@relai-fi/x402 0.6.5 → 0.6.7

package/dist/mpp/verify-erc20.cjs

@@ -0,0 +1,71 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/mpp/verify-erc20.ts
+var verify_erc20_exports = {};
+__export(verify_erc20_exports, {
+  verifyErc20Transfer: () => verifyErc20Transfer
+});
+module.exports = __toCommonJS(verify_erc20_exports);
+var TRANSFER_EVENT_TOPIC = "0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef";
+async function verifyErc20Transfer(opts) {
+  const { txHash, rpcUrl, tokenAddress, recipient, expectedAmount } = opts;
+  let receipt = null;
+  for (let attempt = 0; attempt < 5; attempt++) {
+    const receiptRes = await fetch(rpcUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: 1,
+        method: "eth_getTransactionReceipt",
+        params: [txHash]
+      })
+    });
+    const receiptData = await receiptRes.json();
+    if (receiptData.error) {
+      throw new Error(`RPC error: ${receiptData.error.message}`);
+    }
+    receipt = receiptData.result;
+    if (receipt) break;
+    await new Promise((r) => setTimeout(r, (attempt + 1) * 1e3));
+  }
+  if (!receipt) {
+    throw new Error("Transaction not found or not yet confirmed");
+  }
+  if (receipt.status !== "0x1") {
+    throw new Error("Transaction failed on-chain");
+  }
+  const recipientPadded = "0x" + recipient.slice(2).toLowerCase().padStart(64, "0");
+  const tokenLower = tokenAddress.toLowerCase();
+  const matchingLog = receipt.logs.find((log) => {
+    if (log.address.toLowerCase() !== tokenLower) return false;
+    if (log.topics[0] !== TRANSFER_EVENT_TOPIC) return false;
+    if (log.topics[2]?.toLowerCase() !== recipientPadded) return false;
+    return BigInt(log.data) >= expectedAmount;
+  });
+  if (!matchingLog) {
+    throw new Error("No matching ERC-20 Transfer found for recipient and amount");
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  verifyErc20Transfer
+});
+//# sourceMappingURL=verify-erc20.cjs.map

package/dist/mpp/verify-erc20.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/mpp/verify-erc20.ts"],"sourcesContent":["/**\n * Shared ERC-20 Transfer verification utility.\n *\n * Used by both evm-server.ts (direct payments) and bridge-server.ts\n * (bridged payments on the target chain).\n */\n\nconst TRANSFER_EVENT_TOPIC = '0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef'\n\nexport interface VerifyErc20TransferOptions {\n  /** Transaction hash (0x-prefixed) */\n  txHash: string\n  /** RPC URL for the chain */\n  rpcUrl: string\n  /** ERC-20 token contract address */\n  tokenAddress: string\n  /** Expected recipient address */\n  recipient: string\n  /** Minimum expected amount in base units */\n  expectedAmount: bigint\n}\n\n/**\n * Verify that an on-chain transaction contains a valid ERC-20 Transfer event\n * to the expected recipient for at least the expected amount.\n *\n * @throws if the transaction is missing, failed, or doesn't match.\n */\nexport async function verifyErc20Transfer(opts: VerifyErc20TransferOptions): Promise<void> {\n  const { txHash, rpcUrl, tokenAddress, recipient, expectedAmount } = opts\n\n  // Poll for receipt — the transaction may take a few seconds to be indexed by the RPC node\n  let receipt: any = null\n  for (let attempt = 0; attempt < 5; attempt++) {\n    const receiptRes = await fetch(rpcUrl, {\n      method: 'POST',\n      headers: { 'Content-Type': 'application/json' },\n      body: JSON.stringify({\n        jsonrpc: '2.0', id: 1,\n        method: 'eth_getTransactionReceipt',\n        params: [txHash],\n      }),\n    })\n    const receiptData = await receiptRes.json() as { result?: any; error?: { message: string } }\n\n    if (receiptData.error) {\n      throw new Error(`RPC error: ${receiptData.error.message}`)\n    }\n\n    receipt = receiptData.result\n    if (receipt) break\n    // Wait before retrying (1s, 2s, 3s, 4s)\n    await new Promise((r) => setTimeout(r, (attempt + 1) * 1000))\n  }\n\n  if (!receipt) {\n    throw new Error('Transaction not found or not yet confirmed')\n  }\n  if (receipt.status !== '0x1') {\n    throw new Error('Transaction failed on-chain')\n  }\n\n  // Verify ERC-20 Transfer event\n  const recipientPadded = '0x' + recipient.slice(2).toLowerCase().padStart(64, '0')\n  const tokenLower = tokenAddress.toLowerCase()\n\n  const matchingLog = (receipt.logs as any[]).find((log: any) => {\n    if (log.address.toLowerCase() !== tokenLower) return false\n    if (log.topics[0] !== TRANSFER_EVENT_TOPIC) return false\n    if (log.topics[2]?.toLowerCase() !== recipientPadded) return false\n    return BigInt(log.data) >= expectedAmount\n  })\n\n  if (!matchingLog) {\n    throw new Error('No matching ERC-20 Transfer found for recipient and amount')\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAOA,IAAM,uBAAuB;AAqB7B,eAAsB,oBAAoB,MAAiD;AACzF,QAAM,EAAE,QAAQ,QAAQ,cAAc,WAAW,eAAe,IAAI;AAGpE,MAAI,UAAe;AACnB,WAAS,UAAU,GAAG,UAAU,GAAG,WAAW;AAC5C,UAAM,aAAa,MAAM,MAAM,QAAQ;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,SAAS;AAAA,QAAO,IAAI;AAAA,QACpB,QAAQ;AAAA,QACR,QAAQ,CAAC,MAAM;AAAA,MACjB,CAAC;AAAA,IACH,CAAC;AACD,UAAM,cAAc,MAAM,WAAW,KAAK;AAE1C,QAAI,YAAY,OAAO;AACrB,YAAM,IAAI,MAAM,cAAc,YAAY,MAAM,OAAO,EAAE;AAAA,IAC3D;AAEA,cAAU,YAAY;AACtB,QAAI,QAAS;AAEb,UAAM,IAAI,QAAQ,CAAC,MAAM,WAAW,IAAI,UAAU,KAAK,GAAI,CAAC;AAAA,EAC9D;AAEA,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AACA,MAAI,QAAQ,WAAW,OAAO;AAC5B,UAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AAGA,QAAM,kBAAkB,OAAO,UAAU,MAAM,CAAC,EAAE,YAAY,EAAE,SAAS,IAAI,GAAG;AAChF,QAAM,aAAa,aAAa,YAAY;AAE5C,QAAM,cAAe,QAAQ,KAAe,KAAK,CAAC,QAAa;AAC7D,QAAI,IAAI,QAAQ,YAAY,MAAM,WAAY,QAAO;AACrD,QAAI,IAAI,OAAO,CAAC,MAAM,qBAAsB,QAAO;AACnD,QAAI,IAAI,OAAO,CAAC,GAAG,YAAY,MAAM,gBAAiB,QAAO;AAC7D,WAAO,OAAO,IAAI,IAAI,KAAK;AAAA,EAC7B,CAAC;AAED,MAAI,CAAC,aAAa;AAChB,UAAM,IAAI,MAAM,4DAA4D;AAAA,EAC9E;AACF;","names":[]}

