@piprail/sdk 1.13.1 → 1.15.0

package/dist/index.cjs

@@ -21,7 +21,8 @@
 
 
 
-var _chunkMDLZJGLYcjs = require('./chunk-MDLZJGLY.cjs');
+
+var _chunkPA6YD3HLcjs = require('./chunk-PA6YD3HL.cjs');
 
 // src/drivers/registry.ts
 var byFamily = /* @__PURE__ */ new Map();
@@ -50,13 +51,13 @@ function resolveNetwork(opts) {
   const family = familyForChain(opts.chain);
   const driver = byFamily.get(family);
   if (!driver) {
-    throw new (0, _chunkMDLZJGLYcjs.UnsupportedNetworkError)(
+    throw new (0, _chunkPA6YD3HLcjs.UnsupportedNetworkError)(
       `No driver registered for the "${family}" family \u2014 it may not be mounted yet (use the async resolveNetwork()).`
     );
   }
   const net = driver.resolve(opts);
   if (!net) {
-    throw new (0, _chunkMDLZJGLYcjs.UnsupportedNetworkError)(
+    throw new (0, _chunkPA6YD3HLcjs.UnsupportedNetworkError)(
       `The ${family} driver didn't recognise this chain input.`
     );
   }
@@ -97,13 +98,18 @@ var CHAINS = {
     defaultRpc: "https://ethereum-rpc.publicnode.com",
     tokens: {
       USDC: { address: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48", decimals: 6, symbol: "USDC" },
-      USDT: { address: "0xdAC17F958D2ee523a2206206994597C13D831ec7", decimals: 6, symbol: "USDT" }
+      USDT: { address: "0xdAC17F958D2ee523a2206206994597C13D831ec7", decimals: 6, symbol: "USDT" },
+      // Circle EURC — EIP-3009 (exact-payable). On-chain EIP-712 domain name is "Euro Coin" here
+      // (NOT "EURC"); the buyer re-derives it on-chain, so the symbol below is display-only.
+      EURC: { address: "0x1aBaEA1f7C830bD89Acc67eC4af516284b1bC33c", decimals: 6, symbol: "EURC" }
     }
   },
   base: {
     chain: _chains.base,
     tokens: {
-      USDC: { address: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", decimals: 6, symbol: "USDC" }
+      USDC: { address: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", decimals: 6, symbol: "USDC" },
+      // Circle EURC — EIP-3009 (exact-payable). On-chain EIP-712 domain name is "EURC" here.
+      EURC: { address: "0x60a3E35Cc302bFA44Cb288Bc5a4F316Fdb1adb42", decimals: 6, symbol: "EURC" }
     }
   },
   arbitrum: {
@@ -139,7 +145,9 @@ var CHAINS = {
     chain: _chains.avalanche,
     tokens: {
       USDC: { address: "0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E", decimals: 6, symbol: "USDC" },
-      USDT: { address: "0x9702230A8Ea53601f5cD2dc00fDBc13d4dF4A8c7", decimals: 6, symbol: "USDT" }
+      USDT: { address: "0x9702230A8Ea53601f5cD2dc00fDBc13d4dF4A8c7", decimals: 6, symbol: "USDT" },
+      // Circle EURC — EIP-3009 (exact-payable). On-chain EIP-712 domain name is "Euro Coin" here.
+      EURC: { address: "0xC891EB4cbdEFf6e073e859e987815Ed1505c2ACD", decimals: 6, symbol: "EURC" }
     }
   },
   // ── More popular EVM mainnets. Every address below was verified on-chain
@@ -312,12 +320,12 @@ function createWalletAdapter(config, resolved) {
   }
   const wc = config.walletClient;
   if (!wc.account) {
-    throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+    throw new (0, _chunkPA6YD3HLcjs.WrongFamilyError)(
       "chain is EVM; the provided walletClient has no attached account. Use `createWalletClient({ account, chain, transport })`, or pass { privateKey }."
     );
   }
   if (wc.chain && wc.chain.id !== resolved.chainId) {
-    throw new (0, _chunkMDLZJGLYcjs.WrongChainError)(
+    throw new (0, _chunkPA6YD3HLcjs.WrongChainError)(
       `PipRailClient: walletClient is on chain ${wc.chain.id} but the SDK was configured with chain ${resolved.chainId}. They must match.`
     );
   }
@@ -591,6 +599,53 @@ function encodeXPaymentHeader(input) {
   };
   return base64(JSON.stringify(payload));
 }
+async function payExactEvm(input) {
+  const { publicClient, walletClient, account, chainId, accept } = input;
+  let code;
+  try {
+    code = await publicClient.getCode({ address: account.address });
+  } catch (e6) {
+    code = void 0;
+  }
+  if (code && code !== "0x") {
+    throw new (0, _chunkPA6YD3HLcjs.UnsupportedSchemeError)(
+      `exact buyer rail requires an EOA signer; ${account.address} is a contract / EIP-1271 / EIP-7702-delegated account (no recoverable ECDSA signature). Pay via onchain-proof.`
+    );
+  }
+  const domain = await readExactDomain(publicClient, accept.asset);
+  if (!domain) {
+    throw new (0, _chunkPA6YD3HLcjs.UnsupportedSchemeError)(
+      `exact: ${accept.asset} on ${accept.network} isn't an EIP-3009 token (USDT needs Permit2; native coin and plain ERC-20s aren't exact-payable). Pay via onchain-proof.`
+    );
+  }
+  const g = globalThis.crypto;
+  if (!_optionalChain([g, 'optionalAccess', _5 => _5.getRandomValues])) {
+    throw new (0, _chunkPA6YD3HLcjs.UnsupportedSchemeError)(
+      "this runtime lacks Web Crypto (globalThis.crypto.getRandomValues); the exact rail needs a CSPRNG nonce."
+    );
+  }
+  const raw = new Uint8Array(32);
+  g.getRandomValues(raw);
+  const nonce = `0x${[...raw].map((b) => b.toString(16).padStart(2, "0")).join("")}`;
+  const now = Math.floor(Date.now() / 1e3);
+  const from = account.address;
+  const to = _viem.getAddress.call(void 0, accept.payTo);
+  const value = accept.amount;
+  const validAfter = "0";
+  const validBefore = String(now + accept.maxTimeoutSeconds);
+  const signature = await walletClient.signTypedData({
+    account,
+    domain: { name: domain.name, version: domain.version, chainId, verifyingContract: _viem.getAddress.call(void 0, accept.asset) },
+    types: EIP3009_TYPES,
+    primaryType: "TransferWithAuthorization",
+    message: { from, to, value: BigInt(value), validAfter: 0n, validBefore: BigInt(validBefore), nonce }
+  });
+  return {
+    payload: { signature, authorization: { from, to, value, validAfter, validBefore, nonce } },
+    payerFrom: from,
+    nonce
+  };
+}
 var eip3009Abi = [
   {
     type: "function",
@@ -644,7 +699,7 @@ async function readExactDomain(publicClient, asset) {
   let token;
   try {
     token = _viem.getAddress.call(void 0, asset);
-  } catch (e6) {
+  } catch (e7) {
     return null;
   }
   try {
@@ -662,7 +717,7 @@ async function readExactDomain(publicClient, asset) {
     ]);
     if (typeof name !== "string" || typeof version !== "string" || !name || !version) return null;
     return { name, version };
-  } catch (e7) {
+  } catch (e8) {
     return null;
   }
 }
@@ -710,7 +765,7 @@ async function verifyAndSettleExactEvm(input) {
   let fromCode;
   try {
     fromCode = await publicClient.getCode({ address: from });
-  } catch (e8) {
+  } catch (e9) {
     return { ok: false, error: "tx_not_found", detail: `Could not read code at ${from} (transient RPC) \u2014 retry.` };
   }
   const isContractWallet = Boolean(fromCode && fromCode !== "0x");
@@ -746,7 +801,7 @@ async function verifyAndSettleExactEvm(input) {
     if (used) {
       return { ok: false, error: "tx_already_used", detail: `Authorization nonce ${nonce} already used or canceled on-chain.` };
     }
-  } catch (e9) {
+  } catch (e10) {
     return { ok: false, error: "tx_not_found", detail: "Could not read authorizationState (transient RPC) \u2014 retry." };
   }
   const baseArgs = [from, to, value, validAfter, validBefore, nonce];
@@ -786,7 +841,7 @@ async function verifyAndSettleExactEvm(input) {
       args: writeArgs
     });
   } catch (err) {
-    throw new (0, _chunkMDLZJGLYcjs.SettlementError)(
+    throw new (0, _chunkPA6YD3HLcjs.SettlementError)(
       `exact settle: the merchant relayer failed to broadcast transferWithAuthorization (${shorten(err instanceof Error ? err.message : String(err))}). The payer's authorization is still valid and unused \u2014 fund/fix the relayer and the payer can retry.`,
       { cause: err }
     );
@@ -798,7 +853,7 @@ async function verifyAndSettleExactEvm(input) {
       return { ok: false, error: "tx_reverted", detail: `Settlement tx ${txHash} reverted on-chain.` };
     }
   } catch (err) {
-    throw new (0, _chunkMDLZJGLYcjs.SettlementError)(
+    throw new (0, _chunkPA6YD3HLcjs.SettlementError)(
       `exact settle: broadcast ${txHash} but couldn't confirm it (${shorten(err instanceof Error ? err.message : String(err))}).`,
       { cause: err }
     );
@@ -848,7 +903,7 @@ function decodeBase64(b64) {
 function fromBase64Json(b64) {
   try {
     return JSON.parse(decodeBase64(b64));
-  } catch (e10) {
+  } catch (e11) {
     return null;
   }
 }
@@ -873,6 +928,9 @@ function buildReceiptHeader(receipt) {
 function buildSignatureHeader(signature) {
   return toBase64Json(signature);
 }
+function buildExactSignatureHeader(input) {
+  return toBase64Json({ x402Version: 2, accepted: input.accepted, payload: input.payload });
+}
 async function parseChallenge(response) {
   const headerValue = response.headers.get(HEADER_REQUIRED);
   if (headerValue) {
@@ -882,22 +940,35 @@ async function parseChallenge(response) {
   try {
     const body = await response.clone().json();
     if (isValidChallenge(body)) return body;
-  } catch (e11) {
+  } catch (e12) {
   }
   return null;
 }
 function parseReceipt(response) {
-  const headerValue = response.headers.get(HEADER_RESPONSE);
+  const headerValue = _nullishCoalesce(response.headers.get(HEADER_RESPONSE), () => ( response.headers.get(HEADER_RESPONSE_V1)));
   if (!headerValue) return null;
   const parsed = fromBase64Json(headerValue);
   return isValidReceipt(parsed) ? parsed : null;
 }
+function parseSettleResponse(response) {
+  const headerValue = _nullishCoalesce(response.headers.get(HEADER_RESPONSE), () => ( response.headers.get(HEADER_RESPONSE_V1)));
+  if (!headerValue) return null;
+  const parsed = fromBase64Json(headerValue);
+  if (!parsed || typeof parsed !== "object" || typeof parsed.success !== "boolean") return null;
+  return {
+    success: parsed.success,
+    ...typeof parsed.transaction === "string" ? { transaction: parsed.transaction } : {},
+    ...typeof parsed.network === "string" ? { network: parsed.network } : {},
+    ...typeof parsed.payer === "string" ? { payer: parsed.payer } : {},
+    ...typeof parsed.errorReason === "string" ? { errorReason: parsed.errorReason } : {}
+  };
+}
 function parseSignatureHeader(value) {
   const parsed = fromBase64Json(value);
   if (!parsed || typeof parsed !== "object") return null;
   const v = parsed;
   const accepted = v.accepted;
-  const scheme = _nullishCoalesce(_optionalChain([accepted, 'optionalAccess', _5 => _5.scheme]), () => ( v.scheme));
+  const scheme = _nullishCoalesce(_optionalChain([accepted, 'optionalAccess', _6 => _6.scheme]), () => ( v.scheme));
   if (scheme !== "onchain-proof") return null;
   const payload = v.payload;
   if (!payload || typeof payload.txHash !== "string" || typeof payload.nonce !== "string") {
@@ -910,9 +981,9 @@ function parseExactPaymentHeader(value) {
   if (!parsed || typeof parsed !== "object") return null;
   const v = parsed;
   const accepted = _nullishCoalesce(v.accepted, () => ( null));
-  const scheme = _nullishCoalesce(_optionalChain([accepted, 'optionalAccess', _6 => _6.scheme]), () => ( v.scheme));
+  const scheme = _nullishCoalesce(_optionalChain([accepted, 'optionalAccess', _7 => _7.scheme]), () => ( v.scheme));
   if (scheme !== "exact") return null;
-  const network = _nullishCoalesce(_optionalChain([accepted, 'optionalAccess', _7 => _7.network]), () => ( v.network));
+  const network = _nullishCoalesce(_optionalChain([accepted, 'optionalAccess', _8 => _8.network]), () => ( v.network));
   if (typeof network !== "string") return null;
   const payload = v.payload;
   if (!payload || typeof payload !== "object") return null;
@@ -969,7 +1040,7 @@ var evmDriver = {
     let resolved;
     try {
       resolved = resolveChain(opts.chain, opts.rpcUrl);
-    } catch (e12) {
+    } catch (e13) {
       return null;
     }
     return makeEvmNetwork(resolved);
@@ -997,15 +1068,15 @@ function makeEvmNetwork(resolved) {
         const info = resolved.tokens[token.toUpperCase()];
         if (!info) {
           const known = Object.keys(resolved.tokens).join(", ") || "(none built in)";
-          throw new (0, _chunkMDLZJGLYcjs.UnknownTokenError)(
+          throw new (0, _chunkPA6YD3HLcjs.UnknownTokenError)(
             `token "${token}" isn't built in for ${resolved.chain.name} (known: ${known}). Pass { address, decimals } instead, or use 'native'.`
           );
