@piprail/sdk 1.13.0 → 1.14.0

package/CHAINS.md

@@ -13,7 +13,7 @@ read those sections before you ship them.
 
 | Chain(s) | Pay in native coin? | Built-in stablecoins | Receiver needs setup? | Wallet input |
 |---|:--:|---|---|---|
-| **EVM** (Ethereum, Base, Arbitrum, Optimism, Polygon, BNB, Avalanche, Mantle, Sonic, Linea, Scroll, Celo, zkSync, Unichain, World Chain, Sei, Injective, HyperEVM, Monad, Kaia, + any EVM chain) | ✅ ETH/BNB/POL/… | USDC (all **except Kaia**) · USDT (all **except Base, World Chain, Sei, HyperEVM, Monad**) | No | `{ privateKey }` |
+| **EVM** (Ethereum, Base, Arbitrum, Optimism, Polygon, BNB, Avalanche, Mantle, Sonic, Linea, Scroll, Celo, zkSync, Unichain, World Chain, Sei, Injective, HyperEVM, Monad, Kaia, + any EVM chain) | ✅ ETH/BNB/POL/… | USDC (all **except Kaia**) · USDT (all **except Base, World Chain, Sei, HyperEVM, Monad**) · **EURC** (Ethereum, Base, Avalanche) | No | `{ privateKey }` |
 | **Solana** | ✅ SOL | USDC · USDT | No (payer creates the recipient's token account) | `{ secretKey }` |
 | **Sui** | ✅ SUI | USDC (no USDT) | No | `{ privateKey }` (`suiprivkey1…`) |
 | **Aptos** | ✅ APT | USDC · USDT | No (primary FA store auto-creates) | `{ privateKey }` (`ed25519-priv-0x…`) |
@@ -44,8 +44,9 @@ read those sections before you ship them.
 ## Chains with no caveats
 
 ### EVM — Ethereum, Base, Arbitrum, Optimism, Polygon, BNB, Avalanche, …
-- **Pay in:** native coin (`'native'`), `'USDC'`, `'USDT'`, or a custom `{ address, decimals }`.
+- **Pay in:** native coin (`'native'`), `'USDC'`, `'USDT'`, `'EURC'` (where issued), or a custom `{ address, decimals }`.
 - **USDT gap:** built in on every preset **except Base, World Chain, Sei, HyperEVM, and Monad** (USDC only there). **Kaia** is the inverse — **USD₮ only** (no Circle-native USDC on Kaia).
+- **EURC:** Circle's euro stablecoin is built in on **Ethereum, Base, and Avalanche** (EIP-3009, 6-dp, addresses verified on-chain). Its EIP-712 domain name differs per deployment (`"Euro Coin"` on Ethereum/Avalanche, `"EURC"` on Base) — the SDK reads it on-chain, so `exact` payments are correct everywhere. Like USDC, it's `exact`-payable.
 - **Decimals:** on **BNB Chain**, Binance-Peg USDC/USDT are **18 decimals**, not 6 (the SDK handles it; don't hardcode 6).
 - **Stablecoin provenance — issuer-native vs bridged (every shipped address verified on-chain 2026-06-08, incl. bridge markers).** Every address is the correct, canonical, 1:1-redeemable dollar token on its chain; what varies is *who issues it*. You request it as `'USDC'` / `'USDT'` either way — provenance matters only if you specifically require issuer-native settlement.
   - **USDC** is **Circle-native** on every preset **except** **BNB** (Binance-Peg, 18-dp), **Mantle** (OP canonical-bridge), and **Scroll** (Bridged-USDC-Standard) — the last two are backed 1:1 by Circle USDC on Ethereum but are **not** Circle-issued on that chain (absent from Circle's native-USDC list).

package/CHANGELOG.md

@@ -4,6 +4,53 @@ All notable changes to `@piprail/sdk` are documented here. The format
 follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and the
 versions follow [Semantic Versioning](https://semver.org/).
 
