@inflowpayai/inflow 0.5.2 → 0.6.1

package/dist/cli.js

@@ -8837,19 +8837,19 @@ var require_range = __commonJS({
     var replaceCaret = (comp, options) => {
       debug("caret", comp, options);
       const r = options.loose ? re[t.CARETLOOSE] : re[t.CARET];
-      const z6 = options.includePrerelease ? "-0" : "";
+      const z7 = options.includePrerelease ? "-0" : "";
       return comp.replace(r, (_, M, m, p, pr) => {
         debug("caret", comp, _, M, m, p, pr);
         let ret;
         if (isX(M)) {
           ret = "";
         } else if (isX(m)) {
-          ret = `>=${M}.0.0${z6} <${+M + 1}.0.0-0`;
+          ret = `>=${M}.0.0${z7} <${+M + 1}.0.0-0`;
         } else if (isX(p)) {
           if (M === "0") {
-            ret = `>=${M}.${m}.0${z6} <${M}.${+m + 1}.0-0`;
+            ret = `>=${M}.${m}.0${z7} <${M}.${+m + 1}.0-0`;
           } else {
-            ret = `>=${M}.${m}.0${z6} <${+M + 1}.0.0-0`;
+            ret = `>=${M}.${m}.0${z7} <${+M + 1}.0.0-0`;
           }
         } else if (pr) {
           debug("replaceCaret pr", pr);
@@ -8866,9 +8866,9 @@ var require_range = __commonJS({
           debug("no pr");
           if (M === "0") {
             if (m === "0") {
-              ret = `>=${M}.${m}.${p}${z6} <${M}.${m}.${+p + 1}-0`;
+              ret = `>=${M}.${m}.${p}${z7} <${M}.${m}.${+p + 1}-0`;
             } else {
-              ret = `>=${M}.${m}.${p}${z6} <${M}.${+m + 1}.0-0`;
+              ret = `>=${M}.${m}.${p}${z7} <${M}.${+m + 1}.0-0`;
             }
           } else {
             ret = `>=${M}.${m}.${p} <${+M + 1}.0.0-0`;
@@ -9687,6 +9687,10 @@ var require_semver2 = __commonJS({
 import process9 from "process";
 
 // ../core/dist/index.js
+import {
+  MppClient
+} from "@inflowpayai/mpp";
+import { inflow as createInflowMppMethod } from "@inflowpayai/mpp-buyer";
 import { createInflowClient } from "@inflowpayai/x402-buyer";
 import { unlink } from "fs/promises";
 import path5 from "path";
@@ -10959,6 +10963,7 @@ import { HEADERS, readHeader } from "@inflowpayai/x402";
 import { fromFoundationRequirements } from "@inflowpayai/x402-buyer";
 import { decodePaymentRequiredHeader } from "@x402/core/http";
 import { sellerProbe } from "@inflowpayai/x402-buyer/probe";
+import { EXTRA_KEYS } from "@inflowpayai/x402";
 import { writeFile } from "fs/promises";
 import { resolve as resolvePath } from "path";
 import { HEADERS as HEADERS2, readHeader as readHeader2 } from "@inflowpayai/x402";
@@ -10976,6 +10981,24 @@ import {
   sellerProbe as sellerProbe2
 } from "@inflowpayai/x402-buyer/probe";
 import { decodePaymentRequiredHeader as decodePaymentRequiredHeader2 } from "@x402/core/http";
+import { HEADERS as HEADERS3, parseChallengeHeaders, readHeaderAll } from "@inflowpayai/mpp";
+import { sellerProbe as sellerProbe3 } from "@inflowpayai/x402-buyer/probe";
+import {
+  decode,
+  decodeCredential,
+  decodeReceipt,
+  parseChallengeHeader
+} from "@inflowpayai/mpp";
+import { METHOD_INFLOW } from "@inflowpayai/mpp";
+import {
+  HEADERS as HEADERS4,
+  parseChallengeHeaders as parseChallengeHeaders2,
+  readHeader as readHeader3,
+  readHeaderAll as readHeaderAll2,
+  SCHEME_PAYMENT,
+  decodeReceipt as decodeReceipt2
+} from "@inflowpayai/mpp";
+import { sellerProbe as sellerProbe4 } from "@inflowpayai/x402-buyer/probe";
 import { hostname } from "os";
 
 // ../../node_modules/.pnpm/ansi-regex@6.2.2/node_modules/ansi-regex/index.js
@@ -11005,7 +11028,7 @@ import {
   parseHeaderFlag,
   parseHeaderFlags,
   replayWithPayment as replayWithPayment2,
-  sellerProbe as sellerProbe3,
+  sellerProbe as sellerProbe5,
   X402HeaderFlagFormatError
 } from "@inflowpayai/x402-buyer/probe";
 var REDACTED_BODY_FIELDS = /* @__PURE__ */ new Set([
@@ -11668,11 +11691,11 @@ var NO_INFLOW_MATCH_MESSAGE = "Seller does not accept InFlow-signed payments. Us
 var NO_FILTERED_MATCH_CODE = "NO_FILTERED_MATCH";
 var PAYMENT_NOT_ACCEPTED_CODE = "PAYMENT_NOT_ACCEPTED";
 var UNEXPECTED_PROBE_STATUS_CODE = "UNEXPECTED_PROBE_STATUS";
-function extractExtraName(entry) {
+function extractAssetName(entry) {
   const extra = entry.extra;
   if (extra === void 0 || extra === null) return void 0;
-  const name = extra.name;
-  return typeof name === "string" ? name : void 0;
+  const assetName = extra[EXTRA_KEYS.ASSET_NAME];
+  return typeof assetName === "string" ? assetName : void 0;
 }
 function hasAnyFilter(filters) {
   return filters.scheme !== void 0 || filters.network !== void 0 || filters.asset !== void 0 || filters.assetName !== void 0;
@@ -11683,7 +11706,7 @@ function filterAccepts(decoded, filters) {
   return {
     ...decoded,
     accepts: decoded.accepts.filter(
-      (entry) => (scheme === void 0 || entry.scheme === scheme) && (network === void 0 || entry.network === network) && (asset === void 0 || entry.asset === asset) && (assetName === void 0 || extractExtraName(entry) === assetName)
+      (entry) => (scheme === void 0 || entry.scheme === scheme) && (network === void 0 || entry.network === network) && (asset === void 0 || entry.asset === asset) && (assetName === void 0 || extractAssetName(entry) === assetName)
     )
   };
 }
@@ -11698,8 +11721,8 @@ function buildNoFilteredMatchMessage(decoded, filters) {
   const available = decoded.accepts.map((entry) => {
     const parts = [`${entry.scheme}/${entry.network}`];
     if (entry.asset !== void 0 && entry.asset !== "") parts.push(`asset=${entry.asset}`);
-    const name = extractExtraName(entry);
-    if (name !== void 0 && name !== "") parts.push(`name=${name}`);
+    const assetName2 = extractAssetName(entry);
+    if (assetName2 !== void 0 && assetName2 !== "") parts.push(`assetName=${assetName2}`);
     return parts.join(" ");
   }).join(", ");
   return `Seller has no accepts[] entry matching ${filterDescription}. Available: ${available || "(none)"}.`;
@@ -11816,6 +11839,31 @@ function approvalUrlFor(apiBaseUrl2, approvalId) {
   const host = dashboardHostFor(apiBaseUrl2);
   return `https://${host}/approvals/${approvalId}/view/`;
 }
+function userFacingApiError(err, fallbackCode) {
+  if (isSdkApiError(err)) {
+    const code = isMeaningfulCode(err.code) ? err.code : fallbackCode;
+    return { code, message: stripDiagnosticPrefix(err.message) };
+  }
+  return { code: fallbackCode, message: err instanceof Error ? err.message : String(err) };
+}
+var UNCODED_SENTINEL = "UNEXPECTED_ERROR";
+function isMeaningfulCode(code) {
+  return code.length > 0 && code !== UNCODED_SENTINEL;
+}
+function userFacingErrorMessage(err) {
+  if (isSdkApiError(err)) return stripDiagnosticPrefix(err.message);
+  return err instanceof Error ? err.message : String(err);
+}
+function isSdkApiError(err) {
+  if (typeof err !== "object" || err === null) return false;
+  const e = err;
+  return typeof e.code === "string" && typeof e.endpoint === "string" && typeof e.message === "string";
+}
+function stripDiagnosticPrefix(message) {
+  const separator = " \u2014 ";
+  const index = message.indexOf(separator);
+  return index >= 0 ? message.slice(index + separator.length) : message;
+}
 function decodeHeader(raw) {
   const parsed = decodePaymentRequiredHeader2(raw);
   const decoded = {
@@ -11894,10 +11942,7 @@ function mapSdkError(err) {
   if (err instanceof X402AdapterRoutingError) {
     return { code: NO_INFLOW_MATCH_CODE, message: NO_INFLOW_MATCH_MESSAGE };
   }
-  return {
-    code: "PAY_FAILED",
-    message: err instanceof Error ? err.message : String(err)
-  };
+  return userFacingApiError(err, "PAYMENT_FAILED");
 }
 function buildSettledMeta(headers) {
   const responseHeader = readHeader2(Object.fromEntries(headers.entries()), HEADERS2.PAYMENT_RESPONSE);
@@ -12007,7 +12052,7 @@ async function runPayPipeline(deps, emit) {
       });
       return;
     }
-    const requirement = deps.client.selectInflowRequirement(filtered);
+    const requirement = await deps.client.selectInflowRequirement(filtered);
     if (requirement === null) {
       emit({
         type: "errored",
@@ -12159,7 +12204,7 @@ function runX402Status(input) {
         return;
       }
     } catch (err) {
-      yield { type: "crashed", message: err instanceof Error ? err.message : String(err) };
+      yield { type: "crashed", message: userFacingErrorMessage(err) };
     }
   }
   return { events: generate() };
@@ -12168,6 +12213,476 @@ async function runX402Supported(input) {
   const client = await input.x402.client();
   return client.getSupported();
 }
+async function runMppCancel(input) {
+  await input.mpp.cancelApproval(input.approvalId);
+  return {
+    approval_id: input.approvalId,
+    cancelled: true,
+    note: "best-effort; server-side state not verified"
+  };
+}
+function decodeChallengeRequest(challenge) {
+  if (challenge.request === "") return void 0;
+  try {
+    return decode(challenge.request, "challenge request");
+  } catch {
+    return void 0;
+  }
+}
+function summarizeChallenge(challenge) {
+  const out = {
+    id: challenge.id,
+    realm: challenge.realm,
+    method: challenge.method,
+    intent: challenge.intent
+  };
+  const request = decodeChallengeRequest(challenge);
+  if (request !== void 0) {
+    out.amount = request.amount;
+    out.currency = request.currency;
+    if (request.recipient !== void 0) out.recipient = request.recipient;
+    if (request.methodDetails?.rail !== void 0) out.rail = request.methodDetails.rail;
+    if (request.methodDetails?.instrumentId !== void 0) out.instrumentId = request.methodDetails.instrumentId;
+  }
+  if (challenge.expires !== void 0) out.expires = challenge.expires;
+  if (challenge.description !== void 0) out.description = challenge.description;
+  if (challenge.digest !== void 0) out.digest = challenge.digest;
+  return out;
+}
+function decodeMppValue(raw) {
+  const trimmed = raw.trim();
+  if (/^payment\s+/i.test(trimmed) || /[a-zA-Z0-9-]+="/.test(trimmed)) {
+    return { kind: "challenge", challenge: summarizeChallenge(parseChallengeHeader(trimmed)) };
+  }
+  const probe = decode(trimmed, "value");
+  if ("challengeId" in probe) {
+    return { kind: "receipt", receipt: decodeReceipt(trimmed) };
+  }
+  return { kind: "credential", credential: decodeCredential(trimmed) };
+}
+var INVALID_402_CODE2 = "INVALID_402";
+var NO_INFLOW_MATCH_CODE2 = "NO_INFLOW_MATCH";
+var NO_INFLOW_MATCH_MESSAGE2 = "Seller's 402 carries no `inflow`-method MPP challenge; the InFlow buyer cannot fulfil it.";
+var NO_FILTERED_MATCH_CODE2 = "NO_FILTERED_MATCH";
+var PAYMENT_NOT_ACCEPTED_CODE2 = "PAYMENT_NOT_ACCEPTED";
+var UNEXPECTED_PROBE_STATUS_CODE2 = "UNEXPECTED_PROBE_STATUS";
+function isSuccessStatus2(status) {
+  return status >= 200 && status < 300;
+}
+function filterInflowChallenges(challenges) {
+  return challenges.filter((challenge) => challenge.method === METHOD_INFLOW);
+}
+function hasAnyChallengeFilter(filters) {
+  return filters.paymentMethod !== void 0 || filters.intent !== void 0 || filters.currency !== void 0 || filters.rail !== void 0;
+}
+function filterChallenges(challenges, filters) {
+  if (!hasAnyChallengeFilter(filters)) return [...challenges];
+  const { paymentMethod, intent, currency, rail } = filters;
+  return challenges.filter((challenge) => {
+    if (paymentMethod !== void 0 && challenge.method !== paymentMethod) return false;
+    if (intent !== void 0 && challenge.intent !== intent) return false;
+    if (currency !== void 0 || rail !== void 0) {
+      const request = decodeChallengeRequest(challenge);
+      if (currency !== void 0 && request?.currency !== currency) return false;
+      if (rail !== void 0 && request?.methodDetails?.rail !== rail) return false;
+    }
+    return true;
+  });
+}
+function buildNoFilteredMatchMessage2(challenges, filters) {
+  const { paymentMethod, intent, currency, rail } = filters;
+  const filterDescription = [
+    paymentMethod !== void 0 ? `--payment-method=${paymentMethod}` : null,
+    intent !== void 0 ? `--intent=${intent}` : null,
+    currency !== void 0 ? `--currency=${currency}` : null,
+    rail !== void 0 ? `--rail=${rail}` : null
+  ].filter((s) => s !== null).join(" ");
+  const available = challenges.map((challenge) => {
+    const request = decodeChallengeRequest(challenge);
+    const parts = [`${challenge.method}/${challenge.intent}`];
+    if (request?.currency !== void 0 && request.currency !== "") parts.push(`currency=${request.currency}`);
+    const railValue = request?.methodDetails?.rail;
+    if (railValue !== void 0 && railValue !== "") parts.push(`rail=${railValue}`);
+    return parts.join(" ");
+  }).join(", ");
+  return `Seller has no \`inflow\` challenge matching ${filterDescription}. Available: ${available || "(none)"}.`;
+}
+function reduceMppInspect(state, event) {
+  switch (event.type) {
+    case "challenges":
+      return { kind: "challenges", result: event.result };
+    case "no-payment":
+      return { kind: "no-payment", result: event.result };
+    case "errored":
+      return { kind: "error", code: event.code, message: event.message };
+    default:
+      return state;
+  }
+}
+async function runMppInspectPipeline(deps, emit) {
+  let probe;
+  try {
+    probe = await sellerProbe3(deps.url, deps.probeOptions);
+  } catch (err) {
+    emit({ type: "errored", code: "INSPECT_FAILED", message: err instanceof Error ? err.message : String(err) });
+    return;
+  }
+  if (probe.status !== 402) {
+    if (!isSuccessStatus2(probe.status)) {
+      emit({
+        type: "errored",
+        code: UNEXPECTED_PROBE_STATUS_CODE2,
+        message: `Seller returned status ${String(probe.status)} during probe; expected 2xx (no payment) or 402 (payment required).`
+      });
+      return;
+    }
+    emit({
+      type: "no-payment",
+      result: {
+        outcome: "no-payment-required",
+        url: deps.url,
+        method: deps.probeOptions.method,
+        status: probe.status,
+        contentType: probe.contentType,
+        bodySizeBytes: probe.bytes.byteLength
+      }
+    });
+    return;
+  }
+  const headerValues = readHeaderAll(probe.headers, HEADERS3.WWW_AUTHENTICATE);
+  if (headerValues.length === 0) {
+    emit({
+      type: "errored",
+      code: INVALID_402_CODE2,
+      message: "Seller returned 402 but did not include a WWW-Authenticate: Payment header."
+    });
+    return;
+  }
+  let challenges;
+  try {
+    challenges = parseChallengeHeaders(headerValues);
+  } catch (err) {
+    emit({ type: "errored", code: "DECODE_FAILED", message: err instanceof Error ? err.message : String(err) });
+    return;
+  }
+  const inflowChallenges = filterInflowChallenges(challenges);
+  if (inflowChallenges.length === 0) {
+    emit({ type: "errored", code: NO_INFLOW_MATCH_CODE2, message: NO_INFLOW_MATCH_MESSAGE2 });
+    return;
+  }
+  const filters = {
+    ...deps.paymentMethodFilter !== void 0 ? { paymentMethod: deps.paymentMethodFilter } : {},
+    ...deps.intentFilter !== void 0 ? { intent: deps.intentFilter } : {},
+    ...deps.currencyFilter !== void 0 ? { currency: deps.currencyFilter } : {},
+    ...deps.railFilter !== void 0 ? { rail: deps.railFilter } : {}
+  };
+  const filtered = filterChallenges(inflowChallenges, filters);
+  if (hasAnyChallengeFilter(filters) && filtered.length === 0) {
+    emit({
+      type: "errored",
+      code: NO_FILTERED_MATCH_CODE2,
+      message: buildNoFilteredMatchMessage2(inflowChallenges, filters)
+    });
+    return;
+  }
+  const realm = filtered[0]?.realm ?? "";
+  emit({
+    type: "challenges",
+    result: {
+      outcome: "challenges",
+      url: deps.url,
+      method: deps.probeOptions.method,
+      realm,
+      challenges: filtered.map(summarizeChallenge)
+    }
+  });
+}
+function reduceMppPay(state, event) {
+  switch (event.type) {
+    case "decoded":
+      return { kind: "decoded", challenge: event.challenge };
+    case "created":
+      return { kind: "created", created: event.created };
+    case "replayed":
+      return { kind: "success", result: event.result };
+    case "rejected":
+      return { kind: "seller-rejected", result: event.result };
+    case "short-circuited":
+      return { kind: "no-payment-final", result: event.result };
+    case "errored":
+      return { kind: "error", code: event.code, message: event.message };
+    default:
+      return state;
+  }
+}
+function mapMppError(err) {
+  return userFacingApiError(err, "PAYMENT_FAILED");
+}
+function buildSettlement(headers) {
+  const raw = readHeader3(headers, HEADERS4.PAYMENT_RECEIPT);
+  if (raw === void 0) return void 0;
+  let receipt;
+  try {
+    receipt = decodeReceipt2(raw);
+  } catch {
+    return void 0;
+  }
+  const out = {};
+  if (receipt.reference !== "") out.reference = receipt.reference;
+  if (receipt.status !== "") out.status = receipt.status;
+  if (receipt.timestamp !== "") out.timestamp = receipt.timestamp;
+  return Object.keys(out).length > 0 ? out : void 0;
+}
+async function resolveTransaction(client, transactionId, deps) {
+  const generator = pollAsync({
+    fn: () => client.getTransaction(transactionId),
+    isTerminal: (response) => response.state !== "pending",
+    isEqual: (a, b) => a.state === b.state,
+    // A 0 interval reaches here only on the TTY path (the agent path gates inline polling on interval > 0); fall back
+    // to a 5s cadence so the poll loop doesn't spin.
+    interval: deps.interval > 0 ? deps.interval : 5,
+    maxAttempts: deps.maxAttempts,
+    timeout: deps.timeout,
+    ...deps.signal !== void 0 ? { signal: deps.signal } : {}
+  });
+  for await (const outcome of generator) {
+    if (!outcome.terminal) continue;
+    if (outcome.reason !== void 0) return { timedOut: true, latest: outcome.value };
+    return { response: outcome.value };
+  }
+  return { timedOut: true };
+}
+async function runMppPayPipeline(deps, emit) {
+  try {
+    const probe = await sellerProbe4(deps.url, deps.probeOptions);
+    if (probe.status !== 402) {
+      if (!isSuccessStatus2(probe.status)) {
+        emit({
+          type: "errored",
+          code: UNEXPECTED_PROBE_STATUS_CODE2,
+          message: `Seller returned status ${String(probe.status)} during probe; expected 2xx (no payment) or 402 (payment required).`
+        });
+        return;
+      }
+      const attachment2 = await buildBodyAttachment(probe.bytes, deps.showBody, deps.outputFile);
+      emit({
+        type: "short-circuited",
+        result: {
+          outcome: "no-payment-required",
+          url: deps.url,
+          method: deps.probeOptions.method,
+          status: probe.status,
+          contentType: probe.contentType,
+          ...attachment2
+        }
+      });
+      return;
+    }
+    const headerValues = readHeaderAll2(probe.headers, HEADERS4.WWW_AUTHENTICATE);
+    if (headerValues.length === 0) {
+      emit({
+        type: "errored",
+        code: INVALID_402_CODE2,
+        message: "Seller returned 402 but did not include a WWW-Authenticate: Payment header."
+      });
+      return;
+    }
+    let challenges;
+    try {
+      challenges = parseChallengeHeaders2(headerValues);
+    } catch (err) {
+      emit({ type: "errored", code: "DECODE_FAILED", message: err instanceof Error ? err.message : String(err) });
+      return;
+    }
+    const inflowChallenges = filterInflowChallenges(challenges);
+    if (inflowChallenges.length === 0) {
+      emit({ type: "errored", code: NO_INFLOW_MATCH_CODE2, message: NO_INFLOW_MATCH_MESSAGE2 });
+      return;
+    }
+    const filters = {
+      ...deps.paymentMethodFilter !== void 0 ? { paymentMethod: deps.paymentMethodFilter } : {},
+      ...deps.intentFilter !== void 0 ? { intent: deps.intentFilter } : {},
+      ...deps.currencyFilter !== void 0 ? { currency: deps.currencyFilter } : {},
+      ...deps.railFilter !== void 0 ? { rail: deps.railFilter } : {}
+    };
+    const selected = filterChallenges(inflowChallenges, filters);
+    if (hasAnyChallengeFilter(filters) && selected.length === 0) {
+      emit({
+        type: "errored",
+        code: NO_FILTERED_MATCH_CODE2,
+        message: buildNoFilteredMatchMessage2(inflowChallenges, filters)
+      });
+      return;
+    }
+    const challenge = selected[0];
+    emit({ type: "decoded", challenge: summarizeChallenge(challenge) });
+    const options = deps.instrumentId !== void 0 ? { instrumentId: deps.instrumentId } : {};
+    let created;
+    try {
+      created = await deps.client.createTransaction({ challenge, options });
+    } catch (err) {
+      const mapped = mapMppError(err);
+      emit({ type: "errored", code: mapped.code, message: mapped.message });
+      return;
+    }
+    const createdFrame = {
+      transactionId: created.transactionId ?? "",
+      state: created.state,
+      challenge: summarizeChallenge(challenge),
+      ...created.approvalId !== void 0 ? { approvalId: created.approvalId } : {},
+      ...created.approvalId !== void 0 ? { approvalUrl: approvalUrlFor(deps.apiBaseUrl, created.approvalId) } : {},
+      ...created.retryAfterSeconds !== void 0 ? { retryAfterSeconds: created.retryAfterSeconds } : {},
+      ...created.expires !== void 0 ? { expires: created.expires } : {}
+    };
+    emit({ type: "created", created: createdFrame });
+    let resolved = created;
+    if (created.state === "pending") {
+      if (deps.awaitPayment === false) return;
+      if (createdFrame.transactionId === "") {
+        emit({
+          type: "errored",
+          code: "PAYMENT_FAILED",
+          message: "Pending transaction carried no transactionId to poll."
+        });
+        return;
+      }
+      const outcome = await resolveTransaction(deps.client, createdFrame.transactionId, deps);
+      if ("timedOut" in outcome) {
+        emit({
+          type: "errored",
+          code: "POLLING_TIMEOUT",
+          message: "Polling timed out before the transaction reached a ready state."
+        });
+        return;
+      }
+      resolved = outcome.response;
+    }
+    if (resolved.state === "failed") {
+      emit({
+        type: "errored",
+        code: "PAYMENT_FAILED",
+        message: resolved.problem?.detail ?? resolved.problem?.title ?? "MPP transaction failed."
+      });
+      return;
+    }
+    if (resolved.state === "expired") {
+      emit({ type: "errored", code: "PAYMENT_EXPIRED", message: "MPP transaction expired before it was ready." });
+      return;
+    }
+    if (resolved.state !== "ready" || resolved.credential === void 0) {
+      emit({
+        type: "errored",
+        code: "PAYMENT_FAILED",
+        message: "Transaction reached a ready state without a credential."
+      });
+      return;
+    }
+    const credential = resolved.credential;
+    const replay = await sellerProbe4(deps.url, {
+      method: deps.probeOptions.method,
+      headers: { ...deps.probeOptions.headers, [HEADERS4.AUTHORIZATION]: `${SCHEME_PAYMENT} ${credential}` },
+      ...deps.probeOptions.data !== void 0 ? { data: deps.probeOptions.data } : {}
+    });
+    const attachment = await buildBodyAttachment(replay.bytes, deps.showBody, deps.outputFile);
+    if (!isSuccessStatus2(replay.status)) {
+      emit({
+        type: "rejected",
+        result: {
+          outcome: "seller-rejected",
+          url: deps.url,
+          method: deps.probeOptions.method,
+          transactionId: createdFrame.transactionId,
+          challengeId: challenge.id,
+          responseStatus: replay.status,
+          responseContentType: replay.contentType,
+          ...attachment
+        }
+      });
+      return;
+    }
+    const settled = buildSettlement(replay.headers);
+    emit({
+      type: "replayed",
+      result: {
+        outcome: "paid",
+        url: deps.url,
+        method: deps.probeOptions.method,
+        transactionId: createdFrame.transactionId,
+        challengeId: challenge.id,
+        intent: challenge.intent,
+        credential,
+        responseStatus: replay.status,
+        responseContentType: replay.contentType,
+        ...settled !== void 0 ? { settled } : {},
+        ...attachment
+      }
+    });
+  } catch (err) {
+    const mapped = mapMppError(err);
+    emit({ type: "errored", code: mapped.code, message: mapped.message });
+  }
+}
+var TERMINAL_STATES = /* @__PURE__ */ new Set(["expired", "failed", "ready"]);
+function reduceMppStatus(state, event) {
+  switch (event.type) {
+    case "snapshot":
+      return { kind: "polling", latest: event.response };
+    case "ready":
+      return { kind: "ready", response: event.response };
+    case "failed":
+      return { kind: "failed", response: event.response };
+    case "expired":
+      return { kind: "expired", response: event.response };
+    case "timedOut":
+      return event.response !== void 0 ? { kind: "timeout", response: event.response } : { kind: "timeout" };
+    case "crashed":
+      return { kind: "error", message: event.message };
+    default:
+      return state;
+  }
+}
+function runMppStatus(input) {
+  async function* generate() {
+    try {
+      const generator = pollAsync({
+        fn: input.fetchOnce,
+        isTerminal: (response) => TERMINAL_STATES.has(response.state),
+        isEqual: (a, b) => a.state === b.state && a.credential !== void 0 === (b.credential !== void 0),
+        interval: input.interval,
+        maxAttempts: input.maxAttempts,
+        timeout: input.timeout
+      });
+      for await (const outcome of generator) {
+        if (!outcome.terminal) {
+          yield { type: "snapshot", response: outcome.value };
+          continue;
+        }
+        if (outcome.reason !== void 0) {
+          yield { type: "timedOut", response: outcome.value };
+          return;
+        }
+        const state = outcome.value.state;
+        if (state === "ready") {
+          yield { type: "ready", response: outcome.value };
+          return;
+        }
+        if (state === "expired") {
+          yield { type: "expired", response: outcome.value };
+          return;
+        }
+        yield { type: "failed", response: outcome.value };
+        return;
+      }
+    } catch (err) {
+      yield { type: "crashed", message: userFacingErrorMessage(err) };
+    }
+  }
+  return { events: generate() };
+}
+async function runMppSupported(input) {
+  const client = await input.mpp.client();
+  return client.getSupported();
+}
 function wrapEmittingPipeline(run) {
   const buffer = [];
   let started = false;
@@ -12308,16 +12823,43 @@ function augmentX402(x402Resource, resolvedApiBaseUrl2) {
   augmented.cancel = async (input) => runX402Cancel({ x402: x402Resource, approvalId: input.approvalId });
   return augmented;
 }
-var DEFAULT_RETRIES = 3;
-var DEFAULT_TIMEOUT_MS = 3e4;
-var RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 502, 503, 504]);
-var SDK_USER_AGENT = `@inflowpayai/inflow-core/${true ? "0.5.0" : "0.0.0"}`;
-function sleep2(ms, signal) {
-  return new Promise((resolve, reject) => {
-    const onAbort = () => {
-      clearTimeout(handle);
-      reject(new InflowTransportError("Request aborted."));
-    };
+function augmentMpp(mppResource, resolvedApiBaseUrl2) {
+  const augmented = mppResource;
+  augmented.inspect = (input) => wrapEmittingPipeline((emit) => runMppInspectPipeline(input, emit));
+  augmented.supported = async () => runMppSupported({ mpp: mppResource });
+  augmented.pay = (input) => wrapEmittingPipeline(async (emit) => {
+    const client = await mppResource.client();
+    return runMppPayPipeline(
+      {
+        ...input,
+        client,
+        apiBaseUrl: input.apiBaseUrl ?? resolvedApiBaseUrl2
+      },
+      emit
+    );
+  });
+  augmented.status = (input) => runMppStatus({
+    fetchOnce: async () => {
+      const client = await mppResource.client();
+      return client.getTransaction(input.transactionId);
+    },
+    interval: input.interval,
+    maxAttempts: input.maxAttempts,
+    timeout: input.timeout
+  });
+  augmented.cancel = async (input) => runMppCancel({ mpp: mppResource, approvalId: input.approvalId });
+  return augmented;
+}
+var DEFAULT_RETRIES = 3;
+var DEFAULT_TIMEOUT_MS = 3e4;
+var RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 502, 503, 504]);
+var SDK_USER_AGENT = `@inflowpayai/inflow-core/${true ? "0.6.1" : "0.0.0"}`;
+function sleep2(ms, signal) {
+  return new Promise((resolve, reject) => {
+    const onAbort = () => {
+      clearTimeout(handle);
+      reject(new InflowTransportError("Request aborted."));
+    };
     if (signal?.aborted) {
       reject(new InflowTransportError("Request aborted."));
       return;
@@ -12827,12 +13369,33 @@ var X402Resource = class {
     return this.cached;
   }
 };
+var MppResource = class {
+  constructor(opts) {
+    this.opts = opts;
+  }
+  opts;
+  cachedClient;
+  cachedMethod;
+  client() {
+    if (!this.cachedClient) {
+      this.cachedClient = Promise.resolve(new MppClient(this.opts));
+    }
+    return this.cachedClient;
+  }
+  cancelApproval(approvalId) {
+    if (!this.cachedMethod) {
+      this.cachedMethod = createInflowMppMethod(this.opts);
+    }
+    return this.cachedMethod.cancelApproval(approvalId);
+  }
+};
 var Inflow = class {
   auth;
   balances;
   depositAddresses;
   user;
   x402;
+  mpp;
   /**
    * The effective API base URL this client will hit, after resolution against `options.apiBaseUrl`, `INFLOW_BASE_URL`,
    * and the environment-derived default. Exposed for callers (CLI, MCP transports, etc.) that need to display "what URL
@@ -12855,6 +13418,8 @@ var Inflow = class {
     this.user = augmentUser(rawUser);
     const x402Internal = new X402Resource(this.resolveX402Options(options, dataOptions));
     this.x402 = augmentX402(x402Internal, this.resolvedApiBaseUrl);
+    const mppInternal = new MppResource(this.resolveMppOptions(options, dataOptions));
+    this.mpp = augmentMpp(mppInternal, this.resolvedApiBaseUrl);
     this.auth = augmentAuth(rawAuth, rawUser, options.authStorage);
   }
   /**
@@ -12891,6 +13456,20 @@ var Inflow = class {
     }
     return connection;
   }
+  resolveMppOptions(options, dataOptions) {
+    const connection = {
+      ...options.environment !== void 0 ? { environment: options.environment } : {},
+      ...options.apiBaseUrl !== void 0 ? { baseUrl: options.apiBaseUrl } : {}
+    };
+    if (options.apiKey !== void 0 && options.apiKey.length > 0) {
+      return { ...connection, apiKey: options.apiKey };
+    }
+    if (dataOptions.getAccessToken !== void 0) {
+      const provider = dataOptions.getAccessToken;
+      return { ...connection, getAccessToken: () => provider() };
+    }
+    return connection;
+  }
 };
 async function probeSession(userResource, options) {
   const controller = new AbortController();
@@ -12925,13 +13504,60 @@ async function runDepositAddressesList(input) {
 }
 
