@nickthelegend69/fund402 0.1.0

package/dist/client.d.ts

@@ -0,0 +1,59 @@
+import { KeyAlgorithm } from "casper-js-sdk";
+import type { PaymentRequiredBody, PaymentRequirements } from "./types";
+export interface Fund402ClientConfig {
+    /** Agent signing key — PEM contents or hex. */
+    agentSecretKey: string;
+    /** Agent account-key hex (01.. ed25519 / 02.. secp256k1). */
+    agentPublicKey: string;
+    /** Fund402 vault (lending pool) contract hash, 64 hex. */
+    vaultContract: string;
+    /** CAIP-2 network. Default "casper:casper-test". */
+    network?: string;
+    /** Casper JSON-RPC node. Default derived from network (CSPR.cloud public node). */
+    nodeUrl?: string;
+    /** Chain name. Default derived ("casper-test" / "casper"). */
+    chainName?: string;
+    keyAlgorithm?: KeyAlgorithm;
+    /** Over-collateralisation ratio the agent posts (vault re-checks on-chain). Default 1.5. */
+    collateralRatio?: number;
+    /** Gas (motes) for the borrow_and_pay deploy. Default 5 CSPR. */
+    borrowGasMotes?: string;
+    /** Underlying fetch implementation. Default global fetch. */
+    fetchImpl?: typeof fetch;
+    onEvent?: (event: Fund402Event) => void;
+}
+export interface Fund402Event {
+    type: "intercepted_402" | "borrowing" | "borrow_submitted" | "payment_settled" | "payment_sent" | "request_retried" | "payment_confirmed";
+    data: Record<string, unknown>;
+    timestamp: number;
+}
+/** Decode an x402 challenge from a `payment-required` header or a JSON body. */
+export declare function decodeChallenge(paymentRequiredHeader: string | null | undefined, body: unknown): PaymentRequiredBody | null;
+/** Pick the casper:* payment option from a challenge. */
+export declare function selectCasperOption(challenge: PaymentRequiredBody): PaymentRequirements | undefined;
+/**
+ * Settle one x402 challenge through the lending pool: borrow_and_pay on the vault,
+ * wait, and build the signed `exact` payload + base64 `payment-signature` header.
+ */
+export declare function payViaPool(config: Fund402ClientConfig, option: PaymentRequirements, resource: string): Promise<{
+    paymentHeader: string;
+    deployHash: string;
+}>;
+/**
+ * A `fetch` that transparently pays x402-gated endpoints via the Fund402 pool.
+ *
+ * ```ts
+ * const f = fund402Fetch({ agentSecretKey, agentPublicKey, vaultContract });
+ * const res = await f("https://merchant.example/v/vault_1/price/BTC-USD");
+ * const data = await res.json(); // paid + served, agent balance can be zero
+ * ```
+ */
+export declare function fund402Fetch(config: Fund402ClientConfig): typeof fetch;
+/**
+ * Axios variant — returns an AxiosInstance that pays 402s via the pool. Axios is
+ * an optional peer dependency, required lazily so the server side stays dep-free.
+ */
+export declare function withPaymentInterceptor(config: Fund402ClientConfig): any;
+/** Convenience presets. */
+export declare function testnetClient(): Partial<Fund402ClientConfig>;
+export declare function mainnetClient(): Partial<Fund402ClientConfig>;

