@piprail/sdk 1.11.0 → 1.13.0

package/dist/index.d.ts

@@ -4365,6 +4365,55 @@ declare function register402Index(input: RegisterInput): Promise<RegisterOutcome
 declare function registerX402Scan(input: {
     url: string;
 }, signer: DiscoverySigner): Promise<RegisterOutcome>;
+/** What {@link claim402IndexDomain} returns — the proof to SERVE so 402 Index will
+ *  approve your domain (and flip your `pending-review` listings to searchable). */
+interface DomainClaim {
+    ok: boolean;
+    domain: string;
+    /** The exact text to serve as the ENTIRE body of `verificationUrl` — this is what
+     *  402 Index fetches and checks (the SHA-256 of the token). Always populated on
+     *  success: read from the response, or computed as `sha256(verificationToken)` if
+     *  the API returns only the token. Serve THIS. */
+    verificationHash?: string;
+    /** The raw 64-hex token 402 Index issued (the preimage of `verificationHash`). */
+    verificationToken?: string;
+    /** Where to serve `verificationHash` — your `https://<domain>/.well-known/402index-verify.txt`. */
+    verificationUrl?: string;
+    /** 402 Index's own human instructions. */
+    instructions?: string;
+    httpStatus?: number;
+    /** Failure reason when `ok:false`. */
+    detail?: string;
+}
+/** What {@link verify402IndexDomain} returns once the proof is in place. */
+interface DomainVerification {
+    ok: boolean;
+    domain: string;
+    /** 402 Index's status string, e.g. `'verified'`. */
+    status?: string;
+    /** How many of your pending listings were approved by the verification. */
+    servicesCount?: number;
+    httpStatus?: number;
+    detail?: string;
+}
+/**
+ * Step 1 of 402 Index domain verification: claim the host of `domainOrUrl`. 402 Index
+ * lists a self-registered resource as PENDING REVIEW; verifying the domain approves it
+ * (and every other pending listing on that domain) so it becomes searchable. Returns the
+ * `verificationHash` to serve as the entire body of `verificationUrl`
+ * (`https://<domain>/.well-known/402index-verify.txt`). Then call {@link verify402IndexDomain}.
+ * No funds move. Never throws.
+ */
+declare function claim402IndexDomain(domainOrUrl: string, opts?: {
+    contactEmail?: string;
+}): Promise<DomainClaim>;
+/**
+ * Step 2 of 402 Index domain verification: after {@link claim402IndexDomain} and serving
+ * the `verificationHash` at `verificationUrl`, tell 402 Index to re-fetch + approve. On
+ * success, the domain's pending listings become searchable (`status:'verified'`,
+ * `servicesCount` approved). No funds move. Never throws.
+ */
+declare function verify402IndexDomain(domainOrUrl: string): Promise<DomainVerification>;
 
 interface PaymentPolicy {
     /** Per-payment ceiling, human-readable (e.g. '0.10'). Compared using the
@@ -4849,6 +4898,30 @@ declare class PipRailClient {
      * on them before calling.
      */
     register(url: string, opts?: RegisterOptions): Promise<RegisterOutcome[]>;
+    /**
+     * **402 Index domain verification, step 1 of 2.** A self-registered 402 Index
+     * listing is `pending-review` (see {@link register}); verifying your domain flips
+     * it — and every other pending listing on that domain — to APPROVED/searchable.
+     * Pass the resource URL or a bare domain; returns the `verificationHash` to serve
+     * as the entire body of `verificationUrl` (your `/.well-known/402index-verify.txt`).
+     * Then serve it and call {@link verifyDomain}. Moves no funds; never throws.
+     *
+     * ```ts
+     * const claim = await client.claimDomain('https://api.example.com/report')
+     * // serve claim.verificationHash at claim.verificationUrl, then:
+     * const res = await client.verifyDomain('api.example.com')  // → { ok:true, status:'verified' }
+     * ```
+     */
+    claimDomain(urlOrDomain: string, opts?: {
+        contactEmail?: string;
+    }): Promise<DomainClaim>;
+    /**
+     * **402 Index domain verification, step 2 of 2.** After {@link claimDomain} and
+     * serving the hash at your `/.well-known/402index-verify.txt`, this tells 402 Index
+     * to re-fetch + approve. On success the domain's pending listings become searchable
+     * (`{ ok:true, status:'verified', servicesCount }`). Moves no funds; never throws.
