@leashmarket/core 0.1.0 → 0.2.1

package/README.md

@@ -3,6 +3,16 @@
 Policy evaluation, receipt hashing / chain verification, real x402 client
 adapter for Solana, treasury helpers, and an env-based kill-switch.
 
+## Install
+
+```bash
+npm install @leashmarket/core
+# or
+pnpm add @leashmarket/core
+```
+
+## Usage
+
 ```ts
 import {
   evaluate,
@@ -22,11 +32,14 @@ import { createSvmBuyerFetch } from '@leashmarket/core/x402';
 All hashing uses `@noble/hashes` so the package runs unchanged in Node,
 the browser, and edge runtimes.
 
+## Docs
+
+[docs.leash.market/sdk/core](https://docs.leash.market/sdk/core)
+
+See also: [Real x402 on Solana](https://docs.leash.market/standards/x402-on-solana)
+
 ## Test
 
 ```bash
 pnpm --filter @leashmarket/core test
 ```
-
-See the [`Real x402 on Solana`](../../apps/docs/standards/x402-on-solana.mdx)
-doc for the protocol-level walkthrough.

package/dist/index.d.ts

@@ -13,6 +13,8 @@ export * from './x402/facilitator.js';
 export * from './x402/headers.js';
 export * from './x402/parse.js';
 export * from './x402/webhook.js';
+export * from './mpp/index.js';
+export * from './payments/index.js';
 export * from './treasury/balance.js';
 export * from './treasury/inspect-token-account.js';
 export * from './treasury/list-balances.js';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,qBAAqB,CAAC;AACpC,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC;AACpC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,oBAAoB,CAAC;AACnC,cAAc,uBAAuB,CAAC;AACtC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC;AAClC,cAAc,uBAAuB,CAAC;AACtC,cAAc,qCAAqC,CAAC;AACpD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,qBAAqB,CAAC;AACpC,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC;AACpC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,oBAAoB,CAAC;AACnC,cAAc,uBAAuB,CAAC;AACtC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC;AAClC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,qCAAqC,CAAC;AACpD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC"}

package/dist/index.js

@@ -13,6 +13,8 @@ export * from './x402/facilitator.js';
 export * from './x402/headers.js';
 export * from './x402/parse.js';
 export * from './x402/webhook.js';
+export * from './mpp/index.js';
+export * from './payments/index.js';
 export * from './treasury/balance.js';
 export * from './treasury/inspect-token-account.js';
 export * from './treasury/list-balances.js';

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,qBAAqB,CAAC;AACpC,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC;AACpC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,oBAAoB,CAAC;AACnC,cAAc,uBAAuB,CAAC;AACtC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC;AAClC,cAAc,uBAAuB,CAAC;AACtC,cAAc,qCAAqC,CAAC;AACpD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,qBAAqB,CAAC;AACpC,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC;AACpC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,oBAAoB,CAAC;AACnC,cAAc,uBAAuB,CAAC;AACtC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC;AAClC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,qCAAqC,CAAC;AACpD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC"}

package/dist/mpp/client.d.ts

@@ -0,0 +1,82 @@
+/**
+ * MPP-on-Solana buyer client.
+ *
+ * Mirrors {@link createSvmBuyerFetch} (x402 client) but speaks the MPP
+ * wire shape: GET -> 402 with `application/problem+json` body ->
+ * build SPL `TransferChecked` matching `request.recipient/amount/asset`
+ * -> sign -> POST credential to facilitator (or local-settle) -> retry
+ * the original request with `Authorization: PaymentScheme <b64>` and
+ * carry the settlement metadata back to the caller.
+ *
+ * The returned `paidFetch` is a drop-in replacement for `fetch`, so
+ * buyer-kit can layer dual-protocol routing on top via
+ * {@link detectProtocol} without splitting its public API.
+ */
+import { type Address } from '@solana/kit';
+import type { ClientSvmSigner } from '@x402/svm';
+import type { MppChallengeV1 } from '@leashmarket/schemas';
+import { type LeashFetch, type LeashX402Network } from '../x402/client.js';
+export type CreateSvmMppFetchOptions = {
+    /** Authority that signs the SPL transfer (delegate or owner of `sourceTokenAccount`). */
+    signer: ClientSvmSigner;
+    /**
+     * Solana clusters to allow. The buyer rejects challenges whose `network`
+     * is not in this list. Defaults to all three Solana clusters.
+     */
+    networks?: LeashX402Network[];
+    /** Optional RPC endpoint override forwarded to `@x402/svm` helpers. */
+    rpcUrl?: string;
+    /**
+     * If set, the SPL transfer debits from this token account and `signer`
+     * signs as the SPL **delegate** (mirror of LeashDelegateExactSvmScheme).
+     * Leave undefined for "signer pays from their own ATA".
+     */
+    sourceTokenAccount?: Address | string;
+    /**
+     * Facilitator URL the seller forwards credentials to. Buyers don't talk
+     * to the facilitator directly — the seller does — but we record it on
+     * the receipt so explorers can re-verify settlement. Defaults to the
+     * Leash devnet/mainnet facilitator depending on `networks`.
+     */
+    facilitatorUrl?: string;
+};
+/**
+ * Settlement output the buyer-kit layer reads off the wire after the
+ * retry succeeds. Fields are populated from response headers stamped by
+ * the seller (mirrors x402's `PAYMENT-RESPONSE`).
+ */
+export type MppSettlement = {
+    challengeId: string;
+    /** Solana SPL transfer signature that satisfied the challenge. */
+    settlementTx: string;
+    settlementSlot: string | number;
+};
+/**
+ * Per-call result carried through the wrapped fetch so buyer-kit can
+ * stamp it onto a `ReceiptV02Mpp`. Exposed here so consumers writing
+ * their own client (without buyer-kit) can read it too.
+ */
+export type MppPaidResponse = {
+    response: Response;
+    challenge: MppChallengeV1;
+    settlement: MppSettlement | null;
+};
+/**
+ * Build a paid `fetch` for MPP-on-Solana. Returns a function that
+ * accepts the same args as `fetch` and resolves to a regular `Response`.
+ * Buyer-kit (Phase 3) layers a richer return shape via the dual-fetch
+ * orchestrator; this raw fetch is convenient for tests + standalone use.
+ */
+export declare function createSvmMppFetch(opts: CreateSvmMppFetchOptions): LeashFetch;
+/**
+ * Lower-level: build and sign the SPL transfer that satisfies the
+ * challenge. Exported so seller-kit tests and the explorer can replay
+ * the buyer side without a real network call.
+ */
+export declare function buildAndSignMppTransfer(args: {
+    challenge: MppChallengeV1;
+    signer: ClientSvmSigner;
+    sourceTokenAccount?: Address | string;
+    rpcUrl?: string;
+}): Promise<string>;
+//# sourceMappingURL=client.d.ts.map

package/dist/mpp/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/mpp/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAEL,KAAK,OAAO,EAUb,MAAM,aAAa,CAAC;AAcrB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AACjD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAE3D,OAAO,EAAE,KAAK,UAAU,EAAE,KAAK,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAQ3E,MAAM,MAAM,wBAAwB,GAAG;IACrC,yFAAyF;IACzF,MAAM,EAAE,eAAe,CAAC;IACxB;;;OAGG;IACH,QAAQ,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAC9B,uEAAuE;IACvE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IACtC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,kEAAkE;IAClE,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,GAAG,MAAM,CAAC;CACjC,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,QAAQ,EAAE,QAAQ,CAAC;IACnB,SAAS,EAAE,cAAc,CAAC;IAC1B,UAAU,EAAE,aAAa,GAAG,IAAI,CAAC;CAClC,CAAC;AAEF;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,wBAAwB,GAAG,UAAU,CA4C5E;AAED;;;;GAIG;AACH,wBAAsB,uBAAuB,CAAC,IAAI,EAAE;IAClD,SAAS,EAAE,cAAc,CAAC;IAC1B,MAAM,EAAE,eAAe,CAAC;IACxB,kBAAkB,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,OAAO,CAAC,MAAM,CAAC,CAwFlB"}

package/dist/mpp/client.js

@@ -0,0 +1,155 @@
+/**
+ * MPP-on-Solana buyer client.
+ *
+ * Mirrors {@link createSvmBuyerFetch} (x402 client) but speaks the MPP
+ * wire shape: GET -> 402 with `application/problem+json` body ->
+ * build SPL `TransferChecked` matching `request.recipient/amount/asset`
+ * -> sign -> POST credential to facilitator (or local-settle) -> retry
+ * the original request with `Authorization: PaymentScheme <b64>` and
+ * carry the settlement metadata back to the caller.
+ *
+ * The returned `paidFetch` is a drop-in replacement for `fetch`, so
+ * buyer-kit can layer dual-protocol routing on top via
+ * {@link detectProtocol} without splitting its public API.
+ */
+import { address as toAddress, appendTransactionMessageInstructions, createTransactionMessage, getBase64EncodedWireTransaction, partiallySignTransactionMessageWithSigners, pipe, prependTransactionMessageInstruction, setTransactionMessageFeePayer, setTransactionMessageLifetimeUsingBlockhash, } from '@solana/kit';
+import { getSetComputeUnitLimitInstruction, setTransactionMessageComputeUnitPrice, } from '@solana-program/compute-budget';
+import { fetchMint, findAssociatedTokenPda, getCreateAssociatedTokenIdempotentInstruction, getTransferCheckedInstruction, TOKEN_2022_PROGRAM_ADDRESS, } from '@solana-program/token-2022';
+import { TOKEN_PROGRAM_ADDRESS } from '@solana-program/token';
+import { createRpcClient, MEMO_PROGRAM_ADDRESS, MAX_MEMO_BYTES } from '@x402/svm';
+import {} from '../x402/client.js';
+import { defaultFacilitatorFor } from '../x402/facilitator.js';
+import { buildMppAuthorizationHeader } from './headers.js';
+import { parseMppChallenge } from './parse.js';
+const DEFAULT_COMPUTE_UNIT_LIMIT = 200_000;
+const DEFAULT_COMPUTE_UNIT_PRICE_MICROLAMPORTS = 10_000;
+/**
+ * Build a paid `fetch` for MPP-on-Solana. Returns a function that
+ * accepts the same args as `fetch` and resolves to a regular `Response`.