+## [1.14.0] — 2026-06-10
+
+### Added — pay the standard `exact` rail (opt-in, EVM + EIP-3009)
+- **`PipRailClient` can now PAY standard x402 `exact` rails**, not just PipRail's native
+  `onchain-proof` — so an agent can transact with ANY standard v2 x402 server (the dominant
+  `exact`-on-Base-via-CDP web), while PipRail's own gates stay backendless. **Opt-in** via a new
+  `schemes` option (default `['onchain-proof']` — the zero-config path is byte-identical):
+  `new PipRailClient({ chain: 'base', wallet, schemes: ['onchain-proof', 'exact'] })`, with a per-call
+  override `fetch(url, { schemes: ['exact'] })`. EVM + EIP-3009 only (USDC/EURC); silently ignored on
+  non-EVM chains, for USDT/native, or for a token the SDK can't price (those keep `onchain-proof`).
+- The buyer signs an EIP-3009 authorization with **its own** wallet and the server / merchant-chosen
+  facilitator broadcasts it — the buyer pays ~0 gas and PipRail hosts/settles nothing. `quote()`,
+  `planPayment()`, `estimateCost()`, `canAfford()`, `autoRoute`, and `planAcross()` are now truthful
+  across both schemes (an exact rail is priced gasless: `cost.fee === '0'`, never an `INSUFFICIENT_GAS`
+  blocker). The EIP-712 domain is **re-derived on-chain** (`name()`/`version()`), never trusted from
+  the server's `extra`. The same `policy` + `onBeforePay` gate it BEFORE any signature.
+  **Verify against your target facilitator before production.**
+- **EURC is now a built-in EVM preset token** on Ethereum, Base, and Avalanche (on-chain-verified;
+  EIP-3009, 6 decimals) — so the `exact` buyer recognises it and the "USDC/EURC" coverage is real, not
+  aspirational. (Its EIP-712 domain name differs per deployment — `"Euro Coin"` on Ethereum/Avalanche,
+  `"EURC"` on Base — which the buyer re-derives on-chain; the symbol is display-only.)
+- `X402ExactAcceptEntry.extra.name`/`version` are now OPTIONAL (the exact-EVM scheme only requires
+  `assetTransferMethod`) — matching the spec; the buyer ignores them (it re-derives on-chain), the gate
+  still populates them from its own on-chain read. The `payment-settled` event now also carries the
+  conformant `settle?: SettleOutcome` (a third-party facilitator's lean SettleResponse, when there's no
+  rich receipt).
+- New exports: `buildExactSignatureHeader`, `parseSettleResponse` (+ the `SettleOutcome` type), the
+  `PaymentScheme` type, and the `UnsupportedSchemeError` (`code: 'UNSUPPORTED_SCHEME'`). New driver SPI
+  method `payExact?` (optional, EVM-only). `@piprail/mcp` adds the `PIPRAIL_SCHEMES` env (unset ⇒ the
+  SDK default, so the MCP's zero-config posture is unchanged).
+
+### Changed (additive — minor, but type-affecting)
+- `PayOption.accept` and the `payment-required` event's `accept` are now `X402AnyAccept` (was
+  `X402AcceptEntry`). A consumer that reads `accept.extra.nonce`/`minConfirmations` without a `scheme`
+  guard should narrow on `accept.scheme === 'onchain-proof'` first.
+- The buyer emits **v2 only** for `exact` (`PAYMENT-SIGNATURE` + the `accepted`-envelope). v1-only
+  servers (which never parse as a v2 challenge here) are out of scope for this milestone.
+
+## [1.13.1] — 2026-06-10
+
+### Fixed
+- **`register()` visibility is now accurate for a verified domain.** 402 Index returns a structured
+  `service.status` — a register from a domain you've verified comes back `'active'`, so the outcome now
+  reports `visibility:'live'` instead of the conservative `'pending-review'` default (`decorateOutcome`
+  honours a visibility the adapter already set). The `detail` already surfaced 402 Index's own message;
+  now `visibility` and `detail` agree.
+
 ## [1.13.0] — 2026-06-10
 
 ### Added — gate `discovery` option (one flag → x402scan-listable)
@@ -615,6 +662,8 @@ straight into your wallet. The API is small and self-contained.
   to your wallet; PipRail never holds funds.
 - `viem ^2.21` is a peer dependency. Node 20+ or a modern browser.
 
+[1.14.0]: https://www.npmjs.com/package/@piprail/sdk
+[1.13.1]: https://www.npmjs.com/package/@piprail/sdk
 [1.13.0]: https://www.npmjs.com/package/@piprail/sdk
 [1.12.0]: https://www.npmjs.com/package/@piprail/sdk
 [1.11.0]: https://www.npmjs.com/package/@piprail/sdk

