@insumermodel/mppx-condition-gate 2.0.0

package/README.md

@@ -0,0 +1,194 @@
+# @insumermodel/mppx-condition-gate
+
+Condition-based access for [mppx](https://github.com/wevm/mppx) routes. One signed call between request and charge gives free access to wallets that meet your conditions; everyone else falls through to the normal paid path. Four condition types: token balance, NFT ownership, EAS attestation, Farcaster ID. 33 chains. No RPC management.
+
+> **Migrating from `@insumermodel/mppx-token-gate`?** This is the v2 successor. See [Migration](#migrating-from-mppx-token-gate) below.
+
+## How it works
+
+mppx embeds the payer's identity in every payment credential as a DID string (`credential.source: "did:pkh:eip155:8453:0xABC..."`). `conditionGate` reads that address, calls [InsumerAPI](https://insumermodel.com) to evaluate the configured conditions, and short-circuits the payment flow for wallets that pass.
+
+1. Request arrives with a payment credential
+2. `conditionGate` extracts the payer address from `credential.source`
+3. [InsumerAPI](https://insumermodel.com/developers/api-reference/) evaluates the conditions and returns an ECDSA P-256 signed attestation
+4. **Pass** → free receipt returned (`reference: "condition-gate:free:{attestationId}"`)
+5. **Fail** → delegates to the original `verify` (normal payment proceeds)
+
+The signed attestation is verifiable offline via [JWKS](https://insumermodel.com/.well-known/jwks.json). The adapter does not re-sign or wrap the result; the signature on the attestation is the one InsumerAPI produced.
+
+## Install
+
+```bash
+npm install @insumermodel/mppx-condition-gate
+```
+
+## Usage
+
+```ts
+import { Mppx, tempo } from 'mppx/server'
+import { conditionGate } from '@insumermodel/mppx-condition-gate'
+
+const tempoCharge = tempo({
+  currency: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913',
+  recipient: '0xYourAddress',
+})
+
+const gatedCharge = conditionGate(tempoCharge, {
+  apiKey: process.env.INSUMER_API_KEY,
+  conditions: [{
+    type: 'nft_ownership',
+    contractAddress: '0xYourNFT',
+    chainId: 8453,        // Base
+  }],
+})
+
+const mppx = Mppx.create({ methods: [gatedCharge] })
+```
+
+Works with any framework (Hono, Express, Elysia, Next.js) and any payment method (tempo, stripe). The adapter wraps `Method.Server`, so no middleware changes needed.
+
+## Condition types
+
+Mix any of the four in a single call. `matchMode: 'any'` (default) passes when any one is met; `matchMode: 'all'` requires all of them.
+
+### Token balance
+
+```ts
+{
+  type: 'token_balance',
+  contractAddress: '0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48', // USDC
+  chainId: 1,
+  threshold: 1000,
+  decimals: 6,
+  label: 'USDC >= 1000',
+}
+```
+
+### NFT ownership
+
+```ts
+{
+  type: 'nft_ownership',
+  contractAddress: '0xYourNFT',
+  chainId: 8453,
+  label: 'Holds the access NFT',
+}
+```
+
+### EAS attestation (compliance template)
+
+```ts
+{
+  type: 'eas_attestation',
+  template: 'coinbase_verified_account',
+  chainId: 8453,
+  label: 'Coinbase KYC verified',
+}
+```
+
+Available templates: `coinbase_verified_account`, `coinbase_verified_country`, `coinbase_one`, `gitcoin_passport_score`, `gitcoin_passport_active`. See [GET /v1/compliance/templates](https://insumermodel.com/developers/compliance/).
+
+### EAS attestation (raw schema)
+
+```ts
+{
+  type: 'eas_attestation',
+  schemaId: '0xf8b05c79f090979bf4a80270aba232dff11a10d9ca55c4f88de95317970f0de9',
+  attester: '0x357458739F90461b99789350868CD7CF330Dd7EE',
+  indexer: '0x2c7eE1E5f416dfF40054c27A62f7B357C4E8619C',
+  chainId: 8453,
+  label: 'Custom EAS attestation',
+}
+```
+
+### Farcaster ID
+
+```ts
+{
+  type: 'farcaster_id',
+  label: 'Has a Farcaster account',
+}
+```
+
+Always evaluated on Optimism (chain 10). Passes if the wallet has any FID registered.
+
+## API key and credits
+
+The key itself is free to create (no credit card, no signup). Each call to `/v1/attest` consumes one or more attestation credits. New keys ship with 10 credits on the free tier, which is enough to wire up the integration end-to-end. Beyond that, credits are purchased on-chain.
+
+Create a key:
+
+```bash
+curl -X POST https://api.insumermodel.com/v1/keys/create \
+  -H "Content-Type: application/json" \
+  -d '{"email":"you@example.com","appName":"my-app","tier":"free"}'
+```
+
+Or set `INSUMER_API_KEY` as an environment variable.
+
+Top up credits on-chain via `POST /v1/credits/buy`. Accepted: USDC or USDT on any major EVM chain, USDC on Solana, or BTC on Bitcoin. See the [credits endpoint](https://insumermodel.com/developers/api-reference/) for transaction format.
+
+**Pricing model**: the wallet holder pays nothing at the gated route. The operator running the gate pays per attestation call out of the key's credit balance. Cost per attestation depends on tier and condition mix.
+
+## Options
+
+| Option | Type | Default | Description |
+|---|---|---|---|
+| `apiKey` | `string` | `env.INSUMER_API_KEY` | InsumerAPI key |
+| `conditions` | `Condition[]` | required | One or more conditions to evaluate |
+| `matchMode` | `'any' \| 'all'` | `'any'` | Wallet must satisfy any or all conditions |
+| `cacheTtlSeconds` | `number` | `300` | In-memory cache TTL |
+| `jwt` | `boolean` | `false` | Request ES256 JWT alongside raw attestation |
+| `apiBaseUrl` | `string` | `https://api.insumermodel.com` | API base URL override |
+
+## Supported chains
+
+30 EVM chains (Ethereum, Base, Polygon, Arbitrum, Optimism, BNB, Avalanche, and 23 more) + Solana + XRPL + Bitcoin. EAS conditions evaluate on EVM chains only. Farcaster always on Optimism.