+ * Buyer-kit (Phase 3) layers a richer return shape via the dual-fetch
+ * orchestrator; this raw fetch is convenient for tests + standalone use.
+ */
+export function createSvmMppFetch(opts) {
+    const allowedNetworks = new Set((opts.networks ?? ['solana-mainnet', 'solana-devnet', 'solana-testnet']));
+    const facilitatorUrl = opts.facilitatorUrl ?? defaultFacilitatorFor(opts.networks);
+    return async function mppFetch(input, init) {
+        const firstResponse = await globalThis.fetch(input, init);
+        if (firstResponse.status !== 402)
+            return firstResponse;
+        // Caller may have signalled a non-MPP 402 (x402). Fall back to the
+        // original response so the dual-protocol orchestrator can route.
+        let challenge;
+        try {
+            challenge = await parseMppChallenge(firstResponse);
+        }
+        catch {
+            return firstResponse;
+        }
+        if (!allowedNetworks.has(challenge.request.network)) {
+            throw new Error(`mpp: seller asked for network "${challenge.request.network}" which is not in allowedNetworks`);
+        }
+        const signedTx = await buildAndSignMppTransfer({
+            challenge,
+            signer: opts.signer,
+            sourceTokenAccount: opts.sourceTokenAccount,
+            ...(opts.rpcUrl ? { rpcUrl: opts.rpcUrl } : {}),
+        });
+        const credential = {
+            v: '1',
+            challengeId: challenge.challengeId,
+            signedTx,
+        };
+        const authHeader = buildMppAuthorizationHeader(credential);
+        const retryInit = {
+            ...(init ?? {}),
+            headers: mergeAuthorizationHeader(init?.headers, authHeader),
+        };
+        const settled = await globalThis.fetch(input, retryInit);
+        return attachFacilitatorOnResponse(settled, facilitatorUrl);
+    };
+}
+/**
+ * Lower-level: build and sign the SPL transfer that satisfies the
+ * challenge. Exported so seller-kit tests and the explorer can replay
+ * the buyer side without a real network call.
+ */
+export async function buildAndSignMppTransfer(args) {
+    const { challenge, signer } = args;
+    // `createRpcClient` accepts the CAIP-2 / friendly slug forms x402 already
+    // emits; cast at the boundary so we can keep the schema's `string` shape.
+    const rpc = createRpcClient(challenge.request.network, args.rpcUrl);
+    const tokenMint = await fetchMint(rpc, challenge.request.asset);
+    const tokenProgramAddress = tokenMint.programAddress;
+    if (tokenProgramAddress.toString() !== TOKEN_PROGRAM_ADDRESS.toString() &&
+        tokenProgramAddress.toString() !== TOKEN_2022_PROGRAM_ADDRESS.toString()) {
+        throw new Error('mpp: asset was not created by a known token program');
+    }
+    let source;
+    if (args.sourceTokenAccount) {
+        source =
+            typeof args.sourceTokenAccount === 'string'
+                ? toAddress(args.sourceTokenAccount)
+                : args.sourceTokenAccount;
+    }
+    else {
+        const [ownerAta] = await findAssociatedTokenPda({
+            mint: challenge.request.asset,
+            owner: signer.address,
+            tokenProgram: tokenProgramAddress,
+        });
+        source = ownerAta;
+    }
+    const [destinationATA] = await findAssociatedTokenPda({
+        mint: challenge.request.asset,
+        owner: challenge.request.recipient,
+        tokenProgram: tokenProgramAddress,
+    });
+    const feePayerAddress = challenge.request.feePayer
+        ? toAddress(challenge.request.feePayer)
+        : signer.address;
+    const feePayerSigner = feePayerAddress;
+    const provisionSellerAtaIx = getCreateAssociatedTokenIdempotentInstruction({
+        payer: feePayerSigner,
+        ata: destinationATA,
+        owner: challenge.request.recipient,
+        mint: challenge.request.asset,
+        tokenProgram: tokenProgramAddress,
+    });
+    const transferIx = getTransferCheckedInstruction({
+        source,
+        mint: challenge.request.asset,
+        destination: destinationATA,
+        authority: signer,
+        amount: BigInt(challenge.request.amount),
+        decimals: tokenMint.data.decimals,
+    }, { programAddress: tokenProgramAddress });
+    // Memo binds challengeId to the on-chain tx so the facilitator can
+    // verify that this signed transfer matches the challenge it received.
+    const memoBytes = new TextEncoder().encode(`mpp:${challenge.challengeId}`);
+    if (memoBytes.byteLength > MAX_MEMO_BYTES) {
+        throw new Error(`mpp: challengeId memo exceeds maximum ${MAX_MEMO_BYTES} bytes`);
+    }
+    const memoIx = {
+        programAddress: MEMO_PROGRAM_ADDRESS,
+        accounts: [],
+        data: memoBytes,
+    };
+    const { value: latestBlockhash } = await rpc.getLatestBlockhash().send();
+    const tx = pipe(createTransactionMessage({ version: 0 }), (t) => setTransactionMessageComputeUnitPrice(DEFAULT_COMPUTE_UNIT_PRICE_MICROLAMPORTS, t), (t) => setTransactionMessageFeePayer(feePayerAddress, t), (t) => prependTransactionMessageInstruction(getSetComputeUnitLimitInstruction({ units: DEFAULT_COMPUTE_UNIT_LIMIT }), t), (t) => appendTransactionMessageInstructions([provisionSellerAtaIx, transferIx, memoIx], t), (t) => setTransactionMessageLifetimeUsingBlockhash(latestBlockhash, t));
+    const signed = await partiallySignTransactionMessageWithSigners(tx);
+    return getBase64EncodedWireTransaction(signed);
+}
+function mergeAuthorizationHeader(existing, authValue) {
+    const h = new Headers((existing ?? {}));
+    h.set('authorization', authValue);
+    return h;
+}
+/**
+ * Pass-through for now — placeholder for future client-side telemetry
+ * (e.g. recording the facilitator URL on a debug wrapper). Keeps the
+ * call-site readable and gives us a single hook for future logic.
+ */
+function attachFacilitatorOnResponse(response, _facilitatorUrl) {
+    return response;
+}
+//# sourceMappingURL=client.js.map

package/dist/mpp/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/mpp/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EACL,OAAO,IAAI,SAAS,EAGpB,oCAAoC,EACpC,wBAAwB,EACxB,+BAA+B,EAC/B,0CAA0C,EAC1C,IAAI,EACJ,oCAAoC,EACpC,6BAA6B,EAC7B,2CAA2C,GAC5C,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,iCAAiC,EACjC,qCAAqC,GACtC,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,SAAS,EACT,sBAAsB,EACtB,6CAA6C,EAC7C,6BAA6B,EAC7B,0BAA0B,GAC3B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAIlF,OAAO,EAA0C,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC/D,OAAO,EAAE,2BAA2B,EAAwB,MAAM,cAAc,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,MAAM,0BAA0B,GAAG,OAAO,CAAC;AAC3C,MAAM,wCAAwC,GAAG,MAAM,CAAC;AAkDxD;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAA8B;IAC9D,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,gBAAgB,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAa,CACrF,CAAC;IACF,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,IAAI,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAEnF,OAAO,KAAK,UAAU,QAAQ,CAC5B,KAA6B,EAC7B,IAAkB;QAElB,MAAM,aAAa,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAC1D,IAAI,aAAa,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,aAAa,CAAC;QACvD,mEAAmE;QACnE,iEAAiE;QACjE,IAAI,SAAyB,CAAC;QAC9B,IAAI,CAAC;YACH,SAAS,GAAG,MAAM,iBAAiB,CAAC,aAAa,CAAC,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,aAAa,CAAC;QACvB,CAAC;QACD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CACb,kCAAkC,SAAS,CAAC,OAAO,CAAC,OAAO,mCAAmC,CAC/F,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,uBAAuB,CAAC;YAC7C,SAAS;YACT,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;YAC3C,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAChD,CAAC,CAAC;QACH,MAAM,UAAU,GAAoB;YAClC,CAAC,EAAE,GAAG;YACN,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,QAAQ;SACT,CAAC;QACF,MAAM,UAAU,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;QAC3D,MAAM,SAAS,GAAgB;YAC7B,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;YACf,OAAO,EAAE,wBAAwB,CAAC,IAAI,EAAE,OAAO,EAAE,UAAU,CAAC;SAC7D,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QACzD,OAAO,2BAA2B,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IAC9D,CAAC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,IAK7C;IACC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACnC,0EAA0E;IAC1E,0EAA0E;IAC1E,MAAM,GAAG,GAAG,eAAe,CAAC,SAAS,CAAC,OAAO,CAAC,OAAgC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7F,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,OAAO,CAAC,KAAgB,CAAC,CAAC;IAC3E,MAAM,mBAAmB,GAAG,SAAS,CAAC,cAAc,CAAC;IACrD,IACE,mBAAmB,CAAC,QAAQ,EAAE,KAAK,qBAAqB,CAAC,QAAQ,EAAE;QACnE,mBAAmB,CAAC,QAAQ,EAAE,KAAK,0BAA0B,CAAC,QAAQ,EAAE,EACxE,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC5B,MAAM;YACJ,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;gBACzC,CAAC,CAAE,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAa;gBACjD,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC;IAChC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,sBAAsB,CAAC;YAC9C,IAAI,EAAE,SAAS,CAAC,OAAO,CAAC,KAAgB;YACxC,KAAK,EAAE,MAAM,CAAC,OAAO;YACrB,YAAY,EAAE,mBAAmB;SAClC,CAAC,CAAC;QACH,MAAM,GAAG,QAAQ,CAAC;IACpB,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,GAAG,MAAM,sBAAsB,CAAC;QACpD,IAAI,EAAE,SAAS,CAAC,OAAO,CAAC,KAAgB;QACxC,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC,SAAoB;QAC7C,YAAY,EAAE,mBAAmB;KAClC,CAAC,CAAC;IAEH,MAAM,eAAe,GAAY,SAAS,CAAC,OAAO,CAAC,QAAQ;QACzD,CAAC,CAAE,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAa;QACpD,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;IACnB,MAAM,cAAc,GAAG,eAAuD,CAAC;IAE/E,MAAM,oBAAoB,GAAG,6CAA6C,CAAC;QACzE,KAAK,EAAE,cAAc;QACrB,GAAG,EAAE,cAAc;QACnB,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC,SAAoB;QAC7C,IAAI,EAAE,SAAS,CAAC,OAAO,CAAC,KAAgB;QACxC,YAAY,EAAE,mBAAmB;KAClC,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,6BAA6B,CAC9C;QACE,MAAM;QACN,IAAI,EAAE,SAAS,CAAC,OAAO,CAAC,KAAgB;QACxC,WAAW,EAAE,cAAc;QAC3B,SAAS,EAAE,MAAM;QACjB,MAAM,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC;QACxC,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ;KAClC,EACD,EAAE,cAAc,EAAE,mBAAmB,EAAE,CACxC,CAAC;IAEF,mEAAmE;IACnE,sEAAsE;IACtE,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC;IAC3E,IAAI,SAAS,CAAC,UAAU,GAAG,cAAc,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,yCAAyC,cAAc,QAAQ,CAAC,CAAC;IACnF,CAAC;IACD,MAAM,MAAM,GAAG;QACb,cAAc,EAAE,oBAA+B;QAC/C,QAAQ,EAAE,EAAW;QACrB,IAAI,EAAE,SAAS;KAChB,CAAC;IAEF,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,GAAG,MAAM,GAAG,CAAC,kBAAkB,EAAE,CAAC,IAAI,EAAE,CAAC;IAEzE,MAAM,EAAE,GAAG,IAAI,CACb,wBAAwB,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,EACxC,CAAC,CAAC,EAAE,EAAE,CAAC,qCAAqC,CAAC,wCAAwC,EAAE,CAAC,CAAC,EACzF,CAAC,CAAC,EAAE,EAAE,CAAC,6BAA6B,CAAC,eAAe,EAAE,CAAC,CAAC,EACxD,CAAC,CAAC,EAAE,EAAE,CACJ,oCAAoC,CAClC,iCAAiC,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,EACxE,CAAC,CACF,EACH,CAAC,CAAC,EAAE,EAAE,CAAC,oCAAoC,CAAC,CAAC,oBAAoB,EAAE,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC,EAC1F,CAAC,CAAC,EAAE,EAAE,CAAC,2CAA2C,CAAC,eAAe,EAAE,CAAC,CAAC,CACvE,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,0CAA0C,CAAC,EAAE,CAAC,CAAC;IACpE,OAAO,+BAA+B,CAAC,MAAM,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,wBAAwB,CAAC,QAAgC,EAAE,SAAiB;IACnF,MAAM,CAAC,GAAG,IAAI,OAAO,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAqC,CAAC,CAAC;IAC5E,CAAC,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;IAClC,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;GAIG;AACH,SAAS,2BAA2B,CAAC,QAAkB,EAAE,eAAuB;IAC9E,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/mpp/envelope.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Hashing + canonical wire envelope for MPP receipts.
+ *
+ * MPP receipts (v0.2 mpp variant in `@leashmarket/schemas`) hash the
+ * same way x402 receipts do: SHA-256 of the canonical JSON of the
+ * draft (everything except `receipt_hash`). The `protocol` discriminator
+ * is part of the canonical body so x402 and MPP receipts in the same
+ * agent's chain can never collide on hash.
+ *
+ * This file also exports a thin helper to canonicalise an MPP challenge
+ * for replay-protection bookkeeping (sellers track issued challengeIds
+ * to reject reuse; the canonical form gives a stable id-by-content).
+ */
+import type { MppChallengeV1 } from '@leashmarket/schemas';
+/**
+ * Stable hash of a challenge — useful when persisting issued challenges
+ * to reject replays without storing the full body.
+ */
+export declare function mppChallengeHash(challenge: MppChallengeV1): string;
+/**
+ * Compact wire summary of a settled MPP payment, mirroring
+ * {@link LeashPaymentEnvelope} for x402. Sellers stamp this on response
+ * headers / webhooks so downstream consumers can render proofs without
+ * reading the full receipt.
+ */
+export type MppPaymentEnvelope = {
+    protocol: 'mpp';
+    challengeId: string;
+    /** Solana SPL transfer signature that satisfied the challenge. */
+    settlementTx: string;
+    settlementSlot: string | number;
+    /** SHA-256 of the canonical receipt — useful as an idempotency key. */
+    receiptHash: string;
+    /** Mint address of the agent that earned the payment. */
+    agent: string;
+    network: string | null;
+};
+//# sourceMappingURL=envelope.d.ts.map

package/dist/mpp/envelope.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"envelope.d.ts","sourceRoot":"","sources":["../../src/mpp/envelope.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAM3D;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,cAAc,GAAG,MAAM,CAGlE;AAED;;;;;GAKG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,QAAQ,EAAE,KAAK,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,kEAAkE;IAClE,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,uEAAuE;IACvE,WAAW,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC"}

package/dist/mpp/envelope.js

@@ -0,0 +1,25 @@
+/**
+ * Hashing + canonical wire envelope for MPP receipts.
+ *
+ * MPP receipts (v0.2 mpp variant in `@leashmarket/schemas`) hash the
+ * same way x402 receipts do: SHA-256 of the canonical JSON of the
+ * draft (everything except `receipt_hash`). The `protocol` discriminator
+ * is part of the canonical body so x402 and MPP receipts in the same
+ * agent's chain can never collide on hash.
+ *
+ * This file also exports a thin helper to canonicalise an MPP challenge
+ * for replay-protection bookkeeping (sellers track issued challengeIds
+ * to reject reuse; the canonical form gives a stable id-by-content).
+ */
+import { sha256 } from '@noble/hashes/sha256';
+import { bytesToHex, utf8ToBytes } from '@noble/hashes/utils';
+import { canonicalJson } from '../receipt/hash.js';
+/**
+ * Stable hash of a challenge — useful when persisting issued challenges
+ * to reject replays without storing the full body.
+ */
+export function mppChallengeHash(challenge) {
+    const canonical = canonicalJson(challenge);
+    return bytesToHex(sha256(utf8ToBytes(canonical)));
+}
+//# sourceMappingURL=envelope.js.map

package/dist/mpp/envelope.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"envelope.js","sourceRoot":"","sources":["../../src/mpp/envelope.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAE9D,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAyB;IACxD,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;IAC3C,OAAO,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;AACpD,CAAC"}

package/dist/mpp/headers.d.ts

@@ -0,0 +1,56 @@
+/**
+ * MPP credential header construction + parsing.
+ *
+ * MPP-on-Solana piggybacks on the standard HTTP `Authorization` header
+ * with a custom scheme prefix. The buyer signs an SPL transfer that
+ * matches the challenge `request` block (recipient/amount/asset), then
+ * sends:
+ *
+ *   Authorization: PaymentScheme <base64(MppCredential)>
+ *
+ * The credential body shape we use mirrors the x402 PaymentPayload —
+ * a base64-wire signed Solana transaction plus the originating
+ * `challengeId`. The seller forwards `(challengeId, signedTx)` to the
+ * facilitator, which verifies and broadcasts.
+ */
+export declare const MPP_AUTH_SCHEME = "PaymentScheme";
+export declare const MPP_HEADERS: {
+    /** Buyer-supplied credential. */
+    readonly authorization: "authorization";
+    /** Seller -> buyer settlement proof header (mirror of x402 PAYMENT-RESPONSE). */
+    readonly paymentReceipt: "x-payment-receipt";
+};
+export type MppCredentialV1 = {
+    v: '1';
+    challengeId: string;
+    /** Base64-encoded wire transaction the facilitator will broadcast. */
+    signedTx: string;
+    /**
+     * Optional buyer signature over the canonicalised challenge nonce.
+     * Reserved for non-Solana rails; on Solana the SPL transfer signature
+     * is itself proof of authorization.
+     */
+    nonceSig?: string;
+};
+/**
+ * Encode an MPP credential into the value half of an `Authorization`
+ * header (everything after `PaymentScheme `).
+ */
+export declare function encodeMppCredential(credential: MppCredentialV1): string;
+/**
+ * Build a full `Authorization: PaymentScheme <base64>` header value.
+ */
+export declare function buildMppAuthorizationHeader(credential: MppCredentialV1): string;
+/**
+ * Parse a value already stripped of the scheme prefix into a typed
+ * credential. Throws on malformed input.
+ */
+export declare function decodeMppCredential(encoded: string): MppCredentialV1;
+/**
+ * Parse a raw `Authorization` header value (with or without the scheme
+ * prefix). Returns `null` when the header is absent or uses a different
+ * scheme — callers should treat that as "buyer didn't pay yet".
+ */
+export declare function parseMppAuthorization(header: string | null | undefined): MppCredentialV1 | null;
+export declare const MPP_CREDENTIAL_VERSION_LITERAL: "1";
+//# sourceMappingURL=headers.d.ts.map

package/dist/mpp/headers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"headers.d.ts","sourceRoot":"","sources":["../../src/mpp/headers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,eAAO,MAAM,eAAe,kBAAkB,CAAC;AAE/C,eAAO,MAAM,WAAW;IACtB,iCAAiC;;IAEjC,iFAAiF;;CAEzE,CAAC;AAEX,MAAM,MAAM,eAAe,GAAG;IAC5B,CAAC,EAAE,GAAG,CAAC;IACP,WAAW,EAAE,MAAM,CAAC;IACpB,sEAAsE;IACtE,QAAQ,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAIF;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,eAAe,GAAG,MAAM,CAUvE;AAED;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,UAAU,EAAE,eAAe,GAAG,MAAM,CAE/E;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,eAAe,CAepE;AAED;;;;GAIG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,eAAe,GAAG,IAAI,CAW/F;AAED,eAAO,MAAM,8BAA8B,KAAyB,CAAC"}

package/dist/mpp/headers.js

@@ -0,0 +1,88 @@
+/**
+ * MPP credential header construction + parsing.