         }
         return { asset: info.address, decimals: info.decimals, symbol: info.symbol };
       }
-      _chunkMDLZJGLYcjs.rejectForeignToken.call(void 0, token, "evm", network);
+      _chunkPA6YD3HLcjs.rejectForeignToken.call(void 0, token, "evm", network);
       if (!("address" in token)) {
-        throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+        throw new (0, _chunkPA6YD3HLcjs.WrongFamilyError)(
           `chain ${network} is EVM; a custom token must be { address, decimals }.`
         );
       }
@@ -1025,7 +1096,7 @@ function makeEvmNetwork(resolved) {
       let normalized;
       try {
         normalized = _viem.getAddress.call(void 0, asset);
-      } catch (e13) {
+      } catch (e14) {
         return null;
       }
       for (const info of Object.values(resolved.tokens)) {
@@ -1037,14 +1108,14 @@ function makeEvmNetwork(resolved) {
     },
     assertValidPayTo(payTo) {
       if (!_viem.isAddress.call(void 0, payTo)) {
-        throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+        throw new (0, _chunkPA6YD3HLcjs.WrongFamilyError)(
           `chain ${network} is EVM, but payTo "${payTo}" is not a valid 0x address.`
         );
       }
     },
     bindWallet(wallet) {
       if (typeof wallet !== "object" || wallet === null || !("privateKey" in wallet) && !("walletClient" in wallet)) {
-        throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
+        throw new (0, _chunkPA6YD3HLcjs.WrongFamilyError)(
           `chain ${network} is EVM; wallet must be { privateKey } or { walletClient }.`
         );
       }
@@ -1061,12 +1132,12 @@ function makeEvmNetwork(resolved) {
         });
       } catch (err) {
         if (isViemInsufficientFunds(err)) {
-          throw new (0, _chunkMDLZJGLYcjs.InsufficientFundsError)(
+          throw new (0, _chunkPA6YD3HLcjs.InsufficientFundsError)(
             err instanceof Error ? err.message : "Insufficient funds for payment.",
             { cause: err }
           );
         }
-        throw _nullishCoalesce(_chunkMDLZJGLYcjs.toInsufficientFundsError.call(void 0, err), () => ( err));
+        throw _nullishCoalesce(_chunkPA6YD3HLcjs.toInsufficientFundsError.call(void 0, err), () => ( err));
       }
     },
     async confirm(ref, minConfirmations) {
@@ -1077,7 +1148,7 @@ function makeEvmNetwork(resolved) {
         });
         return { height: receipt.blockNumber.toString() };
       } catch (err) {
-        throw new (0, _chunkMDLZJGLYcjs.ConfirmationTimeoutError)(
+        throw new (0, _chunkPA6YD3HLcjs.ConfirmationTimeoutError)(
           `EVM tx ${ref} did not reach ${minConfirmations} confirmation(s) in time.`,
           { cause: err }
         );
@@ -1085,19 +1156,28 @@ function makeEvmNetwork(resolved) {
     },
     async estimateCost(accept) {
       const { decimals, symbol } = resolved.chain.nativeCurrency;
+      if (accept.scheme === "exact") {
+        return _chunkPA6YD3HLcjs.nativeCost.call(void 0, {
+          symbol,
+          decimals,
+          fee: 0n,
+          basis: "estimated",
+          detail: "gasless \u2014 the server/facilitator settles the signed authorization"
+        });
+      }
       const gasLimit = accept.asset === "native" ? 21000n : 65000n;
       try {
         const gasPrice = await publicClient.getGasPrice();
-        return _chunkMDLZJGLYcjs.nativeCost.call(void 0, {
+        return _chunkPA6YD3HLcjs.nativeCost.call(void 0, {
           symbol,
           decimals,
           fee: gasPrice * gasLimit,
           basis: "estimated",
           detail: `~${gasLimit} gas @ ${gasPrice} wei/gas`
         });
-      } catch (e14) {
+      } catch (e15) {
         const gasPrice = 5000000000n;
-        return _chunkMDLZJGLYcjs.nativeCost.call(void 0, {
+        return _chunkPA6YD3HLcjs.nativeCost.call(void 0, {
           symbol,
           decimals,
           fee: gasPrice * gasLimit,
@@ -1118,7 +1198,7 @@ function makeEvmNetwork(resolved) {
           functionName: "balanceOf",
           args: [owner]
         });
-      } catch (e15) {
+      } catch (e16) {
         token = null;
       }
       return { token, native };
@@ -1146,6 +1226,21 @@ function makeEvmNetwork(resolved) {
         minConfirmations: accept.extra.minConfirmations
       });
     },
+    // Standard x402 `exact` rail (EIP-3009), BUYER side — EVM only. Re-derives the
+    // token's EIP-712 domain on-chain, signs an authorization with the agent's own
+    // key, and returns it for the client to frame into PAYMENT-SIGNATURE. Never
+    // broadcasts. Throws UnsupportedSchemeError for a non-EIP-3009 token / contract signer.
+    async payExact(wallet, accept) {
+      const a = wallet._native;
+      const { payload, payerFrom, nonce } = await payExactEvm({
+        publicClient,
+        walletClient: a.walletClient,
+        account: a.account,
+        chainId: resolved.chainId,
+        accept
+      });
+      return { payload, accepted: accept, payerFrom, nonce };
+    },
     // Standard x402 `exact` rail (EIP-3009), seller side — EVM only.
     async exactDomain(asset) {
       return readExactDomain(publicClient, asset);
@@ -1176,9 +1271,9 @@ var loaders = {
   solana: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./solana-PU7N2M64.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./solana-MPPE6K24.cjs")));
     } catch (cause) {
-      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
+      throw new (0, _chunkPA6YD3HLcjs.MissingDriverError)(
         `Solana selected, but its packages aren't installed. Run: npm install @solana/web3.js @solana/spl-token bs58`,
         { cause }
       );
@@ -1188,9 +1283,9 @@ var loaders = {
   ton: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./ton-VK6KRJHP.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./ton-RNEFN25G.cjs")));
     } catch (cause) {
-      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
+      throw new (0, _chunkPA6YD3HLcjs.MissingDriverError)(
         `TON selected, but its packages aren't installed. Run: npm install @ton/ton @ton/core @ton/crypto`,
         { cause }
       );
@@ -1200,9 +1295,9 @@ var loaders = {
   stellar: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./stellar-VDQOFQEO.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./stellar-XHLLNHQP.cjs")));
     } catch (cause) {
-      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
+      throw new (0, _chunkPA6YD3HLcjs.MissingDriverError)(
         `Stellar selected, but its package isn't installed. Run: npm install @stellar/stellar-sdk`,
         { cause }
       );
@@ -1212,9 +1307,9 @@ var loaders = {
   xrpl: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./xrpl-CMNI25BV.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./xrpl-XN2NBNGI.cjs")));
     } catch (cause) {
-      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
+      throw new (0, _chunkPA6YD3HLcjs.MissingDriverError)(
         `XRPL selected, but its package isn't installed. Run: npm install xrpl`,
         { cause }
       );
@@ -1224,9 +1319,9 @@ var loaders = {
   tron: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./tron-WLOF5OUV.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./tron-TKJHNFGM.cjs")));
     } catch (cause) {
-      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
+      throw new (0, _chunkPA6YD3HLcjs.MissingDriverError)(
         `Tron selected, but its package isn't installed. Run: npm install tronweb`,
         { cause }
       );
@@ -1236,9 +1331,9 @@ var loaders = {
   sui: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./sui-FKSMLKRF.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./sui-6CVLEXLA.cjs")));
     } catch (cause) {
-      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
+      throw new (0, _chunkPA6YD3HLcjs.MissingDriverError)(
         `Sui selected, but its package isn't installed. Run: npm install @mysten/sui`,
         { cause }
       );
@@ -1248,9 +1343,9 @@ var loaders = {
   near: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./near-7ZDNISUX.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./near-ZJLZE26R.cjs")));
     } catch (cause) {
-      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
+      throw new (0, _chunkPA6YD3HLcjs.MissingDriverError)(
         `NEAR selected, but its package isn't installed. Run: npm install near-api-js`,
         { cause }
       );
@@ -1260,9 +1355,9 @@ var loaders = {
   aptos: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./aptos-YT7SXWPF.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./aptos-GJGIZHNI.cjs")));
     } catch (cause) {
-      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
+      throw new (0, _chunkPA6YD3HLcjs.MissingDriverError)(
         `Aptos selected, but its package isn't installed. Run: npm install @aptos-labs/ts-sdk`,
         { cause }
       );
@@ -1272,9 +1367,9 @@ var loaders = {
   algorand: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./algorand-MXUSKX46.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./algorand-EJ3S2V7E.cjs")));
     } catch (cause) {
-      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
+      throw new (0, _chunkPA6YD3HLcjs.MissingDriverError)(
         `Algorand selected, but its package isn't installed. Run: npm install algosdk`,
         { cause }
       );
@@ -1391,7 +1486,7 @@ async function searchOpenIndexes(opts = {}) {
 async function safeSearch(run) {
   try {
     return await run();
-  } catch (e16) {
+  } catch (e17) {
     return [];
   }
 }
@@ -1497,7 +1592,7 @@ async function register402Index(input) {
     if (res.ok) {
       const body = await res.json().catch(() => ({}));
       const msg = typeof body.message === "string" && body.message.length > 0 ? body.message : void 0;
-      const live = _optionalChain([body, 'access', _8 => _8.service, 'optionalAccess', _9 => _9.status]) === "active";
+      const live = _optionalChain([body, 'access', _9 => _9.service, 'optionalAccess', _10 => _10.status]) === "active";
       return {
         source: "402index",
         ok: true,
@@ -1524,7 +1619,7 @@ async function readIndexError(res) {
       (p) => typeof p === "string" && p.length > 0
     );
     return parts.length ? [...new Set(parts)].join(" \u2014 ") : void 0;
-  } catch (e17) {
+  } catch (e18) {
     return void 0;
   }
 }
@@ -1634,11 +1729,11 @@ async function readSiwxInfo(res) {
   try {
     const body = await res.json();
     const ext = body.extensions;
-    const siwx = _optionalChain([ext, 'optionalAccess', _10 => _10["sign-in-with-x"]]);
-    const info = _nullishCoalesce(_optionalChain([siwx, 'optionalAccess', _11 => _11.info]), () => ( siwx));
-    if (info && info.chainId == null && Array.isArray(_optionalChain([siwx, 'optionalAccess', _12 => _12.supportedChains]))) {
+    const siwx = _optionalChain([ext, 'optionalAccess', _11 => _11["sign-in-with-x"]]);
+    const info = _nullishCoalesce(_optionalChain([siwx, 'optionalAccess', _12 => _12.info]), () => ( siwx));
+    if (info && info.chainId == null && Array.isArray(_optionalChain([siwx, 'optionalAccess', _13 => _13.supportedChains]))) {
       const evm = siwx.supportedChains.find(
-        (c) => typeof _optionalChain([c, 'optionalAccess', _13 => _13.chainId]) === "string" && c.chainId.startsWith("eip155:")
+        (c) => typeof _optionalChain([c, 'optionalAccess', _14 => _14.chainId]) === "string" && c.chainId.startsWith("eip155:")
       );
       if (evm && typeof evm.chainId === "string") info.chainId = evm.chainId;
     }
@@ -1646,7 +1741,7 @@ async function readSiwxInfo(res) {
       return info;
     }
     return null;
-  } catch (e18) {
+  } catch (e19) {
     return null;
   }
 }
@@ -1694,7 +1789,7 @@ function mapRails(accepts) {
 }
 function matchesQuery(r, query) {
   const q = query.toLowerCase();
-  return r.resource.toLowerCase().includes(q) || (_nullishCoalesce(_optionalChain([r, 'access', _14 => _14.name, 'optionalAccess', _15 => _15.toLowerCase, 'call', _16 => _16(), 'access', _17 => _17.includes, 'call', _18 => _18(q)]), () => ( false))) || (_nullishCoalesce(_optionalChain([r, 'access', _19 => _19.description, 'optionalAccess', _20 => _20.toLowerCase, 'call', _21 => _21(), 'access', _22 => _22.includes, 'call', _23 => _23(q)]), () => ( false)));
