@dexterai/x402 5.3.0 → 5.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,6 +1,6 @@
1
- var S=class extends Error{constructor(r,n){super(`Invalid voucher: ${r}${n?` (${n})`:""}`);this.reason=r;this.name="InvalidVoucherError"}};import{promises as M}from"fs";import{join as je,dirname as Xe}from"path";var Ue=new Map;function P(e,t){let n=(Ue.get(e)??Promise.resolve()).then(()=>t(),()=>t());return Ue.set(e,n.then(()=>{},()=>{})),n}var L=class{map=new Map;async get(t){return this.map.get(t)??null}async set(t,r){this.map.set(t,r)}async delete(t){this.map.delete(t)}async tryAcquireLease(t,r){return P(t,async()=>{let n=this.map.get(t),i=Date.now();if(n?.lease&&n.lease.heldUntilUnixMs>i)return!1;let s=n??{lastVoucher:null,deliveredCumulativeAtomic:"0",lastCrystallizedCumulativeAtomic:"0"};return this.map.set(t,{...s,lease:{heldUntilUnixMs:i+r}}),!0})}async releaseLease(t){await P(t,async()=>{let r=this.map.get(t);r&&this.map.set(t,{...r,lease:void 0})})}};function me(e){let t="";for(let r of e)t+=r.toString(16).padStart(2,"0");return t}function de(e){if(e.length%2!==0)throw new Error(`hex length must be even, got ${e.length}`);let t=new Uint8Array(e.length/2);for(let r=0;r<t.length;r++)t[r]=parseInt(e.substr(r*2,2),16);return t}function Je(e){return{lastVoucher:e.lastVoucher?{payload:e.lastVoucher.payload,sessionPublicKey:me(e.lastVoucher.sessionPublicKey),sessionRegistration:me(e.lastVoucher.sessionRegistration),sessionSignature:me(e.lastVoucher.sessionSignature)}:null,deliveredCumulativeAtomic:e.deliveredCumulativeAtomic,lastCrystallizedCumulativeAtomic:e.lastCrystallizedCumulativeAtomic,onChain:e.onChain,lease:e.lease}}function Ye(e){return{lastVoucher:e.lastVoucher?{payload:e.lastVoucher.payload,sessionPublicKey:de(e.lastVoucher.sessionPublicKey),sessionRegistration:de(e.lastVoucher.sessionRegistration),sessionSignature:de(e.lastVoucher.sessionSignature)}:null,deliveredCumulativeAtomic:e.deliveredCumulativeAtomic,lastCrystallizedCumulativeAtomic:e.lastCrystallizedCumulativeAtomic??"0",onChain:e.onChain,lease:e.lease}}var pe=class{constructor(t){this.dir=t}pathFor(t){if(!/^[a-z0-9_-]+$/i.test(t))throw new Error(`unsafe channelId for filesystem: ${t}`);return je(this.dir,`${t}.json`)}async get(t){try{let r=await M.readFile(this.pathFor(t),"utf8");return Ye(JSON.parse(r))}catch(r){if(r?.code==="ENOENT")return null;throw r}}async set(t,r){let n=this.pathFor(t);await M.mkdir(Xe(n),{recursive:!0});let i=`${n}.tmp`;await M.writeFile(i,JSON.stringify(Je(r))),await M.rename(i,n)}async delete(t){try{await M.unlink(this.pathFor(t))}catch(r){if(r?.code!=="ENOENT")throw r}}async tryAcquireLease(t,r){return P(t,async()=>{let n=await this.get(t),i=Date.now();if(n?.lease&&n.lease.heldUntilUnixMs>i)return!1;let s=n??{lastVoucher:null,deliveredCumulativeAtomic:"0",lastCrystallizedCumulativeAtomic:"0"};return await this.set(t,{...s,lease:{heldUntilUnixMs:i+r}}),!0})}async releaseLease(t){await P(t,async()=>{let r=await this.get(t);r&&await this.set(t,{...r,lease:void 0})})}};import{PublicKey as it}from"@solana/web3.js";import Ge from"tweetnacl";import{sha256 as Ft}from"@noble/hashes/sha256";import{p256 as jt}from"@noble/curves/p256";import{PublicKey as ye}from"@solana/web3.js";import{sessionRegisterMessage as Nt,sessionRevokeMessage as It,voucherPayloadMessage as he,buildVoucherMessage as kt}from"@dexterai/vault/messages";import{buildRegisterSessionKeyInstruction as $t,buildRevokeSessionKeyInstruction as Vt,deriveSwigWalletAddress as Bt}from"@dexterai/vault/instructions";import{buildSecp256r1VerifyInstruction as Mt}from"@dexterai/vault/precompile";import{DEXTER_VAULT_PROGRAM_ID as ge,SECP256R1_PROGRAM_ID as Dt,INSTRUCTIONS_SYSVAR_ID as qt}from"@dexterai/vault/constants";import{fetchSessionAccount as Ze,isSessionLive as Qe}from"@dexterai/vault/session";var fe="OTS_SESSION_REGISTER_V2",C=class extends Error{constructor(r,n){super(`Invalid registration: ${r}${n?` (${n})`:""}`);this.reason=r;this.name="InvalidRegistrationError"}};function Ae(e){if(e.length!==188)throw new C("wrong_length",`expected 188, got ${e.length}`);let t=new TextDecoder().decode(e.slice(0,fe.length));if(t!==fe)throw new C("wrong_domain",`got "${t}"`);for(let g=fe.length;g<32;g++)if(e[g]!==0)throw new C("wrong_domain",`non-NUL padding at byte ${g}`);let r=new DataView(e.buffer,e.byteOffset,e.byteLength),n=new ye(e.slice(32,64)),i=new ye(e.slice(64,96)),s=e.slice(96,128),h=r.getBigUint64(128,!0),c=r.getBigInt64(136,!0),o=new ye(e.slice(144,176)),d=r.getUint32(176,!0),l=r.getBigUint64(180,!0);if(!n.equals(ge))throw new C("wrong_program",`${n.toBase58()} is not ${ge.toBase58()}`);if(h===0n)throw new C("cap_zero");let a=BigInt(Math.floor(Date.now()/1e3));if(c<=a)throw new C("expiry_in_past",`expires_at=${c}, now=${a}`);return{programId:n,vaultPda:i,sessionPubkey:new Uint8Array(s),maxAmount:h,expiresAt:c,allowedCounterparty:o,nonce:d,maxRevolvingCapacity:l}}var N=class extends Error{constructor(r,n){super(`On-chain verification failed: ${r}${n?` (${n})`:""}`);this.reason=r;this.name="OnChainVerificationError"}};async function be(e,t){let r=await Ze(e,t.vaultPda,t.allowedCounterparty);if(!r||r.version===0)throw new N("session_not_active","no live SessionAccount PDA for this (vault, counterparty) \u2014 revoked, expiry-swept, or never registered");if(!Qe(r))throw new N("session_not_active","SessionAccount PDA is present but expired");if(!et(r.session.sessionPubkey,t.sessionPubkey))throw new N("session_pubkey_mismatch",`on-chain ${Oe(r.session.sessionPubkey)} != registration ${Oe(t.sessionPubkey)}`);let n=r.session.spent,i=r.session.crystallizedCumulative;return{frontierAtomic:(n>i?n:i).toString(),spentAtomic:n.toString(),crystallizedCumulativeAtomic:i.toString()}}var T=class extends Error{constructor(t){super(`Invalid voucher signature${t?`: ${t}`:""}`),this.name="InvalidVoucherSignatureError"}};function we(e,t){if(t.length!==32)throw new T(`channelIdBytes must be 32 bytes, got ${t.length}`);if(e.sessionPublicKey.length!==32)throw new T(`sessionPublicKey must be 32 bytes, got ${e.sessionPublicKey.length}`);if(e.sessionSignature.length!==64)throw new T(`sessionSignature must be 64 bytes, got ${e.sessionSignature.length}`);let r=he({channelId:t,cumulativeAmount:BigInt(e.payload.cumulativeAmount),sequenceNumber:e.payload.sequenceNumber});if(!Ge.sign.detached.verify(r,e.sessionSignature,e.sessionPublicKey))throw new T("ed25519 verify rejected")}var x=class extends Error{constructor(r,n){super(`Scope violation: ${r}${n?` (${n})`:""}`);this.reason=r;this.name="ScopeViolationError"}};function ve(e){let t=BigInt(e.voucher.payload.cumulativeAmount);if(t>e.registration.maxAmount)throw new x("cumulative_exceeds_cap",`${t} > ${e.registration.maxAmount}`);let r=BigInt(Math.floor(Date.now()/1e3));if(r>=e.registration.expiresAt)throw new x("session_expired",`now=${r} >= expiresAt=${e.registration.expiresAt}`);if(!e.registration.allowedCounterparty.equals(e.expectedCounterparty))throw new x("wrong_counterparty",`${e.registration.allowedCounterparty.toBase58()} != ${e.expectedCounterparty.toBase58()}`);if(e.previousCumulativeAtomic!==void 0){let n=BigInt(e.previousCumulativeAtomic);if(t<=n)throw new x("non_monotonic",`cumulative=${t} not > previous=${n}`)}}function et(e,t){if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0}function Oe(e){let t="";for(let r of e)t+=r.toString(16).padStart(2,"0");return t}import{PublicKey as dr}from"@solana/web3.js";import{bytesToHex as hr}from"@noble/hashes/utils";import rr from"tweetnacl";import{sha256 as sr}from"@noble/hashes/sha256";var $e="https://x402.dexter.cash",Ve=6;function E(e,t=Ve){if(!/^\d+(\.\d+)?$/.test(e))throw new Error(`amount must be a non-negative decimal string, got "${e}"`);let[r,n=""]=e.split(".");if(n.length>t)throw new Error(`amount "${e}" has more than ${t} decimals`);let i=n.padEnd(t,"0"),s=`${r}${i}`.replace(/^0+(?=\d)/,"");return s===""?"0":s}function U(e,t=Ve){if(!/^\d+$/.test(e))throw new Error(`atomic must be a non-negative integer string, got "${e}"`);let r=e.padStart(t+1,"0"),n=r.slice(0,-t).replace(/^0+(?=\d)/,"")||"0",i=r.slice(-t).replace(/0+$/,"");return i?`${n}.${i}`:n}import{bytesToHex as Se}from"@noble/hashes/utils";var tt=15e3,rt=["claim_already_exists","non_monotonic_cumulative"];function nt(e){return`${e.slice(0,16)}\u2026`}function Be(e,t,r,n){let i=nt(e);if(n.crystallized){console.info(`[tab/seller] crystallize OK channel=${i} cumulative=${t} seq=${r}${n.claimPda?` claimPda=${n.claimPda}`:""} \u2014 LockVoucher landed`);return}if(n.error){if(rt.some(s=>n.error.includes(s))){console.warn(`[tab/seller] crystallize duplicate channel=${i} cumulative=${t} seq=${r}: ${n.error} \u2014 voucher already secured on-chain (benign, no action)`);return}console.error(`[tab/seller] crystallize FAILED channel=${i} cumulative=${t} seq=${r}: ${n.error} \u2014 lock NOT secured (degraded: best-effort path, no watermark advance, retries at next threshold/close; seller exposure stays unsecured until it lands)`)}}async function xe(e,t,r,n,i=fetch){let s=e.lastVoucher;if(!s)return{crystallized:!1};if(s.payload.channelId!