@relai-fi/x402 0.6.4 → 0.6.6

package/dist/index.cjs

@@ -7539,7 +7539,8 @@ var Relai = class {
     }
     const isRelAI = this.facilitatorUrl.includes("facilitator.x402.fi") || this.facilitatorUrl.includes("relai");
     if (isRelAI) {
-      const relaiFeePayer = "0x1892f72fdB3A966b2AD8595aA5f7741Ef72d6085";
+      const isSolanaNetwork2 = caip2.startsWith("solana:");
+      const relaiFeePayer = isSolanaNetwork2 ? "4x4ZhcqiT1FnirM8Ne97iVupkN4NcQgc2YYbE2jDZbZn" : "0x1892f72fdB3A966b2AD8595aA5f7741Ef72d6085";
       this.feePayerCache.set(caip2, relaiFeePayer);
       return relaiFeePayer;
     }
@@ -7623,7 +7624,6 @@ var Relai = class {
         const integritasMode = integritasFlow === "single" ? "single_signature_fee_included" : integritasFlow === "dual" ? "dual_signature_split" : void 0;
         const paymentHeader = req.headers["x-payment"] || req.headers["payment-signature"] || req.headers["x-payment-signature"];
         const authHeader = req.headers["authorization"] || "";
-        console.log(`[Relai] MPP check: paymentHeader=${!!paymentHeader}, hasMpp=${!!self.mpp}, authHeader=${authHeader?.slice(0, 30)}`);
         if (!paymentHeader && self.mpp && /^Payment\s+/i.test(authHeader)) {
           try {
             const mppAmount = resolvedPrice.toFixed(6);
@@ -7635,10 +7635,7 @@ var Relai = class {
             const mppRequest = new Request(mppUrl, { method: req.method, headers: mppHeaders });
             const chargeHandler = self.mpp.charge({ amount: mppAmount });
             const mppResult = await chargeHandler(mppRequest);
-            console.log(`[Relai] MPP charge result: status=${mppResult.status}, keys=${Object.keys(mppResult)}, hasChallenge=${!!mppResult.challenge}, hasWithReceipt=${!!mppResult.withReceipt}`);
             if (mppResult.status === 402 && mppResult.challenge instanceof Response) {
-              const retryAuth = mppResult.challenge.headers.get("www-authenticate");
-              console.log(`[Relai] MPP re-challenged (credential not accepted). New WWW-Auth: ${retryAuth?.slice(0, 60)}`);
             }
             if (mppResult.status !== 200 && !mppResult.withReceipt && mppResult.status !== 402) {
               if (self.plugins.length > 0) {
@@ -7681,7 +7678,10 @@ var Relai = class {
                 const dummyResponse = new Response(null);
                 const receiptResponse = mppResult.withReceipt(dummyResponse);
                 const receiptHeader = receiptResponse.headers.get("payment-receipt");
-                if (receiptHeader) res.setHeader("Payment-Receipt", receiptHeader);
+                if (receiptHeader) {
+                  res.setHeader?.("Payment-Receipt", receiptHeader);
+                  res.setHeader?.("Cache-Control", "private");
+                }
               }
               options.onPaymentSettled?.(req, {
                 success: true,
@@ -7898,12 +7898,13 @@ var Relai = class {
               if (mppResult?.challenge instanceof Response) {
                 const wwwAuth = mppResult.challenge.headers.get("www-authenticate");
                 if (wwwAuth) {
-                  res.setHeader("WWW-Authenticate", wwwAuth);
+                  res.setHeader?.("WWW-Authenticate", wwwAuth);
                 }
               }
             } catch {
             }
           }
+          res.setHeader?.("Cache-Control", "no-store");
           return res.status(402).json(paymentRequiredResponse);
         }
         let paymentProof;
@@ -7920,39 +7921,6 @@ var Relai = class {
             });
           }
         }
-        if (paymentProof.bridged === true && paymentProof.targetTxId) {
-          console.log(`[Relai] Bridged payment accepted: source=${paymentProof.sourceTxId}, target=${paymentProof.targetTxId}`);
-          const paymentInfo2 = {
-            verified: true,
