@dexterai/x402 5.1.0 → 5.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,6 +1,6 @@
1
- "use strict";var Wt=Object.create;var Ye=Object.defineProperty;var qt=Object.getOwnPropertyDescriptor;var Ht=Object.getOwnPropertyNames;var Ft=Object.getPrototypeOf,jt=Object.prototype.hasOwnProperty;var Jt=(n,e)=>{for(var t in e)Ye(n,t,{get:e[t],enumerable:!0})},wt=(n,e,t,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of Ht(e))!jt.call(n,s)&&s!==t&&Ye(n,s,{get:()=>e[s],enumerable:!(r=qt(e,s))||r.enumerable});return n};var G=(n,e,t)=>(t=n!=null?Wt(Ft(n)):{},wt(e||!n||!n.__esModule?Ye(t,"default",{value:n,enumerable:!0}):t,n)),Xt=n=>wt(Ye({},"__esModule",{value:!0}),n);var En={};Jt(En,{DEFAULT_FACILITATOR_URL:()=>ze,DEXTER_VAULT_PROGRAM_ID:()=>F.DEXTER_VAULT_PROGRAM_ID,INSTRUCTIONS_SYSVAR_ID:()=>F.INSTRUCTIONS_SYSVAR_ID,SECP256R1_PROGRAM_ID:()=>F.SECP256R1_PROGRAM_ID,SessionScopeExceededError:()=>ie,TabClosedError:()=>Q,UnsupportedNetworkError:()=>oe,atomicToHuman:()=>ce,buildRegisterSessionKeyInstruction:()=>ge.buildRegisterSessionKeyInstruction,buildRevokeSessionKeyInstruction:()=>ge.buildRevokeSessionKeyInstruction,buildSecp256r1VerifyInstruction:()=>bt.buildSecp256r1VerifyInstruction,buildVoucherMessage:()=>B.buildVoucherMessage,humanToAtomic:()=>Z,openTab:()=>Ge,payUrlWithTab:()=>Vt,resolveTabOffer:()=>Ae,resolveTabTerms:()=>Kt,resumeTab:()=>Rt,sessionRegisterMessage:()=>B.sessionRegisterMessage,sessionRevokeMessage:()=>B.sessionRevokeMessage,voucherPayloadMessage:()=>B.voucherPayloadMessage,voucherToHeader:()=>Ie});module.exports=Xt(En);var oe=class extends Error{constructor(t){super(`Network ${t} is not yet supported by @dexterai/x402/tab`);this.network=t;this.name="UnsupportedNetworkError"}},ie=class extends Error{constructor(t,r){super(`Session scope exceeded: ${t}${r?` (${r})`:""}`);this.reason=t;this.name="SessionScopeExceededError"}},Q=class extends Error{constructor(t){super(`Tab ${t} is already closed`);this.channelId=t;this.name="TabClosedError"}};var mt=require("@solana/web3.js"),ee=require("@noble/hashes/utils");var Yt=G(require("tweetnacl"),1);var B=require("@dexterai/vault/messages");var Tt=require("@noble/hashes/sha256");function xt(n){let e=new Uint8Array(8);new DataView(e.buffer).setBigUint64(0,n.nonce,!0);let t=new TextEncoder().encode(n.sellerUrl),r=Tt.sha256.create();return r.update(n.vaultPda.toBytes()),r.update(t),r.update(e),r.digest()}var zt=3600,ze="https://x402.dexter.cash",Et=6;function Z(n,e=Et){if(!/^\d+(\.\d+)?$/.test(n))throw new Error(`amount must be a non-negative decimal string, got "${n}"`);let[t,r=""]=n.split(".");if(r.length>e)throw new Error(`amount "${n}" has more than ${e} decimals`);let s=r.padEnd(e,"0"),a=`${t}${s}`.replace(/^0+(?=\d)/,"");return a===""?"0":a}function ce(n,e=Et){if(!/^\d+$/.test(n))throw new Error(`atomic must be a non-negative integer string, got "${n}"`);let t=n.padStart(e+1,"0"),r=t.slice(0,-e).replace(/^0+(?=\d)/,"")||"0",s=t.slice(-e).replace(/0+$/,"");return s?`${r}.${s}`:r}var pt=class{channelId;network;counterparty;internals;cumulativeAtomic=0n;sequenceNumber=0;closed=!1;lastSignedVoucher=null;previousSignedVoucher=null;constructor(e){this.internals=e,this.channelId=e.channelIdHex,this.network=e.network,this.counterparty=e.counterparty}get state(){let e=this.internals.totalCapAtomic-this.cumulativeAtomic,t=Math.floor(Date.now()/1e3);return{isOpen:!this.closed,spent:ce(this.cumulativeAtomic.toString()),remaining:ce(e.toString()),expiresInSec:Math.max(0,this.internals.expiresAtUnix-t)}}async signNextVoucher(e){if(this.closed)throw new Q(this.channelId);let t=BigInt(e);if(t<=0n)throw new Error(`voucher increment must be > 0, got ${e}`);if(t>this.internals.perUnitCapAtomic)throw new ie("cap_exceeded",`single voucher increment ${t} exceeds perUnitCap ${this.internals.perUnitCapAtomic}`);let r=this.cumulativeAtomic+t;if(r>this.internals.totalCapAtomic)throw new ie("cap_exceeded",`cumulative ${r} would exceed totalCap ${this.internals.totalCapAtomic}`);let s=this.sequenceNumber+1,a={channelId:this.channelId,cumulativeAmount:r.toString(),sequenceNumber:s},o=await this.internals.vault.signWithSession(this.internals.session,a);return this.previousSignedVoucher=this.lastSignedVoucher,this.lastSignedVoucher=o,this.sequenceNumber=s,this.cumulativeAtomic=r,o}rollbackVoucher(e){let t=this.lastSignedVoucher;if(!t||t.payload.sequenceNumber!==e.payload.sequenceNumber||t.payload.cumulativeAmount!==e.payload.cumulativeAmount)return!1;let r=this.previousSignedVoucher;if(r)this.sequenceNumber=r.payload.sequenceNumber,this.cumulativeAtomic=BigInt(r.payload.cumulativeAmount),this.lastSignedVoucher=r;else if(t.payload.sequenceNumber===1)this.sequenceNumber=0,this.cumulativeAtomic=0n,this.lastSignedVoucher=null;else return!1;return this.previousSignedVoucher=null,!0}async stream(e,t){if(this.closed)throw new Q(this.channelId);let r=await this.signNextVoucher(this.internals.perUnitCapAtomic.toString()),s=new Headers(t?.headers);s.set("X-Tab-Voucher",Ie(r)),s.set("Accept","text/event-stream");let a=await fetch(e,{...t,headers:s});if(!a.ok){let o=await a.text().catch(()=>"");throw new Error(`tab.stream HTTP ${a.status}: ${o.slice(0,500)}`)}if(!a.body)throw new Error("tab.stream response has no body");return en(a.body)}async close(){if(this.closed)throw new Q(this.channelId);let e={settleTx:""};return this.lastSignedVoucher&&this.cumulativeAtomic>0n&&(e=await Gt(this.internals.facilitatorUrl,this.lastSignedVoucher,this.internals.network)),await this.internals.vault.signCloseTab(this.internals.session,this.channelId,this.cumulativeAtomic.toString()),this.closed=!0,this.internals.session.privateKey.fill(0),{settledAmount:ce(this.cumulativeAtomic.toString()),...e}}};function Ie(n){return Buffer.from(JSON.stringify({payload:n.payload,sessionPublicKey:(0,ee.bytesToHex)(n.sessionPublicKey),sessionRegistration:(0,ee.bytesToHex)(n.sessionRegistration),sessionSignature:(0,ee.bytesToHex)(n.sessionSignature)}),"utf8").toString("base64")}async function Gt(n,e,t){let r=`${n.replace(/\/$/,"")}/tab/settle`,s={channelId:e.payload.channelId,cumulativeAmount:e.payload.cumulativeAmount,sequenceNumber:e.payload.sequenceNumber,sessionPublicKey:(0,ee.bytesToHex)(e.sessionPublicKey),sessionSignature:(0,ee.bytesToHex)(e.sessionSignature),sessionRegistration:(0,ee.bytesToHex)(e.sessionRegistration),network:t},a=await fetch(r,{method:"POST",headers:{"content-type":"application/json"},body:JSON.stringify(s)}),o=await a.text();if(!a.ok)throw new Error(`tab settle ${a.status}: ${o.slice(0,500)}`);let i;try{i=JSON.parse(o)}catch{throw new Error(`tab settle returned non-JSON: ${o.slice(0,200)}`)}if(!i.settleTx)throw new Error(`tab settle returned no settleTx: ${o.slice(0,200)}`);let c={settleTx:i.settleTx};return typeof i.grossAmount=="string"&&(c.grossAmount=i.grossAmount),typeof i.feeAmount=="string"&&(c.feeAmount=i.feeAmount),typeof i.netAmount=="string"&&(c.netAmount=i.netAmount),c}async function Qt(n,e,t,r,s){let a=`${n.replace(/\/$/,"")}/tab/open`,o=await fetch(a,{method:"POST",headers:{"content-type":"application/json"},body:JSON.stringify({buyer_swig_address:e,seller:s,max_amount_atomic:t.toString(),network:r})}),i=await o.json().catch(()=>({}));if(!o.ok||!i.success||!i.armed)throw new Error(`tab_open_unprotected: ${i.error??`http_${o.status}`}`);return{armed:!0,signature:i.signature??""}}async function Ge(n){if(n.network!==n.vault.network)throw new oe(`options.network (${n.network}) doesn't match vault.network (${n.vault.network})`);if(n.network!=="solana:mainnet")throw new oe(n.network);let e=BigInt(Math.floor(Math.random()*4294967295)),t=new mt.PublicKey(n.vault.vaultPda),r=xt({vaultPda:t,sellerUrl:n.seller,nonce:BigInt(e)}),s=(0,ee.bytesToHex)(r),a=BigInt(Z(n.perUnitCap)),o=BigInt(Z(n.totalCap));if(a<=0n)throw new Error("perUnitCap must be > 0");if(o<a)throw new Error("totalCap must be >= perUnitCap");if(n.revolvingCapacity!==void 0&&BigInt(Z(n.revolvingCapacity))<=0n)throw new Error("revolvingCapacity must be > 0");let i=n.sessionDuration??zt,c=Math.floor(Date.now()/1e3)+i,l=Zt(n.seller),m={channelId:s,maxAmountAtomic:o.toString(),revolvingCapacityAtomic:n.revolvingCapacity?Z(n.revolvingCapacity):o.toString(),expiresAtUnix:c,allowedCounterparty:l},f=await n.vault.authorizeSession(m);return await Qt(n.facilitatorUrl??ze,n.vault.swigAddress,o,n.network,l),new pt({vault:n.vault,network:n.network,seller:n.seller,counterparty:l,session:f,channelIdHex:s,channelIdBytes:r,perUnitCapAtomic:a,totalCapAtomic:o,expiresAtUnix:c,facilitatorUrl:n.facilitatorUrl??ze})}async function Rt(n){throw new Error("resumeTab is Phase 3 work. Session keys are memory-only by design; recovery requires reading active_session on chain and re-authorizing. Tracked in dexter-vault roadmap.")}function Zt(n){if(/^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(n))try{return new mt.PublicKey(n),n}catch{}throw new Error(`seller must be a base58 Solana pubkey for Phase 2 (got "${n}"). URL-based counterparty resolution lands in Phase 3 (seller middleware).`)}async function*en(n){let e=n.getReader(),t=new TextDecoder,r="";try{for(;;){let{done:s,value:a}=await e.read();if(s)break;r+=t.decode(a,{stream:!0});let o;for(;(o=r.indexOf(`
1
+ "use strict";var nn=Object.create;var et=Object.defineProperty;var rn=Object.getOwnPropertyDescriptor;var sn=Object.getOwnPropertyNames;var an=Object.getPrototypeOf,on=Object.prototype.hasOwnProperty;var cn=(t,e)=>{for(var n in e)et(t,n,{get:e[n],enumerable:!0})},kt=(t,e,n,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of sn(e))!on.call(t,s)&&s!==n&&et(t,s,{get:()=>e[s],enumerable:!(r=rn(e,s))||r.enumerable});return t};var J=(t,e,n)=>(n=t!=null?nn(an(t)):{},kt(e||!t||!t.__esModule?et(n,"default",{value:t,enumerable:!0}):n,t)),ln=t=>kt(et({},"__esModule",{value:!0}),t);var $n={};cn($n,{DEFAULT_FACILITATOR_URL:()=>we,DEXTER_VAULT_PROGRAM_ID:()=>W.DEXTER_VAULT_PROGRAM_ID,INSTRUCTIONS_SYSVAR_ID:()=>W.INSTRUCTIONS_SYSVAR_ID,SECP256R1_PROGRAM_ID:()=>W.SECP256R1_PROGRAM_ID,SessionScopeExceededError:()=>ce,TabClosedError:()=>Z,UnsupportedNetworkError:()=>ie,atomicToHuman:()=>le,buildRegisterSessionKeyInstruction:()=>ue.buildRegisterSessionKeyInstruction,buildRevokeSessionKeyInstruction:()=>ue.buildRevokeSessionKeyInstruction,buildSecp256r1VerifyInstruction:()=>St.buildSecp256r1VerifyInstruction,buildVoucherMessage:()=>B.buildVoucherMessage,humanToAtomic:()=>ee,openTab:()=>rt,payUrlWithTab:()=>en,resolveTabOffer:()=>xe,resolveTabTerms:()=>tn,resumeTab:()=>Bt,sessionRegisterMessage:()=>B.sessionRegisterMessage,sessionRevokeMessage:()=>B.sessionRevokeMessage,tabFromGrant:()=>Kt,voucherPayloadMessage:()=>B.voucherPayloadMessage,voucherToHeader:()=>De});module.exports=ln($n);var ie=class extends Error{constructor(n){super(`Network ${n} is not yet supported by @dexterai/x402/tab`);this.network=n;this.name="UnsupportedNetworkError"}},ce=class extends Error{constructor(n,r){super(`Session scope exceeded: ${n}${r?` (${r})`:""}`);this.reason=n;this.name="SessionScopeExceededError"}},Z=class extends Error{constructor(n){super(`Tab ${n} is already closed`);this.channelId=n;this.name="TabClosedError"}};var At=require("@solana/web3.js"),te=require("@noble/hashes/utils");var Ct=J(require("tweetnacl"),1);var B=require("@dexterai/vault/messages");var Ot=require("@noble/hashes/sha256");function It(t,e,n){return{publicKey:t.publicKey,privateKey:t.privateKey,scope:e,registration:n}}function Nt(t,e,n){if(n.length!==32)throw new Error(`channelIdBytes must be 32 bytes, got ${n.length}`);let r=BigInt(e.cumulativeAmount),s=BigInt(t.scope.maxAmountAtomic);if(r>s)throw new Error(`voucher cumulative ${r} exceeds session cap ${s}`);let a=Math.floor(Date.now()/1e3);if(a>=t.scope.expiresAtUnix)throw new Error(`session expired at ${t.scope.expiresAtUnix}, now ${a}`);let o=(0,B.voucherPayloadMessage)({channelId:n,cumulativeAmount:r,sequenceNumber:e.sequenceNumber}),i=Ct.default.sign.detached(o,t.privateKey);return{payload:e,sessionPublicKey:t.publicKey,sessionRegistration:t.registration,sessionSignature:i}}function tt(t){if(!/^\d+$/.test(t))throw new Error(`atomic amount must be a non-negative integer string, got "${t}"`);return BigInt(t)}function nt(t){let e=new Uint8Array(8);new DataView(e.buffer).setBigUint64(0,t.nonce,!0);let n=new TextEncoder().encode(t.sellerUrl),r=Ot.sha256.create();return r.update(t.vaultPda.toBytes()),r.update(n),r.update(e),r.digest()}var un=3600,we="https://x402.dexter.cash",Ut=6;function ee(t,e=Ut){if(!/^\d+(\.\d+)?$/.test(t))throw new Error(`amount must be a non-negative decimal string, got "${t}"`);let[n,r=""]=t.split(".");if(r.length>e)throw new Error(`amount "${t}" has more than ${e} decimals`);let s=r.padEnd(e,"0"),a=`${n}${s}`.replace(/^0+(?=\d)/,"");return a===""?"0":a}function le(t,e=Ut){if(!/^\d+$/.test(t))throw new Error(`atomic must be a non-negative integer string, got "${t}"`);let n=t.padStart(e+1,"0"),r=n.slice(0,-e).replace(/^0+(?=\d)/,"")||"0",s=n.slice(-e).replace(/0+$/,"");return s?`${r}.${s}`:r}var Be=class{channelId;network;counterparty;internals;initialCumulativeAtomic;cumulativeAtomic;sequenceNumber=0;closed=!1;lastSignedVoucher=null;previousSignedVoucher=null;constructor(e){this.internals=e,this.channelId=e.channelIdHex,this.network=e.network,this.counterparty=e.counterparty,this.initialCumulativeAtomic=e.initialCumulativeAtomic??0n,this.cumulativeAtomic=this.initialCumulativeAtomic}get state(){let e=this.internals.totalCapAtomic-this.cumulativeAtomic,n=Math.floor(Date.now()/1e3);return{isOpen:!this.closed,spent:le(this.cumulativeAtomic.toString()),remaining:le(e.toString()),expiresInSec:Math.max(0,this.internals.expiresAtUnix-n)}}async signNextVoucher(e){if(this.closed)throw new Z(this.channelId);let n=BigInt(e);if(n<=0n)throw new Error(`voucher increment must be > 0, got ${e}`);if(n>this.internals.perUnitCapAtomic)throw new ce("cap_exceeded",`single voucher increment ${n} exceeds perUnitCap ${this.internals.perUnitCapAtomic}`);let r=this.cumulativeAtomic+n;if(r>this.internals.totalCapAtomic)throw new ce("cap_exceeded",`cumulative ${r} would exceed totalCap ${this.internals.totalCapAtomic}`);let s=this.sequenceNumber+1,a={channelId:this.channelId,cumulativeAmount:r.toString(),sequenceNumber:s},o=await this.internals.vault.signWithSession(this.internals.session,a);return this.previousSignedVoucher=this.lastSignedVoucher,this.lastSignedVoucher=o,this.sequenceNumber=s,this.cumulativeAtomic=r,o}rollbackVoucher(e){let n=this.lastSignedVoucher;if(!n||n.payload.sequenceNumber!==e.payload.sequenceNumber||n.payload.cumulativeAmount!==e.payload.cumulativeAmount)return!1;let r=this.previousSignedVoucher;if(r)this.sequenceNumber=r.payload.sequenceNumber,this.cumulativeAtomic=BigInt(r.payload.cumulativeAmount),this.lastSignedVoucher=r;else if(n.payload.sequenceNumber===1)this.sequenceNumber=0,this.cumulativeAtomic=this.initialCumulativeAtomic,this.lastSignedVoucher=null;else return!1;return this.previousSignedVoucher=null,!0}async stream(e,n){if(this.closed)throw new Z(this.channelId);let r=await this.signNextVoucher(this.internals.perUnitCapAtomic.toString()),s=new Headers(n?.headers);s.set("X-Tab-Voucher",De(r)),s.set("Accept","text/event-stream");let a=await fetch(e,{...n,headers:s});if(!a.ok){let o=await a.text().catch(()=>"");throw new Error(`tab.stream HTTP ${a.status}: ${o.slice(0,500)}`)}if(!a.body)throw new Error("tab.stream response has no body");return fn(a.body)}async close(){if(this.closed)throw new Z(this.channelId);let e={settleTx:""};this.lastSignedVoucher&&this.cumulativeAtomic>0n&&(e=await pn(this.internals.facilitatorUrl,this.lastSignedVoucher,this.internals.network));let n=(this.internals.closeMode??"revoke")==="revoke";return n&&await this.internals.vault.signCloseTab(this.internals.session,this.channelId,this.cumulativeAtomic.toString()),this.closed=!0,this.internals.session.privateKey.fill(0),{settledAmount:le(this.cumulativeAtomic.toString()),sessionRevoked:n,...e}}};function De(t){return Buffer.from(JSON.stringify({payload:t.payload,sessionPublicKey:(0,te.bytesToHex)(t.sessionPublicKey),sessionRegistration:(0,te.bytesToHex)(t.sessionRegistration),sessionSignature:(0,te.bytesToHex)(t.sessionSignature)}),"utf8").toString("base64")}function Se(t){return typeof t!