npm - @relai-fi/x402 - Versions diffs - 0.5.21 → 0.5.22 - Mend

@relai-fi/x402 0.5.21 → 0.5.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/crossmint.cjs CHANGED Viewed

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,17 +17,32 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 // src/crossmint.ts
 var crossmint_exports = {};
 __export(crossmint_exports, {
+  createCrossmintDelegatedX402Fetch: () => createCrossmintDelegatedX402Fetch,
   createCrossmintX402Fetch: () => createCrossmintX402Fetch
 });
 module.exports = __toCommonJS(crossmint_exports);
 var import_web3 = require("@solana/web3.js");
 var import_spl_token = require("@solana/spl-token");
+var import_tweetnacl = __toESM(require("tweetnacl"), 1);
 var DEFAULT_API_BASE = "https://www.crossmint.com/api/2025-06-09";
+var STAGING_API_BASE = "https://staging.crossmint.com/api/2025-06-09";
+function detectApiBase(apiKey) {
+  if (apiKey.startsWith("sk_staging")) return STAGING_API_BASE;
+  return DEFAULT_API_BASE;
+}
 function toBase58(bytes) {
   const ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
   const digits = [0];
@@ -51,42 +68,135 @@ function toBase58(bytes) {
   }
   return str;
 }
+function fromBase58(str) {
+  const ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+  const BASE_MAP = new Uint8Array(256).fill(255);
+  for (let i = 0; i < ALPHABET.length; i++) BASE_MAP[ALPHABET.charCodeAt(i)] = i;
+  const bytes = [0];
+  for (const ch of str) {
+    const carry_init = BASE_MAP[ch.charCodeAt(0)];
+    if (carry_init === 255) throw new Error(`Invalid base58 character: ${ch}`);
+    let carry = carry_init;
+    for (let j = 0; j < bytes.length; j++) {
+      carry += bytes[j] * 58;
+      bytes[j] = carry & 255;
+      carry >>= 8;
+    }
+    while (carry > 0) {
+      bytes.push(carry & 255);
+      carry >>= 8;
+    }
+  }
+  for (const ch of str) {
+    if (ch === ALPHABET[0]) bytes.push(0);
+    else break;
+  }
+  return new Uint8Array(bytes.reverse());
+}
 function extractSignature(onChainTx) {
   if (!onChainTx) return null;
   if (onChainTx.length <= 100) return onChainTx;
   try {
-    const ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
-    const BASE_MAP = new Uint8Array(256).fill(255);
-    for (let i = 0; i < ALPHABET.length; i++) BASE_MAP[ALPHABET.charCodeAt(i)] = i;
-    const bytes = [0];
-    for (const ch of onChainTx) {
-      const carry_init = BASE_MAP[ch.charCodeAt(0)];
-      if (carry_init === 255) return null;
-      let carry = carry_init;
-      for (let j = 0; j < bytes.length; j++) {
-        carry += bytes[j] * 58;
-        bytes[j] = carry & 255;
-        carry >>= 8;
-      }
-      while (carry > 0) {
-        bytes.push(carry & 255);
-        carry >>= 8;
-      }
-    }
-    for (const ch of onChainTx) {
-      if (ch === ALPHABET[0]) bytes.push(0);
-      else break;
-    }
-    const decoded = new Uint8Array(bytes.reverse());
+    const decoded = fromBase58(onChainTx);
     const vtx = import_web3.VersionedTransaction.deserialize(decoded);
     if (vtx.signatures?.[0]) return toBase58(vtx.signatures[0]);
   } catch {
   }
   return null;
 }
+async function crossmintApi(baseUrl, apiKey, endpoint, body, method = "POST") {
+  const url = `${baseUrl}/wallets/${endpoint}`;
+  const opts = {
+    method,
+    headers: { "Content-Type": "application/json", "X-API-KEY": apiKey }
+  };
+  if (method === "POST" && body) opts.body = JSON.stringify(body);
+  const resp = await fetch(url, opts);
+  const json = await resp.json();
+  if (!resp.ok) throw new Error(`[x402/crossmint] API ${resp.status}: ${JSON.stringify(json)}`);
+  return json;
+}
+function signMessage(message, secretKey) {
+  let messageBytes;
+  try {
+    messageBytes = fromBase58(message);
+  } catch {
+    messageBytes = new TextEncoder().encode(message);
+  }
+  const signature = import_tweetnacl.default.sign.detached(messageBytes, secretKey);
+  return toBase58(signature);
+}
+function deriveSignerAddress(secretKey) {
+  const publicKey = secretKey.length === 64 ? secretKey.slice(32) : import_tweetnacl.default.sign.keyPair.fromSeed(secretKey).publicKey;
+  return toBase58(publicKey);
+}
+async function pollForSignature(apiBase, apiKey, wallet, txId, maxPolls, pollMs, initialData) {
+  let sig = initialData?.onChain?.txId || extractSignature(initialData?.onChain?.transaction) || null;
+  for (let i = 0; i < maxPolls && !sig; i++) {
+    await new Promise((r) => setTimeout(r, pollMs));
+    const p = await crossmintApi(
+      apiBase,
+      apiKey,
+      `${encodeURIComponent(wallet)}/transactions/${txId}`,
+      void 0,
+      "GET"
+    );
+    if (p.status === "failed") {
+      throw new Error(`[x402/crossmint] Crossmint tx failed: ${p.error?.message || "unknown"}`);
+    }
+    sig = p.onChain?.txId || extractSignature(p.onChain?.transaction) || null;
+  }
+  return sig;
+}
+function buildXPaymentHeader(unsignedTx, sig, accept) {
+  const payload = {
+    x402Version: 2,
+    scheme: "exact",
+    network: accept.network,
+    payload: {
+      transaction: Buffer.from(unsignedTx.serialize()).toString("base64"),
+      txId: sig
+    },
+    accepted: {
+      scheme: accept.scheme,
+      network: accept.network,
+      amount: accept.amount,
+      asset: accept.asset,
+      payTo: accept.payTo
+    }
+  };
+  return Buffer.from(JSON.stringify(payload)).toString("base64");
+}
+async function buildTransferTx(connection, userPubkey, accept) {
+  const mintPubkey = new import_web3.PublicKey(accept.asset);
+  const merchantPubkey = new import_web3.PublicKey(accept.payTo);
+  const mintAccountInfo = await connection.getAccountInfo(mintPubkey);
+  const programId = mintAccountInfo?.owner.equals(import_spl_token.TOKEN_2022_PROGRAM_ID) ? import_spl_token.TOKEN_2022_PROGRAM_ID : import_spl_token.TOKEN_PROGRAM_ID;
+  const mintInfo = await (0, import_spl_token.getMint)(connection, mintPubkey, "confirmed", programId);
+  const amount = BigInt(accept.amount);
+  const sourceAta = await (0, import_spl_token.getAssociatedTokenAddress)(mintPubkey, userPubkey, true, programId);
+  const destAta = await (0, import_spl_token.getAssociatedTokenAddress)(mintPubkey, merchantPubkey, true, programId);
+  const ix = (0, import_spl_token.createTransferCheckedInstruction)(
+    sourceAta,
+    mintPubkey,
+    destAta,
+    userPubkey,
+    amount,
+    mintInfo.decimals,
+    [],
+    programId
+  );
+  const { blockhash } = await connection.getLatestBlockhash("confirmed");
+  const msg = new import_web3.TransactionMessage({
+    payerKey: userPubkey,
+    recentBlockhash: blockhash,
+    instructions: [ix]
+  }).compileToV0Message();
+  return new import_web3.VersionedTransaction(msg);
+}
 function createCrossmintX402Fetch(config) {
   const { apiKey, wallet, connection } = config;
-  const apiBase = config.crossmintApiBase || DEFAULT_API_BASE;
+  const apiBase = config.crossmintApiBase || detectApiBase(apiKey);
   const maxPolls = config.maxPollAttempts ?? 30;
   const pollMs = config.pollIntervalMs ?? 2e3;
   const userPubkey = new import_web3.PublicKey(wallet);
@@ -99,77 +209,84 @@ function createCrossmintX402Fetch(config) {
     const requirements = await firstResp.json();
     const accept = requirements.accepts?.[0];
     if (!accept) throw new Error("[x402/crossmint] No payment requirements in 402 response");
-    const mintPubkey = new import_web3.PublicKey(accept.asset);
-    const merchantPubkey = new import_web3.PublicKey(accept.payTo);
-    const mintAccountInfo = await connection.getAccountInfo(mintPubkey);
-    const programId = mintAccountInfo?.owner.equals(import_spl_token.TOKEN_2022_PROGRAM_ID) ? import_spl_token.TOKEN_2022_PROGRAM_ID : import_spl_token.TOKEN_PROGRAM_ID;
-    const mintInfo = await (0, import_spl_token.getMint)(connection, mintPubkey, "confirmed", programId);
-    const amount = BigInt(accept.amount);
-    const sourceAta = await (0, import_spl_token.getAssociatedTokenAddress)(mintPubkey, userPubkey, true, programId);
-    const destAta = await (0, import_spl_token.getAssociatedTokenAddress)(mintPubkey, merchantPubkey, true, programId);
-    const ix = (0, import_spl_token.createTransferCheckedInstruction)(
-      sourceAta,
-      mintPubkey,
-      destAta,
-      userPubkey,
-      amount,
-      mintInfo.decimals,
-      [],
-      programId
+    const unsignedTx = await buildTransferTx(connection, userPubkey, accept);
+    const txData = await crossmintApi(
+      apiBase,
+      apiKey,
+      `${encodeURIComponent(wallet)}/transactions`,
+      { params: { transaction: toBase58(unsignedTx.serialize()) } }
     );
-    const { blockhash } = await connection.getLatestBlockhash("confirmed");
-    const msg = new import_web3.TransactionMessage({
-      payerKey: userPubkey,
-      recentBlockhash: blockhash,
-      instructions: [ix]
-    }).compileToV0Message();
-    const unsignedTx = new import_web3.VersionedTransaction(msg);
-    const serializedBase58 = toBase58(unsignedTx.serialize());
-    const txResp = await fetch(
-      `${apiBase}/wallets/${encodeURIComponent(wallet)}/transactions`,
+    const sig = await pollForSignature(apiBase, apiKey, wallet, txData.id, maxPolls, pollMs, txData);
+    if (!sig) throw new Error("[x402/crossmint] Timed out waiting for tx confirmation");
+    const xPayment = buildXPaymentHeader(unsignedTx, sig, accept);
+    return fetch(url, {
+      ...init,
+      headers: { Accept: "application/json", "X-PAYMENT": xPayment, ...init?.headers }
+    });
+  };
+}
+function createCrossmintDelegatedX402Fetch(config) {
+  const { apiKey, wallet, connection, signerSecretKey } = config;
+  const apiBase = config.crossmintApiBase || detectApiBase(apiKey);
+  const maxPolls = config.maxPollAttempts ?? 30;
+  const pollMs = config.pollIntervalMs ?? 2e3;
+  const userPubkey = new import_web3.PublicKey(wallet);
+  const signerAddress = deriveSignerAddress(signerSecretKey);
+  return async function fetch402(url, init) {
+    const firstResp = await fetch(url, {
+      ...init,
+      headers: { Accept: "application/json", ...init?.headers }
+    });
+    if (firstResp.status !== 402) return firstResp;
+    const requirements = await firstResp.json();
+    const accept = requirements.accepts?.[0];
+    if (!accept) throw new Error("[x402/crossmint] No payment requirements in 402 response");
+    const unsignedTx = await buildTransferTx(connection, userPubkey, accept);
+    const createResp = await crossmintApi(
+      apiBase,
+      apiKey,
+      `${encodeURIComponent(wallet)}/transactions`,
       {
-        method: "POST",
-        headers: { "Content-Type": "application/json", "X-API-KEY": apiKey },
-        body: JSON.stringify({ params: { transaction: serializedBase58 } })
+        params: {
+          transaction: toBase58(unsignedTx.serialize()),
+          signer: {
+            type: "external-wallet",
+            locator: `external-wallet:${signerAddress}`
+          }
+        }
       }
     );
-    const txData = await txResp.json();
-    if (!txResp.ok || !txData.id) {
-      throw new Error(`[x402/crossmint] Crossmint API error: ${JSON.stringify(txData)}`);
-    }
-    let sig = txData.onChain?.txId || extractSignature(txData.onChain?.transaction) || null;
-    for (let i = 0; i < maxPolls && !sig; i++) {
-      await new Promise((r) => setTimeout(r, pollMs));
-      const poll = await fetch(
-        `${apiBase}/wallets/${encodeURIComponent(wallet)}/transactions/${txData.id}`,
-        { headers: { "X-API-KEY": apiKey } }
+    const transactionId = createResp.id;
+    const pendingApproval = createResp.approvals?.pending?.[0];
+    if (!transactionId || !pendingApproval) {
+      throw new Error(
+        `[x402/crossmint] No pending approval returned. Ensure external signer ${signerAddress} is registered on wallet ${wallet}. Response: ${JSON.stringify(createResp)}`
       );
-      const p = await poll.json();
-      if (p.status === "failed") {
-        throw new Error(`[x402/crossmint] Crossmint tx failed: ${p.error?.message || "unknown"}`);
-      }
-      sig = p.onChain?.txId || extractSignature(p.onChain?.transaction) || null;
-    }
-    if (!sig) {
-      throw new Error("[x402/crossmint] Timed out waiting for Crossmint tx confirmation");
     }
-    const payload = {
-      x402Version: 2,
-      scheme: "exact",
-      network: accept.network,
-      payload: {
-        transaction: Buffer.from(unsignedTx.serialize()).toString("base64"),
-        txId: sig
-      },
-      accepted: {
-        scheme: accept.scheme,
-        network: accept.network,