==t){let c={crystallized:!1,error:"channel_id_mismatch"};return Be(t,s.payload.cumulativeAmount,s.payload.sequenceNumber,c),c}let h=c=>(Be(t,s.payload.cumulativeAmount,s.payload.sequenceNumber,c),c);try{let c=`${r.replace(/\/$/,"")}/tab/lock`,o={channelId:s.payload.channelId,cumulativeAmount:s.payload.cumulativeAmount,sequenceNumber:s.payload.sequenceNumber,sessionPublicKey:Se(s.sessionPublicKey),sessionSignature:Se(s.sessionSignature),sessionRegistration:Se(s.sessionRegistration),network:n},d=await i(c,{method:"POST",headers:{"content-type":"application/json"},body:JSON.stringify(o),signal:AbortSignal.timeout(tt)}),l=await d.text();if(!d.ok)return h({crystallized:!1,error:`tab lock ${d.status}: ${l.slice(0,200)}`});let a;try{let g=JSON.parse(l);g&&typeof g.claimPda=="string"&&(a=g.claimPda)}catch{}return h({crystallized:!0,claimPda:a})}catch(c){return h({crystallized:!1,error:String(c?.message??c)})}}async function Ke(e,t,r,n,i,s={}){let h=BigInt(e.deliveredCumulativeAtomic),c=BigInt(e.lastCrystallizedCumulativeAtomic??"0"),o=BigInt(i.thresholdAtomic);if(h-c<o)return{crystallized:!1};let d=e.lastVoucher?.payload.cumulativeAmount,l=await xe(e,t,r,n,s.fetchImpl);return l.crystallized&&d!==void 0&&(e.lastCrystallizedCumulativeAtomic=d),l}var O="x-tab-voucher",Ce=class{map=new Map;get(t){return this.map.get(t)}set(t,r){this.map.set(t,r)}update(t,r){let n=this.map.get(t);n&&(n.lastCumulativeAtomic=r)}delete(t){this.map.delete(t)}},Ee=class{constructor(t,r,n,i,s,h){this.recordDeliveredImpl=s;this.chargeImpl=h;this.channelId=t,this.network=r,this.cumulativeAtomic=n,this.deliveredBaselineAtomic=i}channelId;network;sessionPublicKey=null;cumulativeAtomic;deliveredBaselineAtomic;cumulative(){return U(this.cumulativeAtomic.toString())}deliveredCumulative(){return U(this.deliveredBaselineAtomic.toString())}async recordDelivered(t){return this.recordDeliveredImpl(t)}bumpCumulative(t){this.cumulativeAtomic=t}setSessionPublicKey(t){this.sessionPublicKey=t}async charge(t){return this.chargeImpl(t)}};function st(e){if(typeof e!="string"||e.length===0)throw new S("signature_invalid",`missing ${O} header`);let t;try{t=Buffer.from(e,"base64").toString("utf8")}catch{throw new S("signature_invalid","malformed base64")}let r;try{r=JSON.parse(t)}catch{throw new S("signature_invalid","malformed JSON")}if(!r||typeof r!="object"||!r.payload||!r.sessionPublicKey)throw new S("signature_invalid","missing required fields");return{payload:r.payload,sessionPublicKey:J(r.sessionPublicKey),sessionRegistration:J(r.sessionRegistration),sessionSignature:J(r.sessionSignature)}}function J(e){if(typeof e!="string"||e.length%2!==0)throw new S("signature_invalid",`bad hex: ${typeof e}`);let t=new Uint8Array(e.length/2);for(let r=0;r<t.length;r++)t[r]=parseInt(e.substr(r*2,2),16);return t}function ot(e){if(!/^[0-9a-f]{64}$/i.test(e))throw new S("signature_invalid",`channelId must be 64-char hex, got "${e}"`);return J(e)}function Pe(e){let t=e.ledger??new L,r=new Ce,n=typeof e.sellerPubkey=="string"?new it(e.sellerPubkey):e.sellerPubkey,i=e.maxPerVoucherAtomic?BigInt(e.maxPerVoucherAtomic):BigInt(E(e.perUnit))*100n,s=e.facilitatorUrl??$e,h={thresholdAtomic:e.lockCadence?.thresholdAtomic??E("0.10"),onClose:e.lockCadence?.onClose??!0};return async(c,o,d)=>{try{let l=st(c.headers[O]),a=l.payload.channelId,g=ot(a),m=r.get(a),f=null;if(!m){let y=Ae(l.sessionRegistration);f=(await be(e.connection,y))?.frontierAtomic??null,m={registration:y,lastCumulativeAtomic:"0"},r.set(a,m)}we(l,g),ve({registration:m.registration,voucher:l,expectedCounterparty:n,previousCumulativeAtomic:m.lastCumulativeAtomic});let b=BigInt(l.payload.cumulativeAmount),$=BigInt(m.lastCumulativeAtomic),V=b-$;if(V>i)throw new x("cumulative_exceeds_cap",`single voucher increment ${V} exceeds maxPerVoucherAtomic ${i}`);let le=e.leaseTtlMs??3e5;if(!await t.tryAcquireLease(a,le))throw new S("channel_busy","another stream is live on this channel; tabs serve one stream at a time");let B=!1,j=()=>{B||(B=!0,t.releaseLease(a).catch(y=>{console.error("[tab/seller] failed to release channel lease:",y)}))};o.on("close",j),o.on("finish",j);let ue=async y=>{let R=y.lastCrystallizedCumulativeAtomic??"0";await Ke(y,a,s,e.network,h),y.lastCrystallizedCumulativeAtomic!==R&&await P(a,async()=>{let w=await t.get(a);w&&await t.set(a,{...w,lastCrystallizedCumulativeAtomic:y.lastCrystallizedCumulativeAtomic})}).catch(w=>{console.error(`[tab/seller] crystallize watermark persist FAILED channel=${a.slice(0,16)}\u2026 (lock landed; expect a duplicate-lock warn on the next request):`,w)})},X=!1,u=()=>{!h.onClose||X||(X=!0,(async()=>{let y=await t.get(a);if(!y||!y.lastVoucher)return;let R=y.lastVoucher.payload.cumulativeAmount;(await xe(y,a,s,e.network)).crystallized&&await P(a,async()=>{let K=await t.get(a);K&&await t.set(a,{...K,lastCrystallizedCumulativeAtomic:R})})})().catch(y=>{console.error(`[tab/seller] close-path crystallize CRASHED channel=${a.slice(0,16)}\u2026 (final voucher NOT locked; exposure unsecured until the next request retries):`,y)}))};o.on("close",u),o.on("finish",u);let p=await t.get(a),A=!p?.lastVoucher&&BigInt(p?.deliveredCumulativeAtomic??"0")===0n,v=f!==null&&A&&BigInt(f)>0n?f:null;v!==null&&console.info(`[tab/seller] channel ${a.slice(0,16)}\u2026 resumed: seeding delivered baseline from chain frontier ${v} (session already settled/locked up to it \u2014 that span is not deliverable budget)`);let I=v!==null?BigInt(v):p?BigInt(p.deliveredCumulativeAtomic):0n;await P(a,async()=>{let y=await t.get(a);await t.set(a,{...y,lastVoucher:l,deliveredCumulativeAtomic:v??(y?y.deliveredCumulativeAtomic:"0"),lastCrystallizedCumulativeAtomic:v??y?.lastCrystallizedCumulativeAtomic??"0"})}),r.update(a,l.payload.cumulativeAmount);let k=new Ee(a,e.network,b,I,async y=>{let R=null;await P(a,async()=>{let w=await t.get(a),K=w?BigInt(w.deliveredCumulativeAtomic):0n,Ie=BigInt(y),We=Ie>0n?K+Ie:K,ke={...w,lastVoucher:w?.lastVoucher??l,deliveredCumulativeAtomic:We.toString(),lastCrystallizedCumulativeAtomic:w?.lastCrystallizedCumulativeAtomic??"0"};await t.set(a,ke),R=ke}),R&&ue(R).catch(w=>{console.error(`[tab/seller] crystallize cadence CRASHED channel=${a.slice(0,16)}\u2026 (threshold lock not attempted; retries at the next delivery):`,w)})},async y=>{throw new Error("SellerTab.charge() is not driven by the route handler; the buyer presents a fresh voucher per chunk. Use openSse(res, tab) for the metered-stream pattern.")});k.setSessionPublicKey(l.sessionPublicKey),c.tab=k,d()}catch(l){if(l instanceof S||l instanceof C||l instanceof N||l instanceof T||l instanceof x){o.status(402).json({error:"invalid_voucher",reason:l.reason??"unknown",detail:l.message});return}d(l)}}}function at(e){if(!e.tab)throw new Error("req.tab is missing \u2014 did tabMiddleware run on this route?");return e.tab}function ct(e,t){if(!t.tab)throw new Error("openSse requires options.tab");e.headersSent||(e.setHeader("Content-Type","text/event-stream"),e.setHeader("Cache-Control","no-cache"),e.setHeader("Connection","keep-alive"),typeof e.flushHeaders=="function"&&e.flushHeaders());let r=t.tab,n=BigInt(E(r.cumulative())),i=BigInt(E(r.deliveredCumulative())),s=n-i;s<0n&&(s=0n);let h=t.perUnit?BigInt(E(t.perUnit)):null,c=0n,o=!1;async function d(){await r.recordDelivered(c.toString())}e.on("close",()=>{o||(o=!0,d().catch(m=>{console.error("[tab/seller] terminal persist failed on disconnect:",m)}))});async function l(m=1){if(o)throw new Error("meter ended");if(h===null)throw new Error("charge() needs options.perUnit");let f=h*BigInt(m),b=c+f;if(b>s)throw o=!0,await d(),new x("cumulative_exceeds_cap",`chunk would push delivered to ${U((i+b).toString())} beyond signed cumulative ${U(n.toString())} (per-request budget ${U(s.toString())})`);c=b}function a(m){if(o)throw new Error("meter ended");let b=(typeof m=="string"?m:Buffer.from(m).toString("utf8")).replace(/\n/g,"\\n");e.write(`data: ${b}
1
+ var x=class extends Error{constructor(r,n){super(`Invalid voucher: ${r}${n?` (${n})`:""}`);this.reason=r;this.name="InvalidVoucherError"}};import{promises as K}from"fs";import{join as Xe,dirname as Je}from"path";var Oe=new Map;function T(e,t){let n=(Oe.get(e)??Promise.resolve()).then(()=>t(),()=>t());return Oe.set(e,n.then(()=>{},()=>{})),n}var M=class{map=new Map;async get(t){return this.map.get(t)??null}async set(t,r){this.map.set(t,r)}async delete(t){this.map.delete(t)}async tryAcquireLease(t,r){return T(t,async()=>{let n=this.map.get(t),i=Date.now();if(n?.lease&&n.lease.heldUntilUnixMs>i)return!1;let s=n??{lastVoucher:null,deliveredCumulativeAtomic:"0",lastCrystallizedCumulativeAtomic:"0"};return this.map.set(t,{...s,lease:{heldUntilUnixMs:i+r}}),!0})}async releaseLease(t){await T(t,async()=>{let r=this.map.get(t);r&&this.map.set(t,{...r,lease:void 0})})}};function de(e){let t="";for(let r of e)t+=r.toString(16).padStart(2,"0");return t}function pe(e){if(e.length%2!==0)throw new Error(`hex length must be even, got ${e.length}`);let t=new Uint8Array(e.length/2);for(let r=0;r<t.length;r++)t[r]=parseInt(e.substr(r*2,2),16);return t}function Ge(e){return{lastVoucher:e.lastVoucher?{payload:e.lastVoucher.payload,sessionPublicKey:de(e.lastVoucher.sessionPublicKey),sessionRegistration:de(e.lastVoucher.sessionRegistration),sessionSignature:de(e.lastVoucher.sessionSignature)}:null,deliveredCumulativeAtomic:e.deliveredCumulativeAtomic,lastCrystallizedCumulativeAtomic:e.lastCrystallizedCumulativeAtomic,gateRefusedCumulativeAtomic:e.gateRefusedCumulativeAtomic,onChain:e.onChain,lease:e.lease}}function Ye(e){return{lastVoucher:e.lastVoucher?