="string"||!/^\d+$/.test(t)?null:BigInt(t)}function mn(t){let e;try{e=JSON.parse(t)}catch{return!1}if(typeof e!="object"||e===null)return!1;let n="non_monotonic_cumulative";if(e.error!==n&&e.reason!==n)return!1;let r=Se(e.attempted_cumulative),s=Se(e.on_chain_spent),a=Se(e.frontier);return r===null||s===null||a===null?!1:r>s&&r<=a}async function pn(t,e,n){let r=`${t.replace(/\/$/,"")}/tab/settle`,s={channelId:e.payload.channelId,cumulativeAmount:e.payload.cumulativeAmount,sequenceNumber:e.payload.sequenceNumber,sessionPublicKey:(0,te.bytesToHex)(e.sessionPublicKey),sessionSignature:(0,te.bytesToHex)(e.sessionSignature),sessionRegistration:(0,te.bytesToHex)(e.sessionRegistration),network:n},a=await fetch(r,{method:"POST",headers:{"content-type":"application/json"},body:JSON.stringify(s)}),o=await a.text();if(!a.ok){if(a.status===409&&mn(o))return{settleTx:""};throw new Error(`tab settle ${a.status}: ${o.slice(0,500)}`)}let i;try{i=JSON.parse(o)}catch{throw new Error(`tab settle returned non-JSON: ${o.slice(0,200)}`)}if(i.reason==="covered_by_frontier"){let u=Se(i.attemptedCumulative),p=Se(i.onChainSpent),d=Se(i.frontier);if(u!==null&&p!==null&&d!==null&&u>p&&u<=d)return{settleTx:""}}if(!i.settleTx)throw new Error(`tab settle returned no settleTx: ${o.slice(0,200)}`);let c={settleTx:i.settleTx};return typeof i.grossAmount=="string"&&(c.grossAmount=i.grossAmount),typeof i.feeAmount=="string"&&(c.feeAmount=i.feeAmount),typeof i.netAmount=="string"&&(c.netAmount=i.netAmount),c}async function bt(t,e,n,r,s){let a=`${t.replace(/\/$/,"")}/tab/open`,o=await fetch(a,{method:"POST",headers:{"content-type":"application/json"},body:JSON.stringify({buyer_swig_address:e,seller:s,max_amount_atomic:n.toString(),network:r})}),i=await o.json().catch(()=>({}));if(!o.ok||!i.success||!i.armed)throw new Error(`tab_open_unprotected: ${i.error??`http_${o.status}`}`);return{armed:!0,signature:i.signature??""}}async function rt(t){if(t.network!==t.vault.network)throw new ie(`options.network (${t.network}) doesn't match vault.network (${t.vault.network})`);if(t.network!=="solana:mainnet")throw new ie(t.network);let e=BigInt(Math.floor(Math.random()*4294967295)),n=new At.PublicKey(t.vault.vaultPda),r=nt({vaultPda:n,sellerUrl:t.seller,nonce:BigInt(e)}),s=(0,te.bytesToHex)(r),a=BigInt(ee(t.perUnitCap)),o=BigInt(ee(t.totalCap));if(a<=0n)throw new Error("perUnitCap must be > 0");if(o<a)throw new Error("totalCap must be >= perUnitCap");if(t.revolvingCapacity!==void 0&&BigInt(ee(t.revolvingCapacity))<=0n)throw new Error("revolvingCapacity must be > 0");let i=t.sessionDuration??un,c=Math.floor(Date.now()/1e3)+i,u=dn(t.seller),p={channelId:s,maxAmountAtomic:o.toString(),revolvingCapacityAtomic:t.revolvingCapacity?ee(t.revolvingCapacity):o.toString(),expiresAtUnix:c,allowedCounterparty:u},d=await t.vault.authorizeSession(p);return await bt(t.facilitatorUrl??we,t.vault.swigAddress,o,t.network,u),new Be({vault:t.vault,network:t.network,seller:t.seller,counterparty:u,session:d,channelIdHex:s,channelIdBytes:r,perUnitCapAtomic:a,totalCapAtomic:o,expiresAtUnix:c,facilitatorUrl:t.facilitatorUrl??we})}async function Bt(t){throw new Error("resumeTab is Phase 3 work. Session keys are memory-only by design; recovery requires reading active_session on chain and re-authorizing. Tracked in dexter-vault roadmap.")}function dn(t){if(/^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(t))try{return new At.PublicKey(t),t}catch{}throw new Error(`seller must be a base58 Solana pubkey for Phase 2 (got "${t}"). URL-based counterparty resolution lands in Phase 3 (seller middleware).`)}async function*fn(t){let e=t.getReader(),n=new TextDecoder,r="";try{for(;;){let{done:s,value:a}=await e.read();if(s)break;r+=n.decode(a,{stream:!0});let o;for(;(o=r.indexOf(`
2
2
 
3
- `))!==-1;){let i=r.slice(0,o);r=r.slice(o+2);let c=tn(i);if(c.eventName==="end")return;if(c.data!==null){let l=c.data.replace(/\\n/g,`
4
- `);yield new TextEncoder().encode(l)}}}}finally{e.releaseLock()}}function tn(n){let e=null,t=[];for(let r of n.split(`
5
- `))r.startsWith("event:")?e=r.slice(6).trim():r.startsWith("data:")&&t.push(r.slice(5).trimStart());return{eventName:e,data:t.length?t.join(`
6
- `):null}}var vt=require("@solana/web3.js");var Pt=[{caip2:"eip155:8453",bare:"base",family:"evm"},{caip2:"eip155:1",bare:"ethereum",family:"evm"},{caip2:"eip155:137",bare:"polygon",family:"evm"},{caip2:"eip155:42161",bare:"arbitrum",family:"evm"},{caip2:"eip155:10",bare:"optimism",family:"evm"},{caip2:"eip155:43114",bare:"avalanche",family:"evm"},{caip2:"eip155:56",bare:"bsc",family:"evm"},{caip2:"solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",bare:"solana",family:"svm"}],nn=new Map(Pt.map(n=>[n.caip2.toLowerCase(),n])),rn=new Map(Pt.map(n=>[n.bare.toLowerCase(),n]));function Ne(n){if(!n)return null;let e=n.toLowerCase(),t=nn.get(e)||rn.get(e);return t?{caip2:t.caip2,bare:t.bare,family:t.family}:null}function dt(n){let e=n.replace(/-/g,"+").replace(/_/g,"/"),t=e+"=".repeat((4-(e.length%4||4))%4);return JSON.parse(Buffer.from(t,"base64").toString("utf8"))}function sn(n){let e=[];for(let t of n){if(!t||typeof t!="object")continue;let r=t,s=Ne(String(r.network??""));s&&e.push({scheme:String(r.scheme??"exact"),network:s,amount:String(r.amount??r.maxAmountRequired??"0"),asset:String(r.asset??""),payTo:String(r.payTo??""),maxTimeoutSeconds:typeof r.maxTimeoutSeconds=="number"?r.maxTimeoutSeconds:void 0,extra:r.extra&&typeof r.extra=="object"?r.extra:void 0})}return e}async function Qe(n){let e=n.headers.get("payment-required");if(!e)return null;let t;try{t=dt(e)}catch{return null}let r=Array.isArray(t.accepts)?t.accepts:[];return r.length===0?null:{x402Version:2,options:sn(r),resourceUrl:t.resource&&typeof t.resource=="object"?String(t.resource.url??""):void 0}}async function Ae(n,e={},t=fetch){let r={method:e.method??"GET",headers:e.headers};typeof e.body=="string"&&(r.body=e.body);let s;try{s=await t(n,r)}catch(i){return{kind:"error",detail:`probe failed: ${i?.message??String(i)}`}}if(s.status!==402)return s.ok?{kind:"free",response:s}:{kind:"error",detail:`probe returned HTTP ${s.status}`};let a=await Qe(s);if(!a)return{kind:"error",detail:"the 402 carries no x402 v2 PAYMENT-REQUIRED challenge"};let o=a.options.find(i=>i.scheme==="tab"&&i.network.family==="svm");if(!o)return{kind:"no_tab",schemesOffered:a.options.map(i=>i.scheme)};try{new vt.PublicKey(o.payTo)}catch{return{kind:"error",detail:`tab option payTo is not a valid Solana pubkey: "${o.payTo}"`}}return{kind:"offer",offer:{payTo:o.payTo,amountAtomic:o.amount,asset:o.asset,networkCaip2:o.network.caip2,resourceUrl:a.resourceUrl}}}var Oe="solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",Ze="solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",et="solana:4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z",le=Oe,Ue=Ze,Be=et,ue="eip155:8453",be="eip155:84532",we="eip155:42161",Te="eip155:137",xe="eip155:10",Ee="eip155:43114",Re="eip155:56",Pe="eip155:1187947933",ve="eip155:324705682",_e="eip155:1",pe=ue,tt=be,De=we,Me=Te,$e=xe,Le=Ee,Ve=Re,Ke=Pe,We=ve,qe=_e,He="EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",_t="4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU",kt="0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",ft="0x55d398326f99059fF775485246999027B3197955",nt="0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",rt={[Re]:nt,[ue]:kt,[be]:"0x036CbD53842c5426634e7929541eC2318f3dCF7e",[we]:"0xaf88d065e77c8cC2239327C5EDb3A432268e5831",[Te]:"0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",[xe]:"0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85",[Ee]:"0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E",[Pe]:"0x85889c8c714505E0c94b30fcfcF64fE3Ac8FCb20",[ve]:"0x2e08028E3C4c2356572E096d8EF835cD5C6030bD",[_e]:"0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"},st={[ft]:{symbol:"USDT",decimals:18},[nt]:{symbol:"USDC",decimals:18}};var te="0x000000000022D473030F116dDEE9F6B43aC78BA3",Fe="0x402085c248EeA27D92E8b30b2C58ed07f9E20001",je={[Re]:56,[ue]:8453,[be]:84532,[we]:42161,[Te]:137,[xe]:10,[Ee]:43114,[Pe]:1187947933,[ve]:324705682,[_e]:1},me={[Oe]:"https://api.dexter.cash/api/solana/rpc",[Ze]:"https://api.devnet.solana.com",[et]:"https://api.testnet.solana.com"},D={[Re]:"https://api.dexter.cash/api/evm/bsc/rpc",[ue]:"https://api.dexter.cash/api/base/rpc",[be]:"https://sepolia.base.org",[we]:"https://api.dexter.cash/api/evm/arbitrum/rpc",[Te]:"https://api.dexter.cash/api/evm/polygon/rpc",[xe]:"https://api.dexter.cash/api/evm/optimism/rpc",[Ee]:"https://api.dexter.cash/api/evm/avalanche/rpc",[Pe]:"https://skale-base.skalenodes.com/v1/base",[ve]:"https://base-sepolia-testnet.skalenodes.com/v1/jubilant-horrible-ancha",[_e]:"https://eth.llamarpc.com"};var C=class n extends Error{code;details;constructor(e,t,r){super(t),this.name="X402Error",this.code=e,this.details=r,Object.setPrototypeOf(this,n.prototype)}};var I=require("@solana/web3.js"),N=require("@solana/spl-token");var an=12e3,on=1;function de(n){if(!n||typeof n!="object")return!1;let e=n;return"publicKey"in e&&"signTransaction"in e&&typeof e.signTransaction=="function"}var at=class{name="Solana";networks=[le,Ue,Be];config;log;constructor(e={}){this.config=e,this.log=e.verbose?console.log.bind(console,"[x402:solana]"):()=>{}}canHandle(e){return!!(this.networks.includes(e)||e==="solana"||e==="solana-devnet"||e==="solana-testnet"||e.startsWith("solana:"))}getDefaultRpcUrl(e){return this.config.rpcUrls?.[e]?this.config.rpcUrls[e]:me[e]?me[e]:e==="solana"?me[le]:e==="solana-devnet"?me[Ue]:e==="solana-testnet"?me[Be]:me[le]}getAddress(e){return de(e)?e.publicKey?.toBase58()??null:null}isConnected(e){return de(e)?e.publicKey!==null:!1}async getBalance(e,t,r){if(!de(t)||!t.publicKey)return 0;let s=r||this.getDefaultRpcUrl(e.network),a=new I.Connection(s,"confirmed"),o=new I.PublicKey(t.publicKey.toBase58()),i=new I.PublicKey(e.asset);try{let l=(await a.getAccountInfo(i,"confirmed"))?.owner.toBase58()===N.TOKEN_2022_PROGRAM_ID.toBase58()?N.TOKEN_2022_PROGRAM_ID:N.TOKEN_PROGRAM_ID,m=await(0,N.getAssociatedTokenAddress)(i,o,!1,l),f=await(0,N.getAccount)(a,m,void 0,l),d=e.extra?.decimals??6;return Number(f.amount)/Math.pow(10,d)}catch(c){if(c&&typeof c=="object"&&"name"in c&&(c.name==="TokenAccountNotFoundError"||c.name==="TokenInvalidAccountOwnerError"))return 0;throw c}}async buildTransaction(e,t,r){if(!de(t))throw new Error("Invalid Solana wallet");if(!t.publicKey)throw new Error("Wallet not connected");let s=r||this.getDefaultRpcUrl(e.network),a=new I.Connection(s,"confirmed"),o=new I.PublicKey(t.publicKey.toBase58()),{payTo:i,asset:c,extra:l}=e,m=e.amount??e.maxAmountRequired;if(!m)throw new Error("Missing amount in payment requirements");if(!l?.feePayer)throw new Error("Missing feePayer in payment requirements");let f=new I.PublicKey(l.feePayer),d=new I.PublicKey(c),E=new I.PublicKey(i);this.log("Building transaction:",{from:o.toBase58(),to:i,amount:m,asset:c,feePayer:l.feePayer});let p=[];p.push(I.ComputeBudgetProgram.setComputeUnitLimit({units:an})),p.push(I.ComputeBudgetProgram.setComputeUnitPrice({microLamports:on}));let _=await a.getAccountInfo(d,"confirmed");if(!_)throw new Error(`Token mint ${c} not found`);let R=_.owner.toBase58()===N.TOKEN_2022_PROGRAM_ID.toBase58()?N.TOKEN_2022_PROGRAM_ID:N.TOKEN_PROGRAM_ID,h=await(0,N.getMint)(a,d,void 0,R);typeof l?.decimals=="number"&&h.decimals!==l.decimals&&this.log(`Decimals mismatch: requirements say ${l.decimals}, mint says ${h.decimals}`);let y=await(0,N.getAssociatedTokenAddress)(d,o,!1,R),x=await(0,N.getAssociatedTokenAddress)(d,E,!0,R);if(!await a.getAccountInfo(y,"confirmed"))throw new Error(`No token account found for ${c}. Please ensure you have USDC in your wallet.`);if(!await a.getAccountInfo(x,"confirmed"))throw new Error(`Seller token account not found. The seller (${i}) must have a USDC account.`);let j=BigInt(m);p.push((0,N.createTransferCheckedInstruction)(y,d,x,o,j,h.decimals,[],R));let{blockhash:W}=await a.getLatestBlockhash("confirmed"),re=new I.TransactionMessage({payerKey:f,recentBlockhash:W,instructions:p}).compileToV0Message(),L=new I.VersionedTransaction(re),g=await t.signTransaction(L);return this.log("Transaction signed successfully"),{serialized:Buffer.from(g.serialize()).toString("base64"),settlementProbe:{kind:"solana",sourceAta:y.toBase58(),destinationAta:x.toBase58(),asset:c,amount:m,blockhash:W}}}async confirmSettlement(e,t){if(e.kind!=="solana")throw new Error(`SolanaAdapter.confirmSettlement cannot handle probe kind "${e.kind}"`);let r=new I.Connection(t,"confirmed"),s=new I.PublicKey(e.destinationAta),a=await r.getSignaturesForAddress(s,{limit:25});if(a.length===0)return{settled:!1};let o=BigInt(e.amount);for(let i of a){if(i.err)continue;let c=await r.getTransaction(i.signature,{commitment:"confirmed",maxSupportedTransactionVersion:0});if(!c?.meta)continue;let l=c.transaction.message.getAccountKeys().keySegments().flat(),m=c.meta.preTokenBalances??[],f=c.meta.postTokenBalances??[];for(let d of f){if(d.mint!==e.asset)continue;let E=l[d.accountIndex];if(!E||!E.equals(s))continue;let p=m.find(h=>h.accountIndex===d.accountIndex),_=BigInt(p?.uiTokenAmount.amount??"0");if(BigInt(d.uiTokenAmount.amount??"0")-_===o)return{settled:!0,txSignature:i.signature}}}return{settled:!1}}};function ne(n){return new at(n)}var cn={PermitWitnessTransferFrom:[{name:"permitted",type:"TokenPermissions"},{name:"spender",type:"address"},{name:"nonce",type:"uint256"},{name:"deadline",type:"uint256"},{name:"witness",type:"Witness"}],TokenPermissions:[{name:"token",type:"address"},{name:"amount",type:"uint256"}],Witness:[{name:"to",type:"address"},{name:"validAfter",type:"uint256"}]},Ct=BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff");function fe(n){if(!n||typeof n!="object")return!1;let e=n;return"address"in e&&typeof e.address=="string"&&e.address.startsWith("0x")}var ot=class{name="EVM";networks=[Ve,pe,tt,qe,De,Me,$e,Le,Ke,We];config;log;constructor(e={}){this.config=e,this.log=e.verbose?console.log.bind(console,"[x402:evm]"):()=>{}}canHandle(e){return!!(this.networks.includes(e)||e==="base"||e==="bsc"||e==="ethereum"||e==="arbitrum"||e==="polygon"||e==="optimism"||e==="avalanche"||e==="skale-base"||e==="skale-base-sepolia"||e.startsWith("eip155:"))}getDefaultRpcUrl(e){return this.config.rpcUrls?.[e]?this.config.rpcUrls[e]:D[e]?D[e]:e==="base"?D[pe]:e==="bsc"?D[Ve]:e==="ethereum"?D[qe]:e==="arbitrum"?D[De]:e==="polygon"?D[Me]:e==="optimism"?D[$e]:e==="avalanche"?D[Le]:e==="skale-base"?D[Ke]:e==="skale-base-sepolia"?D[We]:D[pe]}getAddress(e){return fe(e)?e.address:null}isConnected(e){return fe(e)?!!e.address:!1}getChainId(e){if(je[e])return je[e];if(e.startsWith("eip155:")){let t=e.split(":")[1];return parseInt(t,10)}return e==="base"?8453:e==="bsc"?56:e==="ethereum"?1:e==="arbitrum"?42161:8453}async getBalance(e,t,r){if(!fe(t)||!t.address)return 0;let s=r||this.getDefaultRpcUrl(e.network);try{let a=this.encodeBalanceOf(t.address),o=await fetch(s,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({jsonrpc:"2.0",id:1,method:"eth_call",params:[{to:e.asset,data:a},"latest"]})});if(!o.ok)throw new Error(`RPC request failed: ${o.status}`);let i=await o.json();if(i.error)throw new Error(`RPC error: ${JSON.stringify(i.error)}`);if(!i.result||i.result==="0x")return 0;let c=BigInt(i.result),l=e.extra?.decimals??6;return Number(c)/Math.pow(10,l)}catch(a){throw a}}encodeBalanceOf(e){let t="0x70a08231",r=e.slice(2).toLowerCase().padStart(64,"0");return t+r}async confirmSettlement(e,t){if(e.kind==="eip3009"){let r="0xe94a0102",s=e.from.slice(2).toLowerCase().padStart(64,"0"),a=e.nonce.slice(2).toLowerCase().padStart(64,"0"),o=r+s+a,i=await this.ethCall(t,e.asset,o);return{settled:BigInt(i)!