+  return r.resource.toLowerCase().includes(q) || (_nullishCoalesce(_optionalChain([r, 'access', _15 => _15.name, 'optionalAccess', _16 => _16.toLowerCase, 'call', _17 => _17(), 'access', _18 => _18.includes, 'call', _19 => _19(q)]), () => ( false))) || (_nullishCoalesce(_optionalChain([r, 'access', _20 => _20.description, 'optionalAccess', _21 => _21.toLowerCase, 'call', _22 => _22(), 'access', _23 => _23.includes, 'call', _24 => _24(q)]), () => ( false)));
 }
 function pickString(o, ...keys) {
   for (const k of keys) {
@@ -1727,7 +1822,7 @@ function hostOf(url) {
   try {
     const withScheme = /^[a-z][a-z0-9+.-]*:\/\//i.test(url) ? url : `https://${url}`;
     return new URL(withScheme).hostname || url;
-  } catch (e19) {
+  } catch (e20) {
     return url;
   }
 }
@@ -1747,7 +1842,18 @@ function encodeBase642(str) {
 
 // src/policy.ts
 var ALLOW = { allowed: true };
-var deny = (reason) => ({ allowed: false, reason });
+var deny = (code, reason) => ({
+  allowed: false,
+  reason,
+  code
+});
+function resolveDeadline(policy, sessionStart) {
+  const fromTtl = policy.ttlSeconds != null && Number.isSafeInteger(sessionStart + policy.ttlSeconds * 1e3) ? sessionStart + policy.ttlSeconds * 1e3 : null;
+  const fromAbs = policy.expiresAt != null ? policy.expiresAt : null;
+  if (fromTtl == null) return fromAbs;
+  if (fromAbs == null) return fromTtl;
+  return Math.min(fromTtl, fromAbs);
+}
 function hostMatches(host, pattern) {
   if (pattern.startsWith("*.")) {
     const suffix = pattern.slice(1);
@@ -1763,18 +1869,26 @@ function chainMatches(intent, allowed) {
   const id = "id" in allowed ? allowed.id : void 0;
   return id !== void 0 && intent.network === `eip155:${id}`;
 }
-function evaluatePolicy(intent, policy, spentForAssetBase) {
+function evaluatePolicy(intent, policy, spentForAssetBase, ctx) {
   if (!policy) return ALLOW;
+  if (ctx) {
+    const deadline = resolveDeadline(policy, ctx.sessionStart);
+    if (deadline != null && ctx.now >= deadline) {
+      return deny("SESSION_EXPIRED", "session expired (TTL elapsed) \u2014 refusing to pay.");
+    }
+  }
   if (policy.chains && !policy.chains.some((c) => chainMatches(intent, c))) {
     return deny(
+      "CHAIN",
       `chain ${intent.network} is not in the allowed set (policy.chains).`
     );
   }
   if (policy.hosts && !policy.hosts.some((h) => hostMatches(intent.host, h))) {
-    return deny(`host ${intent.host} is not in the allowed set (policy.hosts).`);
+    return deny("HOST", `host ${intent.host} is not in the allowed set (policy.hosts).`);
   }
   if (!intent.recognized && !policy.allowUnknownTokens) {
     return deny(
+      "UNKNOWN_TOKEN",
       `asset ${intent.asset} on ${intent.network} isn't a token the SDK can price; refusing to pay it on trust. Set policy.allowUnknownTokens to override.`
     );
   }
@@ -1787,34 +1901,52 @@ function evaluatePolicy(intent, policy, spentForAssetBase) {
     });
     if (!matches) {
       return deny(
+        "TOKEN",
         `token ${_nullishCoalesce(intent.symbol, () => ( intent.asset))} is not in the allowed set (policy.tokens).`
       );
     }
   }
   if (policy.maxAmount !== void 0) {
-    const cap = _chunkMDLZJGLYcjs.floorUnits.call(void 0, policy.maxAmount, intent.decimals);
+    const cap = _chunkPA6YD3HLcjs.floorUnits.call(void 0, policy.maxAmount, intent.decimals);
     if (intent.amountBase > cap) {
       return deny(
+        "MAX_AMOUNT",
         `payment of ${intent.amountBase} base units exceeds policy.maxAmount ` + `(${policy.maxAmount} ${_nullishCoalesce(intent.symbol, () => ( ""))}).`.trimEnd()
       );
     }
   }
   if (policy.maxTotal !== void 0) {
-    const cap = _chunkMDLZJGLYcjs.floorUnits.call(void 0, policy.maxTotal, intent.decimals);
+    const cap = _chunkPA6YD3HLcjs.floorUnits.call(void 0, policy.maxTotal, intent.decimals);
     if (spentForAssetBase + intent.amountBase > cap) {
       return deny(
+        "MAX_TOTAL",
         `this payment would push spend on ${_nullishCoalesce(intent.symbol, () => ( intent.asset))} past policy.maxTotal (${policy.maxTotal}); already spent ${spentForAssetBase} base units.`
       );
     }
   }
+  if (ctx && policy.windowTotal !== void 0 && policy.windowSeconds !== void 0) {
+    const cap = _chunkPA6YD3HLcjs.floorUnits.call(void 0, policy.windowTotal, intent.decimals);
+    if (ctx.spentInWindowBase + intent.amountBase > cap) {
+      return deny(
+        "WINDOW_TOTAL",
+        `this payment would exceed policy.windowTotal (${policy.windowTotal}) within the last ${policy.windowSeconds}s on ${_nullishCoalesce(intent.symbol, () => ( intent.asset))}.`
+      );
+    }
+  }
   return ALLOW;
 }
 
 // src/ledger.ts
 var keyFor = (network, asset) => `${network}|${asset}`;
-var SpendLedger = (_class = class {constructor() { _class.prototype.__init.call(this);_class.prototype.__init2.call(this); }
+var SpendLedger = (_class = class {constructor() { _class.prototype.__init.call(this);_class.prototype.__init2.call(this);_class.prototype.__init3.call(this); }
   __init() {this.records = []}
   __init2() {this.buckets = /* @__PURE__ */ new Map()}
+  /**
+   * Session clock origin (epoch-ms) — process/session start = ledger
+   * construction. In-memory; a new process is a new session. The client reads it
+   * to compute the `ttlSeconds` deadline and the rolling-window slice.
+   */
+  __init3() {this.sessionStart = Date.now()}
   /** Record a settled payment. `decimals` is the TRUE token decimals (for the
    *  per-asset running total used by maxTotal + the formatted summary). */
   record(r, decimals) {
@@ -1838,7 +1970,39 @@ var SpendLedger = (_class = class {constructor() { _class.prototype.__init.call(
   }
   /** Running total (base units) already spent on this (network, asset). */
   totalFor(network, asset) {
-    return _nullishCoalesce(_optionalChain([this, 'access', _24 => _24.buckets, 'access', _25 => _25.get, 'call', _26 => _26(keyFor(network, asset)), 'optionalAccess', _27 => _27.total]), () => ( 0n));
+    return _nullishCoalesce(_optionalChain([this, 'access', _25 => _25.buckets, 'access', _26 => _26.get, 'call', _27 => _27(keyFor(network, asset)), 'optionalAccess', _28 => _28.total]), () => ( 0n));
+  }
+  /**
+   * Sum of base-unit amounts for (network, asset) whose record `at` (ISO
+   * timestamp) is at or after `sinceMs` (epoch-ms). Backs the rolling window
+   * (`sinceMs = now - windowSeconds*1000`). A linear scan of `records` —
+   * agent-session cardinality is small (tens), and it only runs when a window
+   * policy is set, so it's negligible against the network round-trip.
+   */
+  totalSince(network, asset, sinceMs) {
+    let sum = 0n;
+    for (const r of this.records) {
+      if (r.network === network && r.asset === asset && Date.parse(r.at) >= sinceMs) {
+        sum += BigInt(r.amountBase);
+      }
+    }
+    return sum;
+  }
+  /**
+   * The per-(network, asset) buckets, as read-only tuples — `network`, `asset`,
+   * `symbol`, the TRUE `decimals` (frozen from the first record), and the running
+   * `totalBase`. Lets the client compose a budget view WITHOUT coupling the ledger
+   * to the policy (the cap math lives in the client). Decimals only exist for a
+   * pair once it's been spent on — a never-spent pair simply isn't a bucket.
+   */
+  assetBuckets() {
+    return [...this.buckets.values()].map((b) => ({
+      network: b.network,
+      asset: b.asset,
+      ...b.symbol ? { symbol: b.symbol } : {},
+      decimals: b.decimals,
+      totalBase: b.total
+    }));
   }
   /** An immutable snapshot of all spend so far. */
   summary() {
@@ -1850,7 +2014,7 @@ var SpendLedger = (_class = class {constructor() { _class.prototype.__init.call(
         symbol: b.symbol,
         decimals: b.decimals,
         totalBase: b.total.toString(),
-        totalFormatted: _chunkMDLZJGLYcjs.formatUnits.call(void 0, b.total, b.decimals),
+        totalFormatted: _chunkPA6YD3HLcjs.formatUnits.call(void 0, b.total, b.decimals),
         count: b.count
       })),
       records: [...this.records]
@@ -1859,6 +2023,7 @@ var SpendLedger = (_class = class {constructor() { _class.prototype.__init.call(
 }, _class);
 
 // src/client.ts
+var DEFAULT_SCHEMES = ["onchain-proof"];
 var RECIPIENT_FIX = {
   NO_TRUSTLINE: "the recipient needs a one-time trustline for this asset before it can receive",
   NOT_REGISTERED: "the recipient must be storage_deposit-registered on this token (NEP-145, one-time)",
@@ -1872,22 +2037,53 @@ var PipRailClient = (_class2 = class {
   
   // Per-asset tally of everything this client has paid (powers spent() and the
   // policy's maxTotal cap).
-  __init3() {this.ledger = new SpendLedger()}
+  __init4() {this.ledger = new SpendLedger()}
   // Resolved lazily on first request — this is what lets Solana (and future
   // families) auto-mount with no setup call.
   
-  constructor(opts) {;_class2.prototype.__init3.call(this);
+  constructor(opts) {;_class2.prototype.__init4.call(this);
     this.opts = opts;
     this.maxRetries = Math.max(1, _nullishCoalesce(opts.maxPaymentRetries, () => ( 3)));
     this.retryTimeoutMs = _nullishCoalesce(opts.retryTimeoutMs, () => ( 3e4));
     this.onEvent = _nullishCoalesce(opts.onEvent, () => ( (() => void 0)));
+    this.assertPolicyTimeOptions(opts.policy);
+  }
+  /**
+   * Fail LOUDLY at construction on a misconfigured time policy — a security
+   * boundary must never silently half-arm. Two invariants (a misconfiguration is
+   * a programmer error → `TypeError`, no new SDK error code):
+   *   - the rolling window needs BOTH `windowTotal` and `windowSeconds`, or NEITHER
+   *     (one alone is a leash that silently doesn't bite);
+   *   - `ttlSeconds` must be a positive, safe integer whose `*1000` deadline stays
+   *     within `Number.MAX_SAFE_INTEGER` (else the arithmetic would lose precision).
+   */
+  assertPolicyTimeOptions(policy) {
+    if (!policy) return;
+    const hasWindowTotal = policy.windowTotal !== void 0;
+    const hasWindowSeconds = policy.windowSeconds !== void 0;
+    if (hasWindowTotal !== hasWindowSeconds) {
+      throw new TypeError(
+        "policy.windowTotal and policy.windowSeconds must be set together \u2014 a rolling-window cap can't be half-armed (set both, or neither)."
+      );
+    }
+    if (hasWindowSeconds && !(Number.isSafeInteger(policy.windowSeconds) && policy.windowSeconds > 0)) {
+      throw new TypeError("policy.windowSeconds must be a positive integer number of seconds.");
+    }
+    if (policy.ttlSeconds !== void 0) {
+      const ttl = policy.ttlSeconds;
+      if (!Number.isSafeInteger(ttl) || ttl <= 0 || !Number.isSafeInteger(this.ledger.sessionStart + ttl * 1e3)) {
+        throw new TypeError(
+          "policy.ttlSeconds must be a positive integer number of seconds small enough that the resulting deadline stays a safe integer."
+        );
+      }
+    }
   }
   /** Emit an observability event, never letting a throwing handler break the
    * payment flow (mirrors the server gate's `onPaid` isolation). */
   safeEmit(event) {
     try {
       this.onEvent(event);
-    } catch (e20) {
+    } catch (e21) {
     }
   }
   /** Auto-mount the chain's driver, resolve the network, and bind the wallet — once. */
@@ -1901,6 +2097,11 @@ var PipRailClient = (_class2 = class {
       return { net, wallet };
     })();
   }
+  /** Resolve the effective scheme set: a per-call override, else the constructor's
+   *  `schemes`, else the `onchain-proof`-only default. */
+  resolveSchemes(perCall) {
+    return _nullishCoalesce(_nullishCoalesce(perCall, () => ( this.opts.schemes)), () => ( DEFAULT_SCHEMES));
+  }
   /** GET that auto-handles 402. Pass a full URL to any x402-gated endpoint. */
   get(url, init) {
     return this.fetch(url, { ..._nullishCoalesce(init, () => ( {})), method: "GET" });
@@ -1912,7 +2113,7 @@ var PipRailClient = (_class2 = class {
    * as-is) or a plain object (serialised as JSON).
    */
   post(url, body, init) {
-    const headers = new Headers(_optionalChain([init, 'optionalAccess', _28 => _28.headers]));
+    const headers = new Headers(_optionalChain([init, 'optionalAccess', _29 => _29.headers]));
     let payload;
     if (body === void 0 || body === null) {
       payload = void 0;
@@ -1943,9 +2144,9 @@ var PipRailClient = (_class2 = class {
    * "0.05 USDC on Base, within budget → pay it." No funds move.
