@faremeter/payment-solana 0.19.0 → 0.20.0

package/dist/src/charge/server.js

@@ -0,0 +1,395 @@
+import { encodeBase64URL, canonicalizeSortedJSON, decodeBase64URL, } from "@faremeter/types/mpp";
+import { isValidationError } from "@faremeter/types";
+import { lookupX402Network, caip2ToCluster, } from "@faremeter/info/solana";
+import { fetchMint } from "@solana-program/token";
+import { address, decompileTransactionMessage, getBase64Encoder, getCompiledTransactionMessageDecoder, } from "@solana/kit";
+import { getBase64EncodedWireTransaction, getTransactionDecoder, partiallySignTransaction, } from "@solana/transactions";
+import { Keypair, LAMPORTS_PER_SOL, PublicKey } from "@solana/web3.js";
+import { mppChargeRequest, chargeCredentialPayload } from "./common.js";
+import { verifyChargeTransaction, verifyNativeChargeTransaction, } from "./verify.js";
+import { logger } from "./logger.js";
+async function generateChallengeID(secret, params) {
+    const slots = [
+        params.realm,
+        params.method,
+        params.intent,
+        params.request,
+        params.expires ?? "",
+        params.digest ?? "",
+        params.opaque ?? "",
+    ];
+    // Per spec: pipe-delimited. Safe because slot values are either
+    // server-controlled constants or base64url-encoded (no pipe chars).
+    const message = new TextEncoder().encode(slots.join("|"));
+    const keyData = new Uint8Array(secret);
+    const key = await crypto.subtle.importKey("raw", keyData, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
+    const sig = await crypto.subtle.sign("HMAC", key, message);
+    return encodeBase64URL(String.fromCharCode(...new Uint8Array(sig)));
+}
+async function verifyChallengeID(secret, params) {
+    const { id, ...rest } = params;
+    const computed = await generateChallengeID(secret, rest);
+    const encoder = new TextEncoder();
+    const a = encoder.encode(computed);
+    const b = encoder.encode(id);
+    if (a.byteLength !== b.byteLength)
+        return false;
+    const { timingSafeEqual } = await import("node:crypto");
+    return timingSafeEqual(a, b);
+}
+const sendTransaction = async (rpc, signedTransaction, maxRetries, retryDelayMs) => {
+    const base64EncodedTransaction = getBase64EncodedWireTransaction(signedTransaction);
+    const simResult = await rpc
+        .simulateTransaction(base64EncodedTransaction, {
+        encoding: "base64",
+    })
+        .send();
+    if (simResult.value.err) {
+        logger.error("transaction simulation failed", simResult.value);
+        return { success: false, error: "Transaction simulation failed" };
+    }
+    const signature = await rpc
+        .sendTransaction(base64EncodedTransaction, {
+        encoding: "base64",
+    })
+        .send();
+    for (let i = 0; i < maxRetries; i++) {
+        const status = await rpc.getSignatureStatuses([signature]).send();
+        if (status.value[0]?.err) {
+            return {
+                success: false,
+                error: `Transaction failed: ${JSON.stringify(status.value[0].err)}`,
+            };
+        }
+        if (status.value[0]?.confirmationStatus === "confirmed" ||
+            status.value[0]?.confirmationStatus === "finalized") {
+            return { success: true, signature };
+        }
+        await new Promise((resolve) => setTimeout(resolve, retryDelayMs));
+    }
+    return { success: false, error: "Transaction confirmation timeout" };
+};
+const fetchConfirmedTransaction = async (rpc, signature, maxRetries, retryDelayMs) => {
+    for (let i = 0; i < maxRetries; i++) {
+        const result = await rpc
+            .getTransaction(signature, {
+            commitment: "confirmed",
+            maxSupportedTransactionVersion: 0,
+            encoding: "base64",
+        })
+            .send();
+        if (result !== null) {
+            if (result.meta?.err) {
+                throw new Error(`on-chain transaction failed: ${JSON.stringify(result.meta.err)}`);
+            }
+            const txData = result.transaction;
+            const txB64 = Array.isArray(txData) ? txData[0] : txData;
+            if (typeof txB64 !== "string") {
+                throw new Error("unexpected transaction encoding in RPC response");
+            }
+            const txBytes = getBase64Encoder().encode(txB64);