+ *
+ * MPP-on-Solana piggybacks on the standard HTTP `Authorization` header
+ * with a custom scheme prefix. The buyer signs an SPL transfer that
+ * matches the challenge `request` block (recipient/amount/asset), then
+ * sends:
+ *
+ *   Authorization: PaymentScheme <base64(MppCredential)>
+ *
+ * The credential body shape we use mirrors the x402 PaymentPayload —
+ * a base64-wire signed Solana transaction plus the originating
+ * `challengeId`. The seller forwards `(challengeId, signedTx)` to the
+ * facilitator, which verifies and broadcasts.
+ */
+import { decodeBase64Json } from '../mpp-helpers/base64-json.js';
+export const MPP_AUTH_SCHEME = 'PaymentScheme';
+export const MPP_HEADERS = {
+    /** Buyer-supplied credential. */
+    authorization: 'authorization',
+    /** Seller -> buyer settlement proof header (mirror of x402 PAYMENT-RESPONSE). */
+    paymentReceipt: 'x-payment-receipt',
+};
+const MPP_CREDENTIAL_VERSION = '1';
+/**
+ * Encode an MPP credential into the value half of an `Authorization`
+ * header (everything after `PaymentScheme `).
+ */
+export function encodeMppCredential(credential) {
+    const json = JSON.stringify(credential);
+    const bytes = new TextEncoder().encode(json);
+    // Browser-safe base64. Falls back to Node's Buffer when present.
+    if (typeof btoa === 'function') {
+        let bin = '';
+        for (let i = 0; i < bytes.length; i++)
+            bin += String.fromCharCode(bytes[i]);
+        return btoa(bin);
+    }
+    return Buffer.from(bytes).toString('base64');
+}
+/**
+ * Build a full `Authorization: PaymentScheme <base64>` header value.
+ */
+export function buildMppAuthorizationHeader(credential) {
+    return `${MPP_AUTH_SCHEME} ${encodeMppCredential(credential)}`;
+}
+/**
+ * Parse a value already stripped of the scheme prefix into a typed
+ * credential. Throws on malformed input.
+ */
+export function decodeMppCredential(encoded) {
+    const parsed = decodeBase64Json(encoded);
+    if (!parsed || typeof parsed !== 'object') {
+        throw new Error('mpp: malformed credential payload');
+    }
+    if (parsed.v !== MPP_CREDENTIAL_VERSION) {
+        throw new Error(`mpp: unsupported credential version "${parsed.v}"`);
+    }
+    if (typeof parsed.challengeId !== 'string' || parsed.challengeId.length === 0) {
+        throw new Error('mpp: credential missing challengeId');
+    }
+    if (typeof parsed.signedTx !== 'string' || parsed.signedTx.length === 0) {
+        throw new Error('mpp: credential missing signedTx');
+    }
+    return parsed;
+}
+/**
+ * Parse a raw `Authorization` header value (with or without the scheme
+ * prefix). Returns `null` when the header is absent or uses a different
+ * scheme — callers should treat that as "buyer didn't pay yet".
+ */
+export function parseMppAuthorization(header) {
+    if (!header)
+        return null;
+    const trimmed = header.trim();
+    if (!trimmed)
+        return null;
+    // Accept both "PaymentScheme <b64>" and a bare b64 payload (defensive).
+    const prefix = `${MPP_AUTH_SCHEME} `;
+    const encoded = trimmed.toLowerCase().startsWith(prefix.toLowerCase())
+        ? trimmed.slice(prefix.length).trim()
+        : trimmed;
+    if (!encoded)
+        return null;
+    return decodeMppCredential(encoded);
+}
+export const MPP_CREDENTIAL_VERSION_LITERAL = MPP_CREDENTIAL_VERSION;
+//# sourceMappingURL=headers.js.map

package/dist/mpp/headers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"headers.js","sourceRoot":"","sources":["../../src/mpp/headers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAEjE,MAAM,CAAC,MAAM,eAAe,GAAG,eAAe,CAAC;AAE/C,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,iCAAiC;IACjC,aAAa,EAAE,eAAe;IAC9B,iFAAiF;IACjF,cAAc,EAAE,mBAAmB;CAC3B,CAAC;AAeX,MAAM,sBAAsB,GAAG,GAAY,CAAC;AAE5C;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,UAA2B;IAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC7C,iEAAiE;IACjE,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,IAAI,GAAG,GAAG,EAAE,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;QAC7E,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,UAA2B;IACrE,OAAO,GAAG,eAAe,IAAI,mBAAmB,CAAC,UAAU,CAAC,EAAE,CAAC;AACjE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAe;IACjD,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAA2B,CAAC;IACnE,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,MAAM,CAAC,CAAC,KAAK,sBAAsB,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,wCAAwC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,OAAO,MAAM,CAAC,WAAW,KAAK,QAAQ,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9E,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAiC;IACrE,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,wEAAwE;IACxE,MAAM,MAAM,GAAG,GAAG,eAAe,GAAG,CAAC;IACrC,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QACpE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE;QACrC,CAAC,CAAC,OAAO,CAAC;IACZ,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,OAAO,mBAAmB,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,CAAC,MAAM,8BAA8B,GAAG,sBAAsB,CAAC"}

package/dist/mpp/index.d.ts

@@ -0,0 +1,5 @@
+export { parseMppChallenge, parseMppChallengeBody, looksLikeMppChallenge, MPP_PROBLEM_TYPE, } from './parse.js';
+export { buildMppAuthorizationHeader, decodeMppCredential, encodeMppCredential, parseMppAuthorization, MPP_AUTH_SCHEME, MPP_HEADERS, MPP_CREDENTIAL_VERSION_LITERAL, type MppCredentialV1, } from './headers.js';
+export { mppChallengeHash, type MppPaymentEnvelope } from './envelope.js';
+export { buildAndSignMppTransfer, createSvmMppFetch, type CreateSvmMppFetchOptions, type MppPaidResponse, type MppSettlement, } from './client.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/mpp/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mpp/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,qBAAqB,EACrB,gBAAgB,GACjB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,2BAA2B,EAC3B,mBAAmB,EACnB,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,WAAW,EACX,8BAA8B,EAC9B,KAAK,eAAe,GACrB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,gBAAgB,EAAE,KAAK,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAC1E,OAAO,EACL,uBAAuB,EACvB,iBAAiB,EACjB,KAAK,wBAAwB,EAC7B,KAAK,eAAe,EACpB,KAAK,aAAa,GACnB,MAAM,aAAa,CAAC"}

package/dist/mpp/index.js

@@ -0,0 +1,5 @@
+export { parseMppChallenge, parseMppChallengeBody, looksLikeMppChallenge, MPP_PROBLEM_TYPE, } from './parse.js';
+export { buildMppAuthorizationHeader, decodeMppCredential, encodeMppCredential, parseMppAuthorization, MPP_AUTH_SCHEME, MPP_HEADERS, MPP_CREDENTIAL_VERSION_LITERAL, } from './headers.js';
+export { mppChallengeHash } from './envelope.js';
+export { buildAndSignMppTransfer, createSvmMppFetch, } from './client.js';
+//# sourceMappingURL=index.js.map

package/dist/mpp/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/mpp/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,qBAAqB,EACrB,gBAAgB,GACjB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,2BAA2B,EAC3B,mBAAmB,EACnB,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,WAAW,EACX,8BAA8B,GAE/B,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,gBAAgB,EAA2B,MAAM,eAAe,CAAC;AAC1E,OAAO,EACL,uBAAuB,EACvB,iBAAiB,GAIlB,MAAM,aAAa,CAAC"}

package/dist/mpp/parse.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Parse an MPP `402 Payment Required` HTTP response into a typed
+ * {@link MppChallengeV1}. MPP carries the challenge in the **body** as
+ * `application/problem+json` (RFC 7807-flavoured) — distinct from x402,
+ * which carries it in the `payment-required` response header.
+ *
+ * Throws on every malformed shape so callers wrap once and surface the
+ * message verbatim. The discriminator (`type === '...payment-required'`
+ * + a non-empty `challengeId`) lets `detectProtocol` route confidently.
+ */
+import { type MppChallengeV1 } from '@leashmarket/schemas';
+export declare const MPP_PROBLEM_TYPE = "https://paymentauth.org/problems/payment-required";
+/**
+ * Returns true if the Response body looks like an MPP 402 challenge.
+ * Cheap structural check — doesn't run full Zod validation.
+ */
+export declare function looksLikeMppChallenge(body: unknown): boolean;
+/**
+ * Parse a `Response` (must be 402) into a strict {@link MppChallengeV1}.
+ * The caller is responsible for confirming `response.status === 402`
+ * (raw 402s with non-MPP bodies are x402 territory).
+ */
+export declare function parseMppChallenge(response: Response): Promise<MppChallengeV1>;
+/** Lower-level form for callers that have already JSON-parsed the body. */
+export declare function parseMppChallengeBody(body: unknown): MppChallengeV1;
+//# sourceMappingURL=parse.d.ts.map

package/dist/mpp/parse.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse.d.ts","sourceRoot":"","sources":["../../src/mpp/parse.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEjF,eAAO,MAAM,gBAAgB,sDAAsD,CAAC;AAiBpF;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAI5D;AAED;;;;GAIG;AACH,wBAAsB,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,cAAc,CAAC,CAMnF;AAED,2EAA2E;AAC3E,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,OAAO,GAAG,cAAc,CAEnE"}

package/dist/mpp/parse.js

@@ -0,0 +1,55 @@
+/**
+ * Parse an MPP `402 Payment Required` HTTP response into a typed
+ * {@link MppChallengeV1}. MPP carries the challenge in the **body** as
+ * `application/problem+json` (RFC 7807-flavoured) — distinct from x402,
+ * which carries it in the `payment-required` response header.
