@scriptmasterlabs/mcp-x402 2.0.0

package/dist/server/payments/ap2.js

@@ -0,0 +1,75 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AP2Client = void 0;
+const audit_js_1 = require("../security/audit.js");
+// In-memory mandate cache — 5 minute TTL per wallet+tool combination
+const mandateCache = new Map();
+class AP2Client {
+    static instance;
+    baseUrl;
+    constructor() {
+        this.baseUrl = process.env['SML_API_BASE'] ?? 'https://api.scriptmasterlabs.com';
+    }
+    static getInstance() {
+        if (!AP2Client.instance) {
+            AP2Client.instance = new AP2Client();
+        }
+        return AP2Client.instance;
+    }
+    async verifyMandate(wallet, params) {
+        const cacheKey = `${wallet}:${params.toolName}:${params.currency}`;
+        const cached = mandateCache.get(cacheKey);
+        if (cached && cached.expiresAt > Date.now()) {
+            return cached.valid;
+        }
+        const audit = audit_js_1.AuditLogger.getInstance();
+        try {
+            const controller = new AbortController();
+            const timeout = setTimeout(() => controller.abort(), 5000);
+            const res = await fetch(`${this.baseUrl}/ap2/v1/mandate/verify`, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({
+                    wallet,
+                    max_amount: params.maxAmount,
+                    currency: params.currency,
+                    tool: params.toolName,
+                }),
+                signal: controller.signal,
+            });
+            clearTimeout(timeout);
+            if (!res.ok) {
+                audit.warn('ap2_mandate_http_error', { status: res.status, wallet });
+                mandateCache.set(cacheKey, { valid: false, expiresAt: Date.now() + 60_000 });
+                return false;
+            }
+            const body = (await res.json());
+            const ttl = (body.expires_in ?? 300) * 1000;
+            mandateCache.set(cacheKey, { valid: body.valid, expiresAt: Date.now() + ttl });
+            return body.valid;
+        }
+        catch (err) {
+            audit.error('ap2_mandate_error', { error: String(err), wallet });
+            // Fail closed — if AP2 is unreachable, deny payment
+            return false;
+        }
+    }
+    async createMandate(wallet, params) {
+        const res = await fetch(`${this.baseUrl}/ap2/v1/mandate/create`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                wallet,
+                daily_cap: params.dailyCap,
+                currency: params.currency,
+            }),
+        });
+        if (!res.ok) {
+            throw new Error(`AP2 mandate creation failed: HTTP ${res.status}`);
+        }
+        const body = (await res.json());
+        return body.mandate_id;
+    }
+}
+exports.AP2Client = AP2Client;
+//# sourceMappingURL=ap2.js.map

package/dist/server/payments/ap2.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ap2.js","sourceRoot":"","sources":["../../../src/server/payments/ap2.ts"],"names":[],"mappings":";;;AAAA,mDAAmD;AAanD,qEAAqE;AACrE,MAAM,YAAY,GAAG,IAAI,GAAG,EAAwB,CAAC;AAErD,MAAa,SAAS;IACZ,MAAM,CAAC,QAAQ,CAAY;IAClB,OAAO,CAAS;IAEjC;QACE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,kCAAkC,CAAC;IACnF,CAAC;IAED,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACxB,SAAS,CAAC,QAAQ,GAAG,IAAI,SAAS,EAAE,CAAC;QACvC,CAAC;QACD,OAAO,SAAS,CAAC,QAAQ,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,MAAc,EAAE,MAAqB;QACvD,MAAM,QAAQ,GAAG,GAAG,MAAM,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACnE,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE1C,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5C,OAAO,MAAM,CAAC,KAAK,CAAC;QACtB,CAAC;QAED,MAAM,KAAK,GAAG,sBAAW,CAAC,WAAW,EAAE,CAAC;QAExC,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,CAAC;YAE3D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,wBAAwB,EAAE;gBAC/D,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,MAAM;oBACN,UAAU,EAAE,MAAM,CAAC,SAAS;oBAC5B,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,MAAM,CAAC,QAAQ;iBACtB,CAAC;gBACF,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YAEH,YAAY,CAAC,OAAO,CAAC,CAAC;YAEtB,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,KAAK,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;gBACrE,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;gBAC7E,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA4C,CAAC;YAC3E,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC;YAE5C,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC,CAAC;YAC/E,OAAO,IAAI,CAAC,KAAK,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACjE,oDAAoD;YACpD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,MAAc,EACd,MAA8C;QAE9C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,wBAAwB,EAAE;YAC/D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,MAAM;gBACN,SAAS,EAAE,MAAM,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC1B,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,qCAAqC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA2B,CAAC;QAC1D,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;CACF;AAlFD,8BAkFC"}

