@dexterai/x402 3.18.1 → 4.1.0

package/dist/tab/adapters/solana/index.d.ts

@@ -1,6 +1,8 @@
 import * as _solana_web3_js from '@solana/web3.js';
 import { PublicKey, Connection, Signer, ConfirmOptions } from '@solana/web3.js';
 import { V as VaultAdapter } from '../../../types-DuoL3s8n.js';
+import { PasskeySignerWithPublicKey } from '@dexterai/vault/signers';
+export { PasskeySignerWithPublicKey as PasskeySigner } from '@dexterai/vault/signers';
 import '@dexterai/vault/types';
 
 /**
@@ -53,29 +55,22 @@ interface P256Keypair {
     /** 32-byte raw scalar. NEVER persist this anywhere user-readable. */
     privateKey: Uint8Array;
 }
-interface SignedPasskeyPayload {
-    /** Pass straight into the vault instruction's `client_data_json` arg. */
-    clientDataJSON: Uint8Array;
-    /** Pass straight into the vault instruction's `authenticator_data` arg. */
-    authenticatorData: Uint8Array;
-    /** Pass to buildSecp256r1VerifyInstruction as `message`. */
-    precompileMessage: Uint8Array;
-    /** Pass to buildSecp256r1VerifyInstruction as `signature`. */
-    signature: Uint8Array;
-}
-
-interface PasskeySigner {
-    /** 33-byte SEC1 compressed P-256 public key. The vault stores this on
-     *  init; the on-chain verifier compares against it on every passkey-
-     *  signed instruction. */
+/**
+ * Build a unified `PasskeySignerWithPublicKey` (vault's canonical shape)
+ * from a locally-held P-256 keypair — the node/CLI path. Returns
+ * `{ publicKey, sign(challenge) }`; the adapter computes the challenge and
+ * rebuilds the precompile message. Drop-in equivalent to vault's
+ * DexterApiBrowserPasskeySigner.
+ */
+declare function passkeySignerFromP256Keypair(kp: P256Keypair): {
     publicKey: Uint8Array;
-    /** Sign an arbitrary operation-message bundle in the WebAuthn shape the
-     *  on-chain verifier expects. The CLI path uses noble-curves; the
-     *  browser path will use navigator.credentials.get(). */
-    signOperation(operationMessage: Uint8Array): Promise<SignedPasskeyPayload>;
-}
-/** Build a PasskeySigner from a locally-held P-256 keypair (CLI path). */
-declare function passkeySignerFromP256Keypair(kp: P256Keypair): PasskeySigner;
+    sign(challenge: Uint8Array): Promise<{
+        signature: Uint8Array;
+        clientDataJSON: Uint8Array;
+        authenticatorData: Uint8Array;
+    }>;
+};
+
 interface CreateSolanaVaultAdapterOptions {
     /** RPC the adapter uses to submit txs. The buyer can pass their own
      *  connection (browser wallet RPC, Helius URL, etc.) — the adapter has
@@ -89,7 +84,7 @@ interface CreateSolanaVaultAdapterOptions {
     /** The buyer's vault PDA (gate account). */
     vaultPda: string | PublicKey;
     /** The passkey signing path. */
-    passkeySigner: PasskeySigner;
+    passkeySigner: PasskeySignerWithPublicKey;
     /** Lamport-fee payer. In Phase 2 this is the buyer; later phases may
      *  route through a facilitator co-signer. Required because the buyer's
      *  vault account is not a signer for register/revoke (the passkey
@@ -121,4 +116,4 @@ declare function buildAdapterRegisterInstruction(p: AdapterRegisterIxParams): _s
 /** Factory entry point. */
 declare function createSolanaVaultAdapter(opts: CreateSolanaVaultAdapterOptions): VaultAdapter;
 
-export { type AdapterRegisterIxParams, type CreateSolanaVaultAdapterOptions, type PasskeySigner, buildAdapterRegisterInstruction, createSolanaVaultAdapter, deriveChannelId, passkeySignerFromP256Keypair };
+export { type AdapterRegisterIxParams, type CreateSolanaVaultAdapterOptions, buildAdapterRegisterInstruction, createSolanaVaultAdapter, deriveChannelId, passkeySignerFromP256Keypair };

package/dist/tab/adapters/solana/index.js

@@ -1 +1 @@
