@piprail/sdk 1.8.0 → 1.10.0

package/dist/index.cjs

@@ -20,7 +20,8 @@
 
 
 
-var _chunkIQGT65WScjs = require('./chunk-IQGT65WS.cjs');
+
+var _chunkMDLZJGLYcjs = require('./chunk-MDLZJGLY.cjs');
 
 // src/drivers/registry.ts
 var byFamily = /* @__PURE__ */ new Map();
@@ -49,13 +50,13 @@ function resolveNetwork(opts) {
   const family = familyForChain(opts.chain);
   const driver = byFamily.get(family);
   if (!driver) {
-    throw new (0, _chunkIQGT65WScjs.UnsupportedNetworkError)(
+    throw new (0, _chunkMDLZJGLYcjs.UnsupportedNetworkError)(
       `No driver registered for the "${family}" family \u2014 it may not be mounted yet (use the async resolveNetwork()).`
     );
   }
   const net = driver.resolve(opts);
   if (!net) {
-    throw new (0, _chunkIQGT65WScjs.UnsupportedNetworkError)(
+    throw new (0, _chunkMDLZJGLYcjs.UnsupportedNetworkError)(
       `The ${family} driver didn't recognise this chain input.`
     );
   }
@@ -85,6 +86,7 @@ var _viem = require('viem');
 
 
 
+
 
 
 var _chains = require('viem/chains');
@@ -236,6 +238,17 @@ var CHAINS = {
     tokens: {
       USDC: { address: "0x754704Bc059F8C67012fEd69BC8A327a5aafb603", decimals: 6, symbol: "USDC" }
     }
+  },
+  // Kaia (ex-Klaytn, chainId 8217) — Tether-native USD₮ verified on-chain 2026-06-08
+  // (0xd077…4fDb: symbol "USD₮", name "Tether USD", 6 dp, no bridge markers). Circle issues
+  // NO native USDC on Kaia (absent from Circle's list), so USDC is intentionally omitted —
+  // pay native KAIA or USD₮ (or pass a custom { address, decimals }). Asia's stablecoin-
+  // settlement chain, born from Kakao + LINE.
+  kaia: {
+    chain: _chains.kaia,
+    tokens: {
+      USDT: { address: "0xd077A400968890Eacc75cdc901F0356c943e4fDb", decimals: 6, symbol: "USDT" }
+    }
   }
 };
 function isViemChain(input) {
@@ -299,12 +312,12 @@ function createWalletAdapter(config, resolved) {
   }
   const wc = config.walletClient;
   if (!wc.account) {
-    throw new (0, _chunkIQGT65WScjs.WrongFamilyError)(
+    throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
       "chain is EVM; the provided walletClient has no attached account. Use `createWalletClient({ account, chain, transport })`, or pass { privateKey }."
     );
   }
   if (wc.chain && wc.chain.id !== resolved.chainId) {
-    throw new (0, _chunkIQGT65WScjs.WrongChainError)(
+    throw new (0, _chunkMDLZJGLYcjs.WrongChainError)(
       `PipRailClient: walletClient is on chain ${wc.chain.id} but the SDK was configured with chain ${resolved.chainId}. They must match.`
     );
   }
@@ -471,24 +484,371 @@ function sumTransfersTo(logs, asset, payTo) {
   return { total, from };
 }
 
+// src/drivers/evm/exact.ts
+
+
+
+
+
+var EXACT_NETWORK_SLUGS = {
+  ethereum: 1,
+  base: 8453,
+  "base-sepolia": 84532,
+  arbitrum: 42161,
+  optimism: 10,
+  polygon: 137,
+  avalanche: 43114
+};
+function chainIdForExactNetwork(slug) {
+  return _nullishCoalesce(EXACT_NETWORK_SLUGS[slug], () => ( null));
+}
+var EIP3009_TYPES = {
+  TransferWithAuthorization: [
+    { name: "from", type: "address" },
+    { name: "to", type: "address" },
+    { name: "value", type: "uint256" },
+    { name: "validAfter", type: "uint256" },
+    { name: "validBefore", type: "uint256" },
+    { name: "nonce", type: "bytes32" }
+  ]
+};
+function parseExactRequirements(body) {
+  if (!body || typeof body !== "object") return null;
+  const accepts = body.accepts;
+  if (!Array.isArray(accepts)) return null;
+  const out = [];
+  for (const raw of accepts) {
+    if (!raw || typeof raw !== "object") continue;
+    const a = raw;
+    if (a.scheme !== "exact") continue;
+    const amount = _nullishCoalesce(a.maxAmountRequired, () => ( a.amount));
+    if (typeof a.network !== "string" || typeof amount !== "string" || typeof a.asset !== "string" || typeof a.payTo !== "string") {
+      continue;
+    }
+    out.push({
+      scheme: "exact",
+      network: a.network,
+      maxAmountRequired: amount,
+      asset: a.asset,
+      payTo: a.payTo,
+      maxTimeoutSeconds: typeof a.maxTimeoutSeconds === "number" ? a.maxTimeoutSeconds : 600,
+      ...a.extra && typeof a.extra === "object" ? { extra: a.extra } : {},
+      ...typeof a.description === "string" ? { description: a.description } : {},
+      ...typeof a.resource === "string" ? { resource: a.resource } : {}
+    });
+  }
+  return out;
+}
+async function buildExactAuthorization(params) {
+  const { account, accept, chainId, now, nonce } = params;
+  if (!account.signTypedData) {
+    throw new Error("buildExactAuthorization: the account cannot sign EIP-712 typed data.");
+  }
+  const authorization = {
+    from: account.address,
+    to: accept.payTo,
+    value: accept.maxAmountRequired,
+    validAfter: "0",
+    validBefore: String(now + accept.maxTimeoutSeconds),
+    nonce
+  };
+  const signature = await account.signTypedData({
+    domain: {
+      name: _nullishCoalesce(_optionalChain([accept, 'access', _ => _.extra, 'optionalAccess', _2 => _2.name]), () => ( "USD Coin")),
+      version: _nullishCoalesce(_optionalChain([accept, 'access', _3 => _3.extra, 'optionalAccess', _4 => _4.version]), () => ( "2")),
+      chainId,
+      verifyingContract: accept.asset
+    },
+    types: EIP3009_TYPES,
+    primaryType: "TransferWithAuthorization",
+    message: {
+      from: authorization.from,
+      to: authorization.to,
+      value: BigInt(authorization.value),
+      validAfter: BigInt(authorization.validAfter),
+      validBefore: BigInt(authorization.validBefore),
+      nonce: authorization.nonce
+    }
+  });
+  return { authorization, signature };
+}
+function base64(str) {
+  if (typeof Buffer !== "undefined") return Buffer.from(str, "utf8").toString("base64");
+  if (typeof btoa === "function" && typeof TextEncoder !== "undefined") {
+    const bytes = new TextEncoder().encode(str);
+    let binary = "";
+    for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
+    return btoa(binary);
+  }
+  throw new Error("No base64 encoder available in this runtime.");
+}
+function encodeXPaymentHeader(input) {
+  const payload = {
+    x402Version: _nullishCoalesce(input.x402Version, () => ( 1)),
+    scheme: "exact",
+    network: input.network,
+    payload: { signature: input.signature, authorization: input.authorization }
+  };
+  return base64(JSON.stringify(payload));
+}
+var eip3009Abi = [
+  {
+    type: "function",
+    name: "transferWithAuthorization",
+    stateMutability: "nonpayable",
+    outputs: [],
+    inputs: [
+      { name: "from", type: "address" },
+      { name: "to", type: "address" },
+      { name: "value", type: "uint256" },
+      { name: "validAfter", type: "uint256" },
+      { name: "validBefore", type: "uint256" },
+      { name: "nonce", type: "bytes32" },
+      { name: "v", type: "uint8" },
+      { name: "r", type: "bytes32" },
+      { name: "s", type: "bytes32" }
+    ]
+  },
+  {
+    type: "function",
+    name: "transferWithAuthorization",
+    stateMutability: "nonpayable",
+    outputs: [],
+    inputs: [
+      { name: "from", type: "address" },
+      { name: "to", type: "address" },
+      { name: "value", type: "uint256" },
+      { name: "validAfter", type: "uint256" },
+      { name: "validBefore", type: "uint256" },
+      { name: "nonce", type: "bytes32" },
+      { name: "signature", type: "bytes" }
+    ]
+  },
+  {
+    type: "function",
+    name: "authorizationState",
+    stateMutability: "view",
+    inputs: [
+      { name: "authorizer", type: "address" },
+      { name: "nonce", type: "bytes32" }
+    ],
+    outputs: [{ type: "bool" }]
+  },
+  { type: "function", name: "name", stateMutability: "view", inputs: [], outputs: [{ type: "string" }] },
+  { type: "function", name: "version", stateMutability: "view", inputs: [], outputs: [{ type: "string" }] }
+];
+var ZERO_ADDR = "0x0000000000000000000000000000000000000000";
+var ZERO_NONCE = `0x${"00".repeat(32)}`;
+async function readExactDomain(publicClient, asset) {
+  if (asset === "native") return null;
+  let token;
+  try {
+    token = _viem.getAddress.call(void 0, asset);
+  } catch (e6) {
+    return null;
+  }
+  try {
+    const [name, version] = await Promise.all([
+      publicClient.readContract({ address: token, abi: eip3009Abi, functionName: "name" }),
+      publicClient.readContract({ address: token, abi: eip3009Abi, functionName: "version" }),
+      // The EIP-3009 probe: this view exists only on EIP-3009 tokens; it reverts on
+      // a plain ERC-20 / USDT, marking the token as not exact-payable.
