@piprail/sdk 1.14.0 → 1.15.0

package/dist/index.d.ts

@@ -4527,6 +4527,31 @@ interface PaymentPolicy {
      *  declined, because its true decimals can't be verified. When true, the
      *  server-stated decimals are trusted (the explicit, opt-in risk). */
     allowUnknownTokens?: boolean;
+    /**
+     * Session time-to-live in SECONDS, relative to session start (client
+     * construction). After the deadline EVERY payment is refused
+     * (`SESSION_EXPIRED`), regardless of amount — a headless agent's time leash.
+     * When both `ttlSeconds` and `expiresAt` are set, the EARLIER deadline wins.
+     * Opt-in; omit for no time limit (default). PROCESS-SCOPED — resets on restart.
+     */
+    ttlSeconds?: number;
+    /**
+     * Absolute session deadline as epoch MILLISECONDS (matches `Date.now()`).
+     * SDK-only — there is no MCP env knob (the MCP exposes only the relative-seconds
+     * `PIPRAIL_TTL`). A small value expires immediately BY DESIGN; it is NOT
+     * auto-corrected from seconds, so pass milliseconds. Opt-in; omit for no limit.
+     */
+    expiresAt?: number;
+    /**
+     * Rolling-window spend cap per (network, asset), in human units (e.g. '1.00').
+     * Refuses a payment that would push spend within the last {@link windowSeconds}
+     * past this cap (`OUTSIDE_WINDOW`) — a rate limit on top of the lifetime
+     * `maxTotal`. REQUIRED together with `windowSeconds`: setting one without the
+     * other is a config error (a half-armed leash is forbidden). Opt-in; heavier.
+     */
+    windowTotal?: string;
+    /** Rolling-window width in seconds for {@link windowTotal}. REQUIRED together with it. */
+    windowSeconds?: number;
 }
 /** What the policy reasons over — built by the client from the chosen accept. */
 interface PaymentIntent {
@@ -4545,19 +4570,50 @@ interface PaymentIntent {
     /** Did the driver's `describeAsset` recognise this asset? */
     recognized: boolean;
 }
+/**
+ * A typed, machine-readable code for WHICH guard refused a payment — set by
+ * `deny()` alongside the human `reason`, so the client routes a denial to the
+ * right {@link PayBlocker}/`reasonCode` WITHOUT substring-matching the prose
+ * (which would silently break on a wording tweak).
+ */
+type PolicyDenyCode = 'CHAIN' | 'HOST' | 'UNKNOWN_TOKEN' | 'TOKEN' | 'MAX_AMOUNT' | 'MAX_TOTAL' | 'SESSION_EXPIRED' | 'WINDOW_TOTAL';
 interface PolicyDecision {
     allowed: boolean;
     /** Why it was refused (only when `allowed === false`). */
     reason?: string;
+    /** Which guard fired, as a typed enum (only when `allowed === false`). */
+    code?: PolicyDenyCode;
+}
+/**
+ * INTERNAL — the injected clock + the pre-sliced per-asset window total the
+ * client builds for the otherwise-pure {@link evaluatePolicy}. NOT exported: the
+ * client is the only producer, and keeping it private de-risks a future
+ * fold-`spentForAssetBase`-into-ctx refactor. All time state is process-scoped.
+ */
+interface PolicyContext {
+    /** A single `Date.now()` captured per quote — the expiry check and the window edge share it. */
+    now: number;
+    /** Session clock origin (epoch-ms) = client construction. */
+    sessionStart: number;
+    /** Base units spent on THIS (network, asset) within the rolling window; `0n` when no window cap. */
+    spentInWindowBase: bigint;
 }
 /**
  * Evaluate a payment against the policy. `spentForAssetBase` is the running
  * total already spent on THIS (network, asset) — supplied by the client's
  * ledger — and powers the per-asset `maxTotal` cap.
  *
- * Checks run cheapest-first; the first failure wins so the reason is specific.
+ * The optional `ctx` carries the injected clock + the pre-sliced window total so
+ * this function stays PURE (no `Date.now()` inside). Omit `ctx` and no time check
+ * runs — behaviour is byte-identical to a time-free policy.
