@pot-sdk2/pay 0.9.2 → 0.9.3

package/dist/index.cjs

@@ -20,6 +20,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
+  TransactionPolicy: () => TransactionPolicy,
   VERIFIER_PROFILES: () => VERIFIER_PROFILES,
   buildAttestationHeaders: () => buildAttestationHeaders,
   getProfile: () => getProfile,
@@ -295,8 +296,62 @@ function wrapClient(client, options) {
   };
   return wrapped;
 }
+
+// src/transaction-policy.ts
+var TransactionPolicy = class {
+  config;
+  dailySpend = /* @__PURE__ */ new Map();
+  constructor(config = {}) {
+    this.config = {
+      requireVerificationAbove: 50,
+      ...config
+    };
+  }
+  check(tx) {
+    const { to, amount } = tx;
+    const threshold = this.config.requireVerificationAbove ?? 50;
+    const requiresVerification = amount >= threshold;
+    if (this.config.blockedAddresses?.length) {
+      const toLower = to.toLowerCase();
+      if (this.config.blockedAddresses.some((a) => a.toLowerCase() === toLower)) {
+        return { allowed: false, reason: `Address ${to} is blocked`, requiresVerification };
+      }
+    }
+    if (this.config.allowedAddresses?.length) {
+      const toLower = to.toLowerCase();
+      if (!this.config.allowedAddresses.some((a) => a.toLowerCase() === toLower)) {
+        return { allowed: false, reason: `Address ${to} is not in allowedAddresses`, requiresVerification };
+      }
+    }
+    if (this.config.maxPerTransaction !== void 0 && amount > this.config.maxPerTransaction) {
+      return {
+        allowed: false,
+        reason: `Amount $${amount} exceeds maxPerTransaction ($${this.config.maxPerTransaction})`,
+        requiresVerification
+      };
+    }
+    if (this.config.dailyCap !== void 0) {
+      const today = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+      const spent = this.dailySpend.get(today) ?? 0;
+      if (spent + amount > this.config.dailyCap) {
+        return {
+          allowed: false,
+          reason: `Daily cap ($${this.config.dailyCap}) would be exceeded. Already spent: $${spent}`,
+          requiresVerification
+        };
+      }
+      this.dailySpend.set(today, spent + amount);
+    }
+    return { allowed: true, requiresVerification };
+  }
+  /** Reset daily spend tracking (useful for testing) */
+  resetDailySpend() {
+    this.dailySpend.clear();
+  }
+};
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  TransactionPolicy,
   VERIFIER_PROFILES,
   buildAttestationHeaders,
   getProfile,

package/dist/index.d.cts

@@ -101,6 +101,39 @@ interface PolicyResult {
 }
 declare function resolvePolicy(amount: number, policy?: 'tiered' | 'always' | 'skip'): PolicyResult;
 
+/**
+ * TransactionPolicy — spending limits, address allowlists, verification thresholds
+ * @pot-sdk2/pay v0.9.3
+ */
+interface TransactionPolicyConfig {
+    /** Max USD per single transaction */
+    maxPerTransaction?: number;
+    /** Max USD spent per calendar day */
+    dailyCap?: number;
+    /** If set, only these addresses are allowed (case-insensitive) */
+    allowedAddresses?: string[];
+    /** Always blocked addresses (case-insensitive) */
+    blockedAddresses?: string[];
+    /** Require reasoning verification above this USD amount (default: 50) */
+    requireVerificationAbove?: number;
+}
+interface PolicyCheckResult {
+    allowed: boolean;
+    reason?: string;
+    requiresVerification: boolean;
+}
+declare class TransactionPolicy {
+    private config;
+    private dailySpend;
+    constructor(config?: TransactionPolicyConfig);
+    check(tx: {
+        to: string;
+        amount: number;
+    }): PolicyCheckResult;
+    /** Reset daily spend tracking (useful for testing) */
+    resetDailySpend(): void;
+}
+
 /**
  * Generates X-402-Attestation-* headers from a verify result.
  * These headers can be attached to x402 payment requests.
@@ -172,4 +205,4 @@ declare function warnIfNoHighPerformanceVerifier(modelIds: string[]): string | n
  */
 declare function getWeight(modelId: string): number;
 
