAAE,KAAK,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AACvH,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAA;AAG7D,MAAM,WAAW,qBAAqB;IACpC,mBAAmB,EAAE,OAAO,CAAA;IAC5B,oBAAoB,EAAE,GAAG,CAAA;IACzB,wBAAwB,EAAE,OAAO,CAAA;CAClC;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,cAAc,EAAE,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,GAAG,GAAG,CAGzG;AAED;;;GAGG;AACH,wBAAsB,8BAA8B,CAClD,eAAe,EAAE,GAAG,EACpB,eAAe,EAAE,mBAAmB,EACpC,eAAe,EAAE,GAAG,EACpB,wBAAwB,EAAE,OAAO,GAChC,OAAO,CAAC,GAAG,CAAC,CAId;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CACzC,WAAW,EAAE,kBAAkB,EAC/B,MAAM,EAAE,qBAAqB,EAC7B,mBAAmB,EAAE,uBAAuB,GAC3C,OAAO,CAAC,oBAAoB,CAAC,CAyD/B"}

package/dist/x402/wallets/smart-account/cosigned.js

@@ -4,14 +4,23 @@ import { TRANSFER_WITH_AUTHORIZATION_TYPE } from "../../../smart-account/eip712-
 import { acceptedOf, buildAuthorization } from "../../envelopes.js";
 import { chainIdOf } from "./chain.js";
 /**
- * CoSignerValidator ERC-1271 signature: agent signs → `abi.encode(agentSig, serverSig)`
- * → `encodePacked(validator, combined)`.
+ * Pack a pair of ECDSA signatures into a CoSignerValidator ERC-1271 envelope:
+ * `abi.encode(agentSig, serverSig)` then `encodePacked(validator, combined)`
+ * (ERC-7579 nested-validator framing). Both signatures MUST be over the same
+ * digest that the validator will recover against.
+ */
+export function encodeCoSignerEnvelope(agentSignature, serverSignature, validator) {
+    const combined = encodeAbiParameters([{ type: "bytes" }, { type: "bytes" }], [agentSignature, serverSignature]);
+    return encodePacked(["address", "bytes"], [validator, combined]);
+}
+/**
+ * CoSignerValidator ERC-1271 signature for EIP-712 typed data: agent signs the
+ * typed data, then the pair is packed via {@link encodeCoSignerEnvelope}.
  */
 export async function encodeCoSignedERC1271Signature(agentPrivateKey, typedDataParams, serverSignature, coSignerValidatorAddress) {
     const agentAccount = privateKeyToAccount(agentPrivateKey);
     const agentSignature = await agentAccount.signTypedData(typedDataParams);
-    const combinedSignature = encodeAbiParameters([{ type: "bytes" }, { type: "bytes" }], [agentSignature, serverSignature]);
-    return encodePacked(["address", "bytes"], [coSignerValidatorAddress, combinedSignature]);
+    return encodeCoSignerEnvelope(agentSignature, serverSignature, coSignerValidatorAddress);
 }
 /**
  * Sign a co-signed `exact` instruction. Server supplies ERC-3009

package/dist/x402/wallets/smart-account/cosigned.js.map

@@ -1 +1 @@
