@blockrun/franklin 3.13.0 → 3.14.0

package/dist/agent/context.js

@@ -213,11 +213,11 @@ You run on the BlockRun AI Gateway. When the user asks you to "test the BlockRun
 - Use the **\`JupiterQuote\` and \`JupiterSwap\` built-in tools** — they call Jupiter's Ultra API directly from this process. The user is the first-party caller of Jupiter; we are not a gateway proxy here. A 20 bps platform fee is collected on-chain as part of the swap (Jupiter Referral Program — official integrator mechanism, not a hidden cost).
 - Do NOT try to call \`/v1/jupiter/...\` on the BlockRun gateway — there is no such endpoint (Jupiter ToU forbids the gateway-proxy model).
 
-**Base DEX swap (0x V2 Permit2)**
-- Use the **\`Base0xQuote\` and \`Base0xSwap\` built-in tools** for swaps on Base (chain id 8453). Mirrors Jupiter's local-call posture: 0x's API is hit directly, the user signs the Permit2 EIP-712 with their Base keypair, the tx settles on Base RPC. 0x's official affiliate program embeds 20 bps in the sell-token automatically (BlockRun affiliate, on-chain).
+**Base DEX swap (0x V2 Permit2 via BlockRun gateway)**
+- Use the **\`Base0xQuote\` and \`Base0xSwap\` built-in tools** for swaps on Base (chain id 8453). Tools route through BlockRun gateway \`/v1/zerox/{price,quote}\` (server-side 0x key, x402-paid). User pays $0.001 USDC per quote/swap call to the gateway; on-chain affiliate (20 bps in the sell-token) flows automatically to BlockRun treasury at swap settlement. **No 0x signup needed** — BlockRun manages the upstream key.
 - Symbol shortcuts pre-mapped: ETH (native), WETH, USDC, USDT, CBBTC, CBETH, AERO, DAI. Raw \`0x...\` addresses pass through.
-- **Each Franklin user supplies their OWN \`ZERO_EX_API_KEY\`** (free, no credit card, 10 req/s — sign up at https://dashboard.0x.org). The affiliate cut routes to BlockRun via the swap query params regardless of whose API key is making the call. If the swap tool errors with the env-var message, repeat the URL to the user — do not try to set the env yourself or invent a key.
 - For native ETH → token: no Permit2 approval needed (native value path). For ERC-20 → token: first-time-per-token Permit2 approval auto-runs before the swap (one-time gas cost; future swaps of the same sell-token reuse it).
+- The user signs Permit2 typed data locally with their Base keypair; the signed transaction is submitted to a Base RPC (default public mainnet-beta) — BlockRun never custodies keys.
 
 **Sandbox (POST, x402-paid)**
 - \`/v1/modal/{...path}\` — Modal GPU sandbox passthrough (create/exec/etc.).

package/dist/commands/config.d.ts

@@ -9,6 +9,10 @@ export interface AppConfig {
     'auto-compact'?: string;
     'session-save'?: string;
     'debug'?: string;
+    /** 0x V2 Swap API key for Base swaps. Free at https://dashboard.0x.org. Each user supplies their own; the on-chain affiliate fee routes to BlockRun regardless. */
+    'zerox-api-key'?: string;
+    /** Optional Base RPC URL override (Alchemy, QuickNode public, etc.). Defaults to https://mainnet.base.org. */
+    'base-rpc-url'?: string;
 }
 export declare function loadConfig(): AppConfig;
 export declare function configCommand(action: string, keyOrUndefined?: string, value?: string): void;

package/dist/commands/config.js

@@ -15,6 +15,8 @@ const VALID_KEYS = [
     'auto-compact',
     'session-save',
     'debug',
+    'zerox-api-key',
+    'base-rpc-url',
 ];
 export function loadConfig() {
     try {

package/dist/tools/zerox-base.js

@@ -24,22 +24,32 @@
 import { createWalletClient, http, publicActions, concat, numberToHex, size, parseUnits, formatUnits, maxUint256, erc20Abi, getContract, } from 'viem';
 import { privateKeyToAccount } from 'viem/accounts';
 import { base } from 'viem/chains';
-import { getOrCreateWallet } from '@blockrun/llm';
+import { getOrCreateWallet, createPaymentPayload, createSolanaPaymentPayload, parsePaymentRequired, extractPaymentDetails, getOrCreateSolanaWallet, solanaKeyToBytes, SOLANA_NETWORK, } from '@blockrun/llm';
+import { loadConfig } from '../commands/config.js';
+import { loadChain, API_URLS, VERSION } from '../config.js';
 // ─── BlockRun affiliate identity on Base ─────────────────────────────────
 // Reuses the existing BlockRun ops wallet that already receives x402
 // settlements on Base. Every swap routed through these tools deposits 20
 // bps of the sell-token amount into this address at settlement.
 const BLOCKRUN_BASE_AFFILIATE = '0xe9030014F5DAe217d0A152f02A043567b16c1aBf';
 const BLOCKRUN_AFFILIATE_FEE_BPS = 20; // 0.2% — matches Jupiter Ultra path.