+
+[Full chain list](https://insumermodel.com/developers/api-reference/)
+
+## Distinguishing free vs paid access
+
+```ts
+const receipt = Receipt.fromResponse(response)
+if (receipt.reference.startsWith('condition-gate:free:')) {
+  const attestationId = receipt.reference.replace('condition-gate:free:', '')
+  // Free access. Attestation ID is retrievable via /v1/attestations/{id}
+} else {
+  // Paid access
+}
+```
+
+## Fail-open behavior
+
+If the attestation API is unreachable, the adapter falls through to the original payment method. Wallets that would have qualified for free access pay normally; everyone else is unaffected.
+
+## Migrating from mppx-token-gate
+
+`@insumermodel/mppx-token-gate` (v1) is deprecated. Migration to v2:
+
+```diff
+- npm install @insumermodel/mppx-token-gate
++ npm install @insumermodel/mppx-condition-gate
+```
+
+```diff
+- import { tokenGate } from '@insumermodel/mppx-token-gate'
++ import { conditionGate } from '@insumermodel/mppx-condition-gate'
+
+- const gated = tokenGate(server, { ... })
++ const gated = conditionGate(server, { ... })
+```
+
+```diff
+- if (receipt.reference.startsWith('token-gate:free:'))
++ if (receipt.reference.startsWith('condition-gate:free:'))
+```
+
+The condition shapes for `token_balance` and `nft_ownership` are unchanged. `eas_attestation` and `farcaster_id` are new in v2.
+
+The `parsXrplDid` typo from v1 is fixed: use `parseXrplDid`. The cache helper renamed: `clearTokenGateCache` is now `clearConditionGateCache`.
+
+## License
+
+MIT

package/dist/index.d.ts

@@ -0,0 +1,151 @@
+import type { Method } from 'mppx';
+export type ChainId = number | 'solana' | 'xrpl' | 'bitcoin';
+/** ERC-20 / SPL / XRPL trust-line / native balance check */
+export type TokenBalanceCondition = {
+    type: 'token_balance';
+    /** Token contract address. For XRPL native XRP or Bitcoin, use "native". */
+    contractAddress: string;
+    chainId: ChainId;
+    /** Minimum balance. Defaults to 1. */
+    threshold?: number;
+    /** Token decimals. Auto-detected on most EVM chains if omitted. */
+    decimals?: number;
+    /** XRPL currency code (e.g. "USD", "RLUSD") for trust-line tokens. */
+    currency?: string;
+    /** Human-readable label (max 100 chars). */
+    label?: string;
+};
+/** ERC-721 / ERC-1155 / Solana cNFT / XRPL NFT ownership check */
+export type NftOwnershipCondition = {
+    type: 'nft_ownership';
+    contractAddress: string;
+    chainId: ChainId;
+    /** XRPL NFToken taxon filter. XRPL only. */
+    taxon?: number;
+    label?: string;
+};
+/** EAS attestation check (Ethereum Attestation Service) */
+export type EasAttestationCondition = {
+    type: 'eas_attestation';
+    /** EVM chain ID (typically Base 8453). */
+    chainId: number;
+    /**
+     * Pre-configured compliance template. Mutually exclusive with schemaId.
+     * When provided, fills in schemaId / attester / indexer automatically.
+     * See GET /v1/compliance/templates for the live list.
+     */
+    template?: 'coinbase_verified_account' | 'coinbase_verified_country' | 'coinbase_one' | 'gitcoin_passport_score' | 'gitcoin_passport_active';
+    /** EAS schema ID (bytes32 hex). Required if template is not provided. */
+    schemaId?: string;
+    /** Expected attester address (case-insensitive). Optional. */
+    attester?: string;
+    /**
+     * EAS indexer contract address. Required for raw (non-template) conditions.
+     * The verifier resolves the attestation UID via getAttestationUid(recipient, schema).
+     */
+    indexer?: string;
+    label?: string;
+};
+/** Farcaster ID registration check (always on Optimism, chain 10) */
+export type FarcasterIdCondition = {
+    type: 'farcaster_id';
+    label?: string;
+};
+/** Any condition accepted by /v1/attest */
+export type Condition = TokenBalanceCondition | NftOwnershipCondition | EasAttestationCondition | FarcasterIdCondition;
+export type ConditionGateOptions = {
+    /** InsumerAPI key. Falls back to INSUMER_API_KEY env var. */
+    apiKey?: string;
+    /** One or more conditions to evaluate. Mix any of the four types. */
+    conditions: Condition[];
+    /** Whether the wallet must satisfy "any" (default) or "all" conditions. */
+    matchMode?: 'any' | 'all';
+    /** In-memory cache TTL in seconds. Defaults to 300 (5 minutes). */
+    cacheTtlSeconds?: number;
+    /**
+     * InsumerAPI base URL. Defaults to "https://api.insumermodel.com".
+     * Override for self-hosted deployments or testing.
+     */
+    apiBaseUrl?: string;
+    /** Request JWT format alongside the raw attestation. Defaults to false. */
+    jwt?: boolean;
+};
+export type InsumerAttestation = {
+    ok: boolean;
+    data: {
+        attestation: {
+            id: string;
+            pass: boolean;
+            results: Array<{
+                condition: number;
+                label?: string;
+                type: string;
+                chainId: number | string;
+                met: boolean;
+                evaluatedCondition: Record<string, unknown>;
+                conditionHash: string;
+                blockNumber?: string;
+                blockTimestamp?: string;
+                ledgerIndex?: number;
+                ledgerHash?: string;
+            }>;
+            passCount: number;
+            failCount: number;
+            attestedAt: string;
+            expiresAt: string;
+        };
+        sig: string;
+        kid: string;
+        jwt?: string;
+    };
+    meta: {
+        version: string;
+        timestamp: string;
+        creditsRemaining: number;
+        creditsCharged: number;
+    };
+};
+/** Clear the in-memory ownership cache. Useful in tests. */
+export declare function clearConditionGateCache(): void;
+/**
+ * Extracts an EVM address from a `did:pkh:eip155:{chainId}:{address}` string.
+ * Returns null for non-EVM or unparseable DIDs.
+ */
+export declare function parseDid(source: string): `0x${string}` | null;
+/** Extracts a Solana address from a `did:pkh:solana:{chainId}:{address}` string. */
+export declare function parseSolanaDid(source: string): string | null;
+/** Extracts an XRPL address from a `did:pkh:xrpl:{chainId}:{address}` string. */
+export declare function parseXrplDid(source: string): string | null;
+/** Extracts a Bitcoin address from a `did:pkh:bip122:{chainId}:{address}` string. */
+export declare function parseBitcoinDid(source: string): string | null;
+/**
+ * Wraps an mppx Method.Server with condition-based access using signed attestations.