package/dist/client.js

@@ -0,0 +1,179 @@
+"use strict";
+// Fund402 CLIENT side — let an autonomous agent PAY x402 endpoints with
+// just-in-time credit from the Fund402 lending pool.
+//
+// `fund402Fetch(config)` returns a drop-in `fetch`. When a request comes back
+// `402 Payment Required`, it:
+//   1. decodes the x402 challenge,
+//   2. calls the vault `borrow_and_pay` (the pool fronts the CEP-18 payment to the
+//      merchant) and waits for settlement,
+//   3. builds the signed x402 `exact` payload, and
+//   4. replays the request with a `payment-signature` header — returning the real
+//      200 response. The agent's own balance can be zero; the pool covers it.
+//
+// `withPaymentInterceptor(config)` is the same behaviour as an Axios instance
+// (Axios is an optional peer dependency, required lazily).
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decodeChallenge = decodeChallenge;
+exports.selectCasperOption = selectCasperOption;
+exports.payViaPool = payViaPool;
+exports.fund402Fetch = fund402Fetch;
+exports.withPaymentInterceptor = withPaymentInterceptor;
+exports.testnetClient = testnetClient;
+exports.mainnetClient = mainnetClient;
+const casper_1 = require("./casper");
+const DEFAULT_NETWORK = "casper:casper-test";
+function chainNameFor(network) {
+    return network.includes("test") ? "casper-test" : "casper";
+}
+function nodeUrlFor(network) {
+    return network.includes("test")
+        ? "https://node.testnet.cspr.cloud/rpc"
+        : "https://node.mainnet.cspr.cloud/rpc";
+}
+function wiringFrom(config) {
+    const network = config.network ?? DEFAULT_NETWORK;
+    return {
+        network,
+        nodeUrl: config.nodeUrl ?? nodeUrlFor(network),
+        chainName: config.chainName ?? chainNameFor(network),
+        vaultContractHash: config.vaultContract.replace(/^hash-/, ""),
+        agentSecretKey: config.agentSecretKey,
+        agentPublicKey: config.agentPublicKey,
+        keyAlgorithm: config.keyAlgorithm,
+        borrowGasMotes: config.borrowGasMotes,
+    };
+}
+function emit(config, type, data) {
+    config.onEvent?.({ type, data, timestamp: Date.now() });
+}
+function deriveVaultId(resource) {
+    const m = resource.match(/\/v\/([^/]+)/);
+    return m ? m[1] : "vault_1";
+}
+/** Decode an x402 challenge from a `payment-required` header or a JSON body. */
+function decodeChallenge(paymentRequiredHeader, body) {
+    if (paymentRequiredHeader) {
+        try {
+            return JSON.parse(Buffer.from(paymentRequiredHeader, "base64").toString("utf-8"));
+        }
+        catch {
+            /* fall through to body */
+        }
+    }
+    if (body && typeof body === "object" && "accepts" in body) {
+        return body;
+    }
+    return null;
+}
+/** Pick the casper:* payment option from a challenge. */
+function selectCasperOption(challenge) {
+    return challenge.accepts.find((o) => o.network.startsWith("casper")) ?? challenge.accepts[0];
+}
+/**
+ * Settle one x402 challenge through the lending pool: borrow_and_pay on the vault,
+ * wait, and build the signed `exact` payload + base64 `payment-signature` header.
+ */
+async function payViaPool(config, option, resource) {
+    const wiring = wiringFrom(config);
+    const amount = BigInt(option.amount);
+    const ratio = config.collateralRatio ?? 1.5;
+    const collateral = (amount * BigInt(Math.round(ratio * 100))) / 100n;
+    emit(config, "borrowing", { amount: amount.toString(), collateral: collateral.toString() });
+    const { deployHash } = await (0, casper_1.borrowAndPayOnChain)(wiring, {
+        merchant: option.payTo,
+        amount,
+        collateral,
+        vaultId: deriveVaultId(option.resource ?? resource),
+    });
+    emit(config, "borrow_submitted", { deployHash });
+    const ok = await (0, casper_1.waitForDeploy)(wiring, deployHash);
+    emit(config, "payment_settled", { deployHash, success: ok });
+    if (!ok)
+        throw new Error(`vault borrow_and_pay deploy failed: ${deployHash}`);