+     */
+    verifyDomain(urlOrDomain: string): Promise<DomainVerification>;
     /**
      * The discovery signer for the bound wallet (its address + a message signer),
      * or `null` if the chain family doesn't support it (EVM does today). For
@@ -5061,10 +5134,6 @@ interface OpenApiOperation {
     'x-payment-info': {
         x402Version: 2;
         accepts: PaymentRail[];
-        /** Bazaar-style input schema marker so a strict index doesn't "skip" the op. */
-        bazaar: {
-            discoverable: true;
-        };
     };
 }
 /** x402scan's legacy origin file (`/.well-known/x402`). */
@@ -5073,6 +5142,46 @@ interface WellKnownX402 {
     resources: string[];
     ownershipProofs?: string[];
 }
+/**
+ * Describes a resource's INPUT for discovery. The open indexes that REQUIRE an
+ * input schema (x402scan rejects a listing without one) read this from a
+ * `extensions.bazaar` block. Pass it to a gate's `discovery` option (emits the
+ * block in the 402 challenge) or build it directly with {@link buildBazaarExtension}.
+ */
+interface DiscoveryDescriptor {
+    /** HTTP method the resource answers. Default `'GET'`. */
+    method?: string;
+    /** Query params the resource reads, as a JSON-Schema `properties` object
+     *  (name → schema). Default `{}` — a no-input GET. */
+    queryParams?: Record<string, unknown>;
+    /** Optional output hint (shape/example) for a richer listing. */
+    output?: {
+        type?: string;
+        example?: unknown;
+    };
+}
+/** The `extensions.bazaar` discovery block (the x402 "bazaar" convention the open
+ *  indexes parse: `info.input` describes the request, `schema` is its JSON Schema). */
+interface BazaarExtension {
+    info: {
+        input: {
+            type: 'http';
+            method: string;
+            queryParams: Record<string, unknown>;
+        };
+        output?: {
+            type?: string;
+            example?: unknown;
+        };
+    };
+    schema: Record<string, unknown>;
+}
+/**
+ * Build the `extensions.bazaar` block that satisfies x402scan's mandatory input-schema
+ * check, from a {@link DiscoveryDescriptor}. Pure. Defaults to a no-input GET — the
+ * minimal shape a live x402scan listing accepts.
+ */
+declare function buildBazaarExtension(descriptor?: DiscoveryDescriptor): BazaarExtension;
 /** The `_x402` DNS TXT pointer record (experimental draft). */
 interface X402DnsRecord {
     name: string;
@@ -5224,6 +5333,14 @@ interface RequirePaymentOptions {
      * Omit to keep the gate exactly as today (`onchain-proof` only).
      */
     exact?: ExactRailOption;
+    /**
+     * Make this gate's 402 self-describing for the open indexes — **x402scan REQUIRES
+     * an input schema or it won't list the resource.** Set `true` for a no-input GET,
+     * or pass a {@link DiscoveryDescriptor} to describe the request. Emits an
+     * `extensions.bazaar` block in the 402 challenge. Opt-in; omitting it leaves the
+     * challenge byte-identical to before.