+      publicClient.readContract({
+        address: token,
+        abi: eip3009Abi,
+        functionName: "authorizationState",
+        args: [ZERO_ADDR, ZERO_NONCE]
+      })
+    ]);
+    if (typeof name !== "string" || typeof version !== "string" || !name || !version) return null;
+    return { name, version };
+  } catch (e7) {
+    return null;
+  }
+}
+function shorten(msg) {
+  const oneLine = msg.replace(/\s+/g, " ").trim();
+  return oneLine.length > 200 ? `${oneLine.slice(0, 200)}\u2026` : oneLine;
+}
+async function verifyAndSettleExactEvm(input) {
+  const { publicClient, walletClient, account, chain, payload, accept } = input;
+  const token = _viem.getAddress.call(void 0, accept.asset);
+  const payTo = _viem.getAddress.call(void 0, accept.payTo);
+  const requiredAmount = BigInt(accept.amount);
+  let from;
+  let to;
+  let value;
+  let validAfter;
+  let validBefore;
+  let nonce;
+  try {
+    from = _viem.getAddress.call(void 0, payload.authorization.from);
+    to = _viem.getAddress.call(void 0, payload.authorization.to);
+    value = BigInt(payload.authorization.value);
+    validAfter = BigInt(payload.authorization.validAfter);
+    validBefore = BigInt(payload.authorization.validBefore);
+    nonce = payload.authorization.nonce;
+    if (!/^0x[0-9a-fA-F]{64}$/.test(nonce)) throw new Error("nonce must be 32-byte hex");
+    if (!/^0x[0-9a-fA-F]+$/.test(payload.signature)) throw new Error("signature must be hex");
+  } catch (err) {
+    return {
+      ok: false,
+      error: "signature_invalid",
+      detail: `Malformed exact authorization: ${err instanceof Error ? err.message : String(err)}.`
+    };
+  }
+  if (to !== payTo) {
+    return { ok: false, error: "wrong_recipient", detail: `Authorization pays ${to}, not ${payTo}.` };
+  }
+  if (value < requiredAmount) {
+    return { ok: false, error: "amount_too_low", detail: `Authorized ${value}, required ${requiredAmount}.` };
+  }
+  const now = BigInt(Math.floor(Date.now() / 1e3));
+  if (validBefore <= now) {
+    return { ok: false, error: "payment_expired", detail: `Authorization expired: validBefore ${validBefore} <= now ${now}.` };
+  }
+  let fromCode;
+  try {
+    fromCode = await publicClient.getCode({ address: from });
+  } catch (e8) {
+    return { ok: false, error: "tx_not_found", detail: `Could not read code at ${from} (transient RPC) \u2014 retry.` };
+  }
+  const isContractWallet = Boolean(fromCode && fromCode !== "0x");
+  if (!isContractWallet) {
+    let recovered;
+    try {
+      recovered = await _viem.recoverTypedDataAddress.call(void 0, {
+        domain: {
+          name: accept.extra.name,
+          version: accept.extra.version,
+          chainId: chain.id,
+          verifyingContract: token
+        },
+        types: EIP3009_TYPES,
+        primaryType: "TransferWithAuthorization",
+        message: { from, to, value, validAfter, validBefore, nonce },
+        signature: payload.signature
+      });
+    } catch (err) {
+      return { ok: false, error: "signature_invalid", detail: `Not a valid EIP-712 signature: ${shorten(err instanceof Error ? err.message : String(err))}.` };
+    }
+    if (recovered !== from) {
+      return { ok: false, error: "signature_invalid", detail: `Signature recovered to ${recovered}, not the authorizer ${from}.` };
+    }
+  }
+  try {
+    const used = await publicClient.readContract({
+      address: token,
+      abi: eip3009Abi,
+      functionName: "authorizationState",
+      args: [from, nonce]
+    });
+    if (used) {
+      return { ok: false, error: "tx_already_used", detail: `Authorization nonce ${nonce} already used or canceled on-chain.` };
+    }
+  } catch (e9) {
+    return { ok: false, error: "tx_not_found", detail: "Could not read authorizationState (transient RPC) \u2014 retry." };
+  }
+  const baseArgs = [from, to, value, validAfter, validBefore, nonce];
+  const isEcdsa = !isContractWallet && payload.signature.length - 2 === 130;
+  let writeArgs;
+  if (isEcdsa) {
+    const { r, s, yParity } = _viem.parseSignature.call(void 0, payload.signature);
+    writeArgs = [...baseArgs, BigInt(yParity + 27), r, s];
+  } else {
+    writeArgs = [...baseArgs, payload.signature];
+  }
+  try {
+    await publicClient.simulateContract({
+      account,
+      address: token,
+      abi: eip3009Abi,
+      functionName: "transferWithAuthorization",
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      args: writeArgs
+    });
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (/used or canceled/i.test(msg)) return { ok: false, error: "tx_already_used", detail: "Authorization is used or canceled." };
+    if (/expired|not yet valid/i.test(msg)) return { ok: false, error: "payment_expired", detail: shorten(msg) };
+    if (/invalid signature/i.test(msg)) return { ok: false, error: "signature_invalid", detail: shorten(msg) };
+    return { ok: false, error: "tx_reverted", detail: `transferWithAuthorization would revert: ${shorten(msg)}` };
+  }
+  let txHash;
+  try {
+    txHash = await walletClient.writeContract({
+      account,
+      chain,
+      address: token,
+      abi: eip3009Abi,
+      functionName: "transferWithAuthorization",
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      args: writeArgs
+    });
+  } catch (err) {
+    throw new (0, _chunkMDLZJGLYcjs.SettlementError)(
+      `exact settle: the merchant relayer failed to broadcast transferWithAuthorization (${shorten(err instanceof Error ? err.message : String(err))}). The payer's authorization is still valid and unused \u2014 fund/fix the relayer and the payer can retry.`,
+      { cause: err }
+    );
+  }
+  try {
+    const confirmations = _nullishCoalesce(accept.extra.minConfirmations, () => ( 1));
+    const receipt = await publicClient.waitForTransactionReceipt({ hash: txHash, confirmations });
+    if (receipt.status !== "success") {
+      return { ok: false, error: "tx_reverted", detail: `Settlement tx ${txHash} reverted on-chain.` };
+    }
+  } catch (err) {
+    throw new (0, _chunkMDLZJGLYcjs.SettlementError)(
+      `exact settle: broadcast ${txHash} but couldn't confirm it (${shorten(err instanceof Error ? err.message : String(err))}).`,
+      { cause: err }
+    );
+  }
+  return {
+    ok: true,
+    receipt: {
+      scheme: "exact",
+      success: true,
+      network: accept.network,
+      transaction: txHash,
+      asset: accept.asset,
+      amount: accept.amount,
+      payer: from,
+      payTo: accept.payTo,
+      verifiedAt: (/* @__PURE__ */ new Date()).toISOString()
+    }
+  };
+}
+
 // src/x402.ts
 var HEADER_REQUIRED = "payment-required";
 var HEADER_SIGNATURE = "payment-signature";
 var HEADER_RESPONSE = "payment-response";
-function decodeBase64(b64) {
-  if (typeof atob === "function") return atob(b64);
-  if (typeof Buffer !== "undefined") return Buffer.from(b64, "base64").toString("utf8");
-  throw new Error("No base64 decoder available in this runtime.");
-}
+var HEADER_SIGNATURE_V1 = "x-payment";
+var HEADER_RESPONSE_V1 = "x-payment-response";
 function encodeBase64(str) {
-  if (typeof btoa === "function") return btoa(str);
   if (typeof Buffer !== "undefined") return Buffer.from(str, "utf8").toString("base64");
+  if (typeof btoa === "function" && typeof TextEncoder !== "undefined") {
+    const bytes = new TextEncoder().encode(str);
+    let binary = "";
+    for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
+    return btoa(binary);
+  }
   throw new Error("No base64 encoder available in this runtime.");
 }
+function decodeBase64(b64) {
+  if (typeof Buffer !== "undefined") return Buffer.from(b64, "base64").toString("utf8");
+  if (typeof atob === "function" && typeof TextDecoder !== "undefined") {
+    const binary = atob(b64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+    return new TextDecoder().decode(bytes);
+  }
+  throw new Error("No base64 decoder available in this runtime.");
+}
 function fromBase64Json(b64) {
   try {
     return JSON.parse(decodeBase64(b64));
-  } catch (e6) {
+  } catch (e10) {
     return null;
   }
 }
@@ -522,7 +882,7 @@ async function parseChallenge(response) {
   try {
     const body = await response.clone().json();
     if (isValidChallenge(body)) return body;
-  } catch (e7) {
+  } catch (e11) {
   }
   return null;
 }
@@ -537,7 +897,7 @@ function parseSignatureHeader(value) {
   if (!parsed || typeof parsed !== "object") return null;
   const v = parsed;
   const accepted = v.accepted;
-  const scheme = _nullishCoalesce(_optionalChain([accepted, 'optionalAccess', _ => _.scheme]), () => ( v.scheme));
+  const scheme = _nullishCoalesce(_optionalChain([accepted, 'optionalAccess', _5 => _5.scheme]), () => ( v.scheme));
   if (scheme !== "onchain-proof") return null;
   const payload = v.payload;
   if (!payload || typeof payload.txHash !== "string" || typeof payload.nonce !== "string") {
@@ -545,6 +905,36 @@ function parseSignatureHeader(value) {
   }
   return parsed;
 }
+function parseExactPaymentHeader(value) {
+  const parsed = fromBase64Json(value);
+  if (!parsed || typeof parsed !== "object") return null;
+  const v = parsed;
+  const accepted = _nullishCoalesce(v.accepted, () => ( null));
+  const scheme = _nullishCoalesce(_optionalChain([accepted, 'optionalAccess', _6 => _6.scheme]), () => ( v.scheme));
+  if (scheme !== "exact") return null;
+  const network = _nullishCoalesce(_optionalChain([accepted, 'optionalAccess', _7 => _7.network]), () => ( v.network));
+  if (typeof network !== "string") return null;
+  const payload = v.payload;
+  if (!payload || typeof payload !== "object") return null;
+  const signature = payload.signature;
+  const authorization = payload.authorization;
+  if (typeof signature !== "string" || !authorization || typeof authorization !== "object") return null;
+  for (const k of ["from", "to", "value", "validAfter", "validBefore", "nonce"]) {
+    if (typeof authorization[k] !== "string") return null;
+  }
+  const x402Version = typeof v.x402Version === "number" ? v.x402Version : 2;
+  const asset = accepted && typeof accepted.asset === "string" ? accepted.asset : void 0;
+  return {
+    x402Version,
+    network,
+    ...asset ? { asset } : {},
+    payload: {
+      signature,
+      authorization
+    },
+    raw: v
+  };
+}
 function isValidChallenge(value) {