+            const decodedTx = getTransactionDecoder().decode(txBytes);
+            const compiledMessage = getCompiledTransactionMessageDecoder().decode(decodedTx.messageBytes);
+            return decompileTransactionMessage(compiledMessage);
+        }
+        await new Promise((resolve) => setTimeout(resolve, retryDelayMs));
+    }
+    return null;
+};
+const decodeWireTransaction = (base64Transaction) => {
+    const txBytes = getBase64Encoder().encode(base64Transaction);
+    const decodedTx = getTransactionDecoder().decode(txBytes);
+    const compiledMessage = getCompiledTransactionMessageDecoder().decode(decodedTx.messageBytes);
+    return {
+        transactionMessage: decompileTransactionMessage(compiledMessage),
+        decodedTx,
+    };
+};
+export async function createMPPSolanaChargeHandler(args) {
+    const { network, rpc, feePayerKeypair, mint, replayStore, realm, secretKey, maxRetries = 30, retryDelayMs = 1000, maxPriorityFee = 100_000, } = args;
+    const solanaNetwork = lookupX402Network(network);
+    const mintAddress = mint.toBase58();
+    const hasFeePayerKeypair = feePayerKeypair !== undefined;
+    const feePayerAddress = feePayerKeypair?.publicKey.toBase58();
+    const mintInfo = await fetchMint(rpc, address(mintAddress));
+    const tokenProgram = mintInfo.programAddress;
+    const feePayerSigner = hasFeePayerKeypair
+        ? await (async () => {
+            const { createKeyPairSignerFromBytes } = await import("@solana/kit");
+            return createKeyPairSignerFromBytes(feePayerKeypair.secretKey);
+        })()
+        : null;
+    const getChallenge = async (intent, pricing, _resourceURL, opts) => {
+        const methodDetails = {
+            network: caip2ToCluster(solanaNetwork.caip2) ?? solanaNetwork.caip2,
+            decimals: mintInfo.data.decimals,
+            tokenProgram: tokenProgram,
+        };
+        if (hasFeePayerKeypair && feePayerAddress) {
+            const latestBlockhash = await rpc.getLatestBlockhash().send();
+            methodDetails.feePayer = true;
+            methodDetails.feePayerKey = feePayerAddress;
+            methodDetails.recentBlockhash = latestBlockhash.value.blockhash;
+        }
+        const requestBody = {
+            amount: pricing.amount,
+            currency: mintAddress,
+            recipient: pricing.recipient,
+            ...(pricing.description ? { description: pricing.description } : {}),
+            methodDetails,
+        };
+        const requestEncoded = encodeBase64URL(canonicalizeSortedJSON(requestBody));
+        const challengeTimeoutMs = 60_000;
+        const expiresAt = Date.now() + challengeTimeoutMs;
+        const paramsWithoutID = {
+            realm,
+            method: "solana",
+            intent,
+            request: requestEncoded,
+            expires: String(Math.floor(expiresAt / 1000)),
+            ...(opts?.digest !== undefined ? { digest: opts.digest } : {}),
+        };
+        const id = await generateChallengeID(secretKey, paramsWithoutID);
+        await replayStore.add(id, expiresAt);
+        return { id, ...paramsWithoutID };
+    };
+    const handleSettle = async (credential) => {
+        const { challenge, payload } = credential;
+        if (challenge.method !== "solana")
+            return null;
+        if (challenge.intent !== "charge")
+            return null;
+        let requestBody;
+        try {
+            requestBody = JSON.parse(decodeBase64URL(challenge.request));
+        }
+        catch {
+            return null;
+        }
+        const request = mppChargeRequest(requestBody);
+        if (isValidationError(request))
+            return null;
+        if (request.currency === "sol")
+            return null;
+        const idValid = await verifyChallengeID(secretKey, challenge);
+        if (!idValid) {
+            throw new Error("invalid challenge ID");
+        }
+        if (challenge.expires !== undefined) {
+            const expiresAtMs = Number(challenge.expires) * 1000;
+            if (expiresAtMs > 0 && Date.now() > expiresAtMs) {
+                throw new Error("challenge expired");
+            }
+        }
+        const consumed = await replayStore.consume(challenge.id);
+        if (!consumed) {
+            throw new Error("challenge ID already consumed or expired");
+        }