+ *
+ * Checks run in a pinned, deterministic order, first-failure-wins so the reason
+ * is specific: **session expiry → chains → hosts → unknown-token → tokens →
+ * maxAmount → maxTotal → windowTotal**. Expiry is first because it's
+ * session-global (not asset-scoped) — an expired session must always report
+ * expiry, not whichever other gate happens to also fail.
  */
-declare function evaluatePolicy(intent: PaymentIntent, policy: PaymentPolicy | undefined, spentForAssetBase: bigint): PolicyDecision;
+declare function evaluatePolicy(intent: PaymentIntent, policy: PaymentPolicy | undefined, spentForAssetBase: bigint, ctx?: PolicyContext): PolicyDecision;
 
 interface SpendRecord {
     url: string;
@@ -4708,6 +4764,9 @@ interface PipRailQuote {
     withinPolicy: boolean;
     /** Why the policy would refuse it (only when `withinPolicy === false`). */
     policyReason?: string;
+    /** The TYPED reason the policy refused it (only when `withinPolicy === false`) —
+     *  routes the denial to the right blocker/`reasonCode` without parsing prose. */
+    policyCode?: PolicyDenyCode;
 }
 /**
  * What `client.estimateCost(url)` returns: the priced payment requirement plus
@@ -4723,7 +4782,7 @@ interface PipRailCostQuote {
     cost: CostEstimate;
 }
 /** A hard reason a rail can't be settled right now — each maps to a concrete fix. */
-type PayBlocker = 'INSUFFICIENT_TOKEN' | 'INSUFFICIENT_GAS' | 'RECIPIENT_NOT_READY' | 'OUTSIDE_POLICY';
+type PayBlocker = 'INSUFFICIENT_TOKEN' | 'INSUFFICIENT_GAS' | 'RECIPIENT_NOT_READY' | 'OUTSIDE_POLICY' | 'OUTSIDE_WINDOW';
 /** A soft flag — never blocks, always worth surfacing to the agent. */
 type PayWarning = 'SYMBOL_MISMATCH' | 'BALANCE_UNREADABLE' | 'RECIPIENT_READINESS_UNKNOWN' | 'GAS_HEURISTIC' | 'THIN_GAS_MARGIN';
 /** One offered rail, fully analysed against the bound wallet's own holdings. */
@@ -4778,6 +4837,61 @@ interface PaymentPlan {
     options: PayOption[];
     /** When NOT payable: one human, actionable sentence on exactly what to do. */
     fundingHint: string | null;
+    /**
+     * Read-only TIME envelope — present ONLY when the policy configures one
+     * (`ttlSeconds`/`expiresAt`). Lets a headless (Mode A) agent SEE its remaining
+     * time leash before paying, rather than discovering it by hitting a decline.
+     *
+     * PROCESS-SCOPED: resets to a fresh window on restart; for crash-loop-resistant
+     * limits supply a pluggable durable store (the `isUsed`/`markUsed` analogue).
+     * `secondsRemaining` is a best-effort host wall-clock estimate, clamped ≥ 0.
+     */
+    session?: {
+        expiresAt: number | null;
+        secondsRemaining: number | null;
+    };
+}
+/**
+ * A read-only view of the spend leash for a Mode-A agent — `client.budget()`.
+ * Composes the in-memory ledger + the configured policy WITHOUT coupling them.
+ *
+ * PROCESS-SCOPED: every figure resets on restart — the session IS the process.
+ * For crash-loop-resistant limits supply a pluggable durable store (the
+ * `isUsed`/`markUsed` analogue). `secondsRemaining` is clamped ≥ 0.
+ */
+interface SessionBudget {
+    /** The session's time envelope (null fields when no `ttlSeconds`/`expiresAt`). */
+    session: {
+        /** Session start, ISO. */
+        start: string;
+        /** Deadline as ISO, or null when no time limit is configured. */
+        expiresAt: string | null;
+        /** Seconds until expiry (clamped ≥ 0), or null when no time limit. */
+        secondsRemaining: number | null;
+    };
+    /** Per-(network, asset) money leash — ONE row per pair the ledger has seen. */
+    byAsset: SpendRemaining[];
+}
+/**
+ * Per-(network, asset) remaining budget — the money half of the leash. One row
+ * per pair the LEDGER already holds (decimals are known only after the first
+ * spend), so a never-spent pair simply isn't a row. `cap`/`remaining` are
+ * `undefined` when no `policy.maxTotal` is set (unbounded). Never a cross-token
+ * sum — there is no price oracle.