-// ─── 0x API endpoints ─────────────────────────────────────────────────────
-const ZEROX_BASE = 'https://api.0x.org/swap/permit2';
-const ZEROX_VERSION = 'v2';
-const ZEROX_TIMEOUT_MS = 20_000;
+// ─── BlockRun gateway path for 0x ────────────────────────────────────────
+// As of v3.14.0 we route through the BlockRun gateway (server-side 0x key),
+// not directly to api.0x.org. User pays $0.001 via x402 per gateway call;
+// affiliate 20 bps is force-set server-side and lands on-chain in the same
+// BlockRun treasury that already collects x402 settlements.
+const ZEROX_GATEWAY_PATH = '/v1/zerox';
+const ZEROX_TIMEOUT_MS = 30_000;
 // ─── Default Base RPC ────────────────────────────────────────────────────
-// Public Base mainnet endpoint. Override via BASE_RPC_URL env (Alchemy,
-// QuickNode public, etc.). The user-facing call is the swap submission;
-// quote fetches are off-chain.
+// Public Base mainnet endpoint. Override via BASE_RPC_URL env or
+// `franklin config set base-rpc-url <url>` (Alchemy, QuickNode public, etc.).
+// The user-facing call is the swap submission; quote fetches are off-chain.
 const DEFAULT_BASE_RPC = 'https://mainnet.base.org';
+function resolveBaseRpcUrl() {
+    return (process.env.BASE_RPC_URL ||
+        loadConfig()['base-rpc-url'] ||
+        DEFAULT_BASE_RPC);
+}
 // ─── Session safety: cumulative live-swap counter ─────────────────────────
 const DEFAULT_LIVE_SWAP_CAP = 10;
 const liveSwapCap = (() => {
@@ -130,59 +140,110 @@ async function loadEvmWallet() {
     return { account, address: raw.address };
 }
 function makeClient(account) {
-    const rpcUrl = process.env.BASE_RPC_URL || DEFAULT_BASE_RPC;
     return createWalletClient({
         account,
         chain: base,
-        transport: http(rpcUrl),
+        transport: http(resolveBaseRpcUrl()),
     }).extend(publicActions);
 }
-function zeroxHeaders() {
-    const apiKey = process.env.ZERO_EX_API_KEY;
-    if (!apiKey) {
-        throw new Error("Base swaps need a 0x API key. Each Franklin user sets their own (free, no credit card): " +
-            "1) Sign up at https://dashboard.0x.org · " +
-            "2) Copy the API key from the Demo App or your own app · " +
-            "3) Run `ZERO_EX_API_KEY=zx_... franklin` (or add it to ~/.zshrc / ~/.bashrc). " +
-            "BlockRun does NOT need a 0x account — the affiliate fee routes to BlockRun's wallet regardless of whose key is making the call.");
-    }
-    return {
-        'Content-Type': 'application/json',
-        '0x-api-key': apiKey,
-        '0x-version': ZEROX_VERSION,
+// ─── 0x calls via BlockRun gateway (x402-paid) ───────────────────────────
+async function gatewayGetWithPayment(path, params, ctx) {
+    const chain = loadChain();
+    const apiUrl = API_URLS[chain];
+    const endpoint = `${apiUrl}${ZEROX_GATEWAY_PATH}/${path}?${params.toString()}`;
+    const headers = {
+        Accept: 'application/json',
+        'User-Agent': `franklin/${VERSION}`,
     };
-}
-// ─── 0x API calls ────────────────────────────────────────────────────────
-async function zeroxFetch(path, params) {
-    const url = `${ZEROX_BASE}/${path}?${params.toString()}`;
     const controller = new AbortController();
     const timer = setTimeout(() => controller.abort(), ZEROX_TIMEOUT_MS);
+    const onAbort = () => controller.abort();
+    ctx.abortSignal.addEventListener('abort', onAbort, { once: true });
     try {
-        const res = await fetch(url, { headers: zeroxHeaders(), signal: controller.signal });
-        if (!res.ok) {
-            const text = await res.text();
-            throw new Error(`0x ${path} returned ${res.status}: ${text.slice(0, 300)}`);
+        let response = await fetch(endpoint, {
+            method: 'GET',
+            headers,
+            signal: controller.signal,
+        });
+        if (response.status === 402) {
+            const paymentHeaders = await signGatewayPayment(response, chain, endpoint);
+            if (!paymentHeaders) {
+                throw new Error('Payment signing failed — check wallet balance');
+            }
+            response = await fetch(endpoint, {
+                method: 'GET',
+                headers: { ...headers, ...paymentHeaders },
+                signal: controller.signal,
+            });
+        }
+        if (!response.ok) {
+            const text = await response.text().catch(() => '');
+            throw new Error(`BlockRun gateway /v1/zerox/${path} returned ${response.status}: ${text.slice(0, 300)}`);
         }
-        return (await res.json());
+        return (await response.json());
     }
     finally {
         clearTimeout(timer);
+        ctx.abortSignal.removeEventListener('abort', onAbort);
+    }
+}
+async function signGatewayPayment(response, chain, endpoint) {
+    try {
+        let header = response.headers.get('payment-required');
+        if (!header) {
+            try {