package/dist/server/payments/receipt.d.ts

@@ -0,0 +1,28 @@
+export interface ReceiptInput {
+    txHash: string;
+    chain: string;
+    amount: string;
+    currency: string;
+    tool: string;
+    wallet: string;
+}
+export interface Receipt {
+    id: string;
+    txHash: string;
+    chain: string;
+    amount: string;
+    currency: string;
+    tool: string;
+    wallet: string;
+    issuedAt: number;
+    hash: string;
+}
+export declare class ReceiptStore {
+    private static instance;
+    private readonly baseUrl;
+    private constructor();
+    static getInstance(): ReceiptStore;
+    create(input: ReceiptInput): Promise<Receipt>;
+    private registerWithProofServer;
+}
+//# sourceMappingURL=receipt.d.ts.map

package/dist/server/payments/receipt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"receipt.d.ts","sourceRoot":"","sources":["../../../src/server/payments/receipt.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAe;IACtC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IAEjC,OAAO;IAIP,MAAM,CAAC,WAAW,IAAI,YAAY;IAO5B,MAAM,CAAC,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC;YAuBrC,uBAAuB;CAsBtC"}

package/dist/server/payments/receipt.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReceiptStore = void 0;
+const crypto_1 = require("crypto");
+const audit_js_1 = require("../security/audit.js");
+class ReceiptStore {
+    static instance;
+    baseUrl;
+    constructor() {
+        this.baseUrl = process.env['SML_API_BASE'] ?? 'https://api.scriptmasterlabs.com';
+    }
+    static getInstance() {
+        if (!ReceiptStore.instance) {
+            ReceiptStore.instance = new ReceiptStore();
+        }
+        return ReceiptStore.instance;
+    }
+    async create(input) {
+        const id = (0, crypto_1.randomUUID)();
+        const issuedAt = Date.now();
+        // Content hash for tamper detection
+        const hash = (0, crypto_1.createHash)('sha256')
+            .update(`${id}:${input.txHash}:${input.chain}:${input.amount}:${input.currency}:${input.tool}:${input.wallet}:${issuedAt}`)
+            .digest('hex');
+        const receipt = { id, ...input, issuedAt, hash };
+        // Attempt to register with 402Proof server (N7)
+        try {
+            await this.registerWithProofServer(receipt);
+        }
+        catch (err) {
+            // Log but don't fail — local receipt is still valid
+            audit_js_1.AuditLogger.getInstance().warn('proof_server_register_fail', { error: String(err), receiptId: id });
+        }
+        audit_js_1.AuditLogger.getInstance().info('receipt_issued', { receiptId: id, tool: input.tool });
+        return receipt;
+    }
+    async registerWithProofServer(receipt) {
+        const proofUrl = process.env['PROOF402_URL'] ?? 'https://four02proof.onrender.com';
+        const res = await fetch(`${proofUrl}/v1/receipt`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                receipt_id: receipt.id,
+                tx_hash: receipt.txHash,
+                chain: receipt.chain,
+                amount: receipt.amount,
+                currency: receipt.currency,
+                tool: receipt.tool,
+                wallet: receipt.wallet,
+                issued_at: receipt.issuedAt,
+                hash: receipt.hash,
+            }),
+        });
+        if (!res.ok) {
+            throw new Error(`402Proof server returned HTTP ${res.status}`);
+        }
+    }
+}
+exports.ReceiptStore = ReceiptStore;
+//# sourceMappingURL=receipt.js.map

