npm - @piprail/sdk - Versions diffs - 1.20.0 → 1.21.0 - Mend

@piprail/sdk 1.20.0 → 1.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/CHANGELOG.md +61 -0
package/dist/index.cjs +142 -68
package/dist/index.d.cts +117 -36
package/dist/index.d.ts +117 -36
package/dist/index.js +133 -59
package/dist/solana-4EMMGGDR.js +715 -0
package/dist/solana-CCVSMOKS.cjs +715 -0
package/package.json +1 -1
package/dist/solana-MPPE6K24.cjs +0 -364
package/dist/solana-WDKWWF33.js +0 -364

package/dist/index.js CHANGED Viewed

@@ -533,6 +533,37 @@ var EXACT_NETWORK_SLUGS = {
 function chainIdForExactNetwork(slug) {
   return EXACT_NETWORK_SLUGS[slug] ?? null;
 }
+async function resolveExactRailEvm(input) {
+  const { asset, method, readDomain, permit2Supported } = input;
+  if (asset === "native") return null;
+  const want = method === "eip3009" || method === "permit2" ? method : "auto";
+  let chosen;
+  let extra = {};
+  if (want === "permit2") {
+    chosen = "permit2";
+  } else {
+    const d = await readDomain(asset);
+    if (d) {
+      chosen = "eip3009";
+      extra = { name: d.name, version: d.version };
+    } else if (want === "eip3009") {
+      throw new Error(
+        `requirePayment: exact \`method: 'eip3009'\` requested for ${asset}, but it isn't an EIP-3009 token (no name()/version()/authorizationState). Use \`method: 'permit2'\` (any ERC-20, e.g. Binance-Peg USDC on BNB) or \`'auto'\`. (Or check your rpcUrl is reachable.)`
+      );
+    } else {
+      chosen = "permit2";
+    }
+  }
+  if (chosen === "permit2" && !permit2Supported()) {
+    if (method === "permit2") {
+      throw new Error(
+        `requirePayment: exact \`method: 'permit2'\` needs the x402 Permit2 proxy deployed on this chain, but it isn't there. Offer an EIP-3009 token (gasless, no proxy), or drop \`exact\` on this chain. (See PERMIT2_PROXY_CHAIN_IDS.)`
+      );
+    }
+    return null;
+  }
+  return { method: chosen, extra };
+}
 var EIP3009_TYPES = {
   TransferWithAuthorization: [
     { name: "from", type: "address" },
@@ -1417,11 +1448,14 @@ function parseExactPaymentHeader(value) {
   if (typeof network !== "string") return null;
   const payload = v.payload;
   if (!payload || typeof payload !== "object") return null;
-  const signature = payload.signature;
-  if (typeof signature !== "string") return null;
   const x402Version = typeof v.x402Version === "number" ? v.x402Version : 2;
   const asset = accepted && typeof accepted.asset === "string" ? accepted.asset : void 0;
   const base2 = { x402Version, network, ...asset ? { asset } : {}, raw: v };
+  if (typeof payload.transaction === "string") {
+    return { ...base2, method: "svm", payload: { transaction: payload.transaction } };
+  }
+  const signature = payload.signature;
+  if (typeof signature !== "string") return null;
   const authorization = payload.authorization;
   if (authorization && typeof authorization === "object") {
     for (const k of ["from", "to", "value", "validAfter", "validBefore", "nonce"]) {
@@ -1708,6 +1742,16 @@ function makeEvmNetwork(resolved) {
     exactPermit2Supported() {
       return isPermit2ProxyChain(resolved.chainId);
     },
+    // The gate's rail-advertisement SPI — EIP-3009 vs Permit2 selection (the pure helper),
+    // injecting the on-chain domain read + the Permit2 proxy-presence check.