+ *
+ * Throws on every malformed shape so callers wrap once and surface the
+ * message verbatim. The discriminator (`type === '...payment-required'`
+ * + a non-empty `challengeId`) lets `detectProtocol` route confidently.
+ */
+import { MppChallengeV1Schema } from '@leashmarket/schemas';
+export const MPP_PROBLEM_TYPE = 'https://paymentauth.org/problems/payment-required';
+/**
+ * Read JSON safely from a Response — clones first so the caller can
+ * still consume the body afterwards (e.g. for a debugger UI dump).
+ */
+async function readJsonClone(res) {
+    try {
+        const cloned = res.clone();
+        const text = await cloned.text();
+        if (!text)
+            return null;
+        return JSON.parse(text);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Returns true if the Response body looks like an MPP 402 challenge.
+ * Cheap structural check — doesn't run full Zod validation.
+ */
+export function looksLikeMppChallenge(body) {
+    if (!body || typeof body !== 'object')
+        return false;
+    const b = body;
+    return b.type === MPP_PROBLEM_TYPE && typeof b.challengeId === 'string';
+}
+/**
+ * Parse a `Response` (must be 402) into a strict {@link MppChallengeV1}.
+ * The caller is responsible for confirming `response.status === 402`
+ * (raw 402s with non-MPP bodies are x402 territory).
+ */
+export async function parseMppChallenge(response) {
+    const body = await readJsonClone(response);
+    if (!looksLikeMppChallenge(body)) {
+        throw new Error('mpp: body is not an MPP problem+json challenge');
+    }
+    return MppChallengeV1Schema.parse(body);
+}
+/** Lower-level form for callers that have already JSON-parsed the body. */
+export function parseMppChallengeBody(body) {
+    return MppChallengeV1Schema.parse(body);
+}
+//# sourceMappingURL=parse.js.map

package/dist/mpp/parse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse.js","sourceRoot":"","sources":["../../src/mpp/parse.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,oBAAoB,EAAuB,MAAM,sBAAsB,CAAC;AAEjF,MAAM,CAAC,MAAM,gBAAgB,GAAG,mDAAmD,CAAC;AAEpF;;;GAGG;AACH,KAAK,UAAU,aAAa,CAAC,GAAa;IACxC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QACjC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QACvB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAY,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAa;IACjD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACpD,MAAM,CAAC,GAAG,IAA+B,CAAC;IAC1C,OAAO,CAAC,CAAC,IAAI,KAAK,gBAAgB,IAAI,OAAO,CAAC,CAAC,WAAW,KAAK,QAAQ,CAAC;AAC1E,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAkB;IACxD,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,oBAAoB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AAC1C,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,qBAAqB,CAAC,IAAa;IACjD,OAAO,oBAAoB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AAC1C,CAAC"}

package/dist/mpp-helpers/base64-json.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Shared base64 -> JSON decoder used by MPP credential / probe paths.
+ * Returns `null` instead of throwing on malformed input so callers can
+ * decide whether to surface a generic error.
+ */
+export declare function decodeBase64Json(b64: string): unknown;
+//# sourceMappingURL=base64-json.d.ts.map

package/dist/mpp-helpers/base64-json.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64-json.d.ts","sourceRoot":"","sources":["../../src/mpp-helpers/base64-json.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAerD"}

package/dist/mpp-helpers/base64-json.js

@@ -0,0 +1,25 @@
+/**
+ * Shared base64 -> JSON decoder used by MPP credential / probe paths.
+ * Returns `null` instead of throwing on malformed input so callers can
+ * decide whether to surface a generic error.
+ */
+export function decodeBase64Json(b64) {
+    try {
+        let bin;
+        if (typeof atob === 'function') {
+            bin = atob(b64);
+        }
+        else {
+            bin = Buffer.from(b64, 'base64').toString('binary');
+        }
+        const bytes = new Uint8Array(bin.length);
+        for (let i = 0; i < bin.length; i++)
+            bytes[i] = bin.charCodeAt(i);
+        const text = new TextDecoder().decode(bytes);
+        return JSON.parse(text);
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=base64-json.js.map

package/dist/mpp-helpers/base64-json.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64-json.js","sourceRoot":"","sources":["../../src/mpp-helpers/base64-json.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAW;IAC1C,IAAI,CAAC;QACH,IAAI,GAAW,CAAC;QAChB,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE,CAAC;YAC/B,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAClE,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAY,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/payments/detect.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Single source of truth for "is this a 402 from x402 or MPP?".
+ *
+ * Used by buyer-kit, the MCP `pay_payment_link` tool, the CLI, and the
+ * frontend probe modal so every surface dispatches consistently.
+ *
+ * Contract:
+ *   - x402: `payment-required` response header carrying a base64-JSON
+ *           envelope with `accepts[]`.
+ *   - MPP : `application/problem+json` body whose `type` is the MPP
+ *           payment-required URI, plus a non-empty `challengeId`.
+ *
+ * Returns `null` if the response isn't a 402 at all (callers can short-
+ * circuit), or `{ protocol: 'unknown' }` for a 402 we couldn't parse —
+ * callers usually surface that as a hard failure.
+ */
+import { MPP_PROBLEM_TYPE } from '../mpp/parse.js';
+import type { MppChallengeV1 } from '@leashmarket/schemas';
+export type ProtocolDetection = {
+    status: 402;
+    protocol: 'x402';
+    /** Raw `payment-required` header value (base64-JSON). Caller decodes if needed. */
+    paymentRequiredHeader: string;
+} | {
+    status: 402;
+    protocol: 'mpp';
+    challenge: MppChallengeV1;
+} | {
+    status: 402;
+    protocol: 'unknown';
+    /** Best-effort body / header diagnostics for the debugger UI. */
+    detail: string;
+} | {
+    status: number;
+    protocol: 'none';
+};
+/**
+ * Detect the payment protocol of a `Response`. Clones the body before
+ * reading so the caller can still consume it afterwards (debugger UIs
+ * often want to render the raw bytes).
+ */
+export declare function detectProtocol(response: Response): Promise<ProtocolDetection>;
+/**
+ * Stricter form for callers that already know they hit a 402. Throws
+ * on `none` / `unknown` so the call-site can do `try/catch` cleanly.
+ */
+export declare function detectProtocolStrict(response: Response): Promise<{
+    protocol: 'x402';
+    paymentRequiredHeader: string;
+} | {
+    protocol: 'mpp';
+    challenge: MppChallengeV1;
+}>;
+export { MPP_PROBLEM_TYPE };
+//# sourceMappingURL=detect.d.ts.map

package/dist/payments/detect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../../src/payments/detect.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,gBAAgB,EAAgD,MAAM,iBAAiB,CAAC;AACjG,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAE3D,MAAM,MAAM,iBAAiB,GACzB;IACE,MAAM,EAAE,GAAG,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,mFAAmF;IACnF,qBAAqB,EAAE,MAAM,CAAC;CAC/B,GACD;IACE,MAAM,EAAE,GAAG,CAAC;IACZ,QAAQ,EAAE,KAAK,CAAC;IAChB,SAAS,EAAE,cAAc,CAAC;CAC3B,GACD;IACE,MAAM,EAAE,GAAG,CAAC;IACZ,QAAQ,EAAE,SAAS,CAAC;IACpB,iEAAiE;IACjE,MAAM,EAAE,MAAM,CAAC;CAChB,GACD;IACE,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEN;;;;GAIG;AACH,wBAAsB,cAAc,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAqCnF;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,QAAQ,EAAE,QAAQ,GACjB,OAAO,CACN;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,qBAAqB,EAAE,MAAM,CAAA;CAAE,GACnD;IAAE,QAAQ,EAAE,KAAK,CAAC;IAAC,SAAS,EAAE,cAAc,CAAA;CAAE,CACjD,CAYA;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAC"}

package/dist/payments/detect.js

@@ -0,0 +1,77 @@
+/**
+ * Single source of truth for "is this a 402 from x402 or MPP?".
+ *
+ * Used by buyer-kit, the MCP `pay_payment_link` tool, the CLI, and the
+ * frontend probe modal so every surface dispatches consistently.
+ *
+ * Contract:
+ *   - x402: `payment-required` response header carrying a base64-JSON
+ *           envelope with `accepts[]`.
+ *   - MPP : `application/problem+json` body whose `type` is the MPP
+ *           payment-required URI, plus a non-empty `challengeId`.
+ *
+ * Returns `null` if the response isn't a 402 at all (callers can short-
+ * circuit), or `{ protocol: 'unknown' }` for a 402 we couldn't parse —
+ * callers usually surface that as a hard failure.
+ */
+import { MPP_PROBLEM_TYPE, looksLikeMppChallenge, parseMppChallengeBody } from '../mpp/parse.js';
+/**
+ * Detect the payment protocol of a `Response`. Clones the body before
+ * reading so the caller can still consume it afterwards (debugger UIs
+ * often want to render the raw bytes).
+ */
+export async function detectProtocol(response) {
+    if (response.status !== 402) {
+        return { status: response.status, protocol: 'none' };
+    }
+    // Prefer an MPP problem+json body over `payment-required` when both are
+    // present. Some stacks attach x402-shaped headers on every 402; MPP is
+    // identified by the body and must win so buyer-kit runs tryMppRoute.