+    const payload = await (0, casper_1.buildExactPayload)(wiring, option, { deployHash });
+    const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
+    emit(config, "payment_sent", { deployHash });
+    return { paymentHeader, deployHash };
+}
+/**
+ * A `fetch` that transparently pays x402-gated endpoints via the Fund402 pool.
+ *
+ * ```ts
+ * const f = fund402Fetch({ agentSecretKey, agentPublicKey, vaultContract });
+ * const res = await f("https://merchant.example/v/vault_1/price/BTC-USD");
+ * const data = await res.json(); // paid + served, agent balance can be zero
+ * ```
+ */
+function fund402Fetch(config) {
+    const baseFetch = config.fetchImpl ?? globalThis.fetch;
+    if (!baseFetch)
+        throw new Error("fund402Fetch: no fetch implementation available");
+    const wrapped = async (input, init) => {
+        const res = await baseFetch(input, init);
+        if (res.status !== 402)
+            return res;
+        const url = typeof input === "string" || input instanceof URL ? input.toString() : input.url;
+        const hdr = res.headers.get("payment-required");
+        const body = await res.clone().json().catch(() => undefined);
+        const challenge = decodeChallenge(hdr, body);
+        if (!challenge)
+            return res; // not an x402 challenge we understand
+        const option = selectCasperOption(challenge);
+        if (!option)
+            throw new Error("no casper payment option in 402 challenge");
+        emit(config, "intercepted_402", { resource: option.resource, amount: option.amount });
+        const { paymentHeader, deployHash } = await payViaPool(config, option, url);
+        const headers = new Headers(init?.headers ?? (typeof input === "object" ? input.headers : undefined));
+        headers.set("payment-signature", paymentHeader);
+        emit(config, "request_retried", { url });
+        const retried = await baseFetch(url, { ...(init ?? {}), headers });
+        emit(config, "payment_confirmed", { deployHash });
+        return retried;
+    };
+    return wrapped;
+}
+/**
+ * Axios variant — returns an AxiosInstance that pays 402s via the pool. Axios is
+ * an optional peer dependency, required lazily so the server side stays dep-free.
+ */
+function withPaymentInterceptor(config) {
+    let axios;
+    try {
+        // eslint-disable-next-line @typescript-eslint/no-var-requires
+        axios = require("axios");
+    }
+    catch {
+        throw new Error("withPaymentInterceptor requires `axios` (npm i axios). Or use fund402Fetch().");
+    }
+    const instance = axios.create();
+    instance.interceptors.response.use((r) => r, async (error) => {
+        if (error.response?.status !== 402)
+            throw error;
+        const hdr = error.response.headers?.["payment-required"];
+        const challenge = decodeChallenge(hdr, error.response.data);
+        if (!challenge)
+            throw error;
+        const option = selectCasperOption(challenge);
+        if (!option)
+            throw new Error("no casper payment option in 402 challenge");
+        const resource = option.resource ?? error.config?.url ?? "";
+        emit(config, "intercepted_402", { resource, amount: option.amount });
+        const { paymentHeader, deployHash } = await payViaPool(config, option, resource);
+        const originalRequest = error.config;
+        originalRequest.headers = originalRequest.headers ?? {};
+        originalRequest.headers["payment-signature"] = paymentHeader;
+        emit(config, "request_retried", { url: originalRequest.url });
+        const retried = await instance(originalRequest);
+        emit(config, "payment_confirmed", { deployHash });
+        return retried;
+    });
+    return instance;
+}
+/** Convenience presets. */
+function testnetClient() {
+    return { network: "casper:casper-test", chainName: "casper-test", nodeUrl: nodeUrlFor("casper:casper-test") };
+}
+function mainnetClient() {
+    return { network: "casper:casper", chainName: "casper", nodeUrl: nodeUrlFor("casper:casper") };
+}

