@apicity/cost 0.2.0-alpha.0 → 0.2.0-alpha.1

package/README.md

@@ -142,6 +142,264 @@ Maintenance is manual: re-fetch each upstream's pricing page, edit `pricing.ts`,
 | `kie`        | `per-unit-table`         | priced per second of video / per image                                |
 | `free`       | `free`                   | always $0                                                             |
 
+## Paid endpoint guard (OTP pay gate)
+
+Some endpoints have a direct marginal compute cost (e.g. video generation).
+The cost package maintains a small, explicit **paid-endpoint registry**.
+Endpoints that are **not** in the registry are assumed free and require no
+caller changes.
+
+Paid endpoints require a **human-minted, single-request OTP** (one-time
+password). Autonomous callers cannot self-approve paid requests by passing
+a numeric `maxSpend` — they must present an OTP that was signed by an
+operator-held Ed25519 key.
+
+### Registry model
+
+- `PAID_ENDPOINTS` is the canonical list. Every entry is an exact triple of
+  `(provider, method, dotPath)` — there is no regex, prefix, wildcard, or
+  inferred matching.
+- Unlisted endpoints are free. Free endpoints pass through without OTP or
+  pay gate configuration.
+- Listed endpoints block unless a valid OTP is supplied.
+
+### Token format
+
+OTP tokens are a dependency-free compact envelope:
+
+```
+<base64url(payloadJson)>.<base64url(signature)>
+```
+
+The payload JSON is canonicalized with sorted object keys before signing.
+Signature is Ed25519 over the exact base64url payload segment bytes.
+
+Payload schema:
+
+```ts
+interface PayGateOtpPayload {
+  v: 1;                        // version
+  jti: string;                 // random 128-bit hex (unique token id)
+  provider: string;            // e.g. "kie"
+  method: string;              // e.g. "POST"
+  dotPath: string;             // e.g. "api.v1.jobs.createTask"
+  requestHash: `sha256:${string}`; // sha256 of canonical request JSON
+  maxSpendUsd: number;         // maximum allowed spend in USD
+  iat: number;                 // issued-at unix seconds
+  exp: number;                 // expiration unix seconds
+}
+```
+
+Request hash is `sha256:` + hex SHA-256 of the canonical JSON for the request
+payload. Object keys are sorted recursively; array order is preserved.
+Non-JSON payload values must fail closed.
+
+### Key configuration
+
+**Runtime (verification):**
+
+| Variable | Required | Description |
+|----------|----------|-------------|
+| `APICITY_PAYGATE_PUBLIC_KEY_PATH` | Yes | Path to an Ed25519 public key PEM file. Without this, the pay gate is disabled and all paid endpoints throw `PayGateError`. |
+
+**CLI (minting):**
+
+| Variable | Required | Description |
+|----------|----------|-------------|
+| `APICITY_PAYGATE_PRIVATE_KEY_PATH` | Yes | Path to an Ed25519 private key PEM file. Used by the `apicity-paygate` CLI to sign OTPs. |
+
+### Request canonicalization
+
+Before hashing, the request payload is canonicalized:
+
+1. Serialize to JSON with **sorted object keys** (recursive).
+2. Preserve array order exactly.
+3. Reject non-JSON values (functions, undefined, circular references, etc.).
+
+The canonical JSON string is then SHA-256 hashed, and the hash is prefixed
+with `sha256:` in the OTP payload.
+
+### Replay ledger
+
+Consumed OTPs are recorded immediately before dispatch to prevent replay
+attacks. The default ledger path:
+
+- `$XDG_STATE_HOME/apicity/paygate-used.jsonl`
+- Fallback: `~/.local/state/apicity/paygate-used.jsonl`
+
+Each line is a JSON object: `{ "jti": "...", "consumedAt": 1234567890 }`.
+
+If dispatch later fails (network error, upstream 500, etc.), the OTP remains
+consumed. The operator must mint a new OTP for retry.
+
+### Public interface
+
+```ts
+interface PayGateApproval {
+  otp: string;
+}
+
+async function dispatchWithPaidGate<T>(
+  provider: string,
+  method: string,
+  dotPath: string,
+  payload: Record<string, unknown>,
+  approval: PayGateApproval | undefined,
+  dispatch: () => Promise<T>
+): Promise<T>;
+```
+
+Paid endpoint APIs pass the approval as an options object:
+
+```ts
+import { kie } from "@apicity/kie";
+
+const provider = kie({ apiKey: process.env.KIE_API_KEY! });
+
+const task = await provider.post.api.v1.jobs.createTask(
+  {
+    model: "kling-3.0/video",
+    input: { prompt: "...", duration: "5", aspect_ratio: "16:9" },
+  },
+  { otp: "eyJ2IjoxLCJqdGkiOi4uLn0.uK2J9..." }
+);
+```
+
+### Guard behavior
+
+1. **Preflight** — before any network dispatch, `dispatchWithPaidGate` checks
+   whether the endpoint is paid. If the runtime lacks
+   `APICITY_PAYGATE_PUBLIC_KEY_PATH`, the call throws `PayGateError`.
+2. **OTP presence** — paid endpoints require `approval.otp`. If omitted, the
+   call throws `PayGateError`.
+3. **Signature verification** — the OTP payload segment is verified against
+   the Ed25519 public key. If the signature is invalid or forged, the call
+   throws `PayGateError`.
+4. **Expiration** — if `exp` is in the past, the call throws `PayGateError`.
+5. **Request binding** — the OTP `provider`, `method`, `dotPath`, and
+   `requestHash` must match the actual call. Any mismatch throws
+   `PayGateError`.
+6. **Replay check** — if the OTP `jti` already exists in the ledger, the call
+   throws `PayGateError`.
+7. **Estimate** — the package computes a local cost estimate from the payload.
+8. **Bound check** — if the estimate exceeds `maxSpendUsd`, or if the cost
+   cannot be estimated (unknown model, missing fields), the call throws
+   `SpendBoundError`.
+9. **Consume** — the `jti` is appended to the replay ledger.
+10. **Dispatch** — only when all checks pass does the actual HTTP request fire.
+
+```ts
+import { PayGateError, SpendBoundError } from "@apicity/cost";
+
+try {
+  await provider.post.api.v1.jobs.createTask({ ... }, { otp: "..." });
+} catch (e) {
+  if (e instanceof PayGateError) {
+    // OTP missing, invalid, expired, replayed, or mismatched request
+  }
+  if (e instanceof SpendBoundError) {
+    // estimated cost > maxSpendUsd, or cost could not be computed
+  }
+}
+```
+
+### Failure modes
+
+| Condition | Error | Notes |
+|-----------|-------|-------|
+| No `APICITY_PAYGATE_PUBLIC_KEY_PATH` | `PayGateError` | Pay gate is not configured |
+| Paid endpoint without OTP | `PayGateError` | Caller must pass `approval.otp` |
+| Invalid signature | `PayGateError` | OTP was not signed by the correct key |
+| Expired OTP (`exp` < now) | `PayGateError` | Operator must mint a fresh OTP |
+| Replayed OTP (`jti` in ledger) | `PayGateError` | Each OTP is single-use |
+| Mismatched provider/method/dotPath | `PayGateError` | OTP is bound to a specific call |
+| Mismatched request hash | `PayGateError` | Payload must match exactly |
+| Estimate > `maxSpendUsd` | `SpendBoundError` | Request is too expensive |
+| Unestimable cost | `SpendBoundError` | Unknown model or missing fields |
+
+### CLI: minting OTPs
+
+The `apicity-paygate` binary from `@apicity/cost` mints operator-signed OTPs:
+
+```bash
+# Mint an OTP for a specific request
+apicity-paygate otp mint \
+  --provider kie \
+  --method POST \
+  --dot-path api.v1.jobs.createTask \
+  --payload-file request.json \
+  --max-spend 5 \
+  --ttl 10m
+```
+
+The CLI requires `APICITY_PAYGATE_PRIVATE_KEY_PATH` and prints only the OTP
+to stdout on success.
+
+### Migration from `maxSpend`
+
+The previous numeric `maxSpend` parameter is **deprecated**. It allowed
+autonomous callers to self-approve by passing any positive number, which is
+not a true authority boundary.
+
+Migration path:
+
+1. **Operator** generates an Ed25519 key pair:
+   ```bash
+   openssl genpkey -algorithm Ed25519 -out paygate-private.pem
+   openssl pkey -in paygate-private.pem -pubout -out paygate-public.pem
+   ```
+2. **Runtime** sets `APICITY_PAYGATE_PUBLIC_KEY_PATH` to the public key.
+3. **Operator** mints OTPs before each paid call using the CLI or a custom
+   tool that signs the same payload format.
+4. **Caller** passes `{ otp }` instead of a numeric `maxSpend`:
+   ```ts
+   // Before (deprecated)
+   await provider.post.api.v1.jobs.createTask({ ... }, 5);
+
+   // After
+   await provider.post.api.v1.jobs.createTask({ ... }, { otp: "..." });
+   ```
+
+The old `maxSpendPreflight`, `MaxSpendError`, and `dispatchWithPaidGuard`
+interfaces are retained during the transition but will be removed in a
+future major version.
+
+### Minimal operator workflow
+
+1. **Set up keys** (one-time):
+   ```bash
+   export APICITY_PAYGATE_PRIVATE_KEY_PATH=./paygate-private.pem
+   export APICITY_PAYGATE_PUBLIC_KEY_PATH=./paygate-public.pem
+   ```
+2. **Prepare a request**:
+   ```bash
+   cat > request.json << 'EOF'
+   {
+     "model": "kling-3.0/video",
+     "input": {
+       "prompt": "A cat playing piano",
+       "duration": "5",
+       "aspect_ratio": "16:9"
+     }
+   }
+   EOF
+   ```
+3. **Mint an OTP**:
+   ```bash
+   apicity-paygate otp mint \
+     --provider kie \
+     --method POST \
+     --dot-path api.v1.jobs.createTask \
+     --payload-file request.json \
+     --max-spend 5 \
+     --ttl 10m
+   ```
+4. **Pass the OTP to the caller** (copy-paste, secrets manager, etc.).
+5. **Caller uses the OTP**:
+   ```ts
+   await provider.post.api.v1.jobs.createTask({ ... }, { otp: "<paste>" });
+   ```
+
 ## Out of scope
 