{payload:e.lastVoucher.payload,sessionPublicKey:pe(e.lastVoucher.sessionPublicKey),sessionRegistration:pe(e.lastVoucher.sessionRegistration),sessionSignature:pe(e.lastVoucher.sessionSignature)}:null,deliveredCumulativeAtomic:e.deliveredCumulativeAtomic,lastCrystallizedCumulativeAtomic:e.lastCrystallizedCumulativeAtomic??"0",gateRefusedCumulativeAtomic:e.gateRefusedCumulativeAtomic,onChain:e.onChain,lease:e.lease}}var ge=class{constructor(t){this.dir=t}pathFor(t){if(!/^[a-z0-9_-]+$/i.test(t))throw new Error(`unsafe channelId for filesystem: ${t}`);return Xe(this.dir,`${t}.json`)}async get(t){try{let r=await K.readFile(this.pathFor(t),"utf8");return Ye(JSON.parse(r))}catch(r){if(r?.code==="ENOENT")return null;throw r}}async set(t,r){let n=this.pathFor(t);await K.mkdir(Je(n),{recursive:!0});let i=`${n}.tmp`;await K.writeFile(i,JSON.stringify(Ge(r))),await K.rename(i,n)}async delete(t){try{await K.unlink(this.pathFor(t))}catch(r){if(r?.code!=="ENOENT")throw r}}async tryAcquireLease(t,r){return T(t,async()=>{let n=await this.get(t),i=Date.now();if(n?.lease&&n.lease.heldUntilUnixMs>i)return!1;let s=n??{lastVoucher:null,deliveredCumulativeAtomic:"0",lastCrystallizedCumulativeAtomic:"0"};return await this.set(t,{...s,lease:{heldUntilUnixMs:i+r}}),!0})}async releaseLease(t){await T(t,async()=>{let r=await this.get(t);r&&await this.set(t,{...r,lease:void 0})})}};import{PublicKey as ot}from"@solana/web3.js";import Ze from"tweetnacl";import{sha256 as jt}from"@noble/hashes/sha256";import{p256 as Jt}from"@noble/curves/p256";import{PublicKey as fe}from"@solana/web3.js";import{sessionRegisterMessage as kt,sessionRevokeMessage as Ut,voucherPayloadMessage as he,buildVoucherMessage as Ot}from"@dexterai/vault/messages";import{buildRegisterSessionKeyInstruction as Bt,buildRevokeSessionKeyInstruction as Lt,deriveSwigWalletAddress as Kt}from"@dexterai/vault/instructions";import{buildSecp256r1VerifyInstruction as Dt}from"@dexterai/vault/precompile";import{DEXTER_VAULT_PROGRAM_ID as ye,SECP256R1_PROGRAM_ID as Ht,INSTRUCTIONS_SYSVAR_ID as qt}from"@dexterai/vault/constants";import{fetchSessionAccount as Qe,isSessionLive as et}from"@dexterai/vault/session";var Ae="OTS_SESSION_REGISTER_V2",E=class extends Error{constructor(r,n){super(`Invalid registration: ${r}${n?` (${n})`:""}`);this.reason=r;this.name="InvalidRegistrationError"}};function be(e){if(e.length!==188)throw new E("wrong_length",`expected 188, got ${e.length}`);let t=new TextDecoder().decode(e.slice(0,Ae.length));if(t!==Ae)throw new E("wrong_domain",`got "${t}"`);for(let y=Ae.length;y<32;y++)if(e[y]!==0)throw new E("wrong_domain",`non-NUL padding at byte ${y}`);let r=new DataView(e.buffer,e.byteOffset,e.byteLength),n=new fe(e.slice(32,64)),i=new fe(e.slice(64,96)),s=e.slice(96,128),h=r.getBigUint64(128,!0),c=r.getBigInt64(136,!0),a=new fe(e.slice(144,176)),m=r.getUint32(176,!0),l=r.getBigUint64(180,!0);if(!n.equals(ye))throw new E("wrong_program",`${n.toBase58()} is not ${ye.toBase58()}`);if(h===0n)throw new E("cap_zero");let o=BigInt(Math.floor(Date.now()/1e3));if(c<=o)throw new E("expiry_in_past",`expires_at=${c}, now=${o}`);return{programId:n,vaultPda:i,sessionPubkey:new Uint8Array(s),maxAmount:h,expiresAt:c,allowedCounterparty:a,nonce:m,maxRevolvingCapacity:l}}var N=class extends Error{constructor(r,n){super(`On-chain verification failed: ${r}${n?` (${n})`:""}`);this.reason=r;this.name="OnChainVerificationError"}};async function ve(e,t){let r=await Qe(e,t.vaultPda,t.allowedCounterparty);if(!r||r.version===0)throw new N("session_not_active","no live SessionAccount PDA for this (vault, counterparty) \u2014 revoked, expiry-swept, or never registered");if(!et(r))throw new N("session_not_active","SessionAccount PDA is present but expired");if(!tt(r.session.sessionPubkey,t.sessionPubkey))throw new N("session_pubkey_mismatch",`on-chain ${$e(r.session.sessionPubkey)} != registration ${$e(t.sessionPubkey)}`);let n=r.session.spent,i=r.session.crystallizedCumulative;return{frontierAtomic:(n>i?n:i).toString(),spentAtomic:n.toString(),crystallizedCumulativeAtomic:i.toString()}}var _=class extends Error{constructor(t){super(`Invalid voucher signature${t?`: ${t}`:""}`),this.name="InvalidVoucherSignatureError"}};function we(e,t){if(t.length!==32)throw new _(`channelIdBytes must be 32 bytes, got ${t.length}`);if(e.sessionPublicKey.length!==32)throw new _(`sessionPublicKey must be 32 bytes, got ${e.sessionPublicKey.length}`);if(e.sessionSignature.length!==64)throw new _(`sessionSignature must be 64 bytes, got ${e.sessionSignature.length}`);let r=he({channelId:t,cumulativeAmount:BigInt(e.payload.cumulativeAmount),sequenceNumber:e.payload.sequenceNumber});if(!Ze.sign.detached.verify(r,e.sessionSignature,e.sessionPublicKey))throw new _("ed25519 verify rejected")}var C=class extends Error{constructor(r,n){super(`Scope violation: ${r}${n?` (${n})`:""}`);this.reason=r;this.name="ScopeViolationError"}};function Se(e){let t=BigInt(e.voucher.payload.cumulativeAmount);if(t>e.registration.maxAmount)throw new C("cumulative_exceeds_cap",`${t} > ${e.registration.maxAmount}`);let r=BigInt(Math.floor(Date.now()/1e3));if(r>=e.registration.expiresAt)throw new C("session_expired",`now=${r} >= expiresAt=${e.registration.expiresAt}`);if(!e.registration.allowedCounterparty.equals(e.expectedCounterparty))throw new C("wrong_counterparty",`${e.registration.allowedCounterparty.toBase58()} != ${e.expectedCounterparty.toBase58()}`);if(e.previousCumulativeAtomic!==void 0){let n=BigInt(e.previousCumulativeAtomic);if(t<=n)throw new C("non_monotonic",`cumulative=${t} not > previous=${n}`)}}function tt(e,t){if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0}function $e(e){let t="";for(let r of e)t+=r.toString(16).padStart(2,"0");return t}import{PublicKey as gr}from"@solana/web3.js";import{bytesToHex as yr}from"@noble/hashes/utils";import ir from"tweetnacl";import{sha256 as ar}from"@noble/hashes/sha256";var Ve="https://x402.dexter.cash",Be=6;function R(e,t=Be){if(!/^\d+(\.\d+)?$/.test(e))throw new Error(`amount must be a non-negative decimal string, got "${e}"`);let[r,n=""]=e.split(".");if(n.length>t)throw new Error(`amount "${e}" has more than ${t} decimals`);let i=n.padEnd(t,"0"),s=`${r}${i}`.replace(/^0+(?=\d)/,"");return s===""?"0":s}function O(e,t=Be){if(!/^\d+$/.test(e))throw new Error(`atomic must be a non-negative integer string, got "${e}"`);let r=e.padStart(t+1,"0"),n=r.slice(0,-t).replace(/^0+(?=\d)/,"")||"0",i=r.slice(-t).replace(/0+$/,"");return i?`${n}.${i}`:n}import{bytesToHex as xe}from"@noble/hashes/utils";var rt=15e3,nt=["claim_already_exists","non_monotonic_cumulative"],it="below_lock_cadence";function J(e){return typeof e=="string"&&e.includes(it)}function st(e){return`${e.slice(0,16)}\u2026`}function Le(e,t,r,n){let i=st(e);if(n.crystallized){console.info(`[tab/seller] crystallize OK channel=${i} cumulative=${t} seq=${r}${n.claimPda?` claimPda=${n.claimPda}`:""} \u2014 LockVoucher landed`);return}if(n.error){if(J(n.error)){console.warn(`[tab/seller] crystallize refused below the facilitator's cadence gate channel=${i} cumulative=${t} seq=${r}: ${n.error} \u2014 benign: this facilitator's cadence engine owns the protection cadence for the span; gate-refused watermark advanced, re-attempts after the next signed voucher`);return}if(nt.some(s=>n.error.includes(s))){console.warn(`[tab/seller] crystallize duplicate channel=${i} cumulative=${t} seq=${r}: ${n.error} \u2014 voucher already secured on-chain (benign, no action)`);return}console.error(`[tab/seller] crystallize FAILED channel=${i} cumulative=${t} seq=${r}: ${n.error} \u2014 lock NOT secured (degraded: best-effort path, no watermark advance, retries at next threshold/close; seller exposure stays unsecured until it lands)`)}}async function Ce(e,t,r,n,i=fetch){let s=e.lastVoucher;if(!s)return{crystallized:!1};if(s.payload.channelId!==t){let c={crystallized:!1,error:"channel_id_mismatch"};return Le(t,s.payload.cumulativeAmount,s.payload.sequenceNumber,c),c}let h=c=>(Le(t,s.payload.cumulativeAmount,s.payload.sequenceNumber,c),c);try{let c=`${r.replace(/\/$/,"")}/tab/lock`,a={channelId:s.payload.channelId,cumulativeAmount:s.payload.cumulativeAmount,sequenceNumber:s.payload.sequenceNumber,sessionPublicKey:xe(s.sessionPublicKey),sessionSignature:xe(s.sessionSignature),sessionRegistration:xe(s.sessionRegistration),network:n},m=await i(c,{method:"POST",headers:{"content-type":"application/json"},body:JSON.stringify(a),signal:AbortSignal.timeout(rt)}),l=await m.text();if(!m.ok)return h({crystallized:!1,error:`tab lock ${m.status}: ${l.slice(0,200)}`});let o;try{let y=JSON.parse(l);y&&typeof y.claimPda=="string"&&(o=y.claimPda)}catch{}return h({crystallized:!0,claimPda:o})}catch(c){return h({crystallized:!1,error:String(c?.message??c)})}}async function Ke(e,t,r,n,i,s={}){let h=BigInt(e.deliveredCumulativeAtomic),c=BigInt(e.lastCrystallizedCumulativeAtomic??"0"),a=BigInt(i.thresholdAtomic);if(h-c<a)return{crystallized:!1};let m=e.lastVoucher?.payload.cumulativeAmount,l=e.gateRefusedCumulativeAtomic;if(m!==void 0&&l!