   if (!value || typeof value !== "object") return false;
   const v = value;
@@ -556,7 +946,7 @@ function isValidChallenge(value) {
 function isValidReceipt(value) {
   if (!value || typeof value !== "object") return false;
   const v = value;
-  if (v.scheme !== "onchain-proof") return false;
+  if (v.scheme !== "onchain-proof" && v.scheme !== "exact") return false;
   if (typeof v.transaction !== "string" && typeof v.txHash !== "string") return false;
   if (typeof v.payer !== "string") return false;
   return true;
@@ -579,7 +969,7 @@ var evmDriver = {
     let resolved;
     try {
       resolved = resolveChain(opts.chain, opts.rpcUrl);
-    } catch (e8) {
+    } catch (e12) {
       return null;
     }
     return makeEvmNetwork(resolved);
@@ -607,15 +997,15 @@ function makeEvmNetwork(resolved) {
         const info = resolved.tokens[token.toUpperCase()];
         if (!info) {
           const known = Object.keys(resolved.tokens).join(", ") || "(none built in)";
-          throw new (0, _chunkIQGT65WScjs.UnknownTokenError)(
+          throw new (0, _chunkMDLZJGLYcjs.UnknownTokenError)(
             `token "${token}" isn't built in for ${resolved.chain.name} (known: ${known}). Pass { address, decimals } instead, or use 'native'.`
           );
         }
         return { asset: info.address, decimals: info.decimals, symbol: info.symbol };
       }
-      _chunkIQGT65WScjs.rejectForeignToken.call(void 0, token, "evm", network);
+      _chunkMDLZJGLYcjs.rejectForeignToken.call(void 0, token, "evm", network);
       if (!("address" in token)) {
-        throw new (0, _chunkIQGT65WScjs.WrongFamilyError)(
+        throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
           `chain ${network} is EVM; a custom token must be { address, decimals }.`
         );
       }
@@ -635,7 +1025,7 @@ function makeEvmNetwork(resolved) {
       let normalized;
       try {
         normalized = _viem.getAddress.call(void 0, asset);
-      } catch (e9) {
+      } catch (e13) {
         return null;
       }
       for (const info of Object.values(resolved.tokens)) {
@@ -647,14 +1037,14 @@ function makeEvmNetwork(resolved) {
     },
     assertValidPayTo(payTo) {
       if (!_viem.isAddress.call(void 0, payTo)) {
-        throw new (0, _chunkIQGT65WScjs.WrongFamilyError)(
+        throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
           `chain ${network} is EVM, but payTo "${payTo}" is not a valid 0x address.`
         );
       }
     },
     bindWallet(wallet) {
       if (typeof wallet !== "object" || wallet === null || !("privateKey" in wallet) && !("walletClient" in wallet)) {
-        throw new (0, _chunkIQGT65WScjs.WrongFamilyError)(
+        throw new (0, _chunkMDLZJGLYcjs.WrongFamilyError)(
           `chain ${network} is EVM; wallet must be { privateKey } or { walletClient }.`
         );
       }
@@ -671,12 +1061,12 @@ function makeEvmNetwork(resolved) {
         });
       } catch (err) {
         if (isViemInsufficientFunds(err)) {
-          throw new (0, _chunkIQGT65WScjs.InsufficientFundsError)(
+          throw new (0, _chunkMDLZJGLYcjs.InsufficientFundsError)(
             err instanceof Error ? err.message : "Insufficient funds for payment.",
             { cause: err }
           );
         }
-        throw _nullishCoalesce(_chunkIQGT65WScjs.toInsufficientFundsError.call(void 0, err), () => ( err));
+        throw _nullishCoalesce(_chunkMDLZJGLYcjs.toInsufficientFundsError.call(void 0, err), () => ( err));
       }
     },
     async confirm(ref, minConfirmations) {
@@ -687,7 +1077,7 @@ function makeEvmNetwork(resolved) {
         });
         return { height: receipt.blockNumber.toString() };
       } catch (err) {
-        throw new (0, _chunkIQGT65WScjs.ConfirmationTimeoutError)(
+        throw new (0, _chunkMDLZJGLYcjs.ConfirmationTimeoutError)(
           `EVM tx ${ref} did not reach ${minConfirmations} confirmation(s) in time.`,
           { cause: err }
         );
@@ -698,16 +1088,16 @@ function makeEvmNetwork(resolved) {
       const gasLimit = accept.asset === "native" ? 21000n : 65000n;
       try {
         const gasPrice = await publicClient.getGasPrice();
-        return _chunkIQGT65WScjs.nativeCost.call(void 0, {
+        return _chunkMDLZJGLYcjs.nativeCost.call(void 0, {
           symbol,
           decimals,
           fee: gasPrice * gasLimit,
           basis: "estimated",
           detail: `~${gasLimit} gas @ ${gasPrice} wei/gas`
         });
-      } catch (e10) {
+      } catch (e14) {
         const gasPrice = 5000000000n;
-        return _chunkIQGT65WScjs.nativeCost.call(void 0, {
+        return _chunkMDLZJGLYcjs.nativeCost.call(void 0, {
           symbol,
           decimals,
           fee: gasPrice * gasLimit,
@@ -728,7 +1118,7 @@ function makeEvmNetwork(resolved) {
           functionName: "balanceOf",
           args: [owner]
         });
-      } catch (e11) {
+      } catch (e15) {
         token = null;
       }
       return { token, native };
@@ -755,6 +1145,21 @@ function makeEvmNetwork(resolved) {
         accept,
         minConfirmations: accept.extra.minConfirmations
       });
+    },
+    // Standard x402 `exact` rail (EIP-3009), seller side — EVM only.
+    async exactDomain(asset) {
+      return readExactDomain(publicClient, asset);
+    },
+    async settleExactSelf({ relayer, payload, accept }) {
+      const a = relayer._native;
+      return verifyAndSettleExactEvm({
+        publicClient,
+        walletClient: a.walletClient,
+        account: a.account,
+        chain: resolved.chain,
+        payload,
+        accept
+      });
     }
   };
 }
@@ -771,9 +1176,9 @@ var loaders = {
   solana: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./solana-W24TCJV4.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./solana-PU7N2M64.cjs")));
     } catch (cause) {
-      throw new (0, _chunkIQGT65WScjs.MissingDriverError)(
+      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
         `Solana selected, but its packages aren't installed. Run: npm install @solana/web3.js @solana/spl-token bs58`,
         { cause }
       );
@@ -783,9 +1188,9 @@ var loaders = {
   ton: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./ton-FIQGV2LC.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./ton-VK6KRJHP.cjs")));
     } catch (cause) {
-      throw new (0, _chunkIQGT65WScjs.MissingDriverError)(
+      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
         `TON selected, but its packages aren't installed. Run: npm install @ton/ton @ton/core @ton/crypto`,
         { cause }
       );
@@ -795,9 +1200,9 @@ var loaders = {
   stellar: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./stellar-YMY3K2YB.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./stellar-VDQOFQEO.cjs")));
     } catch (cause) {
-      throw new (0, _chunkIQGT65WScjs.MissingDriverError)(
+      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
         `Stellar selected, but its package isn't installed. Run: npm install @stellar/stellar-sdk`,
         { cause }
       );
@@ -807,9 +1212,9 @@ var loaders = {
   xrpl: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./xrpl-2PKP7HOI.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./xrpl-CMNI25BV.cjs")));
     } catch (cause) {
-      throw new (0, _chunkIQGT65WScjs.MissingDriverError)(
+      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
         `XRPL selected, but its package isn't installed. Run: npm install xrpl`,
         { cause }
       );
@@ -819,9 +1224,9 @@ var loaders = {
   tron: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./tron-ZSXAPZ2C.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./tron-WLOF5OUV.cjs")));
     } catch (cause) {
-      throw new (0, _chunkIQGT65WScjs.MissingDriverError)(
+      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
         `Tron selected, but its package isn't installed. Run: npm install tronweb`,
         { cause }
       );
@@ -831,9 +1236,9 @@ var loaders = {
   sui: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./sui-32KVESR5.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./sui-FKSMLKRF.cjs")));
     } catch (cause) {
-      throw new (0, _chunkIQGT65WScjs.MissingDriverError)(
+      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
         `Sui selected, but its package isn't installed. Run: npm install @mysten/sui`,
         { cause }
       );
@@ -843,9 +1248,9 @@ var loaders = {
   near: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./near-GGUHLXAF.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./near-7ZDNISUX.cjs")));
     } catch (cause) {
-      throw new (0, _chunkIQGT65WScjs.MissingDriverError)(
+      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
         `NEAR selected, but its package isn't installed. Run: npm install near-api-js`,
         { cause }
       );
@@ -855,9 +1260,9 @@ var loaders = {
   aptos: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./aptos-X3G2UBYW.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./aptos-YT7SXWPF.cjs")));
     } catch (cause) {
-      throw new (0, _chunkIQGT65WScjs.MissingDriverError)(
+      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
         `Aptos selected, but its package isn't installed. Run: npm install @aptos-labs/ts-sdk`,
         { cause }
       );
@@ -867,9 +1272,9 @@ var loaders = {
   algorand: async () => {
     let mod;
     try {
-      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./algorand-IJJKE35X.cjs")));
+      mod = await Promise.resolve().then(() => _interopRequireWildcard(require("./algorand-MXUSKX46.cjs")));
     } catch (cause) {
-      throw new (0, _chunkIQGT65WScjs.MissingDriverError)(
+      throw new (0, _chunkMDLZJGLYcjs.MissingDriverError)(
         `Algorand selected, but its package isn't installed. Run: npm install algosdk`,
         { cause }
       );
@@ -948,7 +1353,7 @@ async function searchOpenIndexes(opts = {}) {
 async function safeSearch(run) {
   try {
     return await run();
-  } catch (e12) {
+  } catch (e16) {
     return [];
   }
 }
@@ -1072,7 +1477,7 @@ async function readIndexError(res) {
       (p) => typeof p === "string" && p.length > 0
     );
     return parts.length ? [...new Set(parts)].join(" \u2014 ") : void 0;
-  } catch (e13) {
+  } catch (e17) {
     return void 0;
   }
 }
@@ -1128,13 +1533,13 @@ async function readSiwxInfo(res) {