    */
   async quote(url, init) {
-    const res = await fetch(url, { ..._nullishCoalesce(init, () => ( {})), method: _nullishCoalesce(_optionalChain([init, 'optionalAccess', _29 => _29.method]), () => ( "GET")) });
+    const res = await fetch(url, { ..._nullishCoalesce(init, () => ( {})), method: _nullishCoalesce(_optionalChain([init, 'optionalAccess', _30 => _30.method]), () => ( "GET")) });
     if (res.status !== 402) return null;
-    const { quote } = await this.resolveChallenge(url, res);
+    const { quote } = await this.resolveChallenge(url, res, this.resolveSchemes());
     return quote;
   }
   /**
@@ -1962,9 +2163,9 @@ var PipRailClient = (_class2 = class {
    * on Tron, where a USD₮ transfer can cost real TRX.
    */
   async estimateCost(url, init) {
-    const res = await fetch(url, { ..._nullishCoalesce(init, () => ( {})), method: _nullishCoalesce(_optionalChain([init, 'optionalAccess', _30 => _30.method]), () => ( "GET")) });
+    const res = await fetch(url, { ..._nullishCoalesce(init, () => ( {})), method: _nullishCoalesce(_optionalChain([init, 'optionalAccess', _31 => _31.method]), () => ( "GET")) });
     if (res.status !== 402) return null;
-    const { net, accept, quote } = await this.resolveChallenge(url, res);
+    const { net, accept, quote } = await this.resolveChallenge(url, res, this.resolveSchemes());
     const cost = await net.estimateCost(accept);
     return { quote, cost };
   }
@@ -1973,6 +2174,64 @@ var PipRailClient = (_class2 = class {
   spent() {
     return this.ledger.summary();
   }
+  /**
+   * Read-only budget + time leash for a Mode-A (headless) agent — the policy IS
+   * the consent, and this is how the agent SEES what's left of it before paying.
+   * Composes the in-memory ledger with the configured policy; never throws, moves
+   * no funds. PROCESS-SCOPED — every figure resets on restart (see {@link SessionBudget}).
+   */
+  budget() {
+    const view = this.sessionView();
+    const start = new Date(this.ledger.sessionStart).toISOString();
+    return {
+      session: {
+        start,
+        expiresAt: _optionalChain([view, 'optionalAccess', _32 => _32.expiresAt]) != null ? new Date(view.expiresAt).toISOString() : null,
+        secondsRemaining: _nullishCoalesce(_optionalChain([view, 'optionalAccess', _33 => _33.secondsRemaining]), () => ( null))
+      },
+      byAsset: this.remaining()
+    };
+  }
+  /**
+   * Per-(network, asset) remaining budget — ONE row per pair the ledger already
+   * holds (decimals are known only after the first spend), so a fresh client with
+   * a `maxTotal` set returns `[]` until its first payment. `cap`/`remaining` are
+   * `undefined` when no `maxTotal` is configured (unbounded). Pure + in-memory;
+   * never throws, never sums across tokens (no price oracle). PROCESS-SCOPED.
+   */
+  remaining() {
+    const maxTotal = _optionalChain([this, 'access', _34 => _34.opts, 'access', _35 => _35.policy, 'optionalAccess', _36 => _36.maxTotal]);
+    return this.ledger.assetBuckets().map((b) => {
+      const base2 = {
+        network: b.network,
+        asset: b.asset,
+        ...b.symbol ? { symbol: b.symbol } : {},
+        decimals: b.decimals,
+        spentBase: b.totalBase.toString()
+      };
+      if (maxTotal === void 0) return base2;
+      const capBase = _chunkPA6YD3HLcjs.floorUnits.call(void 0, maxTotal, b.decimals);
+      const remainingBase = capBase > b.totalBase ? capBase - b.totalBase : 0n;
+      return {
+        ...base2,
+        capBase: capBase.toString(),
+        remainingBase: remainingBase.toString(),
+        remainingFormatted: _chunkPA6YD3HLcjs.formatUnits.call(void 0, remainingBase, b.decimals)
+      };
+    });
+  }
+  /** The read-only TIME envelope for the plan/budget surfaces, or `undefined`
+   *  when no session deadline (`ttlSeconds`/`expiresAt`) is set. `secondsRemaining`
+   *  is clamped ≥ 0 — a best-effort host wall-clock estimate. */
+  sessionView(now = Date.now()) {
+    const policy = this.opts.policy;
+    if (!policy || policy.ttlSeconds == null && policy.expiresAt == null) return void 0;
+    const deadline = resolveDeadline(policy, this.ledger.sessionStart);
+    return {
+      expiresAt: deadline,
+      secondsRemaining: deadline == null ? null : Math.max(0, Math.floor((deadline - now) / 1e3))
+    };
+  }
   /**
    * Plan a payment for a gated URL — WITHOUT paying. The read-only completion of
    * the `quote()` → `estimateCost()` → **`planPayment()`** trio: it surveys every
@@ -1993,14 +2252,14 @@ var PipRailClient = (_class2 = class {
    * the plan yourself. No funds move.
    */
   async planPayment(url, init) {
-    const res = await fetch(url, { ..._nullishCoalesce(init, () => ( {})), method: _nullishCoalesce(_optionalChain([init, 'optionalAccess', _31 => _31.method]), () => ( "GET")) });
+    const res = await fetch(url, { ..._nullishCoalesce(init, () => ( {})), method: _nullishCoalesce(_optionalChain([init, 'optionalAccess', _37 => _37.method]), () => ( "GET")) });
     if (res.status !== 402) return null;
     const challenge = await parseChallenge(res);
     if (!challenge) {
-      throw new (0, _chunkMDLZJGLYcjs.InvalidEnvelopeError)("402 response did not include a parseable x402 challenge.");
+      throw new (0, _chunkPA6YD3HLcjs.InvalidEnvelopeError)("402 response did not include a parseable x402 challenge.");
     }
     const { net, wallet } = await this.ensure();
-    return this.planFromChallenge(net, wallet, challenge, url);
+    return this.planFromChallenge(net, wallet, challenge, url, this.resolveSchemes());
   }
   /**
    * Convenience over {@link planPayment}: can the wallet settle this URL right now?
@@ -2028,8 +2287,8 @@ var PipRailClient = (_class2 = class {
    * - A resource just listed via {@link register} may not appear yet — 402 Index reviews
    *   before publishing, so retry with a brief backoff if a fresh listing is missing.
    * - Results are cross-scheme (mostly the mainstream `exact` scheme); `fetch()` pays
-   *   only `onchain-proof` rails directly (pay `exact` resources with the experimental
-   *   `drivers/evm/exact.ts`).
+   *   `onchain-proof` rails by default, and standard `exact` rails too once you opt in
+   *   with `schemes: ['onchain-proof', 'exact']` (EVM + EIP-3009 — USDC/EURC).
    */
   async discover(opts = {}) {
     const found = await searchOpenIndexes({
@@ -2160,29 +2419,33 @@ var PipRailClient = (_class2 = class {
    * streams throw `NonReplayableBodyError`.
    */
   async fetch(url, init) {
-    const body = _optionalChain([init, 'optionalAccess', _32 => _32.body]);
+    const body = _optionalChain([init, 'optionalAccess', _38 => _38.body]);
     if (body !== void 0 && body !== null && !isReplayableBodyInit(body)) {
-      throw new (0, _chunkMDLZJGLYcjs.NonReplayableBodyError)(
+      throw new (0, _chunkPA6YD3HLcjs.NonReplayableBodyError)(
         "fetch(): init.body is not replayable. Pass a string, FormData, URLSearchParams, ArrayBuffer, or Blob \u2014 not a ReadableStream."
       );
     }
     const firstResponse = await fetch(url, init);
     if (firstResponse.status !== 402) return firstResponse;
-    const resolved = await this.resolveChallenge(url, firstResponse);
+    const schemes = this.resolveSchemes(_optionalChain([init, 'optionalAccess', _39 => _39.schemes]));
+    const resolved = await this.resolveChallenge(url, firstResponse, schemes);
     const { net, wallet, challenge } = resolved;
     let accept = resolved.accept;
     let quote = resolved.quote;
-    const autoRoute = _nullishCoalesce(_nullishCoalesce(_optionalChain([init, 'optionalAccess', _33 => _33.autoRoute]), () => ( this.opts.autoRoute)), () => ( false));
+    const autoRoute = _nullishCoalesce(_nullishCoalesce(_optionalChain([init, 'optionalAccess', _40 => _40.autoRoute]), () => ( this.opts.autoRoute)), () => ( false));
     if (autoRoute) {
-      const plan = await this.planFromChallenge(net, wallet, challenge, url);
+      const plan = await this.planFromChallenge(net, wallet, challenge, url, schemes);
       if (!plan.best) {
-        throw new (0, _chunkMDLZJGLYcjs.PaymentDeclinedError)(_nullishCoalesce(plan.fundingHint, () => ( "No rail is settleable for this payment.")));
+        throw new (0, _chunkPA6YD3HLcjs.PaymentDeclinedError)(_nullishCoalesce(plan.fundingHint, () => ( "No rail is settleable for this payment.")));
       }
       accept = plan.best.accept;
       quote = plan.best.quote;
     }
     this.safeEmit({ kind: "payment-required", challenge, accept });
     await this.authorize(quote);
+    if (accept.scheme === "exact") {
+      return this.payExactRail(net, wallet, accept, url, init, quote);
+    }
     const { ref, confirmed } = await this.payAndConfirm(net, wallet, accept);
     const response = await this.retryWithProof(url, init, accept, ref, confirmed);
     this.recordSpend(quote, ref);
@@ -2194,19 +2457,37 @@ var PipRailClient = (_class2 = class {
    * network, pick the accept the client can pay, and build its quote. Shared by
    * `quote()` (read-only) and `fetch()` (which then authorises + pays).
    */
-  async resolveChallenge(url, response) {
+  async resolveChallenge(url, response, schemes) {
     const challenge = await parseChallenge(response);
     if (!challenge) {
-      throw new (0, _chunkMDLZJGLYcjs.InvalidEnvelopeError)(
+      throw new (0, _chunkPA6YD3HLcjs.InvalidEnvelopeError)(
         "402 response did not include a parseable x402 challenge."
       );
     }
     const { net, wallet } = await this.ensure();
-    const candidates = this.gatherCandidates(net, challenge);
+    const candidates = this.gatherCandidates(net, challenge, schemes);
     if (candidates.length === 0) {
-      const networks = challenge.accepts.map((a) => a.network).join(", ");
-      throw new (0, _chunkMDLZJGLYcjs.NoCompatibleAcceptError)(
-        `No accepts[] entry for ${net.network} (challenge offered: ${networks || "none"}).`
+      const exactOnNet = challenge.accepts.some(
+        (a) => a.scheme === "exact" && net.supports(a.network)
+      );
+      if (schemes.includes("exact") && exactOnNet && typeof net.payExact !== "function") {
+        throw new (0, _chunkPA6YD3HLcjs.UnsupportedSchemeError)(
+          `This 402 offers a standard 'exact' rail on ${net.network}, but the ${net.family} family can't pay 'exact' (EVM + EIP-3009 only), and no 'onchain-proof' rail was offered.`
+        );
+      }
+      if (!schemes.includes("exact") && exactOnNet && typeof net.payExact === "function") {
+        const payable = challenge.accepts.some(
+          (a) => a.scheme === "exact" && net.supports(a.network) && net.describeAsset(a.asset) != null
+        );
+        if (payable) {
+          throw new (0, _chunkPA6YD3HLcjs.NoCompatibleAcceptError)(
+            `This 402 is payable only via the standard 'exact' rail on ${net.network}, which is OFF by default. Enable it: new PipRailClient({ \u2026, schemes: ['onchain-proof', 'exact'] }) or per call fetch(url, { schemes: ['exact'] }) (MCP: PIPRAIL_SCHEMES=onchain-proof,exact).`
+          );
+        }
+      }
+      const networks = [...new Set(challenge.accepts.map((a) => a.network))].join(", ");
+      throw new (0, _chunkPA6YD3HLcjs.NoCompatibleAcceptError)(
+        `No accepts[] entry payable by this client on ${net.network} (schemes: ${schemes.join(", ")}; challenge offered: ${networks || "none"}).`
       );
     }
     const priced = candidates.map((accept) => ({
@@ -2216,20 +2497,38 @@ var PipRailClient = (_class2 = class {
     const chosen = _nullishCoalesce(priced.find((p) => p.quote.withinPolicy), () => ( priced[0]));
     return { net, wallet, accept: chosen.accept, challenge, quote: chosen.quote };
   }
-  /** The candidate accepts this client could pay: our scheme, on the bound network.
-   *  A dual-advertised challenge may also carry standard `exact` rails — the PipRail
-   *  client ignores those (it pays the backendless `onchain-proof` rail); the type
-   *  predicate narrows the `X402AnyAccept` union to the rails we settle. */
-  gatherCandidates(net, challenge) {
-    return challenge.accepts.filter(
-      (a) => a.scheme === "onchain-proof" && net.supports(a.network)
-    );
+  /** The candidate accepts this client could pay, on the bound network. Always the
+   *  backendless `onchain-proof` rails; PLUS standard `exact` rails when `schemes`
+   *  enables them AND the driver can settle them (EVM `payExact` + a recognised
+   *  EIP-3009 token). `onchain-proof` is gathered FIRST so default selection is
+   *  unchanged when `exact` is off. */
+  gatherCandidates(net, challenge, schemes) {
+    const out = [];
+    if (schemes.includes("onchain-proof")) {
+      out.push(
+        ...challenge.accepts.filter(
+          (a) => a.scheme === "onchain-proof" && net.supports(a.network)
+        )
+      );
+    }
+    if (schemes.includes("exact")) {
+      out.push(
+        ...challenge.accepts.filter(
+          (a) => a.scheme === "exact" && net.supports(a.network) && typeof net.payExact === "function" && net.describeAsset(a.asset) != null && // a foreign rail's maxTimeoutSeconds must be a usable positive integer, or
+          // signing it would build a NaN/garbage validBefore — drop it silently
+          // (symmetric with an unrecognised token) rather than leak a raw SyntaxError.
