@piprail/sdk 1.13.1 → 1.15.0

package/dist/index.js

@@ -13,6 +13,7 @@ import {
   SettlementError,
   UnknownTokenError,
   UnsupportedNetworkError,
+  UnsupportedSchemeError,
   WrongChainError,
   WrongFamilyError,
   floorUnits,
@@ -21,7 +22,7 @@ import {
   parseUnits,
   rejectForeignToken,
   toInsufficientFundsError
-} from "./chunk-SVMGHASK.js";
+} from "./chunk-ILPABTI2.js";
 
 // src/drivers/registry.ts
 var byFamily = /* @__PURE__ */ new Map();
@@ -97,13 +98,18 @@ var CHAINS = {
     defaultRpc: "https://ethereum-rpc.publicnode.com",
     tokens: {
       USDC: { address: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48", decimals: 6, symbol: "USDC" },
-      USDT: { address: "0xdAC17F958D2ee523a2206206994597C13D831ec7", decimals: 6, symbol: "USDT" }
+      USDT: { address: "0xdAC17F958D2ee523a2206206994597C13D831ec7", decimals: 6, symbol: "USDT" },
+      // Circle EURC — EIP-3009 (exact-payable). On-chain EIP-712 domain name is "Euro Coin" here
+      // (NOT "EURC"); the buyer re-derives it on-chain, so the symbol below is display-only.
+      EURC: { address: "0x1aBaEA1f7C830bD89Acc67eC4af516284b1bC33c", decimals: 6, symbol: "EURC" }
     }
   },
   base: {
     chain: base,
     tokens: {
-      USDC: { address: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", decimals: 6, symbol: "USDC" }
+      USDC: { address: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", decimals: 6, symbol: "USDC" },
+      // Circle EURC — EIP-3009 (exact-payable). On-chain EIP-712 domain name is "EURC" here.
+      EURC: { address: "0x60a3E35Cc302bFA44Cb288Bc5a4F316Fdb1adb42", decimals: 6, symbol: "EURC" }
     }
   },
   arbitrum: {
@@ -139,7 +145,9 @@ var CHAINS = {
     chain: avalanche,
     tokens: {
       USDC: { address: "0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E", decimals: 6, symbol: "USDC" },
-      USDT: { address: "0x9702230A8Ea53601f5cD2dc00fDBc13d4dF4A8c7", decimals: 6, symbol: "USDT" }
+      USDT: { address: "0x9702230A8Ea53601f5cD2dc00fDBc13d4dF4A8c7", decimals: 6, symbol: "USDT" },
+      // Circle EURC — EIP-3009 (exact-payable). On-chain EIP-712 domain name is "Euro Coin" here.
+      EURC: { address: "0xC891EB4cbdEFf6e073e859e987815Ed1505c2ACD", decimals: 6, symbol: "EURC" }
     }
   },
   // ── More popular EVM mainnets. Every address below was verified on-chain
@@ -591,6 +599,53 @@ function encodeXPaymentHeader(input) {
   };
   return base64(JSON.stringify(payload));
 }
+async function payExactEvm(input) {
+  const { publicClient, walletClient, account, chainId, accept } = input;
+  let code;
+  try {
+    code = await publicClient.getCode({ address: account.address });
+  } catch {
+    code = void 0;
+  }
+  if (code && code !== "0x") {
+    throw new UnsupportedSchemeError(
+      `exact buyer rail requires an EOA signer; ${account.address} is a contract / EIP-1271 / EIP-7702-delegated account (no recoverable ECDSA signature). Pay via onchain-proof.`
+    );
+  }
+  const domain = await readExactDomain(publicClient, accept.asset);
+  if (!domain) {
+    throw new UnsupportedSchemeError(
+      `exact: ${accept.asset} on ${accept.network} isn't an EIP-3009 token (USDT needs Permit2; native coin and plain ERC-20s aren't exact-payable). Pay via onchain-proof.`
+    );
+  }
+  const g = globalThis.crypto;
+  if (!g?.getRandomValues) {
+    throw new UnsupportedSchemeError(
+      "this runtime lacks Web Crypto (globalThis.crypto.getRandomValues); the exact rail needs a CSPRNG nonce."
+    );
+  }
+  const raw = new Uint8Array(32);
+  g.getRandomValues(raw);
+  const nonce = `0x${[...raw].map((b) => b.toString(16).padStart(2, "0")).join("")}`;
+  const now = Math.floor(Date.now() / 1e3);
+  const from = account.address;
+  const to = getAddress2(accept.payTo);
+  const value = accept.amount;
+  const validAfter = "0";
+  const validBefore = String(now + accept.maxTimeoutSeconds);
+  const signature = await walletClient.signTypedData({
+    account,
+    domain: { name: domain.name, version: domain.version, chainId, verifyingContract: getAddress2(accept.asset) },
+    types: EIP3009_TYPES,
+    primaryType: "TransferWithAuthorization",
+    message: { from, to, value: BigInt(value), validAfter: 0n, validBefore: BigInt(validBefore), nonce }
+  });
+  return {
+    payload: { signature, authorization: { from, to, value, validAfter, validBefore, nonce } },
+    payerFrom: from,
+    nonce
+  };
+}
 var eip3009Abi = [
   {
     type: "function",
@@ -873,6 +928,9 @@ function buildReceiptHeader(receipt) {
 function buildSignatureHeader(signature) {
   return toBase64Json(signature);
 }
+function buildExactSignatureHeader(input) {
+  return toBase64Json({ x402Version: 2, accepted: input.accepted, payload: input.payload });
+}
 async function parseChallenge(response) {
   const headerValue = response.headers.get(HEADER_REQUIRED);
   if (headerValue) {
@@ -887,11 +945,24 @@ async function parseChallenge(response) {
   return null;
 }
 function parseReceipt(response) {
-  const headerValue = response.headers.get(HEADER_RESPONSE);
+  const headerValue = response.headers.get(HEADER_RESPONSE) ?? response.headers.get(HEADER_RESPONSE_V1);
   if (!headerValue) return null;
   const parsed = fromBase64Json(headerValue);
   return isValidReceipt(parsed) ? parsed : null;
 }
+function parseSettleResponse(response) {
+  const headerValue = response.headers.get(HEADER_RESPONSE) ?? response.headers.get(HEADER_RESPONSE_V1);
+  if (!headerValue) return null;
+  const parsed = fromBase64Json(headerValue);
+  if (!parsed || typeof parsed !== "object" || typeof parsed.success !== "boolean") return null;
+  return {
+    success: parsed.success,
+    ...typeof parsed.transaction === "string" ? { transaction: parsed.transaction } : {},
+    ...typeof parsed.network === "string" ? { network: parsed.network } : {},
+    ...typeof parsed.payer === "string" ? { payer: parsed.payer } : {},
+    ...typeof parsed.errorReason === "string" ? { errorReason: parsed.errorReason } : {}
+  };
+}
 function parseSignatureHeader(value) {
   const parsed = fromBase64Json(value);
   if (!parsed || typeof parsed !== "object") return null;
@@ -1085,6 +1156,15 @@ function makeEvmNetwork(resolved) {
     },
     async estimateCost(accept) {
       const { decimals, symbol } = resolved.chain.nativeCurrency;
+      if (accept.scheme === "exact") {
+        return nativeCost({
+          symbol,
+          decimals,
+          fee: 0n,
+          basis: "estimated",
+          detail: "gasless \u2014 the server/facilitator settles the signed authorization"
+        });
+      }
       const gasLimit = accept.asset === "native" ? 21000n : 65000n;
       try {
         const gasPrice = await publicClient.getGasPrice();
@@ -1146,6 +1226,21 @@ function makeEvmNetwork(resolved) {
         minConfirmations: accept.extra.minConfirmations
       });
     },
+    // Standard x402 `exact` rail (EIP-3009), BUYER side — EVM only. Re-derives the
+    // token's EIP-712 domain on-chain, signs an authorization with the agent's own
+    // key, and returns it for the client to frame into PAYMENT-SIGNATURE. Never
+    // broadcasts. Throws UnsupportedSchemeError for a non-EIP-3009 token / contract signer.
