@paynodelabs/sdk-js 1.1.2 → 1.4.0

package/README.md

@@ -41,16 +41,24 @@ The SDK includes a full merchant/agent demonstration in the `examples/` director
 
 ```bash
 cp .env.example .env
-# Edit .env with your private key and RPC URLs
+# Edit .env with your PRIVATE_KEY and RPC_URL
 ```
 
-### 2. Run the Merchant Server (Express)
+### 2. Get Test Tokens (Required for Base Sepolia)
+
+If you're testing on Sepolia, run the helper script to mint 1,000 mock USDC:
+
+```bash
+npx ts-node examples/mint-test-tokens.ts
+```
+
+### 3. Run the Merchant Server (Express)
 
 ```bash
 npx ts-node examples/express-server.ts
 ```
 
-### 3. Run the Agent Client
+### 4. Run the Agent Client
 
 In another terminal:
 

package/dist/client.d.ts

@@ -7,11 +7,11 @@ export declare class PayNodeAgentClient {
     private rpcUrls;
     private ERC20_ABI;
     private ROUTER_ABI;
-    constructor(privateKey: string, rpcUrls: string | string[]);
+    constructor(privateKey: string, rpcUrls?: string | string[]);
     requestGate(url: string, options?: RequestOptions): Promise<Response>;
     private handlePaymentAndRetry;
-    private executeStandardPay;
-    private executePermitPay;
+    pay(contractAddr: string, tokenAddr: string, merchantAddr: string, amount: bigint, orderId: string): Promise<string>;
+    payWithPermit(contractAddr: string, tokenAddr: string, merchantAddr: string, amount: bigint, orderId: string): Promise<string>;
     signPermit(tokenAddr: string, spenderAddr: string, amount: bigint, deadlineSeconds?: number): Promise<{
         deadline: number;
         v: 27 | 28;

package/dist/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,cAAe,SAAQ,WAAW;IACjD,IAAI,CAAC,EAAE,GAAG,CAAC;CACZ;AAED,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,QAAQ,CAA0B;IAC1C,OAAO,CAAC,OAAO,CAAW;IAE1B,OAAO,CAAC,SAAS,CAMf;IAEF,OAAO,CAAC,UAAU,CAGhB;gBAEU,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE;IAcpD,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,GAAE,cAAmB,GAAG,OAAO,CAAC,QAAQ,CAAC;YA0BjE,qBAAqB;YAwDrB,kBAAkB;YAelB,gBAAgB;IAwBxB,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,GAAE,MAAa;;;;;;CAwCxG"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,cAAe,SAAQ,WAAW;IACjD,IAAI,CAAC,EAAE,GAAG,CAAC;CACZ;AAED,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,QAAQ,CAA0B;IAC1C,OAAO,CAAC,OAAO,CAAW;IAE1B,OAAO,CAAC,SAAS,CAMf;IAEF,OAAO,CAAC,UAAU,CAGhB;gBAEU,UAAU,EAAE,MAAM,EAAE,OAAO,GAAE,MAAM,GAAG,MAAM,EAAkB;IAcpE,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,GAAE,cAAmB,GAAG,OAAO,CAAC,QAAQ,CAAC;YA0BjE,qBAAqB;IA0E7B,GAAG,CAAC,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAepH,aAAa,CAAC,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAwB9H,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,GAAE,MAAa;;;;;;CAwCxG"}

