npm - @piprail/sdk - Versions diffs - 1.9.0 → 1.11.0 - Mend

@piprail/sdk 1.9.0 → 1.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/CHANGELOG.md +70 -0
package/ERRORS.md +21 -8
package/README.md +20 -0
package/STANDARDS.md +5 -2
package/dist/{algorand-IJJKE35X.cjs → algorand-MXUSKX46.cjs} +17 -17
package/dist/{algorand-B67G4335.js → algorand-WGVF4KTU.js} +1 -1
package/dist/{aptos-YQWTGFRZ.js → aptos-LPBLSEIQ.js} +1 -1
package/dist/{aptos-X3G2UBYW.cjs → aptos-YT7SXWPF.cjs} +16 -16
package/dist/{chunk-IQGT65WS.cjs → chunk-MDLZJGLY.cjs} +20 -16
package/dist/{chunk-QDS6FBZP.js → chunk-SVMGHASK.js} +4 -0
package/dist/index.cjs +897 -265
package/dist/index.d.cts +504 -45
package/dist/index.d.ts +504 -45
package/dist/index.js +820 -188
package/dist/{near-GGUHLXAF.cjs → near-7ZDNISUX.cjs} +19 -19
package/dist/{near-7MBBCDUE.js → near-K6BDBABG.js} +1 -1
package/dist/{solana-W24TCJV4.cjs → solana-PU7N2M64.cjs} +14 -14
package/dist/{solana-7WJVZGDW.js → solana-S3UFI3FE.js} +1 -1
package/dist/{stellar-HV6VGZX3.js → stellar-Q5PO23SC.js} +1 -1
package/dist/{stellar-YMY3K2YB.cjs → stellar-VDQOFQEO.cjs} +21 -21
package/dist/{sui-32KVESR5.cjs → sui-FKSMLKRF.cjs} +17 -17
package/dist/{sui-2WFWVFJX.js → sui-WOXRKJXS.js} +1 -1
package/dist/{ton-FIQGV2LC.cjs → ton-VK6KRJHP.cjs} +14 -14
package/dist/{ton-DGZB7W4U.js → ton-WPTXGLVK.js} +1 -1
package/dist/{tron-RLIL2FDI.js → tron-6GXBXTR4.js} +1 -1
package/dist/{tron-ZSXAPZ2C.cjs → tron-WLOF5OUV.cjs} +24 -24
package/dist/{xrpl-2PKP7HOI.cjs → xrpl-CMNI25BV.cjs} +21 -21
package/dist/{xrpl-UEC2GYVV.js → xrpl-HEAPEXAM.js} +1 -1
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -10,6 +10,7 @@ import {
   PaymentTimeoutError,
   PipRailError,
   RecipientNotReadyError,
+  SettlementError,
   UnknownTokenError,
   UnsupportedNetworkError,
   WrongChainError,
@@ -20,7 +21,7 @@ import {
   parseUnits,
   rejectForeignToken,
   toInsufficientFundsError
-} from "./chunk-QDS6FBZP.js";
+} from "./chunk-SVMGHASK.js";
 // src/drivers/registry.ts
 var byFamily = /* @__PURE__ */ new Map();
@@ -63,7 +64,7 @@ function resolveNetwork(opts) {
 }
 // src/drivers/evm/index.ts
-import { BaseError, createPublicClient, erc20Abi as erc20Abi3, getAddress as getAddress2, http as http2, isAddress } from "viem";
+import { BaseError, createPublicClient, erc20Abi as erc20Abi3, getAddress as getAddress3, http as http2, isAddress } from "viem";
 // src/drivers/evm/chains.ts
 import { defineChain } from "viem";
@@ -483,20 +484,367 @@ function sumTransfersTo(logs, asset, payTo) {
   return { total, from };
 }
+// src/drivers/evm/exact.ts
+import {
+  getAddress as getAddress2,
+  parseSignature,
+  recoverTypedDataAddress
+} from "viem";
+var EXACT_NETWORK_SLUGS = {
+  ethereum: 1,
+  base: 8453,
+  "base-sepolia": 84532,
+  arbitrum: 42161,
+  optimism: 10,
+  polygon: 137,
+  avalanche: 43114
+};
+function chainIdForExactNetwork(slug) {
+  return EXACT_NETWORK_SLUGS[slug] ?? null;
+}
+var EIP3009_TYPES = {
+  TransferWithAuthorization: [
+    { name: "from", type: "address" },
+    { name: "to", type: "address" },
+    { name: "value", type: "uint256" },
+    { name: "validAfter", type: "uint256" },
+    { name: "validBefore", type: "uint256" },
+    { name: "nonce", type: "bytes32" }
+  ]
+};
+function parseExactRequirements(body) {
+  if (!body || typeof body !== "object") return null;
+  const accepts = body.accepts;
+  if (!Array.isArray(accepts)) return null;
+  const out = [];
+  for (const raw of accepts) {
+    if (!raw || typeof raw !== "object") continue;
+    const a = raw;
+    if (a.scheme !== "exact") continue;
+    const amount = a.maxAmountRequired ?? a.amount;
+    if (typeof a.network !== "string" || typeof amount !== "string" || typeof a.asset !== "string" || typeof a.payTo !== "string") {
+      continue;
+    }
+    out.push({
+      scheme: "exact",
+      network: a.network,
+      maxAmountRequired: amount,
+      asset: a.asset,
+      payTo: a.payTo,
+      maxTimeoutSeconds: typeof a.maxTimeoutSeconds === "number" ? a.maxTimeoutSeconds : 600,
+      ...a.extra && typeof a.extra === "object" ? { extra: a.extra } : {},
+      ...typeof a.description === "string" ? { description: a.description } : {},
+      ...typeof a.resource === "string" ? { resource: a.resource } : {}
+    });
+  }
+  return out;
+}
+async function buildExactAuthorization(params) {
+  const { account, accept, chainId, now, nonce } = params;
+  if (!account.signTypedData) {
+    throw new Error("buildExactAuthorization: the account cannot sign EIP-712 typed data.");
+  }
+  const authorization = {
+    from: account.address,
+    to: accept.payTo,
+    value: accept.maxAmountRequired,
+    validAfter: "0",
+    validBefore: String(now + accept.maxTimeoutSeconds),
+    nonce
+  };
+  const signature = await account.signTypedData({
+    domain: {
+      name: accept.extra?.name ?? "USD Coin",
+      version: accept.extra?.version ?? "2",
+      chainId,
+      verifyingContract: accept.asset
+    },
+    types: EIP3009_TYPES,
+    primaryType: "TransferWithAuthorization",
+    message: {
+      from: authorization.from,
+      to: authorization.to,
+      value: BigInt(authorization.value),
+      validAfter: BigInt(authorization.validAfter),
+      validBefore: BigInt(authorization.validBefore),
+      nonce: authorization.nonce
+    }
+  });
+  return { authorization, signature };
+}
+function base64(str) {
+  if (typeof Buffer !== "undefined") return Buffer.from(str, "utf8").toString("base64");
+  if (typeof btoa === "function" && typeof TextEncoder !== "undefined") {
+    const bytes = new TextEncoder().encode(str);
+    let binary = "";
+    for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
+    return btoa(binary);
+  }
+  throw new Error("No base64 encoder available in this runtime.");
+}
+function encodeXPaymentHeader(input) {
+  const payload = {
+    x402Version: input.x402Version ?? 1,
+    scheme: "exact",
+    network: input.network,
+    payload: { signature: input.signature, authorization: input.authorization }
+  };
+  return base64(JSON.stringify(payload));
+}
+var eip3009Abi = [
+  {
+    type: "function",
+    name: "transferWithAuthorization",
+    stateMutability: "nonpayable",
+    outputs: [],
+    inputs: [
+      { name: "from", type: "address" },