+        const validatedPayload = chargeCredentialPayload(payload);
+        if (isValidationError(validatedPayload)) {
+            throw new Error(`invalid credential payload: ${validatedPayload.summary}`);
+        }
+        const verifyArgs = {
+            request,
+            feePayerAddress: feePayerAddress ?? "",
+            tokenProgram,
+            maxPriorityFee,
+        };
+        if (validatedPayload.type === "signature") {
+            if (request.methodDetails?.feePayer) {
+                throw new Error("push mode is not allowed with fee sponsorship");
+            }
+            const transactionMessage = await fetchConfirmedTransaction(rpc, validatedPayload.signature, maxRetries, retryDelayMs);
+            if (!transactionMessage) {
+                throw new Error("could not fetch confirmed transaction");
+            }
+            const verifyResult = await verifyChargeTransaction({
+                transactionMessage,
+                ...verifyArgs,
+            });
+            if ("error" in verifyResult) {
+                throw new Error(`transaction verification failed: ${verifyResult.error}`);
+            }
+            return {
+                status: "success",
+                method: "solana",
+                timestamp: new Date().toISOString(),
+                reference: validatedPayload.signature,
+            };
+        }
+        const { transactionMessage, decodedTx } = decodeWireTransaction(validatedPayload.transaction);
+        const verifyResult = await verifyChargeTransaction({
+            transactionMessage,
+            ...verifyArgs,
+        });
+        if ("error" in verifyResult) {
+            throw new Error(`transaction verification failed: ${verifyResult.error}`);
+        }
+        if (!feePayerSigner) {
+            throw new Error("pull mode requires a fee payer keypair");
+        }
+        const signedTransaction = await partiallySignTransaction([feePayerSigner.keyPair], decodedTx);
+        const txResult = await sendTransaction(rpc, signedTransaction, maxRetries, retryDelayMs);
+        if (!txResult.success) {
+            throw new Error(`settlement failed: ${txResult.error}`);
+        }
+        return {
+            status: "success",
+            method: "solana",
+            timestamp: new Date().toISOString(),
+            reference: txResult.signature,
+        };
+    };
+    return {
+        method: "solana",
+        capabilities: {
+            networks: [solanaNetwork.caip2],
+            assets: [mintAddress],
+        },
+        getSupportedIntents: () => ["charge"],
+        getChallenge,
+        handleSettle,
+    };
+}
+const SOL_DECIMALS = Math.log10(LAMPORTS_PER_SOL);
+export async function createMPPSolanaNativeChargeHandler(args) {
+    const { network, rpc, feePayerKeypair, replayStore, realm, secretKey, maxRetries = 30, retryDelayMs = 1000, maxPriorityFee = 100_000, } = args;
+    const solanaNetwork = lookupX402Network(network);
+    const hasFeePayerKeypair = feePayerKeypair !== undefined;
+    const feePayerAddress = feePayerKeypair?.publicKey.toBase58();
+    const feePayerSigner = hasFeePayerKeypair
+        ? await (async () => {
+            const { createKeyPairSignerFromBytes } = await import("@solana/kit");
+            return createKeyPairSignerFromBytes(feePayerKeypair.secretKey);
+        })()
+        : null;
+    const getChallenge = async (intent, pricing, _resourceURL, opts) => {
+        const methodDetails = {
+            network: caip2ToCluster(solanaNetwork.caip2) ?? solanaNetwork.caip2,
+            decimals: SOL_DECIMALS,
+        };
+        if (hasFeePayerKeypair && feePayerAddress) {
+            const latestBlockhash = await rpc.getLatestBlockhash().send();
+            methodDetails.feePayer = true;
+            methodDetails.feePayerKey = feePayerAddress;
+            methodDetails.recentBlockhash = latestBlockhash.value.blockhash;
+        }
+        const requestBody = {
+            amount: pricing.amount,
+            currency: "sol",
+            recipient: pricing.recipient,
+            ...(pricing.description ? { description: pricing.description } : {}),
+            methodDetails,
+        };
+        const requestEncoded = encodeBase64URL(canonicalizeSortedJSON(requestBody));
+        const challengeTimeoutMs = 60_000;
+        const expiresAt = Date.now() + challengeTimeoutMs;
