@arcenpay/node 0.0.1

package/dist/index.mjs

@@ -0,0 +1,3317 @@
+import {
+  TablelandService,
+  __esm,
+  __export,
+  __toCommonJS
+} from "./chunk-SKFD6TSD.mjs";
+
+// src/services/nonce-store.ts
+var nonce_store_exports = {};
+__export(nonce_store_exports, {
+  InMemoryNonceStore: () => InMemoryNonceStore,
+  RedisNonceStore: () => RedisNonceStore
+});
+var InMemoryNonceStore, RedisNonceStore;
+var init_nonce_store = __esm({
+  "src/services/nonce-store.ts"() {
+    "use strict";
+    InMemoryNonceStore = class {
+      seen = /* @__PURE__ */ new Map();
+      cleanupTimer;
+      constructor(cleanupIntervalMs = 6e4) {
+        this.cleanupTimer = setInterval(() => {
+          const now = Date.now();
+          for (const [key, expiresAt] of this.seen) {
+            if (now >= expiresAt) {
+              this.seen.delete(key);
+            }
+          }
+        }, cleanupIntervalMs);
+        if (typeof this.cleanupTimer === "object" && "unref" in this.cleanupTimer) {
+          this.cleanupTimer.unref();
+        }
+      }
+      async markUsed(key, ttlMs) {
+        if (this.seen.has(key)) {
+          const expiresAt = this.seen.get(key);
+          if (Date.now() < expiresAt) {
+            return false;
+          }
+        }
+        this.seen.set(key, Date.now() + ttlMs);
+        return true;
+      }
+      async has(key) {
+        if (!this.seen.has(key)) return false;
+        const expiresAt = this.seen.get(key);
+        if (Date.now() >= expiresAt) {
+          this.seen.delete(key);
+          return false;
+        }
+        return true;
+      }
+      stop() {
+        clearInterval(this.cleanupTimer);
+      }
+    };
+    RedisNonceStore = class {
+      redis;
+      prefix;
+      constructor(redis, prefix = "meap:nonce:") {
+        this.redis = redis;
+        this.prefix = prefix;
+      }
+      async markUsed(key, ttlMs) {
+        const ttlSeconds = Math.max(1, Math.ceil(ttlMs / 1e3));
+        const result = await this.redis.set(
+          `${this.prefix}${key}`,
+          "1",
+          "EX",
+          ttlSeconds,
+          "NX"
+        );
+        return result === "OK";
+      }
+      async has(key) {
+        const result = await this.redis.get(`${this.prefix}${key}`);
+        return result !== null;
+      }
+      stop() {
+      }
+    };
+  }
+});
+
+// src/client.ts
+import { resolveArcenPayBaseUrl } from "@arcenpay/sdk";
+var ArcenClient = class {
+  apiKey;
+  baseUrl;
+  timeoutMs;
+  session = null;
+  constructor(config) {
+    if (!config.apiKey.startsWith("api_")) {
+      throw new Error('ArcenClient: apiKey must start with "api_"');
+    }
+    this.apiKey = config.apiKey;
+    this.baseUrl = resolveArcenPayBaseUrl({ explicit: config.baseUrl });
+    this.timeoutMs = config.timeoutMs ?? 1e4;
+  }
+  buildAuthHeader() {
+    return this.session ? `Bearer ${this.session.token}` : `Bearer ${this.apiKey}`;
+  }
+  async request(method, path2, options = {}) {
+    const url = new URL(`${this.baseUrl}${path2}`);
+    if (options.query) {
+      for (const [k, v] of Object.entries(options.query)) {
+        url.searchParams.set(k, v);
+      }
+    }
+    const headers = {
+      Authorization: options.useApiKey ? `Bearer ${this.apiKey}` : this.buildAuthHeader(),
+      "Content-Type": "application/json"
+    };
+    if (!this.session || options.useApiKey) {
+      if (options.companyKeys) {
+        const parts = [];
+        if (options.companyKeys.id) parts.push(`id=${options.companyKeys.id}`);
+        if (options.companyKeys.wallet)
+          parts.push(`wallet=${options.companyKeys.wallet}`);
+        if (options.companyKeys.email)
+          parts.push(`email=${options.companyKeys.email}`);
+        if (parts.length > 0) headers["X-Arcen-Company-Keys"] = parts.join(",");
+      }
+      if (options.userKeys) {
+        const parts = [];
+        if (options.userKeys.id) parts.push(`id=${options.userKeys.id}`);
+        if (options.userKeys.clerkUserId)
+          parts.push(`clerk_user_id=${options.userKeys.clerkUserId}`);
+        if (options.userKeys.wallet)
+          parts.push(`wallet=${options.userKeys.wallet}`);
+        if (parts.length > 0) headers["X-Arcen-User-Keys"] = parts.join(",");
+      }
+    }
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), this.timeoutMs);
+    try {
+      const res = await fetch(url.toString(), {
+        method,
+        headers,
+        body: options.body !== void 0 ? JSON.stringify(options.body) : void 0,
+        signal: controller.signal
+      });
+      let json;
+      try {
+        json = await res.json();
+      } catch {
+        throw new ArcenApiError(
+          `Invalid JSON response from ${method} ${path2}`,
+          res.status
+        );
+      }
+      if (!res.ok) {
+        throw new ArcenApiError(json.error ?? `HTTP ${res.status}`, res.status);
+      }
+      return json;
+    } catch (err) {
+      if (err instanceof ArcenApiError) throw err;
+      if (err instanceof DOMException && err.name === "AbortError") {
+        throw new ArcenApiError(
+          `Request timed out after ${this.timeoutMs}ms`,
+          408
+        );
+      }
+      throw new ArcenApiError(
+        err instanceof Error ? err.message : "Network request failed",
+        0
+      );
+    } finally {
+      clearTimeout(timer);
+    }
+  }
+  async identify(input) {
+    const res = await this.request(
+      "POST",
+      "/api/v1/access-tokens",
+      {
+        useApiKey: true,
+        body: {
+          company: input.company,
+          user: input.user ? {
+            id: input.user.id,
+            clerk_user_id: input.user.clerkUserId,
+            wallet: input.user.wallet,
+            name: input.user.name,
+            email: input.user.email
+          } : void 0,
+          expires_in: input.expiresIn ?? 3600
+        }
+      }
+    );
+    const data = res.data;
+    this.session = {
+      token: data.token,
+      companyId: data.company_id,
+      userId: data.user_id
+    };
+    return {
+      token: data.token,
+      companyId: data.company_id,
+      userId: data.user_id,
+      expiresAt: data.expires_at
+    };
+  }
+  async track(event) {
+    const input = typeof event === "string" ? { name: event } : event;
+    await this.request("POST", "/api/v1/events", {
+      useApiKey: this.session === null,
+      body: {
+        event_type: "track",
+        name: input.name,
+        ...input.company ? { company: input.company } : {},
+        ...input.user ? { user: input.user } : {},
+        traits: input.traits,
+        ...input.idempotencyKey ? { idempotencyKey: input.idempotencyKey } : {}
+      }
+    });
+  }
+  async consumeEntitlement(input) {
+    const normalized = typeof input === "string" ? { featureKey: input } : input;
+    return this.request(
+      "POST",
+      "/api/v1/usage/consume",
+      {
+        useApiKey: this.session === null,
+        companyKeys: normalized.company,
+        userKeys: normalized.user,
+        body: {
+          featureKey: normalized.featureKey,
+          traits: normalized.traits,
+          ...normalized.idempotencyKey ? { idempotencyKey: normalized.idempotencyKey } : {}
+        }
+      }
+    );
+  }
+  async checkFlag(key, companyKeys, userKeys) {
+    return this.request("GET", "/api/v1/check", {
+      query: { key },
+      companyKeys,
+      userKeys
+    });
+  }
+  async checkEntitlement(key, companyKeys, userKeys) {
+    return this.request("GET", "/api/v1/check", {
+      query: { key },
+      companyKeys,
+      userKeys
+    });
+  }
+  async checkFlags(featureKeys, companyKeys, userKeys) {
+    const results = await Promise.all(
+      featureKeys.map((key) => this.checkFlag(key, companyKeys, userKeys))
+    );
+    return Object.fromEntries(results.map((r) => [r.key, r]));
+  }
+  async listCompanies(options = {}) {
+    const query = {};
+    if (options.limit) query.limit = String(options.limit);
+    if (options.search) query.search = options.search;
+    if (options.cursor) query.cursor = options.cursor;
+    return this.request("GET", "/api/v1/companies", { useApiKey: true, query });
+  }
+  async getCompany(id) {
+    return this.request("GET", `/api/v1/companies/${id}`, { useApiKey: true });
+  }
+  async createCompany(data) {
+    return this.request("POST", "/api/v1/companies", {
+      useApiKey: true,
+      body: data
+    });
+  }
+  async updateCompany(id, data) {
+    return this.request("PATCH", `/api/v1/companies/${id}`, {
+      useApiKey: true,
+      body: data
+    });
+  }
+  async setCompanyOverride(companyId, featureKey, value, reason) {
+    await this.request("POST", `/api/v1/companies/${companyId}/overrides`, {
+      useApiKey: true,
+      body: { featureKey, value, reason }
+    });
+  }
+  async activateSubscription(input) {
+    const res = await this.request(
+      "POST",
+      "/api/v1/subscriptions/activate",
+      {
+        useApiKey: true,
+        body: {
+          planId: typeof input.planId === "bigint" ? input.planId.toString() : String(input.planId),
+          paymentAccount: input.paymentAccount,
+          company: input.company,
+          ...input.subscriberEmail ? { subscriberEmail: input.subscriberEmail } : {}
+        }
+      }
+    );
+    return res.data;
+  }
+  /** @deprecated Use identify() instead */
+  async createAccessToken(companyKeys, userKeys, expiresIn = 3600) {
+    const res = await this.request(
+      "POST",
+      "/api/v1/access-tokens",
+      {
+        useApiKey: true,
+        body: {
+          company: companyKeys,
+          user: userKeys ? {
+            id: userKeys.id,
+            clerk_user_id: userKeys.clerkUserId,
+            wallet: userKeys.wallet
+          } : void 0,
+          expires_in: expiresIn
+        }
+      }
+    );
+    return {
+      token: res.data.token,
+      expiresAt: res.data.expires_at
+    };
+  }
+};
+var ArcenApiError = class extends Error {
+  constructor(message, statusCode) {
+    super(message);
+    this.statusCode = statusCode;
+    this.name = "ArcenApiError";
+  }
+};
+
+// src/middleware/x402.ts
+import {
+  X402_VERSION,
+  X402_SCHEME,
+  SessionVaultABI,
+  getChainEnvironment
+} from "@arcenpay/sdk";
+import {
+  createPublicClient,
+  http,
+  recoverTypedDataAddress,
+  isAddress,
+  parseUnits
+} from "viem";
+import { sepolia, baseSepolia, base } from "viem/chains";
+var PAYMENT_DOMAIN = {
+  name: "MEAP x402 Payment",
+  version: "1"
+};
+var PAYMENT_TYPES = {
+  Payment: [
+    { name: "from", type: "address" },
+    { name: "amount", type: "uint256" },
+    { name: "resource", type: "string" },
+    { name: "sessionId", type: "string" },
+    { name: "nonce", type: "uint256" },
+    { name: "timestamp", type: "uint256" }
+  ]
+};
+var CHAIN_MAP = {
+  11155111: sepolia,
+  84532: baseSepolia,
+  8453: base
+};
+var CHAIN_ID_TO_NETWORK = {
+  11155111: "ethereum-sepolia",
+  84532: "base-sepolia",
+  8453: "base-mainnet"
+};
+function coerceBigInt(value, fallback) {
+  try {
+    if (typeof value === "bigint") return value;
+    if (typeof value === "number") {
+      if (!Number.isFinite(value) || value < 0) return fallback;
+      return BigInt(Math.trunc(value));
+    }
+    if (typeof value === "string" && value.trim()) return BigInt(value.trim());
+    return fallback;
+  } catch {
+    return fallback;
+  }
+}
+function normalizeSessionId(value) {
+  if (typeof value !== "string") return "default";
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : "default";
+}
+function normalizeAmount(value, fallback) {
+  return coerceBigInt(value, fallback);
+}
+function normalizeNonce(value) {
+  return coerceBigInt(value, 0n);
+}
+function normalizeTimestamp(value) {
+  return coerceBigInt(value, BigInt(Date.now()));
+}
+function normalizePaymentTimestampMs(timestamp) {
+  if (timestamp < 1000000000000n) {
+    return timestamp * 1000n;
+  }
+  return timestamp;
+}
+function normalizeResourceUrl(value) {
+  try {
+    const parsed = new URL(value);
+    return `${parsed.origin}${parsed.pathname}${parsed.search}`;
+  } catch {
+    return null;
+  }
+}
+function buildRequestResource(req) {
+  return `${req.protocol}://${req.get("host")}${req.originalUrl}`;
+}
+function sendRejection(res, reason, message, details) {
+  res.setHeader("x-meap-rejection-reason", reason);
+  res.status(402).json({
+    ok: false,
+    rejectionReason: reason,
+    message,
+    ...details ? { details } : {}
+  });
+}
+function x402Middleware(options) {
+  const {
+    planId,
+    ratePerCall,
+    chainId = 84532,
+    network,
+    rpcUrl,
+    payTo,
+    settlePayment,
+    failOpenOnBalanceCheck = false,
+    maxPaymentAgeMs = 3e5,
+    // 5 minutes
+    nonceTtlMs = 6e5,
+    // 10 minutes
+    nonceStore: externalNonceStore
+  } = options;
+  const inferredNetwork = CHAIN_ID_TO_NETWORK[chainId];
+  if (network && inferredNetwork && network !== inferredNetwork) {
+    throw new Error(
+      `[x402] network "${network}" does not match chainId ${chainId} (${inferredNetwork})`
+    );
+  }
+  const resolvedNetwork = network ?? inferredNetwork ?? "ethereum-sepolia";
+  let nonceStore;
+  if (externalNonceStore) {
+    nonceStore = externalNonceStore;
+  } else {
+    if (process.env.NODE_ENV === "production") {
+      console.warn(
+        "[x402] WARNING: Using InMemoryNonceStore in production. This does not survive process restarts and is unsafe for multi-instance deployments. Pass a RedisNonceStore (or compatible NonceStore) via the `nonceStore` option."