package/ERRORS.md

@@ -56,7 +56,8 @@ Base class [`PipRailError`](src/errors.ts) (abstract; `.name` = the subclass nam
 | `MAX_RETRIES_EXCEEDED` | `MaxRetriesExceededError` | server kept returning 402 after broadcast — **message embeds the last server `error — detail`, and carries `.ref`** | client |
 | `PAYMENT_DECLINED` | `PaymentDeclinedError` | the client refused to pay BEFORE any send — over the spend `policy` (amount/total/chain/token/host), or an `onBeforePay` hook returned false / threw | client |
 | `INVALID_ENVELOPE` | `InvalidEnvelopeError` | a 402 had no parseable x402 challenge | client |
-| `NO_COMPATIBLE_ACCEPT` | `NoCompatibleAcceptError` | the challenge offered no `accepts[]` entry for the client's network | client |
+| `NO_COMPATIBLE_ACCEPT` | `NoCompatibleAcceptError` | the challenge offered no `accepts[]` entry the client can pay on its network + enabled `schemes` (message names the enabled schemes) | client |
+| `UNSUPPORTED_SCHEME` | `UnsupportedSchemeError` | asked to pay a scheme the bound family/asset/signer can't settle, with no fallback: `exact` on a non-EVM family, a non-EIP-3009 token (USDT/native/plain ERC-20), or a contract / EIP-1271 / EIP-7702 signer | client / EVM `exact` (`payExact`) |
 | `NON_REPLAYABLE_BODY` | `NonReplayableBodyError` | `init.body` isn't replayable (e.g. a one-shot stream) | client |
 | `MISSING_DRIVER` | `MissingDriverError` | a family's **optional peer deps aren't installed** (the lazy `import()` failed) — message names the exact `npm install` and sets `{ cause }` | registry loaders |
 | `UNSUPPORTED_NETWORK` | `UnsupportedNetworkError` | no driver for the family, or the driver's `resolve()` returned `null` (unrecognised `chain`) | registry |

package/README.md

@@ -59,6 +59,22 @@ exact: { settle: { facilitator: 'https://x402.org/facilitator' } }
 
 EVM + EIP-3009 tokens only (USDC, EURC — not USDT, not native; those stay `onchain-proof`). Omit `exact` and the gate is byte-identical to today. Proven end-to-end: a real `@x402/fetch` reference client settles against a PipRail gate on Base mainnet.
 
+### Pay *any* x402 server — the `exact` rail, buyer side
+
+The mirror image: let your **`PipRailClient` pay** standard x402 servers (the dominant `exact`-on-Base-via-CDP web), not just PipRail's own gates. Opt in with `schemes` — default `['onchain-proof']`, so the zero-config client is byte-identical:
+
+```ts
+const client = new PipRailClient({
+  chain: 'base',
+  wallet: { privateKey: process.env.AGENT_KEY },
+  schemes: ['onchain-proof', 'exact'],     // also pay standard exact rails
+})
+await client.fetch('https://api.somevendor.com/paid')   // pays whichever rail it offers
+// or per call: client.fetch(url, { schemes: ['exact'] })
+```
+
+On an `exact` rail the client signs an EIP-3009 authorization with **its own** wallet and the server / merchant-chosen facilitator broadcasts it — so the **buyer pays ~0 gas** and PipRail hosts/settles nothing. The EIP-712 token domain is **re-derived on-chain** (never trusted from the challenge), the same `policy` + `onBeforePay` gate it **before any signature**, and `quote()`/`planPayment()`/`estimateCost()` are truthful across both schemes (an exact rail prices gasless). EVM + EIP-3009 only (USDC/EURC); silently ignored on non-EVM chains, for USDT/native, or for a token the SDK can't price — those stay `onchain-proof`. **Verify against your target facilitator before production.**
+
 ## Built for agents — spend safely
 
 A funded key loose on the internet needs guardrails. Opt in to a `policy` and the client refuses anything outside it **before any on-chain send** — plus learn a price without paying it, approve each payment, and read back exactly what you spent. All opt-in, all local, no backend; omit it and the client behaves exactly as before.
@@ -253,7 +269,8 @@ For an LLM/MCP these are two more tools — **`piprail_discover`** (find) and **
 
 > **Two honest caveats.** The open indexes assume the mainstream `exact` scheme, so to be *usefully*
 > listed also offer a standard `exact` USDC rail on Base/Solana (`discover()` results are
-> cross-scheme; `fetch()` pays only PipRail `onchain-proof` rails directly). And **x402scan indexes
+> cross-scheme; `fetch()` pays PipRail `onchain-proof` rails by default, and standard `exact` rails too
+> once you opt in with `schemes: ['onchain-proof', 'exact']` — EVM/EIP-3009). And **x402scan indexes
 > Base/Solana only** — 402 Index has no such limit, so it's the default register target. There is no
 > single ratified discovery standard yet; OpenAPI-first is an emerging multi-vendor convention.
 
@@ -758,7 +775,7 @@ Methods: `fetch` · `get` · `post` (return the gated `Response` after settlemen
 
 **Bring your own chain family:** the SDK is built on a tiny `PaymentDriver` contract — `resolve(chain)` returns a bound network with `resolveToken` / `describeAsset` / `assertValidPayTo` / `bindWallet` / `send` / `confirm` / `estimateCost` / `balanceOf` / `recipientReady` / `verify`. Register your own with `registerDriver(...)`; the protocol layer never changes (see [Architecture](#architecture-under-the-hood)).
 