package/dist/client.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.PayNodeAgentClient = void 0;
 const ethers_1 = require("ethers");
 const errors_1 = require("./errors");
+const constants_1 = require("./constants");
 class PayNodeAgentClient {
     wallet;
     provider;
@@ -18,7 +19,7 @@ class PayNodeAgentClient {
         "function pay(address token, address merchant, uint256 amount, bytes32 orderId) public",
         "function payWithPermit(address payer, address token, address merchant, uint256 amount, bytes32 orderId, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public"
     ];
-    constructor(privateKey, rpcUrls) {
+    constructor(privateKey, rpcUrls = constants_1.BASE_RPC_URLS) {
         this.rpcUrls = Array.isArray(rpcUrls) ? rpcUrls : [rpcUrls];
         const configs = this.rpcUrls.map((url, index) => ({
             provider: new ethers_1.ethers.JsonRpcProvider(url),
@@ -49,7 +50,7 @@ class PayNodeAgentClient {
         catch (error) {
             if (error instanceof errors_1.PayNodeException)
                 throw error;
-            throw new errors_1.PayNodeException(`Failed to connect to any provided RPC nodes.`, errors_1.ErrorCode.RpcError, error);
+            throw new errors_1.PayNodeException(errors_1.ErrorCode.RpcError, undefined, error);
         }
     }
     async handlePaymentAndRetry(url, options, headers) {
@@ -58,13 +59,29 @@ class PayNodeAgentClient {
         const amountStr = headers.get('x-paynode-amount');
         const tokenAddr = headers.get('x-paynode-token-address');
         const orderIdStr = headers.get('x-paynode-order-id');
+        const chainIdStr = headers.get('x-paynode-chain-id');
+        const currency = headers.get('x-paynode-currency') || 'USDC';
         if (!contractAddr || !merchantAddr || !amountStr || !tokenAddr || !orderIdStr) {
-            throw new errors_1.PayNodeException("Malformed 402 headers: missing metadata", errors_1.ErrorCode.InternalError);
+            throw new errors_1.PayNodeException(errors_1.ErrorCode.InternalError, "Malformed 402 headers: missing metadata");
         }
+        // Network safety check (v1.4)
+        if (chainIdStr) {
+            const network = await this.provider.getNetwork();
+            if (BigInt(chainIdStr) !== network.chainId) {
+                throw new errors_1.PayNodeException(errors_1.ErrorCode.InvalidReceipt, `Network mismatch: Current ${network.chainId}, Request ${chainIdStr}.`);
+            }
+        }
+        console.log(`💡 [PayNode-JS] Payment request: ${amountStr} ${currency} to ${merchantAddr}`);
         const amount = BigInt(amountStr);
         // v1.3 Constraint: Min payment protection
         if (amount < 1000n) {
-            throw new errors_1.PayNodeException("Payment amount is below the protocol minimum (1000).", errors_1.ErrorCode.AmountTooLow);
+            throw new errors_1.PayNodeException(errors_1.ErrorCode.AmountTooLow);
+        }
+        // v1.4 Constraint: Token whitelist pre-flight (Anti-FakeToken)
+        const resolvedChainId = chainIdStr ? Number(chainIdStr) : 8453;
+        const whitelist = constants_1.ACCEPTED_TOKENS[resolvedChainId];
+        if (whitelist && whitelist.length > 0 && !whitelist.some(t => t.toLowerCase() === tokenAddr.toLowerCase())) {
+            throw new errors_1.PayNodeException(errors_1.ErrorCode.TokenNotAccepted);
         }
         let txHash;
         try {
@@ -74,21 +91,21 @@ class PayNodeAgentClient {
                 tokenContract.allowance(this.wallet.address, contractAddr)
             ]);
             if (balance < amount) {
-                throw new errors_1.PayNodeException("Wallet lacks USDC or ETH for gas.", errors_1.ErrorCode.InsufficientFunds);
+                throw new errors_1.PayNodeException(errors_1.ErrorCode.InsufficientFunds);
             }
             // Protocol v1.3: Permit-First Execution
             if (allowance >= amount) {
-                txHash = await this.executeStandardPay(contractAddr, tokenAddr, merchantAddr, amount, orderIdStr);
+                txHash = await this.pay(contractAddr, tokenAddr, merchantAddr, amount, orderIdStr);
             }
             else {
                 console.log(`⚡ [PayNode-JS] Insufficient allowance. Attempting Permit-First payment...`);
-                txHash = await this.executePermitPay(contractAddr, tokenAddr, merchantAddr, amount, orderIdStr);
+                txHash = await this.payWithPermit(contractAddr, tokenAddr, merchantAddr, amount, orderIdStr);
             }
         }
         catch (error) {
             if (error instanceof errors_1.PayNodeException)
                 throw error;
-            throw new errors_1.PayNodeException(`On-chain transaction reverted or failed.`, errors_1.ErrorCode.TransactionFailed, error);
+            throw new errors_1.PayNodeException(errors_1.ErrorCode.TransactionFailed, undefined, error);
         }
         console.log(`✅ [PayNode-JS] Payment confirmed on-chain: ${txHash}`);
         const retryOptions = {
@@ -101,7 +118,7 @@ class PayNodeAgentClient {
         };
         return await fetch(url, retryOptions);
     }
-    async executeStandardPay(contractAddr, tokenAddr, merchantAddr, amount, orderId) {
+    async pay(contractAddr, tokenAddr, merchantAddr, amount, orderId) {
         const router = new ethers_1.ethers.Contract(contractAddr, this.ROUTER_ABI, this.wallet);
         const orderIdBytes = ethers_1.ethers.id(orderId);
         const feeData = await this.provider.getFeeData();
@@ -113,7 +130,7 @@ class PayNodeAgentClient {
         const receipt = await tx.wait();
         return receipt.hash;
     }
-    async executePermitPay(contractAddr, tokenAddr, merchantAddr, amount, orderId) {
+    async payWithPermit(contractAddr, tokenAddr, merchantAddr, amount, orderId) {
         const sig = await this.signPermit(tokenAddr, contractAddr, amount);
         const router = new ethers_1.ethers.Contract(contractAddr, this.ROUTER_ABI, this.wallet);
         const orderIdBytes = ethers_1.ethers.id(orderId);