package/dist/mpp/verify-erc20.d.cts

@@ -0,0 +1,27 @@
+/**
+ * Shared ERC-20 Transfer verification utility.
+ *
+ * Used by both evm-server.ts (direct payments) and bridge-server.ts
+ * (bridged payments on the target chain).
+ */
+interface VerifyErc20TransferOptions {
+    /** Transaction hash (0x-prefixed) */
+    txHash: string;
+    /** RPC URL for the chain */
+    rpcUrl: string;
+    /** ERC-20 token contract address */
+    tokenAddress: string;
+    /** Expected recipient address */
+    recipient: string;
+    /** Minimum expected amount in base units */
+    expectedAmount: bigint;
+}
+/**
+ * Verify that an on-chain transaction contains a valid ERC-20 Transfer event
+ * to the expected recipient for at least the expected amount.
+ *
+ * @throws if the transaction is missing, failed, or doesn't match.
+ */
+declare function verifyErc20Transfer(opts: VerifyErc20TransferOptions): Promise<void>;
+
+export { type VerifyErc20TransferOptions, verifyErc20Transfer };

package/dist/mpp/verify-erc20.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Shared ERC-20 Transfer verification utility.
+ *
+ * Used by both evm-server.ts (direct payments) and bridge-server.ts
+ * (bridged payments on the target chain).
+ */
+interface VerifyErc20TransferOptions {
+    /** Transaction hash (0x-prefixed) */
+    txHash: string;
+    /** RPC URL for the chain */
+    rpcUrl: string;
+    /** ERC-20 token contract address */
+    tokenAddress: string;
+    /** Expected recipient address */
+    recipient: string;
+    /** Minimum expected amount in base units */
+    expectedAmount: bigint;
+}
+/**
+ * Verify that an on-chain transaction contains a valid ERC-20 Transfer event
+ * to the expected recipient for at least the expected amount.
+ *
+ * @throws if the transaction is missing, failed, or doesn't match.
+ */
+declare function verifyErc20Transfer(opts: VerifyErc20TransferOptions): Promise<void>;
+
+export { type VerifyErc20TransferOptions, verifyErc20Transfer };

package/dist/mpp/verify-erc20.js

@@ -0,0 +1,46 @@
+// src/mpp/verify-erc20.ts
+var TRANSFER_EVENT_TOPIC = "0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef";
+async function verifyErc20Transfer(opts) {
+  const { txHash, rpcUrl, tokenAddress, recipient, expectedAmount } = opts;
+  let receipt = null;
+  for (let attempt = 0; attempt < 5; attempt++) {
+    const receiptRes = await fetch(rpcUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: 1,
+        method: "eth_getTransactionReceipt",
+        params: [txHash]
+      })
+    });
+    const receiptData = await receiptRes.json();
+    if (receiptData.error) {
+      throw new Error(`RPC error: ${receiptData.error.message}`);
+    }
+    receipt = receiptData.result;
+    if (receipt) break;
+    await new Promise((r) => setTimeout(r, (attempt + 1) * 1e3));
+  }
+  if (!receipt) {
+    throw new Error("Transaction not found or not yet confirmed");
+  }
+  if (receipt.status !== "0x1") {
+    throw new Error("Transaction failed on-chain");
+  }
+  const recipientPadded = "0x" + recipient.slice(2).toLowerCase().padStart(64, "0");
+  const tokenLower = tokenAddress.toLowerCase();
+  const matchingLog = receipt.logs.find((log) => {
+    if (log.address.toLowerCase() !== tokenLower) return false;
+    if (log.topics[0] !== TRANSFER_EVENT_TOPIC) return false;
+    if (log.topics[2]?.toLowerCase() !== recipientPadded) return false;
+    return BigInt(log.data) >= expectedAmount;
+  });
+  if (!matchingLog) {
+    throw new Error("No matching ERC-20 Transfer found for recipient and amount");
+  }
+}
+export {
+  verifyErc20Transfer
+};
+//# sourceMappingURL=verify-erc20.js.map