-**Universal x402 (experimental):** building blocks to pay servers on the mainstream x402 `exact` scheme (EIP-3009 + facilitator) — `parseExactRequirements`, `buildExactAuthorization`, `encodeXPaymentHeader`. EVM-only; validate against your target facilitator before production.
+**Universal x402 (`exact` scheme):** the supported way to pay any standard x402 server is `new PipRailClient({ …, schemes: ['onchain-proof', 'exact'] })` (see [Pay *any* x402 server](#pay-any-x402-server--the-exact-rail-buyer-side)) — the client signs the EIP-3009 authorization on-chain-derived-domain and the server/facilitator settles. The low-level codecs `parseExactRequirements` / `buildExactAuthorization` (`@deprecated` — trusts the server-supplied domain, local-key only) / `encodeXPaymentHeader` remain for hand-rolled or v1 clients. EVM + EIP-3009 only; validate against your target facilitator before production.
 
 ## Requirements
 

package/STANDARDS.md

@@ -109,6 +109,8 @@ npm test                 # full Vitest suite
 npm run build            # tsup build succeeds
 # lazy-chunk invariant — the EVM bundle pulls in no non-EVM chain lib:
 grep -E "from ?['\"]@(solana|ton|stellar)" dist/index.js   # → expect NO matches
+# viem-free protocol layer — the chain-agnostic core never imports a chain SDK:
+grep -lE "from ['\"]viem" src/client.ts src/x402.ts src/policy.ts src/ledger.ts src/server.ts src/agent.ts  # → expect NO matches
 ```
 
 `prepublishOnly` runs build + test + both typechecks. Never ship with any of these red.

package/dist/{algorand-WGVF4KTU.js → algorand-7EUZYL2Z.js}

@@ -7,7 +7,7 @@ import {
   nativeCost,
   rejectForeignToken,
   toInsufficientFundsError
-} from "./chunk-SVMGHASK.js";
+} from "./chunk-H3A4KWLJ.js";
 
 // src/drivers/algorand/index.ts
 import algosdk2 from "algosdk";

package/dist/{algorand-MXUSKX46.cjs → algorand-OIHGJN5S.cjs}

@@ -7,7 +7,7 @@
 
 
 
-var _chunkMDLZJGLYcjs = require('./chunk-MDLZJGLY.cjs');
+var _chunkFTKVCP6Kcjs = require('./chunk-FTKVCP6K.cjs');
 
 // src/drivers/algorand/index.ts
 var _algosdk = require('algosdk'); var _algosdk2 = _interopRequireDefault(_algosdk);
@@ -55,13 +55,13 @@ async function payAlgorand(params) {
   } catch (err) {
     const mapped = mapAlgorandError(err, accept.payTo);
     if (mapped) throw mapped;
-    throw _nullishCoalesce(_chunkMDLZJGLYcjs.toInsufficientFundsError.call(void 0, err), () => ( err));
+    throw _nullishCoalesce(_chunkFTKVCP6Kcjs.toInsufficientFundsError.call(void 0, err), () => ( err));
   }
 }
 function mapAlgorandError(err, payTo) {
   const m = err instanceof Error ? err.message : String(err);
   if (/must optin/i.test(m) || /missing from/i.test(m) && m.includes(payTo)) {
-    return new (0, _chunkMDLZJGLYcjs.RecipientNotReadyError)(
+    return new (0, _chunkFTKVCP6Kcjs.RecipientNotReadyError)(
       `Algorand recipient ${payTo} hasn't opted into this asset \u2014 it must opt in (a 0-amount asset transfer to itself) before it can receive. (Algorand: ${firstLine(m)})`,
       { cause: err }
     );
@@ -69,7 +69,7 @@ function mapAlgorandError(err, payTo) {
   if (/overspend|below min|min(imum)? balance|tried to spend|balance \d+ below|asset \d+ missing from|insufficient|underflow/i.test(
     m
   )) {
-    return new (0, _chunkMDLZJGLYcjs.InsufficientFundsError)(
+    return new (0, _chunkFTKVCP6Kcjs.InsufficientFundsError)(
       `Algorand payment failed: the sender can't cover it \u2014 token balance, ALGO for fees, the 0.1-ALGO minimum balance, or a missing asset opt-in on the sender. (Algorand: ${firstLine(m)})`,
       { cause: err }
     );
@@ -157,22 +157,22 @@ function rpcFailed(nonce) {
 
 function assertAlgorandWallet(wallet, network) {
   if (typeof wallet !== "object" || wallet === null) {
-    throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+    throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
       `chain ${network} is Algorand; wallet must be { mnemonic } (25 words) or { account }.`
     );
   }
   if ("privateKey" in wallet || "walletClient" in wallet) {
-    throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+    throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
       `chain ${network} is Algorand; an EVM/Aptos wallet can't be used \u2014 pass { mnemonic } (25 words) or { account }.`
     );
   }
   if ("secretKey" in wallet || "signer" in wallet || "secret" in wallet || "keypair" in wallet || "keyPair" in wallet || "seed" in wallet || "accountId" in wallet) {