package/dist/server/payments/receipt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"receipt.js","sourceRoot":"","sources":["../../../src/server/payments/receipt.ts"],"names":[],"mappings":";;;AAAA,mCAAgD;AAChD,mDAAmD;AAuBnD,MAAa,YAAY;IACf,MAAM,CAAC,QAAQ,CAAe;IACrB,OAAO,CAAS;IAEjC;QACE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,kCAAkC,CAAC;IACnF,CAAC;IAED,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC;YAC3B,YAAY,CAAC,QAAQ,GAAG,IAAI,YAAY,EAAE,CAAC;QAC7C,CAAC;QACD,OAAO,YAAY,CAAC,QAAQ,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAmB;QAC9B,MAAM,EAAE,GAAG,IAAA,mBAAU,GAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE5B,oCAAoC;QACpC,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC;aAC9B,MAAM,CAAC,GAAG,EAAE,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,IAAI,QAAQ,EAAE,CAAC;aAC1H,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjB,MAAM,OAAO,GAAY,EAAE,EAAE,EAAE,GAAG,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAE1D,gDAAgD;QAChD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,oDAAoD;YACpD,sBAAW,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,4BAA4B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,CAAC;QACtG,CAAC;QAED,sBAAW,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACtF,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,OAAgB;QACpD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,kCAAkC,CAAC;QACnF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,aAAa,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,OAAO,CAAC,EAAE;gBACtB,OAAO,EAAE,OAAO,CAAC,MAAM;gBACvB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,SAAS,EAAE,OAAO,CAAC,QAAQ;gBAC3B,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,iCAAiC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;CACF;AA5DD,oCA4DC"}

package/dist/server/payments/router.d.ts

@@ -0,0 +1,23 @@
+export interface RouteParams {
+    amount: string;
+    currency: 'USDC' | 'RLUSD';
+    from: string;
+    to: string;
+    timeoutMs?: number;
+}
+export interface RouteResult {
+    txHash: string;
+    chain: string;
+    latencyMs: number;
+}
+export declare class ChainRouter {
+    private readonly base;
+    private readonly xrpl;
+    private readonly solana;
+    private static instance;
+    private constructor();
+    static getInstance(): ChainRouter;
+    route(params: RouteParams): Promise<RouteResult>;
+    private withTimeout;
+}
+//# sourceMappingURL=router.d.ts.map

package/dist/server/payments/router.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../../src/server/payments/router.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAKD,qBAAa,WAAW;IAIpB,OAAO,CAAC,QAAQ,CAAC,IAAI;IACrB,OAAO,CAAC,QAAQ,CAAC,IAAI;IACrB,OAAO,CAAC,QAAQ,CAAC,MAAM;IALzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAc;IAErC,OAAO;IAMP,MAAM,CAAC,WAAW,IAAI,WAAW;IAO3B,KAAK,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IAuDtD,OAAO,CAAC,WAAW;CAgBpB"}