package/dist/constants.d.ts

@@ -1,8 +1,8 @@
 /** Generated by scripts/sync-config.py */
-export declare const PAYNODE_ROUTER_ADDRESS = "0x92e20164FC457a2aC35f53D06268168e6352b200";
-export declare const PAYNODE_ROUTER_ADDRESS_SANDBOX = "0xB587Bc36aaCf65962eCd6Ba59e2DA76f2f575408";
+export declare const PAYNODE_ROUTER_ADDRESS = "0x4A73696ccF76E7381b044cB95127B3784369Ed63";
+export declare const PAYNODE_ROUTER_ADDRESS_SANDBOX = "0x24cD8b68aaC209217ff5a6ef1Bf55a59f2c8Ca6F";
 export declare const BASE_USDC_ADDRESS = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
-export declare const BASE_USDC_ADDRESS_SANDBOX = "0xeAC1f2C7099CdaFfB91Aa3b8Ffd653Ef16935798";
+export declare const BASE_USDC_ADDRESS_SANDBOX = "0x109AEddD656Ed2761d1e210E179329105039c784";
 export declare const PROTOCOL_TREASURY = "0x598bF63F5449876efafa7b36b77Deb2070621C0E";
 export declare const PROTOCOL_FEE_BPS = 100;
 export declare const MIN_PAYMENT_AMOUNT: bigint;

package/dist/constants.js

@@ -2,10 +2,10 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ACCEPTED_TOKENS = exports.BASE_RPC_URLS_SANDBOX = exports.BASE_RPC_URLS = exports.MIN_PAYMENT_AMOUNT = exports.PROTOCOL_FEE_BPS = exports.PROTOCOL_TREASURY = exports.BASE_USDC_ADDRESS_SANDBOX = exports.BASE_USDC_ADDRESS = exports.PAYNODE_ROUTER_ADDRESS_SANDBOX = exports.PAYNODE_ROUTER_ADDRESS = void 0;
 /** Generated by scripts/sync-config.py */
-exports.PAYNODE_ROUTER_ADDRESS = "0x92e20164FC457a2aC35f53D06268168e6352b200";
-exports.PAYNODE_ROUTER_ADDRESS_SANDBOX = "0xB587Bc36aaCf65962eCd6Ba59e2DA76f2f575408";
+exports.PAYNODE_ROUTER_ADDRESS = "0x4A73696ccF76E7381b044cB95127B3784369Ed63";
+exports.PAYNODE_ROUTER_ADDRESS_SANDBOX = "0x24cD8b68aaC209217ff5a6ef1Bf55a59f2c8Ca6F";
 exports.BASE_USDC_ADDRESS = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
-exports.BASE_USDC_ADDRESS_SANDBOX = "0xeAC1f2C7099CdaFfB91Aa3b8Ffd653Ef16935798";
+exports.BASE_USDC_ADDRESS_SANDBOX = "0x109AEddD656Ed2761d1e210E179329105039c784";
 exports.PROTOCOL_TREASURY = "0x598bF63F5449876efafa7b36b77Deb2070621C0E";
 exports.PROTOCOL_FEE_BPS = 100;
 exports.MIN_PAYMENT_AMOUNT = BigInt(1000);
@@ -13,5 +13,5 @@ exports.BASE_RPC_URLS = ["https://mainnet.base.org", "https://base.meowrpc.com",
 exports.BASE_RPC_URLS_SANDBOX = ["https://sepolia.base.org", "https://base-sepolia-rpc.publicnode.com"];
 exports.ACCEPTED_TOKENS = {
     8453: ["0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"],
-    84532: ["0xeAC1f2C7099CdaFfB91Aa3b8Ffd653Ef16935798"]
+    84532: ["0x109AEddD656Ed2761d1e210E179329105039c784"]
 };

package/dist/errors/index.d.ts

@@ -1,21 +1,22 @@
+/** Generated by scripts/sync-config.py */
 export declare enum ErrorCode {
-    RpcError = "RpcError",
-    InsufficientFunds = "InsufficientFunds",
-    AmountTooLow = "AmountTooLow",
-    TokenNotAccepted = "TokenNotAccepted",
-    TransactionFailed = "TransactionFailed",
-    DuplicateTransaction = "DuplicateTransaction",
-    InvalidReceipt = "InvalidReceipt",
-    InternalError = "InternalError",
-    TransactionNotFound = "TransactionNotFound",
-    WrongContract = "WrongContract",
-    OrderMismatch = "OrderMismatch",
-    MissingReceipt = "MissingReceipt"
+    RpcError = "rpc_error",
+    InsufficientFunds = "insufficient_funds",
+    AmountTooLow = "amount_too_low",
+    TokenNotAccepted = "token_not_accepted",
+    TransactionFailed = "transaction_failed",
+    DuplicateTransaction = "duplicate_transaction",
+    InvalidReceipt = "invalid_receipt",
+    InternalError = "internal_error",
+    TransactionNotFound = "transaction_not_found",
+    WrongContract = "wrong_contract",
+    OrderMismatch = "order_mismatch",
+    MissingReceipt = "missing_receipt"
 }
+export declare const ERROR_MESSAGES: Record<string, string>;
 export declare class PayNodeException extends Error {
-    message: string;
     code: ErrorCode;
     details?: any | undefined;
-    constructor(message: string, code: ErrorCode, details?: any | undefined);
+    constructor(code: ErrorCode, message?: string, details?: any | undefined);
 }
 //# sourceMappingURL=index.d.ts.map