-import{PublicKey as l,Transaction as J}from"@solana/web3.js";import{getAssociatedTokenAddressSync as ne}from"@solana/spl-token";var G="solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",$="solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",q="solana:4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z";var g="eip155:8453",A="eip155:84532",h="eip155:42161",S="eip155:137",f="eip155:10",x="eip155:43114",P="eip155:56",b="eip155:1187947933",E="eip155:324705682",K="eip155:1";var C="EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";var X="0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",Y="0x55d398326f99059fF775485246999027B3197955",T="0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",le={[P]:T,[g]:X,[A]:"0x036CbD53842c5426634e7929541eC2318f3dCF7e",[h]:"0xaf88d065e77c8cC2239327C5EDb3A432268e5831",[S]:"0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",[f]:"0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85",[x]:"0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E",[b]:"0x85889c8c714505E0c94b30fcfcF64fE3Ac8FCb20",[E]:"0x2e08028E3C4c2356572E096d8EF835cD5C6030bD",[K]:"0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"},ue={[Y]:{symbol:"USDT",decimals:18},[T]:{symbol:"USDC",decimals:18}};var ye={[P]:56,[g]:8453,[A]:84532,[h]:42161,[S]:137,[f]:10,[x]:43114,[b]:1187947933,[E]:324705682,[K]:1},me={[G]:"https://api.dexter.cash/api/solana/rpc",[$]:"https://api.devnet.solana.com",[q]:"https://api.testnet.solana.com"},de={[P]:"https://api.dexter.cash/api/evm/bsc/rpc",[g]:"https://api.dexter.cash/api/base/rpc",[A]:"https://sepolia.base.org",[h]:"https://api.dexter.cash/api/evm/arbitrum/rpc",[S]:"https://api.dexter.cash/api/evm/polygon/rpc",[f]:"https://api.dexter.cash/api/evm/optimism/rpc",[x]:"https://api.dexter.cash/api/evm/avalanche/rpc",[b]:"https://skale-base.skalenodes.com/v1/base",[E]:"https://base-sepolia-testnet.skalenodes.com/v1/jubilant-horrible-ancha",[K]:"https://eth.llamarpc.com"};import{buildRegisterSessionKeyInstruction as _,buildRevokeSessionKeyInstruction as N,deriveSwigWalletAddress as D}from"@dexterai/vault/instructions";import{buildSecp256r1VerifyInstruction as v}from"@dexterai/vault/precompile";import{DEXTER_VAULT_PROGRAM_ID as w,SECP256R1_PROGRAM_ID as xe,INSTRUCTIONS_SYSVAR_ID as Pe}from"@dexterai/vault/constants";import{sessionRegisterMessage as U,sessionRevokeMessage as I,voucherPayloadMessage as k,buildVoucherMessage as Ke}from"@dexterai/vault/messages";import B from"tweetnacl";import{sha256 as z}from"@noble/hashes/sha256";function M(){let e=B.sign.keyPair();return{publicKey:e.publicKey,privateKey:e.secretKey}}function V(e,t,n){return{publicKey:e.publicKey,privateKey:e.privateKey,scope:t,registration:n}}function L(e,t,n){if(n.length!==32)throw new Error(`channelIdBytes must be 32 bytes, got ${n.length}`);let i=BigInt(t.cumulativeAmount),s=BigInt(e.scope.maxAmountAtomic);if(i>s)throw new Error(`voucher cumulative ${i} exceeds session cap ${s}`);let r=Math.floor(Date.now()/1e3);if(r>=e.scope.expiresAtUnix)throw new Error(`session expired at ${e.scope.expiresAtUnix}, now ${r}`);let a=k({channelId:n,cumulativeAmount:i,sequenceNumber:t.sequenceNumber}),o=B.sign.detached(a,e.privateKey);return{payload:t,sessionPublicKey:e.publicKey,sessionRegistration:e.registration,sessionSignature:o}}function y(e){if(!/^\d+$/.test(e))throw new Error(`atomic amount must be a non-negative integer string, got "${e}"`);return BigInt(e)}function j(e){let t=new Uint8Array(8);new DataView(t.buffer).setBigUint64(0,e.nonce,!0);let n=new TextEncoder().encode(e.sellerUrl),i=z.create();return i.update(e.vaultPda.toBytes()),i.update(n),i.update(t),i.digest()}import{fetchVaultSessionAccounts as ie,sessionPdasOf as se,waitForSession as re}from"@dexterai/vault/session";import{p256 as Z}from"@noble/curves/p256";import{sha256 as m}from"@noble/hashes/sha256";var W="dexter.cash";function Q(e){return Buffer.from(e).toString("base64").replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}function ee(e,t=`https://${W}`){let i={type:"webauthn.get",challenge:Q(e),origin:t,crossOrigin:!1};return new TextEncoder().encode(JSON.stringify(i))}function te(e=1){let t=m(new TextEncoder().encode(W)),n=new Uint8Array(37);return n.set(t,0),n[32]=5,new DataView(n.buffer).setUint32(33,e,!1),n}function