+        const paramsWithoutID = {
+            realm,
+            method: "solana",
+            intent,
+            request: requestEncoded,
+            expires: String(Math.floor(expiresAt / 1000)),
+            ...(opts?.digest !== undefined ? { digest: opts.digest } : {}),
+        };
+        const id = await generateChallengeID(secretKey, paramsWithoutID);
+        await replayStore.add(id, expiresAt);
+        return { id, ...paramsWithoutID };
+    };
+    const handleSettle = async (credential) => {
+        const { challenge, payload } = credential;
+        if (challenge.method !== "solana")
+            return null;
+        if (challenge.intent !== "charge")
+            return null;
+        let requestBody;
+        try {
+            requestBody = JSON.parse(decodeBase64URL(challenge.request));
+        }
+        catch {
+            return null;
+        }
+        const request = mppChargeRequest(requestBody);
+        if (isValidationError(request))
+            return null;
+        if (request.currency !== "sol")
+            return null;
+        const idValid = await verifyChallengeID(secretKey, challenge);
+        if (!idValid) {
+            throw new Error("invalid challenge ID");
+        }
+        if (challenge.expires !== undefined) {
+            const expiresAtMs = Number(challenge.expires) * 1000;
+            if (expiresAtMs > 0 && Date.now() > expiresAtMs) {
+                throw new Error("challenge expired");
+            }
+        }
+        const consumed = await replayStore.consume(challenge.id);
+        if (!consumed) {
+            throw new Error("challenge ID already consumed or expired");
+        }
+        const validatedPayload = chargeCredentialPayload(payload);
+        if (isValidationError(validatedPayload)) {
+            throw new Error(`invalid credential payload: ${validatedPayload.summary}`);
+        }
+        const verifyArgs = {
+            request,
+            feePayerAddress: feePayerAddress ?? "",
+            maxPriorityFee,
+        };
+        if (validatedPayload.type === "signature") {
+            if (request.methodDetails?.feePayer) {
+                throw new Error("push mode is not allowed with fee sponsorship");
+            }
+            const transactionMessage = await fetchConfirmedTransaction(rpc, validatedPayload.signature, maxRetries, retryDelayMs);
+            if (!transactionMessage) {
+                throw new Error("could not fetch confirmed transaction");
+            }
+            const verifyResult = await verifyNativeChargeTransaction({
+                transactionMessage,
+                ...verifyArgs,
+            });
+            if ("error" in verifyResult) {
+                throw new Error(`transaction verification failed: ${verifyResult.error}`);
+            }
+            return {
+                status: "success",
+                method: "solana",
+                timestamp: new Date().toISOString(),
+                reference: validatedPayload.signature,
+            };
+        }
+        const { transactionMessage, decodedTx } = decodeWireTransaction(validatedPayload.transaction);
+        const verifyResult = await verifyNativeChargeTransaction({
+            transactionMessage,
+            ...verifyArgs,
+        });
+        if ("error" in verifyResult) {
+            throw new Error(`transaction verification failed: ${verifyResult.error}`);
+        }
+        if (!feePayerSigner) {
+            throw new Error("pull mode requires a fee payer keypair");
+        }
+        const signedTransaction = await partiallySignTransaction([feePayerSigner.keyPair], decodedTx);
+        const txResult = await sendTransaction(rpc, signedTransaction, maxRetries, retryDelayMs);
+        if (!txResult.success) {
+            throw new Error(`settlement failed: ${txResult.error}`);
+        }
+        return {
+            status: "success",
+            method: "solana",
+            timestamp: new Date().toISOString(),
+            reference: txResult.signature,
+        };
+    };
+    return {
+        method: "solana",
+        capabilities: {
+            networks: [solanaNetwork.caip2],
+            assets: ["sol"],
+        },
+        getSupportedIntents: () => ["charge"],
+        getChallenge,
+        handleSettle,
+    };
+}