==0n}}if(e.kind==="permit2"){let r="0x4fe02b44",s=BigInt(e.nonce),a=s>>8n,o=s&0xffn,i=e.from.slice(2).toLowerCase().padStart(64,"0"),c=a.toString(16).padStart(64,"0"),l=r+i+c,m=await this.ethCall(t,te,l);return{settled:(BigInt(m)>>o&1n)===1n}}throw new Error(`EvmAdapter.confirmSettlement cannot handle probe kind "${e.kind}"`)}async ethCall(e,t,r){let s=await fetch(e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({jsonrpc:"2.0",id:1,method:"eth_call",params:[{to:t,data:r},"latest"]})});if(!s.ok)throw new Error(`RPC request failed: ${s.status}`);let a=await s.json();if(a.error)throw new Error(`RPC error: ${JSON.stringify(a.error)}`);if(!a.result||a.result==="0x")throw new Error("RPC returned an empty result");return a.result}async buildTransaction(e,t,r){if(!fe(t))throw new Error("Invalid EVM wallet");if(!t.address)throw new Error("Wallet not connected");if(e.scheme==="exact-approval")return this.buildApprovalTransaction(e,t,r);if(e.extra?.assetTransferMethod==="permit2")return this.buildPermit2Transaction(e,t,r);let{payTo:s,asset:a,extra:o}=e,i=e.amount??e.maxAmountRequired;if(!i)throw new Error("Missing amount in payment requirements");this.log("Building EVM transaction:",{from:t.address,to:s,amount:i,asset:a,network:e.network});let c=this.getChainId(e.network),l={name:o?.name??"USD Coin",version:o?.version??"2",chainId:BigInt(c),verifyingContract:a},m={TransferWithAuthorization:[{name:"from",type:"address"},{name:"to",type:"address"},{name:"value",type:"uint256"},{name:"validAfter",type:"uint256"},{name:"validBefore",type:"uint256"},{name:"nonce",type:"bytes32"}]},f=new Uint8Array(32);(globalThis.crypto??(await import("crypto")).webcrypto).getRandomValues(f);let d="0x"+[...f].map(y=>y.toString(16).padStart(2,"0")).join(""),E=Math.floor(Date.now()/1e3),p={from:t.address,to:s,value:i,validAfter:String(E-600),validBefore:String(E+(e.maxTimeoutSeconds||60)),nonce:d},_={from:t.address,to:s,value:BigInt(i),validAfter:BigInt(E-600),validBefore:BigInt(E+(e.maxTimeoutSeconds||60)),nonce:d};if(!t.signTypedData)throw new Error("Wallet does not support signTypedData (EIP-712)");let R=await t.signTypedData({domain:l,types:m,primaryType:"TransferWithAuthorization",message:_});return this.log("EIP-712 signature obtained"),{serialized:JSON.stringify({authorization:p,signature:R}),signature:R,settlementProbe:{kind:"eip3009",from:t.address,nonce:d,asset:a,chainId:c}}}async buildApprovalTransaction(e,t,r){let{payTo:s,asset:a,extra:o}=e,i=e.amount??e.maxAmountRequired;if(!i)throw new Error("Missing amount in payment requirements");let c=o?.facilitatorContract;if(!c)throw new Error("exact-approval scheme requires extra.facilitatorContract from the facilitator. The /supported endpoint should provide this.");if(!t.signTypedData)throw new Error("Wallet does not support signTypedData (EIP-712)");this.log("Building approval-based transaction:",{from:t.address,to:s,amount:i,asset:a,network:e.network,facilitatorContract:c});let l=r||this.getDefaultRpcUrl(e.network),m=o?.fee??"0",f=BigInt(i)+BigInt(m),d=await this.readAllowance(l,a,t.address,c);if(d<f){if(!t.sendTransaction)throw new Error("BSC payments require a wallet that supports sendTransaction for the one-time token approval. Use createEvmKeypairWallet() or a browser wallet with transaction support.");let L=this.calculateApprovalAmount(i,m,o?.approvalStrategy);this.log(`Approving ${L} for ${c} (current allowance: ${d})`);let g=await t.sendTransaction({to:a,data:this.encodeApprove(c,L),value:0n});this.log(`Approval tx sent: ${g}`),await this.waitForReceipt(l,g),this.log("Approval confirmed")}else this.log("Sufficient allowance, skipping approval");let E=new Uint8Array(16);(globalThis.crypto??(await import("crypto")).webcrypto).getRandomValues(E);let p=[...E].reduce((L,g)=>L*256n+BigInt(g),0n).toString(),_=new Uint8Array(32);(globalThis.crypto??(await import("crypto")).webcrypto).getRandomValues(_);let R="0x"+[..._].map(L=>L.toString(16).padStart(2,"0")).join(""),y=Math.floor(Date.now()/1e3)+(e.maxTimeoutSeconds||300),x=o?.eip712Domain,U=x?{name:x.name,version:x.version,chainId:BigInt(x.chainId),verifyingContract:x.verifyingContract}:{name:"DexterBSCFacilitator",version:"1",chainId:BigInt(this.getChainId(e.network)),verifyingContract:c},M=o?.eip712Types??{Payment:[{name:"from",type:"address"},{name:"to",type:"address"},{name:"token",type:"address"},{name:"amount",type:"uint256"},{name:"fee",type:"uint256"},{name:"nonce",type:"uint256"},{name:"deadline",type:"uint256"},{name:"paymentId",type:"bytes32"}]},j={from:t.address,to:s,token:a,amount:BigInt(i),fee:BigInt(m),nonce:BigInt(p),deadline:BigInt(y),paymentId:R},W=await t.signTypedData({domain:U,types:M,primaryType:"Payment",message:j});this.log("EIP-712 Payment signature obtained");let re={from:t.address,to:s,token:a,amount:i,fee:m,nonce:p,deadline:y,paymentId:R,signature:W};return{serialized:JSON.stringify(re),signature:W}}async buildPermit2Transaction(e,t,r){let{payTo:s,asset:a}=e,o=e.amount??e.maxAmountRequired;if(!o)throw new Error("Missing amount in payment requirements");if(!t.signTypedData)throw new Error("Wallet does not support signTypedData (EIP-712)");this.log("Building Permit2 transaction:",{from:t.address,to:s,amount:o,asset:a,network:e.network});let i=r||this.getDefaultRpcUrl(e.network),c=await this.readAllowance(i,a,t.address,te),l;if(c<BigInt(o)){let U=this.encodeApprove(te,Ct);if(t.signTransaction){this.log(`Signing Permit2 approval for relay (current allowance: ${c})`);let M=this.getChainId(e.network),j=await this.readGasPrice(i),W=await this.readNonce(i,t.address),re=await t.signTransaction({to:a,data:U,chainId:M,gas:50000n,gasPrice:j,nonce:W});l={erc20ApprovalGasSponsoring:{info:{from:t.address,asset:a,spender:te,amount:Ct.toString(),signedTransaction:re,version:"1"}}},this.log("Permit2 approval signed for facilitator relay")}else if(t.sendTransaction){this.log(`Approving Permit2 directly (current allowance: ${c})`);let M=await t.sendTransaction({to:a,data:U,value:0n});this.log(`Permit2 approval tx sent: ${M}`),await this.waitForReceipt(i,M),this.log("Permit2 approval confirmed")}else throw new Error("Permit2 payments require a wallet that supports signTransaction or sendTransaction for the one-time Permit2 approval. Use createEvmKeypairWallet() or a browser wallet with transaction support.")}else this.log("Sufficient Permit2 allowance, skipping approval");let m=new Uint8Array(32);(globalThis.crypto??(await import("crypto")).webcrypto).getRandomValues(m);let f=[...m].reduce((U,M)=>U*256n+BigInt(M),0n),d=Math.floor(Date.now()/1e3),E=d-600,p=d+(e.maxTimeoutSeconds||300),_=this.getChainId(e.network),R={name:"Permit2",chainId:BigInt(_),verifyingContract:te},h={permitted:{token:a,amount:BigInt(o)},spender:Fe,nonce:f,deadline:BigInt(p),witness:{to:s,validAfter:BigInt(E)}},y=await t.signTypedData({domain:R,types:cn,primaryType:"PermitWitnessTransferFrom",message:h});this.log("Permit2 PermitWitnessTransferFrom signature obtained");let x={signature:y,permit2Authorization:{from:t.address,permitted:{token:a,amount:o},spender:Fe,nonce:f.toString(),deadline:String(p),witness:{to:s,validAfter:String(E)}}};return{serialized:JSON.stringify(x),signature:y,extensions:l,settlementProbe:{kind:"permit2",from:t.address,nonce:f.toString(),chainId:_}}}async readAllowance(e,t,r,s){let a="0xdd62ed3e",o=r.slice(2).toLowerCase().padStart(64,"0"),i=s.slice(2).toLowerCase().padStart(64,"0"),c=a+o+i;try{let m=await(await fetch(e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({jsonrpc:"2.0",id:1,method:"eth_call",params:[{to:t,data:c},"latest"]})})).json();return m.error||!m.result||m.result==="0x"?0n:BigInt(m.result)}catch{return 0n}}encodeApprove(e,t){let r="0x095ea7b3",s=e.slice(2).toLowerCase().padStart(64,"0"),a=t.toString(16).padStart(64,"0");return r+s+a}async waitForReceipt(e,t,r=3e4){let s=Date.now();for(;Date.now()-s<r;){try{let o=await(await fetch(e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({jsonrpc:"2.0",id:1,method:"eth_getTransactionReceipt",params:[t]})})).json();if(o.result){if(o.result.status==="0x0")throw new Error(`Approval transaction reverted: ${t}`);return}}catch(a){if(a instanceof Error&&a.message.includes("reverted"))throw a}await new Promise(a=>setTimeout(a,2e3))}throw new Error(`Approval transaction receipt timeout after ${r}ms: ${t}`)}async readGasPrice(e){try{let r=await(await fetch(e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({jsonrpc:"2.0",id:1,method:"eth_gasPrice",params:[]})})).json();return r.result?BigInt(r.result):50000000n}catch{return 50000000n}}async readNonce(e,t){try{let s=await(await fetch(e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({jsonrpc:"2.0",id:1,method:"eth_getTransactionCount",params:[t,"latest"]})})).json();return s.result?parseInt(s.result,16):0}catch{return 0}}calculateApprovalAmount(e,t,r){let s=BigInt(e)+BigInt(t);if(!r||r.mode==="exact")return s;let a=BigInt(r.defaultMultiple??10),o=s*a;if(r.maxCapUsd){let i=this.inferDecimals(e),c=BigInt(Math.floor(r.maxCapUsd*Math.pow(10,i)));if(o>c)return c}if(r.exactAboveUsd){let i=this.inferDecimals(e),c=BigInt(Math.floor(r.exactAboveUsd*Math.pow(10,i)));if(BigInt(e)>c)return s}return o}inferDecimals(e){return e.length>12?18:6}};function ke(n){return new ot(n)}function gt(n){if(n===He||n===_t)return!0;let e=n.toLowerCase();for(let t of Object.values(rt))if(t.toLowerCase()===e)return!0;for(let t of Object.keys(st))if(t.toLowerCase()===e)return!0;return!1}function ln(n){return{[Oe]:"Solana",[Ze]:"Solana Devnet",[et]:"Solana Testnet",solana:"Solana","solana-devnet":"Solana Devnet","solana-testnet":"Solana Testnet",[ue]:"Base",[be]:"Base Sepolia",[_e]:"Ethereum",[we]:"Arbitrum",[Te]:"Polygon",[xe]:"Optimism",[Ee]:"Avalanche",[Re]:"BSC",[Pe]:"SKALE Base",[ve]:"SKALE Base Sepolia",base:"Base","base-sepolia":"Base Sepolia",ethereum:"Ethereum",arbitrum:"Arbitrum",polygon:"Polygon",optimism:"Optimism",avalanche:"Avalanche",bsc:"BSC","skale-base":"SKALE Base","skale-base-sepolia":"SKALE Base Sepolia"}[n]||n}function It(n,e){let t=ln(n);return t===n?e:t}async function un(n,e){if(typeof n=="string")return[n,e];if(n instanceof URL)return[n.href,e];let t=n,r=new Headers(t.headers);e?.headers&&new Headers(e.headers).forEach((o,i)=>r.set(i,o));let s={method:e?.method??t.method,headers:r,signal:e?.signal??t.signal,redirect:e?.redirect??t.redirect,credentials:e?.credentials??t.credentials},a=(s.method??"GET").toUpperCase();return e&&"body"in e?s.body=e.body:a!=="GET"&&a!=="HEAD"&&t.body&&(s.body=await t.arrayBuffer()),[t.url,s]}var pn=new WeakMap;function Nt(n){let{adapters:e=[ne({verbose:n.verbose}),ke({verbose:n.verbose})],wallets:t,wallet:r,preferredNetwork:s,rpcUrls:a={},maxAmountAtomic:o,fetch:i=globalThis.fetch,verbose:c=!1,accessPass:l,onPaymentRequired:m,onPaymentDispatched:f,maxRetries:d=0,retryDelayMs:E=500}=n,p=c?console.log.bind(console,"[x402]"):()=>{};async function _(g,b){let w;for(let S=0;S<=d;S++)try{let T=await i(g,b);if(T.status>=502&&T.status<=504&&S<d){p(`Retry ${S+1}/${d}: server returned ${T.status}`),await new Promise(P=>setTimeout(P,E*Math.pow(2,S)));continue}return T}catch(T){w=T,S<d&&(p(`Retry ${S+1}/${d}: ${T instanceof Error?T.message:"network error"}`),await new Promise(P=>setTimeout(P,E*Math.pow(2,S))))}throw w}let R=new Map;function h(g){try{let b=new URL(g).host,w=R.get(b);if(w&&w.expiresAt>Date.now()/1e3+10)return w.jwt;w&&R.delete(b)}catch{}return null}function y(g,b){try{let w=new URL(g).host,S=b.split(".");if(S.length===3){let T=JSON.parse(atob(S[1].replace(/-/g,"+").replace(/_/g,"/"))),P=Math.floor(Date.now()/1e3),v=P+86400,V=Math.min(typeof T.exp=="number"?T.exp:P,v);R.set(w,{jwt:b,expiresAt:V}),p("Access pass cached for",w,"| expires:",new Date(V*1e3).toISOString())}}catch{p("Failed to cache access pass")}}let x=t||{};r&&!x.solana&&de(r)&&(x.solana=r),r&&!x.evm&&fe(r)&&(x.evm=r);function U(g){let b=[];for(let w of g){let S=w.scheme??"exact";if(S!=="exact"&&S!=="exact-approval")continue;let T=e.find(v=>v.canHandle(w.network));if(!T)continue;let P;T.name==="Solana"?P=x.solana:T.name==="EVM"&&(P=x.evm),P&&T.isConnected(P)&&b.push({accept:w,adapter:T,wallet:P})}if(b.length===0)return null;if(s){let w=b.find(S=>S.accept.network===s);if(w)return w}return b[0]}function M(g,b){return It(g,b)}function j(g,b){return a[g]||b.getDefaultRpcUrl(g)}async function W(g,b,w,S,T){let P="";if(l?.preferTier&&S.tiers){let u=S.tiers.find(A=>A.id===l.preferTier);if(u){if(l.maxSpend&&parseFloat(u.price)>parseFloat(l.maxSpend))throw new C("access_pass_exceeds_max_spend",`Access pass tier "${u.id}" costs $${u.price}, exceeds max spend $${l.maxSpend}`);P=`tier=${u.id}`}}else if(l?.preferDuration&&S.ratePerHour)P=`duration=${l.preferDuration}`;else if(S.tiers&&S.tiers.length>0){let u=S.tiers[0];if(l?.maxSpend&&parseFloat(u.price)>parseFloat(l.maxSpend))throw new C("access_pass_exceeds_max_spend",`Cheapest access pass costs $${u.price}, exceeds max spend $${l?.maxSpend}`);P=`tier=${u.id}`}let v=P?T.includes("?")?`${T}&${P}`:`${T}?${P}`:T;p("Purchasing access pass:",P||"default tier");let V=w.headers.get("PAYMENT-REQUIRED");if(!V)return null;let $;try{$=JSON.parse(atob(V))}catch{return null}let O=U($.accepts);if(!O)return null;let{accept:k,adapter:q,wallet:ye}=O;if(q.name==="Solana"&&!k.extra?.feePayer)return null;let J=k.extra?.decimals??(gt(k.asset)?6:void 0);if(typeof J!="number")return null;let Ce=k.amount??k.maxAmountRequired;if(!Ce)return null;let X=j(k.network,q);try{let u=await q.getBalance(k,ye,X),A=Number(Ce)/Math.pow(10,J);if(u<A){let ut=M(k.network,q.name);throw new C("insufficient_balance",`Insufficient balance for access pass on ${ut}. Have $${u.toFixed(4)}, need $${A.toFixed(4)}`)}}catch(u){if(u instanceof C)throw u}let Y=await q.buildTransaction(k,ye,X),he;q.name==="EVM"?he=JSON.parse(Y.serialized):he={transaction:Y.serialized};let se=typeof g=="string"?g:g instanceof URL?g.href:g.url,Se=$.resource;if(typeof $.resource=="string")try{let u=new URL($.resource,se);["http:","https:"].includes(u.protocol)&&(Se=u.toString())}catch{}else if($.resource&&typeof $.resource=="object"&&"url"in $.resource){let u=$.resource;try{let A=new URL(u.url,se);["http:","https:"].includes(A.protocol)&&(Se={...u,url:A.toString()})}catch{}}let Xe={x402Version:k.x402Version??2,resource:Se,accepted:k,payload:he};Y.extensions&&(Xe.extensions=Y.extensions);let z=btoa(JSON.stringify(Xe)),ae=await i(v,{...b,method:"POST",headers:{...b?.headers||{},"Content-Type":"application/json","PAYMENT-SIGNATURE":z}});if(!ae.ok)return p("Pass purchase failed:",ae.status),null;let K=ae.headers.get("ACCESS-PASS");return K&&(y(T,K),p("Access pass purchased and cached")),ae}async function re(g,b){let w=g;if(p("Making request:",w),l){let u=h(w);if(u){p("Using cached access pass");let A=await i(g,{...b,headers:{...b?.headers||{},Authorization:`Bearer ${u}`}});if(A.status!==401&&A.status!==402)return A;p("Cached pass rejected (status",A.status,"), purchasing new pass");try{R.delete(new URL(w).host)}catch{}}}let S=await _(g,b);if(S.status!==402)return S;p("Received 402 Payment Required");let T=S.headers.get("X-ACCESS-PASS-TIERS");if(l&&T){p("Server offers access passes, purchasing...");try{let u=JSON.parse(atob(T)),A=await W(g,b,S,u,w);if(A)return A}catch(u){p("Access pass purchase failed, falling back to per-request payment:",u)}}let P=S.headers.get("PAYMENT-REQUIRED");if(!P)throw new C("missing_payment_required_header","Server returned 402 but no PAYMENT-REQUIRED header");let v;try{let u=atob(P);v=JSON.parse(u)}catch{throw new C("invalid_payment_required","Failed to decode PAYMENT-REQUIRED header")}p("Payment requirements:",v);let V=S.headers.get("X-Quote-Hash");V&&p("Quote hash received:",V);let $=U(v.accepts);if(!$){let u=v.accepts.map(A=>A.network).join(", ");throw new C("no_matching_payment_option",`No connected wallet for any available network: ${u}`)}let{accept:O,adapter:k,wallet:q}=$;if(p(`Using ${k.name} for ${O.network}`),k.name==="Solana"&&!O.extra?.feePayer)throw new C("missing_fee_payer","Solana payment option missing feePayer in extra");let ye=O.extra?.decimals??(gt(O.asset)?6:void 0);if(typeof ye!