F(e,t){let n=m(t),i=ee(n),s=te(1),r=new Uint8Array(s.length+32);r.set(s,0),r.set(m(i),s.length);let a=m(r),c=Z.sign(a,e.privateKey,{lowS:!0}).toCompactRawBytes();return{clientDataJSON:i,authenticatorData:s,precompileMessage:r,signature:c}}function We(e){return{publicKey:e.publicKey,signOperation:async t=>F(e,t)}}function oe(e){let t=D(e.swigAddress),n=ne(new l(C),t,!0);return _({vaultPda:e.vaultPda,sessionPubkey:e.sessionPubkey,maxAmount:e.maxAmount,maxRevolvingCapacity:e.maxRevolvingCapacity,expiresAt:e.expiresAt,allowedCounterparty:e.allowedCounterparty,nonce:e.nonce,swigAddress:e.swigAddress,vaultUsdcAta:n,clientDataJSON:e.clientDataJSON,authenticatorData:e.authenticatorData,payer:e.payer,siblingSessionPdas:e.siblingSessionPdas})}var O=class{network="solana:mainnet";swigAddress;vaultPda;connection;vaultPdaKey;passkey;feePayer;confirmOptions;constructor(t){this.connection=t.connection,this.swigAddress=typeof t.swigAddress=="string"?t.swigAddress:t.swigAddress.toBase58(),this.vaultPdaKey=typeof t.vaultPda=="string"?new l(t.vaultPda):t.vaultPda,this.vaultPda=this.vaultPdaKey.toBase58(),this.passkey=t.passkeySigner,this.feePayer=t.feePayer,this.confirmOptions=t.confirmOptions??{commitment:"confirmed"}}async authorizeSession(t){let n=new l(t.allowedCounterparty),i=y(t.revolvingCapacityAtomic??t.maxAmountAtomic),s=M(),r=ae(),a=U({programId:w,vaultPda:this.vaultPdaKey,sessionPubkey:s.publicKey,maxAmount:y(t.maxAmountAtomic),maxRevolvingCapacity:i,expiresAt:BigInt(t.expiresAtUnix),allowedCounterparty:n,nonce:r}),o=await this.passkey.signOperation(a),c=v(this.passkey.publicKey,o.signature,o.precompileMessage),u=se(await ie(this.connection,this.vaultPdaKey)),d=oe({vaultPda:this.vaultPdaKey,swigAddress:new l(this.swigAddress),sessionPubkey:s.publicKey,maxAmount:y(t.maxAmountAtomic),maxRevolvingCapacity:i,expiresAt:BigInt(t.expiresAtUnix),allowedCounterparty:n,nonce:r,clientDataJSON:o.clientDataJSON,authenticatorData:o.authenticatorData,payer:this.feePayer.publicKey,siblingSessionPdas:u}),p=new J().add(c,d);p.feePayer=this.feePayer.publicKey;let{blockhash:R}=await this.connection.getLatestBlockhash(this.confirmOptions.commitment);p.recentBlockhash=R,p.sign(this.feePayer);let H=await this.connection.sendRawTransaction(p.serialize(),{skipPreflight:!1,preflightCommitment:this.confirmOptions.preflightCommitment??this.confirmOptions.commitment});return await this.connection.confirmTransaction({signature:H,blockhash:R,lastValidBlockHeight:(await this.connection.getLatestBlockhash(this.confirmOptions.commitment)).lastValidBlockHeight},this.confirmOptions.commitment),await re(this.connection,this.vaultPdaKey,n,{expectedSessionPubkey:s.publicKey,timeoutMs:2e4}),V(s,t,a)}async signWithSession(t,n){let i=await ce(n.channelId);return L(t,n,i)}async signOpenTab(t,n){return t.registration}async signCloseTab(t,n,i){let s=I({programId:w,vaultPda:this.vaultPdaKey,sessionPubkey:t.publicKey}),r=await this.passkey.signOperation(s),a=v(this.passkey.publicKey,r.signature,r.precompileMessage),o=N({vaultPda:this.vaultPdaKey,allowedCounterparty:new l(t.scope.allowedCounterparty),clientDataJSON:r.clientDataJSON,authenticatorData:r.authenticatorData}),c=new J().add(a,o);c.feePayer=this.feePayer.publicKey;let{blockhash:u,lastValidBlockHeight:d}=await this.connection.getLatestBlockhash(this.confirmOptions.commitment);c.recentBlockhash=u,c.sign(this.feePayer);let p=await this.connection.sendRawTransaction(c.serialize(),{skipPreflight:!1,preflightCommitment:this.confirmOptions.preflightCommitment??this.confirmOptions.commitment});return await this.connection.confirmTransaction({signature:p,blockhash:u,lastValidBlockHeight:d},this.confirmOptions.commitment),s}};function Fe(e){return new O(e)}function ae(){return Math.floor(Math.random()*4294967295)>>>0}async function ce(e){if(/^[0-9a-f]{64}$/i.test(e))return pe(e);let{sha256:t}=await import("@noble/hashes/sha256");return t(new TextEncoder().encode(e))}function pe(e){let t=new Uint8Array(e.length/2);for(let n=0;n<t.length;n++)t[n]=parseInt(e.substr(n*2,2),16);return t}export{oe as buildAdapterRegisterInstruction,Fe as createSolanaVaultAdapter,j as deriveChannelId,We as passkeySignerFromP256Keypair};