   try {
     const body = await res.json();
     const ext = body.extensions;
-    const siwx = _optionalChain([ext, 'optionalAccess', _2 => _2["sign-in-with-x"]]);
-    const info = _nullishCoalesce(_optionalChain([siwx, 'optionalAccess', _3 => _3.info]), () => ( siwx));
+    const siwx = _optionalChain([ext, 'optionalAccess', _8 => _8["sign-in-with-x"]]);
+    const info = _nullishCoalesce(_optionalChain([siwx, 'optionalAccess', _9 => _9.info]), () => ( siwx));
     if (info && typeof info.domain === "string" && info.domain.length > 0 && typeof info.nonce === "string" && info.nonce.length > 0 && typeof info.uri === "string" && info.uri.length > 0) {
       return info;
     }
     return null;
-  } catch (e14) {
+  } catch (e18) {
     return null;
   }
 }
@@ -1182,7 +1587,7 @@ function mapRails(accepts) {
 }
 function matchesQuery(r, query) {
   const q = query.toLowerCase();
-  return r.resource.toLowerCase().includes(q) || (_nullishCoalesce(_optionalChain([r, 'access', _4 => _4.name, 'optionalAccess', _5 => _5.toLowerCase, 'call', _6 => _6(), 'access', _7 => _7.includes, 'call', _8 => _8(q)]), () => ( false))) || (_nullishCoalesce(_optionalChain([r, 'access', _9 => _9.description, 'optionalAccess', _10 => _10.toLowerCase, 'call', _11 => _11(), 'access', _12 => _12.includes, 'call', _13 => _13(q)]), () => ( false)));
+  return r.resource.toLowerCase().includes(q) || (_nullishCoalesce(_optionalChain([r, 'access', _10 => _10.name, 'optionalAccess', _11 => _11.toLowerCase, 'call', _12 => _12(), 'access', _13 => _13.includes, 'call', _14 => _14(q)]), () => ( false))) || (_nullishCoalesce(_optionalChain([r, 'access', _15 => _15.description, 'optionalAccess', _16 => _16.toLowerCase, 'call', _17 => _17(), 'access', _18 => _18.includes, 'call', _19 => _19(q)]), () => ( false)));
 }
 function pickString(o, ...keys) {
   for (const k of keys) {
@@ -1214,7 +1619,7 @@ function firstArray(o, ...keys) {
 function hostOf(url) {
   try {
     return new URL(url).hostname;
-  } catch (e15) {
+  } catch (e19) {
     return url;
   }
 }
@@ -1274,7 +1679,7 @@ function evaluatePolicy(intent, policy, spentForAssetBase) {
     }
   }
   if (policy.maxAmount !== void 0) {
-    const cap = _chunkIQGT65WScjs.floorUnits.call(void 0, policy.maxAmount, intent.decimals);
+    const cap = _chunkMDLZJGLYcjs.floorUnits.call(void 0, policy.maxAmount, intent.decimals);
     if (intent.amountBase > cap) {
       return deny(
         `payment of ${intent.amountBase} base units exceeds policy.maxAmount ` + `(${policy.maxAmount} ${_nullishCoalesce(intent.symbol, () => ( ""))}).`.trimEnd()
@@ -1282,7 +1687,7 @@ function evaluatePolicy(intent, policy, spentForAssetBase) {
     }
   }
   if (policy.maxTotal !== void 0) {
-    const cap = _chunkIQGT65WScjs.floorUnits.call(void 0, policy.maxTotal, intent.decimals);
+    const cap = _chunkMDLZJGLYcjs.floorUnits.call(void 0, policy.maxTotal, intent.decimals);
     if (spentForAssetBase + intent.amountBase > cap) {
       return deny(
         `this payment would push spend on ${_nullishCoalesce(intent.symbol, () => ( intent.asset))} past policy.maxTotal (${policy.maxTotal}); already spent ${spentForAssetBase} base units.`
@@ -1320,7 +1725,7 @@ var SpendLedger = (_class = class {constructor() { _class.prototype.__init.call(
   }
   /** Running total (base units) already spent on this (network, asset). */
   totalFor(network, asset) {
-    return _nullishCoalesce(_optionalChain([this, 'access', _14 => _14.buckets, 'access', _15 => _15.get, 'call', _16 => _16(keyFor(network, asset)), 'optionalAccess', _17 => _17.total]), () => ( 0n));
+    return _nullishCoalesce(_optionalChain([this, 'access', _20 => _20.buckets, 'access', _21 => _21.get, 'call', _22 => _22(keyFor(network, asset)), 'optionalAccess', _23 => _23.total]), () => ( 0n));
   }
   /** An immutable snapshot of all spend so far. */
   summary() {
@@ -1332,7 +1737,7 @@ var SpendLedger = (_class = class {constructor() { _class.prototype.__init.call(
         symbol: b.symbol,
         decimals: b.decimals,
         totalBase: b.total.toString(),
-        totalFormatted: _chunkIQGT65WScjs.formatUnits.call(void 0, b.total, b.decimals),
+        totalFormatted: _chunkMDLZJGLYcjs.formatUnits.call(void 0, b.total, b.decimals),
         count: b.count
       })),
       records: [...this.records]
@@ -1369,7 +1774,7 @@ var PipRailClient = (_class2 = class {
   safeEmit(event) {
     try {
       this.onEvent(event);
-    } catch (e16) {
+    } catch (e20) {
     }
   }
   /** Auto-mount the chain's driver, resolve the network, and bind the wallet — once. */
@@ -1394,7 +1799,7 @@ var PipRailClient = (_class2 = class {
    * as-is) or a plain object (serialised as JSON).
    */
   post(url, body, init) {
-    const headers = new Headers(_optionalChain([init, 'optionalAccess', _18 => _18.headers]));
+    const headers = new Headers(_optionalChain([init, 'optionalAccess', _24 => _24.headers]));
     let payload;
     if (body === void 0 || body === null) {
       payload = void 0;
@@ -1425,7 +1830,7 @@ var PipRailClient = (_class2 = class {
    * "0.05 USDC on Base, within budget → pay it." No funds move.
    */
   async quote(url, init) {
-    const res = await fetch(url, { ..._nullishCoalesce(init, () => ( {})), method: _nullishCoalesce(_optionalChain([init, 'optionalAccess', _19 => _19.method]), () => ( "GET")) });
+    const res = await fetch(url, { ..._nullishCoalesce(init, () => ( {})), method: _nullishCoalesce(_optionalChain([init, 'optionalAccess', _25 => _25.method]), () => ( "GET")) });
     if (res.status !== 402) return null;
     const { quote } = await this.resolveChallenge(url, res);
     return quote;
@@ -1444,7 +1849,7 @@ var PipRailClient = (_class2 = class {
    * on Tron, where a USD₮ transfer can cost real TRX.
    */
   async estimateCost(url, init) {
-    const res = await fetch(url, { ..._nullishCoalesce(init, () => ( {})), method: _nullishCoalesce(_optionalChain([init, 'optionalAccess', _20 => _20.method]), () => ( "GET")) });
+    const res = await fetch(url, { ..._nullishCoalesce(init, () => ( {})), method: _nullishCoalesce(_optionalChain([init, 'optionalAccess', _26 => _26.method]), () => ( "GET")) });
     if (res.status !== 402) return null;
     const { net, accept, quote } = await this.resolveChallenge(url, res);
     const cost = await net.estimateCost(accept);
@@ -1475,11 +1880,11 @@ var PipRailClient = (_class2 = class {
    * the plan yourself. No funds move.
    */
   async planPayment(url, init) {
-    const res = await fetch(url, { ..._nullishCoalesce(init, () => ( {})), method: _nullishCoalesce(_optionalChain([init, 'optionalAccess', _21 => _21.method]), () => ( "GET")) });
+    const res = await fetch(url, { ..._nullishCoalesce(init, () => ( {})), method: _nullishCoalesce(_optionalChain([init, 'optionalAccess', _27 => _27.method]), () => ( "GET")) });
     if (res.status !== 402) return null;
     const challenge = await parseChallenge(res);
     if (!challenge) {
-      throw new (0, _chunkIQGT65WScjs.InvalidEnvelopeError)("402 response did not include a parseable x402 challenge.");
+      throw new (0, _chunkMDLZJGLYcjs.InvalidEnvelopeError)("402 response did not include a parseable x402 challenge.");
     }
     const { net, wallet } = await this.ensure();
     return this.planFromChallenge(net, wallet, challenge, url);
@@ -1595,9 +2000,9 @@ var PipRailClient = (_class2 = class {
    * streams throw `NonReplayableBodyError`.
    */
   async fetch(url, init) {
-    const body = _optionalChain([init, 'optionalAccess', _22 => _22.body]);
+    const body = _optionalChain([init, 'optionalAccess', _28 => _28.body]);
     if (body !== void 0 && body !== null && !isReplayableBodyInit(body)) {
-      throw new (0, _chunkIQGT65WScjs.NonReplayableBodyError)(
+      throw new (0, _chunkMDLZJGLYcjs.NonReplayableBodyError)(
         "fetch(): init.body is not replayable. Pass a string, FormData, URLSearchParams, ArrayBuffer, or Blob \u2014 not a ReadableStream."
       );
     }
@@ -1607,11 +2012,11 @@ var PipRailClient = (_class2 = class {
     const { net, wallet, challenge } = resolved;
     let accept = resolved.accept;
     let quote = resolved.quote;
-    const autoRoute = _nullishCoalesce(_nullishCoalesce(_optionalChain([init, 'optionalAccess', _23 => _23.autoRoute]), () => ( this.opts.autoRoute)), () => ( false));
+    const autoRoute = _nullishCoalesce(_nullishCoalesce(_optionalChain([init, 'optionalAccess', _29 => _29.autoRoute]), () => ( this.opts.autoRoute)), () => ( false));
     if (autoRoute) {
       const plan = await this.planFromChallenge(net, wallet, challenge, url);
       if (!plan.best) {
-        throw new (0, _chunkIQGT65WScjs.PaymentDeclinedError)(_nullishCoalesce(plan.fundingHint, () => ( "No rail is settleable for this payment.")));
+        throw new (0, _chunkMDLZJGLYcjs.PaymentDeclinedError)(_nullishCoalesce(plan.fundingHint, () => ( "No rail is settleable for this payment.")));
       }
       accept = plan.best.accept;
       quote = plan.best.quote;
@@ -1632,7 +2037,7 @@ var PipRailClient = (_class2 = class {
   async resolveChallenge(url, response) {
     const challenge = await parseChallenge(response);
     if (!challenge) {
-      throw new (0, _chunkIQGT65WScjs.InvalidEnvelopeError)(
+      throw new (0, _chunkMDLZJGLYcjs.InvalidEnvelopeError)(
         "402 response did not include a parseable x402 challenge."
       );
     }
@@ -1640,7 +2045,7 @@ var PipRailClient = (_class2 = class {
     const candidates = this.gatherCandidates(net, challenge);
     if (candidates.length === 0) {
       const networks = challenge.accepts.map((a) => a.network).join(", ");
-      throw new (0, _chunkIQGT65WScjs.NoCompatibleAcceptError)(
+      throw new (0, _chunkMDLZJGLYcjs.NoCompatibleAcceptError)(
         `No accepts[] entry for ${net.network} (challenge offered: ${networks || "none"}).`
       );
     }
@@ -1651,7 +2056,10 @@ var PipRailClient = (_class2 = class {
     const chosen = _nullishCoalesce(priced.find((p) => p.quote.withinPolicy), () => ( priced[0]));
     return { net, wallet, accept: chosen.accept, challenge, quote: chosen.quote };
   }
-  /** The candidate accepts this client could pay: our scheme, on the bound network. */
+  /** The candidate accepts this client could pay: our scheme, on the bound network.