package/dist/errors/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/errors/index.ts"],"names":[],"mappings":"AAAA,oBAAY,SAAS;IACnB,QAAQ,aAAa;IACrB,iBAAiB,sBAAsB;IACvC,YAAY,iBAAiB;IAC7B,gBAAgB,qBAAqB;IACrC,iBAAiB,sBAAsB;IACvC,oBAAoB,yBAAyB;IAC7C,cAAc,mBAAmB;IACjC,aAAa,kBAAkB;IAC/B,mBAAmB,wBAAwB;IAC3C,aAAa,kBAAkB;IAC/B,aAAa,kBAAkB;IAC/B,cAAc,mBAAmB;CAClC;AAED,qBAAa,gBAAiB,SAAQ,KAAK;IACtB,OAAO,EAAE,MAAM;IAAS,IAAI,EAAE,SAAS;IAAS,OAAO,CAAC,EAAE,GAAG;gBAA7D,OAAO,EAAE,MAAM,EAAS,IAAI,EAAE,SAAS,EAAS,OAAO,CAAC,EAAE,GAAG,YAAA;CAIjF"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/errors/index.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,oBAAY,SAAS;IACnB,QAAQ,cAAc;IACtB,iBAAiB,uBAAuB;IACxC,YAAY,mBAAmB;IAC/B,gBAAgB,uBAAuB;IACvC,iBAAiB,uBAAuB;IACxC,oBAAoB,0BAA0B;IAC9C,cAAc,oBAAoB;IAClC,aAAa,mBAAmB;IAChC,mBAAmB,0BAA0B;IAC7C,aAAa,mBAAmB;IAChC,aAAa,mBAAmB;IAChC,cAAc,oBAAoB;CACnC;AAED,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAajD,CAAC;AAEF,qBAAa,gBAAiB,SAAQ,KAAK;IACtB,IAAI,EAAE,SAAS;IAA2B,OAAO,CAAC,EAAE,GAAG;gBAAvD,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,EAAS,OAAO,CAAC,EAAE,GAAG,YAAA;CAM3E"}

package/dist/errors/index.js

@@ -1,31 +1,46 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.PayNodeException = exports.ErrorCode = void 0;
+exports.PayNodeException = exports.ERROR_MESSAGES = exports.ErrorCode = void 0;
+/** Generated by scripts/sync-config.py */
 var ErrorCode;
 (function (ErrorCode) {
-    ErrorCode["RpcError"] = "RpcError";
-    ErrorCode["InsufficientFunds"] = "InsufficientFunds";
-    ErrorCode["AmountTooLow"] = "AmountTooLow";
-    ErrorCode["TokenNotAccepted"] = "TokenNotAccepted";
-    ErrorCode["TransactionFailed"] = "TransactionFailed";
-    ErrorCode["DuplicateTransaction"] = "DuplicateTransaction";
-    ErrorCode["InvalidReceipt"] = "InvalidReceipt";
-    ErrorCode["InternalError"] = "InternalError";
-    ErrorCode["TransactionNotFound"] = "TransactionNotFound";
-    ErrorCode["WrongContract"] = "WrongContract";
-    ErrorCode["OrderMismatch"] = "OrderMismatch";
-    ErrorCode["MissingReceipt"] = "MissingReceipt";
+    ErrorCode["RpcError"] = "rpc_error";
+    ErrorCode["InsufficientFunds"] = "insufficient_funds";
+    ErrorCode["AmountTooLow"] = "amount_too_low";
+    ErrorCode["TokenNotAccepted"] = "token_not_accepted";
+    ErrorCode["TransactionFailed"] = "transaction_failed";
+    ErrorCode["DuplicateTransaction"] = "duplicate_transaction";
+    ErrorCode["InvalidReceipt"] = "invalid_receipt";
+    ErrorCode["InternalError"] = "internal_error";
+    ErrorCode["TransactionNotFound"] = "transaction_not_found";
+    ErrorCode["WrongContract"] = "wrong_contract";
+    ErrorCode["OrderMismatch"] = "order_mismatch";
+    ErrorCode["MissingReceipt"] = "missing_receipt";
 })(ErrorCode || (exports.ErrorCode = ErrorCode = {}));
+exports.ERROR_MESSAGES = {
+    "rpc_error": "Failed to connect to any provided RPC nodes.",
+    "insufficient_funds": "Wallet lacks USDC or ETH for gas.",
+    "amount_too_low": "Payment amount is below the protocol minimum (1000).",
+    "token_not_accepted": "The provided token address is not in the whitelist.",
+    "transaction_failed": "On-chain transaction reverted or failed.",
+    "duplicate_transaction": "This transaction hash has already been consumed.",
+    "invalid_receipt": "The provided receipt (TxHash) is malformed or invalid.",
+    "internal_error": "An unexpected error occurred.",
+    "transaction_not_found": "Transaction not found on-chain.",
+    "wrong_contract": "Payment event was not emitted by the official PayNode contract.",
+    "order_mismatch": "OrderId in receipt does not match requested ID.",
+    "missing_receipt": "Please pay to PayNode contract and provide 'x-paynode-receipt' header.",
+};
 class PayNodeException extends Error {
-    message;
     code;
     details;
-    constructor(message, code, details) {
-        super(message);
-        this.message = message;
+    constructor(code, message, details) {
+        const finalMessage = message || exports.ERROR_MESSAGES[code] || "An unexpected error occurred.";
+        super(finalMessage);
         this.code = code;
         this.details = details;
         this.name = "PayNodeException";
+        this.message = finalMessage;
     }
 }
 exports.PayNodeException = PayNodeException;