-{"version":3,"file":"cosigned.js","sourceRoot":"","sources":["../../../../src/x402/wallets/smart-account/cosigned.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAoD,MAAM,MAAM,CAAA;AAC1G,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAA;AAEnD,OAAO,EAAE,gCAAgC,EAAE,MAAM,wCAAwC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAsD,MAAM,oBAAoB,CAAA;AAEvH,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAA;AAQtC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,eAAoB,EACpB,eAAoC,EACpC,eAAoB,EACpB,wBAAiC;IAEjC,MAAM,YAAY,GAAG,mBAAmB,CAAC,eAAe,CAAC,CAAA;IACzD,MAAM,cAAc,GAAG,MAAM,YAAY,CAAC,aAAa,CAAC,eAAe,CAAC,CAAA;IAExE,MAAM,iBAAiB,GAAG,mBAAmB,CAC3C,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EACtC,CAAC,cAAc,EAAE,eAAe,CAAC,CAClC,CAAA;IAED,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,CAAC,wBAAwB,EAAE,iBAAiB,CAAC,CAAC,CAAA;AAC1F,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,WAA+B,EAC/B,MAA6B,EAC7B,mBAA4C;IAE5C,MAAM,EAAE,iBAAiB,EAAE,eAAe,EAAE,GAAG,mBAAmB,CAAA;IAClE,MAAM,QAAQ,GAAG,UAAU,CAAC,WAAW,CAAC,CAAA;IAExC,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,EAAE,IAA0B,CAAA;IAC7D,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,EAAE,OAA6B,CAAA;IAEnE,IAAI,CAAC,UAAU,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAA;IACxF,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,WAAW,CAAC,CAAA;IACtC,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,CAAC,OAAO,+CAA+C,CAAC,CAAA;IAC1G,CAAC;IAED,MAAM,SAAS,GAAwB;QACrC,MAAM,EAAE;YACN,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,aAAa;YACtB,OAAO;YACP,iBAAiB,EAAE,QAAQ,CAAC,KAAgB;SAC7C;QACD,KAAK,EAAE;YACL,yBAAyB,EAAE,gCAAgC;SAC5D;QACD,WAAW,EAAE,2BAA2B;QACxC,OAAO,EAAE;YACP,IAAI,EAAE,iBAAiB,CAAC,IAAI;YAC5B,EAAE,EAAE,iBAAiB,CAAC,EAAE;YACxB,KAAK,EAAE,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC;YACtC,UAAU,EAAE,MAAM,CAAC,iBAAiB,CAAC,UAAU,CAAC;YAChD,WAAW,EAAE,MAAM,CAAC,iBAAiB,CAAC,WAAW,CAAC;YAClD,KAAK,EAAE,iBAAiB,CAAC,KAAY;SACtC;KACF,CAAA;IAED,MAAM,SAAS,GAAG,MAAM,8BAA8B,CACpD,MAAM,CAAC,oBAAoB,EAC3B,SAAS,EACT,eAAsB,EACtB,MAAM,CAAC,wBAAwB,CAChC,CAAA;IAED,MAAM,aAAa,GAAG;QACpB,SAAS,EAAE,SAAmB;QAC9B,aAAa,EAAE;YACb,IAAI,EAAE,iBAAiB,CAAC,IAAI;YAC5B,EAAE,EAAE,iBAAiB,CAAC,EAAE;YACxB,KAAK,EAAE,iBAAiB,CAAC,KAAK;YAC9B,UAAU,EAAE,iBAAiB,CAAC,UAAU;YACxC,WAAW,EAAE,iBAAiB,CAAC,WAAW;YAC1C,KAAK,EAAE,iBAAiB,CAAC,KAAK;SAC/B;KACF,CAAA;IAED,OAAO,kBAAkB,CAAC,WAAW,EAAE,aAAa,CAAC,CAAA;AACvD,CAAC"}
+{"version":3,"file":"cosigned.js","sourceRoot":"","sources":["../../../../src/x402/wallets/smart-account/cosigned.