+    async payExact(wallet, accept) {
+      const a = wallet._native;
+      const { payload, payerFrom, nonce } = await payExactEvm({
+        publicClient,
+        walletClient: a.walletClient,
+        account: a.account,
+        chainId: resolved.chainId,
+        accept
+      });
+      return { payload, accepted: accept, payerFrom, nonce };
+    },
     // Standard x402 `exact` rail (EIP-3009), seller side — EVM only.
     async exactDomain(asset) {
       return readExactDomain(publicClient, asset);
@@ -1176,7 +1271,7 @@ var loaders = {
   solana: async () => {
     let mod;
     try {
-      mod = await import("./solana-S3UFI3FE.js");
+      mod = await import("./solana-WDKWWF33.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Solana selected, but its packages aren't installed. Run: npm install @solana/web3.js @solana/spl-token bs58`,
@@ -1188,7 +1283,7 @@ var loaders = {
   ton: async () => {
     let mod;
     try {
-      mod = await import("./ton-WPTXGLVK.js");
+      mod = await import("./ton-CHJ26BVA.js");
     } catch (cause) {
       throw new MissingDriverError(
         `TON selected, but its packages aren't installed. Run: npm install @ton/ton @ton/core @ton/crypto`,
@@ -1200,7 +1295,7 @@ var loaders = {
   stellar: async () => {
     let mod;
     try {
-      mod = await import("./stellar-Q5PO23SC.js");
+      mod = await import("./stellar-FIJPQZVW.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Stellar selected, but its package isn't installed. Run: npm install @stellar/stellar-sdk`,
@@ -1212,7 +1307,7 @@ var loaders = {
   xrpl: async () => {
     let mod;
     try {
-      mod = await import("./xrpl-HEAPEXAM.js");
+      mod = await import("./xrpl-GTUPP6SK.js");
     } catch (cause) {
       throw new MissingDriverError(
         `XRPL selected, but its package isn't installed. Run: npm install xrpl`,
@@ -1224,7 +1319,7 @@ var loaders = {
   tron: async () => {
     let mod;
     try {
-      mod = await import("./tron-6GXBXTR4.js");
+      mod = await import("./tron-DD3JDROV.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Tron selected, but its package isn't installed. Run: npm install tronweb`,
@@ -1236,7 +1331,7 @@ var loaders = {
   sui: async () => {
     let mod;
     try {
-      mod = await import("./sui-WOXRKJXS.js");
+      mod = await import("./sui-B7AVN7NK.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Sui selected, but its package isn't installed. Run: npm install @mysten/sui`,
@@ -1248,7 +1343,7 @@ var loaders = {
   near: async () => {
     let mod;
     try {
-      mod = await import("./near-K6BDBABG.js");
+      mod = await import("./near-LM7S3WUD.js");
     } catch (cause) {
       throw new MissingDriverError(
         `NEAR selected, but its package isn't installed. Run: npm install near-api-js`,
@@ -1260,7 +1355,7 @@ var loaders = {
   aptos: async () => {
     let mod;
     try {
-      mod = await import("./aptos-LPBLSEIQ.js");
+      mod = await import("./aptos-SUXOVP7B.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Aptos selected, but its package isn't installed. Run: npm install @aptos-labs/ts-sdk`,
@@ -1272,7 +1367,7 @@ var loaders = {
   algorand: async () => {
     let mod;
     try {
-      mod = await import("./algorand-WGVF4KTU.js");
+      mod = await import("./algorand-F3OYB534.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Algorand selected, but its package isn't installed. Run: npm install algosdk`,
@@ -1747,7 +1842,18 @@ function encodeBase642(str) {
 
 // src/policy.ts
 var ALLOW = { allowed: true };
-var deny = (reason) => ({ allowed: false, reason });
+var deny = (code, reason) => ({
+  allowed: false,
+  reason,
+  code
+});
+function resolveDeadline(policy, sessionStart) {
+  const fromTtl = policy.ttlSeconds != null && Number.isSafeInteger(sessionStart + policy.ttlSeconds * 1e3) ? sessionStart + policy.ttlSeconds * 1e3 : null;
+  const fromAbs = policy.expiresAt != null ? policy.expiresAt : null;
+  if (fromTtl == null) return fromAbs;
+  if (fromAbs == null) return fromTtl;
+  return Math.min(fromTtl, fromAbs);
+}
 function hostMatches(host, pattern) {
   if (pattern.startsWith("*.")) {
     const suffix = pattern.slice(1);
@@ -1763,18 +1869,26 @@ function chainMatches(intent, allowed) {
   const id = "id" in allowed ? allowed.id : void 0;
   return id !== void 0 && intent.network === `eip155:${id}`;
 }
-function evaluatePolicy(intent, policy, spentForAssetBase) {
+function evaluatePolicy(intent, policy, spentForAssetBase, ctx) {
   if (!policy) return ALLOW;
+  if (ctx) {
+    const deadline = resolveDeadline(policy, ctx.sessionStart);
+    if (deadline != null && ctx.now >= deadline) {
+      return deny("SESSION_EXPIRED", "session expired (TTL elapsed) \u2014 refusing to pay.");
+    }
+  }
   if (policy.chains && !policy.chains.some((c) => chainMatches(intent, c))) {
     return deny(
+      "CHAIN",
       `chain ${intent.network} is not in the allowed set (policy.chains).`
     );
   }
   if (policy.hosts && !policy.hosts.some((h) => hostMatches(intent.host, h))) {
-    return deny(`host ${intent.host} is not in the allowed set (policy.hosts).`);
+    return deny("HOST", `host ${intent.host} is not in the allowed set (policy.hosts).`);
   }
   if (!intent.recognized && !policy.allowUnknownTokens) {
     return deny(
+      "UNKNOWN_TOKEN",
       `asset ${intent.asset} on ${intent.network} isn't a token the SDK can price; refusing to pay it on trust. Set policy.allowUnknownTokens to override.`
     );
   }
@@ -1787,6 +1901,7 @@ function evaluatePolicy(intent, policy, spentForAssetBase) {
     });
     if (!matches) {
       return deny(
+        "TOKEN",
         `token ${intent.symbol ?? intent.asset} is not in the allowed set (policy.tokens).`
       );
     }
@@ -1795,6 +1910,7 @@ function evaluatePolicy(intent, policy, spentForAssetBase) {
     const cap = floorUnits(policy.maxAmount, intent.decimals);
     if (intent.amountBase > cap) {
       return deny(
+        "MAX_AMOUNT",
         `payment of ${intent.amountBase} base units exceeds policy.maxAmount ` + `(${policy.maxAmount} ${intent.symbol ?? ""}).`.trimEnd()
       );
     }
@@ -1803,10 +1919,20 @@ function evaluatePolicy(intent, policy, spentForAssetBase) {
     const cap = floorUnits(policy.maxTotal, intent.decimals);
     if (spentForAssetBase + intent.amountBase > cap) {
       return deny(
+        "MAX_TOTAL",
         `this payment would push spend on ${intent.symbol ?? intent.asset} past policy.maxTotal (${policy.maxTotal}); already spent ${spentForAssetBase} base units.`
       );
     }
   }
+  if (ctx && policy.windowTotal !== void 0 && policy.windowSeconds !== void 0) {
+    const cap = floorUnits(policy.windowTotal, intent.decimals);
+    if (ctx.spentInWindowBase + intent.amountBase > cap) {
+      return deny(
+        "WINDOW_TOTAL",
+        `this payment would exceed policy.windowTotal (${policy.windowTotal}) within the last ${policy.windowSeconds}s on ${intent.symbol ?? intent.asset}.`
+      );
+    }
+  }
   return ALLOW;
 }
 
@@ -1815,6 +1941,12 @@ var keyFor = (network, asset) => `${network}|${asset}`;
 var SpendLedger = class {
   records = [];
   buckets = /* @__PURE__ */ new Map();
+  /**
+   * Session clock origin (epoch-ms) — process/session start = ledger
+   * construction. In-memory; a new process is a new session. The client reads it
+   * to compute the `ttlSeconds` deadline and the rolling-window slice.