-export { type PayVerifyOptions, type PayVerifyResult, type PayWrapOptions, type PaymentIntent, VERIFIER_PROFILES, type VerifierProfile, buildAttestationHeaders, getProfile, getRecommendedVerifiers, getWeight, resolvePolicy, verifyPayment, warnIfNoHighPerformanceVerifier, wrapClient };
+export { type PayVerifyOptions, type PayVerifyResult, type PayWrapOptions, type PaymentIntent, type PolicyCheckResult, TransactionPolicy, type TransactionPolicyConfig, VERIFIER_PROFILES, type VerifierProfile, buildAttestationHeaders, getProfile, getRecommendedVerifiers, getWeight, resolvePolicy, verifyPayment, warnIfNoHighPerformanceVerifier, wrapClient };

package/dist/index.d.ts

@@ -101,6 +101,39 @@ interface PolicyResult {
 }
 declare function resolvePolicy(amount: number, policy?: 'tiered' | 'always' | 'skip'): PolicyResult;
 
+/**
+ * TransactionPolicy — spending limits, address allowlists, verification thresholds
+ * @pot-sdk2/pay v0.9.3
+ */
+interface TransactionPolicyConfig {
+    /** Max USD per single transaction */
+    maxPerTransaction?: number;
+    /** Max USD spent per calendar day */
+    dailyCap?: number;
+    /** If set, only these addresses are allowed (case-insensitive) */
+    allowedAddresses?: string[];
+    /** Always blocked addresses (case-insensitive) */
+    blockedAddresses?: string[];
+    /** Require reasoning verification above this USD amount (default: 50) */
+    requireVerificationAbove?: number;
+}
+interface PolicyCheckResult {
+    allowed: boolean;
+    reason?: string;
+    requiresVerification: boolean;
+}
+declare class TransactionPolicy {
+    private config;
+    private dailySpend;
+    constructor(config?: TransactionPolicyConfig);
+    check(tx: {
+        to: string;
+        amount: number;
+    }): PolicyCheckResult;
+    /** Reset daily spend tracking (useful for testing) */
+    resetDailySpend(): void;
+}
+
 /**
  * Generates X-402-Attestation-* headers from a verify result.
  * These headers can be attached to x402 payment requests.
@@ -172,4 +205,4 @@ declare function warnIfNoHighPerformanceVerifier(modelIds: string[]): string | n
  */
 declare function getWeight(modelId: string): number;
 
-export { type PayVerifyOptions, type PayVerifyResult, type PayWrapOptions, type PaymentIntent, VERIFIER_PROFILES, type VerifierProfile, buildAttestationHeaders, getProfile, getRecommendedVerifiers, getWeight, resolvePolicy, verifyPayment, warnIfNoHighPerformanceVerifier, wrapClient };
+export { type PayVerifyOptions, type PayVerifyResult, type PayWrapOptions, type PaymentIntent, type PolicyCheckResult, TransactionPolicy, type TransactionPolicyConfig, VERIFIER_PROFILES, type VerifierProfile, buildAttestationHeaders, getProfile, getRecommendedVerifiers, getWeight, resolvePolicy, verifyPayment, warnIfNoHighPerformanceVerifier, wrapClient };

