@elizaos/plugin-x402 2.0.0-alpha.6 → 2.0.3-beta.5

package/dist/index.js

@@ -1,2070 +1,2697 @@
-// actions/check-payment-history.ts
-import { logger } from "@elizaos/core";
+import { createRequire } from "node:module";
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
-// utils.ts
-var ONE_DAY_MS = 24 * 60 * 60 * 1000;
-function formatUsd(baseUnits) {
-  const dollars = Number(baseUnits) / 1e6;
-  return `$${dollars.toFixed(2)}`;
+// src/payment-config.ts
+import { logger } from "@elizaos/core";
+var BUILT_IN_NETWORKS = ["BASE", "SOLANA", "POLYGON", "BSC"];
+var DEFAULT_NETWORK = "SOLANA";
+function toX402Network(network) {
+  const networkMap = {
+    BASE: "base",
+    SOLANA: "solana",
+    POLYGON: "polygon",
+    BSC: "bsc"
+  };
+  const mappedNetwork = networkMap[network];
+  if (!mappedNetwork) {
+    throw new Error(`Network '${network}' is not supported by x402scan. ` + `Supported networks: ${BUILT_IN_NETWORKS.join(", ")}`);
+  }
+  return mappedNetwork;
 }
-function truncateAddress(address) {
-  if (address.length <= 10)
-    return address;
-  return `${address.slice(0, 6)}...${address.slice(-4)}`;
+var BUNDLED_EXAMPLE_EVM_PAYOUT = "0x066E94e1200aa765d0A6392777D543Aa6Dea606C";
+var BUNDLED_EXAMPLE_SOLANA_PAYOUT = "3nMBmufBUBVnk28sTp3NsrSJsdVGTyLZYmsqpMFaUT9J";
+function paymentAddressIsBundledExample(network, paymentAddress) {
+  const a = paymentAddress.trim();
+  if (!a)
+    return false;
+  if (network === "SOLANA")
+    return a === BUNDLED_EXAMPLE_SOLANA_PAYOUT;
+  if (network === "BASE" || network === "POLYGON" || network === "BSC") {
+    return a.toLowerCase() === BUNDLED_EXAMPLE_EVM_PAYOUT.toLowerCase();
+  }
+  return false;
 }
-function usdToBaseUnits(usd) {
-  return BigInt(Math.round(usd * 1e6));
+var PAYMENT_ADDRESSES = {
+  BASE: process.env.BASE_PUBLIC_KEY || process.env.PAYMENT_WALLET_BASE || BUNDLED_EXAMPLE_EVM_PAYOUT,
+  SOLANA: process.env.SOLANA_PUBLIC_KEY || process.env.PAYMENT_WALLET_SOLANA || BUNDLED_EXAMPLE_SOLANA_PAYOUT,
+  POLYGON: process.env.POLYGON_PUBLIC_KEY || process.env.PAYMENT_WALLET_POLYGON || "",
+  BSC: process.env.BSC_PUBLIC_KEY || process.env.PAYMENT_WALLET_BSC || BUNDLED_EXAMPLE_EVM_PAYOUT
+};
+function getBaseUrl() {
+  if (process.env.X402_BASE_URL) {
+    return process.env.X402_BASE_URL.replace(/\/$/, "");
+  }
+  return "https://x402.elizacloud.ai";
 }
-
-// actions/check-payment-history.ts
-var checkPaymentHistoryAction = {
-  name: "CHECK_PAYMENT_HISTORY",
-  description: "Check x402 payment history including spending summary and recent transactions. Use when asked about payment activity, spending, or earnings.",
-  similes: [
-    "check payments",
-    "payment history",
-    "spending summary",
-    "how much have I spent",
-    "payment transactions",
-    "show payments"
-  ],
-  parameters: [
-    {
-      name: "limit",
-      description: "Maximum number of recent transactions to show (default: 10)",
-      required: false,
-      schema: { type: "number" }
-    }
-  ],
-  validate: async (runtime, message, state, options) => {
-    const __avTextRaw = typeof message?.content?.text === "string" ? message.content.text : "";
-    const __avText = __avTextRaw.toLowerCase();
-    const __avKeywords = ["check", "payment", "history"];
-    const __avKeywordOk = __avKeywords.length > 0 && __avKeywords.some((kw) => kw.length > 0 && __avText.includes(kw));
-    const __avRegex = new RegExp("\\b(?:check|payment|history)\\b", "i");
-    const __avRegexOk = __avRegex.test(__avText);
-    const __avSource = String(message?.content?.source ?? message?.source ?? "");
-    const __avExpectedSource = "";
-    const __avSourceOk = __avExpectedSource ? __avSource === __avExpectedSource : Boolean(__avSource || state || runtime?.agentId || runtime?.getService);
-    const __avOptions = options && typeof options === "object" ? options : {};
-    const __avInputOk = __avText.trim().length > 0 || Object.keys(__avOptions).length > 0 || Boolean(message?.content && typeof message.content === "object");
-    if (!(__avKeywordOk && __avRegexOk && __avSourceOk && __avInputOk)) {
-      return false;
-    }
-    const __avLegacyValidate = async (runtime2) => {
-      const service = runtime2.getService("x402_payment");
-      return !!service && service.isActive();
-    };
-    try {
-      return Boolean(await __avLegacyValidate(runtime, message, state, options));
-    } catch {
-      return false;
-    }
+function toResourceUrl(path) {
+  const baseUrl = getBaseUrl();
+  const cleanPath = path.startsWith("/") ? path : `/${path}`;
+  return `${baseUrl}${cleanPath}`;
+}
+var SOLANA_TOKENS = {
+  USDC: {
+    symbol: "USDC",
+    address: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
+    decimals: 6
   },
-  handler: async (runtime, _message, _state, options, callback) => {
-    const service = runtime.getService("x402_payment");
-    if (!service || !service.isActive()) {
-      logger.warn("[x402] CHECK_PAYMENT_HISTORY: Service not available or inactive");
-      if (callback) {
-        await callback({
-          text: "Payment tracking is not active. The x402 payment service is not configured.",
-          actions: []
-        });
-      }
-      return { success: false, error: "x402 service not available" };
-    }
-    const params = options?.parameters;
-    const limit = typeof params?.limit === "number" ? params.limit : 10;
-    try {
-      const summary = await service.getSummary(ONE_DAY_MS);
-      const recentTxns = await service.getRecentTransactions(limit);
-      const lines = [];
-      const walletAddress = service.getWalletAddress();
-      const network = service.getNetwork();
-      lines.push(`**Payment Summary** (${network})`);
-      lines.push(`Wallet: ${walletAddress ? truncateAddress(walletAddress) : "N/A"}`);
-      lines.push("");
-      lines.push("**Last 24 Hours:**");
-      lines.push(`- Spent: ${formatUsd(summary.totalSpent)} (${summary.outgoingCount} transactions)`);
-      lines.push(`- Earned: ${formatUsd(summary.totalEarned)} (${summary.incomingCount} transactions)`);
-      const net = summary.totalEarned - summary.totalSpent;
-      const netDisplay = net < 0n ? `-${formatUsd(-net)}` : `+${formatUsd(net)}`;
-      lines.push(`- Net: ${netDisplay}`);
-      lines.push("");
-      lines.push(`Circuit Breaker: ${service.getCircuitBreakerState()}`);
-      lines.push("");
-      if (recentTxns.length > 0) {
-        lines.push(`**Recent Transactions** (last ${recentTxns.length}):`);
-        for (const txn of recentTxns) {
-          const direction = txn.direction === "outgoing" ? "SENT" : "RECV";
-          const counterpartyDisplay = truncateAddress(txn.counterparty);
-          const time = new Date(txn.createdAt).toLocaleString();
-          lines.push(`- [${direction}] ${formatUsd(txn.amount)} ${txn.direction === "outgoing" ? "to" : "from"} ${counterpartyDisplay} — ${txn.resource || "N/A"} (${time}) [${txn.status}]`);
-        }
-      } else {
-        lines.push("No recent transactions.");
-      }
-      const responseText = lines.join(`
-`);
-      if (callback) {
-        await callback({
-          text: responseText,
-          actions: []
-        });
-      }
-      return {
-        success: true,
-        text: responseText,
-        data: {
-          totalSpent: formatUsd(summary.totalSpent),
-          totalEarned: formatUsd(summary.totalEarned),
-          outgoingCount: summary.outgoingCount,
-          incomingCount: summary.incomingCount,
-          recentTransactionCount: recentTxns.length
-        }
-      };
-    } catch (err) {
-      const errorMessage = err instanceof Error ? err.message : String(err);
-      logger.error(`[x402] CHECK_PAYMENT_HISTORY: Failed: ${errorMessage}`);
-      if (callback) {
-        await callback({
-          text: `Failed to retrieve payment history: ${errorMessage}`,
-          actions: []
-        });
-      }
-      return { success: false, error: errorMessage };
-    }
+  AI16Z: {
+    symbol: "ai16z",
+    address: "HeLp6NuQkmYB4pYWo2zYs22mESHXPQYzXbB8n4V98jwC",
+    decimals: 6
   },
-  examples: [
-    [
-      {
-        name: "user",
-        content: {
-          text: "How much have you spent today?"
-        }
-      },
-      {
-        name: "assistant",
-        content: {
-          text: "Let me check my payment history for today.",
-          actions: ["CHECK_PAYMENT_HISTORY"]
-        }
-      }
-    ],
-    [
-      {
-        name: "user",
-        content: {
-          text: "Show me your recent payment transactions"
-        }
-      },
-      {
-        name: "assistant",
-        content: {
-          text: "Here are my recent x402 payment transactions.",
-          actions: ["CHECK_PAYMENT_HISTORY"]
-        }
+  DEGENAI: {
+    symbol: "degenai",
+    address: "Gu3LDkn7Vx3bmCzLafYNKcDxv2mH7YN44NJZFXnypump",
+    decimals: 6
+  },
+  ELIZAOS: {
+    symbol: "elizaOS",
+    address: "DuMbhu7mvQvqQHGcnikDgb4XegXJRyhUBfdU22uELiZA",
+    decimals: 6
+  }
+};
+var BASE_TOKENS = {
+  USDC: {
+    symbol: "USDC",
+    address: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+    decimals: 6
+  },
+  ELIZAOS: {
+    symbol: "elizaOS",
+    address: "0xea17Df5Cf6D172224892B5477A16ACb111182478",
+    decimals: 18
+  }
+};
+var POLYGON_TOKENS = {
+  USDC: {
+    symbol: "USDC",
+    address: "0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",
+    decimals: 6
+  }
+};
+var BSC_TOKENS = {
+  USDC: {
+    symbol: "USDC",
+    address: "0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",
+    decimals: 18
+  }
+};
+var PAYMENT_RECEIVER_ADDRESS = PAYMENT_ADDRESSES[DEFAULT_NETWORK] || "";
+var PAYMENT_CONFIGS = {
+  base_usdc: {
+    network: "BASE",
+    assetNamespace: "erc20",
+    assetReference: BASE_TOKENS.USDC.address,
+    paymentAddress: PAYMENT_ADDRESSES.BASE ?? BUNDLED_EXAMPLE_EVM_PAYOUT,
+    symbol: "USDC",
+    chainId: "8453"
+  },
+  solana_usdc: {
+    network: "SOLANA",
+    assetNamespace: "spl-token",
+    assetReference: SOLANA_TOKENS.USDC.address,
+    paymentAddress: PAYMENT_ADDRESSES.SOLANA ?? BUNDLED_EXAMPLE_SOLANA_PAYOUT,
+    symbol: "USDC"
+  },
+  polygon_usdc: {
+    network: "POLYGON",
+    assetNamespace: "erc20",
+    assetReference: POLYGON_TOKENS.USDC.address,
+    paymentAddress: PAYMENT_ADDRESSES.POLYGON || "",
+    symbol: "USDC",
+    chainId: "137"
+  },
+  bsc_usdc: {
+    network: "BSC",
+    assetNamespace: "erc20",
+    assetReference: BSC_TOKENS.USDC.address,
+    paymentAddress: PAYMENT_ADDRESSES.BSC ?? BUNDLED_EXAMPLE_EVM_PAYOUT,
+    symbol: "USDC",
+    chainId: "56"
+  },
+  base_elizaos: {
+    network: "BASE",
+    assetNamespace: "erc20",
+    assetReference: BASE_TOKENS.ELIZAOS.address,
+    paymentAddress: PAYMENT_ADDRESSES.BASE ?? BUNDLED_EXAMPLE_EVM_PAYOUT,
+    symbol: "elizaOS",
+    chainId: "8453"
+  },
+  solana_elizaos: {
+    network: "SOLANA",
+    assetNamespace: "spl-token",
+    assetReference: SOLANA_TOKENS.ELIZAOS.address,
+    paymentAddress: PAYMENT_ADDRESSES.SOLANA ?? BUNDLED_EXAMPLE_SOLANA_PAYOUT,
+    symbol: "elizaOS"
+  },
+  solana_degenai: {
+    network: "SOLANA",
+    assetNamespace: "spl-token",
+    assetReference: SOLANA_TOKENS.DEGENAI.address,
+    paymentAddress: PAYMENT_ADDRESSES.SOLANA ?? BUNDLED_EXAMPLE_SOLANA_PAYOUT,
+    symbol: "degenai"
+  }
+};
+function getCAIP19FromConfig(config) {
+  const chainNamespace = config.network === "SOLANA" ? "solana" : "eip155";
+  const chainReference = config.chainId || (config.network === "BASE" ? "8453" : config.network === "POLYGON" ? "137" : config.network === "BSC" ? "56" : "1");
+  const chainId = `${chainNamespace}:${chainReference}`;
+  const assetId = `${config.assetNamespace}:${config.assetReference}`;
+  return `${chainId}/${assetId}`;
+}
+var CUSTOM_PAYMENT_CONFIGS = {};
+function registerX402Config(name, config, options) {
+  if (PAYMENT_CONFIGS[name] && !options?.override) {
+    throw new Error(`Payment config '${name}' already exists. Use override: true to replace it.`);
+  }
+  const registryKey = options?.agentId ? `${options.agentId}:${name}` : name;
+  if (CUSTOM_PAYMENT_CONFIGS[registryKey] && !options?.override) {
+    throw new Error(`Payment config '${registryKey}' is already registered. Use override: true to replace it.`);
+  }
+  CUSTOM_PAYMENT_CONFIGS[registryKey] = config;
+  logger.debug({ registryKey, symbol: config.symbol, network: config.network }, "[x402] registered payment config");
+}
+function getPaymentConfig(name, agentId) {
+  if (agentId) {
+    const agentConfig = CUSTOM_PAYMENT_CONFIGS[`${agentId}:${name}`];
+    if (agentConfig)
+      return agentConfig;
+  }
+  const customConfig = CUSTOM_PAYMENT_CONFIGS[name];
+  if (customConfig)
+    return customConfig;
+  const builtInConfig = PAYMENT_CONFIGS[name];
+  if (!builtInConfig) {
+    const available = [
+      ...Object.keys(PAYMENT_CONFIGS),
+      ...Object.keys(CUSTOM_PAYMENT_CONFIGS).filter((k) => !k.includes(":"))
+    ];
+    throw new Error(`Unknown payment config '${name}'. Available: ${available.join(", ")}`);
+  }
+  return builtInConfig;
+}
+function listX402Configs(agentId) {
+  const configs = new Set([
+    ...Object.keys(PAYMENT_CONFIGS),
+    ...Object.keys(CUSTOM_PAYMENT_CONFIGS).filter((k) => !k.includes(":"))
+  ]);
+  if (agentId) {
+    for (const k of Object.keys(CUSTOM_PAYMENT_CONFIGS)) {
+      if (k.startsWith(`${agentId}:`)) {
+        const short = k.split(":")[1];
+        if (short)
+          configs.add(short);
       }
-    ]
-  ]
+    }
+  }
+  return Array.from(configs).sort();
+}
+function getPaymentAddress(network) {
+  const address = PAYMENT_ADDRESSES[network];
+  if (!address) {
+    throw new Error(`No payment address configured for network '${network}'. ` + `Supported networks: ${BUILT_IN_NETWORKS.join(", ")}. ` + `Set ${network}_PUBLIC_KEY in your environment.`);
+  }
+  return address;
+}
+var TOKEN_PRICES_USD = {
+  USDC: 1,
+  ai16z: Number.parseFloat(process.env.AI16Z_PRICE_USD || "0.5"),
+  degenai: Number.parseFloat(process.env.DEGENAI_PRICE_USD || "0.01"),
+  elizaOS: Number.parseFloat(process.env.ELIZAOS_PRICE_USD || "0.05"),
+  ETH: 2000
 };
+function usdDecimalStringToRational(raw) {
+  const s = raw.replace(/^\$/, "").trim();
+  if (!/^\d+(\.\d+)?$/.test(s)) {
+    throw new Error(`Invalid USD decimal: ${raw}`);
+  }
+  const [wi, fr = ""] = s.split(".");
+  const den = 10n ** BigInt(fr.length);
+  const whole = BigInt(wi || "0");
+  const frac = fr ? BigInt(fr) : 0n;
+  const num = whole * den + frac;
+  if (num <= 0n) {
+    throw new Error(`USD amount must be positive: ${raw}`);
+  }
+  return { num, den };
+}
+function envUsdPerTokenRational(envKey, fallback) {
+  const v = process.env[envKey]?.trim();
+  return usdDecimalStringToRational(v && v.length > 0 ? v : fallback);
+}
+function getTokenUsdPerTokenRational(asset, _network) {
+  const upper = asset.toUpperCase();
+  if (upper === "USDC")
+    return { num: 1n, den: 1n };
+  if (asset === "elizaOS" || upper === "ELIZAOS") {
+    return envUsdPerTokenRational("ELIZAOS_PRICE_USD", "0.05");
+  }
+  if (upper === "DEGENAI" || asset === "degenai") {
+    return envUsdPerTokenRational("DEGENAI_PRICE_USD", "0.01");
+  }
+  if (upper === "AI16Z" || asset === "ai16z") {
+    return envUsdPerTokenRational("AI16Z_PRICE_USD", "0.5");
+  }
+  if (upper === "ETH")
+    return { num: 2000n, den: 1n };
+  return { num: 1n, den: 1n };
+}
+function getTokenDecimals(asset, network) {
+  if (network === "SOLANA") {
+    const solanaToken2 = Object.values(SOLANA_TOKENS).find((t) => t.symbol === asset);
+    if (solanaToken2)
+      return solanaToken2.decimals;
+  }
+  if (network === "BASE") {
+    const baseToken2 = Object.values(BASE_TOKENS).find((t) => t.symbol === asset);
+    if (baseToken2)
+      return baseToken2.decimals;
+  }
+  if (network === "POLYGON") {
+    const polygonToken2 = Object.values(POLYGON_TOKENS).find((t) => t.symbol === asset);
+    if (polygonToken2)
+      return polygonToken2.decimals;
+  }
+  if (network === "BSC") {
+    const bscToken2 = Object.values(BSC_TOKENS).find((t) => t.symbol === asset);
+    if (bscToken2)
+      return bscToken2.decimals;
+  }
+  const solanaToken = Object.values(SOLANA_TOKENS).find((t) => t.symbol === asset);
+  if (solanaToken)
+    return solanaToken.decimals;
+  const baseToken = Object.values(BASE_TOKENS).find((t) => t.symbol === asset);
+  if (baseToken)
+    return baseToken.decimals;
+  const polygonToken = Object.values(POLYGON_TOKENS).find((t) => t.symbol === asset);
+  if (polygonToken)
+    return polygonToken.decimals;
+  const bscToken = Object.values(BSC_TOKENS).find((t) => t.symbol === asset);
+  if (bscToken)
+    return bscToken.decimals;
+  if (asset === "USDC")
+    return 6;
+  if (asset === "ETH")
+    return 18;
+  return 6;
+}
+function atomicAmountForPriceInCents(priceInCents, config) {
+  if (!Number.isFinite(priceInCents) || priceInCents <= 0) {
+    throw new Error("priceInCents must be a positive finite number");
+  }
+  const cents = BigInt(Math.floor(priceInCents));
+  const { num: p, den: q } = getTokenUsdPerTokenRational(config.symbol, config.network);
+  const dec = getTokenDecimals(config.symbol, config.network);
+  if (dec < 0 || dec > 120) {
+    throw new Error("invalid token decimals for payment config");
+  }
+  const scale = 10n ** BigInt(dec);
+  const numer = cents * q * scale;
+  const denom = 100n * p;
+  if (denom === 0n) {
+    throw new Error("invalid token USD price (zero denominator)");
+  }
+  return ((numer + denom - 1n) / denom).toString();
+}
+function getX402Health() {
+  const networks = ["BASE", "SOLANA", "POLYGON", "BSC"];
+  return {
+    networks: networks.map((network) => ({
+      network,
+      configured: !!PAYMENT_ADDRESSES[network] && PAYMENT_ADDRESSES[network] !== "",
+      address: PAYMENT_ADDRESSES[network] || null
+    })),
+    facilitator: {
+      url: process.env.X402_FACILITATOR_URL || null,
+      configured: !!process.env.X402_FACILITATOR_URL
+    }
+  };
+}
+// src/payment-wrapper.ts
+import { logger as logger5 } from "@elizaos/core";
+import {
+  recoverTypedDataAddress
+} from "viem";
+import { base, bsc, mainnet, polygon } from "viem/chains";
 
-// actions/set-payment-policy.ts
+// src/startup-validator.ts
 import { logger as logger2 } from "@elizaos/core";
-var setPaymentPolicyAction = {
-  name: "SET_PAYMENT_POLICY",
-  description: "Manage payment policies for the x402 payment service. Set per-transaction limits, daily spending limits, or block/allow specific recipient addresses.",
-  similes: [
-    "set payment policy",
-    "update payment limits",
-    "change spending limit",
-    "block recipient",
-    "allow recipient",
-    "set max payment",
-    "set daily limit",
-    "payment policy"
-  ],
-  parameters: [
-    {
-      name: "maxPerPaymentUsd",
-      description: "Maximum amount in USD for a single outgoing payment (e.g. 5.0 for $5.00)",
-      required: false,
-      schema: { type: "number" }
-    },
-    {
-      name: "maxDailyUsd",
-      description: "Maximum total USD spend per day (e.g. 50.0 for $50.00)",
-      required: false,
-      schema: { type: "number" }
-    },
-    {
-      name: "blockRecipient",
-      description: "Ethereum address to add to the blocklist (payments to this address will be rejected)",
-      required: false,
-      schema: { type: "string" }
-    },
-    {
-      name: "allowRecipient",
-      description: "Ethereum address to add to the allowlist (when allowlist is non-empty, only listed addresses can receive payments)",
-      required: false,
-      schema: { type: "string" }
-    }
-  ],
-  validate: async (runtime, message, state, options) => {