package/dist/mpp/verify-erc20.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/mpp/verify-erc20.ts"],"sourcesContent":["/**\n * Shared ERC-20 Transfer verification utility.\n *\n * Used by both evm-server.ts (direct payments) and bridge-server.ts\n * (bridged payments on the target chain).\n */\n\nconst TRANSFER_EVENT_TOPIC = '0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef'\n\nexport interface VerifyErc20TransferOptions {\n  /** Transaction hash (0x-prefixed) */\n  txHash: string\n  /** RPC URL for the chain */\n  rpcUrl: string\n  /** ERC-20 token contract address */\n  tokenAddress: string\n  /** Expected recipient address */\n  recipient: string\n  /** Minimum expected amount in base units */\n  expectedAmount: bigint\n}\n\n/**\n * Verify that an on-chain transaction contains a valid ERC-20 Transfer event\n * to the expected recipient for at least the expected amount.\n *\n * @throws if the transaction is missing, failed, or doesn't match.\n */\nexport async function verifyErc20Transfer(opts: VerifyErc20TransferOptions): Promise<void> {\n  const { txHash, rpcUrl, tokenAddress, recipient, expectedAmount } = opts\n\n  // Poll for receipt — the transaction may take a few seconds to be indexed by the RPC node\n  let receipt: any = null\n  for (let attempt = 0; attempt < 5; attempt++) {\n    const receiptRes = await fetch(rpcUrl, {\n      method: 'POST',\n      headers: { 'Content-Type': 'application/json' },\n      body: JSON.stringify({\n        jsonrpc: '2.0', id: 1,\n        method: 'eth_getTransactionReceipt',\n        params: [txHash],\n      }),\n    })\n    const receiptData = await receiptRes.json() as { result?: any; error?: { message: string } }\n\n    if (receiptData.error) {\n      throw new Error(`RPC error: ${receiptData.error.message}`)\n    }\n\n    receipt = receiptData.result\n    if (receipt) break\n    // Wait before retrying (1s, 2s, 3s, 4s)\n    await new Promise((r) => setTimeout(r, (attempt + 1) * 1000))\n  }\n\n  if (!receipt) {\n    throw new Error('Transaction not found or not yet confirmed')\n  }\n  if (receipt.status !== '0x1') {\n    throw new Error('Transaction failed on-chain')\n  }\n\n  // Verify ERC-20 Transfer event\n  const recipientPadded = '0x' + recipient.slice(2).toLowerCase().padStart(64, '0')\n  const tokenLower = tokenAddress.toLowerCase()\n\n  const matchingLog = (receipt.logs as any[]).find((log: any) => {\n    if (log.address.toLowerCase() !== tokenLower) return false\n    if (log.topics[0] !== TRANSFER_EVENT_TOPIC) return false\n    if (log.topics[2]?.toLowerCase() !== recipientPadded) return false\n    return BigInt(log.data) >= expectedAmount\n  })\n\n  if (!matchingLog) {\n    throw new Error('No matching ERC-20 Transfer found for recipient and amount')\n  }\n}\n"],"mappings":";AAOA,IAAM,uBAAuB;AAqB7B,eAAsB,oBAAoB,MAAiD;AACzF,QAAM,EAAE,QAAQ,QAAQ,cAAc,WAAW,eAAe,IAAI;AAGpE,MAAI,UAAe;AACnB,WAAS,UAAU,GAAG,UAAU,GAAG,WAAW;AAC5C,UAAM,aAAa,MAAM,MAAM,QAAQ;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,SAAS;AAAA,QAAO,IAAI;AAAA,QACpB,QAAQ;AAAA,QACR,QAAQ,CAAC,MAAM;AAAA,MACjB,CAAC;AAAA,IACH,CAAC;AACD,UAAM,cAAc,MAAM,WAAW,KAAK;AAE1C,QAAI,YAAY,OAAO;AACrB,YAAM,IAAI,MAAM,cAAc,YAAY,MAAM,OAAO,EAAE;AAAA,IAC3D;AAEA,cAAU,YAAY;AACtB,QAAI,QAAS;AAEb,UAAM,IAAI,QAAQ,CAAC,MAAM,WAAW,IAAI,UAAU,KAAK,GAAI,CAAC;AAAA,EAC9D;AAEA,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AACA,MAAI,QAAQ,WAAW,OAAO;AAC5B,UAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AAGA,QAAM,kBAAkB,OAAO,UAAU,MAAM,CAAC,EAAE,YAAY,EAAE,SAAS,IAAI,GAAG;AAChF,QAAM,aAAa,aAAa,YAAY;AAE5C,QAAM,cAAe,QAAQ,KAAe,KAAK,CAAC,QAAa;AAC7D,QAAI,IAAI,QAAQ,YAAY,MAAM,WAAY,QAAO;AACrD,QAAI,IAAI,OAAO,CAAC,MAAM,qBAAsB,QAAO;AACnD,QAAI,IAAI,OAAO,CAAC,GAAG,YAAY,MAAM,gBAAiB,QAAO;AAC7D,WAAO,OAAO,IAAI,IAAI,KAAK;AAAA,EAC7B,CAAC;AAED,MAAI,CAAC,aAAa;AAChB,UAAM,IAAI,MAAM,4DAA4D;AAAA,EAC9E;AACF;","names":[]}