 - Anthropic prompt-cache pricing (rates are in the table but `estimate()` ignores them — assumes no caching)

package/dist/src/index.d.ts

@@ -6,4 +6,8 @@ export type { SlugProviderId, SlugModelId } from "./slugs";
 export type { CostUnit, ModelPricing, PerUnitPricing, PricedProviderId, RateSource, TokenPricing, } from "./pricing/index";
 export type { CostBreakdown, CostEstimate, CostProvider, CostSource, EstimateRequest, } from "./types";
 export type { ExtractResult, TextExtract } from "./extract/types";
+export { PAID_ENDPOINTS, lookupPaidEndpoint, isPaidEndpoint, maxSpendPreflight, MaxSpendError, SpendBoundError, spendBoundCheck, dispatchWithPaidGuard, } from "./paid-endpoints";
+export type { PaidEndpointKey, PaidEndpointInfo, PaidEndpointEntry, } from "./paid-endpoints";
+export { PayGateError, PayGateApproval, dispatchWithPaidGate, canonicalizeJson, canonicalHash, parseOtp, verifyOtpSignature, isJtiConsumed, consumeJti, } from "./paygate";
+export type { PayGateOtpPayload } from "./paygate";
 //# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC9E,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3D,YAAY,EACV,QAAQ,EACR,YAAY,EACZ,cAAc,EACd,gBAAgB,EAChB,UAAU,EACV,YAAY,GACb,MAAM,iBAAiB,CAAC;AAEzB,YAAY,EACV,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,UAAU,EACV,eAAe,GAChB,MAAM,SAAS,CAAC;AAEjB,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC9E,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3D,YAAY,EACV,QAAQ,EACR,YAAY,EACZ,cAAc,EACd,gBAAgB,EAChB,UAAU,EACV,YAAY,GACb,MAAM,iBAAiB,CAAC;AAEzB,YAAY,EACV,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,UAAU,EACV,eAAe,GAChB,MAAM,SAAS,CAAC;AAEjB,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAElE,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,eAAe,EACf,eAAe,EACf,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,YAAY,EACZ,eAAe,EACf,oBAAoB,EACpB,gBAAgB,EAChB,aAAa,EACb,QAAQ,EACR,kBAAkB,EAClB,aAAa,EACb,UAAU,GACX,MAAM,WAAW,CAAC;AACnB,YAAY,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC"}

package/dist/src/index.js

@@ -2,4 +2,6 @@ export { cost } from "./cost.js";
 export { computeEstimate } from "./compute.js";
 export { PRICING, PRICING_AS_OF } from "./pricing/index.js";
 export { MODEL_SLUGS, MODEL_DISPLAY, modelSlug, modelDisplay } from "./slugs.js";
+export { PAID_ENDPOINTS, lookupPaidEndpoint, isPaidEndpoint, maxSpendPreflight, MaxSpendError, SpendBoundError, spendBoundCheck, dispatchWithPaidGuard, } from "./paid-endpoints.js";
+export { PayGateError, dispatchWithPaidGate, canonicalizeJson, canonicalHash, parseOtp, verifyOtpSignature, isJtiConsumed, consumeJti, } from "./paygate.js";
 //# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAsB9E,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,eAAe,EACf,eAAe,EACf,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAO1B,OAAO,EACL,YAAY,EAEZ,oBAAoB,EACpB,gBAAgB,EAChB,aAAa,EACb,QAAQ,EACR,kBAAkB,EAClB,aAAa,EACb,UAAU,GACX,MAAM,WAAW,CAAC"}

package/dist/src/paid-endpoints.d.ts

@@ -0,0 +1,110 @@
+/**
+ * Exact paid-endpoint registry.
+ *
+ * Only endpoints listed here are considered paid. All unlisted endpoints
+ * are assumed free and must preserve current behavior with no caller changes.
+ *
+ * Matching is exact: provider + method + dotPath. No regex, prefix,
+ * wildcard, path-family, generated broad match, or fallback-by-method logic.
+ */
+export interface PaidEndpointKey {
+    provider: string;
+    method: string;
+    dotPath: string;
+}
+export interface PaidEndpointInfo {
+    /** Human-readable reason why this endpoint is paid. */
+    reason: string;
+    /** Optional estimator identifier for cost computation. */
+    estimatorId?: string;
+    /** Optional known cost notes (e.g. per-unit billing details). */
+    costNotes?: string;
+}
+export interface PaidEndpointEntry {
+    key: PaidEndpointKey;
+    info: PaidEndpointInfo;
+}
+/**
+ * The canonical list of paid endpoints. Add new entries here only after
+ * review. Keep the list small and explicit.
+ */
+export declare const PAID_ENDPOINTS: readonly PaidEndpointEntry[];
+/**
+ * Look up a paid endpoint by exact key match.
+ *
+ * Returns `PaidEndpointInfo` only when provider, method, and dotPath all match
+ * an entry in `PAID_ENDPOINTS` exactly. Returns `undefined` for every
+ * unlisted endpoint, which callers must treat as free.
+ */
+export declare function lookupPaidEndpoint(provider: string, method: string, dotPath: string): PaidEndpointInfo | undefined;
+/**
+ * Predicate: is this exact endpoint paid?
+ *
+ * Unlisted endpoints return `false` (assumed free).
+ */
+export declare function isPaidEndpoint(provider: string, method: string, dotPath: string): boolean;
+/**
+ * Error thrown when a paid endpoint is called without an explicit maxSpend.
+ */
+export declare class MaxSpendError extends Error {
+    readonly provider: string;
+    readonly method: string;
+    readonly dotPath: string;
+    readonly maxSpend: number;
+    constructor(provider: string, method: string, dotPath: string, maxSpend: number);
+}
+/**
+ * Error thrown when the estimated cost of a paid endpoint exceeds the
+ * caller's maxSpend or when the cost cannot be safely estimated.
+ */
+export declare class SpendBoundError extends Error {
+    readonly provider: string;
+    readonly method: string;
+    readonly dotPath: string;
+    readonly maxSpend: number;
+    readonly estimatedUsd: number;
+    constructor(provider: string, method: string, dotPath: string, maxSpend: number, estimatedUsd: number, message?: string);
+}
+/**
+ * Preflight check for paid endpoints.
+ *
+ * For paid endpoints, maxSpend defaults to 0 when omitted. maxSpend=0 blocks
+ * before the network request with a MaxSpendError. maxSpend>0 authorizes the
+ * call to proceed.
+ *
+ * Free/unlisted endpoints are always allowed regardless of maxSpend.
+ */
+export declare function maxSpendPreflight(provider: string, method: string, dotPath: string, maxSpend?: number): void;
+/**
+ * Verify that a cost estimate is within the caller's maxSpend.
+ *
+ * If the estimate has warnings (could not be computed safely), the spend
+ * cannot be bounded and the call is blocked. If the estimated USD exceeds
+ * maxSpend, the call is blocked. Otherwise the call proceeds.
+ *
+ * This must run AFTER maxSpendPreflight, so maxSpend is known to be > 0.
+ */
+export declare function spendBoundCheck(provider: string, method: string, dotPath: string, maxSpend: number | undefined, estimate: {
+    usd: number;
+    warnings: string[];
+}): void;
+/**
+ * Wrap a provider network dispatch with the paid-endpoint guard.
+ *
+ * This is the canonical boundary enforcement: it runs the preflight check
+ * and spend-bound check before the actual HTTP request, and only calls the
+ * supplied `dispatch` function when the checks pass.
+ *
+ * Free/unlisted endpoints return `dispatch()` immediately without guard
+ * overhead, so callers that omit `maxSpend` on free endpoints see no change.
+ *
+ * @param provider - Provider identifier (e.g. "kie", "openai")
+ * @param method - HTTP method (e.g. "POST", "GET")
+ * @param dotPath - Exact endpoint dot-path (e.g. "api.v1.jobs.createTask")
+ * @param payload - Request payload for cost estimation
+ * @param maxSpend - Maximum spend authorization in USD (undefined for free endpoints)
+ * @param dispatch - The actual network dispatch to wrap
+ * @returns The result of `dispatch()`
+ */
+export declare function dispatchWithPaidGuard<T>(provider: string, method: string, dotPath: string, payload: Record<string, unknown>, maxSpend: number | undefined, dispatch: () => Promise<T>): Promise<T>;
+//# sourceMappingURL=paid-endpoints.d.ts.map

package/dist/src/paid-endpoints.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"paid-endpoints.d.ts","sourceRoot":"","sources":["../../src/paid-endpoints.ts"],"names":[],"mappings":"AACA;;;;;;;;GAQG;AAEH,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,uDAAuD;IACvD,MAAM,EAAE,MAAM,CAAC;IACf,0DAA0D;IAC1D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iEAAiE;IACjE,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,eAAe,CAAC;IACrB,IAAI,EAAE,gBAAgB,CAAC;CACxB;AAED;;;GAGG;AACH,eAAO,MAAM,cAAc,EAAE,SAAS,iBAAiB,EAetD,CAAC;AAEF;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,GACd,gBAAgB,GAAG,SAAS,CAW9B;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,GACd,OAAO,CAET;AAED;;GAEG;AACH,qBAAa,aAAc,SAAQ,KAAK;IACtC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;gBAExB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM;CAanB;AACD;;;GAGG;AACH,qBAAa,eAAgB,SAAQ,KAAK;IACxC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;gBAE5B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,MAAM;CAcnB;AACD;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,QAAQ,GAAE,MAAU,GACnB,IAAI,CAON;AACD;;;;;;;;GAQG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,QAAQ,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;CAAE,GAC5C,IAAI,CA0BN;AACD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,qBAAqB,CAAC,CAAC,EAC3C,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,QAAQ,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GACzB,OAAO,CAAC,CAAC,CAAC,CAcZ"}