package/dist/eip712.d.ts

@@ -0,0 +1,19 @@
+export declare function bytesToHex(b: Uint8Array): string;
+export interface Eip712Domain {
+    name: string;
+    version: string;
+    chainName: string;
+    contractPackageHash: string;
+}
+export interface TransferAuthorization {
+    from: string;
+    to: string;
+    value: string;
+    validAfter: string;
+    validBefore: string;
+    nonce: string;
+}
+/** Final 32-byte EIP-712 digest to be signed by the agent key. */
+export declare function transferAuthorizationDigest(domain: Eip712Domain, message: TransferAuthorization): Uint8Array;
+/** Random 32-byte nonce as hex. */
+export declare function randomNonce(): string;

package/dist/eip712.js

@@ -0,0 +1,77 @@
+"use strict";
+// casper-eip-712 TransferWithAuthorization typed-data digest, implemented to
+// match make-software/casper-x402 + casper-ecosystem/casper-eip-712 exactly so
+// the produced signature verifies against the CSPR.cloud x402 facilitator's
+// POST /verify. Cross-checked against the canonical library in test/eip712.test.mjs.
+//
+// digest = keccak256( 0x19 0x01 || domainSeparator || structHash )
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.bytesToHex = bytesToHex;
+exports.transferAuthorizationDigest = transferAuthorizationDigest;
+exports.randomNonce = randomNonce;
+const sha3_1 = require("@noble/hashes/sha3");
+const enc = new TextEncoder();
+function keccak(...parts) {
+    const total = parts.reduce((n, p) => n + p.length, 0);
+    const buf = new Uint8Array(total);
+    let o = 0;
+    for (const p of parts) {
+        buf.set(p, o);
+        o += p.length;
+    }
+    return (0, sha3_1.keccak_256)(buf);
+}
+function hexToBytes(hex) {
+    const h = hex.startsWith("0x") ? hex.slice(2) : hex;
+    const out = new Uint8Array(h.length / 2);
+    for (let i = 0; i < out.length; i++)
+        out[i] = parseInt(h.substr(i * 2, 2), 16);
+    return out;
+}
+function bytesToHex(b) {
+    return Array.from(b, (x) => x.toString(16).padStart(2, "0")).join("");
+}
+function uint256(value) {
+    let v = BigInt(value);
+    const out = new Uint8Array(32);
+    for (let i = 31; i >= 0; i--) {
+        out[i] = Number(v & 0xffn);
+        v >>= 8n;
+    }
+    return out;
+}
+/** EIP-712 `address` encoding for a Casper tagged address ("00.."/"01.." + hash). */
+function encodeAddress(addr) {
+    const bytes = hexToBytes(addr); // expect 33 bytes (1 tag + 32 hash)
+    return (0, sha3_1.keccak_256)(bytes);
+}
+function typeHash(typeString) {
+    return (0, sha3_1.keccak_256)(enc.encode(typeString));
+}
+const DOMAIN_TYPE = "EIP712Domain(string name,string version,string chain_name,bytes32 contract_package_hash)";
+const MESSAGE_TYPE = "TransferWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)";
+function domainSeparator(d) {
+    return keccak(typeHash(DOMAIN_TYPE), (0, sha3_1.keccak_256)(enc.encode(d.name)), (0, sha3_1.keccak_256)(enc.encode(d.version)), (0, sha3_1.keccak_256)(enc.encode(d.chainName)), hexToBytes(d.contractPackageHash) // bytes32 raw
+    );
+}
+function structHash(m) {
+    return keccak(typeHash(MESSAGE_TYPE), encodeAddress(m.from), encodeAddress(m.to), uint256(m.value), uint256(m.validAfter), uint256(m.validBefore), hexToBytes(m.nonce) // bytes32 raw
+    );
+}
+/** Final 32-byte EIP-712 digest to be signed by the agent key. */
+function transferAuthorizationDigest(domain, message) {
+    const prefix = new Uint8Array([0x19, 0x01]);
+    return keccak(prefix, domainSeparator(domain), structHash(message));
+}
+/** Random 32-byte nonce as hex. */
+function randomNonce() {
+    const b = new Uint8Array(32);
+    if (typeof globalThis.crypto?.getRandomValues === "function") {
+        globalThis.crypto.getRandomValues(b);
+    }
+    else {
+        for (let i = 0; i < 32; i++)
+            b[i] = Math.floor(Math.random() * 256);
+    }
+    return bytesToHex(b);
+}