+    let bodyText = '';
+    try {
+        bodyText = await response.clone().text();
+    }
+    catch {
+        // ignore
+    }
+    if (bodyText.length > 0) {
+        let body = null;
+        try {
+            body = JSON.parse(bodyText);
+        }
+        catch {
+            body = null;
+        }
+        if (looksLikeMppChallenge(body)) {
+            return { status: 402, protocol: 'mpp', challenge: parseMppChallengeBody(body) };
+        }
+    }
+    const headerValue = response.headers.get('payment-required') ?? response.headers.get('PAYMENT-REQUIRED');
+    if (headerValue && headerValue.length > 0) {
+        return { status: 402, protocol: 'x402', paymentRequiredHeader: headerValue };
+    }
+    return {
+        status: 402,
+        protocol: 'unknown',
+        detail: bodyText ? bodyText.slice(0, 400) : 'no body, no payment-required header',
+    };
+}
+/**
+ * Stricter form for callers that already know they hit a 402. Throws
+ * on `none` / `unknown` so the call-site can do `try/catch` cleanly.
+ */
+export async function detectProtocolStrict(response) {
+    const det = await detectProtocol(response);
+    if (det.protocol === 'none') {
+        throw new Error(`expected 402 from paywall, got HTTP ${det.status}`);
+    }
+    if (det.protocol === 'unknown') {
+        throw new Error(`paywall response is neither x402 nor MPP: ${det.detail}`);
+    }
+    if (det.protocol === 'x402') {
+        return { protocol: 'x402', paymentRequiredHeader: det.paymentRequiredHeader };
+    }
+    return { protocol: 'mpp', challenge: det.challenge };
+}
+export { MPP_PROBLEM_TYPE };
+//# sourceMappingURL=detect.js.map

package/dist/payments/detect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.js","sourceRoot":"","sources":["../../src/payments/detect.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AA0BjG;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,QAAkB;IACrD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IACvD,CAAC;IAED,wEAAwE;IACxE,uEAAuE;IACvE,qEAAqE;IACrE,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,IAAI,IAAI,GAAY,IAAI,CAAC;QACzB,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAY,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,GAAG,IAAI,CAAC;QACd,CAAC;QACD,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;QAClF,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GACf,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IACvF,IAAI,WAAW,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1C,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,qBAAqB,EAAE,WAAW,EAAE,CAAC;IAC/E,CAAC;IAED,OAAO;QACL,MAAM,EAAE,GAAG;QACX,QAAQ,EAAE,SAAS;QACnB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,qCAAqC;KAClF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,QAAkB;IAKlB,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,uCAAuC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,6CAA6C,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC5B,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,qBAAqB,EAAE,GAAG,CAAC,qBAAqB,EAAE,CAAC;IAChF,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC;AACvD,CAAC;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAC"}

package/dist/payments/index.d.ts

@@ -0,0 +1,3 @@
+export { detectProtocol, detectProtocolStrict, MPP_PROBLEM_TYPE } from './detect.js';
+export type { ProtocolDetection } from './detect.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/payments/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/payments/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACrF,YAAY,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC"}

package/dist/payments/index.js

@@ -0,0 +1,2 @@
+export { detectProtocol, detectProtocolStrict, MPP_PROBLEM_TYPE } from './detect.js';
+//# sourceMappingURL=index.js.map

package/dist/payments/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/payments/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC"}

package/dist/receipt/build.d.ts

@@ -1,5 +1,11 @@
 import type { ReceiptV1 } from '@leashmarket/schemas';
 export type ReceiptDraft = Omit<ReceiptV1, 'receipt_hash'>;
-export declare function computeReceiptHash(draft: ReceiptDraft): string;
+/**
+ * SHA-256 (hex) of the canonical JSON form of a receipt draft. Generic so
+ * v0.2 receipts (x402 + mpp variants) can be hashed without copy-pasting
+ * the implementation. The wire shape is identical — keys are sorted and
+ * `receipt_hash` itself is excluded from the input.
+ */
+export declare function computeReceiptHash<T extends object>(draft: T): string;
 export declare function finalizeReceipt(draft: ReceiptDraft): ReceiptV1;
 //# sourceMappingURL=build.d.ts.map

package/dist/receipt/build.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"build.d.ts","sourceRoot":"","sources":["../../src/receipt/build.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAGtD,MAAM,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;AAE3D,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,YAAY,GAAG,MAAM,CAE9D;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,YAAY,GAAG,SAAS,CAG9D"}
+{"version":3,"file":"build.d.ts","sourceRoot":"","sources":["../../src/receipt/build.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAGtD,MAAM,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;AAE3D;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,SAAS,MAAM,EAAE,KAAK,EAAE,CAAC,GAAG,MAAM,CAErE;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,YAAY,GAAG,SAAS,CAG9D"}

package/dist/receipt/build.js

@@ -1,4 +1,10 @@
 import { canonicalJson, sha256Hex } from './hash.js';
+/**
+ * SHA-256 (hex) of the canonical JSON form of a receipt draft. Generic so
+ * v0.2 receipts (x402 + mpp variants) can be hashed without copy-pasting
+ * the implementation. The wire shape is identical — keys are sorted and
+ * `receipt_hash` itself is excluded from the input.
+ */
 export function computeReceiptHash(draft) {
     return sha256Hex(canonicalJson(draft));
 }

package/dist/receipt/build.js.map

@@ -1 +1 @@
-{"version":3,"file":"build.js","sourceRoot":"","sources":["../../src/receipt/build.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAIrD,MAAM,UAAU,kBAAkB,CAAC,KAAmB;IACpD,OAAO,SAAS,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAmB;IACjD,MAAM,YAAY,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC/C,OAAO,EAAE,GAAG,KAAK,EAAE,YAAY,EAAE,CAAC;AACpC,CAAC"}
+{"version":3,"file":"build.js","sourceRoot":"","sources":["../../src/receipt/build.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAIrD;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAmB,KAAQ;IAC3D,OAAO,SAAS,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAmB;IACjD,MAAM,YAAY,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC/C,OAAO,EAAE,GAAG,KAAK,EAAE,YAAY,EAAE,CAAC;AACpC,CAAC"}

package/dist/x402/client.d.ts

@@ -6,6 +6,14 @@ import type { ClientSvmSigner } from '@x402/svm';
 import { LeashDelegateExactSvmScheme, LeashExactSvmScheme } from './delegate-scheme.js';
 import type { Address } from '@solana/kit';
 export type LeashFetch = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
+/**
+ * Like `@x402/fetch` `wrapFetchWithPayment`, but returns MPP `402` responses
+ * unchanged so the body stays valid for {@link detectProtocol} /
+ * buyer-kit `tryMppRoute`. Upstream `wrapFetchWithPayment` reads
+ * `response.text()` for every 402, which consumes MPP `problem+json`
+ * before Leash can act on it.
+ */
+export declare function wrapFetchWithMppAwarePayment(fetchImpl: typeof globalThis.fetch, client: x402Client): LeashFetch;
 export type LeashX402Network = 'solana-mainnet' | 'solana-devnet' | 'solana-testnet';
 export declare function caip2ForNetwork(network: LeashX402Network): Network;
 /**

package/dist/x402/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/x402/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AACjD,OAAO,EAAE,2BAA2B,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACxF,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE3C,MAAM,MAAM,UAAU,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,GAAG,GAAG,OAAO,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;AAElG,MAAM,MAAM,gBAAgB,GAAG,gBAAgB,GAAG,eAAe,GAAG,gBAAgB,CAAC;AAQrF,wBAAgB,eAAe,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAElE;AAED;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,GAAG,IAAI,CAWhF;AAED,MAAM,MAAM,2BAA2B,GAAG;IACxC,MAAM,EAAE,eAAe,CAAC;IACxB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAC9B,8DAA8D;IAC9D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;;;;OAOG;IACH,kBAAkB,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IACtC;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,2BAA2B,GAAG,UAAU,CAmCjF;AAED,OAAO,EACL,oBAAoB,EACpB,UAAU,EACV,cAAc,EACd,2BAA2B,EAC3B,mBAAmB,GACpB,CAAC;AACF,YAAY,EAAE,eAAe,EAAE,CAAC"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/x402/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAkB,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AACjD,OAAO,EAAE,2BAA2B,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACxF,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAG3C,MAAM,MAAM,UAAU,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,GAAG,GAAG,OAAO,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;AAElG;;;;;;GAMG;AACH,wBAAgB,4BAA4B,CAC1C,SAAS,EAAE,OAAO,UAAU,CAAC,KAAK,EAClC,MAAM,EAAE,UAAU,GACjB,UAAU,CAgEZ;AAED,MAAM,MAAM,gBAAgB,GAAG,gBAAgB,GAAG,eAAe,GAAG,gBAAgB,CAAC;AAQrF,wBAAgB,eAAe,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAElE;AAED;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,GAAG,IAAI,CAWhF;AAED,MAAM,MAAM,2BAA2B,GAAG;IACxC,MAAM,EAAE,eAAe,CAAC;IACxB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAC9B,8DAA8D;IAC9D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;;;;OAOG;IACH,kBAAkB,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IACtC;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,2BAA2B,GAAG,UAAU,CAmCjF;AAED,OAAO,EACL,oBAAoB,EACpB,UAAU,EACV,cAAc,EACd,2BAA2B,EAC3B,mBAAmB,GACpB,CAAC;AACF,YAAY,EAAE,eAAe,EAAE,CAAC"}

package/dist/x402/client.js

@@ -1,8 +1,77 @@
-import { x402Client } from '@x402/core/client';
+import { x402Client, x402HTTPClient } from '@x402/core/client';
 import { wrapFetchWithPayment } from '@x402/fetch';
 import { ExactSvmScheme } from '@x402/svm';
 import { SOLANA_DEVNET_CAIP2, SOLANA_MAINNET_CAIP2, SOLANA_TESTNET_CAIP2 } from '@x402/svm';
 import { LeashDelegateExactSvmScheme, LeashExactSvmScheme } from './delegate-scheme.js';
+import { detectProtocol } from '../payments/detect.js';
+/**
+ * Like `@x402/fetch` `wrapFetchWithPayment`, but returns MPP `402` responses
+ * unchanged so the body stays valid for {@link detectProtocol} /
+ * buyer-kit `tryMppRoute`. Upstream `wrapFetchWithPayment` reads
+ * `response.text()` for every 402, which consumes MPP `problem+json`
+ * before Leash can act on it.