package/dist/index.d.ts

@@ -4,4 +4,5 @@ export * from './utils/idempotency';
 export * from './utils/webhook';
 export * from './client';
 export * from './errors';
+export * from './constants';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC;AACpC,cAAc,iBAAiB,CAAC;AAChC,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC;AACpC,cAAc,iBAAiB,CAAC;AAChC,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC"}

package/dist/index.js

@@ -20,3 +20,4 @@ __exportStar(require("./utils/idempotency"), exports);
 __exportStar(require("./utils/webhook"), exports);
 __exportStar(require("./client"), exports);
 __exportStar(require("./errors"), exports);
+__exportStar(require("./constants"), exports);

package/dist/middleware/x402.d.ts

@@ -1,16 +1,18 @@
-import { Request, NextFunction } from 'express';
+import { Request, Response, NextFunction } from 'express';
 import { IdempotencyStore } from '../utils/idempotency';
 export interface PayNodeMiddlewareOptions {
-    rpcUrls: string | string[];
-    chainId: number;
-    contractAddress: string;
     merchantAddress: string;
-    tokenAddress: string;
-    currency: string;
     price: string;
-    decimals: number;
+    rpcUrls?: string | string[];
+    chainId?: number;
+    contractAddress?: string;
+    tokenAddress?: string;
+    currency?: string;
+    decimals?: number;
     store?: IdempotencyStore;
     generateOrderId?: (req: Request | any) => string;
 }
-export declare const x402_gate: (options: PayNodeMiddlewareOptions) => (req: any, res: any, next: NextFunction) => Promise<any>;
+export declare const x402Gate: (options: PayNodeMiddlewareOptions) => (req: Request | any, res: Response | any, next: NextFunction) => Promise<any>;
+/** @deprecated Use x402Gate instead. */
+export declare const x402_gate: (options: PayNodeMiddlewareOptions) => (req: Request | any, res: Response | any, next: NextFunction) => Promise<any>;
 //# sourceMappingURL=x402.d.ts.map

package/dist/middleware/x402.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"x402.d.ts","sourceRoot":"","sources":["../../src/middleware/x402.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAY,YAAY,EAAE,MAAM,SAAS,CAAC;AAG1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAGxD,MAAM,WAAW,wBAAwB;IACvC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB,eAAe,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,KAAK,MAAM,CAAC;CAClD;AAED,eAAO,MAAM,SAAS,GAAI,SAAS,wBAAwB,MAiB3C,KAAK,GAAG,EAAE,KAAK,GAAG,EAAE,MAAM,YAAY,iBAwDrD,CAAC"}
+{"version":3,"file":"x402.d.ts","sourceRoot":"","sources":["../../src/middleware/x402.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAG1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAQxD,MAAM,WAAW,wBAAwB;IACvC,eAAe,EAAE,MAAM,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB,eAAe,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,KAAK,MAAM,CAAC;CAClD;AAED,eAAO,MAAM,QAAQ,GAAI,SAAS,wBAAwB,MAwB1C,KAAK,OAAO,GAAG,GAAG,EAAE,KAAK,QAAQ,GAAG,GAAG,EAAE,MAAM,YAAY,iBAwD1E,CAAC;AAEF,wCAAwC;AACxC,eAAO,MAAM,SAAS,YAnFY,wBAAwB,MAwB1C,KAAK,OAAO,GAAG,GAAG,EAAE,KAAK,QAAQ,GAAG,GAAG,EAAE,MAAM,YAAY,iBA2D1C,CAAC"}