-        amount: accept.amount,
-        asset: accept.asset,
-        payTo: accept.payTo
+    const pendingSigner = pendingApproval.signer?.address ?? pendingApproval.signer?.locator?.split(":")[1] ?? signerAddress;
+    const approvalSig = signMessage(pendingApproval.message, signerSecretKey);
+    const approvalResp = await crossmintApi(
+      apiBase,
+      apiKey,
+      `${encodeURIComponent(wallet)}/transactions/${encodeURIComponent(transactionId)}/approvals`,
+      {
+        approvals: [{
+          signer: `external-wallet:${pendingSigner}`,
+          signature: approvalSig
+        }]
       }
-    };
-    const xPayment = Buffer.from(JSON.stringify(payload)).toString("base64");
+    );
+    const sig = await pollForSignature(
+      apiBase,
+      apiKey,
+      wallet,
+      transactionId,
+      maxPolls,
+      pollMs,
+      approvalResp
+    );
+    if (!sig) throw new Error("[x402/crossmint] Timed out waiting for tx confirmation");
+    const xPayment = buildXPaymentHeader(unsignedTx, sig, accept);
     return fetch(url, {
       ...init,
       headers: { Accept: "application/json", "X-PAYMENT": xPayment, ...init?.headers }
@@ -178,6 +295,7 @@ function createCrossmintX402Fetch(config) {
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  createCrossmintDelegatedX402Fetch,
   createCrossmintX402Fetch
 });
 //# sourceMappingURL=crossmint.cjs.map

package/dist/crossmint.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/crossmint.ts"],"sourcesContent":["/*\n Crossmint smart wallet integration for RelAI x402.\n \n Auto-handles 402 Payment Required responses using a Crossmint\n * API-key smart wallet on Solana. Zero private keys needed —\n * Crossmint signs and broadcasts, RelAI facilitator verifies on-chain.\n \n @example\n * ```ts\n * import { createCrossmintX402Fetch } from \"@relai-fi/x402/crossmint\";\n * import { Connection } from \"@solana/web3.js\";\n \n const fetch402 = createCrossmintX402Fetch({\n * apiKey: process.env.CROSSMINT_API_KEY!,\n * wallet: process.env.CROSSMINT_WALLET!,\n * connection: new Connection(process.env.RPC_URL!),\n * });\n \n const resp = await fetch402(\"https://api.example.com/protected\");\n * console.log(await resp.json()); // paid content\n * ```\n \n @module\n /\nimport {\n Connection,\n PublicKey,\n VersionedTransaction,\n TransactionMessage,\n} from \"@solana/web3.js\";\nimport {\n getAssociatedTokenAddress,\n createTransferCheckedInstruction,\n getMint,\n TOKEN_PROGRAM_ID,\n TOKEN_2022_PROGRAM_ID,\n} from \"@solana/spl-token\";\n\n// ── Types ───────────────────────────────────────────────────────────\n\nexport interface CrossmintX402Config {\n /* Crossmint server-side API key (`sk_production_...` or `sk_staging_...`) /\n apiKey: string;\n\n /* Crossmint smart wallet address (Solana public key) /\n wallet: string;\n\n /* Solana RPC connection /\n connection: Connection;\n\n /* Override Crossmint API base URL (default: `https://www.crossmint.com/api/2025-06-09`) /\n crossmintApiBase?: string;\n\n /* Max polling attempts for tx confirmation (default: 30) /\n maxPollAttempts?: number;\n\n /* Polling interval in ms (default: 2000) /\n pollIntervalMs?: number;\n}\n\n// ── Internals ───────────────────────────────────────────────────────\n\nconst DEFAULT_API_BASE = \"https://www.crossmint.com/api/2025-06-09\";\n\n/* Encode bytes to base58 without external dependency. /\nfunction toBase58(bytes: Uint8Array): string {\n const ALPHABET = \"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz\";\n const digits = [0];\n for (const byte of bytes) {\n let carry = byte;\n for (let j = 0; j < digits.length; j++) {\n carry += digits[j] << 8;\n digits[j] = carry % 58;\n carry = (carry / 58) \| 0;\n }\n while (carry > 0) {\n digits.push(carry % 58);\n carry = (carry / 58) \| 0;\n }\n }\n let str = \"\";\n for (const byte of bytes) {\n if (byte === 0) str += ALPHABET[0];\n else break;\n }\n for (let i = digits.length - 1; i >= 0; i--) {\n str += ALPHABET[digits[i]];\n }\n return str;\n}\n\n/* Extract Solana signature from Crossmint's full serialized tx (base58). /\nfunction extractSignature(onChainTx: string): string \| null {\n if (!onChainTx) return null;\n if (onChainTx.length <= 100) return onChainTx; // Already a bare signature\n try {\n // Decode base58 → deserialize VersionedTransaction → first signature\n const ALPHABET = \"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz\";\n const BASE_MAP = new Uint8Array(256).fill(255);\n for (let i = 0; i < ALPHABET.length; i++) BASE_MAP[ALPHABET.charCodeAt(i)] = i;\n const bytes: number[] = [0];\n for (const ch of onChainTx) {\n const carry_init = BASE_MAP[ch.charCodeAt(0)];\n if (carry_init === 255) return null;\n let carry = carry_init;\n for (let j = 0; j < bytes.length; j++) {\n carry += bytes[j] 58;\n bytes[j] = carry & 0xff;\n carry >>= 8;\n }\n while (carry > 0) {\n bytes.push(carry & 0xff);\n carry >>= 8;\n }\n }\n for (const ch of onChainTx) {\n if (ch === ALPHABET[0]) bytes.push(0);\n else break;\n }\n const decoded = new Uint8Array(bytes.reverse());\n const vtx = VersionedTransaction.deserialize(decoded);\n if (vtx.signatures?.[0]) return toBase58(vtx.signatures[0]);\n } catch {\n // Not a valid serialized tx\n }\n return null;\n}\n\n// ── Public API ──────────────────────────────────────────────────────\n\n/*\n Create a fetch wrapper that auto-handles x402 `402 Payment Required`\n * responses using a Crossmint smart wallet on Solana.\n \n The returned function has the same signature as `fetch()`.\n * On a 402 response it will:\n * 1. Parse payment requirements\n * 2. Build a Solana SPL transfer instruction\n * 3. Submit to Crossmint API (which signs + broadcasts)\n * 4. Poll for on-chain confirmation\n * 5. Retry the original request with an `X-PAYMENT` header\n */\nexport function createCrossmintX402Fetch(config: CrossmintX402Config) {\n const { apiKey, wallet, connection } = config;\n const apiBase = config.crossmintApiBase \|\| DEFAULT_API_BASE;\n const maxPolls = config.maxPollAttempts ?? 30;\n const pollMs = config.pollIntervalMs ?? 2000;\n const userPubkey = new PublicKey(wallet);\n\n return async function fetch402(\n url: string,\n init?: RequestInit,\n ): Promise<Response> {\n // 1. Initial request\n const firstResp = await fetch(url, {\n ...init,\n headers: { Accept: \"application/json\", ...init?.headers },\n });\n if (firstResp.status !== 402) return firstResp;\n\n // 2. Parse payment requirements\n const requirements = (await firstResp.json()) as any;\n const accept = requirements.accepts?.[0];\n if (!accept) throw new Error(\"[x402/crossmint] No payment requirements in 402 response\");\n\n // 3. Build SPL transfer instruction\n const mintPubkey = new PublicKey(accept.asset);\n const merchantPubkey = new PublicKey(accept.payTo);\n const mintAccountInfo = await connection.getAccountInfo(mintPubkey);\n const programId = mintAccountInfo?.owner.equals(TOKEN_2022_PROGRAM_ID)\n ? TOKEN_2022_PROGRAM_ID\n : TOKEN_PROGRAM_ID;\n\n const mintInfo = await getMint(connection, mintPubkey, \"confirmed\", programId);\n const amount = BigInt(accept.amount);\n\n const sourceAta = await getAssociatedTokenAddress(mintPubkey, userPubkey, true, programId);\n const destAta = await getAssociatedTokenAddress(mintPubkey, merchantPubkey, true, programId);\n\n const ix = createTransferCheckedInstruction(\n sourceAta, mintPubkey, destAta, userPubkey,\n amount, mintInfo.decimals, [], programId,\n );\n\n const { blockhash } = await connection.getLatestBlockhash(\"confirmed\");\n const msg = new TransactionMessage({\n payerKey: userPubkey,\n recentBlockhash: blockhash,\n instructions: [ix],\n }).compileToV0Message();\n\n const unsignedTx = new VersionedTransaction(msg);\n const serializedBase58 = toBase58(unsignedTx.serialize());\n\n // 4. Send to Crossmint (signs + broadcasts)\n const txResp = await fetch(\n `${apiBase}/wallets/${encodeURIComponent(wallet)}/transactions`,\n {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\", \"X-API-KEY\": apiKey },\n body: JSON.stringify({ params: { transaction: serializedBase58 } }),\n },\n );\n const txData = (await txResp.json()) as any;\n if (!txResp.ok \|\| !txData.id) {\n throw new Error(`[x402/crossmint] Crossmint API error: ${JSON.stringify(txData)}`);\n }\n\n // 5. Poll for on-chain signature\n let sig: string \| null =\n txData.onChain?.txId \|\| extractSignature(txData.onChain?.transaction) \|\| null;\n\n for (let i = 0; i < maxPolls && !sig; i++) {\n await new Promise((r) => setTimeout(r, pollMs));\n const poll = await fetch(\n `${apiBase}/wallets/${encodeURIComponent(wallet)}/transactions/${txData.id}`,\n { headers: { \"X-API-KEY\": apiKey } },\n );\n const p = (await poll.json()) as any;\n if (p.status === \"failed\") {\n throw new Error(`[x402/crossmint] Crossmint tx failed: ${p.error?.message \|\| \"unknown\"}`);\n }\n sig = p.onChain?.txId \|\| extractSignature(p.onChain?.transaction) \|\| null;\n }\n if (!sig) {\n throw new Error(\"[x402/crossmint] Timed out waiting for Crossmint tx confirmation\");\n }\n\n // 6. Build X-PAYMENT header with pre-broadcast txId\n const payload = {\n x402Version: 2,\n scheme: \"exact\",\n network: accept.network,\n payload: {\n transaction: Buffer.from(unsignedTx.serialize()).toString(\"base64\"),\n txId: sig,\n },\n accepted: {\n scheme: accept.scheme,\n network: accept.network,\n amount: accept.amount,\n asset: accept.asset,\n payTo: accept.payTo,\n },\n };\n const xPayment = Buffer.from(JSON.stringify(payload)).toString(\"base64\");\n\n // 7. Retry with payment\n return fetch(url, {\n ...init,\n headers: { Accept: \"application/json\", \"X-PAYMENT\": xPayment, ...init?.headers },\n });\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAwBA,kBAKO;AACP,uBAMO;AA0BP,IAAM,mBAAmB;AAGzB,SAAS,SAAS,OAA2B;AAC3C,QAAM,WAAW;AACjB,QAAM,SAAS,CAAC,CAAC;AACjB,aAAW,QAAQ,OAAO;AACxB,QAAI,QAAQ;AACZ,aAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAS,OAAO,CAAC,KAAK;AACtB,aAAO,CAAC,IAAI,QAAQ;AACpB,cAAS,QAAQ,KAAM;AAAA,IACzB;AACA,WAAO,QAAQ,GAAG;AAChB,aAAO,KAAK,QAAQ,EAAE;AACtB,cAAS,QAAQ,KAAM;AAAA,IACzB;AAAA,EACF;AACA,MAAI,MAAM;AACV,aAAW,QAAQ,OAAO;AACxB,QAAI,SAAS,EAAG,QAAO,SAAS,CAAC;AAAA,QAC5B;AAAA,EACP;AACA,WAAS,IAAI,OAAO,SAAS,GAAG,KAAK,GAAG,KAAK;AAC3C,WAAO,SAAS,OAAO,CAAC,CAAC;AAAA,EAC3B;AACA,SAAO;AACT;AAGA,SAAS,iBAAiB,WAAkC;AAC1D,MAAI,CAAC,UAAW,QAAO;AACvB,MAAI,UAAU,UAAU,IAAK,QAAO;AACpC,MAAI;AAEF,UAAM,WAAW;AACjB,UAAM,WAAW,IAAI,WAAW,GAAG,EAAE,KAAK,GAAG;AAC7C,aAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,IAAK,UAAS,SAAS,WAAW,CAAC,CAAC,IAAI;AAC7E,UAAM,QAAkB,CAAC,CAAC;AAC1B,eAAW,MAAM,WAAW;AAC1B,YAAM,aAAa,SAAS,GAAG,WAAW,CAAC,CAAC;AAC5C,UAAI,eAAe,IAAK,QAAO;AAC/B,UAAI,QAAQ;AACZ,eAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,iBAAS,MAAM,CAAC,IAAI;AACpB,cAAM,CAAC,IAAI,QAAQ;AACnB,kBAAU;AAAA,MACZ;AACA,aAAO,QAAQ,GAAG;AAChB,cAAM,KAAK,QAAQ,GAAI;AACvB,kBAAU;AAAA,MACZ;AAAA,IACF;AACA,eAAW,MAAM,WAAW;AAC1B,UAAI,OAAO,SAAS,CAAC,EAAG,OAAM,KAAK,CAAC;AAAA,UAC/B;AAAA,IACP;AACA,UAAM,UAAU,IAAI,WAAW,MAAM,QAAQ,CAAC;AAC9C,UAAM,MAAM,iCAAqB,YAAY,OAAO;AACpD,QAAI,IAAI,aAAa,CAAC,EAAG,QAAO,SAAS,IAAI,WAAW,CAAC,CAAC;AAAA,EAC5D,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAgBO,SAAS,yBAAyB,QAA6B;AACpE,QAAM,EAAE,QAAQ,QAAQ,WAAW,IAAI;AACvC,QAAM,UAAU,OAAO,oBAAoB;AAC3C,QAAM,WAAW,OAAO,mBAAmB;AAC3C,QAAM,SAAS,OAAO,kBAAkB;AACxC,QAAM,aAAa,IAAI,sBAAU,MAAM;AAEvC,SAAO,eAAe,SACpB,KACA,MACmB;AAEnB,UAAM,YAAY,MAAM,MAAM,KAAK;AAAA,MACjC,GAAG;AAAA,MACH,SAAS,EAAE,QAAQ,oBAAoB,GAAG,MAAM,QAAQ;AAAA,IAC1D,CAAC;AACD,QAAI,UAAU,WAAW,IAAK,QAAO;AAGrC,UAAM,eAAgB,MAAM,UAAU,KAAK;AAC3C,UAAM,SAAS,aAAa,UAAU,CAAC;AACvC,QAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,0DAA0D;AAGvF,UAAM,aAAa,IAAI,sBAAU,OAAO,KAAK;AAC7C,UAAM,iBAAiB,IAAI,sBAAU,OAAO,KAAK;AACjD,UAAM,kBAAkB,MAAM,WAAW,eAAe,UAAU;AAClE,UAAM,YAAY,iBAAiB,MAAM,OAAO,sCAAqB,IACjE,yCACA;AAEJ,UAAM,WAAW,UAAM,0BAAQ,YAAY,YAAY,aAAa,SAAS;AAC7E,UAAM,SAAS,OAAO,OAAO,MAAM;AAEnC,UAAM,YAAY,UAAM,4CAA0B,YAAY,YAAY,MAAM,SAAS;AACzF,UAAM,UAAU,UAAM,4CAA0B,YAAY,gBAAgB,MAAM,SAAS;AAE3F,UAAM,SAAK;AAAA,MACT;AAAA,MAAW;AAAA,MAAY;AAAA,MAAS;AAAA,MAChC;AAAA,MAAQ,SAAS;AAAA,MAAU,CAAC;AAAA,MAAG;AAAA,IACjC;AAEA,UAAM,EAAE,UAAU,IAAI,MAAM,WAAW,mBAAmB,WAAW;AACrE,UAAM,MAAM,IAAI,+BAAmB;AAAA,MACjC,UAAU;AAAA,MACV,iBAAiB;AAAA,MACjB,cAAc,CAAC,EAAE;AAAA,IACnB,CAAC,EAAE,mBAAmB;AAEtB,UAAM,aAAa,IAAI,iCAAqB,GAAG;AAC/C,UAAM,mBAAmB,SAAS,WAAW,UAAU,CAAC;AAGxD,UAAM,SAAS,MAAM;AAAA,MACnB,GAAG,OAAO,YAAY,mBAAmB,MAAM,CAAC;AAAA,MAChD;AAAA,QACE,QAAQ;AAAA,QACR,SAAS,EAAE,gBAAgB,oBAAoB,aAAa,OAAO;AAAA,QACnE,MAAM,KAAK,UAAU,EAAE,QAAQ,EAAE,aAAa,iBAAiB,EAAE,CAAC;AAAA,MACpE;AAAA,IACF;AACA,UAAM,SAAU,MAAM,OAAO,KAAK;AAClC,QAAI,CAAC,OAAO,MAAM,CAAC,OAAO,IAAI;AAC5B,YAAM,IAAI,MAAM,yCAAyC,KAAK,UAAU,MAAM,CAAC,EAAE;AAAA,IACnF;AAGA,QAAI,MACF,OAAO,SAAS,QAAQ,iBAAiB,OAAO,SAAS,WAAW,KAAK;AAE3E,aAAS,IAAI,GAAG,IAAI,YAAY,CAAC,KAAK,KAAK;AACzC,YAAM,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,MAAM,CAAC;AAC9C,YAAM,OAAO,MAAM;AAAA,QACjB,GAAG,OAAO,YAAY,mBAAmB,MAAM,CAAC,iBAAiB,OAAO,EAAE;AAAA,QAC1E,EAAE,SAAS,EAAE,aAAa,OAAO,EAAE;AAAA,MACrC;AACA,YAAM,IAAK,MAAM,KAAK,KAAK;AAC3B,UAAI,EAAE,WAAW,UAAU;AACzB,cAAM,IAAI,MAAM,yCAAyC,EAAE,OAAO,WAAW,SAAS,EAAE;AAAA,MAC1F;AACA,YAAM,EAAE,SAAS,QAAQ,iBAAiB,EAAE,SAAS,WAAW,KAAK;AAAA,IACvE;AACA,QAAI,CAAC,KAAK;AACR,YAAM,IAAI,MAAM,kEAAkE;AAAA,IACpF;AAGA,UAAM,UAAU;AAAA,MACd,aAAa;AAAA,MACb,QAAQ;AAAA,MACR,SAAS,OAAO;AAAA,MAChB,SAAS;AAAA,QACP,aAAa,OAAO,KAAK,WAAW,UAAU,CAAC,EAAE,SAAS,QAAQ;AAAA,QAClE,MAAM;AAAA,MACR;AAAA,MACA,UAAU;AAAA,QACR,QAAQ,OAAO;AAAA,QACf,SAAS,OAAO;AAAA,QAChB,QAAQ,OAAO;AAAA,QACf,OAAO,OAAO;AAAA,QACd,OAAO,OAAO;AAAA,MAChB;AAAA,IACF;AACA,UAAM,WAAW,OAAO,KAAK,KAAK,UAAU,OAAO,CAAC,EAAE,SAAS,QAAQ;AAGvE,WAAO,MAAM,KAAK;AAAA,MAChB,GAAG;AAAA,MACH,SAAS,EAAE,QAAQ,oBAAoB,aAAa,UAAU,GAAG,MAAM,QAAQ;AAAA,IACjF,CAAC;AAAA,EACH;AACF;","names":[]}