+      { name: "to", type: "address" },
+      { name: "value", type: "uint256" },
+      { name: "validAfter", type: "uint256" },
+      { name: "validBefore", type: "uint256" },
+      { name: "nonce", type: "bytes32" },
+      { name: "v", type: "uint8" },
+      { name: "r", type: "bytes32" },
+      { name: "s", type: "bytes32" }
+    ]
+  },
+  {
+    type: "function",
+    name: "transferWithAuthorization",
+    stateMutability: "nonpayable",
+    outputs: [],
+    inputs: [
+      { name: "from", type: "address" },
+      { name: "to", type: "address" },
+      { name: "value", type: "uint256" },
+      { name: "validAfter", type: "uint256" },
+      { name: "validBefore", type: "uint256" },
+      { name: "nonce", type: "bytes32" },
+      { name: "signature", type: "bytes" }
+    ]
+  },
+  {
+    type: "function",
+    name: "authorizationState",
+    stateMutability: "view",
+    inputs: [
+      { name: "authorizer", type: "address" },
+      { name: "nonce", type: "bytes32" }
+    ],
+    outputs: [{ type: "bool" }]
+  },
+  { type: "function", name: "name", stateMutability: "view", inputs: [], outputs: [{ type: "string" }] },
+  { type: "function", name: "version", stateMutability: "view", inputs: [], outputs: [{ type: "string" }] }
+];
+var ZERO_ADDR = "0x0000000000000000000000000000000000000000";
+var ZERO_NONCE = `0x${"00".repeat(32)}`;
+async function readExactDomain(publicClient, asset) {
+  if (asset === "native") return null;
+  let token;
+  try {
+    token = getAddress2(asset);
+  } catch {
+    return null;
+  }
+  try {
+    const [name, version] = await Promise.all([
+      publicClient.readContract({ address: token, abi: eip3009Abi, functionName: "name" }),
+      publicClient.readContract({ address: token, abi: eip3009Abi, functionName: "version" }),
+      // The EIP-3009 probe: this view exists only on EIP-3009 tokens; it reverts on
+      // a plain ERC-20 / USDT, marking the token as not exact-payable.
+      publicClient.readContract({
+        address: token,
+        abi: eip3009Abi,
+        functionName: "authorizationState",
+        args: [ZERO_ADDR, ZERO_NONCE]
+      })
+    ]);
+    if (typeof name !== "string" || typeof version !== "string" || !name || !version) return null;
+    return { name, version };
+  } catch {
+    return null;
+  }
+}
+function shorten(msg) {
+  const oneLine = msg.replace(/\s+/g, " ").trim();
+  return oneLine.length > 200 ? `${oneLine.slice(0, 200)}\u2026` : oneLine;
+}
+async function verifyAndSettleExactEvm(input) {
+  const { publicClient, walletClient, account, chain, payload, accept } = input;
+  const token = getAddress2(accept.asset);
+  const payTo = getAddress2(accept.payTo);
+  const requiredAmount = BigInt(accept.amount);
+  let from;
+  let to;
+  let value;
+  let validAfter;
+  let validBefore;
+  let nonce;
+  try {
+    from = getAddress2(payload.authorization.from);
+    to = getAddress2(payload.authorization.to);
+    value = BigInt(payload.authorization.value);
+    validAfter = BigInt(payload.authorization.validAfter);
+    validBefore = BigInt(payload.authorization.validBefore);
+    nonce = payload.authorization.nonce;
+    if (!/^0x[0-9a-fA-F]{64}$/.test(nonce)) throw new Error("nonce must be 32-byte hex");
+    if (!/^0x[0-9a-fA-F]+$/.test(payload.signature)) throw new Error("signature must be hex");
+  } catch (err) {
+    return {
+      ok: false,
+      error: "signature_invalid",
+      detail: `Malformed exact authorization: ${err instanceof Error ? err.message : String(err)}.`
+    };
+  }
+  if (to !== payTo) {
+    return { ok: false, error: "wrong_recipient", detail: `Authorization pays ${to}, not ${payTo}.` };
+  }
+  if (value < requiredAmount) {
+    return { ok: false, error: "amount_too_low", detail: `Authorized ${value}, required ${requiredAmount}.` };
+  }
+  const now = BigInt(Math.floor(Date.now() / 1e3));
+  if (validBefore <= now) {
+    return { ok: false, error: "payment_expired", detail: `Authorization expired: validBefore ${validBefore} <= now ${now}.` };
+  }
+  let fromCode;
+  try {
+    fromCode = await publicClient.getCode({ address: from });
+  } catch {
+    return { ok: false, error: "tx_not_found", detail: `Could not read code at ${from} (transient RPC) \u2014 retry.` };
+  }
+  const isContractWallet = Boolean(fromCode && fromCode !== "0x");
+  if (!isContractWallet) {
+    let recovered;
+    try {
+      recovered = await recoverTypedDataAddress({
+        domain: {
+          name: accept.extra.name,
+          version: accept.extra.version,
+          chainId: chain.id,
+          verifyingContract: token
+        },
+        types: EIP3009_TYPES,
+        primaryType: "TransferWithAuthorization",
+        message: { from, to, value, validAfter, validBefore, nonce },
+        signature: payload.signature
+      });
+    } catch (err) {
+      return { ok: false, error: "signature_invalid", detail: `Not a valid EIP-712 signature: ${shorten(err instanceof Error ? err.message : String(err))}.` };
+    }
+    if (recovered !== from) {
+      return { ok: false, error: "signature_invalid", detail: `Signature recovered to ${recovered}, not the authorizer ${from}.` };
+    }
+  }
+  try {
+    const used = await publicClient.readContract({
+      address: token,
+      abi: eip3009Abi,
+      functionName: "authorizationState",
+      args: [from, nonce]
+    });
+    if (used) {
+      return { ok: false, error: "tx_already_used", detail: `Authorization nonce ${nonce} already used or canceled on-chain.` };
+    }
+  } catch {
+    return { ok: false, error: "tx_not_found", detail: "Could not read authorizationState (transient RPC) \u2014 retry." };
+  }
+  const baseArgs = [from, to, value, validAfter, validBefore, nonce];
+  const isEcdsa = !isContractWallet && payload.signature.length - 2 === 130;
+  let writeArgs;
+  if (isEcdsa) {
+    const { r, s, yParity } = parseSignature(payload.signature);
+    writeArgs = [...baseArgs, BigInt(yParity + 27), r, s];
+  } else {
+    writeArgs = [...baseArgs, payload.signature];
+  }
+  try {
+    await publicClient.simulateContract({
+      account,
+      address: token,
+      abi: eip3009Abi,
+      functionName: "transferWithAuthorization",
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      args: writeArgs
+    });