+ *
+ * Extracts the payer address from credential.source (DID), calls /v1/attest to
+ * evaluate conditions across 33 chains, and returns a free-access receipt for
+ * wallets that meet the conditions. Wallets that do not meet them fall through
+ * to the original payment method.
+ *
+ * Supports four condition types: token_balance, nft_ownership, eas_attestation,
+ * and farcaster_id. Conditions can be mixed in a single call.
+ *
+ * The attestation is ECDSA P-256 signed and verifiable offline via the public
+ * JWKS at https://insumermodel.com/.well-known/jwks.json.
+ *
+ * @example
+ * ```ts
+ * import { conditionGate } from '@insumermodel/mppx-condition-gate'
+ *
+ * const gated = conditionGate(tempoCharge, {
+ *   conditions: [
+ *     { type: 'eas_attestation', template: 'coinbase_verified_account', chainId: 8453 },
+ *     { type: 'farcaster_id' },
+ *   ],
+ *   matchMode: 'any',
+ * })
+ *
+ * const mppx = Mppx.create({ methods: [gated] })
+ * ```
+ */
+export declare function conditionGate(server: Method.AnyServer, options: ConditionGateOptions): Method.AnyServer;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAW,MAAM,MAAM,CAAA;AAM3C,MAAM,MAAM,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAA;AAE5D,4DAA4D;AAC5D,MAAM,MAAM,qBAAqB,GAAG;IAClC,IAAI,EAAE,eAAe,CAAA;IACrB,4EAA4E;IAC5E,eAAe,EAAE,MAAM,CAAA;IACvB,OAAO,EAAE,OAAO,CAAA;IAChB,sCAAsC;IACtC,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,mEAAmE;IACnE,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,sEAAsE;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,4CAA4C;IAC5C,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAED,kEAAkE;AAClE,MAAM,MAAM,qBAAqB,GAAG;IAClC,IAAI,EAAE,eAAe,CAAA;IACrB,eAAe,EAAE,MAAM,CAAA;IACvB,OAAO,EAAE,OAAO,CAAA;IAChB,4CAA4C;IAC5C,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAED,2DAA2D;AAC3D,MAAM,MAAM,uBAAuB,GAAG;IACpC,IAAI,EAAE,iBAAiB,CAAA;IACvB,0CAA0C;IAC1C,OAAO,EAAE,MAAM,CAAA;IACf;;;;OAIG;IACH,QAAQ,CAAC,EACL,2BAA2B,GAC3B,2BAA2B,GAC3B,cAAc,GACd,wBAAwB,GACxB,yBAAyB,CAAA;IAC7B,yEAAyE;IACzE,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,8DAA8D;IAC9D,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAED,qEAAqE;AACrE,MAAM,MAAM,oBAAoB,GAAG;IACjC,IAAI,EAAE,cAAc,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAED,2CAA2C;AAC3C,MAAM,MAAM,SAAS,GACjB,qBAAqB,GACrB,qBAAqB,GACrB,uBAAuB,GACvB,oBAAoB,CAAA;AAExB,MAAM,MAAM,oBAAoB,GAAG;IACjC,6DAA6D;IAC7D,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,qEAAqE;IACrE,UAAU,EAAE,SAAS,EAAE,CAAA;IACvB,2EAA2E;IAC3E,SAAS,CAAC,EAAE,KAAK,GAAG,KAAK,CAAA;IACzB,mEAAmE;IACnE,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,2EAA2E;IAC3E,GAAG,CAAC,EAAE,OAAO,CAAA;CACd,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,EAAE,EAAE,OAAO,CAAA;IACX,IAAI,EAAE;QACJ,WAAW,EAAE;YACX,EAAE,EAAE,MAAM,CAAA;YACV,IAAI,EAAE,OAAO,CAAA;YACb,OAAO,EAAE,KAAK,CAAC;gBACb,SAAS,EAAE,MAAM,CAAA;gBACjB,KAAK,CAAC,EAAE,MAAM,CAAA;gBACd,IAAI,EAAE,MAAM,CAAA;gBACZ,OAAO,EAAE,MAAM,GAAG,MAAM,CAAA;gBACxB,GAAG,EAAE,OAAO,CAAA;gBACZ,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;gBAC3C,aAAa,EAAE,MAAM,CAAA;gBACrB,WAAW,CAAC,EAAE,MAAM,CAAA;gBACpB,cAAc,CAAC,EAAE,MAAM,CAAA;gBACvB,WAAW,CAAC,EAAE,MAAM,CAAA;gBACpB,UAAU,CAAC,EAAE,MAAM,CAAA;aACpB,CAAC,CAAA;YACF,SAAS,EAAE,MAAM,CAAA;YACjB,SAAS,EAAE,MAAM,CAAA;YACjB,UAAU,EAAE,MAAM,CAAA;YAClB,SAAS,EAAE,MAAM,CAAA;SAClB,CAAA;QACD,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,CAAC,EAAE,MAAM,CAAA;KACb,CAAA;IACD,IAAI,EAAE;QACJ,OAAO,EAAE,MAAM,CAAA;QACf,SAAS,EAAE,MAAM,CAAA;QACjB,gBAAgB,EAAE,MAAM,CAAA;QACxB,cAAc,EAAE,MAAM,CAAA;KACvB,CAAA;CACF,CAAA;AA+BD,4DAA4D;AAC5D,wBAAgB,uBAAuB,IAAI,IAAI,CAE9C;AAMD;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,KAAK,MAAM,EAAE,GAAG,IAAI,CAO7D;AAED,oFAAoF;AACpF,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAK5D;AAED,iFAAiF;AACjF,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAO1D;AAED,qFAAqF;AACrF,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAK7D;AA4FD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAgB,aAAa,CAC3B,MAAM,EAAE,MAAM,CAAC,SAAS,EACxB,OAAO,EAAE,oBAAoB,GAC5B,MAAM,CAAC,SAAS,CAyFlB"}

package/dist/index.js

@@ -0,0 +1,270 @@
+const cache = new Map();
+function conditionSortKey(c) {
+    if (c.type === 'farcaster_id')
+        return 'farcaster_id';
+    if (c.type === 'eas_attestation') {
+        return `eas:${c.chainId}:${(c.schemaId || c.template || '').toLowerCase()}`;
+    }
+    return `${c.type}:${c.chainId}:${c.contractAddress.toLowerCase()}`;
+}
+function cacheKey(address, conditions) {
+    const sorted = [...conditions].sort((a, b) => {
+        const ka = conditionSortKey(a);
+        const kb = conditionSortKey(b);
+        return ka < kb ? -1 : ka > kb ? 1 : 0;
+    });
+    return `${address.toLowerCase()}:${JSON.stringify(sorted)}`;
+}
+/** Clear the in-memory ownership cache. Useful in tests. */
+export function clearConditionGateCache() {
+    cache.clear();
+}
+// ---------------------------------------------------------------------------
+// DID parsing
+// ---------------------------------------------------------------------------
+/**
+ * Extracts an EVM address from a `did:pkh:eip155:{chainId}:{address}` string.