-    const __avTextRaw = typeof message?.content?.text === "string" ? message.content.text : "";
-    const __avText = __avTextRaw.toLowerCase();
-    const __avKeywords = ["set", "payment", "policy"];
-    const __avKeywordOk = __avKeywords.length > 0 && __avKeywords.some((kw) => kw.length > 0 && __avText.includes(kw));
-    const __avRegex = new RegExp("\\b(?:set|payment|policy)\\b", "i");
-    const __avRegexOk = __avRegex.test(__avText);
-    const __avSource = String(message?.content?.source ?? message?.source ?? "");
-    const __avExpectedSource = "";
-    const __avSourceOk = __avExpectedSource ? __avSource === __avExpectedSource : Boolean(__avSource || state || runtime?.agentId || runtime?.getService);
-    const __avOptions = options && typeof options === "object" ? options : {};
-    const __avInputOk = __avText.trim().length > 0 || Object.keys(__avOptions).length > 0 || Boolean(message?.content && typeof message.content === "object");
-    if (!(__avKeywordOk && __avRegexOk && __avSourceOk && __avInputOk)) {
-      return false;
+function validatePaymentConfig(configName, agentId) {
+  const errors = [];
+  const warnings = [];
+  try {
+    const config = getPaymentConfig(configName, agentId);
+    if (!config.network) {
+      errors.push(`Config '${configName}': missing 'network'`);
     }
-    const __avLegacyValidate = async (runtime2) => {
-      const service = runtime2.getService("x402_payment");
-      return !!service && service.isActive();
-    };
-    try {
-      return Boolean(await __avLegacyValidate(runtime, message, state, options));
-    } catch {
-      return false;
+    if (!config.assetNamespace) {
+      errors.push(`Config '${configName}': missing 'assetNamespace'`);
     }
-  },
-  handler: async (runtime, _message, _state, options, callback) => {
-    const service = runtime.getService("x402_payment");
-    if (!service || !service.isActive()) {
-      logger2.warn("[x402] SET_PAYMENT_POLICY: Service not available or inactive");
-      if (callback) {
-        await callback({
-          text: "I'm unable to update payment policies right now. The x402 payment service is not configured or is inactive.",
-          actions: []
-        });
-      }
-      return { success: false, error: "x402 service not available" };
-    }
-    const rawParams = options?.parameters;
-    const maxPerPaymentUsd = rawParams?.maxPerPaymentUsd;
-    const maxDailyUsd = rawParams?.maxDailyUsd;
-    const blockRecipient = rawParams?.blockRecipient;
-    const allowRecipient = rawParams?.allowRecipient;
-    if (maxPerPaymentUsd === undefined && maxDailyUsd === undefined && !blockRecipient && !allowRecipient) {
-      if (callback) {
-        await callback({
-          text: "Please specify at least one policy change: maxPerPaymentUsd, maxDailyUsd, blockRecipient, or allowRecipient.",
-          actions: []
-        });
-      }
-      return { success: false, error: "No policy parameters provided" };
+    if (!config.assetReference) {
+      errors.push(`Config '${configName}': missing 'assetReference'`);
     }
-    const changes = [];
-    try {
-      if (maxPerPaymentUsd !== undefined) {
-        if (maxPerPaymentUsd <= 0) {
-          if (callback) {
-            await callback({
-              text: "maxPerPaymentUsd must be a positive number.",
-              actions: []
-            });
-          }
-          return { success: false, error: "Invalid maxPerPaymentUsd" };
+    if (!config.paymentAddress) {
+      errors.push(`Config '${configName}': missing 'paymentAddress' (wallet address required)`);
+    }
+    if (!config.symbol) {
+      errors.push(`Config '${configName}': missing 'symbol'`);
+    }
+    if (config.paymentAddress) {
+      if (config.network === "SOLANA") {
+        if (!/^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(config.paymentAddress)) {
+          errors.push(`Config '${configName}': invalid Solana address format`);
         }
-        service.updatePolicy({
-          outgoing: {
-            maxPerTransaction: usdToBaseUnits(maxPerPaymentUsd)
-          }
-        });
-        changes.push(`Max per-payment limit set to $${maxPerPaymentUsd.toFixed(2)}`);
-        logger2.info(`[x402] SET_PAYMENT_POLICY: maxPerTransaction set to $${maxPerPaymentUsd}`);
-      }
-      if (maxDailyUsd !== undefined) {
-        if (maxDailyUsd <= 0) {
-          if (callback) {
-            await callback({
-              text: "maxDailyUsd must be a positive number.",
-              actions: []
-            });
-          }
-          return { success: false, error: "Invalid maxDailyUsd" };
+      } else if (config.network === "BASE" || config.network === "POLYGON" || config.assetNamespace === "erc20") {
+        if (!/^0x[a-fA-F0-9]{40}$/.test(config.paymentAddress)) {
+          errors.push(`Config '${configName}': invalid EVM address format (should be 0x...)`);
         }
-        service.updatePolicy({
-          outgoing: {
-            maxTotal: usdToBaseUnits(maxDailyUsd)
-          }
-        });
-        changes.push(`Daily spending limit set to $${maxDailyUsd.toFixed(2)}`);
-        logger2.info(`[x402] SET_PAYMENT_POLICY: maxTotal (daily) set to $${maxDailyUsd}`);
-      }
-      if (blockRecipient) {
-        service.updatePolicy({
-          outgoing: {
-            blockedRecipients: [blockRecipient]
-          }
-        });
-        changes.push(`Blocked recipient: ${blockRecipient}`);
-        logger2.info(`[x402] SET_PAYMENT_POLICY: blocked recipient ${blockRecipient}`);
       }
-      if (allowRecipient) {
-        service.updatePolicy({
-          outgoing: {
-            allowedRecipients: [allowRecipient]
-          }
-        });
-        changes.push(`Added to allowlist: ${allowRecipient}`);
-        logger2.info(`[x402] SET_PAYMENT_POLICY: allowed recipient ${allowRecipient}`);
-      }
-      const summary = changes.join(`
-- `);
-      if (callback) {
-        await callback({
-          text: `Payment policy updated:
-- ${summary}`,
-          actions: []
-        });
+      if (config.paymentAddress === "0x0000000000000000000000000000000000000000") {
+        warnings.push(`Config '${configName}': using zero address (0x0...0) - is this intentional?`);
       }
-      return {
-        success: true,
-        text: `Payment policy updated: ${changes.join("; ")}`,
-        data: {
-          maxPerPaymentUsd: maxPerPaymentUsd ?? null,
-          maxDailyUsd: maxDailyUsd ?? null,
-          blockRecipient: blockRecipient ?? null,
-          allowRecipient: allowRecipient ?? null
-        }
-      };
-    } catch (err) {
-      const errorMessage = err instanceof Error ? err.message : String(err);
-      logger2.error(`[x402] SET_PAYMENT_POLICY: Failed to update policy: ${errorMessage}`);
-      if (callback) {
-        await callback({
-          text: `Failed to update payment policy: ${errorMessage}`,
-          actions: []
-        });
-      }
-      return { success: false, error: errorMessage };
     }
-  },
-  examples: [
-    [
-      {
-        name: "user",
-        content: {
-          text: "Set the maximum payment per transaction to $5"
-        }
-      },
-      {
-        name: "assistant",
-        content: {
-          text: "I'll set the per-transaction limit to $5.00.",
-          actions: ["SET_PAYMENT_POLICY"]
-        }
-      }
-    ],
-    [
-      {
-        name: "user",
-        content: {
-          text: "Limit my daily spending to $50 and block payments to 0xDEAD...BEEF"
-        }
-      },
-      {
-        name: "assistant",
-        content: {
-          text: "I'll set the daily limit to $50 and block that address.",
-          actions: ["SET_PAYMENT_POLICY"]
-        }
+    if (config.assetReference && config.assetNamespace === "erc20") {
+      if (!/^0x[a-fA-F0-9]{40}$/.test(config.assetReference)) {
+        errors.push(`Config '${configName}': invalid ERC20 token address format`);
       }
-    ],
-    [
-      {
-        name: "user",
-        content: {
-          text: "Allow payments only to 0x1234567890abcdef1234567890abcdef12345678"
-        }
-      },
-      {
-        name: "assistant",
-        content: {
-          text: "Adding that address to the payment allowlist.",
-          actions: ["SET_PAYMENT_POLICY"]
-        }
+    }
+    if (paymentAddressIsBundledExample(config.network, config.paymentAddress)) {
+      if (false) {} else {
+        warnings.push(`Config '${configName}': paymentAddress matches the bundled dev example for ${config.network} — set env payout keys for real settlement.`);
       }
-    ]
-  ]
-};
-
-// actions/pay-for-service.ts
-import { logger as logger3 } from "@elizaos/core";
-var payForServiceAction = {
-  name: "PAY_FOR_SERVICE",
-  description: "Make a request to an x402-protected URL, automatically paying if required. Use when you need to access a paid API or service that uses the x402 payment protocol.",
-  similes: [
-    "pay for service",
-    "x402 payment",
-    "make a paid request",
-    "access paid endpoint",
-    "pay and fetch"
-  ],
-  parameters: [
-    {
-      name: "url",
-      description: "The URL of the x402-protected service to access",
-      required: true,
-      schema: { type: "string" }
-    },
-    {
-      name: "method",
-      description: "HTTP method (GET, POST, etc.). Defaults to GET.",
-      required: false,
-      schema: {
-        type: "string",
-        enumValues: ["GET", "POST", "PUT", "DELETE"]
+    }
+    if (!BUILT_IN_NETWORKS.includes(config.network)) {
+      warnings.push(`Config '${configName}': using custom network '${config.network}' ` + `(not in built-in networks: ${BUILT_IN_NETWORKS.join(", ")})`);
+    }
+  } catch (error) {
+    errors.push(`Config '${configName}': ${error instanceof Error ? error.message : "unknown error"}`);
+  }
+  return { errors, warnings };
+}
+function validateX402Route(route, character, agentId) {
+  const errors = [];
+  const warnings = [];
+  const x402Route = route;
+  if (!route.path) {
+    errors.push(`Route missing 'path' property`);
+    return { errors, warnings };
+  }
+  const routePath = route.path;
+  if (x402Route.x402 == null) {
+    return { errors, warnings };
+  }
+  const cx = character?.settings?.x402;
+  const raw = x402Route.x402;
+  let priceInCents;
+  let paymentConfigs;
+  if (raw === true) {
+    priceInCents = cx?.defaultPriceInCents;
+    paymentConfigs = cx?.defaultPaymentConfigs;
+    if (priceInCents == null) {
+      errors.push(`${routePath}: x402: true requires character.settings.x402.defaultPriceInCents`);
+    }
+    if (!paymentConfigs?.length) {
+      errors.push(`${routePath}: x402: true requires character.settings.x402.defaultPaymentConfigs (non-empty array)`);
+    }
+  } else if (typeof raw === "object" && !Array.isArray(raw)) {
+    priceInCents = raw.priceInCents ?? cx?.defaultPriceInCents;
+    paymentConfigs = raw.paymentConfigs ?? cx?.defaultPaymentConfigs;
+    if (priceInCents == null) {
+      errors.push(`${routePath}: x402.priceInCents is required (or set character.settings.x402.defaultPriceInCents)`);
+    }
+    if (!paymentConfigs?.length) {
+      errors.push(`${routePath}: x402.paymentConfigs is required (or set character.settings.x402.defaultPaymentConfigs)`);
+    }
+  } else {
+    errors.push(`${routePath}: x402 must be true or a configuration object`);
+  }
+  if (priceInCents !== undefined && priceInCents !== null) {
+    if (typeof priceInCents !== "number") {
+      errors.push(`${routePath}: resolved x402.priceInCents must be a number`);
+    } else if (priceInCents <= 0) {
+      errors.push(`${routePath}: x402.priceInCents must be > 0`);
+    } else if (!Number.isInteger(priceInCents)) {
+      errors.push(`${routePath}: x402.priceInCents must be an integer (cents)`);
+    } else if (priceInCents > 1e4) {
+      warnings.push(`${routePath}: price is $${(priceInCents / 100).toFixed(2)} — is this intentional?`);
+    }
+  }
+  if (paymentConfigs && !Array.isArray(paymentConfigs)) {
+    errors.push(`${routePath}: x402.paymentConfigs must be an array`);
+  } else if (paymentConfigs?.length === 0) {
+    errors.push(`${routePath}: x402.paymentConfigs cannot be empty`);
+  } else if (paymentConfigs?.length) {
+    const availableConfigs = listX402Configs(agentId);
+    for (const configName of paymentConfigs) {
+      if (typeof configName !== "string") {
+        errors.push(`${routePath}: x402.paymentConfigs contains non-string value`);
+      } else if (!availableConfigs.includes(configName)) {
+        errors.push(`${routePath}: unknown payment config '${configName}'. Available: ${availableConfigs.join(", ")}`);
+      } else {
+        const configValidation = validatePaymentConfig(configName, agentId);
+        errors.push(...configValidation.errors.map((e) => `${routePath}: ${e}`));
+        warnings.push(...configValidation.warnings.map((w) => `${routePath}: ${w}`));
       }
-    },
-    {
-      name: "body",
-      description: "Optional request body as a JSON string (for POST/PUT)",
-      required: false,
-      schema: { type: "string" }
-    }
-  ],
-  validate: async (runtime, message, state, options) => {
-    const __avTextRaw = typeof message?.content?.text === "string" ? message.content.text : "";
-    const __avText = __avTextRaw.toLowerCase();
-    const __avKeywords = ["pay", "for", "service"];
-    const __avKeywordOk = __avKeywords.length > 0 && __avKeywords.some((kw) => kw.length > 0 && __avText.includes(kw));
-    const __avRegex = new RegExp("\\b(?:pay|for|service)\\b", "i");
-    const __avRegexOk = __avRegex.test(__avText);
-    const __avSource = String(message?.content?.source ?? message?.source ?? "");
-    const __avExpectedSource = "";
-    const __avSourceOk = __avExpectedSource ? __avSource === __avExpectedSource : Boolean(__avSource || state || runtime?.agentId || runtime?.getService);
-    const __avOptions = options && typeof options === "object" ? options : {};
-    const __avInputOk = __avText.trim().length > 0 || Object.keys(__avOptions).length > 0 || Boolean(message?.content && typeof message.content === "object");
-    if (!(__avKeywordOk && __avRegexOk && __avSourceOk && __avInputOk)) {
-      return false;
     }
-    const __avLegacyValidate = async (runtime2) => {
-      const service = runtime2.getService("x402_payment");
-      return !!service && service.canMakePayments();
-    };
-    try {
-      return Boolean(await __avLegacyValidate(runtime, message, state, options));
-    } catch {
+  }
+  if (!route.handler) {
+    errors.push(`${routePath}: route has x402 protection but no handler function`);
+  }
+  return { errors, warnings };
+}
+function validateEnvironment() {
+  const errors = [];
+  const warnings = [];
+  const health = getX402Health();
+  for (const network of health.networks) {
+    if (!network.configured || !network.address) {
+      warnings.push(`Network '${network.network}' not configured. ` + `Set ${network.network}_PUBLIC_KEY in .env to accept payments on this network.`);
+    }
+  }
+  if (!health.facilitator.configured) {
+    warnings.push("X402_FACILITATOR_URL not set. Direct blockchain verification will be used. " + "Consider setting up a facilitator for better UX.");
+  }
+  if (false) {}
+  return { errors, warnings };
+}
+function validateX402Startup(routes, character, options) {
+  const allErrors = [];
+  const allWarnings = [];
+  let protectedRouteCount = 0;
+  for (const route of routes) {
+    const x402Route = route;
+    if (x402Route.x402 != null) {
+      protectedRouteCount++;
+      const routeValidation = validateX402Route(route, character, options?.agentId);
+      allErrors.push(...routeValidation.errors);
+      allWarnings.push(...routeValidation.warnings);
+    }
+  }
+  if (protectedRouteCount > 0) {
+    const envValidation = validateEnvironment();
+    allErrors.push(...envValidation.errors);
+    allWarnings.push(...envValidation.warnings);
+    logger2.info(`[x402] validated ${protectedRouteCount}/${routes.length} protected route(s); ` + `configs=${listX402Configs(options?.agentId).length}, ` + `errors=${allErrors.length}, warnings=${allWarnings.length}`);
+  }
+  return {
+    valid: allErrors.length === 0,
+    errors: allErrors,
+    warnings: allWarnings
+  };
+}
+function validateAndThrowIfInvalid(routes, character, options) {
+  const result = validateX402Startup(routes, character, options);
+  if (!result.valid) {
+    throw new Error(`x402 Configuration Invalid (${result.errors.length} error${result.errors.length > 1 ? "s" : ""}):
+
+` + result.errors.map((e) => `  • ${e}`).join(`
+`) + `
+
+Please fix these errors and try again.`);
+  }
+}
+
+// src/x402-facilitator-binding.ts
+function isFacilitatorBindingRelaxed() {
+  return process.env.X402_FACILITATOR_RELAXED_BINDING === "true" || process.env.X402_FACILITATOR_RELAXED_BINDING === "1";
+}
+function relaxedPayloadMatchesContext(data, ctx) {
+  if (typeof data.resource === "string" && data.resource !== ctx.resource) {
+    return false;
+  }
+  if (typeof data.routePath === "string" && data.routePath !== ctx.routePath) {
+    return false;
+  }
+  if (typeof data.route === "string" && data.route !== ctx.routePath) {
+    return false;
+  }
+  if (typeof data.priceInCents === "number" && Number.isFinite(data.priceInCents) && data.priceInCents !== ctx.priceInCents) {
+    return false;
+  }
+  if (typeof data.paymentConfig === "string") {
+    if (!ctx.paymentConfigNames.includes(data.paymentConfig)) {
       return false;
     }
-  },
-  handler: async (runtime, message, _state, options, callback) => {
-    const service = runtime.getService("x402_payment");
-    if (!service || !service.canMakePayments()) {
-      logger3.warn("[x402] PAY_FOR_SERVICE: Service not available or inactive");
-      if (callback) {
-        await callback({
-          text: "I'm unable to make payments right now. The x402 payment service is not configured or is inactive.",
-          actions: []
-        });
-      }
-      return { success: false, error: "x402 service not available" };
-    }
-    const params = options?.parameters;
-    const url = params?.url ?? extractUrlFromMessage(message);
-    const method = params?.method ?? "GET";
-    const body = params?.body;
-    if (!url) {
-      logger3.warn("[x402] PAY_FOR_SERVICE: No URL provided");
-      if (callback) {
-        await callback({
-          text: "I need a URL to make the paid request. Please provide the URL of the service you want me to access.",
-          actions: []
-        });
+  }
+  if (Array.isArray(data.paymentConfigs)) {
+    for (const n of data.paymentConfigs) {
+      if (typeof n === "string" && !ctx.paymentConfigNames.includes(n)) {
+        return false;
       }
-      return { success: false, error: "No URL provided" };
     }
-    logger3.info(`[x402] PAY_FOR_SERVICE: Requesting ${method} ${url}`);
-    const payFetch = service.getFetchWithPayment();
-    try {
-      const init = { method };
-      if (body && (method === "POST" || method === "PUT")) {
-        init.body = body;
-        init.headers = { "Content-Type": "application/json" };
-      }
-      const response = await payFetch(url, init);
-      const contentType = response.headers.get("content-type") ?? "";
-      let responseText;
-      if (contentType.includes("application/json")) {
-        const json = await response.json();
-        responseText = JSON.stringify(json, null, 2);
-      } else {
-        responseText = await response.text();
-      }
-      const maxLen = 2000;
-      const truncated = responseText.length > maxLen ? `${responseText.slice(0, maxLen)}...