1	+ {"version":3,"sources":["../src/crossmint.ts"],"sourcesContent":["/*\n Crossmint smart wallet integration for RelAI x402.\n \n Two modes:\n \n API-key mode — zero private keys, Crossmint signs + broadcasts:\n * ```ts\n * import { createCrossmintX402Fetch } from \"@relai-fi/x402/crossmint\";\n \n const fetch402 = createCrossmintX402Fetch({\n * apiKey: process.env.CROSSMINT_API_KEY!,\n * wallet: process.env.CROSSMINT_WALLET!,\n * connection: new Connection(process.env.RPC_URL!),\n * });\n * const resp = await fetch402(\"https://api.example.com/protected\");\n * ```\n \n Delegated mode — external signer approves each transaction:\n * ```ts\n * import { createCrossmintDelegatedX402Fetch } from \"@relai-fi/x402/crossmint\";\n \n const fetch402 = createCrossmintDelegatedX402Fetch({\n * apiKey: process.env.CROSSMINT_API_KEY!,\n * wallet: process.env.CROSSMINT_WALLET!,\n * signerSecretKey: myKeypairBytes, // 64-byte Ed25519\n * connection: new Connection(process.env.RPC_URL!),\n * });\n * const resp = await fetch402(\"https://api.example.com/protected\");\n * ```\n \n @module\n /\nimport {\n Connection,\n PublicKey,\n VersionedTransaction,\n TransactionMessage,\n} from \"@solana/web3.js\";\nimport {\n getAssociatedTokenAddress,\n createTransferCheckedInstruction,\n getMint,\n TOKEN_PROGRAM_ID,\n TOKEN_2022_PROGRAM_ID,\n} from \"@solana/spl-token\";\n\nimport nacl from \"tweetnacl\";\n\n// ── Types ───────────────────────────────────────────────────────────\n\nexport interface CrossmintX402Config {\n /* Crossmint server-side API key (`sk_production_...` or `sk_staging_...`) /\n apiKey: string;\n\n /* Crossmint smart wallet address (Solana public key) /\n wallet: string;\n\n /* Solana RPC connection /\n connection: Connection;\n\n /* Override Crossmint API base URL (default: `https://www.crossmint.com/api/2025-06-09`) /\n crossmintApiBase?: string;\n\n /* Max polling attempts for tx confirmation (default: 30) /\n maxPollAttempts?: number;\n\n /* Polling interval in ms (default: 2000) /\n pollIntervalMs?: number;\n}\n\nexport interface CrossmintDelegatedX402Config extends CrossmintX402Config {\n /\n Ed25519 secret key for the external signer (64 bytes).\n * The corresponding public key must be registered as an external signer\n * on the Crossmint smart wallet.\n /\n signerSecretKey: Uint8Array;\n\n /* Crossmint environment: \"staging\" or \"production\" (default: auto-detect from apiKey) /\n environment?: \"staging\" \| \"production\";\n}\n\n// ── Internals ───────────────────────────────────────────────────────\n\nconst DEFAULT_API_BASE = \"https://www.crossmint.com/api/2025-06-09\";\nconst STAGING_API_BASE = \"https://staging.crossmint.com/api/2025-06-09\";\n\n/* Auto-detect Crossmint API base from API key prefix. /\nfunction detectApiBase(apiKey: string): string {\n if (apiKey.startsWith(\"sk_staging\")) return STAGING_API_BASE;\n return DEFAULT_API_BASE;\n}\n\n/* Encode bytes to base58 without external dependency. /\nfunction toBase58(bytes: Uint8Array): string {\n const ALPHABET = \"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz\";\n const digits = [0];\n for (const byte of bytes) {\n let carry = byte;\n for (let j = 0; j < digits.length; j++) {\n carry += digits[j] << 8;\n digits[j] = carry % 58;\n carry = (carry / 58) \| 0;\n }\n while (carry > 0) {\n digits.push(carry % 58);\n carry = (carry / 58) \| 0;\n }\n }\n let str = \"\";\n for (const byte of bytes) {\n if (byte === 0) str += ALPHABET[0];\n else break;\n }\n for (let i = digits.length - 1; i >= 0; i--) {\n str += ALPHABET[digits[i]];\n }\n return str;\n}\n\n/* Decode base58 string to bytes. /\nfunction fromBase58(str: string): Uint8Array {\n const ALPHABET = \"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz\";\n const BASE_MAP = new Uint8Array(256).fill(255);\n for (let i = 0; i < ALPHABET.length; i++) BASE_MAP[ALPHABET.charCodeAt(i)] = i;\n const bytes: number[] = [0];\n for (const ch of str) {\n const carry_init = BASE_MAP[ch.charCodeAt(0)];\n if (carry_init === 255) throw new Error(`Invalid base58 character: ${ch}`);\n let carry = carry_init;\n for (let j = 0; j < bytes.length; j++) {\n carry += bytes[j] 58;\n bytes[j] = carry & 0xff;\n carry >>= 8;\n }\n while (carry > 0) {\n bytes.push(carry & 0xff);\n carry >>= 8;\n }\n }\n for (const ch of str) {\n if (ch === ALPHABET[0]) bytes.push(0);\n else break;\n }\n return new Uint8Array(bytes.reverse());\n}\n\n/** Extract Solana signature from Crossmint's full serialized tx (base58). /\nfunction extractSignature(onChainTx: string): string \| null {\n if (!onChainTx) return null;\n if (onChainTx.length <= 100) return onChainTx; // Already a bare signature\n try {\n const decoded = fromBase58(onChainTx);\n const vtx = VersionedTransaction.deserialize(decoded);\n if (vtx.signatures?.[0]) return toBase58(vtx.signatures[0]);\n } catch {\n // Not a valid serialized tx\n }\n return null;\n}\n\n/* Make a Crossmint API call. /\nasync function crossmintApi(\n baseUrl: string, apiKey: string, endpoint: string,\n body?: unknown, method: \"GET\" \| \"POST\" = \"POST\",\n): Promise<any> {\n const url = `${baseUrl}/wallets/${endpoint}`;\n const opts: RequestInit = {\n method,\n headers: { \"Content-Type\": \"application/json\", \"X-API-KEY\": apiKey },\n };\n if (method === \"POST\" && body) opts.body = JSON.stringify(body);\n const resp = await fetch(url, opts);\n const json = await resp.json();\n if (!resp.ok) throw new Error(`[x402/crossmint] API ${resp.status}: ${JSON.stringify(json)}`);\n return json;\n}\n\n/* Sign a message with Ed25519. Message can be base58-encoded or UTF-8 string. /\nfunction signMessage(message: string, secretKey: Uint8Array): string {\n let messageBytes: Uint8Array;\n try {\n messageBytes = fromBase58(message);\n } catch {\n messageBytes = new TextEncoder().encode(message);\n }\n const signature = nacl.sign.detached(messageBytes, secretKey);\n return toBase58(signature);\n}\n\n/* Derive public key address from a 64-byte secret key. /\nfunction deriveSignerAddress(secretKey: Uint8Array): string {\n const publicKey = secretKey.length === 64\n ? secretKey.slice(32)\n : nacl.sign.keyPair.fromSeed(secretKey).publicKey;\n return toBase58(publicKey);\n}\n\n/* Poll Crossmint for on-chain txId. Returns signature or null. /\nasync function pollForSignature(\n apiBase: string, apiKey: string, wallet: string,\n txId: string, maxPolls: number, pollMs: number,\n initialData?: any,\n): Promise<string \| null> {\n let sig = initialData?.onChain?.txId\n \|\| extractSignature(initialData?.onChain?.transaction) \|\| null;\n\n for (let i = 0; i < maxPolls && !sig; i++) {\n await new Promise((r) => setTimeout(r, pollMs));\n const p = await crossmintApi(apiBase, apiKey,\n `${encodeURIComponent(wallet)}/transactions/${txId}`, undefined, \"GET\");\n if (p.status === \"failed\") {\n throw new Error(`[x402/crossmint] Crossmint tx failed: ${p.error?.message \|\| \"unknown\"}`);\n }\n sig = p.onChain?.txId \|\| extractSignature(p.onChain?.transaction) \|\| null;\n }\n return sig;\n}\n\n/* Build X-PAYMENT header from unsigned tx + on-chain signature + payment requirements. /\nfunction buildXPaymentHeader(unsignedTx: VersionedTransaction, sig: string, accept: any): string {\n const payload = {\n x402Version: 2,\n scheme: \"exact\",\n network: accept.network,\n payload: {\n transaction: Buffer.from(unsignedTx.serialize()).toString(\"base64\"),\n txId: sig,\n },\n accepted: {\n scheme: accept.scheme,\n network: accept.network,\n amount: accept.amount,\n asset: accept.asset,\n payTo: accept.payTo,\n },\n };\n return Buffer.from(JSON.stringify(payload)).toString(\"base64\");\n}\n\n/* Build unsigned SPL transfer tx from 402 payment requirements. /\nasync function buildTransferTx(\n connection: Connection, userPubkey: PublicKey, accept: any,\n): Promise<VersionedTransaction> {\n const mintPubkey = new PublicKey(accept.asset);\n const merchantPubkey = new PublicKey(accept.payTo);\n const mintAccountInfo = await connection.getAccountInfo(mintPubkey);\n const programId = mintAccountInfo?.owner.equals(TOKEN_2022_PROGRAM_ID)\n ? TOKEN_2022_PROGRAM_ID\n : TOKEN_PROGRAM_ID;\n\n const mintInfo = await getMint(connection, mintPubkey, \"confirmed\", programId);\n const amount = BigInt(accept.amount);\n\n const sourceAta = await getAssociatedTokenAddress(mintPubkey, userPubkey, true, programId);\n const destAta = await getAssociatedTokenAddress(mintPubkey, merchantPubkey, true, programId);\n\n const ix = createTransferCheckedInstruction(\n sourceAta, mintPubkey, destAta, userPubkey,\n amount, mintInfo.decimals, [], programId,\n );\n\n const { blockhash } = await connection.getLatestBlockhash(\"confirmed\");\n const msg = new TransactionMessage({\n payerKey: userPubkey,\n recentBlockhash: blockhash,\n instructions: [ix],\n }).compileToV0Message();\n\n return new VersionedTransaction(msg);\n}\n\n// ── Public API ──────────────────────────────────────────────────────\n\n/\n API-key mode. Create a fetch wrapper that auto-handles x402 `402`\n * responses using a Crossmint smart wallet on Solana.\n \n Crossmint signs and broadcasts — no private key needed.\n * The returned function has the same signature as `fetch()`.\n /\nexport function createCrossmintX402Fetch(config: CrossmintX402Config) {\n const { apiKey, wallet, connection } = config;\n const apiBase = config.crossmintApiBase \|\| detectApiBase(apiKey);\n const maxPolls = config.maxPollAttempts ?? 30;\n const pollMs = config.pollIntervalMs ?? 2000;\n const userPubkey = new PublicKey(wallet);\n\n return async function fetch402(url: string, init?: RequestInit): Promise<Response> {\n // 1. Initial request\n const firstResp = await fetch(url, {\n ...init, headers: { Accept: \"application/json\", ...init?.headers },\n });\n if (firstResp.status !== 402) return firstResp;\n\n // 2. Parse 402\n const requirements = (await firstResp.json()) as any;\n const accept = requirements.accepts?.[0];\n if (!accept) throw new Error(\"[x402/crossmint] No payment requirements in 402 response\");\n\n // 3. Build transfer tx\n const unsignedTx = await buildTransferTx(connection, userPubkey, accept);\n\n // 4. Submit to Crossmint (signs + broadcasts)\n const txData = await crossmintApi(apiBase, apiKey,\n `${encodeURIComponent(wallet)}/transactions`,\n { params: { transaction: toBase58(unsignedTx.serialize()) } });\n\n // 5. Poll for on-chain signature\n const sig = await pollForSignature(apiBase, apiKey, wallet, txData.id, maxPolls, pollMs, txData);\n if (!sig) throw new Error(\"[x402/crossmint] Timed out waiting for tx confirmation\");\n\n // 6. Retry with X-PAYMENT\n const xPayment = buildXPaymentHeader(unsignedTx, sig, accept);\n return fetch(url, {\n ...init, headers: { Accept: \"application/json\", \"X-PAYMENT\": xPayment, ...init?.headers },\n });\n };\n}\n\n/\n Delegated mode. Create a fetch wrapper that auto-handles x402 `402`\n * responses using a Crossmint smart wallet with external signer approval.\n \n Each transaction requires cryptographic approval from `signerSecretKey`\n * before Crossmint broadcasts. This provides an extra security layer —\n * even with the API key, transactions cannot execute without the signer.\n \n The external signer must be registered on the Crossmint smart wallet\n * via the Crossmint console or API.