+   *  A dual-advertised challenge may also carry standard `exact` rails — the PipRail
+   *  client ignores those (it pays the backendless `onchain-proof` rail); the type
+   *  predicate narrows the `X402AnyAccept` union to the rails we settle. */
   gatherCandidates(net, challenge) {
     return challenge.accepts.filter(
       (a) => a.scheme === "onchain-proof" && net.supports(a.network)
@@ -1714,16 +2122,16 @@ var PipRailClient = (_class2 = class {
     if (isNative) {
       if (nativeKnown && bal.native < amount + fee) {
         blockers.push("INSUFFICIENT_TOKEN");
-        shortfall.token = _chunkIQGT65WScjs.formatUnits.call(void 0, amount + fee - bal.native, quote.decimals);
+        shortfall.token = _chunkMDLZJGLYcjs.formatUnits.call(void 0, amount + fee - bal.native, quote.decimals);
       }
     } else {
       if (tokenKnown && bal.token < amount) {
         blockers.push("INSUFFICIENT_TOKEN");
-        shortfall.token = _chunkIQGT65WScjs.formatUnits.call(void 0, amount - bal.token, quote.decimals);
+        shortfall.token = _chunkMDLZJGLYcjs.formatUnits.call(void 0, amount - bal.token, quote.decimals);
       }
       if (nativeKnown && bal.native < fee) {
         blockers.push("INSUFFICIENT_GAS");
-        shortfall.native = _chunkIQGT65WScjs.formatUnits.call(void 0, fee - bal.native, cost.feeDecimals);
+        shortfall.native = _chunkMDLZJGLYcjs.formatUnits.call(void 0, fee - bal.native, cost.feeDecimals);
       } else if (nativeKnown && fee > 0n && bal.native < fee * 3n / 2n) {
         warnings.push("THIN_GAS_MARGIN");
       }
@@ -1748,8 +2156,8 @@ var PipRailClient = (_class2 = class {
       blockers,
       warnings,
       balance: {
-        token: bal.token != null ? _chunkIQGT65WScjs.formatUnits.call(void 0, bal.token, quote.decimals) : null,
-        native: bal.native != null ? _chunkIQGT65WScjs.formatUnits.call(void 0, bal.native, cost.feeDecimals) : null
+        token: bal.token != null ? _chunkMDLZJGLYcjs.formatUnits.call(void 0, bal.token, quote.decimals) : null,
+        native: bal.native != null ? _chunkMDLZJGLYcjs.formatUnits.call(void 0, bal.native, cost.feeDecimals) : null
       },
       need: { token: quote.amountFormatted, native: cost.feeFormatted },
       ...shortfall.token || shortfall.native ? { shortfall } : {},
@@ -1760,15 +2168,15 @@ var PipRailClient = (_class2 = class {
    *  driver's describeAsset) + the policy verdict + a symbol-mismatch flag. */
   buildQuote(net, accept, url, description) {
     if (!/^\d+$/.test(accept.amount)) {
-      throw new (0, _chunkIQGT65WScjs.InvalidEnvelopeError)(
+      throw new (0, _chunkMDLZJGLYcjs.InvalidEnvelopeError)(
         `challenge amount "${accept.amount}" is not a base-unit integer.`
       );
     }
     const amountBase = BigInt(accept.amount);
     const described = net.describeAsset(accept.asset);
-    const decimals = _nullishCoalesce(_optionalChain([described, 'optionalAccess', _24 => _24.decimals]), () => ( accept.extra.decimals));
-    const symbol = _nullishCoalesce(_optionalChain([described, 'optionalAccess', _25 => _25.symbol]), () => ( accept.extra.symbol));
-    const amountFormatted = _chunkIQGT65WScjs.formatUnits.call(void 0, amountBase, decimals);
+    const decimals = _nullishCoalesce(_optionalChain([described, 'optionalAccess', _30 => _30.decimals]), () => ( accept.extra.decimals));
+    const symbol = _nullishCoalesce(_optionalChain([described, 'optionalAccess', _31 => _31.symbol]), () => ( accept.extra.symbol));
+    const amountFormatted = _chunkMDLZJGLYcjs.formatUnits.call(void 0, amountBase, decimals);
     const intent = {
       host: hostOf2(url),
       chain: this.opts.chain,
@@ -1808,7 +2216,7 @@ var PipRailClient = (_class2 = class {
    *  throwing PaymentDeclinedError, before any funds move. */
   async authorize(quote) {
     if (!quote.withinPolicy) {
-      throw new (0, _chunkIQGT65WScjs.PaymentDeclinedError)(
+      throw new (0, _chunkMDLZJGLYcjs.PaymentDeclinedError)(
         `Payment refused by policy: ${_nullishCoalesce(quote.policyReason, () => ( "not allowed"))}`
       );
     }
@@ -1818,12 +2226,12 @@ var PipRailClient = (_class2 = class {
     try {
       approved = await hook(quote);
     } catch (err) {
-      throw new (0, _chunkIQGT65WScjs.PaymentDeclinedError)("onBeforePay threw \u2014 refusing to pay.", {
+      throw new (0, _chunkMDLZJGLYcjs.PaymentDeclinedError)("onBeforePay threw \u2014 refusing to pay.", {
         cause: err
       });
     }
     if (!approved) {
-      throw new (0, _chunkIQGT65WScjs.PaymentDeclinedError)(
+      throw new (0, _chunkMDLZJGLYcjs.PaymentDeclinedError)(
         `onBeforePay declined ${quote.amountFormatted} ${_nullishCoalesce(quote.symbol, () => ( ""))}`.trimEnd() + ` on ${quote.network}.`
       );
     }
@@ -1847,7 +2255,7 @@ var PipRailClient = (_class2 = class {
   }
   async payAndConfirm(net, wallet, accept) {
     if (!net.supports(accept.network)) {
-      throw new (0, _chunkIQGT65WScjs.WrongChainError)(
+      throw new (0, _chunkMDLZJGLYcjs.WrongChainError)(
         `Challenge expects ${accept.network} but client is on ${net.network}.`
       );
     }
@@ -1876,7 +2284,7 @@ var PipRailClient = (_class2 = class {
       accepted: accept,
       payload: { nonce: accept.extra.nonce, txHash: ref }
     };
-    const headers = new Headers(_optionalChain([originalInit, 'optionalAccess', _26 => _26.headers]));
+    const headers = new Headers(_optionalChain([originalInit, 'optionalAccess', _32 => _32.headers]));
     headers.set(HEADER_SIGNATURE, buildSignatureHeader(signature));
     let lastResponse = null;
     let lastReason = null;
@@ -1891,7 +2299,7 @@ var PipRailClient = (_class2 = class {
         () => timeoutController.abort(),
         this.retryTimeoutMs
       );
-      const signal = _optionalChain([originalInit, 'optionalAccess', _27 => _27.signal]) && typeof AbortSignal.any === "function" ? AbortSignal.any([timeoutController.signal, originalInit.signal]) : timeoutController.signal;
+      const signal = _optionalChain([originalInit, 'optionalAccess', _33 => _33.signal]) && typeof AbortSignal.any === "function" ? AbortSignal.any([timeoutController.signal, originalInit.signal]) : timeoutController.signal;
       try {
         lastResponse = await fetch(url, {
           ..._nullishCoalesce(originalInit, () => ( {})),
@@ -1900,7 +2308,7 @@ var PipRailClient = (_class2 = class {
         });
       } catch (err) {
         if (timeoutController.signal.aborted) {
-          throw new (0, _chunkIQGT65WScjs.PaymentTimeoutError)(
+          throw new (0, _chunkMDLZJGLYcjs.PaymentTimeoutError)(
             `Server did not respond within ${this.retryTimeoutMs}ms after broadcasting payment ${ref}. Re-verify or re-submit ref=${ref} \u2014 do NOT re-pay.`,
             { cause: err, ref }
           );
@@ -1922,7 +2330,7 @@ var PipRailClient = (_class2 = class {
       kind: "payment-failed",
       reason: `server returned 402 after broadcasting payment ${ref}${unconfirmedNote} (${why})`
     });
-    throw new (0, _chunkIQGT65WScjs.MaxRetriesExceededError)(
+    throw new (0, _chunkMDLZJGLYcjs.MaxRetriesExceededError)(
       `Server still returned 402 after ${attempts} attempt(s) with on-chain proof ref=${ref}${unconfirmedNote}. Last server rejection: ${why}. Re-verify or re-submit ref=${ref} before retrying \u2014 never re-pay (it would double-spend).`,
       { ref }
     );
@@ -1931,7 +2339,7 @@ var PipRailClient = (_class2 = class {
 function safeBig(s) {
   try {
     return BigInt(s);
-  } catch (e17) {
+  } catch (e21) {
     return 0n;
   }
 }
@@ -1964,10 +2372,10 @@ function buildFundingHint(options, chainLabel) {
     return `Couldn't fully read your wallet on ${chainLabel} (RPC throttled) \u2014 retry; you may already be able to pay ${target.quote.amountFormatted} ${sym}.`;
   }
   const parts = [];
-  if (target.blockers.includes("INSUFFICIENT_TOKEN") && _optionalChain([target, 'access', _28 => _28.shortfall, 'optionalAccess', _29 => _29.token])) {
+  if (target.blockers.includes("INSUFFICIENT_TOKEN") && _optionalChain([target, 'access', _34 => _34.shortfall, 'optionalAccess', _35 => _35.token])) {
     parts.push(`top up ${target.shortfall.token} ${sym}`);
   }
-  if (target.blockers.includes("INSUFFICIENT_GAS") && _optionalChain([target, 'access', _30 => _30.shortfall, 'optionalAccess', _31 => _31.native])) {
+  if (target.blockers.includes("INSUFFICIENT_GAS") && _optionalChain([target, 'access', _36 => _36.shortfall, 'optionalAccess', _37 => _37.native])) {
     parts.push(`add ~${target.shortfall.native} ${target.cost.feeSymbol} for gas`);
   }
   return parts.length ? `Can't settle on ${chainLabel}: ${parts.join(" and ")} (to pay ${target.quote.amountFormatted} ${sym}).` : `Can't settle on ${chainLabel} for ${target.quote.amountFormatted} ${sym}.`;