+ */
+export function wrapFetchWithMppAwarePayment(fetchImpl, client) {
+    const httpClient = client instanceof x402HTTPClient ? client : new x402HTTPClient(client);
+    return async (input, init) => {
+        const request = new Request(input, init);
+        const clonedRequest = request.clone();
+        const response = await fetchImpl(request);
+        if (response.status !== 402) {
+            return response;
+        }
+        const det = await detectProtocol(response);
+        if (det.protocol === 'mpp') {
+            return response;
+        }
+        let paymentRequired;
+        try {
+            const getHeader = (name) => response.headers.get(name);
+            let body;
+            try {
+                const responseText = await response.text();
+                if (responseText) {
+                    body = JSON.parse(responseText);
+                }
+            }
+            catch {
+                /* ignore */
+            }
+            paymentRequired = httpClient.getPaymentRequiredResponse(getHeader, body);
+        }
+        catch (error) {
+            throw new Error(`Failed to parse payment requirements: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+        const hookHeaders = await httpClient.handlePaymentRequired(paymentRequired);
+        if (hookHeaders) {
+            const hookRequest = clonedRequest.clone();
+            for (const [key, value] of Object.entries(hookHeaders)) {
+                hookRequest.headers.set(key, value);
+            }
+            const hookResponse = await fetchImpl(hookRequest);
+            if (hookResponse.status !== 402) {
+                return hookResponse;
+            }
+        }
+        let paymentPayload;
+        try {
+            paymentPayload = await client.createPaymentPayload(paymentRequired);
+        }
+        catch (error) {
+            throw new Error(`Failed to create payment payload: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+        const paymentHeaders = httpClient.encodePaymentSignatureHeader(paymentPayload);
+        if (clonedRequest.headers.has('PAYMENT-SIGNATURE') || clonedRequest.headers.has('X-PAYMENT')) {
+            throw new Error('Payment already attempted');
+        }
+        for (const [key, value] of Object.entries(paymentHeaders)) {
+            clonedRequest.headers.set(key, value);
+        }
+        clonedRequest.headers.set('Access-Control-Expose-Headers', 'PAYMENT-RESPONSE,X-PAYMENT-RESPONSE');
+        const secondResponse = await fetchImpl(clonedRequest);
+        return secondResponse;
+    };
+}
 const NETWORK_TO_CAIP2 = {
     'solana-mainnet': SOLANA_MAINNET_CAIP2,
     'solana-devnet': SOLANA_DEVNET_CAIP2,
@@ -88,7 +157,7 @@ export function createSvmBuyerFetch(opts) {
             });
         client.register(NETWORK_TO_CAIP2[n], scheme);
     }
-    return wrapFetchWithPayment(globalThis.fetch, client);
+    return wrapFetchWithMppAwarePayment(globalThis.fetch, client);
 }
 export { wrapFetchWithPayment, x402Client, ExactSvmScheme, LeashDelegateExactSvmScheme, LeashExactSvmScheme, };
 //# sourceMappingURL=client.js.map

package/dist/x402/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/x402/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAE5F,OAAO,EAAE,2BAA2B,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAOxF,MAAM,gBAAgB,GAAsC;IAC1D,gBAAgB,EAAE,oBAA+B;IACjD,eAAe,EAAE,mBAA8B;IAC/C,gBAAgB,EAAE,oBAA+B;CAClD,CAAC;AAEF,MAAM,UAAU,eAAe,CAAC,OAAyB;IACvD,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;AACnC,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAgC;IAC/D,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,IAAI,KAAK,KAAK,gBAAgB,IAAI,KAAK,KAAK,eAAe,IAAI,KAAK,KAAK,gBAAgB,EAAE,CAAC;QAC1F,OAAO,KAAK,CAAC;IACf,CAAC;IACD,+DAA+D;IAC/D,IAAI,KAAK,CAAC,UAAU,CAAC,gBAAgB,CAAC;QAAE,OAAO,gBAAgB,CAAC;IAChE,IAAI,KAAK,CAAC,UAAU,CAAC,iBAAiB,CAAC;QAAE,OAAO,eAAe,CAAC;IAChE,IAAI,KAAK,CAAC,UAAU,CAAC,iBAAiB,CAAC;QAAE,OAAO,gBAAgB,CAAC;IACjE,OAAO,KAAK,CAAC;AACf,CAAC;AA+BD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAiC;IACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,CAAC,gBAAgB,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC;IACxF,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC;IACnD,yEAAyE;IACzE,wEAAwE;IACxE,gEAAgE;IAEhE,MAAM,MAAM,GAAG,cAAc;QAC3B,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE;YAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,cAAc,CAAC,CAAC;YAC3D,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC;YACxB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzF,MAAM,IAAI,KAAK,CACb,0CAA0C,cAAc,mBAAmB,OAAO,IAAI,QAAQ,EAAE,CACjG,CAAC;QACJ,CAAC,CAAC;QACJ,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;IACrB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,mEAAmE;QACnE,kEAAkE;QAClE,kEAAkE;QAClE,6DAA6D;QAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB;YACpC,CAAC,CAAC,IAAI,2BAA2B,CAAC;gBAC9B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAChD,CAAC;YACJ,CAAC,CAAC,IAAI,mBAAmB,CAAC;gBACtB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAChD,CAAC,CAAC;QACP,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,oBAAoB,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AACxD,CAAC;AAED,OAAO,EACL,oBAAoB,EACpB,UAAU,EACV,cAAc,EACd,2BAA2B,EAC3B,mBAAmB,GACpB,CAAC"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/x402/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAE/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAE5F,OAAO,EAAE,2BAA2B,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAExF,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAIvD;;;;;;GAMG;AACH,MAAM,UAAU,4BAA4B,CAC1C,SAAkC,EAClC,MAAkB;IAElB,MAAM,UAAU,GAAG,MAAM,YAAY,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;IAC1F,OAAO,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAC3B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACzC,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,GAAG,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;YAC3B,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,IAAI,eAAe,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC/D,IAAI,IAAa,CAAC;YAClB,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC3C,IAAI,YAAY,EAAE,CAAC;oBACjB,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAY,CAAC;gBAC7C,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,YAAY;YACd,CAAC;YACD,eAAe,GAAG,UAAU,CAAC,0BAA0B,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,yCAAyC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACpG,CAAC;QACJ,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,qBAAqB,CAAC,eAAe,CAAC,CAAC;QAC5E,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,WAAW,GAAG,aAAa,CAAC,KAAK,EAAE,CAAC;YAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;gBACvD,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACtC,CAAC;YACD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,CAAC;YAClD,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAChC,OAAO,YAAY,CAAC;YACtB,CAAC;QACH,CAAC;QACD,IAAI,cAAc,CAAC;QACnB,IAAI,CAAC;YACH,cAAc,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC;QACtE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,qCAAqC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAChG,CAAC;QACJ,CAAC;QACD,MAAM,cAAc,GAAG,UAAU,CAAC,4BAA4B,CAAC,cAAc,CAAC,CAAC;QAC/E,IAAI,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7F,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QACD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YAC1D,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC;QACD,aAAa,CAAC,OAAO,CAAC,GAAG,CACvB,+BAA+B,EAC/B,qCAAqC,CACtC,CAAC;QACF,MAAM,cAAc,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,CAAC;QACtD,OAAO,cAAc,CAAC;IACxB,CAAC,CAAC;AACJ,CAAC;AAID,MAAM,gBAAgB,GAAsC;IAC1D,gBAAgB,EAAE,oBAA+B;IACjD,eAAe,EAAE,mBAA8B;IAC/C,gBAAgB,EAAE,oBAA+B;CAClD,CAAC;AAEF,MAAM,UAAU,eAAe,CAAC,OAAyB;IACvD,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;AACnC,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAgC;IAC/D,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,IAAI,KAAK,KAAK,gBAAgB,IAAI,KAAK,KAAK,eAAe,IAAI,KAAK,KAAK,gBAAgB,EAAE,CAAC;QAC1F,OAAO,KAAK,CAAC;IACf,CAAC;IACD,+DAA+D;IAC/D,IAAI,KAAK,CAAC,UAAU,CAAC,gBAAgB,CAAC;QAAE,OAAO,gBAAgB,CAAC;IAChE,IAAI,KAAK,CAAC,UAAU,CAAC,iBAAiB,CAAC;QAAE,OAAO,eAAe,CAAC;IAChE,IAAI,KAAK,CAAC,UAAU,CAAC,iBAAiB,CAAC;QAAE,OAAO,gBAAgB,CAAC;IACjE,OAAO,KAAK,CAAC;AACf,CAAC;AA+BD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAiC;IACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,CAAC,gBAAgB,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC;IACxF,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC;IACnD,yEAAyE;IACzE,wEAAwE;IACxE,gEAAgE;IAEhE,MAAM,MAAM,GAAG,cAAc;QAC3B,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE;YAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,cAAc,CAAC,CAAC;YAC3D,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC;YACxB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzF,MAAM,IAAI,KAAK,CACb,0CAA0C,cAAc,mBAAmB,OAAO,IAAI,QAAQ,EAAE,CACjG,CAAC;QACJ,CAAC,CAAC;QACJ,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;IACrB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,mEAAmE;QACnE,kEAAkE;QAClE,kEAAkE;QAClE,6DAA6D;QAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB;YACpC,CAAC,CAAC,IAAI,2BAA2B,CAAC;gBAC9B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAChD,CAAC;YACJ,CAAC,CAAC,IAAI,mBAAmB,CAAC;gBACtB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAChD,CAAC,CAAC;QACP,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,4BAA4B,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AAChE,CAAC;AAED,OAAO,EACL,oBAAoB,EACpB,UAAU,EACV,cAAc,EACd,2BAA2B,EAC3B,mBAAmB,GACpB,CAAC"}

package/dist/x402/envelope.d.ts

@@ -12,7 +12,7 @@
  * type. Don't construct envelope objects ad-hoc; always go through
  * {@link buildLeashEnvelope}.