+    async resolveExactRail({ asset, method }) {
+      return resolveExactRailEvm({
+        asset,
+        method,
+        readDomain: (a) => readExactDomain(publicClient, a),
+        permit2Supported: () => isPermit2ProxyChain(resolved.chainId)
+      });
+    },
     async settleExactSelf({ relayer, payload, accept }) {
       const a = relayer._native;
       if ("permit2Authorization" in payload) {
@@ -1720,6 +1764,9 @@ function makeEvmNetwork(resolved) {
           accept
         });
       }
+      if ("transaction" in payload) {
+        return { ok: false, error: "signature_invalid", detail: "An SVM (Solana) payload was submitted to an EVM exact rail." };
+      }
       return verifyAndSettleExactEvm({
         publicClient,
         walletClient: a.walletClient,
@@ -1744,7 +1791,7 @@ var loaders = {
   solana: async () => {
     let mod;
     try {
-      mod = await import("./solana-WDKWWF33.js");
+      mod = await import("./solana-4EMMGGDR.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Solana selected, but its packages aren't installed. Run: npm install @solana/web3.js @solana/spl-token bs58`,
@@ -2770,7 +2817,7 @@ var PipRailClient = class {
    *   before publishing, so retry with a brief backoff if a fresh listing is missing.
    * - Results are cross-scheme (mostly the mainstream `exact` scheme); `fetch()` pays
    *   `onchain-proof` rails by default, and standard `exact` rails too once you opt in
-   *   with `schemes: ['onchain-proof', 'exact']` (EVM + EIP-3009 — USDC/EURC).
+   *   with `schemes: ['onchain-proof', 'exact']` (EVM EIP-3009/Permit2 + Solana SVM).
    */
   async discover(opts = {}) {
     const found = await searchOpenIndexes({
@@ -2955,7 +3002,7 @@ var PipRailClient = class {
       );
       if (schemes.includes("exact") && exactOnNet && typeof net.payExact !== "function") {
         throw new UnsupportedSchemeError(
-          `This 402 offers a standard 'exact' rail on ${net.network}, but the ${net.family} family can't pay 'exact' (EVM + EIP-3009 only), and no 'onchain-proof' rail was offered.`
+          `This 402 offers a standard 'exact' rail on ${net.network}, but the ${net.family} family can't pay 'exact' (supported on EVM + Solana today), and no 'onchain-proof' rail was offered.`
         );
       }
       if (!schemes.includes("exact") && exactOnNet && typeof net.payExact === "function") {
@@ -3335,7 +3382,7 @@ var PipRailClient = class {
   async payExactRail(net, wallet, accept, url, init, quote) {
     if (!net.payExact) {
       throw new UnsupportedSchemeError(
-        `the ${net.family} family can't pay a standard 'exact' rail (EVM + EIP-3009 only).`
+        `the ${net.family} family can't pay a standard 'exact' rail (supported on EVM + Solana today).`
       );
     }
     throwIfAborted(init?.signal);
@@ -4012,6 +4059,24 @@ function buildX402DnsTxt(input) {
 }
 // src/facilitator.ts
+async function fetchFacilitatorFeePayer(url, network, timeoutMs = 8e3) {
+  const base2 = url.replace(/\/+$/, "");
+  const ctrl = new AbortController();
+  const timer = setTimeout(() => ctrl.abort(), timeoutMs);
+  try {
+    const res = await fetch(`${base2}/supported`, { signal: ctrl.signal });
+    if (!res.ok) return void 0;
+    const body = await res.json();
+    const kinds = Array.isArray(body?.kinds) ? body.kinds : [];
+    const kind = kinds.find((k) => k?.scheme === "exact" && k?.network === network);
+    const fp = kind?.extra?.feePayer;
+    return typeof fp === "string" ? fp : void 0;
+  } catch {
+    return void 0;
+  } finally {
+    clearTimeout(timer);
+  }
+}
 function safeStringify(value) {
   return JSON.stringify(value, (_k, v) => typeof v === "bigint" ? v.toString() : v);
 }
@@ -4153,7 +4218,7 @@ function createPaymentGate(options) {
       );
       if (options.exact && !specs.some((s) => s.exact)) {
         throw new Error(
-          "requirePayment: `exact` was requested but none of the offered rails support it. The standard `exact` rail is EVM ERC-20 only \u2014 EIP-3009 (USDC / EURC) or Permit2 (any ERC-20, e.g. Binance-Peg USDC on BNB) \u2014 NOT native coins, NOT non-EVM chains. Offer an EVM ERC-20 token, or drop `exact`."