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (/used or canceled/i.test(msg)) return { ok: false, error: "tx_already_used", detail: "Authorization is used or canceled." };
+    if (/expired|not yet valid/i.test(msg)) return { ok: false, error: "payment_expired", detail: shorten(msg) };
+    if (/invalid signature/i.test(msg)) return { ok: false, error: "signature_invalid", detail: shorten(msg) };
+    return { ok: false, error: "tx_reverted", detail: `transferWithAuthorization would revert: ${shorten(msg)}` };
+  }
+  let txHash;
+  try {
+    txHash = await walletClient.writeContract({
+      account,
+      chain,
+      address: token,
+      abi: eip3009Abi,
+      functionName: "transferWithAuthorization",
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      args: writeArgs
+    });
+  } catch (err) {
+    throw new SettlementError(
+      `exact settle: the merchant relayer failed to broadcast transferWithAuthorization (${shorten(err instanceof Error ? err.message : String(err))}). The payer's authorization is still valid and unused \u2014 fund/fix the relayer and the payer can retry.`,
+      { cause: err }
+    );
+  }
+  try {
+    const confirmations = accept.extra.minConfirmations ?? 1;
+    const receipt = await publicClient.waitForTransactionReceipt({ hash: txHash, confirmations });
+    if (receipt.status !== "success") {
+      return { ok: false, error: "tx_reverted", detail: `Settlement tx ${txHash} reverted on-chain.` };
+    }
+  } catch (err) {
+    throw new SettlementError(
+      `exact settle: broadcast ${txHash} but couldn't confirm it (${shorten(err instanceof Error ? err.message : String(err))}).`,
+      { cause: err }
+    );
+  }
+  return {
+    ok: true,
+    receipt: {
+      scheme: "exact",
+      success: true,
+      network: accept.network,
+      transaction: txHash,
+      asset: accept.asset,
+      amount: accept.amount,
+      payer: from,
+      payTo: accept.payTo,
+      verifiedAt: (/* @__PURE__ */ new Date()).toISOString()
+    }
+  };
+}
 // src/x402.ts
 var HEADER_REQUIRED = "payment-required";
 var HEADER_SIGNATURE = "payment-signature";
 var HEADER_RESPONSE = "payment-response";
-function decodeBase64(b64) {
-  if (typeof atob === "function") return atob(b64);
-  if (typeof Buffer !== "undefined") return Buffer.from(b64, "base64").toString("utf8");
-  throw new Error("No base64 decoder available in this runtime.");
-}
+var HEADER_SIGNATURE_V1 = "x-payment";
+var HEADER_RESPONSE_V1 = "x-payment-response";
 function encodeBase64(str) {
-  if (typeof btoa === "function") return btoa(str);
   if (typeof Buffer !== "undefined") return Buffer.from(str, "utf8").toString("base64");
+  if (typeof btoa === "function" && typeof TextEncoder !== "undefined") {
+    const bytes = new TextEncoder().encode(str);
+    let binary = "";
+    for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
+    return btoa(binary);
+  }
   throw new Error("No base64 encoder available in this runtime.");
 }
+function decodeBase64(b64) {
+  if (typeof Buffer !== "undefined") return Buffer.from(b64, "base64").toString("utf8");
+  if (typeof atob === "function" && typeof TextDecoder !== "undefined") {
+    const binary = atob(b64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+    return new TextDecoder().decode(bytes);
+  }
+  throw new Error("No base64 decoder available in this runtime.");
+}
 function fromBase64Json(b64) {
   try {
     return JSON.parse(decodeBase64(b64));
@@ -557,6 +905,36 @@ function parseSignatureHeader(value) {
   }
   return parsed;
 }
+function parseExactPaymentHeader(value) {
+  const parsed = fromBase64Json(value);
+  if (!parsed || typeof parsed !== "object") return null;
+  const v = parsed;
+  const accepted = v.accepted ?? null;
+  const scheme = accepted?.scheme ?? v.scheme;
+  if (scheme !== "exact") return null;
+  const network = accepted?.network ?? v.network;
+  if (typeof network !== "string") return null;
+  const payload = v.payload;
+  if (!payload || typeof payload !== "object") return null;
+  const signature = payload.signature;
+  const authorization = payload.authorization;
+  if (typeof signature !== "string" || !authorization || typeof authorization !== "object") return null;
+  for (const k of ["from", "to", "value", "validAfter", "validBefore", "nonce"]) {
+    if (typeof authorization[k] !== "string") return null;
+  }
+  const x402Version = typeof v.x402Version === "number" ? v.x402Version : 2;
+  const asset = accepted && typeof accepted.asset === "string" ? accepted.asset : void 0;
+  return {
+    x402Version,
+    network,
+    ...asset ? { asset } : {},
+    payload: {
+      signature,
+      authorization
+    },
+    raw: v
+  };
+}
 function isValidChallenge(value) {
   if (!value || typeof value !== "object") return false;
   const v = value;
@@ -568,7 +946,7 @@ function isValidChallenge(value) {
 function isValidReceipt(value) {
   if (!value || typeof value !== "object") return false;
   const v = value;
-  if (v.scheme !== "onchain-proof") return false;
+  if (v.scheme !== "onchain-proof" && v.scheme !== "exact") return false;
   if (typeof v.transaction !== "string" && typeof v.txHash !== "string") return false;
   if (typeof v.payer !== "string") return false;
   return true;
@@ -646,12 +1024,12 @@ function makeEvmNetwork(resolved) {
       }
       let normalized;
       try {
-        normalized = getAddress2(asset);
+        normalized = getAddress3(asset);
       } catch {
         return null;
       }
       for (const info of Object.values(resolved.tokens)) {
-        if (getAddress2(info.address) === normalized) {
+        if (getAddress3(info.address) === normalized) {
           return { symbol: info.symbol, decimals: info.decimals };
         }
       }
@@ -735,7 +1113,7 @@ function makeEvmNetwork(resolved) {
       let token = null;
       try {
         token = await publicClient.readContract({
-          address: getAddress2(asset),
+          address: getAddress3(asset),
           abi: erc20Abi3,
           functionName: "balanceOf",
           args: [owner]
@@ -767,6 +1145,21 @@ function makeEvmNetwork(resolved) {
         accept,
         minConfirmations: accept.extra.minConfirmations
       });
+    },
+    // Standard x402 `exact` rail (EIP-3009), seller side — EVM only.