+          Number.isInteger(a.maxTimeoutSeconds) && a.maxTimeoutSeconds > 0
+        )
+      );
+    }
+    return out;
   }
   /** Build the full {@link PaymentPlan} from an already-parsed challenge + bound
    *  net/wallet. Shared by `planPayment` (read-only) and `fetch`'s autoRoute. */
-  async planFromChallenge(net, wallet, challenge, url) {
+  async planFromChallenge(net, wallet, challenge, url, schemes) {
     const chainLabel = typeof this.opts.chain === "string" ? this.opts.chain : net.network;
-    const candidates = this.gatherCandidates(net, challenge);
+    const session = this.sessionView();
+    const candidates = this.gatherCandidates(net, challenge, schemes);
     if (candidates.length === 0) {
       const offered = [...new Set(challenge.accepts.map((a) => a.network))].join(", ") || "none";
       return {
@@ -2239,7 +2538,8 @@ var PipRailClient = (_class2 = class {
         payable: false,
         best: null,
         options: [],
-        fundingHint: `This 402 isn't offered on your chain (${chainLabel}); it's payable on: ${offered}.`
+        fundingHint: `This 402 isn't offered on your chain (${chainLabel}); it's payable on: ${offered}.`,
+        ...session ? { session } : {}
       };
     }
     const analysed = await Promise.all(
@@ -2257,7 +2557,8 @@ var PipRailClient = (_class2 = class {
       payable: best !== null,
       best,
       options,
-      fundingHint: best ? null : buildFundingHint(options, chainLabel)
+      fundingHint: best ? null : buildFundingHint(options, chainLabel),
+      ...session ? { session } : {}
     };
   }
   /** Analyse ONE rail against the wallet's holdings — quote (existing) + gas
@@ -2269,29 +2570,39 @@ var PipRailClient = (_class2 = class {
     const rr = await net.recipientReady(accept.payTo, accept.asset).catch(() => ({ ready: "unknown" }));
     const amount = BigInt(accept.amount);
     const fee = safeBig(cost.fee);
+    const isExact = accept.scheme === "exact";
     const isNative = accept.asset === "native";
     const blockers = [];
     const warnings = [];
     const shortfall = {};
-    if (!quote.withinPolicy) blockers.push("OUTSIDE_POLICY");
+    if (!quote.withinPolicy) {
+      blockers.push(
+        quote.policyCode === "SESSION_EXPIRED" || quote.policyCode === "WINDOW_TOTAL" ? "OUTSIDE_WINDOW" : "OUTSIDE_POLICY"
+      );
+    }
     if (quote.symbolMismatch) warnings.push("SYMBOL_MISMATCH");
-    if (cost.basis === "heuristic") warnings.push("GAS_HEURISTIC");
+    if (!isExact && cost.basis === "heuristic") warnings.push("GAS_HEURISTIC");
     const tokenKnown = bal.token != null;
     const nativeKnown = bal.native != null;
-    if (!tokenKnown || !nativeKnown) warnings.push("BALANCE_UNREADABLE");
-    if (isNative) {
+    if (isExact ? !tokenKnown : !tokenKnown || !nativeKnown) warnings.push("BALANCE_UNREADABLE");
+    if (isExact) {
+      if (tokenKnown && bal.token < amount) {
+        blockers.push("INSUFFICIENT_TOKEN");
+        shortfall.token = _chunkPA6YD3HLcjs.formatUnits.call(void 0, amount - bal.token, quote.decimals);
+      }
+    } else if (isNative) {
       if (nativeKnown && bal.native < amount + fee) {
         blockers.push("INSUFFICIENT_TOKEN");
-        shortfall.token = _chunkMDLZJGLYcjs.formatUnits.call(void 0, amount + fee - bal.native, quote.decimals);
+        shortfall.token = _chunkPA6YD3HLcjs.formatUnits.call(void 0, amount + fee - bal.native, quote.decimals);
       }
     } else {
       if (tokenKnown && bal.token < amount) {
         blockers.push("INSUFFICIENT_TOKEN");
-        shortfall.token = _chunkMDLZJGLYcjs.formatUnits.call(void 0, amount - bal.token, quote.decimals);
+        shortfall.token = _chunkPA6YD3HLcjs.formatUnits.call(void 0, amount - bal.token, quote.decimals);
       }
       if (nativeKnown && bal.native < fee) {
         blockers.push("INSUFFICIENT_GAS");
-        shortfall.native = _chunkMDLZJGLYcjs.formatUnits.call(void 0, fee - bal.native, cost.feeDecimals);
+        shortfall.native = _chunkPA6YD3HLcjs.formatUnits.call(void 0, fee - bal.native, cost.feeDecimals);
       } else if (nativeKnown && fee > 0n && bal.native < fee * 3n / 2n) {
         warnings.push("THIN_GAS_MARGIN");
       }
@@ -2306,7 +2617,7 @@ var PipRailClient = (_class2 = class {
     } else {
       recipient = { ready: rr.ready };
     }
-    const unreadable = isNative ? !nativeKnown : !tokenKnown || !nativeKnown;
+    const unreadable = isExact ? !tokenKnown : isNative ? !nativeKnown : !tokenKnown || !nativeKnown;
     const state = blockers.length ? "blocked" : unreadable || rr.ready === "unknown" ? "unknown" : "payable";
     return {
       accept,
@@ -2316,8 +2627,8 @@ var PipRailClient = (_class2 = class {
       blockers,
       warnings,
       balance: {
-        token: bal.token != null ? _chunkMDLZJGLYcjs.formatUnits.call(void 0, bal.token, quote.decimals) : null,
-        native: bal.native != null ? _chunkMDLZJGLYcjs.formatUnits.call(void 0, bal.native, cost.feeDecimals) : null
+        token: bal.token != null ? _chunkPA6YD3HLcjs.formatUnits.call(void 0, bal.token, quote.decimals) : null,
+        native: bal.native != null ? _chunkPA6YD3HLcjs.formatUnits.call(void 0, bal.native, cost.feeDecimals) : null
       },
       need: { token: quote.amountFormatted, native: cost.feeFormatted },
       ...shortfall.token || shortfall.native ? { shortfall } : {},
@@ -2328,15 +2639,20 @@ var PipRailClient = (_class2 = class {
    *  driver's describeAsset) + the policy verdict + a symbol-mismatch flag. */
   buildQuote(net, accept, url, description) {
     if (!/^\d+$/.test(accept.amount)) {
-      throw new (0, _chunkMDLZJGLYcjs.InvalidEnvelopeError)(
+      throw new (0, _chunkPA6YD3HLcjs.InvalidEnvelopeError)(
         `challenge amount "${accept.amount}" is not a base-unit integer.`
       );
     }
     const amountBase = BigInt(accept.amount);
     const described = net.describeAsset(accept.asset);
-    const decimals = _nullishCoalesce(_optionalChain([described, 'optionalAccess', _34 => _34.decimals]), () => ( accept.extra.decimals));
-    const symbol = _nullishCoalesce(_optionalChain([described, 'optionalAccess', _35 => _35.symbol]), () => ( accept.extra.symbol));
-    const amountFormatted = _chunkMDLZJGLYcjs.formatUnits.call(void 0, amountBase, decimals);
+    const decimals = _nullishCoalesce(_optionalChain([described, 'optionalAccess', _41 => _41.decimals]), () => ( accept.extra.decimals));
+    if (decimals === void 0) {
+      throw new (0, _chunkPA6YD3HLcjs.InvalidEnvelopeError)(
+        `challenge for ${accept.asset} on ${accept.network} states no decimals and the SDK doesn't recognise the token \u2014 refusing to price it.`
+      );
+    }
+    const symbol = _nullishCoalesce(_optionalChain([described, 'optionalAccess', _42 => _42.symbol]), () => ( accept.extra.symbol));
+    const amountFormatted = _chunkPA6YD3HLcjs.formatUnits.call(void 0, amountBase, decimals);
     const intent = {
       host: hostOf2(url),
       chain: this.opts.chain,
@@ -2347,10 +2663,25 @@ var PipRailClient = (_class2 = class {
       symbol,
       recognized: described != null
     };
+    const policy = this.opts.policy;
+    const hasWindow = !!policy && policy.windowTotal != null && policy.windowSeconds != null;
+    const hasTimePolicy = !!policy && (policy.ttlSeconds != null || policy.expiresAt != null || hasWindow);
+    const now = Date.now();
+    const ctx = hasTimePolicy ? {
+      now,
+      sessionStart: this.ledger.sessionStart,
+      // Window slice ONLY when BOTH fields are set — never a `?? 0` width.
+      spentInWindowBase: hasWindow ? this.ledger.totalSince(
+        accept.network,
+        accept.asset,
+        now - policy.windowSeconds * 1e3
+      ) : 0n
+    } : void 0;
     const decision = evaluatePolicy(
       intent,
       this.opts.policy,
-      this.ledger.totalFor(accept.network, accept.asset)
+      this.ledger.totalFor(accept.network, accept.asset),
+      ctx
     );
     const serverSymbol = accept.extra.symbol;
     const symbolMismatch = intent.recognized && !!serverSymbol && !!symbol && serverSymbol.toUpperCase() !== symbol.toUpperCase();
@@ -2369,15 +2700,19 @@ var PipRailClient = (_class2 = class {
       recognized: intent.recognized,
       symbolMismatch,
       withinPolicy: decision.allowed,
-      ...decision.reason ? { policyReason: decision.reason } : {}
+      ...decision.reason ? { policyReason: decision.reason } : {},
+      ...decision.code ? { policyCode: decision.code } : {}
     };
   }
   /** Enforce the spend policy and the onBeforePay hook — both refuse by
-   *  throwing PaymentDeclinedError, before any funds move. */
+   *  throwing PaymentDeclinedError, before any funds move. Every refusal carries
+   *  a typed `reasonCode` so an agent can branch on the cause (and spot a
+   *  TERMINAL expiry/approval decline it must not retry) without parsing prose. */
   async authorize(quote) {
     if (!quote.withinPolicy) {
-      throw new (0, _chunkMDLZJGLYcjs.PaymentDeclinedError)(
-        `Payment refused by policy: ${_nullishCoalesce(quote.policyReason, () => ( "not allowed"))}`
+      throw new (0, _chunkPA6YD3HLcjs.PaymentDeclinedError)(
+        `Payment refused by policy: ${_nullishCoalesce(quote.policyReason, () => ( "not allowed"))}`,
+        { reasonCode: reasonCodeForPolicy(quote.policyCode) }
       );
     }
     const hook = this.opts.onBeforePay;
@@ -2386,13 +2721,15 @@ var PipRailClient = (_class2 = class {
     try {
       approved = await hook(quote);
     } catch (err) {
-      throw new (0, _chunkMDLZJGLYcjs.PaymentDeclinedError)("onBeforePay threw \u2014 refusing to pay.", {
-        cause: err
+      throw new (0, _chunkPA6YD3HLcjs.PaymentDeclinedError)("onBeforePay threw \u2014 refusing to pay.", {
+        cause: err,
+        reasonCode: "APPROVAL"
       });
     }
     if (!approved) {
-      throw new (0, _chunkMDLZJGLYcjs.PaymentDeclinedError)(
-        `onBeforePay declined ${quote.amountFormatted} ${_nullishCoalesce(quote.symbol, () => ( ""))}`.trimEnd() + ` on ${quote.network}.`
+      throw new (0, _chunkPA6YD3HLcjs.PaymentDeclinedError)(
+        `onBeforePay declined ${quote.amountFormatted} ${_nullishCoalesce(quote.symbol, () => ( ""))}`.trimEnd() + ` on ${quote.network}.`,
+        { reasonCode: "APPROVAL" }
       );
     }
   }
@@ -2415,7 +2752,7 @@ var PipRailClient = (_class2 = class {
   }
   async payAndConfirm(net, wallet, accept) {
     if (!net.supports(accept.network)) {
-      throw new (0, _chunkMDLZJGLYcjs.WrongChainError)(
+      throw new (0, _chunkPA6YD3HLcjs.WrongChainError)(
         `Challenge expects ${accept.network} but client is on ${net.network}.`
       );
     }
@@ -2444,7 +2781,7 @@ var PipRailClient = (_class2 = class {
       accepted: accept,
       payload: { nonce: accept.extra.nonce, txHash: ref }
     };
-    const headers = new Headers(_optionalChain([originalInit, 'optionalAccess', _36 => _36.headers]));
+    const headers = new Headers(_optionalChain([originalInit, 'optionalAccess', _43 => _43.headers]));
     headers.set(HEADER_SIGNATURE, buildSignatureHeader(signature));
     let lastResponse = null;
     let lastReason = null;
@@ -2459,7 +2796,7 @@ var PipRailClient = (_class2 = class {
         () => timeoutController.abort(),
         this.retryTimeoutMs
       );
-      const signal = _optionalChain([originalInit, 'optionalAccess', _37 => _37.signal]) && typeof AbortSignal.any === "function" ? AbortSignal.any([timeoutController.signal, originalInit.signal]) : timeoutController.signal;
+      const signal = _optionalChain([originalInit, 'optionalAccess', _44 => _44.signal]) && typeof AbortSignal.any === "function" ? AbortSignal.any([timeoutController.signal, originalInit.signal]) : timeoutController.signal;
       try {
         lastResponse = await fetch(url, {
           ..._nullishCoalesce(originalInit, () => ( {})),
@@ -2468,7 +2805,7 @@ var PipRailClient = (_class2 = class {
         });
       } catch (err) {
         if (timeoutController.signal.aborted) {
-          throw new (0, _chunkMDLZJGLYcjs.PaymentTimeoutError)(
+          throw new (0, _chunkPA6YD3HLcjs.PaymentTimeoutError)(
             `Server did not respond within ${this.retryTimeoutMs}ms after broadcasting payment ${ref}. Re-verify or re-submit ref=${ref} \u2014 do NOT re-pay.`,
             { cause: err, ref }
           );
@@ -2490,16 +2827,111 @@ var PipRailClient = (_class2 = class {
       kind: "payment-failed",
       reason: `server returned 402 after broadcasting payment ${ref}${unconfirmedNote} (${why})`
     });
-    throw new (0, _chunkMDLZJGLYcjs.MaxRetriesExceededError)(
+    throw new (0, _chunkPA6YD3HLcjs.MaxRetriesExceededError)(
       `Server still returned 402 after ${attempts} attempt(s) with on-chain proof ref=${ref}${unconfirmedNote}. Last server rejection: ${why}. Re-verify or re-submit ref=${ref} before retrying \u2014 never re-pay (it would double-spend).`,
       { ref }
     );
   }
+  /**
+   * Pay a standard x402 `exact` rail — a SEPARATE, fundamentally more conservative
+   * path than {@link retryWithProof}. The buyer SIGNS an EIP-3009 authorization ONCE
+   * (the driver's `payExact`) and the server / merchant-chosen facilitator BROADCASTS
+   * it synchronously, so a blind re-POST of a still-in-flight authorization could
+   * double-BROADCAST it. Hence, unlike the onchain-proof loop:
+   *
+   *   • sign exactly once — reuse the SAME header on every retry, never re-sign;
+   *   • retry ONLY an explicit 402 (a definitive pre-broadcast rejection), bounded
+   *     well under `maxTimeoutSeconds` so the loop can't outlive the authorization;
+   *   • a post-POST transport error/timeout → {@link PaymentTimeoutError} carrying the
+   *     nonce (the facilitator MAY have settled — verify on-chain, NEVER re-pay);
+   *   • a 5xx → return as-is (server settle failure; the authorization stays valid +
+   *     its nonce unused) — no settled event, no spend;
+   *   • a 200 whose SettleResponse says `success:false` → a rejection, NEVER a spend;
+   *   • the spend is recorded EXACTLY ONCE, on an affirmative settlement only.