+ * Returns null for non-EVM or unparseable DIDs.
+ */
+export function parseDid(source) {
+    const parts = source.split(':');
+    if (parts.length !== 5)
+        return null;
+    if (parts[0] !== 'did' || parts[1] !== 'pkh' || parts[2] !== 'eip155')
+        return null;
+    const address = parts[4];
+    if (!address || !address.startsWith('0x'))
+        return null;
+    return address;
+}
+/** Extracts a Solana address from a `did:pkh:solana:{chainId}:{address}` string. */
+export function parseSolanaDid(source) {
+    const parts = source.split(':');
+    if (parts.length !== 5)
+        return null;
+    if (parts[0] !== 'did' || parts[1] !== 'pkh' || parts[2] !== 'solana')
+        return null;
+    return parts[4] || null;
+}
+/** Extracts an XRPL address from a `did:pkh:xrpl:{chainId}:{address}` string. */
+export function parseXrplDid(source) {
+    const parts = source.split(':');
+    if (parts.length !== 5)
+        return null;
+    if (parts[0] !== 'did' || parts[1] !== 'pkh' || parts[2] !== 'xrpl')
+        return null;
+    const address = parts[4];
+    if (!address || !address.startsWith('r'))
+        return null;
+    return address;
+}
+/** Extracts a Bitcoin address from a `did:pkh:bip122:{chainId}:{address}` string. */
+export function parseBitcoinDid(source) {
+    const parts = source.split(':');
+    if (parts.length !== 5)
+        return null;
+    if (parts[0] !== 'did' || parts[1] !== 'pkh' || parts[2] !== 'bip122')
+        return null;
+    return parts[4] || null;
+}
+// ---------------------------------------------------------------------------
+// InsumerAPI call
+// ---------------------------------------------------------------------------
+function buildBodyConditions(conditions) {
+    return conditions.map((c) => {
+        if (c.type === 'farcaster_id') {
+            const cond = { type: c.type };
+            if (c.label)
+                cond.label = c.label;
+            return cond;
+        }
+        if (c.type === 'eas_attestation') {
+            const cond = {
+                type: c.type,
+                chainId: c.chainId,
+            };
+            if (c.template)
+                cond.template = c.template;
+            if (c.schemaId)
+                cond.schemaId = c.schemaId;
+            if (c.attester)
+                cond.attester = c.attester;
+            if (c.indexer)
+                cond.indexer = c.indexer;
+            if (c.label)
+                cond.label = c.label;
+            return cond;
+        }
+        // token_balance or nft_ownership
+        const cond = {
+            type: c.type,
+            contractAddress: c.contractAddress,
+            chainId: c.chainId,
+        };
+        if (c.type === 'token_balance') {
+            cond.threshold = c.threshold ?? 1;
+            if (c.decimals !== undefined)
+                cond.decimals = c.decimals;
+            if (c.currency)
+                cond.currency = c.currency;
+        }
+        if (c.type === 'nft_ownership' && c.taxon !== undefined) {
+            cond.taxon = c.taxon;
+        }
+        if (c.label)
+            cond.label = c.label;
+        return cond;
+    });
+}
+async function callAttest(wallet, walletType, conditions, options) {
+    const apiKey = options.apiKey || process.env.INSUMER_API_KEY;
+    if (!apiKey) {
+        throw new Error('mppx-condition-gate: Missing API key. Pass apiKey in options or set INSUMER_API_KEY env var. ' +
+            'Get a free key: POST https://api.insumermodel.com/v1/keys/create');
+    }
+    const baseUrl = options.apiBaseUrl || 'https://api.insumermodel.com';
+    const body = {
+        conditions: buildBodyConditions(conditions),
+    };
+    if (walletType === 'solana')
+        body.solanaWallet = wallet;
+    else if (walletType === 'xrpl')
+        body.xrplWallet = wallet;
+    else if (walletType === 'bitcoin')
+        body.bitcoinWallet = wallet;
+    else
+        body.wallet = wallet;
+    if (options.jwt)
+        body.format = 'jwt';
+    const response = await fetch(`${baseUrl}/v1/attest`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'x-api-key': apiKey,
+        },
+        body: JSON.stringify(body),
+    });
+    const data = await response.json();
+    if (!response.ok || !data.ok) {
+        const msg = data?.error?.message || `HTTP ${response.status}`;
+        throw new Error(`mppx-condition-gate: Attestation failed: ${msg}`);
+    }
+    return data;
+}
+// ---------------------------------------------------------------------------
+// conditionGate adapter
+// ---------------------------------------------------------------------------
+/**
+ * Wraps an mppx Method.Server with condition-based access using signed attestations.
+ *
+ * Extracts the payer address from credential.source (DID), calls /v1/attest to
+ * evaluate conditions across 33 chains, and returns a free-access receipt for
+ * wallets that meet the conditions. Wallets that do not meet them fall through
+ * to the original payment method.
+ *
+ * Supports four condition types: token_balance, nft_ownership, eas_attestation,
+ * and farcaster_id. Conditions can be mixed in a single call.
+ *
+ * The attestation is ECDSA P-256 signed and verifiable offline via the public
+ * JWKS at https://insumermodel.com/.well-known/jwks.json.