-[Truncated - ${responseText.length} total characters]` : responseText;
-      if (response.ok) {
-        logger3.info(`[x402] PAY_FOR_SERVICE: Success (${response.status}) from ${url}`);
-        if (callback) {
-          await callback({
-            text: `Successfully accessed ${url} (HTTP ${response.status}):
+  }
+  return true;
+}
+function strictPaymentConfigOk(data, ctx) {
+  if (typeof data.paymentConfig === "string") {
+    return ctx.paymentConfigNames.includes(data.paymentConfig);
+  }
+  if (Array.isArray(data.paymentConfigs) && data.paymentConfigs.length > 0) {
+    const names = data.paymentConfigs.filter((x) => typeof x === "string");
+    if (names.length === 0)
+      return false;
+    return names.every((n) => ctx.paymentConfigNames.includes(n));
+  }
+  return false;
+}
+function strictPayloadMatchesContext(data, ctx) {
+  if (typeof data.resource !== "string" || data.resource !== ctx.resource) {
+    return false;
+  }
+  const routeOk = typeof data.routePath === "string" && data.routePath === ctx.routePath || typeof data.route === "string" && data.route === ctx.routePath;
+  if (!routeOk) {
+    return false;
+  }
+  if (typeof data.priceInCents !== "number" || !Number.isFinite(data.priceInCents) || data.priceInCents !== ctx.priceInCents) {
+    return false;
+  }
+  if (!strictPaymentConfigOk(data, ctx)) {
+    return false;
+  }
+  return true;
+}
+function facilitatorVerifyResponseMatchesRoute(data, ctx, relaxed) {
+  return relaxed ? relaxedPayloadMatchesContext(data, ctx) : strictPayloadMatchesContext(data, ctx);
+}
 
-${truncated}`,
-            actions: []
-          });
-        }
-        return {
-          success: true,
-          text: `Payment and request successful for ${url}`,
-          data: {
-            status: response.status,
-            url,
-            responsePreview: truncated
-          }
-        };
-      } else {
-        logger3.warn(`[x402] PAY_FOR_SERVICE: Request returned ${response.status} from ${url}`);
-        if (callback) {
-          await callback({
-            text: `Request to ${url} returned HTTP ${response.status}:
+// src/x402-replay-guard.ts
+import { logger as logger4 } from "@elizaos/core";
 
-${truncated}`,
-            actions: []
-          });
+// src/x402-replay-durable.ts
+import { createHash, randomUUID } from "node:crypto";
+import { logger as logger3 } from "@elizaos/core";
+import { sql } from "drizzle-orm";
+function sha256Utf8(s) {
+  return createHash("sha256").update(s, "utf8").digest("hex");
+}
+function durableReplayCacheKey(agentId, replayKey) {
+  const agent = agentId && agentId.trim().length > 0 ? agentId.trim() : "_";
+  return `x402:replay:v1:${sha256Utf8(`${agent}::${replayKey}`)}`;
+}
+function replayReservationTtlMs() {
+  const raw = process.env.X402_REPLAY_RESERVATION_TTL_MS;
+  const n = Number.parseInt(raw ?? "120000", 10);
+  return Number.isFinite(n) && n > 0 ? n : 120000;
+}
+function resultHadRows(result) {
+  if (Array.isArray(result))
+    return result.length > 0;
+  if (typeof result === "object" && result !== null) {
+    const rows = result.rows;
+    if (Array.isArray(rows))
+      return rows.length > 0;
+    const rowCount = result.rowCount;
+    if (typeof rowCount === "number")
+      return rowCount > 0;
+  }
+  return false;
+}
+async function getSqlDb(runtime) {
+  const db = await runtime.adapter?.getConnection?.();
+  if (db && typeof db === "object" && typeof db.execute === "function") {
+    return db;
+  }
+  return null;
+}
+async function insertInflightReservation(db, agentId, cacheKey, payload) {
+  const result = await db.execute(sql`
+    INSERT INTO cache (key, agent_id, value)
+    VALUES (${cacheKey}, ${agentId}, ${JSON.stringify(payload)}::jsonb)
+    ON CONFLICT (key, agent_id) DO NOTHING
+    RETURNING key
+  `);
+  return resultHadRows(result);
+}
+async function stealExpiredInflightReservation(db, agentId, cacheKey, payload, now) {
+  const result = await db.execute(sql`
+    UPDATE cache
+    SET value = ${JSON.stringify(payload)}::jsonb
+    WHERE key = ${cacheKey}
+      AND agent_id = ${agentId}
+      AND value->>'state' = 'inflight'
+      AND COALESCE((value->>'expiresAt')::bigint, 0) <= ${now}
+    RETURNING key
+  `);
+  return resultHadRows(result);
+}
+async function releaseSqlReservations(db, agentId, cacheKeys, owner) {
+  for (const cacheKey of cacheKeys) {
+    await db.execute(sql`
+      DELETE FROM cache
+      WHERE key = ${cacheKey}
+        AND agent_id = ${agentId}
+        AND value->>'state' = 'inflight'
+        AND value->>'owner' = ${owner}
+    `);
+  }
+}
+async function commitSqlReservations(db, agentId, cacheKeys, owner) {
+  const payload = {
+    state: "consumed",
+    consumedAt: Date.now()
+  };
+  for (const cacheKey of cacheKeys) {
+    const result = await db.execute(sql`
+      UPDATE cache
+      SET value = ${JSON.stringify(payload)}::jsonb
+      WHERE key = ${cacheKey}
+        AND agent_id = ${agentId}
+        AND value->>'state' = 'inflight'
+        AND value->>'owner' = ${owner}
+      RETURNING key
+    `);
+    if (!resultHadRows(result)) {
+      logger3.error(`[x402] durable replay: failed to commit reserved replay key ${cacheKey}`);
+    }
+  }
+}
+function isConsumed(value) {
+  if (!value)
+    return false;
+  return value.state === "consumed" || "consumedAt" in value;
+}
+async function durableReplayTryReserve(runtime, agentId, keys) {
+  if (keys.length === 0)
+    return { ok: true, owner: randomUUID(), atomic: true };
+  const db = await getSqlDb(runtime);
+  const resolvedAgentId = agentId && agentId.trim().length > 0 ? agentId.trim() : runtime.agentId ? String(runtime.agentId) : undefined;
+  if (db && resolvedAgentId) {
+    const owner2 = randomUUID();
+    const now2 = Date.now();
+    const payload2 = {
+      state: "inflight",
+      owner: owner2,
+      reservedAt: now2,
+      expiresAt: now2 + replayReservationTtlMs()
+    };
+    const acquired = [];
+    try {
+      for (const replayKey of keys) {
+        const cacheKey = durableReplayCacheKey(resolvedAgentId, replayKey);
+        if (await insertInflightReservation(db, resolvedAgentId, cacheKey, payload2) || await stealExpiredInflightReservation(db, resolvedAgentId, cacheKey, payload2, now2)) {
+          acquired.push(cacheKey);
+          continue;
         }
-        return {
-          success: false,
-          error: `HTTP ${response.status}`,
-          data: {
-            status: response.status,
-            url,
-            responsePreview: truncated
-          }
-        };
+        await releaseSqlReservations(db, resolvedAgentId, acquired, owner2);
+        return { ok: false };
       }
+      return { ok: true, owner: owner2, atomic: true };
     } catch (err) {
-      const errorMessage = err instanceof Error ? err.message : String(err);
-      logger3.error(`[x402] PAY_FOR_SERVICE: Request failed: ${errorMessage}`);
-      if (callback) {
-        await callback({
-          text: `Failed to access ${url}: ${errorMessage}`,
-          actions: []
-        });
-      }
-      return { success: false, error: errorMessage };
+      await releaseSqlReservations(db, resolvedAgentId, acquired, owner2).catch(() => {});
+      logger3.error(`[x402] durable replay: atomic reservation failed: ${err instanceof Error ? err.message : String(err)}`);
+      return { ok: false };
+    }
+  }
+  const owner = randomUUID();
+  for (const replayKey of keys) {
+    const cacheKey = durableReplayCacheKey(agentId, replayKey);
+    const v = await runtime.getCache(cacheKey);
+    if (isConsumed(v))
+      return { ok: false };
+    if (v?.state === "inflight" && v.expiresAt > Date.now()) {
+      return { ok: false };
+    }
+  }
+  const now = Date.now();
+  const payload = {
+    state: "inflight",
+    owner,
+    reservedAt: now,
+    expiresAt: now + replayReservationTtlMs()
+  };
+  for (const replayKey of keys) {
+    await runtime.setCache(durableReplayCacheKey(agentId, replayKey), payload);
+  }
+  return { ok: true, owner, atomic: false };
+}
+async function durableReplayAbortReservation(runtime, agentId, keys, owner) {
+  if (!owner || keys.length === 0)
+    return;
+  const db = await getSqlDb(runtime);
+  const resolvedAgentId = agentId && agentId.trim().length > 0 ? agentId.trim() : runtime.agentId ? String(runtime.agentId) : undefined;
+  if (db && resolvedAgentId) {
+    await releaseSqlReservations(db, resolvedAgentId, keys.map((k) => durableReplayCacheKey(resolvedAgentId, k)), owner);
+    return;
+  }
+  for (const replayKey of keys) {
+    const cacheKey = durableReplayCacheKey(agentId, replayKey);
+    const v = await runtime.getCache(cacheKey);
+    if (v?.state === "inflight" && v.owner === owner) {
+      await runtime.deleteCache(cacheKey);
     }
-  },
-  examples: [
-    [
-      {
-        name: "user",
-        content: {
-          text: "Can you fetch the data from https://api.example.com/premium/data? It's a paid API."
-        }
-      },
-      {
-        name: "assistant",
-        content: {
-          text: "I'll access that paid API for you now.",
-          actions: ["PAY_FOR_SERVICE"]
-        }
-      }
-    ],
-    [
-      {
-        name: "user",
-        content: {
-          text: "Please make a paid request to https://weather.paid-api.com/forecast"
-        }
-      },
-      {
-        name: "assistant",
-        content: {
-          text: "Making a paid request to the weather API.",
-          actions: ["PAY_FOR_SERVICE"]
-        }
-      }
-    ]
-  ]
-};
-function extractUrlFromMessage(message) {
-  const text = typeof message.content === "string" ? message.content : message.content?.text;
-  if (!text)
+  }
+}
+async function durableReplayCommitReservation(runtime, agentId, keys, owner) {
+  if (keys.length === 0)
+    return;
+  const db = await getSqlDb(runtime);
+  const resolvedAgentId = agentId && agentId.trim().length > 0 ? agentId.trim() : runtime.agentId ? String(runtime.agentId) : undefined;
+  if (db && resolvedAgentId && owner) {
+    await commitSqlReservations(db, resolvedAgentId, keys.map((k) => durableReplayCacheKey(resolvedAgentId, k)), owner);
     return;
-  const urlRegex = /https?:\/\/[^\s<>"{}|\\^`[\]]+/g;
-  const matches = text.match(urlRegex);
-  return matches?.[0];
+  }
+  const payload = {
+    state: "consumed",
+    consumedAt: Date.now()
+  };
+  for (const replayKey of keys) {
+    const ok = await runtime.setCache(durableReplayCacheKey(agentId, replayKey), payload);
+    if (!ok) {
+      logger3.error(`[x402] durable replay: setCache failed for replay key ${replayKey.slice(0, 80)} (payment may be retryable if this persists)`);
+    }
+  }
 }
 
-// providers/payment-balance.ts
-var paymentBalanceProvider = {
-  name: "x402_payment_status",
-  description: "Current x402 payment status including wallet, spending, and earning summary",
-  dynamic: true,
-  get: async (runtime, _message, _state) => {
-    const service = runtime.getService("x402_payment");
-    if (!service || !service.isActive()) {
-      return {
-        text: `[Payment Status]
-Payments: Inactive (no wallet configured)`,
-        values: {
-          x402Active: false
-        }
-      };
+// src/x402-replay-guard.ts
+var inflight = new Set;
+var consumedMemory = new Map;
+var durableReservationOwners = new Map;
+function replayWindowMs() {
+  const raw = process.env.X402_REPLAY_WINDOW_MS ?? process.env.X402_REPLAY_TTL_MS;
+  const n = Number.parseInt(raw ?? "600000", 10);
+  return Number.isFinite(n) && n > 0 ? n : 600000;
+}
+function pruneConsumedMemory(now) {
+  for (const [k, exp] of consumedMemory) {
+    if (exp <= now)
+      consumedMemory.delete(k);
+  }
+}
+function isDurableReplayEnabled() {
+  const v = process.env.X402_REPLAY_DURABLE?.trim().toLowerCase();
+  if (v === "0" || v === "false" || v === "off")
+    return false;
+  return true;
+}
+async function replayGuardTryBegin(keys, runtime, agentId) {
+  if (keys.length === 0)
+    return true;
+  const now = Date.now();
+  const useDurable = isDurableReplayEnabled() && runtime != null;
+  try {
+    let durableOwner = null;
+    if (useDurable) {
+      const reservation = await durableReplayTryReserve(runtime, agentId, keys);
+      if (!reservation.ok)
+        return false;
+      durableOwner = reservation.owner;
+    } else {
+      pruneConsumedMemory(now);
+      for (const k of keys) {
+        const exp = consumedMemory.get(k);
+        if (exp != null && exp > now)
+          return false;
+      }
     }
-    const walletAddress = service.getWalletAddress();
-    const network = service.getNetwork();
-    const summary = await service.getSummary(ONE_DAY_MS);
-    const netAmount = summary.totalEarned - summary.totalSpent;
-    const netDisplay = netAmount < 0n ? `-${formatUsd(-netAmount)}` : `+${formatUsd(netAmount)}`;
-    const statusLines = [
-      "[Payment Status]",
-      `Wallet: ${walletAddress ? truncateAddress(walletAddress) : "N/A"} (${network})`,
-      `24h Spent: ${formatUsd(summary.totalSpent)} (${summary.outgoingCount} txns)`,
-      `24h Earned: ${formatUsd(summary.totalEarned)} (${summary.incomingCount} txns)`,
-      `Net: ${netDisplay}`,
-      `Circuit Breaker: ${service.getCircuitBreakerState()}`
-    ];
-    return {
-      text: statusLines.join(`
-`),
-      values: {
-        x402Active: true,
-        x402Wallet: walletAddress ?? "",
-        x402Network: network,
-        x402TotalSpent: formatUsd(summary.totalSpent),
-        x402TotalEarned: formatUsd(summary.totalEarned),
-        x402OutgoingCount: summary.outgoingCount,
-        x402IncomingCount: summary.incomingCount
+    for (const k of keys) {
+      if (inflight.has(k)) {
+        if (durableOwner && runtime) {
+          await durableReplayAbortReservation(runtime, agentId, keys, durableOwner);
+        }
+        return false;
       }
-    };
+    }
+    if (durableOwner) {
+      for (const k of keys)
+        durableReservationOwners.set(k, durableOwner);
+    }
+    for (const k of keys)
+      inflight.add(k);
+    return true;
+  } catch (err) {
+    logger4.error(`[x402] replayGuardTryBegin failed: ${err instanceof Error ? err.message : String(err)}`);
+    return false;
   }
-};
-
-// routes/agent-card.ts
-import { logger as logger4 } from "@elizaos/core";
-
-// networks.ts
-var NETWORK_REGISTRY = {
-  base: {
-    caip2: "eip155:8453",
-    chainId: 8453,
-    name: "Base",
-    usdcAddress: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
-    usdcDomainName: "USDC",
-    usdcPermitVersion: "2",
-    rpcUrl: "https://mainnet.base.org"
-  },
-  "base-sepolia": {
-    caip2: "eip155:84532",
-    chainId: 84532,
-    name: "Base Sepolia",
-    usdcAddress: "0x036CbD53842c5426634e7929541eC2318f3dCF7e",
-    usdcDomainName: "USDC",
-    usdcPermitVersion: "2",
-    rpcUrl: "https://sepolia.base.org"
-  },
-  ethereum: {
-    caip2: "eip155:1",
-    chainId: 1,
-    name: "Ethereum",
-    usdcAddress: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
-    usdcDomainName: "USD Coin",
-    usdcPermitVersion: "2",
-    rpcUrl: "https://cloudflare-eth.com"
-  },
-  sepolia: {
-    caip2: "eip155:11155111",
-    chainId: 11155111,
-    name: "Sepolia",
-    usdcAddress: "0x1c7D4B196Cb0C7B01d743Fbc6116a902379C7238",
-    usdcDomainName: "USDC",
-    usdcPermitVersion: "2",
-    rpcUrl: "https://rpc.sepolia.org"
+}
+function replayGuardAbort(keys) {
+  for (const k of keys) {
+    inflight.delete(k);
+    durableReservationOwners.delete(k);
   }
-};
-function resolveNetwork(key) {
-  const info = NETWORK_REGISTRY[key];
-  if (!info) {
-    const supported = Object.keys(NETWORK_REGISTRY).join(", ");
-    throw new Error(`Unknown network "${key}". Supported: ${supported}`);
+}
+async function replayGuardAbortAsync(keys, runtime, agentId) {
+  const owner = keys.map((k) => durableReservationOwners.get(k)).find((x) => typeof x === "string");
+  replayGuardAbort(keys);
+  if (owner && runtime) {
+    await durableReplayAbortReservation(runtime, agentId, keys, owner);
   }
-  return info;
 }
-function networkKeyFromCaip2(caip2) {
-  for (const [key, info] of Object.entries(NETWORK_REGISTRY)) {
-    if (info.caip2 === caip2) {
-      return key;
+async function replayGuardCommit(keys, runtime, agentId) {
+  const useDurable = isDurableReplayEnabled() && runtime != null;
+  const exp = Date.now() + replayWindowMs();
+  let owner;
+  let ownerConsistent = true;
+  for (const k of keys) {
+    const o = durableReservationOwners.get(k);
+    if (typeof o !== "string")
+      continue;
+    if (owner === undefined) {
+      owner = o;
+    } else if (owner !== o) {
+      ownerConsistent = false;
+      break;
     }
   }
-  return;
+  for (const k of keys) {
+    inflight.delete(k);
+    durableReservationOwners.delete(k);
+  }
+  if (useDurable && keys.length > 0 && runtime) {
+    await durableReplayCommitReservation(runtime, agentId, keys, ownerConsistent ? owner : undefined);
+  } else if (!useDurable) {
+    for (const k of keys)
+      consumedMemory.set(k, exp);
+  }
 }
 
-// routes/agent-card.ts
-async function handleAgentCard(req, res, runtime) {
-  const service = runtime.getService("x402_payment");
-  if (!service || !service.isActive()) {
-    res.status(503).json({ error: "x402 service not active" });
+// src/x402-replay-keys.ts
+import { createHash as createHash2 } from "node:crypto";
+function sha256Utf82(s) {
+  return createHash2("sha256").update(s, "utf8").digest("hex");
+}
+function paymentIdReplayKey(paymentId) {
+  const cleaned = paymentId.trim();
+  if (!/^[a-zA-Z0-9_-]+$/.test(cleaned) || cleaned.length > 128)
+    return null;
+  return `fac:${sha256Utf82(cleaned)}`;
+}
+function looksMostlyPrintableAscii(s) {
+  if (!s || s.length > 1e5)
+    return false;
+  let ok = 0;
+  for (let i = 0;i < s.length; i++) {
+    const code = s.charCodeAt(i);
+    if (code === 9 || code === 10 || code === 13 || code >= 32 && code < 127) {
+      ok++;
+    }
+  }
+  return ok / s.length > 0.85;
+}
+function tryBase64Utf8(proof) {
+  const t = proof.trim();
+  if (t.length < 8 || !/^[A-Za-z0-9+/=_-]+$/.test(t.replace(/\s/g, ""))) {
+    return null;
+  }
+  const buf = Buffer.from(t, "base64");
+  if (buf.length === 0)
+    return null;
+  const decoded = buf.toString("utf8");
+  if (!decoded || decoded.includes("\x00"))
+    return null;
+  if (!looksMostlyPrintableAscii(decoded))
+    return null;
+  return decoded;
+}
+function decodePaymentProofForParsing(proof) {
+  return tryBase64Utf8(proof) ?? proof;
+}
+function addEvmTxHashes(s, into) {
+  const matches = s.match(/0x[a-fA-F0-9]{64}/g);
+  if (!matches)
     return;
+  for (const h of matches)
+    into.add(`evm-tx:${h.toLowerCase()}`);
+}
+function addSolanaTxSignatures(s, into) {
+  const parts = s.split(":");
+  if (parts.length >= 3 && parts[0]?.toUpperCase() === "SOLANA") {
+    const sig = parts[2]?.trim();
+    if (sig && /^[1-9A-HJ-NP-Za-km-z]{87,88}$/.test(sig)) {
+      into.add(`sol-tx:${sig}`);
+    }
   }
-  const walletAddress = service.getWalletAddress() ?? "";
-  const networkKey = service.getNetwork();
-  const facilitatorUrl = service.getFacilitatorUrl();
-  let caip2Network;
+  const trimmed = s.trim().split(/\s+/)[0] ?? "";
+  if (/^[1-9A-HJ-NP-Za-km-z]{87,88}$/.test(trimmed)) {
+    into.add(`sol-tx:${trimmed}`);
+  }
+}
+function addEip712StableKey(s, into) {
+  let obj;
   try {
-    const networkInfo = resolveNetwork(networkKey);
-    caip2Network = networkInfo.caip2;
-  } catch (err) {
-    caip2Network = networkKey;
-    const msg = err instanceof Error ? err.message : String(err);
-    logger4.warn("[x402] Agent card: could not resolve network '" + networkKey + "': " + msg);
-  }
-  const character = runtime.character;
-  const agentName = character?.name ?? "ElizaOS Agent";
-  const agentDescription = (Array.isArray(character?.bio) ? character.bio[0] : character?.bio) ?? "An ElizaOS agent with x402 payment capabilities";
-  const configuredUrl = String(runtime.getSetting("X402_AGENT_URL") ?? "");
-  let agentUrl = configuredUrl;
-  if (!agentUrl && req.headers) {
-    const host = (Array.isArray(req.headers.host) ? req.headers.host[0] : req.headers.host) ?? "";
-    const proto = (Array.isArray(req.headers["x-forwarded-proto"]) ? req.headers["x-forwarded-proto"][0] : req.headers["x-forwarded-proto"]) ?? "https";
-    if (host) {
-      agentUrl = `${proto}://${host}`;
-    }
-  }
-  const skills = [];
-  const plugins = runtime.plugins ?? [];
-  for (const plugin of plugins) {
-    if (!plugin.routes)
-      continue;
-    for (const route of plugin.routes) {
-      const x402Config = "x402" in route ? route.x402 : undefined;