-            transactionId: paymentProof.targetTxId,
-            payer: paymentProof.sourceTxId || "bridge",
-            network,
-            amount: resolvedPrice
-          };
-          req.payment = paymentInfo2;
-          req.x402Payer = paymentProof.sourceTxId || "bridge";
-          req.x402Paid = true;
-          req.x402Transaction = paymentProof.targetTxId;
-          req.x402Network = network;
-          req.x402Bridged = true;
-          req.x402SourceChain = paymentProof.sourceChain;
-          const paymentResponse2 = {
-            x402Version: 2,
-            scheme: "exact",
-            network: caip2,
-            transaction: paymentProof.targetTxId,
-            payer: paymentProof.sourceTxId,
-            amount: amount2,
-            asset,
-            bridged: true
-          };
-          res.setHeader(
-            "PAYMENT-RESPONSE",
-            Buffer.from(JSON.stringify(paymentResponse2)).toString("base64")
-          );
-          options.onPaymentSettled?.(req, { success: true, transaction: paymentProof.targetTxId, payer: paymentProof.sourceTxId });
-          return next();
-        }
         let settlePayTo;
         if (stripeConfig) {
           settlePayTo = paymentProof.payload?.authorization?.to || paymentProof.accepted?.payTo || "";
@@ -8099,6 +8067,73 @@ var server_default = Relai;
 // src/client.ts
 var import_web3 = require("@solana/web3.js");
 var import_spl_token = require("@solana/spl-token");
+
+// src/bridge.ts
+var RELAI_API_BASE = "https://api.relai.fi";
+var _cacheMap = /* @__PURE__ */ new Map();
+var CACHE_TTL = 5 * 60 * 1e3;
+async function getBridgeInfo(baseUrl = RELAI_API_BASE) {
+  const key = baseUrl.replace(/\/$/, "");
+  const now = Date.now();
+  const cached2 = _cacheMap.get(key);
+  if (cached2 && now - cached2.time < CACHE_TTL) return cached2.info;
+  const url2 = `${key}/bridge/info`;
+  const res = await fetch(url2);
+  if (!res.ok) {
+    if (cached2) return cached2.info;
+    throw new Error(`[relai:bridge] Failed to fetch ${url2}: ${res.status}`);
+  }
+  const data = await res.json();
+  const info = {
+    settleEndpoint: data.settleEndpoint,
+    supportedSourceChains: data.supportedSourceChains || [],
+    supportedSourceAssets: data.supportedSourceAssets || [],
+    payTo: data.payTo || {},
+    feePayerSvm: data.feePayerSvm ?? null,
+    feeBps: data.feeBps ?? 100,
+    paymentFacilitator: data.paymentFacilitator || "https://facilitator.x402.fi"
+  };
+  _cacheMap.set(key, { info, time: now });
+  return info;
+}
+async function settleBridge(settleEndpoint, body) {
+  const res = await fetch(settleEndpoint, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({}));
+    throw new Error(`[relai:bridge] settle failed: ${err.error || res.status}${err.details ? " \u2014 " + err.details : ""}`);
+  }
+  return res.json();
+}
+function selectSourceChain(supportedChains, hasEvmWallet, hasSolanaWallet, preferredSourceChainId) {
+  if (preferredSourceChainId && hasEvmWallet) {
+    const preferred = `eip155:${preferredSourceChainId}`;
+    if (supportedChains.includes(preferred)) {
+      return { type: "evm", chain: preferred };
+    }
+  }
+  if (hasSolanaWallet) {
+    const sol = supportedChains.find((c) => c.startsWith("solana:"));
+    if (sol) return { type: "solana", chain: sol };
+  }
+  if (hasEvmWallet) {
+    for (const chain of supportedChains) {
+      if (chain.startsWith("eip155:")) {
+        return { type: "evm", chain };
+      }
+    }
+  }
+  return null;
+}
+function computeSourceAmount(targetAmount, feeBps) {
+  const fee = targetAmount * BigInt(feeBps) / 10000n;
+  return targetAmount + fee;
+}
+
+// src/client.ts
 var PERMIT_NETWORKS = /* @__PURE__ */ new Set([]);
 var DEFAULT_EVM_RPC_URLS = {
   "skale-base": "https://skale-base.skalenodes.com/v1/base",