+      );
+    }
+    const { InMemoryNonceStore: InMemoryNonceStore2 } = (init_nonce_store(), __toCommonJS(nonce_store_exports));
+    nonceStore = new InMemoryNonceStore2();
+  }
+  const rateAtomicUnits = parseUnits(ratePerCall, 6);
+  const chainEnv = getChainEnvironment(chainId);
+  const contracts = chainEnv.contracts;
+  const payToAddress = payTo || contracts.feeCollector || "0x0000000000000000000000000000000000000000";
+  const chain = CHAIN_MAP[chainId] || sepolia;
+  const publicClient = createPublicClient({
+    chain,
+    transport: http(rpcUrl || chainEnv.services.rpcUrl || chain.rpcUrls.default.http[0])
+  });
+  return async (req, res, next) => {
+    const paymentHeader = req.headers["x-payment"];
+    if (!paymentHeader) {
+      const x402Response = {
+        ok: false,
+        version: X402_VERSION,
+        accepts: [
+          {
+            scheme: X402_SCHEME,
+            network: resolvedNetwork,
+            maxAmountRequired: rateAtomicUnits.toString(),
+            resource: `${req.protocol}://${req.get("host")}${req.originalUrl}`,
+            description: `Premium API access \u2014 Plan: ${planId}`,
+            mimeType: "application/json",
+            payTo: payToAddress
+          }
+        ],
+        error: "Payment required for this resource",
+        rejectionReason: "MISSING_PAYMENT_HEADER"
+      };
+      res.status(402).json(x402Response);
+      return;
+    }
+    try {
+      let paymentData;
+      try {
+        const normalizedHeader = paymentHeader.trim();
+        if (!/^[A-Za-z0-9+/=]+$/.test(normalizedHeader)) {
+          sendRejection(
+            res,
+            "INVALID_PAYMENT_HEADER_ENCODING",
+            "X-PAYMENT header must be valid base64-encoded JSON"
+          );
+          return;
+        }
+        const decoded = Buffer.from(paymentHeader, "base64").toString("utf-8");
+        paymentData = JSON.parse(decoded);
+      } catch {
+        sendRejection(
+          res,
+          "INVALID_PAYMENT_HEADER_FORMAT",
+          "X-PAYMENT header must decode to a valid JSON object"
+        );
+        return;
+      }
+      const { signature, payload: payloadRaw } = paymentData;
+      if (typeof signature !== "string" || !signature.startsWith("0x") || !payloadRaw) {
+        sendRejection(
+          res,
+          "MALFORMED_PAYMENT_PAYLOAD",
+          "Payment must include valid signature and payload fields"
+        );
+        return;
+      }
+      let payload;
+      try {
+        const parsedPayload = typeof payloadRaw === "string" ? JSON.parse(payloadRaw) : payloadRaw;
+        if (!parsedPayload || typeof parsedPayload !== "object" || Array.isArray(parsedPayload)) {
+          throw new Error("payload must be an object");
+        }
+        payload = parsedPayload;
+      } catch {
+        sendRejection(
+          res,
+          "MALFORMED_PAYMENT_PAYLOAD",
+          "Payment payload must be a valid JSON object"
+        );
+        return;
+      }
+      const signerClaimed = typeof payload.from === "string" ? payload.from : "";
+      if (!isAddress(signerClaimed)) {
+        sendRejection(
+          res,
+          "MALFORMED_PAYMENT_PAYLOAD",
+          'Payment payload is missing a valid "from" address'
+        );
+        return;
+      }
+      const requestedAmount = normalizeAmount(payload.amount, rateAtomicUnits);
+      const sessionId = normalizeSessionId(payload.sessionId);
+      const expectedResource = normalizeResourceUrl(buildRequestResource(req));
+      const paymentResourceRaw = typeof payload.resource === "string" ? payload.resource : "";
+      const paymentResource = normalizeResourceUrl(paymentResourceRaw);
+      if (!expectedResource || !paymentResource || paymentResource !== expectedResource) {
+        sendRejection(
+          res,
+          "RESOURCE_MISMATCH",
+          "Payment resource does not match the requested endpoint",
+          {
+            paymentResource: paymentResourceRaw || null,
+            expectedResource: expectedResource || null
+          }
+        );
+        return;
+      }
+      if (requestedAmount < rateAtomicUnits) {
+        sendRejection(
+          res,
+          "PAYMENT_AMOUNT_TOO_LOW",
+          "Payment amount is below the required endpoint rate",
+          {
+            providedAmount: requestedAmount.toString(),
+            requiredAmount: rateAtomicUnits.toString()
+          }
+        );
+        return;
+      }
+      let recoveredSigner;
+      try {
+        recoveredSigner = await recoverTypedDataAddress({
+          domain: { ...PAYMENT_DOMAIN, chainId: BigInt(chainId) },
+          types: PAYMENT_TYPES,
+          primaryType: "Payment",
+          message: {
+            from: signerClaimed,
+            amount: requestedAmount,
+            resource: String(payload.resource || ""),
+            sessionId,
+            nonce: normalizeNonce(payload.nonce),
+            timestamp: normalizeTimestamp(payload.timestamp)
+          },
+          signature
+        });
+      } catch {
+        sendRejection(
+          res,
+          "INVALID_SIGNATURE",
+          "Unable to validate the payment signature"
+        );
+        return;
+      }
+      if (recoveredSigner.toLowerCase() !== signerClaimed.toLowerCase()) {
+        sendRejection(
+          res,
+          "SIGNER_MISMATCH",
+          "Recovered signer does not match the payment sender"
+        );
+        return;
+      }
+      const verifiedSigner = recoveredSigner;
+      const rawPaymentTimestamp = normalizeTimestamp(payload.timestamp);
+      const paymentTimestamp = normalizePaymentTimestampMs(rawPaymentTimestamp);
+      const paymentAgeMs = Date.now() - Number(paymentTimestamp);
+      if (paymentAgeMs > maxPaymentAgeMs || paymentAgeMs < -6e4) {
+        sendRejection(
+          res,
+          "PAYMENT_EXPIRED",
+          `Payment timestamp is outside the acceptable window (${Math.round(maxPaymentAgeMs / 1e3)}s)`,
+          {
+            rawPaymentTimestamp: rawPaymentTimestamp.toString(),
+            paymentTimestamp: paymentTimestamp.toString(),
+            serverTime: Date.now().toString()
+          }
+        );
+        return;
+      }
+      const nonce = normalizeNonce(payload.nonce);
+      const nonceKey = `${verifiedSigner.toLowerCase()}:${nonce.toString()}`;
+      const isFresh = await nonceStore.markUsed(nonceKey, nonceTtlMs);
+      if (!isFresh) {
+        sendRejection(
+          res,
+          "NONCE_ALREADY_USED",
+          "This payment nonce has already been used. Use a fresh nonce for each request."
+        );
+        return;
+      }
+      if (verifiedSigner && contracts.sessionVault) {
+        try {
+          const balance = await publicClient.readContract({
+            address: contracts.sessionVault,
+            abi: SessionVaultABI,
+            functionName: "getAgentBalance",
+            args: [verifiedSigner]
+          });
+          if (balance < requestedAmount) {
+            sendRejection(
+              res,
+              "INSUFFICIENT_SESSION_BALANCE",
+              "Session balance is below the required amount",
+              {
+                balance: balance.toString(),
+                required: requestedAmount.toString()
+              }
+            );
+            return;
+          }
+        } catch (err) {
+          if (failOpenOnBalanceCheck) {
+            console.warn(
+              "[x402] Session vault balance check failed (fail-open enabled):",
+              err
+            );
+          } else {
+            sendRejection(
+              res,
+              "BALANCE_CHECK_FAILED",
+              "Unable to verify session balance on-chain"
+            );
+            return;
+          }
+        }
+      }
+      let settledAmount = requestedAmount;
+      let settlementTxHash = null;
+      if (settlePayment) {
+        try {
+          const settlement = await settlePayment({
+            signer: verifiedSigner,
+            amount: requestedAmount,
+            sessionId,
+            planId,
+            paymentHeader,
+            payload,
+            request: req
+          });
+          settledAmount = coerceBigInt(
+            settlement.settledAmount,
+            requestedAmount
+          );
+          settlementTxHash = settlement.settlementTxHash || null;
+        } catch (err) {
+          sendRejection(
+            res,
+            "SETTLEMENT_FAILED",
+            err?.message || "Payment verification succeeded but settlement failed"
+          );
+          return;
+        }
+      }
+      const verifiedContext = {
+        verified: true,
+        signer: verifiedSigner,
+        planId,
+        ratePerCall,
+        amount: requestedAmount.toString(),
+        settledAmount: settledAmount.toString(),
+        settlementTxHash,
+        sessionId,
+        paymentHeader,
+        timestamp: Date.now(),
+        rejectionReason: null
+      };
+      req.meapPayment = verifiedContext;
+      next();
+    } catch (error) {
+      console.error("[x402] Payment processing error:", error);
+      sendRejection(
+        res,
+        "PAYMENT_PROCESSING_FAILED",
+        error.message || "Payment processing failed"
+      );
+    }
+  };
+}
+
+// src/services/usage.ts
+import { createHash } from "crypto";
+import fs from "fs";
+import path from "path";
+import { pathToFileURL } from "url";
+import { createPublicClient as createPublicClient2, createWalletClient, http as http2 } from "viem";
+import { privateKeyToAccount } from "viem/accounts";
+import { sepolia as sepolia2, baseSepolia as baseSepolia2, base as base2 } from "viem/chains";
+import {
+  DEFAULT_CHAIN_ID,
+  ZKUsageVerifierABI,
+  getContractAddresses
+} from "@arcenpay/sdk";
+var UsageProofErrorCodes = {
+  TOOLING_UNAVAILABLE: "TOOLING_UNAVAILABLE",
+  ARTIFACTS_MISSING: "ARTIFACTS_MISSING",
+  ARTIFACT_VERSION_MISMATCH: "ARTIFACT_VERSION_MISMATCH",
+  INVALID_VERIFICATION_KEY: "INVALID_VERIFICATION_KEY",
+  INVALID_INPUT: "INVALID_INPUT",
+  PROOF_GENERATION_FAILED: "PROOF_GENERATION_FAILED",
+  PROOF_SIGNAL_MISMATCH: "PROOF_SIGNAL_MISMATCH"
+};
+var UsageProofError = class extends Error {
+  code;
+  cause;
+  constructor(code, message, cause) {
+    super(message);
+    this.name = "UsageProofError";
+    this.code = code;
+    this.cause = cause;
+  }
+};
+var CHAIN_MAP2 = {
+  11155111: sepolia2,
+  84532: baseSepolia2,
+  8453: base2
+};
+var MAX_ENTRIES = 128;
+var ZERO_ADDRESS = "0x0000000000000000000000000000000000000000";
+var UsageService = class {
+  logs = /* @__PURE__ */ new Map();
+  config;
+  signerAccount;
+  publicClient;
+  walletClient;
+  runtimeValidated = false;
+  constructor(config = {}) {
+    const chainId = config.chainId ?? DEFAULT_CHAIN_ID;
+    const chain = CHAIN_MAP2[chainId] || baseSepolia2;
+    const rpcUrl = config.rpcUrl || chain.rpcUrls.default.http[0];
+    const proofMode = config.proofMode ?? (process.env.NODE_ENV === "development" ? "dev" : "strict");
+    const circuitsRootDir = this.resolveCircuitsRoot(config.circuitsRootDir);
+    const buildDir = config.circuitBuildDir || path.join(circuitsRootDir, "build");
+    this.config = {
+      chainId,
+      rpcUrl,
+      proofMode,
+      circuitsRootDir,
+      circuitBuildDir: buildDir,
+      circuitWasmPath: config.circuitWasmPath || path.join(buildDir, "UsageBilling_js", "UsageBilling.wasm"),
+      zkeyPath: config.zkeyPath || path.join(buildDir, "circuit_final.zkey"),
+      verificationKeyPath: config.verificationKeyPath || path.join(buildDir, "verification_key.json"),
+      proveScriptPath: config.proveScriptPath || path.join(circuitsRootDir, "scripts", "prove.js"),
+      artifactVersion: config.artifactVersion || process.env.MEAP_PROOF_ARTIFACT_VERSION || "",
+      artifactManifestPath: config.artifactManifestPath || process.env.MEAP_PROOF_ARTIFACT_MANIFEST_PATH || path.join(circuitsRootDir, "artifact-manifest.json"),
+      signerPrivateKey: config.signerPrivateKey
+    };
+    if (config.signerPrivateKey) {
+      const key = config.signerPrivateKey.startsWith("0x") ? config.signerPrivateKey : `0x${config.signerPrivateKey}`;
+      this.signerAccount = privateKeyToAccount(key);
+    } else {
+      this.signerAccount = null;
+    }
+    this.publicClient = createPublicClient2({
+      chain,
+      transport: http2(rpcUrl)
+    });
+    if (this.signerAccount) {
+      this.walletClient = createWalletClient({
+        account: this.signerAccount,
+        chain,
+        transport: http2(rpcUrl)
+      });
+    } else {
+      this.walletClient = null;
+    }
+    if (this.config.proofMode === "strict") {
+      this.assertProofRuntimeReady();
+    }
+  }
+  getProofMode() {
+    return this.config.proofMode;
+  }
+  getProofRuntimeConfig() {
+    return {
+      proofMode: this.config.proofMode,
+      proveScriptPath: this.config.proveScriptPath,
+      circuitWasmPath: this.config.circuitWasmPath,
+      zkeyPath: this.config.zkeyPath,
+      verificationKeyPath: this.config.verificationKeyPath,
+      artifactVersion: this.config.artifactVersion,
+      artifactManifestPath: this.config.artifactManifestPath
+    };
+  }
+  assertProofRuntimeReady() {
+    this.assertProofTooling();
+    this.assertProofArtifacts();
+    this.assertVerificationKey();
+    this.runtimeValidated = true;
+  }
+  async logUsage(sessionId, callData) {
+    const message = JSON.stringify({
+      sessionId,
+      endpoint: callData.endpoint,
+      method: callData.method,
+      timestamp: callData.timestamp,
+      responseSize: callData.responseSize ?? 0
+    });
+    let signature = "";
+    if (this.signerAccount) {
+      try {
+        signature = await this.signerAccount.signMessage({ message });
+      } catch (err) {
+        console.error("[UsageService] Failed to sign log entry:", err);
+        signature = createHash("sha256").update(message).digest("hex");
+      }
+    } else {
+      signature = createHash("sha256").update(message).digest("hex");
+    }
+    const entry = { sessionId, callData, signature };
+    const existing = this.logs.get(sessionId) || [];
+    existing.push(entry);
+    this.logs.set(sessionId, existing);
+  }
+  getUsageCount(sessionId) {
+    return (this.logs.get(sessionId) || []).length;
+  }
+  getAllSessions() {
+    return Array.from(this.logs.keys());
+  }
+  aggregateUsage(sessionId, windowEnd) {
+    const logs = this.logs.get(sessionId) || [];
+    const windowLogs = logs.filter((entry) => entry.callData.timestamp <= windowEnd);
+    const windowStart = windowLogs.length > 0 ? Math.min(...windowLogs.map((entry) => entry.callData.timestamp)) : 0;
+    return {
+      sessionId,
+      callCount: windowLogs.length,
+      windowStart,
+      windowEnd,
+      logs: windowLogs
+    };
+  }
+  async generateProof(sessionId, windowEnd) {
+    const aggregation = this.aggregateUsage(sessionId, windowEnd);
+    if (aggregation.callCount <= 0) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.INVALID_INPUT,
+        `No usage entries available for session ${sessionId}.`
+      );
+    }
+    if (aggregation.callCount > MAX_ENTRIES) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.INVALID_INPUT,
+        `Usage batch too large (${aggregation.callCount} > ${MAX_ENTRIES}).`
+      );
+    }
+    if (aggregation.windowEnd <= aggregation.windowStart) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.INVALID_INPUT,
+        "Billing window end must be greater than window start."