-      if (x402Config) {
-        skills.push({
-          name: ("name" in route ? route.name : undefined) ?? route.path,
-          description: x402Config.description ?? `Paid endpoint: ${route.path}`,
-          path: route.path,
-          price: x402Config.price,
-          network: x402Config.network
-        });
-      }
-    }
+    obj = JSON.parse(s);
+  } catch {
+    return;
   }
-  const card = {
-    protocolVersion: "1.0",
-    name: agentName,
-    description: agentDescription,
-    url: agentUrl,
-    capabilities: {
-      x402Payments: true
-    },
-    payments: [
-      {
-        method: "x402",
-        payee: walletAddress,
-        network: caip2Network,
-        facilitatorUrl
-      }
-    ],
-    skills
-  };
-  res.status(200).json(card);
-}
-var agentCardRoute = {
-  type: "GET",
-  path: "/.well-known/agent-card.json",
-  name: "x402-agent-card",
-  public: true,
-  handler: handleAgentCard
-};
-
-// services/x402-service.ts
-import { Service } from "@elizaos/core";
-import { logger as logger5 } from "@elizaos/core";
-
-// client/signer.ts
-import { createPublicClient, http } from "viem";
-import { privateKeyToAccount } from "viem/accounts";
-var PERMIT_TYPES = {
-  Permit: [
-    { name: "owner", type: "address" },
-    { name: "spender", type: "address" },
-    { name: "value", type: "uint256" },
-    { name: "nonce", type: "uint256" },
-    { name: "deadline", type: "uint256" }
-  ]
-};
+  if (typeof obj !== "object" || obj === null)
+    return;
+  const root = obj;
+  const payload = root.payload;
+  const auth = payload?.authorization ?? root.authorization;
+  if (!auth || typeof auth !== "object")
+    return;
+  const domain = payload?.domain ?? root.domain;
+  if (typeof auth.from !== "string" || typeof auth.to !== "string" || typeof auth.value !== "string" || typeof auth.nonce !== "string") {
+    return;
+  }
+  const contract = domain && typeof domain.verifyingContract === "string" ? domain.verifyingContract.toLowerCase() : "";
+  const chainId = domain && typeof domain.chainId === "number" ? domain.chainId : -1;
+  const stable = JSON.stringify({
+    c: contract,
+    ch: chainId,
+    f: auth.from.toLowerCase(),
+    t: auth.to.toLowerCase(),
+    v: auth.value,
+    n: auth.nonce
+  });
+  into.add(`eip712:${sha256Utf82(stable)}`);
+}
+function replayKeysFromProofString(proof) {
+  const keys = new Set;
+  const variants = new Set([proof]);
+  const decoded = tryBase64Utf8(proof);
+  if (decoded)
+    variants.add(decoded);
+  for (const v of variants) {
+    addEvmTxHashes(v, keys);
+    addSolanaTxSignatures(v, keys);
+    addEip712StableKey(v, keys);
+  }
+  return [...keys];
+}
+function collectReplayKeysToCheck(paymentProof, paymentId) {
+  const keys = new Set;
+  if (paymentId) {
+    const pk = paymentIdReplayKey(paymentId);
+    if (pk)
+      keys.add(pk);
+  }
+  if (paymentProof) {
+    for (const k of replayKeysFromProofString(paymentProof))
+      keys.add(k);
+  }
+  return [...keys];
+}
 
-class EvmPaymentSigner {
-  account;
-  network;
-  constructor(privateKey, network) {
-    const key = privateKey.startsWith("0x") ? privateKey : `0x${privateKey}`;
-    this.account = privateKeyToAccount(key);
-    this.network = network;
-  }
-  get address() {
-    return this.account.address;
-  }
-  get networkId() {
-    return resolveNetwork(this.network).caip2;
-  }
-  async signPermit(params) {
-    const networkInfo = resolveNetwork(this.network);
-    const domain = {
-      name: networkInfo.usdcDomainName,
-      version: networkInfo.usdcPermitVersion,
-      chainId: BigInt(networkInfo.chainId),
-      verifyingContract: networkInfo.usdcAddress
-    };
-    const message = {
-      owner: this.account.address,
-      spender: params.spender,
-      value: params.value,
-      nonce: params.nonce,
-      deadline: params.deadline
-    };
-    const signature = await this.account.signTypedData({
-      domain,
-      types: PERMIT_TYPES,
-      primaryType: "Permit",
-      message
-    });
-    const raw = signature.slice(2);
-    const r = `0x${raw.slice(0, 64)}`;
-    const s = `0x${raw.slice(64, 128)}`;
-    const v = parseInt(raw.slice(128, 130), 16);
-    return { v, r, s };
-  }
-  async queryOnChainNonce(usdcAddress, rpcUrl, chainId) {
-    const client = createPublicClient({
-      transport: http(rpcUrl)
-    });
-    const result = await client.readContract({
-      address: usdcAddress,
-      abi: [{
-        inputs: [{ name: "owner", type: "address" }],
-        name: "nonces",
-        outputs: [{ name: "", type: "uint256" }],
-        stateMutability: "view",
-        type: "function"
-      }],
-      functionName: "nonces",
-      args: [this.account.address]
-    });
-    return result;
-  }
-  async buildPaymentHeader(requirement) {
-    const networkInfo = resolveNetwork(this.network);
-    const amount = BigInt(requirement.maxAmountRequired);
-    const tokenName = requirement.extra?.name ?? networkInfo.usdcDomainName;
-    const tokenVersion = requirement.extra?.version ?? networkInfo.usdcPermitVersion;
-    let nonce;
-    if (requirement.extra?.nonce !== undefined) {
-      nonce = BigInt(requirement.extra.nonce);
-    } else {
-      nonce = await this.queryOnChainNonce(requirement.asset, networkInfo.rpcUrl, networkInfo.chainId);
-    }
-    const deadline = BigInt(Math.floor(Date.now() / 1000) + requirement.maxTimeoutSeconds);
-    const spender = requirement.payTo;
-    const domain = {
-      name: tokenName,
-      version: tokenVersion,
-      chainId: BigInt(networkInfo.chainId),
-      verifyingContract: requirement.asset
-    };
-    const message = {
-      owner: this.account.address,
-      spender,
-      value: amount,
-      nonce,
-      deadline
-    };
-    const signature = await this.account.signTypedData({
-      domain,
-      types: PERMIT_TYPES,
-      primaryType: "Permit",
-      message
-    });
-    const payload = {
-      x402Version: 2,
-      accepted: {
-        scheme: "upto",
-        network: requirement.network,
-        asset: requirement.asset,
-        amount: requirement.maxAmountRequired,
-        payTo: requirement.payTo
-      },
-      payload: {
-        authorization: {
-          from: this.account.address,
-          to: requirement.payTo,
-          value: requirement.maxAmountRequired,
-          validBefore: deadline.toString(),
-          nonce: nonce.toString()
-        },
-        signature
-      }
+// src/x402-resolve.ts
+var X402_EVENT_PAYMENT_VERIFIED = "PAYMENT_VERIFIED";
+var X402_EVENT_PAYMENT_REQUIRED = "PAYMENT_REQUIRED";
+function readCharacterX402(settings) {
+  if (!settings || typeof settings !== "object")
+    return;
+  const raw = settings.x402;
+  if (!raw || typeof raw !== "object")
+    return;
+  return raw;
+}
+function resolveEffectiveX402(route, runtime) {
+  const cx = readCharacterX402(runtime.character?.settings);
+  const raw = route.x402;
+  if (raw === true) {
+    if (cx?.defaultPriceInCents == null || !cx.defaultPaymentConfigs?.length)
+      return null;
+    return {
+      priceInCents: cx.defaultPriceInCents,
+      paymentConfigs: [...cx.defaultPaymentConfigs]
     };
-    const jsonString = JSON.stringify(payload);
-    return Buffer.from(jsonString).toString("base64");
   }
+  if (raw && typeof raw === "object") {
+    const price = raw.priceInCents ?? cx?.defaultPriceInCents;
+    const configs = raw.paymentConfigs ?? cx?.defaultPaymentConfigs;
+    if (price == null || !configs?.length)
+      return null;
+    return { priceInCents: price, paymentConfigs: [...configs] };
+  }
+  return null;
 }
 
-// client/fetch-with-payment.ts
-function generateId() {
-  const timestamp = Date.now().toString(36);
-  const random = Math.random().toString(36).substring(2, 10);
-  return `x402_${timestamp}_${random}`;
-}
-function parsePaymentRequired(response) {
-  const headerValue = response.headers.get("payment-required") ?? response.headers.get("x-402") ?? response.headers.get("x-payment-required");
-  if (!headerValue) {
+// src/x402-standard-payment.ts
+function looksMostlyPrintableAscii2(s) {
+  if (!s || s.length > 1e5)
+    return false;
+  let ok = 0;
+  for (let i = 0;i < s.length; i++) {
+    const code = s.charCodeAt(i);
+    if (code === 9 || code === 10 || code === 13 || code >= 32 && code < 127) {
+      ok++;
+    }
+  }
+  return ok / s.length > 0.85;
+}
+function tryBase64Utf8Json(raw) {
+  const t = raw.trim();
+  if (t.length < 8 || !/^[A-Za-z0-9+/=_-]+$/.test(t.replace(/\s/g, ""))) {
     return null;
   }
+  const buf = Buffer.from(t, "base64");
+  if (buf.length === 0)
+    return null;
+  const decoded = buf.toString("utf8");
+  if (!decoded || decoded.includes("\x00"))
+    return null;
+  if (!looksMostlyPrintableAscii2(decoded))
+    return null;
   try {
-    const decoded = Buffer.from(headerValue, "base64").toString("utf-8");
     return JSON.parse(decoded);
   } catch {
+    return null;
+  }
+}
+function decodeXPaymentHeader(raw) {
+  const t = raw.trim();
+  if (!t)
+    return null;
+  if (t.startsWith("{") || t.startsWith("[")) {
     try {
-      return JSON.parse(headerValue);
+      return JSON.parse(t);
     } catch {
       return null;
     }
   }
+  return tryBase64Utf8Json(t);
+}
+function isX402StandardPaymentPayload(v) {
+  if (typeof v !== "object" || v === null)
+    return false;
+  const o = v;
+  if (typeof o.x402Version !== "number")
+    return false;
+  const acc = o.accepted;
+  if (typeof acc !== "object" || acc === null)
+    return false;
+  const a = acc;
+  if (typeof a.scheme !== "string")
+    return false;
+  if (typeof a.network !== "string")
+    return false;
+  if (typeof a.asset !== "string")
+    return false;
+  if (typeof a.amount !== "string" && typeof a.maxAmountRequired !== "string") {
+    return false;
+  }
+  if (typeof a.payTo !== "string")
+    return false;
+  const pl = o.payload;
+  if (typeof pl !== "object" || pl === null)
+    return false;
+  const p = pl;
+  if (typeof p.signature !== "string")
+    return false;
+  const auth = p.authorization;
+  if (typeof auth !== "object" || auth === null)
+    return false;
+  const u = auth;
+  return typeof u.from === "string" && typeof u.to === "string" && typeof u.value === "string" && typeof u.nonce === "string" && typeof u.validBefore === "string";
+}
+function toStandardNetwork(network) {
+  if (network === "BASE")
+    return "eip155:8453";
+  if (network === "POLYGON")
+    return "eip155:137";
+  if (network === "BSC")
+    return "eip155:56";
+  return "solana:mainnet";
+}
+function acceptedNetworkMatches(acceptedNetwork, cfg) {
+  const n = acceptedNetwork.trim();
+  if (cfg.network === "SOLANA") {
+    return n === "solana" || n === "solana:mainnet" || n === "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp" || n.toLowerCase().includes("solana");
+  }
+  const caip = toStandardNetwork(cfg.network);
+  const short = toX402Network(cfg.network);
+  return n === caip || n.toLowerCase() === short || n === `caip2:${caip}`;
+}
+function assetMatchesAccepted(acceptedAsset, cfg) {
+  const a = acceptedAsset.trim().toLowerCase();
+  const ref = cfg.assetReference.trim().toLowerCase();
+  if (a === ref)
+    return true;
+  if (a.includes(ref))
+    return true;
+  if (ref.includes(a) && a.startsWith("0x"))
+    return true;
+  return false;
+}
+function standardAssetForConfig(cfg) {
+  if (cfg.assetNamespace === "erc20") {
+    return cfg.assetReference;
+  }
+  return cfg.assetReference;
+}
+function buildStandardPaymentRequiredAccept(params) {
+  const cfg = getPaymentConfig(params.configName, params.agentId);
+  const maxAmountRequired = atomicAmountForPriceInCents(params.priceInCents, cfg);
+  const extra = {
+    name: cfg.symbol?.toUpperCase() === "USDC" ? "USD Coin" : cfg.symbol || "Token",
+    version: "2",
+    paymentConfig: params.configName
+  };
+  return {
+    scheme: "exact",
+    network: toStandardNetwork(cfg.network),
+    maxAmountRequired,
+    resource: toResourceUrl(params.routePath),
+    description: params.description,
+    mimeType: "application/json",
+    payTo: cfg.paymentAddress,
+    maxTimeoutSeconds: 300,
+    asset: standardAssetForConfig(cfg),
+    extra
+  };
+}
+function buildStandardPaymentRequired(params) {
+  return {
+    x402Version: 2,
+    error: params.error,
+    accepts: params.paymentConfigNames.map((configName) => buildStandardPaymentRequiredAccept({
+      routePath: params.routePath,
+      description: params.description,
+      priceInCents: params.priceInCents,
+      configName,
+      agentId: params.agentId
+    }))
+  };
+}
+function buildFacilitatorPaymentRequirements(params) {
+  const cfg = getPaymentConfig(params.configName, params.agentId);
+  const amount = atomicAmountForPriceInCents(params.priceInCents, cfg);
+  const network = toStandardNetwork(cfg.network);
+  return {
+    scheme: "exact",
+    network,
+    asset: standardAssetForConfig(cfg),
+    amount,
+    payTo: cfg.paymentAddress,
+    maxTimeoutSeconds: 300,
+    extra: {
+      name: cfg.symbol?.toUpperCase() === "USDC" ? "USD Coin" : cfg.symbol || "Token",
+      version: "2",
+      resource: toResourceUrl(params.routePath)
+    }
+  };
+}
+function findMatchingPaymentConfigForStandardPayload(payload, paymentConfigNames, priceInCents, agentId) {
+  const { accepted } = payload;
+  if (accepted.scheme !== "exact" && accepted.scheme !== "upto") {
+    return null;
+  }
+  const acceptedAmount = accepted.amount ?? accepted.maxAmountRequired;
+  if (!acceptedAmount)
+    return null;
+  let payAmount;
+  try {
+    payAmount = BigInt(acceptedAmount);
+  } catch {
+    return null;
+  }
+  for (const name of paymentConfigNames) {
+    const cfg = getPaymentConfig(name, agentId);
+    if (!acceptedNetworkMatches(accepted.network, cfg))
+      continue;
+    if (!assetMatchesAccepted(accepted.asset, cfg))
+      continue;
+    if (accepted.payTo.trim().toLowerCase() !== cfg.paymentAddress.trim().toLowerCase()) {
+      continue;
+    }
+    const required = BigInt(atomicAmountForPriceInCents(priceInCents, cfg));
+    if (payAmount < required)
+      continue;
+    return { name, cfg };
+  }
+  return null;
+}
+function getFacilitatorEndpoint(runtime, endpoint) {
+  const explicit = runtime.getSetting(endpoint === "verify" ? "X402_FACILITATOR_VERIFY_URL" : "X402_FACILITATOR_SETTLE_URL");
+  if (typeof explicit === "string" && explicit.trim()) {
+    return explicit.trim().replace(/\/$/, "");
+  }
+  const fuSetting = runtime.getSetting("X402_FACILITATOR_URL");
+  const fu = typeof fuSetting === "string" && fuSetting.trim() ? fuSetting.trim() : "https://x402.elizacloud.ai/api/v1/x402";
+  try {
+    const clean = fu.replace(/\/$/, "");
+    const u = new URL(clean);
+    if (u.pathname.endsWith("/api/facilitator")) {
+      return `${u.origin}/api/v1/x402/${endpoint}`;
+    }
+    if (u.pathname.endsWith(`/${endpoint}`))
+      return clean;
+    return `${clean}/${endpoint}`;
+  } catch {
+    return null;
+  }
+}
+function getFacilitatorVerifyPostUrl(runtime) {
+  return getFacilitatorEndpoint(runtime, "verify");
 }
-function selectPaymentOption(accepts, signerNetworkId) {
-  const matching = accepts.find((a) => a.network === signerNetworkId);
-  return matching ?? null;
-}
-function createFetchWithPayment(options) {
-  const { signer, policyEngine, circuitBreaker, storage, logger: logger5 } = options;
-  return async function fetchWithPayment(input, init) {
-    const url = typeof input === "string" ? input : input instanceof URL ? input.toString() : input.url;
-    logger5.debug(`[x402] Making request to ${url}`);
-    const initialResponse = await fetch(input, init);
-    if (initialResponse.status !== 402) {
-      return initialResponse;
-    }
-    logger5.info(`[x402] Received 402 Payment Required from ${url}`);
-    const paymentRequired = parsePaymentRequired(initialResponse);
-    if (!paymentRequired) {
-      logger5.error("[x402] Could not parse payment requirement header from 402 response");
-      return initialResponse;
-    }
-    if (!paymentRequired.accepts || paymentRequired.accepts.length === 0) {
-      logger5.error("[x402] No payment options in 402 response");
-      return initialResponse;
-    }
-    const requirement = selectPaymentOption(paymentRequired.accepts, signer.networkId);
-    if (!requirement) {
-      logger5.error("[x402] No compatible payment option found");
-      return initialResponse;
-    }
-    const amount = BigInt(requirement.maxAmountRequired);
-    logger5.info(`[x402] Payment required: ${amount} to ${requirement.payTo} on ${requirement.network}`);
-    const policyResult = await policyEngine.evaluateOutgoing({
-      amount,
-      recipient: requirement.payTo,
-      resource: url
+function getFacilitatorSettlePostUrl(runtime) {
+  return getFacilitatorEndpoint(runtime, "settle");
+}
+async function verifyPaymentPayloadViaFacilitatorPost(runtime, paymentPayload, paymentRequirements) {
+  const url = getFacilitatorVerifyPostUrl(runtime);
+  if (!url) {
+    return { ok: false, invalidReason: "no_facilitator_verify_url" };
+  }
+  try {
+    const res = await fetch(url, {
+      method: "POST",
+      headers: {
+        Accept: "application/json",
+        "Content-Type": "application/json",
+        "User-Agent": "ElizaOS-X402-Agent/1.0"
+      },
+      body: JSON.stringify({ paymentPayload, paymentRequirements }),
+      signal: AbortSignal.timeout(15000)
     });
-    if (!policyResult.allowed) {
-      logger5.warn(`[x402] Payment blocked by policy: ${policyResult.reason}`);
-      return initialResponse;
+    const text = await res.text();
+    let body = {};
+    if (text) {
+      try {
+        body = JSON.parse(text);
+      } catch {
+        return { ok: false, invalidReason: "invalid_verify_response_json" };
+      }
+    }
+    if (!res.ok && res.status !== 400) {
+      return {
+        ok: false,
+        invalidReason: `verify_http_${res.status}`
+      };
     }
-    const breakerResult = circuitBreaker.check(amount);
-    if (!breakerResult.allowed) {
-      logger5.warn(`[x402] Payment blocked by circuit breaker: ${breakerResult.reason}`);
-      return initialResponse;
+    if (body.isValid === true) {
+      return { ok: true, payer: body.payer };
     }
-    let paymentHeader;
-    try {
-      paymentHeader = await signer.buildPaymentHeader(requirement);
-    } catch (err) {
-      const message = err instanceof Error ? err.message : String(err);
-      logger5.error(`[x402] Failed to sign payment: ${message}`);
-      circuitBreaker.recordFailure();
-      return initialResponse;
-    }
-    logger5.info("[x402] Retrying request with X-PAYMENT header");
-    const retryHeaders = new Headers(init?.headers);
-    retryHeaders.set("X-PAYMENT", paymentHeader);
-    const retryInit = {
-      ...init,
-      headers: retryHeaders
+    return {
+      ok: false,
+      invalidReason: body.invalidReason ?? "verify_rejected"
     };
-    let retryResponse;
-    try {
-      retryResponse = await fetch(input, retryInit);
-    } catch (err) {
-      const message = err instanceof Error ? err.message : String(err);
-      logger5.error(`[x402] Retry request failed: ${message}`);
-      circuitBreaker.recordFailure();
-      return initialResponse;
-    }
-    const sessionId = retryResponse.headers.get("x-upto-session-id") ?? retryResponse.headers.get("X-PAYMENT-RESPONSE") ?? "";
-    const record = {
-      id: generateId(),
-      direction: "outgoing",
-      counterparty: requirement.payTo,
-      amount,
-      network: requirement.network,
-      txHash: sessionId,
-      resource: url,
-      status: retryResponse.ok ? "confirmed" : "failed",
-      createdAt: new Date().toISOString(),
-      metadata: {
-        scheme: requirement.scheme,
-        description: requirement.description
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    return { ok: false, invalidReason: `verify_fetch_error:${msg}` };
+  }
+}
+async function settlePaymentPayloadViaFacilitatorPost(runtime, paymentPayload, paymentRequirements) {
+  const url = getFacilitatorSettlePostUrl(runtime);
+  if (!url) {
+    return { ok: false, invalidReason: "no_facilitator_settle_url" };
+  }
+  try {
+    const res = await fetch(url, {
+      method: "POST",
+      headers: {
+        Accept: "application/json",
+        "Content-Type": "application/json",
+        "User-Agent": "ElizaOS-X402-Agent/1.0"
+      },
+      body: JSON.stringify({ paymentPayload, paymentRequirements }),
+      signal: AbortSignal.timeout(30000)
+    });
+    const text = await res.text();
+    let body = {};
