@piprail/sdk 1.22.1 → 1.23.0

package/dist/index.js

@@ -511,7 +511,6 @@ import {
 var EXACT_NETWORK_SLUGS = {
   ethereum: 1,
   base: 8453,
-  "base-sepolia": 84532,
   arbitrum: 42161,
   optimism: 10,
   polygon: 137,
@@ -983,8 +982,6 @@ var PERMIT2_PROXY_CHAIN_IDS = /* @__PURE__ */ new Set([
   // Ethereum
   8453,
   // Base
-  84532,
-  // Base Sepolia
   42161,
   // Arbitrum
   10,
@@ -3604,6 +3601,48 @@ async function readInvalidReason(response) {
   return null;
 }
 
+// src/selfdescribe.ts
+var BRAND = {
+  name: "PipRail",
+  home: "https://piprail.com",
+  docs: "https://docs.piprail.com",
+  payDocs: "https://docs.piprail.com/paying",
+  sdkInstall: "npm i @piprail/sdk",
+  sdkSnippet: "import { PipRailClient } from '@piprail/sdk'\nconst client = new PipRailClient({ chain: '<your-chain>', wallet })\nawait client.fetch('<this-url>')",
+  mcpRun: "npx -y @piprail/mcp"
+};
+var WHAT = 'This is an x402 "402 Payment Required" endpoint. Pay one of the offered rails to access it.';
+function howFor(scheme) {
+  return scheme === "exact" ? "Standard x402 exact rail \u2014 sign an EIP-3009 / Permit2 / SVM authorization; any stock x402 client (e.g. @x402/fetch) can pay this." : "Pay this amount on-chain to payTo, then resubmit with a payment-signature header carrying the proof ref + nonce. Easiest with @piprail/sdk (see sdk.install).";
+}
+function railOf(a) {
+  const extra = a.extra ?? {};
+  return {
+    scheme: a.scheme,
+    network: a.network,
+    asset: a.asset,
+    payTo: a.payTo,
+    amount: a.amount,
+    ...extra.amountFormatted ? { amountFormatted: extra.amountFormatted } : {},
+    ...extra.symbol ? { symbol: extra.symbol } : {},
+    how: howFor(a.scheme)
+  };
+}
+function buildSelfDescription(input) {
+  return {
+    name: "PipRail",
+    protocol: "x402",
+    version: "2",
+    what: WHAT,
+    pay: input.accepts.map(railOf),
+    sdk: { install: BRAND.sdkInstall, snippet: BRAND.sdkSnippet },
+    mcp: { run: BRAND.mcpRun, tool: "piprail_pay_request" },
+    docs: { home: BRAND.home, agents: BRAND.docs, pay: BRAND.payDocs },
+    discovery: { openapi: "/openapi.json", wellKnown: "/.well-known/x402" },
+    ...input.instruction ? { instruction: input.instruction } : {}
+  };
+}
+
 // src/render.ts
 function summarizePlan(plan) {
   if (plan == null) return "No payment required \u2014 the URL is not payment-gated.";
@@ -3644,6 +3683,18 @@ function formatSpendReport(summary) {
     (a) => `${a.totalFormatted} ${a.symbol ?? a.asset} on ${a.network} (${a.count} payment${a.count === 1 ? "" : "s"})`
   ).join("; ");
 }
+function describeChallenge(challenge) {
+  const first = challenge.accepts[0];
+  if (!first) {
+    return `${BRAND.name} x402 payment endpoint. Pay with @piprail/sdk (${BRAND.sdkInstall}). Docs: ${BRAND.home}.`;
+  }
+  const extra = first.extra ?? {};
+  const amount = extra.amountFormatted ?? first.amount;
+  const token = extra.symbol ?? first.asset;
+  const hasExact = challenge.accepts.some((a) => a.scheme === "exact");
+  const standard = hasExact ? "; or any standard x402 client (an exact rail is offered)" : "";
+  return `${BRAND.name} x402 payment endpoint \u2014 pay ${amount} ${token} on ${first.network} to ${first.payTo}. Programmatic: ${BRAND.sdkInstall} then client.fetch(url)${standard}. Docs: ${BRAND.home}.`;
+}
 
 // src/agentGuide.ts
 var PIPRAIL_AGENT_GUIDE = `# Paying with PipRail \u2014 the agent contract
@@ -3651,6 +3702,13 @@ var PIPRAIL_AGENT_GUIDE = `# Paying with PipRail \u2014 the agent contract
 You can pay for x402 "402 Payment Required" resources autonomously. Money moves
 straight from your wallet to the server; PipRail custodies nothing. Follow this.