="number")throw new C("missing_decimals","Payment option missing decimals - provide in extra or use a known stablecoin");let J=O.amount??O.maxAmountRequired;if(!J)throw new C("missing_amount","Payment option missing amount");if(o&&BigInt(J)>BigInt(o))throw new C("amount_exceeds_max",`Payment amount ${J} exceeds maximum ${o}`);let Ce=j(O.network,k);p("Checking balance...");try{let u=await k.getBalance(O,q,Ce),A=Number(J)/Math.pow(10,ye);if(u<A){let ut=M(O.network,k.name);throw new C("insufficient_balance",`Insufficient balance on ${ut}. Have $${u.toFixed(4)}, need $${A.toFixed(4)}`)}p(`Balance OK: $${u.toFixed(4)} >= $${A.toFixed(4)}`)}catch(u){if(u instanceof C)throw u;p("Balance check failed (RPC error), proceeding with transaction attempt")}if(m&&!await m(O))throw new C("payment_rejected","Payment rejected by onPaymentRequired callback");p("Building transaction...");let X=await k.buildTransaction(O,q,Ce);p("Transaction signed");let Y;k.name==="EVM"?Y=JSON.parse(X.serialized):Y={transaction:X.serialized};let he=g,se=v.resource;if(typeof v.resource=="string")try{let u=new URL(v.resource,he).toString();u!==v.resource&&p("Resolved relative resource URL:",v.resource,"\u2192",u),se=u}catch{se=v.resource}else if(v.resource&&typeof v.resource=="object"&&"url"in v.resource){let u=v.resource;try{let A=new URL(u.url,he).toString();A!==u.url&&(p("Resolved relative resource URL:",u.url,"\u2192",A),se={...u,url:A})}catch{}}let Se={x402Version:O.x402Version??2,resource:se,accepted:O,payload:Y};X.extensions&&(Se.extensions=X.extensions);let Xe=btoa(JSON.stringify(Se));if(f)try{f(O,X.settlementProbe)}catch{}p("Retrying request with payment...");let z=await _(g,{...b,headers:{...b?.headers||{},"PAYMENT-SIGNATURE":Xe,...V?{"X-Quote-Hash":V}:{}}});if(p("Retry response status:",z.status),z.status===402){let u="unknown";try{let A=await z.clone().json();u=String(A.error||A.message||JSON.stringify(A)),p("Rejection reason:",u)}catch{}throw new C("payment_rejected",`Payment was rejected by the server: ${u}`)}let ae=z.headers.get("PAYMENT-RESPONSE"),K;if(ae)try{K=JSON.parse(atob(ae))}catch{}return K??={},K.amountAtomic=J,K.assetDecimals=ye,pn.set(z,K),K.extensions&&p("Settlement extensions:",Object.keys(K.extensions).join(", ")),z}async function L(g,b){let[w,S]=await un(g,b);return re(w,S)}return{fetch:L}}function H(n){if(n instanceof Error){if(n.message&&n.message.length>0)return n.message;if(n.name&&n.name.length>0)return n.name}let e=String(n);return e.length>0?e:"unknown error"}async function Je(n){let e="";try{e=(await n.clone().text()).slice(0,600)}catch{}let t=e.toLowerCase(),r=t.includes("settle")||t.includes("facilitator"),s=e;try{let a=JSON.parse(e),o=[a.error,a.detail,a.message].filter(i=>typeof i=="string"&&i.length>0);o.length>0&&(s=o.join(" \u2014 "))}catch{}return s||(s=`HTTP ${n.status}`),{reason:r?"settlement_failed":"merchant_rejected",detail:`merchant HTTP ${n.status}: ${s}`}}var it="Payment authorization was sent, but the merchant did not respond within the timeout. ",ct=" Do not retry without checking \u2014 inspect the funding wallet for a transfer to the merchant before attempting payment again.";async function lt(n,e,t){if(!n)return{confirmed:!1,detail:it+"This payment scheme has no on-chain confirmation check, so the SDK cannot verify whether it settled."+ct};try{if(n.kind==="solana"){let o=ne(),i=t??o.getDefaultRpcUrl(e.caip2);if(!o.confirmSettlement)return Ut();let c=await o.confirmSettlement(n,i);return c.settled?{confirmed:!0,txSignature:c.txSignature}:Ot()}let r=ke(),s=r.getDefaultRpcUrl(e.caip2);if(!r.confirmSettlement)return Ut();let a=await r.confirmSettlement(n,s);return a.settled?{confirmed:!0,txSignature:a.txSignature}:Ot()}catch(r){return{confirmed:!1,detail:it+`On-chain confirmation could not be completed (${H(r)}).`+ct}}}function Ot(){return{confirmed:!1,detail:it+"On-chain confirmation found no matching settlement yet \u2014 the payment may still be pending, or may not have settled."+ct}}function Ut(){return{confirmed:!1,detail:it+"The chain adapter does not support on-chain confirmation."+ct}}var mn=new Set(["exact","exact-approval"]);async function dn(n,e,t,r){let s;try{s=await r.signNextVoucher(t.amount)}catch{return null}let a=new Headers(e.headers??void 0);a.set("X-Tab-Voucher",Ie(s));let o={method:e.method??"GET",headers:a};e.signal&&(o.signal=e.signal),typeof e.body=="string"&&(o.body=e.body);let i;try{i=await fetch(n,o)}catch(c){return{ok:!1,reason:"error",detail:c?.message??String(c)}}return i.status===402?(r.rollbackVoucher?.call(r,s),null):i.ok?{ok:!0,paid:!0,response:i,amountPaid:t.amount,network:t.network}:{ok:!1,...await Je(i)}}var Bt={version:2,async parseChallenge(n){return Qe(n)},async pay(n,e,t,r,s){if(s.tab){let h=t.options.find(y=>y.scheme==="tab"&&y.network.family==="svm"&&y.payTo===s.tab.counterparty);if(h){let y=await dn(n,e,h,s.tab);if(y)return y}}let a=t.options.filter(h=>mn.has(h.scheme));if(a.length===0)return{ok:!1,reason:"no_payment_options",detail:`no generically payable scheme offered (got: ${t.options.map(h=>h.scheme).join(", ")})`};let o=a.find(h=>h.network.family==="evm"?!!r.evm:h.network.family==="svm"?!!r.solana:!1);if(!o)return{ok:!1,reason:"unsupported_network"};let i=s.timeoutMs??15e3,c=s.responseTimeoutMs??12e4,l=new AbortController,m=setTimeout(()=>l.abort(),i),f=!1,d,E=(h,y)=>{f=!0,d=y,clearTimeout(m),m=setTimeout(()=>l.abort(),c)},p=Nt({wallets:r,preferredNetwork:o.network.caip2,maxAmountAtomic:s.maxAmountAtomic,fetch:globalThis.fetch,onPaymentDispatched:E}),_=e.signal?AbortSignal.any([e.signal,l.signal]):l.signal,R={method:e.method??"GET",headers:e.headers,signal:_};typeof e.body=="string"&&(R.body=e.body);try{let h=await p.fetch(n,R);if(clearTimeout(m),!h.ok)return{ok:!1,...await Je(h)};let y,x=h.headers.get("PAYMENT-RESPONSE");if(x)try{let U=dt(x);U&&typeof U.transaction=="string"&&(y=U.transaction)}catch{}return{ok:!0,paid:!0,response:h,amountPaid:o.amount,network:o.network,txSignature:y}}catch(h){clearTimeout(m);let y=h;if(y?.name==="AbortError"){if(!f)return{ok:!1,reason:"timeout"};let x=await lt(d,o.network,s.solanaRpcUrl);return x.confirmed?{ok:!0,paid:!0,response:void 0,amountPaid:o.amount,network:o.network,txSignature:x.txSignature}:{ok:!1,reason:"payment_unconfirmed",detail:x.detail}}return{ok:!1,reason:"error",detail:y?.message??String(h)}}}};var Dt=require("viem");var fn={TransferWithAuthorization:[{name:"from",type:"address"},{name:"to",type:"address"},{name:"value",type:"uint256"},{name:"validAfter",type:"uint256"},{name:"validBefore",type:"uint256"},{name:"nonce",type:"bytes32"}]};async function gn(){let n=globalThis.crypto??(await import("crypto")).webcrypto,e=new Uint8Array(32);return n.getRandomValues(e),"0x"+Array.from(e,t=>t.toString(16).padStart(2,"0")).join("")}async function yn(n,e,t){if(typeof n.signTypedData!="function")throw new Error("EVM wallet does not support signTypedData");let r=Math.floor(Date.now()/1e3),s=String(r-600),a=String(r+(e.maxTimeoutSeconds??60)),o={from:n.address,to:e.payTo,value:e.amount,validAfter:s,validBefore:a,nonce:await gn()},i=je[e.network.caip2];if(i===void 0)throw new Error(`unknown chain id for network ${e.network.caip2}`);let c=e.extra,l=await n.signTypedData({domain:{name:c.name,version:c.version,chainId:i,verifyingContract:(0,Dt.getAddress)(e.asset)},types:fn,primaryType:"TransferWithAuthorization",message:o});return{payment:{x402Version:1,scheme:e.scheme,network:t,payload:{signature:l,authorization:o}},settlementProbe:{kind:"eip3009",from:o.from,nonce:o.nonce,asset:e.asset,chainId:i}}}async function yt(n,e,t){try{let r;for(let s of n.options){let a=s.network.family==="evm"&&!!e.evm||s.network.family==="svm"&&!!e.solana;if(s.scheme!=="exact"){a&&(r=s.scheme);continue}if(s.network.family==="evm"&&e.evm){let o=await e.evm;return await hn(s,o,t)}if(s.network.family==="svm"&&e.solana){let o=await e.solana;return await Sn(s,o,t)}}return r!==void 0?{ok:!1,reason:"merchant_rejected",detail:`v1 supports only the 'exact' scheme, got '${r}'`}:{ok:!1,reason:"unsupported_network"}}catch(r){return{ok:!1,reason:"error",detail:H(r)}}}async function hn(n,e,t){if(t.maxAmountAtomic!==void 0&&BigInt(n.amount)>BigInt(t.maxAmountAtomic))return{ok:!1,reason:"budget_exceeded"};let r=n.extra??{},s=r.name,a=r.version;if(typeof s!="string"||s.length===0||typeof a!="string"||a.length===0)return{ok:!1,reason:"merchant_rejected",detail:"v1 challenge missing exact-scheme EIP-712 domain (extra.name / extra.version)"};let o=n.network.bare,{payment:i,settlementProbe:c}=await yn(e,n,o);return{ok:!0,headerValue:Buffer.from(JSON.stringify(i),"utf8").toString("base64"),option:n,settlementProbe:c}}async function Sn(n,e,t){if(t.maxAmountAtomic!==void 0&&BigInt(n.amount)>BigInt(t.maxAmountAtomic))return{ok:!1,reason:"budget_exceeded"};if(n.scheme!=="exact")return{ok:!1,reason:"merchant_rejected",detail:`v1 SVM supports only the 'exact' scheme, got '${n.scheme}'`};let r=n.extra??{};if(typeof r.feePayer!="string"||r.feePayer.length===0)return{ok:!1,reason:"merchant_rejected",detail:"v1 SVM challenge missing extra.feePayer (required as the transaction fee payer)"};let s=n.network.bare,a={x402Version:1,scheme:n.scheme,network:s,asset:n.asset,payTo:n.payTo,amount:n.amount,maxAmountRequired:n.amount,maxTimeoutSeconds:n.maxTimeoutSeconds??60,extra:r},i=await ne().buildTransaction(a,e,t.solanaRpcUrl),c={x402Version:1,scheme:n.scheme,network:s,payload:{transaction:i.serialized}};return{ok:!0,headerValue:Buffer.from(JSON.stringify(c),"utf8").toString("base64"),option:n,settlementProbe:i.settlementProbe}}function An(n){let e=[];for(let t of n){if(!t||typeof t!="object")continue;let r=t,s=Ne(String(r.network??""));s&&e.push({scheme:String(r.scheme??"exact"),network:s,amount:String(r.maxAmountRequired??r.amount??"0"),asset:String(r.asset??""),payTo:String(r.payTo??""),maxTimeoutSeconds:typeof r.maxTimeoutSeconds=="number"?r.maxTimeoutSeconds:void 0,extra:r.extra&&typeof r.extra=="object"?r.extra:void 0})}return e}var Mt={version:1,async parseChallenge(n){if(n.headers.get("payment-required"))return null;let e;try{e=await n.clone().json()}catch{return null}let t=Array.isArray(e.accepts)?e.accepts:[];if(t.length===0)return null;let r=An(t);return r.length===0?null:{x402Version:1,options:r}},async pay(n,e,t,r,s){let a,o=new AbortController,i=!1,c,l;try{let m=s.timeoutMs??15e3;a=setTimeout(()=>o.abort(),m);let f=await yt(t,r,s);if(!f.ok)return{ok:!1,reason:f.reason,detail:f.detail};let d=f.headerValue,E=f.option;l=E,c=f.settlementProbe;let p=new Headers(e.headers??void 0);p.set("X-PAYMENT",d);let _=e.signal!=null?AbortSignal.any([e.signal,o.signal]):o.signal,R={method:e.method,headers:p,signal:_};typeof e.body=="string"&&(R.body=e.body),i=!0,clearTimeout(a);let h=s.responseTimeoutMs??12e4;a=setTimeout(()=>o.abort(),h);let y=await fetch(n,R);return y.ok?{ok:!0,paid:!0,response:y,amountPaid:E.amount,network:E.network,txSignature:bn(y)}:{ok:!1,...await Je(y)}}catch(m){if(m instanceof Error&&m.name==="AbortError"){if(!i)return{ok:!1,reason:"timeout"};let f=await lt(c,l.network,s.solanaRpcUrl);return f.confirmed?{ok:!0,paid:!0,response:void 0,amountPaid:l.amount,network:l.network,txSignature:f.txSignature}:{ok:!1,reason:"payment_unconfirmed",detail:f.detail}}return{ok:!1,reason:"error",detail:H(m)}}finally{a!==void 0&&clearTimeout(a)}}};function bn(n){let e=n.headers.get("x-payment-response")??n.headers.get("X-PAYMENT-RESPONSE");if(e)try{let t=JSON.parse(Buffer.from(e,"base64").toString("utf8")),r=t.transaction??t.txHash??t.transactionHash;return typeof r=="string"?r:void 0}catch{return}}var Lt=G(require("tweetnacl"),1);var ht=require("@solana/web3.js"),$t=Symbol.for("x402:keypair");function St(n){let e=n.evm;if(e&&typeof e.signMessage=="function"&&typeof e.address=="string")return{address:e.address,signMessage:e.signMessage};let t=n.solana;if(t){let r=t[$t];if(r&&r.secretKey&&r.publicKey)return{publicKey:r.publicKey,signMessage:async s=>Lt.sign.detached(s,r.secretKey)}}return null}var wn=[Bt,Mt];async function Tn(n){let e=St(n);if(!e)return fetch;try{return(await import("@x402/extensions/sign-in-with-x")).wrapFetchWithSIWx(fetch,e)}catch(t){return console.warn(`[x402] SIW-X unavailable \u2014 @x402/extensions failed to load; SIW-X merchants will not authenticate. ${H(t)}`),fetch}}async function At(n,e,t,r){if(e.body!==void 0&&e.body!==null&&typeof e.body!="string")return{ok:!1,reason:"error",detail:"payAndFetch requires a string body; non-string bodies (Buffer, FormData, URLSearchParams, ReadableStream) cannot be safely re-sent on the paid retry"};let s;try{s=await(await Tn(t))(n,{...e})}catch(a){return{ok:!1,reason:"error",detail:H(a)}}if(s.status!==402)return{ok:!0,paid:!1,response:s};for(let a of wn){let o=await a.parseChallenge(s.clone());if(o)return a.pay(n,e,o,t,r)}return{ok:!1,reason:"no_payment_options"}}async function Vt(n,e={},t){let r=await Ae(n,e);if(r.kind==="free")return{result:{ok:!0,paid:!1,response:r.response},tab:null};if(r.kind==="no_tab")return{result:{ok:!1,reason:"no_payment_options",detail:`no tab option offered (schemes: ${r.schemesOffered.join(", ")})`},tab:null};if(r.kind==="error")return{result:{ok:!1,reason:"error",detail:r.detail},tab:null};let{offer:s}=r,a=BigInt(Z(t.perUnitCap));if(BigInt(s.amountAtomic)>a)return{result:{ok:!1,reason:"budget_exceeded",detail:`seller quotes ${s.amountAtomic} atomic; perUnitCap allows ${a}`},tab:null};let o=t.tabs?.get(s.payTo);return(!o||!o.state.isOpen)&&(o=await Ge({vault:t.vault,network:"solana:mainnet",seller:s.payTo,perUnitCap:t.perUnitCap,totalCap:t.totalCap,sessionDuration:t.sessionDuration,facilitatorUrl:t.facilitatorUrl}),t.tabs?.set(s.payTo,o)),{result:await At(n,e,{},{tab:o}),tab:o}}var ge=require("@dexterai/vault/instructions"),bt=require("@dexterai/vault/precompile"),F=require("@dexterai/vault/constants");function xn(n){return{counterparty:n.payTo,perRequest:{atomic:n.amountAtomic,human:ce(n.amountAtomic)},asset:n.asset,network:{caip2:n.networkCaip2},scheme:"tab",settlement:{custody:"non-custodial",protection:"lock",settleOn:"close"},credit:null,...n.resourceUrl!==void 0?{resourceUrl:n.resourceUrl}:{}}}async function Kt(n,e={},t={}){let r=t.cache?.get(n);if(r)return{kind:"terms",terms:r};let s=await Ae(n,e,t.fetchImpl??fetch);if(s.kind!=="offer")return s;if(s.offer.asset!==He)return{kind:"error",detail:`tab offer asset is not USDC ("${s.offer.asset}"); refusing to render a human price`};let a=xn(s.offer);return t.cache?.set(n,a),{kind:"terms",terms:a}}0&&(module.exports={DEFAULT_FACILITATOR_URL,DEXTER_VAULT_PROGRAM_ID,INSTRUCTIONS_SYSVAR_ID,SECP256R1_PROGRAM_ID,SessionScopeExceededError,TabClosedError,UnsupportedNetworkError,atomicToHuman,buildRegisterSessionKeyInstruction,buildRevokeSessionKeyInstruction,buildSecp256r1VerifyInstruction,buildVoucherMessage,humanToAtomic,openTab,payUrlWithTab,resolveTabOffer,resolveTabTerms,resumeTab,sessionRegisterMessage,sessionRevokeMessage,voucherPayloadMessage,voucherToHeader});
3
+ `))!==-1;){let i=r.slice(0,o);r=r.slice(o+2);let c=gn(i);if(c.eventName==="end")return;if(c.data!==null){let u=c.data.replace(/\\n/g,`
4
+ `);yield new TextEncoder().encode(u)}}}}finally{e.releaseLock()}}function gn(t){let e=null,n=[];for(let r of t.split(`
5
+ `))r.startsWith("event:")?e=r.slice(6).trim():r.startsWith("data:")&&n.push(r.slice(5).trimStart());return{eventName:e,data:n.length?n.join(`
6