@@ -1981,7 +2389,7 @@ async function planAcross(clients, url, init) {
   const status = best ? "ready" : options.some((o) => o.state === "unknown") ? "unknown" : "blocked";
   return {
     url,
-    network: _nullishCoalesce(_optionalChain([best, 'optionalAccess', _32 => _32.accept, 'access', _33 => _33.network]), () => ( live[0].network)),
+    network: _nullishCoalesce(_optionalChain([best, 'optionalAccess', _38 => _38.accept, 'access', _39 => _39.network]), () => ( live[0].network)),
     status,
     payable: best !== null,
     best,
@@ -1997,7 +2405,7 @@ function railOnNetwork(rail, matches) {
 function hostOf2(url) {
   try {
     return new URL(url).hostname;
-  } catch (e18) {
+  } catch (e22) {
     return url;
   }
 }
@@ -2014,13 +2422,21 @@ function isReplayableBodyInit(value) {
 async function readInvalidReason(response) {
   try {
     const body = await response.clone().json();
+    const ext = _optionalChain([body, 'optionalAccess', _40 => _40.extensions]);
+    const piprail = _optionalChain([ext, 'optionalAccess', _41 => _41.piprail]);
+    if (piprail && typeof piprail.code === "string") {
+      return {
+        error: piprail.code,
+        detail: typeof piprail.detail === "string" ? piprail.detail : ""
+      };
+    }
     if (body && (body.status === "invalid" || typeof body.error === "string")) {
       return {
         error: typeof body.error === "string" ? body.error : "no error code",
         detail: typeof body.detail === "string" ? body.detail : ""
       };
     }
-  } catch (e19) {
+  } catch (e23) {
   }
   return null;
 }
@@ -2031,7 +2447,7 @@ async function readBody(res) {
   if (!text) return null;
   try {
     return JSON.parse(text);
-  } catch (e20) {
+  } catch (e24) {
     return text;
   }
 }
@@ -2202,7 +2618,7 @@ function paymentTools(client) {
             receipt: parseReceipt(res)
           };
         } catch (err) {
-          if (err instanceof _chunkIQGT65WScjs.PaymentDeclinedError) {
+          if (err instanceof _chunkMDLZJGLYcjs.PaymentDeclinedError) {
             return { declined: true, reason: err.message };
           }
           throw err;
@@ -2245,6 +2661,100 @@ function paymentTools(client) {
   ];
 }
 
+// src/facilitator.ts
+function safeStringify(value) {
+  return JSON.stringify(value, (_k, v) => typeof v === "bigint" ? v.toString() : v);
+}
+function mapReason(reason) {
+  const r = (_nullishCoalesce(reason, () => ( ""))).toLowerCase();
+  if (r.includes("signature")) return "signature_invalid";
+  if (r.includes("recipient")) return "wrong_recipient";
+  if (r.includes("value") || r.includes("amount")) return "amount_too_low";
+  if (r.includes("valid_before") || r.includes("valid_after") || r.includes("expired")) return "payment_expired";
+  if (r.includes("used") || r.includes("replay") || r.includes("nonce") || r.includes("transaction_state")) {
+    return "tx_already_used";
+  }
+  return "tx_reverted";
+}
+async function post(url, body, headers) {
+  const res = await fetch(url, {
+    method: "POST",
+    headers: { "content-type": "application/json", ...headers },
+    body: safeStringify(body)
+  });
+  let json = null;
+  try {
+    json = await res.json();
+  } catch (e25) {
+  }
+  return { status: res.status, json };
+}
+async function settleViaFacilitator(input) {
+  const base2 = input.url.replace(/\/+$/, "");
+  const body = {
+    x402Version: input.x402Version,
+    paymentPayload: input.paymentPayload,
+    paymentRequirements: input.paymentRequirements
+  };
+  const auth = input.authHeaders ? await input.authHeaders() : {};
+  let verify;
+  try {
+    verify = await post(`${base2}/verify`, body, auth);
+  } catch (err) {
+    throw new (0, _chunkMDLZJGLYcjs.SettlementError)(
+      `exact settle (facilitator ${base2}): /verify request failed (${err instanceof Error ? err.message : String(err)}).`,
+      { cause: err }
+    );
+  }
+  if (verify.status !== 200) {
+    throw new (0, _chunkMDLZJGLYcjs.SettlementError)(
+      `exact settle (facilitator ${base2}): /verify returned HTTP ${verify.status} (transport/auth error).`
+    );
+  }
+  const vr = _nullishCoalesce(verify.json, () => ( {}));
+  if (vr.isValid === false) {
+    return {
+      ok: false,
+      error: mapReason(vr.invalidReason),
+      detail: `Facilitator rejected the payment: ${_nullishCoalesce(vr.invalidReason, () => ( "invalid"))}${vr.invalidMessage ? ` \u2014 ${vr.invalidMessage}` : ""}.`
+    };
+  }
+  let settle;
+  try {
+    settle = await post(`${base2}/settle`, body, auth);
+  } catch (err) {
+    throw new (0, _chunkMDLZJGLYcjs.SettlementError)(
+      `exact settle (facilitator ${base2}): /settle request failed (${err instanceof Error ? err.message : String(err)}).`,
+      { cause: err }
+    );
+  }
+  if (settle.status !== 200) {
+    throw new (0, _chunkMDLZJGLYcjs.SettlementError)(
+      `exact settle (facilitator ${base2}): /settle returned HTTP ${settle.status} (transport/auth error).`
+    );
+  }
+  const sr = _nullishCoalesce(settle.json, () => ( {}));
+  if (!sr.success) {
+    return {
+      ok: false,
+      error: mapReason(sr.errorReason),
+      detail: `Facilitator settlement failed: ${_nullishCoalesce(sr.errorReason, () => ( "unknown"))}${sr.errorMessage ? ` \u2014 ${sr.errorMessage}` : ""}.`
+    };
+  }
+  const receipt = {
+    scheme: "exact",
+    success: true,
+    network: input.receipt.network,
+    transaction: sr.transaction,
+    asset: input.receipt.asset,
+    amount: input.receipt.amount,
+    payer: _nullishCoalesce(_nullishCoalesce(sr.payer, () => ( input.payerHint)), () => ( "")),
+    payTo: input.receipt.payTo,
+    verifiedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  return { ok: true, receipt };
+}
+
 // src/server.ts
 function toInvalidBody(result) {
   return { x402Version: 2, status: "invalid", error: result.error, detail: result.detail };
@@ -2271,9 +2781,10 @@ function createPaymentGate(options) {
   const genNonce = _nullishCoalesce(options.generateNonce, () => ( (() => globalThis.crypto.randomUUID())));
   let resolved;
   function ready() {
-    return resolved ??= (async () => {
+    if (resolved) return resolved;
+    const p = (async () => {
       const accepts = normaliseAccepts(options);
-      return Promise.all(
+      const specs = await Promise.all(
         accepts.map(async (a) => {
           const net = await resolveNetwork2({ chain: a.chain, rpcUrl: _nullishCoalesce(a.rpcUrl, () => ( options.rpcUrl)) });
           const payTo = _nullishCoalesce(a.payTo, () => ( options.payTo));
@@ -2284,11 +2795,53 @@ function createPaymentGate(options) {
           }
           net.assertValidPayTo(payTo);
           const { asset, decimals, symbol } = net.resolveToken(a.token);
-          const amountBase = _chunkIQGT65WScjs.parseUnits.call(void 0, a.amount, decimals);
-          return { net, asset, decimals, symbol, amountBase, amountFormatted: a.amount, payTo };
+          const amountBase = _chunkMDLZJGLYcjs.parseUnits.call(void 0, a.amount, decimals);
+          const spec = { net, asset, decimals, symbol, amountBase, amountFormatted: a.amount, payTo };
+          if (options.exact) spec.exact = await resolveExactRail(net, asset);
+          return spec;
         })
       );
+      if (options.exact && !specs.some((s) => s.exact)) {
+        throw new Error(
+          "requirePayment: `exact` was requested but none of the offered rails support it. The standard `exact` rail is EVM + EIP-3009 only (USDC / EURC) \u2014 not native coins, not USDT, not non-EVM chains. Offer an EVM EIP-3009 token, or drop `exact`."
+        );
+      }
+      return specs;
     })();
+    p.catch(() => {
+      if (resolved === p) resolved = void 0;
+    });
+    resolved = p;
+    return p;
+  }
+  async function resolveExactRail(net, asset) {
+    const cfg = options.exact;
+    if (net.family !== "evm" || asset === "native" || !net.exactDomain || !net.settleExactSelf) {
+      return void 0;
+    }
+    const domain = await net.exactDomain(asset);
+    if (!domain) {
+      throw new Error(
+        `requirePayment: \`exact\` requested for asset ${asset} on ${net.network}, but it isn't an EIP-3009 token (couldn't read name()/version()/authorizationState). The exact rail supports USDC / EURC and other EIP-3009 tokens \u2014 USDT and native coins need onchain-proof. (Or check your rpcUrl is reachable.)`
+      );
+    }
+    if (cfg.settle === "self") {
+      if (cfg.relayer === void 0) {
+        throw new Error(
+          "requirePayment: exact `settle: 'self'` needs a `relayer` wallet (the gas-paying key that broadcasts transferWithAuthorization), e.g. exact: { settle: 'self', relayer: { privateKey } }."