 
+## Landing cold \u2014 read the self-description
+Every PipRail 402 self-describes. Read challenge.extensions.piprail for { name, what, pay[]
+(each rail's how-to-pay), sdk.install, mcp, docs } \u2014 never guess what an endpoint is. If your
+tooling can't pay a rail (e.g. a stock x402 client can't pay the onchain-proof scheme), the
+block says how: install @piprail/sdk (npm i @piprail/sdk) or run the MCP (npx -y @piprail/mcp)
+and pay with the tools below.
+
 ## The loop: quote \u2192 plan \u2192 pay
 1. piprail_quote_payment(url) \u2014 PRICE it. Returns the amount, token, chain, and
    whether it is within your spend policy. No funds move. Use it to decide if a
@@ -4011,6 +4069,13 @@ function classifyChallenge(challenge, opts) {
 
 // src/discovery.ts
 var GENERATOR = "@piprail/sdk \xB7 https://piprail.com";
+var POWERED_BY = "PipRail x402 | https://piprail.com";
+function discoveryHeaders(opts = {}) {
+  return {
+    link: '</openapi.json>; rel="service-desc", </.well-known/x402>; rel="x402-discovery"',
+    ...opts.attribution === false ? {} : { "x-powered-by": POWERED_BY }
+  };
+}
 function buildBazaarExtension(descriptor = {}) {
   const method = (descriptor.method ?? "GET").toUpperCase();
   const queryParams = descriptor.queryParams ?? {};
@@ -4090,6 +4155,57 @@ function buildX402DnsTxt(input) {
   };
 }
 
+// src/landing.ts
+function esc(s) {
+  return String(s ?? "").replace(
+    /[&<>"']/g,
+    (c) => c === "&" ? "&amp;" : c === "<" ? "&lt;" : c === ">" ? "&gt;" : c === '"' ? "&quot;" : "&#39;"
+  );
+}
+var STYLE = `:root{color-scheme:dark}
+*{box-sizing:border-box}
+body{margin:0;background:#0a0e0f;color:#e6edf0;font:16px/1.6 ui-sans-serif,system-ui,-apple-system,Inter,sans-serif}
+main{max-width:680px;margin:0 auto;padding:48px 24px}
+h1{font-size:1.6rem;margin:0 0 .25rem}
+.lede{color:#9fb0b5;margin:.25rem 0 2rem}
+h2{font-size:1rem;text-transform:uppercase;letter-spacing:.05em;color:#34d399;margin:2rem 0 .75rem}
+table{width:100%;border-collapse:collapse;font-size:.92rem}
+th,td{text-align:left;padding:.5rem .6rem;border-bottom:1px solid #1c2426;vertical-align:top}
+th{color:#9fb0b5;font-weight:600}
+code,pre{font-family:ui-monospace,JetBrains Mono,monospace;font-size:.85rem}
+pre{background:#11181a;border:1px solid #1c2426;border-radius:8px;padding:14px;overflow-x:auto;color:#cfe9df}
+a{color:#34d399}
+.mono{font-family:ui-monospace,monospace;word-break:break-all}
+.warn{margin:0 0 2rem;padding:14px 16px;border:1px solid #5a4a1f;background:#17130a;border-radius:8px;color:#e8d9a8;font-size:.92rem;line-height:1.55}
+.warn strong{color:#f5d77a}
+.muted{color:#5b6b6f;font-weight:400;text-transform:none;letter-spacing:0;font-size:.8rem}
+footer{margin-top:2.5rem;color:#5b6b6f;font-size:.8rem}`;
+function renderLandingPage(sd) {
+  const lede = esc(sd.instruction ?? sd.what);
+  const rows = sd.pay.map(
+    (r) => `<tr><td><code>${esc(r.scheme)}</code></td><td>${esc(r.network)}</td><td>${esc(r.amountFormatted ?? r.amount)} ${esc(r.symbol ?? r.asset)}</td><td class="mono">${esc(r.payTo)}</td></tr>`
+  ).join("");
+  return `<!doctype html>
+<html lang="en"><head><meta charset="utf-8">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+<title>${esc(sd.name)} \xB7 x402 payment required</title>