+          "requirePayment: `exact` was requested but none of the offered rails support it. The standard `exact` rail is EVM ERC-20 (EIP-3009 \u2014 USDC / EURC \u2014 or Permit2, e.g. Binance-Peg USDC on BNB) or a Solana SPL token (SVM) \u2014 NOT native coins, NOT families without a standard `exact` scheme. Offer an EVM ERC-20 / Solana SPL token, or drop `exact`."
         );
       }
       return specs;
@@ -4166,63 +4231,51 @@ function createPaymentGate(options) {
   }
   async function resolveExactRail(net, asset) {
     const cfg = options.exact;
-    if (net.family !== "evm" || asset === "native" || !net.settleExactSelf) {
-      return void 0;
-    }
-    const want = cfg.method ?? "auto";
-    let method;
-    let domain;
-    if (want === "permit2") {
-      method = "permit2";
-    } else {
-      const d = net.exactDomain ? await net.exactDomain(asset) : null;
-      if (d) {
-        method = "eip3009";
-        domain = d;
-      } else if (want === "eip3009") {
-        throw new Error(
-          `requirePayment: exact \`method: 'eip3009'\` requested for ${asset} on ${net.network}, but it isn't an EIP-3009 token (no name()/version()/authorizationState). Use \`method: 'permit2'\` (any ERC-20, e.g. Binance-Peg USDC on BNB) or \`'auto'\`. (Or check your rpcUrl is reachable.)`
-        );
-      } else {
-        method = "permit2";
-      }
-    }
-    if (method === "permit2" && !(net.exactPermit2Supported?.() ?? false)) {
-      if (cfg.method === "permit2") {
-        throw new Error(
-          `requirePayment: exact \`method: 'permit2'\` needs the x402 Permit2 proxy deployed on ${net.network}, but it isn't there. Offer an EIP-3009 token (gasless, no proxy), or drop \`exact\` on this chain. (See PERMIT2_PROXY_CHAIN_IDS.)`
-        );
-      }
-      return void 0;
-    }
+    if (!net.resolveExactRail) return void 0;
+    let relayer;
+    let feePayer;
     if (cfg.settle === "self") {
       if (cfg.relayer === void 0) {
         throw new Error(
           "requirePayment: exact `settle: 'self'` needs a `relayer` wallet (the gas-paying key that broadcasts the settle), e.g. exact: { settle: 'self', relayer: { privateKey } }."
         );
       }
-      const relayer = net.bindWallet(cfg.relayer);
-      return { method, ...domain ? { domain } : {}, mode: { kind: "self", relayer } };
-    }
-    return {
-      method,
-      ...domain ? { domain } : {},
-      mode: {
-        kind: "facilitator",
-        url: cfg.settle.facilitator,
-        ...cfg.settle.authHeaders ? { authHeaders: cfg.settle.authHeaders } : {}
-      }
+      relayer = net.bindWallet(cfg.relayer);
+    } else {
+      feePayer = cfg.settle.feePayer;
+    }
+    const method = cfg.method ?? "auto";
+    let info = await net.resolveExactRail({ asset, method, relayer, feePayer });
+    if (!info && cfg.settle !== "self" && !feePayer) {
+      const discovered = await fetchFacilitatorFeePayer(cfg.settle.facilitator, net.network);
+      if (discovered) info = await net.resolveExactRail({ asset, method, relayer, feePayer: discovered });
+    }
+    if (!info) return void 0;
+    const mode = cfg.settle === "self" ? { kind: "self", relayer } : {
+      kind: "facilitator",
+      url: cfg.settle.facilitator,
+      ...cfg.settle.authHeaders ? { authHeaders: cfg.settle.authHeaders } : {}
     };
+    return { method: info.method, ...info.extra ? { extra: info.extra } : {}, mode };
   }
   const hasCustomStore = Boolean(options.isUsed || options.markUsed);
-  const localUsed = /* @__PURE__ */ new Set();
+  const localUsed = /* @__PURE__ */ new Map();
+  const replayWindowMs = maxTimeoutSeconds * 1e3;
+  function pruneUsed(now) {
+    for (const [key, expiry] of localUsed) {
+      if (expiry > now) break;
+      localUsed.delete(key);
+    }
+  }
   async function claimTx(ref) {
     if (hasCustomStore) {
       return options.isUsed ? Boolean(await options.isUsed(ref)) : false;