+      );
+    }
+    const sessionIdBytes32 = this.normalizeBytes32(sessionId);
+    const agentAddress = this.signerAccount?.address || ZERO_ADDRESS;
+    const agentAddressBytes32 = this.addressToBytes32(agentAddress);
+    const logHashes = aggregation.logs.map((log) => this.hashUsageLog(log));
+    const logTimestamps = aggregation.logs.map(
+      (log) => String(log.callData.timestamp)
+    );
+    const circuitInput = {
+      agentAddress,
+      sessionId: sessionIdBytes32,
+      callCount: aggregation.callCount,
+      windowStart: aggregation.windowStart,
+      windowEnd: aggregation.windowEnd,
+      logHashes,
+      logTimestamps
+    };
+    let proofResult = null;
+    let publicSignals = null;
+    try {
+      this.assertProofRuntimeReady();
+      const prover = await this.loadCircuitProver();
+      proofResult = await prover.prove(circuitInput);
+      publicSignals = proofResult.publicSignals;
+      this.assertPublicSignals(publicSignals, aggregation, agentAddress, sessionIdBytes32, prover);
+    } catch (err) {
+      if (this.config.proofMode === "strict") {
+        throw this.wrapProofError(err);
+      }
+      console.warn(
+        "[UsageService] Proof generation unavailable in dev mode, using zero-proof envelope:",
+        err
+      );
+    }
+    const proof = proofResult ? {
+      a: [
+        BigInt(proofResult.proof.pi_a[0]),
+        BigInt(proofResult.proof.pi_a[1])
+      ],
+      b: [
+        [
+          BigInt(proofResult.proof.pi_b[0][1]),
+          BigInt(proofResult.proof.pi_b[0][0])
+        ],
+        [
+          BigInt(proofResult.proof.pi_b[1][1]),
+          BigInt(proofResult.proof.pi_b[1][0])
+        ]
+      ],
+      c: [
+        BigInt(proofResult.proof.pi_c[0]),
+        BigInt(proofResult.proof.pi_c[1])
+      ]
+    } : {
+      a: [0n, 0n],
+      b: [
+        [0n, 0n],
+        [0n, 0n]
+      ],
+      c: [0n, 0n]
+    };
+    const fallbackMerkleRoot = this.normalizeBytes32(logHashes.join(","));
+    const fallbackNullifier = this.normalizeBytes32(
+      `${sessionIdBytes32}:${aggregation.windowEnd}`
+    );
+    const publicInputs = publicSignals ? {
+      agentAddress: this.fieldToBytes32(publicSignals[0]),
+      sessionId: this.fieldToBytes32(publicSignals[1]),
+      callCount: BigInt(publicSignals[2]),
+      windowStart: BigInt(publicSignals[3]),
+      windowEnd: BigInt(publicSignals[4]),
+      merkleRoot: this.fieldToBytes32(publicSignals[5]),
+      nullifier: this.fieldToBytes32(publicSignals[6])
+    } : {
+      agentAddress: agentAddressBytes32,
+      sessionId: sessionIdBytes32,
+      callCount: BigInt(aggregation.callCount),
+      windowStart: BigInt(aggregation.windowStart),
+      windowEnd: BigInt(aggregation.windowEnd),
+      merkleRoot: fallbackMerkleRoot,
+      nullifier: fallbackNullifier
+    };
+    return { proof, publicInputs };
+  }
+  async submitProof(proof, publicInputs) {
+    if (!this.walletClient) {
+      throw new Error(
+        "UsageService: Cannot submit proof \u2014 no signer private key configured. Set signerPrivateKey in UsageServiceConfig."
+      );
+    }
+    const chainId = this.config.chainId ?? DEFAULT_CHAIN_ID;
+    const contracts = getContractAddresses(chainId);
+    const verifierAddress = contracts.zkUsageVerifier;
+    if (!verifierAddress || verifierAddress === "0x0000000000000000000000000000000000000000") {
+      throw new Error(
+        "UsageService: ZKUsageVerifier contract address not configured for this chain"
+      );
+    }
+    const onChainProof = {
+      a: proof.a,
+      b: proof.b,
+      c: proof.c
+    };
+    const onChainInputs = {
+      agentAddress: publicInputs.agentAddress,
+      sessionId: publicInputs.sessionId,
+      callCount: publicInputs.callCount,
+      windowStart: publicInputs.windowStart,
+      windowEnd: publicInputs.windowEnd,
+      merkleRoot: publicInputs.merkleRoot,
+      nullifier: publicInputs.nullifier
+    };
+    const txHash = await this.walletClient.writeContract({
+      address: verifierAddress,
+      abi: ZKUsageVerifierABI,
+      functionName: "submitProof",
+      args: [onChainProof, onChainInputs]
+    });
+    const receipt = await this.publicClient.waitForTransactionReceipt({
+      hash: txHash
+    });
+    return {
+      sessionId: publicInputs.sessionId,
+      agentAddress: publicInputs.agentAddress,
+      callCount: publicInputs.callCount,
+      settlementAmount: 0n,
+      windowStart: publicInputs.windowStart,
+      windowEnd: publicInputs.windowEnd,
+      transactionHash: receipt.transactionHash
+    };
+  }
+  clearLogs(sessionId, windowEnd) {
+    const logs = this.logs.get(sessionId) || [];
+    this.logs.set(
+      sessionId,
+      logs.filter((entry) => entry.callData.timestamp > windowEnd)
+    );
+  }
+  resolveCircuitsRoot(explicitRoot) {
+    if (explicitRoot) return path.resolve(explicitRoot);
+    const candidates = [
+      process.env.MEAP_CIRCUITS_DIR,
+      path.resolve(process.cwd(), "circuits"),
+      path.resolve(process.cwd(), "..", "..", "circuits"),
+      path.resolve(__dirname, "../../../../../circuits")
+    ].filter(Boolean);
+    for (const candidate of candidates) {
+      if (fs.existsSync(path.join(candidate, "UsageBilling.circom"))) {
+        return candidate;
+      }
+    }
+    return path.resolve(process.cwd(), "circuits");
+  }
+  assertProofTooling() {
+    if (!fs.existsSync(this.config.proveScriptPath)) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.TOOLING_UNAVAILABLE,
+        `Circuit prover script missing: ${this.config.proveScriptPath}`
+      );
+    }
+  }
+  assertProofArtifacts() {
+    const required = [
+      this.config.circuitWasmPath,
+      this.config.zkeyPath,
+      this.config.verificationKeyPath
+    ];
+    const missing = required.filter((artifactPath) => !fs.existsSync(artifactPath));
+    if (missing.length > 0) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.ARTIFACTS_MISSING,
+        `Missing proof artifact(s): ${missing.join(", ")}`
+      );
+    }
+    this.assertArtifactVersion();
+  }
+  assertArtifactVersion() {
+    const expectedVersion = this.config.artifactVersion?.trim();
+    const manifestPath = this.config.artifactManifestPath;
+    if (!fs.existsSync(manifestPath)) {
+      if (expectedVersion && this.config.proofMode === "strict") {
+        throw new UsageProofError(
+          UsageProofErrorCodes.ARTIFACTS_MISSING,
+          `Artifact version set (${expectedVersion}) but manifest missing: ${manifestPath}`
+        );
+      }
+      return;
+    }
+    let manifestVersion = "";
+    try {
+      const raw = fs.readFileSync(manifestPath, "utf8");
+      const parsed = JSON.parse(raw);
+      manifestVersion = String(parsed.version || "").trim();
+    } catch (err) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.ARTIFACTS_MISSING,
+        `Invalid artifact manifest JSON: ${manifestPath}`,
+        err
+      );
+    }
+    if (!expectedVersion) return;
+    if (!manifestVersion || manifestVersion !== expectedVersion) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.ARTIFACT_VERSION_MISMATCH,
+        `Artifact version mismatch (expected ${expectedVersion}, got ${manifestVersion || "missing"})`
+      );
+    }
+  }
+  assertVerificationKey() {
+    try {
+      const raw = fs.readFileSync(this.config.verificationKeyPath, "utf8");
+      const vkey = JSON.parse(raw);
+      if (vkey.protocol !== "groth16") {
+        throw new Error(`Unsupported protocol: ${String(vkey.protocol || "unknown")}`);
+      }
+      if (typeof vkey.nPublic === "number" && vkey.nPublic !== 7) {
+        throw new Error(`Expected 7 public inputs, received ${vkey.nPublic}`);
+      }
+    } catch (err) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.INVALID_VERIFICATION_KEY,
+        `Invalid verification key: ${this.config.verificationKeyPath}`,
+        err
+      );
+    }
+  }
+  wrapProofError(err) {
+    if (err instanceof UsageProofError) {
+      return err;
+    }
+    return new UsageProofError(
+      UsageProofErrorCodes.PROOF_GENERATION_FAILED,
+      "Failed to generate Groth16 proof.",
+      err
+    );
+  }
+  async loadCircuitProver() {
+    const moduleUrl = pathToFileURL(this.config.proveScriptPath).href;
+    const mod = await import(moduleUrl);
+    if (typeof mod.prove !== "function") {
+      throw new UsageProofError(
+        UsageProofErrorCodes.TOOLING_UNAVAILABLE,
+        "Circuit prover module does not export `prove()`."
+      );
+    }
+    return mod;
+  }
+  assertPublicSignals(actual, aggregation, agentAddress, sessionIdBytes32, prover) {
+    if (actual.length !== 7) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.PROOF_SIGNAL_MISMATCH,
+        `Public signal length mismatch (${actual.length} !== 7).`
+      );
+    }
+    const expectedAgentField = BigInt(agentAddress).toString();
+    const expectedSessionField = typeof prover.sessionIdToField === "function" ? prover.sessionIdToField(sessionIdBytes32) : this.toFieldElement(sessionIdBytes32);
+    if (BigInt(actual[0]) !== BigInt(expectedAgentField)) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.PROOF_SIGNAL_MISMATCH,
+        "Public signal mismatch at index 0 (agentAddress)."
+      );
+    }
+    if (BigInt(actual[1]) !== BigInt(expectedSessionField)) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.PROOF_SIGNAL_MISMATCH,
+        "Public signal mismatch at index 1 (sessionId)."
+      );
+    }
+    if (BigInt(actual[2]) !== BigInt(aggregation.callCount)) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.PROOF_SIGNAL_MISMATCH,
+        "Public signal mismatch at index 2 (callCount)."
+      );
+    }
+    if (BigInt(actual[3]) !== BigInt(aggregation.windowStart)) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.PROOF_SIGNAL_MISMATCH,
+        "Public signal mismatch at index 3 (windowStart)."
+      );
+    }
+    if (BigInt(actual[4]) !== BigInt(aggregation.windowEnd)) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.PROOF_SIGNAL_MISMATCH,
+        "Public signal mismatch at index 4 (windowEnd)."
