@dexterai/x402 1.9.2 → 1.9.4

package/dist/react/index.d.cts

@@ -1,10 +1,10 @@
-import { a as X402Client } from '../sponsored-access-BCB2CxdG.cjs';
-export { f as fireImpressionBeacon, b as getSponsoredRecommendations } from '../sponsored-access-BCB2CxdG.cjs';
-import { W as WalletSet, B as BalanceInfo } from '../types-DmqH9yD8.cjs';
+import { a as X402Client } from '../sponsored-access-Br6YPA-m.cjs';
+export { f as fireImpressionBeacon, b as getSponsoredRecommendations } from '../sponsored-access-Br6YPA-m.cjs';
+import { W as WalletSet, B as BalanceInfo } from '../types-CfKflCZO.cjs';
 import { SponsoredRecommendation } from '@dexterai/x402-ads-types';
 export { SponsoredRecommendation } from '@dexterai/x402-ads-types';
-import { a as AccessPassTier } from '../types-BQvaF8lB.cjs';
-export { A as AccessPassClientConfig, b as AccessPassInfo, X as X402Error } from '../types-BQvaF8lB.cjs';
+import { a as AccessPassTier } from '../types-CjLMR7qs.cjs';
+export { A as AccessPassClientConfig, b as AccessPassInfo, X as X402Error } from '../types-CjLMR7qs.cjs';
 
 /**
  * React Hook for x402 v2 Payments
@@ -135,6 +135,11 @@ declare function useX402Payment(config: UseX402PaymentConfig): UseX402PaymentRet
  * Dedicated hook for managing the access pass lifecycle:
  * tier discovery, pass purchase, token caching, and auto-fetch with pass.
  *
+ * **Storage:** Access pass JWTs are stored in `sessionStorage` (cleared on browser close).
+ * This means passes don't persist across tabs or sessions. The JWT is accessible to
+ * any JavaScript on the page — ensure your site is free of XSS vulnerabilities.
+ * The server re-verifies the JWT signature on every request regardless.
+ *
  * @example
  * ```tsx
  * import { useAccessPass } from '@dexterai/x402/react';

package/dist/react/index.d.ts

@@ -1,10 +1,10 @@
-import { a as X402Client } from '../sponsored-access-H1EX6zpi.js';
-export { f as fireImpressionBeacon, b as getSponsoredRecommendations } from '../sponsored-access-H1EX6zpi.js';
-import { W as WalletSet, B as BalanceInfo } from '../types-ENcnkof8.js';
+import { a as X402Client } from '../sponsored-access-D1_mINs4.js';
+export { f as fireImpressionBeacon, b as getSponsoredRecommendations } from '../sponsored-access-D1_mINs4.js';
+import { W as WalletSet, B as BalanceInfo } from '../types-BIHhO2-I.js';
 import { SponsoredRecommendation } from '@dexterai/x402-ads-types';
 export { SponsoredRecommendation } from '@dexterai/x402-ads-types';
-import { a as AccessPassTier } from '../types-BQvaF8lB.js';
-export { A as AccessPassClientConfig, b as AccessPassInfo, X as X402Error } from '../types-BQvaF8lB.js';
+import { a as AccessPassTier } from '../types-CjLMR7qs.js';
+export { A as AccessPassClientConfig, b as AccessPassInfo, X as X402Error } from '../types-CjLMR7qs.js';
 
 /**
  * React Hook for x402 v2 Payments
@@ -135,6 +135,11 @@ declare function useX402Payment(config: UseX402PaymentConfig): UseX402PaymentRet
  * Dedicated hook for managing the access pass lifecycle:
  * tier discovery, pass purchase, token caching, and auto-fetch with pass.
  *
+ * **Storage:** Access pass JWTs are stored in `sessionStorage` (cleared on browser close).
+ * This means passes don't persist across tabs or sessions. The JWT is accessible to
+ * any JavaScript on the page — ensure your site is free of XSS vulnerabilities.
+ * The server re-verifies the JWT signature on every request regardless.
+ *
  * @example
  * ```tsx
  * import { useAccessPass } from '@dexterai/x402/react';