+    async exactDomain(asset) {
+      return readExactDomain(publicClient, asset);
+    },
+    async settleExactSelf({ relayer, payload, accept }) {
+      const a = relayer._native;
+      return verifyAndSettleExactEvm({
+        publicClient,
+        walletClient: a.walletClient,
+        account: a.account,
+        chain: resolved.chain,
+        payload,
+        accept
+      });
     }
   };
 }
@@ -783,7 +1176,7 @@ var loaders = {
   solana: async () => {
     let mod;
     try {
-      mod = await import("./solana-7WJVZGDW.js");
+      mod = await import("./solana-S3UFI3FE.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Solana selected, but its packages aren't installed. Run: npm install @solana/web3.js @solana/spl-token bs58`,
@@ -795,7 +1188,7 @@ var loaders = {
   ton: async () => {
     let mod;
     try {
-      mod = await import("./ton-DGZB7W4U.js");
+      mod = await import("./ton-WPTXGLVK.js");
     } catch (cause) {
       throw new MissingDriverError(
         `TON selected, but its packages aren't installed. Run: npm install @ton/ton @ton/core @ton/crypto`,
@@ -807,7 +1200,7 @@ var loaders = {
   stellar: async () => {
     let mod;
     try {
-      mod = await import("./stellar-HV6VGZX3.js");
+      mod = await import("./stellar-Q5PO23SC.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Stellar selected, but its package isn't installed. Run: npm install @stellar/stellar-sdk`,
@@ -819,7 +1212,7 @@ var loaders = {
   xrpl: async () => {
     let mod;
     try {
-      mod = await import("./xrpl-UEC2GYVV.js");
+      mod = await import("./xrpl-HEAPEXAM.js");
     } catch (cause) {
       throw new MissingDriverError(
         `XRPL selected, but its package isn't installed. Run: npm install xrpl`,
@@ -831,7 +1224,7 @@ var loaders = {
   tron: async () => {
     let mod;
     try {
-      mod = await import("./tron-RLIL2FDI.js");
+      mod = await import("./tron-6GXBXTR4.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Tron selected, but its package isn't installed. Run: npm install tronweb`,
@@ -843,7 +1236,7 @@ var loaders = {
   sui: async () => {
     let mod;
     try {
-      mod = await import("./sui-2WFWVFJX.js");
+      mod = await import("./sui-WOXRKJXS.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Sui selected, but its package isn't installed. Run: npm install @mysten/sui`,
@@ -855,7 +1248,7 @@ var loaders = {
   near: async () => {
     let mod;
     try {
-      mod = await import("./near-7MBBCDUE.js");
+      mod = await import("./near-K6BDBABG.js");
     } catch (cause) {
       throw new MissingDriverError(
         `NEAR selected, but its package isn't installed. Run: npm install near-api-js`,
@@ -867,7 +1260,7 @@ var loaders = {
   aptos: async () => {
     let mod;
     try {
-      mod = await import("./aptos-YQWTGFRZ.js");
+      mod = await import("./aptos-LPBLSEIQ.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Aptos selected, but its package isn't installed. Run: npm install @aptos-labs/ts-sdk`,
@@ -879,7 +1272,7 @@ var loaders = {
   algorand: async () => {
     let mod;
     try {
-      mod = await import("./algorand-B67G4335.js");
+      mod = await import("./algorand-WGVF4KTU.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Algorand selected, but its package isn't installed. Run: npm install algosdk`,
@@ -912,6 +1305,42 @@ async function resolveNetwork2(opts) {
 }
 // src/indexes.ts
+var DIRECTORY_INFO = {
+  "402index": {
+    source: "402index",
+    review: "probe-sync",
+    auth: "none",
+    chains: null,
+    onSuccess: "pending-review",
+    readByDiscover: true,
+    caveat: "402 Index probes your URL on submit, then lists it as PENDING REVIEW \u2014 a self-registered resource is NOT in search until approved. Verify your domain on 402index.io for instant approval; otherwise it appears after manual review, so retry discover() later."
+  },
+  x402scan: {
+    source: "x402scan",
+    review: "probe-sync",
+    auth: "siwx",
+    chains: ["eip155:8453", "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp"],
+    onSuccess: "live",
+    readByDiscover: false,
+    caveat: "x402scan lists Base/Solana only, needs one wallet signature (SIWX), and requires a resolvable input schema (from /openapi.json or the bazaar extension in the 402 body). It goes live on x402scan.com immediately on success \u2014 but discover() does NOT read x402scan, so the listing won't appear in discover() results."
+  },
+  bazaar: {
+    source: "bazaar",
+    review: "settle-coupled",
+    auth: "facilitator-only",
+    chains: null,
+    onSuccess: "not-listable",
+    readByDiscover: true,
+    caveat: "CDP Bazaar has no register endpoint \u2014 it catalogs a resource only when its own facilitator settles a payment. PipRail verifies locally with no facilitator, so a PipRail resource cannot be listed here (you can still READ Bazaar to find others). List on 402 Index or x402scan instead."
+  }
+};
+function getDirectoryInfo(source) {
+  return DIRECTORY_INFO[source];
+}
+function decorateOutcome(o) {
+  const info = DIRECTORY_INFO[o.source];
+  return { ...o, visibility: o.ok ? info.onSuccess : "not-listable", note: info.caveat };
+}
 var BAZAAR_URL = "https://api.cdp.coinbase.com/platform/v2/x402/discovery/resources";
 var INDEX402_SEARCH = "https://402index.io/api/v1/services";
 var INDEX402_REGISTER = "https://402index.io/api/v1/register";
@@ -1064,7 +1493,13 @@ async function register402Index(input) {
       body: JSON.stringify(payload)
     });
     if (res.ok) {
-      return { source: "402index", ok: true, status: res.status, detail: "Listed on 402 Index (searchable at 402index.io)." };
+      const msg = await readIndexMessage(res);
+      return {
+        source: "402index",
+        ok: true,
+        status: res.status,
+        detail: msg ?? "Registered on 402 Index \u2014 pending review (verify your domain on 402index.io for instant approval)."
+      };
     }
     const why = await readIndexError(res);
     return {
@@ -1077,6 +1512,14 @@ async function register402Index(input) {
     return { source: "402index", ok: false, detail: errMsg(err) };
   }
 }
+async function readIndexMessage(res) {
+  try {
+    const body = await res.json();
+    return typeof body.message === "string" && body.message.length > 0 ? body.message : void 0;
+  } catch {
+    return void 0;
+  }
+}
 async function readIndexError(res) {
   try {
     const body = await res.json();
@@ -1515,9 +1958,15 @@ var PipRailClient = class {
    *
    * Nothing PipRail-hosted: these are third-party open directories. Never throws
    * for a read problem — an index that's down or changed simply contributes
-   * nothing. Honest caveat: index results are cross-scheme (mostly the
-   * mainstream `exact` scheme); `fetch()` pays only `onchain-proof` rails
-   * directly (pay `exact` resources with the experimental `drivers/evm/exact.ts`).
+   * nothing. Honest caveats (see {@link DIRECTORY_INFO}):
+   * - Reads **`bazaar` + `402index`** only — **NOT `x402scan`** (its reads are paid). A
+   *   resource you registered on x402scan is live there but will NOT appear here; don't
+   *   read that absence as failure. (Passing `sources:['x402scan']` explicitly yields `[]`.)