+<style>${STYLE}</style>
+</head><body><main>
+<h1>402 \u2014 Payment Required</h1>
+<p class="lede">${lede}</p>
+<div class="warn"><strong>Pay with an x402 client \u2014 not by hand.</strong> This endpoint is paid programmatically: an x402 client (the ${esc(sd.name)} SDK or MCP below, or any x402-compatible wallet) makes the payment <em>and proves it</em>, which is what unlocks the resource. Sending funds straight to the address below from an ordinary wallet will reach the merchant but <strong>will NOT unlock this resource and won't be matched to your request</strong> \u2014 there is no custody and no manual-payment desk. Use one of the methods below.</div>
+<h2>How to pay</h2>
+<pre>${esc(sd.sdk.install)}</pre>
+<pre>${esc(sd.sdk.snippet)}</pre>
+<p>For AI agents (MCP): <code>${esc(sd.mcp.run)}</code> &rarr; tool <code>${esc(sd.mcp.tool)}</code></p>
+<h2>Payment details <span class="muted">\u2014 what the client pays, NOT a manual-send address</span></h2>
+<table><thead><tr><th>Scheme</th><th>Chain</th><th>Amount</th><th>Settles to</th></tr></thead>
+<tbody>${rows}</tbody></table>
+<p>Docs: <a href="${esc(sd.docs.pay)}">paying</a> &middot; <a href="${esc(sd.docs.home)}">${esc(sd.docs.home)}</a> &middot; <a href="${esc(sd.discovery.openapi)}">${esc(sd.discovery.openapi)}</a></p>
+<footer>Powered by ${esc(sd.name)} &middot; x402 &middot; no backend, no fee, settled straight to the merchant's wallet (no custody).</footer>
+</main></body></html>`;
+}
+
 // src/facilitator.ts
 async function fetchFacilitatorFeePayer(url, network, timeoutMs = 8e3) {
   const base2 = url.replace(/\/+$/, "");
@@ -4100,7 +4216,8 @@ async function fetchFacilitatorFeePayer(url, network, timeoutMs = 8e3) {
     if (!res.ok) return void 0;
     const body = await res.json();
     const kinds = Array.isArray(body?.kinds) ? body.kinds : [];
-    const kind = kinds.find((k) => k?.scheme === "exact" && k?.network === network);
+    const want = normalizeNetwork(network);
+    const kind = kinds.find((k) => k?.scheme === "exact" && normalizeNetwork(String(k?.network ?? "")) === want);
     const fp = kind?.extra?.feePayer;
     return typeof fp === "string" ? fp : void 0;
   } catch {
@@ -4109,6 +4226,33 @@ async function fetchFacilitatorFeePayer(url, network, timeoutMs = 8e3) {
     clearTimeout(timer);
   }
 }
+function parseFacilitatorSupported(body) {
+  const kinds = body?.kinds;
+  if (!Array.isArray(kinds)) return [];
+  const out = [];
+  for (const k of kinds) {
+    if (!k || typeof k !== "object") continue;
+    const o = k;
+    if (typeof o.scheme !== "string" || typeof o.network !== "string") continue;
+    const fp = o.extra?.feePayer;
+    out.push({ scheme: o.scheme, network: o.network, ...typeof fp === "string" ? { feePayer: fp } : {} });
+  }
+  return out;
+}
+async function facilitatorCoverage(url, timeoutMs = 8e3) {
+  const base2 = url.replace(/\/+$/, "");
+  const ctrl = new AbortController();
+  const timer = setTimeout(() => ctrl.abort(), timeoutMs);
+  try {
+    const res = await fetch(`${base2}/supported`, { signal: ctrl.signal });
+    if (!res.ok) return [];