==void 0&&BigInt(m)<=BigInt(l))return{crystallized:!1};let o=await Ce(e,t,r,n,s.fetchImpl);return o.crystallized&&m!==void 0?(e.lastCrystallizedCumulativeAtomic=m,e.gateRefusedCumulativeAtomic=void 0):J(o.error)&&m!==void 0&&(e.gateRefusedCumulativeAtomic=m),o}var $="x-tab-voucher",Ee=class{map=new Map;get(t){return this.map.get(t)}set(t,r){this.map.set(t,r)}update(t,r){let n=this.map.get(t);n&&(n.lastCumulativeAtomic=r)}delete(t){this.map.delete(t)}},Re=class{constructor(t,r,n,i,s,h){this.recordDeliveredImpl=s;this.chargeImpl=h;this.channelId=t,this.network=r,this.cumulativeAtomic=n,this.deliveredBaselineAtomic=i}channelId;network;sessionPublicKey=null;cumulativeAtomic;deliveredBaselineAtomic;cumulative(){return O(this.cumulativeAtomic.toString())}deliveredCumulative(){return O(this.deliveredBaselineAtomic.toString())}async recordDelivered(t){return this.recordDeliveredImpl(t)}bumpCumulative(t){this.cumulativeAtomic=t}setSessionPublicKey(t){this.sessionPublicKey=t}async charge(t){return this.chargeImpl(t)}};function at(e){if(typeof e!="string"||e.length===0)throw new x("signature_invalid",`missing ${$} header`);let t;try{t=Buffer.from(e,"base64").toString("utf8")}catch{throw new x("signature_invalid","malformed base64")}let r;try{r=JSON.parse(t)}catch{throw new x("signature_invalid","malformed JSON")}if(!r||typeof r!="object"||!r.payload||!r.sessionPublicKey)throw new x("signature_invalid","missing required fields");return{payload:r.payload,sessionPublicKey:G(r.sessionPublicKey),sessionRegistration:G(r.sessionRegistration),sessionSignature:G(r.sessionSignature)}}function G(e){if(typeof e!="string"||e.length%2!==0)throw new x("signature_invalid",`bad hex: ${typeof e}`);let t=new Uint8Array(e.length/2);for(let r=0;r<t.length;r++)t[r]=parseInt(e.substr(r*2,2),16);return t}function ct(e){if(!/^[0-9a-f]{64}$/i.test(e))throw new x("signature_invalid",`channelId must be 64-char hex, got "${e}"`);return G(e)}function Pe(e){let t=e.ledger??new M,r=new Ee,n=typeof e.sellerPubkey=="string"?new ot(e.sellerPubkey):e.sellerPubkey,i=e.maxPerVoucherAtomic?BigInt(e.maxPerVoucherAtomic):BigInt(R(e.perUnit))*100n,s=e.facilitatorUrl??Ve,h={thresholdAtomic:e.lockCadence?.thresholdAtomic??R("0.10"),onClose:e.lockCadence?.onClose??!0};return async(c,a,m)=>{try{let l=at(c.headers[$]),o=l.payload.channelId,y=ct(o),d=r.get(o),f=null;if(!d){let p=be(l.sessionRegistration);f=(await ve(e.connection,p))?.frontierAtomic??null,d={registration:p,lastCumulativeAtomic:"0"},r.set(o,d)}we(l,y),Se({registration:d.registration,voucher:l,expectedCounterparty:n,previousCumulativeAtomic:d.lastCumulativeAtomic});let b=BigInt(l.payload.cumulativeAmount),V=BigInt(d.lastCumulativeAtomic),B=b-V;if(B>i)throw new C("cumulative_exceeds_cap",`single voucher increment ${B} exceeds maxPerVoucherAtomic ${i}`);let ue=e.leaseTtlMs??3e5;if(!await t.tryAcquireLease(o,ue))throw new x("channel_busy","another stream is live on this channel; tabs serve one stream at a time");let L=!1,j=()=>{L||(L=!0,t.releaseLease(o).catch(p=>{console.error("[tab/seller] failed to release channel lease:",p)}))};a.on("close",j),a.on("finish",j);let me=async p=>{let P=p.lastCrystallizedCumulativeAtomic??"0",S=p.gateRefusedCumulativeAtomic;await Ke(p,o,s,e.network,h),(p.lastCrystallizedCumulativeAtomic!==P||p.gateRefusedCumulativeAtomic!==S)&&await T(o,async()=>{let v=await t.get(o);v&&await t.set(o,{...v,lastCrystallizedCumulativeAtomic:p.lastCrystallizedCumulativeAtomic,gateRefusedCumulativeAtomic:p.gateRefusedCumulativeAtomic})}).catch(v=>{console.error(`[tab/seller] crystallize watermark persist FAILED channel=${o.slice(0,16)}\u2026 (expect a benign duplicate/below-cadence warn on the next request):`,v)})},X=!1,u=()=>{!h.onClose||X||(X=!0,(async()=>{let p=await t.get(o);if(!p||!p.lastVoucher)return;let P=p.lastVoucher.payload.cumulativeAmount;if(p.gateRefusedCumulativeAtomic!==void 0&&BigInt(P)<=BigInt(p.gateRefusedCumulativeAtomic))return;let S=await Ce(p,o,s,e.network);S.crystallized?await T(o,async()=>{let v=await t.get(o);v&&await t.set(o,{...v,lastCrystallizedCumulativeAtomic:P,gateRefusedCumulativeAtomic:void 0})}):J(S.error)&&await T(o,async()=>{let v=await t.get(o);v&&await t.set(o,{...v,gateRefusedCumulativeAtomic:P})})})().catch(p=>{console.error(`[tab/seller] close-path crystallize CRASHED channel=${o.slice(0,16)}\u2026 (final voucher NOT locked; exposure unsecured until the next request retries):`,p)}))};a.on("close",u),a.on("finish",u);let g=await t.get(o),A=!g?.lastVoucher&&BigInt(g?.deliveredCumulativeAtomic??"0")===0n,w=f!==null&&A&&BigInt(f)>0n?f:null;w!==null&&console.info(`[tab/seller] channel ${o.slice(0,16)}\u2026 resumed: seeding delivered baseline from chain frontier ${w} (session already settled/locked up to it \u2014 that span is not deliverable budget)`);let k=w!==null?BigInt(w):g?BigInt(g.deliveredCumulativeAtomic):0n;await T(o,async()=>{let p=await t.get(o);await t.set(o,{...p,lastVoucher:l,deliveredCumulativeAtomic:w??(p?p.deliveredCumulativeAtomic:"0"),lastCrystallizedCumulativeAtomic:w??p?.lastCrystallizedCumulativeAtomic??"0"})}),r.update(o,l.payload.cumulativeAmount);let U=new Re(o,e.network,b,k,async p=>{let P=null;await T(o,async()=>{let S=await t.get(o),v=S?BigInt(S.deliveredCumulativeAtomic):0n,ke=BigInt(p),je=ke>0n?v+ke:v,Ue={...S,lastVoucher:S?.lastVoucher??l,deliveredCumulativeAtomic:je.toString(),lastCrystallizedCumulativeAtomic:S?.lastCrystallizedCumulativeAtomic??"0"};await t.set(o,Ue),P=Ue}),P&&me(P).catch(S=>{console.error(`[tab/seller] crystallize cadence CRASHED channel=${o.slice(0,16)}\u2026 (threshold lock not attempted; retries at the next delivery):`,S)})},async p=>{throw new Error("SellerTab.charge() is not driven by the route handler; the buyer presents a fresh voucher per chunk. Use openSse(res, tab) for the metered-stream pattern.")});U.setSessionPublicKey(l.sessionPublicKey),c.tab=U,m()}catch(l){if(l instanceof x||l instanceof E||l instanceof N||l instanceof _||l instanceof C){a.status(402).json({error:"invalid_voucher",reason:l.reason??"unknown",detail:l.message});return}m(l)}}}function lt(e){if(!e.tab)throw new Error("req.tab is missing \u2014 did tabMiddleware run on this route?");return e.tab}function ut(e,t){if(!t.tab)throw new Error("openSse requires options.tab");e.headersSent||(e.setHeader("Content-Type","text/event-stream"),e.setHeader("Cache-Control","no-cache"),e.setHeader("Connection","keep-alive"),typeof e.flushHeaders=="function"&&e.flushHeaders());let r=t.tab,n=BigInt(R(r.cumulative())),i=BigInt(R(r.deliveredCumulative())),s=n-i;s<0n&&(s=0n);let h=t.perUnit?BigInt(R(t.perUnit)):null,c=0n,a=!1;async function m(){await r.recordDelivered(c.toString())}e.on("close",()=>{a||(a=!0,m().catch(d=>{console.error("[tab/seller] terminal persist failed on disconnect:",d)}))});async function l(d=1){if(a)throw new Error("meter ended");if(h===null)throw new Error("charge() needs options.perUnit");let f=h*BigInt(d),b=c+f;if(b>s)throw a=!0,await m(),new C("cumulative_exceeds_cap",`chunk would push delivered to ${O((i+b).toString())} beyond signed cumulative ${O(n.toString())} (per-request budget ${O(s.toString())})`);c=b}function o(d){if(a)throw new Error("meter ended");let b=(typeof d=="string"?d:Buffer.from(d).toString("utf8")).replace(/\n/g,"\\n");e.write(`data: ${b}
2
2
 
3
- `)}async function g(){o||(o=!0,await d(),e.write(`event: end
3
+ `)}async function y(){a||(a=!0,await m(),e.write(`event: end
4
4
  data: {"chargedAtomic":"${c}"}
5
5
 
6
- `),e.end())}return{charge:l,send:a,end:g}}import{promises as D}from"fs";import{join as lt,dirname as ut}from"path";function mt(e){return{payload:e.payload,sessionPublicKey:Te(e.sessionPublicKey),sessionRegistration:Te(e.sessionRegistration),sessionSignature:Te(e.sessionSignature)}}function dt(e){return{payload:e.payload,sessionPublicKey:_e(e.sessionPublicKey),sessionRegistration:_e(e.sessionRegistration),sessionSignature:_e(e.sessionSignature)}}function Te(e){let t="";for(let r of e)t+=r.toString(16).padStart(2,"0");return t}function _e(e){if(e.length%2!==0)throw new Error(`hex length must be even, got ${e.length}`);let t=new Uint8Array(e.length/2);for(let r=0;r<t.length;r++)t[r]=parseInt(e.substr(r*2,2),16);return t}var Re=class{map=new Map;async get(t){return this.map.get(t)??null}async set(t,r){this.map.set(t,r)}async delete(t){this.map.delete(t)}},Ne=class{constructor(t){this.dir=t}pathFor(t){if(!/^[a-z0-9_-]+$/i.test(t))throw new Error(`unsafe channelId for filesystem: ${t}`);return lt(this.dir,`${t}.json`)}async get(t){try{let r=await D.readFile(this.pathFor(t),"utf8");return dt(JSON.parse(r))}catch(r){if(r?.code==="ENOENT")return null;throw r}}async set(t,r){let n=this.pathFor(t);await D.mkdir(ut(n),{recursive:!0});let i=`${n}.tmp`;await D.writeFile(i,JSON.stringify(mt(r))),await D.rename(i,n)}async delete(t){try{await D.unlink(this.pathFor(t))}catch(r){if(r?.code!