+   */
+  sessionStart = Date.now();
   /** Record a settled payment. `decimals` is the TRUE token decimals (for the
    *  per-asset running total used by maxTotal + the formatted summary). */
   record(r, decimals) {
@@ -1840,6 +1972,38 @@ var SpendLedger = class {
   totalFor(network, asset) {
     return this.buckets.get(keyFor(network, asset))?.total ?? 0n;
   }
+  /**
+   * Sum of base-unit amounts for (network, asset) whose record `at` (ISO
+   * timestamp) is at or after `sinceMs` (epoch-ms). Backs the rolling window
+   * (`sinceMs = now - windowSeconds*1000`). A linear scan of `records` —
+   * agent-session cardinality is small (tens), and it only runs when a window
+   * policy is set, so it's negligible against the network round-trip.
+   */
+  totalSince(network, asset, sinceMs) {
+    let sum = 0n;
+    for (const r of this.records) {
+      if (r.network === network && r.asset === asset && Date.parse(r.at) >= sinceMs) {
+        sum += BigInt(r.amountBase);
+      }
+    }
+    return sum;
+  }
+  /**
+   * The per-(network, asset) buckets, as read-only tuples — `network`, `asset`,
+   * `symbol`, the TRUE `decimals` (frozen from the first record), and the running
+   * `totalBase`. Lets the client compose a budget view WITHOUT coupling the ledger
+   * to the policy (the cap math lives in the client). Decimals only exist for a
+   * pair once it's been spent on — a never-spent pair simply isn't a bucket.
+   */
+  assetBuckets() {
+    return [...this.buckets.values()].map((b) => ({
+      network: b.network,
+      asset: b.asset,
+      ...b.symbol ? { symbol: b.symbol } : {},
+      decimals: b.decimals,
+      totalBase: b.total
+    }));
+  }
   /** An immutable snapshot of all spend so far. */
   summary() {
     return {
@@ -1859,6 +2023,7 @@ var SpendLedger = class {
 };
 
 // src/client.ts
+var DEFAULT_SCHEMES = ["onchain-proof"];
 var RECIPIENT_FIX = {
   NO_TRUSTLINE: "the recipient needs a one-time trustline for this asset before it can receive",
   NOT_REGISTERED: "the recipient must be storage_deposit-registered on this token (NEP-145, one-time)",
@@ -1881,6 +2046,37 @@ var PipRailClient = class {
     this.maxRetries = Math.max(1, opts.maxPaymentRetries ?? 3);
     this.retryTimeoutMs = opts.retryTimeoutMs ?? 3e4;
     this.onEvent = opts.onEvent ?? (() => void 0);
+    this.assertPolicyTimeOptions(opts.policy);
+  }
+  /**
+   * Fail LOUDLY at construction on a misconfigured time policy — a security
+   * boundary must never silently half-arm. Two invariants (a misconfiguration is
+   * a programmer error → `TypeError`, no new SDK error code):
+   *   - the rolling window needs BOTH `windowTotal` and `windowSeconds`, or NEITHER
+   *     (one alone is a leash that silently doesn't bite);
+   *   - `ttlSeconds` must be a positive, safe integer whose `*1000` deadline stays
+   *     within `Number.MAX_SAFE_INTEGER` (else the arithmetic would lose precision).
+   */
+  assertPolicyTimeOptions(policy) {
+    if (!policy) return;
+    const hasWindowTotal = policy.windowTotal !== void 0;
+    const hasWindowSeconds = policy.windowSeconds !== void 0;
+    if (hasWindowTotal !== hasWindowSeconds) {
+      throw new TypeError(
+        "policy.windowTotal and policy.windowSeconds must be set together \u2014 a rolling-window cap can't be half-armed (set both, or neither)."
+      );
+    }
+    if (hasWindowSeconds && !(Number.isSafeInteger(policy.windowSeconds) && policy.windowSeconds > 0)) {
+      throw new TypeError("policy.windowSeconds must be a positive integer number of seconds.");
+    }
+    if (policy.ttlSeconds !== void 0) {
+      const ttl = policy.ttlSeconds;
+      if (!Number.isSafeInteger(ttl) || ttl <= 0 || !Number.isSafeInteger(this.ledger.sessionStart + ttl * 1e3)) {
+        throw new TypeError(
+          "policy.ttlSeconds must be a positive integer number of seconds small enough that the resulting deadline stays a safe integer."
+        );
+      }
+    }
   }
   /** Emit an observability event, never letting a throwing handler break the
    * payment flow (mirrors the server gate's `onPaid` isolation). */
@@ -1901,6 +2097,11 @@ var PipRailClient = class {
       return { net, wallet };
     })();
   }
+  /** Resolve the effective scheme set: a per-call override, else the constructor's
+   *  `schemes`, else the `onchain-proof`-only default. */
+  resolveSchemes(perCall) {
+    return perCall ?? this.opts.schemes ?? DEFAULT_SCHEMES;
+  }
   /** GET that auto-handles 402. Pass a full URL to any x402-gated endpoint. */
   get(url, init) {
     return this.fetch(url, { ...init ?? {}, method: "GET" });
@@ -1945,7 +2146,7 @@ var PipRailClient = class {
   async quote(url, init) {
     const res = await fetch(url, { ...init ?? {}, method: init?.method ?? "GET" });
     if (res.status !== 402) return null;
-    const { quote } = await this.resolveChallenge(url, res);
+    const { quote } = await this.resolveChallenge(url, res, this.resolveSchemes());
     return quote;
   }
   /**
@@ -1964,7 +2165,7 @@ var PipRailClient = class {
   async estimateCost(url, init) {
     const res = await fetch(url, { ...init ?? {}, method: init?.method ?? "GET" });
     if (res.status !== 402) return null;
-    const { net, accept, quote } = await this.resolveChallenge(url, res);
+    const { net, accept, quote } = await this.resolveChallenge(url, res, this.resolveSchemes());
     const cost = await net.estimateCost(accept);
     return { quote, cost };
   }
@@ -1973,6 +2174,64 @@ var PipRailClient = class {
   spent() {
     return this.ledger.summary();
   }
+  /**
+   * Read-only budget + time leash for a Mode-A (headless) agent — the policy IS
+   * the consent, and this is how the agent SEES what's left of it before paying.
+   * Composes the in-memory ledger with the configured policy; never throws, moves
+   * no funds. PROCESS-SCOPED — every figure resets on restart (see {@link SessionBudget}).
+   */
+  budget() {
+    const view = this.sessionView();
+    const start = new Date(this.ledger.sessionStart).toISOString();
+    return {
+      session: {
+        start,
+        expiresAt: view?.expiresAt != null ? new Date(view.expiresAt).toISOString() : null,
+        secondsRemaining: view?.secondsRemaining ?? null
+      },
+      byAsset: this.remaining()
+    };
+  }
+  /**
+   * Per-(network, asset) remaining budget — ONE row per pair the ledger already
+   * holds (decimals are known only after the first spend), so a fresh client with
+   * a `maxTotal` set returns `[]` until its first payment. `cap`/`remaining` are
+   * `undefined` when no `maxTotal` is configured (unbounded). Pure + in-memory;
+   * never throws, never sums across tokens (no price oracle). PROCESS-SCOPED.