+ `):null}}var Te=J(require("tweetnacl"),1),ne=require("@solana/web3.js"),Mt=require("@noble/hashes/utils"),st=require("@dexterai/vault/session"),$t=require("@dexterai/vault/reader");var ue=require("@dexterai/vault/instructions"),St=require("@dexterai/vault/precompile"),W=require("@dexterai/vault/constants");var wt="solana:mainnet";async function Kt(t){let e=t.facilitatorUrl??we,n=t.programId??W.DEXTER_VAULT_PROGRAM_ID,r=new ne.PublicKey(t.vaultPda),s=new ne.PublicKey(t.params.counterparty),a=tt(t.perUnitCapAtomic);if(a<=0n)throw new Error(`perUnitCapAtomic must be > 0, got ${t.perUnitCapAtomic}`);let o=tt(t.params.maxAmountAtomic),i=tt(t.params.maxRevolvingCapacityAtomic),c=yn(t.sessionSecretKey),u=new ne.PublicKey(t.params.sessionPubkey).toBytes();if(!Dt(c.publicKey,u))throw new Error(`tab_session_key_mismatch: the supplied secret derives ${new ne.PublicKey(c.publicKey).toBase58()} but params.sessionPubkey is ${t.params.sessionPubkey} \u2014 wrong key handed to this process`);let p=Te.default.randomBytes(32),d=Te.default.sign.detached(p,c.secretKey);if(!Te.default.sign.detached.verify(p,d,u))throw new Error("tab_session_key_mismatch: secret key failed the sign/verify self-check against params.sessionPubkey \u2014 the seed half does not sign for the granted pubkey");let f=(0,B.sessionRegisterMessage)({programId:n,vaultPda:r,sessionPubkey:c.publicKey,maxAmount:o,expiresAt:BigInt(t.params.expiresAtUnix),allowedCounterparty:s,nonce:t.params.nonce,maxRevolvingCapacity:i}),T=typeof t.connection=="string"?new ne.Connection(t.connection,"confirmed"):t.connection,l=await(0,st.fetchSessionAccount)(T,r,s,n);if(!l||l.version===0)throw new Error("tab_session_not_live: no live SessionAccount PDA for this (vault, counterparty) \u2014 revoked, expiry-swept, or never registered");if(!(0,st.isSessionLive)(l))throw new Error(l.version!==1?`tab_session_not_live: SessionAccount has unsupported version ${l.version} \u2014 not a live v1 session`:`tab_session_not_live: SessionAccount is present but expired (expiresAt=${l.session.expiresAt})`);if(!Dt(l.session.sessionPubkey,c.publicKey))throw new Error(`tab_session_pubkey_mismatch: the on-chain session carries ${new ne.PublicKey(l.session.sessionPubkey).toBase58()} \u2014 the grant this key belongs to was replaced by a newer registration`);if(l.session.maxAmount!==o||l.session.expiresAt!==t.params.expiresAtUnix||l.session.nonce!==t.params.nonce||l.session.maxRevolvingCapacity!==i)throw new Error(`tab_grant_params_stale: params disagree with the on-chain session scope (chain: maxAmount=${l.session.maxAmount} expiresAt=${l.session.expiresAt} nonce=${l.session.nonce} revolving=${l.session.maxRevolvingCapacity}; params: ${t.params.maxAmountAtomic}/${t.params.expiresAtUnix}/${t.params.nonce}/${t.params.maxRevolvingCapacityAtomic}) \u2014 refresh the grant hand-off`);let P=l.session.spent>l.session.crystallizedCumulative?l.session.spent:l.session.crystallizedCumulative;if(P>=o)throw new Error(`tab_exhausted: on-chain frontier ${P} has consumed the session cap ${o} \u2014 no voucher can strictly exceed it; open a new grant`);let x=t.sellerUrl??t.params.counterparty,y=BigInt(Math.floor(Math.random()*4294967295)),g=nt({vaultPda:r,sellerUrl:x,nonce:y}),S=(0,Mt.bytesToHex)(g),k=t.swigAddress;if(!k){let D=await(0,$t.readVaultFull)(T,r);if(!D.exists||!D.swigAddress)throw new Error(`tab_vault_unreadable: vault ${r.toBase58()} has no readable swig_address on chain \u2014 pass options.swigAddress explicitly`);k=D.swigAddress}await bt(e,k,o,wt,t.params.counterparty);let M={channelId:S,maxAmountAtomic:t.params.maxAmountAtomic,revolvingCapacityAtomic:t.params.maxRevolvingCapacityAtomic,expiresAtUnix:t.params.expiresAtUnix,allowedCounterparty:t.params.counterparty},q=It({publicKey:c.publicKey,privateKey:c.secretKey},M,f),V={network:wt,swigAddress:k,vaultPda:r.toBase58(),authorizeSession:async()=>{throw new Error("grant_tab_no_passkey: a grant-held tab cannot authorize sessions \u2014 session birth requires the wallet owner's passkey ceremony")},signWithSession:async(D,K)=>Nt(D,K,g),signOpenTab:async D=>D.registration,signCloseTab:async()=>{throw new Error("grant_tab_cannot_revoke: session revocation is passkey-signed and belongs to the wallet owner's surfaces \u2014 a grant-held tab closes settle-only")}};return new Be({vault:V,network:wt,seller:x,counterparty:t.params.counterparty,session:q,channelIdHex:S,channelIdBytes:g,perUnitCapAtomic:a,totalCapAtomic:o,expiresAtUnix:t.params.expiresAtUnix,facilitatorUrl:e,initialCumulativeAtomic:P,closeMode:"settle-only"})}function yn(t){if(t.length===64)return Te.default.sign.keyPair.fromSecretKey(t);if(t.length===32)return Te.default.sign.keyPair.fromSeed(t);throw new Error(`tab_session_key_invalid: expected a 64-byte nacl secretKey or a 32-byte ed25519 seed, got ${t.length} bytes`)}function Dt(t,e){if(t.length!==e.length)return!1;let n=0;for(let r=0;r<t.length;r++)n|=t[r]^e[r];return n===0}var Vt=require("@solana/web3.js");var Lt=[{caip2:"eip155:8453",bare:"base",family:"evm"},{caip2:"eip155:1",bare:"ethereum",family:"evm"},{caip2:"eip155:137",bare:"polygon",family:"evm"},{caip2:"eip155:42161",bare:"arbitrum",family:"evm"},{caip2:"eip155:10",bare:"optimism",family:"evm"},{caip2:"eip155:43114",bare:"avalanche",family:"evm"},{caip2:"eip155:56",bare:"bsc",family:"evm"},{caip2:"solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",bare:"solana",family:"svm"}],hn=new Map(Lt.map(t=>[t.caip2.toLowerCase(),t])),An=new Map(Lt.map(t=>[t.bare.toLowerCase(),t]));function Me(t){if(!t)return null;let e=t.toLowerCase(),n=hn.get(e)||An.get(e);return n?{caip2:n.caip2,bare:n.bare,family:n.family}:null}function Tt(t){let e=t.replace(/-/g,"+").replace(/_/g,"/"),n=e+"=".repeat((4-(e.length%4||4))%4);return JSON.parse(Buffer.from(n,"base64").toString("utf8"))}function bn(t){let e=[];for(let n of t){if(!n||typeof n!="object")continue;let r=n,s=Me(String(r.network??""));s&&e.push({scheme:String(r.scheme??"exact"),network:s,amount:String(r.amount??r.maxAmountRequired??"0"),asset:String(r.asset??""),payTo:String(r.payTo??""),maxTimeoutSeconds:typeof r.maxTimeoutSeconds=="number"?r.maxTimeoutSeconds:void 0,extra:r.extra&&typeof r.extra=="object"?r.extra:void 0})}return e}async function at(t){let e=t.headers.get("payment-required");if(!e)return null;let n;try{n=Tt(e)}catch{return null}let r=Array.isArray(n.accepts)?n.accepts:[];return r.length===0?null:{x402Version:2,options:bn(r),resourceUrl:n.resource&&typeof n.resource=="object"?String(n.resource.url??""):void 0}}async function xe(t,e={},n=fetch){let r={method:e.method??"GET",headers:e.headers};typeof e.body=="string"&&(r.body=e.body);let s;try{s=await n(t,r)}catch(i){return{kind:"error",detail:`probe failed: ${i?.message??String(i)}`}}if(s.status!==402)return s.ok?{kind:"free",response:s}:{kind:"error",detail:`probe returned HTTP ${s.status}`};let a=await at(s);if(!a)return{kind:"error",detail:"the 402 carries no x402 v2 PAYMENT-REQUIRED challenge"};let o=a.options.find(i=>i.scheme==="tab"&&i.network.family==="svm");if(!o)return{kind:"no_tab",schemesOffered:a.options.map(i=>i.scheme)};try{new Vt.PublicKey(o.payTo)}catch{return{kind:"error",detail:`tab option payTo is not a valid Solana pubkey: "${o.payTo}"`}}return{kind:"offer",offer:{payTo:o.payTo,amountAtomic:o.amount,asset:o.asset,networkCaip2:o.network.caip2,resourceUrl:a.resourceUrl}}}var $e="solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",ot="solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",it="solana:4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z",me=$e,Ke=ot,Le=it,pe="eip155:8453",Ee="eip155:84532",ve="eip155:42161",Pe="eip155:137",Re="eip155:10",_e="eip155:43114",ke="eip155:56",Ce="eip155:1187947933",Ie="eip155:324705682",Ne="eip155:1",de=pe,ct=Ee,Ve=ve,We=Pe,qe=Re,He=_e,Fe=ke,je=Ce,Je=Ie,Ge=Ne,Xe="EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",Wt="4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU",qt="0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",xt="0x55d398326f99059fF775485246999027B3197955",lt="0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",ut={[ke]:lt,[pe]:qt,[Ee]:"0x036CbD53842c5426634e7929541eC2318f3dCF7e",[ve]:"0xaf88d065e77c8cC2239327C5EDb3A432268e5831",[Pe]:"0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",[Re]:"0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85",[_e]:"0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E",[Ce]:"0x85889c8c714505E0c94b30fcfcF64fE3Ac8FCb20",[Ie]:"0x2e08028E3C4c2356572E096d8EF835cD5C6030bD",[Ne]:"0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"},mt={[xt]:{symbol:"USDT",decimals:18},[lt]:{symbol:"USDC",decimals:18}};var re="0x000000000022D473030F116dDEE9F6B43aC78BA3",Ye="0x402085c248EeA27D92E8b30b2C58ed07f9E20001",ze={[ke]:56,[pe]:8453,[Ee]:84532,[ve]:42161,[Pe]:137,[Re]:10,[_e]:43114,[Ce]:1187947933,[Ie]:324705682,[Ne]:1},fe={[$e]:"https://api.dexter.cash/api/solana/rpc",[ot]:"https://api.devnet.solana.com",[it]:"https://api.testnet.solana.com"},$={[ke]:"https://api.dexter.cash/api/evm/bsc/rpc",[pe]:"https://api.dexter.cash/api/base/rpc",[Ee]:"https://sepolia.base.org",[ve]:"https://api.dexter.cash/api/evm/arbitrum/rpc",[Pe]:"https://api.dexter.cash/api/evm/polygon/rpc",[Re]:"https://api.dexter.cash/api/evm/optimism/rpc",[_e]:"https://api.dexter.cash/api/evm/avalanche/rpc",[Ce]:"https://skale-base.skalenodes.com/v1/base",[Ie]:"https://base-sepolia-testnet.skalenodes.com/v1/jubilant-horrible-ancha",[Ne]:"https://eth.llamarpc.com"};var I=class t extends Error{code;details;constructor(e,n,r){super(n),this.name="X402Error",this.code=e,this.details=r,Object.setPrototypeOf(this,t.prototype)}};var N=require("@solana/web3.js"),O=require("@solana/spl-token");var Sn=12e3,wn=1;function ge(t){if(!t||typeof t!="object")return!1;let e=t;return"publicKey"in e&&"signTransaction"in e&&typeof e.signTransaction=="function"}var pt=class{name="Solana";networks=[me,Ke,Le];config;log;constructor(e={}){this.config=e,this.log=e.verbose?console.log.bind(console,"[x402:solana]"):()=>{}}canHandle(e){return!!(this.networks.includes(e)||e==="solana"||e==="solana-devnet"||e==="solana-testnet"||e.startsWith("solana:"))}getDefaultRpcUrl(e){return this.config.rpcUrls?.[e]?this.config.rpcUrls[e]:fe[e]?fe[e]:e==="solana"?fe[me]:e==="solana-devnet"?fe[Ke]:e==="solana-testnet"?fe[Le]:fe[me]}getAddress(e){return ge(e)?e.publicKey?.toBase58()??null:null}isConnected(e){return ge(e)?e.publicKey!==null:!1}async getBalance(e,n,r){if(!ge(n)||!n.publicKey)return 0;let s=r||this.getDefaultRpcUrl(e.network),a=new N.Connection(s,"confirmed"),o=new N.PublicKey(n.publicKey.toBase58()),i=new N.PublicKey(e.asset);try{let u=(await a.getAccountInfo(i,"confirmed"))?.owner.toBase58()===O.TOKEN_2022_PROGRAM_ID.toBase58()?O.TOKEN_2022_PROGRAM_ID:O.TOKEN_PROGRAM_ID,p=await(0,O.getAssociatedTokenAddress)(i,o,!1,u),d=await(0,O.getAccount)(a,p,void 0,u),f=e.extra?.decimals??6;return Number(d.amount)/Math.pow(10,f)}catch(c){if(c&&typeof c=="object"&&"name"in c&&(c.name==="TokenAccountNotFoundError"||c.name==="TokenInvalidAccountOwnerError"))return 0;throw c}}async buildTransaction(e,n,r){if(!ge(n))throw new Error("Invalid Solana wallet");if(!n.publicKey)throw new Error("Wallet not connected");let s=r||this.getDefaultRpcUrl(e.network),a=new N.Connection(s,"confirmed"),o=new N.PublicKey(n.publicKey.toBase58()),{payTo:i,asset:c,extra:u}=e,p=e.amount??e.maxAmountRequired;if(!p)throw new Error("Missing amount in payment requirements");if(!u?.feePayer)throw new Error("Missing feePayer in payment requirements");let d=new N.PublicKey(u.feePayer),f=new N.PublicKey(c),T=new N.PublicKey(i);this.log("Building transaction:",{from:o.toBase58(),to:i,amount:p,asset:c,feePayer:u.feePayer});let l=[];l.push(N.ComputeBudgetProgram.setComputeUnitLimit({units:Sn})),l.push(N.ComputeBudgetProgram.setComputeUnitPrice({microLamports:wn}));let P=await a.getAccountInfo(f,"confirmed");if(!P)throw new Error(`Token mint ${c} not found`);let x=P.owner.toBase58()===O.TOKEN_2022_PROGRAM_ID.toBase58()?O.TOKEN_2022_PROGRAM_ID:O.TOKEN_PROGRAM_ID,y=await(0,O.getMint)(a,f,void 0,x);typeof u?.decimals=="number"&&y.decimals!==u.decimals&&this.log(`Decimals mismatch: requirements say ${u.decimals}, mint says ${y.decimals}`);let g=await(0,O.getAssociatedTokenAddress)(f,o,!1,x),S=await(0,O.getAssociatedTokenAddress)(f,T,!0,x);if(!await a.getAccountInfo(g,"confirmed"))throw new Error(`No token account found for ${c}. Please ensure you have USDC in your wallet.`);if(!await a.getAccountInfo(S,"confirmed"))throw new Error(`Seller token account not found. The seller (${i}) must have a USDC account.`);let q=BigInt(p);l.push((0,O.createTransferCheckedInstruction)(g,f,S,o,q,y.decimals,[],x));let{blockhash:V}=await a.getLatestBlockhash("confirmed"),D=new N.TransactionMessage({payerKey:d,recentBlockhash:V,instructions:l}).compileToV0Message(),K=new N.VersionedTransaction(D),h=await n.signTransaction(K);return this.log("Transaction signed successfully"),{serialized:Buffer.from(h.serialize()).toString("base64"),settlementProbe:{kind:"solana",sourceAta:g.toBase58(),destinationAta:S.toBase58(),asset:c,amount:p,blockhash:V}}}async confirmSettlement(e,n){if(e.kind!=="solana")throw new Error(`SolanaAdapter.confirmSettlement cannot handle probe kind "${e.kind}"`);let r=new N.Connection(n,"confirmed"),s=new N.PublicKey(e.destinationAta),a=await r.getSignaturesForAddress(s,{limit:25});if(a.length===0)return{settled:!1};let o=BigInt(e.amount);for(let i of a){if(i.err)continue;let c=await r.getTransaction(i.signature,{commitment:"confirmed",maxSupportedTransactionVersion:0});if(!c?.meta)continue;let u=c.transaction.message.getAccountKeys().keySegments().flat(),p=c.meta.preTokenBalances??[],d=c.meta.postTokenBalances??[];for(let f of d){if(f.mint!==e.asset)continue;let T=u[f.accountIndex];if(!T||!T.equals(s))continue;let l=p.find(y=>y.accountIndex===f.accountIndex),P=BigInt(l?.uiTokenAmount.amount??"0");if(BigInt(f.uiTokenAmount.amount??"0")-P===o)return{settled:!0,txSignature:i.signature}}}return{settled:!1}}};function se(t){return new pt(t)}var Tn={PermitWitnessTransferFrom:[{name:"permitted",type:"TokenPermissions"},{name:"spender",type:"address"},{name:"nonce",type:"uint256"},{name:"deadline",type:"uint256"},{name:"witness",type:"Witness"}],TokenPermissions:[{name:"token",type:"address"},{name:"amount",type:"uint256"}],Witness:[{name:"to",type:"address"},{name:"validAfter",type:"uint256"}]},Ht=BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff");function ye(t){if(!t||typeof t!="object")return!1;let e=t;return"address"in e&&typeof e.address=="string"&&e.address.startsWith("0x")}var dt=class{name="EVM";networks=[Fe,de,ct,Ge,Ve,We,qe,He,je,Je];config;log;constructor(e={}){this.config=e,this.log=e.verbose?console.log.bind(console,"[x402:evm]"):()=>{}}canHandle(e){return!!(this.networks.includes(e)||e==="base"||e==="bsc"||e==="ethereum"||e==="arbitrum"||e==="polygon"||e==="optimism"||e==="avalanche"||e==="skale-base"||e==="skale-base-sepolia"||e.startsWith("eip155:"))}getDefaultRpcUrl(e){return this.config.rpcUrls?.[e]?this.config.rpcUrls[e]:$[e]?$[e]:e==="base"?$[de]:e==="bsc"?$[Fe]:e==="ethereum"?$[Ge]:e==="arbitrum"?$[Ve]:e==="polygon"?$[We]:e==="optimism"?$[qe]:e==="avalanche"?$[He]:e==="skale-base"?$[je]:e==="skale-base-sepolia"?$[Je]:$[de]}getAddress(e){return ye(e)?e.address:null}isConnected(e){return ye(e)?!!e.address:!1}getChainId(e){if(ze[e])return ze[e];if(e.startsWith("eip155:")){let n=e.split(":")[1];return parseInt(n,10)}return e==="base"?8453:e==="bsc"?56:e==="ethereum"?1:e==="arbitrum"?42161:8453}async getBalance(e,n,r){if(!ye(n)||!n.address)return 0;let s=r||this.getDefaultRpcUrl(e.network);try{let a=this.encodeBalanceOf(n.address),o=await fetch(s,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({jsonrpc:"2.0",id:1,method:"eth_call",params:[{to:e.asset,data:a},"latest"]})});if(!o.ok)throw new Error(`RPC request failed: ${o.status}`);let i=await o.json();if(i.error)throw new Error(`RPC error: ${JSON.stringify(i.error)}`);if(!i.result||i.result==="0x")return 0;let c=BigInt(i.result),u=e.extra?.decimals??6;return Number(c)/Math.pow(10,u)}catch(a){throw a}}encodeBalanceOf(e){let n="0x70a08231",r=e.slice(2).toLowerCase().padStart(64,"0");return n+r}async confirmSettlement(e,n){if(e.kind==="eip3009"){let r="0xe94a0102",s=e.from.slice(2).toLowerCase().padStart(64,"0"),a=e.nonce.slice(2).toLowerCase().padStart(64,"0"),o=r+s+a,i=await this.ethCall(n,e.asset,o);return{settled:BigInt(i)!