package/dist/server/payments/router.js

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChainRouter = void 0;
+const audit_js_1 = require("../security/audit.js");
+const base_js_1 = require("../../lib/chains/base.js");
+const xrpl_js_1 = require("../../lib/chains/xrpl.js");
+const solana_js_1 = require("../../lib/chains/solana.js");
+// Chain preference order: cheapest/fastest first (N13)
+const CHAIN_PREFERENCE = ['base', 'xrpl', 'solana'];
+class ChainRouter {
+    base;
+    xrpl;
+    solana;
+    static instance;
+    constructor(base = base_js_1.BaseChain.getInstance(), xrpl = xrpl_js_1.XRPLChain.getInstance(), solana = solana_js_1.SolanaChain.getInstance()) {
+        this.base = base;
+        this.xrpl = xrpl;
+        this.solana = solana;
+    }
+    static getInstance() {
+        if (!ChainRouter.instance) {
+            ChainRouter.instance = new ChainRouter();
+        }
+        return ChainRouter.instance;
+    }
+    async route(params) {
+        const audit = audit_js_1.AuditLogger.getInstance();
+        const timeout = params.timeoutMs ?? 3000;
+        // For RLUSD, prefer XRPL
+        const ordered = params.currency === 'RLUSD'
+            ? ['xrpl', 'base', 'solana']
+            : CHAIN_PREFERENCE;
+        const errors = [];
+        for (const chain of ordered) {
+            try {
+                const start = Date.now();
+                let txHash;
+                switch (chain) {
+                    case 'base':
+                        txHash = await this.withTimeout(this.base.sendPayment(params), timeout, 'base');
+                        break;
+                    case 'xrpl':
+                        txHash = await this.withTimeout(this.xrpl.sendPayment(params), timeout, 'xrpl');
+                        break;
+                    case 'solana':
+                        txHash = await this.withTimeout(this.solana.sendPayment(params), timeout, 'solana');
+                        break;
+                }
+                const latencyMs = Date.now() - start;
+                audit.info('chain_route_success', { chain, latencyMs, tx: txHash });
+                return { txHash, chain, latencyMs };
+            }
+            catch (err) {
+                const msg = String(err);
+                errors.push(`${chain}: ${msg}`);
+                audit.warn('chain_route_fail', { chain, error: msg });
+            }
+        }
+        throw new Error(`All chains failed.\n${errors.join('\n')}`);
+    }
+    withTimeout(promise, ms, chain) {
+        return new Promise((resolve, reject) => {
+            const t = setTimeout(() => reject(new Error(`${chain} timeout after ${ms}ms`)), ms);
+            promise.then((v) => { clearTimeout(t); resolve(v); }, (e) => { clearTimeout(t); reject(e); });
+        });
+    }
+}
+exports.ChainRouter = ChainRouter;
+//# sourceMappingURL=router.js.map

package/dist/server/payments/router.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"router.js","sourceRoot":"","sources":["../../../src/server/payments/router.ts"],"names":[],"mappings":";;;AAAA,mDAAmD;AACnD,sDAAqD;AACrD,sDAAqD;AACrD,0DAAyD;AAgBzD,uDAAuD;AACvD,MAAM,gBAAgB,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAU,CAAC;AAE7D,MAAa,WAAW;IAIH;IACA;IACA;IALX,MAAM,CAAC,QAAQ,CAAc;IAErC,YACmB,OAAO,mBAAS,CAAC,WAAW,EAAE,EAC9B,OAAO,mBAAS,CAAC,WAAW,EAAE,EAC9B,SAAS,uBAAW,CAAC,WAAW,EAAE;QAFlC,SAAI,GAAJ,IAAI,CAA0B;QAC9B,SAAI,GAAJ,IAAI,CAA0B;QAC9B,WAAM,GAAN,MAAM,CAA4B;IAClD,CAAC;IAEJ,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC1B,WAAW,CAAC,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC;QAC3C,CAAC;QACD,OAAO,WAAW,CAAC,QAAQ,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,MAAmB;QAC7B,MAAM,KAAK,GAAG,sBAAW,CAAC,WAAW,EAAE,CAAC;QACxC,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC;QAEzC,yBAAyB;QACzB,MAAM,OAAO,GACX,MAAM,CAAC,QAAQ,KAAK,OAAO;YACzB,CAAC,CAAE,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAW;YACvC,CAAC,CAAC,gBAAgB,CAAC;QAEvB,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACzB,IAAI,MAAc,CAAC;gBAEnB,QAAQ,KAAK,EAAE,CAAC;oBACd,KAAK,MAAM;wBACT,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAC7B,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,EAC7B,OAAO,EACP,MAAM,CACP,CAAC;wBACF,MAAM;oBACR,KAAK,MAAM;wBACT,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAC7B,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,EAC7B,OAAO,EACP,MAAM,CACP,CAAC;wBACF,MAAM;oBACR,KAAK,QAAQ;wBACX,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAC7B,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,EAC/B,OAAO,EACP,QAAQ,CACT,CAAC;wBACF,MAAM;gBACV,CAAC;gBAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;gBACrC,KAAK,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;gBAEpE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;YACtC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;gBACxB,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,KAAK,GAAG,EAAE,CAAC,CAAC;gBAChC,KAAK,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,uBAAuB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC9D,CAAC;IAEO,WAAW,CACjB,OAAmB,EACnB,EAAU,EACV,KAAa;QAEb,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,CAAC,GAAG,UAAU,CAClB,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,GAAG,KAAK,kBAAkB,EAAE,IAAI,CAAC,CAAC,EACzD,EAAE,CACH,CAAC;YACF,OAAO,CAAC,IAAI,CACV,CAAC,CAAC,EAAE,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EACvC,CAAC,CAAC,EAAE,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACvC,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAvFD,kCAuFC"}