\n */\nexport function createCrossmintDelegatedX402Fetch(config: CrossmintDelegatedX402Config) {\n const { apiKey, wallet, connection, signerSecretKey } = config;\n const apiBase = config.crossmintApiBase \|\| detectApiBase(apiKey);\n const maxPolls = config.maxPollAttempts ?? 30;\n const pollMs = config.pollIntervalMs ?? 2000;\n const userPubkey = new PublicKey(wallet);\n const signerAddress = deriveSignerAddress(signerSecretKey);\n\n return async function fetch402(url: string, init?: RequestInit): Promise<Response> {\n // 1. Initial request\n const firstResp = await fetch(url, {\n ...init, headers: { Accept: \"application/json\", ...init?.headers },\n });\n if (firstResp.status !== 402) return firstResp;\n\n // 2. Parse 402\n const requirements = (await firstResp.json()) as any;\n const accept = requirements.accepts?.[0];\n if (!accept) throw new Error(\"[x402/crossmint] No payment requirements in 402 response\");\n\n // 3. Build transfer tx\n const unsignedTx = await buildTransferTx(connection, userPubkey, accept);\n\n // 4. Submit to Crossmint with external signer\n const createResp = await crossmintApi(apiBase, apiKey,\n `${encodeURIComponent(wallet)}/transactions`,\n {\n params: {\n transaction: toBase58(unsignedTx.serialize()),\n signer: {\n type: \"external-wallet\",\n locator: `external-wallet:${signerAddress}`,\n },\n },\n });\n\n const transactionId = createResp.id;\n const pendingApproval = createResp.approvals?.pending?.[0];\n\n if (!transactionId \|\| !pendingApproval) {\n throw new Error(\n `[x402/crossmint] No pending approval returned. ` +\n `Ensure external signer ${signerAddress} is registered on wallet ${wallet}. ` +\n `Response: ${JSON.stringify(createResp)}`\n );\n }\n\n // 5. Sign the approval message\n const pendingSigner = pendingApproval.signer?.address\n ?? pendingApproval.signer?.locator?.split(\":\")[1]\n ?? signerAddress;\n\n const approvalSig = signMessage(pendingApproval.message, signerSecretKey);\n\n // 6. Submit approval\n const approvalResp = await crossmintApi(apiBase, apiKey,\n `${encodeURIComponent(wallet)}/transactions/${encodeURIComponent(transactionId)}/approvals`,\n {\n approvals: [{\n signer: `external-wallet:${pendingSigner}`,\n signature: approvalSig,\n }],\n });\n\n // 7. Poll for on-chain signature\n const sig = await pollForSignature(\n apiBase, apiKey, wallet, transactionId, maxPolls, pollMs, approvalResp);\n if (!sig) throw new Error(\"[x402/crossmint] Timed out waiting for tx confirmation\");\n\n // 8. Retry with X-PAYMENT\n const xPayment = buildXPaymentHeader(unsignedTx, sig, accept);\n return fetch(url, {\n ...init, headers: { Accept: \"application/json\", \"X-PAYMENT\": xPayment, ...init?.headers },\n });\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAgCA,kBAKO;AACP,uBAMO;AAEP,uBAAiB;AAsCjB,IAAM,mBAAmB;AACzB,IAAM,mBAAmB;AAGzB,SAAS,cAAc,QAAwB;AAC7C,MAAI,OAAO,WAAW,YAAY,EAAG,QAAO;AAC5C,SAAO;AACT;AAGA,SAAS,SAAS,OAA2B;AAC3C,QAAM,WAAW;AACjB,QAAM,SAAS,CAAC,CAAC;AACjB,aAAW,QAAQ,OAAO;AACxB,QAAI,QAAQ;AACZ,aAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAS,OAAO,CAAC,KAAK;AACtB,aAAO,CAAC,IAAI,QAAQ;AACpB,cAAS,QAAQ,KAAM;AAAA,IACzB;AACA,WAAO,QAAQ,GAAG;AAChB,aAAO,KAAK,QAAQ,EAAE;AACtB,cAAS,QAAQ,KAAM;AAAA,IACzB;AAAA,EACF;AACA,MAAI,MAAM;AACV,aAAW,QAAQ,OAAO;AACxB,QAAI,SAAS,EAAG,QAAO,SAAS,CAAC;AAAA,QAC5B;AAAA,EACP;AACA,WAAS,IAAI,OAAO,SAAS,GAAG,KAAK,GAAG,KAAK;AAC3C,WAAO,SAAS,OAAO,CAAC,CAAC;AAAA,EAC3B;AACA,SAAO;AACT;AAGA,SAAS,WAAW,KAAyB;AAC3C,QAAM,WAAW;AACjB,QAAM,WAAW,IAAI,WAAW,GAAG,EAAE,KAAK,GAAG;AAC7C,WAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,IAAK,UAAS,SAAS,WAAW,CAAC,CAAC,IAAI;AAC7E,QAAM,QAAkB,CAAC,CAAC;AAC1B,aAAW,MAAM,KAAK;AACpB,UAAM,aAAa,SAAS,GAAG,WAAW,CAAC,CAAC;AAC5C,QAAI,eAAe,IAAK,OAAM,IAAI,MAAM,6BAA6B,EAAE,EAAE;AACzE,QAAI,QAAQ;AACZ,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,eAAS,MAAM,CAAC,IAAI;AACpB,YAAM,CAAC,IAAI,QAAQ;AACnB,gBAAU;AAAA,IACZ;AACA,WAAO,QAAQ,GAAG;AAChB,YAAM,KAAK,QAAQ,GAAI;AACvB,gBAAU;AAAA,IACZ;AAAA,EACF;AACA,aAAW,MAAM,KAAK;AACpB,QAAI,OAAO,SAAS,CAAC,EAAG,OAAM,KAAK,CAAC;AAAA,QAC/B;AAAA,EACP;AACA,SAAO,IAAI,WAAW,MAAM,QAAQ,CAAC;AACvC;AAGA,SAAS,iBAAiB,WAAkC;AAC1D,MAAI,CAAC,UAAW,QAAO;AACvB,MAAI,UAAU,UAAU,IAAK,QAAO;AACpC,MAAI;AACF,UAAM,UAAU,WAAW,SAAS;AACpC,UAAM,MAAM,iCAAqB,YAAY,OAAO;AACpD,QAAI,IAAI,aAAa,CAAC,EAAG,QAAO,SAAS,IAAI,WAAW,CAAC,CAAC;AAAA,EAC5D,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAGA,eAAe,aACb,SAAiB,QAAgB,UACjC,MAAgB,SAAyB,QAC3B;AACd,QAAM,MAAM,GAAG,OAAO,YAAY,QAAQ;AAC1C,QAAM,OAAoB;AAAA,IACxB;AAAA,IACA,SAAS,EAAE,gBAAgB,oBAAoB,aAAa,OAAO;AAAA,EACrE;AACA,MAAI,WAAW,UAAU,KAAM,MAAK,OAAO,KAAK,UAAU,IAAI;AAC9D,QAAM,OAAO,MAAM,MAAM,KAAK,IAAI;AAClC,QAAM,OAAO,MAAM,KAAK,KAAK;AAC7B,MAAI,CAAC,KAAK,GAAI,OAAM,IAAI,MAAM,wBAAwB,KAAK,MAAM,KAAK,KAAK,UAAU,IAAI,CAAC,EAAE;AAC5F,SAAO;AACT;AAGA,SAAS,YAAY,SAAiB,WAA+B;AACnE,MAAI;AACJ,MAAI;AACF,mBAAe,WAAW,OAAO;AAAA,EACnC,QAAQ;AACN,mBAAe,IAAI,YAAY,EAAE,OAAO,OAAO;AAAA,EACjD;AACA,QAAM,YAAY,iBAAAA,QAAK,KAAK,SAAS,cAAc,SAAS;AAC5D,SAAO,SAAS,SAAS;AAC3B;AAGA,SAAS,oBAAoB,WAA+B;AAC1D,QAAM,YAAY,UAAU,WAAW,KACnC,UAAU,MAAM,EAAE,IAClB,iBAAAA,QAAK,KAAK,QAAQ,SAAS,SAAS,EAAE;AAC1C,SAAO,SAAS,SAAS;AAC3B;AAGA,eAAe,iBACb,SAAiB,QAAgB,QACjC,MAAc,UAAkB,QAChC,aACwB;AACxB,MAAI,MAAM,aAAa,SAAS,QAC3B,iBAAiB,aAAa,SAAS,WAAW,KAAK;AAE5D,WAAS,IAAI,GAAG,IAAI,YAAY,CAAC,KAAK,KAAK;AACzC,UAAM,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,MAAM,CAAC;AAC9C,UAAM,IAAI,MAAM;AAAA,MAAa;AAAA,MAAS;AAAA,MACpC,GAAG,mBAAmB,MAAM,CAAC,iBAAiB,IAAI;AAAA,MAAI;AAAA,MAAW;AAAA,IAAK;AACxE,QAAI,EAAE,WAAW,UAAU;AACzB,YAAM,IAAI,MAAM,yCAAyC,EAAE,OAAO,WAAW,SAAS,EAAE;AAAA,IAC1F;AACA,UAAM,EAAE,SAAS,QAAQ,iBAAiB,EAAE,SAAS,WAAW,KAAK;AAAA,EACvE;AACA,SAAO;AACT;AAGA,SAAS,oBAAoB,YAAkC,KAAa,QAAqB;AAC/F,QAAM,UAAU;AAAA,IACd,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,SAAS,OAAO;AAAA,IAChB,SAAS;AAAA,MACP,aAAa,OAAO,KAAK,WAAW,UAAU,CAAC,EAAE,SAAS,QAAQ;AAAA,MAClE,MAAM;AAAA,IACR;AAAA,IACA,UAAU;AAAA,MACR,QAAQ,OAAO;AAAA,MACf,SAAS,OAAO;AAAA,MAChB,QAAQ,OAAO;AAAA,MACf,OAAO,OAAO;AAAA,MACd,OAAO,OAAO;AAAA,IAChB;AAAA,EACF;AACA,SAAO,OAAO,KAAK,KAAK,UAAU,OAAO,CAAC,EAAE,SAAS,QAAQ;AAC/D;AAGA,eAAe,gBACb,YAAwB,YAAuB,QAChB;AAC/B,QAAM,aAAa,IAAI,sBAAU,OAAO,KAAK;AAC7C,QAAM,iBAAiB,IAAI,sBAAU,OAAO,KAAK;AACjD,QAAM,kBAAkB,MAAM,WAAW,eAAe,UAAU;AAClE,QAAM,YAAY,iBAAiB,MAAM,OAAO,sCAAqB,IACjE,yCACA;AAEJ,QAAM,WAAW,UAAM,0BAAQ,YAAY,YAAY,aAAa,SAAS;AAC7E,QAAM,SAAS,OAAO,OAAO,MAAM;AAEnC,QAAM,YAAY,UAAM,4CAA0B,YAAY,YAAY,MAAM,SAAS;AACzF,QAAM,UAAU,UAAM,4CAA0B,YAAY,gBAAgB,MAAM,SAAS;AAE3F,QAAM,SAAK;AAAA,IACT;AAAA,IAAW;AAAA,IAAY;AAAA,IAAS;AAAA,IAChC;AAAA,IAAQ,SAAS;AAAA,IAAU,CAAC;AAAA,IAAG;AAAA,EACjC;AAEA,QAAM,EAAE,UAAU,IAAI,MAAM,WAAW,mBAAmB,WAAW;AACrE,QAAM,MAAM,IAAI,+BAAmB;AAAA,IACjC,UAAU;AAAA,IACV,iBAAiB;AAAA,IACjB,cAAc,CAAC,EAAE;AAAA,EACnB,CAAC,EAAE,mBAAmB;AAEtB,SAAO,IAAI,iCAAqB,GAAG;AACrC;AAWO,SAAS,yBAAyB,QAA6B;AACpE,QAAM,EAAE,QAAQ,QAAQ,WAAW,IAAI;AACvC,QAAM,UAAU,OAAO,oBAAoB,cAAc,MAAM;AAC/D,QAAM,WAAW,OAAO,mBAAmB;AAC3C,QAAM,SAAS,OAAO,kBAAkB;AACxC,QAAM,aAAa,IAAI,sBAAU,MAAM;AAEvC,SAAO,eAAe,SAAS,KAAa,MAAuC;AAEjF,UAAM,YAAY,MAAM,MAAM,KAAK;AAAA,MACjC,GAAG;AAAA,MAAM,SAAS,EAAE,QAAQ,oBAAoB,GAAG,MAAM,QAAQ;AAAA,IACnE,CAAC;AACD,QAAI,UAAU,WAAW,IAAK,QAAO;AAGrC,UAAM,eAAgB,MAAM,UAAU,KAAK;AAC3C,UAAM,SAAS,aAAa,UAAU,CAAC;AACvC,QAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,0DAA0D;AAGvF,UAAM,aAAa,MAAM,gBAAgB,YAAY,YAAY,MAAM;AAGvE,UAAM,SAAS,MAAM;AAAA,MAAa;AAAA,MAAS;AAAA,MACzC,GAAG,mBAAmB,MAAM,CAAC;AAAA,MAC7B,EAAE,QAAQ,EAAE,aAAa,SAAS,WAAW,UAAU,CAAC,EAAE,EAAE;AAAA,IAAC;AAG/D,UAAM,MAAM,MAAM,iBAAiB,SAAS,QAAQ,QAAQ,OAAO,IAAI,UAAU,QAAQ,MAAM;AAC/F,QAAI,CAAC,IAAK,OAAM,IAAI,MAAM,wDAAwD;AAGlF,UAAM,WAAW,oBAAoB,YAAY,KAAK,MAAM;AAC5D,WAAO,MAAM,KAAK;AAAA,MAChB,GAAG;AAAA,MAAM,SAAS,EAAE,QAAQ,oBAAoB,aAAa,UAAU,GAAG,MAAM,QAAQ;AAAA,IAC1F,CAAC;AAAA,EACH;AACF;AAaO,SAAS,kCAAkC,QAAsC;AACtF,QAAM,EAAE,QAAQ,QAAQ,YAAY,gBAAgB,IAAI;AACxD,QAAM,UAAU,OAAO,oBAAoB,cAAc,MAAM;AAC/D,QAAM,WAAW,OAAO,mBAAmB;AAC3C,QAAM,SAAS,OAAO,kBAAkB;AACxC,QAAM,aAAa,IAAI,sBAAU,MAAM;AACvC,QAAM,gBAAgB,oBAAoB,eAAe;AAEzD,SAAO,eAAe,SAAS,KAAa,MAAuC;AAEjF,UAAM,YAAY,MAAM,MAAM,KAAK;AAAA,MACjC,GAAG;AAAA,MAAM,SAAS,EAAE,QAAQ,oBAAoB,GAAG,MAAM,QAAQ;AAAA,IACnE,CAAC;AACD,QAAI,UAAU,WAAW,IAAK,QAAO;AAGrC,UAAM,eAAgB,MAAM,UAAU,KAAK;AAC3C,UAAM,SAAS,aAAa,UAAU,CAAC;AACvC,QAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,0DAA0D;AAGvF,UAAM,aAAa,MAAM,gBAAgB,YAAY,YAAY,MAAM;AAGvE,UAAM,aAAa,MAAM;AAAA,MAAa;AAAA,MAAS;AAAA,MAC7C,GAAG,mBAAmB,MAAM,CAAC;AAAA,MAC7B;AAAA,QACE,QAAQ;AAAA,UACN,aAAa,SAAS,WAAW,UAAU,CAAC;AAAA,UAC5C,QAAQ;AAAA,YACN,MAAM;AAAA,YACN,SAAS,mBAAmB,aAAa;AAAA,UAC3C;AAAA,QACF;AAAA,MACF;AAAA,IAAC;AAEH,UAAM,gBAAgB,WAAW;AACjC,UAAM,kBAAkB,WAAW,WAAW,UAAU,CAAC;AAEzD,QAAI,CAAC,iBAAiB,CAAC,iBAAiB;AACtC,YAAM,IAAI;AAAA,QACR,yEAC0B,aAAa,4BAA4B,MAAM,eAC5D,KAAK,UAAU,UAAU,CAAC;AAAA,MACzC;AAAA,IACF;AAGA,UAAM,gBAAgB,gBAAgB,QAAQ,WACzC,gBAAgB,QAAQ,SAAS,MAAM,GAAG,EAAE,CAAC,KAC7C;AAEL,UAAM,cAAc,YAAY,gBAAgB,SAAS,eAAe;AAGxE,UAAM,eAAe,MAAM;AAAA,MAAa;AAAA,MAAS;AAAA,MAC/C,GAAG,mBAAmB,MAAM,CAAC,iBAAiB,mBAAmB,aAAa,CAAC;AAAA,MAC/E;AAAA,QACE,WAAW,CAAC;AAAA,UACV,QAAQ,mBAAmB,aAAa;AAAA,UACxC,WAAW;AAAA,QACb,CAAC;AAAA,MACH;AAAA,IAAC;AAGH,UAAM,MAAM,MAAM;AAAA,MAChB;AAAA,MAAS;AAAA,MAAQ;AAAA,MAAQ;AAAA,MAAe;AAAA,MAAU;AAAA,MAAQ;AAAA,IAAY;AACxE,QAAI,CAAC,IAAK,OAAM,IAAI,MAAM,wDAAwD;AAGlF,UAAM,WAAW,oBAAoB,YAAY,KAAK,MAAM;AAC5D,WAAO,MAAM,KAAK;AAAA,MAChB,GAAG;AAAA,MAAM,SAAS,EAAE,QAAQ,oBAAoB,aAAa,UAAU,GAAG,MAAM,QAAQ;AAAA,IAC1F,CAAC;AAAA,EACH;AACF;","names":["nacl"]}

package/dist/crossmint.d.cts CHANGED Viewed

@@ -3,23 +3,31 @@ import { Connection } from '@solana/web3.js';
 /**
  * Crossmint smart wallet integration for RelAI x402.
  *
- * Auto-handles 402 Payment Required responses using a Crossmint
- * API-key smart wallet on Solana. Zero private keys needed —
- * Crossmint signs and broadcasts, RelAI facilitator verifies on-chain.
+ * Two modes:
  *
- * @example
+ * **API-key mode** — zero private keys, Crossmint signs + broadcasts:
  * ```ts
  * import { createCrossmintX402Fetch } from "@relai-fi/x402/crossmint";
- * import { Connection } from "@solana/web3.js";
  *
  * const fetch402 = createCrossmintX402Fetch({
  *   apiKey: process.env.CROSSMINT_API_KEY!,
  *   wallet: process.env.CROSSMINT_WALLET!,
  *   connection: new Connection(process.env.RPC_URL!),
  * });
+ * const resp = await fetch402("https://api.example.com/protected");
+ * ```
+ *
+ * **Delegated mode** — external signer approves each transaction:
+ * ```ts
+ * import { createCrossmintDelegatedX402Fetch } from "@relai-fi/x402/crossmint";
  *
+ * const fetch402 = createCrossmintDelegatedX402Fetch({
+ *   apiKey: process.env.CROSSMINT_API_KEY!,
+ *   wallet: process.env.CROSSMINT_WALLET!,
+ *   signerSecretKey: myKeypairBytes, // 64-byte Ed25519
+ *   connection: new Connection(process.env.RPC_URL!),
+ * });
  * const resp = await fetch402("https://api.example.com/protected");
- * console.log(await resp.json()); // paid content
  * ```
  *
  * @module
@@ -39,18 +47,35 @@ interface CrossmintX402Config {
     /** Polling interval in ms (default: 2000) */
     pollIntervalMs?: number;
 }
+interface CrossmintDelegatedX402Config extends CrossmintX402Config {
+    /**
+     * Ed25519 secret key for the external signer (64 bytes).
+     * The corresponding public key must be registered as an external signer
+     * on the Crossmint smart wallet.
+     */
+    signerSecretKey: Uint8Array;
+    /** Crossmint environment: "staging" or "production" (default: auto-detect from apiKey) */
+    environment?: "staging" | "production";
+}
 /**
- * Create a fetch wrapper that auto-handles x402 `402 Payment Required`
+ * **API-key mode.** Create a fetch wrapper that auto-handles x402 `402`
  * responses using a Crossmint smart wallet on Solana.
  *
+ * Crossmint signs and broadcasts — no private key needed.
  * The returned function has the same signature as `fetch()`.
- * On a 402 response it will:
- * 1. Parse payment requirements
- * 2. Build a Solana SPL transfer instruction
- * 3. Submit to Crossmint API (which signs + broadcasts)
- * 4. Poll for on-chain confirmation
- * 5. Retry the original request with an `X-PAYMENT` header
  */
 declare function createCrossmintX402Fetch(config: CrossmintX402Config): (url: string, init?: RequestInit) => Promise<Response>;
+/**
+ * **Delegated mode.** Create a fetch wrapper that auto-handles x402 `402`
+ * responses using a Crossmint smart wallet with external signer approval.
+ *
+ * Each transaction requires cryptographic approval from `signerSecretKey`
+ * before Crossmint broadcasts. This provides an extra security layer —
+ * even with the API key, transactions cannot execute without the signer.
+ *
+ * The external signer must be registered on the Crossmint smart wallet
+ * via the Crossmint console or API.