+                const body = (await response.json());
+                if (body.x402 || body.accepts)
+                    header = btoa(JSON.stringify(body));
+            }
+            catch {
+                /* ignore */
+            }
+        }
+        if (!header)
+            return null;
+        if (chain === 'solana') {
+            const wallet = await getOrCreateSolanaWallet();
+            const paymentRequired = parsePaymentRequired(header);
+            const details = extractPaymentDetails(paymentRequired, SOLANA_NETWORK);
+            const secretBytes = await solanaKeyToBytes(wallet.privateKey);
+            const feePayer = details.extra?.feePayer || details.recipient;
+            const payload = await createSolanaPaymentPayload(secretBytes, wallet.address, details.recipient, details.amount, feePayer, {
+                resourceUrl: details.resource?.url || endpoint,
+                resourceDescription: details.resource?.description || 'Franklin 0x swap call',
+                maxTimeoutSeconds: details.maxTimeoutSeconds || 60,
+                extra: details.extra,
+            });
+            return { 'PAYMENT-SIGNATURE': payload };
+        }
+        const wallet = await getOrCreateWallet();
+        const paymentRequired = parsePaymentRequired(header);
+        const details = extractPaymentDetails(paymentRequired);
+        const payload = await createPaymentPayload(wallet.privateKey, wallet.address, details.recipient, details.amount, details.network || 'eip155:8453', {
+            resourceUrl: details.resource?.url || endpoint,
+            resourceDescription: details.resource?.description || 'Franklin 0x swap call',
+            maxTimeoutSeconds: details.maxTimeoutSeconds || 60,
+            extra: details.extra,
+        });
+        return { 'PAYMENT-SIGNATURE': payload };
+    }
+    catch (err) {
+        console.error(`[franklin] 0x gateway payment error: ${err.message}`);
+        return null;
     }
 }
 function buildSwapParams(args) {
-    const p = new URLSearchParams({
+    // Affiliate params (swapFeeRecipient/Bps/Token) are NOT set here —
+    // the BlockRun gateway forces them server-side, ensuring every
+    // gateway-routed swap pays affiliate to BlockRun treasury regardless
+    // of what the agent passes. See blockrun/src/lib/zerox.ts:proxyToZerox.
+    return new URLSearchParams({
         chainId: String(base.id),
         sellToken: args.sellTokenAddr,
         buyToken: args.buyTokenAddr,
         sellAmount: args.sellAmountAtomic,
         taker: args.taker,
     });
-    if (args.feeRecipient && args.feeBps && args.feeBps > 0 && args.feeToken) {
-        p.set('swapFeeRecipient', args.feeRecipient);
-        p.set('swapFeeBps', String(args.feeBps));
-        p.set('swapFeeToken', args.feeToken);
-    }
-    return p;
 }
 // ─── Formatting ──────────────────────────────────────────────────────────
 function formatQuoteText(q) {
@@ -210,7 +271,7 @@ function formatQuoteText(q) {
     return lines.join('\n');
 }
 // ─── Quote (read-only) ───────────────────────────────────────────────────
-async function executeBase0xQuote(input) {
+async function executeBase0xQuote(input, ctx) {
     let walletAddress;
     try {
         const wallet = await loadEvmWallet();
@@ -231,14 +292,9 @@ async function executeBase0xQuote(input) {
         buyTokenAddr,
         sellAmountAtomic: sellAmount,
         taker: walletAddress,
-        feeRecipient: BLOCKRUN_BASE_AFFILIATE,
-        feeBps: BLOCKRUN_AFFILIATE_FEE_BPS,
-        // Take the fee in the sell token so it's deterministic and doesn't
-        // depend on the output token having an existing recipient ATA / balance.
-        feeToken: sellTokenAddr,
     });
     try {
-        const price = await zeroxFetch('price', params);
+        const price = await gatewayGetWithPayment('price', params, ctx);
         if (!price.liquidityAvailable && price.liquidityAvailable !== undefined) {
             return {
                 output: `0x reports no liquidity for ${symbolFor(sellTokenAddr)} → ${symbolFor(buyTokenAddr)} on Base.`,
@@ -248,7 +304,7 @@ async function executeBase0xQuote(input) {
         return { output: formatQuoteText(price) };
     }
     catch (err) {
-        return { output: `0x /price failed: ${err instanceof Error ? err.message : String(err)}`, isError: true };
+        return { output: `BlockRun gateway 0x /price failed: ${err instanceof Error ? err.message : String(err)}`, isError: true };
     }
 }
 // ─── Swap (full execute) ─────────────────────────────────────────────────
@@ -281,18 +337,16 @@ async function executeBase0xSwap(input, ctx) {
         buyTokenAddr,
         sellAmountAtomic: sellAmount,
         taker: wallet.address,
-        feeRecipient: BLOCKRUN_BASE_AFFILIATE,
-        feeBps: BLOCKRUN_AFFILIATE_FEE_BPS,
-        feeToken: sellTokenAddr,
     });
-    // Step 1 — fetch the firm quote (returns tx + permit2.eip712 to sign).