+     */
+    discovery?: boolean | DiscoveryDescriptor;
 }
 type VerifyPaymentResult = {
     kind: 'paid';
@@ -5830,4 +5947,4 @@ declare function readExactDomain(publicClient: PublicClient, asset: string): Pro
     version: string;
 } | null>;
 
-export { type AcceptOption, type AddressId, type AgentTool, type AlgorandToken, type AptosToken, type AssetId, type BuildExactParams, CHAINS, type Caip2, type ChainFamily, type ChainInput, type ChainName, type ChainPreset, type ChainSelector, type ConfirmInfo, ConfirmationTimeoutError, type CostEstimate, DIRECTORY_INFO, type DirectoryInfo, type DiscoverOptions, type DiscoveredRail, type DiscoveredResource, type DiscoverySigner, type DiscoverySource, EIP3009_TYPES, EXACT_NETWORK_SLUGS, type EvmToken, type ExactAccept, type ExactAuthorization, type ExactAuthorizationWire, type ExactPaymentPayload, type ExactRailOption, type ExpressLikeMiddleware, type ExpressLikeNext, type ExpressLikeRequest, type ExpressLikeResponse, type FacilitatorConfig, type FacilitatorPaymentRequirements, GENERATOR, HEADER_REQUIRED, HEADER_RESPONSE, HEADER_RESPONSE_V1, HEADER_SIGNATURE, HEADER_SIGNATURE_V1, InsufficientFundsError, InvalidEnvelopeError, type ListingVisibility, type ManifestInput, MaxRetriesExceededError, MissingDriverError, type NearToken, NoCompatibleAcceptError, NonReplayableBodyError, type OpenApiDocument, type OpenApiOperation, type ParsedExactPayment, type PayBlocker, type PayOption, type PayWarning, PaymentDeclinedError, type PaymentDriver, type PaymentGate, type PaymentIntent, type PaymentPlan, type PaymentPolicy, type PaymentRail, PaymentTimeoutError, PipRailClient, type PipRailClientOptions, type PipRailCostQuote, PipRailError, type PipRailEvent, type PipRailQuote, type PolicyDecision, RecipientNotReadyError, type RecipientReason, type RegisterInput, type RegisterOptions, type RegisterOutcome, type RequirePaymentOptions, type ResolveOptions, type ResolvedChain, type ResolvedNetwork, type ResolvedToken, type ResourceDescription, type SearchOpenIndexesOptions, type SettleViaFacilitatorInput, SettlementError, type SolanaToken, type SpendAssetTotal, type SpendRecord, type SpendSummary, type StellarToken, type SuiToken, type TokenInfo, type TokenInput, type TonToken, type ToolAnnotations, type TronToken, UnknownTokenError, UnsupportedNetworkError, type VerifyErrorCode, type VerifyPaymentResult, type VerifyResult, type WalletBalance, type WalletHandle, type WalletInput, type WellKnownX402, WrongChainError, WrongFamilyError, type X402AcceptEntry, type X402AnyAccept, type X402Challenge, type X402DnsRecord, type X402ExactAcceptEntry, type X402InvalidBody, type X402PaymentSignature, type X402Receipt, type X402ResourceObject, type XrplToken, buildChallengeHeader, buildExactAuthorization, buildOpenApi, buildReceiptHeader, buildSignatureHeader, buildWellKnownX402, buildX402DnsTxt, chainIdForExactNetwork, createPaymentGate, decorateOutcome, eip3009Abi, encodeXPaymentHeader, evaluatePolicy, getDirectoryInfo, normalizeNetwork, parseChallenge, parseExactPaymentHeader, parseExactRequirements, parseReceipt, parseSignatureHeader, paymentTools, pickAccept, planAcross, readExactDomain, register402Index, registerDriver, registerX402Scan, requirePayment, resolveChain, searchOpenIndexes, settleViaFacilitator, toInsufficientFundsError, toInvalidBody };
+export { type AcceptOption, type AddressId, type AgentTool, type AlgorandToken, type AptosToken, type AssetId, type BazaarExtension, type BuildExactParams, CHAINS, type Caip2, type ChainFamily, type ChainInput, type ChainName, type ChainPreset, type ChainSelector, type ConfirmInfo, ConfirmationTimeoutError, type CostEstimate, DIRECTORY_INFO, type DirectoryInfo, type DiscoverOptions, type DiscoveredRail, type DiscoveredResource, type DiscoveryDescriptor, type DiscoverySigner, type DiscoverySource, type DomainClaim, type DomainVerification, EIP3009_TYPES, EXACT_NETWORK_SLUGS, type EvmToken, type ExactAccept, type ExactAuthorization, type ExactAuthorizationWire, type ExactPaymentPayload, type ExactRailOption, type ExpressLikeMiddleware, type ExpressLikeNext, type ExpressLikeRequest, type ExpressLikeResponse, type FacilitatorConfig, type