+ */
+interface SpendRemaining {
+    network: Caip2;
+    asset: string;
+    symbol?: string;
+    decimals: number;
+    /** Base units spent so far on this pair. */
+    spentBase: string;
+    /** The `maxTotal` cap in base units; undefined when unbounded. */
+    capBase?: string;
+    /** `max(0, cap − spent)` in base units; undefined when unbounded. */
+    remainingBase?: string;
+    /** `remainingBase` in human units; undefined when unbounded. */
+    remainingFormatted?: string;
 }
 interface PipRailClientOptions {
     /** Wallet for the chosen chain family. */
@@ -4906,6 +5020,16 @@ declare class PipRailClient {
     private readonly ledger;
     private bound?;
     constructor(opts: PipRailClientOptions);
+    /**
+     * Fail LOUDLY at construction on a misconfigured time policy — a security
+     * boundary must never silently half-arm. Two invariants (a misconfiguration is
+     * a programmer error → `TypeError`, no new SDK error code):
+     *   - the rolling window needs BOTH `windowTotal` and `windowSeconds`, or NEITHER
+     *     (one alone is a leash that silently doesn't bite);
+     *   - `ttlSeconds` must be a positive, safe integer whose `*1000` deadline stays
+     *     within `Number.MAX_SAFE_INTEGER` (else the arithmetic would lose precision).
+     */
+    private assertPolicyTimeOptions;
     /** Emit an observability event, never letting a throwing handler break the
      * payment flow (mirrors the server gate's `onPaid` isolation). */
     private safeEmit;
@@ -4950,6 +5074,25 @@ declare class PipRailClient {
     /** Aggregated snapshot of every payment this client has settled — total
      *  count, cumulative spend per token, and the individual records. */
     spent(): SpendSummary;
+    /**
+     * Read-only budget + time leash for a Mode-A (headless) agent — the policy IS
+     * the consent, and this is how the agent SEES what's left of it before paying.
+     * Composes the in-memory ledger with the configured policy; never throws, moves
+     * no funds. PROCESS-SCOPED — every figure resets on restart (see {@link SessionBudget}).
+     */
+    budget(): SessionBudget;
+    /**
+     * Per-(network, asset) remaining budget — ONE row per pair the ledger already
+     * holds (decimals are known only after the first spend), so a fresh client with
+     * a `maxTotal` set returns `[]` until its first payment. `cap`/`remaining` are
+     * `undefined` when no `maxTotal` is configured (unbounded). Pure + in-memory;
+     * never throws, never sums across tokens (no price oracle). PROCESS-SCOPED.
+     */
+    remaining(): SpendRemaining[];
+    /** The read-only TIME envelope for the plan/budget surfaces, or `undefined`
+     *  when no session deadline (`ttlSeconds`/`expiresAt`) is set. `secondsRemaining`
+     *  is clamped ≥ 0 — a best-effort host wall-clock estimate. */
+    private sessionView;
     /**
      * Plan a payment for a gated URL — WITHOUT paying. The read-only completion of
      * the `quote()` → `estimateCost()` → **`planPayment()`** trio: it surveys every
@@ -5086,7 +5229,9 @@ declare class PipRailClient {
      *  driver's describeAsset) + the policy verdict + a symbol-mismatch flag. */
     private buildQuote;
     /** Enforce the spend policy and the onBeforePay hook — both refuse by
-     *  throwing PaymentDeclinedError, before any funds move. */
+     *  throwing PaymentDeclinedError, before any funds move. Every refusal carries
+     *  a typed `reasonCode` so an agent can branch on the cause (and spot a
+     *  TERMINAL expiry/approval decline it must not retry) without parsing prose. */
     private authorize;
     /** Record a settled payment in the ledger (true decimals for the running total). */
     private recordSpend;
@@ -5151,11 +5296,15 @@ interface AgentTool {
     parameters: Record<string, unknown>;
     /** Advisory MCP-style hints about the tool's nature (read-only, value-moving, …). */
     annotations?: ToolAnnotations;
+    /** Optional JSON Schema (draft-07 object) for the tool's RESULT — declared only
+     *  on stable read-only tools so a strict client can validate `structuredContent`.