+import{PublicKey as l,Transaction as q}from"@solana/web3.js";import{getAssociatedTokenAddressSync as pe}from"@solana/spl-token";var z="solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",j="solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",Z="solana:4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z";var x="eip155:8453",f="eip155:84532",P="eip155:42161",b="eip155:137",E="eip155:10",K="eip155:43114",v="eip155:56",w="eip155:1187947933",U="eip155:324705682",C="eip155:1";var _="EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";var Q="0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",ee="0x55d398326f99059fF775485246999027B3197955",I="0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",he={[v]:I,[x]:Q,[f]:"0x036CbD53842c5426634e7929541eC2318f3dCF7e",[P]:"0xaf88d065e77c8cC2239327C5EDb3A432268e5831",[b]:"0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",[E]:"0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85",[K]:"0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E",[w]:"0x85889c8c714505E0c94b30fcfcF64fE3Ac8FCb20",[U]:"0x2e08028E3C4c2356572E096d8EF835cD5C6030bD",[C]:"0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"},Se={[ee]:{symbol:"USDT",decimals:18},[I]:{symbol:"USDC",decimals:18}};var xe={[v]:56,[x]:8453,[f]:84532,[P]:42161,[b]:137,[E]:10,[K]:43114,[w]:1187947933,[U]:324705682,[C]:1},fe={[z]:"https://api.dexter.cash/api/solana/rpc",[j]:"https://api.devnet.solana.com",[Z]:"https://api.testnet.solana.com"},Pe={[v]:"https://api.dexter.cash/api/evm/bsc/rpc",[x]:"https://api.dexter.cash/api/base/rpc",[f]:"https://sepolia.base.org",[P]:"https://api.dexter.cash/api/evm/arbitrum/rpc",[b]:"https://api.dexter.cash/api/evm/polygon/rpc",[E]:"https://api.dexter.cash/api/evm/optimism/rpc",[K]:"https://api.dexter.cash/api/evm/avalanche/rpc",[w]:"https://skale-base.skalenodes.com/v1/base",[U]:"https://base-sepolia-testnet.skalenodes.com/v1/jubilant-horrible-ancha",[C]:"https://eth.llamarpc.com"};import{buildRegisterSessionKeyInstruction as k,buildRevokeSessionKeyInstruction as B,deriveSwigWalletAddress as M}from"@dexterai/vault/instructions";import{buildSecp256r1VerifyInstruction as R}from"@dexterai/vault/precompile";import{DEXTER_VAULT_PROGRAM_ID as O,SECP256R1_PROGRAM_ID as Ue,INSTRUCTIONS_SYSVAR_ID as Ce}from"@dexterai/vault/constants";import{sessionRegisterMessage as V,sessionRevokeMessage as L,voucherPayloadMessage as W,buildVoucherMessage as De}from"@dexterai/vault/messages";import F from"tweetnacl";import{sha256 as te}from"@noble/hashes/sha256";function J(){let e=F.sign.keyPair();return{publicKey:e.publicKey,privateKey:e.secretKey}}function H(e,t,n){return{publicKey:e.publicKey,privateKey:e.privateKey,scope:t,registration:n}}function G(e,t,n){if(n.length!==32)throw new Error(`channelIdBytes must be 32 bytes, got ${n.length}`);let i=BigInt(t.cumulativeAmount),r=BigInt(e.scope.maxAmountAtomic);if(i>r)throw new Error(`voucher cumulative ${i} exceeds session cap ${r}`);let s=Math.floor(Date.now()/1e3);if(s>=e.scope.expiresAtUnix)throw new Error(`session expired at ${e.scope.expiresAtUnix}, now ${s}`);let o=W({channelId:n,cumulativeAmount:i,sequenceNumber:t.sequenceNumber}),a=F.sign.detached(o,e.privateKey);return{payload:t,sessionPublicKey:e.publicKey,sessionRegistration:e.registration,sessionSignature:a}}function g(e){if(!