FacilitatorPaymentRequirements, GENERATOR, HEADER_REQUIRED, HEADER_RESPONSE, HEADER_RESPONSE_V1, HEADER_SIGNATURE, HEADER_SIGNATURE_V1, InsufficientFundsError, InvalidEnvelopeError, type ListingVisibility, type ManifestInput, MaxRetriesExceededError, MissingDriverError, type NearToken, NoCompatibleAcceptError, NonReplayableBodyError, type OpenApiDocument, type OpenApiOperation, type ParsedExactPayment, type PayBlocker, type PayOption, type PayWarning, PaymentDeclinedError, type PaymentDriver, type PaymentGate, type PaymentIntent, type PaymentPlan, type PaymentPolicy, type PaymentRail, PaymentTimeoutError, PipRailClient, type PipRailClientOptions, type PipRailCostQuote, PipRailError, type PipRailEvent, type PipRailQuote, type PolicyDecision, RecipientNotReadyError, type RecipientReason, type RegisterInput, type RegisterOptions, type RegisterOutcome, type RequirePaymentOptions, type ResolveOptions, type ResolvedChain, type ResolvedNetwork, type ResolvedToken, type ResourceDescription, type SearchOpenIndexesOptions, type SettleViaFacilitatorInput, SettlementError, type SolanaToken, type SpendAssetTotal, type SpendRecord, type SpendSummary, type StellarToken, type SuiToken, type TokenInfo, type TokenInput, type TonToken, type ToolAnnotations, type TronToken, UnknownTokenError, UnsupportedNetworkError, type VerifyErrorCode, type VerifyPaymentResult, type VerifyResult, type WalletBalance, type WalletHandle, type WalletInput, type WellKnownX402, WrongChainError, WrongFamilyError, type X402AcceptEntry, type X402AnyAccept, type X402Challenge, type X402DnsRecord, type X402ExactAcceptEntry, type X402InvalidBody, type X402PaymentSignature, type X402Receipt, type X402ResourceObject, type XrplToken, buildBazaarExtension, buildChallengeHeader, buildExactAuthorization, buildOpenApi, buildReceiptHeader, buildSignatureHeader, buildWellKnownX402, buildX402DnsTxt, chainIdForExactNetwork, claim402IndexDomain, createPaymentGate, decorateOutcome, eip3009Abi, encodeXPaymentHeader, evaluatePolicy, getDirectoryInfo, normalizeNetwork, parseChallenge, parseExactPaymentHeader, parseExactRequirements, parseReceipt, parseSignatureHeader, paymentTools, pickAccept, planAcross, readExactDomain, register402Index, registerDriver, registerX402Scan, requirePayment, resolveChain, searchOpenIndexes, settleViaFacilitator, toInsufficientFundsError, toInvalidBody, verify402IndexDomain };

package/dist/index.js

@@ -1344,6 +1344,8 @@ function decorateOutcome(o) {
 var BAZAAR_URL = "https://api.cdp.coinbase.com/platform/v2/x402/discovery/resources";
 var INDEX402_SEARCH = "https://402index.io/api/v1/services";
 var INDEX402_REGISTER = "https://402index.io/api/v1/register";
+var INDEX402_CLAIM = "https://402index.io/api/v1/claim";
+var INDEX402_VERIFY = "https://402index.io/api/v1/claim/verify";
 var X402SCAN_REGISTER = "https://www.x402scan.com/api/x402/registry/register";
 var USER_AGENT = "@piprail/sdk (+https://piprail.com)";
 function clientHeaders(extra = {}) {
@@ -1579,12 +1581,72 @@ async function registerX402Scan(input, signer) {
     return { source: "x402scan", ok: false, detail: errMsg(err) };
   }
 }
+async function claim402IndexDomain(domainOrUrl, opts = {}) {
+  const domain = hostOf(domainOrUrl);
+  try {
+    const res = await fetch(INDEX402_CLAIM, {
+      method: "POST",
+      headers: clientHeaders({ "content-type": "application/json", accept: "application/json" }),
+      body: JSON.stringify({ domain, ...opts.contactEmail ? { contact_email: opts.contactEmail } : {} })
+    });
+    const body = await res.json().catch(() => ({}));
+    if (!res.ok) {
+      return { ok: false, domain, httpStatus: res.status, detail: pickString(body, "error", "detail", "message") ?? `402 Index claim returned HTTP ${res.status}.` };
+    }
+    const verificationToken = pickString(body, "verification_token");
+    const verificationHash = pickString(body, "verification_hash") ?? (verificationToken ? await sha256Hex(verificationToken) : void 0);
+    return {
+      ok: true,
+      domain,
+      httpStatus: res.status,
+      ...optionalString("verificationHash", verificationHash),
+      ...optionalString("verificationToken", verificationToken),
+      ...optionalString("verificationUrl", pickString(body, "verification_url")),