+    if (text) {
+      try {
+        body = JSON.parse(text);
+      } catch {
+        return { ok: false, invalidReason: "invalid_settle_response_json" };
       }
+    }
+    if (!res.ok) {
+      return {
+        ok: false,
+        invalidReason: typeof body.errorReason === "string" ? body.errorReason : typeof body.invalidReason === "string" ? body.invalidReason : `settle_http_${res.status}`
+      };
+    }
+    const explicitFailure = body.success === false || body.isValid === false;
+    const explicitSuccess = body.success === true || body.isValid === true;
+    const success = !explicitFailure && explicitSuccess;
+    if (!success) {
+      return {
+        ok: false,
+        invalidReason: typeof body.errorReason === "string" ? body.errorReason : typeof body.invalidReason === "string" ? body.invalidReason : `settle_http_${res.status}`
+      };
+    }
+    const paymentResponse = Buffer.from(JSON.stringify(body), "utf8").toString("base64");
+    return {
+      ok: true,
+      paymentResponse,
+      transaction: typeof body.transaction === "string" ? body.transaction : undefined,
+      payer: typeof body.payer === "string" ? body.payer : undefined
     };
-    try {
-      await storage.recordPayment(record);
-    } catch (err) {
-      const message = err instanceof Error ? err.message : String(err);
-      logger5.error(`[x402] Failed to record payment: ${message}`);
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    return { ok: false, invalidReason: `settle_fetch_error:${msg}` };
+  }
+}
+
+// src/x402-types.ts
+var VALID_NETWORKS = [
+  "base-sepolia",
+  "base",
+  "avalanche-fuji",
+  "avalanche",
+  "iotex",
+  "solana-devnet",
+  "solana",
+  "sei",
+  "sei-testnet",
+  "polygon",
+  "polygon-amoy",
+  "bsc",
+  "bsc-testnet",
+  "peaq"
+];
+function isValidUrl(url) {
+  try {
+    const parsed = new URL(url);
+    return parsed.protocol === "http:" || parsed.protocol === "https:";
+  } catch {
+    return false;
+  }
+}
+function isValidWalletAddress(address, network) {
+  if (!address || typeof address !== "string")
+    return false;
+  if (network.includes("solana")) {
+    return /^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(address);
+  }
+  return /^0x[a-fA-F0-9]{40}$/.test(address);
+}
+function validateAccepts(accepts) {
+  const errors = [];
+  if (accepts.scheme !== "exact") {
+    errors.push('scheme must be "exact"');
+  }
+  if (!accepts.network || !VALID_NETWORKS.includes(accepts.network)) {
+    errors.push(`network must be one of: ${VALID_NETWORKS.join(", ")}`);
+  }
+  if (!accepts.maxAmountRequired || typeof accepts.maxAmountRequired !== "string") {
+    errors.push("maxAmountRequired is required and must be a string");
+  }
+  if (!accepts.resource || typeof accepts.resource !== "string") {
+    errors.push("resource is required and must be a string (full URL)");
+  } else if (!isValidUrl(accepts.resource)) {
+    errors.push("resource must be a valid URL (must start with http:// or https://)");
+  }
+  if (!accepts.description || typeof accepts.description !== "string") {
+    errors.push("description is required and must be a string");
+  }
+  if (!accepts.mimeType || typeof accepts.mimeType !== "string") {
+    errors.push('mimeType is required and must be a string (e.g., "application/json")');
+  }
+  if (!accepts.payTo || typeof accepts.payTo !== "string") {
+    errors.push("payTo is required and must be a string (wallet address)");
+  } else if (accepts.network && !isValidWalletAddress(accepts.payTo, accepts.network)) {
+    errors.push(`payTo must be a valid wallet address for network ${accepts.network}`);
+  }
+  if (!accepts.maxTimeoutSeconds || typeof accepts.maxTimeoutSeconds !== "number") {
+    errors.push("maxTimeoutSeconds is required and must be a number");
+  }
+  if (!accepts.asset || typeof accepts.asset !== "string") {
+    errors.push('asset is required and must be a string (e.g., "USDC", "ETH")');
+  }
+  if (accepts.outputSchema) {
+    const schema = accepts.outputSchema;
+    if (schema.input.type !== "http") {
+      errors.push('outputSchema.input.type must be "http"');
+    }
+    if (!schema.input.method || !["GET", "POST"].includes(schema.input.method)) {
+      errors.push('outputSchema.input.method must be "GET" or "POST"');
+    }
+    if (schema.input.bodyType) {
+      const validBodyTypes = [
+        "json",
+        "form-data",
+        "multipart-form-data",
+        "text",
+        "binary"
+      ];
+      if (!validBodyTypes.includes(schema.input.bodyType)) {
+        errors.push(`outputSchema.input.bodyType must be one of: ${validBodyTypes.join(", ")}`);
+      }
     }
-    if (retryResponse.ok) {
-      circuitBreaker.recordSuccess(amount);
-      logger5.info(`[x402] Payment successful: ${amount} to ${requirement.payTo}`);
+  }
+  return {
+    valid: errors.length === 0,
+    errors
+  };
+}
+function validateX402Response(response) {
+  const errors = [];
+  if (typeof response.x402Version !== "number") {
+    errors.push("x402Version is required and must be a number");
+  }
+  if (response.accepts) {
+    if (!Array.isArray(response.accepts)) {
+      errors.push("accepts must be an array");
     } else {
-      circuitBreaker.recordFailure();
-      logger5.warn(`[x402] Payment request returned ${retryResponse.status} after payment`);
+      response.accepts.forEach((accepts, index) => {
+        const validation = validateAccepts(accepts);
+        if (!validation.valid) {
+          errors.push(`accepts[${index}]: ${validation.errors.join(", ")}`);
+        }
+      });
     }
-    return retryResponse;
+  }
+  return {
+    valid: errors.length === 0,
+    errors
   };
 }
+function createAccepts(params) {
+  const accepts = {
+    scheme: "exact",
+    network: params.network,
+    maxAmountRequired: params.maxAmountRequired,
+    resource: params.resource,
+    description: params.description,
+    mimeType: params.mimeType || "application/json",
+    payTo: params.payTo,
+    maxTimeoutSeconds: params.maxTimeoutSeconds || 300,
+    asset: params.asset
+  };
+  if (params.outputSchema) {
+    accepts.outputSchema = params.outputSchema;
+  }
+  if (params.extra) {
+    accepts.extra = params.extra;
+  }
+  const validation = validateAccepts(accepts);
+  if (!validation.valid) {
+    throw new Error(`Invalid Accepts object: ${validation.errors.join(", ")}`);
+  }
+  return accepts;
+}
+function createX402Response(params) {
+  const response = {
+    x402Version: 1,
+    ...params
+  };
+  const validation = validateX402Response(response);
+  if (!validation.valid) {
+    throw new Error(`Invalid X402Response: ${validation.errors.join(", ")}`);
+  }
+  return response;
+}
 
-// policy/circuit-breaker.ts
-var DEFAULT_CONFIG = {
-  maxPaymentsPerMinute: 50,
-  anomalyMultiplier: 10,
-  cooldownMs: 60000,
-  recentWindowSize: 20
-};
-
-class CircuitBreaker {
-  state = "closed";
-  config;
-  recentTimestamps = [];
-  recentAmounts = [];
-  trippedAt = 0;
-  lastTripReason = "";
-  constructor(config) {
-    this.config = { ...DEFAULT_CONFIG, ...config };
-  }
-  check(amount) {
-    const now = Date.now();
-    if (this.state === "open") {
-      if (now - this.trippedAt >= this.config.cooldownMs) {
-        this.state = "half-open";
-      } else {
-        return {
-          allowed: false,
-          reason: `Circuit breaker is OPEN: ${this.lastTripReason}. Resets in ${Math.ceil((this.config.cooldownMs - (now - this.trippedAt)) / 1000)}s`
-        };
+// src/payment-wrapper.ts
+var X402_ROUTE_PAYMENT_WRAPPED = Symbol.for("elizaos.x402.routePaymentWrapped");
+function isRoutePaymentWrapped(route) {
+  return typeof route === "object" && route !== null && Reflect.get(route, X402_ROUTE_PAYMENT_WRAPPED) === true;
+}
+var DEBUG = process.env.DEBUG_X402_PAYMENTS === "true";
+function formatLogArg(arg) {
+  if (typeof arg === "string")
+    return arg;
+  if (typeof arg === "bigint")
+    return arg.toString();
+  try {
+    return JSON.stringify(arg);
+  } catch {
+    return String(arg);
+  }
+}
+function log(...args) {
+  if (DEBUG)
+    logger5.debug(args.map(formatLogArg).join(" "));
+}
+function logSection(title) {
+  if (DEBUG) {
+    logger5.debug(`[x402] ${title}`);
+  }
+}
+function logError(...args) {
+  logger5.error(args.map(formatLogArg).join(" "));
+}
+var TRANSFER_WITH_AUTHORIZATION_TYPES = [
+  { name: "from", type: "address" },
+  { name: "to", type: "address" },
+  { name: "value", type: "uint256" },
+  { name: "validAfter", type: "uint256" },
+  { name: "validBefore", type: "uint256" },
+  { name: "nonce", type: "bytes32" }
+];
+var RECEIVE_WITH_AUTHORIZATION_TYPES = [
+  { name: "from", type: "address" },
+  { name: "to", type: "address" },
+  { name: "value", type: "uint256" },
+  { name: "validAfter", type: "uint256" },
+  { name: "validBefore", type: "uint256" },
+  { name: "nonce", type: "bytes32" }
+];
+function getViemChain(network) {
+  switch (network.toUpperCase()) {
+    case "BASE":
+      return base;
+    case "POLYGON":
+      return polygon;
+    case "BSC":
+      return bsc;
+    case "ETHEREUM":
+      return mainnet;
+    default:
+      return base;
+  }
+}
+function getRpcUrl(network, runtime) {
+  const networkUpper = network.toUpperCase();
+  const settingKey = `${networkUpper}_RPC_URL`;
+  const customRpc = runtime.getSetting(settingKey);
+  if (customRpc && typeof customRpc === "string") {
+    return customRpc;
+  }
+  switch (networkUpper) {
+    case "BASE":
+      return "https://mainnet.base.org";
+    case "POLYGON":
+      return "https://polygon-rpc.com";
+    case "BSC":
+      return "https://bsc-dataseed.binance.org";
+    case "ETHEREUM":
+      return "https://eth.llamarpc.com";
+    default:
+      return "https://mainnet.base.org";
+  }
+}
+function getUsdcContractAddress(network) {
+  switch (network.toUpperCase()) {
+    case "BASE":
+      return "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
+    case "POLYGON":
+      return "0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359";
+    case "BSC":
+      return "0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d";
+    case "ETHEREUM":
+      return "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48";
+    default:
+      return "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
+  }
+}
+function chainIdToNetwork(chainId) {
+  if (chainId === 8453)
+    return "BASE";
+  if (chainId === 137)
+    return "POLYGON";
+  if (chainId === 56)
+    return "BSC";
+  return null;
+}
+function sumOwnerMint(balances, owner, mint) {
+  if (!balances?.length)
+    return 0n;
+  let s = 0n;
+  for (const b of balances) {
+    if (b.mint === mint && b.owner === owner) {
+      s += BigInt(b.uiTokenAmount?.amount ?? "0");
+    }
+  }
+  return s;
+}
+async function verifyPayment(params) {
+  const {
+    paymentProof,
+    paymentId,
+    route,
+    priceInCents,
+    paymentConfigNames,
+    agentId,
+    runtime,
+    req
+  } = params;
+  logSection("PAYMENT VERIFICATION");
+  log("Route:", route, "priceInCents:", priceInCents, "configs:", paymentConfigNames);
+  if (!paymentProof && !paymentId) {
+    logError("✗ No payment credentials provided");
+    return { ok: false };
+  }
+  const replayKeys = collectReplayKeysToCheck(paymentProof, paymentId);
+  if (!await replayGuardTryBegin(replayKeys, runtime, agentId)) {
+    logError("✗ Payment credential in use or already consumed (replay protection)");
+    return { ok: false };
+  }
+  let committed = false;
+  const finishVerified = async (details) => {
+    committed = true;
+    await replayGuardCommit(replayKeys, runtime, agentId);
+    return { ok: true, details };
+  };
+  try {
+    const configsOrdered = paymentConfigNames.map((n) => ({
+      name: n,
+      cfg: getPaymentConfig(n, agentId)
+    }));
+    if (paymentProof) {
+      try {
+        const standardDecoded = decodeXPaymentHeader(typeof paymentProof === "string" ? paymentProof : "");
+        if (isX402StandardPaymentPayload(standardDecoded)) {
+          const match = findMatchingPaymentConfigForStandardPayload(standardDecoded, paymentConfigNames, priceInCents, agentId);
+          if (!match) {
+            log("Standard X-Payment payload did not match any allowed payment config");
+            return { ok: false };
+          }
+          const paymentRequirements = buildFacilitatorPaymentRequirements({
+            routePath: route,
+            priceInCents,
+            configName: match.name,
+            agentId
+          });
+          const postResult = await verifyPaymentPayloadViaFacilitatorPost(runtime, standardDecoded, paymentRequirements);
+          if (postResult.ok !== true) {
+            log("Standard X-Payment facilitator verify failed:", postResult.invalidReason);
+            return { ok: false };
+          }
+          const settleResult = await settlePaymentPayloadViaFacilitatorPost(runtime, standardDecoded, paymentRequirements);
+          if (settleResult.ok === false) {
+            log("Standard X-Payment facilitator settle failed:", settleResult.invalidReason);
+            return { ok: false };
+          }
+          log("✓ Standard X-Payment verified and settled via facilitator", match.name);
+          return await finishVerified({
+            paymentConfig: match.name,
+            network: match.cfg.network,
+            amountAtomic: paymentRequirements.amount,
+            symbol: match.cfg.symbol,
+            payer: settleResult.payer ?? postResult.payer ?? standardDecoded.payload.authorization.from,
+            proofId: standardDecoded.payload.signature,
+            paymentResponse: settleResult.paymentResponse
+          });
+        }
+        const decodedProof = decodePaymentProofForParsing(paymentProof);
+        try {
+          const jsonProof = JSON.parse(decodedProof);
+          log("Detected JSON payment proof");
+          const authData = jsonProof.payload ? {
+            signature: jsonProof.payload.signature,
+            authorization: jsonProof.payload.authorization,
+            network: jsonProof.network,
+            scheme: jsonProof.scheme,
+            domain: jsonProof.payload.domain ?? jsonProof.domain
+          } : { ...jsonProof, domain: jsonProof.domain };
+          const domain = authData.domain ?? jsonProof.domain;
+          const chainId = domain?.chainId;
+          const inferredNet = typeof chainId === "number" ? chainIdToNetwork(chainId) : null;
+          const authObj = authData;
+          const hasEip712 = typeof authObj.signature === "string" && authObj.authorization && typeof authObj.authorization === "object";
+          if (hasEip712) {
+            const evmCandidates = configsOrdered.filter((c) => c.cfg.network === "BASE" || c.cfg.network === "POLYGON" || c.cfg.network === "BSC");
+            for (const { name, cfg } of evmCandidates) {
+              if (inferredNet && cfg.network !== inferredNet)
+                continue;
+              if (domain?.verifyingContract && domain.verifyingContract.toLowerCase() !== cfg.assetReference.toLowerCase()) {
+                continue;
+              }
+              const atomic = atomicAmountForPriceInCents(priceInCents, cfg);
+              const recipient = cfg.paymentAddress;
+              const ok = await verifyEvmPayment(JSON.stringify(authData), recipient, atomic, cfg.network, runtime, req, {
+                eip712TokenContract: cfg.assetReference,
+                erc20Contract: cfg.assetReference
+              });
+              if (ok) {
+                const auth = authObj.authorization;
+                log(`✓ ${cfg.network} payment verified (EIP-712) config=${name}`);
+                return await finishVerified({
+                  paymentConfig: name,
+                  network: cfg.network,
+                  amountAtomic: atomic,
+                  symbol: cfg.symbol,
+                  payer: auth?.from,
+                  proofId: typeof authObj.signature === "string" ? authObj.signature : undefined
+                });
+              }
+            }
+          }
+        } catch {
+          const parts = decodedProof.split(":");
+          if (parts.length >= 3) {
+            const [networkRaw, address, signature] = parts;
+            const network = networkRaw.toUpperCase();
+            log(`Legacy format: ${network}`);
+            if (network === "SOLANA") {
+              for (const { name, cfg } of configsOrdered) {
+                if (cfg.network !== "SOLANA")
+                  continue;
+                if (address.trim() !== cfg.paymentAddress.trim()) {
+                  logError("Solana legacy proof: recipient field must equal the route pay-to address (expected", cfg.paymentAddress, "got", address);
+                  continue;
+                }
+                const atomic = atomicAmountForPriceInCents(priceInCents, cfg);
+                if (await verifySolanaPayment(signature, cfg.paymentAddress, cfg.assetReference, atomic, runtime)) {
+                  log("✓ Solana payment verified");
+                  return await finishVerified({
+                    paymentConfig: name,
+                    network: "SOLANA",
+                    amountAtomic: atomic,
+                    symbol: cfg.symbol,
+                    proofId: signature
+                  });
+                }
+              }
+            } else if (network === "BASE" || network === "POLYGON" || network === "BSC") {
+              for (const { name, cfg } of configsOrdered) {
+                if (cfg.network !== network)
+                  continue;
+                if (cfg.assetNamespace !== "erc20")
+                  continue;
+                const atomic = atomicAmountForPriceInCents(priceInCents, cfg);
+                if (await verifyEvmPayment(signature, cfg.paymentAddress, atomic, network, runtime, req, {
+                  erc20Contract: cfg.assetReference,
+                  eip712TokenContract: cfg.assetReference
+                })) {
+                  log(`✓ ${network} payment verified`);
+                  return await finishVerified({
+                    paymentConfig: name,
+                    network: cfg.network,
+                    amountAtomic: atomic,
+                    symbol: cfg.symbol,
+                    proofId: signature
+                  });
+                }
+              }
+            }
+          } else if (parts.length === 1 && parts[0].length > 50) {
+            const sigOnly = parts[0];
+            for (const { name, cfg } of configsOrdered) {
+              if (cfg.network !== "SOLANA")
+                continue;
+              const atomic = atomicAmountForPriceInCents(priceInCents, cfg);
+              if (await verifySolanaPayment(sigOnly, cfg.paymentAddress, cfg.assetReference, atomic, runtime)) {
+                log("✓ Solana payment verified (raw signature)");
+                return await finishVerified({
+                  paymentConfig: name,
+                  network: "SOLANA",
+                  amountAtomic: atomic,
+                  symbol: cfg.symbol,
+                  proofId: sigOnly
+                });
+              }
+            }
+          }
+        }
+      } catch (error) {
+        logError("Blockchain verification error:", error instanceof Error ? error.message : String(error));
       }
     }
-    const oneMinuteAgo = now - 60000;
-    this.recentTimestamps = this.recentTimestamps.filter((t) => t > oneMinuteAgo);
-    if (this.recentTimestamps.length >= this.config.maxPaymentsPerMinute) {
-      this.trip(`Rate exceeded: ${this.recentTimestamps.length} payments in the last minute`);
-      return { allowed: false, reason: this.lastTripReason };
-    }
-    if (this.recentAmounts.length >= 3) {
-      const sum = this.recentAmounts.reduce((a, b) => a + b, 0n);
-      const avg = sum / BigInt(this.recentAmounts.length);
-      if (avg > 0n && amount > avg * BigInt(this.config.anomalyMultiplier)) {
-        this.trip(`Anomaly detected: payment of ${amount} is >${this.config.anomalyMultiplier}x the average of ${avg}`);
-        return { allowed: false, reason: this.lastTripReason };
+    if (paymentId) {
+      try {
+        if (await verifyPaymentIdViaFacilitator(paymentId, runtime, {
+          resource: toResourceUrl(route),
+          routePath: route,
+          priceInCents,
+          paymentConfigNames
+        })) {
+          log("✓ Facilitator payment verified");
+          return await finishVerified({
+            paymentConfig: "facilitator",
+            network: "facilitator",
+            amountAtomic: "",
+            proofId: paymentId
+          });
+        }