+      );
+    }
+  }
+  hashUsageLog(log) {
+    const digest = createHash("sha256").update(JSON.stringify({ ...log.callData, sig: log.signature })).digest("hex");
+    return `0x${digest}`;
+  }
+  normalizeBytes32(value) {
+    if (/^0x[a-fA-F0-9]{64}$/.test(value)) {
+      return value.toLowerCase();
+    }
+    const hash = createHash("sha256").update(value).digest("hex");
+    return `0x${hash}`;
+  }
+  addressToBytes32(address) {
+    if (!/^0x[a-fA-F0-9]{40}$/.test(address)) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.INVALID_INPUT,
+        `Invalid address: ${address}`
+      );
+    }
+    return `0x${address.slice(2).padStart(64, "0")}`.toLowerCase();
+  }
+  fieldToBytes32(field) {
+    const value = BigInt(field);
+    if (value < 0n || value >= 2n ** 256n) {
+      throw new UsageProofError(
+        UsageProofErrorCodes.INVALID_INPUT,
+        `Field value out of bytes32 range: ${field}`
+      );
+    }
+    return `0x${value.toString(16).padStart(64, "0")}`.toLowerCase();
+  }
+  toFieldElement(input) {
+    const hex = Buffer.isBuffer(input) ? input.toString("hex") : input.replace(/^0x/, "");
+    const normalized = hex.length === 0 ? "0" : hex;
+    const truncated = normalized.slice(0, 62);
+    return BigInt(`0x${truncated || "0"}`).toString();
+  }
+};
+
+// src/services/settlement.ts
+import { createPublicClient as createPublicClient3, http as http3 } from "viem";
+import { sepolia as sepolia3, baseSepolia as baseSepolia3, base as base3 } from "viem/chains";
+import {
+  DEFAULT_CHAIN_ID as DEFAULT_CHAIN_ID2,
+  SessionVaultABI as SessionVaultABI2,
+  getContractAddresses as getContractAddresses2
+} from "@arcenpay/sdk";
+var CHAIN_MAP3 = {
+  11155111: sepolia3,
+  84532: baseSepolia3,
+  8453: base3
+};
+var SettlementService = class {
+  rpcUrl;
+  chainId;
+  zkVerifierAddress;
+  sessionVaultAddress;
+  watchers = [];
+  pollInterval = null;
+  lastBlock = 0n;
+  publicClient;
+  constructor(config) {
+    this.rpcUrl = config.rpcUrl;
+    this.chainId = config.chainId ?? DEFAULT_CHAIN_ID2;
+    const contracts = getContractAddresses2(this.chainId);
+    this.zkVerifierAddress = config.zkVerifierAddress || contracts.zkUsageVerifier;
+    this.sessionVaultAddress = config.sessionVaultAddress || contracts.sessionVault;
+    const chain = CHAIN_MAP3[this.chainId] || baseSepolia3;
+    this.publicClient = createPublicClient3({
+      chain,
+      transport: http3(this.rpcUrl)
+    });
+  }
+  /**
+   * Queries the SessionVault for remaining balance
+   */
+  async getSessionBalance(agentAddress) {
+    try {
+      const balance = await this.publicClient.readContract({
+        address: this.sessionVaultAddress,
+        abi: SessionVaultABI2,
+        functionName: "getAgentBalance",
+        args: [agentAddress]
+      });
+      return balance;
+    } catch (err) {
+      console.error("[SettlementService] Balance query failed:", err);
+      return 0n;
+    }
+  }
+  /**
+   * Gets details for a specific session
+   */
+  async getSessionDetails(sessionId) {
+    try {
+      const session = await this.publicClient.readContract({
+        address: this.sessionVaultAddress,
+        abi: SessionVaultABI2,
+        functionName: "getSession",
+        args: [sessionId]
+      });
+      return session;
+    } catch (err) {
+      console.error("[SettlementService] Session query failed:", err);
+      return null;
+    }
+  }
+  /**
+   * Subscribes to on-chain BillingSettled events
+   */
+  watchSettlements(callback, intervalMs = 1e4) {
+    this.watchers.push(callback);
+    if (!this.pollInterval) {
+      this.initBlockNumber().then(() => {
+        this.pollInterval = setInterval(async () => {
+          await this.pollSettlements();
+        }, intervalMs);
+      });
+    }
+    return () => {
+      this.watchers = this.watchers.filter((w) => w !== callback);
+      if (this.watchers.length === 0 && this.pollInterval) {
+        clearInterval(this.pollInterval);
+        this.pollInterval = null;
+      }
+    };
+  }
+  /**
+   * Initialize the starting block number for event polling
+   */
+  async initBlockNumber() {
+    try {
+      this.lastBlock = await this.publicClient.getBlockNumber();
+    } catch {
+      this.lastBlock = 0n;
+    }
+  }
+  /**
+   * Polls for new BillingSettled events from ZKUsageVerifier
+   */
+  async pollSettlements() {
+    try {
+      const currentBlock = await this.publicClient.getBlockNumber();
+      if (currentBlock <= this.lastBlock) return;
+      const logs = await this.publicClient.getLogs({
+        address: this.zkVerifierAddress,
+        event: {
+          type: "event",
+          name: "BillingSettled",
+          inputs: [
+            { name: "sessionId", type: "bytes32", indexed: true },
+            { name: "agentAddress", type: "bytes32", indexed: true },
+            { name: "callCount", type: "uint256", indexed: false },
+            { name: "settlementAmount", type: "uint256", indexed: false },
+            { name: "windowStart", type: "uint64", indexed: false },
+            { name: "windowEnd", type: "uint64", indexed: false }
+          ]
+        },
+        fromBlock: this.lastBlock + 1n,
+        toBlock: currentBlock
+      });
+      for (const log of logs) {
+        const settlement = {
+          sessionId: log.args.sessionId,
+          agentAddress: log.args.agentAddress,
+          callCount: log.args.callCount,
+          settlementAmount: log.args.settlementAmount,
+          windowStart: log.args.windowStart,
+          windowEnd: log.args.windowEnd,
+          transactionHash: log.transactionHash
+        };
+        this.watchers.forEach((cb) => cb(settlement));
+      }
+      this.lastBlock = currentBlock;
+    } catch (err) {
+      console.error("[SettlementService] Polling error:", err);
+    }
+  }
+  /**
+   * Stops all settlement watchers
+   */
+  stop() {
+    if (this.pollInterval) {
+      clearInterval(this.pollInterval);
+      this.pollInterval = null;
+    }
+    this.watchers = [];
+  }
+};
+
+// src/services/settlement-writer.ts
+import { createPublicClient as createPublicClient4, createWalletClient as createWalletClient2, http as http4, isAddress as isAddress2 } from "viem";
+import { privateKeyToAccount as privateKeyToAccount2 } from "viem/accounts";
+import { sepolia as sepolia4, baseSepolia as baseSepolia4, base as base4 } from "viem/chains";
+import {
+  DEFAULT_CHAIN_ID as DEFAULT_CHAIN_ID3,
+  SessionVaultABI as SessionVaultABI3,
+  FeeCollectorABI,
+  getContractAddresses as getContractAddresses3
+} from "@arcenpay/sdk";
+var CHAIN_MAP4 = {
+  11155111: sepolia4,
+  84532: baseSepolia4,
+  8453: base4
+};
+function isBytes32(value) {
+  return /^0x[a-fA-F0-9]{64}$/.test(value);
+}
+function normalizeSession(raw) {
+  const value = raw;
+  const agent = value?.agent ?? value?.[0] ?? "0x0000000000000000000000000000000000000000";
+  const token = value?.token ?? value?.[1] ?? "0x0000000000000000000000000000000000000000";
+  const balance = BigInt(value?.balance ?? value?.[2] ?? 0n);
+  const totalFunded = BigInt(value?.totalFunded ?? value?.[3] ?? 0n);
+  const totalSettled = BigInt(value?.totalSettled ?? value?.[4] ?? 0n);
+  const active = Boolean(value?.active ?? value?.[5] ?? false);
+  const createdAt = BigInt(value?.createdAt ?? value?.[6] ?? 0n);
+  return {
+    agent,
+    token,
+    balance,
+    totalFunded,
+    totalSettled,
+    active,
+    createdAt
+  };
+}
+var SettlementWriterService = class {
+  chainId;
+  sessionVaultAddress;
+  feeCollectorAddress;
+  providerAddress;
+  signerAddress;
+  waitForReceipt;
+  publicClient;
+  walletClient;
+  constructor(config) {
+    this.chainId = config.chainId ?? DEFAULT_CHAIN_ID3;
+    const chain = CHAIN_MAP4[this.chainId] || baseSepolia4;
+    const contracts = getContractAddresses3(this.chainId);
+    this.sessionVaultAddress = config.sessionVaultAddress || contracts.sessionVault;
+    this.feeCollectorAddress = config.feeCollectorAddress || contracts.feeCollector;
+    const account = privateKeyToAccount2(config.privateKey);
+    this.signerAddress = account.address;
+    this.providerAddress = config.providerAddress || account.address;
+    this.waitForReceipt = config.waitForReceipt ?? true;
+    if (!isAddress2(this.sessionVaultAddress)) {
+      throw new Error("Invalid SessionVault address for SettlementWriterService");
+    }
+    if (!isAddress2(this.providerAddress)) {
+      throw new Error("Invalid provider address for SettlementWriterService");
+    }
+    this.publicClient = createPublicClient4({
+      chain,
+      transport: http4(config.rpcUrl || chain.rpcUrls.default.http[0])
+    });
+    this.walletClient = createWalletClient2({
+      account,
+      chain,
+      transport: http4(config.rpcUrl || chain.rpcUrls.default.http[0])
+    });
+  }
+  getSignerAddress() {
+    return this.signerAddress;
+  }
+  getSessionVaultAddress() {
+    return this.sessionVaultAddress;
+  }
+  async isSignerAuthorized(address = this.signerAddress) {
+    if (!isAddress2(address)) {
+      return false;
+    }
+    const authorized = await this.publicClient.readContract({
+      address: this.sessionVaultAddress,
+      abi: SessionVaultABI3,
+      functionName: "authorizedSettlers",
+      args: [address]
+    });
+    return Boolean(authorized);
+  }
+  async getSession(sessionId) {
+    const rawSession = await this.publicClient.readContract({
+      address: this.sessionVaultAddress,
+      abi: SessionVaultABI3,
+      functionName: "getSession",
+      args: [sessionId]
+    });
+    return normalizeSession(rawSession);
+  }
+  async resolveSessionId(sessionIdHint, signer) {
+    const trimmedHint = sessionIdHint.trim();
+    if (isBytes32(trimmedHint)) {
+      return trimmedHint;
+    }
+    const sessionIds = await this.publicClient.readContract({
+      address: this.sessionVaultAddress,
+      abi: SessionVaultABI3,
+      functionName: "getAgentSessions",
+      args: [signer]
+    });
+    if (!sessionIds.length) {
+      throw new Error("No billing session found for signer");
+    }
+    for (let idx = sessionIds.length - 1; idx >= 0; idx -= 1) {
+      const candidate = sessionIds[idx];
+      const session = await this.getSession(candidate);
+      if (session.active && session.balance > 0n) {
+        return candidate;
+      }
+    }
+    throw new Error("No active billing session found for signer");
+  }
+  async settleForSigner(input) {
+    if (!isAddress2(input.signer)) {
+      throw new Error("Invalid signer address for settlement");
+    }
+    if (input.amount <= 0n) {
+      throw new Error("Settlement amount must be greater than zero");
+    }
+    const resolvedSessionId = await this.resolveSessionId(input.sessionIdHint, input.signer);
+    const session = await this.getSession(resolvedSessionId);
+    if (!session.active) {
+      throw new Error("Session is not active");
+    }
+    if (session.agent.toLowerCase() !== input.signer.toLowerCase()) {
+      throw new Error("Session owner does not match payment signer");
+    }
+    if (session.balance < input.amount) {
+      throw new Error(
+        `Session balance too low for settlement (balance=${session.balance.toString()}, required=${input.amount.toString()})`
+      );
+    }
+    const providerAddress = input.providerAddress || this.providerAddress;
+    if (!isAddress2(providerAddress)) {
+      throw new Error("Invalid settlement provider address");
+    }
+    const txHash = await this.walletClient.writeContract({
+      address: this.sessionVaultAddress,
+      abi: SessionVaultABI3,
+      functionName: "settle",
+      args: [resolvedSessionId, input.amount, providerAddress]
+    });
+    if (this.waitForReceipt) {
+      await this.publicClient.waitForTransactionReceipt({ hash: txHash });
+    }
+    if (isAddress2(this.feeCollectorAddress)) {
+      try {
+        const feeTxHash = await this.walletClient.writeContract({
+          address: this.feeCollectorAddress,
+          abi: FeeCollectorABI,
+          functionName: "collectSettlementFeeFor",
+          args: [input.amount, providerAddress]
+        });
+        if (this.waitForReceipt) {
+          await this.publicClient.waitForTransactionReceipt({ hash: feeTxHash });
+        }
+      } catch (err) {
+        console.warn("[SettlementWriter] Fee collection failed (non-fatal):", err);
+      }
+    }
+    return {
+      transactionHash: txHash,
+      settledAmount: input.amount,
+      sessionId: resolvedSessionId,
+      providerAddress
+    };
+  }
+};
+
+// src/services/events.ts
+import { createPublicClient as createPublicClient5, http as http5 } from "viem";
+import { sepolia as sepolia5, baseSepolia as baseSepolia5, base as base5 } from "viem/chains";
+import { DEFAULT_CHAIN_ID as DEFAULT_CHAIN_ID4, getContractAddresses as getContractAddresses4 } from "@arcenpay/sdk";
+var CHAIN_MAP5 = {
+  11155111: sepolia5,
+  84532: baseSepolia5,
+  8453: base5
+};
+var EventListenerService = class {
+  publicClient;
+  registryAddress;
+  autopayModuleAddress;
+  callbacks = /* @__PURE__ */ new Map();
+  pollInterval = null;
+  lastBlock = 0n;
+  constructor(config) {
+    const chainId = config.chainId ?? DEFAULT_CHAIN_ID4;
+    const chain = CHAIN_MAP5[chainId] || baseSepolia5;
+    const contracts = getContractAddresses4(chainId);
+    this.registryAddress = config.registryAddress || contracts.subscriptionRegistry;
+    this.autopayModuleAddress = contracts.autopayModule;
+    this.publicClient = createPublicClient5({
+      chain,
+      transport: http5(config.rpcUrl)
+    });
+  }
+  /**
+   * Register a callback for a specific event type (or '*' for all events)
+   */
+  on(eventType, callback) {
+    const existing = this.callbacks.get(eventType) || [];
+    existing.push(callback);
+    this.callbacks.set(eventType, existing);
+    return () => {
+      const cbs = this.callbacks.get(eventType) || [];
+      this.callbacks.set(eventType, cbs.filter((cb) => cb !== callback));
+    };
+  }
+  /**
+   * Start polling for events at the given interval
+   */
+  async start(intervalMs = 12e3) {
+    try {
+      this.lastBlock = await this.publicClient.getBlockNumber();