+      ...optionalString("instructions", pickString(body, "instructions"))
+    };
+  } catch (err) {
+    return { ok: false, domain, detail: errMsg(err) };
+  }
+}
+async function sha256Hex(input) {
+  const digest = await globalThis.crypto.subtle.digest("SHA-256", new TextEncoder().encode(input));
+  return Array.from(new Uint8Array(digest)).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function verify402IndexDomain(domainOrUrl) {
+  const domain = hostOf(domainOrUrl);
+  try {
+    const res = await fetch(INDEX402_VERIFY, {
+      method: "POST",
+      headers: clientHeaders({ "content-type": "application/json", accept: "application/json" }),
+      body: JSON.stringify({ domain })
+    });
+    const body = await res.json().catch(() => ({}));
+    if (!res.ok) {
+      return { ok: false, domain, httpStatus: res.status, detail: pickString(body, "error", "detail", "message") ?? `402 Index verify returned HTTP ${res.status}.` };
+    }
+    return {
+      ok: true,
+      domain,
+      httpStatus: res.status,
+      ...optionalString("status", pickString(body, "status")),
+      ...typeof body.services_count === "number" ? { servicesCount: body.services_count } : {}
+    };
+  } catch (err) {
+    return { ok: false, domain, detail: errMsg(err) };
+  }
+}
 async function readSiwxInfo(res) {
   try {
     const body = await res.json();
     const ext = body.extensions;
     const siwx = ext?.["sign-in-with-x"];
     const info = siwx?.info ?? siwx;
+    if (info && info.chainId == null && Array.isArray(siwx?.supportedChains)) {
+      const evm = siwx.supportedChains.find(
+        (c) => typeof c?.chainId === "string" && c.chainId.startsWith("eip155:")
+      );
+      if (evm && typeof evm.chainId === "string") info.chainId = evm.chainId;
+    }
     if (info && typeof info.domain === "string" && info.domain.length > 0 && typeof info.nonce === "string" && info.nonce.length > 0 && typeof info.uri === "string" && info.uri.length > 0) {
       return info;
     }
@@ -1668,7 +1730,8 @@ function firstArray(o, ...keys) {
 }
 function hostOf(url) {
   try {
-    return new URL(url).hostname;
+    const withScheme = /^[a-z][a-z0-9+.-]*:\/\//i.test(url) ? url : `https://${url}`;
+    return new URL(withScheme).hostname || url;
   } catch {
     return url;
   }
@@ -1677,8 +1740,13 @@ function errMsg(err) {
   return err instanceof Error ? err.message : String(err);
 }
 function encodeBase642(str) {
-  if (typeof btoa === "function") return btoa(str);
   if (typeof Buffer !== "undefined") return Buffer.from(str, "utf8").toString("base64");
+  if (typeof btoa === "function" && typeof TextEncoder !== "undefined") {
+    const bytes = new TextEncoder().encode(str);
+    let binary = "";
+    for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
+    return btoa(binary);
+  }
   throw new Error("No base64 encoder available in this runtime.");
 }
 
@@ -2052,6 +2120,32 @@ var PipRailClient = class {
     }
     return outcomes.map(decorateOutcome);
   }
+  /**
+   * **402 Index domain verification, step 1 of 2.** A self-registered 402 Index
+   * listing is `pending-review` (see {@link register}); verifying your domain flips
+   * it — and every other pending listing on that domain — to APPROVED/searchable.
+   * Pass the resource URL or a bare domain; returns the `verificationHash` to serve
+   * as the entire body of `verificationUrl` (your `/.well-known/402index-verify.txt`).
+   * Then serve it and call {@link verifyDomain}. Moves no funds; never throws.
+   *
+   * ```ts
+   * const claim = await client.claimDomain('https://api.example.com/report')
+   * // serve claim.verificationHash at claim.verificationUrl, then:
+   * const res = await client.verifyDomain('api.example.com')  // → { ok:true, status:'verified' }
+   * ```
+   */
+  async claimDomain(urlOrDomain, opts = {}) {
+    return claim402IndexDomain(urlOrDomain, opts);
+  }
+  /**
+   * **402 Index domain verification, step 2 of 2.** After {@link claimDomain} and
+   * serving the hash at your `/.well-known/402index-verify.txt`, this tells 402 Index
+   * to re-fetch + approve. On success the domain's pending listings become searchable
+   * (`{ ok:true, status:'verified', servicesCount }`). Moves no funds; never throws.