+    // Step 1 — fetch the firm quote via BlockRun gateway (x402-paid).
+    // Gateway forces affiliate params server-side; user pays $0.001 USDC.
     let quote;
     try {
-        quote = await zeroxFetch('quote', params);
+        quote = await gatewayGetWithPayment('quote', params, ctx);
     }
     catch (err) {
         return {
-            output: `0x /quote failed: ${err instanceof Error ? err.message : String(err)}`,
+            output: `BlockRun gateway 0x /quote failed: ${err instanceof Error ? err.message : String(err)}`,
             isError: true,
         };
     }
@@ -444,15 +498,15 @@ export const base0xQuoteCapability = {
             properties: COMMON_INPUT_PROPERTIES,
         },
     },
-    execute: async (input) => {
-        return executeBase0xQuote(input);
+    execute: async (input, ctx) => {
+        return executeBase0xQuote(input, ctx);
     },
     concurrent: true,
 };
 export const base0xSwapCapability = {
     spec: {
         name: 'Base0xSwap',
-        description: "Execute a Base DEX swap via 0x V2 (Permit2). Quotes the order, asks the user to confirm, signs locally with the Franklin Base wallet, and submits via Base RPC. A 20 bps affiliate fee in the sell-token is collected on-chain by 0x as part of the swap (BlockRun affiliate program — official 0x integrator mechanism). Returns the BaseScan transaction link. Requires ZERO_EX_API_KEY env var (free at dashboard.0x.org).",
+        description: "Execute a Base DEX swap via 0x V2 (Permit2). Quotes through BlockRun gateway (x402-paid, server-side 0x key — no user setup needed), asks the user to confirm, signs locally with the Franklin Base wallet, and submits via Base RPC. A 20 bps affiliate fee in the sell-token is collected on-chain by 0x as part of the swap (BlockRun affiliate program — official 0x integrator mechanism). Returns the BaseScan transaction link.",
         input_schema: {
             type: 'object',
             required: ['sell_token', 'buy_token', 'sell_amount'],

package/dist/tools/zerox-gasless.d.ts

@@ -0,0 +1,21 @@
+/**
+ * 0x Gasless API V2 — Franklin built-in tool for Base swaps WITHOUT user gas.
+ *
+ * UX win over Base0xSwap (Permit2): the user signs only EIP-712 typed-data
+ * (no on-chain approval, no on-chain swap submission). 0x's relayer
+ * broadcasts the trade and pays gas; the user pays nothing in ETH and only
+ * needs to hold the input token (USDC, DAI, or other Permit-supporting
+ * ERC-20).
+ *
+ * For tokens that don't support Permit (USDT etc.) we error out and tell
+ * the user to either use Base0xSwap (which can do a one-time approve+swap
+ * with ETH gas) or swap from a Permit-supporting token instead.
+ *
+ * Routes through BlockRun gateway (/v1/zerox/gasless/{price,quote,submit,status})
+ * — server holds the 0x API key, no user setup needed. On-chain affiliate
+ * (20 bps) is force-set at quote time on the gateway side.
+ *
+ * Reference: https://github.com/0xProject/0x-examples/tree/main/gasless-v2-headless-example
+ */
+import type { CapabilityHandler } from '../agent/types.js';
+export declare const base0xGaslessSwapCapability: CapabilityHandler;

package/dist/tools/zerox-gasless.js

@@ -0,0 +1,460 @@
+/**
+ * 0x Gasless API V2 — Franklin built-in tool for Base swaps WITHOUT user gas.
+ *
+ * UX win over Base0xSwap (Permit2): the user signs only EIP-712 typed-data
+ * (no on-chain approval, no on-chain swap submission). 0x's relayer
+ * broadcasts the trade and pays gas; the user pays nothing in ETH and only
+ * needs to hold the input token (USDC, DAI, or other Permit-supporting
+ * ERC-20).
+ *
+ * For tokens that don't support Permit (USDT etc.) we error out and tell
+ * the user to either use Base0xSwap (which can do a one-time approve+swap
+ * with ETH gas) or swap from a Permit-supporting token instead.
+ *
+ * Routes through BlockRun gateway (/v1/zerox/gasless/{price,quote,submit,status})
+ * — server holds the 0x API key, no user setup needed. On-chain affiliate
+ * (20 bps) is force-set at quote time on the gateway side.