+      } catch (error) {
+        logError("Facilitator verification error:", error instanceof Error ? error.message : String(error));
       }
     }
-    return { allowed: true, reason: "" };
+    logError("✗ All payment verification strategies failed");
+    return { ok: false };
+  } finally {
+    if (!committed)
+      await replayGuardAbortAsync(replayKeys, runtime, agentId);
   }
-  recordSuccess(amount) {
-    const now = Date.now();
-    this.recentTimestamps.push(now);
-    this.recentAmounts.push(amount);
-    if (this.recentAmounts.length > this.config.recentWindowSize) {
-      this.recentAmounts.shift();
-    }
-    if (this.state === "half-open") {
-      this.state = "closed";
-      this.lastTripReason = "";
+}
+function sanitizePaymentId(paymentId) {
+  const cleaned = paymentId.trim();
+  if (!/^[a-zA-Z0-9_-]+$/.test(cleaned)) {
+    throw new Error("Invalid payment ID format");
+  }
+  if (cleaned.length > 128) {
+    throw new Error("Payment ID too long");
+  }
+  return cleaned;
+}
+async function verifyPaymentIdViaFacilitator(paymentId, runtime, ctx) {
+  logSection("FACILITATOR VERIFICATION");
+  let cleanPaymentId;
+  try {
+    cleanPaymentId = sanitizePaymentId(paymentId);
+    log("Payment ID:", cleanPaymentId);
+  } catch (error) {
+    logError("Invalid payment ID:", error instanceof Error ? error.message : String(error));
+    return false;
+  }
+  const facilitatorUrlSetting = runtime.getSetting("X402_FACILITATOR_URL");
+  const facilitatorUrl = typeof facilitatorUrlSetting === "string" ? facilitatorUrlSetting : "https://x402.elizacloud.ai/api/facilitator";
+  if (!facilitatorUrl) {
+    logError("⚠️  No facilitator URL configured");
+    return false;
+  }
+  try {
+    const cleanUrl = facilitatorUrl.replace(/\/$/, "");
+    const verifyPath = `${cleanUrl}/verify/${encodeURIComponent(cleanPaymentId)}`;
+    const url = new URL(verifyPath);
+    if (ctx) {
+      url.searchParams.set("resource", ctx.resource);
+      url.searchParams.set("routePath", ctx.routePath);
+      url.searchParams.set("priceInCents", String(ctx.priceInCents));
+      url.searchParams.set("paymentConfigs", ctx.paymentConfigNames.join(","));
+    }
+    const endpoint = url.toString();
+    log("Verifying at:", endpoint);
+    const response = await fetch(endpoint, {
+      method: "GET",
+      headers: {
+        Accept: "application/json",
+        "User-Agent": "ElizaOS-X402-Client/1.0"
+      },
+      signal: AbortSignal.timeout(1e4)
+    });
+    const responseText = await response.text();
+    const responseData = responseText ? JSON.parse(responseText) : {};
+    if (response.ok) {
+      const isValid = responseData?.valid !== false && responseData?.verified !== false;
+      if (isValid) {
+        if (ctx && !facilitatorVerifyResponseMatchesRoute(responseData, ctx, isFacilitatorBindingRelaxed())) {
+          logError(isFacilitatorBindingRelaxed() ? "✗ Facilitator response failed route binding checks" : "✗ Facilitator strict binding failed (response must include matching resource, routePath or route, priceInCents, paymentConfig). Set X402_FACILITATOR_RELAXED_BINDING=1 if your facilitator cannot echo these fields yet.");
+          return false;
+        }
+        log("✓ Facilitator verified payment");
+        return true;
+      } else {
+        logError("✗ Payment invalid per facilitator");
+        return false;
+      }
+    } else if (response.status === 404) {
+      logError("✗ Payment ID not found (404)");
+      return false;
+    } else if (response.status === 410) {
+      logError("✗ Payment ID already used (410 - replay attack prevented)");
+      return false;
+    } else {
+      logError(`✗ Facilitator error: ${response.status} ${response.statusText}`);
+      return false;
     }
-  }
-  recordFailure() {
-    if (this.state === "half-open") {
-      this.trip("Probe payment failed in half-open state");
+  } catch (error) {
+    if (error instanceof Error && error.name === "AbortError") {
+      logError("✗ Facilitator request timed out (10s)");
+    } else {
+      logError("✗ Facilitator verification error:", error instanceof Error ? error.message : String(error));
     }
-  }
-  getState() {
-    return this.state;
-  }
-  getTripReason() {
-    return this.lastTripReason;
-  }
-  reset() {
-    this.state = "closed";
-    this.lastTripReason = "";
-    this.trippedAt = 0;
-  }
-  trip(reason) {
-    this.state = "open";
-    this.trippedAt = Date.now();
-    this.lastTripReason = reason;
+    return false;
   }
 }
-
-// policy/engine.ts
-var ALLOW = { allowed: true, reason: "" };
-function deny(reason) {
-  return { allowed: false, reason };
+function sanitizeSolanaSignature(signature) {
+  const cleaned = signature.trim();
+  if (!/^[1-9A-HJ-NP-Za-km-z]{87,88}$/.test(cleaned)) {
+    throw new Error("Invalid Solana signature format");
+  }
+  return cleaned;
 }
-
-class PolicyEngine {
-  policy;
-  storage;
-  constructor(policy, storage) {
-    this.policy = policy;
-    this.storage = storage;
+async function verifySolanaPayment(signature, expectedRecipient, expectedMint, expectedAmountAtomic, runtime) {
+  let cleanSignature;
+  try {
+    cleanSignature = sanitizeSolanaSignature(signature);
+    log("Verifying Solana transaction:", `${cleanSignature.substring(0, 20)}...`);
+  } catch (error) {
+    logError("Invalid signature:", error instanceof Error ? error.message : String(error));
+    return false;
   }
-  updatePolicy(partial) {
-    if (partial.outgoing) {
-      this.policy.outgoing = { ...this.policy.outgoing, ...partial.outgoing };
+  try {
+    const { Connection } = await import("@solana/web3.js");
+    const rpcUrlSetting = runtime.getSetting("SOLANA_RPC_URL");
+    const rpcUrl = typeof rpcUrlSetting === "string" ? rpcUrlSetting : "https://api.mainnet-beta.solana.com";
+    const connection = new Connection(rpcUrl);
+    const tx = await connection.getTransaction(cleanSignature, {
+      maxSupportedTransactionVersion: 0
+    });
+    if (!tx) {
+      logError("Transaction not found on Solana blockchain");
+      return false;
+    }
+    if (tx.meta?.err) {
+      logError("Transaction failed on-chain:", tx.meta.err);
+      return false;
     }
-    if (partial.incoming) {
-      this.policy.incoming = { ...this.policy.incoming, ...partial.incoming };
+    const meta = tx.meta;
+    const pre = sumOwnerMint(meta?.preTokenBalances, expectedRecipient, expectedMint);
+    const post = sumOwnerMint(meta?.postTokenBalances, expectedRecipient, expectedMint);
+    const delta = post - pre;
+    const need = BigInt(expectedAmountAtomic);
+    if (delta < need) {
+      logError("Solana SPL credit too low:", delta.toString(), "vs required", need.toString());
+      return false;
     }
+    log("✓ Solana SPL transfer verified");
+    return true;
+  } catch (error) {
+    logError("Solana verification error:", error instanceof Error ? error.message : String(error));
+    return false;
   }
-  getPolicy() {
-    return {
-      outgoing: { ...this.policy.outgoing },
-      incoming: { ...this.policy.incoming }
-    };
+}
+function sanitizePaymentProof(paymentData) {
+  const cleaned = paymentData.trim();
+  if (cleaned.length > 1e4) {
+    throw new Error("Payment proof too large");
   }
-  async evaluateOutgoing(request) {
-    const limits = this.policy.outgoing;
-    if (request.amount > limits.maxPerTransaction) {
-      return deny(`Amount ${request.amount} exceeds per-transaction limit of ${limits.maxPerTransaction}`);
-    }
-    if (limits.blockedRecipients.length > 0) {
-      const normalized = request.recipient.toLowerCase();
-      if (limits.blockedRecipients.some((addr) => addr.toLowerCase() === normalized)) {
-        return deny(`Recipient ${request.recipient} is blocked`);
-      }
-    }
-    if (limits.allowedRecipients.length > 0) {
-      const normalized = request.recipient.toLowerCase();
-      if (!limits.allowedRecipients.some((addr) => addr.toLowerCase() === normalized)) {
-        return deny(`Recipient ${request.recipient} is not in the allow list`);
-      }
-    }
-    const currentTotal = await this.storage.getTotal("outgoing", limits.windowMs);
-    if (currentTotal + request.amount > limits.maxTotal) {
-      return deny(`Total spend would be ${currentTotal + request.amount}, exceeding window limit of ${limits.maxTotal}`);
-    }
-    const currentCount = await this.storage.getCount("outgoing", limits.windowMs);
-    if (currentCount >= limits.maxTransactions) {
-      return deny(`Transaction count ${currentCount} has reached the limit of ${limits.maxTransactions}`);
-    }
-    return ALLOW;
+  return cleaned;
+}
+async function verifyEvmPayment(paymentData, expectedRecipient, expectedAmountAtomic, network, runtime, req, opts) {
+  let cleanPaymentData;
+  try {
+    cleanPaymentData = sanitizePaymentProof(paymentData);
+    log(`Verifying ${network} payment:`, `${cleanPaymentData.substring(0, 20)}...`);
+  } catch (error) {
+    logError("Invalid payment data:", error instanceof Error ? error.message : String(error));
+    return false;
   }
-  async evaluateIncoming(request) {
-    const limits = this.policy.incoming;
-    if (request.amount < limits.minPerTransaction) {
-      return deny(`Amount ${request.amount} is below minimum of ${limits.minPerTransaction}`);
-    }
-    if (limits.blockedSenders.length > 0) {
-      const normalized = request.sender.toLowerCase();
-      if (limits.blockedSenders.some((addr) => addr.toLowerCase() === normalized)) {
-        return deny(`Sender ${request.sender} is blocked`);
-      }
+  try {
+    if (cleanPaymentData.match(/^0x[a-fA-F0-9]{64}$/)) {
+      log("Detected transaction hash format");
+      return await verifyEvmTransaction(cleanPaymentData, expectedRecipient, expectedAmountAtomic, network, runtime, opts?.erc20Contract);
     }
-    if (limits.allowedSenders.length > 0) {
-      const normalized = request.sender.toLowerCase();
-      if (!limits.allowedSenders.some((addr) => addr.toLowerCase() === normalized)) {
-        return deny(`Sender ${request.sender} is not in the allow list`);
+    try {
+      const parsed = JSON.parse(cleanPaymentData);
+      if (typeof parsed === "object" && parsed !== null) {
+        const proof = parsed;
+        if (proof.signature || proof.v && proof.r && proof.s) {
+          log("Detected EIP-712 signature format");
+          const allowEip712 = process.env.X402_ALLOW_EIP712_SIGNATURE_VERIFICATION === "true" || process.env.X402_ALLOW_EIP712_SIGNATURE_VERIFICATION === "1";
+          if (!allowEip712) {
+            logError("EIP-712 authorization proofs are disabled (they do not prove on-chain settlement). Set X402_ALLOW_EIP712_SIGNATURE_VERIFICATION=1 only if you accept that risk.");
+            return false;
+          }
+          const token = opts?.eip712TokenContract;
+          if (!token) {
+            logError("EIP-712 verification missing expected token contract");
+            return false;
+          }
+          return await verifyEip712Authorization(parsed, expectedRecipient, expectedAmountAtomic, token, network, runtime, req);
+        }
       }
+    } catch {}
+    if (cleanPaymentData.match(/^0x[a-fA-F0-9]{130}$/)) {
+      logError("Raw signature detected but authorization parameters missing");
+      return false;
     }
-    return ALLOW;
+    logError("Unrecognized EVM payment format");
+    return false;
+  } catch (error) {
+    logError("EVM verification error:", error instanceof Error ? error.message : String(error));
+    return false;
   }
 }
-
-// storage/memory.ts
-class MemoryPaymentStorage {
-  records = [];
-  async recordPayment(record) {
-    this.records.push({
-      ...record,
-      metadata: { ...record.metadata }
+async function verifyEvmTransaction(txHash, expectedRecipient, expectedAmountAtomic, network, runtime, tokenContract) {
+  log("Verifying on-chain transaction:", txHash);
+  try {
+    const rpcUrl = getRpcUrl(network, runtime);
+    const chain = getViemChain(network);
+    const { createPublicClient, http, decodeFunctionData, parseAbi } = await import("viem");
+    const publicClient = createPublicClient({
+      chain,
+      transport: http(rpcUrl)
     });
-  }
-  async getTotal(direction, windowMs, scope) {
-    const cutoff = windowMs ? new Date(Date.now() - windowMs).toISOString() : undefined;
-    let total = 0n;
-    for (const r of this.records) {
-      if (r.direction !== direction)
-        continue;
-      if (cutoff && r.createdAt < cutoff)
-        continue;
-      if (scope && r.counterparty !== scope)
-        continue;
-      if (r.status === "failed" || r.status === "refunded")
-        continue;
-      total += r.amount;
-    }
-    return total;
-  }
-  async getRecords(filters) {
-    let result = [...this.records];
-    if (filters) {
-      if (filters.direction) {
-        result = result.filter((r) => r.direction === filters.direction);
-      }
-      if (filters.counterparty) {
-        result = result.filter((r) => r.counterparty.toLowerCase() === filters.counterparty.toLowerCase());
-      }
-      if (filters.status) {
-        result = result.filter((r) => r.status === filters.status);
-      }
-      if (filters.network) {
-        result = result.filter((r) => r.network === filters.network);
+    const receipt = await publicClient.getTransactionReceipt({
+      hash: txHash
+    });
+    if (receipt.status !== "success") {
+      logError("Transaction failed on-chain");
+      return false;
+    }
+    const tx = await publicClient.getTransaction({ hash: txHash });
+    const targetContract = tokenContract ?? getUsdcContractAddress(network);
+    const expectedUnits = BigInt(expectedAmountAtomic);
+    if (receipt.to?.toLowerCase() !== targetContract.toLowerCase()) {
+      logError("Transaction not to expected token contract:", receipt.to);
+      return false;
+    }
+    log("Detected ERC-20 token transfer");
+    if (tx.input === "0x") {
+      logError("No input data in transaction");
+      return false;
+    }
+    try {
+      const erc20Abi = parseAbi([
+        "function transfer(address to, uint256 amount) returns (bool)",
+        "function transferFrom(address from, address to, uint256 amount) returns (bool)"
+      ]);
+      const decoded = decodeFunctionData({
+        abi: erc20Abi,
+        data: tx.input
+      });
+      const functionName = decoded.functionName;
+      log("Decoded function:", functionName);
+      let transferTo;
+      let transferAmount;
+      if (functionName === "transfer") {
+        const [to, amount] = decoded.args;
+        transferTo = to;
+        transferAmount = amount;
+      } else if (functionName === "transferFrom") {
+        const [_from, to, amount] = decoded.args;
+        transferTo = to;
+        transferAmount = amount;
+      } else {
+        logError("Unknown ERC-20 function:", functionName);
+        return false;
       }
-      if (filters.since) {
-        result = result.filter((r) => r.createdAt >= filters.since);
+      log("Transfer to:", transferTo, "Amount:", transferAmount.toString());
+      if (transferTo.toLowerCase() !== expectedRecipient.toLowerCase()) {
+        logError("ERC-20 transfer recipient mismatch:", transferTo, "vs", expectedRecipient);
+        return false;
       }
-      if (filters.until) {
-        result = result.filter((r) => r.createdAt <= filters.until);
+      if (transferAmount < expectedUnits) {
+        logError("ERC-20 transfer amount too low:", transferAmount.toString(), "vs", expectedUnits.toString());
+        return false;
       }
+      log("✓ ERC-20 transaction verified");
+      return true;
+    } catch (decodeError) {
+      logError("Failed to decode ERC-20 transfer:", decodeError instanceof Error ? decodeError.message : String(decodeError));
+      return false;
     }
-    result.sort((a, b) => new Date(b.createdAt).getTime() - new Date(a.createdAt).getTime());
-    const offset = filters?.offset ?? 0;
-    const limit = filters?.limit ?? result.length;
-    return result.slice(offset, offset + limit);
-  }
-  async getCount(direction, windowMs) {
-    const cutoff = windowMs ? new Date(Date.now() - windowMs).toISOString() : undefined;
-    let count = 0;
-    for (const r of this.records) {
-      if (r.direction !== direction)
-        continue;
-      if (cutoff && r.createdAt < cutoff)
-        continue;
-      if (r.status === "failed" || r.status === "refunded")
-        continue;
-      count++;
-    }
-    return count;
-  }
-  async clear() {
-    this.records = [];
+  } catch (error) {
+    logError("Transaction verification error:", error instanceof Error ? error.message : String(error));
+    return false;
   }
 }
-
-// storage/sqlite.ts
-import Database from "better-sqlite3";
-
-class SqlitePaymentStorage {
-  db;
-  constructor(dbPath) {
-    this.db = new Database(dbPath);
-    this.db.pragma("journal_mode = WAL");
-    this.db.pragma("foreign_keys = ON");
-    this.initialize();
-  }
-  initialize() {
-    this.db.exec(`
-      CREATE TABLE IF NOT EXISTS x402_payments (
-        id TEXT PRIMARY KEY,
-        direction TEXT NOT NULL CHECK(direction IN ('outgoing', 'incoming')),
-        counterparty TEXT NOT NULL,
-        amount TEXT NOT NULL,
-        network TEXT NOT NULL,
-        tx_hash TEXT NOT NULL DEFAULT '',
-        resource TEXT NOT NULL DEFAULT '',
-        status TEXT NOT NULL DEFAULT 'pending',
-        created_at TEXT NOT NULL,
-        metadata TEXT NOT NULL DEFAULT '{}'
-      );
-
-      CREATE INDEX IF NOT EXISTS idx_x402_direction ON x402_payments(direction);
-      CREATE INDEX IF NOT EXISTS idx_x402_created_at ON x402_payments(created_at);
-      CREATE INDEX IF NOT EXISTS idx_x402_counterparty ON x402_payments(counterparty);
-      CREATE INDEX IF NOT EXISTS idx_x402_status ON x402_payments(status);
-    `);
-  }
-  async recordPayment(record) {
-    const stmt = this.db.prepare(`
-      INSERT INTO x402_payments (id, direction, counterparty, amount, network, tx_hash, resource, status, created_at, metadata)
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-    `);
-    stmt.run(record.id, record.direction, record.counterparty, record.amount.toString(), record.network, record.txHash, record.resource, record.status, record.createdAt, JSON.stringify(record.metadata));
-  }
-  async getTotal(direction, windowMs, scope) {
-    let sql = "SELECT amount FROM x402_payments WHERE direction = ? AND status NOT IN ('failed', 'refunded')";
-    const params = [direction];
-    if (windowMs !== undefined) {
-      const cutoff = new Date(Date.now() - windowMs).toISOString();
-      sql += " AND created_at >= ?";
-      params.push(cutoff);
-    }
-    if (scope) {
-      sql += " AND counterparty = ?";
-      params.push(scope);
-    }
-    const rows = this.db.prepare(sql).all(...params);
-    let total = 0n;
-    for (const row of rows) {
-      total += BigInt(row.amount);
-    }
-    return total;
-  }
-  async getRecords(filters) {
-    let sql = "SELECT * FROM x402_payments WHERE 1=1";
-    const params = [];
-    if (filters) {
-      if (filters.direction) {
-        sql += " AND direction = ?";
-        params.push(filters.direction);
-      }
-      if (filters.counterparty) {
-        sql += " AND LOWER(counterparty) = LOWER(?)";
-        params.push(filters.counterparty);
-      }
-      if (filters.status) {
-        sql += " AND status = ?";
-        params.push(filters.status);
-      }
-      if (filters.network) {
-        sql += " AND network = ?";
-        params.push(filters.network);
-      }
-      if (filters.since) {
-        sql += " AND created_at >= ?";
-        params.push(filters.since);
-      }
-      if (filters.until) {
-        sql += " AND created_at <= ?";
-        params.push(filters.until);
-      }
+async function verifyEip712Authorization(paymentData, expectedRecipient, expectedAmountAtomic, expectedVerifyingContract, network, runtime, req) {
+  log("Verifying EIP-712 authorization signature");
+  if (typeof paymentData !== "object" || paymentData === null) {
+    logError("Invalid payment data: must be an object");
+    return false;
+  }
+  const proofData = paymentData;
+  log("Payment data:", JSON.stringify(proofData, null, 2));
+  try {
+    let signature;
+    let authorization;
+    if (proofData.signature && typeof proofData.signature === "string") {
+      signature = proofData.signature;
+      authorization = proofData.authorization;
+    } else if (proofData.v && proofData.r && proofData.s) {
+      signature = `0x${proofData.r}${proofData.s}${proofData.v.toString(16).padStart(2, "0")}`;
+      authorization = proofData.authorization;