package/dist/src/paid-endpoints.js

@@ -0,0 +1,157 @@
+import { computeEstimate } from "./compute.js";
+/**
+ * The canonical list of paid endpoints. Add new entries here only after
+ * review. Keep the list small and explicit.
+ */
+export const PAID_ENDPOINTS = [
+    {
+        key: {
+            provider: "kie",
+            method: "POST",
+            dotPath: "api.v1.jobs.createTask",
+        },
+        info: {
+            reason: "Media generation task that incurs direct marginal compute cost per job",
+            estimatorId: "kie-per-unit",
+            costNotes: "Billed per unit (seconds/images/songs) based on model and resolution",
+        },
+    },
+];
+/**
+ * Look up a paid endpoint by exact key match.
+ *
+ * Returns `PaidEndpointInfo` only when provider, method, and dotPath all match
+ * an entry in `PAID_ENDPOINTS` exactly. Returns `undefined` for every
+ * unlisted endpoint, which callers must treat as free.
+ */
+export function lookupPaidEndpoint(provider, method, dotPath) {
+    for (const entry of PAID_ENDPOINTS) {
+        if (entry.key.provider === provider &&
+            entry.key.method === method &&
+            entry.key.dotPath === dotPath) {
+            return entry.info;
+        }
+    }
+    return undefined;
+}
+/**
+ * Predicate: is this exact endpoint paid?
+ *
+ * Unlisted endpoints return `false` (assumed free).
+ */
+export function isPaidEndpoint(provider, method, dotPath) {
+    return lookupPaidEndpoint(provider, method, dotPath) !== undefined;
+}
+/**
+ * Error thrown when a paid endpoint is called without an explicit maxSpend.
+ */
+export class MaxSpendError extends Error {
+    provider;
+    method;
+    dotPath;
+    maxSpend;
+    constructor(provider, method, dotPath, maxSpend) {
+        super(`Endpoint ${provider} ${method} ${dotPath} may spend money. ` +
+            `maxSpend is ${maxSpend} USD. ` +
+            `Pass an explicit maxSpend to proceed.`);
+        this.name = "MaxSpendError";
+        this.provider = provider;
+        this.method = method;
+        this.dotPath = dotPath;
+        this.maxSpend = maxSpend;
+    }
+}
+/**
+ * Error thrown when the estimated cost of a paid endpoint exceeds the
+ * caller's maxSpend or when the cost cannot be safely estimated.
+ */
+export class SpendBoundError extends Error {
+    provider;
+    method;
+    dotPath;
+    maxSpend;
+    estimatedUsd;
+    constructor(provider, method, dotPath, maxSpend, estimatedUsd, message) {
+        super(message ??
+            `Endpoint ${provider} ${method} ${dotPath} estimated cost ` +
+                `(${estimatedUsd} USD) exceeds maxSpend (${maxSpend} USD).`);
+        this.name = "SpendBoundError";
+        this.provider = provider;
+        this.method = method;
+        this.dotPath = dotPath;
+        this.maxSpend = maxSpend;
+        this.estimatedUsd = estimatedUsd;
+    }
+}
+/**
+ * Preflight check for paid endpoints.
+ *
+ * For paid endpoints, maxSpend defaults to 0 when omitted. maxSpend=0 blocks
+ * before the network request with a MaxSpendError. maxSpend>0 authorizes the
+ * call to proceed.
+ *
+ * Free/unlisted endpoints are always allowed regardless of maxSpend.
+ */
+export function maxSpendPreflight(provider, method, dotPath, maxSpend = 0) {
+    if (!isPaidEndpoint(provider, method, dotPath)) {
+        return;
+    }
+    if (maxSpend <= 0) {
+        throw new MaxSpendError(provider, method, dotPath, maxSpend);
+    }
+}
+/**
+ * Verify that a cost estimate is within the caller's maxSpend.
+ *
+ * If the estimate has warnings (could not be computed safely), the spend
+ * cannot be bounded and the call is blocked. If the estimated USD exceeds
+ * maxSpend, the call is blocked. Otherwise the call proceeds.
+ *
+ * This must run AFTER maxSpendPreflight, so maxSpend is known to be > 0.
+ */
+export function spendBoundCheck(provider, method, dotPath, maxSpend, estimate) {
+    if (maxSpend === undefined || maxSpend <= 0) {
+        return;
+    }
+    if (estimate.warnings.length > 0) {
+        throw new SpendBoundError(provider, method, dotPath, maxSpend, estimate.usd, `Endpoint ${provider} ${method} ${dotPath} spend cannot be bounded ` +
+            `from the payload: ${estimate.warnings.join("; ")}. ` +
+            `Pass an explicit maxSpend that covers the worst-case cost, ` +
+            `or adjust the payload so the cost can be estimated.`);
+    }
+    if (estimate.usd > maxSpend) {
+        throw new SpendBoundError(provider, method, dotPath, maxSpend, estimate.usd);
+    }
+}
+/**
+ * Wrap a provider network dispatch with the paid-endpoint guard.
+ *
+ * This is the canonical boundary enforcement: it runs the preflight check
+ * and spend-bound check before the actual HTTP request, and only calls the
+ * supplied `dispatch` function when the checks pass.
+ *
+ * Free/unlisted endpoints return `dispatch()` immediately without guard
+ * overhead, so callers that omit `maxSpend` on free endpoints see no change.
+ *
+ * @param provider - Provider identifier (e.g. "kie", "openai")
+ * @param method - HTTP method (e.g. "POST", "GET")
+ * @param dotPath - Exact endpoint dot-path (e.g. "api.v1.jobs.createTask")
+ * @param payload - Request payload for cost estimation
+ * @param maxSpend - Maximum spend authorization in USD (undefined for free endpoints)
+ * @param dispatch - The actual network dispatch to wrap
+ * @returns The result of `dispatch()`
+ */
+export async function dispatchWithPaidGuard(provider, method, dotPath, payload, maxSpend, dispatch) {
+    maxSpendPreflight(provider, method, dotPath, maxSpend);
+    if (isPaidEndpoint(provider, method, dotPath) &&
+        maxSpend !== undefined &&
+        maxSpend > 0) {
+        const estimate = computeEstimate({
+            provider: provider,
+            payload,
+        });
+        spendBoundCheck(provider, method, dotPath, maxSpend, estimate);
+    }
+    return dispatch();
+}
+//# sourceMappingURL=paid-endpoints.js.map

package/dist/src/paid-endpoints.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paid-endpoints.js","sourceRoot":"","sources":["../../src/paid-endpoints.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AA+B5C;;;GAGG;AACH,MAAM,CAAC,MAAM,cAAc,GAAiC;IAC1D;QACE,GAAG,EAAE;YACH,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,wBAAwB;SAClC;QACD,IAAI,EAAE;YACJ,MAAM,EACJ,wEAAwE;YAC1E,WAAW,EAAE,cAAc;YAC3B,SAAS,EACP,sEAAsE;SACzE;KACF;CACF,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAChC,QAAgB,EAChB,MAAc,EACd,OAAe;IAEf,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;QACnC,IACE,KAAK,CAAC,GAAG,CAAC,QAAQ,KAAK,QAAQ;YAC/B,KAAK,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM;YAC3B,KAAK,CAAC,GAAG,CAAC,OAAO,KAAK,OAAO,EAC7B,CAAC;YACD,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAC5B,QAAgB,EAChB,MAAc,EACd,OAAe;IAEf,OAAO,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,SAAS,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,aAAc,SAAQ,KAAK;IAC7B,QAAQ,CAAS;IACjB,MAAM,CAAS;IACf,OAAO,CAAS;IAChB,QAAQ,CAAS;IAC1B,YACE,QAAgB,EAChB,MAAc,EACd,OAAe,EACf,QAAgB;QAEhB,KAAK,CACH,YAAY,QAAQ,IAAI,MAAM,IAAI,OAAO,oBAAoB;YAC3D,eAAe,QAAQ,QAAQ;YAC/B,uCAAuC,CAC1C,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;QAC5B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;CACF;AACD;;;GAGG;AACH,MAAM,OAAO,eAAgB,SAAQ,KAAK;IAC/B,QAAQ,CAAS;IACjB,MAAM,CAAS;IACf,OAAO,CAAS;IAChB,QAAQ,CAAS;IACjB,YAAY,CAAS;IAC9B,YACE,QAAgB,EAChB,MAAc,EACd,OAAe,EACf,QAAgB,EAChB,YAAoB,EACpB,OAAgB;QAEhB,KAAK,CACH,OAAO;YACL,YAAY,QAAQ,IAAI,MAAM,IAAI,OAAO,kBAAkB;gBACzD,IAAI,YAAY,2BAA2B,QAAQ,QAAQ,CAChE,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;CACF;AACD;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAC/B,QAAgB,EAChB,MAAc,EACd,OAAe,EACf,WAAmB,CAAC;IAEpB,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;QAC/C,OAAO;IACT,CAAC;IACD,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QAClB,MAAM,IAAI,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AACD;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAgB,EAChB,MAAc,EACd,OAAe,EACf,QAA4B,EAC5B,QAA6C;IAE7C,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QAC5C,OAAO;IACT,CAAC;IACD,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,eAAe,CACvB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,QAAQ,EACR,QAAQ,CAAC,GAAG,EACZ,YAAY,QAAQ,IAAI,MAAM,IAAI,OAAO,2BAA2B;YAClE,qBAAqB,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;YACrD,6DAA6D;YAC7D,qDAAqD,CACxD,CAAC;IACJ,CAAC;IACD,IAAI,QAAQ,CAAC,GAAG,GAAG,QAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,eAAe,CACvB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,QAAQ,EACR,QAAQ,CAAC,GAAG,CACb,CAAC;IACJ,CAAC;AACH,CAAC;AACD;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,QAAgB,EAChB,MAAc,EACd,OAAe,EACf,OAAgC,EAChC,QAA4B,EAC5B,QAA0B;IAE1B,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IACvD,IACE,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC;QACzC,QAAQ,KAAK,SAAS;QACtB,QAAQ,GAAG,CAAC,EACZ,CAAC;QACD,MAAM,QAAQ,GAAG,eAAe,CAAC;YAC/B,QAAQ,EAAE,QAAyD;YACnE,OAAO;SACR,CAAC,CAAC;QACH,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,QAAQ,EAAE,CAAC;AACpB,CAAC"}

package/dist/src/paygate-cli.d.ts

@@ -0,0 +1,19 @@
+#!/usr/bin/env node
+/**
+ * Parse a TTL string like "10m", "1h", "30s" into seconds.
+ */
+export declare function parseTtl(ttl: string): number;
+/**
+ * Mint an OTP for a specific request.
+ *
+ * Requires `APICITY_PAYGATE_PRIVATE_KEY_PATH` to point to an Ed25519 private key PEM.
+ */
+export declare function mintOtp(provider: string, method: string, dotPath: string, payload: Record<string, unknown>, maxSpendUsd: number, ttlSeconds: number): string;
+/**
+ * Generate a fresh Ed25519 key pair for the pay gate.
+ */
+export declare function generateKeyPair(): {
+    publicKeyPem: string;
+    privateKeyPem: string;
+};
+//# sourceMappingURL=paygate-cli.d.ts.map

package/dist/src/paygate-cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"paygate-cli.d.ts","sourceRoot":"","sources":["../../src/paygate-cli.ts"],"names":[],"mappings":";AAkBA;;GAEG;AACH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAqB5C;AAED;;;;GAIG;AACH,wBAAgB,OAAO,CACrB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,GACjB,MAAM,CAuCR;AAED;;GAEG;AACH,wBAAgB,eAAe,IAAI;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB,CAMA"}