package/dist/mpp/verify-spl.cjs

@@ -0,0 +1,96 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/mpp/verify-spl.ts
+var verify_spl_exports = {};
+__export(verify_spl_exports, {
+  verifySplTransfer: () => verifySplTransfer
+});
+module.exports = __toCommonJS(verify_spl_exports);
+async function verifySplTransfer(opts) {
+  const { txSignature, rpcUrl, tokenMint, recipient, expectedAmount } = opts;
+  const res = await fetch(rpcUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      jsonrpc: "2.0",
+      id: 1,
+      method: "getTransaction",
+      params: [
+        txSignature,
+        { encoding: "jsonParsed", commitment: "confirmed", maxSupportedTransactionVersion: 0 }
+      ]
+    })
+  });
+  const data = await res.json();
+  if (data.error) {
+    throw new Error(`Solana RPC error: ${data.error.message}`);
+  }
+  const tx = data.result;
+  if (!tx) {
+    throw new Error("Solana transaction not found or not yet confirmed");
+  }
+  if (tx.meta?.err) {
+    throw new Error(`Solana transaction failed: ${JSON.stringify(tx.meta.err)}`);
+  }
+  const allInstructions = [
+    ...tx.transaction?.message?.instructions || [],
+    ...tx.meta?.innerInstructions?.flatMap((inner) => inner.instructions) || []
+  ];
+  const mintLower = tokenMint.toLowerCase();
+  const recipientLower = recipient.toLowerCase();
+  const matched = allInstructions.some((ix) => {
+    const parsed = ix.parsed;
+    if (!parsed) return false;
+    const type = parsed.type;
+    if (type !== "transfer" && type !== "transferChecked") return false;
+    const info = parsed.info;
+    if (!info) return false;
+    if (type === "transferChecked") {
+      if (info.mint?.toLowerCase() !== mintLower) return false;
+    }
+    const amount = type === "transferChecked" ? BigInt(info.tokenAmount?.amount || "0") : BigInt(info.amount || "0");
+    if (amount < expectedAmount) return false;
+    return true;
+  });
+  const postBalances = tx.meta?.postTokenBalances || [];
+  const preBalances = tx.meta?.preTokenBalances || [];
+  const recipientPostBalance = postBalances.find(
+    (b) => b.mint?.toLowerCase() === mintLower && b.owner?.toLowerCase() === recipientLower
+  );
+  if (!recipientPostBalance) {
+    throw new Error("Recipient not found in post-token balances for the expected mint");
+  }
+  const recipientPreBalance = preBalances.find(
+    (b) => b.mint?.toLowerCase() === mintLower && b.owner?.toLowerCase() === recipientLower
+  );
+  const postAmount = BigInt(recipientPostBalance.uiTokenAmount?.amount || "0");
+  const preAmount = BigInt(recipientPreBalance?.uiTokenAmount?.amount || "0");
+  const received = postAmount - preAmount;
+  if (received < expectedAmount) {
+    throw new Error(
+      `Insufficient SPL transfer: expected ${expectedAmount}, recipient received ${received}`
+    );
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  verifySplTransfer
+});
+//# sourceMappingURL=verify-spl.cjs.map