+ *
+ * @example
+ * ```ts
+ * import { conditionGate } from '@insumermodel/mppx-condition-gate'
+ *
+ * const gated = conditionGate(tempoCharge, {
+ *   conditions: [
+ *     { type: 'eas_attestation', template: 'coinbase_verified_account', chainId: 8453 },
+ *     { type: 'farcaster_id' },
+ *   ],
+ *   matchMode: 'any',
+ * })
+ *
+ * const mppx = Mppx.create({ methods: [gated] })
+ * ```
+ */
+export function conditionGate(server, options) {
+    const { conditions, matchMode = 'any', cacheTtlSeconds = 300 } = options;
+    const originalVerify = server.verify;
+    const gatedVerify = async (params) => {
+        const credential = params.credential;
+        const source = credential.source;
+        // No DID → fall through to payment
+        if (!source)
+            return originalVerify(params);
+        // Determine wallet type and address
+        let wallet = null;
+        let walletType = 'evm';
+        wallet = parseDid(source);
+        if (!wallet) {
+            wallet = parseSolanaDid(source);
+            if (wallet)
+                walletType = 'solana';
+        }
+        if (!wallet) {
+            wallet = parseXrplDid(source);
+            if (wallet)
+                walletType = 'xrpl';
+        }
+        if (!wallet) {
+            wallet = parseBitcoinDid(source);
+            if (wallet)
+                walletType = 'bitcoin';
+        }
+        // Unparseable DID → fall through to payment
+        if (!wallet)
+            return originalVerify(params);
+        // Check cache
+        const key = cacheKey(wallet, conditions);
+        const cached = cache.get(key);
+        if (cached && cached.expiresAt > Date.now()) {
+            if (cached.pass) {
+                return {
+                    method: server.name,
+                    reference: `condition-gate:free:${cached.attestationId}`,
+                    status: 'success',
+                    timestamp: new Date().toISOString(),
+                };
+            }
+            // Cached non-holder → fall through
+            return originalVerify(params);
+        }
+        // Call InsumerAPI
+        try {
+            const result = await callAttest(wallet, walletType, conditions, options);
+            const attestation = result.data.attestation;
+            // Determine pass based on matchMode
+            let pass;
+            if (matchMode === 'all') {
+                pass = attestation.pass; // all conditions must be met
+            }
+            else {
+                // "any" — at least one condition met
+                pass = attestation.results.some((r) => r.met);
+            }
+            // Cache the result
+            cache.set(key, {
+                pass,
+                attestationId: attestation.id,
+                expiresAt: Date.now() + cacheTtlSeconds * 1000,
+            });
+            if (pass) {
+                return {
+                    method: server.name,
+                    reference: `condition-gate:free:${attestation.id}`,
+                    status: 'success',
+                    timestamp: new Date().toISOString(),
+                };
+            }
+        }
+        catch {
+            // Attestation API error → fall through to payment (fail open)
+        }
+        return originalVerify(params);
+    };
+    return {
+        ...server,
+        verify: gatedVerify,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AA2IA,MAAM,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAA;AAE3C,SAAS,gBAAgB,CAAC,CAAY;IACpC,IAAI,CAAC,CAAC,IAAI,KAAK,cAAc;QAAE,OAAO,cAAc,CAAA;IACpD,IAAI,CAAC,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACjC,OAAO,OAAO,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,EAAE,CAAA;IAC7E,CAAC;IACD,OAAO,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,eAAe,CAAC,WAAW,EAAE,EAAE,CAAA;AACpE,CAAC;AAED,SAAS,QAAQ,CAAC,OAAe,EAAE,UAAuB;IACxD,MAAM,MAAM,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC3C,MAAM,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAA;QAC9B,MAAM,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAA;QAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACvC,CAAC,CAAC,CAAA;IACF,OAAO,GAAG,OAAO,CAAC,WAAW,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAA;AAC7D,CAAC;AAED,4DAA4D;AAC5D,MAAM,UAAU,uBAAuB;IACrC,KAAK,CAAC,KAAK,EAAE,CAAA;AACf,CAAC;AAED,8EAA8E;AAC9E,cAAc;AACd,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,MAAc;IACrC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACnC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAA;IAClF,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IACxB,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAA;IACtD,OAAO,OAAwB,CAAA;AACjC,CAAC;AAED,oFAAoF;AACpF,MAAM,UAAU,cAAc,CAAC,MAAc;IAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACnC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAA;IAClF,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAA;AACzB,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,YAAY,CAAC,MAAc;IACzC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACnC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,MAAM;QAAE,OAAO,IAAI,CAAA;IAChF,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IACxB,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IACrD,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,qFAAqF;AACrF,MAAM,UAAU,eAAe,CAAC,MAAc;IAC5C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACnC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAA;IAClF,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAA;AACzB,CAAC;AAED,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E,SAAS,mBAAmB,CAAC,UAAuB;IAClD,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC1B,IAAI,CAAC,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YAC9B,MAAM,IAAI,GAA4B,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;YACtD,IAAI,CAAC,CAAC,KAAK;gBAAE,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAA;YACjC,OAAO,IAAI,CAAA;QACb,CAAC;QACD,IAAI,CAAC,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;YACjC,MAAM,IAAI,GAA4B;gBACpC,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,OAAO,EAAE,CAAC,CAAC,OAAO;aACnB,CAAA;YACD,IAAI,CAAC,CAAC,QAAQ;gBAAE,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAA;YAC1C,IAAI,CAAC,CAAC,QAAQ;gBAAE,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAA;YAC1C,IAAI,CAAC,CAAC,QAAQ;gBAAE,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAA;YAC1C,IAAI,CAAC,CAAC,OAAO;gBAAE,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAA;YACvC,IAAI,CAAC,CAAC,KAAK;gBAAE,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAA;YACjC,OAAO,IAAI,CAAA;QACb,CAAC;QACD,iCAAiC;QACjC,MAAM,IAAI,GAA4B;YACpC,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,eAAe,EAAE,CAAC,CAAC,eAAe;YAClC,OAAO,EAAE,CAAC,CAAC,OAAO;SACnB,CAAA;QACD,IAAI,CAAC,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;YAC/B,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,IAAI,CAAC,CAAA;YACjC,IAAI,CAAC,CAAC,QAAQ,KAAK,SAAS;gBAAE,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAA;YACxD,IAAI,CAAC,CAAC,QAAQ;gBAAE,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAA;QAC5C,CAAC;QACD,IAAI,CAAC,CAAC,IAAI,KAAK,eAAe,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YACxD,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAA;QACtB,CAAC;QACD,IAAI,CAAC,CAAC,KAAK;YAAE,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAA;QACjC,OAAO,IAAI,CAAA;IACb,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,MAAc,EACd,UAAiD,EACjD,UAAuB,EACvB,OAAoE;IAEpE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAA;IAC5D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,+FAA+F;YAC/F,kEAAkE,CACnE,CAAA;IACH,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,IAAI,8BAA8B,CAAA;IAEpE,MAAM,IAAI,GAA4B;QACpC,UAAU,EAAE,mBAAmB,CAAC,UAAU,CAAC;KAC5C,CAAA;IAED,IAAI,UAAU,KAAK,QAAQ;QAAE,IAAI,CAAC,YAAY,GAAG,MAAM,CAAA;SAClD,IAAI,UAAU,KAAK,MAAM;QAAE,IAAI,CAAC,UAAU,GAAG,MAAM,CAAA;SACnD,IAAI,UAAU,KAAK,SAAS;QAAE,IAAI,CAAC,aAAa,GAAG,MAAM,CAAA;;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IAEzB,IAAI,OAAO,CAAC,GAAG;QAAE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAA;IAEpC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,YAAY,EAAE;QACnD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,WAAW,EAAE,MAAM;SACpB;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;KAC3B,CAAC,CAAA;IAEF,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAwB,CAAA;IACxD,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAI,IAAY,EAAE,KAAK,EAAE,OAAO,IAAI,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAA;QACtE,MAAM,IAAI,KAAK,CAAC,4CAA4C,GAAG,EAAE,CAAC,CAAA;IACpE,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,UAAU,aAAa,CAC3B,MAAwB,EACxB,OAA6B;IAE7B,MAAM,EAAE,UAAU,EAAE,SAAS,GAAG,KAAK,EAAE,eAAe,GAAG,GAAG,EAAE,GAAG,OAAO,CAAA;IAExE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAA;IAEpC,MAAM,WAAW,GAA0B,KAAK,EAAE,MAAW,EAAE,EAAE;QAC/D,MAAM,UAAU,GAAG,MAAM,CAAC,UAAiC,CAAA;QAC3D,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAA;QAEhC,mCAAmC;QACnC,IAAI,CAAC,MAAM;YAAE,OAAO,cAAc,CAAC,MAAM,CAAC,CAAA;QAE1C,oCAAoC;QACpC,IAAI,MAAM,GAAkB,IAAI,CAAA;QAChC,IAAI,UAAU,GAA0C,KAAK,CAAA;QAE7D,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAA;QACzB,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAA;YAC/B,IAAI,MAAM;gBAAE,UAAU,GAAG,QAAQ,CAAA;QACnC,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAA;YAC7B,IAAI,MAAM;gBAAE,UAAU,GAAG,MAAM,CAAA;QACjC,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,CAAA;YAChC,IAAI,MAAM;gBAAE,UAAU,GAAG,SAAS,CAAA;QACpC,CAAC;QAED,4CAA4C;QAC5C,IAAI,CAAC,MAAM;YAAE,OAAO,cAAc,CAAC,MAAM,CAAC,CAAA;QAE1C,cAAc;QACd,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAA;QACxC,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QAC7B,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5C,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;gBAChB,OAAO;oBACL,MAAM,EAAE,MAAM,CAAC,IAAI;oBACnB,SAAS,EAAE,uBAAuB,MAAM,CAAC,aAAa,EAAE;oBACxD,MAAM,EAAE,SAAkB;oBAC1B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACpC,CAAA;YACH,CAAC;YACD,mCAAmC;YACnC,OAAO,cAAc,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;QAED,kBAAkB;QAClB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;YACxE,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAA;YAE3C,oCAAoC;YACpC,IAAI,IAAa,CAAA;YACjB,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;gBACxB,IAAI,GAAG,WAAW,CAAC,IAAI,CAAA,CAAC,6BAA6B;YACvD,CAAC;iBAAM,CAAC;gBACN,qCAAqC;gBACrC,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;YAC/C,CAAC;YAED,mBAAmB;YACnB,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE;gBACb,IAAI;gBACJ,aAAa,EAAE,WAAW,CAAC,EAAE;gBAC7B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,eAAe,GAAG,IAAI;aAC/C,CAAC,CAAA;YAEF,IAAI,IAAI,EAAE,CAAC;gBACT,OAAO;oBACL,MAAM,EAAE,MAAM,CAAC,IAAI;oBACnB,SAAS,EAAE,uBAAuB,WAAW,CAAC,EAAE,EAAE;oBAClD,MAAM,EAAE,SAAkB;oBAC1B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACpC,CAAA;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,8DAA8D;QAChE,CAAC;QAED,OAAO,cAAc,CAAC,MAAM,CAAC,CAAA;IAC/B,CAAC,CAAA;IAED,OAAO;QACL,GAAG,MAAM;QACT,MAAM,EAAE,WAAW;KACpB,CAAA;AACH,CAAC"}

package/package.json

@@ -0,0 +1,60 @@
+{
+  "name": "@insumermodel/mppx-condition-gate",
+  "version": "2.0.0",
+  "description": "Condition-based access for mppx routes. Wallet auth via signed attestations across 33 chains. Four condition types: token balance, NFT ownership, EAS attestation, Farcaster ID.",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "src"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "condition-based-access",
+    "condition-gate",
+    "mppx",
+    "mpp",
+    "wallet-auth",
+    "wallet",
+    "attestation",
+    "eas",
+    "farcaster",
+    "token-gate",
+    "nft",
+    "erc20",
+    "erc721",
+    "solana",
+    "xrpl",
+    "bitcoin",
+    "web3"
+  ],
+  "author": "douglasborthwick-crypto",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/douglasborthwick-crypto/mppx-condition-gate.git"
+  },
+  "peerDependencies": {
+    "mppx": ">=0.1.0"
+  },
+  "peerDependenciesMeta": {
+    "mppx": {
+      "optional": true
+    }
+  },
+  "devDependencies": {
+    "@types/node": "^25.5.0",
+    "mppx": "latest",
+    "typescript": "^5.7.0"
+  }
+}

package/src/index.ts

@@ -0,0 +1,418 @@
+import type { Method, Receipt } from 'mppx'
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+export type ChainId = number | 'solana' | 'xrpl' | 'bitcoin'
+
+/** ERC-20 / SPL / XRPL trust-line / native balance check */
+export type TokenBalanceCondition = {
+  type: 'token_balance'
+  /** Token contract address. For XRPL native XRP or Bitcoin, use "native". */
+  contractAddress: string
+  chainId: ChainId
+  /** Minimum balance. Defaults to 1. */
+  threshold?: number
+  /** Token decimals. Auto-detected on most EVM chains if omitted. */
+  decimals?: number
+  /** XRPL currency code (e.g. "USD", "RLUSD") for trust-line tokens. */
+  currency?: string
+  /** Human-readable label (max 100 chars). */
+  label?: string
+}
+
+/** ERC-721 / ERC-1155 / Solana cNFT / XRPL NFT ownership check */
+export type NftOwnershipCondition = {
+  type: 'nft_ownership'
+  contractAddress: string
+  chainId: ChainId
+  /** XRPL NFToken taxon filter. XRPL only. */
+  taxon?: number
+  label?: string
+}
+
+/** EAS attestation check (Ethereum Attestation Service) */
+export type EasAttestationCondition = {
+  type: 'eas_attestation'
+  /** EVM chain ID (typically Base 8453). */
+  chainId: number
+  /**
+   * Pre-configured compliance template. Mutually exclusive with schemaId.