=="ENOENT")throw r}}};import{PublicKey as At}from"@solana/web3.js";var _="solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",Me="solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",Le="solana:4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z";var q="eip155:8453",Y="eip155:84532",G="eip155:42161",Z="eip155:137",Q="eip155:10",ee="eip155:43114",te="eip155:56",re="eip155:1187947933",ne="eip155:324705682",ie="eip155:1";var se="EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";var De="0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",pt="0x55d398326f99059fF775485246999027B3197955",qe="0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",ze={[te]:qe,[q]:De,[Y]:"0x036CbD53842c5426634e7929541eC2318f3dCF7e",[G]:"0xaf88d065e77c8cC2239327C5EDb3A432268e5831",[Z]:"0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",[Q]:"0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85",[ee]:"0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E",[re]:"0x85889c8c714505E0c94b30fcfcF64fE3Ac8FCb20",[ne]:"0x2e08028E3C4c2356572E096d8EF835cD5C6030bD",[ie]:"0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"},He={[pt]:{symbol:"USDT",decimals:18},[qe]:{symbol:"USDC",decimals:18}};var Or={[te]:56,[q]:8453,[Y]:84532,[G]:42161,[Z]:137,[Q]:10,[ee]:43114,[re]:1187947933,[ne]:324705682,[ie]:1},$r={[_]:"https://api.dexter.cash/api/solana/rpc",[Me]:"https://api.devnet.solana.com",[Le]:"https://api.testnet.solana.com"},Vr={[te]:"https://api.dexter.cash/api/evm/bsc/rpc",[q]:"https://api.dexter.cash/api/base/rpc",[Y]:"https://sepolia.base.org",[G]:"https://api.dexter.cash/api/evm/arbitrum/rpc",[Z]:"https://api.dexter.cash/api/evm/polygon/rpc",[Q]:"https://api.dexter.cash/api/evm/optimism/rpc",[ee]:"https://api.dexter.cash/api/evm/avalanche/rpc",[re]:"https://skale-base.skalenodes.com/v1/base",[ne]:"https://base-sepolia-testnet.skalenodes.com/v1/jubilant-horrible-ancha",[ie]:"https://eth.llamarpc.com"},z="https://x402.dexter.cash";function oe(e){return e.startsWith("solana:")||e==="solana"}function ht(e){if(typeof Buffer<"u")return Buffer.from(e,"utf-8").toString("base64");let t=new TextEncoder().encode(e),r="";for(let n=0;n<t.length;n++)r+=String.fromCharCode(t[n]);return btoa(r)}function gt(e){if(typeof Buffer<"u")return Buffer.from(e,"base64").toString("utf-8");let t=atob(e),r=new Uint8Array(t.length);for(let n=0;n<t.length;n++)r[n]=t.charCodeAt(n);return new TextDecoder().decode(r)}function ae(e){return ht(JSON.stringify(e))}function H(e){return JSON.parse(gt(e))}function yt(e){if(e instanceof TypeError)return!0;if(e&&typeof e=="object"&&"status"in e){let t=e.status;return t>=500&&t<600}return!1}var F=class extends Error{status;body;constructor(t,r){super(`HTTP ${t}`),this.status=t,this.body=r}},ce=class{facilitatorUrl;cachedSupported=null;cacheTime=0;CACHE_TTL_MS=6e4;timeoutMs;maxRetries;retryBaseMs;constructor(t=z,r){this.facilitatorUrl=t.replace(/\/$/,""),this.timeoutMs=r?.timeoutMs??1e4,this.maxRetries=r?.maxRetries??3,this.retryBaseMs=r?.retryBaseMs??500}async fetchWithTimeout(t,r){let n=new AbortController,i=setTimeout(()=>n.abort(),this.timeoutMs);try{return await fetch(t,{...r,signal:n.signal})}finally{clearTimeout(i)}}async fetchWithRetry(t,r){let n;for(let i=0;i<this.maxRetries;i++)try{let s=await this.fetchWithTimeout(t,r);if(!s.ok&&s.status>=500)throw new F(s.status,await s.text());return s}catch(s){if(n=s,i<this.maxRetries-1&&yt(s)){let h=this.retryBaseMs*Math.pow(2,i);await new Promise(c=>setTimeout(c,h));continue}throw s}throw n}async getSupported(){let t=Date.now();if(this.cachedSupported&&t-this.cacheTime<this.CACHE_TTL_MS)return this.cachedSupported;let r=await this.fetchWithTimeout(`${this.facilitatorUrl}/supported`);if(!r.ok)throw new Error(`Facilitator /supported returned ${r.status}`);return this.cachedSupported=await r.json(),this.cacheTime=t,this.cachedSupported}async getFeePayer(t){let n=(await this.getSupported()).kinds.find(i=>i.x402Version===2&&(i.scheme==="exact"||i.scheme==="exact-approval")&&i.network===t);if(!n)throw new Error(`Facilitator does not support network "${t}" with a recognized scheme`);return n.extra?.feePayer}async getNetworkExtra(t){return(await this.getSupported()).kinds.find(i=>i.x402Version===2&&(i.scheme==="exact"||i.scheme==="exact-approval"||i.scheme==="batch-settlement")&&i.network===t)?.extra}async verifyPayment(t,r){try{let n=H(t),i=await this.fetchWithRetry(`${this.facilitatorUrl}/verify`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({x402Version:2,paymentPayload:n,paymentRequirements:r})});return i.ok?await i.json():{isValid:!1,invalidReason:`facilitator_error_${i.status}`}}catch(n){return{isValid:!1,invalidReason:n instanceof F?`facilitator_error_${n.status}`:n instanceof Error&&n.name==="AbortError"?"facilitator_timeout":n instanceof Error?n.message:"unexpected_verify_error"}}}async settlePayment(t,r){try{let n=H(t),i=await this.fetchWithRetry(`${this.facilitatorUrl}/settle`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({x402Version:2,paymentPayload:n,paymentRequirements:r})});return i.ok?{...await i.json(),network:r.network}:{success:!1,network:r.network,errorReason:`facilitator_error_${i.status}`}}catch(n){let i=n instanceof F?`facilitator_error_${n.status}`:n instanceof Error&&n.name==="AbortError"?"facilitator_timeout":n instanceof Error?n.message:"unexpected_settle_error";return{success:!1,network:r.network,errorReason:i}}}};function ft(e){if(oe(e))return{address:se,decimals:6};let t=ze[e];if(t){let r=He[t]?.decimals??6;return{address:t,decimals:r}}return{address:se,decimals:6}}function Fe(e){try{let t=H(e);return t?.accepted?.amount??t?.accepted?.maxAmountRequired}catch{return}}function W(e){let{payTo:t,facilitatorUrl:r=z,network:n=_,defaultTimeoutSeconds:i=60}=e,s=e.asset??ft(n),h=e.scheme??"exact";if(h==="tab"&&!oe(n))throw new Error(`scheme 'tab' is SVM-only; got network "${n}"`);let c=new ce(r),o=null,d=new Map,l=3e4,a=Date.now();function g(u){let p=(u.maxTimeoutSeconds||i)*1e3;if(d.set(u.payTo,{accept:u,expiresAt:Date.now()+p}),Date.now()-a>l){let A=Date.now();for(let[v,I]of d)I.expiresAt<A&&d.delete(v);a=A}}function m(u){let p=d.get(u);if(p){if(p.expiresAt<Date.now()){d.delete(u);return}return p.accept}}async function f(u){return typeof t=="string"?t:t(u||{})}async function b(){if(o||(o=await c.getNetworkExtra(n)),oe(n)&&!o?.feePayer)throw new Error(`Facilitator does not provide feePayer for network "${n}"`);return{...o?.feePayer?{feePayer:o.feePayer}:{},decimals:o?.decimals??s.decimals,name:o?.name,version:o?.version,...h==="batch-settlement"&&o?.receiverAuthorizer?{receiverAuthorizer:o.receiverAuthorizer}:{},...h==="tab"?{voucherHeader:"x-tab-voucher",registrationEncoding:"base64(188-byte sessionRegisterMessage)"}:{}}}async function $(u,p){let{amountAtomic:A,timeoutSeconds:v=i}=p,I=await b(),k={scheme:h,network:n,amount:A,maxAmountRequired:A,asset:s.address,payTo:u,maxTimeoutSeconds:v,extra:I};return g(k),k}async function V(u){let p=await f({amountAtomic:u.amountAtomic,resourceUrl:u.resourceUrl});return $(p,u)}async function le(u){let{resourceUrl:p,description:A,mimeType:v="application/json"}=u,I={url:p,description:A,mimeType:v},k=await V(u);return{x402Version:2,resource:I,accepts:[k],error:"Payment required"}}function B(u){return ae(u)}function j(u){return{status:402,headers:{"PAYMENT-REQUIRED":B(u)},body:{}}}async function ue(u,p){if(!p){let A=await f({paymentHeader:u});p=m(A),p||(p=await $(A,{amountAtomic:Fe(u)??"0",resourceUrl:""}))}return c.verifyPayment(u,p)}async function X(u,p){if(!p){let A=await f({paymentHeader:u});p=m(A),p||(p=await $(A,{amountAtomic:Fe(u)??"0",resourceUrl:""}))}return c.settlePayment(u,p)}return{buildRequirements:le,encodeRequirements:B,create402Response:j,verifyPayment:ue,settlePayment:X,getPaymentAccept:V,network:n,assetDecimals:s.decimals,facilitator:c}}var bt={"solana:mainnet":_};function wt(e){let t=bt[e.network];if(!t)throw new Error(`tabChallengeMiddleware: unsupported network "${e.network}"`);let r=typeof e.sellerPubkey=="string"?e.sellerPubkey:e.sellerPubkey.toBase58();new At(r);let n=W({payTo:r,network:t,scheme:"tab",facilitatorUrl:e.facilitatorUrl}),i=E(e.perUnit);return async(s,h,c)=>{if(s.headers[O])return c();try{let o=`${s.protocol}://${s.get("host")}${s.originalUrl}`,d=await n.buildRequirements({amountAtomic:i,resourceUrl:o,description:e.description}),l=n.create402Response(d);h.set(l.headers).status(l.status).json(l.body)}catch(o){let d=o?.message??String(o);h.status(503).set({"Retry-After":"5"}).json({error:"challenge_unavailable",detail:d})}}}import{PublicKey as vt}from"@solana/web3.js";var St={"solana:mainnet":_};function xt(e){let t=St[e.network];if(!t)throw new Error(`tabOrExactMiddleware: unsupported network "${e.network}"`);let r=typeof e.sellerPubkey=="string"?e.sellerPubkey:e.sellerPubkey.toBase58();new vt(r);let n=W({payTo:r,network:t,scheme:"tab",facilitatorUrl:e.facilitatorUrl}),i=W({payTo:r,network:t,scheme:"exact",facilitatorUrl:e.facilitatorUrl}),s=E(e.perUnit),h=Pe({connection:e.connection,sellerPubkey:r,network:e.network,perUnit:e.perUnit,settle:"on-close",facilitatorUrl:e.facilitatorUrl,lockCadence:e.lockCadence});return async(c,o,d)=>{if(c.headers[O])return h(c,o,d);let l=`${c.protocol}://${c.get("host")}${c.originalUrl}`,a=c.headers["payment-signature"];if(a){let g;try{g=await i.getPaymentAccept({amountAtomic:s,resourceUrl:l,description:e.description})}catch(m){let f=m?.message??String(m);o.status(503).set({"Retry-After":"5"}).json({error:"challenge_unavailable",detail:f});return}try{let m=await i.verifyPayment(a,g);if(!m.isValid){o.status(402).json({error:"Payment verification failed",reason:m.invalidReason});return}let f=await i.settlePayment(a,g);if(!f.success){o.status(402).json({error:"Payment settlement failed",reason:f.errorReason});return}return c.x402={transaction:f.transaction,payer:m.payer??"",network:f.network||t},o.setHeader("PAYMENT-RESPONSE",ae({success:!0,transaction:f.transaction,network:f.network||t,payer:m.payer??""})),d()}catch{o.status(500).json({error:"Payment processing error"});return}}try{let g={amountAtomic:s,resourceUrl:l,description:e.description},[m,f]=await Promise.all([n.buildRequirements(g),i.buildRequirements(g)]),b={...m,accepts:[...m.accepts,...f.accepts]};o.set({"PAYMENT-REQUIRED":n.encodeRequirements(b)}).status(402).json({error:"Payment required",accepts:b.accepts,resource:b.resource})}catch(g){let m=g?.message??String(g);o.status(503).set({"Retry-After":"5"}).json({error:"challenge_unavailable",detail:m})}}}export{pe as FileChannelLedger,Ne as FileVoucherStore,L as InMemoryChannelLedger,Re as InMemoryVoucherStore,C as InvalidRegistrationError,S as InvalidVoucherError,T as InvalidVoucherSignatureError,N as OnChainVerificationError,x as ScopeViolationError,O as TAB_VOUCHER_HEADER,ve as enforceScope,ct as openSse,Ae as parseRegistration,at as requireTab,wt as tabChallengeMiddleware,Pe as tabMiddleware,xt as tabOrExactMiddleware,be as verifyRegistrationOnChain,we as verifyVoucherSignature};