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAoD,MAAM,MAAM,CAAA;AAC1G,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAA;AAEnD,OAAO,EAAE,gCAAgC,EAAE,MAAM,wCAAwC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAsD,MAAM,oBAAoB,CAAA;AAEvH,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAA;AAQtC;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,cAAmB,EAAE,eAAoB,EAAE,SAAkB;IAClG,MAAM,QAAQ,GAAG,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC,CAAA;IAC/G,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAA;AAClE,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,eAAoB,EACpB,eAAoC,EACpC,eAAoB,EACpB,wBAAiC;IAEjC,MAAM,YAAY,GAAG,mBAAmB,CAAC,eAAe,CAAC,CAAA;IACzD,MAAM,cAAc,GAAG,MAAM,YAAY,CAAC,aAAa,CAAC,eAAe,CAAC,CAAA;IACxE,OAAO,sBAAsB,CAAC,cAAc,EAAE,eAAe,EAAE,wBAAwB,CAAC,CAAA;AAC1F,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,WAA+B,EAC/B,MAA6B,EAC7B,mBAA4C;IAE5C,MAAM,EAAE,iBAAiB,EAAE,eAAe,EAAE,GAAG,mBAAmB,CAAA;IAClE,MAAM,QAAQ,GAAG,UAAU,CAAC,WAAW,CAAC,CAAA;IAExC,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,EAAE,IAA0B,CAAA;IAC7D,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,EAAE,OAA6B,CAAA;IAEnE,IAAI,CAAC,UAAU,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAA;IACxF,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,WAAW,CAAC,CAAA;IACtC,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,CAAC,OAAO,+CAA+C,CAAC,CAAA;IAC1G,CAAC;IAED,MAAM,SAAS,GAAwB;QACrC,MAAM,EAAE;YACN,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,aAAa;YACtB,OAAO;YACP,iBAAiB,EAAE,QAAQ,CAAC,KAAgB;SAC7C;QACD,KAAK,EAAE;YACL,yBAAyB,EAAE,gCAAgC;SAC5D;QACD,WAAW,EAAE,2BAA2B;QACxC,OAAO,EAAE;YACP,IAAI,EAAE,iBAAiB,CAAC,IAAI;YAC5B,EAAE,EAAE,iBAAiB,CAAC,EAAE;YACxB,KAAK,EAAE,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC;YACtC,UAAU,EAAE,MAAM,CAAC,iBAAiB,CAAC,UAAU,CAAC;YAChD,WAAW,EAAE,MAAM,CAAC,iBAAiB,CAAC,WAAW,CAAC;YAClD,KAAK,EAAE,iBAAiB,CAAC,KAAY;SACtC;KACF,CAAA;IAED,MAAM,SAAS,GAAG,MAAM,8BAA8B,CACpD,MAAM,CAAC,oBAAoB,EAC3B,SAAS,EACT,eAAsB,EACtB,MAAM,CAAC,wBAAwB,CAChC,CAAA;IAED,MAAM,aAAa,GAAG;QACpB,SAAS,EAAE,SAAmB;QAC9B,aAAa,EAAE;YACb,IAAI,EAAE,iBAAiB,CAAC,IAAI;YAC5B,EAAE,EAAE,iBAAiB,CAAC,EAAE;YACxB,KAAK,EAAE,iBAAiB,CAAC,KAAK;YAC9B,UAAU,EAAE,iBAAiB,CAAC,UAAU;YACxC,WAAW,EAAE,iBAAiB,CAAC,WAAW;YAC1C,KAAK,EAAE,iBAAiB,CAAC,KAAK;SAC/B;KACF,CAAA;IAED,OAAO,kBAAkB,CAAC,WAAW,EAAE,aAAa,CAAC,CAAA;AACvD,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@ampersend_ai/ampersend-sdk",
   "description": "Tooling for building applications with x402 payment capabilities. Supports buyer and seller roles.",
-  "version": "0.0.22",
+  "version": "0.0.25",
   "license": "Apache-2.0",
   "repository": {
     "type": "git",
@@ -66,10 +66,11 @@
     "@types/express": "^5.0.6",
     "@x402/core": "2.9.0",
     "@x402/evm": "2.9.0",
+    "@x402/extensions": "2.9.0",
     "@x402/fetch": "2.9.0",
     "async-mutex": "^0.5.0",
     "commander": "^12.1.0",
-    "effect": "^3.21.0",
+    "effect": "^3.21.2",
     "express": "^5.2.1",
     "fastmcp": "npm:@ampersend_ai/fastmcp@^1.0.0",
     "siwe": "^3.0.0",