     }
     const key = ref.toLowerCase();
+    const now = Date.now();
+    pruneUsed(now);
     if (localUsed.has(key)) return true;
-    localUsed.add(key);
+    localUsed.set(key, now + replayWindowMs);
     return false;
   }
   async function settleTx(ref, ok) {
@@ -4260,11 +4313,11 @@ function createPaymentGate(options) {
       maxTimeoutSeconds,
       extra: {
         assetTransferMethod: rail.method,
-        ...rail.domain ? { name: rail.domain.name, version: rail.domain.version } : {},
         minConfirmations,
         decimals: s.decimals,
         amountFormatted: s.amountFormatted,
-        ...s.symbol ? { symbol: s.symbol } : {}
+        ...s.symbol ? { symbol: s.symbol } : {},
+        ...rail.extra
       }
     };
   }
@@ -4382,7 +4435,13 @@ function createPaymentGate(options) {
     }
     const ref = sig.payload.txHash;
     if (await claimTx(ref)) return rejection("tx_already_used", `Proof ${ref} was already redeemed.`);
-    const result = await spec.net.verify(ref, buildAccept(spec, sig.payload.nonce));
+    let result;
+    try {
+      result = await spec.net.verify(ref, buildAccept(spec, sig.payload.nonce));
+    } catch (err) {
+      await settleTx(ref, false);
+      throw err;
+    }
     if (!result.ok) {
       await settleTx(ref, false);
       return rejection(result.error, result.detail);
@@ -4411,10 +4470,23 @@ function createPaymentGate(options) {
         `No \`exact\` rail offered for ${exact.network}${exact.asset ? `/${exact.asset}` : ""} (offered: ${exactSpecs.map((s) => `${s.asset}@${s.net.network}`).join(", ")}).`
       );
     }
-    const auth = "permit2Authorization" in exact.payload ? exact.payload.permit2Authorization : exact.payload.authorization;
-    const nonce = auth.nonce;
+    let nonce;
+    let evmAuth = null;
+    if ("transaction" in exact.payload) {
+      try {
+        nonce = Buffer.from(exact.payload.transaction, "base64").toString("base64");
+      } catch {
+        nonce = exact.payload.transaction;
+      }
+    } else if ("permit2Authorization" in exact.payload) {
+      evmAuth = exact.payload.permit2Authorization;
+      nonce = evmAuth.nonce;
+    } else {
+      evmAuth = exact.payload.authorization;
+      nonce = evmAuth.nonce;
+    }
     if (await claimTx(nonce)) {
-      return rejection("tx_already_used", `Authorization nonce ${nonce} was already redeemed.`);
+      return rejection("tx_already_used", `Authorization ${evmAuth ? `nonce ${nonce}` : "transaction"} was already redeemed.`);
     }
     const accept = buildExactAccept(spec);
     const mode = spec.exact.mode;
@@ -4439,12 +4511,14 @@ function createPaymentGate(options) {
             amount: accept.amount,
             payTo: accept.payTo,
             maxTimeoutSeconds: accept.maxTimeoutSeconds,
-            // name/version are OPTIONAL on the wire type (a foreign rail may omit them), but the
-            // gate's OWN exact rail always read them on-chain at resolution — so they're present here.
-            extra: { name: accept.extra.name ?? "", version: accept.extra.version ?? "" }
+            // The scheme's chain-specific `extra`, from the gate's OWN trusted rail: SVM forwards the
+            // facilitator's `feePayer` (the gas sponsor); EVM forwards the token's EIP-712 domain.
+            extra: accept.extra.assetTransferMethod === "svm" ? { feePayer: accept.extra.feePayer ?? "" } : { name: accept.extra.name ?? "", version: accept.extra.version ?? "" }
           },
           receipt: { network: accept.network, asset: accept.asset, payTo: accept.payTo, amount: accept.amount },
-          payerHint: auth.from
+          // The buyer address, for the receipt's `payer` fallback. EVM carries it in the
+          // authorization; SVM doesn't (the facilitator returns the settled payer) → omit it.
+          ...evmAuth ? { payerHint: evmAuth.from } : {}
         });
       }
     } catch (err) {