6
+ `),e.end())}return{charge:l,send:o,end:y}}import{promises as D}from"fs";import{join as mt,dirname as dt}from"path";function pt(e){return{payload:e.payload,sessionPublicKey:Te(e.sessionPublicKey),sessionRegistration:Te(e.sessionRegistration),sessionSignature:Te(e.sessionSignature)}}function gt(e){return{payload:e.payload,sessionPublicKey:_e(e.sessionPublicKey),sessionRegistration:_e(e.sessionRegistration),sessionSignature:_e(e.sessionSignature)}}function Te(e){let t="";for(let r of e)t+=r.toString(16).padStart(2,"0");return t}function _e(e){if(e.length%2!==0)throw new Error(`hex length must be even, got ${e.length}`);let t=new Uint8Array(e.length/2);for(let r=0;r<t.length;r++)t[r]=parseInt(e.substr(r*2,2),16);return t}var Ie=class{map=new Map;async get(t){return this.map.get(t)??null}async set(t,r){this.map.set(t,r)}async delete(t){this.map.delete(t)}},Ne=class{constructor(t){this.dir=t}pathFor(t){if(!/^[a-z0-9_-]+$/i.test(t))throw new Error(`unsafe channelId for filesystem: ${t}`);return mt(this.dir,`${t}.json`)}async get(t){try{let r=await D.readFile(this.pathFor(t),"utf8");return gt(JSON.parse(r))}catch(r){if(r?.code==="ENOENT")return null;throw r}}async set(t,r){let n=this.pathFor(t);await D.mkdir(dt(n),{recursive:!0});let i=`${n}.tmp`;await D.writeFile(i,JSON.stringify(pt(r))),await D.rename(i,n)}async delete(t){try{await D.unlink(this.pathFor(t))}catch(r){if(r?.code!=="ENOENT")throw r}}};import{PublicKey as vt}from"@solana/web3.js";var I="solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",Me="solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",De="solana:4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z";var z="eip155:8453",Y="eip155:84532",Z="eip155:42161",Q="eip155:137",ee="eip155:10",te="eip155:43114",re="eip155:56",ne="eip155:1187947933",ie="eip155:324705682",se="eip155:1";var oe="EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";var ze="0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",ht="0x55d398326f99059fF775485246999027B3197955",He="0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",qe={[re]:He,[z]:ze,[Y]:"0x036CbD53842c5426634e7929541eC2318f3dCF7e",[Z]:"0xaf88d065e77c8cC2239327C5EDb3A432268e5831",[Q]:"0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",[ee]:"0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85",[te]:"0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E",[ne]:"0x85889c8c714505E0c94b30fcfcF64fE3Ac8FCb20",[ie]:"0x2e08028E3C4c2356572E096d8EF835cD5C6030bD",[se]:"0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"},Fe={[ht]:{symbol:"USDT",decimals:18},[He]:{symbol:"USDC",decimals:18}};var Vr={[re]:56,[z]:8453,[Y]:84532,[Z]:42161,[Q]:137,[ee]:10,[te]:43114,[ne]:1187947933,[ie]:324705682,[se]:1},Br={[I]:"https://api.dexter.cash/api/solana/rpc",[Me]:"https://api.devnet.solana.com",[De]:"https://api.testnet.solana.com"},Lr={[re]:"https://api.dexter.cash/api/evm/bsc/rpc",[z]:"https://api.dexter.cash/api/base/rpc",[Y]:"https://sepolia.base.org",[Z]:"https://api.dexter.cash/api/evm/arbitrum/rpc",[Q]:"https://api.dexter.cash/api/evm/polygon/rpc",[ee]:"https://api.dexter.cash/api/evm/optimism/rpc",[te]:"https://api.dexter.cash/api/evm/avalanche/rpc",[ne]:"https://skale-base.skalenodes.com/v1/base",[ie]:"https://base-sepolia-testnet.skalenodes.com/v1/jubilant-horrible-ancha",[se]:"https://eth.llamarpc.com"},H="https://x402.dexter.cash";function ae(e){return e.startsWith("solana:")||e==="solana"}function yt(e){if(typeof Buffer<"u")return Buffer.from(e,"utf-8").toString("base64");let t=new TextEncoder().encode(e),r="";for(let n=0;n<t.length;n++)r+=String.fromCharCode(t[n]);return btoa(r)}function ft(e){if(typeof Buffer<"u")return Buffer.from(e,"base64").toString("utf-8");let t=atob(e),r=new Uint8Array(t.length);for(let n=0;n<t.length;n++)r[n]=t.charCodeAt(n);return new TextDecoder().decode(r)}function ce(e){return yt(JSON.stringify(e))}function q(e){return JSON.parse(ft(e))}function At(e){if(e instanceof TypeError)return!0;if(e&&typeof e=="object"&&"status"in e){let t=e.status;return t>=500&&t<600}return!1}var F=class extends Error{status;body;constructor(t,r){super(`HTTP ${t}`),this.status=t,this.body=r}},le=class{facilitatorUrl;cachedSupported=null;cacheTime=0;CACHE_TTL_MS=6e4;timeoutMs;maxRetries;retryBaseMs;constructor(t=H,r){this.facilitatorUrl=t.replace(/\/$/,""),this.timeoutMs=r?.timeoutMs??1e4,this.maxRetries=r?.maxRetries??3,this.retryBaseMs=r?.retryBaseMs??500}async fetchWithTimeout(t,r){let n=new AbortController,i=setTimeout(()=>n.abort(),this.timeoutMs);try{return await fetch(t,{...r,signal:n.signal})}finally{clearTimeout(i)}}async fetchWithRetry(t,r){let n;for(let i=0;i<this.maxRetries;i++)try{let s=await this.fetchWithTimeout(t,r);if(!s.ok&&s.status>=500)throw new F(s.status,await s.text());return s}catch(s){if(n=s,i<this.maxRetries-1&&At(s)){let h=this.retryBaseMs*Math.pow(2,i);await new Promise(c=>setTimeout(c,h));continue}throw s}throw n}async getSupported(){let t=Date.now();if(this.cachedSupported&&t-this.cacheTime<this.CACHE_TTL_MS)return this.cachedSupported;let r=await this.fetchWithTimeout(`${this.facilitatorUrl}/supported`);if(!r.ok)throw new Error(`Facilitator /supported returned ${r.status}`);return this.cachedSupported=await r.json(),this.cacheTime=t,this.cachedSupported}async getFeePayer(t){let n=(await this.getSupported()).kinds.find(i=>i.x402Version===2&&(i.scheme==="exact"||i.scheme==="exact-approval")&&i.network===t);if(!n)throw new Error(`Facilitator does not support network "${t}" with a recognized scheme`);return n.extra?.feePayer}async getNetworkExtra(t){return(await this.getSupported()).kinds.find(i=>i.x402Version===2&&(i.scheme==="exact"||i.scheme==="exact-approval"||i.scheme==="batch-settlement")&&i.network===t)?.extra}async verifyPayment(t,r){try{let n=q(t),i=await this.fetchWithRetry(`${this.facilitatorUrl}/verify`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({x402Version:2,paymentPayload:n,paymentRequirements:r})});return i.ok?await i.json():{isValid:!1,invalidReason:`facilitator_error_${i.status}`}}catch(n){return{isValid:!1,invalidReason:n instanceof F?`facilitator_error_${n.status}`:n instanceof Error&&n.name==="AbortError"?"facilitator_timeout":n instanceof Error?n.message:"unexpected_verify_error"}}}async settlePayment(t,r){try{let n=q(t),i=await this.fetchWithRetry(`${this.facilitatorUrl}/settle`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({x402Version:2,paymentPayload:n,paymentRequirements:r})});return i.ok?{...await i.json(),network:r.network}:{success:!1,network:r.network,errorReason:`facilitator_error_${i.status}`}}catch(n){let i=n instanceof F?`facilitator_error_${n.status}`:n instanceof Error&&n.name==="AbortError"?"facilitator_timeout":n instanceof Error?n.message:"unexpected_settle_error";return{success:!1,network:r.network,errorReason:i}}}};function bt(e){if(ae(e))return{address:oe,decimals:6};let t=qe[e];if(t){let r=Fe[t]?.decimals??6;return{address:t,decimals:r}}return{address:oe,decimals:6}}function We(e){try{let t=q(e);return t?.accepted?.amount??t?.accepted?.maxAmountRequired}catch{return}}function W(e){let{payTo:t,facilitatorUrl:r=H,network:n=I,defaultTimeoutSeconds:i=60}=e,s=e.asset??bt(n),h=e.scheme??"exact";if(h==="tab"&&!ae(n))throw new Error(`scheme 'tab' is SVM-only; got network "${n}"`);let c=new le(r),a=null,m=new Map,l=3e4,o=Date.now();function y(u){let g=(u.maxTimeoutSeconds||i)*1e3;if(m.set(u.payTo,{accept:u,expiresAt:Date.now()+g}),Date.now()-o>l){let A=Date.now();for(let[w,k]of m)k.expiresAt<A&&m.delete(w);o=A}}function d(u){let g=m.get(u);if(g){if(g.expiresAt<Date.now()){m.delete(u);return}return g.accept}}async function f(u){return typeof t=="string"?t:t(u||{})}async function b(){if(a||(a=await c.getNetworkExtra(n)),ae(n)&&!a?.feePayer)throw new Error(`Facilitator does not provide feePayer for network "${n}"`);return{...a?.feePayer?{feePayer:a.feePayer}:{},decimals:a?.decimals??s.decimals,name:a?.name,version:a?.version,...h==="batch-settlement"&&a?.receiverAuthorizer?