+ *
+ * Reference: https://github.com/0xProject/0x-examples/tree/main/gasless-v2-headless-example
+ */
+import { parseUnits, formatUnits, } from 'viem';
+import { privateKeyToAccount } from 'viem/accounts';
+import { base } from 'viem/chains';
+import { createWalletClient, http, publicActions } from 'viem';
+import { getOrCreateWallet } from '@blockrun/llm';
+import { loadConfig } from '../commands/config.js';
+import { loadChain, API_URLS, VERSION } from '../config.js';
+// ─── Constants ────────────────────────────────────────────────────────────
+const ZEROX_GATEWAY_PATH = '/v1/zerox/gasless';
+const QUOTE_TIMEOUT_MS = 30_000;
+const SUBMIT_TIMEOUT_MS = 30_000;
+const STATUS_TIMEOUT_MS = 10_000;
+const MAX_STATUS_POLL_MS = 60_000; // hard ceiling on confirmation wait
+const STATUS_POLL_INTERVAL_MS = 3_000;
+// 0x SignatureType.EIP712 = 2 (per @0x/utils/signature.ts)
+const SIGNATURE_TYPE_EIP712 = 2;
+// Session safety guards — same pattern as zerox-base.ts
+const DEFAULT_LIVE_SWAP_CAP = 10;
+const liveSwapCap = (() => {
+    const raw = process.env.FRANKLIN_LIVE_SWAP_CAP;
+    if (!raw)
+        return DEFAULT_LIVE_SWAP_CAP;
+    const n = Number(raw);
+    if (!Number.isFinite(n))
+        return DEFAULT_LIVE_SWAP_CAP;
+    if (n <= 0)
+        return Infinity;
+    return Math.floor(n);
+})();
+let liveSwapCount = 0;
+const DEFAULT_LARGE_SWAP_USD = 20;
+const largeSwapThresholdUsd = (() => {
+    const raw = process.env.FRANKLIN_LIVE_SWAP_WARN_USD;
+    if (!raw)
+        return DEFAULT_LARGE_SWAP_USD;
+    const n = Number(raw);
+    if (!Number.isFinite(n) || n < 0)
+        return DEFAULT_LARGE_SWAP_USD;
+    return n;
+})();
+// ─── Base token map (mirror zerox-base.ts) ────────────────────────────────
+const SYMBOL_TO_ADDRESS = {
+    WETH: '0x4200000000000000000000000000000000000006',
+    USDC: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913',
+    USDT: '0xfde4C96c8593536E31F229EA8f37b2ADa2699bb2',
+    CBBTC: '0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf',
+    CBETH: '0x2Ae3F1Ec7F1F5012CFEab0185bfc7aa3cf0DEc22',
+    AERO: '0x940181a94A35A4569E4529A3CDfB74e38FD98631',
+    DAI: '0x50c5725949A6F0c72E6C4a641F24049A917DB0Cb',
+};
+const TOKEN_DECIMALS = {
+    '0x4200000000000000000000000000000000000006': 18,
+    '0x833589fcd6edb6e08f4c7c32d4f71b54bda02913': 6,
+    '0xfde4c96c8593536e31f229ea8f37b2ada2699bb2': 6,
+    '0xcbb7c0000ab88b473b1f5afd9ef808440eed33bf': 8,
+    '0x2ae3f1ec7f1f5012cfeab0185bfc7aa3cf0dec22': 18,
+    '0x940181a94a35a4569e4529a3cdfb74e38fd98631': 18,
+    '0x50c5725949a6f0c72e6c4a641f24049a917db0cb': 18,
+};
+const STABLECOIN_ADDRESSES = new Set([
+    '0x833589fcd6edb6e08f4c7c32d4f71b54bda02913',
+    '0xfde4c96c8593536e31f229ea8f37b2ada2699bb2',
+    '0x50c5725949a6f0c72e6c4a641f24049a917db0cb',
+]);
+function resolveTokenAddress(input) {
+    const upper = input.trim().toUpperCase();
+    if (SYMBOL_TO_ADDRESS[upper])
+        return SYMBOL_TO_ADDRESS[upper];
+    return input.trim();
+}
+function decimalsFor(address) {
+    return TOKEN_DECIMALS[address.toLowerCase()] ?? 18;
+}
+function symbolFor(address) {
+    const lower = address.toLowerCase();
+    for (const [sym, addr] of Object.entries(SYMBOL_TO_ADDRESS)) {
+        if (addr.toLowerCase() === lower)
+            return sym;
+    }
+    return `${address.slice(0, 6)}…${address.slice(-4)}`;
+}
+function isStablecoin(address) {
+    return STABLECOIN_ADDRESSES.has(address.toLowerCase());
+}
+function estimateUsdValue(addr, humanAmount) {
+    if (isStablecoin(addr))
+        return humanAmount;
+    return null;
+}
+// ─── Signature helpers ────────────────────────────────────────────────────
+// Split a 65-byte 0x-prefixed signature into the {r, s, v, signatureType}
+// shape that 0x's /gasless/submit expects.