+     *  Kept OPEN (no `additionalProperties:false`) so additive fields never break it. */
+    outputSchema?: Record<string, unknown>;
     /** Execute the tool. Returns a JSON-serialisable result. */
     invoke: (args: Record<string, unknown>) => Promise<unknown>;
 }
 /**
- * Five tools wrapping a configured {@link PipRailClient}:
+ * Seven tools wrapping a configured {@link PipRailClient}:
  *   - `piprail_discover(query?)` — FIND payable resources on the open x402
  *     indexes, WITHOUT paying (the phone book — solves "what can I buy?").
  *   - `piprail_quote_payment(url)` — price a gated URL WITHOUT paying.
@@ -5164,12 +5313,89 @@ interface AgentTool {
  *   - `piprail_pay_request(url, method?, body?)` — pay if needed and return the result.
  *   - `piprail_register(url, …)` — LIST a resource you run on the open indexes so
  *     other agents can find it (402 Index, no signature).
+ *   - `piprail_budget()` — read the remaining spend budget + time leash (Mode A self-check).
+ *   - `piprail_guide()` — read the agent contract (how to quote/plan/pay + read a refusal).
  *
- * A policy/approval refusal comes back as a structured `{ declined: true, reason }`
- * (not a thrown error), so the model can reason about it instead of crashing.
+ * The first five are byte-identical in name + order to before; the two read-only
+ * tools are appended LAST. EVERY failure the pay tool sees comes back as a
+ * STRUCTURED object (`{ ok:false, code, reason, explain, ref?, reasonCode?,
+ * declined? }`) — never a thrown error — so the model reasons about it (and never
+ * re-pays a broadcast-but-unconfirmed payment) instead of crashing.
  */
 declare function paymentTools(client: PipRailClient): AgentTool[];
 
+/**
+ * One line summarising a {@link PaymentPlan} for a model: what's payable, on which
+ * chain, the gas, and how many other rails aren't settleable. `null` (the URL
+ * isn't gated) → "no payment required".
+ */
+declare function summarizePlan(plan: PaymentPlan | null): string;
+/**
+ * One line a model can act on for any failure. For a {@link PipRailError} it
+ * switches on the stable `.code`; the broadcast-but-unconfirmed codes
+ * (`PAYMENT_TIMEOUT`, `MAX_RETRIES_EXCEEDED`, `CONFIRMATION_TIMEOUT`) carry the
+ * load-bearing recovery rule — **recover via `.ref`, never re-pay** (a fresh
+ * payment would double-spend). A non-PipRailError → `'Payment failed: <message>'`.
+ */
+declare function explainDecline(err: unknown): string;
+/**
+ * One line summarising spend so far, per (network, asset) — NEVER a single
+ * cross-token figure (there is no price oracle). Count 0 → "no payments yet".
+ *
+ * NOTE: spend totals are in-memory for THIS process and reset on restart — a
+ * convenience, not a durable ledger.
+ */
+declare function formatSpendReport(summary: SpendSummary): string;
+
+/**
+ * The PipRail agent contract, distilled into one string an LLM can read once and
+ * use the tools correctly with near-zero other docs. PURE — a static constant, no
+ * imports, no I/O. Exposed to MCP clients as a prompt + resource, and reachable
+ * from the tool layer so a headless (non-MCP) agent can prepend it to its system
+ * prompt.
+ *
+ * Keep it tight, concrete, and tool-name-accurate — an agent will trust it
+ * literally, so a wrong name or order actively misleads. A test pins the load-
+ * bearing phrases.