/^\d+$/.test(e))throw new Error(`atomic amount must be a non-negative integer string, got "${e}"`);return BigInt(e)}function ne(e){let t=new Uint8Array(8);new DataView(t.buffer).setBigUint64(0,e.nonce,!0);let n=new TextEncoder().encode(e.sellerUrl),i=te.create();return i.update(e.vaultPda.toBytes()),i.update(n),i.update(t),i.digest()}import{fetchVaultSessionAccounts as le,sessionPdasOf as ue,waitForSession as ye}from"@dexterai/vault/session";import{sha256 as A}from"@noble/hashes/sha256";import{p256 as ie}from"@noble/curves/p256";import{sha256 as D}from"@noble/hashes/sha256";var $="dexter.cash";function re(e){return Buffer.from(e).toString("base64").replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}function se(e,t=`https://${$}`){let i={type:"webauthn.get",challenge:re(e),origin:t,crossOrigin:!1};return new TextEncoder().encode(JSON.stringify(i))}function oe(e=1){let t=D(new TextEncoder().encode($)),n=new Uint8Array(37);return n.set(t,0),n[32]=5,new DataView(n.buffer).setUint32(33,e,!1),n}function ae(e,t){let n=se(t),i=oe(1),r=new Uint8Array(i.length+32);r.set(i,0),r.set(D(n),i.length);let s=D(r);return{signature:ie.sign(s,e.privateKey,{lowS:!0}).toCompactRawBytes(),clientDataJSON:n,authenticatorData:i}}function ce(e){return{publicKey:e.publicKey,sign:async t=>ae(e,t)}}function me(e){let t=M(e.swigAddress),n=pe(new l(_),t,!0);return k({vaultPda:e.vaultPda,sessionPubkey:e.sessionPubkey,maxAmount:e.maxAmount,maxRevolvingCapacity:e.maxRevolvingCapacity,expiresAt:e.expiresAt,allowedCounterparty:e.allowedCounterparty,nonce:e.nonce,swigAddress:e.swigAddress,vaultUsdcAta:n,clientDataJSON:e.clientDataJSON,authenticatorData:e.authenticatorData,payer:e.payer,siblingSessionPdas:e.siblingSessionPdas})}var N=class{network="solana:mainnet";swigAddress;vaultPda;connection;vaultPdaKey;passkey;feePayer;confirmOptions;constructor(t){this.connection=t.connection,this.swigAddress=typeof t.swigAddress=="string"?t.swigAddress:t.swigAddress.toBase58(),this.vaultPdaKey=typeof t.vaultPda=="string"?new l(t.vaultPda):t.vaultPda,this.vaultPda=this.vaultPdaKey.toBase58(),this.passkey=t.passkeySigner,this.feePayer=t.feePayer,this.confirmOptions=t.confirmOptions??{commitment:"confirmed"}}async authorizeSession(t){let n=new l(t.allowedCounterparty),i=g(t.revolvingCapacityAtomic??t.maxAmountAtomic),r=J(),s=de(),o=V({programId:O,vaultPda:this.vaultPdaKey,sessionPubkey:r.publicKey,maxAmount:g(t.maxAmountAtomic),maxRevolvingCapacity:i,expiresAt:BigInt(t.expiresAtUnix),allowedCounterparty:n,nonce:s}),a=A(o),{signature:u,clientDataJSON:y,authenticatorData:m}=await this.passkey.sign(a),h=X(m,A(y)),c=R(this.passkey.publicKey,u,h),d=ue(await le(this.connection,this.vaultPdaKey)),S=me({vaultPda:this.vaultPdaKey,swigAddress:new l(this.swigAddress),sessionPubkey:r.publicKey,maxAmount:g(t.maxAmountAtomic),maxRevolvingCapacity:i,expiresAt:BigInt(t.expiresAtUnix),allowedCounterparty:n,nonce:s,clientDataJSON:y,authenticatorData:m,payer:this.feePayer.publicKey,siblingSessionPdas:d}),p=new q().add(c,S);p.feePayer=this.feePayer.publicKey;let{blockhash:T}=await this.connection.getLatestBlockhash(this.confirmOptions.commitment);p.recentBlockhash=T,p.sign(this.feePayer);let Y=await this.connection.sendRawTransaction(p.serialize(),{skipPreflight:!1,preflightCommitment:this.confirmOptions.preflightCommitment??this.confirmOptions.commitment});return await this.connection.confirmTransaction({signature:Y,blockhash:T,lastValidBlockHeight:(await this.connection.getLatestBlockhash(this.confirmOptions.commitment)).lastValidBlockHeight},this.confirmOptions.commitment),await ye(this.connection,this.vaultPdaKey,n,{expectedSessionPubkey:r.publicKey,timeoutMs:2e4}),H(r,t,o)}async signWithSession(t,n){let i=await ge(n.channelId);return G(t,n,i)}async signOpenTab(t,n){return t.registration}async signCloseTab(t,n,i){let r=L({programId:O,vaultPda:this.vaultPdaKey,sessionPubkey:t.publicKey}),s=A(r),{signature:o,clientDataJSON:a,authenticatorData:u}=await this.passkey.sign(s),y=X(u,A(a)),m=R(this.passkey.publicKey,o,y),h=B({vaultPda:this.vaultPdaKey,allowedCounterparty:new l(t.scope.allowedCounterparty),clientDataJSON:a,authenticatorData:u}),c=new q().add(m,h);c.feePayer=this.feePayer.publicKey;let{blockhash:d,lastValidBlockHeight:S}=await this.connection.getLatestBlockhash(this.confirmOptions.commitment);c.recentBlockhash=d,c.sign(this.feePayer);let p=await this.connection.sendRawTransaction(c.serialize(),{skipPreflight:!1,preflightCommitment:this.confirmOptions.preflightCommitment??this.confirmOptions.commitment});return