+    } else {
+      logError("No valid signature found in payment data");
+      return false;
     }
-    sql += " ORDER BY created_at DESC";
-    if (filters?.limit !== undefined) {
-      sql += " LIMIT ?";
-      params.push(filters.limit);
+    if (!authorization || typeof authorization !== "object") {
+      logError("No authorization data found in payment data");
+      return false;
     }
-    if (filters?.offset !== undefined) {
-      sql += " OFFSET ?";
-      params.push(filters.offset);
+    if (!authorization.from || !authorization.to || !authorization.value || !authorization.nonce) {
+      logError("Authorization missing required fields");
+      return false;
     }
-    const rows = this.db.prepare(sql).all(...params);
-    return rows.map((row) => this.rowToRecord(row));
-  }
-  async getCount(direction, windowMs) {
-    let sql = "SELECT COUNT(*) as cnt FROM x402_payments WHERE direction = ? AND status NOT IN ('failed', 'refunded')";
-    const params = [direction];
-    if (windowMs !== undefined) {
-      const cutoff = new Date(Date.now() - windowMs).toISOString();
-      sql += " AND created_at >= ?";
-      params.push(cutoff);
+    log("Authorization:", {
+      from: `${authorization.from?.substring(0, 10)}...`,
+      to: `${authorization.to?.substring(0, 10)}...`,
+      value: authorization.value
+    });
+    if (!authorization.to) {
+      logError('Authorization missing "to" field');
+      return false;
     }
-    const row = this.db.prepare(sql).get(...params);
-    return row.cnt;
-  }
-  async clear() {
-    this.db.exec("DELETE FROM x402_payments");
-  }
-  close() {
-    this.db.close();
-  }
-  rowToRecord(row) {
-    let metadata = {};
+    if (authorization.to.toLowerCase() !== expectedRecipient.toLowerCase()) {
+      logError("Recipient mismatch:", authorization.to, "vs", expectedRecipient);
+      return false;
+    }
+    const need = BigInt(expectedAmountAtomic);
+    const authValue = BigInt(authorization.value);
+    if (authValue < need) {
+      logError("Amount too low:", authValue.toString(), "vs", need.toString());
+      return false;
+    }
+    const now = Math.floor(Date.now() / 1000);
+    const validAfter = Number.parseInt(authorization.validAfter || "0", 10);
+    const validBefore = Number.parseInt(authorization.validBefore || String(now + 86400), 10);
+    if (now < validAfter) {
+      logError("Authorization not yet valid:", now, "<", validAfter);
+      return false;
+    }
+    if (now > validBefore) {
+      logError("Authorization expired:", now, ">", validBefore);
+      return false;
+    }
+    log("✓ EIP-712 authorization parameters valid");
+    logSection("Cryptographic Signature Verification");
     try {
-      metadata = JSON.parse(row.metadata);
-    } catch (_metadataParseError) {}
-    return {
-      id: row.id,
-      direction: row.direction,
-      counterparty: row.counterparty,
-      amount: BigInt(row.amount),
-      network: row.network,
-      txHash: row.tx_hash,
-      resource: row.resource,
-      status: row.status,
-      createdAt: row.created_at,
-      metadata
-    };
+      let verifyingContract;
+      let chainId;
+      let domainName = "USD Coin";
+      let domainVersion = "2";
+      const expectedChainId = getViemChain(network).id;
+      if (proofData.domain && typeof proofData.domain === "object") {
+        const domain2 = proofData.domain;
+        log("Using domain from payment data:", domain2);
+        if (domain2.verifyingContract.toLowerCase() !== expectedVerifyingContract.toLowerCase()) {
+          logError("EIP-712 verifyingContract does not match route token:", domain2.verifyingContract, expectedVerifyingContract);
+          return false;
+        }
+        if (domain2.chainId !== expectedChainId) {
+          logError("EIP-712 chainId mismatch:", domain2.chainId, "expected", expectedChainId);
+          return false;
+        }
+        verifyingContract = domain2.verifyingContract;
+        chainId = domain2.chainId;
+        if (domain2.name)
+          domainName = domain2.name;
+        if (domain2.version)
+          domainVersion = domain2.version;
+      } else {
+        log("No domain in payment data — using expected token + network chain");
+        verifyingContract = expectedVerifyingContract;
+        chainId = expectedChainId;
+        const usdc = getUsdcContractAddress(network);
+        if (expectedVerifyingContract.toLowerCase() === usdc.toLowerCase()) {
+          domainName = "USD Coin";
+        } else {
+          domainName = "Token";
+        }
+      }
+      log("Verifying contract:", verifyingContract, "chainId:", chainId);
+      const domain = {
+        name: domainName,
+        version: domainVersion,
+        chainId,
+        verifyingContract
+      };
+      log("Domain for verification:", domain);
+      const types = {
+        TransferWithAuthorization: TRANSFER_WITH_AUTHORIZATION_TYPES
+      };
+      const message = {
+        from: authorization.from,
+        to: authorization.to,
+        value: BigInt(authorization.value),
+        validAfter: BigInt(authorization.validAfter || 0),
+        validBefore: BigInt(authorization.validBefore || Math.floor(Date.now() / 1000) + 86400),
+        nonce: authorization.nonce
+      };
+      log("Message:", {
+        from: message.from,
+        to: message.to,
+        value: message.value.toString()
+      });
+      try {
+        const recoveredAddress = await recoverTypedDataAddress({
+          domain,
+          types,
+          primaryType: "TransferWithAuthorization",
+          message,
+          signature
+        });
+        log("Recovered signer:", recoveredAddress, "Expected:", authorization.from);
+        const signerMatches = recoveredAddress.toLowerCase() === authorization.from.toLowerCase();
+        if (!signerMatches) {
+          try {
+            const wrongTypeRecovered = await recoverTypedDataAddress({
+              domain,
+              types: {
+                ReceiveWithAuthorization: RECEIVE_WITH_AUTHORIZATION_TYPES
+              },
+              primaryType: "ReceiveWithAuthorization",
+              message,
+              signature
+            });
+            if (wrongTypeRecovered.toLowerCase() === authorization.from.toLowerCase()) {
+              logError("❌ CLIENT ERROR: Wrong EIP-712 type used");
+              return false;
+            }
+          } catch (_e) {
+            log("Could not recover with ReceiveWithAuthorization either");
+          }
+        }
+        log("Signature match:", signerMatches ? "✓ Valid" : "✗ Invalid");
+        if (!signerMatches) {
+          const userAgent = req?.headers?.["user-agent"];
+          const isX402Gateway = typeof userAgent === "string" && userAgent.includes("X402-Gateway");
+          if (isX402Gateway) {
+            log("\uD83D\uDD0D Detected X402 Gateway User-Agent");
+            const trustedSignersSetting = runtime.getSetting("X402_TRUSTED_GATEWAY_SIGNERS");
+            const trustedSigners = typeof trustedSignersSetting === "string" ? trustedSignersSetting : "0x2EB8323f66eE172315503de7325D04c676089267";
+            const signerWhitelist = trustedSigners.split(",").map((addr) => addr.trim().toLowerCase());
+            if (signerWhitelist.includes(recoveredAddress.toLowerCase())) {
+              log("✅ Signature verified: signed by authorized X402 Gateway");
+              return true;
+            } else {
+              logError(`✗ Gateway signer NOT in whitelist: ${recoveredAddress}`);
+              logError(`Add to X402_TRUSTED_GATEWAY_SIGNERS to allow: ${recoveredAddress}`);
+              return false;
+            }
+          } else {
+            logError("✗ Signature verification failed: signer mismatch");
+            logError(`Expected: ${authorization.from}, Actual: ${recoveredAddress}`);
+            return false;
+          }
+        } else {
+          log("✓ Signature cryptographically verified");
+          return true;
+        }
+      } catch (error) {
+        logError("✗ Signature verification failed:", error instanceof Error ? error.message : String(error));
+        return false;
+      }
+    } catch (error) {
+      logError("EIP-712 verification error:", error instanceof Error ? error.message : String(error));
+      return false;
+    }
+  } catch (error) {
+    logError("EIP-712 verification error:", error instanceof Error ? error.message : String(error));
+    return false;
   }
 }
-
-// services/x402-service.ts
-var DEFAULT_FACILITATOR_URL = "https://facilitator.daydreams.systems";
-var DEFAULTS = {
-  network: "base",
-  maxPaymentUsd: 1,
-  maxTotalUsd: 10
-};
-
-class X402Service extends Service {
-  static serviceType = "x402_payment";
-  capabilityDescription = "x402 HTTP payment protocol - send and receive crypto payments";
-  signer = null;
-  policyEngine = null;
-  circuitBreaker;
-  storage;
-  serviceConfig;
-  fetchWithPayment = null;
-  constructor(runtime) {
-    super(runtime);
-    this.circuitBreaker = new CircuitBreaker;
-    this.storage = new MemoryPaymentStorage;
-    this.serviceConfig = {
-      privateKey: "",
-      network: DEFAULTS.network,
-      payTo: "",
-      facilitatorUrl: DEFAULT_FACILITATOR_URL,
-      maxPaymentUsd: DEFAULTS.maxPaymentUsd,
-      maxTotalUsd: DEFAULTS.maxTotalUsd,
-      enabled: false
-    };
-  }
-  static async start(runtime) {
-    const service = new X402Service(runtime);
-    await service.initialize(runtime);
-    return service;
-  }
-  async initialize(runtime) {
-    this.runtime = runtime;
-    const privateKey = String(runtime.getSetting("X402_PRIVATE_KEY") ?? "");
-    const network = String(runtime.getSetting("X402_NETWORK") ?? DEFAULTS.network);
-    const payTo = String(runtime.getSetting("X402_PAY_TO") ?? "");
-    const facilitatorUrl = String(runtime.getSetting("X402_FACILITATOR_URL") ?? DEFAULT_FACILITATOR_URL);
-    const maxPaymentUsdRaw = runtime.getSetting("X402_MAX_PAYMENT_USD");
-    const maxPaymentUsd = maxPaymentUsdRaw !== null ? parseFloat(String(maxPaymentUsdRaw)) : DEFAULTS.maxPaymentUsd;
-    const maxTotalUsdRaw = runtime.getSetting("X402_MAX_TOTAL_USD");
-    const maxTotalUsd = maxTotalUsdRaw !== null ? parseFloat(String(maxTotalUsdRaw)) : DEFAULTS.maxTotalUsd;
-    const enabledSetting = runtime.getSetting("X402_ENABLED");
-    const enabled = String(enabledSetting) !== "false" && privateKey.length > 0;
-    this.serviceConfig = {
-      privateKey,
-      network,
-      payTo,
-      facilitatorUrl,
-      maxPaymentUsd: isNaN(maxPaymentUsd) ? DEFAULTS.maxPaymentUsd : maxPaymentUsd,
-      maxTotalUsd: isNaN(maxTotalUsd) ? DEFAULTS.maxTotalUsd : maxTotalUsd,
-      enabled
-    };
-    if (!enabled) {
-      logger5.info("[x402] Service inactive — no private key configured or explicitly disabled");
+function createPaymentAwareHandler(route) {
+  const originalHandler = route.handler;
+  return async (req, res, runtime) => {
+    const typedReq = req;
+    const typedRes = res;
+    const typedRuntime = runtime;
+    if (route.x402 == null) {
+      if (originalHandler) {
+        return originalHandler(req, res, runtime);
+      }
       return;
     }
-    try {
-      resolveNetwork(network);
-    } catch (err) {
-      const message = err instanceof Error ? err.message : String(err);
-      logger5.error(`[x402] Invalid network configuration: ${message}`);
-      this.serviceConfig.enabled = false;
+    const testMode = process.env.X402_TEST_MODE === "true" || process.env.X402_TEST_MODE === "1";
+    if (testMode) {
+      logger5.warn("[@elizaos/agent x402] X402_TEST_MODE is set — skipping payment verification (development only)");
+      if (originalHandler) {
+        return originalHandler(req, res, runtime);
+      }
       return;
     }
-    try {
-      this.signer = new EvmPaymentSigner(privateKey, network);
-      logger5.info(`[x402] Wallet initialized: ${this.signer.address} on ${network}`);
-    } catch (err) {
-      const message = err instanceof Error ? err.message : String(err);
-      logger5.error(`[x402] Failed to initialize signer: ${message}`);
-      this.serviceConfig.enabled = false;
+    const x402Cfg = resolveEffectiveX402(route, typedRuntime);
+    if (!x402Cfg) {
+      if (!typedRes.headersSent) {
+        typedRes.status(500).json({
+          error: "x402 misconfiguration",
+          message: "Could not resolve x402 price/paymentConfigs. For `x402: true`, set character.settings.x402.defaultPriceInCents and defaultPaymentConfigs. For partial x402 on the route, supply priceInCents and paymentConfigs or the matching character defaults.",
+          path: route.path
+        });
+      }
       return;
     }
-    this.serviceConfig.privateKey = "";
-    const dbPath = String(runtime.getSetting("X402_DB_PATH") ?? "");
-    if (dbPath) {
+    const payRoute = { ...route, x402: x402Cfg };
+    logSection(`X402 Payment Check - ${route.path}`);
+    log("Method:", typedReq.method);
+    if (route.validator) {
       try {
-        this.storage = new SqlitePaymentStorage(dbPath);
-        logger5.info(`[x402] Using SQLite storage at ${dbPath}`);
-      } catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        logger5.warn(`[x402] Failed to initialize SQLite storage: ${message}. Falling back to memory storage.`);
-        this.storage = new MemoryPaymentStorage;
-      }
-    } else {
-      logger5.info("[x402] Using in-memory storage (set X402_DB_PATH for persistence)");
-    }
-    const policy = {
-      outgoing: {
-        maxPerTransaction: usdToBaseUnits(this.serviceConfig.maxPaymentUsd),
-        maxTotal: usdToBaseUnits(this.serviceConfig.maxTotalUsd),
-        windowMs: ONE_DAY_MS,
-        maxTransactions: 1000,
-        allowedRecipients: [],
-        blockedRecipients: []
-      },
-      incoming: {
-        minPerTransaction: 0n,
-        allowedSenders: [],
-        blockedSenders: []
+        const validationResult = await route.validator(typedReq);
+        if (!validationResult.valid) {
+          logError("✗ Validation failed:", validationResult.error?.message);
+          const x402Response = buildX402Response(payRoute, typedRuntime);
+          typedRuntime.emitEvent(X402_EVENT_PAYMENT_REQUIRED, {
+            path: route.path,
+            configNames: payRoute.x402.paymentConfigs ?? ["base_usdc"],
+            reason: "validator_failed"
+          });
+          const errorMessage = validationResult.error?.details ? `${validationResult.error.message}: ${JSON.stringify(validationResult.error.details)}` : validationResult.error?.message || "Invalid request parameters";
+          setStandardPaymentRequiredHeaders(typedRes, payRoute, typedRuntime, errorMessage);
+          return typedRes.status(402).json({
+            ...x402Response,
+            error: errorMessage
+          });
+        }
+        log("✓ Validation passed");
+      } catch (error) {
+        logError("✗ Validation error:", error instanceof Error ? error.message : String(error));
+        const x402Response = buildX402Response(payRoute, typedRuntime);
+        typedRuntime.emitEvent(X402_EVENT_PAYMENT_REQUIRED, {
+          path: route.path,
+          configNames: payRoute.x402.paymentConfigs ?? ["base_usdc"],
+          reason: "validator_error"
+        });
+        setStandardPaymentRequiredHeaders(typedRes, payRoute, typedRuntime, "Validation error");
+        return typedRes.status(402).json({
+          ...x402Response,
+          error: `Validation error: ${error instanceof Error ? error.message : "Unknown error"}`
+        });
       }
-    };
-    this.policyEngine = new PolicyEngine(policy, this.storage);
-    this.circuitBreaker = new CircuitBreaker;
-    this.fetchWithPayment = createFetchWithPayment({
-      signer: this.signer,
-      policyEngine: this.policyEngine,
-      circuitBreaker: this.circuitBreaker,
-      storage: this.storage,
-      logger: logger5
+    }
+    const requestHeaders = typedReq.headers ?? {};
+    const requestQuery = typedReq.query ?? {};
+    log("Headers:", JSON.stringify(requestHeaders, null, 2));
+    log("Query:", JSON.stringify(requestQuery, null, 2));
+    if (typedReq.method === "POST" && typedReq.body) {
+      log("Body:", JSON.stringify(typedReq.body, null, 2));
+    }
+    const paymentProof = requestHeaders["x-payment-proof"] || requestHeaders["x-payment"] || requestHeaders["payment-signature"] || requestQuery.paymentProof;
+    const paymentId = requestHeaders["x-payment-id"] || requestQuery.paymentId;
+    log("Payment credentials:", {
+      "x-payment-proof": !!requestHeaders["x-payment-proof"],
+      "x-payment": !!requestHeaders["x-payment"],
+      "payment-signature": !!requestHeaders["payment-signature"],
+      "x-payment-id": !!paymentId,
+      found: !!(paymentProof || paymentId)
     });
-    logger5.info(`[x402] Service active — max per-txn: $${this.serviceConfig.maxPaymentUsd}, max daily: $${this.serviceConfig.maxTotalUsd}`);
-  }
-  async stop() {
-    logger5.info("[x402] Service stopping");
-    this.signer = null;
-    this.fetchWithPayment = null;
-  }
-  getFetchWithPayment() {
-    if (!this.fetchWithPayment) {
-      return (input, init) => fetch(input, init);
-    }
-    return this.fetchWithPayment;
-  }
-  async getSummary(windowMs = ONE_DAY_MS) {
-    const [totalSpent, totalEarned, outgoingCount, incomingCount] = await Promise.all([
-      this.storage.getTotal("outgoing", windowMs),
-      this.storage.getTotal("incoming", windowMs),
-      this.storage.getCount("outgoing", windowMs),
-      this.storage.getCount("incoming", windowMs)
-    ]);
-    return {
-      totalSpent,
-      totalEarned,
-      outgoingCount,
-      incomingCount,
-      windowMs
-    };
-  }
-  async getRecentTransactions(limit = 20) {
-    return this.storage.getRecords({ limit });
-  }
-  isActive() {
-    return this.serviceConfig.enabled && this.signer !== null;
-  }
-  canMakePayments() {
-    return this.isActive() && this.fetchWithPayment !== null;
-  }
-  updatePolicy(policy) {
-    if (this.policyEngine) {
-      this.policyEngine.updatePolicy(policy);
-      logger5.info("[x402] Payment policy updated");
+    if (paymentProof || paymentId) {
+      log("Payment credentials received:", {
+        proofLength: paymentProof ? String(paymentProof).length : 0,
+        paymentId
+      });
+      try {
+        const cfgNames = payRoute.x402.paymentConfigs ?? ["base_usdc"];
+        const outcome = await verifyPayment({
+          paymentProof: typeof paymentProof === "string" ? paymentProof : undefined,
+          paymentId: typeof paymentId === "string" ? paymentId : undefined,
+          route: route.path,
+          priceInCents: payRoute.x402.priceInCents,
+          paymentConfigNames: cfgNames,
+          agentId: typedRuntime.agentId ? String(typedRuntime.agentId) : undefined,
+          runtime: typedRuntime,
+          req: typedReq
+        });
+        if (outcome.ok) {
+          log("✓ PAYMENT VERIFIED - executing handler");
+          typedRuntime.emitEvent(X402_EVENT_PAYMENT_VERIFIED, {
+            path: route.path,
+            priceInCents: payRoute.x402.priceInCents,
+            paymentConfigs: payRoute.x402.paymentConfigs,
+            payer: outcome.details.payer,
+            amountAtomic: outcome.details.amountAtomic,
+            network: outcome.details.network,
+            proofId: outcome.details.proofId,
+            paymentConfig: outcome.details.paymentConfig,
+            symbol: outcome.details.symbol
+          });
+          if (outcome.details.paymentResponse && typedRes.setHeader) {
+            typedRes.setHeader("PAYMENT-RESPONSE", outcome.details.paymentResponse);
+            typedRes.setHeader("Access-Control-Expose-Headers", "PAYMENT-REQUIRED, PAYMENT-RESPONSE, Payment-Required, Payment-Response");
+          }
+          if (originalHandler) {
+            return originalHandler(req, res, runtime);
+          }
+          return;
+        }
+        logError("✗ PAYMENT VERIFICATION FAILED");
+        const x402Base = buildX402Response(payRoute, typedRuntime);
+        typedRuntime.emitEvent(X402_EVENT_PAYMENT_REQUIRED, {
+          path: route.path,
+          configNames: cfgNames,
+          reason: "verification_failed"
+        });
+        setStandardPaymentRequiredHeaders(typedRes, payRoute, typedRuntime, "Payment verification failed");
+        typedRes.status(402).json({
+          ...x402Base,
+          error: "Payment verification failed",
+          message: "The provided payment proof is invalid or has expired, or the amount or token does not match this route."