 // src/cli.tsx
-import { Cli as Cli6 } from "incur";
+import { Cli as Cli7 } from "incur";
 
 // src/commands/auth/index.tsx
 import { Cli } from "incur";
-import { Text as Text6, useApp as useApp5 } from "ink";
+import { Text as Text6 } from "ink";
 import { useEffect as useEffect5, useState as useState2 } from "react";
 
+// src/hooks/use-flow-exit.ts
+import { useApp } from "ink";
+import { useCallback, useRef } from "react";
+
+// src/utils/best-effort-cancel.ts
+var CANCEL_GRACE_MS = 1500;
+function runBestEffortCancel(cancel, done, graceMs = CANCEL_GRACE_MS) {
+  let finished = false;
+  const finish = () => {
+    if (finished) return;
+    finished = true;
+    done();
+  };
+  const timer = setTimeout(finish, graceMs);
+  void Promise.resolve(cancel?.()).catch(() => void 0).finally(() => {
+    clearTimeout(timer);
+    finish();
+  });
+}
+
+// src/hooks/use-flow-exit.ts
+function useFlowExit(onComplete) {
+  const { exit } = useApp();
+  const onCompleteRef = useRef(onComplete);
+  onCompleteRef.current = onComplete;
+  const settledRef = useRef(false);
+  const cancelStartedRef = useRef(false);
+  const finish = useCallback(
+    (...args) => {
+      if (settledRef.current) return;
+      settledRef.current = true;
+      onCompleteRef.current(...args);
+      exit();
+    },
+    [exit]
+  );
+  const cancelThenFinish = useCallback(
+    (cancel, ...args) => {
+      if (cancelStartedRef.current || settledRef.current) return;
+      cancelStartedRef.current = true;
+      runBestEffortCancel(cancel, () => finish(...args));
+    },
+    [finish]
+  );
+  return { finish, cancelThenFinish };
+}
+
 // src/utils/render-ink-until-exit.tsx
 import { render } from "ink";
 async function renderInkUntilExit(element, resolveResult) {
@@ -12944,7 +13570,7 @@ async function renderInkUntilExit(element, resolveResult) {
 var NPM_INSTALL_COMMAND = "npm install -g @inflowpayai/inflow";
 
 // src/commands/auth/login.tsx
-import { Box, Text, useApp, useInput } from "ink";
+import { Box, Text, useInput } from "ink";
 import Spinner from "ink-spinner";
 import { useEffect, useReducer } from "react";
 
@@ -12985,7 +13611,7 @@ import { jsx, jsxs } from "react/jsx-runtime";
 var Login = ({ auth, clientName, connection, priorRefreshToken, onComplete }) => {
   const initialPhase = { kind: "init" };
   const [phase, dispatch] = useReducer(reduceAuthLogin, initialPhase);
-  const { exit } = useApp();
+  const { finish } = useFlowExit(onComplete);
   useInput(
     (_input, key) => {
       if (key.return && phase.kind === "awaiting") {
@@ -13014,10 +13640,9 @@ var Login = ({ auth, clientName, connection, priorRefreshToken, onComplete }) =>
   }, [auth, clientName, connection, priorRefreshToken]);
   useEffect(() => {
     if (phase.kind === "success" || phase.kind === "expired" || phase.kind === "denied" || phase.kind === "failed") {
-      onComplete();
-      exit();
+      finish();
     }
-  }, [phase, onComplete, exit]);
+  }, [phase, finish]);
   if (phase.kind === "init") {
     return /* @__PURE__ */ jsx(Box, { children: /* @__PURE__ */ jsxs(Text, { color: "cyan", children: [
       /* @__PURE__ */ jsx(Spinner, { type: "dots" }),
@@ -13069,14 +13694,14 @@ var Login = ({ auth, clientName, connection, priorRefreshToken, onComplete }) =>
 };
 
 // src/commands/auth/login-api-key.tsx
-import { Box as Box2, Text as Text2, useApp as useApp2 } from "ink";
+import { Box as Box2, Text as Text2 } from "ink";
 import Spinner2 from "ink-spinner";
 import { useEffect as useEffect2, useReducer as useReducer2 } from "react";
 import { jsx as jsx2, jsxs as jsxs2 } from "react/jsx-runtime";
 var LoginApiKey = ({ apiKey: apiKey2, auth, connection, onComplete }) => {
   const initial = { kind: "validating" };
   const [phase, dispatch] = useReducer2(reduceAuthLoginApiKey, initial);
-  const { exit } = useApp2();
+  const { finish } = useFlowExit(onComplete);
   useEffect2(() => {
     const run = auth.loginApiKey({ apiKey: apiKey2, connection });
     let cancelled = false;
@@ -13092,9 +13717,8 @@ var LoginApiKey = ({ apiKey: apiKey2, auth, connection, onComplete }) => {
   }, [apiKey2, auth, connection]);
   useEffect2(() => {
     if (phase.kind === "validating") return;
-    onComplete();
-    exit();
-  }, [phase, onComplete, exit]);
+    finish();
+  }, [phase, finish]);
   if (phase.kind === "validating") {
     return /* @__PURE__ */ jsx2(Box2, { children: /* @__PURE__ */ jsxs2(Text2, { color: "cyan", children: [
       /* @__PURE__ */ jsx2(Spinner2, { type: "dots" }),
@@ -13136,19 +13760,19 @@ var LoginPrompt = ({ userDisplay, onAccept, onReject }) => {
 };
 
 // src/commands/auth/logout.tsx
-import { Box as Box4, Text as Text4, useApp as useApp3 } from "ink";
+import { Box as Box4, Text as Text4 } from "ink";
 import Spinner3 from "ink-spinner";
-import { useCallback } from "react";
+import { useCallback as useCallback2 } from "react";
 
 // src/hooks/use-flow-state.ts
-import { useEffect as useEffect3, useRef, useState } from "react";
+import { useEffect as useEffect3, useRef as useRef2, useState } from "react";
 function useFlowState(action, onComplete) {
   const [status, setStatus] = useState("loading");
   const [data, setData] = useState(null);
   const [error, setError] = useState("");
-  const onCompleteRef = useRef(onComplete);
+  const onCompleteRef = useRef2(onComplete);
   onCompleteRef.current = onComplete;
-  const completedRef = useRef(false);
+  const completedRef = useRef2(false);
   useEffect3(() => {
     let cancelled = false;
     const run = async () => {
@@ -13184,13 +13808,9 @@ function useFlowState(action, onComplete) {
 // src/commands/auth/logout.tsx
 import { jsx as jsx4, jsxs as jsxs4 } from "react/jsx-runtime";
 var Logout = ({ auth, onComplete }) => {
-  const { exit } = useApp3();
-  const action = useCallback(() => auth.logout(), [auth]);
-  const handleComplete = useCallback(() => {
-    onComplete();
-    exit();
-  }, [onComplete, exit]);
-  const { status } = useFlowState(action, handleComplete);
+  const action = useCallback2(() => auth.logout(), [auth]);
+  const { finish } = useFlowExit(onComplete);
+  const { status } = useFlowState(action, finish);
   if (status === "loading") {
     return /* @__PURE__ */ jsx4(Box4, { children: /* @__PURE__ */ jsxs4(Text4, { color: "cyan", children: [
       /* @__PURE__ */ jsx4(Spinner3, { type: "dots" }),
@@ -13220,7 +13840,7 @@ var statusOptions = z.object({
 });
 
 // src/commands/auth/status.tsx
-import { Box as Box5, Text as Text5, useApp as useApp4 } from "ink";
+import { Box as Box5, Text as Text5 } from "ink";
 import Spinner4 from "ink-spinner";
 import { useEffect as useEffect4, useReducer as useReducer3 } from "react";
 import { jsx as jsx5, jsxs as jsxs5 } from "react/jsx-runtime";
@@ -13265,7 +13885,7 @@ var AuthStatus = ({
 }) => {
   const initial = { kind: "loading" };
   const [view, dispatch] = useReducer3(reduce, initial);
-  const { exit } = useApp4();
+  const { finish } = useFlowExit(onComplete);
   useEffect4(() => {
     let cancelled = false;
     const options = composeOptions({ apiKey: apiKey2, displayConnection: displayConnection2, verbose: verbose2 });
@@ -13285,9 +13905,8 @@ var AuthStatus = ({
   }, [auth, probe, apiKey2, displayConnection2, verbose2]);
   useEffect4(() => {
     if (view.kind === "loading" || view.kind === "probing") return;
-    onComplete();
-    exit();
-  }, [view, onComplete, exit]);
+    finish();
+  }, [view, finish]);
   if (view.kind === "loading") return null;
   if (view.kind === "probing") {
     return /* @__PURE__ */ jsx5(Box5, { children: /* @__PURE__ */ jsxs5(Text5, { color: "cyan", children: [
@@ -13422,7 +14041,7 @@ var InteractiveLoginShell = ({
 }) => {
   const initial = { kind: "probing" };
   const [stage, setStage] = useState2(initial);
-  const { exit } = useApp5();
+  const { finish } = useFlowExit(onComplete);
   useEffect5(() => {
     let cancelled = false;
     const auth = authStorage2.getAuth();
@@ -13451,9 +14070,8 @@ var InteractiveLoginShell = ({
   }, [authStorage2, userResource]);
   useEffect5(() => {
     if (stage.kind !== "declined") return;
-    onComplete();
-    exit();
-  }, [stage, onComplete, exit]);
+    finish();
+  }, [stage, finish]);
   if (stage.kind === "probing") return null;
   if (stage.kind === "prompt") {
     return /* @__PURE__ */ jsx6(
@@ -13741,9 +14359,9 @@ function assertSessionGuard(c, storage2, inflow2) {
 }
 
 // src/commands/balances/list.tsx
-import { Box as Box7, Text as Text8, useApp as useApp6 } from "ink";
+import { Box as Box7, Text as Text8 } from "ink";
 import Spinner5 from "ink-spinner";
-import { useCallback as useCallback2 } from "react";
+import { useCallback as useCallback3 } from "react";
 
 // src/utils/table.tsx
 import { Box as Box6, Text as Text7 } from "ink";
@@ -13814,16 +14432,9 @@ var COLUMNS = [
   { header: "Available", cell: (b) => b.available }
 ];
 var BalancesList = ({ balanceResource, onComplete }) => {
-  const { exit } = useApp6();
-  const action = useCallback2(() => balanceResource.list(), [balanceResource]);
-  const handleLinger = useCallback2(
-    (result) => {
-      onComplete(result);
-      exit();
-    },
-    [onComplete, exit]
-  );
-  const { status, data: balances, error } = useFlowState(action, handleLinger);
+  const action = useCallback3(() => balanceResource.list(), [balanceResource]);
+  const { finish } = useFlowExit(onComplete);
+  const { status, data: balances, error } = useFlowState(action, finish);
   if (status === "loading") {
     return /* @__PURE__ */ jsx8(Box7, { children: /* @__PURE__ */ jsxs7(Text8, { color: "cyan", children: [
       /* @__PURE__ */ jsx8(Spinner5, { type: "dots" }),
@@ -13887,9 +14498,9 @@ import { Cli as Cli3 } from "incur";
 import "react";
 
 // src/commands/deposit-addresses/list.tsx
-import { Box as Box8, Text as Text9, useApp as useApp7 } from "ink";
+import { Box as Box8, Text as Text9 } from "ink";
 import Spinner6 from "ink-spinner";
-import { useCallback as useCallback3 } from "react";
+import { useCallback as useCallback4 } from "react";
 import { jsx as jsx10, jsxs as jsxs8 } from "react/jsx-runtime";
 var COLUMNS2 = [
   { header: "Blockchain", cell: (a) => a.blockchain },
@@ -13897,16 +14508,9 @@ var COLUMNS2 = [
   { header: "Currencies", cell: (a) => a.currencies.join(", ") }
 ];
 var DepositAddressesList = ({ depositAddressResource, onComplete }) => {
-  const { exit } = useApp7();
-  const action = useCallback3(() => runDepositAddressesList({ depositAddressResource }), [depositAddressResource]);
-  const handleLinger = useCallback3(
-    (result) => {
-      onComplete(result);
-      exit();
-    },
-    [onComplete, exit]
-  );
-  const { status, data: addresses, error } = useFlowState(action, handleLinger);
+  const action = useCallback4(() => runDepositAddressesList({ depositAddressResource }), [depositAddressResource]);
+  const { finish } = useFlowExit(onComplete);
+  const { status, data: addresses, error } = useFlowState(action, finish);
   if (status === "loading") {
     return /* @__PURE__ */ jsx10(Box8, { children: /* @__PURE__ */ jsxs8(Text9, { color: "cyan", children: [
       /* @__PURE__ */ jsx10(Spinner6, { type: "dots" }),
@@ -13971,204 +14575,112 @@ function createDepositAddressesCli(depositAddressResource, authStorage2, inflow2
   return cli2;
 }
 
-// src/commands/user/index.tsx
-import { Cli as Cli4, Errors as Errors2 } from "incur";
-import "react";
-
-// src/commands/user/get.tsx
-import { Box as Box9, Text as Text10, useApp as useApp8 } from "ink";
-import Spinner7 from "ink-spinner";
-import { useCallback as useCallback4, useRef as useRef2 } from "react";
-import { jsx as jsx12, jsxs as jsxs9 } from "react/jsx-runtime";
-var UserGet = ({ userResource, onComplete }) => {
-  const { exit } = useApp8();
-  const action = useCallback4(() => userResource.retrieve(), [userResource]);
-  const lastErrorRef = useRef2("");
-  const handleLinger = useCallback4(
-    (result) => {
-      if (result !== null) {
-        onComplete({ kind: "success", user: result });
-      } else {
-        onComplete({
-          kind: "error",
-          message: lastErrorRef.current || "No result produced."
-        });
-      }
-      exit();
-    },
-    [onComplete, exit]
-  );
-  const { status, data: user, error } = useFlowState(action, handleLinger);
-  lastErrorRef.current = error;
-  if (status === "loading") {
-    return /* @__PURE__ */ jsx12(Box9, { children: /* @__PURE__ */ jsxs9(Text10, { color: "cyan", children: [
-      /* @__PURE__ */ jsx12(Spinner7, { type: "dots" }),
-      " Loading user..."
-    ] }) });
-  }
-  if (status === "error") {
-    return /* @__PURE__ */ jsxs9(Box9, { flexDirection: "column", children: [
-      /* @__PURE__ */ jsx12(Text10, { color: "red", children: "\u2717 Failed to retrieve user" }),
-      /* @__PURE__ */ jsx12(Text10, { color: "red", children: error })
-    ] });
-  }
-  if (user === null) return null;
-  const rows = buildProfileRows(user);
-  return /* @__PURE__ */ jsx12(Box9, { flexDirection: "column", borderStyle: "round", borderColor: "cyan", paddingX: 2, paddingY: 1, children: rows.map((row) => /* @__PURE__ */ jsxs9(Text10, { children: [
-    `${row.label}: `,
-    row.value !== null ? /* @__PURE__ */ jsx12(Text10, { bold: true, children: row.value }) : /* @__PURE__ */ jsx12(Text10, { dimColor: true, children: "\u2014" })
-  ] }, row.label)) });
-};
-
-// src/commands/user/schema.ts
-import { z as z4 } from "incur";
-var getOptions = z4.object({});
-
-// src/commands/user/index.tsx
-import { jsx as jsx13 } from "react/jsx-runtime";
-var TTY_NO_RESULT_MESSAGE = "inflow user get exited without producing a result.";
-async function runUserGet2(c, deps) {
-  assertSessionGuard(c, deps.authStorage, deps.inflow);
-  if (!c.agent && !c.formatExplicit) {
-    let captured = null;
-    const outcome = await renderInkUntilExit(
-      /* @__PURE__ */ jsx13(
-        UserGet,
-        {
-          userResource: deps.user,
-          onComplete: (value) => {
-            captured = value;
-          }
-        }
-      ),
-      () => captured
-    );
-    if (outcome === null) {
-      throw new Errors2.IncurError({
-        code: "USER_GET_FAILED",
-        message: TTY_NO_RESULT_MESSAGE
-      });
-    }
-    if (outcome.kind === "error") {
-      throw new Errors2.IncurError({
-        code: "USER_GET_FAILED",
-        message: outcome.message
-      });
-    }
-    return projectUserPayload(outcome.user);
-  }
-  return deps.user.get();
-}
-function createUserCli(user, authStorage2, inflow2) {
-  const cli2 = Cli4.create("user", { description: "User profile commands" });
-  cli2.command("get", {
-    description: "Retrieve the current authenticated user",
-    options: getOptions,
-    outputPolicy: "agent-only",
-    async run(c) {
-      return runUserGet2(c, { user, authStorage: authStorage2, inflow: inflow2 });
-    }
-  });
-  return cli2;
-}
-
-// src/commands/x402/index.tsx
+// src/commands/mpp/index.tsx
 import { chmodSync, writeFileSync as writeFileSync2 } from "fs";
 import { resolve as resolvePath2 } from "path";
-import { Cli as Cli5 } from "incur";
+import { Cli as Cli4 } from "incur";
 
-// src/commands/x402/cancel.tsx
-import { Box as Box10, Text as Text11, useApp as useApp9 } from "ink";
-import Spinner8 from "ink-spinner";
+// src/commands/mpp/cancel.tsx
+import { Box as Box9, Text as Text10 } from "ink";
+import Spinner7 from "ink-spinner";
 import { useCallback as useCallback5 } from "react";
-import { jsx as jsx14, jsxs as jsxs10 } from "react/jsx-runtime";
+import { jsx as jsx12, jsxs as jsxs9 } from "react/jsx-runtime";
 var CancelView = ({ approvalId, cancel, onComplete }) => {
-  const { exit } = useApp9();
   const action = useCallback5(() => cancel(), [cancel]);
-  const handleComplete = useCallback5(() => {
-    onComplete();
-    exit();
-  }, [onComplete, exit]);
-  const { status } = useFlowState(action, handleComplete);
+  const { finish } = useFlowExit(onComplete);
+  const { status } = useFlowState(action, finish);
   if (status === "loading") {
-    return /* @__PURE__ */ jsx14(Box10, { children: /* @__PURE__ */ jsxs10(Text11, { color: "cyan", children: [
-      /* @__PURE__ */ jsx14(Spinner8, { type: "dots" }),
+    return /* @__PURE__ */ jsx12(Box9, { children: /* @__PURE__ */ jsxs9(Text10, { color: "cyan", children: [
+      /* @__PURE__ */ jsx12(Spinner7, { type: "dots" }),
       " Cancelling approval ",
       approvalId,
       "..."
     ] }) });
   }
-  return /* @__PURE__ */ jsx14(Box10, { children: /* @__PURE__ */ jsxs10(Text11, { color: "green", children: [
+  return /* @__PURE__ */ jsx12(Box9, { children: /* @__PURE__ */ jsxs9(Text10, { color: "green", children: [
     "\u2713 Cancelled approval ",
     approvalId,
     " (best-effort)"
   ] }) });
 };
 