await this.connection.confirmTransaction({signature:p,blockhash:d,lastValidBlockHeight:S},this.confirmOptions.commitment),r}};function Xe(e){return new N(e)}function X(e,t){let n=new Uint8Array(e.length+t.length);return n.set(e,0),n.set(t,e.length),n}function de(){return Math.floor(Math.random()*4294967295)>>>0}async function ge(e){if(/^[0-9a-f]{64}$/i.test(e))return Ae(e);let{sha256:t}=await import("@noble/hashes/sha256");return t(new TextEncoder().encode(e))}function Ae(e){let t=new Uint8Array(e.length/2);for(let n=0;n<t.length;n++)t[n]=parseInt(e.substr(n*2,2),16);return t}export{me as buildAdapterRegisterInstruction,Xe as createSolanaVaultAdapter,ne as deriveChannelId,ce as passkeySignerFromP256Keypair};

package/dist/{x402-client-Ug0vrj74.d.ts → x402-client-BQKDeNxq.d.cts}

@@ -1,5 +1,4 @@
 import { SponsoredRecommendation, SponsoredAccessSettlementInfo } from '@dexterai/x402-ads-types';
-import { C as ChainAdapter, W as WalletSet, A as AccessPassClientConfig, P as PaymentAccept, S as SettlementProbe } from './types-xQu1U4xk.js';
 
 /**
  * Sponsored Access (Ads for Agents) — Client Helpers
@@ -130,104 +129,6 @@ interface PaymentReceipt {
  * Get the x402 payment receipt from a response, or undefined if none.
  */
 declare function getPaymentReceipt(response: Response): PaymentReceipt | undefined;
-/**
- * Client configuration
- *
- * @deprecated Slated for removal in `@dexterai/x402` 5.0 alongside
- * `createX402Client` and `X402Client`. Use `PayAndFetchOptions` instead.
- */
-interface X402ClientConfig {
-    /**
-     * Chain adapters to use for building transactions.
-     * If not provided, uses Solana and EVM adapters by default.
-     */
-    adapters?: ChainAdapter[];
-    /**
-     * Wallets for each chain type.
-     * Can also pass a single wallet for backwards compatibility.
-     */
-    wallets?: WalletSet;
-    /**
-     * Legacy: Single wallet (Solana).
-     * Use `wallets` for multi-chain support.
-     */
-    wallet?: unknown;
-    /**
-     * Preferred network to use when multiple options are available.
-     * CAIP-2 format (e.g., 'solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp', 'eip155:8453')
-     */
-    preferredNetwork?: string;
-    /**
-     * Custom RPC URLs by network
-     */
-    rpcUrls?: Record<string, string>;
-    /**
-     * Maximum payment amount allowed (in atomic units).
-     * Rejects payments exceeding this amount.
-     */
-    maxAmountAtomic?: string;
-    /**
-     * Custom fetch implementation
-     */
-    fetch?: typeof globalThis.fetch;
-    /**
-     * Enable verbose logging
-     */
-    verbose?: boolean;
-    /**
-     * Access pass configuration.
-     * When present, the client will prefer purchasing time-limited access passes
-     * over per-request payments. One payment grants unlimited requests for a duration.
-     */
-    accessPass?: AccessPassClientConfig;
-    /**
-     * Called before signing a payment. Return true to proceed, false to reject.
-     * Use for budget controls, confirmation prompts, or logging.
-     *
-     * @example
-     * ```typescript
-     * const client = createX402Client({
-     *   wallets,
-     *   onPaymentRequired: async (requirements) => {
-     *     const amount = Number(requirements.amount) / 1e6;
-     *     if (amount > 1.0) return false; // Reject payments over $1
-     *     console.log(`Paying $${amount} on ${requirements.network}`);
-     *     return true;
-     *   },
-     * });
-     * ```
-     */
-    onPaymentRequired?: (requirements: PaymentAccept) => boolean | Promise<boolean>;
-    /**
-     * Called the instant the signed payment authorization is sent to the
-     * merchant — after `buildTransaction`, immediately before the paid retry
-     * fetch. This is the point past which a timeout can no longer be treated
-     * as "no money moved": the facilitator may settle at any time once the
-     * authorization is in its hands.