+   */
+  async verifyDomain(urlOrDomain) {
+    return verify402IndexDomain(urlOrDomain);
+  }
   /**
    * The discovery signer for the bound wallet (its address + a message signer),
    * or `null` if the chain family doesn't support it (EVM does today). For
@@ -2698,7 +2792,7 @@ function paymentTools(client) {
     },
     {
       name: "piprail_register",
-      description: "List an x402 payment-gated resource YOU run on the open indexes so other agents can discover it. Default target is 402 Index \u2014 no auth, no signature, no payment; a self-registered listing is pending review (verify your domain on 402index.io for instant approval). Returns one outcome per index ({ source, ok, detail, visibility, note }); a step the chain can't satisfy comes back ok:false with the reason. Moves no funds; nothing is PipRail-hosted.",
+      description: "List an x402 payment-gated resource YOU run on the open indexes so other agents can discover it. Default target is 402 Index \u2014 no auth, no signature, no payment; a self-registered listing is pending review (verify your domain on 402index.io for instant approval). Returns one outcome per index ({ source, ok, detail, visibility, note }); a step the chain can't satisfy comes back ok:false with the reason. Moves no funds; nothing is PipRail-hosted. NOTE: index/agent payers are overwhelmingly standard `exact` clients \u2014 a default onchain-proof-only gate gets listed but they cannot pay it, so add an `exact` rail (and set the gate's `discovery` option, required for x402scan) to be usefully discoverable AND payable.",
       annotations: {
         title: "Register an x402 endpoint",
         readOnlyHint: false,
@@ -2732,6 +2826,87 @@ function paymentTools(client) {
   ];
 }
 
+// src/discovery.ts
+var GENERATOR = "@piprail/sdk \xB7 https://piprail.com";
+function buildBazaarExtension(descriptor = {}) {
+  const method = (descriptor.method ?? "GET").toUpperCase();
+  const queryParams = descriptor.queryParams ?? {};
+  return {
+    info: {
+      input: { type: "http", method, queryParams },
+      output: descriptor.output ?? { type: "json" }
+    },
+    schema: {
+      $schema: "https://json-schema.org/draft/2020-12/schema",
+      type: "object",
+      properties: {
+        input: {
+          type: "object",
+          properties: {
+            type: { type: "string", const: "http" },
+            method: { type: "string", enum: ["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"] },
+            queryParams: { type: "object", properties: queryParams, additionalProperties: false }
+          },
+          required: ["type", "method"],
+          additionalProperties: false
+        }
+      },
+      required: ["input"]
+    }
+  };
+}
+function pathOf(url) {
+  try {
+    return new URL(url).pathname || "/";
+  } catch {
+    return url.startsWith("/") ? url : `/${url}`;
+  }
+}
+function buildOpenApi(input) {
+  const paths = {};
+  for (const r of input.resources) {
+    const path = pathOf(r.url);
+    const method = (r.method ?? "GET").toLowerCase();
+    const op = {
+      ...r.description ? { summary: r.description } : {},
+      responses: {
+        "200": { description: "Paid \u2014 the resource." },
+        "402": { description: "Payment required (x402)." }
+      },
+      "x-payment-info": {
+        x402Version: 2,
+        accepts: r.accepts
+      }
+    };
+    paths[path] = { ...paths[path] ?? {}, [method]: op };
+  }
+  return {
+    openapi: "3.1.0",
+    info: { title: input.title ?? "PipRail x402 resources", version: input.version ?? "1.0.0" },
+    servers: [{ url: input.origin }],
+    paths,
+    // "Built with @piprail/sdk" — default on (opt out with attribution:false). At the
+    // document ROOT so `info` stays exactly { title, version }.