+   */
+  remaining() {
+    const maxTotal = this.opts.policy?.maxTotal;
+    return this.ledger.assetBuckets().map((b) => {
+      const base2 = {
+        network: b.network,
+        asset: b.asset,
+        ...b.symbol ? { symbol: b.symbol } : {},
+        decimals: b.decimals,
+        spentBase: b.totalBase.toString()
+      };
+      if (maxTotal === void 0) return base2;
+      const capBase = floorUnits(maxTotal, b.decimals);
+      const remainingBase = capBase > b.totalBase ? capBase - b.totalBase : 0n;
+      return {
+        ...base2,
+        capBase: capBase.toString(),
+        remainingBase: remainingBase.toString(),
+        remainingFormatted: formatUnits(remainingBase, b.decimals)
+      };
+    });
+  }
+  /** The read-only TIME envelope for the plan/budget surfaces, or `undefined`
+   *  when no session deadline (`ttlSeconds`/`expiresAt`) is set. `secondsRemaining`
+   *  is clamped ≥ 0 — a best-effort host wall-clock estimate. */
+  sessionView(now = Date.now()) {
+    const policy = this.opts.policy;
+    if (!policy || policy.ttlSeconds == null && policy.expiresAt == null) return void 0;
+    const deadline = resolveDeadline(policy, this.ledger.sessionStart);
+    return {
+      expiresAt: deadline,
+      secondsRemaining: deadline == null ? null : Math.max(0, Math.floor((deadline - now) / 1e3))
+    };
+  }
   /**
    * Plan a payment for a gated URL — WITHOUT paying. The read-only completion of
    * the `quote()` → `estimateCost()` → **`planPayment()`** trio: it surveys every
@@ -2000,7 +2259,7 @@ var PipRailClient = class {
       throw new InvalidEnvelopeError("402 response did not include a parseable x402 challenge.");
     }
     const { net, wallet } = await this.ensure();
-    return this.planFromChallenge(net, wallet, challenge, url);
+    return this.planFromChallenge(net, wallet, challenge, url, this.resolveSchemes());
   }
   /**
    * Convenience over {@link planPayment}: can the wallet settle this URL right now?
@@ -2028,8 +2287,8 @@ var PipRailClient = class {
    * - A resource just listed via {@link register} may not appear yet — 402 Index reviews
    *   before publishing, so retry with a brief backoff if a fresh listing is missing.
    * - Results are cross-scheme (mostly the mainstream `exact` scheme); `fetch()` pays
-   *   only `onchain-proof` rails directly (pay `exact` resources with the experimental
-   *   `drivers/evm/exact.ts`).
+   *   `onchain-proof` rails by default, and standard `exact` rails too once you opt in
+   *   with `schemes: ['onchain-proof', 'exact']` (EVM + EIP-3009 — USDC/EURC).
    */
   async discover(opts = {}) {
     const found = await searchOpenIndexes({
@@ -2168,13 +2427,14 @@ var PipRailClient = class {
     }
     const firstResponse = await fetch(url, init);
     if (firstResponse.status !== 402) return firstResponse;
-    const resolved = await this.resolveChallenge(url, firstResponse);
+    const schemes = this.resolveSchemes(init?.schemes);
+    const resolved = await this.resolveChallenge(url, firstResponse, schemes);
     const { net, wallet, challenge } = resolved;
     let accept = resolved.accept;
     let quote = resolved.quote;
     const autoRoute = init?.autoRoute ?? this.opts.autoRoute ?? false;
     if (autoRoute) {
-      const plan = await this.planFromChallenge(net, wallet, challenge, url);
+      const plan = await this.planFromChallenge(net, wallet, challenge, url, schemes);
       if (!plan.best) {
         throw new PaymentDeclinedError(plan.fundingHint ?? "No rail is settleable for this payment.");
       }
@@ -2183,6 +2443,9 @@ var PipRailClient = class {
     }
     this.safeEmit({ kind: "payment-required", challenge, accept });
     await this.authorize(quote);
+    if (accept.scheme === "exact") {
+      return this.payExactRail(net, wallet, accept, url, init, quote);
+    }
     const { ref, confirmed } = await this.payAndConfirm(net, wallet, accept);
     const response = await this.retryWithProof(url, init, accept, ref, confirmed);
     this.recordSpend(quote, ref);
@@ -2194,7 +2457,7 @@ var PipRailClient = class {
    * network, pick the accept the client can pay, and build its quote. Shared by
    * `quote()` (read-only) and `fetch()` (which then authorises + pays).
    */
-  async resolveChallenge(url, response) {
+  async resolveChallenge(url, response, schemes) {
     const challenge = await parseChallenge(response);
     if (!challenge) {
       throw new InvalidEnvelopeError(
@@ -2202,11 +2465,29 @@ var PipRailClient = class {
       );
     }
     const { net, wallet } = await this.ensure();
-    const candidates = this.gatherCandidates(net, challenge);
+    const candidates = this.gatherCandidates(net, challenge, schemes);
     if (candidates.length === 0) {
-      const networks = challenge.accepts.map((a) => a.network).join(", ");
+      const exactOnNet = challenge.accepts.some(
+        (a) => a.scheme === "exact" && net.supports(a.network)
+      );
+      if (schemes.includes("exact") && exactOnNet && typeof net.payExact !== "function") {
+        throw new UnsupportedSchemeError(
+          `This 402 offers a standard 'exact' rail on ${net.network}, but the ${net.family} family can't pay 'exact' (EVM + EIP-3009 only), and no 'onchain-proof' rail was offered.`
+        );
+      }
+      if (!schemes.includes("exact") && exactOnNet && typeof net.payExact === "function") {
+        const payable = challenge.accepts.some(
+          (a) => a.scheme === "exact" && net.supports(a.network) && net.describeAsset(a.asset) != null
+        );
+        if (payable) {
+          throw new NoCompatibleAcceptError(
+            `This 402 is payable only via the standard 'exact' rail on ${net.network}, which is OFF by default. Enable it: new PipRailClient({ \u2026, schemes: ['onchain-proof', 'exact'] }) or per call fetch(url, { schemes: ['exact'] }) (MCP: PIPRAIL_SCHEMES=onchain-proof,exact).`
+          );
+        }
+      }
+      const networks = [...new Set(challenge.accepts.map((a) => a.network))].join(", ");
       throw new NoCompatibleAcceptError(
-        `No accepts[] entry for ${net.network} (challenge offered: ${networks || "none"}).`
+        `No accepts[] entry payable by this client on ${net.network} (schemes: ${schemes.join(", ")}; challenge offered: ${networks || "none"}).`
       );
     }
     const priced = candidates.map((accept) => ({
@@ -2216,20 +2497,38 @@ var PipRailClient = class {
     const chosen = priced.find((p) => p.quote.withinPolicy) ?? priced[0];
     return { net, wallet, accept: chosen.accept, challenge, quote: chosen.quote };
   }
-  /** The candidate accepts this client could pay: our scheme, on the bound network.