package/dist/mpp/verify-spl.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/mpp/verify-spl.ts"],"sourcesContent":["/**\n * Shared SPL Token Transfer verification utility for Solana.\n *\n * Used by bridge-server.ts when the target chain is Solana.\n * Verifies that a transaction contains an SPL token transfer\n * to the expected recipient for at least the expected amount.\n */\n\nexport interface VerifySplTransferOptions {\n  /** Transaction signature (base58) */\n  txSignature: string\n  /** Solana RPC URL */\n  rpcUrl: string\n  /** SPL token mint address */\n  tokenMint: string\n  /** Expected recipient wallet address */\n  recipient: string\n  /** Minimum expected amount in base units */\n  expectedAmount: bigint\n}\n\n/**\n * Verify that a Solana transaction contains a valid SPL token transfer\n * to the expected recipient for at least the expected amount.\n *\n * Uses raw JSON-RPC to avoid hard dependency on @solana/web3.js at runtime.\n *\n * @throws if the transaction is missing, failed, or doesn't match.\n */\nexport async function verifySplTransfer(opts: VerifySplTransferOptions): Promise<void> {\n  const { txSignature, rpcUrl, tokenMint, recipient, expectedAmount } = opts\n\n  // Fetch parsed transaction (includes token transfer details)\n  const res = await fetch(rpcUrl, {\n    method: 'POST',\n    headers: { 'Content-Type': 'application/json' },\n    body: JSON.stringify({\n      jsonrpc: '2.0',\n      id: 1,\n      method: 'getTransaction',\n      params: [\n        txSignature,\n        { encoding: 'jsonParsed', commitment: 'confirmed', maxSupportedTransactionVersion: 0 },\n      ],\n    }),\n  })\n\n  const data = (await res.json()) as { result?: any; error?: { message: string } }\n\n  if (data.error) {\n    throw new Error(`Solana RPC error: ${data.error.message}`)\n  }\n\n  const tx = data.result\n  if (!tx) {\n    throw new Error('Solana transaction not found or not yet confirmed')\n  }\n\n  if (tx.meta?.err) {\n    throw new Error(`Solana transaction failed: ${JSON.stringify(tx.meta.err)}`)\n  }\n\n  // Look for matching SPL token transfer in inner + outer instructions\n  const allInstructions = [\n    ...(tx.transaction?.message?.instructions || []),\n    ...(tx.meta?.innerInstructions?.flatMap((inner: any) => inner.instructions) || []),\n  ]\n\n  const mintLower = tokenMint.toLowerCase()\n  const recipientLower = recipient.toLowerCase()\n\n  const matched = allInstructions.some((ix: any) => {\n    const parsed = ix.parsed\n    if (!parsed) return false\n\n    // SPL Token transfer / transferChecked\n    const type = parsed.type\n    if (type !== 'transfer' && type !== 'transferChecked') return false\n\n    const info = parsed.info\n    if (!info) return false\n\n    // Check mint (transferChecked has .mint, transfer we check via token balances)\n    if (type === 'transferChecked') {\n      if (info.mint?.toLowerCase() !== mintLower) return false\n    }\n\n    // Check amount\n    const amount = type === 'transferChecked'\n      ? BigInt(info.tokenAmount?.amount || '0')\n      : BigInt(info.amount || '0')\n\n    if (amount < expectedAmount) return false\n\n    // Check destination — for SPL, 'destination' is an ATA, not the wallet directly.\n    // We need to check postTokenBalances to see if recipient's wallet received tokens.\n    return true\n  })\n\n  // Also verify via postTokenBalances that recipient received tokens\n  const postBalances: any[] = tx.meta?.postTokenBalances || []\n  const preBalances: any[] = tx.meta?.preTokenBalances || []\n\n  const recipientPostBalance = postBalances.find(\n    (b: any) =>\n      b.mint?.toLowerCase() === mintLower &&\n      b.owner?.toLowerCase() === recipientLower,\n  )\n\n  if (!recipientPostBalance) {\n    throw new Error('Recipient not found in post-token balances for the expected mint')\n  }\n\n  const recipientPreBalance = preBalances.find(\n    (b: any) =>\n      b.mint?.toLowerCase() === mintLower &&\n      b.owner?.toLowerCase() === recipientLower,\n  )\n\n  const postAmount = BigInt(recipientPostBalance.uiTokenAmount?.amount || '0')\n  const preAmount = BigInt(recipientPreBalance?.uiTokenAmount?.amount || '0')\n  const received = postAmount - preAmount\n\n  if (received < expectedAmount) {\n    throw new Error(\n      `Insufficient SPL transfer: expected ${expectedAmount}, recipient received ${received}`,\n    )\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AA6BA,eAAsB,kBAAkB,MAA+C;AACrF,QAAM,EAAE,aAAa,QAAQ,WAAW,WAAW,eAAe,IAAI;AAGtE,QAAM,MAAM,MAAM,MAAM,QAAQ;AAAA,IAC9B,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU;AAAA,MACnB,SAAS;AAAA,MACT,IAAI;AAAA,MACJ,QAAQ;AAAA,MACR,QAAQ;AAAA,QACN;AAAA,QACA,EAAE,UAAU,cAAc,YAAY,aAAa,gCAAgC,EAAE;AAAA,MACvF;AAAA,IACF,CAAC;AAAA,EACH,CAAC;AAED,QAAM,OAAQ,MAAM,IAAI,KAAK;AAE7B,MAAI,KAAK,OAAO;AACd,UAAM,IAAI,MAAM,qBAAqB,KAAK,MAAM,OAAO,EAAE;AAAA,EAC3D;AAEA,QAAM,KAAK,KAAK;AAChB,MAAI,CAAC,IAAI;AACP,UAAM,IAAI,MAAM,mDAAmD;AAAA,EACrE;AAEA,MAAI,GAAG,MAAM,KAAK;AAChB,UAAM,IAAI,MAAM,8BAA8B,KAAK,UAAU,GAAG,KAAK,GAAG,CAAC,EAAE;AAAA,EAC7E;AAGA,QAAM,kBAAkB;AAAA,IACtB,GAAI,GAAG,aAAa,SAAS,gBAAgB,CAAC;AAAA,IAC9C,GAAI,GAAG,MAAM,mBAAmB,QAAQ,CAAC,UAAe,MAAM,YAAY,KAAK,CAAC;AAAA,EAClF;AAEA,QAAM,YAAY,UAAU,YAAY;AACxC,QAAM,iBAAiB,UAAU,YAAY;AAE7C,QAAM,UAAU,gBAAgB,KAAK,CAAC,OAAY;AAChD,UAAM,SAAS,GAAG;AAClB,QAAI,CAAC,OAAQ,QAAO;AAGpB,UAAM,OAAO,OAAO;AACpB,QAAI,SAAS,cAAc,SAAS,kBAAmB,QAAO;AAE9D,UAAM,OAAO,OAAO;AACpB,QAAI,CAAC,KAAM,QAAO;AAGlB,QAAI,SAAS,mBAAmB;AAC9B,UAAI,KAAK,MAAM,YAAY,MAAM,UAAW,QAAO;AAAA,IACrD;AAGA,UAAM,SAAS,SAAS,oBACpB,OAAO,KAAK,aAAa,UAAU,GAAG,IACtC,OAAO,KAAK,UAAU,GAAG;AAE7B,QAAI,SAAS,eAAgB,QAAO;AAIpC,WAAO;AAAA,EACT,CAAC;AAGD,QAAM,eAAsB,GAAG,MAAM,qBAAqB,CAAC;AAC3D,QAAM,cAAqB,GAAG,MAAM,oBAAoB,CAAC;AAEzD,QAAM,uBAAuB,aAAa;AAAA,IACxC,CAAC,MACC,EAAE,MAAM,YAAY,MAAM,aAC1B,EAAE,OAAO,YAAY,MAAM;AAAA,EAC/B;AAEA,MAAI,CAAC,sBAAsB;AACzB,UAAM,IAAI,MAAM,kEAAkE;AAAA,EACpF;AAEA,QAAM,sBAAsB,YAAY;AAAA,IACtC,CAAC,MACC,EAAE,MAAM,YAAY,MAAM,aAC1B,EAAE,OAAO,YAAY,MAAM;AAAA,EAC/B;AAEA,QAAM,aAAa,OAAO,qBAAqB,eAAe,UAAU,GAAG;AAC3E,QAAM,YAAY,OAAO,qBAAqB,eAAe,UAAU,GAAG;AAC1E,QAAM,WAAW,aAAa;AAE9B,MAAI,WAAW,gBAAgB;AAC7B,UAAM,IAAI;AAAA,MACR,uCAAuC,cAAc,wBAAwB,QAAQ;AAAA,IACvF;AAAA,EACF;AACF;","names":[]}