package/dist/middleware/x402.js

@@ -1,26 +1,33 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.x402_gate = void 0;
+exports.x402_gate = exports.x402Gate = void 0;
 const errors_1 = require("../errors");
 const verifier_1 = require("../utils/verifier");
 const ethers_1 = require("ethers");
-const x402_gate = (options) => {
+const constants_1 = require("../constants");
+const x402Gate = (options) => {
+    const rpcUrls = options.rpcUrls || constants_1.BASE_RPC_URLS;
+    const chainId = options.chainId || 8453;
+    const contractAddress = options.contractAddress || constants_1.PAYNODE_ROUTER_ADDRESS;
+    const tokenAddress = options.tokenAddress || constants_1.BASE_USDC_ADDRESS;
+    const currency = options.currency || 'USDC';
+    const decimals = options.decimals !== undefined ? options.decimals : 6;
     const verifier = new verifier_1.PayNodeVerifier({
-        rpcUrls: options.rpcUrls,
-        chainId: options.chainId,
-        contractAddress: options.contractAddress,
+        rpcUrls,
+        chainId,
+        contractAddress,
         store: options.store
     });
     let rawAmount;
     try {
-        rawAmount = (0, ethers_1.parseUnits)(options.price, options.decimals);
+        rawAmount = (0, ethers_1.parseUnits)(options.price, decimals);
     }
     catch (e) {
-        rawAmount = BigInt(Math.floor(parseFloat(options.price) * (10 ** options.decimals)));
+        rawAmount = BigInt(Math.floor(parseFloat(options.price) * (10 ** decimals)));
     }
     const defaultOrderIdGen = (req) => `agent_js_${Date.now()}`;
     return async (req, res, next) => {
-        // Compatibility with different mock/real environments
+        // ... rest of the logic
         const getHeader = (name) => {
             if (req.header && typeof req.header === 'function')
                 return req.header(name);
@@ -36,12 +43,12 @@ const x402_gate = (options) => {
         if (!receiptHash) {
             if (res.set) {
                 res.set({
-                    'x-paynode-contract': options.contractAddress,
+                    'x-paynode-contract': contractAddress,
                     'x-paynode-merchant': options.merchantAddress,
                     'x-paynode-amount': rawAmount.toString(),
-                    'x-paynode-currency': options.currency,
-                    'x-paynode-token-address': options.tokenAddress,
-                    'x-paynode-chain-id': options.chainId.toString(),
+                    'x-paynode-currency': currency,
+                    'x-paynode-token-address': tokenAddress,
+                    'x-paynode-chain-id': chainId.toString(),
                     'x-paynode-order-id': orderId
                 });
             }
@@ -50,13 +57,13 @@ const x402_gate = (options) => {
                 code: errors_1.ErrorCode.MissingReceipt,
                 message: "Please pay to PayNode contract and provide 'x-paynode-receipt' header.",
                 amount: options.price,
-                currency: options.currency
+                currency: currency
             });
         }
         // Phase 2: On-chain Verification
         const result = await verifier.verifyPayment(receiptHash, {
             merchantAddress: options.merchantAddress,
-            tokenAddress: options.tokenAddress,
+            tokenAddress: tokenAddress,
             amount: rawAmount,
             orderId: orderId
         });
@@ -74,4 +81,6 @@ const x402_gate = (options) => {
         }
     };
 };
-exports.x402_gate = x402_gate;
+exports.x402Gate = x402Gate;
+/** @deprecated Use x402Gate instead. */
+exports.x402_gate = exports.x402Gate;

package/dist/utils/verifier.d.ts

@@ -1,13 +1,5 @@
 import { PayNodeException } from '../errors';
 import { IdempotencyStore } from './idempotency';
-/**
- * Default accepted token addresses across supported chains.
- * SDK will reject any payment involving a token NOT in this whitelist,
- * preventing fake-token attacks at the verification layer.
- */
-export declare const ACCEPTED_TOKENS: Record<string, string[]>;
-/** Minimum allowed payment amount to prevent dust exploits (1000 = 0.001 USDC) */
-export declare const MIN_PAYMENT_AMOUNT = 1000n;
 export interface PayNodeVerifierConfig {
     rpcUrls: string | string[];
     contractAddress: string;