+ */
+declare const PIPRAIL_AGENT_GUIDE = "# Paying with PipRail \u2014 the agent contract\n\nYou can pay for x402 \"402 Payment Required\" resources autonomously. Money moves\nstraight from your wallet to the server; PipRail custodies nothing. Follow this.\n\n## The loop: quote \u2192 plan \u2192 pay\n1. piprail_quote_payment(url) \u2014 PRICE it. Returns the amount, token, chain, and\n   whether it is within your spend policy. No funds move. Use it to decide if a\n   resource is worth buying.\n2. piprail_plan_payment(url) \u2014 can I afford it NOW? Reads your balance, native gas,\n   and recipient-readiness across every rail, and returns { payable, best,\n   fundingHint, session? }. If payable is false, do NOT attempt the payment \u2014\n   fundingHint says exactly what to fix.\n3. piprail_pay_request(url, method?, body?) \u2014 PAY (only if the plan was payable)\n   and return the result.\nAlways plan before you pay so you never commit to a payment you cannot finish.\n\n## Reading a refusal \u2014 never crash, never double-spend\nA failed pay returns a STRUCTURED object, never a thrown error you must catch:\n  { ok:false, code, reason, explain, ref?, reasonCode?, declined? }\nBranch on `code` (always reliable). Key cases:\n- declined:true with reasonCode:'SESSION_EXPIRED' \u2014 your time budget is over. This\n  is TERMINAL: STOP. Do not retry ANY payment this process; it cannot be undone\n  without a restart / a longer TTL.\n- declined:true with reasonCode:'APPROVAL' \u2014 a human (or hook) declined this\n  payment. Terminal for this pay: do NOT auto-retry \u2014 they said no, or no one\n  answered.\n- declined:true with reasonCode:'OUTSIDE_WINDOW' \u2014 your rolling rate-limit is\n  exhausted. Wait for it to free, then retry; do not raise the amount.\n- declined:true with reasonCode:'POLICY' or 'BUDGET' \u2014 a spend cap or allowlist\n  refused it. Don't retry the same payment; pick a cheaper/allowed one.\n- code:'INSUFFICIENT_FUNDS' \u2014 top up the wallet (token and/or native gas), retry.\n- code:'PAYMENT_TIMEOUT' / 'MAX_RETRIES_EXCEEDED' / 'CONFIRMATION_TIMEOUT' \u2014 the\n  payment may ALREADY be on-chain. Recover using the proof on `.ref` (re-verify\n  or re-submit it); never re-pay \u2014 a fresh payment would double-spend.\n- code:'NO_COMPATIBLE_ACCEPT' / 'UNSUPPORTED_SCHEME' \u2014 the 402 isn't payable on\n  your chain/scheme; `explain` says whether it's the wrong chain or a scheme to enable.\n\n## Knowing your leash \u2014 call piprail_budget\npiprail_budget tells you how much budget and time you have left, per\n(network, asset), plus your spend so far. Read-only; moves no funds. Use it in\nMode A to self-check before paying.\n\n## Two modes\n- Mode A (headless, default): you run FREE inside a pre-set budget + time\n  envelope. The policy IS the consent \u2014 there is no per-payment prompt. Stay\n  inside it; piprail_budget shows what's left.\n- Mode B (supervised): the host may ask a human to approve each payment. A\n  decline/cancel/timeout comes back as declined:true (reasonCode:'APPROVAL') \u2014\n  do NOT retry it as if it were a transient error.\n\n## Hard facts\n- Spend caps are PER (network, asset). There is no single cross-token dollar cap \u2014\n  budgets aren't summed across tokens (no price oracle).\n- Spend totals and the time envelope live IN-MEMORY for THIS process; they reset on restart\n  (a convenience, not a durable ledger).\n";
+/** Returns {@link PIPRAIL_AGENT_GUIDE} (a parity accessor for callers that prefer a function). */
+declare function agentGuide(): string;
+
+/**
+ * Scheme/chain triage for an x402 challenge — a pure, never-throwing read that
+ * tells an agent WHY a 402 might be unpayable: "wrong chain" vs "the scheme isn't
+ * enabled" vs "no rail at all". Stops those three very different fixes from being
+ * conflated into one opaque `NO_COMPATIBLE_ACCEPT`.
+ *
+ * PURE: imports only types (`./x402.js`, `./client.js`) — zero chain libraries,
+ * zero I/O. Feed it a challenge you already parsed (`parseChallenge`) plus your
+ * client's bound network + enabled schemes.