package/dist/index.d.ts

@@ -0,0 +1,8 @@
+export * from "./types";
+export { paywall, buildPaymentRequirements, challengeBody, decodePaymentSignature, verifyPoolSettlement, verifyWithFacilitator, explorerTx, type PaywallConfig, type Fund402Paywall, type VerifyResult, type GuardResult, type RequestLike, type HttpResponseLike, } from "./server";
+export { fund402Fetch, withPaymentInterceptor, payViaPool, decodeChallenge, selectCasperOption, testnetClient, mainnetClient, type Fund402ClientConfig, type Fund402Event, } from "./client";
+export { borrowAndPayOnChain, repayLoanOnChain, ensureCollateralAllowance, buildExactPayload, waitForDeploy, agentTaggedAddress, loadPrivateKey, rpc, type CasperWiringConfig, } from "./casper";
+export { transferAuthorizationDigest, randomNonce, bytesToHex } from "./eip712";
+export { expressPaywall } from "./adapters/express";
+export { honoPaywall } from "./adapters/hono";
+export { withPaywall } from "./adapters/next";

package/dist/index.js

@@ -0,0 +1,68 @@
+"use strict";
+// @nickthelegend69/fund402 — the Fund402 SDK.
+//
+//   SERVER (merchant): create x402-gated HTTP endpoints SETTLED BY THE LENDING POOL.
+//     import { paywall } from "@nickthelegend69/fund402";
+//     import { expressPaywall } from "@nickthelegend69/fund402/express";
+//
+//   CLIENT (agent): pay any x402 endpoint with just-in-time credit from the pool.
+//     import { fund402Fetch } from "@nickthelegend69/fund402";
+//
+// Casper-native (CEP-18 + EIP-712 over the casper:* x402 `exact` scheme), verified
+// live against the CSPR.cloud facilitator and the deployed Fund402 vault on testnet.
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.withPaywall = exports.honoPaywall = exports.expressPaywall = exports.bytesToHex = exports.randomNonce = exports.transferAuthorizationDigest = exports.rpc = exports.loadPrivateKey = exports.agentTaggedAddress = exports.waitForDeploy = exports.buildExactPayload = exports.ensureCollateralAllowance = exports.repayLoanOnChain = exports.borrowAndPayOnChain = exports.mainnetClient = exports.testnetClient = exports.selectCasperOption = exports.decodeChallenge = exports.payViaPool = exports.withPaymentInterceptor = exports.fund402Fetch = exports.explorerTx = exports.verifyWithFacilitator = exports.verifyPoolSettlement = exports.decodePaymentSignature = exports.challengeBody = exports.buildPaymentRequirements = exports.paywall = void 0;
+__exportStar(require("./types"), exports);
+// Server
+var server_1 = require("./server");
+Object.defineProperty(exports, "paywall", { enumerable: true, get: function () { return server_1.paywall; } });
+Object.defineProperty(exports, "buildPaymentRequirements", { enumerable: true, get: function () { return server_1.buildPaymentRequirements; } });
+Object.defineProperty(exports, "challengeBody", { enumerable: true, get: function () { return server_1.challengeBody; } });
+Object.defineProperty(exports, "decodePaymentSignature", { enumerable: true, get: function () { return server_1.decodePaymentSignature; } });
+Object.defineProperty(exports, "verifyPoolSettlement", { enumerable: true, get: function () { return server_1.verifyPoolSettlement; } });
+Object.defineProperty(exports, "verifyWithFacilitator", { enumerable: true, get: function () { return server_1.verifyWithFacilitator; } });