-// src/commands/x402/decode.tsx
-import { fromFoundationRequirements as fromFoundationRequirements2 } from "@inflowpayai/x402-buyer";
-import { Box as Box11, Text as Text12 } from "ink";
-import { jsx as jsx15, jsxs as jsxs11 } from "react/jsx-runtime";
-var DecodeView = ({ decoded }) => {
-  const summary = summarizeAccepts(fromFoundationRequirements2(decoded.accepts));
-  return /* @__PURE__ */ jsxs11(Box11, { flexDirection: "column", paddingY: 1, children: [
-    /* @__PURE__ */ jsx15(Box11, { marginBottom: 1, children: /* @__PURE__ */ jsx15(Text12, { bold: true, children: "Decoded PAYMENT-REQUIRED" }) }),
-    /* @__PURE__ */ jsxs11(Box11, { flexDirection: "column", borderStyle: "round", borderColor: "cyan", paddingX: 2, paddingY: 1, children: [
-      /* @__PURE__ */ jsxs11(Text12, { children: [
-        "x402Version: ",
-        /* @__PURE__ */ jsx15(Text12, { color: "cyan", children: String(decoded.x402Version) })
-      ] }),
-      /* @__PURE__ */ jsxs11(Text12, { children: [
-        "resource: ",
-        /* @__PURE__ */ jsx15(Text12, { color: "cyan", children: decoded.resource.url })
-      ] }),
-      /* @__PURE__ */ jsx15(Text12, { children: `accepts (${String(summary.length)}):` }),
-      summary.map((entry, idx) => /* @__PURE__ */ jsxs11(Text12, { children: [
-        "  ",
-        /* @__PURE__ */ jsx15(Text12, { color: "yellow", children: entry.scheme }),
+// src/commands/mpp/decode.tsx
+import { Box as Box10, Text as Text11 } from "ink";
+import { jsx as jsx13, jsxs as jsxs10 } from "react/jsx-runtime";
+function ChallengeBody({ challenge }) {
+  return /* @__PURE__ */ jsxs10(Box10, { flexDirection: "column", borderStyle: "round", borderColor: "cyan", paddingX: 2, paddingY: 1, children: [
+    /* @__PURE__ */ jsx13(Text11, { bold: true, children: "Challenge" }),
+    /* @__PURE__ */ jsxs10(Text11, { children: [
+      "method/intent: ",
+      /* @__PURE__ */ jsxs10(Text11, { color: "yellow", children: [
+        challenge.method,
         " / ",
-        /* @__PURE__ */ jsx15(Text12, { color: "yellow", children: entry.network }),
-        entry.amount !== void 0 ? ` \xB7 amount ${entry.amount}` : "",
-        entry.asset !== void 0 ? ` \xB7 ${entry.asset}` : ""
-      ] }, `${entry.scheme}-${entry.network}-${String(idx)}`)),
-      decoded.extensions !== void 0 ? /* @__PURE__ */ jsx15(Text12, { dimColor: true, children: `extensions: ${Object.keys(decoded.extensions).join(", ")}` }) : null
+        challenge.intent
+      ] })
+    ] }),
+    /* @__PURE__ */ jsx13(Text11, { children: `id: ${challenge.id}` }),
+    /* @__PURE__ */ jsx13(Text11, { children: `realm: ${challenge.realm}` }),
+    challenge.amount !== void 0 ? /* @__PURE__ */ jsx13(Text11, { children: `amount: ${challenge.amount}${challenge.currency !== void 0 ? ` ${challenge.currency}` : ""}` }) : null,
+    challenge.rail !== void 0 ? /* @__PURE__ */ jsx13(Text11, { children: `rail: ${challenge.rail}` }) : null,
+    challenge.expires !== void 0 ? /* @__PURE__ */ jsx13(Text11, { dimColor: true, children: `expires: ${challenge.expires}` }) : null
+  ] });
+}
+var DecodeView = ({ result }) => {
+  if (result.kind === "challenge") {
+    return /* @__PURE__ */ jsxs10(Box10, { flexDirection: "column", paddingY: 1, children: [
+      /* @__PURE__ */ jsx13(Box10, { marginBottom: 1, children: /* @__PURE__ */ jsx13(Text11, { bold: true, children: "Decoded WWW-Authenticate: Payment" }) }),
+      /* @__PURE__ */ jsx13(ChallengeBody, { challenge: result.challenge })
+    ] });
+  }
+  if (result.kind === "credential") {
+    const { credential } = result;
+    return /* @__PURE__ */ jsxs10(Box10, { flexDirection: "column", paddingY: 1, children: [
+      /* @__PURE__ */ jsx13(Box10, { marginBottom: 1, children: /* @__PURE__ */ jsx13(Text11, { bold: true, children: "Decoded Authorization: Payment credential" }) }),
+      /* @__PURE__ */ jsxs10(Box10, { flexDirection: "column", borderStyle: "round", borderColor: "cyan", paddingX: 2, paddingY: 1, children: [
+        /* @__PURE__ */ jsx13(Text11, { children: `challenge id: ${credential.challenge.id}` }),
+        /* @__PURE__ */ jsx13(Text11, { children: `method: ${credential.challenge.method}` }),
+        /* @__PURE__ */ jsx13(Text11, { children: `source: ${credential.source}` }),
+        /* @__PURE__ */ jsx13(Text11, { dimColor: true, children: `payload keys: ${Object.keys(credential.payload).join(", ") || "(none)"}` })
+      ] })
+    ] });
+  }
+  const { receipt } = result;
+  return /* @__PURE__ */ jsxs10(Box10, { flexDirection: "column", paddingY: 1, children: [
+    /* @__PURE__ */ jsx13(Box10, { marginBottom: 1, children: /* @__PURE__ */ jsx13(Text11, { bold: true, children: "Decoded Payment-Receipt" }) }),
+    /* @__PURE__ */ jsxs10(Box10, { flexDirection: "column", borderStyle: "round", borderColor: "cyan", paddingX: 2, paddingY: 1, children: [
+      /* @__PURE__ */ jsxs10(Text11, { children: [
+        "status: ",
+        /* @__PURE__ */ jsx13(Text11, { color: "green", children: receipt.status })
+      ] }),
+      /* @__PURE__ */ jsx13(Text11, { children: `reference: ${receipt.reference}` }),
+      /* @__PURE__ */ jsx13(Text11, { dimColor: true, children: `timestamp: ${receipt.timestamp}` })
     ] })
   ] });
 };
 
-// src/commands/x402/inspect.tsx
-import { Box as Box12, Text as Text13, useApp as useApp10 } from "ink";
-import Spinner9 from "ink-spinner";
+// src/commands/mpp/inspect.tsx
+import { Box as Box11, Text as Text12 } from "ink";
+import Spinner8 from "ink-spinner";
 import { useEffect as useEffect6, useReducer as useReducer4 } from "react";
-import { jsx as jsx16, jsxs as jsxs12 } from "react/jsx-runtime";
-function summarizeExtra(extra) {
-  if (extra === void 0) return "\u2014";
-  const keys = Object.keys(extra);
-  if (keys.length === 0) return "\u2014";
-  return [...keys].sort((a, b) => a.localeCompare(b)).join(", ");
-}
-function formatTimeout(seconds) {
-  return `${String(seconds)}s`;
-}
-function formatAsset(asset) {
-  return asset === "" ? "\u2014" : asset;
+import { jsx as jsx14, jsxs as jsxs11 } from "react/jsx-runtime";
+function orDash(value) {
+  return value === void 0 || value === "" ? "\u2014" : value;
 }
 var COLUMNS3 = [
-  { header: "Scheme", cell: (r) => r.scheme },
-  { header: "Network", cell: (r) => r.network },
-  { header: "Amount", cell: (r) => r.amount },
-  { header: "Asset", cell: (r) => formatAsset(r.asset) },
-  { header: "Pay To", cell: (r) => r.payTo },
-  { header: "Timeout", cell: (r) => formatTimeout(r.maxTimeoutSeconds) },
-  { header: "Extra", cell: (r) => summarizeExtra(r.extra) }
+  { header: "Method", cell: (c) => c.method },
+  { header: "Intent", cell: (c) => c.intent },
+  { header: "Amount", cell: (c) => orDash(c.amount) },
+  { header: "Currency", cell: (c) => orDash(c.currency) },
+  { header: "Rail", cell: (c) => orDash(c.rail) },
+  { header: "Expires", cell: (c) => orDash(c.expires) }
 ];
 var InspectView = ({ url, method, deps, onComplete }) => {
-  const { exit } = useApp10();
   const initial = { kind: "probing" };
-  const [phase, dispatch] = useReducer4(reduceX402Inspect, initial);
+  const [phase, dispatch] = useReducer4(reduceMppInspect, initial);
+  const { finish } = useFlowExit(onComplete);
   useEffect6(() => {
     let cancelled = false;
-    void runInspectPipeline(deps, (event) => {
+    void runMppInspectPipeline(deps, (event) => {
       if (!cancelled) dispatch(event);
     });
     return () => {
@@ -14176,14 +14688,13 @@ var InspectView = ({ url, method, deps, onComplete }) => {
     };
   }, [deps]);
   useEffect6(() => {
-    if (phase.kind === "accepts" || phase.kind === "no-payment" || phase.kind === "error") {
-      onComplete(phase);
-      exit();
+    if (phase.kind === "challenges" || phase.kind === "no-payment" || phase.kind === "error") {
+      finish(phase);
     }
-  }, [phase, onComplete, exit]);
+  }, [phase, finish]);
   if (phase.kind === "probing") {
-    return /* @__PURE__ */ jsx16(Box12, { children: /* @__PURE__ */ jsxs12(Text13, { color: "cyan", children: [
-      /* @__PURE__ */ jsx16(Spinner9, { type: "dots" }),
+    return /* @__PURE__ */ jsx14(Box11, { children: /* @__PURE__ */ jsxs11(Text12, { color: "cyan", children: [
+      /* @__PURE__ */ jsx14(Spinner8, { type: "dots" }),
       " Probing ",
       method,
       " ",
@@ -14193,63 +14704,64 @@ var InspectView = ({ url, method, deps, onComplete }) => {
   }
   if (phase.kind === "no-payment") {
     const { result: result2 } = phase;
-    return /* @__PURE__ */ jsxs12(Box12, { flexDirection: "column", children: [
-      /* @__PURE__ */ jsx16(Text13, { color: "green", children: "\u2713 Seller accepted without payment" }),
-      /* @__PURE__ */ jsx16(Text13, { children: `status: ${String(result2.status)}` }),
-      result2.contentType !== void 0 ? /* @__PURE__ */ jsx16(Text13, { children: `content-type: ${result2.contentType}` }) : null,
-      /* @__PURE__ */ jsx16(Text13, { children: `response size: ${String(result2.bodySizeBytes)} bytes` }),
-      /* @__PURE__ */ jsx16(Text13, { dimColor: true, children: "Use `x402 pay` to fetch the body." })
+    return /* @__PURE__ */ jsxs11(Box11, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx14(Text12, { color: "green", children: "\u2713 Seller accepted without payment" }),
+      /* @__PURE__ */ jsx14(Text12, { children: `status: ${String(result2.status)}` }),
+      result2.contentType !== void 0 ? /* @__PURE__ */ jsx14(Text12, { children: `content-type: ${result2.contentType}` }) : null,
+      /* @__PURE__ */ jsx14(Text12, { children: `response size: ${String(result2.bodySizeBytes)} bytes` }),
+      /* @__PURE__ */ jsx14(Text12, { dimColor: true, children: "Use `mpp pay` to fetch the body." })
     ] });
   }
   if (phase.kind === "error") {
-    return /* @__PURE__ */ jsxs12(Box12, { flexDirection: "column", children: [
-      /* @__PURE__ */ jsxs12(Text13, { color: "red", children: [
+    return /* @__PURE__ */ jsxs11(Box11, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsxs11(Text12, { color: "red", children: [
         "\u2717 ",
         phase.code
       ] }),
-      /* @__PURE__ */ jsx16(Text13, { color: "red", children: phase.message })
+      /* @__PURE__ */ jsx14(Text12, { color: "red", children: phase.message })
     ] });
   }
   const { result } = phase;
-  const acceptsCount = result.accepts.length;
-  const extensionsLine = result.extensions !== void 0 ? Object.keys(result.extensions).join(", ") : null;
-  return /* @__PURE__ */ jsxs12(Box12, { flexDirection: "column", children: [
-    /* @__PURE__ */ jsxs12(Text13, { children: [
-      /* @__PURE__ */ jsx16(Text13, { bold: true, children: "PAYMENT-REQUIRED" }),
+  const count = result.challenges.length;
+  return /* @__PURE__ */ jsxs11(Box11, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsxs11(Text12, { children: [
+      /* @__PURE__ */ jsx14(Text12, { bold: true, children: "WWW-Authenticate: Payment" }),
       " for ",
-      /* @__PURE__ */ jsx16(Text13, { color: "cyan", children: result.resource }),
+      /* @__PURE__ */ jsx14(Text12, { color: "cyan", children: result.url }),
       "  \xB7  ",
-      /* @__PURE__ */ jsx16(Text13, { dimColor: true, children: `x402Version ${String(result.x402Version)}` }),
+      /* @__PURE__ */ jsx14(Text12, { dimColor: true, children: `realm ${result.realm}` }),
       "  \xB7  ",
-      /* @__PURE__ */ jsx16(Text13, { dimColor: true, children: `${String(acceptsCount)} accept${acceptsCount === 1 ? "" : "s"}` })
+      /* @__PURE__ */ jsx14(Text12, { dimColor: true, children: `${String(count)} challenge${count === 1 ? "" : "s"}` })
     ] }),
-    extensionsLine !== null ? /* @__PURE__ */ jsx16(Text13, { dimColor: true, children: `extensions: ${extensionsLine}` }) : null,
-    /* @__PURE__ */ jsx16(Box12, { marginTop: 1, children: /* @__PURE__ */ jsx16(Table, { columns: COLUMNS3, rows: result.accepts }) }),
-    /* @__PURE__ */ jsx16(Box12, { marginTop: 1, children: /* @__PURE__ */ jsx16(Text13, { dimColor: true, children: "Use --format json to inspect extras values." }) })
+    /* @__PURE__ */ jsx14(Box11, { marginTop: 1, children: /* @__PURE__ */ jsx14(Table, { columns: COLUMNS3, rows: [...result.challenges] }) }),
+    /* @__PURE__ */ jsx14(Box11, { marginTop: 1, children: /* @__PURE__ */ jsx14(Text12, { dimColor: true, children: "Use --format json to see challenge ids and digests." }) })
   ] });
 };
-function buildAcceptsFrame(result) {
-  const frame = {
-    outcome: "accepts",
+function challengeToFrame(challenge) {
+  const row = {
+    id: challenge.id,
+    realm: challenge.realm,
+    method: challenge.method,
+    intent: challenge.intent
+  };
+  if (challenge.amount !== void 0) row.amount = challenge.amount;
+  if (challenge.currency !== void 0) row.currency = challenge.currency;
+  if (challenge.recipient !== void 0) row.recipient = challenge.recipient;
+  if (challenge.rail !== void 0) row.rail = challenge.rail;
+  if (challenge.instrumentId !== void 0) row.instrument_id = challenge.instrumentId;
+  if (challenge.expires !== void 0) row.expires = challenge.expires;
+  if (challenge.description !== void 0) row.description = challenge.description;
+  if (challenge.digest !== void 0) row.digest = challenge.digest;
+  return row;
+}
+function buildChallengesFrame(result) {
+  return {
+    outcome: "challenges",
     url: result.url,
     method: result.method,
-    resource: result.resource,
-    x402_version: result.x402Version,
-    accepts: result.accepts.map((entry) => {
-      const row = {
-        scheme: entry.scheme,
-        network: entry.network,
-        amount: entry.amount,
-        asset: entry.asset,
-        pay_to: entry.payTo,
-        max_timeout_seconds: entry.maxTimeoutSeconds
-      };
-      if (entry.extra !== void 0) row.extra = entry.extra;
-      return row;
-    })
+    realm: result.realm,
+    challenges: result.challenges.map(challengeToFrame)
   };
-  if (result.extensions !== void 0) frame.extensions = result.extensions;
-  return frame;
 }
 function buildNoPaymentFrame(result) {
   const frame = {
@@ -14263,41 +14775,1136 @@ function buildNoPaymentFrame(result) {
   return frame;
 }
 