package/dist/mpp/verify-spl.d.cts

@@ -0,0 +1,30 @@
+/**
+ * Shared SPL Token Transfer verification utility for Solana.
+ *
+ * Used by bridge-server.ts when the target chain is Solana.
+ * Verifies that a transaction contains an SPL token transfer
+ * to the expected recipient for at least the expected amount.
+ */
+interface VerifySplTransferOptions {
+    /** Transaction signature (base58) */
+    txSignature: string;
+    /** Solana RPC URL */
+    rpcUrl: string;
+    /** SPL token mint address */
+    tokenMint: string;
+    /** Expected recipient wallet address */
+    recipient: string;
+    /** Minimum expected amount in base units */
+    expectedAmount: bigint;
+}
+/**
+ * Verify that a Solana transaction contains a valid SPL token transfer
+ * to the expected recipient for at least the expected amount.
+ *
+ * Uses raw JSON-RPC to avoid hard dependency on @solana/web3.js at runtime.
+ *
+ * @throws if the transaction is missing, failed, or doesn't match.
+ */
+declare function verifySplTransfer(opts: VerifySplTransferOptions): Promise<void>;
+
+export { type VerifySplTransferOptions, verifySplTransfer };

package/dist/mpp/verify-spl.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Shared SPL Token Transfer verification utility for Solana.
+ *
+ * Used by bridge-server.ts when the target chain is Solana.
+ * Verifies that a transaction contains an SPL token transfer
+ * to the expected recipient for at least the expected amount.
+ */
+interface VerifySplTransferOptions {
+    /** Transaction signature (base58) */
+    txSignature: string;
+    /** Solana RPC URL */
+    rpcUrl: string;
+    /** SPL token mint address */
+    tokenMint: string;
+    /** Expected recipient wallet address */
+    recipient: string;
+    /** Minimum expected amount in base units */
+    expectedAmount: bigint;
+}
+/**
+ * Verify that a Solana transaction contains a valid SPL token transfer
+ * to the expected recipient for at least the expected amount.
+ *
+ * Uses raw JSON-RPC to avoid hard dependency on @solana/web3.js at runtime.
+ *
+ * @throws if the transaction is missing, failed, or doesn't match.
+ */
+declare function verifySplTransfer(opts: VerifySplTransferOptions): Promise<void>;
+
+export { type VerifySplTransferOptions, verifySplTransfer };