+    } catch {
+      this.lastBlock = 0n;
+    }
+    console.log(`[EventListener] Watching SubscriptionRegistry at ${this.registryAddress} from block ${this.lastBlock}`);
+    this.pollInterval = setInterval(async () => {
+      await this.poll();
+    }, intervalMs);
+  }
+  /**
+   * Stop polling
+   */
+  stop() {
+    if (this.pollInterval) {
+      clearInterval(this.pollInterval);
+      this.pollInterval = null;
+    }
+    console.log("[EventListener] Stopped");
+  }
+  /**
+   * Poll for new events since lastBlock
+   */
+  async poll() {
+    try {
+      const currentBlock = await this.publicClient.getBlockNumber();
+      if (currentBlock <= this.lastBlock) return;
+      const addr = this.registryAddress;
+      const from = this.lastBlock + 1n;
+      const [mintedLogs, renewedLogs, cancelledLogs, planChangedLogs, billingLogs] = await Promise.all([
+        this.publicClient.getLogs({
+          address: addr,
+          event: {
+            type: "event",
+            name: "SubscriptionMinted",
+            inputs: [
+              { name: "subscriber", type: "address", indexed: true },
+              { name: "tokenId", type: "uint256", indexed: true },
+              { name: "planId", type: "uint256", indexed: true },
+              { name: "expiration", type: "uint64", indexed: false }
+            ]
+          },
+          fromBlock: from,
+          toBlock: currentBlock
+        }),
+        this.publicClient.getLogs({
+          address: addr,
+          event: {
+            type: "event",
+            name: "SubscriptionRenewed",
+            inputs: [
+              { name: "tokenId", type: "uint256", indexed: true },
+              { name: "newExpiration", type: "uint64", indexed: false },
+              { name: "amountPaid", type: "uint256", indexed: false }
+            ]
+          },
+          fromBlock: from,
+          toBlock: currentBlock
+        }),
+        this.publicClient.getLogs({
+          address: addr,
+          event: {
+            type: "event",
+            name: "SubscriptionCancelled",
+            inputs: [
+              { name: "tokenId", type: "uint256", indexed: true }
+            ]
+          },
+          fromBlock: from,
+          toBlock: currentBlock
+        }),
+        this.publicClient.getLogs({
+          address: addr,
+          event: {
+            type: "event",
+            name: "SubscriptionPlanChanged",
+            inputs: [
+              { name: "tokenId", type: "uint256", indexed: true },
+              { name: "previousPlanId", type: "uint256", indexed: true },
+              { name: "newPlanId", type: "uint256", indexed: true },
+              { name: "expiration", type: "uint64", indexed: false }
+            ]
+          },
+          fromBlock: from,
+          toBlock: currentBlock
+        }),
+        this.publicClient.getLogs({
+          address: this.autopayModuleAddress,
+          event: {
+            type: "event",
+            name: "BillingExecuted",
+            inputs: [
+              { name: "account", type: "address", indexed: true },
+              { name: "merchant", type: "address", indexed: true },
+              { name: "tokenId", type: "uint256", indexed: true },
+              { name: "planId", type: "uint256", indexed: false },
+              { name: "reason", type: "uint8", indexed: false },
+              { name: "grossAmount", type: "uint256", indexed: false },
+              { name: "merchantAmount", type: "uint256", indexed: false },
+              { name: "protocolFee", type: "uint256", indexed: false },
+              { name: "timestamp", type: "uint256", indexed: false }
+            ]
+          },
+          fromBlock: from,
+          toBlock: currentBlock
+        })
+      ]);
+      for (const log of mintedLogs) {
+        await this.emit({
+          type: "minted",
+          tokenId: log.args.tokenId,
+          subscriber: log.args.subscriber,
+          planId: log.args.planId,
+          expiration: log.args.expiration,
+          transactionHash: log.transactionHash,
+          blockNumber: log.blockNumber,
+          timestamp: Date.now()
+        });
+      }
+      for (const log of renewedLogs) {
+        await this.emit({
+          type: "renewed",
+          tokenId: log.args.tokenId,
+          expiration: log.args.newExpiration,
+          amountPaid: log.args.amountPaid,
+          transactionHash: log.transactionHash,
+          blockNumber: log.blockNumber,
+          timestamp: Date.now()
+        });
+      }
+      for (const log of cancelledLogs) {
+        await this.emit({
+          type: "cancelled",
+          tokenId: log.args.tokenId,
+          transactionHash: log.transactionHash,
+          blockNumber: log.blockNumber,
+          timestamp: Date.now()
+        });
+      }
+      for (const log of planChangedLogs) {
+        await this.emit({
+          type: "plan_changed",
+          tokenId: log.args.tokenId,
+          planId: log.args.newPlanId,
+          previousPlanId: log.args.previousPlanId,
+          expiration: log.args.expiration,
+          transactionHash: log.transactionHash,
+          blockNumber: log.blockNumber,
+          timestamp: Date.now()
+        });
+      }
+      for (const log of billingLogs) {
+        await this.emit({
+          type: "billing_executed",
+          tokenId: log.args.tokenId,
+          account: log.args.account,
+          merchant: log.args.merchant,
+          planId: log.args.planId,
+          billingReason: log.args.reason,
+          amountPaid: log.args.grossAmount,
+          merchantAmount: log.args.merchantAmount,
+          protocolFee: log.args.protocolFee,
+          transactionHash: log.transactionHash,
+          blockNumber: log.blockNumber,
+          timestamp: Number(log.args.timestamp ?? Date.now())
+        });
+      }
+      this.lastBlock = currentBlock;
+    } catch (err) {
+      console.error("[EventListener] Polling error:", err);
+    }
+  }
+  /**
+   * Dispatch event to registered callbacks
+   */
+  async emit(event) {
+    console.log(`[EventListener] ${event.type} \u2014 tokenId=${event.tokenId} tx=${event.transactionHash}`);
+    const typeCallbacks = this.callbacks.get(event.type) || [];
+    const wildcardCallbacks = this.callbacks.get("*") || [];
+    for (const cb of [...typeCallbacks, ...wildcardCallbacks]) {
+      try {
+        await cb(event);
+      } catch (err) {
+        console.error(`[EventListener] Callback error for ${event.type}:`, err);
+      }
+    }
+  }
+};
+
+// src/services/webhooks.ts
+import { createHmac } from "crypto";
+var DEFAULT_RETRY_DELAYS = [1e3, 5e3, 3e4, 3e5, 18e5];
+var WebhookService = class {
+  config;
+  deliveryLog = [];
+  pendingRetries = /* @__PURE__ */ new Map();
+  constructor(config) {
+    this.config = {
+      maxRetries: 5,
+      retryDelays: DEFAULT_RETRY_DELAYS,
+      ...config
+    };
+  }
+  /**
+   * Deliver a webhook for a subscription event
+   */
+  async deliverEvent(event) {
+    const payload = {
+      event: `subscription.${event.type}`,
+      timestamp: event.timestamp,
+      data: {
+        tokenId: event.tokenId?.toString(),
+        subscriber: event.subscriber,
+        planId: event.planId?.toString(),
+        expiration: event.expiration?.toString(),
+        amountPaid: event.amountPaid?.toString(),
+        txHash: event.transactionHash,
+        blockNumber: event.blockNumber?.toString()
+      }
+    };
+    await this.deliver(payload);
+  }
+  /**
+   * Deliver an arbitrary webhook payload
+   */
+  async deliver(payload, attempt = 1) {
+    const id = `${payload.event}-${payload.timestamp}-${attempt}`;
+    const body = JSON.stringify(payload);
+    const signature = this.sign(body);
+    try {
+      const response = await fetch(this.config.url, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "X-MEAP-Signature": signature,
+          "X-MEAP-Delivery": id,
+          "User-Agent": "MEAP-Webhook/1.0"
+        },
+        body,
+        signal: AbortSignal.timeout(1e4)
+      });
+      this.log({
+        id,
+        event: payload.event,
+        url: this.config.url,
+        statusCode: response.status,
+        attemptNumber: attempt,
+        deliveredAt: Date.now(),
+        success: response.ok
+      });
+      await this.persistDelivery(this.deliveryLog[this.deliveryLog.length - 1], payload);
+      if (!response.ok && attempt < this.config.maxRetries) {
+        await this.scheduleRetry(payload, attempt);
+      }
+    } catch (err) {
+      this.log({
+        id,
+        event: payload.event,
+        url: this.config.url,
+        statusCode: null,
+        attemptNumber: attempt,
+        deliveredAt: Date.now(),
+        success: false,
+        error: err.message
+      });
+      await this.persistDelivery(this.deliveryLog[this.deliveryLog.length - 1], payload);
+      if (attempt < this.config.maxRetries) {
+        await this.scheduleRetry(payload, attempt);
+      }
+    }
+  }
+  /**
+   * HMAC-SHA256 signature of the payload body
+   */
+  sign(body) {
+    return createHmac("sha256", this.config.secret).update(body).digest("hex");
+  }
+  /**
+   * Schedule a retry with exponential backoff
+   */
+  async scheduleRetry(payload, currentAttempt) {
+    const delay = this.config.retryDelays[currentAttempt - 1] || 18e5;
+    const retryId = `retry-${payload.event}-${currentAttempt}`;
+    console.log(`[Webhook] Scheduling retry ${currentAttempt + 1} in ${delay}ms for ${payload.event}`);
+    const timer = setTimeout(() => {
+      this.deliver(payload, currentAttempt + 1);
+      this.pendingRetries.delete(retryId);
+    }, delay);
+    this.pendingRetries.set(retryId, timer);
+  }
+  /**
+   * Log a delivery attempt
+   */
+  log(entry) {
+    this.deliveryLog.push(entry);
+    if (this.deliveryLog.length > 1e3) {
+      this.deliveryLog = this.deliveryLog.slice(-500);
+    }
+    console.log(`[Webhook] ${entry.success ? "\u2705" : "\u274C"} ${entry.event} \u2192 ${entry.statusCode} (attempt ${entry.attemptNumber})`);
+  }
+  async persistDelivery(entry, payload) {
+    if (!entry || !this.config.onDelivery) return;
+    try {
+      await this.config.onDelivery(entry, payload);
+    } catch (err) {
+      console.error("[Webhook] onDelivery callback failed:", err);
+    }
+  }
+  /**
+   * Get the delivery log for dashboard display
+   */
+  getDeliveryLog(limit = 50) {
+    return this.deliveryLog.slice(-limit).reverse();
+  }
+  /**
+   * Verify an incoming webhook signature (for consumers).
+   *
+   * @example
+   * ```ts
+   * import { verifyWebhookSignature } from '@arcenpay/node';
+   *
+   * app.post('/webhooks/meap', (req, res) => {
+   *   const raw = JSON.stringify(req.body);
+   *   const sig = req.headers['x-meap-signature'] as string;
+   *   if (!verifyWebhookSignature(raw, sig, process.env.MEAP_WEBHOOK_SECRET!)) {
+   *     return res.status(401).json({ error: 'Invalid signature' });
+   *   }
+   * });
+   * ```
+   */
+  static verifySignature(body, signature, secret) {
+    const expected = createHmac("sha256", secret).update(body).digest("hex");
+    return expected === signature;
+  }
+  /**
+   * Cancel all pending retries and clean up
+   */
+  stop() {
+    for (const timer of this.pendingRetries.values()) {
+      clearTimeout(timer);
+    }
+    this.pendingRetries.clear();
+  }
+};
+function verifyWebhookSignature(body, signature, secret) {
+  return WebhookService.verifySignature(body, signature, secret);
+}
+
+// src/services/email.ts
+var EmailService = class {
+  apiKey;
+  fromAddress;
+  brandName;
+  constructor(config) {
+    this.apiKey = config.apiKey;
+    this.fromAddress = config.fromAddress;
+    this.brandName = config.brandName || "ArcenPay";
+  }
+  /**
+   * Send an email using a pre-defined template
+   */
+  async sendTemplate(template, recipient, data) {
+    const payload = this.buildEmail(template, recipient, data);
+    try {
+      const response = await fetch("https://api.resend.com/emails", {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${this.apiKey}`,
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          from: `${this.brandName} <${this.fromAddress}>`,
+          to: [payload.to],
+          subject: payload.subject,
+          html: payload.html
+        })
+      });
+      if (!response.ok) {
+        const err = await response.text();
+        console.error(`[Email] Failed to send ${template}:`, err);
+        return { success: false, error: err };
+      }
+      const result = await response.json();
+      console.log(`[Email] \u2705 Sent ${template} to ${recipient.email} (${result.id})`);
+      return { success: true, messageId: result.id };
+    } catch (err) {
+      console.error(`[Email] Error sending ${template}:`, err.message);
+      return { success: false, error: err.message };
+    }
+  }
+  /**
+   * Build the email payload for a given template
+   */
+  buildEmail(template, recipient, data) {
+    const shortAddr = `${data.walletAddress?.slice(0, 6)}...${data.walletAddress?.slice(-4)}`;
+    const templates = {
+      welcome: {
+        subject: `Welcome to ${this.brandName}!`,
+        body: `
+          <h2>Welcome to ${this.brandName}! \u{1F389}</h2>
+          <p>Your subscription is now active.</p>
+          <table style="border-collapse:collapse;width:100%;max-width:400px">
+            <tr><td style="padding:8px;border-bottom:1px solid #eee"><strong>Plan</strong></td><td style="padding:8px;border-bottom:1px solid #eee">${data.planTier || "Pro"}</td></tr>
+            <tr><td style="padding:8px;border-bottom:1px solid #eee"><strong>Wallet</strong></td><td style="padding:8px;border-bottom:1px solid #eee"><code>${shortAddr}</code></td></tr>
+            <tr><td style="padding:8px;border-bottom:1px solid #eee"><strong>Expires</strong></td><td style="padding:8px;border-bottom:1px solid #eee">${data.expiresAt || "N/A"}</td></tr>
+            <tr><td style="padding:8px"><strong>Token ID</strong></td><td style="padding:8px">#${data.tokenId || "\u2014"}</td></tr>
+          </table>