@@ -8124,7 +8159,8 @@ function createX402Client(config2) {
     integritas,
     verbose = false,
     defaultHeaders = {},
-    mpp
+    mpp,
+    bridge: bridgeConfig
   } = config2;
   const relayWsEnabled = relayWs?.enabled === true;
   const relayWsPreflightTimeoutMs = relayWs?.preflightTimeoutMs ?? 5e3;
@@ -8543,6 +8579,38 @@ function createX402Client(config2) {
     }
     return null;
   }
+  function extractMppChallengeFromWsError(error48) {
+    if (isRecord(error48) && typeof error48.mppChallenge === "string") {
+      return error48.mppChallenge;
+    }
+    if (isRecord(error48.data) && typeof error48.data.mppChallenge === "string") {
+      return error48.data.mppChallenge;
+    }
+    const metadata = isRecord(error48) ? error48.responseHeaders : void 0;
+    if (isRecord(metadata)) {
+      for (const [key, value] of Object.entries(metadata)) {
+        if (key.toLowerCase() === "www-authenticate" && typeof value === "string") {
+          if (/^Payment\s+/i.test(value.trim())) {
+            return value;
+          }
+        }
+      }
+    }
+    return null;
+  }
+  function buildSyntheticMppResponse(mppChallenge, wsError) {
+    const headers = new Headers();
+    headers.set("WWW-Authenticate", mppChallenge);
+    const responseHeaders = isRecord(wsError) ? wsError.responseHeaders : void 0;
+    if (isRecord(responseHeaders)) {
+      for (const [key, value] of Object.entries(responseHeaders)) {
+        if (typeof value === "string" && key.toLowerCase() !== "www-authenticate") {
+          headers.set(key, value);
+        }
+      }
+    }
+    return new Response(null, { status: 402, headers });
+  }
   function buildWsResponse(wsResponse) {
     const statusFromMetadata = isRecord(wsResponse.metadata) && typeof wsResponse.metadata.status === "number" ? wsResponse.metadata.status : 200;
     const status = Number.isInteger(statusFromMetadata) && statusFromMetadata >= 100 && statusFromMetadata <= 599 ? statusFromMetadata : 200;
@@ -9037,6 +9105,41 @@ function createX402Client(config2) {
         if (Number(wsPreflightResponse.error.code) !== 402) {
           throw new Error(wsPreflightResponse.error.message || "[relai-x402] WebSocket relay request failed");
         }
+        if (mpp) {
+          const mppChallenge = extractMppChallengeFromWsError(wsPreflightResponse.error);
+          if (mppChallenge) {
+            log("MPP challenge detected in WS 402 response");
+            try {
+              const syntheticResponse = buildSyntheticMppResponse(mppChallenge, wsPreflightResponse.error);
+              const credential = await mpp.createCredential(syntheticResponse);
+              if (credential) {
+                log("MPP credential created, retrying via WS with Authorization: Payment");
+                wsPaymentPhaseStarted = true;
+                const wsMppResponse = await relayCallOverWebSocket({
+                  relayUrl: url2,
+                  requestMethod,
+                  requestHeaders: {
+                    ...requestHeaders,
+                    "Authorization": credential.startsWith("Payment ") ? credential : `Payment ${credential}`
+                  },
+                  requestBody,
+                  timeoutMs: relayWsPaymentTimeoutMs
+                });
+                if (!wsMppResponse.error) {
+                  return buildWsResponse(wsMppResponse);
+                }
+                if (Number(wsMppResponse.error.code) !== 402) {
+                  throw new Error(wsMppResponse.error.message || "[relai-x402] WebSocket MPP retry failed");
+                }
+                log("MPP retry via WS still returned 402, falling through to x402 WS flow");
+                wsPaymentPhaseStarted = false;
+              }
+            } catch (mppWsErr) {
+              if (wsPaymentPhaseStarted) throw mppWsErr;