+   * - A resource just listed via {@link register} may not appear yet — 402 Index reviews
+   *   before publishing, so retry with a brief backoff if a fresh listing is missing.
+   * - Results are cross-scheme (mostly the mainstream `exact` scheme); `fetch()` pays
+   *   only `onchain-proof` rails directly (pay `exact` resources with the experimental
+   *   `drivers/evm/exact.ts`).
    */
   async discover(opts = {}) {
     const found = await searchOpenIndexes({
@@ -1542,12 +1991,27 @@ var PipRailClient = class {
   }
   /**
    * List a resource you run on the OPEN x402 registries, so agents can find it.
-   * Default target is **402 Index** — one POST, no auth, no signature, no payment
-   * (searchable within seconds). Add `'x402scan'` to also register via SIWX (one
-   * wallet signature; EVM + a Base/Solana rail). Returns one {@link RegisterOutcome}
-   * per target — a target the chain can't satisfy comes back `{ ok:false, detail }`,
-   * never a throw. An explicit, developer-invoked action; it moves no funds, and
-   * nothing is PipRail-hosted — you're listing on third-party open directories.
+   * Default target is **402 Index** — one POST, no auth, no signature, no payment.
+   * Add `'x402scan'` to also register via SIWX (one wallet signature; EVM + a
+   * Base/Solana rail). Returns one {@link RegisterOutcome} per target — a target the
+   * chain can't satisfy comes back `{ ok:false, detail }`, never a throw. An explicit,
+   * developer-invoked action; it moves no funds, and nothing is PipRail-hosted —
+   * you're listing on third-party open directories.
+   *
+   * **Listing is asynchronous — each outcome carries a `visibility` + `note` so an
+   * agent knows when/where the resource is findable (don't assume `ok:true` means
+   * "searchable now"):**
+   * - **402 Index** → `visibility:'pending-review'`. It probes your URL on submit, then lists it
+   *   PENDING REVIEW — not searchable until approved (verify your domain on 402index.io for instant
+   *   approval), so `discover()` returns nothing for a fresh listing until then. Retry later.
+   * - **x402scan** → `visibility:'live'`, but **`discover()` does NOT read x402scan** — the
+   *   listing is real on x402scan.com yet won't show up in `discover()`. Base/Solana only;
+   *   needs a resolvable input schema (`/openapi.json` or the `extensions.bazaar` block).
+   * - **Bazaar** → `visibility:'not-listable'` for PipRail (it lists only what its facilitator
+   *   settles; PipRail uses none). You can still READ Bazaar via {@link discover} to find others.
+   *
+   * The per-source facts live in {@link DIRECTORY_INFO} (importable) if you'd rather branch
+   * on them before calling.
    */
   async register(url, opts = {}) {
     const targets = opts.targets ?? ["402index"];
@@ -1586,7 +2050,7 @@ var PipRailClient = class {
         });
       }
     }
-    return outcomes;
+    return outcomes.map(decorateOutcome);
   }
   /**
    * The discovery signer for the bound wallet (its address + a message signer),
@@ -1663,7 +2127,10 @@ var PipRailClient = class {
     const chosen = priced.find((p) => p.quote.withinPolicy) ?? priced[0];
     return { net, wallet, accept: chosen.accept, challenge, quote: chosen.quote };
   }
-  /** The candidate accepts this client could pay: our scheme, on the bound network. */
+  /** The candidate accepts this client could pay: our scheme, on the bound network.
+   *  A dual-advertised challenge may also carry standard `exact` rails — the PipRail
+   *  client ignores those (it pays the backendless `onchain-proof` rail); the type
+   *  predicate narrows the `X402AnyAccept` union to the rails we settle. */
   gatherCandidates(net, challenge) {
     return challenge.accepts.filter(
       (a) => a.scheme === "onchain-proof" && net.supports(a.network)
@@ -2026,6 +2493,14 @@ function isReplayableBodyInit(value) {
 async function readInvalidReason(response) {
   try {
     const body = await response.clone().json();
+    const ext = body?.extensions;
+    const piprail = ext?.piprail;
+    if (piprail && typeof piprail.code === "string") {
+      return {
+        error: piprail.code,
+        detail: typeof piprail.detail === "string" ? piprail.detail : ""
+      };
+    }
     if (body && (body.status === "invalid" || typeof body.error === "string")) {
       return {
         error: typeof body.error === "string" ? body.error : "no error code",
@@ -2223,7 +2698,7 @@ function paymentTools(client) {
     },
     {
       name: "piprail_register",
-      description: "List an x402 payment-gated resource YOU run on the open indexes so other agents can discover it. Default target is 402 Index \u2014 no auth, no signature, no payment; searchable within seconds. Returns one outcome per index ({ source, ok, detail }); a step the chain can't satisfy comes back ok:false with the reason. Moves no funds; nothing is PipRail-hosted.",
+      description: "List an x402 payment-gated resource YOU run on the open indexes so other agents can discover it. Default target is 402 Index \u2014 no auth, no signature, no payment; a self-registered listing is pending review (verify your domain on 402index.io for instant approval). Returns one outcome per index ({ source, ok, detail, visibility, note }); a step the chain can't satisfy comes back ok:false with the reason. Moves no funds; nothing is PipRail-hosted.",
       annotations: {
         title: "Register an x402 endpoint",
         readOnlyHint: false,
@@ -2257,6 +2732,100 @@ function paymentTools(client) {
   ];
 }
+// src/facilitator.ts
+function safeStringify(value) {
+  return JSON.stringify(value, (_k, v) => typeof v === "bigint" ? v.toString() : v);
+}
+function mapReason(reason) {
+  const r = (reason ?? "").toLowerCase();
+  if (r.includes("signature")) return "signature_invalid";
+  if (r.includes("recipient")) return "wrong_recipient";
+  if (r.includes("value") || r.includes("amount")) return "amount_too_low";
+  if (r.includes("valid_before") || r.includes("valid_after") || r.includes("expired")) return "payment_expired";
+  if (r.includes("used") || r.includes("replay") || r.includes("nonce") || r.includes("transaction_state")) {
+    return "tx_already_used";
+  }
+  return "tx_reverted";
+}
+async function post(url, body, headers) {
+  const res = await fetch(url, {
+    method: "POST",
+    headers: { "content-type": "application/json", ...headers },
+    body: safeStringify(body)
+  });
+  let json = null;
+  try {
+    json = await res.json();