+   */
+  async payExactRail(net, wallet, accept, url, init, quote) {
+    if (!net.payExact) {
+      throw new (0, _chunkPA6YD3HLcjs.UnsupportedSchemeError)(
+        `the ${net.family} family can't pay a standard 'exact' rail (EVM + EIP-3009 only).`
+      );
+    }
+    throwIfAborted(_optionalChain([init, 'optionalAccess', _45 => _45.signal]));
+    const { payload, accepted, payerFrom, nonce } = await net.payExact(wallet, accept);
+    const headers = new Headers(_optionalChain([init, 'optionalAccess', _46 => _46.headers]));
+    headers.set(HEADER_SIGNATURE, buildExactSignatureHeader({ accepted, payload }));
+    const rejectDefinitive = (why2) => {
+      this.safeEmit({ kind: "payment-failed", reason: `exact: facilitator rejected nonce=${nonce} (${why2})` });
+      throw new (0, _chunkPA6YD3HLcjs.MaxRetriesExceededError)(
+        `exact: the facilitator rejected the payment (${why2}). Fix the cause, then re-present the SAME signed authorization (nonce=${nonce}) \u2014 do NOT re-sign a fresh nonce. ref=${nonce}.`,
+        { ref: nonce }
+      );
+    };
+    const deadline = Date.now() + Math.max(1, Math.floor(accept.maxTimeoutSeconds / 2)) * 1e3;
+    const maxAttempts = Math.min(this.maxRetries, 3);
+    let lastReason = null;
+    for (let attempt = 0; attempt < maxAttempts; attempt += 1) {
+      if (attempt > 0) {
+        if (Date.now() >= deadline) break;
+        await new Promise((r) => setTimeout(r, Math.min(2e3, 400 * 2 ** (attempt - 1))));
+      }
+      throwIfAborted(_optionalChain([init, 'optionalAccess', _47 => _47.signal]));
+      const budget = Math.min(this.retryTimeoutMs, deadline - Date.now());
+      if (budget <= 0) break;
+      const timeoutController = new AbortController();
+      const timeoutId = setTimeout(() => timeoutController.abort(), budget);
+      const signal = _optionalChain([init, 'optionalAccess', _48 => _48.signal]) && typeof AbortSignal.any === "function" ? AbortSignal.any([timeoutController.signal, init.signal]) : timeoutController.signal;
+      let response;
+      try {
+        response = await fetch(url, { ..._nullishCoalesce(init, () => ( {})), headers, signal });
+      } catch (err) {
+        throw new (0, _chunkPA6YD3HLcjs.PaymentTimeoutError)(
+          `exact: no response after submitting the authorization (nonce=${nonce}) to ${hostOf2(url)}. The facilitator may have already settled it \u2014 verify on-chain with authorizationState(${payerFrom}, ${nonce}) before re-presenting; do NOT re-pay.`,
+          { cause: err, ref: nonce }
+        );
+      } finally {
+        clearTimeout(timeoutId);
+      }
+      const settle = parseSettleResponse(response);
+      if (response.status === 402) {
+        if (settle && settle.success === false) rejectDefinitive(_nullishCoalesce(settle.errorReason, () => ( "the facilitator reported success:false")));
+        lastReason = await _asyncNullishCoalesce(await readInvalidReason(response), async () => ( lastReason));
+        continue;
+      }
+      if (response.ok && !(settle && settle.success === false)) {
+        const receipt = parseReceipt(response);
+        this.safeEmit({ kind: "payment-settled", receipt, ...settle ? { settle } : {} });
+        const ref = _optionalChain([settle, 'optionalAccess', _49 => _49.transaction]) || _optionalChain([receipt, 'optionalAccess', _50 => _50.transaction]) || `eip3009-nonce:${nonce}`;
+        this.recordSpend(quote, ref);
+        return response;
+      }
+      if (response.status >= 500) {
+        this.safeEmit({ kind: "payment-failed", reason: `exact: server ${response.status} \u2014 authorization nonce=${nonce} not settled` });
+        return response;
+      }
+      if (settle && settle.success === false) rejectDefinitive(_nullishCoalesce(settle.errorReason, () => ( "the facilitator reported success:false")));
+      this.safeEmit({ kind: "payment-failed", reason: `exact: server ${response.status} \u2014 authorization nonce=${nonce} not settled` });
+      return response;
+    }
+    const why = lastReason ? `${lastReason.error}${lastReason.detail ? ` \u2014 ${lastReason.detail}` : ""}` : "server gave no reason";
+    this.safeEmit({
+      kind: "payment-failed",
+      reason: `exact: 402 after submitting authorization nonce=${nonce} (${why})`
+    });
+    throw new (0, _chunkPA6YD3HLcjs.MaxRetriesExceededError)(
+      `exact: server still returned 402 after submitting the signed authorization (nonce=${nonce}). Last rejection: ${why}. Re-present the SAME authorization \u2014 do NOT re-sign a fresh nonce; verify authorizationState(${payerFrom}, ${nonce}) first. ref=${nonce}.`,
+      { ref: nonce }
+    );
+  }
 }, _class2);
+function throwIfAborted(signal) {
+  if (_optionalChain([signal, 'optionalAccess', _51 => _51.aborted])) {
+    throw _nullishCoalesce(signal.reason, () => ( new DOMException("This operation was aborted.", "AbortError")));
+  }
+}
 function safeBig(s) {
   try {
     return BigInt(s);
-  } catch (e21) {
+  } catch (e22) {
     return 0n;
   }
 }
@@ -2525,6 +2957,9 @@ function buildFundingHint(options, chainLabel) {
   if (target.blockers.includes("RECIPIENT_NOT_READY")) {
     return `Recipient ${shortAddr(target.accept.payTo)} can't receive on ${chainLabel} yet \u2014 ${_nullishCoalesce(target.recipient.fix, () => ( "recipient not ready"))}.`;
   }
+  if (target.blockers.includes("OUTSIDE_WINDOW")) {
+    return target.quote.policyCode === "SESSION_EXPIRED" ? `Session is over on ${chainLabel} \u2014 restart the process or extend the TTL; no retry will succeed.` : `Budget window exhausted on ${chainLabel} \u2014 wait for it to free, or raise policy.windowTotal.`;
+  }
   if (target.blockers.includes("OUTSIDE_POLICY")) {
     return `Refused by spend policy: ${_nullishCoalesce(target.quote.policyReason, () => ( "not allowed"))}.`;
   }
@@ -2532,10 +2967,10 @@ function buildFundingHint(options, chainLabel) {
     return `Couldn't fully read your wallet on ${chainLabel} (RPC throttled) \u2014 retry; you may already be able to pay ${target.quote.amountFormatted} ${sym}.`;
   }
   const parts = [];
-  if (target.blockers.includes("INSUFFICIENT_TOKEN") && _optionalChain([target, 'access', _38 => _38.shortfall, 'optionalAccess', _39 => _39.token])) {
+  if (target.blockers.includes("INSUFFICIENT_TOKEN") && _optionalChain([target, 'access', _52 => _52.shortfall, 'optionalAccess', _53 => _53.token])) {
     parts.push(`top up ${target.shortfall.token} ${sym}`);
   }
-  if (target.blockers.includes("INSUFFICIENT_GAS") && _optionalChain([target, 'access', _40 => _40.shortfall, 'optionalAccess', _41 => _41.native])) {
+  if (target.blockers.includes("INSUFFICIENT_GAS") && _optionalChain([target, 'access', _54 => _54.shortfall, 'optionalAccess', _55 => _55.native])) {
     parts.push(`add ~${target.shortfall.native} ${target.cost.feeSymbol} for gas`);
   }
   return parts.length ? `Can't settle on ${chainLabel}: ${parts.join(" and ")} (to pay ${target.quote.amountFormatted} ${sym}).` : `Can't settle on ${chainLabel} for ${target.quote.amountFormatted} ${sym}.`;
@@ -2549,7 +2984,7 @@ async function planAcross(clients, url, init) {
   const status = best ? "ready" : options.some((o) => o.state === "unknown") ? "unknown" : "blocked";
   return {
     url,
-    network: _nullishCoalesce(_optionalChain([best, 'optionalAccess', _42 => _42.accept, 'access', _43 => _43.network]), () => ( live[0].network)),
+    network: _nullishCoalesce(_optionalChain([best, 'optionalAccess', _56 => _56.accept, 'access', _57 => _57.network]), () => ( live[0].network)),
     status,
     payable: best !== null,
     best,
@@ -2562,10 +2997,24 @@ function railOnNetwork(rail, matches) {
   const n = normalizeNetwork(rail.network);
   return !n.includes(":") || matches(n);
 }
+function reasonCodeForPolicy(code) {
+  switch (code) {
+    case "SESSION_EXPIRED":
+      return "SESSION_EXPIRED";
+    case "WINDOW_TOTAL":
+      return "OUTSIDE_WINDOW";
+    case "MAX_TOTAL":
+      return "BUDGET";
+    case void 0:
+      return void 0;
+    default:
+      return "POLICY";
+  }
+}
 function hostOf2(url) {
   try {
     return new URL(url).hostname;
-  } catch (e22) {
+  } catch (e23) {
     return url;
   }
 }
@@ -2582,8 +3031,8 @@ function isReplayableBodyInit(value) {
 async function readInvalidReason(response) {
   try {
     const body = await response.clone().json();
-    const ext = _optionalChain([body, 'optionalAccess', _44 => _44.extensions]);
-    const piprail = _optionalChain([ext, 'optionalAccess', _45 => _45.piprail]);
+    const ext = _optionalChain([body, 'optionalAccess', _58 => _58.extensions]);
+    const piprail = _optionalChain([ext, 'optionalAccess', _59 => _59.piprail]);
     if (piprail && typeof piprail.code === "string") {
       return {
         error: piprail.code,
@@ -2596,18 +3045,130 @@ async function readInvalidReason(response) {
         detail: typeof body.detail === "string" ? body.detail : ""
       };
     }
-  } catch (e23) {
+    if (body && body.isValid === false && typeof body.invalidReason === "string") {
+      return {
+        error: body.invalidReason,
+        detail: typeof body.invalidMessage === "string" ? body.invalidMessage : ""
+      };
+    }
+  } catch (e24) {
   }
+  const settle = parseSettleResponse(response);
+  if (_optionalChain([settle, 'optionalAccess', _60 => _60.errorReason])) return { error: settle.errorReason, detail: "" };
   return null;
 }
 
+// src/render.ts
+function summarizePlan(plan) {
+  if (plan == null) return "No payment required \u2014 the URL is not payment-gated.";
+  if (plan.payable && plan.best) {
+    const q = plan.best.quote;
+    const c = plan.best.cost;
+    const otherRails = plan.options.length - 1;
+    const note = otherRails > 0 ? ` ${otherRails} other rail(s) not settleable.` : "";
+    return `Payable: ${q.amountFormatted} ${_nullishCoalesce(q.symbol, () => ( q.asset))} on ${plan.best.accept.network} (gas ~${c.feeFormatted} ${c.feeSymbol}).${note}`;
+  }
+  return `NOT payable: ${_nullishCoalesce(plan.fundingHint, () => ( `no settleable rail on ${plan.network}`))}`;
+}
+function explainDecline(err) {
+  if (!(err instanceof _chunkPA6YD3HLcjs.PipRailError)) {
+    return `Payment failed: ${err instanceof Error ? err.message : String(err)}`;
+  }
+  switch (err.code) {
+    case "PAYMENT_DECLINED":
+      return err.message;
+    case "PAYMENT_TIMEOUT":
+    case "MAX_RETRIES_EXCEEDED":
+    case "CONFIRMATION_TIMEOUT":
+      return `${err.message} Recover using the proof on .ref (re-verify or re-submit it); never re-pay \u2014 a fresh payment would double-spend.`;
+    case "INSUFFICIENT_FUNDS":
+      return "The wallet cannot cover the payment + gas \u2014 top up the payer (token and/or native gas) and retry.";
+    case "RECIPIENT_NOT_READY":
+      return `${err.message} The fix is on the RECIPIENT (trustline / registration / opt-in / activation), not your balance.`;
+    case "NO_COMPATIBLE_ACCEPT":
+    case "UNSUPPORTED_SCHEME":
+      return err.message;
+    default:
+      return `Payment failed: ${err.message}`;
+  }
+}
+function formatSpendReport(summary) {
+  if (summary.count === 0) return "No payments yet.";
+  return summary.byAsset.map(
+    (a) => `${a.totalFormatted} ${_nullishCoalesce(a.symbol, () => ( a.asset))} on ${a.network} (${a.count} payment${a.count === 1 ? "" : "s"})`
+  ).join("; ");
+}
+
+// src/agentGuide.ts
+var PIPRAIL_AGENT_GUIDE = `# Paying with PipRail \u2014 the agent contract
+
+You can pay for x402 "402 Payment Required" resources autonomously. Money moves
+straight from your wallet to the server; PipRail custodies nothing. Follow this.