+ */
+
+/** The verdict of a challenge triage — what's standing between you and paying. */
+type ChallengeVerdict = 'PAYABLE_RAIL' | 'UNPAYABLE_SCHEME' | 'WRONG_CHAIN' | 'NO_RAIL';
+interface ChallengeTriage {
+    /** Does any offered rail sit on the client's bound network? */
+    onClientChain: boolean;
+    /** Does any rail on the client's network use an enabled scheme? */
+    payableScheme: boolean;
+    /** The distinct schemes the challenge offers. */
+    offeredSchemes: PaymentScheme[];
+    /** The distinct networks the challenge offers. */
+    offeredNetworks: Caip2[];
+    /** The one-word verdict. */
+    verdict: ChallengeVerdict;
+}
+/**
+ * Bucket `challenge.accepts[]` by (network === `opts.network`) and
+ * (scheme ∈ `opts.schemes`) and return the verdict. Never throws.
+ */
+declare function classifyChallenge(challenge: X402Challenge, opts: {
+    network: Caip2;
+    schemes: readonly PaymentScheme[];
+}): ChallengeTriage;
+
 /**
  * Discovery — make a gated resource FINDABLE, by emitting the open-standard
  * artifacts a crawler/index reads. PURE: this file turns the config a gate
@@ -5772,15 +5998,41 @@ declare class MaxRetriesExceededError extends PipRailError {
         ref?: string;
     });
 }
+/**
+ * A typed, machine-readable discriminator on a {@link PaymentDeclinedError} so an
+ * agent can branch on WHY a payment was refused WITHOUT regexing the human
+ * message. It's a HINT layered on top of the always-reliable `.code`
+ * (`'PAYMENT_DECLINED'`) — the two-channel error model is unchanged; this adds NO
+ * new `.code`. Values:
+ *   - `'POLICY'`         — a chain/host/token/per-payment cap refused it.
+ *   - `'BUDGET'`         — the per-(network,asset) lifetime `maxTotal` cap.
+ *   - `'OUTSIDE_WINDOW'` — the rolling `windowTotal` cap (wait for it to slide).
+ *   - `'SESSION_EXPIRED'`— the session TTL elapsed. **TERMINAL** — every payment
+ *                          this process is now refused; do NOT retry, restart/extend the TTL.
+ *   - `'APPROVAL'`       — an `onBeforePay` approval hook said no (e.g. an MCP
+ *                          human-in-the-loop decline). Terminal for this pay — do NOT auto-retry.
+ */
+type DeclineReasonCode = 'POLICY' | 'BUDGET' | 'OUTSIDE_WINDOW' | 'SESSION_EXPIRED' | 'APPROVAL';
 /**
  * The client refused to pay BEFORE any on-chain send — the quoted payment
- * exceeded the configured {@link PaymentPolicy} (amount/total ceiling, or a
- * chain/token/host outside the allowlist), or an `onBeforePay` hook returned
- * `false`. No funds moved. The message names which guard fired; inspect the
- * `quote` via `client.quote(url)` to see the full breakdown.
+ * exceeded the configured {@link PaymentPolicy} (amount/total ceiling, a
+ * chain/token/host outside the allowlist, or the session's time envelope), or an
+ * `onBeforePay` hook returned `false`. No funds moved. The message names which
+ * guard fired; inspect the `quote` via `client.quote(url)` to see the full
+ * breakdown.
+ *
+ * `.reasonCode` is an optional, typed {@link DeclineReasonCode} the client stamps
+ * so an agent can branch on the cause (and spot a TERMINAL `'SESSION_EXPIRED'` /
+ * `'APPROVAL'` it must not retry) without parsing the prose. `.code` stays
+ * `'PAYMENT_DECLINED'`.