package/dist/src/paygate-cli.js

@@ -0,0 +1,177 @@
+#!/usr/bin/env node
+import { sign, generateKeyPairSync, randomBytes } from "node:crypto";
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { canonicalHash } from "./paygate.js";
+/**
+ * Encode a buffer to unpadded base64url.
+ */
+function base64urlEncode(data) {
+    return data
+        .toString("base64")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/g, "");
+}
+/**
+ * Parse a TTL string like "10m", "1h", "30s" into seconds.
+ */
+export function parseTtl(ttl) {
+    const match = ttl.match(/^(\d+)([smhd])$/i);
+    if (!match) {
+        throw new Error(`Invalid TTL format: ${ttl}. Expected format like 10m, 1h, 30s.`);
+    }
+    const value = parseInt(match[1], 10);
+    const unit = match[2].toLowerCase();
+    switch (unit) {
+        case "s":
+            return value;
+        case "m":
+            return value * 60;
+        case "h":
+            return value * 60 * 60;
+        case "d":
+            return value * 60 * 60 * 24;
+        default:
+            throw new Error(`Unknown TTL unit: ${unit}`);
+    }
+}
+/**
+ * Mint an OTP for a specific request.
+ *
+ * Requires `APICITY_PAYGATE_PRIVATE_KEY_PATH` to point to an Ed25519 private key PEM.
+ */
+export function mintOtp(provider, method, dotPath, payload, maxSpendUsd, ttlSeconds) {
+    const privateKeyPath = process.env.APICITY_PAYGATE_PRIVATE_KEY_PATH;
+    if (!privateKeyPath) {
+        throw new Error("APICITY_PAYGATE_PRIVATE_KEY_PATH is not set. " +
+            "Export the path to your Ed25519 private key PEM.");
+    }
+    const privateKeyPem = readFileSync(privateKeyPath, "utf8");
+    const jti = randomBytes(16).toString("hex");
+    const iat = Math.floor(Date.now() / 1000);
+    const exp = iat + ttlSeconds;
+    const payloadObj = {
+        v: 1,
+        jti,
+        provider,
+        method,
+        dotPath,
+        requestHash: canonicalHash(payload),
+        maxSpendUsd,
+        iat,
+        exp,
+    };
+    const payloadJson = JSON.stringify(payloadObj);
+    const payloadSegment = base64urlEncode(Buffer.from(payloadJson, "utf8"));
+    const signature = sign(null, Buffer.from(payloadSegment, "utf8"), privateKeyPem);
+    const signatureSegment = base64urlEncode(signature);
+    return `${payloadSegment}.${signatureSegment}`;
+}
+/**
+ * Generate a fresh Ed25519 key pair for the pay gate.
+ */
+export function generateKeyPair() {
+    const { publicKey, privateKey } = generateKeyPairSync("ed25519", {
+        publicKeyEncoding: { type: "spki", format: "pem" },
+        privateKeyEncoding: { type: "pkcs8", format: "pem" },
+    });
+    return { publicKeyPem: publicKey, privateKeyPem: privateKey };
+}
+function parseMintArgs(argv) {
+    const out = {};
+    for (let i = 0; i < argv.length; i++) {
+        const a = argv[i];
+        if (a === "--provider")
+            out.provider = argv[++i];
+        else if (a.startsWith("--provider="))
+            out.provider = a.slice(11);
+        else if (a === "--method")
+            out.method = argv[++i];
+        else if (a.startsWith("--method="))
+            out.method = a.slice(9);
+        else if (a === "--dot-path")
+            out.dotPath = argv[++i];
+        else if (a.startsWith("--dot-path="))
+            out.dotPath = a.slice(11);
+        else if (a === "--payload-file")
+            out.payloadFile = argv[++i];
+        else if (a.startsWith("--payload-file="))
+            out.payloadFile = a.slice(15);
+        else if (a === "--max-spend")
+            out.maxSpend = parseFloat(argv[++i]);
+        else if (a.startsWith("--max-spend="))
+            out.maxSpend = parseFloat(a.slice(12));
+        else if (a === "--ttl")
+            out.ttl = argv[++i];
+        else if (a.startsWith("--ttl="))
+            out.ttl = a.slice(6);
+        else {
+            console.error(`[apicity-paygate] unknown arg: ${a}`);
+        }
+    }
+    const required = [
+        "provider",
+        "method",
+        "dotPath",
+        "payloadFile",
+        "maxSpend",
+        "ttl",
+    ];
+    for (const key of required) {
+        if (out[key] === undefined || out[key] === null) {
+            throw new Error(`Missing required argument: --${key.replace(/([A-Z])/g, "-$1").toLowerCase()}`);
+        }
+    }
+    return out;
+}
+function printHelp() {
+    console.error([
+        "apicity-paygate — Mint OTPs for paid @apicity endpoints.",
+        "",
+        "Usage:",
+        "  apicity-paygate otp mint \\",
+        "    --provider <provider> \\",
+        "    --method <HTTP method> \\",
+        "    --dot-path <api.path> \\",
+        "    --payload-file <path> \\",
+        "    --max-spend <usd> \\",
+        "    --ttl <duration>",
+        "",
+        "Options:",
+        "  --provider     Provider name (e.g. kie, openai, xai)",
+        "  --method       HTTP method (e.g. POST, GET)",
+        "  --dot-path     API dot-path (e.g. api.v1.jobs.createTask)",
+        "  --payload-file Path to JSON request payload file",
+        "  --max-spend    Maximum spend in USD",
+        "  --ttl          Time-to-live: 10m, 1h, 30s, 1d",
+        "",
+        "Environment:",
+        "  APICITY_PAYGATE_PRIVATE_KEY_PATH  Path to Ed25519 private key PEM",
+    ].join("\n"));
+}
+async function main() {
+    const argv = process.argv.slice(2);
+    if (argv.length === 0 || argv[0] === "--help" || argv[0] === "-h") {
+        printHelp();
+        process.exit(0);
+    }
+    if (argv[0] !== "otp" || argv[1] !== "mint") {
+        console.error("[apicity-paygate] only 'otp mint' is supported.");
+        printHelp();
+        process.exit(1);
+    }
+    const args = parseMintArgs(argv.slice(2));
+    const payload = JSON.parse(readFileSync(args.payloadFile, "utf8"));
+    const ttlSeconds = parseTtl(args.ttl);
+    const otp = mintOtp(args.provider, args.method, args.dotPath, payload, args.maxSpend, ttlSeconds);
+    console.log(otp);
+}
+const __filename = fileURLToPath(import.meta.url);
+if (process.argv[1] === __filename) {
+    main().catch((err) => {
+        console.error("[apicity-paygate] fatal:", err instanceof Error ? err.message : err);
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=paygate-cli.js.map

package/dist/src/paygate-cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paygate-cli.js","sourceRoot":"","sources":["../../src/paygate-cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAE7C;;GAEG;AACH,SAAS,eAAe,CAAC,IAAY;IACnC,OAAO,IAAI;SACR,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,GAAW;IAClC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,uBAAuB,GAAG,sCAAsC,CACjE,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC;IACrC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,GAAG;YACN,OAAO,KAAK,CAAC;QACf,KAAK,GAAG;YACN,OAAO,KAAK,GAAG,EAAE,CAAC;QACpB,KAAK,GAAG;YACN,OAAO,KAAK,GAAG,EAAE,GAAG,EAAE,CAAC;QACzB,KAAK,GAAG;YACN,OAAO,KAAK,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;QAC9B;YACE,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,OAAO,CACrB,QAAgB,EAChB,MAAc,EACd,OAAe,EACf,OAAgC,EAChC,WAAmB,EACnB,UAAkB;IAElB,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC;IACpE,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CACb,+CAA+C;YAC7C,kDAAkD,CACrD,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,YAAY,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IAE3D,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,GAAG,GAAG,UAAU,CAAC;IAE7B,MAAM,UAAU,GAAG;QACjB,CAAC,EAAE,CAAU;QACb,GAAG;QACH,QAAQ;QACR,MAAM;QACN,OAAO;QACP,WAAW,EAAE,aAAa,CAAC,OAAO,CAAC;QACnC,WAAW;QACX,GAAG;QACH,GAAG;KACJ,CAAC;IAEF,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC/C,MAAM,cAAc,GAAG,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;IAEzE,MAAM,SAAS,GAAG,IAAI,CACpB,IAAI,EACJ,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,EACnC,aAAa,CACd,CAAC;IAEF,MAAM,gBAAgB,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAEpD,OAAO,GAAG,cAAc,IAAI,gBAAgB,EAAE,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe;IAI7B,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,SAAS,EAAE;QAC/D,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;QAClD,kBAAkB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE;KACrD,CAAC,CAAC;IACH,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC;AAChE,CAAC;AAWD,SAAS,aAAa,CAAC,IAAc;IACnC,MAAM,GAAG,GAAsB,EAAE,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,CAAC,KAAK,YAAY;YAAE,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;aAC5C,IAAI,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC;YAAE,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;aAC5D,IAAI,CAAC,KAAK,UAAU;YAAE,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;aAC7C,IAAI,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC;YAAE,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;aACvD,IAAI,CAAC,KAAK,YAAY;YAAE,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;aAChD,IAAI,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC;YAAE,GAAG,CAAC,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;aAC3D,IAAI,CAAC,KAAK,gBAAgB;YAAE,GAAG,CAAC,WAAW,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;aACxD,IAAI,CAAC,CAAC,UAAU,CAAC,iBAAiB,CAAC;YAAE,GAAG,CAAC,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;aACnE,IAAI,CAAC,KAAK,aAAa;YAAE,GAAG,CAAC,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAE,CAAC,CAAC;aAC/D,IAAI,CAAC,CAAC,UAAU,CAAC,cAAc,CAAC;YACnC,GAAG,CAAC,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;aACpC,IAAI,CAAC,KAAK,OAAO;YAAE,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;aACvC,IAAI,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;aACjD,CAAC;YACJ,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAuB;QACnC,UAAU;QACV,QAAQ;QACR,SAAS;QACT,aAAa;QACb,UAAU;QACV,KAAK;KACN,CAAC;IACF,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CACb,gCAAgC,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,WAAW,EAAE,EAAE,CAC/E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,GAAe,CAAC;AACzB,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,CAAC,KAAK,CACX;QACE,0DAA0D;QAC1D,EAAE;QACF,QAAQ;QACR,+BAA+B;QAC/B,8BAA8B;QAC9B,+BAA+B;QAC/B,8BAA8B;QAC9B,8BAA8B;QAC9B,0BAA0B;QAC1B,sBAAsB;QACtB,EAAE;QACF,UAAU;QACV,wDAAwD;QACxD,+CAA+C;QAC/C,6DAA6D;QAC7D,oDAAoD;QACpD,uCAAuC;QACvC,iDAAiD;QACjD,EAAE;QACF,cAAc;QACd,qEAAqE;KACtE,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAClE,SAAS,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;QAC5C,OAAO,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACjE,SAAS,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,IAAI,GAAG,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAGhE,CAAC;IACF,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,OAAO,CACjB,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,OAAO,EACZ,OAAO,EACP,IAAI,CAAC,QAAQ,EACb,UAAU,CACX,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AACD,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE,CAAC;IACnC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACnB,OAAO,CAAC,KAAK,CACX,0BAA0B,EAC1B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CACzC,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/src/paygate.d.ts

@@ -0,0 +1,80 @@
+/**
+ * OTP payload schema.
+ */
+export interface PayGateOtpPayload {
+    v: 1;
+    jti: string;
+    provider: string;
+    method: string;
+    dotPath: string;
+    requestHash: `sha256:${string}`;
+    maxSpendUsd: number;
+    iat: number;
+    exp: number;
+}
+/**
+ * Caller-supplied approval object.
+ */
+export interface PayGateApproval {
+    otp: string;
+}
+/**
+ * Error thrown when the pay gate blocks a request for any reason
+ * other than spend bounds (which use SpendBoundError).
+ */
+export declare class PayGateError extends Error {
+    readonly provider: string;
+    readonly method: string;
+    readonly dotPath: string;
+    readonly code: "paygate-not-configured" | "otp-missing" | "otp-malformed" | "otp-invalid-signature" | "otp-expired" | "otp-mismatched-request" | "otp-replayed";
+    constructor(provider: string, method: string, dotPath: string, code: PayGateError["code"], message: string);
+}
+/**
+ * Canonicalize a JSON value by sorting object keys recursively.
+ * Arrays preserve order. Non-JSON values (undefined, functions, symbols,
+ * circular references) cause a TypeError so the caller can fail closed.
+ */
+export declare function canonicalizeJson(value: unknown): string;
+/**
+ * Compute SHA-256 of canonical JSON, prefixed with `sha256:`.
+ */
+export declare function canonicalHash(value: unknown): `sha256:${string}`;
+/**
+ * Parse an OTP envelope: `<base64url(payloadJson)>.<base64url(signature)>`.
+ * Returns the payload object and raw signature bytes.
+ */
+export declare function parseOtp(otp: string): {
+    payload: PayGateOtpPayload;
+    signature: Buffer;
+};
+/**
+ * Verify the Ed25519 signature of an OTP payload segment.
+ * `publicKey` is the PEM string read from the public key file.
+ */
+export declare function verifyOtpSignature(payloadSegmentBase64url: string, signature: Buffer, publicKeyPem: string): boolean;
+/**
+ * Check whether a jti has already been consumed.
+ *
+ * @param jti - The OTP jti to check
+ * @param ledgerPath - Optional override path; defaults to XDG_STATE_HOME or ~/.local/state
+ */
+export declare function isJtiConsumed(jti: string, ledgerPath?: string): boolean;
+/**
+ * Append a jti to the replay ledger.
+ *
+ * @param jti - The OTP jti to consume
+ * @param ledgerPath - Optional override path; defaults to XDG_STATE_HOME or ~/.local/state
+ */
+export declare function consumeJti(jti: string, ledgerPath?: string): void;
+/**
+ * Wrap a provider network dispatch with the OTP-based paid-endpoint gate.
+ *
+ * Free/unlisted endpoints return `dispatch()` immediately without OTP or
+ * pay gate configuration.
+ *
+ * Paid endpoints fail closed: if the pay gate is not configured, or the OTP
+ * is missing, invalid, expired, replayed, mismatched, or the cost exceeds the
+ * OTP's maxSpendUsd, the call throws before dispatch runs.
+ */
+export declare function dispatchWithPaidGate<T>(provider: string, method: string, dotPath: string, payload: Record<string, unknown>, approval: PayGateApproval | undefined, dispatch: () => Promise<T>): Promise<T>;
+//# sourceMappingURL=paygate.d.ts.map