-     *
-     * The callback receives the `accept` it is paying against (network, asset,
-     * amount, payTo) and the `settlementProbe` the adapter produced (or
-     * `undefined` for schemes with no on-chain confirmation). `payAndFetch`
-     * uses this to mark a payment as dispatched — so a post-payment abort is
-     * not misreported as a plain timeout — and keeps the probe so it can
-     * confirm settlement on-chain if the merchant never responds.
-     *
-     * Fire-and-forget — the return value is ignored, and a throw is swallowed
-     * (the payment proceeds regardless). Do not do slow work here.
-     */
-    onPaymentDispatched?: (accept: PaymentAccept, settlementProbe?: SettlementProbe) => void;
-    /**
-     * Maximum retry attempts for transient failures (network errors, 502/503).
-     * Does not cause double payments — EIP-3009 nonces prevent replay.
-     * @default 0 (no retry)
-     */
-    maxRetries?: number;
-    /**
-     * Base delay between retries in milliseconds (doubles each attempt).
-     * @default 500
-     */
-    retryDelayMs?: number;
-}
 /**
  * x402 Client interface
  *
@@ -241,28 +142,5 @@ interface X402Client {
      */
     fetch(input: string | URL | Request, init?: RequestInit): Promise<Response>;
 }
-/**
- * Create an x402 v2 client
- *
- * @deprecated Slated for removal in `@dexterai/x402` 5.0 (~6 months out — long
- * cycle because of real production consumers). Use `payAndFetch` from
- * `@dexterai/x402/client` instead — it's version-agnostic across x402 v1 and
- * v2 and returns a discriminated union for cleaner error handling.
- *
- * Migration:
- * ```typescript
- * // Before
- * const client = createX402Client({ wallets });
- * const res = await client.fetch(url);
- *
- * // After
- * import { payAndFetch } from '@dexterai/x402/client';
- * const result = await payAndFetch(url, undefined, wallets);
- * if (result.ok) {
- *   const res = result.response;
- * }
- * ```
- */
-declare function createX402Client(config: X402ClientConfig): X402Client;
 
-export { type PaymentReceipt as P, type X402ClientConfig as X, getSponsoredAccessInfo as a, getPaymentReceipt as b, createX402Client as c, type X402Client as d, fireImpressionBeacon as f, getSponsoredRecommendations as g };
+export { type PaymentReceipt as P, type X402Client as X, getSponsoredAccessInfo as a, getPaymentReceipt as b, fireImpressionBeacon as f, getSponsoredRecommendations as g };

package/dist/{x402-client-DmRbvqoc.d.cts → x402-client-BQKDeNxq.d.ts}

@@ -1,5 +1,4 @@
 import { SponsoredRecommendation, SponsoredAccessSettlementInfo } from '@dexterai/x402-ads-types';
-import { C as ChainAdapter, W as WalletSet, A as AccessPassClientConfig, P as PaymentAccept, S as SettlementProbe } from './types-xQu1U4xk.cjs';
 
 /**
  * Sponsored Access (Ads for Agents) — Client Helpers
@@ -130,104 +129,6 @@ interface PaymentReceipt {
  * Get the x402 payment receipt from a response, or undefined if none.
  */
 declare function getPaymentReceipt(response: Response): PaymentReceipt | undefined;
-/**
- * Client configuration
- *
- * @deprecated Slated for removal in `@dexterai/x402` 5.0 alongside
- * `createX402Client` and `X402Client`. Use `PayAndFetchOptions` instead.
- */
-interface X402ClientConfig {
-    /**
-     * Chain adapters to use for building transactions.
-     * If not provided, uses Solana and EVM adapters by default.
-     */
-    adapters?: ChainAdapter[];
-    /**
-     * Wallets for each chain type.
-     * Can also pass a single wallet for backwards compatibility.
-     */
-    wallets?: WalletSet;
-    /**
-     * Legacy: Single wallet (Solana).
-     * Use `wallets` for multi-chain support.
-     */
-    wallet?: unknown;
-    /**
-     * Preferred network to use when multiple options are available.
-     * CAIP-2 format (e.g., 'solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp', 'eip155:8453')
-     */
-    preferredNetwork?: string;
-    /**
-     * Custom RPC URLs by network
-     */
-    rpcUrls?: Record<string, string>;
-    /**
-     * Maximum payment amount allowed (in atomic units).