+              log(`MPP over WS failed (${mppWsErr instanceof Error ? mppWsErr.message : mppWsErr}), falling through to x402 WS flow`);
+            }
+          }
+        }
         const wsRequirements = extractPaymentRequirementsFromWsError(wsPreflightResponse.error);
         if (!wsRequirements) {
           throw new Error(
@@ -9054,6 +9157,17 @@ function createX402Client(config2) {
         }
         const wsSelected = selectAccept(wsAccepts);
         if (!wsSelected) {
+          const wsBridge = getBridgeExtension(wsRequirements);
+          if (wsBridge && selectBridgeSource(wsBridge)) {
+            log("No direct wallet match in WS flow \u2014 attempting bridge extension");
+            wsPaymentPhaseStarted = true;
+            const bridgePaymentHeader = await executeBridgePayment(wsBridge, wsAccepts, wsRequirements, url2);
+            log("Retrying with X-PAYMENT header (bridge via WS fallback to HTTP)");
+            return fetch(input, {
+              ...stripInternalInit(init) || {},
+              headers: { ...requestHeaders, "X-PAYMENT": bridgePaymentHeader }
+            });
+          }
           throw new Error(buildNoWalletError(wsAccepts, true));
         }
         const { accept: accept2, chain: chain2 } = wsSelected;
@@ -9161,6 +9275,70 @@ function createX402Client(config2) {
           headers: { ...requestHeaders, "X-PAYMENT": paymentHeader }
         });
       }
+      if (bridgeConfig?.enabled) {
+        log("No direct wallet match \u2014 attempting auto-bridge via RelAI API");
+        try {
+          const info = await getBridgeInfo(bridgeConfig.baseUrl);
+          const targetAccept = accepts[0];
+          const hasEvm = !!effectiveWallets.evm;
+          const hasSol = !!hasSolanaWallet;
+          const source = selectSourceChain(info.supportedSourceChains, hasEvm, hasSol);
+          if (source) {
+            const bridgePayTo = info.payTo[source.chain];
+            if (bridgePayTo) {
+              const targetAmount = targetAccept.amount || targetAccept.maxAmountRequired;
+              const sourceAmount = computeSourceAmount(BigInt(targetAmount), info.feeBps).toString();
+              const sourceChainIdx = info.supportedSourceChains.indexOf(source.chain);
+              const sourceAsset = sourceChainIdx >= 0 && info.supportedSourceAssets[sourceChainIdx] || (source.type === "evm" ? info.supportedSourceAssets.find((a) => a.startsWith("0x")) || targetAccept.asset : info.supportedSourceAssets.find((a) => !a.startsWith("0x")) || "");
+              let sourcePaymentHeader;
+              const sourceAccept = {
+                scheme: "exact",
+                network: source.chain,
+                asset: sourceAsset,
+                payTo: bridgePayTo,
+                amount: sourceAmount,
+                extra: {
+                  ...targetAccept.extra || {},
+                  ...source.type === "solana" && info.feePayerSvm ? { feePayer: info.feePayerSvm } : {}
+                }
+              };
+              if (source.type === "solana" && hasSolanaWallet) {
+                sourcePaymentHeader = await buildSolanaPayment(sourceAccept, requirements, url2);
+              } else if (source.type === "evm") {
+                const evmNetwork = normalizeNetwork(source.chain);
+                const usePermit = evmNetwork && PERMIT_NETWORKS.has(evmNetwork);
+                sourcePaymentHeader = usePermit ? await buildEvmPermitPayment(sourceAccept, requirements, url2) : await buildEvmPayment(sourceAccept, requirements, url2);
+              } else {
+                throw new Error(`[relai-x402] No wallet for source chain type: ${source.type}`);
+              }
+              const settleData = await settleBridge(info.settleEndpoint, {
+                sourcePayment: sourcePaymentHeader,