package/dist/index.js

@@ -261,7 +261,61 @@ function wrapClient(client, options) {
   };
   return wrapped;
 }
+
+// src/transaction-policy.ts
+var TransactionPolicy = class {
+  config;
+  dailySpend = /* @__PURE__ */ new Map();
+  constructor(config = {}) {
+    this.config = {
+      requireVerificationAbove: 50,
+      ...config
+    };
+  }
+  check(tx) {
+    const { to, amount } = tx;
+    const threshold = this.config.requireVerificationAbove ?? 50;
+    const requiresVerification = amount >= threshold;
+    if (this.config.blockedAddresses?.length) {
+      const toLower = to.toLowerCase();
+      if (this.config.blockedAddresses.some((a) => a.toLowerCase() === toLower)) {
+        return { allowed: false, reason: `Address ${to} is blocked`, requiresVerification };
+      }
+    }
+    if (this.config.allowedAddresses?.length) {
+      const toLower = to.toLowerCase();
+      if (!this.config.allowedAddresses.some((a) => a.toLowerCase() === toLower)) {
+        return { allowed: false, reason: `Address ${to} is not in allowedAddresses`, requiresVerification };
+      }
+    }
+    if (this.config.maxPerTransaction !== void 0 && amount > this.config.maxPerTransaction) {
+      return {
+        allowed: false,
+        reason: `Amount $${amount} exceeds maxPerTransaction ($${this.config.maxPerTransaction})`,
+        requiresVerification
+      };
+    }
+    if (this.config.dailyCap !== void 0) {
+      const today = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+      const spent = this.dailySpend.get(today) ?? 0;
+      if (spent + amount > this.config.dailyCap) {
+        return {
+          allowed: false,
+          reason: `Daily cap ($${this.config.dailyCap}) would be exceeded. Already spent: $${spent}`,
+          requiresVerification
+        };
+      }
+      this.dailySpend.set(today, spent + amount);
+    }
+    return { allowed: true, requiresVerification };
+  }
+  /** Reset daily spend tracking (useful for testing) */
+  resetDailySpend() {
+    this.dailySpend.clear();
+  }
+};
 export {
+  TransactionPolicy,
   VERIFIER_PROFILES,
   buildAttestationHeaders,
   getProfile,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pot-sdk2/pay",
-  "version": "0.9.2",
+  "version": "0.9.3",
   "description": "Payment reasoning verification for pot-sdk — x402 attestation layer",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -13,7 +13,9 @@
       "types": "./dist/index.d.ts"
     }
   },
-  "engines": { "node": ">=22.5.0" },
+  "engines": {
+    "node": ">=22.5.0"
+  },
   "scripts": {
     "build": "tsup src/index.ts --format esm,cjs --dts",
     "test": "node --experimental-sqlite --import tsx/esm tests/pay.test.ts",
@@ -29,7 +31,14 @@
     "typescript": "^5.0.0"
   },
   "license": "MIT",
-  "keywords": ["thoughtproof", "pot-sdk", "x402", "agent-payments", "verification", "attestation"],
+  "keywords": [
+    "thoughtproof",
+    "pot-sdk",
+    "x402",
+    "agent-payments",
+    "verification",
+    "attestation"
+  ],
   "homepage": "https://thoughtproof.ai",
   "repository": {
     "type": "git",

package/src/index.ts

@@ -29,6 +29,8 @@
 export { verifyPayment } from './verify-payment.js';
 export { wrapClient } from './middleware.js';
 export { resolvePolicy } from './policy.js';
+export { TransactionPolicy } from './transaction-policy.js';
+export type { TransactionPolicyConfig, PolicyCheckResult } from './transaction-policy.js';
 export { buildAttestationHeaders } from './headers.js';
 export {
   VERIFIER_PROFILES,

package/src/transaction-policy.test.ts

@@ -0,0 +1,56 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { TransactionPolicy } from './transaction-policy.js';
+
+describe('TransactionPolicy', () => {
+  const ATTACKER = '0xdead000000000000000000000000000000001337';
+  const SAFE = '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266';
+
+  it('blocks tx above maxPerTransaction', () => {
+    const policy = new TransactionPolicy({ maxPerTransaction: 100 });
+    const result = policy.check({ to: SAFE, amount: 101 });
+    expect(result.allowed).toBe(false);
+    expect(result.reason).toContain('maxPerTransaction');
+  });
+
+  it('allows tx within maxPerTransaction', () => {
+    const policy = new TransactionPolicy({ maxPerTransaction: 100 });
+    const result = policy.check({ to: SAFE, amount: 99 });
+    expect(result.allowed).toBe(true);
+  });
+
+  it('blocks unknown address when allowedAddresses is set', () => {
+    const policy = new TransactionPolicy({ allowedAddresses: [SAFE] });
+    const result = policy.check({ to: ATTACKER, amount: 10 });
+    expect(result.allowed).toBe(false);
+    expect(result.reason).toContain('allowedAddresses');
+  });
+
+  it('allows known address when allowedAddresses is set', () => {
+    const policy = new TransactionPolicy({ allowedAddresses: [SAFE] });
+    const result = policy.check({ to: SAFE, amount: 10 });
+    expect(result.allowed).toBe(true);
+  });
+
+  it('blocks when dailyCap exceeded', () => {
+    const policy = new TransactionPolicy({ dailyCap: 100 });
+    policy.check({ to: SAFE, amount: 80 }); // first tx — OK, records spend
+    const result = policy.check({ to: SAFE, amount: 30 }); // 80+30=110 > 100
+    expect(result.allowed).toBe(false);
+    expect(result.reason).toContain('Daily cap');
+  });
+
+  it('sets requiresVerification=true above threshold', () => {
+    const policy = new TransactionPolicy({ requireVerificationAbove: 50 });
+    const below = policy.check({ to: SAFE, amount: 49 });
+    const above = policy.check({ to: SAFE, amount: 51 });
+    expect(below.requiresVerification).toBe(false);
+    expect(above.requiresVerification).toBe(true);
+  });
+
+  it('blocks blockedAddresses', () => {
+    const policy = new TransactionPolicy({ blockedAddresses: [ATTACKER] });
+    const result = policy.check({ to: ATTACKER, amount: 1 });
+    expect(result.allowed).toBe(false);
+    expect(result.reason).toContain('blocked');
+  });
+});