+    ...input.attribution === false ? {} : { "x-generator": GENERATOR },
+    ...input.ownershipProofs && input.ownershipProofs.length > 0 ? { "x-agentcash-provenance": { ownershipProofs: input.ownershipProofs } } : {}
+  };
+}
+function buildWellKnownX402(input) {
+  return {
+    version: 1,
+    resources: input.resources.map((r) => r.url),
+    ...input.ownershipProofs && input.ownershipProofs.length > 0 ? { ownershipProofs: input.ownershipProofs } : {}
+  };
+}
+function buildX402DnsTxt(input) {
+  const descriptor = input.descriptor ? `descriptor=${input.descriptor};` : "";
+  return {
+    name: `_x402.${input.host}`,
+    type: "TXT",
+    value: `v=x4021;${descriptor}url=${input.discoveryUrl}`
+  };
+}
+
 // src/facilitator.ts
 function safeStringify(value) {
   return JSON.stringify(value, (_k, v) => typeof v === "bigint" ? v.toString() : v);
@@ -2980,6 +3155,8 @@ function createPaymentGate(options) {
   async function makeChallenge(resourceUrl, opts) {
     const specs = await ready();
     const nonce = genNonce();
+    const bazaar = options.discovery ? { bazaar: buildBazaarExtension(options.discovery === true ? {} : options.discovery) } : void 0;
+    const extensions = { ...bazaar, ...opts?.extensions };
     const challenge2 = {
       x402Version: 2,
       resource: {
@@ -2988,7 +3165,7 @@ function createPaymentGate(options) {
       },
       accepts: buildAccepts(specs, nonce),
       ...opts?.error ? { error: opts.error } : {},
-      ...opts?.extensions ? { extensions: opts.extensions } : {}
+      ...Object.keys(extensions).length > 0 ? { extensions } : {}
     };
     return { challenge: challenge2, requiredHeader: buildChallengeHeader(challenge2) };
   }
@@ -3174,61 +3351,6 @@ function normaliseHeader(value) {
   if (Array.isArray(value)) return value[0];
   return value;
 }
-
-// src/discovery.ts
-var GENERATOR = "@piprail/sdk \xB7 https://piprail.com";
-function pathOf(url) {
-  try {
-    return new URL(url).pathname || "/";
-  } catch {
-    return url.startsWith("/") ? url : `/${url}`;
-  }
-}
-function buildOpenApi(input) {
-  const paths = {};
-  for (const r of input.resources) {
-    const path = pathOf(r.url);
-    const method = (r.method ?? "GET").toLowerCase();
-    const op = {
-      ...r.description ? { summary: r.description } : {},
-      responses: {
-        "200": { description: "Paid \u2014 the resource." },
-        "402": { description: "Payment required (x402)." }
-      },
-      "x-payment-info": {
-        x402Version: 2,
-        accepts: r.accepts,
-        bazaar: { discoverable: true }
-      }
-    };
-    paths[path] = { ...paths[path] ?? {}, [method]: op };
-  }
-  return {
-    openapi: "3.1.0",
-    info: { title: input.title ?? "PipRail x402 resources", version: input.version ?? "1.0.0" },
-    servers: [{ url: input.origin }],
-    paths,
-    // "Built with @piprail/sdk" — default on (opt out with attribution:false). At the
-    // document ROOT so `info` stays exactly { title, version }.
-    ...input.attribution === false ? {} : { "x-generator": GENERATOR },
-    ...input.ownershipProofs && input.ownershipProofs.length > 0 ? { "x-agentcash-provenance": { ownershipProofs: input.ownershipProofs } } : {}
-  };
-}
-function buildWellKnownX402(input) {
-  return {
-    version: 1,
-    resources: input.resources.map((r) => r.url),
-    ...input.ownershipProofs && input.ownershipProofs.length > 0 ? { ownershipProofs: input.ownershipProofs } : {}
-  };
-}
-function buildX402DnsTxt(input) {
-  const descriptor = input.descriptor ? `descriptor=${input.descriptor};` : "";
-  return {
-    name: `_x402.${input.host}`,
-    type: "TXT",
-    value: `v=x4021;${descriptor}url=${input.discoveryUrl}`
-  };
-}
 export {
   CHAINS,
   ConfirmationTimeoutError,
@@ -3257,6 +3379,7 @@ export {
   UnsupportedNetworkError,
   WrongChainError,
   WrongFamilyError,
+  buildBazaarExtension,
   buildChallengeHeader,
   buildExactAuthorization,
   buildOpenApi,
@@ -3265,6 +3388,7 @@ export {
   buildWellKnownX402,
   buildX402DnsTxt,
   chainIdForExactNetwork,
+  claim402IndexDomain,
   createPaymentGate,
   decorateOutcome,
   eip3009Abi,
@@ -3289,5 +3413,6 @@ export {
   searchOpenIndexes,
   settleViaFacilitator,
   toInsufficientFundsError,
-  toInvalidBody
+  toInvalidBody,
+  verify402IndexDomain
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@piprail/sdk",
-  "version": "1.11.0",
+  "version": "1.13.0",
   "description": "Accept x402 crypto payments across 29 chains — every major EVM chain plus Solana, TON, Tron, NEAR, Sui, Aptos, Algorand, Stellar & XRPL — in a couple of lines. No backend, no database, no fee; payments settle straight to your wallet.",
   "type": "module",
   "main": "./dist/index.cjs",