+                sourceChain: source.chain,
+                targetAccept: {
+                  scheme: "exact",
+                  network: targetAccept.network,
+                  asset: targetAccept.asset,
+                  payTo: targetAccept.payTo,
+                  amount: targetAmount
+                },
+                requirements,
+                resource: url2,
+                paymentFacilitator: info.paymentFacilitator
+              });
+              if (settleData.xPayment) {
+                log(`Auto-bridge settled: target=${settleData.targetTxId}`);
+                return fetch(input, {
+                  ...requestInitWithHeaders,
+                  headers: { ...requestHeaders, "X-PAYMENT": settleData.xPayment }
+                });
+              }
+              throw new Error("[relai-x402] Bridge settle did not return xPayment");
+            }
+          }
+        } catch (bridgeErr) {
+          log(`Auto-bridge failed: ${bridgeErr instanceof Error ? bridgeErr.message : bridgeErr}`);
+        }
+      }
       throw new Error(buildNoWalletError(accepts, false));
     }
     const { accept, chain } = selected;
@@ -22856,8 +23034,50 @@ var charge = Method_exports.from({
   }
 });
 
-// src/mpp/evm-server.ts
+// src/mpp/verify-erc20.ts
 var TRANSFER_EVENT_TOPIC = "0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef";
+async function verifyErc20Transfer(opts) {
+  const { txHash, rpcUrl, tokenAddress, recipient, expectedAmount } = opts;
+  let receipt = null;
+  for (let attempt = 0; attempt < 5; attempt++) {
+    const receiptRes = await fetch(rpcUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: 1,
+        method: "eth_getTransactionReceipt",
+        params: [txHash]
+      })
+    });
+    const receiptData = await receiptRes.json();
+    if (receiptData.error) {
+      throw new Error(`RPC error: ${receiptData.error.message}`);
+    }
+    receipt = receiptData.result;
+    if (receipt) break;
+    await new Promise((r) => setTimeout(r, (attempt + 1) * 1e3));
+  }
+  if (!receipt) {
+    throw new Error("Transaction not found or not yet confirmed");
+  }
+  if (receipt.status !== "0x1") {
+    throw new Error("Transaction failed on-chain");
+  }
+  const recipientPadded = "0x" + recipient.slice(2).toLowerCase().padStart(64, "0");
+  const tokenLower = tokenAddress.toLowerCase();
+  const matchingLog = receipt.logs.find((log) => {
+    if (log.address.toLowerCase() !== tokenLower) return false;
+    if (log.topics[0] !== TRANSFER_EVENT_TOPIC) return false;
+    if (log.topics[2]?.toLowerCase() !== recipientPadded) return false;
+    return BigInt(log.data) >= expectedAmount;
+  });
+  if (!matchingLog) {
+    throw new Error("No matching ERC-20 Transfer found for recipient and amount");
+  }
+}
+
+// src/mpp/evm-server.ts
 function evmCharge(config2) {
   const {
     recipient,
@@ -22899,39 +23119,13 @@ function evmCharge(config2) {
       if (!txHash || !txHash.startsWith("0x")) {
         throw new Error("Missing or invalid transaction hash in credential payload");
       }
-      const expectedAmount = BigInt(cred.challenge.request.amount);
-      const receiptRes = await fetch(rpcUrl, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({
-          jsonrpc: "2.0",
-          id: 1,
-          method: "eth_getTransactionReceipt",
-          params: [txHash]
-        })
-      });
-      const receiptData = await receiptRes.json();
-      if (receiptData.error) {
-        throw new Error(`RPC error: ${receiptData.error.message}`);
-      }
-      const receipt = receiptData.result;
-      if (!receipt) {
-        throw new Error("Transaction not found or not yet confirmed");
-      }
-      if (receipt.status !== "0x1") {
-        throw new Error("Transaction failed on-chain");
-      }