+        });
+        return;
+      } catch (error) {
+        logError("✗ PAYMENT VERIFICATION ERROR:", error instanceof Error ? error.message : String(error));
+        let x402Base;
+        try {
+          x402Base = buildX402Response(payRoute, typedRuntime);
+        } catch {
+          x402Base = createX402Response({
+            error: "Payment verification error"
+          });
+        }
+        typedRuntime.emitEvent(X402_EVENT_PAYMENT_REQUIRED, {
+          path: route.path,
+          configNames: payRoute.x402.paymentConfigs ?? ["base_usdc"],
+          reason: "verification_error"
+        });
+        setStandardPaymentRequiredHeaders(typedRes, payRoute, typedRuntime, "Payment verification error");
+        typedRes.status(402).json({
+          ...x402Base,
+          error: "Payment verification error",
+          message: error instanceof Error ? error.message : String(error)
+        });
+        return;
+      }
     }
-  }
-  getWalletAddress() {
-    return this.signer?.address ?? null;
-  }
-  getNetwork() {
-    return this.serviceConfig.network;
-  }
-  getFacilitatorUrl() {
-    return this.serviceConfig.facilitatorUrl;
-  }
-  getPayToAddress() {
-    return this.serviceConfig.payTo;
-  }
-  getStorage() {
-    return this.storage;
-  }
-  getCircuitBreakerState() {
-    return this.circuitBreaker.getState();
-  }
-  resetCircuitBreaker() {
-    this.circuitBreaker.reset();
-    logger5.info("[x402] Circuit breaker reset");
-  }
-}
-// middleware/facilitator-client.ts
-function buildFacilitatorRequestBody(paymentProof, requirement) {
-  let paymentPayload;
-  try {
-    const decoded = Buffer.from(paymentProof, "base64").toString("utf-8");
-    paymentPayload = JSON.parse(decoded);
-  } catch {
+    log("No payment credentials - returning 402");
     try {
-      paymentPayload = JSON.parse(paymentProof);
-    } catch {
-      throw new Error("Payment proof is neither valid base64-encoded JSON nor direct JSON");
+      const x402Response = buildX402Response(payRoute, typedRuntime);
+      typedRuntime.emitEvent(X402_EVENT_PAYMENT_REQUIRED, {
+        path: route.path,
+        configNames: payRoute.x402.paymentConfigs ?? ["base_usdc"],
+        reason: "payment_required"
+      });
+      log("Payment options:", {
+        paymentConfigs: payRoute.x402.paymentConfigs || ["base_usdc"],
+        priceInCents: payRoute.x402.priceInCents,
+        count: x402Response.accepts?.length || 0
+      });
+      log("402 Response:", JSON.stringify(x402Response, null, 2));
+      setStandardPaymentRequiredHeaders(typedRes, payRoute, typedRuntime, "Payment Required");
+      typedRes.status(402).json(x402Response);
+    } catch (error) {
+      logError("✗ Failed to build x402 response:", error instanceof Error ? error.message : String(error));
+      typedRes.status(402).json(createX402Response({
+        error: `Payment Required: ${error instanceof Error ? error.message : "Unknown error"}`
+      }));
     }
-  }
-  const paymentRequirements = {
-    scheme: requirement.scheme,
-    network: requirement.network,
-    asset: requirement.asset,
-    amount: requirement.maxAmountRequired,
-    payTo: requirement.payTo,
-    maxTimeoutSeconds: requirement.maxTimeoutSeconds,
-    extra: requirement.extra
   };
-  return JSON.stringify({ paymentPayload, paymentRequirements });
 }
-async function verifyPaymentWithFacilitator(paymentProof, facilitatorUrl, requirement) {
-  const url = new URL("/verify", facilitatorUrl);
-  try {
-    const body = buildFacilitatorRequestBody(paymentProof, requirement);
-    const response = await fetch(url.toString(), {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json"
+function setStandardPaymentRequiredHeaders(res, route, runtime, error = "Payment Required") {
+  if (!res.setHeader || res.headersSent)
+    return;
+  const paymentConfigNames = route.x402.paymentConfigs || ["base_usdc"];
+  const agentId = runtime?.agentId ? String(runtime.agentId) : undefined;
+  const paymentRequired = buildStandardPaymentRequired({
+    routePath: route.path,
+    description: generateDescription(route),
+    priceInCents: route.x402.priceInCents,
+    paymentConfigNames,
+    agentId,
+    error
+  });
+  const encoded = Buffer.from(JSON.stringify(paymentRequired), "utf8").toString("base64");
+  res.setHeader("PAYMENT-REQUIRED", encoded);
+  res.setHeader("Access-Control-Expose-Headers", "PAYMENT-REQUIRED, PAYMENT-RESPONSE, Payment-Required, Payment-Response");
+}
+function buildX402Response(route, runtime) {
+  if (!route.x402.priceInCents) {
+    throw new Error("Route x402.priceInCents is required for x402 response");
+  }
+  const paymentConfigs = route.x402.paymentConfigs || ["base_usdc"];
+  const agentId = runtime?.agentId ? String(runtime.agentId) : undefined;
+  const accepts = paymentConfigs.flatMap((configName) => {
+    const config = getPaymentConfig(configName, agentId);
+    const caip19 = getCAIP19FromConfig(config);
+    const maxAmountRequired = atomicAmountForPriceInCents(route.x402.priceInCents, config);
+    const inputSchema = buildInputSchemaFromRoute(route);
+    const method = route.type === "POST" ? "POST" : "GET";
+    const outputSchema = {
+      input: {
+        type: "http",
+        method,
+        bodyType: method === "POST" ? "json" : undefined,
+        pathParams: inputSchema.pathParams,
+        queryParams: inputSchema.queryParams,
+        bodyFields: inputSchema.bodyFields,
+        headerFields: {
+          "X-Payment": {
+            type: "string",
+            required: false,
+            description: "Standard x402 payment header (base64-encoded JSON or raw JSON with x402Version, accepted, payload) — verified via facilitator POST when configured"
+          },
+          "X-Payment-Proof": {
+            type: "string",
+            required: false,
+            description: "Legacy payment proof (tx hash, colon-delimited, or JSON)"
+          },
+          "X-Payment-Id": {
+            type: "string",
+            required: false,
+            description: "Optional payment ID for tracking"
+          }
+        }
       },
-      body
-    });
-    if (!response.ok) {
-      const errorText = await response.text().catch(() => "unknown error");
-      return {
-        valid: false,
-        reason: `Facilitator returned ${response.status}: ${errorText}`
-      };
-    }
-    const result = await response.json();
-    return {
-      valid: result.isValid === true,
-      payer: result.payer,
-      reason: result.invalidReason
+      output: {
+        type: "object",
+        description: "API response data (varies by endpoint)"
+      }
     };
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    return {
-      valid: false,
-      reason: `Facilitator request failed: ${message}`
+    const extra = {
+      priceInCents: route.x402.priceInCents || 0,
+      priceUSD: `$${((route.x402.priceInCents || 0) / 100).toFixed(2)}`,
+      symbol: config.symbol,
+      paymentConfig: configName,
+      expiresIn: 300
     };
+    if (config.network === "BASE" || config.network === "POLYGON" || config.network === "BSC") {
+      const isUsdc = config.symbol?.toUpperCase() === "USDC";
+      const tokenName = isUsdc ? "USD Coin" : config.symbol || "Token";
+      extra.name = tokenName;
+      extra.version = "2";
+      extra.eip712Domain = {
+        name: tokenName,
+        version: "2",
+        chainId: Number.parseInt(config.chainId || "1", 10),
+        verifyingContract: config.assetReference
+      };
+    }
+    return createAccepts({
+      network: toX402Network(config.network),
+      maxAmountRequired,
+      resource: toResourceUrl(route.path),
+      description: generateDescription(route),
+      payTo: config.paymentAddress,
+      asset: caip19,
+      mimeType: "application/json",
+      maxTimeoutSeconds: 300,
+      outputSchema,
+      extra
+    });
+  });
+  return createX402Response({
+    accepts,
+    error: "Payment Required"
+  });
+}
+function extractPathParams(path) {
+  const matches = path.matchAll(/:([^/]+)/g);
+  return Array.from(matches, (m) => m[1]);
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function isOpenAPIObjectSchema(schema) {
+  if (!isRecord(schema) || schema.type !== "object") {
+    return false;
   }
+  const properties = schema.properties;
+  return properties === undefined || isRecord(properties) && Object.values(properties).every((property) => property === undefined || isRecord(property));
 }
-async function settlePaymentWithFacilitator(paymentProof, facilitatorUrl, requirement) {
-  const url = new URL("/settle", facilitatorUrl);
-  try {
-    const body = buildFacilitatorRequestBody(paymentProof, requirement);
-    const response = await fetch(url.toString(), {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json"
-      },
-      body
-    });
-    if (!response.ok) {
-      const errorText = await response.text().catch(() => "unknown error");
-      return {
-        success: false,
-        reason: `Facilitator returned ${response.status}: ${errorText}`
+function convertOpenAPISchemaToFieldDef(schema) {
+  if ("properties" in schema && schema.properties) {
+    const fields = {};
+    for (const [key, value] of Object.entries(schema.properties)) {
+      fields[key] = {
+        type: value.type,
+        required: "required" in schema && schema.required ? schema.required.includes(key) : false,
+        description: value.description,
+        enum: value.enum,
+        pattern: value.pattern,
+        properties: value.properties ? convertOpenAPISchemaToFieldDef(value) : undefined
       };
     }
-    const result = await response.json();
-    return {
-      success: result.success === true,
-      txHash: result.transaction,
-      reason: result.errorReason
-    };
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    return {
-      success: false,
-      reason: `Facilitator request failed: ${message}`
-    };
+    return fields;
   }
+  return {};
 }
-
-// middleware/paywall.ts
-function createPaywallMiddleware(config, storage, onStorageError) {
-  const networkInfo = resolveNetwork(config.network);
-  const requirementTemplate = {
-    scheme: "upto",
-    network: networkInfo.caip2,
-    maxAmountRequired: config.amount.toString(),
-    resource: "",
-    description: config.description,
-    mimeType: config.mimeType,
-    payTo: config.payTo,
-    maxTimeoutSeconds: config.maxTimeoutSeconds,
-    asset: networkInfo.usdcAddress,
-    extra: {
-      name: networkInfo.usdcDomainName,
-      version: networkInfo.usdcPermitVersion
-    }
-  };
-  return async (req, res, next) => {
-    const paymentHeader = getHeader(req, "x-payment");
-    if (!paymentHeader) {
-      const resource = req.url ?? "/";
-      const requirement2 = { ...requirementTemplate, resource };
-      const paymentRequired = {
-        x402Version: 2,
-        accepts: [requirement2]
+function buildInputSchemaFromRoute(route) {
+  const schema = {};
+  if (route.openapi?.parameters) {
+    const pathParams = {};
+    for (const p of route.openapi.parameters.filter((x) => x.in === "path")) {
+      pathParams[p.name] = {
+        type: p.schema.type,
+        required: p.required ?? true,
+        description: p.description,
+        enum: p.schema.enum,
+        pattern: p.schema.pattern
       };
-      const encoded = Buffer.from(JSON.stringify(paymentRequired)).toString("base64");
-      res.setHeader("Payment-Required", encoded).setHeader("x-402", encoded).status(402).json({
-        error: "Payment Required",
-        message: config.description,
-        x402Version: 2
-      });
-      return;
-    }
-    const requirement = {
-      ...requirementTemplate,
-      resource: req.url ?? "/"
-    };
-    const verifyResult = await verifyPaymentWithFacilitator(paymentHeader, config.facilitatorUrl, requirement);
-    if (!verifyResult.valid) {
-      res.status(402).json({
-        error: "Payment Invalid",
-        reason: verifyResult.reason ?? "Payment verification failed"
-      });
-      return;
-    }
-    const settleResult = await settlePaymentWithFacilitator(paymentHeader, config.facilitatorUrl, requirement);
-    if (storage && verifyResult.payer) {
-      const id = `x402_in_${Date.now().toString(36)}_${Math.random().toString(36).substring(2, 8)}`;
-      await storage.recordPayment({
-        id,
-        direction: "incoming",
-        counterparty: verifyResult.payer,
-        amount: config.amount,
-        network: networkInfo.caip2,
-        txHash: settleResult.txHash ?? "",
-        resource: req.url ?? "/",
-        status: settleResult.success ? "confirmed" : "pending",
-        createdAt: new Date().toISOString(),
-        metadata: {}
-      }).catch((err) => {
-        if (onStorageError) {
-          onStorageError(err);
-        }
-      });
-    }
-    if (settleResult.txHash) {
-      res.setHeader("x-upto-session-id", settleResult.txHash);
-      res.setHeader("X-PAYMENT-RESPONSE", settleResult.txHash);
     }
-    next();
-  };
-}
-function getHeader(req, name) {
-  const headers = req.headers;
-  const lowerName = name.toLowerCase();
-  for (const [key, value] of Object.entries(headers)) {
-    if (key.toLowerCase() === lowerName) {
-      if (Array.isArray(value)) {
-        return value[0];
+    if (Object.keys(pathParams).length > 0)
+      schema.pathParams = pathParams;
+  } else {
+    const paramNames = extractPathParams(route.path);
+    if (paramNames.length > 0) {
+      const pathParams = {};
+      for (const name of paramNames) {
+        pathParams[name] = {
+          type: "string",
+          required: true,
+          description: `Path parameter: ${name}`
+        };
       }
-      return value;
+      schema.pathParams = pathParams;
+    }
+  }
+  if (route.openapi?.parameters) {
+    const queryParams = {};
+    for (const p of route.openapi.parameters.filter((x) => x.in === "query")) {
+      queryParams[p.name] = {
+        type: p.schema.type,
+        required: p.required ?? false,
+        description: p.description,
+        enum: p.schema.enum,
+        pattern: p.schema.pattern
+      };
     }
+    if (Object.keys(queryParams).length > 0)
+      schema.queryParams = queryParams;
   }
-  return;
-}
-// storage/postgres.ts
-import pg from "pg";
-var { Pool } = pg;
-
-class PostgresPaymentStorage {
-  pool;
-  agentId;
-  initialized;
-  constructor(connectionString, agentId) {
-    this.pool = new Pool({ connectionString });
-    this.agentId = agentId;
-    this.initialized = this.initialize();
-  }
-  async initialize() {
-    const client = await this.pool.connect();
-    try {
-      await client.query(`
-        CREATE TABLE IF NOT EXISTS x402_payments (
-          id TEXT PRIMARY KEY,
-          agent_id TEXT NOT NULL,
-          direction VARCHAR NOT NULL CHECK(direction IN ('outgoing', 'incoming')),
-          counterparty TEXT NOT NULL,
-          amount TEXT NOT NULL,
-          network TEXT NOT NULL,
-          tx_hash TEXT NOT NULL DEFAULT '',
-          resource TEXT NOT NULL DEFAULT '',
-          status TEXT NOT NULL DEFAULT 'pending',
-          created_at TEXT NOT NULL,
-          metadata JSONB NOT NULL DEFAULT '{}'
-        );
-        CREATE INDEX IF NOT EXISTS idx_x402_agent ON x402_payments(agent_id);
-        CREATE INDEX IF NOT EXISTS idx_x402_direction ON x402_payments(agent_id, direction, created_at);
-      `);
-    } finally {
-      client.release();
-    }
-  }
-  async ready() {
-    await this.initialized;
-  }
-  async recordPayment(record) {
-    await this.ready();
-    await this.pool.query(`INSERT INTO x402_payments (id, agent_id, direction, counterparty, amount, network, tx_hash, resource, status, created_at, metadata)
-       VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)`, [
-      record.id,
-      this.agentId,
-      record.direction,
-      record.counterparty,
-      record.amount.toString(),
-      record.network,
-      record.txHash,
-      record.resource,
-      record.status,
-      record.createdAt,
-      JSON.stringify(record.metadata)
-    ]);
-  }
-  async getTotal(direction, windowMs, scope) {
-    await this.ready();
-    let sql = "SELECT amount FROM x402_payments WHERE agent_id = $1 AND direction = $2 AND status NOT IN ('failed', 'refunded')";
-    const params = [this.agentId, direction];
-    let paramIdx = 3;
-    if (windowMs !== undefined) {
-      const cutoff = new Date(Date.now() - windowMs).toISOString();
-      sql += ` AND created_at >= $${paramIdx}`;
-      params.push(cutoff);
-      paramIdx++;
-    }
-    if (scope) {
-      sql += ` AND counterparty = $${paramIdx}`;
-      params.push(scope);
-      paramIdx++;
-    }
-    const result = await this.pool.query(sql, params);
-    let total = 0n;
-    for (const row of result.rows) {
-      total += BigInt(row.amount);
-    }
-    return total;
-  }
-  async getRecords(filters) {
-    await this.ready();
-    let sql = "SELECT * FROM x402_payments WHERE agent_id = $1";
-    const params = [this.agentId];
-    let paramIdx = 2;
-    if (filters) {
-      if (filters.direction) {
-        sql += ` AND direction = $${paramIdx}`;
-        params.push(filters.direction);
-        paramIdx++;
-      }
-      if (filters.counterparty) {
-        sql += ` AND LOWER(counterparty) = LOWER($${paramIdx})`;
-        params.push(filters.counterparty);
-        paramIdx++;
-      }
-      if (filters.status) {
-        sql += ` AND status = $${paramIdx}`;
-        params.push(filters.status);
-        paramIdx++;
-      }
-      if (filters.network) {
-        sql += ` AND network = $${paramIdx}`;
-        params.push(filters.network);
-        paramIdx++;
-      }
-      if (filters.since) {
-        sql += ` AND created_at >= $${paramIdx}`;
-        params.push(filters.since);
-        paramIdx++;
-      }
-      if (filters.until) {
-        sql += ` AND created_at <= $${paramIdx}`;
-        params.push(filters.until);
-        paramIdx++;
-      }
+  if (route.openapi?.requestBody?.content?.["application/json"]?.schema) {
+    const requestBodySchema = route.openapi.requestBody.content["application/json"].schema;
+    if (isOpenAPIObjectSchema(requestBodySchema)) {
+      schema.bodyFields = convertOpenAPISchemaToFieldDef(requestBodySchema);
     }
-    sql += " ORDER BY created_at DESC";
-    if (filters?.limit !== undefined) {
-      sql += ` LIMIT $${paramIdx}`;
-      params.push(filters.limit);
-      paramIdx++;
-    }
-    if (filters?.offset !== undefined) {
-      sql += ` OFFSET $${paramIdx}`;
-      params.push(filters.offset);
-      paramIdx++;
-    }
-    const result = await this.pool.query(sql, params);
-    return result.rows.map((row) => this.rowToRecord(row));
-  }
-  async getCount(direction, windowMs) {
-    await this.ready();
-    let sql = "SELECT COUNT(*) as cnt FROM x402_payments WHERE agent_id = $1 AND direction = $2 AND status NOT IN ('failed', 'refunded')";
-    const params = [this.agentId, direction];
-    let paramIdx = 3;
-    if (windowMs !== undefined) {
-      const cutoff = new Date(Date.now() - windowMs).toISOString();
-      sql += ` AND created_at >= $${paramIdx}`;
-      params.push(cutoff);
-      paramIdx++;
-    }
-    const result = await this.pool.query(sql, params);
-    return parseInt(result.rows[0].cnt, 10);
-  }
-  async clear() {
-    await this.ready();
-    await this.pool.query("DELETE FROM x402_payments WHERE agent_id = $1", [
-      this.agentId
-    ]);
-  }
-  async close() {
-    await this.pool.end();
-  }
-  rowToRecord(row) {
-    let metadata = {};
-    try {
-      metadata = typeof row.metadata === "string" ? JSON.parse(row.metadata) : row.metadata;
-    } catch (_metadataParseError) {}
-    return {
-      id: row.id,
-      direction: row.direction,
-      counterparty: row.counterparty,
-      amount: BigInt(row.amount),
-      network: row.network,
-      txHash: row.tx_hash,
-      resource: row.resource,
-      status: row.status,
-      createdAt: row.created_at,
-      metadata
-    };
   }
+  return schema;
 }
-
-// index.ts
-async function handleSummary(_req, res, runtime) {
-  const service = runtime.getService("x402_payment");
-  if (!service || !service.isActive()) {
-    res.status(503).json({ error: "x402 service not active" });
-    return;
-  }
-  const summary = await service.getSummary();
-  res.status(200).json({
-    wallet: service.getWalletAddress() ?? "",
-    network: service.getNetwork(),
-    totalSpent: formatUsd(summary.totalSpent),
-    totalSpentRaw: summary.totalSpent.toString(),
-    totalEarned: formatUsd(summary.totalEarned),
-    totalEarnedRaw: summary.totalEarned.toString(),
-    outgoingCount: summary.outgoingCount,
-    incomingCount: summary.incomingCount,
-    windowMs: summary.windowMs,
-    circuitBreaker: service.getCircuitBreakerState()
-  });
+function generateDescription(route) {
+  if (route.description)
+    return route.description;
+  const pathParts = route.path.split("/").filter(Boolean);
+  const action = route.type.toLowerCase() === "get" ? "Get" : "Execute";
+  const resource = pathParts[pathParts.length - 1]?.replace(/^:/, "") || "resource";
+  return `${action} ${resource}`;
 }
-async function handleHistory(req, res, runtime) {
-  const service = runtime.getService("x402_payment");
-  if (!service || !service.isActive()) {
-    res.status(503).json({ error: "x402 service not active" });
-    return;
-  }
-  const limitStr = (Array.isArray(req.query?.limit) ? req.query.limit[0] : req.query?.limit) ?? "20";
-  const limit = Math.min(Math.max(parseInt(limitStr, 10) || 20, 1), 100);
-  const transactions = await service.getRecentTransactions(limit);
-  const serialized = transactions.map((txn) => ({
-    id: txn.id,
-    direction: txn.direction,
-    counterparty: txn.counterparty,
-    amount: txn.amount.toString(),
-    amountUsd: formatUsd(txn.amount),
-    network: txn.network,
-    txHash: txn.txHash,
-    resource: txn.resource,
-    status: txn.status,
-    createdAt: txn.createdAt,
-    metadata: txn.metadata
-  }));
-  res.status(200).json({ transactions: serialized, count: serialized.length });
-}
-async function handleExport(_req, res, runtime) {
-  const service = runtime.getService("x402_payment");
-  if (!service || !service.isActive()) {
-    res.status(503).json({ error: "x402 service not active" });
-    return;
+function applyPaymentProtection(routes, context) {
+  if (!Array.isArray(routes)) {
+    throw new Error("routes must be an array");
   }
-  const transactions = await service.getRecentTransactions(1e4);
-  const csvHeader = "id,direction,counterparty,amount_base_units,amount_usd,network,tx_hash,resource,status,created_at";
-  const csvRows = transactions.map((txn) => `${txn.id},${txn.direction},${txn.counterparty},${txn.amount.toString()},${formatUsd(txn.amount)},${txn.network},${txn.txHash},${escapeCSV(txn.resource)},${txn.status},${txn.createdAt}`);
-  const csv = [csvHeader, ...csvRows].join(`
+  const validation = validateX402Startup(routes, context?.character, {
+    agentId: context?.agentId
+  });
+  if (!validation.valid) {
+    throw new Error(`
+x402 Configuration Invalid (${validation.errors.length} error${validation.errors.length > 1 ? "s" : ""}):
+
+` + validation.errors.map((e) => `  • ${e}`).join(`
+`) + `
+
+Please fix these errors and try again.
 `);
-  if (res.setHeader) {
-    res.setHeader("Content-Type", "text/csv");
-    res.setHeader("Content-Disposition", `attachment; filename="x402-payments-${new Date().toISOString().slice(0, 10)}.csv"`);
   }
-  res.send(csv);
-}
-function escapeCSV(value) {
-  if (value.includes(",") || value.includes('"') || value.includes(`
-`)) {
-    return `"${value.replace(/"/g, '""')}"`;
-  }
-  return value;
+  return routes.map((route) => {
+    const x402Route = route;
+    if (x402Route.x402 != null) {
+      if (isRoutePaymentWrapped(route)) {
+        return route;
+      }
+      logger5.debug({ path: x402Route.path, x402: x402Route.x402 }, "[x402] payment protection enabled");
+      const wrappedRoute = {
+        ...route,
+        handler: createPaymentAwareHandler(x402Route),
+        [X402_ROUTE_PAYMENT_WRAPPED]: true
+      };
+      return wrappedRoute;
+    }
+    return route;
+  });
 }
+
+// src/index.ts
 var x402Plugin = {
   name: "x402",
-  description: "x402 HTTP payment protocol - send and receive crypto payments (USDC on EVM chains)",
-  config: {
-    X402_PRIVATE_KEY: null,
-    X402_NETWORK: null,
-    X402_PAY_TO: null,
-    X402_FACILITATOR_URL: null,
-    X402_MAX_PAYMENT_USD: null,
-    X402_MAX_TOTAL_USD: null,
-    X402_ENABLED: null
-  },
-  services: [X402Service],
-  actions: [payForServiceAction, checkPaymentHistoryAction, setPaymentPolicyAction],
-  providers: [paymentBalanceProvider],
-  routes: [
-    agentCardRoute,
-    {
-      type: "GET",
-      path: "/x402/summary",
-      name: "x402-summary",
-      public: false,
-      handler: handleSummary
-    },
-    {
-      type: "GET",
-      path: "/x402/history",
-      name: "x402-history",
-      public: false,
-      handler: handleHistory
-    },
-    {
-      type: "GET",
-      path: "/x402/export",
-      name: "x402-export",
-      public: false,
-      handler: handleExport
-    }
-  ]
+  description: "x402 micropayment middleware for elizaOS plugin HTTP routes (HTTP 402 / payment-required).",
+  actions: [],
+  providers: [],
+  evaluators: [],
+  services: [],
+  dispose: async (_runtime) => {}
 };
-var typescript_default = x402Plugin;
+var src_default = x402Plugin;
 export {
   x402Plugin,
-  verifyPaymentWithFacilitator,
-  usdToBaseUnits,
-  truncateAddress,
-  settlePaymentWithFacilitator,
-  setPaymentPolicyAction,
-  resolveNetwork,
-  paymentBalanceProvider,
-  payForServiceAction,
-  networkKeyFromCaip2,
-  formatUsd,
-  typescript_default as default,
-  createPaywallMiddleware,
-  createFetchWithPayment,
-  checkPaymentHistoryAction,
-  agentCardRoute,
-  X402Service,
-  SqlitePaymentStorage,
-  PostgresPaymentStorage,
-  PolicyEngine,
-  ONE_DAY_MS,
-  NETWORK_REGISTRY,
-  MemoryPaymentStorage,
-  EvmPaymentSigner,
-  CircuitBreaker
+  validateX402Startup,
+  validateX402Response,
+  validateAndThrowIfInvalid,
+  validateAccepts,
+  toX402Network,
+  toResourceUrl,
+  resolveEffectiveX402,
+  registerX402Config,
+  listX402Configs,
+  isRoutePaymentWrapped,
+  getX402Health,
+  getPaymentConfig,
+  getPaymentAddress,
+  getBaseUrl,
+  src_default as default,
+  createX402Response,
+  createPaymentAwareHandler,
+  createAccepts,
+  atomicAmountForPriceInCents,
+  applyPaymentProtection,
+  X402_ROUTE_PAYMENT_WRAPPED,
+  X402_EVENT_PAYMENT_VERIFIED,
+  X402_EVENT_PAYMENT_REQUIRED,
+  PAYMENT_CONFIGS,
+  PAYMENT_ADDRESSES,
+  BUILT_IN_NETWORKS
 };
 
-//# debugId=2EC8B924AB46A7D764756E2164756E21
+//# debugId=9C2A4CF3E2DCA87864756E2164756E21