{receiverAuthorizer:a.receiverAuthorizer}:{},...h==="tab"?{voucherHeader:"x-tab-voucher",registrationEncoding:"base64(188-byte sessionRegisterMessage)"}:{}}}async function V(u,g){let{amountAtomic:A,timeoutSeconds:w=i}=g,k=await b(),U={scheme:h,network:n,amount:A,maxAmountRequired:A,asset:s.address,payTo:u,maxTimeoutSeconds:w,extra:k};return y(U),U}async function B(u){let g=await f({amountAtomic:u.amountAtomic,resourceUrl:u.resourceUrl});return V(g,u)}async function ue(u){let{resourceUrl:g,description:A,mimeType:w="application/json"}=u,k={url:g,description:A,mimeType:w},U=await B(u);return{x402Version:2,resource:k,accepts:[U],error:"Payment required"}}function L(u){return ce(u)}function j(u){return{status:402,headers:{"PAYMENT-REQUIRED":L(u)},body:{}}}async function me(u,g){if(!g){let A=await f({paymentHeader:u});g=d(A),g||(g=await V(A,{amountAtomic:We(u)??"0",resourceUrl:""}))}return c.verifyPayment(u,g)}async function X(u,g){if(!g){let A=await f({paymentHeader:u});g=d(A),g||(g=await V(A,{amountAtomic:We(u)??"0",resourceUrl:""}))}return c.settlePayment(u,g)}return{buildRequirements:ue,encodeRequirements:L,create402Response:j,verifyPayment:me,settlePayment:X,getPaymentAccept:B,network:n,assetDecimals:s.decimals,facilitator:c}}var wt={"solana:mainnet":I};function St(e){let t=wt[e.network];if(!t)throw new Error(`tabChallengeMiddleware: unsupported network "${e.network}"`);let r=typeof e.sellerPubkey=="string"?e.sellerPubkey:e.sellerPubkey.toBase58();new vt(r);let n=W({payTo:r,network:t,scheme:"tab",facilitatorUrl:e.facilitatorUrl}),i=R(e.perUnit);return async(s,h,c)=>{if(s.headers[$])return c();try{let a=`${s.protocol}://${s.get("host")}${s.originalUrl}`,m=await n.buildRequirements({amountAtomic:i,resourceUrl:a,description:e.description}),l=n.create402Response(m);h.set(l.headers).status(l.status).json(l.body)}catch(a){let m=a?.message??String(a);h.status(503).set({"Retry-After":"5"}).json({error:"challenge_unavailable",detail:m})}}}import{PublicKey as xt}from"@solana/web3.js";var Ct={"solana:mainnet":I};function Et(e){let t=Ct[e.network];if(!t)throw new Error(`tabOrExactMiddleware: unsupported network "${e.network}"`);let r=typeof e.sellerPubkey=="string"?e.sellerPubkey:e.sellerPubkey.toBase58();new xt(r);let n=W({payTo:r,network:t,scheme:"tab",facilitatorUrl:e.facilitatorUrl}),i=W({payTo:r,network:t,scheme:"exact",facilitatorUrl:e.facilitatorUrl}),s=R(e.perUnit),h=Pe({connection:e.connection,sellerPubkey:r,network:e.network,perUnit:e.perUnit,settle:"on-close",facilitatorUrl:e.facilitatorUrl,lockCadence:e.lockCadence});return async(c,a,m)=>{if(c.headers[$])return h(c,a,m);let l=`${c.protocol}://${c.get("host")}${c.originalUrl}`,o=c.headers["payment-signature"];if(o){let y;try{y=await i.getPaymentAccept({amountAtomic:s,resourceUrl:l,description:e.description})}catch(d){let f=d?.message??String(d);a.status(503).set({"Retry-After":"5"}).json({error:"challenge_unavailable",detail:f});return}try{let d=await i.verifyPayment(o,y);if(!d.isValid){a.status(402).json({error:"Payment verification failed",reason:d.invalidReason});return}let f=await i.settlePayment(o,y);if(!f.success){a.status(402).json({error:"Payment settlement failed",reason:f.errorReason});return}return c.x402={transaction:f.transaction,payer:d.payer??"",network:f.network||t},a.setHeader("PAYMENT-RESPONSE",ce({success:!0,transaction:f.transaction,network:f.network||t,payer:d.payer??""})),m()}catch{a.status(500).json({error:"Payment processing error"});return}}try{let y={amountAtomic:s,resourceUrl:l,description:e.description},[d,f]=await Promise.all([n.buildRequirements(y),i.buildRequirements(y)]),b={...d,accepts:[...d.accepts,...f.accepts]};a.set({"PAYMENT-REQUIRED":n.encodeRequirements(b)}).status(402).json({error:"Payment required",accepts:b.accepts,resource:b.resource})}catch(y){let d=y?.message??String(y);a.status(503).set({"Retry-After":"5"}).json({error:"challenge_unavailable",detail:d})}}}export{ge as FileChannelLedger,Ne as FileVoucherStore,M as InMemoryChannelLedger,Ie as InMemoryVoucherStore,E as InvalidRegistrationError,x as InvalidVoucherError,_ as InvalidVoucherSignatureError,N as OnChainVerificationError,C as ScopeViolationError,$ as TAB_VOUCHER_HEADER,Se as enforceScope,ut as openSse,be as parseRegistration,lt as requireTab,St as tabChallengeMiddleware,Pe as tabMiddleware,Et as tabOrExactMiddleware,ve as verifyRegistrationOnChain,we as verifyVoucherSignature};
@@ -27,10 +27,17 @@ interface VaultAdapter {
27
27
  vaultPda: string;
28
28
  /**
29
29
  * Use the ROOT signer (passkey) to authorize a fresh session key. This is
30
- * the only call that prompts the user. Returns a session that can be passed
31
- * to `signWithSession` freely until the scope's cap or expiry is reached.
30
+ * the only call that prompts the user (twice when atomically replacing a
31
+ * live session one revoke ceremony + one register ceremony). Returns a
32
+ * session that can be passed to `signWithSession` freely until the scope's
33
+ * cap or expiry is reached.
34
+ *
35
+ * The session PDA is keyed by (vault, counterparty) — re-authorizing
36
+ * against a counterparty you already hold a LIVE session with resolves to
37
+ * the same PDA. The adapter reads it first and applies
38
+ * `opts.onLiveSession` (default `'error'`): see {@link AuthorizeSessionOptions}.
32
39
  */
33
- authorizeSession(scope: SessionScope): Promise<SessionKey>;
40
+ authorizeSession(scope: SessionScope, opts?: AuthorizeSessionOptions): Promise<SessionKey>;
34
41
  /**
35
42
  * Use the session key to sign a voucher. Cheap. Never prompts. The seller
36
43
  * verifies against the session's registration; the session's registration
@@ -48,6 +55,28 @@ interface VaultAdapter {
48
55
  */
49
56
  signCloseTab(session: SessionKey, channelId: string, cumulativeAmount: AtomicAmount): Promise<Uint8Array>;
50
57
  }
58
+ /**
59
+ * Live-session policy for `authorizeSession` / `openTab` (K-T4e).
60
+ *
61
+ * The on-chain program rejects registering over a LIVE session
62
+ * (`SessionAlreadyActive`); the pre-guard program silently overwrote it —
63
+ * stranding any of the old session's signed-but-unsettled vouchers beyond
64
+ * the on-chain frontier (`max(spent, crystallized_cumulative)`). Neither is
65
+ * what a buyer wants by accident, so the adapter decides UP FRONT:
66
+ *
67
+ * - `'error'` (default): throw {@link LiveSessionExistsError} carrying the
68
+ * live session's on-chain evidence. The caller settles the old tab first
69
+ * (`tab.close()` — or POST its last signed voucher to `/tab/settle`) and
70
+ * retries, or acknowledges the replace explicitly.
71
+ * - `'replace'`: compose the ATOMIC same-transaction
72
+ * [secp(revoke), revoke, secp(register), register] so the buyer is never
73
+ * left sessionless mid-flow. Costs a second passkey ceremony. Value
74
+ * already settled or crystallized into LockedClaims survives the replace;
75
+ * anything signed beyond the frontier is voided.
76
+ */
77
+ interface AuthorizeSessionOptions {
78
+ onLiveSession?: 'error' | 'replace';
79
+ }
51
80
  /** Live state of a buyer's tab. All amounts human units. */
52
81
  interface TabState {
53
82
  /** Whether the tab is currently open (on chain) and accepting vouchers. */
@@ -165,6 +194,15 @@ interface OpenTabOptions {
165
194
  sessionDuration?: number;
166
195
  /** Facilitator base URL. Default: DEFAULT_FACILITATOR_URL (https://x402.dexter.cash), overridable. */
167
196
  facilitatorUrl?: string;
197
+ /**
198
+ * What to do when a LIVE session already exists for this (vault, seller)
199
+ * pair — the session PDA is per-counterparty, so re-opening against the
200
+ * same seller collides with it. Default `'error'` (throw
201
+ * {@link LiveSessionExistsError} — never silently strand the old session's
202
+ * unsettled tail); `'replace'` composes the atomic revoke-then-register.
203
+ * See {@link AuthorizeSessionOptions}.
204
+ */
205
+ onLiveSession?: 'error' | 'replace';
168
206
  }
169
207
  /**
170
208
  * Options for `resumeTab` — open a handle to a tab that was opened by a
@@ -199,5 +237,44 @@ declare class TabClosedError extends Error {
199
237
  readonly channelId: string;
200
238
  constructor(channelId: string);
201
239
  }
240
+ /** The on-chain evidence a stranding-guard refusal carries. All amounts are
241
+ * atomic strings read from the live SessionAccount PDA. */
242
+ interface LiveSessionDetails {
243
+ /** The seller (counterparty) whose session PDA is live. */
244
+ allowedCounterparty: string;
245
+ /** The LIVE session's ed25519 pubkey (hex) — NOT the one being requested. */
246
+ sessionPubkeyHex: string;
247
+ /** Unix-seconds expiry of the live session (it self-heals here). */
248
+ expiresAtUnix: number;
249
+ /** Cumulative already SETTLED on-chain (USDC moved to the seller). */
250
+ spentAtomic: string;
251
+ /** Cumulative already CRYSTALLIZED into LockedClaims (survives a revoke —
252
+ * claims are separate PDAs and settle independently). */
253
+ crystallizedCumulativeAtomic: string;
254
+ /** The live revolving meter (armed exposure not yet settled/released). */
255
+ currentOutstandingAtomic: string;
256
+ /** max(spent, crystallized) — everything the chain has terminally counted.