+Object.defineProperty(exports, "explorerTx", { enumerable: true, get: function () { return server_1.explorerTx; } });
+// Client
+var client_1 = require("./client");
+Object.defineProperty(exports, "fund402Fetch", { enumerable: true, get: function () { return client_1.fund402Fetch; } });
+Object.defineProperty(exports, "withPaymentInterceptor", { enumerable: true, get: function () { return client_1.withPaymentInterceptor; } });
+Object.defineProperty(exports, "payViaPool", { enumerable: true, get: function () { return client_1.payViaPool; } });
+Object.defineProperty(exports, "decodeChallenge", { enumerable: true, get: function () { return client_1.decodeChallenge; } });
+Object.defineProperty(exports, "selectCasperOption", { enumerable: true, get: function () { return client_1.selectCasperOption; } });
+Object.defineProperty(exports, "testnetClient", { enumerable: true, get: function () { return client_1.testnetClient; } });
+Object.defineProperty(exports, "mainnetClient", { enumerable: true, get: function () { return client_1.mainnetClient; } });
+// On-chain primitives + crypto (advanced use)
+var casper_1 = require("./casper");
+Object.defineProperty(exports, "borrowAndPayOnChain", { enumerable: true, get: function () { return casper_1.borrowAndPayOnChain; } });
+Object.defineProperty(exports, "repayLoanOnChain", { enumerable: true, get: function () { return casper_1.repayLoanOnChain; } });
+Object.defineProperty(exports, "ensureCollateralAllowance", { enumerable: true, get: function () { return casper_1.ensureCollateralAllowance; } });
+Object.defineProperty(exports, "buildExactPayload", { enumerable: true, get: function () { return casper_1.buildExactPayload; } });
+Object.defineProperty(exports, "waitForDeploy", { enumerable: true, get: function () { return casper_1.waitForDeploy; } });
+Object.defineProperty(exports, "agentTaggedAddress", { enumerable: true, get: function () { return casper_1.agentTaggedAddress; } });
+Object.defineProperty(exports, "loadPrivateKey", { enumerable: true, get: function () { return casper_1.loadPrivateKey; } });
+Object.defineProperty(exports, "rpc", { enumerable: true, get: function () { return casper_1.rpc; } });
+var eip712_1 = require("./eip712");
+Object.defineProperty(exports, "transferAuthorizationDigest", { enumerable: true, get: function () { return eip712_1.transferAuthorizationDigest; } });
+Object.defineProperty(exports, "randomNonce", { enumerable: true, get: function () { return eip712_1.randomNonce; } });
+Object.defineProperty(exports, "bytesToHex", { enumerable: true, get: function () { return eip712_1.bytesToHex; } });
+// Framework adapters (also available as subpath imports /express /hono /next)
+var express_1 = require("./adapters/express");
+Object.defineProperty(exports, "expressPaywall", { enumerable: true, get: function () { return express_1.expressPaywall; } });
+var hono_1 = require("./adapters/hono");
+Object.defineProperty(exports, "honoPaywall", { enumerable: true, get: function () { return hono_1.honoPaywall; } });
+var next_1 = require("./adapters/next");
+Object.defineProperty(exports, "withPaywall", { enumerable: true, get: function () { return next_1.withPaywall; } });