==0n}}if(e.kind==="permit2"){let r="0x4fe02b44",s=BigInt(e.nonce),a=s>>8n,o=s&0xffn,i=e.from.slice(2).toLowerCase().padStart(64,"0"),c=a.toString(16).padStart(64,"0"),u=r+i+c,p=await this.ethCall(n,re,u);return{settled:(BigInt(p)>>o&1n)===1n}}throw new Error(`EvmAdapter.confirmSettlement cannot handle probe kind "${e.kind}"`)}async ethCall(e,n,r){let s=await fetch(e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({jsonrpc:"2.0",id:1,method:"eth_call",params:[{to:n,data:r},"latest"]})});if(!s.ok)throw new Error(`RPC request failed: ${s.status}`);let a=await s.json();if(a.error)throw new Error(`RPC error: ${JSON.stringify(a.error)}`);if(!a.result||a.result==="0x")throw new Error("RPC returned an empty result");return a.result}async buildTransaction(e,n,r){if(!ye(n))throw new Error("Invalid EVM wallet");if(!n.address)throw new Error("Wallet not connected");if(e.scheme==="exact-approval")return this.buildApprovalTransaction(e,n,r);if(e.extra?.assetTransferMethod==="permit2")return this.buildPermit2Transaction(e,n,r);let{payTo:s,asset:a,extra:o}=e,i=e.amount??e.maxAmountRequired;if(!i)throw new Error("Missing amount in payment requirements");this.log("Building EVM transaction:",{from:n.address,to:s,amount:i,asset:a,network:e.network});let c=this.getChainId(e.network),u={name:o?.name??"USD Coin",version:o?.version??"2",chainId:BigInt(c),verifyingContract:a},p={TransferWithAuthorization:[{name:"from",type:"address"},{name:"to",type:"address"},{name:"value",type:"uint256"},{name:"validAfter",type:"uint256"},{name:"validBefore",type:"uint256"},{name:"nonce",type:"bytes32"}]},d=new Uint8Array(32);(globalThis.crypto??(await import("crypto")).webcrypto).getRandomValues(d);let f="0x"+[...d].map(g=>g.toString(16).padStart(2,"0")).join(""),T=Math.floor(Date.now()/1e3),l={from:n.address,to:s,value:i,validAfter:String(T-600),validBefore:String(T+(e.maxTimeoutSeconds||60)),nonce:f},P={from:n.address,to:s,value:BigInt(i),validAfter:BigInt(T-600),validBefore:BigInt(T+(e.maxTimeoutSeconds||60)),nonce:f};if(!n.signTypedData)throw new Error("Wallet does not support signTypedData (EIP-712)");let x=await n.signTypedData({domain:u,types:p,primaryType:"TransferWithAuthorization",message:P});return this.log("EIP-712 signature obtained"),{serialized:JSON.stringify({authorization:l,signature:x}),signature:x,settlementProbe:{kind:"eip3009",from:n.address,nonce:f,asset:a,chainId:c}}}async buildApprovalTransaction(e,n,r){let{payTo:s,asset:a,extra:o}=e,i=e.amount??e.maxAmountRequired;if(!i)throw new Error("Missing amount in payment requirements");let c=o?.facilitatorContract;if(!c)throw new Error("exact-approval scheme requires extra.facilitatorContract from the facilitator. The /supported endpoint should provide this.");if(!n.signTypedData)throw new Error("Wallet does not support signTypedData (EIP-712)");this.log("Building approval-based transaction:",{from:n.address,to:s,amount:i,asset:a,network:e.network,facilitatorContract:c});let u=r||this.getDefaultRpcUrl(e.network),p=o?.fee??"0",d=BigInt(i)+BigInt(p),f=await this.readAllowance(u,a,n.address,c);if(f<d){if(!n.sendTransaction)throw new Error("BSC payments require a wallet that supports sendTransaction for the one-time token approval. Use createEvmKeypairWallet() or a browser wallet with transaction support.");let K=this.calculateApprovalAmount(i,p,o?.approvalStrategy);this.log(`Approving ${K} for ${c} (current allowance: ${f})`);let h=await n.sendTransaction({to:a,data:this.encodeApprove(c,K),value:0n});this.log(`Approval tx sent: ${h}`),await this.waitForReceipt(u,h),this.log("Approval confirmed")}else this.log("Sufficient allowance, skipping approval");let T=new Uint8Array(16);(globalThis.crypto??(await import("crypto")).webcrypto).getRandomValues(T);let l=[...T].reduce((K,h)=>K*256n+BigInt(h),0n).toString(),P=new Uint8Array(32);(globalThis.crypto??(await import("crypto")).webcrypto).getRandomValues(P);let x="0x"+[...P].map(K=>K.toString(16).padStart(2,"0")).join(""),g=Math.floor(Date.now()/1e3)+(e.maxTimeoutSeconds||300),S=o?.eip712Domain,k=S?{name:S.name,version:S.version,chainId:BigInt(S.chainId),verifyingContract:S.verifyingContract}:{name:"DexterBSCFacilitator",version:"1",chainId:BigInt(this.getChainId(e.network)),verifyingContract:c},M=o?.eip712Types??{Payment:[{name:"from",type:"address"},{name:"to",type:"address"},{name:"token",type:"address"},{name:"amount",type:"uint256"},{name:"fee",type:"uint256"},{name:"nonce",type:"uint256"},{name:"deadline",type:"uint256"},{name:"paymentId",type:"bytes32"}]},q={from:n.address,to:s,token:a,amount:BigInt(i),fee:BigInt(p),nonce:BigInt(l),deadline:BigInt(g),paymentId:x},V=await n.signTypedData({domain:k,types:M,primaryType:"Payment",message:q});this.log("EIP-712 Payment signature obtained");let D={from:n.address,to:s,token:a,amount:i,fee:p,nonce:l,deadline:g,paymentId:x,signature:V};return{serialized:JSON.stringify(D),signature:V}}async buildPermit2Transaction(e,n,r){let{payTo:s,asset:a}=e,o=e.amount??e.maxAmountRequired;if(!o)throw new Error("Missing amount in payment requirements");if(!n.signTypedData)throw new Error("Wallet does not support signTypedData (EIP-712)");this.log("Building Permit2 transaction:",{from:n.address,to:s,amount:o,asset:a,network:e.network});let i=r||this.getDefaultRpcUrl(e.network),c=await this.readAllowance(i,a,n.address,re),u;if(c<BigInt(o)){let k=this.encodeApprove(re,Ht);if(n.signTransaction){this.log(`Signing Permit2 approval for relay (current allowance: ${c})`);let M=this.getChainId(e.network),q=await this.readGasPrice(i),V=await this.readNonce(i,n.address),D=await n.signTransaction({to:a,data:k,chainId:M,gas:50000n,gasPrice:q,nonce:V});u={erc20ApprovalGasSponsoring:{info:{from:n.address,asset:a,spender:re,amount:Ht.toString(),signedTransaction:D,version:"1"}}},this.log("Permit2 approval signed for facilitator relay")}else if(n.sendTransaction){this.log(`Approving Permit2 directly (current allowance: ${c})`);let M=await n.sendTransaction({to:a,data:k,value:0n});this.log(`Permit2 approval tx sent: ${M}`),await this.waitForReceipt(i,M),this.log("Permit2 approval confirmed")}else throw new Error("Permit2 payments require a wallet that supports signTransaction or sendTransaction for the one-time Permit2 approval. Use createEvmKeypairWallet() or a browser wallet with transaction support.")}else this.log("Sufficient Permit2 allowance, skipping approval");let p=new Uint8Array(32);(globalThis.crypto??(await import("crypto")).webcrypto).getRandomValues(p);let d=[...p].reduce((k,M)=>k*256n+BigInt(M),0n),f=Math.floor(Date.now()/1e3),T=f-600,l=f+(e.maxTimeoutSeconds||300),P=this.getChainId(e.network),x={name:"Permit2",chainId:BigInt(P),verifyingContract:re},y={permitted:{token:a,amount:BigInt(o)},spender:Ye,nonce:d,deadline:BigInt(l),witness:{to:s,validAfter:BigInt(T)}},g=await n.signTypedData({domain:x,types:Tn,primaryType:"PermitWitnessTransferFrom",message:y});this.log("Permit2 PermitWitnessTransferFrom signature obtained");let S={signature:g,permit2Authorization:{from:n.address,permitted:{token:a,amount:o},spender:Ye,nonce:d.toString(),deadline:String(l),witness:{to:s,validAfter:String(T)}}};return{serialized:JSON.stringify(S),signature:g,extensions:u,settlementProbe:{kind:"permit2",from:n.address,nonce:d.toString(),chainId:P}}}async readAllowance(e,n,r,s){let a="0xdd62ed3e",o=r.slice(2).toLowerCase().padStart(64,"0"),i=s.slice(2).toLowerCase().padStart(64,"0"),c=a+o+i;try{let p=await(await fetch(e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({jsonrpc:"2.0",id:1,method:"eth_call",params:[{to:n,data:c},"latest"]})})).json();return p.error||!p.result||p.result==="0x"?0n:BigInt(p.result)}catch{return 0n}}encodeApprove(e,n){let r="0x095ea7b3",s=e.slice(2).toLowerCase().padStart(64,"0"),a=n.toString(16).padStart(64,"0");return r+s+a}async waitForReceipt(e,n,r=3e4){let s=Date.now();for(;Date.now()-s<r;){try{let o=await(await fetch(e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({jsonrpc:"2.0",id:1,method:"eth_getTransactionReceipt",params:[n]})})).json();if(o.result){if(o.result.status==="0x0")throw new Error(`Approval transaction reverted: ${n}`);return}}catch(a){if(a instanceof Error&&a.message.includes("reverted"))throw a}await new Promise(a=>setTimeout(a,2e3))}throw new Error(`Approval transaction receipt timeout after ${r}ms: ${n}`)}async readGasPrice(e){try{let r=await(await fetch(e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({jsonrpc:"2.0",id:1,method:"eth_gasPrice",params:[]})})).json();return r.result?BigInt(r.result):50000000n}catch{return 50000000n}}async readNonce(e,n){try{let s=await(await fetch(e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({jsonrpc:"2.0",id:1,method:"eth_getTransactionCount",params:[n,"latest"]})})).json();return s.result?parseInt(s.result,16):0}catch{return 0}}calculateApprovalAmount(e,n,r){let s=BigInt(e)+BigInt(n);if(!r||r.mode==="exact")return s;let a=BigInt(r.defaultMultiple??10),o=s*a;if(r.maxCapUsd){let i=this.inferDecimals(e),c=BigInt(Math.floor(r.maxCapUsd*Math.pow(10,i)));if(o>c)return c}if(r.exactAboveUsd){let i=this.inferDecimals(e),c=BigInt(Math.floor(r.exactAboveUsd*Math.pow(10,i)));if(BigInt(e)>c)return s}return o}inferDecimals(e){return e.length>12?18:6}};function Oe(t){return new dt(t)}function Et(t){if(t===Xe||t===Wt)return!0;let e=t.toLowerCase();for(let n of Object.values(ut))if(n.toLowerCase()===e)return!0;for(let n of Object.keys(mt))if(n.toLowerCase()===e)return!0;return!1}function xn(t){return{[$e]:"Solana",[ot]:"Solana Devnet",[it]:"Solana Testnet",solana:"Solana","solana-devnet":"Solana Devnet","solana-testnet":"Solana Testnet",[pe]:"Base",[Ee]:"Base Sepolia",[Ne]:"Ethereum",[ve]:"Arbitrum",[Pe]:"Polygon",[Re]:"Optimism",[_e]:"Avalanche",[ke]:"BSC",[Ce]:"SKALE Base",[Ie]:"SKALE Base Sepolia",base:"Base","base-sepolia":"Base Sepolia",ethereum:"Ethereum",arbitrum:"Arbitrum",polygon:"Polygon",optimism:"Optimism",avalanche:"Avalanche",bsc:"BSC","skale-base":"SKALE Base","skale-base-sepolia":"SKALE Base Sepolia"}[t]||t}function Ft(t,e){let n=xn(t);return n===t?e:n}async function En(t,e){if(typeof t=="string")return[t,e];if(t instanceof URL)return[t.href,e];let n=t,r=new Headers(n.headers);e?.headers&&new Headers(e.headers).forEach((o,i)=>r.set(i,o));let s={method:e?.method??n.method,headers:r,signal:e?.signal??n.signal,redirect:e?.redirect??n.redirect,credentials:e?.credentials??n.credentials},a=(s.method??"GET").toUpperCase();return e&&"body"in e?s.body=e.body:a!=="GET"&&a!=="HEAD"&&n.body&&(s.body=await n.arrayBuffer()),[n.url,s]}var vn=new WeakMap;function jt(t){let{adapters:e=[se({verbose:t.verbose}),Oe({verbose:t.verbose})],wallets:n,wallet:r,preferredNetwork:s,rpcUrls:a={},maxAmountAtomic:o,fetch:i=globalThis.fetch,verbose:c=!1,accessPass:u,onPaymentRequired:p,onPaymentDispatched:d,maxRetries:f=0,retryDelayMs:T=500}=t,l=c?console.log.bind(console,"[x402]"):()=>{};async function P(h,w){let E;for(let A=0;A<=f;A++)try{let v=await i(h,w);if(v.status>=502&&v.status<=504&&A<f){l(`Retry ${A+1}/${f}: server returned ${v.status}`),await new Promise(R=>setTimeout(R,T*Math.pow(2,A)));continue}return v}catch(v){E=v,A<f&&(l(`Retry ${A+1}/${f}: ${v instanceof Error?v.message:"network error"}`),await new Promise(R=>setTimeout(R,T*Math.pow(2,A))))}throw E}let x=new Map;function y(h){try{let w=new URL(h).host,E=x.get(w);if(E&&E.expiresAt>Date.now()/1e3+10)return E.jwt;E&&x.delete(w)}catch{}return null}function g(h,w){try{let E=new URL(h).host,A=w.split(".");if(A.length===3){let v=JSON.parse(atob(A[1].replace(/-/g,"+").replace(/_/g,"/"))),R=Math.floor(Date.now()/1e3),_=R+86400,H=Math.min(typeof v.exp=="number"?v.exp:R,_);x.set(E,{jwt:w,expiresAt:H}),l("Access pass cached for",E,"| expires:",new Date(H*1e3).toISOString())}}catch{l("Failed to cache access pass")}}let S=n||{};r&&!S.solana&&ge(r)&&(S.solana=r),r&&!S.evm&&ye(r)&&(S.evm=r);function k(h){let w=[];for(let E of h){let A=E.scheme??"exact";if(A!=="exact"&&A!=="exact-approval")continue;let v=e.find(_=>_.canHandle(E.network));if(!v)continue;let R;v.name==="Solana"?R=S.solana:v.name==="EVM"&&(R=S.evm),R&&v.isConnected(R)&&w.push({accept:E,adapter:v,wallet:R})}if(w.length===0)return null;if(s){let E=w.find(A=>A.accept.network===s);if(E)return E}return w[0]}function M(h,w){return Ft(h,w)}function q(h,w){return a[h]||w.getDefaultRpcUrl(h)}async function V(h,w,E,A,v){let R="";if(u?.preferTier&&A.tiers){let m=A.tiers.find(b=>b.id===u.preferTier);if(m){if(u.maxSpend&&parseFloat(m.price)>parseFloat(u.maxSpend))throw new I("access_pass_exceeds_max_spend",`Access pass tier "${m.id}" costs $${m.price}, exceeds max spend $${u.maxSpend}`);R=`tier=${m.id}`}}else if(u?.preferDuration&&A.ratePerHour)R=`duration=${u.preferDuration}`;else if(A.tiers&&A.tiers.length>0){let m=A.tiers[0];if(u?.maxSpend&&parseFloat(m.price)>parseFloat(u.maxSpend))throw new I("access_pass_exceeds_max_spend",`Cheapest access pass costs $${m.price}, exceeds max spend $${u?.maxSpend}`);R=`tier=${m.id}`}let _=R?v.includes("?")?`${v}&${R}`:`${v}?${R}`:v;l("Purchasing access pass:",R||"default tier");let H=E.headers.get("PAYMENT-REQUIRED");if(!H)return null;let L;try{L=JSON.parse(atob(H))}catch{return null}let U=k(L.accepts);if(!U)return null;let{accept:C,adapter:j,wallet:he}=U;if(j.name==="Solana"&&!C.extra?.feePayer)return null;let X=C.extra?.decimals??(Et(C.asset)?6:void 0);if(typeof X!="number")return null;let Ue=C.amount??C.maxAmountRequired;if(!Ue)return null;let Y=q(C.network,j);try{let m=await j.getBalance(C,he,Y),b=Number(Ue)/Math.pow(10,X);if(m<b){let ht=M(C.network,j.name);throw new I("insufficient_balance",`Insufficient balance for access pass on ${ht}. Have $${m.toFixed(4)}, need $${b.toFixed(4)}`)}}catch(m){if(m instanceof I)throw m}let z=await j.buildTransaction(C,he,Y),Ae;j.name==="EVM"?Ae=JSON.parse(z.serialized):Ae={transaction:z.serialized};let ae=typeof h=="string"?h:h instanceof URL?h.href:h.url,be=L.resource;if(typeof L.resource=="string")try{let m=new URL(L.resource,ae);["http:","https:"].includes(m.protocol)&&(be=m.toString())}catch{}else if(L.resource&&typeof L.resource=="object"&&"url"in L.resource){let m=L.resource;try{let b=new URL(m.url,ae);["http:","https:"].includes(b.protocol)&&(be={...m,url:b.toString()})}catch{}}let Ze={x402Version:C.x402Version??2,resource:be,accepted:C,payload:Ae};z.extensions&&(Ze.extensions=z.extensions);let Q=btoa(JSON.stringify(Ze)),oe=await i(_,{...w,method:"POST",headers:{...w?.headers||{},"Content-Type":"application/json","PAYMENT-SIGNATURE":Q}});if(!oe.ok)return l("Pass purchase failed:",oe.status),null;let F=oe.headers.get("ACCESS-PASS");return F&&(g(v,F),l("Access pass purchased and cached")),oe}async function D(h,w){let E=h;if(l("Making request:",E),u){let m=y(E);if(m){l("Using cached access pass");let b=await i(h,{...w,headers:{...w?.headers||{},Authorization:`Bearer ${m}`}});if(b.status!==401&&b.status!==402)return b;l("Cached pass rejected (status",b.status,"), purchasing new pass");try{x.delete(new URL(E).host)}catch{}}}let A=await P(h,w);if(A.status!==402)return A;l("Received 402 Payment Required");let v=A.headers.get("X-ACCESS-PASS-TIERS");if(u&&v){l("Server offers access passes, purchasing...");try{let m=JSON.parse(atob(v)),b=await V(h,w,A,m,E);if(b)return b}catch(m){l("Access pass purchase failed, falling back to per-request payment:",m)}}let R=A.headers.get("PAYMENT-REQUIRED");if(!R)throw new I("missing_payment_required_header","Server returned 402 but no PAYMENT-REQUIRED header");let _;try{let m=atob(R);_=JSON.parse(m)}catch{throw new I("invalid_payment_required","Failed to decode PAYMENT-REQUIRED header")}l("Payment requirements:",_);let H=A.headers.get("X-Quote-Hash");H&&l("Quote hash received:",H);let L=k(_.accepts);if(!L){let m=_.accepts.map(b=>b.network).join(", ");throw new I("no_matching_payment_option",`No connected wallet for any available network: ${m}`)}let{accept:U,adapter:C,wallet:j}=L;if(l(`Using ${C.name} for ${U.network}`),C.name==="Solana"&&!U.extra?.feePayer)throw new I("missing_fee_payer","Solana payment option missing feePayer in extra");let he=U.extra?.decimals??(Et(U.asset)?6:void 0);if(typeof he!="number")throw new I("missing_decimals","Payment option missing decimals - provide in extra or use a known stablecoin");let X=U.amount??U.maxAmountRequired;if(!X)throw new I("missing_amount","Payment option missing amount");if(o&&BigInt(X)>BigInt(o))throw new I("amount_exceeds_max",`Payment amount ${X} exceeds maximum ${o}`);let Ue=q(U.network,C);l("Checking balance...");try{let m=await C.getBalance(U,j,Ue),b=Number(X)/Math.pow(10,he);if(m<b){let ht=M(U.network,C.name);throw new I("insufficient_balance",`Insufficient balance on ${ht}. Have $${m.toFixed(4)}, need $${b.toFixed(4)}`)}l(`Balance OK: $${m.toFixed(4)} >= $${b.toFixed(4)}`)}catch(m){if(m instanceof I)throw m;l("Balance check failed (RPC error), proceeding with transaction attempt")}if(p&&!await p(U))throw new I("payment_rejected","Payment rejected by onPaymentRequired callback");l("Building transaction...");let Y=await C.buildTransaction(U,j,Ue);l("Transaction signed");let z;C.name==="EVM"?z=JSON.parse(Y.serialized):z={transaction:Y.serialized};let Ae=h,ae=_.resource;if(typeof _.resource=="string")try{let m=new URL(_.resource,Ae).toString();m!