package/dist/src/paygate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"paygate.d.ts","sourceRoot":"","sources":["../../src/paygate.ts"],"names":[],"mappings":"AAWA;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,CAAC,EAAE,CAAC,CAAC;IACL,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,UAAU,MAAM,EAAE,CAAC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;GAGG;AACH,qBAAa,YAAa,SAAQ,KAAK;IACrC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,IAAI,EACT,wBAAwB,GACxB,aAAa,GACb,eAAe,GACf,uBAAuB,GACvB,aAAa,GACb,wBAAwB,GACxB,cAAc,CAAC;gBAGjB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,EAC1B,OAAO,EAAE,MAAM;CASlB;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAsCvD;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,UAAU,MAAM,EAAE,CAIhE;AAaD;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG;IACrC,OAAO,EAAE,iBAAiB,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB,CAyCA;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,uBAAuB,EAAE,MAAM,EAC/B,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,GACnB,OAAO,CAIT;AAaD;;;;;GAKG;AACH,wBAAgB,aAAa,CAC3B,GAAG,EAAE,MAAM,EACX,UAAU,GAAE,MAA4B,GACvC,OAAO,CAkBT;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CACxB,GAAG,EAAE,MAAM,EACX,UAAU,GAAE,MAA4B,GACvC,IAAI,CAUN;AAuGD;;;;;;;;;GASG;AACH,wBAAsB,oBAAoB,CAAC,CAAC,EAC1C,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,EAAE,eAAe,GAAG,SAAS,EACrC,QAAQ,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GACzB,OAAO,CAAC,CAAC,CAAC,CAsEZ"}

package/dist/src/paygate.js

@@ -0,0 +1,278 @@
+import { createHash, createPublicKey, verify } from "node:crypto";
+import { readFileSync, appendFileSync, existsSync, mkdirSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+import { computeEstimate } from "./compute.js";
+import { isPaidEndpoint } from "./paid-endpoints.js";
+import { SpendBoundError } from "./paid-endpoints.js";
+/**
+ * Error thrown when the pay gate blocks a request for any reason
+ * other than spend bounds (which use SpendBoundError).
+ */
+export class PayGateError extends Error {
+    provider;
+    method;
+    dotPath;
+    code;
+    constructor(provider, method, dotPath, code, message) {
+        super(message);
+        this.name = "PayGateError";
+        this.provider = provider;
+        this.method = method;
+        this.dotPath = dotPath;
+        this.code = code;
+    }
+}
+/**
+ * Canonicalize a JSON value by sorting object keys recursively.
+ * Arrays preserve order. Non-JSON values (undefined, functions, symbols,
+ * circular references) cause a TypeError so the caller can fail closed.
+ */
+export function canonicalizeJson(value) {
+    const seen = new WeakSet();
+    function walk(v) {
+        if (v === null ||
+            typeof v === "boolean" ||
+            typeof v === "number" ||
+            typeof v === "string") {
+            return v;
+        }
+        if (typeof v === "undefined" ||
+            typeof v === "function" ||
+            typeof v === "symbol") {
+            throw new TypeError("Cannot canonicalize non-JSON value: " + typeof v);
+        }
+        if (Array.isArray(v)) {
+            return v.map(walk);
+        }
+        if (typeof v === "object") {
+            if (seen.has(v)) {
+                throw new TypeError("Cannot canonicalize circular reference");
+            }
+            seen.add(v);
+            const sortedKeys = Object.keys(v).sort();
+            const out = {};
+            for (const k of sortedKeys) {
+                out[k] = walk(v[k]);
+            }
+            return out;
+        }
+        throw new TypeError("Cannot canonicalize unexpected type: " + typeof v);
+    }
+    return JSON.stringify(walk(value));
+}
+/**
+ * Compute SHA-256 of canonical JSON, prefixed with `sha256:`.
+ */
+export function canonicalHash(value) {
+    const canonical = canonicalizeJson(value);
+    const hash = createHash("sha256").update(canonical, "utf8").digest("hex");
+    return `sha256:${hash}`;
+}
+/**
+ * Decode base64url (no padding required).
+ */
+function base64urlDecode(str) {
+    // Replace base64url chars with base64 chars and add padding
+    const base64 = str.replace(/-/g, "+").replace(/_/g, "/");
+    const padLen = (4 - (base64.length % 4)) % 4;
+    const padded = base64 + "=".repeat(padLen);
+    return Buffer.from(padded, "base64");
+}
+/**
+ * Parse an OTP envelope: `<base64url(payloadJson)>.<base64url(signature)>`.
+ * Returns the payload object and raw signature bytes.
+ */
+export function parseOtp(otp) {
+    const parts = otp.split(".");
+    if (parts.length !== 2) {
+        throw new Error("OTP must contain exactly one '.' separator");
+    }
+    const payloadJson = base64urlDecode(parts[0]).toString("utf8");
+    const signature = base64urlDecode(parts[1]);
+    let payload;
+    try {
+        payload = JSON.parse(payloadJson);
+    }
+    catch {
+        throw new Error("OTP payload is not valid JSON");
+    }
+    if (typeof payload !== "object" ||
+        payload === null ||
+        !("v" in payload) ||
+        payload.v !== 1 ||
+        !("jti" in payload) ||
+        typeof payload.jti !== "string" ||
+        !("provider" in payload) ||
+        typeof payload.provider !== "string" ||
+        !("method" in payload) ||
+        typeof payload.method !== "string" ||
+        !("dotPath" in payload) ||
+        typeof payload.dotPath !== "string" ||
+        !("requestHash" in payload) ||
+        typeof payload.requestHash !== "string" ||
+        !("maxSpendUsd" in payload) ||
+        typeof payload.maxSpendUsd !== "number" ||
+        !("iat" in payload) ||
+        typeof payload.iat !== "number" ||
+        !("exp" in payload) ||
+        typeof payload.exp !== "number") {
+        throw new Error("OTP payload missing required fields");
+    }
+    return {
+        payload: payload,
+        signature,
+    };
+}
+/**
+ * Verify the Ed25519 signature of an OTP payload segment.
+ * `publicKey` is the PEM string read from the public key file.
+ */
+export function verifyOtpSignature(payloadSegmentBase64url, signature, publicKeyPem) {
+    const key = createPublicKey(publicKeyPem);
+    const data = Buffer.from(payloadSegmentBase64url, "utf8");
+    return verify(null, data, key, signature);
+}
+/**
+ * Resolve the default replay ledger path.
+ */
+function defaultLedgerPath() {
+    const xdg = process.env.XDG_STATE_HOME;
+    if (xdg) {
+        return join(xdg, "apicity", "paygate-used.jsonl");
+    }
+    return join(homedir(), ".local", "state", "apicity", "paygate-used.jsonl");
+}
+/**
+ * Check whether a jti has already been consumed.
+ *
+ * @param jti - The OTP jti to check
+ * @param ledgerPath - Optional override path; defaults to XDG_STATE_HOME or ~/.local/state
+ */
+export function isJtiConsumed(jti, ledgerPath = defaultLedgerPath()) {
+    if (!existsSync(ledgerPath)) {
+        return false;
+    }
+    const content = readFileSync(ledgerPath, "utf8");
+    for (const line of content.split("\n")) {
+        const trimmed = line.trim();
+        if (!trimmed)
+            continue;
+        try {
+            const entry = JSON.parse(trimmed);
+            if (entry.jti === jti) {
+                return true;
+            }
+        }
+        catch {
+            // Skip malformed lines
+        }
+    }
+    return false;
+}
+/**
+ * Append a jti to the replay ledger.
+ *
+ * @param jti - The OTP jti to consume
+ * @param ledgerPath - Optional override path; defaults to XDG_STATE_HOME or ~/.local/state
+ */
+export function consumeJti(jti, ledgerPath = defaultLedgerPath()) {
+    const dir = join(ledgerPath, "..");
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+    const entry = JSON.stringify({
+        jti,
+        consumedAt: Math.floor(Date.now() / 1000),
+    });
+    appendFileSync(ledgerPath, entry + "\n", "utf8");
+}
+/**
+ * Load the Ed25519 public key PEM from the configured path.
+ */
+function loadPublicKey() {
+    const path = process.env.APICITY_PAYGATE_PUBLIC_KEY_PATH;
+    if (!path) {
+        return undefined;
+    }
+    return readFileSync(path, "utf8");
+}
+/**
+ * Verify an OTP against the public key, checking signature, expiry,
+ * request binding, and replay.
+ */
+function verifyOtp(provider, method, dotPath, payload, otp, publicKeyPem) {
+    let parsed;
+    try {
+        parsed = parseOtp(otp);
+    }
+    catch (e) {
+        throw new PayGateError(provider, method, dotPath, "otp-malformed", e instanceof Error ? e.message : "OTP is malformed");
+    }
+    const { payload: otpPayload, signature } = parsed;
+    const parts = otp.split(".");
+    const payloadSegment = parts[0];
+    const sigOk = verifyOtpSignature(payloadSegment, signature, publicKeyPem);
+    if (!sigOk) {
+        throw new PayGateError(provider, method, dotPath, "otp-invalid-signature", "OTP signature is invalid");
+    }
+    const now = Math.floor(Date.now() / 1000);
+    if (otpPayload.exp < now) {
+        throw new PayGateError(provider, method, dotPath, "otp-expired", `OTP expired at ${otpPayload.exp} (now is ${now})`);
+    }
+    if (otpPayload.provider !== provider ||
+        otpPayload.method !== method ||
+        otpPayload.dotPath !== dotPath) {
+        throw new PayGateError(provider, method, dotPath, "otp-mismatched-request", `OTP bound to ${otpPayload.provider} ${otpPayload.method} ${otpPayload.dotPath}, ` +
+            `but call is ${provider} ${method} ${dotPath}`);
+    }
+    const expectedHash = canonicalHash(payload);
+    if (otpPayload.requestHash !== expectedHash) {
+        throw new PayGateError(provider, method, dotPath, "otp-mismatched-request", `OTP request hash mismatch: expected ${expectedHash}, got ${otpPayload.requestHash}`);
+    }
+    if (isJtiConsumed(otpPayload.jti)) {
+        throw new PayGateError(provider, method, dotPath, "otp-replayed", `OTP jti ${otpPayload.jti} has already been consumed`);
+    }
+    return otpPayload;
+}
+/**
+ * Wrap a provider network dispatch with the OTP-based paid-endpoint gate.
+ *
+ * Free/unlisted endpoints return `dispatch()` immediately without OTP or
+ * pay gate configuration.
+ *
+ * Paid endpoints fail closed: if the pay gate is not configured, or the OTP
+ * is missing, invalid, expired, replayed, mismatched, or the cost exceeds the
+ * OTP's maxSpendUsd, the call throws before dispatch runs.
+ */
+export async function dispatchWithPaidGate(provider, method, dotPath, payload, approval, dispatch) {
+    if (!isPaidEndpoint(provider, method, dotPath)) {
+        return dispatch();
+    }
+    const publicKeyPem = loadPublicKey();
+    if (!publicKeyPem) {
+        throw new PayGateError(provider, method, dotPath, "paygate-not-configured", "Pay gate is not configured: APICITY_PAYGATE_PUBLIC_KEY_PATH is not set");
+    }
+    if (!approval || !approval.otp) {
+        throw new PayGateError(provider, method, dotPath, "otp-missing", "Paid endpoint requires an OTP approval. Pass { otp: '...' }.");
+    }
+    const otpPayload = verifyOtp(provider, method, dotPath, payload, approval.otp, publicKeyPem);
+    const estimate = computeEstimate({
+        provider: provider,
+        payload,
+    });
+    if (estimate.warnings.length > 0) {
+        throw new SpendBoundError(provider, method, dotPath, otpPayload.maxSpendUsd, estimate.usd, `Endpoint ${provider} ${method} ${dotPath} spend cannot be bounded ` +
+            `from the payload: ${estimate.warnings.join("; ")}. ` +
+            `Pass an OTP with a higher maxSpendUsd, ` +
+            `or adjust the payload so the cost can be estimated.`);
+    }
+    if (estimate.usd > otpPayload.maxSpendUsd) {
+        throw new SpendBoundError(provider, method, dotPath, otpPayload.maxSpendUsd, estimate.usd, `Endpoint ${provider} ${method} ${dotPath} estimated cost ` +
+            `(${estimate.usd} USD) exceeds OTP maxSpendUsd (${otpPayload.maxSpendUsd} USD).`);
+    }
+    // Consume the OTP immediately before dispatch.
+    consumeJti(otpPayload.jti);
+    return dispatch();
+}
+//# sourceMappingURL=paygate.js.map