package/dist/src/charge/verify.d.ts

@@ -0,0 +1,40 @@
+import { type Address } from "@solana/kit";
+import type { mppChargeRequest } from "./common.js";
+import type { CompilableTransactionMessage } from "../common.js";
+export type VerifyChargeTransactionArgs = {
+    transactionMessage: CompilableTransactionMessage;
+    request: mppChargeRequest;
+    feePayerAddress: string;
+    tokenProgram: Address;
+    maxPriorityFee?: number;
+};
+/**
+ * Verifies that a client-submitted transaction matches the charge
+ * challenge. Scans the instruction list for a matching transferChecked
+ * and caps the priority fee from any compute budget instructions.
+ *
+ * Returns the payer (transfer authority) address on success, or a
+ * string error message on failure.
+ */
+export declare function verifyChargeTransaction(args: VerifyChargeTransactionArgs): Promise<{
+    payer: string;
+} | {
+    error: string;
+}>;
+export type VerifyNativeChargeTransactionArgs = {
+    transactionMessage: CompilableTransactionMessage;
+    request: mppChargeRequest;
+    feePayerAddress: string;
+    maxPriorityFee?: number;
+};
+/**
+ * Verifies that a client-submitted transaction matches a native SOL
+ * charge challenge. Scans the instruction list for a matching System
+ * Program transferSol and caps the priority fee.
+ */
+export declare function verifyNativeChargeTransaction(args: VerifyNativeChargeTransactionArgs): Promise<{
+    payer: string;
+} | {
+    error: string;
+}>;
+//# sourceMappingURL=verify.d.ts.map

package/dist/src/charge/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../../src/charge/verify.ts"],"names":[],"mappings":"AASA,OAAO,EAAW,KAAK,OAAO,EAAoB,MAAM,aAAa,CAAC;AACtE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AACjD,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,WAAW,CAAC;AAuD9D,MAAM,MAAM,2BAA2B,GAAG;IACxC,kBAAkB,EAAE,4BAA4B,CAAC;IACjD,OAAO,EAAE,gBAAgB,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,OAAO,CAAC;IACtB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF;;;;;;;GAOG;AACH,wBAAsB,uBAAuB,CAC3C,IAAI,EAAE,2BAA2B,GAChC,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CA8EhD;AAED,MAAM,MAAM,iCAAiC,GAAG;IAC9C,kBAAkB,EAAE,4BAA4B,CAAC;IACjD,OAAO,EAAE,gBAAgB,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF;;;;GAIG;AACH,wBAAsB,6BAA6B,CACjD,IAAI,EAAE,iCAAiC,GACtC,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CA0DhD"}