+
+## The loop: quote \u2192 plan \u2192 pay
+1. piprail_quote_payment(url) \u2014 PRICE it. Returns the amount, token, chain, and
+   whether it is within your spend policy. No funds move. Use it to decide if a
+   resource is worth buying.
+2. piprail_plan_payment(url) \u2014 can I afford it NOW? Reads your balance, native gas,
+   and recipient-readiness across every rail, and returns { payable, best,
+   fundingHint, session? }. If payable is false, do NOT attempt the payment \u2014
+   fundingHint says exactly what to fix.
+3. piprail_pay_request(url, method?, body?) \u2014 PAY (only if the plan was payable)
+   and return the result.
+Always plan before you pay so you never commit to a payment you cannot finish.
+
+## Reading a refusal \u2014 never crash, never double-spend
+A failed pay returns a STRUCTURED object, never a thrown error you must catch:
+  { ok:false, code, reason, explain, ref?, reasonCode?, declined? }
+Branch on \`code\` (always reliable). Key cases:
+- declined:true with reasonCode:'SESSION_EXPIRED' \u2014 your time budget is over. This
+  is TERMINAL: STOP. Do not retry ANY payment this process; it cannot be undone
+  without a restart / a longer TTL.
+- declined:true with reasonCode:'APPROVAL' \u2014 a human (or hook) declined this
+  payment. Terminal for this pay: do NOT auto-retry \u2014 they said no, or no one
+  answered.
+- declined:true with reasonCode:'OUTSIDE_WINDOW' \u2014 your rolling rate-limit is
+  exhausted. Wait for it to free, then retry; do not raise the amount.
+- declined:true with reasonCode:'POLICY' or 'BUDGET' \u2014 a spend cap or allowlist
+  refused it. Don't retry the same payment; pick a cheaper/allowed one.
+- code:'INSUFFICIENT_FUNDS' \u2014 top up the wallet (token and/or native gas), retry.
+- code:'PAYMENT_TIMEOUT' / 'MAX_RETRIES_EXCEEDED' / 'CONFIRMATION_TIMEOUT' \u2014 the
+  payment may ALREADY be on-chain. Recover using the proof on \`.ref\` (re-verify
+  or re-submit it); never re-pay \u2014 a fresh payment would double-spend.
+- code:'NO_COMPATIBLE_ACCEPT' / 'UNSUPPORTED_SCHEME' \u2014 the 402 isn't payable on
+  your chain/scheme; \`explain\` says whether it's the wrong chain or a scheme to enable.
+
+## Knowing your leash \u2014 call piprail_budget
+piprail_budget tells you how much budget and time you have left, per
+(network, asset), plus your spend so far. Read-only; moves no funds. Use it in
+Mode A to self-check before paying.
+
+## Two modes
+- Mode A (headless, default): you run FREE inside a pre-set budget + time
+  envelope. The policy IS the consent \u2014 there is no per-payment prompt. Stay
+  inside it; piprail_budget shows what's left.
+- Mode B (supervised): the host may ask a human to approve each payment. A
+  decline/cancel/timeout comes back as declined:true (reasonCode:'APPROVAL') \u2014
+  do NOT retry it as if it were a transient error.
+
+## Hard facts
+- Spend caps are PER (network, asset). There is no single cross-token dollar cap \u2014
+  budgets aren't summed across tokens (no price oracle).
+- Spend totals and the time envelope live IN-MEMORY for THIS process; they reset on restart
+  (a convenience, not a durable ledger).
+`;
+function agentGuide() {
+  return PIPRAIL_AGENT_GUIDE;
+}
+
 // src/agent.ts
+var OPEN_OBJECT = { type: "object", additionalProperties: true };
 async function readBody(res) {
   const text = await res.text();
   if (!text) return null;
   try {
     return JSON.parse(text);
-  } catch (e24) {
+  } catch (e25) {
     return text;
   }
 }
@@ -2674,6 +3235,7 @@ function paymentTools(client) {
         required: ["url"],
         additionalProperties: false
       },
+      outputSchema: OPEN_OBJECT,
       invoke: async (args) => {
         const quote = await client.quote(String(args.url));
         return quote ? { gated: true, ...quote } : { gated: false, url: String(args.url) };
@@ -2697,6 +3259,7 @@ function paymentTools(client) {
         required: ["url"],
         additionalProperties: false
       },
+      outputSchema: OPEN_OBJECT,
       invoke: async (args) => {
         const plan = await client.planPayment(String(args.url));
         if (plan == null) return { gated: false, url: String(args.url) };
@@ -2705,6 +3268,8 @@ function paymentTools(client) {
           payable: plan.payable,
           status: plan.status,
           fundingHint: plan.fundingHint,
+          // One model-readable line distilling the whole plan.
+          summary: summarizePlan(plan),
           best: plan.best ? {
             network: plan.best.accept.network,
             symbol: plan.best.quote.symbol,
@@ -2720,23 +3285,25 @@ function paymentTools(client) {
             blockers: o.blockers,
             warnings: o.warnings,
             recipientReady: o.recipient.ready
-          }))
+          })),
+          // The session's time leash, present only when a time policy is configured.
+          ...plan.session ? { session: plan.session } : {}
         };
       }
     },
     {
       name: "piprail_pay_request",
-      description: "Fetch an x402 payment-gated URL, automatically paying the required on-chain payment if needed (subject to the spend policy + approval hook). Returns the HTTP status, the response body, and a payment receipt if one settled. If the payment is refused by policy or the approval hook, returns { declined: true, reason } \u2014 no funds moved.",
+      description: "Fetch an x402 payment-gated URL, automatically making the required payment if needed (subject to the spend policy + approval hook). Pays whichever rail the client is configured for \u2014 PipRail's backendless on-chain rail, or, when enabled, the standard `exact` rail (where the buyer signs and the server settles, so no buyer gas). Returns the HTTP status, the response body, and a payment receipt if one settled. If the payment is refused by policy or the approval hook, returns { declined: true, reason } \u2014 no funds moved.",
       annotations: {
         title: "Pay an x402 request",
         readOnlyHint: false,
         // this is the one tool that MOVES FUNDS
         destructiveHint: true,
-        // an on-chain payment is value-moving and not reversible
+        // a payment is value-moving and not reversible
         idempotentHint: false,
         // paying twice = two payments
         openWorldHint: true
-        // fetches a URL and settles on-chain
+        // fetches a URL and settles a payment
       },
       parameters: {
         type: "object",
@@ -2778,8 +3345,20 @@ function paymentTools(client) {
             receipt: parseReceipt(res)
           };
         } catch (err) {
-          if (err instanceof _chunkMDLZJGLYcjs.PaymentDeclinedError) {
-            return { declined: true, reason: err.message };
+          if (err instanceof _chunkPA6YD3HLcjs.PipRailError) {
+            const out = {
+              ok: false,
+              code: err.code,
+              reason: err.message,
+              explain: explainDecline(err)
+            };
+            if (err instanceof _chunkPA6YD3HLcjs.PaymentDeclinedError) {
+              out.declined = true;
+              if (err.reasonCode) out.reasonCode = err.reasonCode;
+            }
+            const ref = err.ref;
+            if (typeof ref === "string") out.ref = ref;
+            return out;
           }
           throw err;
         }
@@ -2817,10 +3396,57 @@ function paymentTools(client) {
         const outcomes = await client.register(String(args.url), opts);
         return { outcomes };
       }
+    },
+    {
+      name: "piprail_budget",
+      description: "Read how much of your spend budget and time leash is left \u2014 per (network, asset) remaining, the session time envelope, and your spend so far. Use it in Mode A (headless) to self-check BEFORE paying, so you never discover the leash by hitting a decline. Read-only; moves no funds. NOTE: totals and the time envelope are in-memory for THIS process and reset on restart.",
+      annotations: {
+        title: "Check remaining budget",
+        readOnlyHint: true,
+        // reads the in-memory ledger + policy; never pays
+        idempotentHint: true
+        // a pure read
+      },
+      parameters: { type: "object", properties: {}, additionalProperties: false },
+      outputSchema: OPEN_OBJECT,
+      invoke: async () => {
+        const spent = client.spent();
+        const budget = client.budget();
+        return {
+          spent,
+          remaining: budget.byAsset,
+          session: budget.session,
+          report: formatSpendReport(spent)
+        };
+      }
+    },
+    {
+      name: "piprail_guide",
+      description: "Read the PipRail agent contract \u2014 the quote \u2192 plan \u2192 pay loop, how to read a refusal (and which declines are TERMINAL), the never-re-pay rule for broadcast-but-unconfirmed payments, and Mode A (headless) vs Mode B (supervised). Read-only; call it once if unsure how to use these tools.",
+      annotations: {
+        title: "How to use PipRail",
+        readOnlyHint: true,
+        idempotentHint: true
+      },
+      parameters: { type: "object", properties: {}, additionalProperties: false },
+      invoke: async () => ({ guide: PIPRAIL_AGENT_GUIDE })
     }
   ];
 }
 
+// src/classify.ts
+function classifyChallenge(challenge, opts) {
+  const accepts = _nullishCoalesce(challenge.accepts, () => ( []));
+  const offeredSchemes = [...new Set(accepts.map((a) => a.scheme))];
+  const offeredNetworks = [...new Set(accepts.map((a) => a.network))];
+  const onClientChain = accepts.some((a) => a.network === opts.network);
+  const payableScheme = accepts.some(
+    (a) => a.network === opts.network && opts.schemes.includes(a.scheme)
+  );
+  const verdict = accepts.length === 0 ? "NO_RAIL" : payableScheme ? "PAYABLE_RAIL" : onClientChain ? "UNPAYABLE_SCHEME" : "WRONG_CHAIN";
+  return { onClientChain, payableScheme, offeredSchemes, offeredNetworks, verdict };
+}
+
 // src/discovery.ts
 var GENERATOR = "@piprail/sdk \xB7 https://piprail.com";
 function buildBazaarExtension(descriptor = {}) {
@@ -2853,7 +3479,7 @@ function buildBazaarExtension(descriptor = {}) {
 function pathOf(url) {
   try {
     return new URL(url).pathname || "/";
-  } catch (e25) {
+  } catch (e26) {
     return url.startsWith("/") ? url : `/${url}`;
   }
 }
@@ -2926,7 +3552,7 @@ async function post(url, body, headers) {
   let json = null;
   try {
     json = await res.json();
-  } catch (e26) {
+  } catch (e27) {
   }
   return { status: res.status, json };
 }
@@ -2942,13 +3568,13 @@ async function settleViaFacilitator(input) {
   try {
     verify = await post(`${base2}/verify`, body, auth);
   } catch (err) {
-    throw new (0, _chunkMDLZJGLYcjs.SettlementError)(
+    throw new (0, _chunkPA6YD3HLcjs.SettlementError)(
       `exact settle (facilitator ${base2}): /verify request failed (${err instanceof Error ? err.message : String(err)}).`,
       { cause: err }
     );
   }
   if (verify.status !== 200) {
-    throw new (0, _chunkMDLZJGLYcjs.SettlementError)(
+    throw new (0, _chunkPA6YD3HLcjs.SettlementError)(
       `exact settle (facilitator ${base2}): /verify returned HTTP ${verify.status} (transport/auth error).`
     );
   }
@@ -2964,13 +3590,13 @@ async function settleViaFacilitator(input) {
   try {
     settle = await post(`${base2}/settle`, body, auth);
   } catch (err) {
-    throw new (0, _chunkMDLZJGLYcjs.SettlementError)(
+    throw new (0, _chunkPA6YD3HLcjs.SettlementError)(
       `exact settle (facilitator ${base2}): /settle request failed (${err instanceof Error ? err.message : String(err)}).`,
       { cause: err }
     );
   }
   if (settle.status !== 200) {
-    throw new (0, _chunkMDLZJGLYcjs.SettlementError)(
+    throw new (0, _chunkPA6YD3HLcjs.SettlementError)(
       `exact settle (facilitator ${base2}): /settle returned HTTP ${settle.status} (transport/auth error).`
     );
   }
@@ -3036,7 +3662,7 @@ function createPaymentGate(options) {
           }
           net.assertValidPayTo(payTo);
           const { asset, decimals, symbol } = net.resolveToken(a.token);
-          const amountBase = _chunkMDLZJGLYcjs.parseUnits.call(void 0, a.amount, decimals);
+          const amountBase = _chunkPA6YD3HLcjs.parseUnits.call(void 0, a.amount, decimals);
           const spec = { net, asset, decimals, symbol, amountBase, amountFormatted: a.amount, payTo };
           if (options.exact) spec.exact = await resolveExactRail(net, asset);
           return spec;
@@ -3151,7 +3777,7 @@ function createPaymentGate(options) {
     const specs = await ready();
     const nonce = genNonce();
     const bazaar = options.discovery ? { bazaar: buildBazaarExtension(options.discovery === true ? {} : options.discovery) } : void 0;
-    const extensions = { ...bazaar, ..._optionalChain([opts, 'optionalAccess', _46 => _46.extensions]) };
+    const extensions = { ...bazaar, ..._optionalChain([opts, 'optionalAccess', _61 => _61.extensions]) };
     const challenge2 = {
       x402Version: 2,
       resource: {
@@ -3159,7 +3785,7 @@ function createPaymentGate(options) {
         ...options.description ? { description: options.description } : {}
       },
       accepts: buildAccepts(specs, nonce),
-      ..._optionalChain([opts, 'optionalAccess', _47 => _47.error]) ? { error: opts.error } : {},
+      ..._optionalChain([opts, 'optionalAccess', _62 => _62.error]) ? { error: opts.error } : {},
       ...Object.keys(extensions).length > 0 ? { extensions } : {}
     };
     return { challenge: challenge2, requiredHeader: buildChallengeHeader(challenge2) };
@@ -3182,7 +3808,7 @@ function createPaymentGate(options) {
     if (options.onPaid) {
       try {
         options.onPaid(receipt);
-      } catch (e27) {
+      } catch (e28) {
       }
     }
   }
@@ -3278,7 +3904,9 @@ function createPaymentGate(options) {
             amount: accept.amount,
             payTo: accept.payTo,
             maxTimeoutSeconds: accept.maxTimeoutSeconds,
-            extra: { name: accept.extra.name, version: accept.extra.version }
+            // name/version are OPTIONAL on the wire type (a foreign rail may omit them), but the
+            // gate's OWN exact rail always read them on-chain at resolution — so they're present here.