+function splitEip712Signature(sig) {
+    if (!sig.startsWith('0x'))
+        throw new Error('signature must be 0x-prefixed');
+    const noPrefix = sig.slice(2);
+    if (noPrefix.length !== 130) {
+        throw new Error(`expected 65-byte signature, got ${noPrefix.length / 2} bytes`);
+    }
+    return {
+        r: `0x${noPrefix.slice(0, 64)}`,
+        s: `0x${noPrefix.slice(64, 128)}`,
+        v: parseInt(noPrefix.slice(128, 130), 16),
+        signatureType: SIGNATURE_TYPE_EIP712,
+    };
+}
+// ─── Wallet + RPC ─────────────────────────────────────────────────────────
+const DEFAULT_BASE_RPC = 'https://mainnet.base.org';
+function resolveBaseRpcUrl() {
+    return (process.env.BASE_RPC_URL ||
+        loadConfig()['base-rpc-url'] ||
+        DEFAULT_BASE_RPC);
+}
+async function loadEvmWallet() {
+    const raw = await getOrCreateWallet();
+    const account = privateKeyToAccount(raw.privateKey);
+    return { account, address: raw.address };
+}
+function makeClient(account) {
+    return createWalletClient({
+        account,
+        chain: base,
+        transport: http(resolveBaseRpcUrl()),
+    }).extend(publicActions);
+}
+async function gatewayGet(pathSuffix, query, timeoutMs, ctx) {
+    const apiUrl = API_URLS[loadChain()];
+    const url = `${apiUrl}${ZEROX_GATEWAY_PATH}/${pathSuffix}?${query.toString()}`;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    const onAbort = () => controller.abort();
+    ctx.abortSignal.addEventListener('abort', onAbort, { once: true });
+    try {
+        const res = await fetch(url, {
+            method: 'GET',
+            headers: { Accept: 'application/json', 'User-Agent': `franklin/${VERSION}` },
+            signal: controller.signal,
+        });
+        if (!res.ok) {
+            const text = await res.text().catch(() => '');
+            throw new Error(`gateway ${pathSuffix} returned ${res.status}: ${text.slice(0, 300)}`);
+        }
+        return (await res.json());
+    }
+    finally {
+        clearTimeout(timer);
+        ctx.abortSignal.removeEventListener('abort', onAbort);
+    }
+}
+async function gatewayPost(pathSuffix, body, timeoutMs, ctx) {
+    const apiUrl = API_URLS[loadChain()];
+    const url = `${apiUrl}${ZEROX_GATEWAY_PATH}/${pathSuffix}`;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    const onAbort = () => controller.abort();
+    ctx.abortSignal.addEventListener('abort', onAbort, { once: true });
+    try {
+        const res = await fetch(url, {
+            method: 'POST',
+            headers: {
+                Accept: 'application/json',
+                'Content-Type': 'application/json',
+                'User-Agent': `franklin/${VERSION}`,
+            },
+            body: JSON.stringify(body),
+            signal: controller.signal,
+        });
+        if (!res.ok) {
+            const text = await res.text().catch(() => '');
+            throw new Error(`gateway ${pathSuffix} returned ${res.status}: ${text.slice(0, 300)}`);
+        }
+        return (await res.json());
+    }
+    finally {
+        clearTimeout(timer);
+        ctx.abortSignal.removeEventListener('abort', onAbort);
+    }
+}
+// ─── Formatting ──────────────────────────────────────────────────────────
+function formatGaslessQuoteText(q) {
+    const sellDec = decimalsFor(q.sellToken);
+    const buyDec = decimalsFor(q.buyToken);
+    const sellHuman = Number(formatUnits(BigInt(q.sellAmount), sellDec));
+    const buyHuman = Number(formatUnits(BigInt(q.buyAmount), buyDec));
+    const sellSym = symbolFor(q.sellToken);
+    const buySym = symbolFor(q.buyToken);
+    const rate = sellHuman > 0 ? buyHuman / sellHuman : 0;
+    const route = q.route?.fills?.map((f) => f.source).filter(Boolean).slice(0, 4).join(' → ') ||
+        '0x V2 router';
+    const minOut = q.minBuyAmount
+        ? Number(formatUnits(BigInt(q.minBuyAmount), buyDec))
+        : null;
+    const lines = [
+        `${sellHuman.toFixed(Math.min(8, sellDec))} ${sellSym} → ${buyHuman.toFixed(Math.min(8, buyDec))} ${buySym}`,
+        `Rate: 1 ${sellSym} ≈ ${rate.toPrecision(6)} ${buySym}`,
+    ];
+    if (minOut != null) {
+        lines.push(`Min received: ${minOut.toFixed(Math.min(8, buyDec))} ${buySym}`);
+    }
+    lines.push(`Route: ${route}`);
+    lines.push(`Gas: paid by 0x relayer (you pay nothing in ETH)`);
+    lines.push(`Affiliate fee: 20 bps in ${sellSym} (BlockRun affiliate)`);
+    return lines.join('\n');
+}
+// ─── Status polling ──────────────────────────────────────────────────────
+async function pollUntilDone(tradeHash, ctx) {
+    const deadline = Date.now() + MAX_STATUS_POLL_MS;
+    let last = { status: 'pending' };
+    while (Date.now() < deadline) {
+        if (ctx.abortSignal.aborted) {
+            throw new Error('aborted while polling status');
+        }
+        const params = new URLSearchParams({ chainId: String(base.id) });
+        try {
+            last = await gatewayGet(`status/${tradeHash}`, params, STATUS_TIMEOUT_MS, ctx);
+        }
+        catch (err) {
+            // Surface a transient failure but keep polling — relayer might be backlogged.