package/dist/src/paygate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paygate.js","sourceRoot":"","sources":["../../src/paygate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAC9E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AA0BnD;;;GAGG;AACH,MAAM,OAAO,YAAa,SAAQ,KAAK;IAC5B,QAAQ,CAAS;IACjB,MAAM,CAAS;IACf,OAAO,CAAS;IAChB,IAAI,CAOM;IAEnB,YACE,QAAgB,EAChB,MAAc,EACd,OAAe,EACf,IAA0B,EAC1B,OAAe;QAEf,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;QAC3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAc;IAC7C,MAAM,IAAI,GAAG,IAAI,OAAO,EAAU,CAAC;IAEnC,SAAS,IAAI,CAAC,CAAU;QACtB,IACE,CAAC,KAAK,IAAI;YACV,OAAO,CAAC,KAAK,SAAS;YACtB,OAAO,CAAC,KAAK,QAAQ;YACrB,OAAO,CAAC,KAAK,QAAQ,EACrB,CAAC;YACD,OAAO,CAAC,CAAC;QACX,CAAC;QACD,IACE,OAAO,CAAC,KAAK,WAAW;YACxB,OAAO,CAAC,KAAK,UAAU;YACvB,OAAO,CAAC,KAAK,QAAQ,EACrB,CAAC;YACD,MAAM,IAAI,SAAS,CAAC,sCAAsC,GAAG,OAAO,CAAC,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChB,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAC;YAChE,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACZ,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACzC,MAAM,GAAG,GAA4B,EAAE,CAAC;YACxC,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAE,CAA6B,CAAC,CAAC,CAAC,CAAC,CAAC;YACnD,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,MAAM,IAAI,SAAS,CAAC,uCAAuC,GAAG,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1E,OAAO,UAAU,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,GAAW;IAClC,4DAA4D;IAC5D,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3C,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,GAAW;IAIlC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IACD,MAAM,WAAW,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAChE,MAAM,SAAS,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;IAC7C,IAAI,OAAgB,CAAC;IACrB,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,IACE,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,KAAK,IAAI;QAChB,CAAC,CAAC,GAAG,IAAI,OAAO,CAAC;QAChB,OAAmC,CAAC,CAAC,KAAK,CAAC;QAC5C,CAAC,CAAC,KAAK,IAAI,OAAO,CAAC;QACnB,OAAQ,OAAmC,CAAC,GAAG,KAAK,QAAQ;QAC5D,CAAC,CAAC,UAAU,IAAI,OAAO,CAAC;QACxB,OAAQ,OAAmC,CAAC,QAAQ,KAAK,QAAQ;QACjE,CAAC,CAAC,QAAQ,IAAI,OAAO,CAAC;QACtB,OAAQ,OAAmC,CAAC,MAAM,KAAK,QAAQ;QAC/D,CAAC,CAAC,SAAS,IAAI,OAAO,CAAC;QACvB,OAAQ,OAAmC,CAAC,OAAO,KAAK,QAAQ;QAChE,CAAC,CAAC,aAAa,IAAI,OAAO,CAAC;QAC3B,OAAQ,OAAmC,CAAC,WAAW,KAAK,QAAQ;QACpE,CAAC,CAAC,aAAa,IAAI,OAAO,CAAC;QAC3B,OAAQ,OAAmC,CAAC,WAAW,KAAK,QAAQ;QACpE,CAAC,CAAC,KAAK,IAAI,OAAO,CAAC;QACnB,OAAQ,OAAmC,CAAC,GAAG,KAAK,QAAQ;QAC5D,CAAC,CAAC,KAAK,IAAI,OAAO,CAAC;QACnB,OAAQ,OAAmC,CAAC,GAAG,KAAK,QAAQ,EAC5D,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IACD,OAAO;QACL,OAAO,EAAE,OAA4B;QACrC,SAAS;KACV,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,uBAA+B,EAC/B,SAAiB,EACjB,YAAoB;IAEpB,MAAM,GAAG,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB;IACxB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IACvC,IAAI,GAAG,EAAE,CAAC;QACR,OAAO,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,oBAAoB,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,oBAAoB,CAAC,CAAC;AAC7E,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAC3B,GAAW,EACX,aAAqB,iBAAiB,EAAE;IAExC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACjD,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAqB,CAAC;YACtD,IAAI,KAAK,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;gBACtB,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CACxB,GAAW,EACX,aAAqB,iBAAiB,EAAE;IAExC,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IACnC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC;QAC3B,GAAG;QACH,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;KAC1C,CAAC,CAAC;IACH,cAAc,CAAC,UAAU,EAAE,KAAK,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,SAAS,aAAa;IACpB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC;IACzD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC;AAED;;;GAGG;AACH,SAAS,SAAS,CAChB,QAAgB,EAChB,MAAc,EACd,OAAe,EACf,OAAgC,EAChC,GAAW,EACX,YAAoB;IAEpB,IAAI,MAAyD,CAAC;IAC9D,IAAI,CAAC;QACH,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,eAAe,EACf,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,kBAAkB,CACpD,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAClD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,MAAM,cAAc,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAEjC,MAAM,KAAK,GAAG,kBAAkB,CAAC,cAAc,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;IAC1E,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,uBAAuB,EACvB,0BAA0B,CAC3B,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,IAAI,UAAU,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;QACzB,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,aAAa,EACb,kBAAkB,UAAU,CAAC,GAAG,YAAY,GAAG,GAAG,CACnD,CAAC;IACJ,CAAC;IAED,IACE,UAAU,CAAC,QAAQ,KAAK,QAAQ;QAChC,UAAU,CAAC,MAAM,KAAK,MAAM;QAC5B,UAAU,CAAC,OAAO,KAAK,OAAO,EAC9B,CAAC;QACD,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,wBAAwB,EACxB,gBAAgB,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,MAAM,IAAI,UAAU,CAAC,OAAO,IAAI;YAChF,eAAe,QAAQ,IAAI,MAAM,IAAI,OAAO,EAAE,CACjD,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAC5C,IAAI,UAAU,CAAC,WAAW,KAAK,YAAY,EAAE,CAAC;QAC5C,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,wBAAwB,EACxB,uCAAuC,YAAY,SAAS,UAAU,CAAC,WAAW,EAAE,CACrF,CAAC;IACJ,CAAC;IAED,IAAI,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,cAAc,EACd,WAAW,UAAU,CAAC,GAAG,4BAA4B,CACtD,CAAC;IACJ,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,QAAgB,EAChB,MAAc,EACd,OAAe,EACf,OAAgC,EAChC,QAAqC,EACrC,QAA0B;IAE1B,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;QAC/C,OAAO,QAAQ,EAAE,CAAC;IACpB,CAAC;IAED,MAAM,YAAY,GAAG,aAAa,EAAE,CAAC;IACrC,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,wBAAwB,EACxB,wEAAwE,CACzE,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;QAC/B,MAAM,IAAI,YAAY,CACpB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,aAAa,EACb,8DAA8D,CAC/D,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,SAAS,CAC1B,QAAQ,EACR,MAAM,EACN,OAAO,EACP,OAAO,EACP,QAAQ,CAAC,GAAG,EACZ,YAAY,CACb,CAAC;IAEF,MAAM,QAAQ,GAAG,eAAe,CAAC;QAC/B,QAAQ,EAAE,QAAuC;QACjD,OAAO;KACR,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,eAAe,CACvB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,UAAU,CAAC,WAAW,EACtB,QAAQ,CAAC,GAAG,EACZ,YAAY,QAAQ,IAAI,MAAM,IAAI,OAAO,2BAA2B;YAClE,qBAAqB,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;YACrD,yCAAyC;YACzC,qDAAqD,CACxD,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,CAAC,GAAG,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;QAC1C,MAAM,IAAI,eAAe,CACvB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,UAAU,CAAC,WAAW,EACtB,QAAQ,CAAC,GAAG,EACZ,YAAY,QAAQ,IAAI,MAAM,IAAI,OAAO,kBAAkB;YACzD,IAAI,QAAQ,CAAC,GAAG,kCAAkC,UAAU,CAAC,WAAW,QAAQ,CACnF,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAE3B,OAAO,QAAQ,EAAE,CAAC;AACpB,CAAC"}

package/dist/src/pricing/kie.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"kie.d.ts","sourceRoot":"","sources":["../../../src/pricing/kie.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAkF5C,eAAO,MAAM,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAiQ5C,CAAC"}
+{"version":3,"file":"kie.d.ts","sourceRoot":"","sources":["../../../src/pricing/kie.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAiG5C,eAAO,MAAM,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAqQ5C,CAAC"}

package/dist/src/pricing/kie.js

@@ -40,20 +40,34 @@ const flatGen = (perUnit, slug) => ({
     source: src(slug),
 });
 // Image entry tiered by input.resolution (e.g. "1K"|"2K"|"4K").
-const tieredImage = (rates, slug) => ({
+// Optional `defaultResolution` is applied when the payload omits
+// input.resolution (matches the upstream schema default).
+const tieredImage = (rates, slug, defaultResolution) => ({
     kind: "perUnit",
     unit: "images",
     units: imageCount,
-    select: [{ name: "resolution", pick: inputResolution }],
+    select: [
+        {
+            name: "resolution",
+            pick: (p) => asString(asObject(p.input)?.resolution) ?? defaultResolution,
+        },
+    ],
     rates,
     source: src(slug),
 });
 // Video entry tiered by input.resolution (grok-imagine, happyhorse).
-const tieredResolutionVideo = (rates, slug) => ({
+// Optional `defaultResolution` is applied when the payload omits
+// input.resolution (matches the upstream schema default).
+const tieredResolutionVideo = (rates, slug, defaultResolution) => ({
     kind: "perUnit",
     unit: "seconds",
     units: seconds,
-    select: [{ name: "resolution", pick: inputResolution }],
+    select: [
+        {
+            name: "resolution",
+            pick: (p) => asString(asObject(p.input)?.resolution) ?? defaultResolution,
+        },
+    ],
     rates,
     source: src(slug),
 });
@@ -221,12 +235,12 @@ export const kie = {
     // (nano-banana-2, gpt-image-2) require input.resolution; flat-rate
     // families (qwen2, seedream/5-lite) only need the model string.
     // wan/2-7-image accepts an `n` field for batch generation.
-    "nano-banana-2": tieredImage({ "1K": 0.04, "2K": 0.06, "4K": 0.09 }, "google/nano-banana-2"),
+    "nano-banana-2": tieredImage({ "1K": 0.04, "2K": 0.06, "4K": 0.09 }, "google/nano-banana-2", "2K"),
     // nano-banana-pro: 1K and 2K share the $0.09 rate per the marketplace
     // ("1/2K"), 4K is $0.12.
-    "nano-banana-pro": tieredImage({ "1K": 0.09, "2K": 0.09, "4K": 0.12 }, "google/nano-banana-pro"),
-    "gpt-image-2-text-to-image": tieredImage({ "1K": 0.03, "2K": 0.05, "4K": 0.08 }, "openai/gpt-image-2"),
-    "gpt-image-2-image-to-image": tieredImage({ "1K": 0.03, "2K": 0.05, "4K": 0.08 }, "openai/gpt-image-2"),
+    "nano-banana-pro": tieredImage({ "1K": 0.09, "2K": 0.09, "4K": 0.12 }, "google/nano-banana-pro", "2K"),
+    "gpt-image-2-text-to-image": tieredImage({ "1K": 0.03, "2K": 0.05, "4K": 0.08 }, "openai/gpt-image-2", "2K"),
+    "gpt-image-2-image-to-image": tieredImage({ "1K": 0.03, "2K": 0.05, "4K": 0.08 }, "openai/gpt-image-2", "2K"),
     "wan/2-7-image": flatImage(0.024, "alibaba/wan-2.7"),
     "wan/2-7-image-pro": flatImage(0.06, "alibaba/wan-2.7"),
     "qwen2/text-to-image": flatImage(0.028, "alibaba/qwen-image-2"),