  */
-import type { ReceiptV1 } from '@leashmarket/schemas';
+import type { ReceiptAny } from '@leashmarket/schemas';
 import { type ExplorerProvider } from '../explorer/index.js';
 import type { TokenNetwork } from '../tokens/index.js';
 export type LeashPaymentEnvelope = {
@@ -55,11 +55,11 @@ export type BuildLeashEnvelopeOptions = {
     explorerProvider?: ExplorerProvider;
 };
 /**
- * Build a {@link LeashPaymentEnvelope} from a settled `earn` `ReceiptV1`.
+ * Build a {@link LeashPaymentEnvelope} from a settled `earn` receipt (v0.1 or v0.2).
  *
- * The receipt is treated as the source of truth for `tx_sig`, `agent`,
+ * The receipt is treated as the source of truth for settlement signature, `agent`,
  * `price`, and `facilitator`. Explorer links are derived from `network` so
  * devnet receipts get the `?cluster=devnet` suffix automatically.
  */
-export declare function buildLeashEnvelope(receipt: ReceiptV1, opts: BuildLeashEnvelopeOptions): LeashPaymentEnvelope;
+export declare function buildLeashEnvelope(receipt: ReceiptAny, opts: BuildLeashEnvelopeOptions): LeashPaymentEnvelope;
 //# sourceMappingURL=envelope.d.ts.map

package/dist/x402/envelope.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"envelope.d.ts","sourceRoot":"","sources":["../../src/x402/envelope.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAGL,KAAK,gBAAgB,EACtB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEvD,MAAM,MAAM,oBAAoB,GAAG;IACjC,0EAA0E;IAC1E,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,uEAAuE;IACvE,YAAY,EAAE,MAAM,CAAC;IACrB,yDAAyD;IACzD,KAAK,EAAE,MAAM,CAAC;IACd,6EAA6E;IAC7E,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB;;;OAGG;IACH,MAAM,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IACpD,iDAAiD;IACjD,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,QAAQ,EAAE;QACR,gEAAgE;QAChE,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;QAClB,4DAA4D;QAC5D,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf;;;;;OAKG;IACH,OAAO,CAAC,EAAE,YAAY,CAAC;IACvB,gEAAgE;IAChE,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CACrC,CAAC;AAEF;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,SAAS,EAClB,IAAI,EAAE,yBAAyB,GAC9B,oBAAoB,CAiBtB"}
+{"version":3,"file":"envelope.d.ts","sourceRoot":"","sources":["../../src/x402/envelope.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAEvD,OAAO,EAGL,KAAK,gBAAgB,EACtB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEvD,MAAM,MAAM,oBAAoB,GAAG;IACjC,0EAA0E;IAC1E,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,uEAAuE;IACvE,YAAY,EAAE,MAAM,CAAC;IACrB,yDAAyD;IACzD,KAAK,EAAE,MAAM,CAAC;IACd,6EAA6E;IAC7E,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB;;;OAGG;IACH,MAAM,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IACpD,iDAAiD;IACjD,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,QAAQ,EAAE;QACR,gEAAgE;QAChE,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;QAClB,4DAA4D;QAC5D,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf;;;;;OAKG;IACH,OAAO,CAAC,EAAE,YAAY,CAAC;IACvB,gEAAgE;IAChE,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CACrC,CAAC;AAeF;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE,yBAAyB,GAC9B,oBAAoB,CAkBtB"}

package/dist/x402/envelope.js

@@ -12,20 +12,34 @@
  * type. Don't construct envelope objects ad-hoc; always go through
  * {@link buildLeashEnvelope}.
  */
+import { isReceiptV02 } from '@leashmarket/schemas';
 import { agentExplorerUrl, transactionExplorerUrl, } from '../explorer/index.js';
 import { networkFromCaip2 } from './client.js';
+function settlementTxForEnvelope(receipt) {
+    if (isReceiptV02(receipt) && receipt.protocol === 'mpp') {
+        const s = receipt.tx_sig ?? receipt.mpp_settlement_tx;
+        return s != null && s.length > 0 ? s : null;
+    }
+    if (isReceiptV02(receipt)) {
+        const s = receipt.tx_sig;
+        return s != null && s.length > 0 ? s : null;
+    }
+    const s = receipt.tx_sig;
+    return s != null && s.length > 0 ? s : null;
+}
 /**
- * Build a {@link LeashPaymentEnvelope} from a settled `earn` `ReceiptV1`.
+ * Build a {@link LeashPaymentEnvelope} from a settled `earn` receipt (v0.1 or v0.2).
  *
- * The receipt is treated as the source of truth for `tx_sig`, `agent`,
+ * The receipt is treated as the source of truth for settlement signature, `agent`,
  * `price`, and `facilitator`. Explorer links are derived from `network` so
  * devnet receipts get the `?cluster=devnet` suffix automatically.
  */
 export function buildLeashEnvelope(receipt, opts) {
     const network = opts.network ?? deriveTokenNetwork(receipt);
     const provider = opts.explorerProvider ?? 'solscan';
+    const txSig = settlementTxForEnvelope(receipt);
     return {
-        tx_sig: receipt.tx_sig ?? null,
+        tx_sig: txSig,
         receipt_hash: receipt.receipt_hash,
         agent: receipt.agent,
         network: receipt.price?.network ?? null,
@@ -34,7 +48,7 @@ export function buildLeashEnvelope(receipt, opts) {
             : null,
         facilitator: receipt.facilitator ?? null,
         explorer: {
-            tx: transactionExplorerUrl(receipt.tx_sig ?? null, { network, provider }),
+            tx: transactionExplorerUrl(txSig, { network, provider }),
             agent: agentAppUrl(opts.origin, receipt.agent, provider, network),
         },
     };

package/dist/x402/envelope.js.map

@@ -1 +1 @@
-{"version":3,"file":"envelope.js","sourceRoot":"","sources":["../../src/x402/envelope.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,EACL,gBAAgB,EAChB,sBAAsB,GAEvB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAyC/C;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAkB,EAClB,IAA+B;IAE/B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,IAAI,SAAS,CAAC;IACpD,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,IAAI;QAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,IAAI,IAAI;QACvC,MAAM,EAAE,OAAO,CAAC,KAAK;YACnB,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE;YACpE,CAAC,CAAC,IAAI;QACR,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI;QACxC,QAAQ,EAAE;YACR,EAAE,EAAE,sBAAsB,CAAC,OAAO,CAAC,MAAM,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;YACzE,KAAK,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC;SAClE;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,OAAkB;IAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,EAAE,OAAO,IAAI,IAAI,CAAC;IAC5C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,QAAQ,KAAK,gBAAgB;QAAE,OAAO,SAAS,CAAC;IACpD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;GAKG;AACH,SAAS,WAAW,CAClB,MAAc,EACd,IAAY,EACZ,QAA0B,EAC1B,OAAqB;IAErB,sEAAsE;IACtE,0EAA0E;IAC1E,IAAI,MAAM;QAAE,OAAO,GAAG,MAAM,WAAW,IAAI,EAAE,CAAC;IAC9C,OAAO,gBAAgB,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,IAAI,YAAY,IAAI,EAAE,CAAC;AAC7E,CAAC"}
+{"version":3,"file":"envelope.js","sourceRoot":"","sources":["../../src/x402/envelope.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EACL,gBAAgB,EAChB,sBAAsB,GAEvB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAyC/C,SAAS,uBAAuB,CAAC,OAAmB;IAClD,IAAI,YAAY,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;QACxD,MAAM,CAAC,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,iBAAiB,CAAC;QACtD,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9C,CAAC;IACD,IAAI,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;QACzB,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9C,CAAC;IACD,MAAM,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;IACzB,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC9C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAmB,EACnB,IAA+B;IAE/B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,IAAI,SAAS,CAAC;IACpD,MAAM,KAAK,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC/C,OAAO;QACL,MAAM,EAAE,KAAK;QACb,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,IAAI,IAAI;QACvC,MAAM,EAAE,OAAO,CAAC,KAAK;YACnB,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE;YACpE,CAAC,CAAC,IAAI;QACR,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI;QACxC,QAAQ,EAAE;YACR,EAAE,EAAE,sBAAsB,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;YACxD,KAAK,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC;SAClE;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,OAAmB;IAC7C,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,EAAE,OAAO,IAAI,IAAI,CAAC;IAC5C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,QAAQ,KAAK,gBAAgB;QAAE,OAAO,SAAS,CAAC;IACpD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;GAKG;AACH,SAAS,WAAW,CAClB,MAAc,EACd,IAAY,EACZ,QAA0B,EAC1B,OAAqB;IAErB,sEAAsE;IACtE,0EAA0E;IAC1E,IAAI,MAAM;QAAE,OAAO,GAAG,MAAM,WAAW,IAAI,EAAE,CAAC;IAC9C,OAAO,gBAAgB,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,IAAI,YAAY,IAAI,EAAE,CAAC;AAC7E,CAAC"}

package/package.json

@@ -3,7 +3,7 @@
     "access": "public"
   },
   "name": "@leashmarket/core",
-  "version": "0.1.0",
+  "version": "0.2.1",
   "private": false,
   "type": "module",
   "main": "./dist/index.js",
@@ -31,7 +31,7 @@
     "@x402/core": "^2.10.0",
     "@x402/fetch": "^2.10.0",
     "@x402/svm": "^2.10.0",
-    "@leashmarket/schemas": "0.1.0"
+    "@leashmarket/schemas": "0.2.1"
   },
   "devDependencies": {
     "typescript": "^5.7.2",