+  } catch {
+  }
+  return { status: res.status, json };
+}
+async function settleViaFacilitator(input) {
+  const base2 = input.url.replace(/\/+$/, "");
+  const body = {
+    x402Version: input.x402Version,
+    paymentPayload: input.paymentPayload,
+    paymentRequirements: input.paymentRequirements
+  };
+  const auth = input.authHeaders ? await input.authHeaders() : {};
+  let verify;
+  try {
+    verify = await post(`${base2}/verify`, body, auth);
+  } catch (err) {
+    throw new SettlementError(
+      `exact settle (facilitator ${base2}): /verify request failed (${err instanceof Error ? err.message : String(err)}).`,
+      { cause: err }
+    );
+  }
+  if (verify.status !== 200) {
+    throw new SettlementError(
+      `exact settle (facilitator ${base2}): /verify returned HTTP ${verify.status} (transport/auth error).`
+    );
+  }
+  const vr = verify.json ?? {};
+  if (vr.isValid === false) {
+    return {
+      ok: false,
+      error: mapReason(vr.invalidReason),
+      detail: `Facilitator rejected the payment: ${vr.invalidReason ?? "invalid"}${vr.invalidMessage ? ` \u2014 ${vr.invalidMessage}` : ""}.`
+    };
+  }
+  let settle;
+  try {
+    settle = await post(`${base2}/settle`, body, auth);
+  } catch (err) {
+    throw new SettlementError(
+      `exact settle (facilitator ${base2}): /settle request failed (${err instanceof Error ? err.message : String(err)}).`,
+      { cause: err }
+    );
+  }
+  if (settle.status !== 200) {
+    throw new SettlementError(
+      `exact settle (facilitator ${base2}): /settle returned HTTP ${settle.status} (transport/auth error).`
+    );
+  }
+  const sr = settle.json ?? {};
+  if (!sr.success) {
+    return {
+      ok: false,
+      error: mapReason(sr.errorReason),
+      detail: `Facilitator settlement failed: ${sr.errorReason ?? "unknown"}${sr.errorMessage ? ` \u2014 ${sr.errorMessage}` : ""}.`
+    };
+  }
+  const receipt = {
+    scheme: "exact",
+    success: true,
+    network: input.receipt.network,
+    transaction: sr.transaction,
+    asset: input.receipt.asset,
+    amount: input.receipt.amount,
+    payer: sr.payer ?? input.payerHint ?? "",
+    payTo: input.receipt.payTo,
+    verifiedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  return { ok: true, receipt };
+}
 // src/server.ts
 function toInvalidBody(result) {
   return { x402Version: 2, status: "invalid", error: result.error, detail: result.detail };
@@ -2283,9 +2852,10 @@ function createPaymentGate(options) {
   const genNonce = options.generateNonce ?? (() => globalThis.crypto.randomUUID());
   let resolved;
   function ready() {
-    return resolved ??= (async () => {
+    if (resolved) return resolved;
+    const p = (async () => {
       const accepts = normaliseAccepts(options);
-      return Promise.all(
+      const specs = await Promise.all(
         accepts.map(async (a) => {
           const net = await resolveNetwork2({ chain: a.chain, rpcUrl: a.rpcUrl ?? options.rpcUrl });
           const payTo = a.payTo ?? options.payTo;
@@ -2297,10 +2867,52 @@ function createPaymentGate(options) {
           net.assertValidPayTo(payTo);
           const { asset, decimals, symbol } = net.resolveToken(a.token);
           const amountBase = parseUnits(a.amount, decimals);
-          return { net, asset, decimals, symbol, amountBase, amountFormatted: a.amount, payTo };
+          const spec = { net, asset, decimals, symbol, amountBase, amountFormatted: a.amount, payTo };
+          if (options.exact) spec.exact = await resolveExactRail(net, asset);
+          return spec;
         })
       );
+      if (options.exact && !specs.some((s) => s.exact)) {
+        throw new Error(
+          "requirePayment: `exact` was requested but none of the offered rails support it. The standard `exact` rail is EVM + EIP-3009 only (USDC / EURC) \u2014 not native coins, not USDT, not non-EVM chains. Offer an EVM EIP-3009 token, or drop `exact`."
+        );
+      }
+      return specs;
     })();
+    p.catch(() => {
+      if (resolved === p) resolved = void 0;
+    });
+    resolved = p;
+    return p;
+  }
+  async function resolveExactRail(net, asset) {
+    const cfg = options.exact;
+    if (net.family !== "evm" || asset === "native" || !net.exactDomain || !net.settleExactSelf) {
+      return void 0;
+    }
+    const domain = await net.exactDomain(asset);
+    if (!domain) {
+      throw new Error(
+        `requirePayment: \`exact\` requested for asset ${asset} on ${net.network}, but it isn't an EIP-3009 token (couldn't read name()/version()/authorizationState). The exact rail supports USDC / EURC and other EIP-3009 tokens \u2014 USDT and native coins need onchain-proof. (Or check your rpcUrl is reachable.)`
+      );
+    }
+    if (cfg.settle === "self") {
+      if (cfg.relayer === void 0) {
+        throw new Error(
+          "requirePayment: exact `settle: 'self'` needs a `relayer` wallet (the gas-paying key that broadcasts transferWithAuthorization), e.g. exact: { settle: 'self', relayer: { privateKey } }."
+        );
+      }
+      const relayer = net.bindWallet(cfg.relayer);
+      return { domain, mode: { kind: "self", relayer } };
+    }
+    return {
+      domain,
+      mode: {
+        kind: "facilitator",
+        url: cfg.settle.facilitator,
+        ...cfg.settle.authHeaders ? { authHeaders: cfg.settle.authHeaders } : {}
+      }
+    };
   }
   const hasCustomStore = Boolean(options.isUsed || options.markUsed);
   const localUsed = /* @__PURE__ */ new Set();
@@ -2337,93 +2949,191 @@ function createPaymentGate(options) {
       }
     };
   }
-  async function challenge(resourceUrl = "") {
+  function buildExactAccept(s) {
+    const d = s.exact.domain;
+    return {
+      scheme: "exact",
+      network: s.net.network,
+      amount: s.amountBase.toString(),
+      asset: s.asset,
+      payTo: s.payTo,
+      maxTimeoutSeconds,
+      extra: {
+        assetTransferMethod: "eip3009",
+        name: d.name,
+        version: d.version,
+        minConfirmations,
+        decimals: s.decimals,
+        amountFormatted: s.amountFormatted,
+        ...s.symbol ? { symbol: s.symbol } : {}
+      }
+    };
+  }
+  function buildAccepts(specs, nonce) {
+    const out = [];
+    for (const s of specs) {
+      if (s.exact) out.push(buildExactAccept(s));
+      out.push(buildAccept(s, nonce));
+    }
+    return out;
+  }
+  async function makeChallenge(resourceUrl, opts) {
     const specs = await ready();
     const nonce = genNonce();