-// src/commands/x402/pay.tsx
-import { Box as Box13, Text as Text14, useApp as useApp11, useInput as useInput3 } from "ink";
-import Spinner10 from "ink-spinner";
-import { useEffect as useEffect7, useReducer as useReducer5 } from "react";
-import { jsx as jsx17, jsxs as jsxs13 } from "react/jsx-runtime";
-var PayView = ({ url, method, deps, onComplete }) => {
-  const { exit } = useApp11();
+// src/commands/mpp/pay.tsx
+import { Box as Box12, Text as Text13, useInput as useInput3 } from "ink";
+import Spinner9 from "ink-spinner";
+import { useEffect as useEffect7, useReducer as useReducer5, useState as useState3 } from "react";
+import { Fragment, jsx as jsx15, jsxs as jsxs12 } from "react/jsx-runtime";
+var PayView = ({ url, method, deps, onComplete, onCancel }) => {
   const initial = { kind: "probing" };
-  const [phase, dispatch] = useReducer5(reducePay, initial);
+  const [phase, dispatch] = useReducer5(reduceMppPay, initial);
+  const [cancelling, setCancelling] = useState3(false);
+  const { finish, cancelThenFinish } = useFlowExit(onComplete);
+  const created = phase.kind === "created" ? phase.created : void 0;
+  const approvalUrl = created?.approvalUrl;
+  const approvalId = created?.approvalId;
   useInput3(
     (_input, key) => {
-      if (key.return && phase.kind === "awaiting-approval") {
-        openUrl(phase.approvalUrl);
+      if (approvalUrl === void 0) return;
+      if (key.return) {
+        openUrl(approvalUrl);
+        return;
+      }
+      if (key.escape && approvalId !== void 0) {
+        setCancelling(true);
+        cancelThenFinish(() => onCancel?.(approvalId), {
+          kind: "error",
+          code: "APPROVAL_CANCELLED",
+          message: `Approval ${approvalId} cancelled.`
+        });
       }
     },
-    { isActive: phase.kind === "awaiting-approval" }
+    { isActive: approvalUrl !== void 0 && !cancelling }
   );
   useEffect7(() => {
+    const controller = new AbortController();
     let cancelled = false;
-    void runPayPipeline(deps, (event) => {
+    const runDeps = { ...deps, signal: controller.signal };
+    void runMppPayPipeline(runDeps, (event) => {
       if (!cancelled) dispatch(event);
     });
     return () => {
       cancelled = true;
+      controller.abort();
     };
   }, [deps]);
   useEffect7(() => {
-    if (phase.kind === "success" || phase.kind === "replay-rejected" || phase.kind === "no-payment-final" || phase.kind === "error") {
-      onComplete(phase);
-      exit();
+    if (phase.kind === "success" || phase.kind === "seller-rejected" || phase.kind === "no-payment-final" || phase.kind === "error") {
+      finish(phase);
+    }
+  }, [phase, finish]);
+  if (cancelling) {
+    return /* @__PURE__ */ jsx15(Box12, { children: /* @__PURE__ */ jsxs12(Text13, { color: "yellow", children: [
+      /* @__PURE__ */ jsx15(Spinner9, { type: "dots" }),
+      " Cancelling approval..."
+    ] }) });
+  }
+  if (phase.kind === "probing") {
+    return /* @__PURE__ */ jsx15(Box12, { children: /* @__PURE__ */ jsxs12(Text13, { color: "cyan", children: [
+      /* @__PURE__ */ jsx15(Spinner9, { type: "dots" }),
+      " Probing ",
+      method,
+      " ",
+      url,
+      "..."
+    ] }) });
+  }
+  if (phase.kind === "no-payment") {
+    return /* @__PURE__ */ jsx15(Box12, { children: /* @__PURE__ */ jsxs12(Text13, { color: "cyan", children: [
+      /* @__PURE__ */ jsx15(Spinner9, { type: "dots" }),
+      " Seller accepted without payment (status ",
+      String(phase.probe.status),
+      "); finalising..."
+    ] }) });
+  }
+  if (phase.kind === "decoded") {
+    return /* @__PURE__ */ jsx15(Box12, { children: /* @__PURE__ */ jsxs12(Text13, { color: "cyan", children: [
+      /* @__PURE__ */ jsx15(Spinner9, { type: "dots" }),
+      " Fulfilling ",
+      phase.challenge.amount ?? "",
+      " ",
+      phase.challenge.currency ?? "",
+      " ",
+      "challenge..."
+    ] }) });
+  }
+  if (phase.kind === "created") {
+    const { created: created2 } = phase;
+    if (created2.state !== "pending") {
+      return /* @__PURE__ */ jsx15(Box12, { children: /* @__PURE__ */ jsxs12(Text13, { color: "cyan", children: [
+        /* @__PURE__ */ jsx15(Spinner9, { type: "dots" }),
+        " Transaction ",
+        created2.transactionId,
+        " ready; replaying..."
+      ] }) });
+    }
+    return /* @__PURE__ */ jsxs12(Box12, { flexDirection: "column", paddingY: 1, children: [
+      /* @__PURE__ */ jsx15(Box12, { marginBottom: 1, children: /* @__PURE__ */ jsx15(Text13, { bold: true, children: "Approval required" }) }),
+      /* @__PURE__ */ jsxs12(Box12, { flexDirection: "column", borderStyle: "round", borderColor: "cyan", paddingX: 2, paddingY: 1, children: [
+        /* @__PURE__ */ jsx15(Text13, { children: `transaction: ${created2.transactionId}` }),
+        created2.approvalUrl !== void 0 ? /* @__PURE__ */ jsxs12(Fragment, { children: [
+          /* @__PURE__ */ jsxs12(Text13, { children: [
+            "Open: ",
+            /* @__PURE__ */ jsx15(Text13, { bold: true, color: "cyan", children: created2.approvalUrl })
+          ] }),
+          /* @__PURE__ */ jsx15(Text13, { dimColor: true, children: "Press Enter to open in browser." }),
+          /* @__PURE__ */ jsx15(Text13, { dimColor: true, children: "Press Escape to cancel." })
+        ] }) : null
+      ] }),
+      /* @__PURE__ */ jsx15(Box12, { marginTop: 1, children: /* @__PURE__ */ jsxs12(Text13, { color: "cyan", children: [
+        /* @__PURE__ */ jsx15(Spinner9, { type: "dots" }),
+        " Waiting for approval..."
+      ] }) })
+    ] });
+  }
+  if (phase.kind === "replaying") {
+    return /* @__PURE__ */ jsx15(Box12, { children: /* @__PURE__ */ jsxs12(Text13, { color: "cyan", children: [
+      /* @__PURE__ */ jsx15(Spinner9, { type: "dots" }),
+      " Replaying request with Authorization: Payment..."
+    ] }) });
+  }
+  if (phase.kind === "success") {
+    const { result } = phase;
+    return /* @__PURE__ */ jsxs12(Box12, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsxs12(Text13, { color: "green", children: [
+        "\u2713 Paid (intent ",
+        result.intent,
+        ")"
+      ] }),
+      /* @__PURE__ */ jsx15(Text13, { children: `status: ${String(result.responseStatus)}` }),
+      /* @__PURE__ */ jsx15(Text13, { children: `transaction: ${result.transactionId}` }),
+      result.settled !== void 0 ? /* @__PURE__ */ jsx15(Text13, { children: `settled: ${result.settled.status ?? "success"} (ref ${result.settled.reference ?? "\u2014"})` }) : null,
+      /* @__PURE__ */ jsx15(Text13, { children: `response size: ${String(result.bodySizeBytes)} bytes` }),
+      result.outputSavedTo !== void 0 ? /* @__PURE__ */ jsxs12(Text13, { children: [
+        "Saved to: ",
+        /* @__PURE__ */ jsx15(Text13, { bold: true, children: result.outputSavedTo })
+      ] }) : null,
+      result.body !== void 0 ? /* @__PURE__ */ jsxs12(Box12, { marginTop: 1, flexDirection: "column", children: [
+        /* @__PURE__ */ jsx15(Text13, { dimColor: true, children: "response body:" }),
+        /* @__PURE__ */ jsx15(Text13, { children: result.body })
+      ] }) : null
+    ] });
+  }
+  if (phase.kind === "seller-rejected") {
+    const { result } = phase;
+    return /* @__PURE__ */ jsxs12(Box12, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx15(Text13, { color: "red", children: "\u2717 Payment not accepted by seller" }),
+      /* @__PURE__ */ jsx15(Text13, { children: `status: ${String(result.responseStatus)}` }),
+      /* @__PURE__ */ jsx15(Text13, { children: `transaction: ${result.transactionId}` }),
+      /* @__PURE__ */ jsx15(Text13, { children: `response size: ${String(result.bodySizeBytes)} bytes` }),
+      result.body !== void 0 ? /* @__PURE__ */ jsxs12(Box12, { marginTop: 1, flexDirection: "column", children: [
+        /* @__PURE__ */ jsx15(Text13, { dimColor: true, children: "response body:" }),
+        /* @__PURE__ */ jsx15(Text13, { children: result.body })
+      ] }) : null
+    ] });
+  }
+  if (phase.kind === "no-payment-final") {
+    const { result } = phase;
+    return /* @__PURE__ */ jsxs12(Box12, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx15(Text13, { color: "green", children: "\u2713 Seller accepted without payment" }),
+      /* @__PURE__ */ jsx15(Text13, { children: `status: ${String(result.status)}` }),
+      /* @__PURE__ */ jsx15(Text13, { children: `response size: ${String(result.bodySizeBytes)} bytes` }),
+      result.outputSavedTo !== void 0 ? /* @__PURE__ */ jsxs12(Text13, { children: [
+        "Saved to: ",
+        /* @__PURE__ */ jsx15(Text13, { bold: true, children: result.outputSavedTo })
+      ] }) : null,
+      result.body !== void 0 ? /* @__PURE__ */ jsxs12(Box12, { marginTop: 1, flexDirection: "column", children: [
+        /* @__PURE__ */ jsx15(Text13, { dimColor: true, children: "response body:" }),
+        /* @__PURE__ */ jsx15(Text13, { children: result.body })
+      ] }) : null
+    ] });
+  }
+  return /* @__PURE__ */ jsxs12(Box12, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsxs12(Text13, { color: "red", children: [
+      "\u2717 ",
+      phase.code
+    ] }),
+    /* @__PURE__ */ jsx15(Text13, { color: "red", children: phase.message })
+  ] });
+};
+
+// src/commands/mpp/schema.ts
+import { z as z4 } from "incur";
+var payArgs = z4.object({
+  url: z4.string().describe("The MPP-protected resource URL to pay for.")
+});
+var payOptions = z4.object({
+  paymentMethod: z4.string().optional().describe('Only consider challenges with this payment method (e.g. "inflow").'),
+  intent: z4.string().optional().describe('Only consider challenges with this intent (e.g. "charge").'),
+  currency: z4.string().optional().describe('Only consider challenges in this currency (e.g. "USDC").'),
+  rail: z4.string().optional().describe('Only consider challenges on this settlement rail (e.g. "balance", "instrument").'),
+  method: z4.string().default("GET").describe("HTTP method for the seller request."),
+  data: z4.string().optional().describe(
+    "Request body. JSON or raw text. Content-Type defaults to application/json when --data is set unless a --header overrides it."
+  ),
+  header: z4.array(z4.string()).default([]).describe('Repeatable. "Name: Value" format.'),
+  interval: z4.coerce.number().default(0).describe(
+    "Inline poll cadence in seconds while a transaction is pending. 0 returns the transaction id and a follow-up command hint without blocking."
+  ),
+  maxAttempts: z4.coerce.number().default(0).describe("Hard cap on poll attempts when --interval > 0. 0 means unlimited."),
+  timeout: z4.coerce.number().default(900).describe("Polling deadline in seconds. Default 900s (matches the server-side approval expiry)."),
+  instrumentId: z4.string().optional().describe(
+    "Funding instrument id (UUID) for an instrument-rail challenge. The buyer does not choose the rail \u2014 it is derived from the seller challenge; this is the only buyer-supplied payment option."
+  ),
+  showBody: z4.boolean().default(true).describe(
+    "Include the seller response body in the result. Default true so AI assistants paying for content receive the deliverable. Pass --no-show-body to suppress (e.g. for binary downloads paired with --output-file)."
+  ),
+  outputFile: z4.string().optional().describe(
+    "Write the seller response body bytes to this file path (overwrites silently). When set, the result frame includes `output_saved_to: <absolute_path>` instead of `body` / `body_base64`. Natural choice for binary content (PDFs, images, downloads)."
+  ),
+  credentialFile: z4.string().optional().describe(
+    "Write the base64url `Authorization: Payment` credential to this file path (mode 0o600, overwrites silently). When set, the result frame includes `credential_saved_to: <absolute_path>` instead of `credential`. Use to keep one-time payment credentials out of chat transcripts and logs."
+  )
+});
+var statusArgs = z4.object({
+  transactionId: z4.string().describe("The transaction id returned by `mpp pay`.")
+});
+var statusOptions2 = z4.object({
+  interval: z4.coerce.number().default(0).describe(
+    "Poll cadence in seconds. 0 returns the current snapshot; positive values yield on every change until ready or terminal."
+  ),
+  maxAttempts: z4.coerce.number().default(0).describe("Hard cap on poll attempts. 0 means unlimited."),
+  timeout: z4.coerce.number().default(900).describe("Polling deadline in seconds."),
+  credentialFile: z4.string().optional().describe(
+    "Write the base64url `Authorization: Payment` credential to this file path (mode 0o600, overwrites silently). When set, the ready frame includes `credential_saved_to: <absolute_path>` instead of `credential`. Use to keep one-time payment credentials out of chat transcripts and logs."
+  )
+});
+var cancelArgs = z4.object({
+  approvalId: z4.string().describe("The approval id returned by `mpp pay` (on the pending frame).")
+});
+var decodeArgs = z4.object({
+  value: z4.string().describe(
+    "A raw `WWW-Authenticate: Payment` header value, or a base64url `Authorization: Payment` credential / `Payment-Receipt`. The kind is auto-detected."
+  )
+});
+var inspectArgs = z4.object({
+  url: z4.string().describe("The MPP-protected resource URL to probe. No payment is made.")
+});
+var inspectOptions = z4.object({
+  paymentMethod: z4.string().optional().describe('Only show challenges with this payment method (e.g. "inflow").'),
+  intent: z4.string().optional().describe('Only show challenges with this intent (e.g. "charge").'),
+  currency: z4.string().optional().describe('Only show challenges in this currency (e.g. "USDC").'),
+  rail: z4.string().optional().describe('Only show challenges on this settlement rail (e.g. "balance", "instrument").'),
+  method: z4.string().default("GET").describe("HTTP method for the probe request."),
+  data: z4.string().optional().describe(
+    "Request body for the probe. JSON or raw text. Content-Type defaults to application/json when --data is set unless a --header overrides it."
+  ),
+  header: z4.array(z4.string()).default([]).describe('Repeatable. "Name: Value" format.')
+});
+
+// src/commands/mpp/status.tsx
+import { Box as Box13, Text as Text14 } from "ink";
+import Spinner10 from "ink-spinner";
+import { useEffect as useEffect8, useReducer as useReducer6 } from "react";
+import { jsx as jsx16, jsxs as jsxs13 } from "react/jsx-runtime";
+var MppStatusView = ({
+  transactionId,
+  fetchOnce,
+  interval,
+  maxAttempts,
+  timeout,
+  onComplete
+}) => {
+  const initial = { kind: "polling" };
+  const [phase, dispatch] = useReducer6(reduceMppStatus, initial);
+  const { finish } = useFlowExit(onComplete);
+  useEffect8(() => {
+    const run = runMppStatus({ fetchOnce, interval, maxAttempts, timeout });
+    let cancelled = false;
+    void (async () => {
+      for await (const event of run.events) {
+        if (cancelled) return;
+        dispatch(event);
+      }
+    })();
+    return () => {
+      cancelled = true;
+    };
+  }, [fetchOnce, interval, maxAttempts, timeout]);
+  useEffect8(() => {
+    if (phase.kind === "ready" || phase.kind === "failed" || phase.kind === "expired" || phase.kind === "timeout" || phase.kind === "error") {
+      finish(phase);
+    }
+  }, [phase, finish]);
+  if (phase.kind === "polling") {
+    const stateText = phase.latest?.state ?? "pending";
+    return /* @__PURE__ */ jsx16(Box13, { flexDirection: "column", children: /* @__PURE__ */ jsxs13(Text14, { color: "cyan", children: [
+      /* @__PURE__ */ jsx16(Spinner10, { type: "dots" }),
+      " Polling transaction ",
+      transactionId,
+      " (state: ",
+      stateText,
+      ")..."
+    ] }) });
+  }
+  if (phase.kind === "ready") {
+    const credential = phase.response.credential ?? "";
+    const preview = credential.length > 32 ? `${credential.slice(0, 32)}...` : credential;
+    return /* @__PURE__ */ jsxs13(Box13, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx16(Text14, { color: "green", children: "\u2713 Ready" }),
+      /* @__PURE__ */ jsx16(Text14, { children: `credential: ${preview}` }),
+      phase.response.expires !== void 0 ? /* @__PURE__ */ jsx16(Text14, { dimColor: true, children: `expires: ${phase.response.expires}` }) : null
+    ] });
+  }
+  if (phase.kind === "failed") {
+    return /* @__PURE__ */ jsxs13(Box13, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx16(Text14, { color: "red", children: "\u2717 Transaction failed" }),
+      phase.response.problem !== void 0 ? /* @__PURE__ */ jsx16(Text14, { color: "red", children: phase.response.problem.detail ?? phase.response.problem.title }) : null
+    ] });
+  }
+  if (phase.kind === "expired") {
+    return /* @__PURE__ */ jsx16(Box13, { flexDirection: "column", children: /* @__PURE__ */ jsx16(Text14, { color: "yellow", children: "Transaction expired before it was ready." }) });
+  }
+  if (phase.kind === "timeout") {
+    return /* @__PURE__ */ jsxs13(Box13, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx16(Text14, { color: "yellow", children: "Polling timed out before the transaction reached a ready state." }),
+      phase.response !== void 0 ? /* @__PURE__ */ jsx16(Text14, { children: `last state: ${phase.response.state}` }) : null
+    ] });
+  }
+  return /* @__PURE__ */ jsxs13(Box13, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsx16(Text14, { color: "red", children: "\u2717 Polling failed" }),
+    /* @__PURE__ */ jsx16(Text14, { color: "red", children: phase.message })
+  ] });
+};
+
+// src/commands/mpp/supported.tsx
+import { Box as Box14, Text as Text15 } from "ink";
+import Spinner11 from "ink-spinner";
+import { useCallback as useCallback6 } from "react";
+import { jsx as jsx17, jsxs as jsxs14 } from "react/jsx-runtime";
+function flattenKinds(response) {
+  const rows = [];
+  for (const kind of response.kinds) {
+    for (const intent of kind.intents) {
+      for (const rail of intent.rails) {
+        rows.push({
+          method: kind.method,
+          intent: intent.intent,
+          rail: rail.rail,
+          currencies: rail.currencies.join(", ") || "\u2014"
+        });
+      }
+    }
+  }
+  return rows;
+}
+var COLUMNS4 = [
+  { header: "Method", cell: (r) => r.method },
+  { header: "Intent", cell: (r) => r.intent },
+  { header: "Rail", cell: (r) => r.rail },
+  { header: "Currencies", cell: (r) => r.currencies }
+];
+var SupportedView = ({ load, onComplete }) => {
+  const action = useCallback6(() => load(), [load]);
+  const { finish } = useFlowExit(onComplete);
+  const { status, data, error } = useFlowState(action, finish);
+  if (status === "loading") {
+    return /* @__PURE__ */ jsx17(Box14, { children: /* @__PURE__ */ jsxs14(Text15, { color: "cyan", children: [
+      /* @__PURE__ */ jsx17(Spinner11, { type: "dots" }),
+      " Loading supported MPP methods..."
+    ] }) });
+  }
+  if (status === "error") {
+    return /* @__PURE__ */ jsxs14(Box14, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx17(Text15, { color: "red", children: "Failed to load supported MPP methods" }),
+      /* @__PURE__ */ jsx17(Text15, { color: "red", children: error })
+    ] });
+  }
+  const rows = data ? flattenKinds(data) : [];
+  if (rows.length === 0) {
+    return /* @__PURE__ */ jsx17(Box14, { flexDirection: "column", children: /* @__PURE__ */ jsx17(Text15, { children: "No supported MPP methods returned for this account." }) });
+  }
+  return /* @__PURE__ */ jsx17(Table, { columns: COLUMNS4, rows });
+};
+
+// src/commands/mpp/index.tsx
+import { jsx as jsx18 } from "react/jsx-runtime";
+var POST_CREATE_INSTRUCTION = "Present the approval_url to the user and ask them to approve in the InFlow mobile app or dashboard. Then call `mpp status <transaction_id> --interval 5 --max-attempts 60` to poll until ready. Once ready, replay the request manually with the credential as the `Authorization: Payment <credential>` header.";
+var POLLING_INSTRUCTION = "Approval polling is happening inline. The yield stream emits each state change; the final frame includes the result once the transaction is ready and replayed.";
+function parseHeaderFlagsOrFail(c, flags) {
+  try {
+    return parseHeaderFlags(flags);
+  } catch (err) {
+    c.error({ code: "INVALID_HEADER", message: err instanceof Error ? err.message : String(err) });
+  }
+}
+function decorateCredentialField(frame, credential, credentialFile) {
+  if (credentialFile !== void 0 && credentialFile.length > 0) {
+    const absolute = resolvePath2(credentialFile);
+    writeFileSync2(absolute, Buffer.from(credential, "utf-8"), { mode: 384 });
+    chmodSync(absolute, 384);
+    frame.credential_saved_to = absolute;
+    return;
+  }
+  frame.credential = credential;
+}
+function probeOptionsFrom(c) {
+  const headers = parseHeaderFlagsOrFail(c, c.options.header);
+  return {
+    method: c.options.method,
+    headers,
+    ...c.options.data !== void 0 ? { data: c.options.data } : {}
+  };
+}
+function buildPayPipelineInput(c) {
+  return {
+    probeOptions: probeOptionsFrom(c),
+    url: c.args.url,
+    showBody: c.options.showBody,
+    interval: c.options.interval,
+    maxAttempts: c.options.maxAttempts,
+    timeout: c.options.timeout,
+    ...c.options.instrumentId !== void 0 ? { instrumentId: c.options.instrumentId } : {},
+    ...c.options.paymentMethod !== void 0 ? { paymentMethodFilter: c.options.paymentMethod } : {},
+    ...c.options.intent !== void 0 ? { intentFilter: c.options.intent } : {},
+    ...c.options.currency !== void 0 ? { currencyFilter: c.options.currency } : {},
+    ...c.options.rail !== void 0 ? { railFilter: c.options.rail } : {},
+    ...c.options.outputFile !== void 0 ? { outputFile: c.options.outputFile } : {}
+  };
+}
+function attachBodyFields(frame, result) {
+  frame.body_size_bytes = result.bodySizeBytes;
+  if (result.body !== void 0) frame.body = result.body;
+  if (result.bodyBase64 !== void 0) frame.body_base64 = result.bodyBase64;
+  if (result.outputSavedTo !== void 0) frame.output_saved_to = result.outputSavedTo;
+}
+function challengeFields(challenge) {
+  const out = {
+    id: challenge.id,
+    method: challenge.method,
+    intent: challenge.intent
+  };
+  if (challenge.amount !== void 0) out.amount = challenge.amount;
+  if (challenge.currency !== void 0) out.currency = challenge.currency;
+  if (challenge.rail !== void 0) out.rail = challenge.rail;
+  return out;
+}
+function noPaymentFrameFromResult(result) {
+  const frame = { outcome: "no-payment-required", status: result.status };
+  if (result.contentType !== void 0) frame.content_type = result.contentType;
+  attachBodyFields(frame, result);
+  return frame;
+}
+function createdFrameFromEvent(created, interval, maxAttempts) {
+  const pending = created.state === "pending";
+  const frame = {
+    transaction_id: created.transactionId,
+    state: created.state,
+    challenge: challengeFields(created.challenge),
+    instruction: interval > 0 ? POLLING_INSTRUCTION : POST_CREATE_INSTRUCTION
+  };
+  if (created.approvalId !== void 0) frame.approval_id = created.approvalId;
+  if (created.approvalUrl !== void 0) frame.approval_url = created.approvalUrl;
+  if (created.retryAfterSeconds !== void 0) frame.retry_after_seconds = created.retryAfterSeconds;
+  if (created.expires !== void 0) frame.expires = created.expires;
+  if (pending && interval <= 0) {
+    const max = maxAttempts > 0 ? maxAttempts : 60;
+    frame._next = {
+      command: `mpp status ${created.transactionId} --interval 5 --max-attempts ${String(max)}`,
+      poll_interval_seconds: 5,
+      until: "state is ready (credential present)"
+    };
+  }
+  return frame;
+}
+function paidFrameFromResult(result, credentialFile) {
+  const frame = {
+    outcome: "paid",
+    transaction_id: result.transactionId,
+    challenge_id: result.challengeId,
+    intent: result.intent,
+    response_status: result.responseStatus
+  };
+  decorateCredentialField(frame, result.credential, credentialFile);
+  if (result.responseContentType !== void 0) frame.response_content_type = result.responseContentType;
+  if (result.settled !== void 0) frame.settled = result.settled;
+  attachBodyFields(frame, result);
+  return frame;
+}
+function rejectedFrameFromResult(result) {
+  const frame = {
+    outcome: "seller-rejected",
+    transaction_id: result.transactionId,
+    challenge_id: result.challengeId,
+    response_status: result.responseStatus
+  };
+  if (result.responseContentType !== void 0) frame.response_content_type = result.responseContentType;
+  attachBodyFields(frame, result);
+  return frame;
+}
+function toStatusFrame(response, credentialFile) {
+  const frame = {
+    transaction_id: response.transactionId ?? "",
+    state: response.state
+  };
+  if (response.state === "ready" && response.credential !== void 0) {
+    decorateCredentialField(frame, response.credential, credentialFile);
+    if (response.expires !== void 0) frame.expires = response.expires;
+  }
+  if (response.state === "pending") {
+    if (response.approvalId !== void 0) frame.approval_id = response.approvalId;
+    if (response.retryAfterSeconds !== void 0) frame.retry_after_seconds = response.retryAfterSeconds;
+  }
+  if (response.problem !== void 0) frame.problem = response.problem;
+  return frame;
+}
+async function* runPayCommand(c, inflow2, authStorage2, apiBaseUrl2) {
+  assertSessionGuard(c, authStorage2, inflow2);
+  if (!c.agent && !c.formatExplicit) {
+    const client = await inflow2.mpp.client();
+    let finalPhase = null;
+    await renderInkUntilExit(
+      /* @__PURE__ */ jsx18(
+        PayView,
+        {
+          url: c.args.url,
+          method: c.options.method,
+          deps: {
+            ...buildPayPipelineInput(c),
+            client,
+            apiBaseUrl: apiBaseUrl2,
+            awaitPayment: true
+          },
+          onComplete: (phase) => {
+            finalPhase = phase;
+          },
+          onCancel: (approvalId) => inflow2.mpp.cancel({ approvalId })
+        }
+      )
+    );
+    if (finalPhase !== null) {
+      const phase = finalPhase;
+      if (phase.kind === "seller-rejected") {
+        c.error({
+          code: PAYMENT_NOT_ACCEPTED_CODE2,
+          message: `Seller rejected the credential with status ${String(phase.result.responseStatus)}. The transaction was ready but the seller did not honour the payment.`
+        });
+      }
+      if (phase.kind === "error") {
+        c.error({ code: phase.code, message: phase.message });
+      }
+    }
+    return;
+  }
+  const run = inflow2.mpp.pay({
+    ...buildPayPipelineInput(c),
+    awaitPayment: c.options.interval > 0
+  });
+  for await (const event of run.events) {
+    if (event.type === "short-circuited") {
+      yield sanitizeDeep(noPaymentFrameFromResult(event.result));
+      return;
+    }
+    if (event.type === "created") {
+      yield sanitizeDeep(createdFrameFromEvent(event.created, c.options.interval, c.options.maxAttempts));
+      continue;
+    }
+    if (event.type === "replayed") {
+      yield sanitizeDeep(paidFrameFromResult(event.result, c.options.credentialFile));
+      return;
+    }
+    if (event.type === "rejected") {
+      yield sanitizeDeep(rejectedFrameFromResult(event.result));
+      c.error({
+        code: PAYMENT_NOT_ACCEPTED_CODE2,
+        message: `Seller rejected the credential with status ${String(event.result.responseStatus)}. The transaction was ready but the seller did not honour the payment; see the previous frame for details.`
+      });
+      return;
+    }
+    if (event.type === "errored") {
+      c.error({ code: event.code, message: event.message });
+    }
+  }
+}
+async function* runStatusCommand(c, inflow2, authStorage2) {
+  assertSessionGuard(c, authStorage2, inflow2);
+  if (!c.agent && !c.formatExplicit) {
+    const client2 = await inflow2.mpp.client();
+    await renderInkUntilExit(
+      /* @__PURE__ */ jsx18(
+        MppStatusView,
+        {
+          transactionId: c.args.transactionId,
+          fetchOnce: () => client2.getTransaction(c.args.transactionId),
+          interval: c.options.interval,
+          maxAttempts: c.options.maxAttempts,
+          timeout: c.options.timeout,
+          onComplete: () => void 0
+        }
+      )
+    );
+    return;
+  }
+  const client = await inflow2.mpp.client();
+  const fetchOnce = () => client.getTransaction(c.args.transactionId);
+  if (c.options.interval <= 0) {
+    const snapshot = await fetchOnce();
+    yield sanitizeDeep(toStatusFrame(snapshot, c.options.credentialFile));
+    return;
+  }
+  const run = runMppStatus({
+    fetchOnce,
+    interval: c.options.interval,
+    maxAttempts: c.options.maxAttempts,
+    timeout: c.options.timeout
+  });
+  for await (const event of run.events) {
+    if (event.type === "snapshot") {
+      yield sanitizeDeep(toStatusFrame(event.response, c.options.credentialFile));
+      continue;
+    }
+    if (event.type === "ready") {
+      yield sanitizeDeep(toStatusFrame(event.response, c.options.credentialFile));
+      return;
+    }
+    if (event.type === "failed") {
+      yield sanitizeDeep(toStatusFrame(event.response, c.options.credentialFile));
+      c.error({
+        code: "PAYMENT_FAILED",
+        message: event.response.problem?.detail ?? event.response.problem?.title ?? "MPP transaction failed."
+      });
+    }
+    if (event.type === "expired") {
+      yield sanitizeDeep(toStatusFrame(event.response, c.options.credentialFile));
+      c.error({ code: "PAYMENT_EXPIRED", message: "MPP transaction expired before it was ready." });
+    }
+    if (event.type === "timedOut") {
+      if (event.response !== void 0) {
+        yield sanitizeDeep(toStatusFrame(event.response, c.options.credentialFile));
+      }
+      c.error({
+        code: "POLLING_TIMEOUT",
+        message: "Polling timed out before the transaction reached a ready state.",
+        retryable: true