==_.resource&&l("Resolved relative resource URL:",_.resource,"\u2192",m),ae=m}catch{ae=_.resource}else if(_.resource&&typeof _.resource=="object"&&"url"in _.resource){let m=_.resource;try{let b=new URL(m.url,Ae).toString();b!==m.url&&(l("Resolved relative resource URL:",m.url,"\u2192",b),ae={...m,url:b})}catch{}}let be={x402Version:U.x402Version??2,resource:ae,accepted:U,payload:z};Y.extensions&&(be.extensions=Y.extensions);let Ze=btoa(JSON.stringify(be));if(d)try{d(U,Y.settlementProbe)}catch{}l("Retrying request with payment...");let Q=await P(h,{...w,headers:{...w?.headers||{},"PAYMENT-SIGNATURE":Ze,...H?{"X-Quote-Hash":H}:{}}});if(l("Retry response status:",Q.status),Q.status===402){let m="unknown";try{let b=await Q.clone().json();m=String(b.error||b.message||JSON.stringify(b)),l("Rejection reason:",m)}catch{}throw new I("payment_rejected",`Payment was rejected by the server: ${m}`)}let oe=Q.headers.get("PAYMENT-RESPONSE"),F;if(oe)try{F=JSON.parse(atob(oe))}catch{}return F??={},F.amountAtomic=X,F.assetDecimals=he,vn.set(Q,F),F.extensions&&l("Settlement extensions:",Object.keys(F.extensions).join(", ")),Q}async function K(h,w){let[E,A]=await En(h,w);return D(E,A)}return{fetch:K}}function G(t){if(t instanceof Error){if(t.message&&t.message.length>0)return t.message;if(t.name&&t.name.length>0)return t.name}let e=String(t);return e.length>0?e:"unknown error"}async function Qe(t){let e="";try{e=(await t.clone().text()).slice(0,600)}catch{}let n=e.toLowerCase(),r=n.includes("settle")||n.includes("facilitator"),s=e;try{let a=JSON.parse(e),o=[a.error,a.detail,a.message].filter(i=>typeof i=="string"&&i.length>0);o.length>0&&(s=o.join(" \u2014 "))}catch{}return s||(s=`HTTP ${t.status}`),{reason:r?"settlement_failed":"merchant_rejected",detail:`merchant HTTP ${t.status}: ${s}`}}var ft="Payment authorization was sent, but the merchant did not respond within the timeout. ",gt=" Do not retry without checking \u2014 inspect the funding wallet for a transfer to the merchant before attempting payment again.";async function yt(t,e,n){if(!t)return{confirmed:!1,detail:ft+"This payment scheme has no on-chain confirmation check, so the SDK cannot verify whether it settled."+gt};try{if(t.kind==="solana"){let o=se(),i=n??o.getDefaultRpcUrl(e.caip2);if(!o.confirmSettlement)return Gt();let c=await o.confirmSettlement(t,i);return c.settled?{confirmed:!0,txSignature:c.txSignature}:Jt()}let r=Oe(),s=r.getDefaultRpcUrl(e.caip2);if(!r.confirmSettlement)return Gt();let a=await r.confirmSettlement(t,s);return a.settled?{confirmed:!0,txSignature:a.txSignature}:Jt()}catch(r){return{confirmed:!1,detail:ft+`On-chain confirmation could not be completed (${G(r)}).`+gt}}}function Jt(){return{confirmed:!1,detail:ft+"On-chain confirmation found no matching settlement yet \u2014 the payment may still be pending, or may not have settled."+gt}}function Gt(){return{confirmed:!1,detail:ft+"The chain adapter does not support on-chain confirmation."+gt}}var Pn=new Set(["exact","exact-approval"]);async function Rn(t,e,n,r){let s;try{s=await r.signNextVoucher(n.amount)}catch{return null}let a=new Headers(e.headers??void 0);a.set("X-Tab-Voucher",De(s));let o={method:e.method??"GET",headers:a};e.signal&&(o.signal=e.signal),typeof e.body=="string"&&(o.body=e.body);let i;try{i=await fetch(t,o)}catch(c){return{ok:!1,reason:"error",detail:c?.message??String(c)}}return i.status===402?(r.rollbackVoucher?.call(r,s),null):i.ok?{ok:!0,paid:!0,response:i,amountPaid:n.amount,network:n.network}:{ok:!1,...await Qe(i)}}var Xt={version:2,async parseChallenge(t){return at(t)},async pay(t,e,n,r,s){if(s.tab){let y=n.options.find(g=>g.scheme==="tab"&&g.network.family==="svm"&&g.payTo===s.tab.counterparty);if(y){let g=await Rn(t,e,y,s.tab);if(g)return g}}let a=n.options.filter(y=>Pn.has(y.scheme));if(a.length===0)return{ok:!1,reason:"no_payment_options",detail:`no generically payable scheme offered (got: ${n.options.map(y=>y.scheme).join(", ")})`};let o=a.find(y=>y.network.family==="evm"?!!r.evm:y.network.family==="svm"?!!r.solana:!1);if(!o)return{ok:!1,reason:"unsupported_network"};let i=s.timeoutMs??15e3,c=s.responseTimeoutMs??12e4,u=new AbortController,p=setTimeout(()=>u.abort(),i),d=!1,f,T=(y,g)=>{d=!0,f=g,clearTimeout(p),p=setTimeout(()=>u.abort(),c)},l=jt({wallets:r,preferredNetwork:o.network.caip2,maxAmountAtomic:s.maxAmountAtomic,fetch:globalThis.fetch,onPaymentDispatched:T}),P=e.signal?AbortSignal.any([e.signal,u.signal]):u.signal,x={method:e.method??"GET",headers:e.headers,signal:P};typeof e.body=="string"&&(x.body=e.body);try{let y=await l.fetch(t,x);if(clearTimeout(p),!y.ok)return{ok:!1,...await Qe(y)};let g,S=y.headers.get("PAYMENT-RESPONSE");if(S)try{let k=Tt(S);k&&typeof k.transaction=="string"&&(g=k.transaction)}catch{}return{ok:!0,paid:!0,response:y,amountPaid:o.amount,network:o.network,txSignature:g}}catch(y){clearTimeout(p);let g=y;if(g?.name==="AbortError"){if(!d)return{ok:!1,reason:"timeout"};let S=await yt(f,o.network,s.solanaRpcUrl);return S.confirmed?{ok:!0,paid:!0,response:void 0,amountPaid:o.amount,network:o.network,txSignature:S.txSignature}:{ok:!1,reason:"payment_unconfirmed",detail:S.detail}}return{ok:!1,reason:"error",detail:g?.message??String(y)}}}};var Yt=require("viem");var _n={TransferWithAuthorization:[{name:"from",type:"address"},{name:"to",type:"address"},{name:"value",type:"uint256"},{name:"validAfter",type:"uint256"},{name:"validBefore",type:"uint256"},{name:"nonce",type:"bytes32"}]};async function kn(){let t=globalThis.crypto??(await import("crypto")).webcrypto,e=new Uint8Array(32);return t.getRandomValues(e),"0x"+Array.from(e,n=>n.toString(16).padStart(2,"0")).join("")}async function Cn(t,e,n){if(typeof t.signTypedData!="function")throw new Error("EVM wallet does not support signTypedData");let r=Math.floor(Date.now()/1e3),s=String(r-600),a=String(r+(e.maxTimeoutSeconds??60)),o={from:t.address,to:e.payTo,value:e.amount,validAfter:s,validBefore:a,nonce:await kn()},i=ze[e.network.caip2];if(i===void 0)throw new Error(`unknown chain id for network ${e.network.caip2}`);let c=e.extra,u=await t.signTypedData({domain:{name:c.name,version:c.version,chainId:i,verifyingContract:(0,Yt.getAddress)(e.asset)},types:_n,primaryType:"TransferWithAuthorization",message:o});return{payment:{x402Version:1,scheme:e.scheme,network:n,payload:{signature:u,authorization:o}},settlementProbe:{kind:"eip3009",from:o.from,nonce:o.nonce,asset:e.asset,chainId:i}}}async function vt(t,e,n){try{let r;for(let s of t.options){let a=s.network.family==="evm"&&!!e.evm||s.network.family==="svm"&&!!e.solana;if(s.scheme!=="exact"){a&&(r=s.scheme);continue}if(s.network.family==="evm"&&e.evm){let o=await e.evm;return await In(s,o,n)}if(s.network.family==="svm"&&e.solana){let o=await e.solana;return await Nn(s,o,n)}}return r!==void 0?{ok:!1,reason:"merchant_rejected",detail:`v1 supports only the 'exact' scheme, got '${r}'`}:{ok:!1,reason:"unsupported_network"}}catch(r){return{ok:!1,reason:"error",detail:G(r)}}}async function In(t,e,n){if(n.maxAmountAtomic!==void 0&&BigInt(t.amount)>BigInt(n.maxAmountAtomic))return{ok:!1,reason:"budget_exceeded"};let r=t.extra??{},s=r.name,a=r.version;if(typeof s!="string"||s.length===0||typeof a!="string"||a.length===0)return{ok:!1,reason:"merchant_rejected",detail:"v1 challenge missing exact-scheme EIP-712 domain (extra.name / extra.version)"};let o=t.network.bare,{payment:i,settlementProbe:c}=await Cn(e,t,o);return{ok:!0,headerValue:Buffer.from(JSON.stringify(i),"utf8").toString("base64"),option:t,settlementProbe:c}}async function Nn(t,e,n){if(n.maxAmountAtomic!==void 0&&BigInt(t.amount)>BigInt(n.maxAmountAtomic))return{ok:!1,reason:"budget_exceeded"};if(t.scheme!=="exact")return{ok:!1,reason:"merchant_rejected",detail:`v1 SVM supports only the 'exact' scheme, got '${t.scheme}'`};let r=t.extra??{};if(typeof r.feePayer!="string"||r.feePayer.length===0)return{ok:!1,reason:"merchant_rejected",detail:"v1 SVM challenge missing extra.feePayer (required as the transaction fee payer)"};let s=t.network.bare,a={x402Version:1,scheme:t.scheme,network:s,asset:t.asset,payTo:t.payTo,amount:t.amount,maxAmountRequired:t.amount,maxTimeoutSeconds:t.maxTimeoutSeconds??60,extra:r},i=await se().buildTransaction(a,e,n.solanaRpcUrl),c={x402Version:1,scheme:t.scheme,network:s,payload:{transaction:i.serialized}};return{ok:!0,headerValue:Buffer.from(JSON.stringify(c),"utf8").toString("base64"),option:t,settlementProbe:i.settlementProbe}}function On(t){let e=[];for(let n of t){if(!n||typeof n!="object")continue;let r=n,s=Me(String(r.network??""));s&&e.push({scheme:String(r.scheme??"exact"),network:s,amount:String(r.maxAmountRequired??r.amount??"0"),asset:String(r.asset??""),payTo:String(r.payTo??""),maxTimeoutSeconds:typeof r.maxTimeoutSeconds=="number"?r.maxTimeoutSeconds:void 0,extra:r.extra&&typeof r.extra=="object"?r.extra:void 0})}return e}var zt={version:1,async parseChallenge(t){if(t.headers.get("payment-required"))return null;let e;try{e=await t.clone().json()}catch{return null}let n=Array.isArray(e.accepts)?e.accepts:[];if(n.length===0)return null;let r=On(n);return r.length===0?null:{x402Version:1,options:r}},async pay(t,e,n,r,s){let a,o=new AbortController,i=!1,c,u;try{let p=s.timeoutMs??15e3;a=setTimeout(()=>o.abort(),p);let d=await vt(n,r,s);if(!d.ok)return{ok:!1,reason:d.reason,detail:d.detail};let f=d.headerValue,T=d.option;u=T,c=d.settlementProbe;let l=new Headers(e.headers??void 0);l.set("X-PAYMENT",f);let P=e.signal!=null?AbortSignal.any([e.signal,o.signal]):o.signal,x={method:e.method,headers:l,signal:P};typeof e.body=="string"&&(x.body=e.body),i=!0,clearTimeout(a);let y=s.responseTimeoutMs??12e4;a=setTimeout(()=>o.abort(),y);let g=await fetch(t,x);return g.ok?{ok:!0,paid:!0,response:g,amountPaid:T.amount,network:T.network,txSignature:Un(g)}:{ok:!1,...await Qe(g)}}catch(p){if(p instanceof Error&&p.name==="AbortError"){if(!i)return{ok:!1,reason:"timeout"};let d=await yt(c,u.network,s.solanaRpcUrl);return d.confirmed?{ok:!0,paid:!0,response:void 0,amountPaid:u.amount,network:u.network,txSignature:d.txSignature}:{ok:!1,reason:"payment_unconfirmed",detail:d.detail}}return{ok:!1,reason:"error",detail:G(p)}}finally{a!==void 0&&clearTimeout(a)}}};function Un(t){let e=t.headers.get("x-payment-response")??t.headers.get("X-PAYMENT-RESPONSE");if(e)try{let n=JSON.parse(Buffer.from(e,"base64").toString("utf8")),r=n.transaction??n.txHash??n.transactionHash;return typeof r=="string"?r:void 0}catch{return}}var Zt=J(require("tweetnacl"),1);var Pt=require("@solana/web3.js"),Qt=Symbol.for("x402:keypair");function Rt(t){let e=t.evm;if(e&&typeof e.signMessage=="function"&&typeof e.address=="string")return{address:e.address,signMessage:e.signMessage};let n=t.solana;if(n){let r=n[Qt];if(r&&r.secretKey&&r.publicKey)return{publicKey:r.publicKey,signMessage:async s=>Zt.sign.detached(s,r.secretKey)}}return null}var Bn=[Xt,zt];async function Dn(t){let e=Rt(t);if(!e)return fetch;try{return(await import("@x402/extensions/sign-in-with-x")).wrapFetchWithSIWx(fetch,e)}catch(n){return console.warn(`[x402] SIW-X unavailable \u2014 @x402/extensions failed to load; SIW-X merchants will not authenticate. ${G(n)}`),fetch}}async function _t(t,e,n,r){if(e.body!==void 0&&e.body!==null&&typeof e.body!="string")return{ok:!1,reason:"error",detail:"payAndFetch requires a string body; non-string bodies (Buffer, FormData, URLSearchParams, ReadableStream) cannot be safely re-sent on the paid retry"};let s;try{s=await(await Dn(n))(t,{...e})}catch(a){return{ok:!1,reason:"error",detail:G(a)}}if(s.status!==402)return{ok:!0,paid:!1,response:s};for(let a of Bn){let o=await a.parseChallenge(s.clone());if(o)return a.pay(t,e,o,n,r)}return{ok:!1,reason:"no_payment_options"}}async function en(t,e={},n){let r=await xe(t,e);if(r.kind==="free")return{result:{ok:!0,paid:!1,response:r.response},tab:null};if(r.kind==="no_tab")return{result:{ok:!1,reason:"no_payment_options",detail:`no tab option offered (schemes: ${r.schemesOffered.join(", ")})`},tab:null};if(r.kind==="error")return{result:{ok:!1,reason:"error",detail:r.detail},tab:null};let{offer:s}=r,a=BigInt(ee(n.perUnitCap));if(BigInt(s.amountAtomic)>a)return{result:{ok:!1,reason:"budget_exceeded",detail:`seller quotes ${s.amountAtomic} atomic; perUnitCap allows ${a}`},tab:null};let o=n.tabs?.get(s.payTo);return(!o||!o.state.isOpen)&&(o=await rt({vault:n.vault,network:"solana:mainnet",seller:s.payTo,perUnitCap:n.perUnitCap,totalCap:n.totalCap,sessionDuration:n.sessionDuration,facilitatorUrl:n.facilitatorUrl}),n.tabs?.set(s.payTo,o)),{result:await _t(t,e,{},{tab:o}),tab:o}}function Mn(t){return{counterparty:t.payTo,perRequest:{atomic:t.amountAtomic,human:le(t.amountAtomic)},asset:t.asset,network:{caip2:t.networkCaip2},scheme:"tab",settlement:{custody:"non-custodial",protection:"lock",settleOn:"close"},credit:null,...t.resourceUrl!==void 0?{resourceUrl:t.resourceUrl}:{}}}async function tn(t,e={},n={}){let r=n.cache?.get(t);if(r)return{kind:"terms",terms:r};let s=await xe(t,e,n.fetchImpl??fetch);if(s.kind!=="offer")return s;if(s.offer.asset!==Xe)return{kind:"error",detail:`tab offer asset is not USDC ("${s.offer.asset}"); refusing to render a human price`};let a=Mn(s.offer);return n.cache?.set(t,a),{kind:"terms",terms:a}}0&&(module.exports={DEFAULT_FACILITATOR_URL,DEXTER_VAULT_PROGRAM_ID,INSTRUCTIONS_SYSVAR_ID,SECP256R1_PROGRAM_ID,SessionScopeExceededError,TabClosedError,UnsupportedNetworkError,atomicToHuman,buildRegisterSessionKeyInstruction,buildRevokeSessionKeyInstruction,buildSecp256r1VerifyInstruction,buildVoucherMessage,humanToAtomic,openTab,payUrlWithTab,resolveTabOffer,resolveTabTerms,resumeTab,sessionRegisterMessage,sessionRevokeMessage,tabFromGrant,voucherPayloadMessage,voucherToHeader});
@@ -1,8 +1,11 @@
1
- import { O as OpenTabOptions, T as Tab, R as ResumeTabOptions, V as VaultAdapter } from '../types-DuoL3s8n.cjs';
2
- export { S as SessionScopeExceededError, b as TabCloseResult, c as TabClosedError, a as TabState, U as UnsupportedNetworkError } from '../types-DuoL3s8n.cjs';
1
+ import { O as OpenTabOptions, T as Tab, R as ResumeTabOptions, V as VaultAdapter } from '../types-D5eKDMvo.cjs';
2
+ export { S as SessionScopeExceededError, b as TabCloseResult, c as TabClosedError, a as TabState, U as UnsupportedNetworkError } from '../types-D5eKDMvo.cjs';
3
3
  import { HumanAmount, AtomicAmount, SignedVoucher } from '@dexterai/vault/types';
4
4
  export { AtomicAmount, HumanAmount, SessionKey, SessionScope, SignedVoucher, TabNetworkId, VoucherPayload } from '@dexterai/vault/types';
5
- import { a as PayResult } from '../types-DMzS_Rh2.cjs';
5
+ import { PublicKey, Connection } from '@solana/web3.js';
6
+ import { ApprovedSpendGrantParams } from '@dexterai/vault/grant';
7
+ export { ApprovedSpendGrantParams } from '@dexterai/vault/grant';
8
+ import { a as PayResult } from '../types-CWYzWTwF.cjs';
6
9
  export { SessionRegisterMessageArgs, SessionRevokeMessageArgs, VoucherPayloadBytes, buildVoucherMessage, sessionRegisterMessage, sessionRevokeMessage, voucherPayloadMessage } from '@dexterai/vault/messages';
7
10
  export { BuildRegisterSessionKeyArgs, BuildRevokeSessionKeyArgs, buildRegisterSessionKeyInstruction, buildRevokeSessionKeyInstruction } from '@dexterai/vault/instructions';
8
11
  export { buildSecp256r1VerifyInstruction } from '@dexterai/vault/precompile';
@@ -44,6 +47,120 @@ declare function voucherToHeader(signed: SignedVoucher): string;
44
47
  declare function openTab(options: OpenTabOptions): Promise<Tab>;
45
48
  declare function resumeTab(_options: ResumeTabOptions): Promise<Tab>;
46
49
 
50
+ /**
51
+ * tabFromGrant — open a buyer-side Tab from a GRANTED session key.