-      const recipientPadded = "0x" + recipient.slice(2).toLowerCase().padStart(64, "0");
-      const tokenLower = tokenAddress.toLowerCase();
-      const matchingLog = receipt.logs.find((log) => {
-        if (log.address.toLowerCase() !== tokenLower) return false;
-        if (log.topics[0] !== TRANSFER_EVENT_TOPIC) return false;
-        if (log.topics[2]?.toLowerCase() !== recipientPadded) return false;
-        return BigInt(log.data) >= expectedAmount;
+      await verifyErc20Transfer({
+        txHash,
+        rpcUrl,
+        tokenAddress,
+        recipient,
+        expectedAmount: BigInt(cred.challenge.request.amount)
       });
-      if (!matchingLog) {
-        throw new Error("No matching ERC-20 Transfer found for recipient and amount");
-      }
       return Receipt_exports.from({
         method: "evm",
         reference: txHash,
@@ -26257,6 +26451,65 @@ async function waitForReceipt(rpcUrl, txHash, timeoutMs = 3e4) {
   }
   return false;
 }
+
+// src/mpp/bridge-method.ts
+var charge2 = Method_exports.from({
+  intent: "charge",
+  name: "bridge",
+  schema: {
+    credential: {
+      payload: zod_exports.object({
+        /** "settled" = client called bridge settle, targetTxHash is proof */
+        type: zod_exports.string(),
+        /** Target chain tx hash (0x-prefixed) — server verifies on-chain */
+        targetTxHash: zod_exports.optional(zod_exports.string()),
+        /** Source chain tx hash/signature (for auditing) */
+        sourceTxHash: zod_exports.optional(zod_exports.string()),
+        /** CAIP-2 source chain used */
+        sourceChain: zod_exports.optional(zod_exports.string())
+      })
+    },
+    request: zod_exports.object({
+      /** Amount in target token base units */
+      amount: zod_exports.string(),
+      /** Target ERC-20 token contract address */
+      currency: zod_exports.string(),
+      /** Target chain recipient address (merchant) */
+      recipient: zod_exports.string(),
+      /** Human-readable description */
+      description: zod_exports.optional(zod_exports.string()),
+      methodDetails: zod_exports.object({
+        /** Target chain ID (where the merchant gets paid) */
+        targetChainId: zod_exports.number(),
+        /** Human-readable target network name (e.g. "skale-base") */
+        targetNetwork: zod_exports.optional(zod_exports.string()),
+        /** Target chain RPC URL (for server-side verification) */
+        targetRpcUrl: zod_exports.optional(zod_exports.string()),
+        /** Target token decimals */
+        targetDecimals: zod_exports.optional(zod_exports.number()),
+        /** Bridge settle endpoint URL */
+        settleEndpoint: zod_exports.string(),
+        /** Supported source chains (CAIP-2 format, e.g. ["eip155:8453", "solana:5eykt4..."]) */
+        supportedSourceChains: zod_exports.array(zod_exports.string()),
+        /** Supported source token addresses */
+        supportedSourceAssets: zod_exports.optional(zod_exports.array(zod_exports.string())),
+        /** Bridge receiver addresses per source chain: { [caip2]: address } */
+        payToMap: zod_exports.record(zod_exports.string(), zod_exports.string()),
+        /** Solana fee payer address (bridge facilitator sponsors gas) */
+        feePayerSvm: zod_exports.optional(zod_exports.string()),
+        /** Bridge fee in basis points */
+        feeBps: zod_exports.optional(zod_exports.number()),
+        /** Payment facilitator URL */
+        paymentFacilitator: zod_exports.optional(zod_exports.string()),
+        /** Unique reference ID (for replay protection) */
+        reference: zod_exports.string()
+      })
+    })
+  }
+});
+
+// src/mpp/bridge-server.ts
+var BRIDGE_INFO_TTL_MS = 5 * 60 * 1e3;
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   BASE_MAINNET_NETWORK,