+      });
+    }
+    if (event.type === "crashed") {
+      c.error({ code: "PAYMENT_FAILED", message: event.message });
+    }
+  }
+}
+async function runCancelCommand(c, inflow2, authStorage2) {
+  assertSessionGuard(c, authStorage2, inflow2);
+  if (!c.agent && !c.formatExplicit) {
+    await renderInkUntilExit(
+      /* @__PURE__ */ jsx18(
+        CancelView,
+        {
+          approvalId: c.args.approvalId,
+          cancel: () => inflow2.mpp.cancel({ approvalId: c.args.approvalId }).then(() => void 0),
+          onComplete: () => void 0
+        }
+      )
+    );
+    return { approval_id: c.args.approvalId, cancelled: true, note: "best-effort; server-side state not verified" };
+  }
+  return inflow2.mpp.cancel({ approvalId: c.args.approvalId });
+}
+async function runDecodeCommand(c) {
+  let result;
+  try {
+    result = decodeMppValue(c.args.value);
+  } catch (err) {
+    return c.error({ code: "DECODE_FAILED", message: err instanceof Error ? err.message : String(err) });
+  }
+  if (!c.agent && !c.formatExplicit) {
+    await renderInkUntilExit(/* @__PURE__ */ jsx18(DecodeView, { result }));
+    return void 0;
+  }
+  return sanitizeDeep(result);
+}
+async function runSupportedCommand(c, inflow2, authStorage2) {
+  assertSessionGuard(c, authStorage2, inflow2);
+  if (!c.agent && !c.formatExplicit) {
+    await renderInkUntilExit(/* @__PURE__ */ jsx18(SupportedView, { load: () => inflow2.mpp.supported(), onComplete: () => void 0 }));
+    return void 0;
+  }
+  const response = await inflow2.mpp.supported();
+  return sanitizeDeep(response);
+}
+async function runInspectCommand(c) {
+  const deps = {
+    probeOptions: probeOptionsFrom(c),
+    url: c.args.url,
+    ...c.options.paymentMethod !== void 0 ? { paymentMethodFilter: c.options.paymentMethod } : {},
+    ...c.options.intent !== void 0 ? { intentFilter: c.options.intent } : {},
+    ...c.options.currency !== void 0 ? { currencyFilter: c.options.currency } : {},
+    ...c.options.rail !== void 0 ? { railFilter: c.options.rail } : {}
+  };
+  if (!c.agent && !c.formatExplicit) {
+    let finalPhase = null;
+    await renderInkUntilExit(
+      /* @__PURE__ */ jsx18(
+        InspectView,
+        {
+          url: c.args.url,
+          method: c.options.method,
+          deps,
+          onComplete: (phase) => {
+            finalPhase = phase;
+          }
+        }
+      )
+    );
+    if (finalPhase !== null) {
+      const phase = finalPhase;
+      if (phase.kind === "error") {
+        c.error({ code: phase.code, message: phase.message });
+      }
+    }
+    return void 0;
+  }
+  let finalEvent = null;
+  await runMppInspectPipeline(deps, (event) => {
+    if (event.type === "errored") {
+      finalEvent = { kind: "error", payload: event };
+      return;
+    }
+    if (event.type === "challenges") {
+      finalEvent = { kind: "challenges", payload: event.result };
+      return;
+    }
+    if (event.type === "no-payment") {
+      finalEvent = { kind: "no-payment", payload: event.result };
+    }
+  });
+  if (finalEvent === null) {
+    return c.error({ code: "INSPECT_FAILED", message: "Inspect pipeline produced no result." });
+  }
+  const { kind, payload } = finalEvent;
+  if (kind === "error") {
+    const err = payload;
+    return c.error({ code: err.code, message: err.message });
+  }
+  if (kind === "challenges") {
+    return sanitizeDeep(buildChallengesFrame(payload));
+  }
+  return sanitizeDeep(buildNoPaymentFrame(payload));
+}
+function createMppCli(inflow2, authStorage2, apiBaseUrl2) {
+  const cli2 = Cli4.create("mpp", {
+    description: "MPP payment commands (pay, inspect, status, cancel, decode, supported)."
+  });
+  cli2.command("pay", {
+    description: "Pay an MPP-protected resource and return the seller response.",
+    args: payArgs,
+    options: payOptions,
+    outputPolicy: "agent-only",
+    async *run(c) {
+      yield* runPayCommand(c, inflow2, authStorage2, apiBaseUrl2);
+    }
+  });
+  cli2.command("status", {
+    description: "Poll the buyer-side state of an in-flight MPP transaction.",
+    args: statusArgs,
+    options: statusOptions2,
+    outputPolicy: "agent-only",
+    async *run(c) {
+      yield* runStatusCommand(c, inflow2, authStorage2);
+    }
+  });
+  cli2.command("cancel", {
+    description: "Best-effort cancel of an MPP approval.",
+    args: cancelArgs,
+    outputPolicy: "agent-only",
+    async run(c) {
+      return runCancelCommand(c, inflow2, authStorage2);
+    }
+  });
+  cli2.command("decode", {
+    description: "Decode a raw WWW-Authenticate: Payment header, or a base64url credential / receipt.",
+    args: decodeArgs,
+    outputPolicy: "agent-only",
+    async run(c) {
+      return runDecodeCommand(c);
+    }
+  });
+  cli2.command("supported", {
+    description: "List the methods the buyer can pay with \u2014 by intent, settlement rail, and currency.",
+    outputPolicy: "agent-only",
+    async run(c) {
+      return runSupportedCommand(c, inflow2, authStorage2);
+    }
+  });
+  cli2.command("inspect", {
+    description: "Show the seller's MPP challenge(s) for a URL. Read-only probe \u2014 no auth, no payment.",
+    args: inspectArgs,
+    options: inspectOptions,
+    outputPolicy: "agent-only",
+    async run(c) {
+      return runInspectCommand(c);
+    }
+  });
+  return cli2;
+}
+
+// src/commands/user/index.tsx
+import { Cli as Cli5, Errors as Errors2 } from "incur";
+import "react";
+
+// src/commands/user/get.tsx
+import { Box as Box15, Text as Text16 } from "ink";
+import Spinner12 from "ink-spinner";
+import { useCallback as useCallback7, useRef as useRef3 } from "react";
+import { jsx as jsx19, jsxs as jsxs15 } from "react/jsx-runtime";
+var UserGet = ({ userResource, onComplete }) => {
+  const action = useCallback7(() => userResource.retrieve(), [userResource]);
+  const { finish } = useFlowExit(onComplete);
+  const lastErrorRef = useRef3("");
+  const handleLinger = useCallback7(
+    (result) => {
+      if (result !== null) {
+        finish({ kind: "success", user: result });
+      } else {
+        finish({
+          kind: "error",
+          message: lastErrorRef.current || "No result produced."
+        });
+      }
+    },
+    [finish]
+  );
+  const { status, data: user, error } = useFlowState(action, handleLinger);
+  lastErrorRef.current = error;
+  if (status === "loading") {
+    return /* @__PURE__ */ jsx19(Box15, { children: /* @__PURE__ */ jsxs15(Text16, { color: "cyan", children: [
+      /* @__PURE__ */ jsx19(Spinner12, { type: "dots" }),
+      " Loading user..."
+    ] }) });
+  }
+  if (status === "error") {
+    return /* @__PURE__ */ jsxs15(Box15, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx19(Text16, { color: "red", children: "\u2717 Failed to retrieve user" }),
+      /* @__PURE__ */ jsx19(Text16, { color: "red", children: error })
+    ] });
+  }
+  if (user === null) return null;
+  const rows = buildProfileRows(user);
+  return /* @__PURE__ */ jsx19(Box15, { flexDirection: "column", borderStyle: "round", borderColor: "cyan", paddingX: 2, paddingY: 1, children: rows.map((row) => /* @__PURE__ */ jsxs15(Text16, { children: [
+    `${row.label}: `,
+    row.value !== null ? /* @__PURE__ */ jsx19(Text16, { bold: true, children: row.value }) : /* @__PURE__ */ jsx19(Text16, { dimColor: true, children: "\u2014" })
+  ] }, row.label)) });
+};
+
+// src/commands/user/schema.ts
+import { z as z5 } from "incur";
+var getOptions = z5.object({});
+
+// src/commands/user/index.tsx
+import { jsx as jsx20 } from "react/jsx-runtime";
+var TTY_NO_RESULT_MESSAGE = "inflow user get exited without producing a result.";
+async function runUserGet2(c, deps) {
+  assertSessionGuard(c, deps.authStorage, deps.inflow);
+  if (!c.agent && !c.formatExplicit) {
+    let captured = null;
+    const outcome = await renderInkUntilExit(
+      /* @__PURE__ */ jsx20(
+        UserGet,
+        {
+          userResource: deps.user,
+          onComplete: (value) => {
+            captured = value;
+          }
+        }
+      ),
+      () => captured
+    );
+    if (outcome === null) {
+      throw new Errors2.IncurError({
+        code: "USER_GET_FAILED",
+        message: TTY_NO_RESULT_MESSAGE
+      });
+    }
+    if (outcome.kind === "error") {
+      throw new Errors2.IncurError({
+        code: "USER_GET_FAILED",
+        message: outcome.message
+      });
+    }
+    return projectUserPayload(outcome.user);
+  }
+  return deps.user.get();
+}
+function createUserCli(user, authStorage2, inflow2) {
+  const cli2 = Cli5.create("user", { description: "User profile commands" });
+  cli2.command("get", {
+    description: "Retrieve the current authenticated user",
+    options: getOptions,
+    outputPolicy: "agent-only",
+    async run(c) {
+      return runUserGet2(c, { user, authStorage: authStorage2, inflow: inflow2 });
+    }
+  });
+  return cli2;
+}
+
+// src/commands/x402/index.tsx
+import { chmodSync as chmodSync2, writeFileSync as writeFileSync3 } from "fs";
+import { resolve as resolvePath3 } from "path";
+import { Cli as Cli6 } from "incur";
+
+// src/commands/x402/cancel.tsx
+import { Box as Box16, Text as Text17 } from "ink";
+import Spinner13 from "ink-spinner";
+import { useCallback as useCallback8 } from "react";
+import { jsx as jsx21, jsxs as jsxs16 } from "react/jsx-runtime";
+var CancelView2 = ({ approvalId, cancel, onComplete }) => {
+  const action = useCallback8(() => cancel(), [cancel]);
+  const { finish } = useFlowExit(onComplete);
+  const { status } = useFlowState(action, finish);
+  if (status === "loading") {
+    return /* @__PURE__ */ jsx21(Box16, { children: /* @__PURE__ */ jsxs16(Text17, { color: "cyan", children: [
+      /* @__PURE__ */ jsx21(Spinner13, { type: "dots" }),
+      " Cancelling approval ",
+      approvalId,
+      "..."
+    ] }) });
+  }
+  return /* @__PURE__ */ jsx21(Box16, { children: /* @__PURE__ */ jsxs16(Text17, { color: "green", children: [
+    "\u2713 Cancelled approval ",
+    approvalId,
+    " (best-effort)"
+  ] }) });
+};
+
+// src/commands/x402/decode.tsx
+import { fromFoundationRequirements as fromFoundationRequirements2 } from "@inflowpayai/x402-buyer";
+import { Box as Box17, Text as Text18 } from "ink";
+import { jsx as jsx22, jsxs as jsxs17 } from "react/jsx-runtime";
+var DecodeView2 = ({ decoded }) => {
+  const summary = summarizeAccepts(fromFoundationRequirements2(decoded.accepts));
+  return /* @__PURE__ */ jsxs17(Box17, { flexDirection: "column", paddingY: 1, children: [
+    /* @__PURE__ */ jsx22(Box17, { marginBottom: 1, children: /* @__PURE__ */ jsx22(Text18, { bold: true, children: "Decoded PAYMENT-REQUIRED" }) }),
+    /* @__PURE__ */ jsxs17(Box17, { flexDirection: "column", borderStyle: "round", borderColor: "cyan", paddingX: 2, paddingY: 1, children: [
+      /* @__PURE__ */ jsxs17(Text18, { children: [
+        "x402Version: ",
+        /* @__PURE__ */ jsx22(Text18, { color: "cyan", children: String(decoded.x402Version) })
+      ] }),
+      /* @__PURE__ */ jsxs17(Text18, { children: [
+        "resource: ",
+        /* @__PURE__ */ jsx22(Text18, { color: "cyan", children: decoded.resource.url })
+      ] }),
+      /* @__PURE__ */ jsx22(Text18, { children: `accepts (${String(summary.length)}):` }),
+      summary.map((entry, idx) => /* @__PURE__ */ jsxs17(Text18, { children: [
+        "  ",
+        /* @__PURE__ */ jsx22(Text18, { color: "yellow", children: entry.scheme }),
+        " / ",
+        /* @__PURE__ */ jsx22(Text18, { color: "yellow", children: entry.network }),
+        entry.amount !== void 0 ? ` \xB7 amount ${entry.amount}` : "",
+        entry.asset !== void 0 ? ` \xB7 ${entry.asset}` : ""
+      ] }, `${entry.scheme}-${entry.network}-${String(idx)}`)),
+      decoded.extensions !== void 0 ? /* @__PURE__ */ jsx22(Text18, { dimColor: true, children: `extensions: ${Object.keys(decoded.extensions).join(", ")}` }) : null
+    ] })
+  ] });
+};
+
+// src/commands/x402/inspect.tsx
+import { Box as Box18, Text as Text19 } from "ink";
+import Spinner14 from "ink-spinner";
+import { useEffect as useEffect9, useReducer as useReducer7 } from "react";
+import { jsx as jsx23, jsxs as jsxs18 } from "react/jsx-runtime";
+function summarizeExtra(extra) {
+  if (extra === void 0) return "\u2014";
+  const keys = Object.keys(extra);
+  if (keys.length === 0) return "\u2014";
+  return [...keys].sort((a, b) => a.localeCompare(b)).join(", ");
+}
+function formatTimeout(seconds) {
+  return `${String(seconds)}s`;
+}
+function formatAsset(asset) {
+  return asset === "" ? "\u2014" : asset;
+}
+var COLUMNS5 = [
+  { header: "Scheme", cell: (r) => r.scheme },
+  { header: "Network", cell: (r) => r.network },
+  { header: "Amount", cell: (r) => r.amount },
+  { header: "Asset", cell: (r) => formatAsset(r.asset) },
+  { header: "Pay To", cell: (r) => r.payTo },
+  { header: "Timeout", cell: (r) => formatTimeout(r.maxTimeoutSeconds) },
+  { header: "Extra", cell: (r) => summarizeExtra(r.extra) }
+];
+var InspectView2 = ({ url, method, deps, onComplete }) => {
+  const initial = { kind: "probing" };
+  const [phase, dispatch] = useReducer7(reduceX402Inspect, initial);
+  const { finish } = useFlowExit(onComplete);
+  useEffect9(() => {
+    let cancelled = false;
+    void runInspectPipeline(deps, (event) => {
+      if (!cancelled) dispatch(event);
+    });
+    return () => {
+      cancelled = true;
+    };
+  }, [deps]);
+  useEffect9(() => {
+    if (phase.kind === "accepts" || phase.kind === "no-payment" || phase.kind === "error") {
+      finish(phase);
+    }
+  }, [phase, finish]);
+  if (phase.kind === "probing") {
+    return /* @__PURE__ */ jsx23(Box18, { children: /* @__PURE__ */ jsxs18(Text19, { color: "cyan", children: [
+      /* @__PURE__ */ jsx23(Spinner14, { type: "dots" }),
+      " Probing ",
+      method,
+      " ",
+      url,
+      "..."
+    ] }) });
+  }
+  if (phase.kind === "no-payment") {
+    return /* @__PURE__ */ jsxs18(Box18, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx23(Text19, { color: "green", children: "\u2713 Seller accepted without payment" }),
+      /* @__PURE__ */ jsx23(Text19, { dimColor: true, children: "Use `x402 pay` to fetch the body." })
+    ] });
+  }
+  if (phase.kind === "error") {
+    return /* @__PURE__ */ jsxs18(Box18, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsxs18(Text19, { color: "red", children: [
+        "\u2717 ",
+        phase.code
+      ] }),
+      /* @__PURE__ */ jsx23(Text19, { color: "red", children: phase.message })
+    ] });
+  }
+  const { result } = phase;
+  const acceptsCount = result.accepts.length;
+  const extensionsLine = result.extensions !== void 0 ? Object.keys(result.extensions).join(", ") : null;
+  return /* @__PURE__ */ jsxs18(Box18, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsxs18(Text19, { children: [
+      /* @__PURE__ */ jsx23(Text19, { bold: true, children: "PAYMENT-REQUIRED" }),
+      " for ",
+      /* @__PURE__ */ jsx23(Text19, { color: "cyan", children: result.resource }),
+      "  \xB7  ",
+      /* @__PURE__ */ jsx23(Text19, { dimColor: true, children: `x402Version ${String(result.x402Version)}` }),
+      "  \xB7  ",
+      /* @__PURE__ */ jsx23(Text19, { dimColor: true, children: `${String(acceptsCount)} accept${acceptsCount === 1 ? "" : "s"}` })
+    ] }),
+    extensionsLine !== null ? /* @__PURE__ */ jsx23(Text19, { dimColor: true, children: `extensions: ${extensionsLine}` }) : null,
+    /* @__PURE__ */ jsx23(Box18, { marginTop: 1, children: /* @__PURE__ */ jsx23(Table, { columns: COLUMNS5, rows: result.accepts }) }),
+    /* @__PURE__ */ jsx23(Box18, { marginTop: 1, children: /* @__PURE__ */ jsx23(Text19, { dimColor: true, children: "Use --format json to inspect extras values." }) })
+  ] });
+};
+function buildAcceptsFrame(result) {
+  const frame = {
+    outcome: "accepts",
+    url: result.url,
+    method: result.method,
+    resource: result.resource,
+    x402_version: result.x402Version,
+    accepts: result.accepts.map((entry) => {
+      const row = {
+        scheme: entry.scheme,
+        network: entry.network,
+        amount: entry.amount,
+        asset: entry.asset,
+        pay_to: entry.payTo,
+        max_timeout_seconds: entry.maxTimeoutSeconds
+      };
+      if (entry.extra !== void 0) row.extra = entry.extra;
+      return row;
+    })
+  };
+  if (result.extensions !== void 0) frame.extensions = result.extensions;
+  return frame;
+}
+function buildNoPaymentFrame2(result) {
+  const frame = {
+    outcome: "no-payment-required",
+    url: result.url,
+    method: result.method,
+    status: result.status,
+    body_size_bytes: result.bodySizeBytes
+  };
+  if (result.contentType !== void 0) frame.content_type = result.contentType;
+  return frame;
+}
+
+// src/commands/x402/pay.tsx
+import { Box as Box19, Text as Text20, useInput as useInput4 } from "ink";
+import Spinner15 from "ink-spinner";
+import { useEffect as useEffect10, useReducer as useReducer8, useState as useState4 } from "react";
+import { jsx as jsx24, jsxs as jsxs19 } from "react/jsx-runtime";
+var PayView2 = ({ url, method, deps, onComplete, onCancel }) => {
+  const initial = { kind: "probing" };
+  const [phase, dispatch] = useReducer8(reducePay, initial);
+  const [cancelling, setCancelling] = useState4(false);
+  const { finish, cancelThenFinish } = useFlowExit(onComplete);
+  useInput4(
+    (_input, key) => {
+      if (phase.kind !== "awaiting-approval") return;
+      if (key.return) {
+        openUrl(phase.approvalUrl);
+        return;
+      }
+      if (key.escape) {
+        const { approvalId } = phase.prepared;
+        setCancelling(true);
+        cancelThenFinish(() => onCancel?.(approvalId), {
+          kind: "error",
+          code: "APPROVAL_CANCELLED",
+          message: `Approval ${approvalId} cancelled.`
+        });
+      }
+    },
+    { isActive: phase.kind === "awaiting-approval" && !cancelling }
+  );
+  useEffect10(() => {
+    const controller = new AbortController();
+    let cancelled = false;
+    const runDeps = { ...deps, signOptions: { ...deps.signOptions, signal: controller.signal } };
+    void runPayPipeline(runDeps, (event) => {
+      if (!cancelled) dispatch(event);
+    });
+    return () => {
+      cancelled = true;
+      controller.abort();
+    };
+  }, [deps]);
+  useEffect10(() => {
+    if (phase.kind === "success" || phase.kind === "replay-rejected" || phase.kind === "no-payment-final" || phase.kind === "error") {
+      finish(phase);
     }
-  }, [phase, onComplete, exit]);
+  }, [phase, finish]);
+  if (cancelling) {
+    return /* @__PURE__ */ jsx24(Box19, { children: /* @__PURE__ */ jsxs19(Text20, { color: "yellow", children: [
+      /* @__PURE__ */ jsx24(Spinner15, { type: "dots" }),
+      " Cancelling approval..."
+    ] }) });
+  }
   if (phase.kind === "probing") {
-    return /* @__PURE__ */ jsx17(Box13, { children: /* @__PURE__ */ jsxs13(Text14, { color: "cyan", children: [
-      /* @__PURE__ */ jsx17(Spinner10, { type: "dots" }),
+    return /* @__PURE__ */ jsx24(Box19, { children: /* @__PURE__ */ jsxs19(Text20, { color: "cyan", children: [
+      /* @__PURE__ */ jsx24(Spinner15, { type: "dots" }),
       " Probing ",
       method,
       " ",
@@ -14306,23 +15913,23 @@ var PayView = ({ url, method, deps, onComplete }) => {
     ] }) });
   }
   if (phase.kind === "no-payment") {
-    return /* @__PURE__ */ jsx17(Box13, { children: /* @__PURE__ */ jsxs13(Text14, { color: "cyan", children: [
-      /* @__PURE__ */ jsx17(Spinner10, { type: "dots" }),
+    return /* @__PURE__ */ jsx24(Box19, { children: /* @__PURE__ */ jsxs19(Text20, { color: "cyan", children: [
+      /* @__PURE__ */ jsx24(Spinner15, { type: "dots" }),
       " Seller accepted without payment (status ",
       String(phase.probe.status),
       "); finalising..."
     ] }) });
   }
   if (phase.kind === "matching") {
-    return /* @__PURE__ */ jsx17(Box13, { flexDirection: "column", children: /* @__PURE__ */ jsxs13(Text14, { color: "cyan", children: [
-      /* @__PURE__ */ jsx17(Spinner10, { type: "dots" }),
+    return /* @__PURE__ */ jsx24(Box19, { flexDirection: "column", children: /* @__PURE__ */ jsxs19(Text20, { color: "cyan", children: [
+      /* @__PURE__ */ jsx24(Spinner15, { type: "dots" }),
       " Decoding seller requirements..."
     ] }) });
   }
   if (phase.kind === "preparing") {
     const summary = summarizeAccepts([phase.requirement]);
-    return /* @__PURE__ */ jsx17(Box13, { flexDirection: "column", children: /* @__PURE__ */ jsxs13(Text14, { color: "cyan", children: [
-      /* @__PURE__ */ jsx17(Spinner10, { type: "dots" }),
+    return /* @__PURE__ */ jsx24(Box19, { flexDirection: "column", children: /* @__PURE__ */ jsxs19(Text20, { color: "cyan", children: [
+      /* @__PURE__ */ jsx24(Spinner15, { type: "dots" }),
       " Preparing payment (",
       summary[0]?.scheme ?? phase.requirement.scheme,
       " /",
@@ -14332,188 +15939,167 @@ var PayView = ({ url, method, deps, onComplete }) => {
     ] }) });
   }
   if (phase.kind === "awaiting-approval") {
-    return /* @__PURE__ */ jsxs13(Box13, { flexDirection: "column", paddingY: 1, children: [
-      /* @__PURE__ */ jsx17(Box13, { marginBottom: 1, children: /* @__PURE__ */ jsx17(Text14, { bold: true, children: "Approval required" }) }),
-      /* @__PURE__ */ jsxs13(Box13, { flexDirection: "column", borderStyle: "round", borderColor: "cyan", paddingX: 2, paddingY: 1, children: [
-        /* @__PURE__ */ jsxs13(Text14, { children: [
+    return /* @__PURE__ */ jsxs19(Box19, { flexDirection: "column", paddingY: 1, children: [
+      /* @__PURE__ */ jsx24(Box19, { marginBottom: 1, children: /* @__PURE__ */ jsx24(Text20, { bold: true, children: "Approval required" }) }),
+      /* @__PURE__ */ jsxs19(Box19, { flexDirection: "column", borderStyle: "round", borderColor: "cyan", paddingX: 2, paddingY: 1, children: [
+        /* @__PURE__ */ jsxs19(Text20, { children: [
           "Open: ",
-          /* @__PURE__ */ jsx17(Text14, { bold: true, color: "cyan", children: phase.approvalUrl })
+          /* @__PURE__ */ jsx24(Text20, { bold: true, color: "cyan", children: phase.approvalUrl })
         ] }),
-        /* @__PURE__ */ jsx17(Text14, { dimColor: true, children: "Press Enter to open in browser." })
+        /* @__PURE__ */ jsx24(Text20, { dimColor: true, children: "Press Enter to open in browser." }),
+        /* @__PURE__ */ jsx24(Text20, { dimColor: true, children: "Press Escape to cancel." })
       ] }),
-      /* @__PURE__ */ jsx17(Box13, { marginTop: 1, children: /* @__PURE__ */ jsxs13(Text14, { color: "cyan", children: [
-        /* @__PURE__ */ jsx17(Spinner10, { type: "dots" }),
+      /* @__PURE__ */ jsx24(Box19, { marginTop: 1, children: /* @__PURE__ */ jsxs19(Text20, { color: "cyan", children: [
+        /* @__PURE__ */ jsx24(Spinner15, { type: "dots" }),
         " Waiting for approval..."
       ] }) })
     ] });
   }
   if (phase.kind === "replaying") {
-    return /* @__PURE__ */ jsx17(Box13, { children: /* @__PURE__ */ jsxs13(Text14, { color: "cyan", children: [
-      /* @__PURE__ */ jsx17(Spinner10, { type: "dots" }),
+    return /* @__PURE__ */ jsx24(Box19, { children: /* @__PURE__ */ jsxs19(Text20, { color: "cyan", children: [
+      /* @__PURE__ */ jsx24(Spinner15, { type: "dots" }),
       " Replaying request with PAYMENT-SIGNATURE..."
     ] }) });
   }
   if (phase.kind === "success") {
     const { result } = phase;
-    return /* @__PURE__ */ jsxs13(Box13, { flexDirection: "column", children: [
-      /* @__PURE__ */ jsxs13(Text14, { color: "green", children: [
+    return /* @__PURE__ */ jsxs19(Box19, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsxs19(Text20, { color: "green", children: [
         "\u2713 Paid ",
         result.scheme,
         " / ",
         result.network
       ] }),
-      /* @__PURE__ */ jsx17(Text14, { children: `status: ${String(result.responseStatus)}` }),
-      /* @__PURE__ */ jsx17(Text14, { children: `transaction: ${result.transactionId}` }),
-      result.settled?.network !== void 0 ? /* @__PURE__ */ jsx17(Text14, { children: `settled via: ${result.settled.network}${result.settled.transaction !== void 0 ? ` (${result.settled.transaction})` : ""}` }) : null,
-      /* @__PURE__ */ jsx17(Text14, { children: `response size: ${String(result.bodySizeBytes)} bytes` }),
-      result.outputSavedTo !== void 0 ? /* @__PURE__ */ jsxs13(Text14, { children: [
+      /* @__PURE__ */ jsx24(Text20, { children: `transaction: ${result.transactionId}` }),
+      result.settled?.network !== void 0 ? /* @__PURE__ */ jsx24(Text20, { children: `settled via: ${result.settled.network}${result.settled.transaction !== void 0 ? ` (${result.settled.transaction})` : ""}` }) : null,
+      result.outputSavedTo !== void 0 ? /* @__PURE__ */ jsxs19(Text20, { children: [
         "Saved to: ",
-        /* @__PURE__ */ jsx17(Text14, { bold: true, children: result.outputSavedTo })
+        /* @__PURE__ */ jsx24(Text20, { bold: true, children: result.outputSavedTo })
       ] }) : null,
-      result.body !== void 0 ? /* @__PURE__ */ jsxs13(Box13, { marginTop: 1, flexDirection: "column", children: [
-        /* @__PURE__ */ jsx17(Text14, { dimColor: true, children: "response body:" }),
-        /* @__PURE__ */ jsx17(Text14, { children: result.body })
+      result.body !== void 0 ? /* @__PURE__ */ jsxs19(Box19, { marginTop: 1, flexDirection: "column", children: [
+        /* @__PURE__ */ jsx24(Text20, { dimColor: true, children: "response body:" }),
+        /* @__PURE__ */ jsx24(Text20, { children: result.body })
       ] }) : null
     ] });
   }
   if (phase.kind === "replay-rejected") {
     const { result } = phase;
-    return /* @__PURE__ */ jsxs13(Box13, { flexDirection: "column", children: [
-      /* @__PURE__ */ jsxs13(Text14, { color: "red", children: [
+    return /* @__PURE__ */ jsxs19(Box19, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsxs19(Text20, { color: "red", children: [
         "\u2717 Payment not accepted (",
         result.scheme,
         " / ",
         result.network,
         ")"
       ] }),
-      /* @__PURE__ */ jsx17(Text14, { children: `status: ${String(result.responseStatus)}` }),
-      /* @__PURE__ */ jsx17(Text14, { children: `transaction: ${result.transactionId}` }),
-      /* @__PURE__ */ jsx17(Text14, { children: `approval: ${result.approvalId}` }),
-      /* @__PURE__ */ jsx17(Text14, { children: `approval url: ${result.approvalUrl}` }),
-      /* @__PURE__ */ jsx17(Text14, { children: `response size: ${String(result.bodySizeBytes)} bytes` }),
-      result.outputSavedTo !== void 0 ? /* @__PURE__ */ jsxs13(Text14, { children: [
+      /* @__PURE__ */ jsx24(Text20, { children: `transaction: ${result.transactionId}` }),
+      /* @__PURE__ */ jsx24(Text20, { children: `approval: ${result.approvalId}` }),
+      /* @__PURE__ */ jsx24(Text20, { children: `approval url: ${result.approvalUrl}` }),
+      result.outputSavedTo !== void 0 ? /* @__PURE__ */ jsxs19(Text20, { children: [
         "Saved to: ",
-        /* @__PURE__ */ jsx17(Text14, { bold: true, children: result.outputSavedTo })
+        /* @__PURE__ */ jsx24(Text20, { bold: true, children: result.outputSavedTo })
       ] }) : null,
-      result.body !== void 0 ? /* @__PURE__ */ jsxs13(Box13, { marginTop: 1, flexDirection: "column", children: [
-        /* @__PURE__ */ jsx17(Text14, { dimColor: true, children: "response body:" }),
-        /* @__PURE__ */ jsx17(Text14, { children: result.body })
+      result.body !== void 0 ? /* @__PURE__ */ jsxs19(Box19, { marginTop: 1, flexDirection: "column", children: [
+        /* @__PURE__ */ jsx24(Text20, { dimColor: true, children: "response body:" }),
+        /* @__PURE__ */ jsx24(Text20, { children: result.body })
       ] }) : null
     ] });
   }
   if (phase.kind === "no-payment-final") {
     const { result } = phase;
-    return /* @__PURE__ */ jsxs13(Box13, { flexDirection: "column", children: [
-      /* @__PURE__ */ jsx17(Text14, { color: "green", children: "\u2713 Seller accepted without payment" }),
-      /* @__PURE__ */ jsx17(Text14, { children: `status: ${String(result.status)}` }),
-      /* @__PURE__ */ jsx17(Text14, { children: `response size: ${String(result.bodySizeBytes)} bytes` }),
-      result.outputSavedTo !== void 0 ? /* @__PURE__ */ jsxs13(Text14, { children: [
+    return /* @__PURE__ */ jsxs19(Box19, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx24(Text20, { color: "green", children: "\u2713 Seller accepted without payment" }),
+      result.outputSavedTo !== void 0 ? /* @__PURE__ */ jsxs19(Text20, { children: [
         "Saved to: ",
-        /* @__PURE__ */ jsx17(Text14, { bold: true, children: result.outputSavedTo })
+        /* @__PURE__ */ jsx24(Text20, { bold: true, children: result.outputSavedTo })
       ] }) : null,
-      result.body !== void 0 ? /* @__PURE__ */ jsxs13(Box13, { marginTop: 1, flexDirection: "column", children: [
-        /* @__PURE__ */ jsx17(Text14, { dimColor: true, children: "response body:" }),
-        /* @__PURE__ */ jsx17(Text14, { children: result.body })
+      result.body !== void 0 ? /* @__PURE__ */ jsxs19(Box19, { marginTop: 1, flexDirection: "column", children: [
+        /* @__PURE__ */ jsx24(Text20, { dimColor: true, children: "response body:" }),
+        /* @__PURE__ */ jsx24(Text20, { children: result.body })
       ] }) : null
     ] });
   }
-  return /* @__PURE__ */ jsxs13(Box13, { flexDirection: "column", children: [
-    /* @__PURE__ */ jsxs13(Text14, { color: "red", children: [
+  return /* @__PURE__ */ jsxs19(Box19, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsxs19(Text20, { color: "red", children: [
       "\u2717 ",
       phase.code
     ] }),
-    /* @__PURE__ */ jsx17(Text14, { color: "red", children: phase.message })
+    /* @__PURE__ */ jsx24(Text20, { color: "red", children: phase.message })
   ] });
 };
 