-   *  A dual-advertised challenge may also carry standard `exact` rails — the PipRail
-   *  client ignores those (it pays the backendless `onchain-proof` rail); the type
-   *  predicate narrows the `X402AnyAccept` union to the rails we settle. */
-  gatherCandidates(net, challenge) {
-    return challenge.accepts.filter(
-      (a) => a.scheme === "onchain-proof" && net.supports(a.network)
-    );
+  /** The candidate accepts this client could pay, on the bound network. Always the
+   *  backendless `onchain-proof` rails; PLUS standard `exact` rails when `schemes`
+   *  enables them AND the driver can settle them (EVM `payExact` + a recognised
+   *  EIP-3009 token). `onchain-proof` is gathered FIRST so default selection is
+   *  unchanged when `exact` is off. */
+  gatherCandidates(net, challenge, schemes) {
+    const out = [];
+    if (schemes.includes("onchain-proof")) {
+      out.push(
+        ...challenge.accepts.filter(
+          (a) => a.scheme === "onchain-proof" && net.supports(a.network)
+        )
+      );
+    }
+    if (schemes.includes("exact")) {
+      out.push(
+        ...challenge.accepts.filter(
+          (a) => a.scheme === "exact" && net.supports(a.network) && typeof net.payExact === "function" && net.describeAsset(a.asset) != null && // a foreign rail's maxTimeoutSeconds must be a usable positive integer, or
+          // signing it would build a NaN/garbage validBefore — drop it silently
+          // (symmetric with an unrecognised token) rather than leak a raw SyntaxError.
+          Number.isInteger(a.maxTimeoutSeconds) && a.maxTimeoutSeconds > 0
+        )
+      );
+    }
+    return out;
   }
   /** Build the full {@link PaymentPlan} from an already-parsed challenge + bound
    *  net/wallet. Shared by `planPayment` (read-only) and `fetch`'s autoRoute. */
-  async planFromChallenge(net, wallet, challenge, url) {
+  async planFromChallenge(net, wallet, challenge, url, schemes) {
     const chainLabel = typeof this.opts.chain === "string" ? this.opts.chain : net.network;
-    const candidates = this.gatherCandidates(net, challenge);
+    const session = this.sessionView();
+    const candidates = this.gatherCandidates(net, challenge, schemes);
     if (candidates.length === 0) {
       const offered = [...new Set(challenge.accepts.map((a) => a.network))].join(", ") || "none";
       return {
@@ -2239,7 +2538,8 @@ var PipRailClient = class {
         payable: false,
         best: null,
         options: [],
-        fundingHint: `This 402 isn't offered on your chain (${chainLabel}); it's payable on: ${offered}.`
+        fundingHint: `This 402 isn't offered on your chain (${chainLabel}); it's payable on: ${offered}.`,
+        ...session ? { session } : {}
       };
     }
     const analysed = await Promise.all(
@@ -2257,7 +2557,8 @@ var PipRailClient = class {
       payable: best !== null,
       best,
       options,
-      fundingHint: best ? null : buildFundingHint(options, chainLabel)
+      fundingHint: best ? null : buildFundingHint(options, chainLabel),
+      ...session ? { session } : {}
     };
   }
   /** Analyse ONE rail against the wallet's holdings — quote (existing) + gas
@@ -2269,17 +2570,27 @@ var PipRailClient = class {
     const rr = await net.recipientReady(accept.payTo, accept.asset).catch(() => ({ ready: "unknown" }));
     const amount = BigInt(accept.amount);
     const fee = safeBig(cost.fee);
+    const isExact = accept.scheme === "exact";
     const isNative = accept.asset === "native";
     const blockers = [];
     const warnings = [];
     const shortfall = {};
-    if (!quote.withinPolicy) blockers.push("OUTSIDE_POLICY");
+    if (!quote.withinPolicy) {
+      blockers.push(
+        quote.policyCode === "SESSION_EXPIRED" || quote.policyCode === "WINDOW_TOTAL" ? "OUTSIDE_WINDOW" : "OUTSIDE_POLICY"
+      );
+    }
     if (quote.symbolMismatch) warnings.push("SYMBOL_MISMATCH");
-    if (cost.basis === "heuristic") warnings.push("GAS_HEURISTIC");
+    if (!isExact && cost.basis === "heuristic") warnings.push("GAS_HEURISTIC");
     const tokenKnown = bal.token != null;
     const nativeKnown = bal.native != null;
-    if (!tokenKnown || !nativeKnown) warnings.push("BALANCE_UNREADABLE");
-    if (isNative) {
+    if (isExact ? !tokenKnown : !tokenKnown || !nativeKnown) warnings.push("BALANCE_UNREADABLE");
+    if (isExact) {
+      if (tokenKnown && bal.token < amount) {
+        blockers.push("INSUFFICIENT_TOKEN");
+        shortfall.token = formatUnits(amount - bal.token, quote.decimals);
+      }
+    } else if (isNative) {
       if (nativeKnown && bal.native < amount + fee) {
         blockers.push("INSUFFICIENT_TOKEN");
         shortfall.token = formatUnits(amount + fee - bal.native, quote.decimals);
@@ -2306,7 +2617,7 @@ var PipRailClient = class {
     } else {
       recipient = { ready: rr.ready };
     }
-    const unreadable = isNative ? !nativeKnown : !tokenKnown || !nativeKnown;
+    const unreadable = isExact ? !tokenKnown : isNative ? !nativeKnown : !tokenKnown || !nativeKnown;
     const state = blockers.length ? "blocked" : unreadable || rr.ready === "unknown" ? "unknown" : "payable";
     return {
       accept,
@@ -2335,6 +2646,11 @@ var PipRailClient = class {
     const amountBase = BigInt(accept.amount);
     const described = net.describeAsset(accept.asset);
     const decimals = described?.decimals ?? accept.extra.decimals;
+    if (decimals === void 0) {
+      throw new InvalidEnvelopeError(
+        `challenge for ${accept.asset} on ${accept.network} states no decimals and the SDK doesn't recognise the token \u2014 refusing to price it.`
+      );
+    }
     const symbol = described?.symbol ?? accept.extra.symbol;
     const amountFormatted = formatUnits(amountBase, decimals);
     const intent = {
@@ -2347,10 +2663,25 @@ var PipRailClient = class {
       symbol,
       recognized: described != null
     };
+    const policy = this.opts.policy;
+    const hasWindow = !!policy && policy.windowTotal != null && policy.windowSeconds != null;
+    const hasTimePolicy = !!policy && (policy.ttlSeconds != null || policy.expiresAt != null || hasWindow);
+    const now = Date.now();
+    const ctx = hasTimePolicy ? {
+      now,
+      sessionStart: this.ledger.sessionStart,
+      // Window slice ONLY when BOTH fields are set — never a `?? 0` width.