package/dist/src/charge/verify.js

@@ -0,0 +1,185 @@
+import { parseSetComputeUnitLimitInstruction, parseSetComputeUnitPriceInstruction, } from "@solana-program/compute-budget";
+import { parseTransferSolInstruction } from "@solana-program/system";
+import { findAssociatedTokenPda, parseTransferCheckedInstruction, } from "@solana-program/token";
+import { address } from "@solana/kit";
+import { logger } from "./logger.js";
+const DEFAULT_COMPUTE_UNIT_LIMIT = 200_000;
+/**
+ * Scans instructions for compute budget settings and calculates the
+ * effective priority fee. Returns 0 when no compute budget instructions
+ * are present. Uses the highest fee found when duplicates exist
+ * (conservative for cap enforcement).
+ */
+function calculatePriorityFee(instructions) {
+    let highestLimit = 0;
+    let highestMicroLamports = 0n;
+    let foundLimit = false;
+    let foundPrice = false;
+    for (const ix of instructions) {
+        if (!ix.data)
+            continue;
+        const data = new Uint8Array(ix.data);
+        try {
+            const limit = parseSetComputeUnitLimitInstruction({
+                programAddress: ix.programAddress,
+                data,
+            });
+            foundLimit = true;
+            if (limit.data.units > highestLimit) {
+                highestLimit = limit.data.units;
+            }
+            continue;
+        }
+        catch {
+            // not a setComputeUnitLimit instruction
+        }
+        try {
+            const price = parseSetComputeUnitPriceInstruction({
+                programAddress: ix.programAddress,
+                data,
+            });
+            foundPrice = true;
+            if (price.data.microLamports > highestMicroLamports) {
+                highestMicroLamports = price.data.microLamports;
+            }
+        }
+        catch {
+            // not a setComputeUnitPrice instruction
+        }
+    }
+    if (!foundPrice)
+        return 0;
+    const units = foundLimit ? highestLimit : DEFAULT_COMPUTE_UNIT_LIMIT;
+    return (units * Number(highestMicroLamports)) / 1_000_000;
+}
+/**
+ * Verifies that a client-submitted transaction matches the charge
+ * challenge. Scans the instruction list for a matching transferChecked
+ * and caps the priority fee from any compute budget instructions.
+ *
+ * Returns the payer (transfer authority) address on success, or a
+ * string error message on failure.
+ */
+export async function verifyChargeTransaction(args) {
+    const { transactionMessage, request, feePayerAddress, tokenProgram } = args;
+    const md = request.methodDetails;
+    if (md?.feePayer && transactionMessage.feePayer.address !== feePayerAddress) {
+        return { error: "fee payer does not match challenge" };
+    }
+    const instructions = transactionMessage.instructions;
+    const maxFee = args.maxPriorityFee ?? 100_000;
+    const priorityFee = calculatePriorityFee(instructions);
+    if (priorityFee > maxFee) {
+        return {
+            error: `priority fee ${priorityFee} exceeds maximum ${maxFee}`,
+        };
+    }
+    const [expectedATA] = await findAssociatedTokenPda({
+        mint: address(request.currency),
+        owner: address(request.recipient),
+        tokenProgram,
+    });
+    for (const ix of instructions) {
+        if (!ix.data || !ix.accounts)
+            continue;
+        let transfer;
+        try {
+            transfer = parseTransferCheckedInstruction({
+                accounts: ix.accounts,
+                programAddress: ix.programAddress,
+                data: new Uint8Array(ix.data),
+            });
+        }
+        catch {
+            continue;
+        }
+        if (transfer.data.amount !== BigInt(request.amount)) {
+            logger.debug("transfer amount mismatch", {
+                expected: request.amount,
+                actual: transfer.data.amount.toString(),
+            });
+            continue;
+        }
+        if (transfer.accounts.mint.address !== request.currency) {
+            logger.debug("transfer mint mismatch", {
+                expected: request.currency,
+                actual: transfer.accounts.mint.address,
+            });
+            continue;
+        }
+        if (md?.decimals !== undefined && transfer.data.decimals !== md.decimals) {
+            logger.debug("transfer decimals mismatch", {
+                expected: md.decimals,
+                actual: transfer.data.decimals,
+            });
+            continue;
+        }
+        if (transfer.accounts.destination.address !== expectedATA) {
+            logger.debug("transfer destination mismatch", {
+                expected: expectedATA,
+                actual: transfer.accounts.destination.address,
+            });
+            continue;
+        }
+        if (transfer.accounts.authority.address === feePayerAddress) {
+            return { error: "transfer authority must not be the fee payer" };
+        }
+        return { payer: transfer.accounts.authority.address };
+    }
+    return { error: "no matching transferChecked instruction found" };
+}
+/**
+ * Verifies that a client-submitted transaction matches a native SOL
+ * charge challenge. Scans the instruction list for a matching System
+ * Program transferSol and caps the priority fee.
+ */
+export async function verifyNativeChargeTransaction(args) {
+    const { transactionMessage, request, feePayerAddress } = args;
+    const md = request.methodDetails;
+    if (md?.feePayer && transactionMessage.feePayer.address !== feePayerAddress) {
+        return { error: "fee payer does not match challenge" };
+    }
+    const instructions = transactionMessage.instructions;
+    const maxFee = args.maxPriorityFee ?? 100_000;
+    const priorityFee = calculatePriorityFee(instructions);
+    if (priorityFee > maxFee) {
+        return {
+            error: `priority fee ${priorityFee} exceeds maximum ${maxFee}`,
+        };
+    }
+    const expectedRecipient = address(request.recipient);
+    for (const ix of instructions) {
+        if (!ix.data || !ix.accounts)
+            continue;
+        let transfer;
+        try {
+            transfer = parseTransferSolInstruction({
+                accounts: ix.accounts,
+                programAddress: ix.programAddress,
+                data: new Uint8Array(ix.data),
+            });
+        }
+        catch {
+            continue;
+        }
+        if (transfer.data.amount !== BigInt(request.amount)) {
+            logger.debug("native transfer amount mismatch", {
+                expected: request.amount,
+                actual: transfer.data.amount.toString(),
+            });
+            continue;
+        }
+        if (transfer.accounts.destination.address !== expectedRecipient) {
+            logger.debug("native transfer destination mismatch", {
+                expected: expectedRecipient,
+                actual: transfer.accounts.destination.address,
+            });
+            continue;
+        }
+        if (transfer.accounts.source.address === feePayerAddress) {
+            return { error: "transfer source must not be the fee payer" };
+        }
+        return { payer: transfer.accounts.source.address };
+    }
+    return { error: "no matching transferSol instruction found" };
+}