package/dist/utils/verifier.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../../src/utils/verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAExD,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAEjD;;;;GAIG;AACH,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CASpD,CAAC;AAEF,kFAAkF;AAClF,eAAO,MAAM,kBAAkB,QAAQ,CAAC;AAExC,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB,oGAAoG;IACpG,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,eAAe;IAC9B,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IACjC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAQD,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAqC;IACrD,OAAO,CAAC,eAAe,CAAS;IAChC,OAAO,CAAC,OAAO,CAAC,CAAS;IACzB,OAAO,CAAC,KAAK,CAAC,CAAmB;IACjC,OAAO,CAAC,cAAc,CAAC,CAAc;gBAEzB,MAAM,EAAE,qBAAqB;IAmCnC,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,gBAAgB,CAAA;KAAE,CAAC;CAkFxH"}
+{"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../../src/utils/verifier.ts"],"names":[],"mappings":"AACA,OAAO,EAAa,gBAAgB,EAAE,MAAM,WAAW,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAA0B,MAAM,eAAe,CAAC;AAGzE,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB,oGAAoG;IACpG,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,eAAe;IAC9B,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IACjC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAQD,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAqC;IACrD,OAAO,CAAC,eAAe,CAAS;IAChC,OAAO,CAAC,OAAO,CAAC,CAAS;IACzB,OAAO,CAAC,KAAK,CAAC,CAAmB;IACjC,OAAO,CAAC,cAAc,CAAC,CAAc;gBAEzB,MAAM,EAAE,qBAAqB;IAmCnC,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,gBAAgB,CAAA;KAAE,CAAC;CA2FxH"}