+            extra: { name: _nullishCoalesce(accept.extra.name, () => ( "")), version: _nullishCoalesce(accept.extra.version, () => ( "")) }
           },
           receipt: { network: accept.network, asset: accept.asset, payTo: accept.payTo, amount: accept.amount },
           payerHint: exact.payload.authorization.from
@@ -3316,7 +3944,7 @@ function requirePayment(options) {
     try {
       result = await gate.verify(_nullishCoalesce(req.headers[HEADER_SIGNATURE], () => ( req.headers[HEADER_SIGNATURE_V1])));
     } catch (err) {
-      if (err instanceof _chunkMDLZJGLYcjs.SettlementError) {
+      if (err instanceof _chunkPA6YD3HLcjs.SettlementError) {
         res.status(502);
         res.json({ x402Version: 2, error: "settlement_failed", detail: err.message });
         return;
@@ -3410,4 +4038,13 @@ function normaliseHeader(value) {
 
 
 
-exports.CHAINS = CHAINS; exports.ConfirmationTimeoutError = _chunkMDLZJGLYcjs.ConfirmationTimeoutError; exports.DIRECTORY_INFO = DIRECTORY_INFO; exports.EIP3009_TYPES = EIP3009_TYPES; exports.EXACT_NETWORK_SLUGS = EXACT_NETWORK_SLUGS; exports.GENERATOR = GENERATOR; exports.HEADER_REQUIRED = HEADER_REQUIRED; exports.HEADER_RESPONSE = HEADER_RESPONSE; exports.HEADER_RESPONSE_V1 = HEADER_RESPONSE_V1; exports.HEADER_SIGNATURE = HEADER_SIGNATURE; exports.HEADER_SIGNATURE_V1 = HEADER_SIGNATURE_V1; exports.InsufficientFundsError = _chunkMDLZJGLYcjs.InsufficientFundsError; exports.InvalidEnvelopeError = _chunkMDLZJGLYcjs.InvalidEnvelopeError; exports.MaxRetriesExceededError = _chunkMDLZJGLYcjs.MaxRetriesExceededError; exports.MissingDriverError = _chunkMDLZJGLYcjs.MissingDriverError; exports.NoCompatibleAcceptError = _chunkMDLZJGLYcjs.NoCompatibleAcceptError; exports.NonReplayableBodyError = _chunkMDLZJGLYcjs.NonReplayableBodyError; exports.PaymentDeclinedError = _chunkMDLZJGLYcjs.PaymentDeclinedError; exports.PaymentTimeoutError = _chunkMDLZJGLYcjs.PaymentTimeoutError; exports.PipRailClient = PipRailClient; exports.PipRailError = _chunkMDLZJGLYcjs.PipRailError; exports.RecipientNotReadyError = _chunkMDLZJGLYcjs.RecipientNotReadyError; exports.SettlementError = _chunkMDLZJGLYcjs.SettlementError; exports.UnknownTokenError = _chunkMDLZJGLYcjs.UnknownTokenError; exports.UnsupportedNetworkError = _chunkMDLZJGLYcjs.UnsupportedNetworkError; exports.WrongChainError = _chunkMDLZJGLYcjs.WrongChainError; exports.WrongFamilyError = _chunkMDLZJGLYcjs.WrongFamilyError; exports.buildBazaarExtension = buildBazaarExtension; exports.buildChallengeHeader = buildChallengeHeader; exports.buildExactAuthorization = buildExactAuthorization; exports.buildOpenApi = buildOpenApi; exports.buildReceiptHeader = buildReceiptHeader; exports.buildSignatureHeader = buildSignatureHeader; exports.buildWellKnownX402 = buildWellKnownX402; exports.buildX402DnsTxt = buildX402DnsTxt; exports.chainIdForExactNetwork = chainIdForExactNetwork; exports.claim402IndexDomain = claim402IndexDomain; exports.createPaymentGate = createPaymentGate; exports.decorateOutcome = decorateOutcome; exports.eip3009Abi = eip3009Abi; exports.encodeXPaymentHeader = encodeXPaymentHeader; exports.evaluatePolicy = evaluatePolicy; exports.getDirectoryInfo = getDirectoryInfo; exports.normalizeNetwork = normalizeNetwork; exports.parseChallenge = parseChallenge; exports.parseExactPaymentHeader = parseExactPaymentHeader; exports.parseExactRequirements = parseExactRequirements; exports.parseReceipt = parseReceipt; exports.parseSignatureHeader = parseSignatureHeader; exports.paymentTools = paymentTools; exports.pickAccept = pickAccept; exports.planAcross = planAcross; exports.readExactDomain = readExactDomain; exports.register402Index = register402Index; exports.registerDriver = registerDriver; exports.registerX402Scan = registerX402Scan; exports.requirePayment = requirePayment; exports.resolveChain = resolveChain; exports.searchOpenIndexes = searchOpenIndexes; exports.settleViaFacilitator = settleViaFacilitator; exports.toInsufficientFundsError = _chunkMDLZJGLYcjs.toInsufficientFundsError; exports.toInvalidBody = toInvalidBody; exports.verify402IndexDomain = verify402IndexDomain;
+
+
+
+
+
+
+
+
+
+exports.CHAINS = CHAINS; exports.ConfirmationTimeoutError = _chunkPA6YD3HLcjs.ConfirmationTimeoutError; exports.DIRECTORY_INFO = DIRECTORY_INFO; exports.EIP3009_TYPES = EIP3009_TYPES; exports.EXACT_NETWORK_SLUGS = EXACT_NETWORK_SLUGS; exports.GENERATOR = GENERATOR; exports.HEADER_REQUIRED = HEADER_REQUIRED; exports.HEADER_RESPONSE = HEADER_RESPONSE; exports.HEADER_RESPONSE_V1 = HEADER_RESPONSE_V1; exports.HEADER_SIGNATURE = HEADER_SIGNATURE; exports.HEADER_SIGNATURE_V1 = HEADER_SIGNATURE_V1; exports.InsufficientFundsError = _chunkPA6YD3HLcjs.InsufficientFundsError; exports.InvalidEnvelopeError = _chunkPA6YD3HLcjs.InvalidEnvelopeError; exports.MaxRetriesExceededError = _chunkPA6YD3HLcjs.MaxRetriesExceededError; exports.MissingDriverError = _chunkPA6YD3HLcjs.MissingDriverError; exports.NoCompatibleAcceptError = _chunkPA6YD3HLcjs.NoCompatibleAcceptError; exports.NonReplayableBodyError = _chunkPA6YD3HLcjs.NonReplayableBodyError; exports.PIPRAIL_AGENT_GUIDE = PIPRAIL_AGENT_GUIDE; exports.PaymentDeclinedError = _chunkPA6YD3HLcjs.PaymentDeclinedError; exports.PaymentTimeoutError = _chunkPA6YD3HLcjs.PaymentTimeoutError; exports.PipRailClient = PipRailClient; exports.PipRailError = _chunkPA6YD3HLcjs.PipRailError; exports.RecipientNotReadyError = _chunkPA6YD3HLcjs.RecipientNotReadyError; exports.SettlementError = _chunkPA6YD3HLcjs.SettlementError; exports.UnknownTokenError = _chunkPA6YD3HLcjs.UnknownTokenError; exports.UnsupportedNetworkError = _chunkPA6YD3HLcjs.UnsupportedNetworkError; exports.UnsupportedSchemeError = _chunkPA6YD3HLcjs.UnsupportedSchemeError; exports.WrongChainError = _chunkPA6YD3HLcjs.WrongChainError; exports.WrongFamilyError = _chunkPA6YD3HLcjs.WrongFamilyError; exports.agentGuide = agentGuide; exports.buildBazaarExtension = buildBazaarExtension; exports.buildChallengeHeader = buildChallengeHeader; exports.buildExactAuthorization = buildExactAuthorization; exports.buildExactSignatureHeader = buildExactSignatureHeader; exports.buildOpenApi = buildOpenApi; exports.buildReceiptHeader = buildReceiptHeader; exports.buildSignatureHeader = buildSignatureHeader; exports.buildWellKnownX402 = buildWellKnownX402; exports.buildX402DnsTxt = buildX402DnsTxt; exports.chainIdForExactNetwork = chainIdForExactNetwork; exports.claim402IndexDomain = claim402IndexDomain; exports.classifyChallenge = classifyChallenge; exports.createPaymentGate = createPaymentGate; exports.decorateOutcome = decorateOutcome; exports.eip3009Abi = eip3009Abi; exports.encodeXPaymentHeader = encodeXPaymentHeader; exports.evaluatePolicy = evaluatePolicy; exports.explainDecline = explainDecline; exports.formatSpendReport = formatSpendReport; exports.getDirectoryInfo = getDirectoryInfo; exports.normalizeNetwork = normalizeNetwork; exports.parseChallenge = parseChallenge; exports.parseExactPaymentHeader = parseExactPaymentHeader; exports.parseExactRequirements = parseExactRequirements; exports.parseReceipt = parseReceipt; exports.parseSettleResponse = parseSettleResponse; exports.parseSignatureHeader = parseSignatureHeader; exports.paymentTools = paymentTools; exports.pickAccept = pickAccept; exports.planAcross = planAcross; exports.readExactDomain = readExactDomain; exports.register402Index = register402Index; exports.registerDriver = registerDriver; exports.registerX402Scan = registerX402Scan; exports.requirePayment = requirePayment; exports.resolveChain = resolveChain; exports.searchOpenIndexes = searchOpenIndexes; exports.settleViaFacilitator = settleViaFacilitator; exports.summarizePlan = summarizePlan; exports.toInsufficientFundsError = _chunkPA6YD3HLcjs.toInsufficientFundsError; exports.toInvalidBody = toInvalidBody; exports.verify402IndexDomain = verify402IndexDomain;