package/src/transaction-policy.ts

@@ -0,0 +1,88 @@
+/**
+ * TransactionPolicy — spending limits, address allowlists, verification thresholds
+ * @pot-sdk2/pay v0.9.3
+ */
+
+export interface TransactionPolicyConfig {
+  /** Max USD per single transaction */
+  maxPerTransaction?: number;
+  /** Max USD spent per calendar day */
+  dailyCap?: number;
+  /** If set, only these addresses are allowed (case-insensitive) */
+  allowedAddresses?: string[];
+  /** Always blocked addresses (case-insensitive) */
+  blockedAddresses?: string[];
+  /** Require reasoning verification above this USD amount (default: 50) */
+  requireVerificationAbove?: number;
+}
+
+export interface PolicyCheckResult {
+  allowed: boolean;
+  reason?: string;
+  requiresVerification: boolean;
+}
+
+export class TransactionPolicy {
+  private config: TransactionPolicyConfig;
+  private dailySpend: Map<string, number> = new Map();
+
+  constructor(config: TransactionPolicyConfig = {}) {
+    this.config = {
+      requireVerificationAbove: 50,
+      ...config,
+    };
+  }
+
+  check(tx: { to: string; amount: number }): PolicyCheckResult {
+    const { to, amount } = tx;
+    const threshold = this.config.requireVerificationAbove ?? 50;
+    const requiresVerification = amount >= threshold;
+
+    // 1. Blocked addresses
+    if (this.config.blockedAddresses?.length) {
+      const toLower = to.toLowerCase();
+      if (this.config.blockedAddresses.some(a => a.toLowerCase() === toLower)) {
+        return { allowed: false, reason: `Address ${to} is blocked`, requiresVerification };
+      }
+    }
+
+    // 2. Allowlist check
+    if (this.config.allowedAddresses?.length) {
+      const toLower = to.toLowerCase();
+      if (!this.config.allowedAddresses.some(a => a.toLowerCase() === toLower)) {
+        return { allowed: false, reason: `Address ${to} is not in allowedAddresses`, requiresVerification };
+      }
+    }
+
+    // 3. Per-transaction limit
+    if (this.config.maxPerTransaction !== undefined && amount > this.config.maxPerTransaction) {
+      return {
+        allowed: false,
+        reason: `Amount $${amount} exceeds maxPerTransaction ($${this.config.maxPerTransaction})`,
+        requiresVerification,
+      };
+    }
+
+    // 4. Daily cap
+    if (this.config.dailyCap !== undefined) {
+      const today = new Date().toISOString().slice(0, 10);
+      const spent = this.dailySpend.get(today) ?? 0;
+      if (spent + amount > this.config.dailyCap) {
+        return {
+          allowed: false,
+          reason: `Daily cap ($${this.config.dailyCap}) would be exceeded. Already spent: $${spent}`,
+          requiresVerification,
+        };
+      }
+      // Record spend
+      this.dailySpend.set(today, spent + amount);
+    }
+
+    return { allowed: true, requiresVerification };
+  }
+
+  /** Reset daily spend tracking (useful for testing) */
+  resetDailySpend(): void {
+    this.dailySpend.clear();
+  }
+}