  */
 declare class PaymentDeclinedError extends PipRailError {
     readonly code = "PAYMENT_DECLINED";
+    /** Why it was declined, as a typed enum (a hint; `.code` is the reliable channel). */
+    readonly reasonCode?: DeclineReasonCode;
+    constructor(message: string, options?: ErrorOptions & {
+        reasonCode?: DeclineReasonCode;
+    });
 }
 /**
  * The payment broadcast but didn't confirm within the driver's polling window
@@ -6125,4 +6377,4 @@ declare function readExactDomain(publicClient: PublicClient, asset: string): Pro
     version: string;
 } | null>;
 
-export { type AcceptOption, type AddressId, type AgentTool, type AlgorandToken, type AptosToken, type AssetId, type BazaarExtension, type BuildExactParams, CHAINS, type Caip2, type ChainFamily, type ChainInput, type ChainName, type ChainPreset, type ChainSelector, type ConfirmInfo, ConfirmationTimeoutError, type CostEstimate, DIRECTORY_INFO, type DirectoryInfo, type DiscoverOptions, type DiscoveredRail, type DiscoveredResource, type DiscoveryDescriptor, type DiscoverySigner, type DiscoverySource, type DomainClaim, type DomainVerification, EIP3009_TYPES, EXACT_NETWORK_SLUGS, type EvmToken, type ExactAccept, type ExactAuthorization, type ExactAuthorizationWire, type ExactPaymentPayload, type ExactRailOption, type ExpressLikeMiddleware, type ExpressLikeNext, type ExpressLikeRequest, type ExpressLikeResponse, type FacilitatorConfig, type FacilitatorPaymentRequirements, GENERATOR, HEADER_REQUIRED, HEADER_RESPONSE, HEADER_RESPONSE_V1, HEADER_SIGNATURE, HEADER_SIGNATURE_V1, InsufficientFundsError, InvalidEnvelopeError, type ListingVisibility, type ManifestInput, MaxRetriesExceededError, MissingDriverError, type NearToken, NoCompatibleAcceptError, NonReplayableBodyError, type OpenApiDocument, type OpenApiOperation, type ParsedExactPayment, type PayBlocker, type PayOption, type PayWarning, PaymentDeclinedError, type PaymentDriver, type PaymentGate, type PaymentIntent, type PaymentPlan, type PaymentPolicy, type PaymentRail, type PaymentScheme, PaymentTimeoutError, PipRailClient, type PipRailClientOptions, type PipRailCostQuote, PipRailError, type PipRailEvent, type PipRailQuote, type PolicyDecision, RecipientNotReadyError, type RecipientReason, type RegisterInput, type RegisterOptions, type RegisterOutcome, type RequirePaymentOptions, type ResolveOptions, type ResolvedChain, type ResolvedNetwork, type ResolvedToken, type ResourceDescription, type SearchOpenIndexesOptions, type SettleOutcome, type SettleViaFacilitatorInput, SettlementError, type SolanaToken, type SpendAssetTotal, type SpendRecord, type SpendSummary, type StellarToken, type SuiToken, type TokenInfo, type TokenInput, type TonToken, type ToolAnnotations, type TronToken, UnknownTokenError, UnsupportedNetworkError, UnsupportedSchemeError, type VerifyErrorCode, type VerifyPaymentResult, type VerifyResult, type WalletBalance, type WalletHandle, type WalletInput, type WellKnownX402, WrongChainError, WrongFamilyError, type X402AcceptEntry, type X402AnyAccept, type X402Challenge, type X402DnsRecord, type X402ExactAcceptEntry, type X402InvalidBody, type X402PaymentSignature, type X402Receipt, type X402ResourceObject, type XrplToken, buildBazaarExtension, buildChallengeHeader, buildExactAuthorization, buildExactSignatureHeader, buildOpenApi, buildReceiptHeader, buildSignatureHeader, buildWellKnownX402, buildX402DnsTxt, chainIdForExactNetwork, claim402IndexDomain, createPaymentGate, decorateOutcome, eip3009Abi, encodeXPaymentHeader, evaluatePolicy, getDirectoryInfo, normalizeNetwork, parseChallenge, parseExactPaymentHeader, parseExactRequirements, parseReceipt, parseSettleResponse, parseSignatureHeader, paymentTools, pickAccept, planAcross, readExactDomain, register402Index, registerDriver, registerX402Scan, requirePayment, resolveChain, searchOpenIndexes, settleViaFacilitator, toInsufficientFundsError, toInvalidBody, verify402IndexDomain };