52
+ *
53
+ * The `/tabs/connect` grant ceremony (@dexterai/vault/grant approveSpendGrant
54
+ * + the sponsor's register endpoint) already did the passkey half of
55
+ * `openTab`: the user consented, the 188-byte registration was passkey-signed,
56
+ * and the sponsor landed the on-chain `register_session_key` tx. What the
57
+ * requesting agent walks away with is exactly two artifacts:
58
+ *
59
+ * 1. the session SECRET (custody mode i: `approveSpendGrant().sessionKeypair`
60
+ * delivered to it; custody mode ii: it generated the keypair itself and
61
+ * only the pubkey went into the blob), and
62
+ * 2. the consented `ApprovedSpendGrantParams`.
63
+ *
64
+ * This constructor rebuilds everything else from those two + the chain:
65
+ *
66
+ * - the 188-byte registration message, byte-exact via the SAME
67
+ * `sessionRegisterMessage` builder the ceremony used (it rides every
68
+ * voucher; the seller re-parses it, so any drift = rejected vouchers)
69
+ * - the resume FRONTIER from the on-chain SessionAccount:
70
+ * `max(session.spent, session.crystallizedCumulative)` — the cumulative
71
+ * odometer starts there so the first voucher strictly exceeds everything
72
+ * the chain has already terminally counted. The chain is the durable
73
+ * counter; there is no local state store to lose.
74
+ * - drain-protection arming via the facilitator's `POST /tab/open`,
75
+ * fail-closed exactly like `openTab` (an unarmed tab is never returned)
76
+ *
77
+ * CUSTODY NOTE — why this constructor may hold a session secret when
78
+ * `resumeTab` refuses to: the passkey path's "session keys are memory-only"
79
+ * doctrine protects the ROOT credential flow. The grant path deliberately
80
+ * relaxes it — the user consented (one passkey tap) to hand a CAPPED,
81
+ * EXPIRING, SINGLE-COUNTERPARTY key to the requesting agent. Exposure is
82
+ * bounded by the consented scope, and the wallet owner can revoke on their
83
+ * own surfaces at any time.
84
+ *
85
+ * CLOSE SEMANTICS — `close()` on a grant tab is SETTLE-ONLY: it posts the
86
+ * final voucher to `/tab/settle`, zeroes the in-memory key, and marks the tab
87
+ * closed. It does NOT revoke the session on chain — revocation is
88
+ * passkey-signed and the grant holder has no passkey. `TabCloseResult`
89
+ * reports this honestly (`sessionRevoked: false`); the session PDA stays live
90
+ * until the wallet owner revokes it or it expiry-sweeps.
91
+ */
92
+
93
+ /**
94
+ * Options for `tabFromGrant`.
95
+ *
96
+ * CONCURRENCY WARNING (TOCTOU) — read this before holding ONE session key
97
+ * across CONCURRENT spend paths: the resume frontier is read from the chain
98
+ * ONCE, at construction. Concurrent holders of the same session key — or a
99
+ * settle/lock racing that read — can make the frontier stale. The failure
100
+ * mode is SAFE REJECTION, never overspend: the seller rejects
101
+ * `non_monotonic` and the chain/facilitator reject `non_monotonic_cumulative`,
102
+ * so a stale tab's vouchers bounce instead of double-spending. But consumers
103
+ * that drive one session key from multiple concurrent spenders (the T4
104
+ * anon/MCP rail is the canonical case) MUST serialize per
105
+ * (vault, counterparty): one live tab per pair, one spend in flight at a time.
106
+ */
107
+ interface TabFromGrantOptions {
108
+ /**
109
+ * The granted session SECRET. Accepts the shapes the grant flow actually
110
+ * produces: a 64-byte nacl `secretKey` (approveSpendGrant custody mode i,
111
+ * or a requester-generated nacl keypair in custody mode ii), or —
112
+ * defensively — a 32-byte ed25519 seed. Validated against
113
+ * `params.sessionPubkey` with a sign/verify self-check before ANY I/O, so
114
+ * a key handed across processes that doesn't actually sign for the granted
115
+ * pubkey fails loudly here instead of as a seller/facilitator rejection.
116
+ *
117
+ * The constructor takes its own copy; the caller should zero their buffer.
118
+ */
119
+ sessionSecretKey: Uint8Array;
120
+ /** The final consented grant values — `approveSpendGrant().params`, verbatim. */
121
+ params: ApprovedSpendGrantParams;
122
+ /** The USER's vault PDA (the grant blob never carries it; the consent page
123
+ * resolved it from the user's own identity — same value here). */
124
+ vaultPda: string | PublicKey;
125
+ /**
126
+ * RPC for the on-chain reads (frontier + optional swig resolution): a
127
+ * web3.js Connection or an RPC URL. REQUIRED — the SessionAccount is the
128
+ * durable spend counter; there is no offline resume.
129
+ */
130
+ connection: Connection | string;
131
+ /**
132
+ * Max atomic amount a SINGLE voucher may add. REQUIRED and deliberately so:
133
+ * every signed voucher is a bearer claim, so this cap is the blast radius
134
+ * of one request against a misbehaving seller. Callers know their per-call
135
+ * price; set it near that.
136
+ */
137
+ perUnitCapAtomic: AtomicAmount;
138
+ /**
139
+ * Seller URL used for channel-id derivation and `Tab.stream()` routing
140
+ * context. Defaults to `params.counterparty` (matching openTab's Phase-2
141
+ * pubkey-as-seller shape). Either way the tab's `counterparty` — the value
142
+ * `payWithTab` matches against a tab-scheme accept's `payTo` — is ALWAYS
143
+ * `params.counterparty`.
144
+ */
145
+ sellerUrl?: string;
146
+ /**
147
+ * The buyer's Swig STATE address (`vault.swig_address`) for the `/tab/open`
148
+ * arming call. When omitted it is read from the on-chain vault account —
149
+ * one extra RPC read, never a guess.
150
+ */
151
+ swigAddress?: string;
152
+ /** Facilitator base URL. Default: DEFAULT_FACILITATOR_URL (https://x402.dexter.cash). */
153
+ facilitatorUrl?: string;
154
+ /** Vault program id override (test/devnet). Default: DEXTER_VAULT_PROGRAM_ID. */
155
+ programId?: PublicKey;
156
+ }
157
+ /**
158
+ * Construct a live `Tab` from a granted session key. Fail-loud at every step:
159
+ * key/params mismatch, dead or drifted on-chain session, exhausted cap, and
160
+ * unarmed drain protection all THROW — an invalid tab is never returned.
161
+ */
162
+ declare function tabFromGrant(options: TabFromGrantOptions): Promise<Tab>;
163
+
47
164
  interface TabOffer {
48
165
  /** Seller counterparty (base58) read from the challenge's payTo. */
49
166
  payTo: string;
@@ -178,4 +295,4 @@ interface ResolveTabTermsOptions {
178
295
  */
179
296
  declare function resolveTabTerms(url: string, init?: RequestInit, opts?: ResolveTabTermsOptions): Promise<TabTermsResult>;
180
297
 
181
- export { DEFAULT_FACILITATOR_URL, OpenTabOptions, type PayUrlWithTabOptions, type PayUrlWithTabResult, type ResolveTabTermsOptions, ResumeTabOptions, Tab, type TabOffer, type TabOfferResult, type TabTerms, type TabTermsResult, VaultAdapter, atomicToHuman, humanToAtomic, openTab, payUrlWithTab, resolveTabOffer, resolveTabTerms, resumeTab, voucherToHeader };
298
+ export { DEFAULT_FACILITATOR_URL, OpenTabOptions, type PayUrlWithTabOptions, type PayUrlWithTabResult, type ResolveTabTermsOptions, ResumeTabOptions, Tab, type TabFromGrantOptions, type TabOffer, type TabOfferResult, type TabTerms, type TabTermsResult, VaultAdapter, atomicToHuman, humanToAtomic, openTab, payUrlWithTab, resolveTabOffer, resolveTabTerms, resumeTab, tabFromGrant, voucherToHeader };
@@ -1,8 +1,11 @@
1
- import { O as OpenTabOptions, T as Tab, R as ResumeTabOptions, V as VaultAdapter } from '../types-DuoL3s8n.js';
2
- export { S as SessionScopeExceededError, b as TabCloseResult, c as TabClosedError, a as TabState, U as UnsupportedNetworkError } from '../types-DuoL3s8n.js';
1
+ import { O as OpenTabOptions, T as Tab, R as ResumeTabOptions, V as VaultAdapter } from '../types-D5eKDMvo.js';
2
+ export { S as SessionScopeExceededError, b as TabCloseResult, c as TabClosedError, a as TabState, U as UnsupportedNetworkError } from '../types-D5eKDMvo.js';
3
3
  import { HumanAmount, AtomicAmount, SignedVoucher } from '@dexterai/vault/types';
4
4
  export { AtomicAmount, HumanAmount, SessionKey, SessionScope, SignedVoucher, TabNetworkId, VoucherPayload } from '@dexterai/vault/types';
5
- import { a as PayResult } from '../types-BL9QW1gf.js';
5
+ import { PublicKey, Connection } from '@solana/web3.js';
6
+ import { ApprovedSpendGrantParams } from '@dexterai/vault/grant';
7
+ export { ApprovedSpendGrantParams } from '@dexterai/vault/grant';
8
+ import { a as PayResult } from '../types-rSrCtwS2.js';
6
9
  export { SessionRegisterMessageArgs, SessionRevokeMessageArgs, VoucherPayloadBytes, buildVoucherMessage, sessionRegisterMessage, sessionRevokeMessage, voucherPayloadMessage } from '@dexterai/vault/messages';
7
10
  export { BuildRegisterSessionKeyArgs, BuildRevokeSessionKeyArgs, buildRegisterSessionKeyInstruction, buildRevokeSessionKeyInstruction } from '@dexterai/vault/instructions';
8
11
  export { buildSecp256r1VerifyInstruction } from '@dexterai/vault/precompile';
@@ -44,6 +47,120 @@ declare function voucherToHeader(signed: SignedVoucher): string;
44
47
  declare function openTab(options: OpenTabOptions): Promise<Tab>;
45
48
  declare function resumeTab(_options: ResumeTabOptions): Promise<Tab>;
46
49
 
50
+ /**
51
+ * tabFromGrant — open a buyer-side Tab from a GRANTED session key.
52
+ *
53
+ * The `/tabs/connect` grant ceremony (@dexterai/vault/grant approveSpendGrant
54
+ * + the sponsor's register endpoint) already did the passkey half of
55
+ * `openTab`: the user consented, the 188-byte registration was passkey-signed,
56
+ * and the sponsor landed the on-chain `register_session_key` tx. What the
57
+ * requesting agent walks away with is exactly two artifacts:
58
+ *
59
+ * 1. the session SECRET (custody mode i: `approveSpendGrant().sessionKeypair`
60
+ * delivered to it; custody mode ii: it generated the keypair itself and
61
+ * only the pubkey went into the blob), and
62
+ * 2. the consented `ApprovedSpendGrantParams`.
63
+ *
64
+ * This constructor rebuilds everything else from those two + the chain:
65
+ *
66
+ * - the 188-byte registration message, byte-exact via the SAME
67
+ * `sessionRegisterMessage` builder the ceremony used (it rides every
68
+ * voucher; the seller re-parses it, so any drift = rejected vouchers)
69
+ * - the resume FRONTIER from the on-chain SessionAccount:
70
+ * `max(session.spent, session.crystallizedCumulative)` — the cumulative
71
+ * odometer starts there so the first voucher strictly exceeds everything
72
+ * the chain has already terminally counted. The chain is the durable
73
+ * counter; there is no local state store to lose.
74
+ * - drain-protection arming via the facilitator's `POST /tab/open`,
75
+ * fail-closed exactly like `openTab` (an unarmed tab is never returned)
76
+ *
77
+ * CUSTODY NOTE — why this constructor may hold a session secret when
78
+ * `resumeTab` refuses to: the passkey path's "session keys are memory-only"
79
+ * doctrine protects the ROOT credential flow. The grant path deliberately
80
+ * relaxes it — the user consented (one passkey tap) to hand a CAPPED,
81
+ * EXPIRING, SINGLE-COUNTERPARTY key to the requesting agent. Exposure is
82
+ * bounded by the consented scope, and the wallet owner can revoke on their
83
+ * own surfaces at any time.
84
+ *
85
+ * CLOSE SEMANTICS — `close()` on a grant tab is SETTLE-ONLY: it posts the
86
+ * final voucher to `/tab/settle`, zeroes the in-memory key, and marks the tab
87
+ * closed. It does NOT revoke the session on chain — revocation is
88
+ * passkey-signed and the grant holder has no passkey. `TabCloseResult`
89
+ * reports this honestly (`sessionRevoked: false`); the session PDA stays live
90
+ * until the wallet owner revokes it or it expiry-sweeps.
91
+ */
92
+
93
+ /**
94
+ * Options for `tabFromGrant`.
95
+ *
96
+ * CONCURRENCY WARNING (TOCTOU) — read this before holding ONE session key
97
+ * across CONCURRENT spend paths: the resume frontier is read from the chain
98
+ * ONCE, at construction. Concurrent holders of the same session key — or a
99
+ * settle/lock racing that read — can make the frontier stale. The failure
100
+ * mode is SAFE REJECTION, never overspend: the seller rejects
101
+ * `non_monotonic` and the chain/facilitator reject `non_monotonic_cumulative`,
102
+ * so a stale tab's vouchers bounce instead of double-spending. But consumers
103
+ * that drive one session key from multiple concurrent spenders (the T4
104
+ * anon/MCP rail is the canonical case) MUST serialize per
105
+ * (vault, counterparty): one live tab per pair, one spend in flight at a time.
106
+ */
107
+ interface TabFromGrantOptions {
108
+ /**
109
+ * The granted session SECRET. Accepts the shapes the grant flow actually
110
+ * produces: a 64-byte nacl `secretKey` (approveSpendGrant custody mode i,
111
+ * or a requester-generated nacl keypair in custody mode ii), or —
112
+ * defensively — a 32-byte ed25519 seed. Validated against
113
+ * `params.sessionPubkey` with a sign/verify self-check before ANY I/O, so
114
+ * a key handed across processes that doesn't actually sign for the granted
115
+ * pubkey fails loudly here instead of as a seller/facilitator rejection.
116
+ *
117
+ * The constructor takes its own copy; the caller should zero their buffer.
118
+ */
119
+ sessionSecretKey: Uint8Array;
120
+ /** The final consented grant values — `approveSpendGrant().params`, verbatim. */
121
+ params: ApprovedSpendGrantParams;
122
+ /** The USER's vault PDA (the grant blob never carries it; the consent page
123
+ * resolved it from the user's own identity — same value here). */
124
+ vaultPda: string | PublicKey;
125
+ /**
126
+ * RPC for the on-chain reads (frontier + optional swig resolution): a
127
+ * web3.js Connection or an RPC URL. REQUIRED — the SessionAccount is the
128
+ * durable spend counter; there is no offline resume.
129
+ */
130
+ connection: Connection | string;
131
+ /**
132
+ * Max atomic amount a SINGLE voucher may add. REQUIRED and deliberately so:
133
+ * every signed voucher is a bearer claim, so this cap is the blast radius
134
+ * of one request against a misbehaving seller. Callers know their per-call
135
+ * price; set it near that.
136
+ */
137
+ perUnitCapAtomic: AtomicAmount;
138
+ /**
139
+ * Seller URL used for channel-id derivation and `Tab.stream()` routing
140
+ * context. Defaults to `params.counterparty` (matching openTab's Phase-2
141
+ * pubkey-as-seller shape). Either way the tab's `counterparty` — the value
142
+ * `payWithTab` matches against a tab-scheme accept's `payTo` — is ALWAYS
143
+ * `params.counterparty`.
144
+ */
145
+ sellerUrl?: string;
146
+ /**
147
+ * The buyer's Swig STATE address (`vault.swig_address`) for the `/tab/open`
148
+ * arming call. When omitted it is read from the on-chain vault account —
149
+ * one extra RPC read, never a guess.
150
+ */
151
+ swigAddress?: string;
152
+ /** Facilitator base URL. Default: DEFAULT_FACILITATOR_URL (https://x402.dexter.cash). */
153
+ facilitatorUrl?: string;
154
+ /** Vault program id override (test/devnet). Default: DEXTER_VAULT_PROGRAM_ID. */
155
+ programId?: PublicKey;
156
+ }
157
+ /**
158
+ * Construct a live `Tab` from a granted session key. Fail-loud at every step:
159
+ * key/params mismatch, dead or drifted on-chain session, exhausted cap, and
160
+ * unarmed drain protection all THROW — an invalid tab is never returned.
161
+ */
162
+ declare function tabFromGrant(options: TabFromGrantOptions): Promise<Tab>;
163
+
47
164
  interface TabOffer {
48
165
  /** Seller counterparty (base58) read from the challenge's payTo. */
49
166
  payTo: string;
@@ -178,4 +295,4 @@ interface ResolveTabTermsOptions {
178
295
  */
179
296
  declare function resolveTabTerms(url: string, init?: RequestInit, opts?: ResolveTabTermsOptions): Promise<TabTermsResult>;
180
297
 
181
- export { DEFAULT_FACILITATOR_URL, OpenTabOptions, type PayUrlWithTabOptions, type PayUrlWithTabResult, type ResolveTabTermsOptions, ResumeTabOptions, Tab, type TabOffer, type TabOfferResult, type TabTerms, type TabTermsResult, VaultAdapter, atomicToHuman, humanToAtomic, openTab, payUrlWithTab, resolveTabOffer, resolveTabTerms, resumeTab, voucherToHeader };
298
+ export { DEFAULT_FACILITATOR_URL, OpenTabOptions, type PayUrlWithTabOptions, type PayUrlWithTabResult, type ResolveTabTermsOptions, ResumeTabOptions, Tab, type TabFromGrantOptions, type TabOffer, type TabOfferResult, type TabTerms, type TabTermsResult, VaultAdapter, atomicToHuman, humanToAtomic, openTab, payUrlWithTab, resolveTabOffer, resolveTabTerms, resumeTab, tabFromGrant, voucherToHeader };