+    return parseFacilitatorSupported(await res.json());
+  } catch {
+    return [];
+  } finally {
+    clearTimeout(timer);
+  }
+}
 function safeStringify(value) {
   return JSON.stringify(value, (_k, v) => typeof v === "bigint" ? v.toString() : v);
 }
@@ -4386,22 +4530,47 @@ function createPaymentGate(options) {
     const specs = await ready();
     const nonce = genNonce();
     const bazaar = options.discovery ? { bazaar: buildBazaarExtension(options.discovery === true ? {} : options.discovery) } : void 0;
-    const extensions = { ...bazaar, ...opts?.extensions };
+    const accepts = buildAccepts(specs, nonce);
+    const selfDescribe = options.selfDescribe === false ? void 0 : buildSelfDescription({
+      accepts,
+      instruction: describeChallenge({ x402Version: 2, resource: { url: resourceUrl }, accepts })
+    });
+    const rejectionExt = opts?.extensions ?? {};
+    const rejectionPiprail = rejectionExt.piprail ?? {};
+    const bodyPiprail = { ...selfDescribe ?? {}, ...rejectionPiprail };
+    const bodyExtensions = {
+      ...bazaar,
+      ...rejectionExt,
+      ...Object.keys(bodyPiprail).length > 0 ? { piprail: bodyPiprail } : {}
+    };
+    const headerExtensions = {
+      ...bazaar,
+      ...Object.keys(rejectionPiprail).length > 0 ? { piprail: rejectionPiprail } : {}
+    };
     const challenge2 = {
       x402Version: 2,
       resource: {
         url: resourceUrl,
         ...options.description ? { description: options.description } : {}
       },
-      accepts: buildAccepts(specs, nonce),
+      accepts,
       ...opts?.error ? { error: opts.error } : {},
-      ...Object.keys(extensions).length > 0 ? { extensions } : {}
+      ...Object.keys(bodyExtensions).length > 0 ? { extensions: bodyExtensions } : {}
+    };
+    const headerChallenge = {
+      ...challenge2,
+      ...Object.keys(headerExtensions).length > 0 ? { extensions: headerExtensions } : { extensions: void 0 }
     };
-    return { challenge: challenge2, requiredHeader: buildChallengeHeader(challenge2) };
+    return { challenge: challenge2, requiredHeader: buildChallengeHeader(headerChallenge) };
   }
   async function challenge(resourceUrl = "") {
     return makeChallenge(resourceUrl);
   }
+  function landingPage(ch) {
+    return renderLandingPage(
+      buildSelfDescription({ accepts: ch.accepts, instruction: describeChallenge(ch) })
+    );
+  }
   async function asChallenge() {
     const { challenge: c, requiredHeader } = await makeChallenge("");
     return { kind: "challenge", challenge: c, requiredHeader, statusCode: 402 };
@@ -4597,7 +4766,7 @@ function createPaymentGate(options) {
     if (exact) return verifyExact(exact);
     return asChallenge();
   }
-  return { challenge, verify, describe };
+  return { challenge, verify, describe, landingPage };
 }
 function requirePayment(options) {
   const gate = createPaymentGate(options);
@@ -4637,6 +4806,39 @@ function normaliseHeader(value) {
   return value;
 }
 
+// src/facilitators.ts
+var KNOWN_FACILITATORS = {
+  // PayAI — keyless (no API key), sponsors the gas. Verified 2026-06-14 against
+  // https://facilitator.payai.network/supported (exact · eip155:8453) + the live demo.