257
+ * A replace strands ONLY vouchers signed beyond this frontier. */
258
+ frontierAtomic: string;
259
+ }
260
+ /**
261
+ * Thrown by `authorizeSession` / `openTab` when a LIVE session already
262
+ * exists for the target (vault, counterparty) PDA and the caller did not
263
+ * pass `onLiveSession: 'replace'` (K-T4e stranding guard).
264
+ *
265
+ * WHY THIS IS LOUD: revoking (or atomically replacing) a live session zeroes
266
+ * its entire on-chain registration — any voucher the OLD session key signed
267
+ * beyond the frontier (`max(spent, crystallized)`) becomes permanently
268
+ * unsettleable, stranding the seller's unsecured tail. The chain cannot see
269
+ * that tail (signed vouchers live off-chain), so the SDK refuses to replace
270
+ * silently. Remediate by settling the old tab first (`tab.close()`, or POST
271
+ * its last signed voucher to the facilitator's `/tab/settle`), then retry —
272
+ * or acknowledge the replace explicitly if the tail is known-settled or
273
+ * intentionally abandoned.
274
+ */
275
+ declare class LiveSessionExistsError extends Error {
276
+ readonly details: LiveSessionDetails;
277
+ constructor(details: LiveSessionDetails);
278
+ }
202
279
 
203
- export { type OpenTabOptions as O, type ResumeTabOptions as R, SessionScopeExceededError as S, type Tab as T, UnsupportedNetworkError as U, type VaultAdapter as V, type TabState as a, type TabCloseResult as b, TabClosedError as c };
280
+ export { type AuthorizeSessionOptions as A, type LiveSessionDetails as L, type OpenTabOptions as O, type ResumeTabOptions as R, SessionScopeExceededError as S, type Tab as T, UnsupportedNetworkError as U, type VaultAdapter as V, type TabState as a, type TabCloseResult as b, TabClosedError as c, LiveSessionExistsError as d };
@@ -27,10 +27,17 @@ interface VaultAdapter {
27
27
  vaultPda: string;
28
28
  /**
29
29
  * Use the ROOT signer (passkey) to authorize a fresh session key. This is
30
- * the only call that prompts the user. Returns a session that can be passed
31
- * to `signWithSession` freely until the scope's cap or expiry is reached.
30
+ * the only call that prompts the user (twice when atomically replacing a
31
+ * live session one revoke ceremony + one register ceremony). Returns a
32
+ * session that can be passed to `signWithSession` freely until the scope's
33
+ * cap or expiry is reached.
34
+ *
35
+ * The session PDA is keyed by (vault, counterparty) — re-authorizing
36
+ * against a counterparty you already hold a LIVE session with resolves to
37
+ * the same PDA. The adapter reads it first and applies
38
+ * `opts.onLiveSession` (default `'error'`): see {@link AuthorizeSessionOptions}.
32
39
  */
33
- authorizeSession(scope: SessionScope): Promise<SessionKey>;
40
+ authorizeSession(scope: SessionScope, opts?: AuthorizeSessionOptions): Promise<SessionKey>;
34
41
  /**
35
42
  * Use the session key to sign a voucher. Cheap. Never prompts. The seller
36
43
  * verifies against the session's registration; the session's registration
@@ -48,6 +55,28 @@ interface VaultAdapter {
48
55
  */
49
56
  signCloseTab(session: SessionKey, channelId: string, cumulativeAmount: AtomicAmount): Promise<Uint8Array>;
50
57
  }
58
+ /**
59
+ * Live-session policy for `authorizeSession` / `openTab` (K-T4e).
60
+ *
61
+ * The on-chain program rejects registering over a LIVE session
62
+ * (`SessionAlreadyActive`); the pre-guard program silently overwrote it —
63
+ * stranding any of the old session's signed-but-unsettled vouchers beyond
64
+ * the on-chain frontier (`max(spent, crystallized_cumulative)`). Neither is
65
+ * what a buyer wants by accident, so the adapter decides UP FRONT:
66
+ *
67
+ * - `'error'` (default): throw {@link LiveSessionExistsError} carrying the
68
+ * live session's on-chain evidence. The caller settles the old tab first
69
+ * (`tab.close()` — or POST its last signed voucher to `/tab/settle`) and
70
+ * retries, or acknowledges the replace explicitly.
71
+ * - `'replace'`: compose the ATOMIC same-transaction
72
+ * [secp(revoke), revoke, secp(register), register] so the buyer is never
73
+ * left sessionless mid-flow. Costs a second passkey ceremony. Value
74
+ * already settled or crystallized into LockedClaims survives the replace;
75
+ * anything signed beyond the frontier is voided.
76
+ */
77
+ interface AuthorizeSessionOptions {
78
+ onLiveSession?: 'error' | 'replace';
79
+ }
51
80
  /** Live state of a buyer's tab. All amounts human units. */
52
81
  interface TabState {
53
82
  /** Whether the tab is currently open (on chain) and accepting vouchers. */
@@ -165,6 +194,15 @@ interface OpenTabOptions {
165
194
  sessionDuration?: number;
166
195
  /** Facilitator base URL. Default: DEFAULT_FACILITATOR_URL (https://x402.dexter.cash), overridable. */
167
196
  facilitatorUrl?: string;
197
+ /**
198
+ * What to do when a LIVE session already exists for this (vault, seller)
199
+ * pair — the session PDA is per-counterparty, so re-opening against the
200
+ * same seller collides with it. Default `'error'` (throw
201
+ * {@link LiveSessionExistsError} — never silently strand the old session's
202
+ * unsettled tail); `'replace'` composes the atomic revoke-then-register.
203
+ * See {@link AuthorizeSessionOptions}.
204
+ */
205
+ onLiveSession?: 'error' | 'replace';
168
206
  }
169
207
  /**
170
208
  * Options for `resumeTab` — open a handle to a tab that was opened by a
@@ -199,5 +237,44 @@ declare class TabClosedError extends Error {
199
237
  readonly channelId: string;
200
238
  constructor(channelId: string);
201
239
  }
240
+ /** The on-chain evidence a stranding-guard refusal carries. All amounts are
241
+ * atomic strings read from the live SessionAccount PDA. */
242
+ interface LiveSessionDetails {
243
+ /** The seller (counterparty) whose session PDA is live. */
244
+ allowedCounterparty: string;
245
+ /** The LIVE session's ed25519 pubkey (hex) — NOT the one being requested. */
246
+ sessionPubkeyHex: string;
247
+ /** Unix-seconds expiry of the live session (it self-heals here). */
248
+ expiresAtUnix: number;
249
+ /** Cumulative already SETTLED on-chain (USDC moved to the seller). */
250
+ spentAtomic: string;
251
+ /** Cumulative already CRYSTALLIZED into LockedClaims (survives a revoke —
252
+ * claims are separate PDAs and settle independently). */
253
+ crystallizedCumulativeAtomic: string;
254
+ /** The live revolving meter (armed exposure not yet settled/released). */
255
+ currentOutstandingAtomic: string;
256
+ /** max(spent, crystallized) — everything the chain has terminally counted.
257
+ * A replace strands ONLY vouchers signed beyond this frontier. */
258
+ frontierAtomic: string;
259
+ }
260
+ /**
261
+ * Thrown by `authorizeSession` / `openTab` when a LIVE session already
262
+ * exists for the target (vault, counterparty) PDA and the caller did not
263
+ * pass `onLiveSession: 'replace'` (K-T4e stranding guard).
264
+ *
265
+ * WHY THIS IS LOUD: revoking (or atomically replacing) a live session zeroes
266
+ * its entire on-chain registration — any voucher the OLD session key signed
267
+ * beyond the frontier (`max(spent, crystallized)`) becomes permanently
268
+ * unsettleable, stranding the seller's unsecured tail. The chain cannot see
269
+ * that tail (signed vouchers live off-chain), so the SDK refuses to replace
270
+ * silently. Remediate by settling the old tab first (`tab.close()`, or POST
271
+ * its last signed voucher to the facilitator's `/tab/settle`), then retry —
272
+ * or acknowledge the replace explicitly if the tail is known-settled or
273
+ * intentionally abandoned.
274
+ */
275
+ declare class LiveSessionExistsError extends Error {
276
+ readonly details: LiveSessionDetails;
277
+ constructor(details: LiveSessionDetails);
278
+ }
202
279
 
203
- export { type OpenTabOptions as O, type ResumeTabOptions as R, SessionScopeExceededError as S, type Tab as T, UnsupportedNetworkError as U, type VaultAdapter as V, type TabState as a, type TabCloseResult as b, TabClosedError as c };
280
+ export { type AuthorizeSessionOptions as A, type LiveSessionDetails as L, type OpenTabOptions as O, type ResumeTabOptions as R, SessionScopeExceededError as S, type Tab as T, UnsupportedNetworkError as U, type VaultAdapter as V, type TabState as a, type TabCloseResult as b, TabClosedError as c, LiveSessionExistsError as d };
@@ -1,5 +1,5 @@
1
1
  import { W as WalletSet } from './types-xQu1U4xk.cjs';
2
- import { T as Tab } from './types-D5eKDMvo.cjs';
2
+ import { T as Tab } from './types-CSuISjXA.cjs';
3
3
 
4
4
  /**
5
5
  * Shared contract for the x402 version seam. Both the v1 and v2 strategy
@@ -1,5 +1,5 @@
1
1
  import { W as WalletSet } from './types-xQu1U4xk.js';
2
- import { T as Tab } from './types-D5eKDMvo.js';
2
+ import { T as Tab } from './types-CSuISjXA.js';
3
3
 
4
4
  /**
5
5
  * Shared contract for the x402 version seam. Both the v1 and v2 strategy
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dexterai/x402",
3
- "version": "5.3.0",
3
+ "version": "5.3.1",
4
4
  "description": "Full-stack x402 SDK - add paid API monetization to any endpoint. Express middleware, React hooks, Access Pass, dynamic pricing. Solana, Base, Polygon, Arbitrum, Optimism, Avalanche, SKALE.",
5
5
  "author": "Dexter",
6
6
  "license": "MIT",
@@ -62,7 +62,7 @@
62
62
  "README.md",
63
63
  "REFERENCE.md",
64
64
  "LICENSE",
65
- "assets"
65
+ "assets/*.svg"
66
66
  ],
67
67
  "scripts": {
68
68
  "build": "tsup",
@@ -89,7 +89,7 @@
89
89
  "tweetnacl": "^1.0.3"
90
90
  },
91
91
  "devDependencies": {
92
- "@dexterai/vault": "^0.20.0",
92
+ "@dexterai/vault": "^0.34.0",
93
93
  "@types/aws-lambda": "^8.10.161",
94
94
  "@types/express": "^5.0.6",
95
95
  "@types/node": "^22.10.0",
@@ -104,7 +104,7 @@
104
104
  "vitest": "^2.1.8"
105
105
  },
106
106
  "peerDependencies": {
107
- "@dexterai/vault": ">=0.20.0",
107
+ "@dexterai/vault": ">=0.34.0",
108
108
  "@solana/wallet-adapter-base": "^0.9.0",
109
109
  "react": "^18.0.0 || ^19.0.0",
110
110
  "stripe": "^20.0.0",