-    throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+    throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
       `chain ${network} is Algorand; that looks like another family's wallet \u2014 pass { mnemonic } (25 words) or { account }.`
     );
   }
   if (!("mnemonic" in wallet) && !("account" in wallet)) {
-    throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+    throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
       `chain ${network} is Algorand; wallet must be { mnemonic } (25 words) or { account }.`
     );
   }
@@ -187,13 +187,13 @@ function resolveAlgorandWallet(config) {
       const { addr, sk } = _algosdk2.default.mnemonicToSecretKey(config.mnemonic);
       return { addr: addr.toString(), sk };
     } catch (cause) {
-      throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+      throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
         "Algorand wallet { mnemonic } is not a valid 25-word Algorand mnemonic.",
         { cause }
       );
     }
   }
-  throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)("Algorand wallet needs { mnemonic } (25 words) or { account }.");
+  throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)("Algorand wallet needs { mnemonic } (25 words) or { account }.");
 }
 
 // src/drivers/algorand/index.ts
@@ -248,16 +248,16 @@ function makeAlgorandNetwork(preset, algodUrl) {
         const info = preset.tokens[token.toUpperCase()];
         if (!info) {
           const known = Object.keys(preset.tokens).join(", ") || "(none built in)";
-          throw new (0, _chunkMDLZJGLYcjs.UnknownTokenError)(
+          throw new (0, _chunkFTKVCP6Kcjs.UnknownTokenError)(
             `token "${token}" isn't built in for Algorand (known: ${known}). Pass { assetId, decimals } for a custom ASA, or use 'native'.`
           );
         }
         return { asset: algorandAssetId(info.assetId), decimals: info.decimals, symbol: info.symbol };
       }
-      _chunkMDLZJGLYcjs.rejectForeignToken.call(void 0, token, "algorand", network);
+      _chunkFTKVCP6Kcjs.rejectForeignToken.call(void 0, token, "algorand", network);
       const t = token;
       if (typeof t.assetId !== "number" || typeof t.decimals !== "number") {
-        throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+        throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
           `chain ${network} is Algorand; a custom token must be { assetId, decimals }.`
         );
       }
@@ -278,12 +278,12 @@ function makeAlgorandNetwork(preset, algodUrl) {
     },
     assertValidPayTo(payTo) {
       if (payTo.startsWith("0x")) {
-        throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+        throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
           `chain ${network} is Algorand, but payTo "${payTo}" looks like an EVM address.`
         );
       }
       if (!_algosdk2.default.isValidAddress(payTo)) {
-        throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+        throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
           `chain ${network} is Algorand, but payTo "${payTo}" is not a valid Algorand address.`
         );
       }
@@ -300,13 +300,13 @@ function makeAlgorandNetwork(preset, algodUrl) {
         const info = await _algosdk2.default.waitForConfirmation(algod, ref, 10);
         return { height: String(_nullishCoalesce(info.confirmedRound, () => ( 0))) };
       } catch (err) {
-        throw new (0, _chunkMDLZJGLYcjs.ConfirmationTimeoutError)(`Algorand tx ${ref} did not confirm in time.`, {
+        throw new (0, _chunkFTKVCP6Kcjs.ConfirmationTimeoutError)(`Algorand tx ${ref} did not confirm in time.`, {
           cause: err
         });
       }
     },
     async estimateCost() {
-      return _chunkMDLZJGLYcjs.nativeCost.call(void 0, {
+      return _chunkFTKVCP6Kcjs.nativeCost.call(void 0, {
         symbol: ALGO_SYMBOL,
         decimals: ALGO_DECIMALS,
         fee: 1000n,

package/dist/{aptos-LPBLSEIQ.js → aptos-CDEYDDM5.js}

@@ -6,7 +6,7 @@ import {
   nativeCost,
   rejectForeignToken,
   toInsufficientFundsError
-} from "./chunk-SVMGHASK.js";
+} from "./chunk-H3A4KWLJ.js";
 
 // src/drivers/aptos/index.ts
 import { Aptos, AptosConfig, Network, AccountAddress } from "@aptos-labs/ts-sdk";

package/dist/{aptos-YT7SXWPF.cjs → aptos-WDWZOU25.cjs}

@@ -6,7 +6,7 @@
 
 
 
-var _chunkMDLZJGLYcjs = require('./chunk-MDLZJGLY.cjs');
+var _chunkFTKVCP6Kcjs = require('./chunk-FTKVCP6K.cjs');
 
 // src/drivers/aptos/index.ts