 // src/commands/x402/schema.ts
-import { z as z5 } from "incur";
-var payArgs = z5.object({
-  url: z5.string().describe("The x402-protected resource URL to pay for.")
+import { z as z6 } from "incur";
+var payArgs2 = z6.object({
+  url: z6.string().describe("The x402-protected resource URL to pay for.")
 });
-var payOptions = z5.object({
-  method: z5.string().default("GET").describe("HTTP method for the seller request."),
-  data: z5.string().optional().describe(
+var payOptions2 = z6.object({
+  scheme: z6.string().optional().describe('Only consider `accepts[]` entries with this scheme (e.g. "exact", "balance").'),
+  network: z6.string().optional().describe('Only consider entries on this network (e.g. "eip155:84532").'),
+  asset: z6.string().optional().describe("Only consider entries with this on-chain asset id (ERC-20 address or SVM mint)."),
+  assetName: z6.string().optional().describe('Only consider entries whose `extra.assetName` symbol matches (e.g. "USDC").'),
+  method: z6.string().default("GET").describe("HTTP method for the seller request."),
+  data: z6.string().optional().describe(
     "Request body. JSON or raw text. Content-Type defaults to application/json when --data is set unless a --header overrides it."
   ),
-  header: z5.array(z5.string()).default([]).describe('Repeatable. "Name: Value" format.'),
-  interval: z5.coerce.number().default(0).describe(
+  header: z6.array(z6.string()).default([]).describe('Repeatable. "Name: Value" format.'),
+  interval: z6.coerce.number().default(0).describe(
     "Inline poll cadence in seconds while awaiting approval. 0 returns the approval URL and a follow-up command hint without blocking."
   ),
-  maxAttempts: z5.coerce.number().default(0).describe("Hard cap on poll attempts when --interval > 0. 0 means unlimited."),
-  timeout: z5.coerce.number().default(900).describe("Polling deadline in seconds. Default 900s (matches x402-buyer)."),
-  paymentId: z5.string().min(16).max(128).regex(/^[a-zA-Z0-9_-]+$/).optional().describe(
+  maxAttempts: z6.coerce.number().default(0).describe("Hard cap on poll attempts when --interval > 0. 0 means unlimited."),
+  timeout: z6.coerce.number().default(900).describe("Polling deadline in seconds. Default 900s (matches x402-buyer)."),
+  paymentId: z6.string().min(16).max(128).regex(/^[a-zA-Z0-9_-]+$/).optional().describe(
     "Caller-supplied payment identifier. 16-128 chars, ^[a-zA-Z0-9_-]+$. Forwarded to the server as remotePaymentId."
   ),
-  showBody: z5.boolean().default(true).describe(
+  showBody: z6.boolean().default(true).describe(
     "Include the seller response body in the result. Default true so AI assistants paying for content receive the deliverable. Pass --no-show-body to suppress (e.g. for binary downloads paired with --output-file)."
   ),
-  outputFile: z5.string().optional().describe(
+  outputFile: z6.string().optional().describe(
     "Write the seller response body bytes to this file path (overwrites silently). When set, the result frame includes `output_saved_to: <absolute_path>` instead of `body` / `body_base64`. Natural choice for binary content (PDFs, images, downloads)."
   ),
-  payloadFile: z5.string().optional().describe(
+  payloadFile: z6.string().optional().describe(
     "Write the signed `encoded_payload` bytes to this file path (mode 0o600, overwrites silently). When set, the result frame includes `payload_saved_to: <absolute_path>` instead of `encoded_payload`. Use to keep one-time payment credentials out of chat transcripts and logs."
-  ),
-  scheme: z5.string().optional().describe(
-    'Constrain selection to seller `accepts[]` entries whose `scheme` matches exactly (e.g. "balance", "exact"). Combine with --network/--asset/--asset-name for a tighter filter; any flag can be set independently. When the filter empties the accepts list, the command fails with NO_FILTERED_MATCH instead of falling through to the buyer\'s prefer order.'
-  ),
-  network: z5.string().optional().describe(
-    'Constrain selection to seller `accepts[]` entries whose `network` matches exactly (e.g. "inflow:1", "eip155:84532", "solana:..."). Combine with --scheme/--asset/--asset-name for a tighter filter. When the filter empties the accepts list, the command fails with NO_FILTERED_MATCH.'
-  ),
-  asset: z5.string().optional().describe(
-    "Constrain selection to seller `accepts[]` entries whose `asset` matches exactly \u2014 the on-chain asset identifier (ERC-20 contract address for EVM, mint pubkey for SVM). When the filter empties the accepts list, the command fails with NO_FILTERED_MATCH."
-  ),
-  assetName: z5.string().optional().describe(
-    'Constrain selection to seller `accepts[]` entries whose `extra.name` matches exactly \u2014 the human-readable symbol/name the seller advertises (e.g. "USDC"). When the filter empties the accepts list, the command fails with NO_FILTERED_MATCH.'
   )
 });
-var statusArgs = z5.object({
-  transactionId: z5.string().describe("The transaction id returned by `x402 pay`.")
+var statusArgs2 = z6.object({
+  transactionId: z6.string().describe("The transaction id returned by `x402 pay`.")
 });
-var statusOptions2 = z5.object({
-  interval: z5.coerce.number().default(0).describe(
+var statusOptions3 = z6.object({
+  interval: z6.coerce.number().default(0).describe(
     "Poll cadence in seconds. 0 returns the current snapshot; positive values yield on every change until signed or terminal."
   ),
-  maxAttempts: z5.coerce.number().default(0).describe("Hard cap on poll attempts. 0 means unlimited."),
-  timeout: z5.coerce.number().default(900).describe("Polling deadline in seconds."),
-  payloadFile: z5.string().optional().describe(
+  maxAttempts: z6.coerce.number().default(0).describe("Hard cap on poll attempts. 0 means unlimited."),
+  timeout: z6.coerce.number().default(900).describe("Polling deadline in seconds."),
+  payloadFile: z6.string().optional().describe(
     "Write the signed `encoded_payload` bytes to this file path (mode 0o600, overwrites silently). When set, status frames include `payload_saved_to: <absolute_path>` instead of `encoded_payload`. Use to keep one-time payment credentials out of chat transcripts and logs."
   )
 });
-var cancelArgs = z5.object({
-  approvalId: z5.string().describe("The approval id returned by `x402 pay`.")
+var cancelArgs2 = z6.object({
+  approvalId: z6.string().describe("The approval id returned by `x402 pay`.")
 });
-var decodeArgs = z5.object({
-  header: z5.string().describe("Raw PAYMENT-REQUIRED header value (base64).")
+var decodeArgs2 = z6.object({
+  header: z6.string().describe("Raw PAYMENT-REQUIRED header value (base64).")
 });
-var inspectArgs = z5.object({
-  url: z5.string().describe("The x402-protected resource URL to probe. No payment is made.")
+var inspectArgs2 = z6.object({
+  url: z6.string().describe("The x402-protected resource URL to probe. No payment is made.")
 });
-var inspectOptions = z5.object({
-  method: z5.string().default("GET").describe("HTTP method for the probe request."),
-  data: z5.string().optional().describe(
+var inspectOptions2 = z6.object({
+  scheme: z6.string().optional().describe('Only show `accepts[]` entries with this scheme (e.g. "exact", "balance").'),
+  network: z6.string().optional().describe('Only show entries on this network (e.g. "eip155:84532").'),
+  asset: z6.string().optional().describe("Only show entries with this on-chain asset id (ERC-20 address or SVM mint)."),
+  assetName: z6.string().optional().describe('Only show entries whose `extra.assetName` symbol matches (e.g. "USDC").'),
+  method: z6.string().default("GET").describe("HTTP method for the probe request."),
+  data: z6.string().optional().describe(
     "Request body for the probe. JSON or raw text. Content-Type defaults to application/json when --data is set unless a --header overrides it."
   ),
-  header: z5.array(z5.string()).default([]).describe('Repeatable. "Name: Value" format.'),
-  scheme: z5.string().optional().describe(
-    'Constrain the rendered accepts to entries whose `scheme` matches exactly (e.g. "balance", "exact"). When the filter empties the accepts list, the command fails with NO_FILTERED_MATCH.'
-  ),
-  network: z5.string().optional().describe(
-    'Constrain the rendered accepts to entries whose `network` matches exactly (e.g. "inflow:1", "eip155:84532"). When the filter empties the accepts list, the command fails with NO_FILTERED_MATCH.'
-  ),
-  asset: z5.string().optional().describe(
-    "Constrain the rendered accepts to entries whose `asset` matches exactly \u2014 the on-chain asset identifier (ERC-20 contract address for EVM, mint pubkey for SVM). When the filter empties the accepts list, the command fails with NO_FILTERED_MATCH."
-  ),
-  assetName: z5.string().optional().describe(
-    'Constrain the rendered accepts to entries whose `extra.name` matches exactly \u2014 the human-readable symbol/name the seller advertises (e.g. "USDC"). When the filter empties the accepts list, the command fails with NO_FILTERED_MATCH.'
-  )
+  header: z6.array(z6.string()).default([]).describe('Repeatable. "Name: Value" format.')
 });
 