+            console.error(`[franklin] gasless status poll error: ${err.message}`);
+        }
+        if (last.status === 'confirmed' ||
+            last.status === 'succeeded' ||
+            last.status === 'failed') {
+            return last;
+        }
+        await new Promise((resolve) => setTimeout(resolve, STATUS_POLL_INTERVAL_MS));
+    }
+    return last;
+}
+async function executeBase0xGaslessSwap(input, ctx) {
+    if (liveSwapCount >= liveSwapCap) {
+        return {
+            output: `Live-swap session cap reached (${liveSwapCount}/${liveSwapCap}). Stopping to protect your wallet.\n` +
+                `Override with FRANKLIN_LIVE_SWAP_CAP=20 (or 0 to disable), or restart Franklin to reset.`,
+            isError: true,
+        };
+    }
+    let wallet;
+    try {
+        wallet = await loadEvmWallet();
+    }
+    catch (err) {
+        return {
+            output: `Couldn't load Base wallet: ${err instanceof Error ? err.message : String(err)}`,
+            isError: true,
+        };
+    }
+    const sellTokenAddr = resolveTokenAddress(input.sell_token);
+    const buyTokenAddr = resolveTokenAddress(input.buy_token);
+    const sellDec = decimalsFor(sellTokenAddr);
+    const sellAmount = parseUnits(input.sell_amount.toString(), sellDec).toString();
+    // Step 1 — fetch the gasless firm quote.
+    const quoteParams = new URLSearchParams({
+        chainId: String(base.id),
+        sellToken: sellTokenAddr,
+        buyToken: buyTokenAddr,
+        sellAmount,
+        taker: wallet.address,
+    });
+    let quote;
+    try {
+        quote = await gatewayGet('quote', quoteParams, QUOTE_TIMEOUT_MS, ctx);
+    }
+    catch (err) {
+        return {
+            output: `Gasless /quote failed: ${err instanceof Error ? err.message : String(err)}`,
+            isError: true,
+        };
+    }
+    if (!quote.trade?.eip712) {
+        return {
+            output: `0x didn't return a tradable gasless quote — likely the pair has insufficient liquidity for gasless. ` +
+                `Try Base0xSwap (Permit2) instead, or a different output token.`,
+            isError: true,
+        };
+    }
+    // Determine if approval is needed and whether gasless approval is available.
+    const approvalRequired = quote.issues?.allowance != null;
+    const gaslessApprovalAvailable = quote.approval != null;
+    if (approvalRequired && !gaslessApprovalAvailable) {
+        return {
+            output: `${symbolFor(sellTokenAddr)} doesn't support gasless approval (Permit) on Base — first-time use needs a one-time on-chain approve, which requires ETH.\n\n` +
+                `Two ways forward:\n` +
+                `1. Use Base0xSwap instead — it can do approve+swap with ETH gas.\n` +
+                `2. Swap from a Permit-supporting token (USDC, DAI) to ${symbolFor(buyTokenAddr)} instead.`,
+            isError: true,
+        };
+    }
+    // Step 2 — confirm with user.
+    if (!input.auto_approve && ctx.onAskUser) {
+        const quoteText = formatGaslessQuoteText(quote);
+        const usdEst = estimateUsdValue(sellTokenAddr, input.sell_amount);
+        const sections = [
+            'Execute this gasless 0x swap on Base (no ETH needed)?',
+            '',
+            quoteText,
+        ];
+        if (usdEst != null && usdEst >= largeSwapThresholdUsd) {
+            sections.push('', `⚠ Large swap warning — input is ~$${usdEst.toFixed(2)} (above $${largeSwapThresholdUsd} threshold).`);
+        }
+        else if (usdEst == null) {
+            sections.push('', `Note: input is not a stablecoin, so I cannot price-check this in USD before signing. Verify the output amount matches your intent.`);
+        }
+        sections.push('', `Wallet: ${wallet.address}`, `Live-swap session count: ${liveSwapCount}/${liveSwapCap === Infinity ? '∞' : liveSwapCap}`);
+        const answer = await ctx.onAskUser(sections.join('\n'), ['Confirm', 'Cancel']);
+        if (answer.toLowerCase() !== 'confirm') {
+            return { output: 'Swap cancelled by user.' };
+        }
+    }
+    const client = makeClient(wallet.account);
+    // Step 3 — sign trade typed-data.
+    let tradeSigHex;
+    try {
+        tradeSigHex = (await client.signTypedData({
+            account: wallet.account,
+            types: quote.trade.eip712.types,
+            domain: quote.trade.eip712.domain,
+            message: quote.trade.eip712.message,
+            primaryType: quote.trade.eip712.primaryType,
+        }));
+    }
+    catch (err) {
+        return {
+            output: `Trade signature failed: ${err instanceof Error ? err.message : String(err)}`,
+            isError: true,
+        };
+    }
+    const tradeSplitSig = splitEip712Signature(tradeSigHex);
+    const tradeSubmitObject = {
+        type: quote.trade.type,
+        eip712: quote.trade.eip712,
+        signature: tradeSplitSig,
+    };
+    // Step 4 — sign approval typed-data if required and available.