package/dist/mpp/verify-spl.js

@@ -0,0 +1,71 @@
+// src/mpp/verify-spl.ts
+async function verifySplTransfer(opts) {
+  const { txSignature, rpcUrl, tokenMint, recipient, expectedAmount } = opts;
+  const res = await fetch(rpcUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      jsonrpc: "2.0",
+      id: 1,
+      method: "getTransaction",
+      params: [
+        txSignature,
+        { encoding: "jsonParsed", commitment: "confirmed", maxSupportedTransactionVersion: 0 }
+      ]
+    })
+  });
+  const data = await res.json();
+  if (data.error) {
+    throw new Error(`Solana RPC error: ${data.error.message}`);
+  }
+  const tx = data.result;
+  if (!tx) {
+    throw new Error("Solana transaction not found or not yet confirmed");
+  }
+  if (tx.meta?.err) {
+    throw new Error(`Solana transaction failed: ${JSON.stringify(tx.meta.err)}`);
+  }
+  const allInstructions = [
+    ...tx.transaction?.message?.instructions || [],
+    ...tx.meta?.innerInstructions?.flatMap((inner) => inner.instructions) || []
+  ];
+  const mintLower = tokenMint.toLowerCase();
+  const recipientLower = recipient.toLowerCase();
+  const matched = allInstructions.some((ix) => {
+    const parsed = ix.parsed;
+    if (!parsed) return false;
+    const type = parsed.type;
+    if (type !== "transfer" && type !== "transferChecked") return false;
+    const info = parsed.info;
+    if (!info) return false;
+    if (type === "transferChecked") {
+      if (info.mint?.toLowerCase() !== mintLower) return false;
+    }
+    const amount = type === "transferChecked" ? BigInt(info.tokenAmount?.amount || "0") : BigInt(info.amount || "0");
+    if (amount < expectedAmount) return false;
+    return true;
+  });
+  const postBalances = tx.meta?.postTokenBalances || [];
+  const preBalances = tx.meta?.preTokenBalances || [];
+  const recipientPostBalance = postBalances.find(
+    (b) => b.mint?.toLowerCase() === mintLower && b.owner?.toLowerCase() === recipientLower
+  );
+  if (!recipientPostBalance) {
+    throw new Error("Recipient not found in post-token balances for the expected mint");
+  }
+  const recipientPreBalance = preBalances.find(
+    (b) => b.mint?.toLowerCase() === mintLower && b.owner?.toLowerCase() === recipientLower
+  );
+  const postAmount = BigInt(recipientPostBalance.uiTokenAmount?.amount || "0");
+  const preAmount = BigInt(recipientPreBalance?.uiTokenAmount?.amount || "0");
+  const received = postAmount - preAmount;
+  if (received < expectedAmount) {
+    throw new Error(
+      `Insufficient SPL transfer: expected ${expectedAmount}, recipient received ${received}`
+    );
+  }
+}
+export {
+  verifySplTransfer
+};
+//# sourceMappingURL=verify-spl.js.map