+          <p style="margin-top:16px;color:#888">Transaction: <a href="${data.explorerUrl || "#"}">${data.txHash?.slice(0, 16) || ""}...</a></p>
+        `
+      },
+      renewal_receipt: {
+        subject: `${this.brandName} \u2014 Subscription Renewed`,
+        body: `
+          <h2>Subscription Renewed \u2705</h2>
+          <p>Your subscription has been automatically renewed.</p>
+          <table style="border-collapse:collapse;width:100%;max-width:400px">
+            <tr><td style="padding:8px;border-bottom:1px solid #eee"><strong>Amount</strong></td><td style="padding:8px;border-bottom:1px solid #eee">${data.amount || "0"} USDC</td></tr>
+            <tr><td style="padding:8px;border-bottom:1px solid #eee"><strong>New Expiry</strong></td><td style="padding:8px;border-bottom:1px solid #eee">${data.expiresAt || "N/A"}</td></tr>
+            <tr><td style="padding:8px"><strong>Wallet</strong></td><td style="padding:8px"><code>${shortAddr}</code></td></tr>
+          </table>
+          <p style="margin-top:16px;color:#888">Transaction: <a href="${data.explorerUrl || "#"}">${data.txHash?.slice(0, 16) || ""}...</a></p>
+        `
+      },
+      payment_failed: {
+        subject: `\u26A0\uFE0F ${this.brandName} \u2014 Payment Failed`,
+        body: `
+          <h2>Payment Failed \u26A0\uFE0F</h2>
+          <p>We were unable to process your subscription renewal.</p>
+          <p><strong>Reason:</strong> ${data.reason || "Insufficient balance"}</p>
+          <p><strong>Wallet:</strong> <code>${shortAddr}</code></p>
+          <p>Please ensure your smart account has sufficient USDC balance to avoid service interruption.</p>
+        `
+      },
+      subscription_expiring: {
+        subject: `${this.brandName} \u2014 Subscription Expiring Soon`,
+        body: `
+          <h2>Subscription Expiring Soon \u23F0</h2>
+          <p>Your subscription will expire on <strong>${data.expiresAt || "soon"}</strong>.</p>
+          <p>Please ensure your wallet has sufficient balance for automatic renewal, or renew manually.</p>
+          <p><strong>Wallet:</strong> <code>${shortAddr}</code></p>
+        `
+      },
+      access_revoked: {
+        subject: `${this.brandName} \u2014 Access Revoked`,
+        body: `
+          <h2>Access Revoked</h2>
+          <p>Your subscription has been cancelled and access has been revoked.</p>
+          <p><strong>Token ID:</strong> #${data.tokenId || "\u2014"}</p>
+          <p><strong>Wallet:</strong> <code>${shortAddr}</code></p>
+          <p>You can re-subscribe at any time to restore access.</p>
+        `
+      },
+      low_session_balance: {
+        subject: `\u26A0\uFE0F ${this.brandName} \u2014 Low Session Balance`,
+        body: `
+          <h2>Low Session Balance \u26A0\uFE0F</h2>
+          <p>Your ZKVUB session vault balance is running low.</p>
+          <table style="border-collapse:collapse;width:100%;max-width:400px">
+            <tr><td style="padding:8px;border-bottom:1px solid #eee"><strong>Remaining</strong></td><td style="padding:8px;border-bottom:1px solid #eee">${data.remaining || "0"} USDC</td></tr>
+            <tr><td style="padding:8px"><strong>Session ID</strong></td><td style="padding:8px"><code>${data.sessionId?.slice(0, 16) || ""}...</code></td></tr>
+          </table>
+          <p>Please deposit additional USDC to avoid service interruption.</p>
+        `
+      }
+    };
+    const tpl = templates[template];
+    return {
+      to: recipient.email,
+      subject: tpl.subject,
+      html: this.wrapInLayout(tpl.body)
+    };
+  }
+  /**
+   * Wrap template body in a consistent email layout
+   */
+  wrapInLayout(body) {
+    return `
+      <!DOCTYPE html>
+      <html>
+      <head><meta charset="utf-8"></head>
+      <body style="font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;max-width:600px;margin:0 auto;padding:20px;color:#1a1a2e;background:#fafafa">
+        <div style="background:#fff;border-radius:12px;padding:32px;box-shadow:0 2px 8px rgba(0,0,0,0.06)">
+          ${body}
+        </div>
+        <div style="text-align:center;margin-top:24px;font-size:12px;color:#999">
+          <p>${this.brandName} \u2014 MEAP + ZKVUB Protocol</p>
+          <p>Powered by on-chain entitlements</p>
+        </div>
+      </body>
+      </html>
+    `;
+  }
+};
+
+// src/services/lit.ts
+import { LIT_NETWORK } from "@lit-protocol/constants";
+import { decryptToString, encryptString } from "@lit-protocol/encryption";
+import { LitNodeClient } from "@lit-protocol/lit-node-client";
+var LitProtocolService = class {
+  config;
+  litClient = null;
+  constructor(config) {
+    this.config = config;
+  }
+  async connect() {
+    const litNetwork = (() => {
+      switch (this.config.network) {
+        case "habanero":
+        case "datil":
+          return LIT_NETWORK.Datil;
+        case "datil-test":
+        case "manzano":
+          return LIT_NETWORK.DatilTest;
+        case "datil-dev":
+        default:
+          return LIT_NETWORK.DatilDev;
+      }
+    })();
+    this.litClient = new LitNodeClient({
+      litNetwork,
+      debug: false
+    });
+    await this.litClient.connect();
+    console.log(`[LitProtocol] Connected to ${litNetwork}`);
+  }
+  buildSubscriptionACC(_walletAddress) {
+    return [
+      {
+        contractAddress: this.config.registryAddress,
+        standardContractType: "Custom",
+        chain: this.config.chain,
+        method: "hasActiveSubscription",
+        parameters: [":userAddress"],
+        returnValueTest: {
+          comparator: "=",
+          value: "true"
+        }
+      }
+    ];
+  }
+  buildTierACC(minimumTier) {
+    const tierOrder = { starter: 1, pro: 2, enterprise: 3 };
+    const minValue = tierOrder[minimumTier] || 1;
+    return [
+      {
+        contractAddress: this.config.registryAddress,
+        standardContractType: "Custom",
+        chain: this.config.chain,
+        method: "hasActiveSubscription",
+        parameters: [":userAddress"],
+        returnValueTest: {
+          comparator: "=",
+          value: "true"
+        }
+      },
+      {
+        contractAddress: this.config.registryAddress,
+        standardContractType: "Custom",
+        chain: this.config.chain,
+        method: "getWalletSubscription",
+        parameters: [":userAddress"],
+        returnValueTest: {
+          comparator: ">=",
+          value: String(minValue > 0 ? 1 : 0)
+        }
+      }
+    ];
+  }
+  async encrypt(content, accessConditions) {
+    this.ensureConnected();
+    const result = await encryptString(
+      {
+        accessControlConditions: accessConditions,
+        chain: this.config.chain,
+        dataToEncrypt: content
+      },
+      this.litClient
+    );
+    return {
+      ciphertext: result.ciphertext,
+      dataToEncryptHash: result.dataToEncryptHash
+    };
+  }
+  async decrypt(ciphertext, dataToEncryptHash, accessConditions, auth) {
+    this.ensureConnected();
+    if (!auth?.authSig && !auth?.sessionSigs) {
+      throw new Error(
+        "[LitProtocol] Missing auth input. Provide authSig or sessionSigs for decryption."
+      );
+    }
+    const decrypted = await decryptToString(
+      {
+        accessControlConditions: accessConditions,
+        chain: this.config.chain,
+        ciphertext,
+        dataToEncryptHash,
+        ...auth.authSig ? { authSig: auth.authSig } : {},
+        ...auth.sessionSigs ? { sessionSigs: auth.sessionSigs } : {}
+      },
+      this.litClient
+    );
+    return decrypted;
+  }
+  async disconnect() {
+    if (this.litClient) {
+      await this.litClient.disconnect();
+      this.litClient = null;
+    }
+    console.log("[LitProtocol] Disconnected");
+  }
+  ensureConnected() {
+    if (!this.litClient) {
+      throw new Error("[LitProtocol] Not connected. Call connect() first.");
+    }
+  }
+};
+
+// src/services/aggregator.ts
+import { createHash as createHash2 } from "crypto";
+var AggregatorService = class {
+  logs = /* @__PURE__ */ new Map();
+  merkleRoots = /* @__PURE__ */ new Map();
+  settlementThreshold;
+  constructor(config) {
+    this.settlementThreshold = config?.settlementThreshold || 100;
+  }
+  /**
+   * Append a signed usage entry
+   */
+  addEntry(entry) {
+    const existing = this.logs.get(entry.sessionId) || [];
+    existing.push(entry);
+    this.logs.set(entry.sessionId, existing);
+    const thresholdReached = existing.length >= this.settlementThreshold;
+    if (thresholdReached) {
+      console.log(`[Aggregator] Threshold reached for session ${entry.sessionId} (${existing.length} entries)`);
+    }
+    return { totalEntries: existing.length, thresholdReached };
+  }
+  /**
+   * Build a Merkle tree from session's usage logs
+   * Returns the Merkle root hash
+   */
+  buildMerkleTree(sessionId) {
+    const entries = this.logs.get(sessionId) || [];
+    if (entries.length === 0) return "0x" + "0".repeat(64);
+    const leaves = entries.map(
+      (entry) => this.hashEntry(entry)
+    );
+    const root = this.computeMerkleRoot(leaves);
+    this.merkleRoots.set(sessionId, root);
+    console.log(`[Aggregator] Merkle root for ${sessionId}: ${root} (${entries.length} leaves)`);
+    return root;
+  }
+  /**
+   * Get circuit inputs for zk-SNARK proving
+   * These inputs are passed to the Circom circuit
+   */
+  getCircuitInputs(sessionId) {
+    const entries = this.logs.get(sessionId) || [];
+    const merkleRoot = this.merkleRoots.get(sessionId) || this.buildMerkleTree(sessionId);
+    const timestamps = entries.map((e) => e.timestamp);
+    const windowStart = timestamps.length > 0 ? Math.min(...timestamps) : 0;
+    const windowEnd = timestamps.length > 0 ? Math.max(...timestamps) : 0;
+    return {
+      callCount: entries.length,
+      merkleRoot,
+      windowStart,
+      windowEnd,
+      logHashes: entries.map((e) => this.hashEntry(e))
+    };
+  }
+  /**
+   * Clear entries for a settled session window
+   */
+  clearSettledEntries(sessionId, windowEnd) {
+    const entries = this.logs.get(sessionId) || [];
+    this.logs.set(
+      sessionId,
+      entries.filter((e) => e.timestamp > windowEnd)
+    );
+    this.merkleRoots.delete(sessionId);
+    console.log(`[Aggregator] Cleared entries for ${sessionId} before ${windowEnd}`);
+  }
+  /**
+   * Get aggregation stats for monitoring
+   */
+  getStats() {
+    let totalEntries = 0;
+    let pendingSettlements = 0;
+    for (const [, entries] of this.logs) {
+      totalEntries += entries.length;
+      if (entries.length >= this.settlementThreshold) {
+        pendingSettlements++;
+      }
+    }
+    return {
+      sessions: this.logs.size,
+      totalEntries,
+      pendingSettlements
+    };
+  }
+  /**
+   * Hash a single usage entry (leaf in the Merkle tree)
+   */
+  hashEntry(entry) {
+    const data = `${entry.sessionId}|${entry.endpoint}|${entry.method}|${entry.timestamp}|${entry.responseSize}|${entry.signature}`;
+    return "0x" + createHash2("sha256").update(data).digest("hex");
+  }
+  /**
+   * Compute Merkle root from leaf hashes
+   */
+  computeMerkleRoot(leaves) {
+    if (leaves.length === 0) return "0x" + "0".repeat(64);
+    if (leaves.length === 1) return leaves[0];
+    while (leaves.length & leaves.length - 1) {
+      leaves.push("0x" + "0".repeat(64));
+    }
+    let currentLevel = leaves;
+    while (currentLevel.length > 1) {
+      const nextLevel = [];
+      for (let i = 0; i < currentLevel.length; i += 2) {
+        const combined = currentLevel[i] + currentLevel[i + 1].slice(2);
+        nextLevel.push("0x" + createHash2("sha256").update(combined).digest("hex"));
+      }
+      currentLevel = nextLevel;
+    }
+    return currentLevel[0];
+  }
+};
+
+// src/services/redis-usage.ts
+import { createClient } from "redis";
+function sessionKey(prefix, sessionId) {
+  return `${prefix}:usage:${sessionId}`;
+}
+function settlementKey(prefix) {
+  return `${prefix}:settlement:latest`;
+}
+var RedisUsageStore = class {
+  config;
+  client;
+  connected = false;
+  constructor(config) {
+    this.config = {
+      keyPrefix: "meap",
+      ttlSeconds: 7 * 24 * 60 * 60,
+      ...config
+    };
+    this.client = createClient({ url: this.config.url });
+    this.client.on("error", (err) => {
+      console.error("[RedisUsageStore] Redis error:", err);
+    });
+  }
+  async connect() {
+    if (this.connected) return;
+    await this.client.connect();
+    this.connected = true;
+  }
+  async appendUsage(entry) {
+    if (!this.connected) {
+      await this.connect();
+    }
+    const key = sessionKey(this.config.keyPrefix, entry.sessionId);
+    await this.client.rPush(key, JSON.stringify(entry));
+    await this.client.expire(key, this.config.ttlSeconds);
+  }
+  async getUsageCount(sessionId) {
+    if (!this.connected) {
+      await this.connect();
+    }
+    return this.client.lLen(sessionKey(this.config.keyPrefix, sessionId));
+  }
+  async getUsageEntries(sessionId, limit = 100) {
+    if (!this.connected) {
+      await this.connect();
+    }
+    const upper = Math.max(0, limit - 1);
+    const values = await this.client.lRange(sessionKey(this.config.keyPrefix, sessionId), 0, upper);
+    return values.map((value) => {
+      try {
+        return JSON.parse(value);
+      } catch {
+        return null;
+      }
+    }).filter((value) => value !== null);
+  }
+  async setLatestSettlementTx(sessionId, txHash) {
+    if (!this.connected) {
+      await this.connect();
+    }
+    await this.client.hSet(settlementKey(this.config.keyPrefix), sessionId, txHash);
+    await this.client.expire(settlementKey(this.config.keyPrefix), this.config.ttlSeconds);
+  }
+  async getLatestSettlementTx(sessionId) {
+    if (!this.connected) {
+      await this.connect();
+    }
+    const txHash = await this.client.hGet(settlementKey(this.config.keyPrefix), sessionId);
+    return txHash ?? null;
+  }
+  async stop() {
+    if (this.connected) {
+      await this.client.quit();
+      this.connected = false;
+    }
+  }
+};
+
+// src/services/proof-orchestrator.ts
+var ProofOrchestrator = class {
+  usageService;
+  config;
+  /**
+   * Nullifiers that have been submitted — prevents double-settlement.