package/dist/utils/verifier.js

@@ -1,25 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.PayNodeVerifier = exports.MIN_PAYMENT_AMOUNT = exports.ACCEPTED_TOKENS = void 0;
-const errors_1 = require("../errors");
+exports.PayNodeVerifier = void 0;
 const ethers_1 = require("ethers");
-/**
- * Default accepted token addresses across supported chains.
- * SDK will reject any payment involving a token NOT in this whitelist,
- * preventing fake-token attacks at the verification layer.
- */
-exports.ACCEPTED_TOKENS = {
-    // Base Mainnet (chainId: 8453)
-    '8453': [
-        '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913', // USDC
-    ],
-    // Base Sepolia (chainId: 84532)
-    '84532': [
-        '0xeAC1f2C7099CdaFfB91Aa3b8Ffd653Ef16935798', // USDC (Sandbox)
-    ],
-};
-/** Minimum allowed payment amount to prevent dust exploits (1000 = 0.001 USDC) */
-exports.MIN_PAYMENT_AMOUNT = 1000n;
+const errors_1 = require("../errors");
+const idempotency_1 = require("./idempotency");
+const constants_1 = require("../constants");
 const PAYNODE_ABI = [
     "event PaymentReceived(bytes32 indexed orderId, address indexed merchant, address indexed payer, address token, uint256 amount, uint256 fee, uint256 chainId)"
 ];
@@ -32,7 +17,7 @@ class PayNodeVerifier {
     acceptedTokens;
     constructor(config) {
         if (!config.rpcUrls || (Array.isArray(config.rpcUrls) && config.rpcUrls.length === 0)) {
-            throw new errors_1.PayNodeException("Failed to connect to any provided RPC nodes.", errors_1.ErrorCode.RpcError);
+            throw new errors_1.PayNodeException(errors_1.ErrorCode.RpcError);
         }
         // Support RpcPool / FallbackProvider
         if (Array.isArray(config.rpcUrls)) {
@@ -51,13 +36,13 @@ class PayNodeVerifier {
         }
         this.contractAddress = config.contractAddress;
         this.chainId = config.chainId;
-        this.store = config.store;
+        this.store = config.store || new idempotency_1.MemoryIdempotencyStore();
         let tokenList;
         if (config.acceptedTokens !== undefined) {
             tokenList = config.acceptedTokens;
         }
         else if (config.chainId) {
-            tokenList = exports.ACCEPTED_TOKENS[config.chainId.toString()];
+            tokenList = constants_1.ACCEPTED_TOKENS[config.chainId];
         }
         if (tokenList && tokenList.length > 0) {
             this.acceptedTokens = new Set(tokenList.map(t => t.toLowerCase()));
@@ -67,27 +52,20 @@ class PayNodeVerifier {
         try {
             // 0. Dust Exploit Check (Minimum Payment)
             const expectedAmount = BigInt(expected.amount);
-            if (expectedAmount < exports.MIN_PAYMENT_AMOUNT) {
-                return { isValid: false, error: new errors_1.PayNodeException("Payment amount is below the protocol minimum (1000).", errors_1.ErrorCode.AmountTooLow) };
+            if (expectedAmount < constants_1.MIN_PAYMENT_AMOUNT) {
+                return { isValid: false, error: new errors_1.PayNodeException(errors_1.ErrorCode.AmountTooLow) };
             }
             // 1. Token Whitelist Check (Anti-FakeToken)
             if (this.acceptedTokens && !this.acceptedTokens.has(expected.tokenAddress.toLowerCase())) {
-                return { isValid: false, error: new errors_1.PayNodeException("The provided token address is not in the whitelist.", errors_1.ErrorCode.TokenNotAccepted) };
-            }
-            // 1. Idempotency Check
-            if (this.store) {
-                const isNew = await this.store.checkAndSet(txHash, 86400);
-                if (!isNew) {
-                    return { isValid: false, error: new errors_1.PayNodeException("This transaction hash has already been consumed.", errors_1.ErrorCode.DuplicateTransaction) };
-                }
+                return { isValid: false, error: new errors_1.PayNodeException(errors_1.ErrorCode.TokenNotAccepted) };
             }
             // 2. Fetch Receipt
             const receipt = await this.provider.getTransactionReceipt(txHash);
             if (!receipt) {
-                return { isValid: false, error: new errors_1.PayNodeException("The provided receipt (TxHash) is malformed or invalid.", errors_1.ErrorCode.InvalidReceipt) };
+                return { isValid: false, error: new errors_1.PayNodeException(errors_1.ErrorCode.InvalidReceipt) };
             }
             if (receipt.status !== 1) {
-                return { isValid: false, error: new errors_1.PayNodeException("On-chain transaction reverted or failed.", errors_1.ErrorCode.TransactionFailed) };
+                return { isValid: false, error: new errors_1.PayNodeException(errors_1.ErrorCode.TransactionFailed) };
             }
             // 3. Parse Logs & Verify Contract Source
             let paymentLog = null;
@@ -108,32 +86,45 @@ class PayNodeVerifier {
                 }
             }
             if (!paymentLog) {
-                return { isValid: false, error: new errors_1.PayNodeException("No valid PaymentReceived event from official contract found in transaction.", errors_1.ErrorCode.WrongContract) };
+                return { isValid: false, error: new errors_1.PayNodeException(errors_1.ErrorCode.WrongContract) };
             }
             const args = paymentLog.parsed.args;
-            // 4. Verify Merchant
+            // 4. Verify OrderId (bytes32 keccak256 hash comparison)
+            if (expected.orderId) {
+                if (args.orderId !== ethers_1.ethers.id(expected.orderId)) {
+                    return { isValid: false, error: new errors_1.PayNodeException(errors_1.ErrorCode.OrderMismatch) };
+                }
+            }
+            // 5. Verify Merchant
             if (args.merchant.toLowerCase() !== expected.merchantAddress.toLowerCase()) {
-                return { isValid: false, error: new errors_1.PayNodeException("Payment went to a different merchant.", errors_1.ErrorCode.InvalidReceipt) };
+                return { isValid: false, error: new errors_1.PayNodeException(errors_1.ErrorCode.InvalidReceipt, "Payment went to a different merchant.") };
             }
             // 5. Verify Token
             if (args.token.toLowerCase() !== expected.tokenAddress.toLowerCase()) {
-                return { isValid: false, error: new errors_1.PayNodeException("Payment used unexpected token.", errors_1.ErrorCode.InvalidReceipt) };
+                return { isValid: false, error: new errors_1.PayNodeException(errors_1.ErrorCode.InvalidReceipt, "Payment used unexpected token.") };
             }
             // 6. Verify Amount
             if (BigInt(args.amount) < BigInt(expected.amount)) {
-                return { isValid: false, error: new errors_1.PayNodeException("Payment amount is below required price.", errors_1.ErrorCode.InvalidReceipt) };
+                return { isValid: false, error: new errors_1.PayNodeException(errors_1.ErrorCode.InvalidReceipt, "Payment amount is below required price.") };
             }
             // 7. Verify ChainId (Cross-chain replay protection)
             const expectedChainId = BigInt(this.chainId || (await this.provider.getNetwork()).chainId);
             if (BigInt(args.chainId) !== expectedChainId) {
-                return { isValid: false, error: new errors_1.PayNodeException("ChainId mismatch. Invalid network.", errors_1.ErrorCode.InvalidReceipt) };
+                return { isValid: false, error: new errors_1.PayNodeException(errors_1.ErrorCode.InvalidReceipt, "ChainId mismatch. Invalid network.") };
+            }
+            // 8. Idempotency Check
+            if (this.store) {
+                const isNew = await this.store.checkAndSet(txHash, 86400);
+                if (!isNew) {
+                    return { isValid: false, error: new errors_1.PayNodeException(errors_1.ErrorCode.DuplicateTransaction) };
+                }
             }
             return { isValid: true };
         }
         catch (e) {
             if (e instanceof errors_1.PayNodeException)
                 return { isValid: false, error: e };
-            return { isValid: false, error: new errors_1.PayNodeException(`An unexpected error occurred: ${e.message}`, errors_1.ErrorCode.InternalError) };
+            return { isValid: false, error: new errors_1.PayNodeException(errors_1.ErrorCode.InternalError, `An unexpected error occurred: ${e.message}`) };
         }
     }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@paynodelabs/sdk-js",
-  "version": "1.1.2",
+  "version": "1.4.0",
   "description": "The official JavaScript/TypeScript SDK for PayNode x402 protocol on Base L2.",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",