 var _tssdk = require('@aptos-labs/ts-sdk');
@@ -55,14 +55,14 @@ async function payAptos(params) {
     const res = await client.signSubmit({ signer, transaction });
     return res.hash;
   } catch (err) {
-    if (err instanceof _chunkMDLZJGLYcjs.InsufficientFundsError) throw err;
+    if (err instanceof _chunkFTKVCP6Kcjs.InsufficientFundsError) throw err;
     if (isAptosAffordability(err)) {
-      throw new (0, _chunkMDLZJGLYcjs.InsufficientFundsError)(
+      throw new (0, _chunkFTKVCP6Kcjs.InsufficientFundsError)(
         err instanceof Error ? err.message : "Insufficient APT/token balance for the payment.",
         { cause: err }
       );
     }
-    throw _nullishCoalesce(_chunkMDLZJGLYcjs.toInsufficientFundsError.call(void 0, err), () => ( err));
+    throw _nullishCoalesce(_chunkFTKVCP6Kcjs.toInsufficientFundsError.call(void 0, err), () => ( err));
   }
 }
 function isAptosAffordability(err) {
@@ -146,22 +146,22 @@ function txNotFound(hash) {
 
 function assertAptosWallet(wallet, network) {
   if (typeof wallet !== "object" || wallet === null) {
-    throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+    throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
       `chain ${network} is Aptos; wallet must be { privateKey } (ed25519-priv-0x\u2026) or { account }.`
     );
   }
   if ("walletClient" in wallet) {
-    throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+    throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
       `chain ${network} is Aptos; a viem { walletClient } can't be used \u2014 pass { privateKey } (ed25519-priv-0x\u2026) or { account }.`
     );
   }
   if ("secretKey" in wallet || "signer" in wallet || "mnemonic" in wallet || "keypair" in wallet || "keyPair" in wallet || "secret" in wallet || "seed" in wallet || "accountId" in wallet) {
-    throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+    throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
       `chain ${network} is Aptos; that looks like another family's wallet \u2014 pass { privateKey } (ed25519-priv-0x\u2026) or { account }.`
     );
   }
   if (!("privateKey" in wallet) && !("account" in wallet)) {
-    throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+    throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
       `chain ${network} is Aptos; wallet must be { privateKey } (ed25519-priv-0x\u2026) or { account }.`
     );
   }
@@ -173,13 +173,13 @@ function resolveAptosAccount(config) {
     try {
       return _tssdk.Account.fromPrivateKey({ privateKey: new (0, _tssdk.Ed25519PrivateKey)(config.privateKey) });
     } catch (cause) {
-      throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+      throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
         "Aptos wallet { privateKey } is not a valid ed25519 secret (ed25519-priv-0x\u2026 or 0x\u2026 hex).",
         { cause }
       );
     }
   }
-  throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)("Aptos wallet needs { privateKey } (ed25519-priv-0x\u2026) or { account }.");
+  throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)("Aptos wallet needs { privateKey } (ed25519-priv-0x\u2026) or { account }.");
 }
 
 // src/drivers/aptos/index.ts
@@ -251,16 +251,16 @@ function makeAptosNetwork(preset, rpcUrl) {
         const info = preset.tokens[token.toUpperCase()];
         if (!info) {
           const known = Object.keys(preset.tokens).join(", ") || "(none built in)";
-          throw new (0, _chunkMDLZJGLYcjs.UnknownTokenError)(
+          throw new (0, _chunkFTKVCP6Kcjs.UnknownTokenError)(
             `token "${token}" isn't built in for Aptos (known: ${known}). Pass { metadata, decimals } for a custom Fungible Asset, or use 'native'.`
           );
         }
         return { asset: info.metadata, decimals: info.decimals, symbol: info.symbol };
       }
-      _chunkMDLZJGLYcjs.rejectForeignToken.call(void 0, token, "aptos", network);
+      _chunkFTKVCP6Kcjs.rejectForeignToken.call(void 0, token, "aptos", network);
       const t = token;
       if (!t.metadata || typeof t.decimals !== "number") {
-        throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+        throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
           `chain ${network} is Aptos; a custom token must be { metadata, decimals }.`
         );
       }
@@ -287,7 +287,7 @@ function makeAptosNetwork(preset, rpcUrl) {
         valid = false;
       }
       if (!valid || evmLike) {