+   * Key: nullifier hash, Value: settlement timestamp
+   */
+  settledNullifiers = /* @__PURE__ */ new Map();
+  /** Active proof jobs indexed by `sessionId:windowEnd` */
+  activeJobs = /* @__PURE__ */ new Map();
+  /** Completed job history (last 200) */
+  jobHistory = [];
+  /** Interval for auto-submit checks */
+  autoCheckInterval = null;
+  constructor(config = {}) {
+    this.usageService = new UsageService(config);
+    this.config = {
+      maxRetries: config.maxRetries ?? 3,
+      retryDelays: config.retryDelays ?? [2e3, 5e3, 15e3],
+      autoSubmitThreshold: config.autoSubmitThreshold ?? 50,
+      windowDurationSeconds: config.windowDurationSeconds ?? 3600
+    };
+  }
+  /**
+   * Records usage and auto-triggers proof+submission when threshold is reached
+   */
+  async recordUsage(sessionId, callData) {
+    await this.usageService.logUsage(sessionId, callData);
+    const count = this.usageService.getUsageCount(sessionId);
+    if (count >= this.config.autoSubmitThreshold) {
+      void this.generateAndSubmit(sessionId).catch(
+        (err) => console.error(
+          `[ProofOrchestrator] Auto-submit failed for ${sessionId}:`,
+          err
+        )
+      );
+    }
+  }
+  /**
+   * Manually triggers proof generation + submission for a session
+   */
+  async generateAndSubmit(sessionId) {
+    const windowEnd = Math.floor(Date.now() / 1e3);
+    const jobKey = `${sessionId}:${windowEnd}`;
+    const existingJob = this.activeJobs.get(jobKey);
+    if (existingJob && existingJob.status !== "failed") {
+      return existingJob;
+    }
+    const job = {
+      sessionId,
+      windowEnd,
+      windowStart: null,
+      callCount: null,
+      settlementAmount: null,
+      status: "pending",
+      attempts: 0,
+      nullifier: null,
+      txHash: null,
+      error: null,
+      createdAt: Date.now(),
+      lastAttemptAt: 0
+    };
+    this.activeJobs.set(jobKey, job);
+    return this.executeJob(job);
+  }
+  /**
+   * Execute a proof job with deterministic retry
+   */
+  async executeJob(job) {
+    const jobKey = `${job.sessionId}:${job.windowEnd}`;
+    for (let attempt = 0; attempt <= this.config.maxRetries; attempt++) {
+      job.attempts = attempt + 1;
+      job.lastAttemptAt = Date.now();
+      if (attempt > 0) {
+        const delay = this.config.retryDelays[attempt - 1] ?? 15e3;
+        console.log(
+          `[ProofOrchestrator] Retry ${attempt}/${this.config.maxRetries} in ${delay}ms for ${job.sessionId}`
+        );
+        await new Promise((resolve) => setTimeout(resolve, delay));
+      }
+      try {
+        job.status = "generating";
+        const { proof, publicInputs } = await this.usageService.generateProof(
+          job.sessionId,
+          job.windowEnd
+        );
+        job.windowStart = Number(publicInputs.windowStart);
+        job.callCount = publicInputs.callCount.toString();
+        const nullifierKey = publicInputs.nullifier;
+        if (this.settledNullifiers.has(nullifierKey)) {
+          console.warn(
+            `[ProofOrchestrator] Nullifier already settled: ${nullifierKey}`
+          );
+          job.status = "settled";
+          job.nullifier = nullifierKey;
+          job.error = "Nullifier already settled (idempotent skip)";
+          this.archiveJob(jobKey, job);
+          return job;
+        }
+        job.status = "submitting";
+        const settlement = await this.usageService.submitProof(
+          proof,
+          publicInputs
+        );
+        job.status = "settled";
+        job.nullifier = nullifierKey;
+        job.txHash = settlement.transactionHash;
+        job.settlementAmount = settlement.settlementAmount.toString();
+        job.error = null;
+        this.settledNullifiers.set(nullifierKey, Date.now());
+        this.usageService.clearLogs(job.sessionId, job.windowEnd);
+        console.log(
+          `[ProofOrchestrator] \u2705 Settled ${job.sessionId} \u2192 ${settlement.transactionHash}`
+        );
+        this.archiveJob(jobKey, job);
+        return job;
+      } catch (err) {
+        job.error = err?.message || String(err);
+        job.status = "failed";
+        console.error(
+          `[ProofOrchestrator] Attempt ${attempt + 1} failed for ${job.sessionId}:`,
+          err?.message
+        );
+      }
+    }
+    console.error(
+      `[ProofOrchestrator] \u274C All ${this.config.maxRetries + 1} attempts failed for ${job.sessionId}`
+    );
+    this.archiveJob(jobKey, job);
+    return job;
+  }
+  /**
+   * Move a job from active to history
+   */
+  archiveJob(jobKey, job) {
+    this.activeJobs.delete(jobKey);
+    this.jobHistory.push({ ...job });
+    if (this.jobHistory.length > 200) {
+      this.jobHistory.splice(0, this.jobHistory.length - 200);
+    }
+  }
+  /**
+   * Start auto-submit monitoring (polls every 30s)
+   */
+  startAutoSubmit() {
+    if (this.autoCheckInterval) return;
+    console.log(
+      `[ProofOrchestrator] Auto-submit started (threshold: ${this.config.autoSubmitThreshold} calls)`
+    );
+    this.autoCheckInterval = setInterval(async () => {
+      try {
+        const sessions = this.usageService.getAllSessions();
+        for (const sessionId of sessions) {
+          const count = this.usageService.getUsageCount(sessionId);
+          if (count >= this.config.autoSubmitThreshold) {
+            const jobKey = Array.from(this.activeJobs.keys()).find(
+              (k) => k.startsWith(`${sessionId}:`)
+            );
+            if (!jobKey) {
+              console.log(
+                `[ProofOrchestrator] Auto-submit triggered for ${sessionId} (${count} calls)`
+              );
+              void this.generateAndSubmit(sessionId).catch(
+                (err) => console.error(
+                  `[ProofOrchestrator] Auto-submit failed for ${sessionId}:`,
+                  err
+                )
+              );
+            }
+          }
+        }
+      } catch (err) {
+        console.error("[ProofOrchestrator] Auto-submit poll error:", err);
+      }
+    }, 3e4);
+    if (typeof this.autoCheckInterval === "object" && "unref" in this.autoCheckInterval) {
+      this.autoCheckInterval.unref();
+    }
+  }
+  /**
+   * Stop auto-submit monitoring
+   */
+  stop() {
+    if (this.autoCheckInterval) {
+      clearInterval(this.autoCheckInterval);
+      this.autoCheckInterval = null;
+    }
+  }
+  /**
+   * Get current active proof jobs
+   */
+  getActiveJobs() {
+    return Array.from(this.activeJobs.values());
+  }
+  /**
+   * Get completed job history
+   */
+  getJobHistory(limit = 50) {
+    return this.jobHistory.slice(-limit).reverse();
+  }
+  /**
+   * Check if a nullifier has already been settled
+   */
+  isNullifierSettled(nullifier) {
+    return this.settledNullifiers.has(nullifier);
+  }
+  /**
+   * Get the underlying UsageService for direct access
+   */
+  getUsageService() {
+    return this.usageService;
+  }
+};
+
+// src/services/transport-axelar.ts
+import {
+  createPublicClient as createPublicClient6,
+  createWalletClient as createWalletClient3,
+  http as http6
+} from "viem";
+import { privateKeyToAccount as privateKeyToAccount3 } from "viem/accounts";
+import { sepolia as sepolia6, baseSepolia as baseSepolia6, base as base6 } from "viem/chains";
+import { DEFAULT_CHAIN_ID as DEFAULT_CHAIN_ID5 } from "@arcenpay/sdk";
+var CHAIN_MAP6 = {
+  11155111: sepolia6,
+  84532: baseSepolia6,
+  8453: base6
+};
+var AXELAR_CHAIN_NAMES = {
+  1: "ethereum",
+  11155111: "ethereum-sepolia",
+  137: "polygon",
+  42161: "arbitrum",
+  10: "optimism",
+  8453: "base",
+  84532: "base-sepolia",
+  43114: "avalanche"
+};
+var AXELAR_GATEWAY_ABI = [
+  {
+    name: "callContract",
+    type: "function",
+    stateMutability: "nonpayable",
+    inputs: [
+      { name: "destinationChain", type: "string" },
+      { name: "contractAddress", type: "string" },
+      { name: "payload", type: "bytes" }
+    ],
+    outputs: []
+  }
+];
+var AXELAR_GAS_SERVICE_ABI = [
+  {
+    name: "payNativeGasForContractCall",
+    type: "function",
+    stateMutability: "payable",
+    inputs: [
+      { name: "sender", type: "address" },
+      { name: "destinationChain", type: "string" },
+      { name: "destinationAddress", type: "string" },
+      { name: "payload", type: "bytes" },
+      { name: "refundAddress", type: "address" }
+    ],
+    outputs: []
+  },
+  {
+    name: "estimateGasFee",
+    type: "function",
+    stateMutability: "view",
+    inputs: [
+      { name: "destinationChain", type: "string" },
+      { name: "destinationAddress", type: "string" },
+      { name: "payload", type: "bytes" }
+    ],
+    outputs: [{ name: "", type: "uint256" }]
+  }
+];
+var AxelarTransport = class {
+  config;
+  chainId;
+  publicClient;
+  walletClient;
+  signerAddress;
+  constructor(config) {
+    this.config = config;
+    this.chainId = config.chainId ?? DEFAULT_CHAIN_ID5;
+    const chain = CHAIN_MAP6[this.chainId] || baseSepolia6;
+    const account = privateKeyToAccount3(config.privateKey);
+    this.signerAddress = account.address;
+    this.publicClient = createPublicClient6({
+      chain,
+      transport: http6(config.rpcUrl)
+    });
+    this.walletClient = createWalletClient3({
+      account,
+      chain,
+      transport: http6(config.rpcUrl)
+    });
+  }
+  /**
+   * Dispatch a cross-chain mirror update via Axelar GMP
+   */
+  async dispatch(destinationChainId, payload, refundAddress, destinationAddressOverride) {
+    const destChainName = AXELAR_CHAIN_NAMES[destinationChainId];
+    if (!destChainName) {
+      throw new Error(
+        `Unsupported destination chain ID: ${destinationChainId}`
+      );
+    }
+    const destAddress = destinationAddressOverride || this.config.mirrorRegistryAddress;
+    let gasEstimate = 0n;
+    try {
+      gasEstimate = await this.publicClient.readContract({
+        address: this.config.gasServiceAddress,
+        abi: AXELAR_GAS_SERVICE_ABI,
+        functionName: "estimateGasFee",
+        args: [destChainName, destAddress, payload]
+      });
+    } catch {
+      gasEstimate = 2000000000000000n;
+    }
+    const gasBudget = gasEstimate * 120n / 100n;
+    const gasPayTx = await this.walletClient.writeContract({
+      address: this.config.gasServiceAddress,
+      abi: AXELAR_GAS_SERVICE_ABI,
+      functionName: "payNativeGasForContractCall",
+      args: [
+        this.signerAddress,
+        destChainName,
+        destAddress,
+        payload,
+        refundAddress
+      ],
+      value: gasBudget
+    });
+    await this.publicClient.waitForTransactionReceipt({ hash: gasPayTx });
+    const dispatchTx = await this.walletClient.writeContract({
+      address: this.config.gatewayAddress,
+      abi: AXELAR_GATEWAY_ABI,
+      functionName: "callContract",
+      args: [destChainName, destAddress, payload]
+    });
+    const receipt = await this.publicClient.waitForTransactionReceipt({
+      hash: dispatchTx
+    });
+    console.log(
+      `[AxelarTransport] \u2705 Dispatched to ${destChainName} \u2192 tx: ${dispatchTx}`
+    );
+    return {
+      transactionHash: dispatchTx,
+      messageId: `axelar-${dispatchTx}`,
+      route: "axelar",
+      destinationChain: destChainName,
+      gasEstimate: gasBudget
+    };
+  }
+  /**
+   * Get the estimated gas cost for a dispatch
+   */
+  async estimateGas(destinationChainId, payload, destinationAddressOverride) {
+    const destChainName = AXELAR_CHAIN_NAMES[destinationChainId];
+    if (!destChainName) return 0n;
+    const destAddress = destinationAddressOverride || this.config.mirrorRegistryAddress;
+    try {
+      return await this.publicClient.readContract({
+        address: this.config.gasServiceAddress,
+        abi: AXELAR_GAS_SERVICE_ABI,
+        functionName: "estimateGasFee",
+        args: [destChainName, destAddress, payload]
+      });
+    } catch {
+      return 2000000000000000n;
+    }
+  }
+  /**
+   * Get signer's gas balance (for alert monitoring)
+   */
+  async getSignerBalance() {
+    return this.publicClient.getBalance({ address: this.signerAddress });
+  }
+};
+
+// src/services/transport-ccip.ts
+import { createPublicClient as createPublicClient7, createWalletClient as createWalletClient4, http as http7 } from "viem";
+import { privateKeyToAccount as privateKeyToAccount4 } from "viem/accounts";
+import { sepolia as sepolia7, baseSepolia as baseSepolia7, base as base7 } from "viem/chains";
+import { DEFAULT_CHAIN_ID as DEFAULT_CHAIN_ID6 } from "@arcenpay/sdk";
+var CHAIN_MAP7 = {
+  11155111: sepolia7,
+  84532: baseSepolia7,
+  8453: base7
+};
+var CCIP_CHAIN_SELECTORS = {
+  1: 5009297550715157269n,
+  // Ethereum Mainnet
+  11155111: 16015286601757825753n,
+  // Sepolia
+  137: 4051577828743386545n,
+  // Polygon
+  42161: 4949039107694359620n,
+  // Arbitrum
+  10: 3734403246176062136n,
+  // Optimism
+  8453: 15971525489660198786n,
+  // Base
+  84532: 10344971235874465080n,
+  // Base Sepolia
+  43114: 6433500567565415381n
+  // Avalanche
+};
+var CCIP_ROUTER_ABI = [
+  {
+    name: "ccipSend",
+    type: "function",
+    stateMutability: "payable",
+    inputs: [
+      { name: "destinationChainSelector", type: "uint64" },
+      {
+        name: "message",
+        type: "tuple",
+        components: [
+          { name: "receiver", type: "bytes" },
+          { name: "data", type: "bytes" },
+          {
+            name: "tokenAmounts",
+            type: "tuple[]",
+            components: [
+              { name: "token", type: "address" },
+              { name: "amount", type: "uint256" }
+            ]
+          },
+          { name: "feeToken", type: "address" },
+          { name: "extraArgs", type: "bytes" }
+        ]
+      }
+    ],
+    outputs: [{ name: "messageId", type: "bytes32" }]
+  },
+  {
+    name: "getFee",
+    type: "function",
+    stateMutability: "view",
+    inputs: [
+      { name: "destinationChainSelector", type: "uint64" },
+      {
+        name: "message",
+        type: "tuple",
+        components: [
+          { name: "receiver", type: "bytes" },
+          { name: "data", type: "bytes" },
+          {
+            name: "tokenAmounts",
+            type: "tuple[]",
+            components: [