+ */
+declare function createCrossmintDelegatedX402Fetch(config: CrossmintDelegatedX402Config): (url: string, init?: RequestInit) => Promise<Response>;
-export { type CrossmintX402Config, createCrossmintX402Fetch };
+export { type CrossmintDelegatedX402Config, type CrossmintX402Config, createCrossmintDelegatedX402Fetch, createCrossmintX402Fetch };

package/dist/crossmint.d.ts CHANGED Viewed

@@ -3,23 +3,31 @@ import { Connection } from '@solana/web3.js';
 /**
  * Crossmint smart wallet integration for RelAI x402.
  *
- * Auto-handles 402 Payment Required responses using a Crossmint
- * API-key smart wallet on Solana. Zero private keys needed —
- * Crossmint signs and broadcasts, RelAI facilitator verifies on-chain.
+ * Two modes:
  *
- * @example
+ * **API-key mode** — zero private keys, Crossmint signs + broadcasts:
  * ```ts
  * import { createCrossmintX402Fetch } from "@relai-fi/x402/crossmint";
- * import { Connection } from "@solana/web3.js";
  *
  * const fetch402 = createCrossmintX402Fetch({
  *   apiKey: process.env.CROSSMINT_API_KEY!,
  *   wallet: process.env.CROSSMINT_WALLET!,
  *   connection: new Connection(process.env.RPC_URL!),
  * });
+ * const resp = await fetch402("https://api.example.com/protected");
+ * ```
+ *
+ * **Delegated mode** — external signer approves each transaction:
+ * ```ts
+ * import { createCrossmintDelegatedX402Fetch } from "@relai-fi/x402/crossmint";
  *
+ * const fetch402 = createCrossmintDelegatedX402Fetch({
+ *   apiKey: process.env.CROSSMINT_API_KEY!,
+ *   wallet: process.env.CROSSMINT_WALLET!,
+ *   signerSecretKey: myKeypairBytes, // 64-byte Ed25519
+ *   connection: new Connection(process.env.RPC_URL!),
+ * });
  * const resp = await fetch402("https://api.example.com/protected");
- * console.log(await resp.json()); // paid content
  * ```
  *
  * @module
@@ -39,18 +47,35 @@ interface CrossmintX402Config {
     /** Polling interval in ms (default: 2000) */
     pollIntervalMs?: number;
 }
+interface CrossmintDelegatedX402Config extends CrossmintX402Config {
+    /**
+     * Ed25519 secret key for the external signer (64 bytes).
+     * The corresponding public key must be registered as an external signer
+     * on the Crossmint smart wallet.
+     */
+    signerSecretKey: Uint8Array;
+    /** Crossmint environment: "staging" or "production" (default: auto-detect from apiKey) */
+    environment?: "staging" | "production";
+}
 /**
- * Create a fetch wrapper that auto-handles x402 `402 Payment Required`
+ * **API-key mode.** Create a fetch wrapper that auto-handles x402 `402`
  * responses using a Crossmint smart wallet on Solana.
  *
+ * Crossmint signs and broadcasts — no private key needed.
  * The returned function has the same signature as `fetch()`.
- * On a 402 response it will:
- * 1. Parse payment requirements
- * 2. Build a Solana SPL transfer instruction
- * 3. Submit to Crossmint API (which signs + broadcasts)
- * 4. Poll for on-chain confirmation
- * 5. Retry the original request with an `X-PAYMENT` header
  */
 declare function createCrossmintX402Fetch(config: CrossmintX402Config): (url: string, init?: RequestInit) => Promise<Response>;
+/**
+ * **Delegated mode.** Create a fetch wrapper that auto-handles x402 `402`
+ * responses using a Crossmint smart wallet with external signer approval.
+ *
+ * Each transaction requires cryptographic approval from `signerSecretKey`
+ * before Crossmint broadcasts. This provides an extra security layer —
+ * even with the API key, transactions cannot execute without the signer.
+ *
+ * The external signer must be registered on the Crossmint smart wallet
+ * via the Crossmint console or API.
+ */
+declare function createCrossmintDelegatedX402Fetch(config: CrossmintDelegatedX402Config): (url: string, init?: RequestInit) => Promise<Response>;
-export { type CrossmintX402Config, createCrossmintX402Fetch };
+export { type CrossmintDelegatedX402Config, type CrossmintX402Config, createCrossmintDelegatedX402Fetch, createCrossmintX402Fetch };

package/dist/crossmint.js CHANGED Viewed

@@ -11,7 +11,13 @@ import {
   TOKEN_PROGRAM_ID,
   TOKEN_2022_PROGRAM_ID
 } from "@solana/spl-token";
+import nacl from "tweetnacl";
 var DEFAULT_API_BASE = "https://www.crossmint.com/api/2025-06-09";
+var STAGING_API_BASE = "https://staging.crossmint.com/api/2025-06-09";
+function detectApiBase(apiKey) {
+  if (apiKey.startsWith("sk_staging")) return STAGING_API_BASE;
+  return DEFAULT_API_BASE;
+}
 function toBase58(bytes) {
   const ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
   const digits = [0];
@@ -37,42 +43,135 @@ function toBase58(bytes) {
   }
   return str;
 }
+function fromBase58(str) {
+  const ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+  const BASE_MAP = new Uint8Array(256).fill(255);
+  for (let i = 0; i < ALPHABET.length; i++) BASE_MAP[ALPHABET.charCodeAt(i)] = i;
+  const bytes = [0];
+  for (const ch of str) {
+    const carry_init = BASE_MAP[ch.charCodeAt(0)];
+    if (carry_init === 255) throw new Error(`Invalid base58 character: ${ch}`);
+    let carry = carry_init;
+    for (let j = 0; j < bytes.length; j++) {
+      carry += bytes[j] * 58;
+      bytes[j] = carry & 255;
+      carry >>= 8;
+    }
+    while (carry > 0) {
+      bytes.push(carry & 255);
+      carry >>= 8;
+    }
+  }
+  for (const ch of str) {
+    if (ch === ALPHABET[0]) bytes.push(0);
+    else break;
+  }
+  return new Uint8Array(bytes.reverse());
+}
 function extractSignature(onChainTx) {
   if (!onChainTx) return null;
   if (onChainTx.length <= 100) return onChainTx;
   try {
-    const ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
-    const BASE_MAP = new Uint8Array(256).fill(255);
-    for (let i = 0; i < ALPHABET.length; i++) BASE_MAP[ALPHABET.charCodeAt(i)] = i;
-    const bytes = [0];
-    for (const ch of onChainTx) {
-      const carry_init = BASE_MAP[ch.charCodeAt(0)];
-      if (carry_init === 255) return null;
-      let carry = carry_init;
-      for (let j = 0; j < bytes.length; j++) {
-        carry += bytes[j] * 58;
-        bytes[j] = carry & 255;
-        carry >>= 8;
-      }
-      while (carry > 0) {
-        bytes.push(carry & 255);
-        carry >>= 8;
-      }
-    }
-    for (const ch of onChainTx) {
-      if (ch === ALPHABET[0]) bytes.push(0);
-      else break;
-    }
-    const decoded = new Uint8Array(bytes.reverse());
+    const decoded = fromBase58(onChainTx);
     const vtx = VersionedTransaction.deserialize(decoded);
     if (vtx.signatures?.[0]) return toBase58(vtx.signatures[0]);
   } catch {
   }
   return null;
 }
+async function crossmintApi(baseUrl, apiKey, endpoint, body, method = "POST") {
+  const url = `${baseUrl}/wallets/${endpoint}`;
+  const opts = {
+    method,
+    headers: { "Content-Type": "application/json", "X-API-KEY": apiKey }
+  };
+  if (method === "POST" && body) opts.body = JSON.stringify(body);
+  const resp = await fetch(url, opts);
+  const json = await resp.json();
+  if (!resp.ok) throw new Error(`[x402/crossmint] API ${resp.status}: ${JSON.stringify(json)}`);
+  return json;
+}
+function signMessage(message, secretKey) {
+  let messageBytes;
+  try {
+    messageBytes = fromBase58(message);
+  } catch {
+    messageBytes = new TextEncoder().encode(message);
+  }
+  const signature = nacl.sign.detached(messageBytes, secretKey);
+  return toBase58(signature);
+}
+function deriveSignerAddress(secretKey) {
+  const publicKey = secretKey.length === 64 ? secretKey.slice(32) : nacl.sign.keyPair.fromSeed(secretKey).publicKey;
+  return toBase58(publicKey);
+}
+async function pollForSignature(apiBase, apiKey, wallet, txId, maxPolls, pollMs, initialData) {
+  let sig = initialData?.onChain?.txId || extractSignature(initialData?.onChain?.transaction) || null;
+  for (let i = 0; i < maxPolls && !sig; i++) {
+    await new Promise((r) => setTimeout(r, pollMs));
+    const p = await crossmintApi(
+      apiBase,
+      apiKey,
+      `${encodeURIComponent(wallet)}/transactions/${txId}`,
+      void 0,
+      "GET"
+    );
+    if (p.status === "failed") {
+      throw new Error(`[x402/crossmint] Crossmint tx failed: ${p.error?.message || "unknown"}`);
+    }
+    sig = p.onChain?.txId || extractSignature(p.onChain?.transaction) || null;
+  }
+  return sig;
+}
+function buildXPaymentHeader(unsignedTx, sig, accept) {
+  const payload = {
+    x402Version: 2,
+    scheme: "exact",
+    network: accept.network,
+    payload: {
+      transaction: Buffer.from(unsignedTx.serialize()).toString("base64"),
+      txId: sig
+    },
+    accepted: {
+      scheme: accept.scheme,
+      network: accept.network,
+      amount: accept.amount,
+      asset: accept.asset,
+      payTo: accept.payTo
+    }
+  };
+  return Buffer.from(JSON.stringify(payload)).toString("base64");
+}
+async function buildTransferTx(connection, userPubkey, accept) {
+  const mintPubkey = new PublicKey(accept.asset);
+  const merchantPubkey = new PublicKey(accept.payTo);
+  const mintAccountInfo = await connection.getAccountInfo(mintPubkey);
+  const programId = mintAccountInfo?.owner.equals(TOKEN_2022_PROGRAM_ID) ? TOKEN_2022_PROGRAM_ID : TOKEN_PROGRAM_ID;
+  const mintInfo = await getMint(connection, mintPubkey, "confirmed", programId);
+  const amount = BigInt(accept.amount);
+  const sourceAta = await getAssociatedTokenAddress(mintPubkey, userPubkey, true, programId);
+  const destAta = await getAssociatedTokenAddress(mintPubkey, merchantPubkey, true, programId);
+  const ix = createTransferCheckedInstruction(
+    sourceAta,
+    mintPubkey,
+    destAta,
+    userPubkey,
+    amount,
+    mintInfo.decimals,
+    [],
+    programId
+  );
+  const { blockhash } = await connection.getLatestBlockhash("confirmed");
+  const msg = new TransactionMessage({
+    payerKey: userPubkey,
+    recentBlockhash: blockhash,
+    instructions: [ix]
+  }).compileToV0Message();
+  return new VersionedTransaction(msg);
+}
 function createCrossmintX402Fetch(config) {
   const { apiKey, wallet, connection } = config;
-  const apiBase = config.crossmintApiBase || DEFAULT_API_BASE;
+  const apiBase = config.crossmintApiBase || detectApiBase(apiKey);
   const maxPolls = config.maxPollAttempts ?? 30;
   const pollMs = config.pollIntervalMs ?? 2e3;
   const userPubkey = new PublicKey(wallet);
@@ -85,77 +184,84 @@ function createCrossmintX402Fetch(config) {
     const requirements = await firstResp.json();
     const accept = requirements.accepts?.[0];
     if (!accept) throw new Error("[x402/crossmint] No payment requirements in 402 response");
-    const mintPubkey = new PublicKey(accept.asset);
-    const merchantPubkey = new PublicKey(accept.payTo);
-    const mintAccountInfo = await connection.getAccountInfo(mintPubkey);
-    const programId = mintAccountInfo?.owner.equals(TOKEN_2022_PROGRAM_ID) ? TOKEN_2022_PROGRAM_ID : TOKEN_PROGRAM_ID;
-    const mintInfo = await getMint(connection, mintPubkey, "confirmed", programId);
-    const amount = BigInt(accept.amount);
-    const sourceAta = await getAssociatedTokenAddress(mintPubkey, userPubkey, true, programId);
-    const destAta = await getAssociatedTokenAddress(mintPubkey, merchantPubkey, true, programId);
-    const ix = createTransferCheckedInstruction(
-      sourceAta,
-      mintPubkey,
-      destAta,
-      userPubkey,
-      amount,
-      mintInfo.decimals,
-      [],
-      programId
+    const unsignedTx = await buildTransferTx(connection, userPubkey, accept);
+    const txData = await crossmintApi(
+      apiBase,
+      apiKey,
+      `${encodeURIComponent(wallet)}/transactions`,
+      { params: { transaction: toBase58(unsignedTx.serialize()) } }
     );
-    const { blockhash } = await connection.getLatestBlockhash("confirmed");
-    const msg = new TransactionMessage({
-      payerKey: userPubkey,
-      recentBlockhash: blockhash,
-      instructions: [ix]
-    }).compileToV0Message();
-    const unsignedTx = new VersionedTransaction(msg);
-    const serializedBase58 = toBase58(unsignedTx.serialize());
-    const txResp = await fetch(
-      `${apiBase}/wallets/${encodeURIComponent(wallet)}/transactions`,
+    const sig = await pollForSignature(apiBase, apiKey, wallet, txData.id, maxPolls, pollMs, txData);
+    if (!sig) throw new Error("[x402/crossmint] Timed out waiting for tx confirmation");
+    const xPayment = buildXPaymentHeader(unsignedTx, sig, accept);
+    return fetch(url, {
+      ...init,
+      headers: { Accept: "application/json", "X-PAYMENT": xPayment, ...init?.headers }
+    });
+  };
+}
+function createCrossmintDelegatedX402Fetch(config) {
+  const { apiKey, wallet, connection, signerSecretKey } = config;