+export { type AcceptOption, type AddressId, type AgentTool, type AlgorandToken, type AptosToken, type AssetId, type BazaarExtension, type BuildExactParams, CHAINS, type Caip2, type ChainFamily, type ChainInput, type ChainName, type ChainPreset, type ChainSelector, type ChallengeTriage, type ChallengeVerdict, type ConfirmInfo, ConfirmationTimeoutError, type CostEstimate, DIRECTORY_INFO, type DeclineReasonCode, type DirectoryInfo, type DiscoverOptions, type DiscoveredRail, type DiscoveredResource, type DiscoveryDescriptor, type DiscoverySigner, type DiscoverySource, type DomainClaim, type DomainVerification, EIP3009_TYPES, EXACT_NETWORK_SLUGS, type EvmToken, type ExactAccept, type ExactAuthorization, type ExactAuthorizationWire, type ExactPaymentPayload, type ExactRailOption, type ExpressLikeMiddleware, type ExpressLikeNext, type ExpressLikeRequest, type ExpressLikeResponse, type FacilitatorConfig, type FacilitatorPaymentRequirements, GENERATOR, HEADER_REQUIRED, HEADER_RESPONSE, HEADER_RESPONSE_V1, HEADER_SIGNATURE, HEADER_SIGNATURE_V1, InsufficientFundsError, InvalidEnvelopeError, type ListingVisibility, type ManifestInput, MaxRetriesExceededError, MissingDriverError, type NearToken, NoCompatibleAcceptError, NonReplayableBodyError, type OpenApiDocument, type OpenApiOperation, PIPRAIL_AGENT_GUIDE, type ParsedExactPayment, type PayBlocker, type PayOption, type PayWarning, PaymentDeclinedError, type PaymentDriver, type PaymentGate, type PaymentIntent, type PaymentPlan, type PaymentPolicy, type PaymentRail, type PaymentScheme, PaymentTimeoutError, PipRailClient, type PipRailClientOptions, type PipRailCostQuote, PipRailError, type PipRailEvent, type PipRailQuote, type PolicyDecision, type PolicyDenyCode, RecipientNotReadyError, type RecipientReason, type RegisterInput, type RegisterOptions, type RegisterOutcome, type RequirePaymentOptions, type ResolveOptions, type ResolvedChain, type ResolvedNetwork, type ResolvedToken, type ResourceDescription, type SearchOpenIndexesOptions, type SessionBudget, type SettleOutcome, type SettleViaFacilitatorInput, SettlementError, type SolanaToken, type SpendAssetTotal, type SpendRecord, type SpendRemaining, type SpendSummary, type StellarToken, type SuiToken, type TokenInfo, type TokenInput, type TonToken, type ToolAnnotations, type TronToken, UnknownTokenError, UnsupportedNetworkError, UnsupportedSchemeError, type VerifyErrorCode, type VerifyPaymentResult, type VerifyResult, type WalletBalance, type WalletHandle, type WalletInput, type WellKnownX402, WrongChainError, WrongFamilyError, type X402AcceptEntry, type X402AnyAccept, type X402Challenge, type X402DnsRecord, type X402ExactAcceptEntry, type X402InvalidBody, type X402PaymentSignature, type X402Receipt, type X402ResourceObject, type XrplToken, agentGuide, buildBazaarExtension, buildChallengeHeader, buildExactAuthorization, buildExactSignatureHeader, buildOpenApi, buildReceiptHeader, buildSignatureHeader, buildWellKnownX402, buildX402DnsTxt, chainIdForExactNetwork, claim402IndexDomain, classifyChallenge, createPaymentGate, decorateOutcome, eip3009Abi, encodeXPaymentHeader, evaluatePolicy, explainDecline, formatSpendReport, getDirectoryInfo, normalizeNetwork, parseChallenge, parseExactPaymentHeader, parseExactRequirements, parseReceipt, parseSettleResponse, parseSignatureHeader, paymentTools, pickAccept, planAcross, readExactDomain, register402Index, registerDriver, registerX402Scan, requirePayment, resolveChain, searchOpenIndexes, settleViaFacilitator, summarizePlan, toInsufficientFundsError, toInvalidBody, verify402IndexDomain };