-        throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+        throw new (0, _chunkFTKVCP6Kcjs.WrongFamilyError)(
           `chain ${network} is Aptos, but payTo "${payTo}" is not a valid Aptos address (0x + 32 bytes).`
         );
       }
@@ -309,11 +309,11 @@ function makeAptosNetwork(preset, rpcUrl) {
         const tx = await aptos.waitForTransaction({ transactionHash: ref });
         return { height: String(_nullishCoalesce(tx.version, () => ( "0"))) };
       } catch (err) {
-        throw new (0, _chunkMDLZJGLYcjs.ConfirmationTimeoutError)(`Aptos tx ${ref} did not finalize in time.`, { cause: err });
+        throw new (0, _chunkFTKVCP6Kcjs.ConfirmationTimeoutError)(`Aptos tx ${ref} did not finalize in time.`, { cause: err });
       }
     },
     async estimateCost() {
-      return _chunkMDLZJGLYcjs.nativeCost.call(void 0, {
+      return _chunkFTKVCP6Kcjs.nativeCost.call(void 0, {
         symbol: APT_SYMBOL,
         decimals: APT_DECIMALS,
         fee: 100000n,

package/dist/{chunk-MDLZJGLY.cjs → chunk-FTKVCP6K.cjs}

@@ -1,4 +1,4 @@
-"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; } var _class; var _class2; var _class3; var _class4; var _class5; var _class6; var _class7; var _class8; var _class9; var _class10; var _class11; var _class12; var _class13; var _class14; var _class15;// src/errors.ts
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; } var _class; var _class2; var _class3; var _class4; var _class5; var _class6; var _class7; var _class8; var _class9; var _class10; var _class11; var _class12; var _class13; var _class14; var _class15; var _class16;// src/errors.ts
 var PipRailError = class extends Error {
   constructor(message, options) {
     super(message, options);
@@ -37,7 +37,14 @@ var PaymentTimeoutError = (_class4 = class extends PipRailError {
 }, _class4);
 var MaxRetriesExceededError = (_class5 = class extends PipRailError {
   __init5() {this.code = "MAX_RETRIES_EXCEEDED"}
-  /** The already-broadcast proof ref — recover with it, don't re-pay. */
+  /**
+   * The proof ref — recover with it, don't re-pay. Its meaning depends on the
+   * scheme: for `onchain-proof` it's the already-broadcast transaction ref
+   * (re-verify or re-submit it). For a standard `exact` rail it's the EIP-3009
+   * authorization NONCE (a `0x…` 32-byte value, NOT a tx hash) — re-PRESENT the
+   * same signed authorization, never re-sign a fresh nonce; check the token's
+   * `authorizationState(from, nonce)` before assuming it didn't settle.
+   */
   
   constructor(message, options) {
     super(message, options);_class5.prototype.__init5.call(this);;
@@ -59,21 +66,24 @@ var InvalidEnvelopeError = (_class9 = class extends PipRailError {constructor(..
 var NoCompatibleAcceptError = (_class10 = class extends PipRailError {constructor(...args8) { super(...args8); _class10.prototype.__init10.call(this); }
   __init10() {this.code = "NO_COMPATIBLE_ACCEPT"}
 }, _class10);
-var NonReplayableBodyError = (_class11 = class extends PipRailError {constructor(...args9) { super(...args9); _class11.prototype.__init11.call(this); }
-  __init11() {this.code = "NON_REPLAYABLE_BODY"}
+var UnsupportedSchemeError = (_class11 = class extends PipRailError {constructor(...args9) { super(...args9); _class11.prototype.__init11.call(this); }
+  __init11() {this.code = "UNSUPPORTED_SCHEME"}
 }, _class11);
-var WrongFamilyError = (_class12 = class extends PipRailError {constructor(...args10) { super(...args10); _class12.prototype.__init12.call(this); }
-  __init12() {this.code = "WRONG_FAMILY"}
+var NonReplayableBodyError = (_class12 = class extends PipRailError {constructor(...args10) { super(...args10); _class12.prototype.__init12.call(this); }
+  __init12() {this.code = "NON_REPLAYABLE_BODY"}
 }, _class12);
-var UnknownTokenError = (_class13 = class extends PipRailError {constructor(...args11) { super(...args11); _class13.prototype.__init13.call(this); }
-  __init13() {this.code = "UNKNOWN_TOKEN"}
+var WrongFamilyError = (_class13 = class extends PipRailError {constructor(...args11) { super(...args11); _class13.prototype.__init13.call(this); }
+  __init13() {this.code = "WRONG_FAMILY"}
 }, _class13);
-var MissingDriverError = (_class14 = class extends PipRailError {constructor(...args12) { super(...args12); _class14.prototype.__init14.call(this); }
-  __init14() {this.code = "MISSING_DRIVER"}
+var UnknownTokenError = (_class14 = class extends PipRailError {constructor(...args12) { super(...args12); _class14.prototype.__init14.call(this); }