+  const apiBase = config.crossmintApiBase || detectApiBase(apiKey);
+  const maxPolls = config.maxPollAttempts ?? 30;
+  const pollMs = config.pollIntervalMs ?? 2e3;
+  const userPubkey = new PublicKey(wallet);
+  const signerAddress = deriveSignerAddress(signerSecretKey);
+  return async function fetch402(url, init) {
+    const firstResp = await fetch(url, {
+      ...init,
+      headers: { Accept: "application/json", ...init?.headers }
+    });
+    if (firstResp.status !== 402) return firstResp;
+    const requirements = await firstResp.json();
+    const accept = requirements.accepts?.[0];
+    if (!accept) throw new Error("[x402/crossmint] No payment requirements in 402 response");
+    const unsignedTx = await buildTransferTx(connection, userPubkey, accept);
+    const createResp = await crossmintApi(
+      apiBase,
+      apiKey,
+      `${encodeURIComponent(wallet)}/transactions`,
       {
-        method: "POST",
-        headers: { "Content-Type": "application/json", "X-API-KEY": apiKey },
-        body: JSON.stringify({ params: { transaction: serializedBase58 } })
+        params: {
+          transaction: toBase58(unsignedTx.serialize()),
+          signer: {
+            type: "external-wallet",
+            locator: `external-wallet:${signerAddress}`
+          }
+        }
       }
     );
-    const txData = await txResp.json();
-    if (!txResp.ok || !txData.id) {
-      throw new Error(`[x402/crossmint] Crossmint API error: ${JSON.stringify(txData)}`);
-    }
-    let sig = txData.onChain?.txId || extractSignature(txData.onChain?.transaction) || null;
-    for (let i = 0; i < maxPolls && !sig; i++) {
-      await new Promise((r) => setTimeout(r, pollMs));
-      const poll = await fetch(
-        `${apiBase}/wallets/${encodeURIComponent(wallet)}/transactions/${txData.id}`,
-        { headers: { "X-API-KEY": apiKey } }
+    const transactionId = createResp.id;
+    const pendingApproval = createResp.approvals?.pending?.[0];
+    if (!transactionId || !pendingApproval) {
+      throw new Error(
+        `[x402/crossmint] No pending approval returned. Ensure external signer ${signerAddress} is registered on wallet ${wallet}. Response: ${JSON.stringify(createResp)}`
       );
-      const p = await poll.json();
-      if (p.status === "failed") {
-        throw new Error(`[x402/crossmint] Crossmint tx failed: ${p.error?.message || "unknown"}`);
-      }
-      sig = p.onChain?.txId || extractSignature(p.onChain?.transaction) || null;
-    }
-    if (!sig) {
-      throw new Error("[x402/crossmint] Timed out waiting for Crossmint tx confirmation");
     }
-    const payload = {
-      x402Version: 2,
-      scheme: "exact",
-      network: accept.network,
-      payload: {
-        transaction: Buffer.from(unsignedTx.serialize()).toString("base64"),
-        txId: sig
-      },
-      accepted: {
-        scheme: accept.scheme,
-        network: accept.network,
-        amount: accept.amount,
-        asset: accept.asset,
-        payTo: accept.payTo
+    const pendingSigner = pendingApproval.signer?.address ?? pendingApproval.signer?.locator?.split(":")[1] ?? signerAddress;
+    const approvalSig = signMessage(pendingApproval.message, signerSecretKey);
+    const approvalResp = await crossmintApi(
+      apiBase,
+      apiKey,
+      `${encodeURIComponent(wallet)}/transactions/${encodeURIComponent(transactionId)}/approvals`,
+      {
+        approvals: [{
+          signer: `external-wallet:${pendingSigner}`,
+          signature: approvalSig
+        }]
       }
-    };
-    const xPayment = Buffer.from(JSON.stringify(payload)).toString("base64");
+    );
+    const sig = await pollForSignature(
+      apiBase,
+      apiKey,
+      wallet,
+      transactionId,
+      maxPolls,
+      pollMs,
+      approvalResp
+    );
+    if (!sig) throw new Error("[x402/crossmint] Timed out waiting for tx confirmation");
+    const xPayment = buildXPaymentHeader(unsignedTx, sig, accept);
     return fetch(url, {
       ...init,
       headers: { Accept: "application/json", "X-PAYMENT": xPayment, ...init?.headers }
@@ -163,6 +269,7 @@ function createCrossmintX402Fetch(config) {
   };
 }
 export {
+  createCrossmintDelegatedX402Fetch,
   createCrossmintX402Fetch
 };
 //# sourceMappingURL=crossmint.js.map

package/dist/crossmint.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/crossmint.ts"],"sourcesContent":["/*\n Crossmint smart wallet integration for RelAI x402.\n \n Auto-handles 402 Payment Required responses using a Crossmint\n * API-key smart wallet on Solana. Zero private keys needed —\n * Crossmint signs and broadcasts, RelAI facilitator verifies on-chain.\n \n @example\n * ```ts\n * import { createCrossmintX402Fetch } from \"@relai-fi/x402/crossmint\";\n * import { Connection } from \"@solana/web3.js\";\n \n const fetch402 = createCrossmintX402Fetch({\n * apiKey: process.env.CROSSMINT_API_KEY!,\n * wallet: process.env.CROSSMINT_WALLET!,\n * connection: new Connection(process.env.RPC_URL!),\n * });\n \n const resp = await fetch402(\"https://api.example.com/protected\");\n * console.log(await resp.json()); // paid content\n * ```\n \n @module\n /\nimport {\n Connection,\n PublicKey,\n VersionedTransaction,\n TransactionMessage,\n} from \"@solana/web3.js\";\nimport {\n getAssociatedTokenAddress,\n createTransferCheckedInstruction,\n getMint,\n TOKEN_PROGRAM_ID,\n TOKEN_2022_PROGRAM_ID,\n} from \"@solana/spl-token\";\n\n// ── Types ───────────────────────────────────────────────────────────\n\nexport interface CrossmintX402Config {\n /* Crossmint server-side API key (`sk_production_...` or `sk_staging_...`) /\n apiKey: string;\n\n /* Crossmint smart wallet address (Solana public key) /\n wallet: string;\n\n /* Solana RPC connection /\n connection: Connection;\n\n /* Override Crossmint API base URL (default: `https://www.crossmint.com/api/2025-06-09`) /\n crossmintApiBase?: string;\n\n /* Max polling attempts for tx confirmation (default: 30) /\n maxPollAttempts?: number;\n\n /* Polling interval in ms (default: 2000) /\n pollIntervalMs?: number;\n}\n\n// ── Internals ───────────────────────────────────────────────────────\n\nconst DEFAULT_API_BASE = \"https://www.crossmint.com/api/2025-06-09\";\n\n/* Encode bytes to base58 without external dependency. /\nfunction toBase58(bytes: Uint8Array): string {\n const ALPHABET = \"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz\";\n const digits = [0];\n for (const byte of bytes) {\n let carry = byte;\n for (let j = 0; j < digits.length; j++) {\n carry += digits[j] << 8;\n digits[j] = carry % 58;\n carry = (carry / 58) \| 0;\n }\n while (carry > 0) {\n digits.push(carry % 58);\n carry = (carry / 58) \| 0;\n }\n }\n let str = \"\";\n for (const byte of bytes) {\n if (byte === 0) str += ALPHABET[0];\n else break;\n }\n for (let i = digits.length - 1; i >= 0; i--) {\n str += ALPHABET[digits[i]];\n }\n return str;\n}\n\n/* Extract Solana signature from Crossmint's full serialized tx (base58). /\nfunction extractSignature(onChainTx: string): string \| null {\n if (!onChainTx) return null;\n if (onChainTx.length <= 100) return onChainTx; // Already a bare signature\n try {\n // Decode base58 → deserialize VersionedTransaction → first signature\n const ALPHABET = \"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz\";\n const BASE_MAP = new Uint8Array(256).fill(255);\n for (let i = 0; i < ALPHABET.length; i++) BASE_MAP[ALPHABET.charCodeAt(i)] = i;\n const bytes: number[] = [0];\n for (const ch of onChainTx) {\n const carry_init = BASE_MAP[ch.charCodeAt(0)];\n if (carry_init === 255) return null;\n let carry = carry_init;\n for (let j = 0; j < bytes.length; j++) {\n carry += bytes[j] 58;\n bytes[j] = carry & 0xff;\n carry >>= 8;\n }\n while (carry > 0) {\n bytes.push(carry & 0xff);\n carry >>= 8;\n }\n }\n for (const ch of onChainTx) {\n if (ch === ALPHABET[0]) bytes.push(0);\n else break;\n }\n const decoded = new Uint8Array(bytes.reverse());\n const vtx = VersionedTransaction.deserialize(decoded);\n if (vtx.signatures?.[0]) return toBase58(vtx.signatures[0]);\n } catch {\n // Not a valid serialized tx\n }\n return null;\n}\n\n// ── Public API ──────────────────────────────────────────────────────\n\n/*\n Create a fetch wrapper that auto-handles x402 `402 Payment Required`\n * responses using a Crossmint smart wallet on Solana.\n \n The returned function has the same signature as `fetch()`.\n * On a 402 response it will:\n * 1. Parse payment requirements\n * 2. Build a Solana SPL transfer instruction\n * 3. Submit to Crossmint API (which signs + broadcasts)\n * 4. Poll for on-chain confirmation\n * 5. Retry the original request with an `X-PAYMENT` header\n */\nexport function createCrossmintX402Fetch(config: CrossmintX402Config) {\n const { apiKey, wallet, connection } = config;\n const apiBase = config.crossmintApiBase \|\| DEFAULT_API_BASE;\n const maxPolls = config.maxPollAttempts ?? 30;\n const pollMs = config.pollIntervalMs ?? 2000;\n const userPubkey = new PublicKey(wallet);\n\n return async function fetch402(\n url: string,\n init?: RequestInit,\n ): Promise<Response> {\n // 1. Initial request\n const firstResp = await fetch(url, {\n ...init,\n headers: { Accept: \"application/json\", ...init?.headers },\n });\n if (firstResp.status !== 402) return firstResp;\n\n // 2. Parse payment requirements\n const requirements = (await firstResp.json()) as any;\n const accept = requirements.accepts?.[0];\n if (!accept) throw new Error(\"[x402/crossmint] No payment requirements in 402 response\");\n\n // 3. Build SPL transfer instruction\n const mintPubkey = new PublicKey(accept.asset);\n const merchantPubkey = new PublicKey(accept.payTo);\n const mintAccountInfo = await connection.getAccountInfo(mintPubkey);\n const programId = mintAccountInfo?.owner.equals(TOKEN_2022_PROGRAM_ID)\n ? TOKEN_2022_PROGRAM_ID\n : TOKEN_PROGRAM_ID;\n\n const mintInfo = await getMint(connection, mintPubkey, \"confirmed\", programId);\n const amount = BigInt(accept.amount);\n\n const sourceAta = await getAssociatedTokenAddress(mintPubkey, userPubkey, true, programId);\n const destAta = await getAssociatedTokenAddress(mintPubkey, merchantPubkey, true, programId);\n\n const ix = createTransferCheckedInstruction(\n sourceAta, mintPubkey, destAta, userPubkey,\n amount, mintInfo.decimals, [], programId,\n );\n\n const { blockhash } = await connection.getLatestBlockhash(\"confirmed\");\n const msg = new TransactionMessage({\n payerKey: userPubkey,\n recentBlockhash: blockhash,\n instructions: [ix],\n }).compileToV0Message();\n\n const unsignedTx = new VersionedTransaction(msg);\n const serializedBase58 = toBase58(unsignedTx.serialize());\n\n // 4. Send to Crossmint (signs + broadcasts)\n const txResp = await fetch(\n `${apiBase}/wallets/${encodeURIComponent(wallet)}/transactions`,\n {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\", \"X-API-KEY\": apiKey },\n body: JSON.stringify({ params: { transaction: serializedBase58 } }),\n },\n );\n const txData = (await txResp.json()) as any;\n if (!txResp.ok \|\| !txData.id) {\n throw new Error(`[x402/crossmint] Crossmint API error: ${JSON.stringify(txData)}`);\n }\n\n // 5. Poll for on-chain signature\n let sig: string \| null =\n txData.onChain?.txId \|\| extractSignature(txData.onChain?.transaction) \|\| null;\n\n for (let i = 0; i < maxPolls && !sig; i++) {\n await new Promise((r) => setTimeout(r, pollMs));\n const poll = await fetch(\n `${apiBase}/wallets/${encodeURIComponent(wallet)}/transactions/${txData.id}`,\n { headers: { \"X-API-KEY\": apiKey } },\n );\n const p = (await poll.json()) as any;\n if (p.status === \"failed\") {\n throw new Error(`[x402/crossmint] Crossmint tx failed: ${p.error?.message \|\| \"unknown\"}`);\n }\n sig = p.onChain?.txId \|\| extractSignature(p.onChain?.transaction) \|\| null;\n }\n if (!sig) {\n throw new Error(\"[x402/crossmint] Timed out waiting for Crossmint tx confirmation\");\n }\n\n // 6. Build X-PAYMENT header with pre-broadcast txId\n const payload = {\n x402Version: 2,\n scheme: \"exact\",\n network: accept.network,\n payload: {\n transaction: Buffer.from(unsignedTx.serialize()).toString(\"base64\"),\n txId: sig,\n },\n accepted: {\n scheme: accept.scheme,\n network: accept.network,\n amount: accept.amount,\n asset: accept.asset,\n payTo: accept.payTo,\n },\n };\n const xPayment = Buffer.from(JSON.stringify(payload)).toString(\"base64\");\n\n // 7. Retry with payment\n return fetch(url, {\n ...init,\n headers: { Accept: \"application/json\", \"X-PAYMENT\": xPayment, ...init?.headers },\n });\n };\n}\n"],"mappings":";AAwBA;AAAA,EAEE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AA0BP,IAAM,mBAAmB;AAGzB,SAAS,SAAS,OAA2B;AAC3C,QAAM,WAAW;AACjB,QAAM,SAAS,CAAC,CAAC;AACjB,aAAW,QAAQ,OAAO;AACxB,QAAI,QAAQ;AACZ,aAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAS,OAAO,CAAC,KAAK;AACtB,aAAO,CAAC,IAAI,QAAQ;AACpB,cAAS,QAAQ,KAAM;AAAA,IACzB;AACA,WAAO,QAAQ,GAAG;AAChB,aAAO,KAAK,QAAQ,EAAE;AACtB,cAAS,QAAQ,KAAM;AAAA,IACzB;AAAA,EACF;AACA,MAAI,MAAM;AACV,aAAW,QAAQ,OAAO;AACxB,QAAI,SAAS,EAAG,QAAO,SAAS,CAAC;AAAA,QAC5B;AAAA,EACP;AACA,WAAS,IAAI,OAAO,SAAS,GAAG,KAAK,GAAG,KAAK;AAC3C,WAAO,SAAS,OAAO,CAAC,CAAC;AAAA,EAC3B;AACA,SAAO;AACT;AAGA,SAAS,iBAAiB,WAAkC;AAC1D,MAAI,CAAC,UAAW,QAAO;AACvB,MAAI,UAAU,UAAU,IAAK,QAAO;AACpC,MAAI;AAEF,UAAM,WAAW;AACjB,UAAM,WAAW,IAAI,WAAW,GAAG,EAAE,KAAK,GAAG;AAC7C,aAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,IAAK,UAAS,SAAS,WAAW,CAAC,CAAC,IAAI;AAC7E,UAAM,QAAkB,CAAC,CAAC;AAC1B,eAAW,MAAM,WAAW;AAC1B,YAAM,aAAa,SAAS,GAAG,WAAW,CAAC,CAAC;AAC5C,UAAI,eAAe,IAAK,QAAO;AAC/B,UAAI,QAAQ;AACZ,eAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,iBAAS,MAAM,CAAC,IAAI;AACpB,cAAM,CAAC,IAAI,QAAQ;AACnB,kBAAU;AAAA,MACZ;AACA,aAAO,QAAQ,GAAG;AAChB,cAAM,KAAK,QAAQ,GAAI;AACvB,kBAAU;AAAA,MACZ;AAAA,IACF;AACA,eAAW,MAAM,WAAW;AAC1B,UAAI,OAAO,SAAS,CAAC,EAAG,OAAM,KAAK,CAAC;AAAA,UAC/B;AAAA,IACP;AACA,UAAM,UAAU,IAAI,WAAW,MAAM,QAAQ,CAAC;AAC9C,UAAM,MAAM,qBAAqB,YAAY,OAAO;AACpD,QAAI,IAAI,aAAa,CAAC,EAAG,QAAO,SAAS,IAAI,WAAW,CAAC,CAAC;AAAA,EAC5D,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAgBO,SAAS,yBAAyB,QAA6B;AACpE,QAAM,EAAE,QAAQ,QAAQ,WAAW,IAAI;AACvC,QAAM,UAAU,OAAO,oBAAoB;AAC3C,QAAM,WAAW,OAAO,mBAAmB;AAC3C,QAAM,SAAS,OAAO,kBAAkB;AACxC,QAAM,aAAa,IAAI,UAAU,MAAM;AAEvC,SAAO,eAAe,SACpB,KACA,MACmB;AAEnB,UAAM,YAAY,MAAM,MAAM,KAAK;AAAA,MACjC,GAAG;AAAA,MACH,SAAS,EAAE,QAAQ,oBAAoB,GAAG,MAAM,QAAQ;AAAA,IAC1D,CAAC;AACD,QAAI,UAAU,WAAW,IAAK,QAAO;AAGrC,UAAM,eAAgB,MAAM,UAAU,KAAK;AAC3C,UAAM,SAAS,aAAa,UAAU,CAAC;AACvC,QAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,0DAA0D;AAGvF,UAAM,aAAa,IAAI,UAAU,OAAO,KAAK;AAC7C,UAAM,iBAAiB,IAAI,UAAU,OAAO,KAAK;AACjD,UAAM,kBAAkB,MAAM,WAAW,eAAe,UAAU;AAClE,UAAM,YAAY,iBAAiB,MAAM,OAAO,qBAAqB,IACjE,wBACA;AAEJ,UAAM,WAAW,MAAM,QAAQ,YAAY,YAAY,aAAa,SAAS;AAC7E,UAAM,SAAS,OAAO,OAAO,MAAM;AAEnC,UAAM,YAAY,MAAM,0BAA0B,YAAY,YAAY,MAAM,SAAS;AACzF,UAAM,UAAU,MAAM,0BAA0B,YAAY,gBAAgB,MAAM,SAAS;AAE3F,UAAM,KAAK;AAAA,MACT;AAAA,MAAW;AAAA,MAAY;AAAA,MAAS;AAAA,MAChC;AAAA,MAAQ,SAAS;AAAA,MAAU,CAAC;AAAA,MAAG;AAAA,IACjC;AAEA,UAAM,EAAE,UAAU,IAAI,MAAM,WAAW,mBAAmB,WAAW;AACrE,UAAM,MAAM,IAAI,mBAAmB;AAAA,MACjC,UAAU;AAAA,MACV,iBAAiB;AAAA,MACjB,cAAc,CAAC,EAAE;AAAA,IACnB,CAAC,EAAE,mBAAmB;AAEtB,UAAM,aAAa,IAAI,qBAAqB,GAAG;AAC/C,UAAM,mBAAmB,SAAS,WAAW,UAAU,CAAC;AAGxD,UAAM,SAAS,MAAM;AAAA,MACnB,GAAG,OAAO,YAAY,mBAAmB,MAAM,CAAC;AAAA,MAChD;AAAA,QACE,QAAQ;AAAA,QACR,SAAS,EAAE,gBAAgB,oBAAoB,aAAa,OAAO;AAAA,QACnE,MAAM,KAAK,UAAU,EAAE,QAAQ,EAAE,aAAa,iBAAiB,EAAE,CAAC;AAAA,MACpE;AAAA,IACF;AACA,UAAM,SAAU,MAAM,OAAO,KAAK;AAClC,QAAI,CAAC,OAAO,MAAM,CAAC,OAAO,IAAI;AAC5B,YAAM,IAAI,MAAM,yCAAyC,KAAK,UAAU,MAAM,CAAC,EAAE;AAAA,IACnF;AAGA,QAAI,MACF,OAAO,SAAS,QAAQ,iBAAiB,OAAO,SAAS,WAAW,KAAK;AAE3E,aAAS,IAAI,GAAG,IAAI,YAAY,CAAC,KAAK,KAAK;AACzC,YAAM,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,MAAM,CAAC;AAC9C,YAAM,OAAO,MAAM;AAAA,QACjB,GAAG,OAAO,YAAY,mBAAmB,MAAM,CAAC,iBAAiB,OAAO,EAAE;AAAA,QAC1E,EAAE,SAAS,EAAE,aAAa,OAAO,EAAE;AAAA,MACrC;AACA,YAAM,IAAK,MAAM,KAAK,KAAK;AAC3B,UAAI,EAAE,WAAW,UAAU;AACzB,cAAM,IAAI,MAAM,yCAAyC,EAAE,OAAO,WAAW,SAAS,EAAE;AAAA,MAC1F;AACA,YAAM,EAAE,SAAS,QAAQ,iBAAiB,EAAE,SAAS,WAAW,KAAK;AAAA,IACvE;AACA,QAAI,CAAC,KAAK;AACR,YAAM,IAAI,MAAM,kEAAkE;AAAA,IACpF;AAGA,UAAM,UAAU;AAAA,MACd,aAAa;AAAA,MACb,QAAQ;AAAA,MACR,SAAS,OAAO;AAAA,MAChB,SAAS;AAAA,QACP,aAAa,OAAO,KAAK,WAAW,UAAU,CAAC,EAAE,SAAS,QAAQ;AAAA,QAClE,MAAM;AAAA,MACR;AAAA,MACA,UAAU;AAAA,QACR,QAAQ,OAAO;AAAA,QACf,SAAS,OAAO;AAAA,QAChB,QAAQ,OAAO;AAAA,QACf,OAAO,OAAO;AAAA,QACd,OAAO,OAAO;AAAA,MAChB;AAAA,IACF;AACA,UAAM,WAAW,OAAO,KAAK,KAAK,UAAU,OAAO,CAAC,EAAE,SAAS,QAAQ;AAGvE,WAAO,MAAM,KAAK;AAAA,MAChB,GAAG;AAAA,MACH,SAAS,EAAE,QAAQ,oBAAoB,aAAa,UAAU,GAAG,MAAM,QAAQ;AAAA,IACjF,CAAC;AAAA,EACH;AACF;","names":[]}
1	+ {"version":3,"sources":["../src/crossmint.ts"],"sourcesContent":["/*\n Crossmint smart wallet integration for RelAI x402.\n \n Two modes:\n \n API-key mode — zero private keys, Crossmint signs + broadcasts:\n * ```ts\n * import { createCrossmintX402Fetch } from \"@relai-fi/x402/crossmint\";\n \n const fetch402 = createCrossmintX402Fetch({\n * apiKey: process.env.CROSSMINT_API_KEY!,\n * wallet: process.env.CROSSMINT_WALLET!,\n * connection: new Connection(process.env.RPC_URL!),\n * });\n * const resp = await fetch402(\"https://api.example.com/protected\");\n * ```\n \n Delegated mode — external signer approves each transaction:\n * ```ts\n * import { createCrossmintDelegatedX402Fetch } from \"@relai-fi/x402/crossmint\";\n \n const fetch402 = createCrossmintDelegatedX402Fetch({\n * apiKey: process.env.CROSSMINT_API_KEY!,\n * wallet: process.env.CROSSMINT_WALLET!,\n * signerSecretKey: myKeypairBytes, // 64-byte Ed25519\n * connection: new Connection(process.env.RPC_URL!),\n * });\n * const resp = await fetch402(\"https://api.example.com/protected\");\n * ```\n \n @module\n /\nimport {\n Connection,\n PublicKey,\n VersionedTransaction,\n TransactionMessage,\n} from \"@solana/web3.js\";\nimport {\n getAssociatedTokenAddress,\n createTransferCheckedInstruction,\n getMint,\n TOKEN_PROGRAM_ID,\n TOKEN_2022_PROGRAM_ID,\n} from \"@solana/spl-token\";\n\nimport nacl from \"tweetnacl\";\n\n// ── Types ───────────────────────────────────────────────────────────\n\nexport interface CrossmintX402Config {\n /* Crossmint server-side API key (`sk_production_...` or `sk_staging_...`) /\n apiKey: string;\n\n /* Crossmint smart wallet address (Solana public key) /\n wallet: string;\n\n /* Solana RPC connection /\n connection: Connection;\n\n /* Override Crossmint API base URL (default: `https://www.crossmint.com/api/2025-06-09`) /\n crossmintApiBase?: string;\n\n /* Max polling attempts for tx confirmation (default: 30) /\n maxPollAttempts?: number;\n\n /* Polling interval in ms (default: 2000) /\n pollIntervalMs?: number;\n}\n\nexport interface CrossmintDelegatedX402Config extends CrossmintX402Config {\n /\n Ed25519 secret key for the external signer (64 bytes).\n * The corresponding public key must be registered as an external signer\n * on the Crossmint smart wallet.\n /\n signerSecretKey: Uint8Array;\n\n /* Crossmint environment: \"staging\" or \"production\" (default: auto-detect from apiKey) /\n environment?: \"staging\" \| \"production\";\n}\n\n// ── Internals ───────────────────────────────────────────────────────\n\nconst DEFAULT_API_BASE = \"https://www.crossmint.com/api/2025-06-09\";\nconst STAGING_API_BASE = \"https://staging.crossmint.com/api/2025-06-09\";\n\n/* Auto-detect Crossmint API base from API key prefix. /\nfunction detectApiBase(apiKey: string): string {\n if (apiKey.startsWith(\"sk_staging\")) return STAGING_API_BASE;\n return DEFAULT_API_BASE;\n}\n\n/* Encode bytes to base58 without external dependency. /\nfunction toBase58(bytes: Uint8Array): string {\n const ALPHABET = \"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz\";\n const digits = [0];\n for (const byte of bytes) {\n let carry = byte;\n for (let j = 0; j < digits.length; j++) {\n carry += digits[j] << 8;\n digits[j] = carry % 58;\n carry = (carry / 58) \| 0;\n }\n while (carry > 0) {\n digits.push(carry % 58);\n carry = (carry / 58) \| 0;\n }\n }\n let str = \"\";\n for (const byte of bytes) {\n if (byte === 0) str += ALPHABET[0];\n else break;\n }\n for (let i = digits.length - 1; i >= 0; i--) {\n str += ALPHABET[digits[i]];\n }\n return str;\n}\n\n/* Decode base58 string to bytes. /\nfunction fromBase58(str: string): Uint8Array {\n const ALPHABET = \"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz\";\n const BASE_MAP = new Uint8Array(256).fill(255);\n for (let i = 0; i < ALPHABET.length; i++) BASE_MAP[ALPHABET.charCodeAt(i)] = i;\n const bytes: number[] = [0];\n for (const ch of str) {\n const carry_init = BASE_MAP[ch.charCodeAt(0)];\n if (carry_init === 255) throw new Error(`Invalid base58 character: ${ch}`);\n let carry = carry_init;\n for (let j = 0; j < bytes.length; j++) {\n carry += bytes[j] 58;\n bytes[j] = carry & 0xff;\n carry >>= 8;\n }\n while (carry > 0) {\n bytes.push(carry & 0xff);\n carry >>= 8;\n }\n }\n for (const ch of str) {\n if (ch === ALPHABET[0]) bytes.push(0);\n else break;\n }\n return new Uint8Array(bytes.reverse());\n}\n\n/** Extract Solana signature from Crossmint's full serialized tx (base58). /\nfunction extractSignature(onChainTx: string): string \| null {\n if (!onChainTx) return null;\n if (onChainTx.length <= 100) return onChainTx; // Already a bare signature\n try {\n const decoded = fromBase58(onChainTx);\n const vtx = VersionedTransaction.deserialize(decoded);\n if (vtx.signatures?.[0]) return toBase58(vtx.signatures[0]);\n } catch {\n // Not a valid serialized tx\n }\n return null;\n}\n\n/* Make a Crossmint API call. /\nasync function crossmintApi(\n baseUrl: string, apiKey: string, endpoint: string,\n body?: unknown, method: \"GET\" \| \"POST\" = \"POST\",\n): Promise<any> {\n const url = `${baseUrl}/wallets/${endpoint}`;\n const opts: RequestInit = {\n method,\n headers: { \"Content-Type\": \"application/json\", \"X-API-KEY\": apiKey },\n };\n if (method === \"POST\" && body) opts.body = JSON.stringify(body);\n const resp = await fetch(url, opts);\n const json = await resp.json();\n if (!resp.ok) throw new Error(`[x402/crossmint] API ${resp.status}: ${JSON.stringify(json)}`);\n return json;\n}\n\n/* Sign a message with Ed25519. Message can be base58-encoded or UTF-8 string. /\nfunction signMessage(message: string, secretKey: Uint8Array): string {\n let messageBytes: Uint8Array;\n try {\n messageBytes = fromBase58(message);\n } catch {\n messageBytes = new TextEncoder().encode(message);\n }\n const signature = nacl.sign.detached(messageBytes, secretKey);\n return toBase58(signature);\n}\n\n/* Derive public key address from a 64-byte secret key. /\nfunction deriveSignerAddress(secretKey: Uint8Array): string {\n const publicKey = secretKey.length === 64\n ? secretKey.slice(32)\n : nacl.sign.keyPair.fromSeed(secretKey).publicKey;\n return toBase58(publicKey);\n}\n\n/* Poll Crossmint for on-chain txId. Returns signature or null. /\nasync function pollForSignature(\n apiBase: string, apiKey: string, wallet: string,\n txId: string, maxPolls: number, pollMs: number,\n initialData?: any,\n): Promise<string \| null> {\n let sig = initialData?.onChain?.txId\n \|\| extractSignature(initialData?.onChain?.transaction) \|\| null;\n\n for (let i = 0; i < maxPolls && !sig; i++) {\n await new Promise((r) => setTimeout(r, pollMs));\n const p = await crossmintApi(apiBase, apiKey,\n `${encodeURIComponent(wallet)}/transactions/${txId}`, undefined, \"GET\");\n if (p.status === \"failed\") {\n throw new Error(`[x402/crossmint] Crossmint tx failed: ${p.error?.message \|\| \"unknown\"}`);\n }\n sig = p.onChain?.txId \|\| extractSignature(p.onChain?.transaction) \|\| null;\n }\n return sig;\n}\n\n/* Build X-PAYMENT header from unsigned tx + on-chain signature + payment requirements. /\nfunction buildXPaymentHeader(unsignedTx: VersionedTransaction, sig: string, accept: any): string {\n const payload = {\n x402Version: 2,\n scheme: \"exact\",\n network: accept.network,\n payload: {\n transaction: Buffer.from(unsignedTx.serialize()).toString(\"base64\"),\n txId: sig,\n },\n accepted: {\n scheme: accept.scheme,\n network: accept.network,\n amount: accept.amount,\n asset: accept.asset,\n payTo: accept.payTo,\n },\n };\n return Buffer.from(JSON.stringify(payload)).toString(\"base64\");\n}\n\n/* Build unsigned SPL transfer tx from 402 payment requirements. /\nasync function buildTransferTx(\n connection: Connection, userPubkey: PublicKey, accept: any,\n): Promise<VersionedTransaction> {\n const mintPubkey = new PublicKey(accept.asset);\n const merchantPubkey = new PublicKey(accept.payTo);\n const mintAccountInfo = await connection.getAccountInfo(mintPubkey);\n const programId = mintAccountInfo?.owner.equals(TOKEN_2022_PROGRAM_ID)\n ? TOKEN_2022_PROGRAM_ID\n : TOKEN_PROGRAM_ID;\n\n const mintInfo = await getMint(connection, mintPubkey, \"confirmed\", programId);\n const amount = BigInt(accept.amount);\n\n const sourceAta = await getAssociatedTokenAddress(mintPubkey, userPubkey, true, programId);\n const destAta = await getAssociatedTokenAddress(mintPubkey, merchantPubkey, true, programId);\n\n const ix = createTransferCheckedInstruction(\n sourceAta, mintPubkey, destAta, userPubkey,\n amount, mintInfo.decimals, [], programId,\n );\n\n const { blockhash } = await connection.getLatestBlockhash(\"confirmed\");\n const msg = new TransactionMessage({\n payerKey: userPubkey,\n recentBlockhash: blockhash,\n instructions: [ix],\n }).compileToV0Message();\n\n return new VersionedTransaction(msg);\n}\n\n// ── Public API ──────────────────────────────────────────────────────\n\n/\n API-key mode. Create a fetch wrapper that auto-handles x402 `402`\n * responses using a Crossmint smart wallet on Solana.