+      spentInWindowBase: hasWindow ? this.ledger.totalSince(
+        accept.network,
+        accept.asset,
+        now - policy.windowSeconds * 1e3
+      ) : 0n
+    } : void 0;
     const decision = evaluatePolicy(
       intent,
       this.opts.policy,
-      this.ledger.totalFor(accept.network, accept.asset)
+      this.ledger.totalFor(accept.network, accept.asset),
+      ctx
     );
     const serverSymbol = accept.extra.symbol;
     const symbolMismatch = intent.recognized && !!serverSymbol && !!symbol && serverSymbol.toUpperCase() !== symbol.toUpperCase();
@@ -2369,15 +2700,19 @@ var PipRailClient = class {
       recognized: intent.recognized,
       symbolMismatch,
       withinPolicy: decision.allowed,
-      ...decision.reason ? { policyReason: decision.reason } : {}
+      ...decision.reason ? { policyReason: decision.reason } : {},
+      ...decision.code ? { policyCode: decision.code } : {}
     };
   }
   /** Enforce the spend policy and the onBeforePay hook — both refuse by
-   *  throwing PaymentDeclinedError, before any funds move. */
+   *  throwing PaymentDeclinedError, before any funds move. Every refusal carries
+   *  a typed `reasonCode` so an agent can branch on the cause (and spot a
+   *  TERMINAL expiry/approval decline it must not retry) without parsing prose. */
   async authorize(quote) {
     if (!quote.withinPolicy) {
       throw new PaymentDeclinedError(
-        `Payment refused by policy: ${quote.policyReason ?? "not allowed"}`
+        `Payment refused by policy: ${quote.policyReason ?? "not allowed"}`,
+        { reasonCode: reasonCodeForPolicy(quote.policyCode) }
       );
     }
     const hook = this.opts.onBeforePay;
@@ -2387,12 +2722,14 @@ var PipRailClient = class {
       approved = await hook(quote);
     } catch (err) {
       throw new PaymentDeclinedError("onBeforePay threw \u2014 refusing to pay.", {
-        cause: err
+        cause: err,
+        reasonCode: "APPROVAL"
       });
     }
     if (!approved) {
       throw new PaymentDeclinedError(
-        `onBeforePay declined ${quote.amountFormatted} ${quote.symbol ?? ""}`.trimEnd() + ` on ${quote.network}.`
+        `onBeforePay declined ${quote.amountFormatted} ${quote.symbol ?? ""}`.trimEnd() + ` on ${quote.network}.`,
+        { reasonCode: "APPROVAL" }
       );
     }
   }
@@ -2495,7 +2832,102 @@ var PipRailClient = class {
       { ref }
     );
   }
+  /**
+   * Pay a standard x402 `exact` rail — a SEPARATE, fundamentally more conservative
+   * path than {@link retryWithProof}. The buyer SIGNS an EIP-3009 authorization ONCE
+   * (the driver's `payExact`) and the server / merchant-chosen facilitator BROADCASTS
+   * it synchronously, so a blind re-POST of a still-in-flight authorization could
+   * double-BROADCAST it. Hence, unlike the onchain-proof loop:
+   *
+   *   • sign exactly once — reuse the SAME header on every retry, never re-sign;
+   *   • retry ONLY an explicit 402 (a definitive pre-broadcast rejection), bounded
+   *     well under `maxTimeoutSeconds` so the loop can't outlive the authorization;
+   *   • a post-POST transport error/timeout → {@link PaymentTimeoutError} carrying the
+   *     nonce (the facilitator MAY have settled — verify on-chain, NEVER re-pay);
+   *   • a 5xx → return as-is (server settle failure; the authorization stays valid +
+   *     its nonce unused) — no settled event, no spend;
+   *   • a 200 whose SettleResponse says `success:false` → a rejection, NEVER a spend;
+   *   • the spend is recorded EXACTLY ONCE, on an affirmative settlement only.
+   */
+  async payExactRail(net, wallet, accept, url, init, quote) {
+    if (!net.payExact) {
+      throw new UnsupportedSchemeError(
+        `the ${net.family} family can't pay a standard 'exact' rail (EVM + EIP-3009 only).`
+      );
+    }
+    throwIfAborted(init?.signal);
+    const { payload, accepted, payerFrom, nonce } = await net.payExact(wallet, accept);
+    const headers = new Headers(init?.headers);
+    headers.set(HEADER_SIGNATURE, buildExactSignatureHeader({ accepted, payload }));
+    const rejectDefinitive = (why2) => {
+      this.safeEmit({ kind: "payment-failed", reason: `exact: facilitator rejected nonce=${nonce} (${why2})` });
+      throw new MaxRetriesExceededError(
+        `exact: the facilitator rejected the payment (${why2}). Fix the cause, then re-present the SAME signed authorization (nonce=${nonce}) \u2014 do NOT re-sign a fresh nonce. ref=${nonce}.`,
+        { ref: nonce }
+      );
+    };
+    const deadline = Date.now() + Math.max(1, Math.floor(accept.maxTimeoutSeconds / 2)) * 1e3;
+    const maxAttempts = Math.min(this.maxRetries, 3);
+    let lastReason = null;
+    for (let attempt = 0; attempt < maxAttempts; attempt += 1) {
+      if (attempt > 0) {
+        if (Date.now() >= deadline) break;
+        await new Promise((r) => setTimeout(r, Math.min(2e3, 400 * 2 ** (attempt - 1))));
+      }
+      throwIfAborted(init?.signal);
+      const budget = Math.min(this.retryTimeoutMs, deadline - Date.now());
+      if (budget <= 0) break;
+      const timeoutController = new AbortController();
+      const timeoutId = setTimeout(() => timeoutController.abort(), budget);
+      const signal = init?.signal && typeof AbortSignal.any === "function" ? AbortSignal.any([timeoutController.signal, init.signal]) : timeoutController.signal;
+      let response;
+      try {
+        response = await fetch(url, { ...init ?? {}, headers, signal });
+      } catch (err) {
+        throw new PaymentTimeoutError(
+          `exact: no response after submitting the authorization (nonce=${nonce}) to ${hostOf2(url)}. The facilitator may have already settled it \u2014 verify on-chain with authorizationState(${payerFrom}, ${nonce}) before re-presenting; do NOT re-pay.`,
+          { cause: err, ref: nonce }
+        );
+      } finally {
+        clearTimeout(timeoutId);
+      }
+      const settle = parseSettleResponse(response);
+      if (response.status === 402) {
+        if (settle && settle.success === false) rejectDefinitive(settle.errorReason ?? "the facilitator reported success:false");
+        lastReason = await readInvalidReason(response) ?? lastReason;
+        continue;
+      }
+      if (response.ok && !(settle && settle.success === false)) {
+        const receipt = parseReceipt(response);
+        this.safeEmit({ kind: "payment-settled", receipt, ...settle ? { settle } : {} });
+        const ref = settle?.transaction || receipt?.transaction || `eip3009-nonce:${nonce}`;
+        this.recordSpend(quote, ref);
+        return response;
+      }
+      if (response.status >= 500) {
+        this.safeEmit({ kind: "payment-failed", reason: `exact: server ${response.status} \u2014 authorization nonce=${nonce} not settled` });
+        return response;
+      }
+      if (settle && settle.success === false) rejectDefinitive(settle.errorReason ?? "the facilitator reported success:false");
+      this.safeEmit({ kind: "payment-failed", reason: `exact: server ${response.status} \u2014 authorization nonce=${nonce} not settled` });
+      return response;
+    }
+    const why = lastReason ? `${lastReason.error}${lastReason.detail ? ` \u2014 ${lastReason.detail}` : ""}` : "server gave no reason";
+    this.safeEmit({
+      kind: "payment-failed",
+      reason: `exact: 402 after submitting authorization nonce=${nonce} (${why})`
+    });
+    throw new MaxRetriesExceededError(
+      `exact: server still returned 402 after submitting the signed authorization (nonce=${nonce}). Last rejection: ${why}. Re-present the SAME authorization \u2014 do NOT re-sign a fresh nonce; verify authorizationState(${payerFrom}, ${nonce}) first. ref=${nonce}.`,
+      { ref: nonce }
+    );
+  }
 };
+function throwIfAborted(signal) {
+  if (signal?.aborted) {
+    throw signal.reason ?? new DOMException("This operation was aborted.", "AbortError");
+  }
+}
 function safeBig(s) {
   try {
     return BigInt(s);
@@ -2525,6 +2957,9 @@ function buildFundingHint(options, chainLabel) {
   if (target.blockers.includes("RECIPIENT_NOT_READY")) {