+        );
+      }
+      const relayer = net.bindWallet(cfg.relayer);
+      return { domain, mode: { kind: "self", relayer } };
+    }
+    return {
+      domain,
+      mode: {
+        kind: "facilitator",
+        url: cfg.settle.facilitator,
+        ...cfg.settle.authHeaders ? { authHeaders: cfg.settle.authHeaders } : {}
+      }
+    };
   }
   const hasCustomStore = Boolean(options.isUsed || options.markUsed);
   const localUsed = /* @__PURE__ */ new Set();
@@ -2325,93 +2878,191 @@ function createPaymentGate(options) {
       }
     };
   }
-  async function challenge(resourceUrl = "") {
+  function buildExactAccept(s) {
+    const d = s.exact.domain;
+    return {
+      scheme: "exact",
+      network: s.net.network,
+      amount: s.amountBase.toString(),
+      asset: s.asset,
+      payTo: s.payTo,
+      maxTimeoutSeconds,
+      extra: {
+        assetTransferMethod: "eip3009",
+        name: d.name,
+        version: d.version,
+        minConfirmations,
+        decimals: s.decimals,
+        amountFormatted: s.amountFormatted,
+        ...s.symbol ? { symbol: s.symbol } : {}
+      }
+    };
+  }
+  function buildAccepts(specs, nonce) {
+    const out = [];
+    for (const s of specs) {
+      if (s.exact) out.push(buildExactAccept(s));
+      out.push(buildAccept(s, nonce));
+    }
+    return out;
+  }
+  async function makeChallenge(resourceUrl, opts) {
     const specs = await ready();
     const nonce = genNonce();
     const challenge2 = {
       x402Version: 2,
-      error: null,
       resource: {
         url: resourceUrl,
         ...options.description ? { description: options.description } : {}
       },
-      accepts: specs.map((s) => buildAccept(s, nonce))
+      accepts: buildAccepts(specs, nonce),
+      ..._optionalChain([opts, 'optionalAccess', _42 => _42.error]) ? { error: opts.error } : {},
+      ..._optionalChain([opts, 'optionalAccess', _43 => _43.extensions]) ? { extensions: opts.extensions } : {}
     };
     return { challenge: challenge2, requiredHeader: buildChallengeHeader(challenge2) };
   }
+  async function challenge(resourceUrl = "") {
+    return makeChallenge(resourceUrl);
+  }
   async function asChallenge() {
-    const { challenge: c, requiredHeader } = await challenge();
+    const { challenge: c, requiredHeader } = await makeChallenge("");
     return { kind: "challenge", challenge: c, requiredHeader, statusCode: 402 };
   }
+  async function rejection(code, detail) {
+    const { challenge: c, requiredHeader } = await makeChallenge("", {
+      error: `${code}: ${detail}`,
+      extensions: { piprail: { code, detail } }
+    });
+    return { kind: "invalid", error: code, detail, challenge: c, requiredHeader, statusCode: 402 };
+  }
+  function fireOnPaid(receipt) {
+    if (options.onPaid) {
+      try {
+        options.onPaid(receipt);
+      } catch (e26) {
+      }
+    }
+  }
   async function describe(resourceUrl = "") {
     const specs = await ready();
-    const accepts = specs.map((s) => ({
-      scheme: "onchain-proof",
-      network: s.net.network,
-      asset: s.asset,
-      payTo: s.payTo,
-      amount: s.amountBase.toString(),
-      amountFormatted: s.amountFormatted,
-      decimals: s.decimals,
-      maxTimeoutSeconds,
-      ...s.symbol ? { symbol: s.symbol } : {}
-    }));
+    const accepts = [];
+    for (const s of specs) {
+      const base2 = {
+        network: s.net.network,
+        asset: s.asset,
+        payTo: s.payTo,
+        amount: s.amountBase.toString(),
+        amountFormatted: s.amountFormatted,
+        decimals: s.decimals,
+        maxTimeoutSeconds,
+        ...s.symbol ? { symbol: s.symbol } : {}
+      };
+      if (s.exact) accepts.push({ scheme: "exact", ...base2 });
+      accepts.push({ scheme: "onchain-proof", ...base2 });
+    }
     return {
       url: resourceUrl,
       ...options.description ? { description: options.description } : {},
       accepts
     };
   }
-  async function verify(paymentSignature) {
-    const raw = normaliseHeader(paymentSignature);
-    if (!raw) return asChallenge();
-    const sig = parseSignatureHeader(raw);
-    if (!sig || !sig.accepted || typeof sig.accepted.network !== "string" || typeof sig.accepted.asset !== "string") {
-      return asChallenge();
-    }
+  async function verifyOnchainProof(sig) {
     const specs = await ready();
     const spec = specs.find(
       (s) => s.net.network === sig.accepted.network && s.asset === sig.accepted.asset
     );
     if (!spec) {
-      return {
-        kind: "invalid",
-        error: "transfer_not_found",
-        detail: `Proof claims ${sig.accepted.asset} on ${sig.accepted.network}, which this resource doesn't accept (offered: ${specs.map((s) => `${s.asset}@${s.net.network}`).join(", ")}).`,
-        statusCode: 402
-      };
+      return rejection(
+        "transfer_not_found",
+        `Proof claims ${sig.accepted.asset} on ${sig.accepted.network}, which this resource doesn't accept (offered: ${specs.map((s) => `${s.asset}@${s.net.network}`).join(", ")}).`
+      );
     }
     const ref = sig.payload.txHash;
-    if (await claimTx(ref)) {
-      return {
-        kind: "invalid",
-        error: "tx_already_used",
-        detail: `Proof ${ref} was already redeemed.`,
-        statusCode: 402
-      };
-    }
+    if (await claimTx(ref)) return rejection("tx_already_used", `Proof ${ref} was already redeemed.`);
     const result = await spec.net.verify(ref, buildAccept(spec, sig.payload.nonce));
     if (!result.ok) {
       await settleTx(ref, false);
-      return {
-        kind: "invalid",
-        error: result.error,
-        detail: result.detail,
-        statusCode: 402
-      };
+      return rejection(result.error, result.detail);
     }
     await settleTx(ref, true);
-    if (options.onPaid) {
-      try {
-        options.onPaid(result.receipt);
-      } catch (e21) {
+    fireOnPaid(result.receipt);
+    return { kind: "paid", receipt: result.receipt, receiptHeader: buildReceiptHeader(result.receipt) };
+  }
+  async function verifyExact(exact) {
+    const specs = await ready();
+    const exactSpecs = specs.filter((s) => s.exact);
+    if (exactSpecs.length === 0) {
+      return rejection("transfer_not_found", "This resource offers no standard `exact` rail.");
+    }
+    const isCaip = exact.network.startsWith("eip155:");
+    let candidates = isCaip ? exactSpecs.filter((s) => s.net.network === exact.network) : exactSpecs;
+    if (exact.asset) {
+      candidates = candidates.filter((s) => s.asset.toLowerCase() === exact.asset.toLowerCase());
+    }
+    let spec = candidates[0];
+    if (!isCaip && !exact.asset && exactSpecs.length > 1) spec = void 0;
+    if (!spec && !isCaip && !exact.asset && exactSpecs.length === 1) spec = exactSpecs[0];
+    if (!spec || !spec.exact) {
+      return rejection(
+        "transfer_not_found",
+        `No \`exact\` rail offered for ${exact.network}${exact.asset ? `/${exact.asset}` : ""} (offered: ${exactSpecs.map((s) => `${s.asset}@${s.net.network}`).join(", ")}).`
+      );
+    }
+    const nonce = exact.payload.authorization.nonce;
+    if (await claimTx(nonce)) {
+      return rejection("tx_already_used", `Authorization nonce ${nonce} was already redeemed.`);
+    }
+    const accept = buildExactAccept(spec);
+    const mode = spec.exact.mode;
+    let result;
+    try {
+      if (mode.kind === "self") {
+        result = await spec.net.settleExactSelf({ relayer: mode.relayer, payload: exact.payload, accept });
+      } else {
+        result = await settleViaFacilitator({
+          url: mode.url,
+          ...mode.authHeaders ? { authHeaders: mode.authHeaders } : {},
+          // PipRail always builds a v2-shaped paymentRequirements (CAIP-2 network + `amount`),
+          // so force x402Version:2 — echoing a v1 client's version here would hand the facilitator
+          // a self-inconsistent request (v1 envelope, v2 requirements). The inner payload is
+          // byte-identical across versions, so forwarding it verbatim is fine.
+          x402Version: 2,
+          paymentPayload: exact.raw,
+          paymentRequirements: {
+            scheme: "exact",
+            network: accept.network,
+            asset: accept.asset,
+            amount: accept.amount,
+            payTo: accept.payTo,
+            maxTimeoutSeconds: accept.maxTimeoutSeconds,
+            extra: { name: accept.extra.name, version: accept.extra.version }
+          },
+          receipt: { network: accept.network, asset: accept.asset, payTo: accept.payTo, amount: accept.amount },
+          payerHint: exact.payload.authorization.from
+        });
       }
+    } catch (err) {
+      await settleTx(nonce, false);
+      throw err;
     }
-    return {
-      kind: "paid",
-      receipt: result.receipt,
-      receiptHeader: buildReceiptHeader(result.receipt)
-    };
+    if (!result.ok) {
+      await settleTx(nonce, false);
+      return rejection(result.error, result.detail);
+    }
+    await settleTx(nonce, true);
+    fireOnPaid(result.receipt);
+    return { kind: "paid", receipt: result.receipt, receiptHeader: buildReceiptHeader(result.receipt) };
+  }
+  async function verify(paymentSignature) {
+    const raw = normaliseHeader(paymentSignature);
+    if (!raw) return asChallenge();
+    const sig = parseSignatureHeader(raw);
+    if (sig && sig.accepted && typeof sig.accepted.network === "string" && typeof sig.accepted.asset === "string") {
+      return verifyOnchainProof(sig);
+    }
+    const exact = parseExactPaymentHeader(raw);
+    if (exact) return verifyExact(exact);
+    return asChallenge();
   }
   return { challenge, verify, describe };
 }
@@ -2420,14 +3071,20 @@ function requirePayment(options) {
   return async (req, res, next) => {
     let result;
     try {
-      result = await gate.verify(req.headers[HEADER_SIGNATURE]);
+      result = await gate.verify(_nullishCoalesce(req.headers[HEADER_SIGNATURE], () => ( req.headers[HEADER_SIGNATURE_V1])));
     } catch (err) {
+      if (err instanceof _chunkMDLZJGLYcjs.SettlementError) {
+        res.status(502);