+    let approvalSubmitObject;
+    if (approvalRequired && gaslessApprovalAvailable && quote.approval) {
+        try {
+            const approvalSigHex = (await client.signTypedData({
+                account: wallet.account,
+                types: quote.approval.eip712.types,
+                domain: quote.approval.eip712.domain,
+                message: quote.approval.eip712.message,
+                primaryType: quote.approval.eip712.primaryType,
+            }));
+            const approvalSplitSig = splitEip712Signature(approvalSigHex);
+            approvalSubmitObject = {
+                type: quote.approval.type,
+                eip712: quote.approval.eip712,
+                signature: approvalSplitSig,
+            };
+        }
+        catch (err) {
+            return {
+                output: `Approval signature failed: ${err instanceof Error ? err.message : String(err)}`,
+                isError: true,
+            };
+        }
+    }
+    // Step 5 — submit to 0x relayer via gateway.
+    const submitBody = {
+        trade: tradeSubmitObject,
+        chainId: base.id,
+    };
+    if (approvalSubmitObject)
+        submitBody.approval = approvalSubmitObject;
+    let submitRes;
+    try {
+        submitRes = await gatewayPost('submit', submitBody, SUBMIT_TIMEOUT_MS, ctx);
+    }
+    catch (err) {
+        return {
+            output: `Gasless /submit failed: ${err instanceof Error ? err.message : String(err)}`,
+            isError: true,
+        };
+    }
+    if (!submitRes.tradeHash) {
+        return {
+            output: `0x relayer didn't return a tradeHash — submission may have been rejected.`,
+            isError: true,
+        };
+    }
+    // Step 6 — poll status until confirmed / failed / timeout.
+    const final = await pollUntilDone(submitRes.tradeHash, ctx);
+    liveSwapCount += 1;
+    const onChainHash = final.transactions?.[0]?.hash;
+    const explorer = onChainHash ? `https://basescan.org/tx/${onChainHash}` : null;
+    const statusLine = final.status === 'confirmed' || final.status === 'succeeded'
+        ? '✓ Swap confirmed.'
+        : final.status === 'failed'
+            ? `✗ Swap failed: ${final.reason ?? 'unknown reason'}`
+            : `⏳ Still pending after ${MAX_STATUS_POLL_MS / 1000}s — relayer is backlogged. Check status later via /v1/zerox/gasless/status/${submitRes.tradeHash}.`;
+    const lines = [
+        statusLine,
+        formatGaslessQuoteText(quote),
+        `Trade hash: ${submitRes.tradeHash}`,
+    ];
+    if (onChainHash)
+        lines.push(`On-chain tx: ${onChainHash}`);
+    if (explorer)
+        lines.push(explorer);
+    lines.push(`(Session live-swap count: ${liveSwapCount}/${liveSwapCap === Infinity ? '∞' : liveSwapCap})`);
+    return {
+        output: lines.join('\n'),
+        isError: final.status === 'failed',
+    };
+}
+// ─── Capability handler ──────────────────────────────────────────────────
+export const base0xGaslessSwapCapability = {
+    spec: {
+        name: 'Base0xGaslessSwap',
+        description: "Execute a Base DEX swap via 0x Gasless V2. The user signs only EIP-712 typed-data (offline, no on-chain action) — 0x's relayer broadcasts the trade and pays gas. **The user does NOT need any ETH for gas.** Only input token (USDC, DAI, etc. — Permit-supporting ERC-20) is required. Returns the BaseScan link once the relayer confirms. " +
+            "Routes through BlockRun gateway /v1/zerox/gasless/* — no 0x signup needed. Affiliate 20 bps in sell-token to BlockRun treasury (server-side enforced). " +
+            "Use this instead of Base0xSwap when the user has 0 ETH but holds USDC/DAI. For tokens that don't support Permit (USDT etc.), the tool errors with a clear instruction to use Base0xSwap instead.",
+        input_schema: {
+            type: 'object',
+            required: ['sell_token', 'buy_token', 'sell_amount'],
+            properties: {
+                sell_token: {
+                    type: 'string',
+                    description: 'Sell-token address or symbol. ONLY Permit-supporting tokens work for fully-gasless flow on Base: USDC, DAI. ETH is native — use Base0xSwap for ETH input. USDT does NOT support Permit on Base.',
+                },
+                buy_token: {
+                    type: 'string',
+                    description: 'Buy-token address or symbol (any token).',
+                },
+                sell_amount: {
+                    type: 'number',
+                    description: 'Amount of sell_token in human units (e.g. 0.1 USDC).',
+                },
+                auto_approve: {
+                    type: 'boolean',
+                    description: 'If true, skip the AskUser confirm. Default false. Only use when the user just authorized this specific call.',
+                },
+            },
+        },
+    },
+    execute: async (input, ctx) => {
+        return executeBase0xGaslessSwap(input, ctx);
+    },
+    concurrent: false,
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blockrun/franklin",
-  "version": "3.13.0",
+  "version": "3.14.0",
   "description": "Franklin — The AI agent with a wallet. Spends USDC autonomously to get real work done. Pay per action, no subscriptions.",
   "type": "module",
   "exports": {