     return `Recipient ${shortAddr(target.accept.payTo)} can't receive on ${chainLabel} yet \u2014 ${target.recipient.fix ?? "recipient not ready"}.`;
   }
+  if (target.blockers.includes("OUTSIDE_WINDOW")) {
+    return target.quote.policyCode === "SESSION_EXPIRED" ? `Session is over on ${chainLabel} \u2014 restart the process or extend the TTL; no retry will succeed.` : `Budget window exhausted on ${chainLabel} \u2014 wait for it to free, or raise policy.windowTotal.`;
+  }
   if (target.blockers.includes("OUTSIDE_POLICY")) {
     return `Refused by spend policy: ${target.quote.policyReason ?? "not allowed"}.`;
   }
@@ -2562,6 +2997,20 @@ function railOnNetwork(rail, matches) {
   const n = normalizeNetwork(rail.network);
   return !n.includes(":") || matches(n);
 }
+function reasonCodeForPolicy(code) {
+  switch (code) {
+    case "SESSION_EXPIRED":
+      return "SESSION_EXPIRED";
+    case "WINDOW_TOTAL":
+      return "OUTSIDE_WINDOW";
+    case "MAX_TOTAL":
+      return "BUDGET";
+    case void 0:
+      return void 0;
+    default:
+      return "POLICY";
+  }
+}
 function hostOf2(url) {
   try {
     return new URL(url).hostname;
@@ -2596,12 +3045,124 @@ async function readInvalidReason(response) {
         detail: typeof body.detail === "string" ? body.detail : ""
       };
     }
+    if (body && body.isValid === false && typeof body.invalidReason === "string") {
+      return {
+        error: body.invalidReason,
+        detail: typeof body.invalidMessage === "string" ? body.invalidMessage : ""
+      };
+    }
   } catch {
   }
+  const settle = parseSettleResponse(response);
+  if (settle?.errorReason) return { error: settle.errorReason, detail: "" };
   return null;
 }
 
+// src/render.ts
+function summarizePlan(plan) {
+  if (plan == null) return "No payment required \u2014 the URL is not payment-gated.";
+  if (plan.payable && plan.best) {
+    const q = plan.best.quote;
+    const c = plan.best.cost;
+    const otherRails = plan.options.length - 1;
+    const note = otherRails > 0 ? ` ${otherRails} other rail(s) not settleable.` : "";
+    return `Payable: ${q.amountFormatted} ${q.symbol ?? q.asset} on ${plan.best.accept.network} (gas ~${c.feeFormatted} ${c.feeSymbol}).${note}`;
+  }
+  return `NOT payable: ${plan.fundingHint ?? `no settleable rail on ${plan.network}`}`;
+}
+function explainDecline(err) {
+  if (!(err instanceof PipRailError)) {
+    return `Payment failed: ${err instanceof Error ? err.message : String(err)}`;
+  }
+  switch (err.code) {
+    case "PAYMENT_DECLINED":
+      return err.message;
+    case "PAYMENT_TIMEOUT":
+    case "MAX_RETRIES_EXCEEDED":
+    case "CONFIRMATION_TIMEOUT":
+      return `${err.message} Recover using the proof on .ref (re-verify or re-submit it); never re-pay \u2014 a fresh payment would double-spend.`;
+    case "INSUFFICIENT_FUNDS":
+      return "The wallet cannot cover the payment + gas \u2014 top up the payer (token and/or native gas) and retry.";
+    case "RECIPIENT_NOT_READY":
+      return `${err.message} The fix is on the RECIPIENT (trustline / registration / opt-in / activation), not your balance.`;
+    case "NO_COMPATIBLE_ACCEPT":
+    case "UNSUPPORTED_SCHEME":
+      return err.message;
+    default:
+      return `Payment failed: ${err.message}`;
+  }
+}
+function formatSpendReport(summary) {
+  if (summary.count === 0) return "No payments yet.";
+  return summary.byAsset.map(
+    (a) => `${a.totalFormatted} ${a.symbol ?? a.asset} on ${a.network} (${a.count} payment${a.count === 1 ? "" : "s"})`
+  ).join("; ");
+}
+
+// src/agentGuide.ts
+var PIPRAIL_AGENT_GUIDE = `# Paying with PipRail \u2014 the agent contract
+
+You can pay for x402 "402 Payment Required" resources autonomously. Money moves
+straight from your wallet to the server; PipRail custodies nothing. Follow this.
+
+## The loop: quote \u2192 plan \u2192 pay
+1. piprail_quote_payment(url) \u2014 PRICE it. Returns the amount, token, chain, and
+   whether it is within your spend policy. No funds move. Use it to decide if a
+   resource is worth buying.
+2. piprail_plan_payment(url) \u2014 can I afford it NOW? Reads your balance, native gas,
+   and recipient-readiness across every rail, and returns { payable, best,
+   fundingHint, session? }. If payable is false, do NOT attempt the payment \u2014
+   fundingHint says exactly what to fix.
+3. piprail_pay_request(url, method?, body?) \u2014 PAY (only if the plan was payable)
+   and return the result.
+Always plan before you pay so you never commit to a payment you cannot finish.
+
+## Reading a refusal \u2014 never crash, never double-spend
+A failed pay returns a STRUCTURED object, never a thrown error you must catch:
+  { ok:false, code, reason, explain, ref?, reasonCode?, declined? }
+Branch on \`code\` (always reliable). Key cases:
+- declined:true with reasonCode:'SESSION_EXPIRED' \u2014 your time budget is over. This
+  is TERMINAL: STOP. Do not retry ANY payment this process; it cannot be undone
+  without a restart / a longer TTL.
+- declined:true with reasonCode:'APPROVAL' \u2014 a human (or hook) declined this
+  payment. Terminal for this pay: do NOT auto-retry \u2014 they said no, or no one
+  answered.
+- declined:true with reasonCode:'OUTSIDE_WINDOW' \u2014 your rolling rate-limit is
+  exhausted. Wait for it to free, then retry; do not raise the amount.
+- declined:true with reasonCode:'POLICY' or 'BUDGET' \u2014 a spend cap or allowlist
+  refused it. Don't retry the same payment; pick a cheaper/allowed one.
+- code:'INSUFFICIENT_FUNDS' \u2014 top up the wallet (token and/or native gas), retry.
+- code:'PAYMENT_TIMEOUT' / 'MAX_RETRIES_EXCEEDED' / 'CONFIRMATION_TIMEOUT' \u2014 the
+  payment may ALREADY be on-chain. Recover using the proof on \`.ref\` (re-verify
+  or re-submit it); never re-pay \u2014 a fresh payment would double-spend.
+- code:'NO_COMPATIBLE_ACCEPT' / 'UNSUPPORTED_SCHEME' \u2014 the 402 isn't payable on
+  your chain/scheme; \`explain\` says whether it's the wrong chain or a scheme to enable.
+
+## Knowing your leash \u2014 call piprail_budget
+piprail_budget tells you how much budget and time you have left, per
+(network, asset), plus your spend so far. Read-only; moves no funds. Use it in
+Mode A to self-check before paying.
+
+## Two modes
+- Mode A (headless, default): you run FREE inside a pre-set budget + time
+  envelope. The policy IS the consent \u2014 there is no per-payment prompt. Stay
+  inside it; piprail_budget shows what's left.
+- Mode B (supervised): the host may ask a human to approve each payment. A
+  decline/cancel/timeout comes back as declined:true (reasonCode:'APPROVAL') \u2014
+  do NOT retry it as if it were a transient error.
+
+## Hard facts
+- Spend caps are PER (network, asset). There is no single cross-token dollar cap \u2014
+  budgets aren't summed across tokens (no price oracle).
+- Spend totals and the time envelope live IN-MEMORY for THIS process; they reset on restart
+  (a convenience, not a durable ledger).
+`;
+function agentGuide() {
+  return PIPRAIL_AGENT_GUIDE;
+}
+
 // src/agent.ts
+var OPEN_OBJECT = { type: "object", additionalProperties: true };
 async function readBody(res) {
   const text = await res.text();
   if (!text) return null;
@@ -2674,6 +3235,7 @@ function paymentTools(client) {
         required: ["url"],
         additionalProperties: false
       },
+      outputSchema: OPEN_OBJECT,
       invoke: async (args) => {
         const quote = await client.quote(String(args.url));
         return quote ? { gated: true, ...quote } : { gated: false, url: String(args.url) };
@@ -2697,6 +3259,7 @@ function paymentTools(client) {
         required: ["url"],
         additionalProperties: false
       },
+      outputSchema: OPEN_OBJECT,
       invoke: async (args) => {
         const plan = await client.planPayment(String(args.url));
         if (plan == null) return { gated: false, url: String(args.url) };
@@ -2705,6 +3268,8 @@ function paymentTools(client) {
           payable: plan.payable,
           status: plan.status,
           fundingHint: plan.fundingHint,
+          // One model-readable line distilling the whole plan.