package/dist/react/index.js

@@ -109,8 +109,11 @@ var SolanaAdapter = class {
       const account = await getAccount(connection, ata, void 0, programId);
       const decimals = accept.extra?.decimals ?? 6;
       return Number(account.amount) / Math.pow(10, decimals);
-    } catch {
-      return 0;
+    } catch (err) {
+      if (err && typeof err === "object" && "name" in err && (err.name === "TokenAccountNotFoundError" || err.name === "TokenInvalidAccountOwnerError")) {
+        return 0;
+      }
+      throw err;
     }
   }
   async buildTransaction(accept, wallet, rpcUrl) {
@@ -338,15 +341,21 @@ var EvmAdapter = class {
           ]
         })
       });
+      if (!response.ok) {
+        throw new Error(`RPC request failed: ${response.status}`);
+      }
       const result = await response.json();
-      if (result.error || !result.result) {
+      if (result.error) {
+        throw new Error(`RPC error: ${JSON.stringify(result.error)}`);
+      }
+      if (!result.result || result.result === "0x") {
         return 0;
       }
       const balance = BigInt(result.result);
       const decimals = accept.extra?.decimals ?? 6;
       return Number(balance) / Math.pow(10, decimals);
-    } catch {
-      return 0;
+    } catch (err) {
+      throw err;
     }
   }
   encodeBalanceOf(address) {
@@ -462,7 +471,8 @@ function createX402Client(config) {
     maxAmountAtomic,
     fetch: customFetch = globalThis.fetch,
     verbose = false,
-    accessPass: accessPassConfig
+    accessPass: accessPassConfig,
+    onPaymentRequired
   } = config;
   const log = verbose ? console.log.bind(console, "[x402]") : () => {
   };
@@ -575,13 +585,17 @@ function createX402Client(config) {
     const paymentAmount = accept.amount ?? accept.maxAmountRequired;
     if (!paymentAmount) return null;
     const rpcUrl = getRpcUrl(accept.network, adapter);
-    const balance = await adapter.getBalance(accept, wallet, rpcUrl);
-    const requiredAmount = Number(paymentAmount) / Math.pow(10, decimals);
-    if (balance < requiredAmount) {
-      throw new X402Error(
-        "insufficient_balance",
-        `Insufficient balance for access pass. Have $${balance.toFixed(4)}, need $${requiredAmount.toFixed(4)}`
-      );
+    try {
+      const balance = await adapter.getBalance(accept, wallet, rpcUrl);
+      const requiredAmount = Number(paymentAmount) / Math.pow(10, decimals);
+      if (balance < requiredAmount) {
+        throw new X402Error(
+          "insufficient_balance",
+          `Insufficient balance for access pass. Have $${balance.toFixed(4)}, need $${requiredAmount.toFixed(4)}`
+        );
+      }
+    } catch (err) {
+      if (err instanceof X402Error) throw err;
     }
     const signedTx = await adapter.buildTransaction(accept, wallet, rpcUrl);
     let payload;
@@ -594,13 +608,19 @@ function createX402Client(config) {
     let resolvedResource = requirements.resource;
     if (typeof requirements.resource === "string") {
       try {
-        resolvedResource = new URL(requirements.resource, originalUrl).toString();
+        const resolved = new URL(requirements.resource, originalUrl);
+        if (["http:", "https:"].includes(resolved.protocol)) {
+          resolvedResource = resolved.toString();
+        }
       } catch {
       }
     } else if (requirements.resource && typeof requirements.resource === "object" && "url" in requirements.resource) {
       const rObj = requirements.resource;
       try {
-        resolvedResource = { ...rObj, url: new URL(rObj.url, originalUrl).toString() };
+        const resolved = new URL(rObj.url, originalUrl);
+        if (["http:", "https:"].includes(resolved.protocol)) {
+          resolvedResource = { ...rObj, url: resolved.toString() };
+        }
       } catch {
       }
     }
@@ -728,16 +748,27 @@ function createX402Client(config) {
     }
     const rpcUrl = getRpcUrl(accept.network, adapter);
     log("Checking balance...");
-    const balance = await adapter.getBalance(accept, wallet, rpcUrl);
-    const requiredAmount = Number(paymentAmount) / Math.pow(10, decimals);
-    if (balance < requiredAmount) {
-      const network = adapter.name === "EVM" ? "Base" : "Solana";
-      throw new X402Error(
-        "insufficient_balance",
-        `Insufficient USDC balance on ${network}. Have $${balance.toFixed(4)}, need $${requiredAmount.toFixed(4)}`
-      );
+    try {
+      const balance = await adapter.getBalance(accept, wallet, rpcUrl);
+      const requiredAmount = Number(paymentAmount) / Math.pow(10, decimals);
+      if (balance < requiredAmount) {
+        const network = adapter.name === "EVM" ? "Base" : "Solana";
+        throw new X402Error(
+          "insufficient_balance",
+          `Insufficient USDC balance on ${network}. Have $${balance.toFixed(4)}, need $${requiredAmount.toFixed(4)}`
+        );
+      }
+      log(`Balance OK: $${balance.toFixed(4)} >= $${requiredAmount.toFixed(4)}`);
+    } catch (err) {
+      if (err instanceof X402Error) throw err;
+      log("Balance check failed (RPC error), proceeding with transaction attempt");
+    }
+    if (onPaymentRequired) {
+      const approved = await onPaymentRequired(accept);
+      if (!approved) {
+        throw new X402Error("payment_rejected", "Payment rejected by onPaymentRequired callback");
+      }
     }
-    log(`Balance OK: $${balance.toFixed(4)} >= $${requiredAmount.toFixed(4)}`);
     log("Building transaction...");
     const signedTx = await adapter.buildTransaction(accept, wallet, rpcUrl);
     log("Transaction signed");
@@ -822,13 +853,15 @@ function createX402Client(config) {
 }
 
 // src/utils.ts
+function isSolanaNetwork(network) {
+  return network.startsWith("solana:") || network === "solana";
+}
+function isEvmNetwork(network) {
+  return network.startsWith("eip155:") || ["base", "ethereum", "arbitrum"].includes(network);
+}
 function getChainFamily(network) {
-  if (network.startsWith("solana:") || network === "solana") {
-    return "solana";
-  }
-  if (network.startsWith("eip155:") || ["base", "ethereum", "arbitrum"].includes(network)) {
-    return "evm";
-  }
+  if (isSolanaNetwork(network)) return "solana";
+  if (isEvmNetwork(network)) return "evm";
   return "unknown";
 }
 function getChainName(network) {