+              { name: "token", type: "address" },
+              { name: "amount", type: "uint256" }
+            ]
+          },
+          { name: "feeToken", type: "address" },
+          { name: "extraArgs", type: "bytes" }
+        ]
+      }
+    ],
+    outputs: [{ name: "fee", type: "uint256" }]
+  }
+];
+var CCIPTransport = class {
+  config;
+  chainId;
+  publicClient;
+  walletClient;
+  signerAddress;
+  gasLimit;
+  constructor(config) {
+    this.config = config;
+    this.chainId = config.chainId ?? DEFAULT_CHAIN_ID6;
+    this.gasLimit = config.gasLimit || 200000n;
+    const chain = CHAIN_MAP7[this.chainId] || baseSepolia7;
+    const account = privateKeyToAccount4(config.privateKey);
+    this.signerAddress = account.address;
+    this.publicClient = createPublicClient7({
+      chain,
+      transport: http7(config.rpcUrl)
+    });
+    this.walletClient = createWalletClient4({
+      account,
+      chain,
+      transport: http7(config.rpcUrl)
+    });
+  }
+  /**
+   * Dispatch a cross-chain mirror update via Chainlink CCIP
+   */
+  async dispatch(destinationChainId, payload, refundAddress, destinationAddressOverride) {
+    const destSelector = CCIP_CHAIN_SELECTORS[destinationChainId];
+    if (!destSelector) {
+      throw new Error(
+        `Unsupported CCIP destination chain ID: ${destinationChainId}`
+      );
+    }
+    const message = this.buildMessage(payload, destinationAddressOverride);
+    let fee = 0n;
+    try {
+      fee = await this.publicClient.readContract({
+        address: this.config.routerAddress,
+        abi: CCIP_ROUTER_ABI,
+        functionName: "getFee",
+        args: [destSelector, message]
+      });
+    } catch {
+      fee = 5000000000000000n;
+    }
+    const feeBudget = fee * 115n / 100n;
+    const txHash = await this.walletClient.writeContract({
+      address: this.config.routerAddress,
+      abi: CCIP_ROUTER_ABI,
+      functionName: "ccipSend",
+      args: [destSelector, message],
+      value: feeBudget
+    });
+    const receipt = await this.publicClient.waitForTransactionReceipt({
+      hash: txHash
+    });
+    console.log(
+      `[CCIPTransport] \u2705 Dispatched to selector ${destSelector} \u2192 tx: ${txHash}`
+    );
+    return {
+      transactionHash: txHash,
+      messageId: `ccip-${txHash}`,
+      route: "ccip",
+      destinationChainSelector: destSelector,
+      fee: feeBudget
+    };
+  }
+  /**
+   * Build a CCIP EVM2AnyMessage
+   */
+  buildMessage(payload, destinationAddressOverride) {
+    const extraArgs = `0x97a657c9${this.gasLimit.toString(16).padStart(64, "0")}`;
+    return {
+      receiver: destinationAddressOverride || this.config.mirrorRegistryAddress,
+      data: payload,
+      tokenAmounts: [],
+      feeToken: "0x0000000000000000000000000000000000000000",
+      // Native gas
+      extraArgs
+    };
+  }
+  /**
+   * Estimate the CCIP fee for a dispatch
+   */
+  async estimateFee(destinationChainId, payload, destinationAddressOverride) {
+    const destSelector = CCIP_CHAIN_SELECTORS[destinationChainId];
+    if (!destSelector) return 0n;
+    try {
+      return await this.publicClient.readContract({
+        address: this.config.routerAddress,
+        abi: CCIP_ROUTER_ABI,
+        functionName: "getFee",
+        args: [destSelector, this.buildMessage(payload, destinationAddressOverride)]
+      });
+    } catch {
+      return 5000000000000000n;
+    }
+  }
+  /**
+   * Get signer's gas balance (for alert monitoring)
+   */
+  async getSignerBalance() {
+    return this.publicClient.getBalance({ address: this.signerAddress });
+  }
+};
+
+// src/services/keeper.ts
+import { createPublicClient as createPublicClient8, createWalletClient as createWalletClient5, http as http8 } from "viem";
+import { privateKeyToAccount as privateKeyToAccount5 } from "viem/accounts";
+import { sepolia as sepolia8, baseSepolia as baseSepolia8, base as base8 } from "viem/chains";
+import {
+  DEFAULT_CHAIN_ID as DEFAULT_CHAIN_ID7,
+  SubscriptionRegistryABI,
+  ERC7579AutopayModuleABI,
+  getContractAddresses as getContractAddresses5
+} from "@arcenpay/sdk";
+var CHAIN_MAP8 = {
+  11155111: sepolia8,
+  84532: baseSepolia8,
+  8453: base8
+};
+var BillingKeeper = class {
+  chainId;
+  publicClient;
+  walletClient;
+  signerAddress;
+  intervalMs;
+  batchSize;
+  renewalBufferSeconds;
+  registryAddress;
+  autopayModuleAddress;
+  pollTimer = null;
+  processing = false;
+  renewalLog = [];
+  callbacks = [];
+  constructor(config) {
+    this.chainId = config.chainId ?? DEFAULT_CHAIN_ID7;
+    const chain = CHAIN_MAP8[this.chainId] || baseSepolia8;
+    const contracts = getContractAddresses5(this.chainId);
+    this.registryAddress = contracts.subscriptionRegistry;
+    this.autopayModuleAddress = contracts.autopayModule;
+    this.intervalMs = config.intervalMs || 6e4;
+    this.batchSize = config.batchSize || 20;
+    this.renewalBufferSeconds = config.renewalBufferSeconds || 86400;
+    const account = privateKeyToAccount5(config.privateKey);
+    this.signerAddress = account.address;
+    this.publicClient = createPublicClient8({
+      chain,
+      transport: http8(config.rpcUrl)
+    });
+    this.walletClient = createWalletClient5({
+      account,
+      chain,
+      transport: http8(config.rpcUrl)
+    });
+  }
+  /**
+   * Register a callback for renewal events
+   */
+  onRenewal(callback) {
+    this.callbacks.push(callback);
+    return () => {
+      this.callbacks = this.callbacks.filter((cb) => cb !== callback);
+    };
+  }
+  /**
+   * Start the keeper polling loop
+   */
+  start() {
+    if (this.pollTimer) return;
+    console.log(
+      `[BillingKeeper] Started \u2014 polling every ${this.intervalMs / 1e3}s, renewal buffer ${this.renewalBufferSeconds}s, batch size ${this.batchSize}`
+    );
+    void this.poll();
+    this.pollTimer = setInterval(() => {
+      void this.poll();
+    }, this.intervalMs);
+  }
+  /**
+   * Stop the keeper
+   */
+  stop() {
+    if (this.pollTimer) {
+      clearInterval(this.pollTimer);
+      this.pollTimer = null;
+    }
+    console.log("[BillingKeeper] Stopped");
+  }
+  /**
+   * Get renewal history
+   */
+  getRenewalLog(limit = 50) {
+    return this.renewalLog.slice(-limit).reverse();
+  }
+  /**
+   * Get keeper stats
+   */
+  getStats() {
+    const successful = this.renewalLog.filter((r) => r.success).length;
+    return {
+      running: this.pollTimer !== null,
+      totalRenewals: this.renewalLog.length,
+      successfulRenewals: successful,
+      failedRenewals: this.renewalLog.length - successful
+    };
+  }
+  /**
+   * Poll for subscriptions needing renewal
+   */
+  async poll() {
+    if (this.processing) return;
+    this.processing = true;
+    try {
+      const now = Math.floor(Date.now() / 1e3);
+      const renewalDeadline = now + this.renewalBufferSeconds;
+      const expiringTokenIds = await this.findExpiringSubscriptions(
+        BigInt(now),
+        BigInt(renewalDeadline)
+      );
+      if (expiringTokenIds.length === 0) {
+        this.processing = false;
+        return;
+      }
+      console.log(
+        `[BillingKeeper] Found ${expiringTokenIds.length} subscriptions nearing expiry`
+      );
+      const batch = expiringTokenIds.slice(0, this.batchSize);
+      for (const tokenId of batch) {
+        await this.processRenewal(tokenId);
+      }
+    } catch (err) {
+      console.error("[BillingKeeper] Poll error:", err);
+    } finally {
+      this.processing = false;
+    }
+  }
+  /**
+   * Find subscriptions expiring between now and the renewal deadline
+   */
+  async findExpiringSubscriptions(now, deadline) {
+    try {
+      const totalSupply = await this.publicClient.readContract({
+        address: this.registryAddress,
+        abi: SubscriptionRegistryABI,
+        functionName: "totalSupply"
+      });
+      const tokenIds = [];
+      for (let index = 0n; index < totalSupply; index += 1n) {
+        try {
+          const tokenId = await this.publicClient.readContract({
+            address: this.registryAddress,
+            abi: SubscriptionRegistryABI,
+            functionName: "tokenByIndex",
+            args: [index]
+          });
+          const expiresAt = await this.publicClient.readContract({
+            address: this.registryAddress,
+            abi: SubscriptionRegistryABI,
+            functionName: "expiresAt",
+            args: [tokenId]
+          });
+          if (expiresAt > now && expiresAt <= deadline) {
+            tokenIds.push(tokenId);
+          }
+        } catch (err) {
+          console.warn(
+            `[BillingKeeper] Skipping token index ${index.toString()} while scanning expiring subscriptions:`,
+            err
+          );
+        }
+      }
+      return tokenIds;
+    } catch (err) {
+      console.error("[BillingKeeper] Error finding expiring subscriptions:", err);
+      return [];
+    }
+  }
+  /**
+   * Process a single subscription renewal
+   */
+  async processRenewal(tokenId) {
+    try {
+      const subscriber = await this.publicClient.readContract({
+        address: this.registryAddress,
+        abi: SubscriptionRegistryABI,
+        functionName: "ownerOf",
+        args: [tokenId]
+      });
+      const isInstalled = await this.checkAutopayInstalled(subscriber);
+      if (!isInstalled) {
+        console.log(
+          `[BillingKeeper] Skipping tokenId=${tokenId} \u2014 no AutopayModule installed`
+        );
+        return;
+      }
+      const config = await this.publicClient.readContract({
+        address: this.autopayModuleAddress,
+        abi: ERC7579AutopayModuleABI,
+        functionName: "getConfig",
+        args: [subscriber]
+      });
+      const merchant = String(config?.merchant ?? config?.[0] ?? "").toLowerCase();
+      const amount = BigInt(config?.maxAmount ?? config?.[1] ?? 0);
+      if (amount <= 0n) {
+        console.log(
+          `[BillingKeeper] Skipping tokenId=${tokenId} \u2014 autopay maxAmount is not configured`
+        );
+        return;
+      }
+      if (merchant !== this.signerAddress.toLowerCase()) {
+        throw new Error(
+          `Keeper signer ${this.signerAddress} does not match autopay merchant ${merchant || "unknown"}. Renewals must be executed by the configured merchant wallet.`
+        );
+      }
+      const txHash = await this.walletClient.writeContract({
+        address: this.autopayModuleAddress,
+        abi: ERC7579AutopayModuleABI,
+        functionName: "execute",
+        args: [subscriber, amount]
+      });
+      await this.publicClient.waitForTransactionReceipt({ hash: txHash });
+      const result = {
+        tokenId,
+        subscriber,
+        txHash,
+        success: true
+      };
+      this.logRenewal(result);
+      console.log(
+        `[BillingKeeper] \u2705 Renewed tokenId=${tokenId} for ${subscriber} \u2014 tx: ${txHash}`
+      );
+    } catch (err) {
+      const result = {
+        tokenId,
+        subscriber: "unknown",
+        txHash: "0x",
+        success: false,
+        error: err?.message || String(err)
+      };
+      this.logRenewal(result);
+      console.error(
+        `[BillingKeeper] \u274C Failed to renew tokenId=${tokenId}:`,
+        err?.message
+      );
+    }
+  }
+  /**
+   * Check if AutopayModule is installed for a subscriber
+   */
+  async checkAutopayInstalled(subscriber) {
+    try {
+      const config = await this.publicClient.readContract({
+        address: this.autopayModuleAddress,
+        abi: ERC7579AutopayModuleABI,
+        functionName: "getConfig",
+        args: [subscriber]
+      });
+      const maxAmount = BigInt(config?.maxAmount ?? config?.[0] ?? 0);
+      return maxAmount > 0n;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Log a renewal result
+   */
+  logRenewal(result) {
+    this.renewalLog.push(result);
+    if (this.renewalLog.length > 1e3) {
+      this.renewalLog = this.renewalLog.slice(-500);
+    }
+    for (const cb of this.callbacks) {
+      try {
+        cb(result);
+      } catch (err) {
+        console.error("[BillingKeeper] Callback error:", err);
+      }
+    }
+  }
+};
+
+// src/index.ts
+init_nonce_store();
+
+// src/services/event-contracts.ts
+var PROTOCOL_EVENT_SCHEMA_VERSION = "2026-03-09.1";
+function normalizePart(value) {
+  return value.trim().replace(/\s+/g, "_").replace(/[:/]/g, "-");
+}
+function buildEventIdempotencyKey(name, uniqueParts) {
+  const suffix = uniqueParts.map((part) => normalizePart(String(part))).filter(Boolean).join(":");
+  return suffix ? `${name}:${suffix}` : name;
+}
+function createProtocolEvent(name, payload, options) {
+  const occurred = options.occurredAt instanceof Date ? options.occurredAt.toISOString() : typeof options.occurredAt === "number" ? new Date(options.occurredAt).toISOString() : options.occurredAt || (/* @__PURE__ */ new Date()).toISOString();
+  return {
+    schemaVersion: PROTOCOL_EVENT_SCHEMA_VERSION,
+    name,
+    source: options.source,
+    idempotencyKey: options.idempotencyKey,
+    chainId: options.chainId,
+    occurredAt: occurred,
+    payload
+  };
+}
+function mapProtocolEventToBillingType(name) {
+  switch (name) {
+    case "subscription.minted":
+      return "SUBSCRIPTION_MINTED";
+    case "subscription.renewed":
+      return "SUBSCRIPTION_RENEWED";
+    case "subscription.renewal_failed":
+      return "PAYMENT_FAILED";
+    case "subscription.cancelled":
+      return "SUBSCRIPTION_CANCELLED";
+    default:
+      throw new Error(
+        `[mapProtocolEventToBillingType] Unsupported event name for billing bridge: ${name}`
+      );
+  }
+}
+export {
+  AggregatorService,
+  ArcenApiError,
+  ArcenClient,
+  AxelarTransport,
+  BillingKeeper,
+  CCIPTransport,
+  EmailService,
+  EventListenerService,
+  InMemoryNonceStore,
+  LitProtocolService,
+  PROTOCOL_EVENT_SCHEMA_VERSION,
+  ProofOrchestrator,
+  RedisNonceStore,
+  RedisUsageStore,
+  SettlementService,
+  SettlementWriterService,
+  TablelandService,
+  UsageProofError,
+  UsageProofErrorCodes,
+  UsageService,
+  WebhookService,
+  buildEventIdempotencyKey,
+  createProtocolEvent,
+  mapProtocolEventToBillingType,
+  verifyWebhookSignature,
+  x402Middleware
+};