package/dist/mpp/verify-spl.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/mpp/verify-spl.ts"],"sourcesContent":["/**\n * Shared SPL Token Transfer verification utility for Solana.\n *\n * Used by bridge-server.ts when the target chain is Solana.\n * Verifies that a transaction contains an SPL token transfer\n * to the expected recipient for at least the expected amount.\n */\n\nexport interface VerifySplTransferOptions {\n  /** Transaction signature (base58) */\n  txSignature: string\n  /** Solana RPC URL */\n  rpcUrl: string\n  /** SPL token mint address */\n  tokenMint: string\n  /** Expected recipient wallet address */\n  recipient: string\n  /** Minimum expected amount in base units */\n  expectedAmount: bigint\n}\n\n/**\n * Verify that a Solana transaction contains a valid SPL token transfer\n * to the expected recipient for at least the expected amount.\n *\n * Uses raw JSON-RPC to avoid hard dependency on @solana/web3.js at runtime.\n *\n * @throws if the transaction is missing, failed, or doesn't match.\n */\nexport async function verifySplTransfer(opts: VerifySplTransferOptions): Promise<void> {\n  const { txSignature, rpcUrl, tokenMint, recipient, expectedAmount } = opts\n\n  // Fetch parsed transaction (includes token transfer details)\n  const res = await fetch(rpcUrl, {\n    method: 'POST',\n    headers: { 'Content-Type': 'application/json' },\n    body: JSON.stringify({\n      jsonrpc: '2.0',\n      id: 1,\n      method: 'getTransaction',\n      params: [\n        txSignature,\n        { encoding: 'jsonParsed', commitment: 'confirmed', maxSupportedTransactionVersion: 0 },\n      ],\n    }),\n  })\n\n  const data = (await res.json()) as { result?: any; error?: { message: string } }\n\n  if (data.error) {\n    throw new Error(`Solana RPC error: ${data.error.message}`)\n  }\n\n  const tx = data.result\n  if (!tx) {\n    throw new Error('Solana transaction not found or not yet confirmed')\n  }\n\n  if (tx.meta?.err) {\n    throw new Error(`Solana transaction failed: ${JSON.stringify(tx.meta.err)}`)\n  }\n\n  // Look for matching SPL token transfer in inner + outer instructions\n  const allInstructions = [\n    ...(tx.transaction?.message?.instructions || []),\n    ...(tx.meta?.innerInstructions?.flatMap((inner: any) => inner.instructions) || []),\n  ]\n\n  const mintLower = tokenMint.toLowerCase()\n  const recipientLower = recipient.toLowerCase()\n\n  const matched = allInstructions.some((ix: any) => {\n    const parsed = ix.parsed\n    if (!parsed) return false\n\n    // SPL Token transfer / transferChecked\n    const type = parsed.type\n    if (type !== 'transfer' && type !== 'transferChecked') return false\n\n    const info = parsed.info\n    if (!info) return false\n\n    // Check mint (transferChecked has .mint, transfer we check via token balances)\n    if (type === 'transferChecked') {\n      if (info.mint?.toLowerCase() !== mintLower) return false\n    }\n\n    // Check amount\n    const amount = type === 'transferChecked'\n      ? BigInt(info.tokenAmount?.amount || '0')\n      : BigInt(info.amount || '0')\n\n    if (amount < expectedAmount) return false\n\n    // Check destination — for SPL, 'destination' is an ATA, not the wallet directly.\n    // We need to check postTokenBalances to see if recipient's wallet received tokens.\n    return true\n  })\n\n  // Also verify via postTokenBalances that recipient received tokens\n  const postBalances: any[] = tx.meta?.postTokenBalances || []\n  const preBalances: any[] = tx.meta?.preTokenBalances || []\n\n  const recipientPostBalance = postBalances.find(\n    (b: any) =>\n      b.mint?.toLowerCase() === mintLower &&\n      b.owner?.toLowerCase() === recipientLower,\n  )\n\n  if (!recipientPostBalance) {\n    throw new Error('Recipient not found in post-token balances for the expected mint')\n  }\n\n  const recipientPreBalance = preBalances.find(\n    (b: any) =>\n      b.mint?.toLowerCase() === mintLower &&\n      b.owner?.toLowerCase() === recipientLower,\n  )\n\n  const postAmount = BigInt(recipientPostBalance.uiTokenAmount?.amount || '0')\n  const preAmount = BigInt(recipientPreBalance?.uiTokenAmount?.amount || '0')\n  const received = postAmount - preAmount\n\n  if (received < expectedAmount) {\n    throw new Error(\n      `Insufficient SPL transfer: expected ${expectedAmount}, recipient received ${received}`,\n    )\n  }\n}\n"],"mappings":";AA6BA,eAAsB,kBAAkB,MAA+C;AACrF,QAAM,EAAE,aAAa,QAAQ,WAAW,WAAW,eAAe,IAAI;AAGtE,QAAM,MAAM,MAAM,MAAM,QAAQ;AAAA,IAC9B,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU;AAAA,MACnB,SAAS;AAAA,MACT,IAAI;AAAA,MACJ,QAAQ;AAAA,MACR,QAAQ;AAAA,QACN;AAAA,QACA,EAAE,UAAU,cAAc,YAAY,aAAa,gCAAgC,EAAE;AAAA,MACvF;AAAA,IACF,CAAC;AAAA,EACH,CAAC;AAED,QAAM,OAAQ,MAAM,IAAI,KAAK;AAE7B,MAAI,KAAK,OAAO;AACd,UAAM,IAAI,MAAM,qBAAqB,KAAK,MAAM,OAAO,EAAE;AAAA,EAC3D;AAEA,QAAM,KAAK,KAAK;AAChB,MAAI,CAAC,IAAI;AACP,UAAM,IAAI,MAAM,mDAAmD;AAAA,EACrE;AAEA,MAAI,GAAG,MAAM,KAAK;AAChB,UAAM,IAAI,MAAM,8BAA8B,KAAK,UAAU,GAAG,KAAK,GAAG,CAAC,EAAE;AAAA,EAC7E;AAGA,QAAM,kBAAkB;AAAA,IACtB,GAAI,GAAG,aAAa,SAAS,gBAAgB,CAAC;AAAA,IAC9C,GAAI,GAAG,MAAM,mBAAmB,QAAQ,CAAC,UAAe,MAAM,YAAY,KAAK,CAAC;AAAA,EAClF;AAEA,QAAM,YAAY,UAAU,YAAY;AACxC,QAAM,iBAAiB,UAAU,YAAY;AAE7C,QAAM,UAAU,gBAAgB,KAAK,CAAC,OAAY;AAChD,UAAM,SAAS,GAAG;AAClB,QAAI,CAAC,OAAQ,QAAO;AAGpB,UAAM,OAAO,OAAO;AACpB,QAAI,SAAS,cAAc,SAAS,kBAAmB,QAAO;AAE9D,UAAM,OAAO,OAAO;AACpB,QAAI,CAAC,KAAM,QAAO;AAGlB,QAAI,SAAS,mBAAmB;AAC9B,UAAI,KAAK,MAAM,YAAY,MAAM,UAAW,QAAO;AAAA,IACrD;AAGA,UAAM,SAAS,SAAS,oBACpB,OAAO,KAAK,aAAa,UAAU,GAAG,IACtC,OAAO,KAAK,UAAU,GAAG;AAE7B,QAAI,SAAS,eAAgB,QAAO;AAIpC,WAAO;AAAA,EACT,CAAC;AAGD,QAAM,eAAsB,GAAG,MAAM,qBAAqB,CAAC;AAC3D,QAAM,cAAqB,GAAG,MAAM,oBAAoB,CAAC;AAEzD,QAAM,uBAAuB,aAAa;AAAA,IACxC,CAAC,MACC,EAAE,MAAM,YAAY,MAAM,aAC1B,EAAE,OAAO,YAAY,MAAM;AAAA,EAC/B;AAEA,MAAI,CAAC,sBAAsB;AACzB,UAAM,IAAI,MAAM,kEAAkE;AAAA,EACpF;AAEA,QAAM,sBAAsB,YAAY;AAAA,IACtC,CAAC,MACC,EAAE,MAAM,YAAY,MAAM,aAC1B,EAAE,OAAO,YAAY,MAAM;AAAA,EAC/B;AAEA,QAAM,aAAa,OAAO,qBAAqB,eAAe,UAAU,GAAG;AAC3E,QAAM,YAAY,OAAO,qBAAqB,eAAe,UAAU,GAAG;AAC1E,QAAM,WAAW,aAAa;AAE9B,MAAI,WAAW,gBAAgB;AAC7B,UAAM,IAAI;AAAA,MACR,uCAAuC,cAAc,wBAAwB,QAAQ;AAAA,IACvF;AAAA,EACF;AACF;","names":[]}