-     * Rejects payments exceeding this amount.
-     */
-    maxAmountAtomic?: string;
-    /**
-     * Custom fetch implementation
-     */
-    fetch?: typeof globalThis.fetch;
-    /**
-     * Enable verbose logging
-     */
-    verbose?: boolean;
-    /**
-     * Access pass configuration.
-     * When present, the client will prefer purchasing time-limited access passes
-     * over per-request payments. One payment grants unlimited requests for a duration.
-     */
-    accessPass?: AccessPassClientConfig;
-    /**
-     * Called before signing a payment. Return true to proceed, false to reject.
-     * Use for budget controls, confirmation prompts, or logging.
-     *
-     * @example
-     * ```typescript
-     * const client = createX402Client({
-     *   wallets,
-     *   onPaymentRequired: async (requirements) => {
-     *     const amount = Number(requirements.amount) / 1e6;
-     *     if (amount > 1.0) return false; // Reject payments over $1
-     *     console.log(`Paying $${amount} on ${requirements.network}`);
-     *     return true;
-     *   },
-     * });
-     * ```
-     */
-    onPaymentRequired?: (requirements: PaymentAccept) => boolean | Promise<boolean>;
-    /**
-     * Called the instant the signed payment authorization is sent to the
-     * merchant — after `buildTransaction`, immediately before the paid retry
-     * fetch. This is the point past which a timeout can no longer be treated
-     * as "no money moved": the facilitator may settle at any time once the
-     * authorization is in its hands.
-     *
-     * The callback receives the `accept` it is paying against (network, asset,
-     * amount, payTo) and the `settlementProbe` the adapter produced (or
-     * `undefined` for schemes with no on-chain confirmation). `payAndFetch`
-     * uses this to mark a payment as dispatched — so a post-payment abort is
-     * not misreported as a plain timeout — and keeps the probe so it can
-     * confirm settlement on-chain if the merchant never responds.
-     *
-     * Fire-and-forget — the return value is ignored, and a throw is swallowed
-     * (the payment proceeds regardless). Do not do slow work here.
-     */
-    onPaymentDispatched?: (accept: PaymentAccept, settlementProbe?: SettlementProbe) => void;
-    /**
-     * Maximum retry attempts for transient failures (network errors, 502/503).
-     * Does not cause double payments — EIP-3009 nonces prevent replay.
-     * @default 0 (no retry)
-     */
-    maxRetries?: number;
-    /**
-     * Base delay between retries in milliseconds (doubles each attempt).
-     * @default 500
-     */
-    retryDelayMs?: number;
-}
 /**
  * x402 Client interface
  *
@@ -241,28 +142,5 @@ interface X402Client {
      */
     fetch(input: string | URL | Request, init?: RequestInit): Promise<Response>;
 }
-/**
- * Create an x402 v2 client
- *
- * @deprecated Slated for removal in `@dexterai/x402` 5.0 (~6 months out — long
- * cycle because of real production consumers). Use `payAndFetch` from
- * `@dexterai/x402/client` instead — it's version-agnostic across x402 v1 and
- * v2 and returns a discriminated union for cleaner error handling.
- *
- * Migration:
- * ```typescript
- * // Before
- * const client = createX402Client({ wallets });
- * const res = await client.fetch(url);
- *
- * // After
- * import { payAndFetch } from '@dexterai/x402/client';
- * const result = await payAndFetch(url, undefined, wallets);
- * if (result.ok) {
- *   const res = result.response;
- * }
- * ```
- */
-declare function createX402Client(config: X402ClientConfig): X402Client;
 
-export { type PaymentReceipt as P, type X402ClientConfig as X, getSponsoredAccessInfo as a, getPaymentReceipt as b, createX402Client as c, type X402Client as d, fireImpressionBeacon as f, getSponsoredRecommendations as g };
+export { type PaymentReceipt as P, type X402Client as X, getSponsoredAccessInfo as a, getPaymentReceipt as b, fireImpressionBeacon as f, getSponsoredRecommendations as g };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dexterai/x402",
-  "version": "3.18.1",
+  "version": "4.1.0",
   "description": "Full-stack x402 SDK - add paid API monetization to any endpoint. Express middleware, React hooks, Access Pass, dynamic pricing. Solana, Base, Polygon, Arbitrum, Optimism, Avalanche, SKALE.",
   "author": "Dexter",
   "license": "MIT",
@@ -76,7 +76,7 @@
     "release:major": "npm version major && npm publish --access public"
   },
   "dependencies": {
-    "@dexterai/vault": "^0.9.0",
+    "@dexterai/vault": "^0.13.0",
     "@dexterai/x402-ads-types": "^0.2.0",
     "@dexterai/x402-core": "^1.4.0",
     "@noble/curves": "^1.9.7",