 // src/commands/x402/status.tsx
-import { Box as Box14, Text as Text15, useApp as useApp12 } from "ink";
-import Spinner11 from "ink-spinner";
-import { useEffect as useEffect8, useReducer as useReducer6 } from "react";
-import { jsx as jsx18, jsxs as jsxs14 } from "react/jsx-runtime";
+import { Box as Box20, Text as Text21 } from "ink";
+import Spinner16 from "ink-spinner";
+import { useEffect as useEffect11, useReducer as useReducer9 } from "react";
+import { jsx as jsx25, jsxs as jsxs20 } from "react/jsx-runtime";
 var X402StatusView = ({
   transactionId,
   fetchOnce,
@@ -14522,10 +16108,10 @@ var X402StatusView = ({
   timeout,
   onComplete
 }) => {
-  const { exit } = useApp12();
   const initial = { kind: "polling" };
-  const [phase, dispatch] = useReducer6(reduceX402Status, initial);
-  useEffect8(() => {
+  const [phase, dispatch] = useReducer9(reduceX402Status, initial);
+  const { finish } = useFlowExit(onComplete);
+  useEffect11(() => {
     const run = runX402Status({ fetchOnce, interval, maxAttempts, timeout });
     let cancelled = false;
     void (async () => {
@@ -14538,16 +16124,15 @@ var X402StatusView = ({
       cancelled = true;
     };
   }, [fetchOnce, interval, maxAttempts, timeout]);
-  useEffect8(() => {
+  useEffect11(() => {
     if (phase.kind === "signed" || phase.kind === "failed" || phase.kind === "timeout" || phase.kind === "error") {
-      onComplete(phase);
-      exit();
+      finish(phase);
     }
-  }, [phase, onComplete, exit]);
+  }, [phase, finish]);
   if (phase.kind === "polling") {
     const statusText = phase.latest?.status ?? "pending";
-    return /* @__PURE__ */ jsx18(Box14, { flexDirection: "column", children: /* @__PURE__ */ jsxs14(Text15, { color: "cyan", children: [
-      /* @__PURE__ */ jsx18(Spinner11, { type: "dots" }),
+    return /* @__PURE__ */ jsx25(Box20, { flexDirection: "column", children: /* @__PURE__ */ jsxs20(Text21, { color: "cyan", children: [
+      /* @__PURE__ */ jsx25(Spinner16, { type: "dots" }),
       " Polling transaction ",
       transactionId,
       " (status: ",
@@ -14558,80 +16143,73 @@ var X402StatusView = ({
   if (phase.kind === "signed") {
     const encoded = phase.response.encodedPayload ?? "";
     const preview = encoded.length > 32 ? `${encoded.slice(0, 32)}...` : encoded;
-    return /* @__PURE__ */ jsxs14(Box14, { flexDirection: "column", children: [
-      /* @__PURE__ */ jsx18(Text15, { color: "green", children: "\u2713 Signed" }),
-      /* @__PURE__ */ jsx18(Text15, { children: `status: ${phase.response.status}` }),
-      /* @__PURE__ */ jsx18(Text15, { children: `encodedPayload: ${preview}` })
+    return /* @__PURE__ */ jsxs20(Box20, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx25(Text21, { color: "green", children: "\u2713 Signed" }),
+      /* @__PURE__ */ jsx25(Text21, { children: `status: ${phase.response.status}` }),
+      /* @__PURE__ */ jsx25(Text21, { children: `encodedPayload: ${preview}` })
     ] });
   }
   if (phase.kind === "failed") {
-    return /* @__PURE__ */ jsxs14(Box14, { flexDirection: "column", children: [
-      /* @__PURE__ */ jsx18(Text15, { color: "red", children: "\u2717 Approval did not settle" }),
-      /* @__PURE__ */ jsx18(Text15, { color: "red", children: `status: ${phase.response.status}` })
+    return /* @__PURE__ */ jsxs20(Box20, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx25(Text21, { color: "red", children: "\u2717 Approval did not settle" }),
+      /* @__PURE__ */ jsx25(Text21, { color: "red", children: `status: ${phase.response.status}` })
     ] });
   }
   if (phase.kind === "timeout") {
-    return /* @__PURE__ */ jsxs14(Box14, { flexDirection: "column", children: [
-      /* @__PURE__ */ jsx18(Text15, { color: "yellow", children: "Polling timed out before the transaction reached a signed state." }),
-      phase.response !== void 0 ? /* @__PURE__ */ jsx18(Text15, { children: `last status: ${phase.response.status}` }) : null
+    return /* @__PURE__ */ jsxs20(Box20, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx25(Text21, { color: "yellow", children: "Polling timed out before the transaction reached a signed state." }),
+      phase.response !== void 0 ? /* @__PURE__ */ jsx25(Text21, { children: `last status: ${phase.response.status}` }) : null
     ] });
   }
-  return /* @__PURE__ */ jsxs14(Box14, { flexDirection: "column", children: [
-    /* @__PURE__ */ jsx18(Text15, { color: "red", children: "\u2717 Polling failed" }),
-    /* @__PURE__ */ jsx18(Text15, { color: "red", children: phase.message })
+  return /* @__PURE__ */ jsxs20(Box20, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsx25(Text21, { color: "red", children: "\u2717 Polling failed" }),
+    /* @__PURE__ */ jsx25(Text21, { color: "red", children: phase.message })
   ] });
 };
 
 // src/commands/x402/supported.tsx
-import { Box as Box15, Text as Text16, useApp as useApp13 } from "ink";
-import Spinner12 from "ink-spinner";
-import { useCallback as useCallback6 } from "react";
-import { jsx as jsx19, jsxs as jsxs15 } from "react/jsx-runtime";
-var COLUMNS4 = [
+import { Box as Box21, Text as Text22 } from "ink";
+import Spinner17 from "ink-spinner";
+import { useCallback as useCallback9 } from "react";
+import { jsx as jsx26, jsxs as jsxs21 } from "react/jsx-runtime";
+var COLUMNS6 = [
   { header: "Scheme", cell: (k) => k.scheme },
   { header: "Network", cell: (k) => k.network }
 ];
-var SupportedView = ({ load, onComplete }) => {
-  const { exit } = useApp13();
-  const action = useCallback6(() => load(), [load]);
-  const handleComplete = useCallback6(
-    (result) => {
-      onComplete(result);
-      exit();
-    },
-    [onComplete, exit]
-  );
-  const { status, data, error } = useFlowState(action, handleComplete);
+var SupportedView2 = ({ load, onComplete }) => {
+  const action = useCallback9(() => load(), [load]);
+  const { finish } = useFlowExit(onComplete);
+  const { status, data, error } = useFlowState(action, finish);
   if (status === "loading") {
-    return /* @__PURE__ */ jsx19(Box15, { children: /* @__PURE__ */ jsxs15(Text16, { color: "cyan", children: [
-      /* @__PURE__ */ jsx19(Spinner12, { type: "dots" }),
+    return /* @__PURE__ */ jsx26(Box21, { children: /* @__PURE__ */ jsxs21(Text22, { color: "cyan", children: [
+      /* @__PURE__ */ jsx26(Spinner17, { type: "dots" }),
       " Loading supported schemes..."
     ] }) });
   }
   if (status === "error") {
-    return /* @__PURE__ */ jsxs15(Box15, { flexDirection: "column", children: [
-      /* @__PURE__ */ jsx19(Text16, { color: "red", children: "Failed to load supported schemes" }),
-      /* @__PURE__ */ jsx19(Text16, { color: "red", children: error })
+    return /* @__PURE__ */ jsxs21(Box21, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx26(Text22, { color: "red", children: "Failed to load supported schemes" }),
+      /* @__PURE__ */ jsx26(Text22, { color: "red", children: error })
     ] });
   }
   const kinds = data?.kinds ?? [];
   if (kinds.length === 0) {
-    return /* @__PURE__ */ jsx19(Box15, { flexDirection: "column", children: /* @__PURE__ */ jsx19(Text16, { children: "No supported (scheme, network) pairs returned for this account." }) });
+    return /* @__PURE__ */ jsx26(Box21, { flexDirection: "column", children: /* @__PURE__ */ jsx26(Text22, { children: "No supported (scheme, network) pairs returned for this account." }) });
   }
-  return /* @__PURE__ */ jsx19(Table, { columns: COLUMNS4, rows: kinds });
+  return /* @__PURE__ */ jsx26(Table, { columns: COLUMNS6, rows: kinds });
 };
 
 // src/commands/x402/index.tsx
-import { jsx as jsx20 } from "react/jsx-runtime";
+import { jsx as jsx27 } from "react/jsx-runtime";
 var POST_PAY_INSTRUCTION = "Present the approval_url to the user and ask them to approve in the InFlow mobile app or dashboard. Then call `x402 status <transaction_id> --interval 5 --max-attempts 60` to poll until signed. Once the transaction is signed, replay the request manually using the encoded_payload from the status response as the PAYMENT-SIGNATURE header.";
-var POLLING_INSTRUCTION = "Approval polling is happening inline. The yield stream emits each status change; the final frame includes the encoded_payload when signing completes.";
+var POLLING_INSTRUCTION2 = "Approval polling is happening inline. The yield stream emits each status change; the final frame includes the encoded_payload when signing completes.";
 function buildSignOptions(options) {
   const out = { timeoutMs: options.timeout * 1e3 };
   if (options.interval > 0) out.pollIntervalMs = options.interval * 1e3;
   if (options.paymentId !== void 0) out.paymentId = options.paymentId;
   return out;
 }
-function parseHeaderFlagsOrFail(c, flags) {
+function parseHeaderFlagsOrFail2(c, flags) {
   try {
     return parseHeaderFlags(flags);
   } catch (err) {
@@ -14643,16 +16221,16 @@ function parseHeaderFlagsOrFail(c, flags) {
 }
 function decoratePayloadField(frame, encoded, payloadFile) {
   if (payloadFile !== void 0 && payloadFile.length > 0) {
-    const absolute = resolvePath2(payloadFile);
-    writeFileSync2(absolute, Buffer.from(encoded, "utf-8"), { mode: 384 });
-    chmodSync(absolute, 384);
+    const absolute = resolvePath3(payloadFile);
+    writeFileSync3(absolute, Buffer.from(encoded, "utf-8"), { mode: 384 });
+    chmodSync2(absolute, 384);
     frame.payload_saved_to = absolute;
     return;
   }
   frame.encoded_payload = encoded;
 }
-function buildPayPipelineInput(c) {
-  const probeHeaders = parseHeaderFlagsOrFail(c, c.options.header);
+function buildPayPipelineInput2(c) {
+  const probeHeaders = parseHeaderFlagsOrFail2(c, c.options.header);
   const probeOptions = {
     method: c.options.method,
     headers: probeHeaders,
@@ -14670,19 +16248,19 @@ function buildPayPipelineInput(c) {
     ...c.options.assetName !== void 0 ? { assetNameFilter: c.options.assetName } : {}
   };
 }
-function attachBodyFields(frame, result) {
+function attachBodyFields2(frame, result) {
   frame.body_size_bytes = result.bodySizeBytes;
   if (result.body !== void 0) frame.body = result.body;
   if (result.bodyBase64 !== void 0) frame.body_base64 = result.bodyBase64;
   if (result.outputSavedTo !== void 0) frame.output_saved_to = result.outputSavedTo;
 }
-function noPaymentFrameFromResult(result) {
+function noPaymentFrameFromResult2(result) {
   const frame = {
     outcome: "no-payment-required",
     status: result.status
   };
   if (result.contentType !== void 0) frame.content_type = result.contentType;
-  attachBodyFields(frame, result);
+  attachBodyFields2(frame, result);
   return frame;
 }
 function initialPayFrame(event, interval, maxAttempts) {
@@ -14693,7 +16271,7 @@ function initialPayFrame(event, interval, maxAttempts) {
     resource: event.decoded.resource.url,
     scheme: event.requirement.scheme,
     network: event.requirement.network,
-    instruction: interval > 0 ? POLLING_INSTRUCTION : POST_PAY_INSTRUCTION
+    instruction: interval > 0 ? POLLING_INSTRUCTION2 : POST_PAY_INSTRUCTION
   };
   if (event.requirement.amount !== "") frame.amount = event.requirement.amount;
   if (event.requirement.asset !== "") frame.asset = event.requirement.asset;
@@ -14707,7 +16285,7 @@ function initialPayFrame(event, interval, maxAttempts) {
   }
   return frame;
 }
-function paidFrameFromResult(result, payloadFile) {
+function paidFrameFromResult2(result, payloadFile) {
   const frame = {
     outcome: "paid",
     transaction_id: result.transactionId,
@@ -14719,10 +16297,10 @@ function paidFrameFromResult(result, payloadFile) {
   decoratePayloadField(frame, result.encodedPayload, payloadFile);
   if (result.responseContentType !== void 0) frame.response_content_type = result.responseContentType;
   if (result.settled !== void 0) frame.settled = result.settled;
-  attachBodyFields(frame, result);
+  attachBodyFields2(frame, result);
   return frame;
 }
-function rejectedFrameFromResult(result) {
+function rejectedFrameFromResult2(result) {
   const frame = {
     outcome: "replay-rejected",
     transaction_id: result.transactionId,
@@ -14733,14 +16311,14 @@ function rejectedFrameFromResult(result) {
     response_status: result.responseStatus
   };
   if (result.responseContentType !== void 0) frame.response_content_type = result.responseContentType;
-  attachBodyFields(frame, result);
+  attachBodyFields2(frame, result);
   return frame;
 }
-async function* runPayCommand(c, inflow2, authStorage2, apiBaseUrl2) {
+async function* runPayCommand2(c, inflow2, authStorage2, apiBaseUrl2) {
   assertSessionGuard(c, authStorage2, inflow2);
   if (!c.agent && !c.formatExplicit) {
     const client = await inflow2.x402.client();
-    const probeHeaders = parseHeaderFlagsOrFail(c, c.options.header);
+    const probeHeaders = parseHeaderFlagsOrFail2(c, c.options.header);
     const probeOptions = {
       method: c.options.method,
       headers: probeHeaders,
@@ -14748,8 +16326,8 @@ async function* runPayCommand(c, inflow2, authStorage2, apiBaseUrl2) {
     };
     let finalPhase = null;
     await renderInkUntilExit(
-      /* @__PURE__ */ jsx20(
-        PayView,
+      /* @__PURE__ */ jsx27(
+        PayView2,
         {
           url: c.args.url,
           method: c.options.method,
@@ -14768,7 +16346,8 @@ async function* runPayCommand(c, inflow2, authStorage2, apiBaseUrl2) {
           },
           onComplete: (phase) => {
             finalPhase = phase;
-          }
+          },
+          onCancel: (approvalId) => inflow2.x402.cancel({ approvalId })
         }
       )
     );
@@ -14787,12 +16366,12 @@ async function* runPayCommand(c, inflow2, authStorage2, apiBaseUrl2) {
     return;
   }
   const run = inflow2.x402.pay({
-    ...buildPayPipelineInput(c),
+    ...buildPayPipelineInput2(c),
     awaitPayment: c.options.interval > 0
   });
   for await (const event of run.events) {
     if (event.type === "short-circuited") {
-      yield sanitizeDeep(noPaymentFrameFromResult(event.result));
+      yield sanitizeDeep(noPaymentFrameFromResult2(event.result));
       return;
     }
     if (event.type === "prepared") {
@@ -14800,11 +16379,11 @@ async function* runPayCommand(c, inflow2, authStorage2, apiBaseUrl2) {
       continue;
     }
     if (event.type === "replayed") {
-      yield sanitizeDeep(paidFrameFromResult(event.result, c.options.payloadFile));
+      yield sanitizeDeep(paidFrameFromResult2(event.result, c.options.payloadFile));
       return;
     }
     if (event.type === "rejected") {
-      yield sanitizeDeep(rejectedFrameFromResult(event.result));
+      yield sanitizeDeep(rejectedFrameFromResult2(event.result));
       c.error({
         code: PAYMENT_NOT_ACCEPTED_CODE,
         message: `Seller rejected the signed payment with status ${String(event.result.responseStatus)}. The approval was completed but the seller did not honour the payment; see approval_url in the previous frame for details.`
@@ -14816,12 +16395,12 @@ async function* runPayCommand(c, inflow2, authStorage2, apiBaseUrl2) {
     }
   }
 }
-async function* runStatusCommand(c, inflow2, authStorage2) {
+async function* runStatusCommand2(c, inflow2, authStorage2) {
   assertSessionGuard(c, authStorage2, inflow2);
   if (!c.agent && !c.formatExplicit) {
     const client2 = await inflow2.x402.client();
     await renderInkUntilExit(
-      /* @__PURE__ */ jsx20(
+      /* @__PURE__ */ jsx27(
         X402StatusView,
         {
           transactionId: c.args.transactionId,
@@ -14839,7 +16418,7 @@ async function* runStatusCommand(c, inflow2, authStorage2) {
   const fetchOnce = () => client.getX402Payload(c.args.transactionId);
   if (c.options.interval <= 0) {
     const snapshot = await fetchOnce();
-    yield sanitizeDeep(toStatusFrame(c.args.transactionId, snapshot, c.options.payloadFile));
+    yield sanitizeDeep(toStatusFrame2(c.args.transactionId, snapshot, c.options.payloadFile));
     return;
   }
   const generator = pollAsync({
@@ -14851,7 +16430,7 @@ async function* runStatusCommand(c, inflow2, authStorage2) {
     timeout: c.options.timeout
   });
   for await (const outcome of generator) {
-    yield sanitizeDeep(toStatusFrame(c.args.transactionId, outcome.value, c.options.payloadFile));
+    yield sanitizeDeep(toStatusFrame2(c.args.transactionId, outcome.value, c.options.payloadFile));
     if (!outcome.terminal) continue;
     if (outcome.reason !== void 0) {
       c.error({
@@ -14869,7 +16448,7 @@ async function* runStatusCommand(c, inflow2, authStorage2) {
     return;
   }
 }
-function toStatusFrame(transactionId, response, payloadFile) {
+function toStatusFrame2(transactionId, response, payloadFile) {
   const frame = {
     transaction_id: transactionId,
     status: response.status
@@ -14880,12 +16459,12 @@ function toStatusFrame(transactionId, response, payloadFile) {
   if (response.paymentPayload !== void 0) frame.payment_payload = response.paymentPayload;
   return frame;
 }
-async function runCancelCommand(c, inflow2, authStorage2) {
+async function runCancelCommand2(c, inflow2, authStorage2) {
   assertSessionGuard(c, authStorage2, inflow2);
   if (!c.agent && !c.formatExplicit) {
     await renderInkUntilExit(
-      /* @__PURE__ */ jsx20(
-        CancelView,
+      /* @__PURE__ */ jsx27(
+        CancelView2,
         {
           approvalId: c.args.approvalId,
           cancel: () => inflow2.x402.cancel({ approvalId: c.args.approvalId }).then(() => void 0),
@@ -14901,7 +16480,7 @@ async function runCancelCommand(c, inflow2, authStorage2) {
   }
   return inflow2.x402.cancel({ approvalId: c.args.approvalId });
 }
-async function runDecodeCommand(c) {
+async function runDecodeCommand2(c) {
   let decoded;
   try {
     decoded = decodeHeader(c.args.header);
@@ -14912,22 +16491,22 @@ async function runDecodeCommand(c) {
     });
   }
   if (!c.agent && !c.formatExplicit) {
-    await renderInkUntilExit(/* @__PURE__ */ jsx20(DecodeView, { decoded }));
+    await renderInkUntilExit(/* @__PURE__ */ jsx27(DecodeView2, { decoded }));
     return void 0;
   }
   return sanitizeDeep(decoded);
 }
-async function runSupportedCommand(c, inflow2, authStorage2) {
+async function runSupportedCommand2(c, inflow2, authStorage2) {
   assertSessionGuard(c, authStorage2, inflow2);
   if (!c.agent && !c.formatExplicit) {
-    await renderInkUntilExit(/* @__PURE__ */ jsx20(SupportedView, { load: () => inflow2.x402.supported(), onComplete: () => void 0 }));
+    await renderInkUntilExit(/* @__PURE__ */ jsx27(SupportedView2, { load: () => inflow2.x402.supported(), onComplete: () => void 0 }));
     return void 0;
   }
   const response = await inflow2.x402.supported();
   return sanitizeDeep(response);
 }
-async function runInspectCommand(c) {
-  const probeHeaders = parseHeaderFlagsOrFail(c, c.options.header);
+async function runInspectCommand2(c) {
+  const probeHeaders = parseHeaderFlagsOrFail2(c, c.options.header);
   const probeOptions = {
     method: c.options.method,
     headers: probeHeaders,
@@ -14944,8 +16523,8 @@ async function runInspectCommand(c) {
   if (!c.agent && !c.formatExplicit) {
     let finalPhase = null;
     await renderInkUntilExit(
-      /* @__PURE__ */ jsx20(
-        InspectView,
+      /* @__PURE__ */ jsx27(
+        InspectView2,
         {
           url: c.args.url,
           method: c.options.method,
@@ -14989,60 +16568,60 @@ async function runInspectCommand(c) {
   if (kind === "accepts") {
     return sanitizeDeep(buildAcceptsFrame(payload));
   }
-  return sanitizeDeep(buildNoPaymentFrame(payload));
+  return sanitizeDeep(buildNoPaymentFrame2(payload));
 }
 function createX402Cli(inflow2, authStorage2, apiBaseUrl2) {
-  const cli2 = Cli5.create("x402", {
+  const cli2 = Cli6.create("x402", {
     description: "x402 payment commands (pay, inspect, status, cancel, decode, supported)."
   });
   cli2.command("pay", {
     description: "Pay an x402-protected resource and return the seller response.",
-    args: payArgs,
-    options: payOptions,
+    args: payArgs2,
+    options: payOptions2,
     outputPolicy: "agent-only",
     async *run(c) {
-      yield* runPayCommand(c, inflow2, authStorage2, apiBaseUrl2);
+      yield* runPayCommand2(c, inflow2, authStorage2, apiBaseUrl2);
     }
   });
   cli2.command("status", {
     description: "Poll the signing state of an in-flight x402 transaction.",
-    args: statusArgs,
-    options: statusOptions2,
+    args: statusArgs2,
+    options: statusOptions3,
     outputPolicy: "agent-only",
     async *run(c) {
-      yield* runStatusCommand(c, inflow2, authStorage2);
+      yield* runStatusCommand2(c, inflow2, authStorage2);
     }
   });
   cli2.command("cancel", {
     description: "Best-effort cancel of an x402 approval.",
-    args: cancelArgs,
+    args: cancelArgs2,
     outputPolicy: "agent-only",
     async run(c) {
-      return runCancelCommand(c, inflow2, authStorage2);
+      return runCancelCommand2(c, inflow2, authStorage2);
     }
   });
   cli2.command("decode", {
     description: "Decode a raw PAYMENT-REQUIRED header value.",
-    args: decodeArgs,
+    args: decodeArgs2,
     outputPolicy: "agent-only",
     async run(c) {
-      return runDecodeCommand(c);
+      return runDecodeCommand2(c);
     }
   });
   cli2.command("supported", {
     description: "List the buyer-side capability cache (scheme x network).",
     outputPolicy: "agent-only",
     async run(c) {
-      return runSupportedCommand(c, inflow2, authStorage2);
+      return runSupportedCommand2(c, inflow2, authStorage2);
     }
   });
   cli2.command("inspect", {
     description: "Show the seller's PAYMENT-REQUIRED accepts for a URL. Read-only probe \u2014 no auth, no payment.",
-    args: inspectArgs,
-    options: inspectOptions,
+    args: inspectArgs2,
+    options: inspectOptions2,
     outputPolicy: "agent-only",
     async run(c) {
-      return runInspectCommand(c);
+      return runInspectCommand2(c);
     }
   });
   return cli2;
@@ -15116,9 +16695,9 @@ function formatUpdateNotice(info) {
 }
 