+  "eip155:8453": [
+    {
+      url: "https://facilitator.payai.network",
+      keyless: true,
+      schemes: ["exact"],
+      settles: ["eip3009"],
+      note: "PayAI \u2014 keyless, sponsors gas (Base USDC EIP-3009)"
+    }
+  ],
+  // PayAI on Solana — keyless fee-payer sponsor for the SVM exact rail. Verified 2026-06-14.
+  "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp": [
+    {
+      url: "https://facilitator.payai.network",
+      keyless: true,
+      schemes: ["exact"],
+      settles: ["svm"],
+      note: "PayAI \u2014 keyless fee-payer sponsor (Solana SPL SVM)"
+    }
+  ]
+};
+function knownFacilitatorsFor(network) {
+  return KNOWN_FACILITATORS[network] ?? [];
+}
+function firstKeylessFacilitator(network, method) {
+  return knownFacilitatorsFor(network).find(
+    (f) => f.keyless && f.schemes.includes("exact") && (method === void 0 || f.settles.includes(method))
+  );
+}
+
 // src/receipts.ts
 var DEFAULT_RETRIES = 5;
 var DEFAULT_TIMEOUT_MS = 1e4;
@@ -4741,6 +4943,7 @@ async function deliverReceipt(receipt, options) {
   };
 }
 export {
+  BRAND,
   CHAINS,
   ConfirmationTimeoutError,
   DIRECTORY_INFO,
@@ -4754,6 +4957,7 @@ export {
   HEADER_SIGNATURE_V1,
   InsufficientFundsError,
   InvalidEnvelopeError,
+  KNOWN_FACILITATORS,
   MaxRetriesExceededError,
   MissingDriverError,
   NoCompatibleAcceptError,
@@ -4762,6 +4966,7 @@ export {
   PERMIT2_PROXY_CHAIN_IDS,
   PERMIT2_WITNESS_TYPES,
   PIPRAIL_AGENT_GUIDE,
+  POWERED_BY,
   PaymentDeclinedError,
   PaymentTimeoutError,
   PipRailClient,
@@ -4784,6 +4989,7 @@ export {
   buildExactSignatureHeader,
   buildOpenApi,
   buildReceiptHeader,
+  buildSelfDescription,
   buildSignatureHeader,
   buildWellKnownX402,
   buildX402DnsTxt,
@@ -4793,17 +4999,23 @@ export {
   createPaymentGate,
   decorateOutcome,
   deliverReceipt,
+  describeChallenge,
+  discoveryHeaders,
   eip3009Abi,
   encodeXPaymentHeader,
   evaluatePolicy,
   explainDecline,
+  facilitatorCoverage,
+  firstKeylessFacilitator,
   formatSpendReport,
   getDirectoryInfo,
   isPermit2ProxyChain,
+  knownFacilitatorsFor,
   normalizeNetwork,
   parseChallenge,
   parseExactPaymentHeader,
   parseExactRequirements,
+  parseFacilitatorSupported,
   parseReceipt,
   parseSettleResponse,
   parseSignatureHeader,
@@ -4814,6 +5026,7 @@ export {
   register402Index,
   registerDriver,
   registerX402Scan,
+  renderLandingPage,
   requirePayment,
   resolveChain,
   searchOpenIndexes,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@piprail/sdk",
-  "version": "1.22.1",
+  "version": "1.23.0",
   "description": "Accept x402 crypto payments across 29 chains — every major EVM chain plus Solana, TON, Tron, NEAR, Sui, Aptos, Algorand, Stellar & XRPL — in a couple of lines. No backend, no database, no fee; payments settle straight to your wallet.",
   "type": "module",
   "main": "./dist/index.cjs",