package/dist/src/common.d.ts

@@ -0,0 +1,12 @@
+import type { TransactionMessage, TransactionMessageWithFeePayer, TransactionMessageWithLifetime } from "@solana/kit";
+/**
+ * A transaction message with everything required to be compiled and landed
+ * on the network: a fee payer and a lifetime constraint.
+ *
+ * `@solana/transaction-messages` used to expose this exact intersection as
+ * `CompilableTransactionMessage`. The named alias was removed in 6.x but the
+ * constituent types are still exported, so we re-declare it locally with the
+ * same shape.
+ */
+export type CompilableTransactionMessage = TransactionMessage & TransactionMessageWithFeePayer & TransactionMessageWithLifetime;
+//# sourceMappingURL=common.d.ts.map

package/dist/src/common.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../src/common.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,kBAAkB,EAClB,8BAA8B,EAC9B,8BAA8B,EAC/B,MAAM,aAAa,CAAC;AAErB;;;;;;;;GAQG;AACH,MAAM,MAAM,4BAA4B,GAAG,kBAAkB,GAC3D,8BAA8B,GAC9B,8BAA8B,CAAC"}

package/dist/src/common.js

@@ -0,0 +1 @@
+export {};

package/dist/src/exact/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/exact/client.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAEV,cAAc,EAEf,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAajE,OAAO,EAEL,UAAU,EACV,SAAS,EACT,sBAAsB,EAEtB,oBAAoB,EAErB,MAAM,iBAAiB,CAAC;AAKzB,MAAM,MAAM,MAAM,GAAG;IACnB,OAAO,EAAE,MAAM,GAAG,kBAAkB,CAAC;IACrC,SAAS,EAAE,SAAS,CAAC;IACrB,gBAAgB,CAAC,EAAE,CACjB,YAAY,EAAE,sBAAsB,EAAE,EACtC,eAAe,EAAE,MAAM,KACpB,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACnC,wBAAwB,CAAC,EAAE,CACzB,EAAE,EAAE,oBAAoB,KACrB,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACnC,iBAAiB,CAAC,EAAE,CAClB,EAAE,EAAE,oBAAoB,KACrB,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACnC,eAAe,CAAC,EAAE,CAAC,EAAE,EAAE,oBAAoB,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;CACjE,CAAC;AAEF,UAAU,oCAAoC;IAC5C,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,wBAAwB,CAAC,EAAE,SAAS,CAAC;CACtC;AAsFD,UAAU,2BAA2B;IACnC,KAAK,CAAC,EAAE,oCAAoC,CAAC;IAC7C,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,EAAE;QACT,wBAAwB,CAAC,EAAE,OAAO,CAAC;KACpC,CAAC;CACH;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,SAAS,EACf,UAAU,CAAC,EAAE,UAAU,EACvB,OAAO,CAAC,EAAE,2BAA2B,GACpC,cAAc,CAuMhB"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/exact/client.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAEV,cAAc,EAEf,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAajE,OAAO,EAEL,UAAU,EACV,SAAS,EACT,sBAAsB,EAEtB,oBAAoB,EAErB,MAAM,iBAAiB,CAAC;AAMzB,MAAM,MAAM,MAAM,GAAG;IACnB,OAAO,EAAE,MAAM,GAAG,kBAAkB,CAAC;IACrC,SAAS,EAAE,SAAS,CAAC;IACrB,gBAAgB,CAAC,EAAE,CACjB,YAAY,EAAE,sBAAsB,EAAE,EACtC,eAAe,EAAE,MAAM,KACpB,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACnC,wBAAwB,CAAC,EAAE,CACzB,EAAE,EAAE,oBAAoB,KACrB,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACnC,iBAAiB,CAAC,EAAE,CAClB,EAAE,EAAE,oBAAoB,KACrB,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACnC,eAAe,CAAC,EAAE,CAAC,EAAE,EAAE,oBAAoB,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;CACjE,CAAC;AAEF,UAAU,oCAAoC;IAC5C,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,wBAAwB,CAAC,EAAE,SAAS,CAAC;CACtC;AAyFD,UAAU,2BAA2B;IACnC,KAAK,CAAC,EAAE,oCAAoC,CAAC;IAC7C,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,EAAE;QACT,wBAAwB,CAAC,EAAE,OAAO,CAAC;KACpC,CAAC;CACH;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,SAAS,EACf,UAAU,CAAC,EAAE,UAAU,EACvB,OAAO,CAAC,EAAE,2BAA2B,GACpC,cAAc,CAyMhB"}