package/dist/src/pricing/kie.js.map

@@ -1 +1 @@
-{"version":3,"file":"kie.js","sourceRoot":"","sources":["../../../src/pricing/kie.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAExE,uEAAuE;AACvE,6EAA6E;AAC7E,2EAA2E;AAC3E,oEAAoE;AACpE,wEAAwE;AAExE,MAAM,GAAG,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,yBAAyB,IAAI,EAAE,EAAE,CAAC,CAAC;AAEzE,6EAA6E;AAC7E,0EAA0E;AAC1E,MAAM,OAAO,GAAG,CAAC,CAA0B,EAAsB,EAAE,CACjE,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC;AAE3D,MAAM,eAAe,GAAG,CAAC,CAA0B,EAAsB,EAAE,CACzE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,CAAC;AAE1C,MAAM,SAAS,GAAG,CAAC,CAA0B,EAAsB,EAAE,CACnE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC;AAEpC,mEAAmE;AACnE,4DAA4D;AAC5D,MAAM,UAAU,GAAG,CAAC,CAA0B,EAAU,EAAE,CACxD,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;AAEtC,MAAM,SAAS,GAAG,CAAC,OAAe,EAAE,IAAY,EAAgB,EAAE,CAAC,CAAC;IAClE,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,SAAS;IACf,KAAK,EAAE,OAAO;IACd,MAAM,EAAE,EAAE;IACV,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE;IACtB,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC;CAClB,CAAC,CAAC;AAEH,MAAM,SAAS,GAAG,CAAC,OAAe,EAAE,IAAY,EAAgB,EAAE,CAAC,CAAC;IAClE,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,QAAQ;IACd,KAAK,EAAE,UAAU;IACjB,MAAM,EAAE,EAAE;IACV,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE;IACtB,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC;CAClB,CAAC,CAAC;AAEH,yEAAyE;AACzE,iEAAiE;AACjE,MAAM,OAAO,GAAG,CAAC,OAAe,EAAE,IAAY,EAAgB,EAAE,CAAC,CAAC;IAChE,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,aAAa;IACnB,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;IACd,MAAM,EAAE,EAAE;IACV,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE;IACtB,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC;CAClB,CAAC,CAAC;AAEH,gEAAgE;AAChE,MAAM,WAAW,GAAG,CAClB,KAA6B,EAC7B,IAAY,EACE,EAAE,CAAC,CAAC;IAClB,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,QAAQ;IACd,KAAK,EAAE,UAAU;IACjB,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IACvD,KAAK;IACL,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC;CAClB,CAAC,CAAC;AAEH,qEAAqE;AACrE,MAAM,qBAAqB,GAAG,CAC5B,KAA6B,EAC7B,IAAY,EACE,EAAE,CAAC,CAAC;IAClB,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,SAAS;IACf,KAAK,EAAE,OAAO;IACd,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IACvD,KAAK;IACL,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,GAAG,GAAiC;IAC/C,sEAAsE;IACtE,4DAA4D;IAC5D,IAAI,EAAE,SAAS,CAAC,GAAG,EAAE,aAAa,CAAC;IACnC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,kBAAkB,CAAC;IAE7C,qEAAqE;IACrE,6CAA6C;IAC7C,iBAAiB,EAAE;QACjB,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,OAAO;QACd,MAAM,EAAE;YACN,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE;YACjC;gBACE,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;aACvE;SACF;QACD,KAAK,EAAE;YACL,GAAG,EAAE,IAAI;YACT,WAAW,EAAE,GAAG;YAChB,GAAG,EAAE,IAAI;YACT,WAAW,EAAE,KAAK;YAClB,IAAI,EAAE,KAAK;YACX,UAAU,EAAE,KAAK;SAClB;QACD,MAAM,EAAE,GAAG,CAAC,mBAAmB,CAAC;KACjC;IAED,uEAAuE;IACvE,4CAA4C;IAC5C,0BAA0B,EAAE;QAC1B,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,OAAO;QACd,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAC3C,KAAK,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE;QACtC,MAAM,EAAE,GAAG,CAAC,mBAAmB,CAAC;KACjC;IAED,+DAA+D;IAC/D,uBAAuB,EAAE,SAAS,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAC1D,wBAAwB,EAAE,SAAS,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAC3D,aAAa,EAAE,SAAS,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChD,mBAAmB,EAAE,SAAS,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAEtD,wEAAwE;IACxE,yBAAyB;IACzB,4BAA4B,EAAE,qBAAqB,CACjD,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,EAChC,kBAAkB,CACnB;IACD,6BAA6B,EAAE,qBAAqB,CAClD,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,EAChC,kBAAkB,CACnB;IAED,wEAAwE;IACxE,qEAAqE;IACrE,gDAAgD;IAChD,4BAA4B,EAAE;QAC5B,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QACd,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CACV,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,UAAU,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;aAC7D;SACF;QACD,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE;QAC/B,MAAM,EAAE,GAAG,CAAC,kBAAkB,CAAC;KAChC;IACD,6BAA6B,EAAE;QAC7B,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QACd,MAAM,EAAE,EAAE;QACV,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;QACnB,MAAM,EAAE,GAAG,CAAC,kBAAkB,CAAC;KAChC;IAED,+DAA+D;IAC/D,uEAAuE;IACvE,uEAAuE;IACvE,oEAAoE;IACpE,sEAAsE;IACtE,qBAAqB,EAAE;QACrB,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QACd,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,YAAY,CAAC;aACvD;YACD;gBACE,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CACV,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC;aACpE;SACF;QACD,KAAK,EAAE;YACL,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,GAAG;YACb,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,IAAI;SAChB;QACD,MAAM,EAAE,GAAG,CAAC,kBAAkB,CAAC;KAChC;IAED,qEAAqE;IACrE,0DAA0D;IAC1D,sBAAsB,EAAE;QACtB,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QACd,MAAM,EAAE,EAAE;QACV,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;QACnB,MAAM,EAAE,GAAG,CAAC,kBAAkB,CAAC;KAChC;IAED,sEAAsE;IACtE,0BAA0B,EAAE,qBAAqB,CAC/C,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EACjC,2BAA2B,CAC5B;IACD,2BAA2B,EAAE,qBAAqB,CAChD,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EACjC,2BAA2B,CAC5B;IACD,+BAA+B,EAAE,qBAAqB,CACpD,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EACjC,2BAA2B,CAC5B;IACD,yEAAyE;IACzE,sEAAsE;IACtE,qEAAqE;IACrE,yDAAyD;IACzD,uBAAuB,EAAE,qBAAqB,CAC5C,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EACjC,2BAA2B,CAC5B;IAED,mEAAmE;IACnE,oDAAoD;IACpD,sBAAsB,EAAE;QACtB,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,OAAO;QACd,MAAM,EAAE;YACN,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE;YAC7C;gBACE,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;aAClE;SACF;QACD,KAAK,EAAE;YACL,UAAU,EAAE,MAAM;YAClB,UAAU,EAAE,KAAK;YACjB,UAAU,EAAE,KAAK;YACjB,UAAU,EAAE,KAAK;YACjB,WAAW,EAAE,IAAI;YACjB,WAAW,EAAE,IAAI;SAClB;QACD,MAAM,EAAE,GAAG,CAAC,sBAAsB,CAAC;KACpC;IAED,sDAAsD;IACtD,2BAA2B,EAAE;QAC3B,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,OAAO;QACd,MAAM,EAAE;YACN,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE;YAC7C;gBACE,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;aAClE;SACF;QACD,KAAK,EAAE;YACL,UAAU,EAAE,KAAK;YACjB,UAAU,EAAE,MAAM;YAClB,UAAU,EAAE,GAAG;YACf,UAAU,EAAE,KAAK;SAClB;QACD,MAAM,EAAE,GAAG,CAAC,2BAA2B,CAAC;KACzC;IAED,2DAA2D;IAC3D,mEAAmE;IACnE,gEAAgE;IAChE,2DAA2D;IAC3D,eAAe,EAAE,WAAW,CAC1B,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EACtC,sBAAsB,CACvB;IACD,sEAAsE;IACtE,yBAAyB;IACzB,iBAAiB,EAAE,WAAW,CAC5B,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EACtC,wBAAwB,CACzB;IACD,2BAA2B,EAAE,WAAW,CACtC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EACtC,oBAAoB,CACrB;IACD,4BAA4B,EAAE,WAAW,CACvC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EACtC,oBAAoB,CACrB;IACD,eAAe,EAAE,SAAS,CAAC,KAAK,EAAE,iBAAiB,CAAC;IACpD,mBAAmB,EAAE,SAAS,CAAC,IAAI,EAAE,iBAAiB,CAAC;IACvD,qBAAqB,EAAE,SAAS,CAAC,KAAK,EAAE,sBAAsB,CAAC;IAC/D,kBAAkB,EAAE,SAAS,CAAC,KAAK,EAAE,sBAAsB,CAAC;IAC5D,+BAA+B,EAAE,SAAS,CAAC,MAAM,EAAE,sBAAsB,CAAC;IAC1E,gCAAgC,EAAE,SAAS,CAAC,MAAM,EAAE,sBAAsB,CAAC;IAE3E,sEAAsE;IACtE,oDAAoD;IACpD,wBAAwB,EAAE,OAAO,CAAC,IAAI,EAAE,eAAe,CAAC;IAExD,yEAAyE;IACzE,qEAAqE;IACrE,iEAAiE;IACjE,yEAAyE;IACzE,iEAAiE;IACjE,eAAe,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;IAC3C,aAAa,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;IACzC,mBAAmB,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;IAC/C,oBAAoB,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;IAChD,mBAAmB,EAAE,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC;IAChD,mBAAmB,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;IAC/C,aAAa,EAAE,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC;IAC1C,qBAAqB,EAAE,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC;IAElD,0DAA0D;IAC1D,8CAA8C;IAC9C,mDAAmD;IACnD,2DAA2D;IAC3D,6BAA6B,EAAE;QAC7B,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QACd,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;QACzD,KAAK,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE;QACjD,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC;KACzB;IAED,kDAAkD;IAClD,sBAAsB,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;IAClD,qCAAqC,EAAE,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC;IAClE,sBAAsB,EAAE,OAAO,CAAC,MAAM,EAAE,WAAW,CAAC;IACpD,gCAAgC,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;IAC5D,0BAA0B,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;CACvD,CAAC"}