 // src/cli.tsx
-var cliVersion = "0.5.2";
+var cliVersion = "0.6.1";
 var cliName = "@inflowpayai/inflow";
-var skillBody = '# Agentic Payments\n\n## Installing\n\nInstall with `npm install -g @inflowpayai/inflow`. Or run directly with `npx @inflowpayai/inflow`.\n\n## Running\n\nInFlow runs as a **standalone CLI** or an **MCP server**.\n\n**MCP**: add to your MCP client config:\n\n```json\n{\n  "mcpServers": {\n    "inflow": {\n      "command": "npx",\n      "args": ["-y", "@inflowpayai/inflow", "--mcp"]\n    }\n  }\n}\n```\n\nThe `-y` flag suppresses npx\'s confirmation prompt \u2014 without it the MCP host can stall on first run.\n\n**MCP mode** exposes every CLI command as a tool. Call `tools/list` on the MCP server for the authoritative inventory; arguments mirror the CLI flags one-to-one.\n\n### Common commands / options\n\n- `inflow --llms` (or `--llms-full` for parameter detail) \u2014 discover all commands. `inflow <command> --schema` for a single command\'s JSON Schema.\n- `inflow --skill` \u2014 print this playbook (no frontmatter) to stdout. Use it to paste into the system-prompt field of an MCP host that doesn\'t natively load skills: `inflow --skill | pbcopy`.\n- Default output is `toon`. Override with `--format <fmt>`; for programmatic parsing prefer `json` (single document) or `jsonl` (line-delimited). `inflow <command> --schema` enumerates every option for the command.\n- Multi-step flows return `_next.command` \u2014 run it to continue.\n- `--auth <path>` overrides the credentials file location.\n- `--api-key <key>` or `INFLOW_API_KEY=<key>` is an alternative to device-flow auth.\n\n## Core flow\n\n**Sequencing.** Run the steps in order. Don\'t skip ahead \u2014 Step 3 fails or double-charges if Steps 1-2 didn\'t clear. `x402 inspect` and `x402 decode` are read-only and don\'t require auth, so they may run before Step 1 if useful (e.g. when sizing up a paywall before committing the user to a login).\n\nCopy this checklist and track progress:\n\n- Step 1: Authenticate with InFlow.\n- Step 2: Pre-flight evaluation (probe seller, check supported pairs, check balance).\n- Step 3: Pay via x402.\n\n### Step 1: Authenticate\n\nCheck the current state first \u2014 the user may already be logged in:\n\n```bash\ninflow auth status\n```\n\nAuthenticated response shape (`access_token` is a 20-char preview, not the full token):\n\n```json\n{\n  "authenticated": true,\n  "auth_method": "device_token",\n  "access_token": "inf_3LtKpQ7nWxYzA1bC...",\n  "credentials_path": "/Users/.../inflow/auth.json",\n  "connection": { "environment": "production", "apiBaseUrl": "https://api.inflowpay.ai" },\n  "update": { "current": "0.4.6", "latest": "0.5.1" }\n}\n```\n\n`auth_method` is `device_token` or `api_key`. For the user\'s identity (email, handle, account id), call `inflow user get` \u2014 `auth status` deliberately doesn\'t include it.\n\nIf the response includes an `update` field, a newer version of `inflow` is published.\n\n**Surface and defer.** Tell the user a newer version is available and how to upgrade \u2014 `npm install -g @inflowpayai/inflow@latest` (or `npx @inflowpayai/inflow@latest`). Then **proceed with the current version**. Only block on the upgrade if a subsequent command fails with `VERSION_UNSUPPORTED` (or an HTTP 426 from the API), at which point the upgrade is mandatory and you should not retry until it lands.\n\nIf `authenticated` is `false`, start the device flow:\n\n```bash\ninflow auth login --client-name "<your-agent-name>"\n```\n\nReplace `<your-agent-name>` with the name of your agent or application (for example `"Personal Assistant"`, `"Shopping Bot"`). The device-authorization page in the user\'s browser displays this name when they approve the connection. Use a clear, unique, identifiable name.\n\nThe response includes a `_next.command` \u2014 run it immediately to poll until authenticated. **Do not wait for the user to respond before starting the poll.** Example response:\n\n```json\n{\n  "verification_url": "https://app.inflowpay.ai/device/?code=ABCD-EFGH",\n  "phrase": "ABCD-EFGH",\n  "_next": {\n    "command": "auth status --interval 5 --max-attempts 60",\n    "poll_interval_seconds": 5,\n    "until": "authenticated is true"\n  }\n}\n```\n\nPresent `verification_url` to the user. Start polling with the `_next.command` immediately \u2014 don\'t wait for them to reply.\n\nIf your environment can\'t relay the verification phrase to the user while a separate polling command blocks I/O, use inline polling instead:\n\n```bash\ninflow auth login --client-name "<name>" --interval 5 --timeout 300\n```\n\n**API key alternative:** if the user provides an API key, set `INFLOW_API_KEY=<key>` in the environment (or pass `--api-key <key>` to any command) instead of running `auth login`. The API key takes precedence over a saved device token.\n\n### Step 2: Pre-flight evaluation\n\nThree commands, in this order:\n\n```bash\n# 1. Probe the seller without paying\ninflow x402 inspect <url>\n# Returns the seller\'s accepts[]: { scheme, network, asset, max_amount_required, extra.name, ... }\n\n# 2. List which scheme \xD7 network pairs the user\'s account supports\ninflow x402 supported\n# Returns: { "kinds": [{ "scheme": "exact", "network": "solana:mainnet" }, ...] }\n\n# 3. Check balances for the candidate asset(s)\ninflow balances list\n# Returns: [{ "available": "100.5", "currency": "USDC" }, ...]\n```\n\n**Shortcut:** If the agent already received a 402 with a `PAYMENT-REQUIRED` header from a prior HTTP call (e.g., the browsing tool hit a paywall), skip step 1 and decode the header directly \u2014 no second probe needed:\n\n```bash\ninflow x402 decode \'<PAYMENT-REQUIRED-header-value>\'\n# Returns the same accepts[] shape as `inspect`, parsed from the header you already have.\n```\n\nNow you have the three facts an agent needs: what the seller wants, what the account can pay with, and whether there\'s enough.\n\n- If `inspect.accepts \u2229 supported.kinds` is empty \u2192 stop with `NO_INFLOW_MATCH`. Tell the user the seller doesn\'t accept any scheme \xD7 network their account supports.\n- If the intersection exists but `balances.available < max_amount_required` for every match \u2192 stop and tell the user to fund the account on a matching network. Run `inflow deposit-addresses list` and surface the deposit address(es) in full.\n- Otherwise: proceed to Step 3.\n\n**Optional filters** to narrow the match before `x402 pay`:\n\n- `--scheme <s>` \u2014 e.g. `exact`, `balance`\n- `--network <n>` \u2014 e.g. `solana:mainnet`, `eip155:84532`, `inflow:1`\n- `--asset <a>` \u2014 on-chain asset identifier (ERC-20 contract address for EVM, mint pubkey for SVM)\n- `--asset-name <name>` \u2014 human-readable symbol the seller advertises (e.g. `USDC`)\n\nWhen any filter empties the accepts list, the command fails with `NO_FILTERED_MATCH` instead of falling through to the buyer\'s default prefer order.\n\n**Decimal precision.** `balances.available` and `max_amount_required` are decimal strings preserving BigDecimal precision. **Never parse them to a JS `Number`** \u2014 that drops precision. Compare as strings, or use a `BigInt` / `decimal.js`-style library.\n\n### Step 3: Pay via x402\n\nDon\'t retry with the same `transaction_id` after `encoded_payload` is consumed \u2014 create a new transaction instead.\n\nBefore initiating the call, summarize the intent to the user in chat: amount, currency, resource URL, scheme, network. The user verifies the canonical details on the approval screen; the chat summary is what they read first. Example:\n\n> "I\'m about to pay 0.10 USDC on Solana mainnet to api.foo.dev for /article-3. Requesting approval next."\n\n**Fast path (recommended).** When the agent can block until the payment finishes, set `--interval N` and let the CLI handle the full flow in one call \u2014 probe, decode, prepare, await approval, replay against the seller, return the body. One tool call, one result:\n\n```bash\ninflow x402 pay <url> --interval 5 --max-attempts 60\n```\n\nThe result includes `outcome: "paid"`, `transaction_id`, `response_status`, `settled`, and the seller body inline (or `output_saved_to` if `--output-file` is set). To surface `approval_url` *before* the call returns (rather than at the end as part of the single result), add `--format jsonl` \u2014 frames stream line-by-line. With the default `json` (or `toon`), the agent only sees the final buffered result.\n\n**Two-step path.** Use this when the agent\'s host can\'t block I/O long enough for the user to approve (chat UIs that need to yield between turns). Drop `--interval`; the first call returns `approval_url` + a `_next.command` for the status poll, and the agent drives the replay itself after `encoded_payload` arrives.\n\n```bash\ninflow x402 pay <url>\n```\n\nFor non-GET requests, pass `--method`, `--data`, `--header` (repeatable):\n\n```bash\ninflow x402 pay https://seller.example.com/api/widgets \\\n  --method POST \\\n  --data \'{"sku":"widget-1"}\' \\\n  --header "X-Custom: value" \\\n  --interval 5 --max-attempts 60\n```\n\n**Retries and idempotency.** Set `--payment-id <id>` whenever a retry on transport failure is possible. The server treats two requests with the same `payment-id` as the same logical payment, so a retry after a network blip won\'t double-charge. Format: 16\u2013128 chars, `^[a-zA-Z0-9_-]+$`.\n\n**Discipline:** set `--payment-id` to a stable random opaque value generated once per intent. Reuse the same id on transport retry. Regenerate only when the user explicitly wants a fresh charge. Don\'t tie the id to wall-clock time \u2014 a date-based id silently double-charges on next-day "buy this again" requests.\n\n```bash\ninflow x402 pay <url> --payment-id "<stable-opaque-id>"\n```\n\nWithout `--payment-id`, the server generates one each call \u2014 fine for one-shots, unsafe for retries.\n\n**Sensitive / binary output.** `encoded_payload` (returned by `x402 status` after approval) is a one-time bearer credential \u2014 don\'t echo it back in chat. Use `--payload-file <path>` to write payload bytes to disk at mode `0o600`; the response then carries `payload_saved_to: <path>` in place of `encoded_payload`. For the seller\'s response body, `--output-file <path>` writes bytes to disk and replaces `body` / `body_base64` with `output_saved_to: <path>` \u2014 pair with `--no-show-body` for binary content (PDFs, images, audio, datasets) so bytes never appear inline as base64:\n\n```bash\ninflow x402 pay https://api.foo.dev/report.pdf --interval 5 --max-attempts 60 \\\n  --output-file /tmp/report.pdf --no-show-body\n```\n\n**Polling discipline.** Persist `transaction_id` as soon as `x402 pay` returns it. Then:\n\n- Run `_next.command` (or `x402 status <transaction_id> --interval N`) immediately. Don\'t wait for the user to confirm before polling starts.\n- If polling is interrupted \u2014 network drop, session bounce, user kills the agent \u2014 resume with `inflow x402 status <transaction_id> --interval 5 --max-attempts 60`. Only create a new transaction if the original expired (`APPROVAL_TIMEOUT`), was denied/cancelled, or its `encoded_payload` is already consumed.\n- If `POLLING_TIMEOUT` fires before approval, ask the user whether to keep waiting or cancel \u2014 don\'t silently restart the poll.\n- If >12 minutes elapsed without a user response, surface that explicitly so they can act before `APPROVAL_TIMEOUT` lands.\n- If the user aborts ("nevermind", "cancel that"), call `inflow x402 cancel <approval_id>` before exiting. Otherwise the approval sits pending for 15 minutes and triggers phantom notifications in the user\'s InFlow app.\n\nOnce `x402 status` returns `encoded_payload`, replay the original seller request with `PAYMENT-SIGNATURE: <encoded_payload>` (or `PAYMENT-SIGNATURE: $(cat <payload-file>)` if you used `--payload-file`). The seller\'s protected response comes back on the replay.\n\n## Worked example\n\nEnd-to-end: a user asks the agent to fetch a paywalled article at `https://api.foo.dev/article-3`.\n\nAfter running the Step 2 pre-flight commands, the intersection lands on `exact` \xD7 `solana:mainnet`, and the user\'s 100.5 USDC balance easily covers the 0.10 USDC the seller requires. Proceed.\n\n> "I\'m about to pay 0.10 USDC on Solana mainnet to api.foo.dev for /article-3.\n> Your balance is 100.5 USDC \u2014 plenty. Requesting approval next."\n\n```bash\ninflow x402 pay https://api.foo.dev/article-3 \\\n  --payment-id "<stable-opaque-id>" --interval 5 --max-attempts 60\n# Persist transaction_id from the response in case polling gets interrupted.\n# -> { "outcome": "paid", "transaction_id": "txn_abc", "response_status": 200,\n#      "body": "{ \\"title\\": \\"How to brew coffee\\", ... }", "settled": { ... } }\n```\n\n> "Approval requested \u2014 confirm in the InFlow app: https://app.inflowpay.ai/approvals/appr_xyz\n> I\'ll keep polling. 15-min window."\n\nOnce the result arrives:\n\n> "Paid 0.10 USDC. Transaction txn_abc. Server returned: \'How to brew coffee \u2014 ...\'"\n\n**Two-step variant** (host can\'t block long enough for approval): drop `--interval`, present `approval_url`, run the returned `_next.command`, then replay against the seller yourself \u2014 use `--payload-file <path>` on the status call and `PAYMENT-SIGNATURE: $(cat <path>)` on the replay.\n\n## What to surface when something goes wrong\n\nMatch each terminal failure to a clear user-facing prompt \u2014 don\'t dump the raw error.\n\n- **`APPROVAL_TIMEOUT`** \u2014 "You didn\'t approve within 15 minutes, so the request expired. Want me to start a new payment, or stop here?"\n- **`APPROVAL_FAILED`** (declined / insufficient funds / generic) \u2014 "Approval didn\'t go through (declined or insufficient funds in the matched asset). Want me to try a different funding source, top up, or stop?"\n- **`APPROVAL_CANCELLED`** \u2014 "You cancelled the approval. Stopping here unless you want to start a new payment."\n- **`NO_INFLOW_MATCH`** \u2014 "The seller accepts `<scheme>` on `<network>`, but your account is funded on `<other-network>`. Either fund your account on `<network>`, or pick a different seller."\n- **`NO_FILTERED_MATCH`** \u2014 "Your filter (`--scheme/--network/--asset`) removed every option the seller accepts. Loosen the filter or check the seller\'s `accepts` list with `inflow x402 inspect`."\n- **`POLLING_TIMEOUT`** \u2014 "Still waiting on your approval \u2014 want me to keep polling, or cancel the request? (`inflow x402 cancel <approval_id>` cancels it.)"\n- **`VERSION_UNSUPPORTED` / HTTP 426** \u2014 "The installed `inflow` CLI is below the minimum supported version. Run `npm install -g @inflowpayai/inflow@latest` and re-try."\n\n## Limits\n\n| Limit                          | Value                                                                                               |\n| ------------------------------ | --------------------------------------------------------------------------------------------------- |\n| Approval window                | 15 minutes from `x402 pay` creating the transaction (`--timeout` overrides the polling deadline)    |\n| Default polling max-attempts   | Unlimited (`--max-attempts 0`). Set a positive cap when you need a hard stop                        |\n| `--payment-id` format          | 16\u2013128 chars, `^[a-zA-Z0-9_-]+$`                                                                    |\n| `encoded_payload` reuse        | One-time. Consumed by the first seller replay. Not reusable \u2014 failed seller calls require a new pay |\n\n## Important\n\n- Treat OAuth tokens and API keys as secrets \u2014 never echo them. The `encoded_payload` returned by `x402 status` is a one-time bearer credential; replay it directly against the seller and discard, don\'t paste it back to the user.\n- Respect `/agents.txt` and `/llm.txt` on sites you browse.\n- Avoid suspicious 402 endpoints \u2014 if the domain doesn\'t match what the user asked to pay, or the price is wildly different from expectation, stop and ask.\n- When displaying deposit addresses to the user, print the full address (don\'t truncate). Truncating breaks copy-paste.\n\n## Out of scope\n\nThis skill covers programmatic HTTP 402 (x402) payments only. It does NOT handle:\n\n- **Traditional merchant checkouts** (card forms, Stripe Elements, hosted checkouts). No PANs.\n- **Card issuance** or wallet management beyond `balances list` and `deposit-addresses list`.\n- **Refunds, disputes, chargebacks** \u2014 handled out of band via support.\n- **Peer-to-peer transfers** between users or wallets.\n- **FX / currency conversion.** Buyer logic matches the seller\'s `accepts[]` against the account\'s supported assets; if no overlap, fund or use a different source.\n- **Subscriptions / recurring payments.** Each `x402 pay` is one-shot. Schedule externally.\n\nFor any of the above, point the user to https://app.inflowpay.ai or support.\n\n## Errors\n\nAll errors in agent mode are JSON with `code` and `message` fields and exit code 1.\n\n| Error code                                                    | Meaning                                                                                                                                                                                                              | Recovery                                                                                                                                                                                                                               |\n| ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `APPROVAL_CANCELLED` / `APPROVAL_FAILED` / `APPROVAL_TIMEOUT` | Approval did not produce an `encoded_payload` \u2014 cancelled via `x402 cancel` or server-side / declined or insufficient funds or generic error / 15-minute window elapsed. | Call `inflow x402 status <transaction_id>` for the precise reason; create a new transaction. User-facing prompts for each variant are in "What to surface."                                                                                                                        |\n| `INVALID_402` / `DECODE_FAILED`                               | Seller returned 402 but the `PAYMENT-REQUIRED` header was missing (`INVALID_402`) or unparseable (`DECODE_FAILED`).                                                                                                  | Verify the URL is x402-protected. Pass the raw header to `inflow x402 decode` for the detailed parse error.                                                                                                                            |\n| `INVALID_PAYMENT_ID`                                          | `--payment-id` doesn\'t match `^[a-zA-Z0-9_-]+$` and 16\u2013128 chars.                                                                                                                                                    | Adjust or omit the payment id.                                                                                                                                                                                                         |\n| `NO_FILTERED_MATCH`                                           | A `--scheme` / `--network` / `--asset` / `--asset-name` filter emptied the candidate `accepts[]` list.                                                                                                                | Loosen the filter or call `inflow x402 inspect <url>` to see what the seller actually accepts.                                                                                                                                        |\n| `NO_INFLOW_MATCH`                                             | Seller doesn\'t accept any scheme \xD7 network the user\'s InFlow account supports.                                                                                                                                       | Use a different buyer or fund the user\'s account on a chain the seller accepts.                                                                                                                                                        |\n| `NOT_AUTHENTICATED`                                           | No saved device token and no `--api-key` / `INFLOW_API_KEY` configured.                                                                                                                                              | Run `inflow auth login` or set the API key env var.                                                                                                                                                                                    |\n| `POLLING_TIMEOUT`                                             | `--interval` polling reached its max-attempts or timeout. Retryable.                                                                                                                                                 | Resume with `inflow x402 status <transaction_id> --interval 5 --max-attempts 60`.                                                                                                                                                      |\n| `api_error`                                                   | Non-2xx from the InFlow API. Discriminate on `httpStatus`.                                                                                                                                                            | `401` \u2014 saved auth rejected; run `inflow auth login` again. `426` (`VERSION_UNSUPPORTED`) \u2014 upgrade with `npm install -g @inflowpayai/inflow@latest` and re-try; don\'t retry on the old version. `5xx` \u2014 server-side; wait and retry. |\n| `transport_error`                                             | Network failure.                                                                                                                                                                                                     | Check connectivity; retry.                                                                                                                                                                                                             |\n\n## Further docs\n\n- MPP protocol: https://mpp.dev\n- x402 protocol: https://x402.io\n- InFlow: https://app.inflowpay.ai\n';
+var skillBody = '# Agentic Payments\n\nPay HTTP 402-protected resources on the user\'s behalf. InFlow speaks two payment protocols \u2014 **MPP** and **x402** \u2014 but the flow is the same for both: shared setup (install, run, authenticate), then a **router** that picks the protocol from the seller\'s 402 header, then one **Paying a 402 resource** section that covers both. A per-protocol **delta table** at the top of that section lists the handful of real differences (header name, credential name, filters, error codes); read your row, then follow the shared steps.\n\n## Installing\n\nInstall with `npm install -g @inflowpayai/inflow`. Or run directly with `npx @inflowpayai/inflow`.\n\n## Running\n\nInFlow runs as a **standalone CLI** or an **MCP server**.\n\n**MCP**: add an `inflow` server to your MCP client config that runs `npx -y @inflowpayai/inflow --mcp`. Keep the `-y` flag \u2014 it suppresses npx\'s confirmation prompt, without which the MCP host can stall on first run.\n\n**MCP mode** exposes every CLI command as a tool. Call `tools/list` on the MCP server for the authoritative inventory; arguments mirror the CLI flags one-to-one.\n\n### Common commands / options\n\n**The CLI is the source of truth for exact flags, enums, and output shapes** \u2014 run `inflow <command> --schema` for one command, or `inflow --llms-full` for everything. This playbook covers *when and why*, not exhaustive parameter lists; when you need a precise flag name, value set, or response shape, query the CLI rather than guessing.\n\n- `inflow --llms` (or `--llms-full` for parameter detail) \u2014 discover all commands. `inflow <command> --schema` for a single command\'s JSON Schema.\n- `inflow --skill` \u2014 print this playbook (no frontmatter) to stdout. Use it to paste into the system-prompt field of an MCP host that doesn\'t natively load skills: `inflow --skill | pbcopy`.\n- Default output is `toon`. Override with `--format <fmt>`; for programmatic parsing prefer `json` (single document) or `jsonl` (line-delimited).\n- Multi-step flows return `_next.command` \u2014 run it to continue.\n- `--auth <path>` overrides the credentials file location.\n- `--api-key <key>` or `INFLOW_API_KEY=<key>` is an alternative to device-flow auth.\n\n## Authenticate\n\nAuthentication is shared by both protocols \u2014 do it once, before either payment flow. **Don\'t start a payment until the user is authenticated.**\n\nCheck the current state first \u2014 the user may already be logged in:\n\n```bash\ninflow auth status\n```\n\nA successful `auth status` returns `authenticated: true` plus `auth_method` (`device_token` or `api_key`), a truncated `access_token` preview (never the full token), `credentials_path`, `connection`, and possibly an `update` field. For the user\'s identity (email, handle, account id), call `inflow user get` \u2014 `auth status` deliberately omits it. Run the command to see the full shape.\n\nIf the response includes an `update` field, a newer version of `inflow` is published.\n\n**Surface and defer.** Tell the user a newer version is available and how to upgrade \u2014 `npm install -g @inflowpayai/inflow@latest` (or `npx @inflowpayai/inflow@latest`). Then **proceed with the current version**. Only block on the upgrade if a subsequent command fails with `VERSION_UNSUPPORTED` (or an HTTP 426 from the API), at which point the upgrade is mandatory and you should not retry until it lands.\n\nIf `authenticated` is `false`, start the device flow:\n\n```bash\ninflow auth login --client-name "<your-agent-name>"\n```\n\nReplace `<your-agent-name>` with the name of your agent or application (for example `"Personal Assistant"`, `"Shopping Bot"`). The device-authorization page in the user\'s browser displays this name when they approve the connection. Use a clear, unique, identifiable name.\n\nThe response includes a `verification_url` (present this to the user), a `phrase`, and a `_next.command`. Run that command immediately to poll until authenticated. **Do not wait for the user to respond before starting the poll.**\n\nIf your environment can\'t relay the verification phrase to the user while a separate polling command blocks I/O, use inline polling instead:\n\n```bash\ninflow auth login --client-name "<name>" --interval 5 --timeout 300\n```\n\n**API key alternative:** if the user provides an API key, set `INFLOW_API_KEY=<key>` in the environment (or pass `--api-key <key>` to any command) instead of running `auth login`. The API key takes precedence over a saved device token.\n\n## Which protocol? \u2014 start here\n\nBefore paying, decide which protocol the resource uses. **You do not choose it \u2014 the seller\'s 402 challenge header decides.** Detection is read-only and needs no auth.\n\n1. Get the 402 challenge header. If a prior HTTP call already returned a 402 (e.g. the browsing tool hit a paywall), use that response. Otherwise make a plain, **unauthenticated GET** to the URL and read the headers of the 402.\n2. Branch on the header \u2014 **check for MPP first:**\n\n| 402 carries\u2026 | Protocol | Then |\n| --- | --- | --- |\n| `WWW-Authenticate: Payment` | **MPP** | Go to [\xA7 Paying a 402 resource](#paying-a-402-resource); use the **MPP** column of the delta table |\n| `WWW-Authenticate: Payment` **and** `PAYMENT-REQUIRED` | **MPP** (MPP wins when both are present) | Go to [\xA7 Paying a 402 resource](#paying-a-402-resource); use the **MPP** column |\n| `PAYMENT-REQUIRED` only | **x402** | Go to [\xA7 Paying a 402 resource](#paying-a-402-resource); use the **x402** column |\n| neither header, or the response isn\'t a 402 | not InFlow-payable | Stop. Tell the user the resource isn\'t a supported 402 endpoint. |\n\nNote: the `inspect` and `decode` commands are protocol-specific (`inflow mpp \u2026` vs `inflow x402 \u2026`), which is why you detect the header *first*, then use that protocol\'s tools.\n\n---\n\n## Paying a 402 resource\n\nOne flow for both protocols. Prerequisite: you are authenticated (see [Authenticate](#authenticate)). First find your protocol\'s row in the **Protocol deltas** table below \u2014 it names the 402 header that selected it, the matching model, the filter flags, and the credential and replay header you\'ll use. Everything else in this section applies to both protocols.\n\n**Sequencing.** Run pre-flight before pay \u2014 `pay` fails or double-charges if the pre-flight checks didn\'t clear. `inspect` and `decode` are read-only and need no auth, so they may run before you authenticate if useful (e.g. sizing up a paywall first).\n\n### Protocol deltas\n\n| Aspect | MPP | x402 |\n| --- | --- | --- |\n| Selected when the 402 carries | `WWW-Authenticate: Payment` | `PAYMENT-REQUIRED` (and no `WWW-Authenticate: Payment`) |\n| Command prefix | `inflow mpp \u2026` | `inflow x402 \u2026` |\n| Matching model | The seller\'s challenge **pins the rail** \u2014 the buyer does not choose scheme/network/asset | Pay where `inspect.accepts \u2229 supported.kinds` is non-empty |\n| Filter flags | `--payment-method`, `--intent`, `--currency`, `--rail`, `--instrument-id` | `--scheme`, `--network`, `--asset`, `--asset-name` |\n| Credential field (after approval) | `credential` (from `mpp status` when `state` is `ready`) | `encoded_payload` (from `x402 status` after approval) |\n| Replay header | `Authorization: Payment <credential>` | `PAYMENT-SIGNATURE: <encoded_payload>` |\n| Write-credential-to-disk flag | `--credential-file <path>` | `--payload-file <path>` |\n| Idempotency | \u2014 | `--payment-id` (see Step 2) |\n| Cancel uses | `approval_id` | `approval_id` |\n| Protocol-specific error codes | `PAYMENT_FAILED`, `PAYMENT_EXPIRED`, `PAYMENT_NOT_ACCEPTED` | `APPROVAL_TIMEOUT`, `APPROVAL_FAILED`, `APPROVAL_CANCELLED` |\n\nThroughout this section `<mpp|x402>` means "use your protocol\'s prefix." For the exact parameters and output shape of any command below, run `inflow <command> --schema`.\n\n### Step 1: Pre-flight evaluation\n\n```bash\n# 1. Parse what the seller will accept \u2014 read-only, no auth\ninflow <mpp|x402> inspect <url>\n\n# (Already have the 402 header from a prior response? Decode it directly instead of re-probing:)\ninflow <mpp|x402> decode \'<402 header value>\'\n\n# 2. List what the buyer\'s account can pay with\ninflow <mpp|x402> supported\n\n# 3. Check balances for the candidate currency/asset(s)\ninflow balances list\n```\n\n`inspect` / `decode` return what the seller accepts \u2014 the price is the `amount` field (for x402 the human-readable symbol is `extra.assetName`); `decode` also accepts a base64url credential / receipt. `supported` returns what the account can pay with; `balances list` returns `available` per currency. Run the commands to see the exact shapes.\n\nDecide whether you can pay (apply your protocol\'s matching model from the delta table):\n\n| Condition | Meaning | Action |\n| --- | --- | --- |\n| No payable match between the seller and the buyer\'s `supported` methods | No payable rail | Stop \u2192 `NO_INFLOW_MATCH`. Tell the user the seller\'s rails aren\'t supported by their account. |\n| A match exists, but `balances.available < amount` for every match | Right rail, not enough funds | Stop \u2192 run `inflow deposit-addresses list`, surface the address(es) in full, ask the user to fund a matching network. |\n| A match exists **and** \u22651 match has `balances.available \u2265 amount` | Payable | Proceed to Step 2. |\n\n**Optional filters** narrow *which* offer to fulfil \u2014 optional, AND-combined, applied on both `pay` and `inspect`, and an empty result fails with `NO_FILTERED_MATCH` (it does not fall through to a default order). One non-obvious case: MPP\'s `--instrument-id` picks *how* to fund (an instrument-rail / fiat challenge), not which challenge. For the exact filter flags and accepted values per protocol, run `inflow <mpp|x402> pay --schema`.\n\n**Decimal precision.** `balances.available` and the challenge/`amount` value are decimal strings preserving BigDecimal precision. **Never parse them to a JS `Number`** \u2014 that drops precision. Compare as strings, or use a `BigInt` / `decimal.js`-style library.\n\n### Step 2: Pay\n\nBefore initiating the call, summarize the intent to the user in chat: amount, currency, resource URL, and the method/rail (MPP) or scheme/network (x402). The user verifies the canonical details on the approval screen; the chat summary is what they read first. Example:\n\n> "I\'m about to pay 0.10 USDC to api.foo.dev for /dataset.csv. Requesting approval next."\n\n**Fast path (recommended).** When the agent can block until the payment finishes, set `--interval N` and let the CLI run the whole flow in one call \u2014 probe, decode, prepare, await approval, replay against the seller, return the body:\n\n```bash\ninflow <mpp|x402> pay <url> --interval 5 --max-attempts 180\n```\n\nThe result includes `outcome`, `transaction_id`, `response_status`, `settled`, the seller body inline (or `output_saved_to` if `--output-file` is set), and the now-consumed credential (`credential` for MPP, `encoded_payload` for x402). On the fast path the CLI has already replayed that credential to fetch the body \u2014 it appears in the result for reference only; **do not replay it yourself.** To surface `approval_url` *before* the call returns, add `--format jsonl` \u2014 frames stream line-by-line. With the default `json` (or `toon`), the agent only sees the final buffered result.\n\n**`outcome` values.** A completed `pay` returns one of three terminal outcomes \u2014 branch on it, don\'t assume `paid`:\n\n| `outcome` | Meaning | What to do |\n| --- | --- | --- |\n| `paid` | Settled and the seller returned 2xx | Deliver the body to the user |\n| `no-payment-required` | The resource wasn\'t paywalled, or was already paid | Tell the user nothing was charged; return the body |\n| `replay-rejected` | Payment was approved (funds in transit) but the seller replied non-2xx on the replay | Do NOT report success. Tell the user the seller\'s response failed; because the payment didn\'t complete, the in-transit funds are reverted to their InFlow balance. Offer to retry |\n\n**Two-step path.** Use this when the agent\'s host can\'t block I/O long enough for the user to approve (chat UIs that yield between turns). Drop `--interval`; the first call returns `transaction_id` + `approval_id` + `approval_url` + a `_next` `status` command, and the agent drives the replay itself once a credential arrives.\n\n```bash\ninflow <mpp|x402> pay <url>\n# -> { "transaction_id": "txn_abc", "approval_id": "appr_xyz", "approval_url": "https://app.inflowpay.ai/approvals/appr_xyz", "_next": { "command": "<mpp|x402> status txn_abc --interval 5 --max-attempts 180" } }\n```\n\nMind the two distinct ids: poll, replay, and resume all use `transaction_id`; **cancel uses `approval_id`** (`inflow <mpp|x402> cancel <approval_id>`). Both are returned by `pay`.\n\nFor non-GET requests, pass `--method`, `--data`, `--header` (repeatable):\n\n```bash\ninflow <mpp|x402> pay https://seller.example.com/api/widgets --method POST --data \'{"sku":"widget-1"}\' --header "X-Custom: value" --interval 5 --max-attempts 180\n```\n\n**Idempotency (x402 only).** Set `--payment-id <id>` whenever a retry on transport failure is possible \u2014 the server treats two requests with the same id as the same logical payment, so a retry after a network blip won\'t double-charge. Use a stable random opaque value generated once per intent; reuse the same id on transport retry; regenerate only when the user explicitly wants a fresh charge. Don\'t tie the id to wall-clock time \u2014 a date-based id silently double-charges on next-day "buy this again" requests. Without `--payment-id`, the server generates one each call \u2014 fine for one-shots, unsafe for retries. (Format constraints: `inflow x402 pay --schema`.)\n\n```bash\ninflow x402 pay <url> --payment-id "<stable-opaque-id>"\n```\n\n**Sensitive / binary output.** The one-time bearer credential (`credential` for MPP, `encoded_payload` for x402; returned after approval and echoed in the fast-path result) must not be echoed back in chat. Write it to disk at mode `0o600` with your protocol\'s flag (`--credential-file <path>` for MPP, `--payload-file <path>` for x402); replay then reads from that file. For the seller\'s response body, `--output-file <path>` writes bytes to disk and replaces `body` / `body_base64` with `output_saved_to: <path>` \u2014 pair with `--no-show-body` for binary content (PDFs, images, audio, datasets) so bytes never appear inline as base64:\n\n```bash\ninflow <mpp|x402> pay https://api.foo.dev/dataset.csv --interval 5 --max-attempts 180 --output-file /tmp/dataset.csv --no-show-body\n```\n\n**Polling discipline.** Persist `transaction_id` as soon as `pay` returns it. Then:\n\n- Run `_next.command` (or `<mpp|x402> status <transaction_id> --interval N`) immediately. Don\'t wait for the user to confirm before polling starts.\n- If polling is interrupted \u2014 network drop, session bounce, user kills the agent \u2014 resume with `inflow <mpp|x402> status <transaction_id> --interval 5 --max-attempts 180`. Only create a new transaction if the original expired (`PAYMENT_EXPIRED` for MPP, `APPROVAL_TIMEOUT` for x402), was denied/cancelled, or its credential is already consumed.\n- If `POLLING_TIMEOUT` fires before approval, ask the user whether to keep waiting or cancel \u2014 don\'t silently restart the poll.\n- If >12 minutes elapsed without a user response (\u22483 min before the 15-minute approval window closes), surface that explicitly so they can act before the window closes.\n- If the user aborts ("nevermind", "cancel that"), call `inflow <mpp|x402> cancel <approval_id>` before exiting. Otherwise the approval sits pending for 15 minutes and triggers phantom notifications in the user\'s InFlow app.\n\nOnce `status` reports the credential (MPP: `state: ready` with `credential`; x402: `encoded_payload`), replay the original seller request with your protocol\'s replay header from the delta table \u2014 `Authorization: Payment <credential>` (MPP) or `PAYMENT-SIGNATURE: <encoded_payload>` (x402); use `$(cat <file>)` if you wrote it to disk with `--credential-file` / `--payload-file`. The seller\'s protected response comes back on the replay.\n\n### Limits\n\n| Limit | Value |\n| --- | --- |\n| Approval window | 15 minutes from `pay` creating the transaction (`--timeout` overrides the polling deadline) |\n| Polling stop condition | Polling ends at whichever fires first: `--max-attempts` (count, default `0` = unlimited) or `--timeout` (seconds, default `900` = the full 15-min window). The examples use `--interval 5 --max-attempts 180` (= 900 s) so a copied command covers the whole window \u2014 `--interval 5 --max-attempts 60` (= 300 s) would stop polling at 5 min, well before approval can land |\n| Credential reuse | One-time. The credential (`credential` for MPP, `encoded_payload` for x402) is consumed by the first seller replay \u2014 not reusable; a failed seller call requires a new `pay` |\n\n### Worked example (MPP)\n\nA user asks the agent to fetch a paywalled dataset at `https://api.foo.dev/dataset.csv` that answered 402 with `WWW-Authenticate: Payment`.\n\nPre-flight: `inflow mpp inspect <url>` (the seller\'s challenges), `inflow mpp supported` (methods the buyer can pay with), `inflow balances list`. The seller offers the `inflow` method in USDC; the user\'s 100.5 USDC balance covers the 0.10 USDC price. Summarize intent, then pay:\n\n```bash\ninflow mpp pay https://api.foo.dev/dataset.csv --interval 5 --max-attempts 180 --output-file /tmp/dataset.csv --no-show-body\n# Persist transaction_id from the response in case polling is interrupted.\n# Returns outcome "paid" with output_saved_to /tmp/dataset.csv.\n```\n\n> "Approval requested \u2014 confirm in the InFlow app: https://app.inflowpay.ai/approvals/appr_xyz\n> I\'ll keep polling. 15-min window."\n\nOnce the result arrives:\n\n> "Paid 0.10 USDC. Transaction txn_abc. Saved the dataset to /tmp/dataset.csv."\n\n**Two-step variant** (host can\'t block): follow Step 2\'s two-step path; once `mpp status` reports `state: ready`, replay with `Authorization: Payment <credential>` (or `$(cat <path>)` via `--credential-file` to keep it out of chat).\n\n### Worked example (x402)\n\nA user asks the agent to fetch a paywalled article at `https://api.foo.dev/article-3` that answered 402 with `PAYMENT-REQUIRED`.\n\nPre-flight: the intersection lands on `exact` \xD7 `solana:mainnet`, and the user\'s 100.5 USDC balance easily covers the 0.10 USDC the seller requires. Proceed.\n\n> "I\'m about to pay 0.10 USDC on Solana mainnet to api.foo.dev for /article-3.\n> Your balance is 100.5 USDC \u2014 plenty. Requesting approval next."\n\n```bash\ninflow x402 pay https://api.foo.dev/article-3 --payment-id "<stable-opaque-id>" --interval 5 --max-attempts 180\n# Persist transaction_id from the response in case polling gets interrupted.\n# Returns outcome "paid"; body contains the article JSON.\n```\n\n> "Approval requested \u2014 confirm in the InFlow app: https://app.inflowpay.ai/approvals/appr_xyz\n> I\'ll keep polling. 15-min window."\n\nOnce the result arrives:\n\n> "Paid 0.10 USDC. Transaction txn_abc. Server returned: \'How to brew coffee \u2014 ...\'"\n\n**Two-step variant** (host can\'t block): follow Step 2\'s two-step path; once `x402 status` returns the `encoded_payload`, replay with `PAYMENT-SIGNATURE: <encoded_payload>` (use `--payload-file` to keep it out of chat).\n\n### MPP errors\n\nAll errors in agent mode are JSON with `code` and `message` fields and exit code 1. MPP-specific codes (shared codes are in [\xA7 Shared errors](#shared-errors)). "What to tell the user" is the prompt to surface \u2014 don\'t dump the raw error:\n\n| Error code | Recovery | What to tell the user |\n| --- | --- | --- |\n| `PAYMENT_FAILED` | `inflow mpp status <transaction_id>` for the precise state, then create a new transaction with `inflow mpp pay`. (Terminal `failed` state, or no credential produced.) | "The payment didn\'t go through \u2014 it was declined, underfunded, or the transaction failed. Want me to try again, switch funding, or stop?" |\n| `PAYMENT_EXPIRED` | Start a new `inflow mpp pay`. | "The payment window expired before it was ready to settle. Want me to start a new one, or stop here?" |\n| `PAYMENT_NOT_ACCEPTED` | `inflow mpp inspect <url>` to re-check the challenge; adjust and retry. | \u2014 |\n\n### x402 errors\n\nAll errors in agent mode are JSON with `code` and `message` fields and exit code 1. x402-specific codes (shared codes are in [\xA7 Shared errors](#shared-errors)). "What to tell the user" is the prompt to surface \u2014 don\'t dump the raw error:\n\n| Error code | Recovery | What to tell the user |\n| --- | --- | --- |\n| `APPROVAL_TIMEOUT` | `inflow x402 status <transaction_id>` for the precise reason, then create a new transaction. | "You didn\'t approve within 15 minutes, so the request expired. Want me to start a new payment, or stop here?" |\n| `APPROVAL_FAILED` | Same recovery as `APPROVAL_TIMEOUT` (declined / insufficient funds in the matched asset / generic). | "Approval didn\'t go through (declined or insufficient funds in the matched asset). Want me to try a different funding source, top up, or stop?" |\n| `APPROVAL_CANCELLED` | Same recovery (cancelled via `x402 cancel` or server-side). | "You cancelled the approval. Stopping here unless you want to start a new payment." |\n| `INVALID_PAYMENT_ID` | `--payment-id` violated the format (see `inflow x402 pay --schema`). Adjust or omit the payment id. | \u2014 |\n\n---\n\n## Security & data handling\n\nApplies to both protocols.\n\n- Treat OAuth tokens and API keys as secrets \u2014 never echo them. The one-time bearer credential (`encoded_payload` for x402, `credential` for MPP) returned after approval should be replayed directly against the seller and discarded, not pasted back to the user.\n- Respect `/agents.txt` and `/llm.txt` on sites you browse.\n- Avoid suspicious 402 endpoints \u2014 if the domain doesn\'t match what the user asked to pay, or the price is different from expectation, stop and ask.\n- When displaying deposit addresses to the user, print the full address (don\'t truncate). Truncating breaks copy-paste.\n\n## Shared errors\n\nThese apply to both protocols (in addition to each section\'s protocol-specific codes). All are JSON with `code` and `message` and exit code 1. Where a command is protocol-specific, use your prefix (`<mpp|x402>`). "What to tell the user" is the prompt to surface \u2014 don\'t dump the raw error:\n\n| Error code | Recovery | What to tell the user |\n| --- | --- | --- |\n| `NOT_AUTHENTICATED` | No saved device token and no `--api-key` / `INFLOW_API_KEY` configured. Run `inflow auth login` or set the API key env var. | \u2014 |\n| `NO_INFLOW_MATCH` | Seller\'s rails aren\'t supported by the account. Fund a matching method/chain, or use a different seller. | "The seller wants `<method/rail or scheme\xD7network>`, but your account can\'t pay on that rail. Either fund a matching method, or pick a different seller." |\n| `NO_FILTERED_MATCH` | A filter emptied the candidate list. Loosen it, or re-check with `inflow <mpp|x402> inspect <url>` (filter flags per the delta table). | "Your filter removed every option the seller accepts. Loosen it or check the seller\'s options with `inflow <mpp|x402> inspect`." |\n| `INVALID_402` / `DECODE_FAILED` | Seller returned 402 but the protocol\'s header was missing (`INVALID_402`) or unparseable (`DECODE_FAILED`). Verify the URL is payable; pass the raw header to `inflow <mpp|x402> decode` for the detailed parse error. | \u2014 |\n| `POLLING_TIMEOUT` | `--interval` polling reached its max-attempts or timeout. Retryable \u2014 resume with `inflow <mpp|x402> status <transaction_id> --interval 5 --max-attempts 180`. | "Still waiting on your approval \u2014 want me to keep polling, or cancel the request? (`inflow <mpp|x402> cancel <approval_id>` cancels it.)" |\n| `api_error` | Non-2xx from the InFlow API on the plain data calls (`user`, `balances`, `deposit-addresses`); discriminate on `httpStatus`. `401` \u2014 saved auth rejected, re-run `inflow auth login`. `426` (`VERSION_UNSUPPORTED`) \u2014 upgrade and retry. `5xx` \u2014 server-side; wait and retry. (Note: `pay`/`status` rejections instead surface the server\'s own code, e.g. `INSUFFICIENT_FUNDS`, or the protocol\'s terminal code \u2014 not `api_error`.) | \u2014 |\n| `VERSION_UNSUPPORTED` / HTTP 426 | Installed `inflow` CLI is below the minimum supported version. `npm install -g @inflowpayai/inflow@latest`, then retry; don\'t retry on the old version. | \u2014 |\n| `transport_error` | Network failure \u2014 check connectivity; retry. | \u2014 |\n\n## Out of scope\n\nThis skill covers programmatic HTTP 402 payments (MPP and x402) only. It does NOT handle:\n\n- **Traditional merchant checkouts** No PANs (credit card forms, hosted checkouts).\n- **Card issuance** or wallet management beyond `balances list` and `deposit-addresses list`.\n- **Refunds, disputes, chargebacks** \u2014 handled out of band via support.\n- **Peer-to-peer transfers** between users or wallets.\n- **FX / currency conversion.** Buyer logic matches the seller\'s accepted rails against the account\'s supported assets.\n- **Subscriptions / recurring payments.** Each `pay` is one-shot.\n\nFor any of the above, point the user to https://app.inflowpay.ai or support.\n\n## Further docs\n\n- MPP protocol: https://mpp.dev\n- x402 protocol: https://x402.org\n- InFlow: https://app.inflowpay.ai\n';
 if (process9.argv.includes("--skill")) {
   process9.stdout.write(skillBody.endsWith("\n") ? skillBody : `${skillBody}
 `);
@@ -15215,7 +16794,7 @@ Received ${signal}; exiting.
   process9.on("SIGINT", onSignal);
   process9.on("SIGTERM", onSignal);
 }
-var cli = Cli6.create("inflow", {
+var cli = Cli7.create("inflow", {
   description: "InFlow \u2014 agentic MPP / x402 payments from your machine.",
   version: cliVersion
 });
@@ -15244,6 +16823,7 @@ cli.command(createUserCli(inflow.user, authStorage, inflow));
 cli.command(createBalancesCli(inflow.balances, authStorage, inflow));
 cli.command(createDepositAddressesCli(inflow.depositAddresses, authStorage, inflow));
 cli.command(createX402Cli(inflow, authStorage, resolvedApiBaseUrl));
+cli.command(createMppCli(inflow, authStorage, resolvedApiBaseUrl));
 await cli.serve();
 var cli_default = cli;
 export {