\n \n Crossmint signs and broadcasts — no private key needed.\n * The returned function has the same signature as `fetch()`.\n /\nexport function createCrossmintX402Fetch(config: CrossmintX402Config) {\n const { apiKey, wallet, connection } = config;\n const apiBase = config.crossmintApiBase \|\| detectApiBase(apiKey);\n const maxPolls = config.maxPollAttempts ?? 30;\n const pollMs = config.pollIntervalMs ?? 2000;\n const userPubkey = new PublicKey(wallet);\n\n return async function fetch402(url: string, init?: RequestInit): Promise<Response> {\n // 1. Initial request\n const firstResp = await fetch(url, {\n ...init, headers: { Accept: \"application/json\", ...init?.headers },\n });\n if (firstResp.status !== 402) return firstResp;\n\n // 2. Parse 402\n const requirements = (await firstResp.json()) as any;\n const accept = requirements.accepts?.[0];\n if (!accept) throw new Error(\"[x402/crossmint] No payment requirements in 402 response\");\n\n // 3. Build transfer tx\n const unsignedTx = await buildTransferTx(connection, userPubkey, accept);\n\n // 4. Submit to Crossmint (signs + broadcasts)\n const txData = await crossmintApi(apiBase, apiKey,\n `${encodeURIComponent(wallet)}/transactions`,\n { params: { transaction: toBase58(unsignedTx.serialize()) } });\n\n // 5. Poll for on-chain signature\n const sig = await pollForSignature(apiBase, apiKey, wallet, txData.id, maxPolls, pollMs, txData);\n if (!sig) throw new Error(\"[x402/crossmint] Timed out waiting for tx confirmation\");\n\n // 6. Retry with X-PAYMENT\n const xPayment = buildXPaymentHeader(unsignedTx, sig, accept);\n return fetch(url, {\n ...init, headers: { Accept: \"application/json\", \"X-PAYMENT\": xPayment, ...init?.headers },\n });\n };\n}\n\n/\n Delegated mode. Create a fetch wrapper that auto-handles x402 `402`\n * responses using a Crossmint smart wallet with external signer approval.\n \n Each transaction requires cryptographic approval from `signerSecretKey`\n * before Crossmint broadcasts. This provides an extra security layer —\n * even with the API key, transactions cannot execute without the signer.\n \n The external signer must be registered on the Crossmint smart wallet\n * via the Crossmint console or API.\n */\nexport function createCrossmintDelegatedX402Fetch(config: CrossmintDelegatedX402Config) {\n const { apiKey, wallet, connection, signerSecretKey } = config;\n const apiBase = config.crossmintApiBase \|\| detectApiBase(apiKey);\n const maxPolls = config.maxPollAttempts ?? 30;\n const pollMs = config.pollIntervalMs ?? 2000;\n const userPubkey = new PublicKey(wallet);\n const signerAddress = deriveSignerAddress(signerSecretKey);\n\n return async function fetch402(url: string, init?: RequestInit): Promise<Response> {\n // 1. Initial request\n const firstResp = await fetch(url, {\n ...init, headers: { Accept: \"application/json\", ...init?.headers },\n });\n if (firstResp.status !== 402) return firstResp;\n\n // 2. Parse 402\n const requirements = (await firstResp.json()) as any;\n const accept = requirements.accepts?.[0];\n if (!accept) throw new Error(\"[x402/crossmint] No payment requirements in 402 response\");\n\n // 3. Build transfer tx\n const unsignedTx = await buildTransferTx(connection, userPubkey, accept);\n\n // 4. Submit to Crossmint with external signer\n const createResp = await crossmintApi(apiBase, apiKey,\n `${encodeURIComponent(wallet)}/transactions`,\n {\n params: {\n transaction: toBase58(unsignedTx.serialize()),\n signer: {\n type: \"external-wallet\",\n locator: `external-wallet:${signerAddress}`,\n },\n },\n });\n\n const transactionId = createResp.id;\n const pendingApproval = createResp.approvals?.pending?.[0];\n\n if (!transactionId \|\| !pendingApproval) {\n throw new Error(\n `[x402/crossmint] No pending approval returned. ` +\n `Ensure external signer ${signerAddress} is registered on wallet ${wallet}. ` +\n `Response: ${JSON.stringify(createResp)}`\n );\n }\n\n // 5. Sign the approval message\n const pendingSigner = pendingApproval.signer?.address\n ?? pendingApproval.signer?.locator?.split(\":\")[1]\n ?? signerAddress;\n\n const approvalSig = signMessage(pendingApproval.message, signerSecretKey);\n\n // 6. Submit approval\n const approvalResp = await crossmintApi(apiBase, apiKey,\n `${encodeURIComponent(wallet)}/transactions/${encodeURIComponent(transactionId)}/approvals`,\n {\n approvals: [{\n signer: `external-wallet:${pendingSigner}`,\n signature: approvalSig,\n }],\n });\n\n // 7. Poll for on-chain signature\n const sig = await pollForSignature(\n apiBase, apiKey, wallet, transactionId, maxPolls, pollMs, approvalResp);\n if (!sig) throw new Error(\"[x402/crossmint] Timed out waiting for tx confirmation\");\n\n // 8. Retry with X-PAYMENT\n const xPayment = buildXPaymentHeader(unsignedTx, sig, accept);\n return fetch(url, {\n ...init, headers: { Accept: \"application/json\", \"X-PAYMENT\": xPayment, ...init?.headers },\n });\n };\n}\n"],"mappings":";AAgCA;AAAA,EAEE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,OAAO,UAAU;AAsCjB,IAAM,mBAAmB;AACzB,IAAM,mBAAmB;AAGzB,SAAS,cAAc,QAAwB;AAC7C,MAAI,OAAO,WAAW,YAAY,EAAG,QAAO;AAC5C,SAAO;AACT;AAGA,SAAS,SAAS,OAA2B;AAC3C,QAAM,WAAW;AACjB,QAAM,SAAS,CAAC,CAAC;AACjB,aAAW,QAAQ,OAAO;AACxB,QAAI,QAAQ;AACZ,aAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAS,OAAO,CAAC,KAAK;AACtB,aAAO,CAAC,IAAI,QAAQ;AACpB,cAAS,QAAQ,KAAM;AAAA,IACzB;AACA,WAAO,QAAQ,GAAG;AAChB,aAAO,KAAK,QAAQ,EAAE;AACtB,cAAS,QAAQ,KAAM;AAAA,IACzB;AAAA,EACF;AACA,MAAI,MAAM;AACV,aAAW,QAAQ,OAAO;AACxB,QAAI,SAAS,EAAG,QAAO,SAAS,CAAC;AAAA,QAC5B;AAAA,EACP;AACA,WAAS,IAAI,OAAO,SAAS,GAAG,KAAK,GAAG,KAAK;AAC3C,WAAO,SAAS,OAAO,CAAC,CAAC;AAAA,EAC3B;AACA,SAAO;AACT;AAGA,SAAS,WAAW,KAAyB;AAC3C,QAAM,WAAW;AACjB,QAAM,WAAW,IAAI,WAAW,GAAG,EAAE,KAAK,GAAG;AAC7C,WAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,IAAK,UAAS,SAAS,WAAW,CAAC,CAAC,IAAI;AAC7E,QAAM,QAAkB,CAAC,CAAC;AAC1B,aAAW,MAAM,KAAK;AACpB,UAAM,aAAa,SAAS,GAAG,WAAW,CAAC,CAAC;AAC5C,QAAI,eAAe,IAAK,OAAM,IAAI,MAAM,6BAA6B,EAAE,EAAE;AACzE,QAAI,QAAQ;AACZ,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,eAAS,MAAM,CAAC,IAAI;AACpB,YAAM,CAAC,IAAI,QAAQ;AACnB,gBAAU;AAAA,IACZ;AACA,WAAO,QAAQ,GAAG;AAChB,YAAM,KAAK,QAAQ,GAAI;AACvB,gBAAU;AAAA,IACZ;AAAA,EACF;AACA,aAAW,MAAM,KAAK;AACpB,QAAI,OAAO,SAAS,CAAC,EAAG,OAAM,KAAK,CAAC;AAAA,QAC/B;AAAA,EACP;AACA,SAAO,IAAI,WAAW,MAAM,QAAQ,CAAC;AACvC;AAGA,SAAS,iBAAiB,WAAkC;AAC1D,MAAI,CAAC,UAAW,QAAO;AACvB,MAAI,UAAU,UAAU,IAAK,QAAO;AACpC,MAAI;AACF,UAAM,UAAU,WAAW,SAAS;AACpC,UAAM,MAAM,qBAAqB,YAAY,OAAO;AACpD,QAAI,IAAI,aAAa,CAAC,EAAG,QAAO,SAAS,IAAI,WAAW,CAAC,CAAC;AAAA,EAC5D,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAGA,eAAe,aACb,SAAiB,QAAgB,UACjC,MAAgB,SAAyB,QAC3B;AACd,QAAM,MAAM,GAAG,OAAO,YAAY,QAAQ;AAC1C,QAAM,OAAoB;AAAA,IACxB;AAAA,IACA,SAAS,EAAE,gBAAgB,oBAAoB,aAAa,OAAO;AAAA,EACrE;AACA,MAAI,WAAW,UAAU,KAAM,MAAK,OAAO,KAAK,UAAU,IAAI;AAC9D,QAAM,OAAO,MAAM,MAAM,KAAK,IAAI;AAClC,QAAM,OAAO,MAAM,KAAK,KAAK;AAC7B,MAAI,CAAC,KAAK,GAAI,OAAM,IAAI,MAAM,wBAAwB,KAAK,MAAM,KAAK,KAAK,UAAU,IAAI,CAAC,EAAE;AAC5F,SAAO;AACT;AAGA,SAAS,YAAY,SAAiB,WAA+B;AACnE,MAAI;AACJ,MAAI;AACF,mBAAe,WAAW,OAAO;AAAA,EACnC,QAAQ;AACN,mBAAe,IAAI,YAAY,EAAE,OAAO,OAAO;AAAA,EACjD;AACA,QAAM,YAAY,KAAK,KAAK,SAAS,cAAc,SAAS;AAC5D,SAAO,SAAS,SAAS;AAC3B;AAGA,SAAS,oBAAoB,WAA+B;AAC1D,QAAM,YAAY,UAAU,WAAW,KACnC,UAAU,MAAM,EAAE,IAClB,KAAK,KAAK,QAAQ,SAAS,SAAS,EAAE;AAC1C,SAAO,SAAS,SAAS;AAC3B;AAGA,eAAe,iBACb,SAAiB,QAAgB,QACjC,MAAc,UAAkB,QAChC,aACwB;AACxB,MAAI,MAAM,aAAa,SAAS,QAC3B,iBAAiB,aAAa,SAAS,WAAW,KAAK;AAE5D,WAAS,IAAI,GAAG,IAAI,YAAY,CAAC,KAAK,KAAK;AACzC,UAAM,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,MAAM,CAAC;AAC9C,UAAM,IAAI,MAAM;AAAA,MAAa;AAAA,MAAS;AAAA,MACpC,GAAG,mBAAmB,MAAM,CAAC,iBAAiB,IAAI;AAAA,MAAI;AAAA,MAAW;AAAA,IAAK;AACxE,QAAI,EAAE,WAAW,UAAU;AACzB,YAAM,IAAI,MAAM,yCAAyC,EAAE,OAAO,WAAW,SAAS,EAAE;AAAA,IAC1F;AACA,UAAM,EAAE,SAAS,QAAQ,iBAAiB,EAAE,SAAS,WAAW,KAAK;AAAA,EACvE;AACA,SAAO;AACT;AAGA,SAAS,oBAAoB,YAAkC,KAAa,QAAqB;AAC/F,QAAM,UAAU;AAAA,IACd,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,SAAS,OAAO;AAAA,IAChB,SAAS;AAAA,MACP,aAAa,OAAO,KAAK,WAAW,UAAU,CAAC,EAAE,SAAS,QAAQ;AAAA,MAClE,MAAM;AAAA,IACR;AAAA,IACA,UAAU;AAAA,MACR,QAAQ,OAAO;AAAA,MACf,SAAS,OAAO;AAAA,MAChB,QAAQ,OAAO;AAAA,MACf,OAAO,OAAO;AAAA,MACd,OAAO,OAAO;AAAA,IAChB;AAAA,EACF;AACA,SAAO,OAAO,KAAK,KAAK,UAAU,OAAO,CAAC,EAAE,SAAS,QAAQ;AAC/D;AAGA,eAAe,gBACb,YAAwB,YAAuB,QAChB;AAC/B,QAAM,aAAa,IAAI,UAAU,OAAO,KAAK;AAC7C,QAAM,iBAAiB,IAAI,UAAU,OAAO,KAAK;AACjD,QAAM,kBAAkB,MAAM,WAAW,eAAe,UAAU;AAClE,QAAM,YAAY,iBAAiB,MAAM,OAAO,qBAAqB,IACjE,wBACA;AAEJ,QAAM,WAAW,MAAM,QAAQ,YAAY,YAAY,aAAa,SAAS;AAC7E,QAAM,SAAS,OAAO,OAAO,MAAM;AAEnC,QAAM,YAAY,MAAM,0BAA0B,YAAY,YAAY,MAAM,SAAS;AACzF,QAAM,UAAU,MAAM,0BAA0B,YAAY,gBAAgB,MAAM,SAAS;AAE3F,QAAM,KAAK;AAAA,IACT;AAAA,IAAW;AAAA,IAAY;AAAA,IAAS;AAAA,IAChC;AAAA,IAAQ,SAAS;AAAA,IAAU,CAAC;AAAA,IAAG;AAAA,EACjC;AAEA,QAAM,EAAE,UAAU,IAAI,MAAM,WAAW,mBAAmB,WAAW;AACrE,QAAM,MAAM,IAAI,mBAAmB;AAAA,IACjC,UAAU;AAAA,IACV,iBAAiB;AAAA,IACjB,cAAc,CAAC,EAAE;AAAA,EACnB,CAAC,EAAE,mBAAmB;AAEtB,SAAO,IAAI,qBAAqB,GAAG;AACrC;AAWO,SAAS,yBAAyB,QAA6B;AACpE,QAAM,EAAE,QAAQ,QAAQ,WAAW,IAAI;AACvC,QAAM,UAAU,OAAO,oBAAoB,cAAc,MAAM;AAC/D,QAAM,WAAW,OAAO,mBAAmB;AAC3C,QAAM,SAAS,OAAO,kBAAkB;AACxC,QAAM,aAAa,IAAI,UAAU,MAAM;AAEvC,SAAO,eAAe,SAAS,KAAa,MAAuC;AAEjF,UAAM,YAAY,MAAM,MAAM,KAAK;AAAA,MACjC,GAAG;AAAA,MAAM,SAAS,EAAE,QAAQ,oBAAoB,GAAG,MAAM,QAAQ;AAAA,IACnE,CAAC;AACD,QAAI,UAAU,WAAW,IAAK,QAAO;AAGrC,UAAM,eAAgB,MAAM,UAAU,KAAK;AAC3C,UAAM,SAAS,aAAa,UAAU,CAAC;AACvC,QAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,0DAA0D;AAGvF,UAAM,aAAa,MAAM,gBAAgB,YAAY,YAAY,MAAM;AAGvE,UAAM,SAAS,MAAM;AAAA,MAAa;AAAA,MAAS;AAAA,MACzC,GAAG,mBAAmB,MAAM,CAAC;AAAA,MAC7B,EAAE,QAAQ,EAAE,aAAa,SAAS,WAAW,UAAU,CAAC,EAAE,EAAE;AAAA,IAAC;AAG/D,UAAM,MAAM,MAAM,iBAAiB,SAAS,QAAQ,QAAQ,OAAO,IAAI,UAAU,QAAQ,MAAM;AAC/F,QAAI,CAAC,IAAK,OAAM,IAAI,MAAM,wDAAwD;AAGlF,UAAM,WAAW,oBAAoB,YAAY,KAAK,MAAM;AAC5D,WAAO,MAAM,KAAK;AAAA,MAChB,GAAG;AAAA,MAAM,SAAS,EAAE,QAAQ,oBAAoB,aAAa,UAAU,GAAG,MAAM,QAAQ;AAAA,IAC1F,CAAC;AAAA,EACH;AACF;AAaO,SAAS,kCAAkC,QAAsC;AACtF,QAAM,EAAE,QAAQ,QAAQ,YAAY,gBAAgB,IAAI;AACxD,QAAM,UAAU,OAAO,oBAAoB,cAAc,MAAM;AAC/D,QAAM,WAAW,OAAO,mBAAmB;AAC3C,QAAM,SAAS,OAAO,kBAAkB;AACxC,QAAM,aAAa,IAAI,UAAU,MAAM;AACvC,QAAM,gBAAgB,oBAAoB,eAAe;AAEzD,SAAO,eAAe,SAAS,KAAa,MAAuC;AAEjF,UAAM,YAAY,MAAM,MAAM,KAAK;AAAA,MACjC,GAAG;AAAA,MAAM,SAAS,EAAE,QAAQ,oBAAoB,GAAG,MAAM,QAAQ;AAAA,IACnE,CAAC;AACD,QAAI,UAAU,WAAW,IAAK,QAAO;AAGrC,UAAM,eAAgB,MAAM,UAAU,KAAK;AAC3C,UAAM,SAAS,aAAa,UAAU,CAAC;AACvC,QAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,0DAA0D;AAGvF,UAAM,aAAa,MAAM,gBAAgB,YAAY,YAAY,MAAM;AAGvE,UAAM,aAAa,MAAM;AAAA,MAAa;AAAA,MAAS;AAAA,MAC7C,GAAG,mBAAmB,MAAM,CAAC;AAAA,MAC7B;AAAA,QACE,QAAQ;AAAA,UACN,aAAa,SAAS,WAAW,UAAU,CAAC;AAAA,UAC5C,QAAQ;AAAA,YACN,MAAM;AAAA,YACN,SAAS,mBAAmB,aAAa;AAAA,UAC3C;AAAA,QACF;AAAA,MACF;AAAA,IAAC;AAEH,UAAM,gBAAgB,WAAW;AACjC,UAAM,kBAAkB,WAAW,WAAW,UAAU,CAAC;AAEzD,QAAI,CAAC,iBAAiB,CAAC,iBAAiB;AACtC,YAAM,IAAI;AAAA,QACR,yEAC0B,aAAa,4BAA4B,MAAM,eAC5D,KAAK,UAAU,UAAU,CAAC;AAAA,MACzC;AAAA,IACF;AAGA,UAAM,gBAAgB,gBAAgB,QAAQ,WACzC,gBAAgB,QAAQ,SAAS,MAAM,GAAG,EAAE,CAAC,KAC7C;AAEL,UAAM,cAAc,YAAY,gBAAgB,SAAS,eAAe;AAGxE,UAAM,eAAe,MAAM;AAAA,MAAa;AAAA,MAAS;AAAA,MAC/C,GAAG,mBAAmB,MAAM,CAAC,iBAAiB,mBAAmB,aAAa,CAAC;AAAA,MAC/E;AAAA,QACE,WAAW,CAAC;AAAA,UACV,QAAQ,mBAAmB,aAAa;AAAA,UACxC,WAAW;AAAA,QACb,CAAC;AAAA,MACH;AAAA,IAAC;AAGH,UAAM,MAAM,MAAM;AAAA,MAChB;AAAA,MAAS;AAAA,MAAQ;AAAA,MAAQ;AAAA,MAAe;AAAA,MAAU;AAAA,MAAQ;AAAA,IAAY;AACxE,QAAI,CAAC,IAAK,OAAM,IAAI,MAAM,wDAAwD;AAGlF,UAAM,WAAW,oBAAoB,YAAY,KAAK,MAAM;AAC5D,WAAO,MAAM,KAAK;AAAA,MAChB,GAAG;AAAA,MAAM,SAAS,EAAE,QAAQ,oBAAoB,aAAa,UAAU,GAAG,MAAM,QAAQ;AAAA,IAC1F,CAAC;AAAA,EACH;AACF;","names":[]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@relai-fi/x402",
-  "version": "0.5.21",
+  "version": "0.5.22",
   "description": "Unified x402 payment SDK for Solana, Base, Avalanche, SKALE Base, SKALE BITE, Polygon, and Ethereum. Automatic 402 handling with zero gas fees.",
   "main": "dist/index.cjs",
   "module": "dist/index.js",
@@ -43,7 +43,8 @@
   "dependencies": {
     "@solana/spl-token": "^0.4.14",
     "@solana/web3.js": "^1.98.4",
-    "axios": "^1.6.7"
+    "axios": "^1.6.7",
+    "tweetnacl": "^1.0.3"
   },
   "devDependencies": {
     "@types/node": "^20.19.24",