+   * When provided, fills in schemaId / attester / indexer automatically.
+   * See GET /v1/compliance/templates for the live list.
+   */
+  template?:
+    | 'coinbase_verified_account'
+    | 'coinbase_verified_country'
+    | 'coinbase_one'
+    | 'gitcoin_passport_score'
+    | 'gitcoin_passport_active'
+  /** EAS schema ID (bytes32 hex). Required if template is not provided. */
+  schemaId?: string
+  /** Expected attester address (case-insensitive). Optional. */
+  attester?: string
+  /**
+   * EAS indexer contract address. Required for raw (non-template) conditions.
+   * The verifier resolves the attestation UID via getAttestationUid(recipient, schema).
+   */
+  indexer?: string
+  label?: string
+}
+
+/** Farcaster ID registration check (always on Optimism, chain 10) */
+export type FarcasterIdCondition = {
+  type: 'farcaster_id'
+  label?: string
+}
+
+/** Any condition accepted by /v1/attest */
+export type Condition =
+  | TokenBalanceCondition
+  | NftOwnershipCondition
+  | EasAttestationCondition
+  | FarcasterIdCondition
+
+export type ConditionGateOptions = {
+  /** InsumerAPI key. Falls back to INSUMER_API_KEY env var. */
+  apiKey?: string
+  /** One or more conditions to evaluate. Mix any of the four types. */
+  conditions: Condition[]
+  /** Whether the wallet must satisfy "any" (default) or "all" conditions. */
+  matchMode?: 'any' | 'all'
+  /** In-memory cache TTL in seconds. Defaults to 300 (5 minutes). */
+  cacheTtlSeconds?: number
+  /**
+   * InsumerAPI base URL. Defaults to "https://api.insumermodel.com".
+   * Override for self-hosted deployments or testing.
+   */
+  apiBaseUrl?: string
+  /** Request JWT format alongside the raw attestation. Defaults to false. */
+  jwt?: boolean
+}
+
+export type InsumerAttestation = {
+  ok: boolean
+  data: {
+    attestation: {
+      id: string
+      pass: boolean
+      results: Array<{
+        condition: number
+        label?: string
+        type: string
+        chainId: number | string
+        met: boolean
+        evaluatedCondition: Record<string, unknown>
+        conditionHash: string
+        blockNumber?: string
+        blockTimestamp?: string
+        ledgerIndex?: number
+        ledgerHash?: string
+      }>
+      passCount: number
+      failCount: number
+      attestedAt: string
+      expiresAt: string
+    }
+    sig: string
+    kid: string
+    jwt?: string
+  }
+  meta: {
+    version: string
+    timestamp: string
+    creditsRemaining: number
+    creditsCharged: number
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Cache
+// ---------------------------------------------------------------------------
+
+type CacheEntry = {
+  pass: boolean
+  attestationId: string
+  expiresAt: number
+}
+
+const cache = new Map<string, CacheEntry>()
+
+function conditionSortKey(c: Condition): string {
+  if (c.type === 'farcaster_id') return 'farcaster_id'
+  if (c.type === 'eas_attestation') {
+    return `eas:${c.chainId}:${(c.schemaId || c.template || '').toLowerCase()}`
+  }
+  return `${c.type}:${c.chainId}:${c.contractAddress.toLowerCase()}`
+}
+
+function cacheKey(address: string, conditions: Condition[]): string {
+  const sorted = [...conditions].sort((a, b) => {
+    const ka = conditionSortKey(a)
+    const kb = conditionSortKey(b)
+    return ka < kb ? -1 : ka > kb ? 1 : 0
+  })
+  return `${address.toLowerCase()}:${JSON.stringify(sorted)}`
+}
+
+/** Clear the in-memory ownership cache. Useful in tests. */
+export function clearConditionGateCache(): void {
+  cache.clear()
+}
+
+// ---------------------------------------------------------------------------
+// DID parsing
+// ---------------------------------------------------------------------------
+
+/**
+ * Extracts an EVM address from a `did:pkh:eip155:{chainId}:{address}` string.
+ * Returns null for non-EVM or unparseable DIDs.
+ */
+export function parseDid(source: string): `0x${string}` | null {
+  const parts = source.split(':')
+  if (parts.length !== 5) return null
+  if (parts[0] !== 'did' || parts[1] !== 'pkh' || parts[2] !== 'eip155') return null
+  const address = parts[4]
+  if (!address || !address.startsWith('0x')) return null
+  return address as `0x${string}`
+}
+
+/** Extracts a Solana address from a `did:pkh:solana:{chainId}:{address}` string. */
+export function parseSolanaDid(source: string): string | null {
+  const parts = source.split(':')
+  if (parts.length !== 5) return null
+  if (parts[0] !== 'did' || parts[1] !== 'pkh' || parts[2] !== 'solana') return null
+  return parts[4] || null
+}
+
+/** Extracts an XRPL address from a `did:pkh:xrpl:{chainId}:{address}` string. */
+export function parseXrplDid(source: string): string | null {
+  const parts = source.split(':')
+  if (parts.length !== 5) return null
+  if (parts[0] !== 'did' || parts[1] !== 'pkh' || parts[2] !== 'xrpl') return null
+  const address = parts[4]
+  if (!address || !address.startsWith('r')) return null
+  return address
+}
+
+/** Extracts a Bitcoin address from a `did:pkh:bip122:{chainId}:{address}` string. */
+export function parseBitcoinDid(source: string): string | null {
+  const parts = source.split(':')
+  if (parts.length !== 5) return null
+  if (parts[0] !== 'did' || parts[1] !== 'pkh' || parts[2] !== 'bip122') return null
+  return parts[4] || null
+}
+
+// ---------------------------------------------------------------------------
+// InsumerAPI call
+// ---------------------------------------------------------------------------
+
+function buildBodyConditions(conditions: Condition[]): Array<Record<string, unknown>> {
+  return conditions.map((c) => {
+    if (c.type === 'farcaster_id') {
+      const cond: Record<string, unknown> = { type: c.type }
+      if (c.label) cond.label = c.label
+      return cond
+    }
+    if (c.type === 'eas_attestation') {
+      const cond: Record<string, unknown> = {
+        type: c.type,
+        chainId: c.chainId,
+      }
+      if (c.template) cond.template = c.template
+      if (c.schemaId) cond.schemaId = c.schemaId