+        res.json({ x402Version: 2, error: "settlement_failed", detail: err.message });
+        return;
+      }
       next(err);
       return;
     }
     switch (result.kind) {
       case "paid":
         res.setHeader(HEADER_RESPONSE, result.receiptHeader);
+        res.setHeader(HEADER_RESPONSE_V1, result.receiptHeader);
         return next();
       case "challenge":
         res.setHeader(HEADER_REQUIRED, result.requiredHeader);
@@ -2435,8 +3092,9 @@ function requirePayment(options) {
         res.json(result.challenge);
         return;
       case "invalid":
+        res.setHeader(HEADER_REQUIRED, result.requiredHeader);
         res.status(result.statusCode);
-        res.json(toInvalidBody(result));
+        res.json(result.challenge);
         return;
     }
   };
@@ -2446,110 +3104,12 @@ function normaliseHeader(value) {
   return value;
 }
 
-// src/drivers/evm/exact.ts
-var EXACT_NETWORK_SLUGS = {
-  ethereum: 1,
-  base: 8453,
-  "base-sepolia": 84532,
-  arbitrum: 42161,
-  optimism: 10,
-  polygon: 137,
-  avalanche: 43114
-};
-function chainIdForExactNetwork(slug) {
-  return _nullishCoalesce(EXACT_NETWORK_SLUGS[slug], () => ( null));
-}
-var EIP3009_TYPES = {
-  TransferWithAuthorization: [
-    { name: "from", type: "address" },
-    { name: "to", type: "address" },
-    { name: "value", type: "uint256" },
-    { name: "validAfter", type: "uint256" },
-    { name: "validBefore", type: "uint256" },
-    { name: "nonce", type: "bytes32" }
-  ]
-};
-function parseExactRequirements(body) {
-  if (!body || typeof body !== "object") return null;
-  const accepts = body.accepts;
-  if (!Array.isArray(accepts)) return null;
-  const out = [];
-  for (const raw of accepts) {
-    if (!raw || typeof raw !== "object") continue;
-    const a = raw;
-    if (a.scheme !== "exact") continue;
-    const amount = _nullishCoalesce(a.maxAmountRequired, () => ( a.amount));
-    if (typeof a.network !== "string" || typeof amount !== "string" || typeof a.asset !== "string" || typeof a.payTo !== "string") {
-      continue;
-    }
-    out.push({
-      scheme: "exact",
-      network: a.network,
-      maxAmountRequired: amount,
-      asset: a.asset,
-      payTo: a.payTo,
-      maxTimeoutSeconds: typeof a.maxTimeoutSeconds === "number" ? a.maxTimeoutSeconds : 600,
-      ...a.extra && typeof a.extra === "object" ? { extra: a.extra } : {},
-      ...typeof a.description === "string" ? { description: a.description } : {},
-      ...typeof a.resource === "string" ? { resource: a.resource } : {}
-    });
-  }
-  return out;
-}
-async function buildExactAuthorization(params) {
-  const { account, accept, chainId, now, nonce } = params;
-  if (!account.signTypedData) {
-    throw new Error("buildExactAuthorization: the account cannot sign EIP-712 typed data.");
-  }
-  const authorization = {
-    from: account.address,
-    to: accept.payTo,
-    value: accept.maxAmountRequired,
-    validAfter: "0",
-    validBefore: String(now + accept.maxTimeoutSeconds),
-    nonce
-  };
-  const signature = await account.signTypedData({
-    domain: {
-      name: _nullishCoalesce(_optionalChain([accept, 'access', _34 => _34.extra, 'optionalAccess', _35 => _35.name]), () => ( "USD Coin")),
-      version: _nullishCoalesce(_optionalChain([accept, 'access', _36 => _36.extra, 'optionalAccess', _37 => _37.version]), () => ( "2")),
-      chainId,
-      verifyingContract: accept.asset
-    },
-    types: EIP3009_TYPES,
-    primaryType: "TransferWithAuthorization",
-    message: {
-      from: authorization.from,
-      to: authorization.to,
-      value: BigInt(authorization.value),
-      validAfter: BigInt(authorization.validAfter),
-      validBefore: BigInt(authorization.validBefore),
-      nonce: authorization.nonce
-    }
-  });
-  return { authorization, signature };
-}
-function base64(str) {
-  if (typeof btoa === "function") return btoa(str);
-  if (typeof Buffer !== "undefined") return Buffer.from(str, "utf8").toString("base64");
-  throw new Error("No base64 encoder available in this runtime.");
-}
-function encodeXPaymentHeader(input) {
-  const payload = {
-    x402Version: _nullishCoalesce(input.x402Version, () => ( 1)),
-    scheme: "exact",
-    network: input.network,
-    payload: { signature: input.signature, authorization: input.authorization }
-  };
-  return base64(JSON.stringify(payload));
-}
-
 // src/discovery.ts
 var GENERATOR = "@piprail/sdk \xB7 https://piprail.com";
 function pathOf(url) {
   try {
     return new URL(url).pathname || "/";
-  } catch (e22) {
+  } catch (e27) {
     return url.startsWith("/") ? url : `/${url}`;
   }
 }
@@ -2646,4 +3206,14 @@ function buildX402DnsTxt(input) {
 
 
 
-exports.CHAINS = CHAINS; exports.ConfirmationTimeoutError = _chunkIQGT65WScjs.ConfirmationTimeoutError; exports.EIP3009_TYPES = EIP3009_TYPES; exports.EXACT_NETWORK_SLUGS = EXACT_NETWORK_SLUGS; exports.GENERATOR = GENERATOR; exports.InsufficientFundsError = _chunkIQGT65WScjs.InsufficientFundsError; exports.InvalidEnvelopeError = _chunkIQGT65WScjs.InvalidEnvelopeError; exports.MaxRetriesExceededError = _chunkIQGT65WScjs.MaxRetriesExceededError; exports.MissingDriverError = _chunkIQGT65WScjs.MissingDriverError; exports.NoCompatibleAcceptError = _chunkIQGT65WScjs.NoCompatibleAcceptError; exports.NonReplayableBodyError = _chunkIQGT65WScjs.NonReplayableBodyError; exports.PaymentDeclinedError = _chunkIQGT65WScjs.PaymentDeclinedError; exports.PaymentTimeoutError = _chunkIQGT65WScjs.PaymentTimeoutError; exports.PipRailClient = PipRailClient; exports.PipRailError = _chunkIQGT65WScjs.PipRailError; exports.RecipientNotReadyError = _chunkIQGT65WScjs.RecipientNotReadyError; exports.UnknownTokenError = _chunkIQGT65WScjs.UnknownTokenError; exports.UnsupportedNetworkError = _chunkIQGT65WScjs.UnsupportedNetworkError; exports.WrongChainError = _chunkIQGT65WScjs.WrongChainError; exports.WrongFamilyError = _chunkIQGT65WScjs.WrongFamilyError; exports.buildChallengeHeader = buildChallengeHeader; exports.buildExactAuthorization = buildExactAuthorization; exports.buildOpenApi = buildOpenApi; exports.buildReceiptHeader = buildReceiptHeader; exports.buildSignatureHeader = buildSignatureHeader; exports.buildWellKnownX402 = buildWellKnownX402; exports.buildX402DnsTxt = buildX402DnsTxt; exports.chainIdForExactNetwork = chainIdForExactNetwork; exports.createPaymentGate = createPaymentGate; exports.encodeXPaymentHeader = encodeXPaymentHeader; exports.evaluatePolicy = evaluatePolicy; exports.normalizeNetwork = normalizeNetwork; exports.parseChallenge = parseChallenge; exports.parseExactRequirements = parseExactRequirements; exports.parseReceipt = parseReceipt; exports.parseSignatureHeader = parseSignatureHeader; exports.paymentTools = paymentTools; exports.pickAccept = pickAccept; exports.planAcross = planAcross; exports.register402Index = register402Index; exports.registerDriver = registerDriver; exports.registerX402Scan = registerX402Scan; exports.requirePayment = requirePayment; exports.resolveChain = resolveChain; exports.searchOpenIndexes = searchOpenIndexes; exports.toInsufficientFundsError = _chunkIQGT65WScjs.toInsufficientFundsError; exports.toInvalidBody = toInvalidBody;
+
+
+
+
+
+
+
+
+
+
+exports.CHAINS = CHAINS; exports.ConfirmationTimeoutError = _chunkMDLZJGLYcjs.ConfirmationTimeoutError; exports.EIP3009_TYPES = EIP3009_TYPES; exports.EXACT_NETWORK_SLUGS = EXACT_NETWORK_SLUGS; exports.GENERATOR = GENERATOR; exports.HEADER_REQUIRED = HEADER_REQUIRED; exports.HEADER_RESPONSE = HEADER_RESPONSE; exports.HEADER_RESPONSE_V1 = HEADER_RESPONSE_V1; exports.HEADER_SIGNATURE = HEADER_SIGNATURE; exports.HEADER_SIGNATURE_V1 = HEADER_SIGNATURE_V1; exports.InsufficientFundsError = _chunkMDLZJGLYcjs.InsufficientFundsError; exports.InvalidEnvelopeError = _chunkMDLZJGLYcjs.InvalidEnvelopeError; exports.MaxRetriesExceededError = _chunkMDLZJGLYcjs.MaxRetriesExceededError; exports.MissingDriverError = _chunkMDLZJGLYcjs.MissingDriverError; exports.NoCompatibleAcceptError = _chunkMDLZJGLYcjs.NoCompatibleAcceptError; exports.NonReplayableBodyError = _chunkMDLZJGLYcjs.NonReplayableBodyError; exports.PaymentDeclinedError = _chunkMDLZJGLYcjs.PaymentDeclinedError; exports.PaymentTimeoutError = _chunkMDLZJGLYcjs.PaymentTimeoutError; exports.PipRailClient = PipRailClient; exports.PipRailError = _chunkMDLZJGLYcjs.PipRailError; exports.RecipientNotReadyError = _chunkMDLZJGLYcjs.RecipientNotReadyError; exports.SettlementError = _chunkMDLZJGLYcjs.SettlementError; exports.UnknownTokenError = _chunkMDLZJGLYcjs.UnknownTokenError; exports.UnsupportedNetworkError = _chunkMDLZJGLYcjs.UnsupportedNetworkError; exports.WrongChainError = _chunkMDLZJGLYcjs.WrongChainError; exports.WrongFamilyError = _chunkMDLZJGLYcjs.WrongFamilyError; exports.buildChallengeHeader = buildChallengeHeader; exports.buildExactAuthorization = buildExactAuthorization; exports.buildOpenApi = buildOpenApi; exports.buildReceiptHeader = buildReceiptHeader; exports.buildSignatureHeader = buildSignatureHeader; exports.buildWellKnownX402 = buildWellKnownX402; exports.buildX402DnsTxt = buildX402DnsTxt; exports.chainIdForExactNetwork = chainIdForExactNetwork; exports.createPaymentGate = createPaymentGate; exports.eip3009Abi = eip3009Abi; exports.encodeXPaymentHeader = encodeXPaymentHeader; exports.evaluatePolicy = evaluatePolicy; exports.normalizeNetwork = normalizeNetwork; exports.parseChallenge = parseChallenge; exports.parseExactPaymentHeader = parseExactPaymentHeader; exports.parseExactRequirements = parseExactRequirements; exports.parseReceipt = parseReceipt; exports.parseSignatureHeader = parseSignatureHeader; exports.paymentTools = paymentTools; exports.pickAccept = pickAccept; exports.planAcross = planAcross; exports.readExactDomain = readExactDomain; exports.register402Index = register402Index; exports.registerDriver = registerDriver; exports.registerX402Scan = registerX402Scan; exports.requirePayment = requirePayment; exports.resolveChain = resolveChain; exports.searchOpenIndexes = searchOpenIndexes; exports.settleViaFacilitator = settleViaFacilitator; exports.toInsufficientFundsError = _chunkMDLZJGLYcjs.toInsufficientFundsError; exports.toInvalidBody = toInvalidBody;