+  __init14() {this.code = "UNKNOWN_TOKEN"}
 }, _class14);
-var UnsupportedNetworkError = (_class15 = class extends PipRailError {constructor(...args13) { super(...args13); _class15.prototype.__init15.call(this); }
-  __init15() {this.code = "UNSUPPORTED_NETWORK"}
+var MissingDriverError = (_class15 = class extends PipRailError {constructor(...args13) { super(...args13); _class15.prototype.__init15.call(this); }
+  __init15() {this.code = "MISSING_DRIVER"}
 }, _class15);
+var UnsupportedNetworkError = (_class16 = class extends PipRailError {constructor(...args14) { super(...args14); _class16.prototype.__init16.call(this); }
+  __init16() {this.code = "UNSUPPORTED_NETWORK"}
+}, _class16);
 
 // src/drivers/shared.ts
 var FAMILY_LABEL = {
@@ -178,4 +188,5 @@ function nativeCost(opts) {
 
 
 
-exports.PipRailError = PipRailError; exports.InsufficientFundsError = InsufficientFundsError; exports.RecipientNotReadyError = RecipientNotReadyError; exports.toInsufficientFundsError = toInsufficientFundsError; exports.WrongChainError = WrongChainError; exports.PaymentTimeoutError = PaymentTimeoutError; exports.MaxRetriesExceededError = MaxRetriesExceededError; exports.PaymentDeclinedError = PaymentDeclinedError; exports.ConfirmationTimeoutError = ConfirmationTimeoutError; exports.SettlementError = SettlementError; exports.InvalidEnvelopeError = InvalidEnvelopeError; exports.NoCompatibleAcceptError = NoCompatibleAcceptError; exports.NonReplayableBodyError = NonReplayableBodyError; exports.WrongFamilyError = WrongFamilyError; exports.UnknownTokenError = UnknownTokenError; exports.MissingDriverError = MissingDriverError; exports.UnsupportedNetworkError = UnsupportedNetworkError; exports.rejectForeignToken = rejectForeignToken; exports.parseUnits = parseUnits; exports.floorUnits = floorUnits; exports.formatUnits = formatUnits; exports.nativeCost = nativeCost;
+
+exports.PipRailError = PipRailError; exports.InsufficientFundsError = InsufficientFundsError; exports.RecipientNotReadyError = RecipientNotReadyError; exports.toInsufficientFundsError = toInsufficientFundsError; exports.WrongChainError = WrongChainError; exports.PaymentTimeoutError = PaymentTimeoutError; exports.MaxRetriesExceededError = MaxRetriesExceededError; exports.PaymentDeclinedError = PaymentDeclinedError; exports.ConfirmationTimeoutError = ConfirmationTimeoutError; exports.SettlementError = SettlementError; exports.InvalidEnvelopeError = InvalidEnvelopeError; exports.NoCompatibleAcceptError = NoCompatibleAcceptError; exports.UnsupportedSchemeError = UnsupportedSchemeError; exports.NonReplayableBodyError = NonReplayableBodyError; exports.WrongFamilyError = WrongFamilyError; exports.UnknownTokenError = UnknownTokenError; exports.MissingDriverError = MissingDriverError; exports.UnsupportedNetworkError = UnsupportedNetworkError; exports.rejectForeignToken = rejectForeignToken; exports.parseUnits = parseUnits; exports.floorUnits = floorUnits; exports.formatUnits = formatUnits; exports.nativeCost = nativeCost;

package/dist/{chunk-SVMGHASK.js → chunk-H3A4KWLJ.js}

@@ -37,7 +37,14 @@ var PaymentTimeoutError = class extends PipRailError {
 };
 var MaxRetriesExceededError = class extends PipRailError {
   code = "MAX_RETRIES_EXCEEDED";
-  /** The already-broadcast proof ref — recover with it, don't re-pay. */
+  /**
+   * The proof ref — recover with it, don't re-pay. Its meaning depends on the
+   * scheme: for `onchain-proof` it's the already-broadcast transaction ref
+   * (re-verify or re-submit it). For a standard `exact` rail it's the EIP-3009
+   * authorization NONCE (a `0x…` 32-byte value, NOT a tx hash) — re-PRESENT the
+   * same signed authorization, never re-sign a fresh nonce; check the token's
+   * `authorizationState(from, nonce)` before assuming it didn't settle.
+   */
   ref;
   constructor(message, options) {
     super(message, options);
@@ -59,6 +66,9 @@ var InvalidEnvelopeError = class extends PipRailError {
 var NoCompatibleAcceptError = class extends PipRailError {
   code = "NO_COMPATIBLE_ACCEPT";
 };
+var UnsupportedSchemeError = class extends PipRailError {
+  code = "UNSUPPORTED_SCHEME";
+};
 var NonReplayableBodyError = class extends PipRailError {
   code = "NON_REPLAYABLE_BODY";
 };
@@ -168,6 +178,7 @@ export {
   SettlementError,
   InvalidEnvelopeError,
   NoCompatibleAcceptError,
+  UnsupportedSchemeError,
   NonReplayableBodyError,
   WrongFamilyError,
   UnknownTokenError,