+      if (c.attester) cond.attester = c.attester
+      if (c.indexer) cond.indexer = c.indexer
+      if (c.label) cond.label = c.label
+      return cond
+    }
+    // token_balance or nft_ownership
+    const cond: Record<string, unknown> = {
+      type: c.type,
+      contractAddress: c.contractAddress,
+      chainId: c.chainId,
+    }
+    if (c.type === 'token_balance') {
+      cond.threshold = c.threshold ?? 1
+      if (c.decimals !== undefined) cond.decimals = c.decimals
+      if (c.currency) cond.currency = c.currency
+    }
+    if (c.type === 'nft_ownership' && c.taxon !== undefined) {
+      cond.taxon = c.taxon
+    }
+    if (c.label) cond.label = c.label
+    return cond
+  })
+}
+
+async function callAttest(
+  wallet: string,
+  walletType: 'evm' | 'solana' | 'xrpl' | 'bitcoin',
+  conditions: Condition[],
+  options: Pick<ConditionGateOptions, 'apiKey' | 'apiBaseUrl' | 'jwt'>,
+): Promise<InsumerAttestation> {
+  const apiKey = options.apiKey || process.env.INSUMER_API_KEY
+  if (!apiKey) {
+    throw new Error(
+      'mppx-condition-gate: Missing API key. Pass apiKey in options or set INSUMER_API_KEY env var. ' +
+      'Get a free key: POST https://api.insumermodel.com/v1/keys/create',
+    )
+  }
+
+  const baseUrl = options.apiBaseUrl || 'https://api.insumermodel.com'
+
+  const body: Record<string, unknown> = {
+    conditions: buildBodyConditions(conditions),
+  }
+
+  if (walletType === 'solana') body.solanaWallet = wallet
+  else if (walletType === 'xrpl') body.xrplWallet = wallet
+  else if (walletType === 'bitcoin') body.bitcoinWallet = wallet
+  else body.wallet = wallet
+
+  if (options.jwt) body.format = 'jwt'
+
+  const response = await fetch(`${baseUrl}/v1/attest`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'x-api-key': apiKey,
+    },
+    body: JSON.stringify(body),
+  })
+
+  const data = await response.json() as InsumerAttestation
+  if (!response.ok || !data.ok) {
+    const msg = (data as any)?.error?.message || `HTTP ${response.status}`
+    throw new Error(`mppx-condition-gate: Attestation failed: ${msg}`)
+  }
+  return data
+}
+
+// ---------------------------------------------------------------------------
+// conditionGate adapter
+// ---------------------------------------------------------------------------
+
+/**
+ * Wraps an mppx Method.Server with condition-based access using signed attestations.
+ *
+ * Extracts the payer address from credential.source (DID), calls /v1/attest to
+ * evaluate conditions across 33 chains, and returns a free-access receipt for
+ * wallets that meet the conditions. Wallets that do not meet them fall through
+ * to the original payment method.
+ *
+ * Supports four condition types: token_balance, nft_ownership, eas_attestation,
+ * and farcaster_id. Conditions can be mixed in a single call.
+ *
+ * The attestation is ECDSA P-256 signed and verifiable offline via the public
+ * JWKS at https://insumermodel.com/.well-known/jwks.json.
+ *
+ * @example
+ * ```ts
+ * import { conditionGate } from '@insumermodel/mppx-condition-gate'
+ *
+ * const gated = conditionGate(tempoCharge, {
+ *   conditions: [
+ *     { type: 'eas_attestation', template: 'coinbase_verified_account', chainId: 8453 },
+ *     { type: 'farcaster_id' },
+ *   ],
+ *   matchMode: 'any',
+ * })
+ *
+ * const mppx = Mppx.create({ methods: [gated] })
+ * ```
+ */
+export function conditionGate(
+  server: Method.AnyServer,
+  options: ConditionGateOptions,
+): Method.AnyServer {
+  const { conditions, matchMode = 'any', cacheTtlSeconds = 300 } = options
+
+  const originalVerify = server.verify
+
+  const gatedVerify: typeof originalVerify = async (params: any) => {
+    const credential = params.credential as { source?: string }
+    const source = credential.source
+
+    // No DID → fall through to payment
+    if (!source) return originalVerify(params)
+
+    // Determine wallet type and address
+    let wallet: string | null = null
+    let walletType: 'evm' | 'solana' | 'xrpl' | 'bitcoin' = 'evm'
+
+    wallet = parseDid(source)
+    if (!wallet) {
+      wallet = parseSolanaDid(source)
+      if (wallet) walletType = 'solana'
+    }
+    if (!wallet) {
+      wallet = parseXrplDid(source)
+      if (wallet) walletType = 'xrpl'
+    }
+    if (!wallet) {
+      wallet = parseBitcoinDid(source)
+      if (wallet) walletType = 'bitcoin'
+    }
+
+    // Unparseable DID → fall through to payment
+    if (!wallet) return originalVerify(params)
+
+    // Check cache
+    const key = cacheKey(wallet, conditions)
+    const cached = cache.get(key)
+    if (cached && cached.expiresAt > Date.now()) {
+      if (cached.pass) {
+        return {
+          method: server.name,
+          reference: `condition-gate:free:${cached.attestationId}`,
+          status: 'success' as const,
+          timestamp: new Date().toISOString(),
+        }
+      }
+      // Cached non-holder → fall through
+      return originalVerify(params)
+    }
+
+    // Call InsumerAPI
+    try {
+      const result = await callAttest(wallet, walletType, conditions, options)
+      const attestation = result.data.attestation
+
+      // Determine pass based on matchMode
+      let pass: boolean
+      if (matchMode === 'all') {
+        pass = attestation.pass // all conditions must be met
+      } else {
+        // "any" — at least one condition met
+        pass = attestation.results.some((r) => r.met)
+      }
+
+      // Cache the result
+      cache.set(key, {
+        pass,
+        attestationId: attestation.id,
+        expiresAt: Date.now() + cacheTtlSeconds * 1000,
+      })
+
+      if (pass) {
+        return {
+          method: server.name,
+          reference: `condition-gate:free:${attestation.id}`,
+          status: 'success' as const,
+          timestamp: new Date().toISOString(),
+        }
+      }
+    } catch {
+      // Attestation API error → fall through to payment (fail open)
+    }
+
+    return originalVerify(params)
+  }
+
+  return {
+    ...server,
+    verify: gatedVerify,
+  }
+}