     const challenge2 = {
       x402Version: 2,
-      error: null,
       resource: {
         url: resourceUrl,
         ...options.description ? { description: options.description } : {}
       },
-      accepts: specs.map((s) => buildAccept(s, nonce))
+      accepts: buildAccepts(specs, nonce),
+      ...opts?.error ? { error: opts.error } : {},
+      ...opts?.extensions ? { extensions: opts.extensions } : {}
     };
     return { challenge: challenge2, requiredHeader: buildChallengeHeader(challenge2) };
   }
+  async function challenge(resourceUrl = "") {
+    return makeChallenge(resourceUrl);
+  }
   async function asChallenge() {
-    const { challenge: c, requiredHeader } = await challenge();
+    const { challenge: c, requiredHeader } = await makeChallenge("");
     return { kind: "challenge", challenge: c, requiredHeader, statusCode: 402 };
   }
+  async function rejection(code, detail) {
+    const { challenge: c, requiredHeader } = await makeChallenge("", {
+      error: `${code}: ${detail}`,
+      extensions: { piprail: { code, detail } }
+    });
+    return { kind: "invalid", error: code, detail, challenge: c, requiredHeader, statusCode: 402 };
+  }
+  function fireOnPaid(receipt) {
+    if (options.onPaid) {
+      try {
+        options.onPaid(receipt);
+      } catch {
+      }
+    }
+  }
   async function describe(resourceUrl = "") {
     const specs = await ready();
-    const accepts = specs.map((s) => ({
-      scheme: "onchain-proof",
-      network: s.net.network,
-      asset: s.asset,
-      payTo: s.payTo,
-      amount: s.amountBase.toString(),
-      amountFormatted: s.amountFormatted,
-      decimals: s.decimals,
-      maxTimeoutSeconds,
-      ...s.symbol ? { symbol: s.symbol } : {}
-    }));
+    const accepts = [];
+    for (const s of specs) {
+      const base2 = {
+        network: s.net.network,
+        asset: s.asset,
+        payTo: s.payTo,
+        amount: s.amountBase.toString(),
+        amountFormatted: s.amountFormatted,
+        decimals: s.decimals,
+        maxTimeoutSeconds,
+        ...s.symbol ? { symbol: s.symbol } : {}
+      };
+      if (s.exact) accepts.push({ scheme: "exact", ...base2 });
+      accepts.push({ scheme: "onchain-proof", ...base2 });
+    }
     return {
       url: resourceUrl,
       ...options.description ? { description: options.description } : {},
       accepts
     };
   }
-  async function verify(paymentSignature) {
-    const raw = normaliseHeader(paymentSignature);
-    if (!raw) return asChallenge();
-    const sig = parseSignatureHeader(raw);
-    if (!sig || !sig.accepted || typeof sig.accepted.network !== "string" || typeof sig.accepted.asset !== "string") {
-      return asChallenge();
-    }
+  async function verifyOnchainProof(sig) {
     const specs = await ready();
     const spec = specs.find(
       (s) => s.net.network === sig.accepted.network && s.asset === sig.accepted.asset
     );
     if (!spec) {
-      return {
-        kind: "invalid",
-        error: "transfer_not_found",
-        detail: `Proof claims ${sig.accepted.asset} on ${sig.accepted.network}, which this resource doesn't accept (offered: ${specs.map((s) => `${s.asset}@${s.net.network}`).join(", ")}).`,
-        statusCode: 402
-      };
+      return rejection(
+        "transfer_not_found",
+        `Proof claims ${sig.accepted.asset} on ${sig.accepted.network}, which this resource doesn't accept (offered: ${specs.map((s) => `${s.asset}@${s.net.network}`).join(", ")}).`
+      );
     }
     const ref = sig.payload.txHash;
-    if (await claimTx(ref)) {
-      return {
-        kind: "invalid",
-        error: "tx_already_used",
-        detail: `Proof ${ref} was already redeemed.`,
-        statusCode: 402
-      };
-    }
+    if (await claimTx(ref)) return rejection("tx_already_used", `Proof ${ref} was already redeemed.`);
     const result = await spec.net.verify(ref, buildAccept(spec, sig.payload.nonce));
     if (!result.ok) {
       await settleTx(ref, false);
-      return {
-        kind: "invalid",
-        error: result.error,
-        detail: result.detail,
-        statusCode: 402
-      };
+      return rejection(result.error, result.detail);
     }
     await settleTx(ref, true);
-    if (options.onPaid) {
-      try {
-        options.onPaid(result.receipt);
-      } catch {
+    fireOnPaid(result.receipt);
+    return { kind: "paid", receipt: result.receipt, receiptHeader: buildReceiptHeader(result.receipt) };
+  }
+  async function verifyExact(exact) {
+    const specs = await ready();
+    const exactSpecs = specs.filter((s) => s.exact);
+    if (exactSpecs.length === 0) {
+      return rejection("transfer_not_found", "This resource offers no standard `exact` rail.");
+    }
+    const isCaip = exact.network.startsWith("eip155:");
+    let candidates = isCaip ? exactSpecs.filter((s) => s.net.network === exact.network) : exactSpecs;
+    if (exact.asset) {
+      candidates = candidates.filter((s) => s.asset.toLowerCase() === exact.asset.toLowerCase());
+    }
+    let spec = candidates[0];
+    if (!isCaip && !exact.asset && exactSpecs.length > 1) spec = void 0;
+    if (!spec && !isCaip && !exact.asset && exactSpecs.length === 1) spec = exactSpecs[0];
+    if (!spec || !spec.exact) {
+      return rejection(
+        "transfer_not_found",
+        `No \`exact\` rail offered for ${exact.network}${exact.asset ? `/${exact.asset}` : ""} (offered: ${exactSpecs.map((s) => `${s.asset}@${s.net.network}`).join(", ")}).`
+      );
+    }
+    const nonce = exact.payload.authorization.nonce;
+    if (await claimTx(nonce)) {
+      return rejection("tx_already_used", `Authorization nonce ${nonce} was already redeemed.`);
+    }
+    const accept = buildExactAccept(spec);
+    const mode = spec.exact.mode;
+    let result;
+    try {
+      if (mode.kind === "self") {
+        result = await spec.net.settleExactSelf({ relayer: mode.relayer, payload: exact.payload, accept });
+      } else {
+        result = await settleViaFacilitator({
+          url: mode.url,
+          ...mode.authHeaders ? { authHeaders: mode.authHeaders } : {},
+          // PipRail always builds a v2-shaped paymentRequirements (CAIP-2 network + `amount`),
+          // so force x402Version:2 — echoing a v1 client's version here would hand the facilitator
+          // a self-inconsistent request (v1 envelope, v2 requirements). The inner payload is
+          // byte-identical across versions, so forwarding it verbatim is fine.