+          summary: summarizePlan(plan),
           best: plan.best ? {
             network: plan.best.accept.network,
             symbol: plan.best.quote.symbol,
@@ -2720,23 +3285,25 @@ function paymentTools(client) {
             blockers: o.blockers,
             warnings: o.warnings,
             recipientReady: o.recipient.ready
-          }))
+          })),
+          // The session's time leash, present only when a time policy is configured.
+          ...plan.session ? { session: plan.session } : {}
         };
       }
     },
     {
       name: "piprail_pay_request",
-      description: "Fetch an x402 payment-gated URL, automatically paying the required on-chain payment if needed (subject to the spend policy + approval hook). Returns the HTTP status, the response body, and a payment receipt if one settled. If the payment is refused by policy or the approval hook, returns { declined: true, reason } \u2014 no funds moved.",
+      description: "Fetch an x402 payment-gated URL, automatically making the required payment if needed (subject to the spend policy + approval hook). Pays whichever rail the client is configured for \u2014 PipRail's backendless on-chain rail, or, when enabled, the standard `exact` rail (where the buyer signs and the server settles, so no buyer gas). Returns the HTTP status, the response body, and a payment receipt if one settled. If the payment is refused by policy or the approval hook, returns { declined: true, reason } \u2014 no funds moved.",
       annotations: {
         title: "Pay an x402 request",
         readOnlyHint: false,
         // this is the one tool that MOVES FUNDS
         destructiveHint: true,
-        // an on-chain payment is value-moving and not reversible
+        // a payment is value-moving and not reversible
         idempotentHint: false,
         // paying twice = two payments
         openWorldHint: true
-        // fetches a URL and settles on-chain
+        // fetches a URL and settles a payment
       },
       parameters: {
         type: "object",
@@ -2778,8 +3345,20 @@ function paymentTools(client) {
             receipt: parseReceipt(res)
           };
         } catch (err) {
-          if (err instanceof PaymentDeclinedError) {
-            return { declined: true, reason: err.message };
+          if (err instanceof PipRailError) {
+            const out = {
+              ok: false,
+              code: err.code,
+              reason: err.message,
+              explain: explainDecline(err)
+            };
+            if (err instanceof PaymentDeclinedError) {
+              out.declined = true;
+              if (err.reasonCode) out.reasonCode = err.reasonCode;
+            }
+            const ref = err.ref;
+            if (typeof ref === "string") out.ref = ref;
+            return out;
           }
           throw err;
         }
@@ -2817,10 +3396,57 @@ function paymentTools(client) {
         const outcomes = await client.register(String(args.url), opts);
         return { outcomes };
       }
+    },
+    {
+      name: "piprail_budget",
+      description: "Read how much of your spend budget and time leash is left \u2014 per (network, asset) remaining, the session time envelope, and your spend so far. Use it in Mode A (headless) to self-check BEFORE paying, so you never discover the leash by hitting a decline. Read-only; moves no funds. NOTE: totals and the time envelope are in-memory for THIS process and reset on restart.",
+      annotations: {
+        title: "Check remaining budget",
+        readOnlyHint: true,
+        // reads the in-memory ledger + policy; never pays
+        idempotentHint: true
+        // a pure read
+      },
+      parameters: { type: "object", properties: {}, additionalProperties: false },
+      outputSchema: OPEN_OBJECT,
+      invoke: async () => {
+        const spent = client.spent();
+        const budget = client.budget();
+        return {
+          spent,
+          remaining: budget.byAsset,
+          session: budget.session,
+          report: formatSpendReport(spent)
+        };
+      }
+    },
+    {
+      name: "piprail_guide",
+      description: "Read the PipRail agent contract \u2014 the quote \u2192 plan \u2192 pay loop, how to read a refusal (and which declines are TERMINAL), the never-re-pay rule for broadcast-but-unconfirmed payments, and Mode A (headless) vs Mode B (supervised). Read-only; call it once if unsure how to use these tools.",
+      annotations: {
+        title: "How to use PipRail",
+        readOnlyHint: true,
+        idempotentHint: true
+      },
+      parameters: { type: "object", properties: {}, additionalProperties: false },
+      invoke: async () => ({ guide: PIPRAIL_AGENT_GUIDE })
     }
   ];
 }
 
+// src/classify.ts
+function classifyChallenge(challenge, opts) {
+  const accepts = challenge.accepts ?? [];
+  const offeredSchemes = [...new Set(accepts.map((a) => a.scheme))];
+  const offeredNetworks = [...new Set(accepts.map((a) => a.network))];
+  const onClientChain = accepts.some((a) => a.network === opts.network);
+  const payableScheme = accepts.some(
+    (a) => a.network === opts.network && opts.schemes.includes(a.scheme)
+  );
+  const verdict = accepts.length === 0 ? "NO_RAIL" : payableScheme ? "PAYABLE_RAIL" : onClientChain ? "UNPAYABLE_SCHEME" : "WRONG_CHAIN";
+  return { onClientChain, payableScheme, offeredSchemes, offeredNetworks, verdict };
+}
+
 // src/discovery.ts
 var GENERATOR = "@piprail/sdk \xB7 https://piprail.com";
 function buildBazaarExtension(descriptor = {}) {
@@ -3278,7 +3904,9 @@ function createPaymentGate(options) {
             amount: accept.amount,
             payTo: accept.payTo,
             maxTimeoutSeconds: accept.maxTimeoutSeconds,
-            extra: { name: accept.extra.name, version: accept.extra.version }
+            // name/version are OPTIONAL on the wire type (a foreign rail may omit them), but the
+            // gate's OWN exact rail always read them on-chain at resolution — so they're present here.
+            extra: { name: accept.extra.name ?? "", version: accept.extra.version ?? "" }
           },
           receipt: { network: accept.network, asset: accept.asset, payTo: accept.payTo, amount: accept.amount },
           payerHint: exact.payload.authorization.from
@@ -3364,6 +3992,7 @@ export {
   MissingDriverError,
   NoCompatibleAcceptError,
   NonReplayableBodyError,
+  PIPRAIL_AGENT_GUIDE,
   PaymentDeclinedError,
   PaymentTimeoutError,
   PipRailClient,
@@ -3372,11 +4001,14 @@ export {
   SettlementError,
   UnknownTokenError,
   UnsupportedNetworkError,
+  UnsupportedSchemeError,
   WrongChainError,
   WrongFamilyError,
+  agentGuide,
   buildBazaarExtension,
   buildChallengeHeader,
   buildExactAuthorization,
+  buildExactSignatureHeader,
   buildOpenApi,
   buildReceiptHeader,
   buildSignatureHeader,
@@ -3384,17 +4016,21 @@ export {
   buildX402DnsTxt,
   chainIdForExactNetwork,
   claim402IndexDomain,
+  classifyChallenge,
   createPaymentGate,
   decorateOutcome,
   eip3009Abi,
   encodeXPaymentHeader,
   evaluatePolicy,
+  explainDecline,
+  formatSpendReport,
   getDirectoryInfo,
   normalizeNetwork,
   parseChallenge,
   parseExactPaymentHeader,
   parseExactRequirements,
   parseReceipt,
+  parseSettleResponse,
   parseSignatureHeader,
   paymentTools,
   pickAccept,
@@ -3407,6 +4043,7 @@ export {
   resolveChain,
   searchOpenIndexes,
   settleViaFacilitator,
+  summarizePlan,
   toInsufficientFundsError,
   toInvalidBody,
   verify402IndexDomain