+{"version":3,"file":"kie.js","sourceRoot":"","sources":["../../../src/pricing/kie.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAExE,uEAAuE;AACvE,6EAA6E;AAC7E,2EAA2E;AAC3E,oEAAoE;AACpE,wEAAwE;AAExE,MAAM,GAAG,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,yBAAyB,IAAI,EAAE,EAAE,CAAC,CAAC;AAEzE,6EAA6E;AAC7E,0EAA0E;AAC1E,MAAM,OAAO,GAAG,CAAC,CAA0B,EAAsB,EAAE,CACjE,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC;AAE3D,MAAM,eAAe,GAAG,CAAC,CAA0B,EAAsB,EAAE,CACzE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,CAAC;AAE1C,MAAM,SAAS,GAAG,CAAC,CAA0B,EAAsB,EAAE,CACnE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC;AAEpC,mEAAmE;AACnE,4DAA4D;AAC5D,MAAM,UAAU,GAAG,CAAC,CAA0B,EAAU,EAAE,CACxD,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;AAEtC,MAAM,SAAS,GAAG,CAAC,OAAe,EAAE,IAAY,EAAgB,EAAE,CAAC,CAAC;IAClE,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,SAAS;IACf,KAAK,EAAE,OAAO;IACd,MAAM,EAAE,EAAE;IACV,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE;IACtB,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC;CAClB,CAAC,CAAC;AAEH,MAAM,SAAS,GAAG,CAAC,OAAe,EAAE,IAAY,EAAgB,EAAE,CAAC,CAAC;IAClE,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,QAAQ;IACd,KAAK,EAAE,UAAU;IACjB,MAAM,EAAE,EAAE;IACV,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE;IACtB,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC;CAClB,CAAC,CAAC;AAEH,yEAAyE;AACzE,iEAAiE;AACjE,MAAM,OAAO,GAAG,CAAC,OAAe,EAAE,IAAY,EAAgB,EAAE,CAAC,CAAC;IAChE,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,aAAa;IACnB,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;IACd,MAAM,EAAE,EAAE;IACV,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE;IACtB,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC;CAClB,CAAC,CAAC;AAEH,gEAAgE;AAChE,iEAAiE;AACjE,0DAA0D;AAC1D,MAAM,WAAW,GAAG,CAClB,KAA6B,EAC7B,IAAY,EACZ,iBAA0B,EACZ,EAAE,CAAC,CAAC;IAClB,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,QAAQ;IACd,KAAK,EAAE,UAAU;IACjB,MAAM,EAAE;QACN;YACE,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,IAAI,iBAAiB;SAC1E;KACF;IACD,KAAK;IACL,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC;CAClB,CAAC,CAAC;AACH,qEAAqE;AACrE,iEAAiE;AACjE,0DAA0D;AAC1D,MAAM,qBAAqB,GAAG,CAC5B,KAA6B,EAC7B,IAAY,EACZ,iBAA0B,EACZ,EAAE,CAAC,CAAC;IAClB,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,SAAS;IACf,KAAK,EAAE,OAAO;IACd,MAAM,EAAE;QACN;YACE,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,IAAI,iBAAiB;SAC1E;KACF;IACD,KAAK;IACL,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,GAAG,GAAiC;IAC/C,sEAAsE;IACtE,4DAA4D;IAC5D,IAAI,EAAE,SAAS,CAAC,GAAG,EAAE,aAAa,CAAC;IACnC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,kBAAkB,CAAC;IAE7C,qEAAqE;IACrE,6CAA6C;IAC7C,iBAAiB,EAAE;QACjB,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,OAAO;QACd,MAAM,EAAE;YACN,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE;YACjC;gBACE,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;aACvE;SACF;QACD,KAAK,EAAE;YACL,GAAG,EAAE,IAAI;YACT,WAAW,EAAE,GAAG;YAChB,GAAG,EAAE,IAAI;YACT,WAAW,EAAE,KAAK;YAClB,IAAI,EAAE,KAAK;YACX,UAAU,EAAE,KAAK;SAClB;QACD,MAAM,EAAE,GAAG,CAAC,mBAAmB,CAAC;KACjC;IAED,uEAAuE;IACvE,4CAA4C;IAC5C,0BAA0B,EAAE;QAC1B,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,OAAO;QACd,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAC3C,KAAK,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE;QACtC,MAAM,EAAE,GAAG,CAAC,mBAAmB,CAAC;KACjC;IAED,+DAA+D;IAC/D,uBAAuB,EAAE,SAAS,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAC1D,wBAAwB,EAAE,SAAS,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAC3D,aAAa,EAAE,SAAS,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChD,mBAAmB,EAAE,SAAS,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAEtD,wEAAwE;IACxE,yBAAyB;IACzB,4BAA4B,EAAE,qBAAqB,CACjD,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,EAChC,kBAAkB,CACnB;IACD,6BAA6B,EAAE,qBAAqB,CAClD,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,EAChC,kBAAkB,CACnB;IAED,wEAAwE;IACxE,qEAAqE;IACrE,gDAAgD;IAChD,4BAA4B,EAAE;QAC5B,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QACd,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CACV,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,UAAU,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;aAC7D;SACF;QACD,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE;QAC/B,MAAM,EAAE,GAAG,CAAC,kBAAkB,CAAC;KAChC;IACD,6BAA6B,EAAE;QAC7B,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QACd,MAAM,EAAE,EAAE;QACV,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;QACnB,MAAM,EAAE,GAAG,CAAC,kBAAkB,CAAC;KAChC;IAED,+DAA+D;IAC/D,uEAAuE;IACvE,uEAAuE;IACvE,oEAAoE;IACpE,sEAAsE;IACtE,qBAAqB,EAAE;QACrB,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QACd,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,YAAY,CAAC;aACvD;YACD;gBACE,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CACV,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC;aACpE;SACF;QACD,KAAK,EAAE;YACL,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,GAAG;YACb,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,IAAI;SAChB;QACD,MAAM,EAAE,GAAG,CAAC,kBAAkB,CAAC;KAChC;IAED,qEAAqE;IACrE,0DAA0D;IAC1D,sBAAsB,EAAE;QACtB,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QACd,MAAM,EAAE,EAAE;QACV,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;QACnB,MAAM,EAAE,GAAG,CAAC,kBAAkB,CAAC;KAChC;IAED,sEAAsE;IACtE,0BAA0B,EAAE,qBAAqB,CAC/C,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EACjC,2BAA2B,CAC5B;IACD,2BAA2B,EAAE,qBAAqB,CAChD,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EACjC,2BAA2B,CAC5B;IACD,+BAA+B,EAAE,qBAAqB,CACpD,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EACjC,2BAA2B,CAC5B;IACD,yEAAyE;IACzE,sEAAsE;IACtE,qEAAqE;IACrE,yDAAyD;IACzD,uBAAuB,EAAE,qBAAqB,CAC5C,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EACjC,2BAA2B,CAC5B;IAED,mEAAmE;IACnE,oDAAoD;IACpD,sBAAsB,EAAE;QACtB,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,OAAO;QACd,MAAM,EAAE;YACN,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE;YAC7C;gBACE,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;aAClE;SACF;QACD,KAAK,EAAE;YACL,UAAU,EAAE,MAAM;YAClB,UAAU,EAAE,KAAK;YACjB,UAAU,EAAE,KAAK;YACjB,UAAU,EAAE,KAAK;YACjB,WAAW,EAAE,IAAI;YACjB,WAAW,EAAE,IAAI;SAClB;QACD,MAAM,EAAE,GAAG,CAAC,sBAAsB,CAAC;KACpC;IAED,sDAAsD;IACtD,2BAA2B,EAAE;QAC3B,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,OAAO;QACd,MAAM,EAAE;YACN,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE;YAC7C;gBACE,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;aAClE;SACF;QACD,KAAK,EAAE;YACL,UAAU,EAAE,KAAK;YACjB,UAAU,EAAE,MAAM;YAClB,UAAU,EAAE,GAAG;YACf,UAAU,EAAE,KAAK;SAClB;QACD,MAAM,EAAE,GAAG,CAAC,2BAA2B,CAAC;KACzC;IAED,2DAA2D;IAC3D,mEAAmE;IACnE,gEAAgE;IAChE,2DAA2D;IAC3D,eAAe,EAAE,WAAW,CAC1B,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EACtC,sBAAsB,EACtB,IAAI,CACL;IACD,sEAAsE;IACtE,yBAAyB;IACzB,iBAAiB,EAAE,WAAW,CAC5B,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EACtC,wBAAwB,EACxB,IAAI,CACL;IACD,2BAA2B,EAAE,WAAW,CACtC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EACtC,oBAAoB,EACpB,IAAI,CACL;IACD,4BAA4B,EAAE,WAAW,CACvC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EACtC,oBAAoB,EACpB,IAAI,CACL;IACD,eAAe,EAAE,SAAS,CAAC,KAAK,EAAE,iBAAiB,CAAC;IACpD,mBAAmB,EAAE,SAAS,CAAC,IAAI,EAAE,iBAAiB,CAAC;IACvD,qBAAqB,EAAE,SAAS,CAAC,KAAK,EAAE,sBAAsB,CAAC;IAC/D,kBAAkB,EAAE,SAAS,CAAC,KAAK,EAAE,sBAAsB,CAAC;IAC5D,+BAA+B,EAAE,SAAS,CAAC,MAAM,EAAE,sBAAsB,CAAC;IAC1E,gCAAgC,EAAE,SAAS,CAAC,MAAM,EAAE,sBAAsB,CAAC;IAE3E,sEAAsE;IACtE,oDAAoD;IACpD,wBAAwB,EAAE,OAAO,CAAC,IAAI,EAAE,eAAe,CAAC;IAExD,yEAAyE;IACzE,qEAAqE;IACrE,iEAAiE;IACjE,yEAAyE;IACzE,iEAAiE;IACjE,eAAe,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;IAC3C,aAAa,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;IACzC,mBAAmB,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;IAC/C,oBAAoB,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;IAChD,mBAAmB,EAAE,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC;IAChD,mBAAmB,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;IAC/C,aAAa,EAAE,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC;IAC1C,qBAAqB,EAAE,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC;IAElD,0DAA0D;IAC1D,8CAA8C;IAC9C,mDAAmD;IACnD,2DAA2D;IAC3D,6BAA6B,EAAE;QAC7B,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QACd,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;QACzD,KAAK,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE;QACjD,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC;KACzB;IAED,kDAAkD;IAClD,sBAAsB,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;IAClD,qCAAqC,EAAE,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC;IAClE,sBAAsB,EAAE,OAAO,CAAC,MAAM,EAAE,WAAW,CAAC;IACpD,gCAAgC,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;IAC5D,0BAA0B,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC;CACvD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@apicity/cost",
-  "version": "0.2.0-alpha.0",
+  "version": "0.2.0-alpha.1",
   "description": "Pure-table cost & token estimation across @apicity providers — zero network calls, all rates bundled.",
   "license": "MIT",
   "repository": {
@@ -20,6 +20,9 @@
       "types": "./dist/src/index.d.ts"
     }
   },
+  "bin": {
+    "apicity-paygate": "./dist/src/paygate-cli.js"
+  },
   "files": [
     "dist",
     "README.md",