+          x402Version: 2,
+          paymentPayload: exact.raw,
+          paymentRequirements: {
+            scheme: "exact",
+            network: accept.network,
+            asset: accept.asset,
+            amount: accept.amount,
+            payTo: accept.payTo,
+            maxTimeoutSeconds: accept.maxTimeoutSeconds,
+            extra: { name: accept.extra.name, version: accept.extra.version }
+          },
+          receipt: { network: accept.network, asset: accept.asset, payTo: accept.payTo, amount: accept.amount },
+          payerHint: exact.payload.authorization.from
+        });
       }
+    } catch (err) {
+      await settleTx(nonce, false);
+      throw err;
     }
-    return {
-      kind: "paid",
-      receipt: result.receipt,
-      receiptHeader: buildReceiptHeader(result.receipt)
-    };
+    if (!result.ok) {
+      await settleTx(nonce, false);
+      return rejection(result.error, result.detail);
+    }
+    await settleTx(nonce, true);
+    fireOnPaid(result.receipt);
+    return { kind: "paid", receipt: result.receipt, receiptHeader: buildReceiptHeader(result.receipt) };
+  }
+  async function verify(paymentSignature) {
+    const raw = normaliseHeader(paymentSignature);
+    if (!raw) return asChallenge();
+    const sig = parseSignatureHeader(raw);
+    if (sig && sig.accepted && typeof sig.accepted.network === "string" && typeof sig.accepted.asset === "string") {
+      return verifyOnchainProof(sig);
+    }
+    const exact = parseExactPaymentHeader(raw);
+    if (exact) return verifyExact(exact);
+    return asChallenge();
   }
   return { challenge, verify, describe };
 }
@@ -2432,14 +3142,20 @@ function requirePayment(options) {
   return async (req, res, next) => {
     let result;
     try {
-      result = await gate.verify(req.headers[HEADER_SIGNATURE]);
+      result = await gate.verify(req.headers[HEADER_SIGNATURE] ?? req.headers[HEADER_SIGNATURE_V1]);
     } catch (err) {
+      if (err instanceof SettlementError) {
+        res.status(502);
+        res.json({ x402Version: 2, error: "settlement_failed", detail: err.message });
+        return;
+      }
       next(err);
       return;
     }
     switch (result.kind) {
       case "paid":
         res.setHeader(HEADER_RESPONSE, result.receiptHeader);
+        res.setHeader(HEADER_RESPONSE_V1, result.receiptHeader);
         return next();
       case "challenge":
         res.setHeader(HEADER_REQUIRED, result.requiredHeader);
@@ -2447,8 +3163,9 @@ function requirePayment(options) {
         res.json(result.challenge);
         return;
       case "invalid":
+        res.setHeader(HEADER_REQUIRED, result.requiredHeader);
         res.status(result.statusCode);
-        res.json(toInvalidBody(result));
+        res.json(result.challenge);
         return;
     }
   };
@@ -2458,104 +3175,6 @@ function normaliseHeader(value) {
   return value;
 }
-// src/drivers/evm/exact.ts
-var EXACT_NETWORK_SLUGS = {
-  ethereum: 1,
-  base: 8453,
-  "base-sepolia": 84532,
-  arbitrum: 42161,
-  optimism: 10,
-  polygon: 137,
-  avalanche: 43114
-};
-function chainIdForExactNetwork(slug) {
-  return EXACT_NETWORK_SLUGS[slug] ?? null;
-}
-var EIP3009_TYPES = {
-  TransferWithAuthorization: [
-    { name: "from", type: "address" },
-    { name: "to", type: "address" },
-    { name: "value", type: "uint256" },
-    { name: "validAfter", type: "uint256" },
-    { name: "validBefore", type: "uint256" },
-    { name: "nonce", type: "bytes32" }
-  ]
-};
-function parseExactRequirements(body) {
-  if (!body || typeof body !== "object") return null;
-  const accepts = body.accepts;
-  if (!Array.isArray(accepts)) return null;
-  const out = [];
-  for (const raw of accepts) {
-    if (!raw || typeof raw !== "object") continue;
-    const a = raw;
-    if (a.scheme !== "exact") continue;
-    const amount = a.maxAmountRequired ?? a.amount;
-    if (typeof a.network !== "string" || typeof amount !== "string" || typeof a.asset !== "string" || typeof a.payTo !== "string") {
-      continue;
-    }
-    out.push({
-      scheme: "exact",
-      network: a.network,
-      maxAmountRequired: amount,
-      asset: a.asset,
-      payTo: a.payTo,
-      maxTimeoutSeconds: typeof a.maxTimeoutSeconds === "number" ? a.maxTimeoutSeconds : 600,
-      ...a.extra && typeof a.extra === "object" ? { extra: a.extra } : {},
-      ...typeof a.description === "string" ? { description: a.description } : {},
-      ...typeof a.resource === "string" ? { resource: a.resource } : {}
-    });
-  }
-  return out;
-}
-async function buildExactAuthorization(params) {
-  const { account, accept, chainId, now, nonce } = params;
-  if (!account.signTypedData) {
-    throw new Error("buildExactAuthorization: the account cannot sign EIP-712 typed data.");
-  }
-  const authorization = {
-    from: account.address,
-    to: accept.payTo,
-    value: accept.maxAmountRequired,
-    validAfter: "0",
-    validBefore: String(now + accept.maxTimeoutSeconds),
-    nonce
-  };
-  const signature = await account.signTypedData({
-    domain: {
-      name: accept.extra?.name ?? "USD Coin",
-      version: accept.extra?.version ?? "2",
-      chainId,
-      verifyingContract: accept.asset
-    },
-    types: EIP3009_TYPES,
-    primaryType: "TransferWithAuthorization",
-    message: {
-      from: authorization.from,
-      to: authorization.to,
-      value: BigInt(authorization.value),
-      validAfter: BigInt(authorization.validAfter),
-      validBefore: BigInt(authorization.validBefore),
-      nonce: authorization.nonce
-    }
-  });
-  return { authorization, signature };
-}
-function base64(str) {
-  if (typeof btoa === "function") return btoa(str);
-  if (typeof Buffer !== "undefined") return Buffer.from(str, "utf8").toString("base64");
-  throw new Error("No base64 encoder available in this runtime.");
-}
-function encodeXPaymentHeader(input) {
-  const payload = {
-    x402Version: input.x402Version ?? 1,
-    scheme: "exact",
-    network: input.network,
-    payload: { signature: input.signature, authorization: input.authorization }
-  };
-  return base64(JSON.stringify(payload));
-}
 // src/discovery.ts
 var GENERATOR = "@piprail/sdk \xB7 https://piprail.com";
 function pathOf(url) {
@@ -2613,9 +3232,15 @@ function buildX402DnsTxt(input) {
 export {
   CHAINS,
   ConfirmationTimeoutError,
+  DIRECTORY_INFO,
   EIP3009_TYPES,
   EXACT_NETWORK_SLUGS,
   GENERATOR,
+  HEADER_REQUIRED,
+  HEADER_RESPONSE,
+  HEADER_RESPONSE_V1,
+  HEADER_SIGNATURE,
+  HEADER_SIGNATURE_V1,
   InsufficientFundsError,
   InvalidEnvelopeError,
   MaxRetriesExceededError,
@@ -2627,6 +3252,7 @@ export {
   PipRailClient,
   PipRailError,
   RecipientNotReadyError,
+  SettlementError,
   UnknownTokenError,
   UnsupportedNetworkError,
   WrongChainError,
@@ -2640,22 +3266,28 @@ export {
   buildX402DnsTxt,
   chainIdForExactNetwork,
   createPaymentGate,
+  decorateOutcome,
+  eip3009Abi,
   encodeXPaymentHeader,
   evaluatePolicy,
+  getDirectoryInfo,
   normalizeNetwork,
   parseChallenge,
+  parseExactPaymentHeader,
   parseExactRequirements,
   parseReceipt,
   parseSignatureHeader,
   paymentTools,
   pickAccept,
   planAcross,
+  readExactDomain,
   register402Index,
   registerDriver,
   registerX402Scan,
   requirePayment,
   resolveChain,
   searchOpenIndexes,
+  settleViaFacilitator,
   toInsufficientFundsError,
   toInvalidBody
 };