package/dist/server.d.ts

@@ -0,0 +1,112 @@
+import type { PaymentRequirements, PaymentRequiredBody, ExactPaymentPayload } from "./types";
+export interface PaywallConfig {
+    /** CAIP-2 network. Default "casper:casper-test". */
+    network?: string;
+    /** Merchant account that receives the payment — tagged "00" + 32-byte hash. */
+    payTo: string;
+    /** CEP-18 contract **package** hash (64 hex) — the settlement asset. */
+    asset: string;
+    /** Price per call, token base units. */
+    price: string | number | bigint;
+    /** The Fund402 vault (lending pool) contract hash — settlements must target it. */
+    vaultContract?: string;
+    /** CSPR.cloud REST base. Default derived from `network`. */
+    csprCloudRest?: string;
+    /** CSPR.cloud API key — required to verify settlement on-chain. */
+    csprCloudApiKey?: string;
+    /** Optional x402 facilitator base URL for defense-in-depth signature verification. */
+    facilitatorUrl?: string;
+    /** Human description shown in the 402 challenge. */
+    description?: string;
+    /** Token metadata echoed in the challenge `extra`. */
+    asset_meta?: {
+        name?: string;
+        version?: string;
+        decimals?: string;
+        symbol?: string;
+    };
+    /** Authorization validity window the agent should target. Default 900s. */
+    maxTimeoutSeconds?: number;
+}
+export interface VerifyResult {
+    valid: boolean;
+    reason?: string;
+    status?: string;
+    deployHash?: string;
+    settlement?: {
+        deployHash: string;
+        asset?: string;
+    };
+    /** base64 `payment-response` header value to echo back to the caller on success. */
+    paymentResponseHeader?: string;
+    paidMerchant?: boolean;
+    paidAmount?: boolean;
+}
+export interface HttpResponseLike {
+    status: number;
+    headers: Record<string, string>;
+    body: unknown;
+}
+export interface RequestLike {
+    method?: string;
+    /** Full resource URL if known (preferred); adapters compute this from the request. */
+    url: string;
+    headers: Record<string, string | string[] | undefined>;
+}
+export type GuardResult = {
+    paid: true;
+    deployHash: string;
+    settlement: VerifyResult;
+    paymentResponseHeader: string;
+} | {
+    paid: false;
+    response: HttpResponseLike;
+};
+/** Build the x402 v2 `exact` PaymentRequirements for this paywall + resource. */
+export declare function buildPaymentRequirements(cfg: PaywallConfig, resource: string, description?: string): PaymentRequirements;
+/** Wrap requirements in the x402 v2 `402 Payment Required` envelope. */
+export declare function challengeBody(req: PaymentRequirements): PaymentRequiredBody;
+/** Decode a base64(JSON) x402 payment header. Returns null if malformed. */
+export declare function decodePaymentSignature(header: string): ExactPaymentPayload | null;
+/** cspr.live explorer URL for a deploy. */
+export declare function explorerTx(network: string, deployHash: string): string;
+/**
+ * Verify, on-chain via CSPR.cloud, that the Fund402 vault `borrow_and_pay` deploy
+ * actually executed and paid the required merchant + amount. THIS is the real
+ * settlement proof — the pool already moved the funds to the merchant; the gateway
+ * trusts the chain, not the caller.
+ */
+export declare function verifyPoolSettlement(cfg: PaywallConfig, deployHash: string, opts?: {
+    tries?: number;
+    intervalMs?: number;
+}): Promise<VerifyResult>;
+/**
+ * Optional defense-in-depth: ask an x402 facilitator to verify the agent's signed
+ * `exact` authorization. Returns `{ isValid }`. Never throws — network/decode
+ * problems resolve to `{ isValid:false, reason }`.
+ */
+export declare function verifyWithFacilitator(facilitatorUrl: string, payload: ExactPaymentPayload): Promise<{
+    isValid: boolean;
+    reason?: string;
+}>;
+export interface Fund402Paywall {
+    config: PaywallConfig;
+    /** The 402 challenge response for a resource. */
+    challenge(resource: string, description?: string): HttpResponseLike;
+    /** Verify a payment header (base64 x402 payload) settled on-chain. */
+    verify(paymentHeader: string): Promise<VerifyResult>;
+    /** One-call guard: inspect a request, return paid:true or the response to send. */
+    guard(req: RequestLike): Promise<GuardResult>;
+}
+/**
+ * Create a paywall. Drive it from any framework (or use ./adapters).
+ *
+ * ```ts
+ * const pay = paywall({ payTo, asset, price: "1000000", vaultContract,
+ *                       csprCloudApiKey: process.env.CSPR_CLOUD_API_KEY });
+ * const g = await pay.guard({ url: fullUrl, headers: req.headers });
+ * if (!g.paid) return send(g.response);          // 402 challenge / error
+ * res.setHeader("payment-response", g.paymentResponseHeader); // settled — serve it
+ * ```
+ */
+export declare function paywall(config: PaywallConfig): Fund402Paywall;