package/dist/server/payments/wallet.d.ts

@@ -0,0 +1,18 @@
+export interface WalletInfo {
+    address: string;
+    chain: 'base' | 'xrpl' | 'solana';
+}
+export declare class WalletManager {
+    private static instance;
+    private cachedAddress;
+    private cachedSeed;
+    private constructor();
+    static getInstance(): WalletManager;
+    private keytarGet;
+    private keytarSet;
+    getSeed(): Promise<string>;
+    getOrCreateWallet(): Promise<WalletInfo>;
+    private deriveAddress;
+    signPayload(payload: string): Promise<string>;
+}
+//# sourceMappingURL=wallet.d.ts.map

package/dist/server/payments/wallet.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wallet.d.ts","sourceRoot":"","sources":["../../../src/server/payments/wallet.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,QAAQ,CAAC;CACnC;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAgB;IACvC,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,UAAU,CAAuB;IAEzC,OAAO;IAEP,MAAM,CAAC,WAAW,IAAI,aAAa;YAQrB,SAAS;YAST,SAAS;IAcjB,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC;IA2B1B,iBAAiB,IAAI,OAAO,CAAC,UAAU,CAAC;YAahC,aAAa;IAkBrB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAgBpD"}

package/dist/server/payments/wallet.js

@@ -0,0 +1,107 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WalletManager = void 0;
+const audit_js_1 = require("../security/audit.js");
+const KEYCHAIN_SERVICE = 'mcp-x402';
+const KEYCHAIN_ACCOUNT = 'master-seed';
+class WalletManager {
+    static instance;
+    cachedAddress = null;
+    cachedSeed = null;
+    constructor() { }
+    static getInstance() {
+        if (!WalletManager.instance) {
+            WalletManager.instance = new WalletManager();
+        }
+        return WalletManager.instance;
+    }
+    // Try OS keychain; returns null if keytar is unavailable (Docker/cloud) or no entry exists.
+    async keytarGet() {
+        try {
+            const kt = await import('keytar');
+            return await kt.getPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT);
+        }
+        catch {
+            return null;
+        }
+    }
+    async keytarSet(value) {
+        try {
+            const kt = await import('keytar');
+            await kt.setPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT, value);
+        }
+        catch {
+            // Silently skip — keytar unavailable in this environment
+        }
+    }
+    // Seed resolution priority:
+    // 1. OS keychain (local desktop — most secure)
+    // 2. WALLET_SEED env var (Render secret — cloud/Docker deployment)
+    // 3. CI_WALLET_SEED env var (CI only, never production)
+    // 4. Generate fresh and try to persist in keychain
+    async getSeed() {
+        if (this.cachedSeed)
+            return this.cachedSeed;
+        const audit = audit_js_1.AuditLogger.getInstance();
+        let seed = await this.keytarGet();
+        if (!seed) {
+            const envSeed = process.env['WALLET_SEED'];
+            if (envSeed) {
+                seed = envSeed;
+                audit.warn('wallet_env_seed', { note: 'Using WALLET_SEED env var (cloud deployment).' });
+            }
+            else if (process.env['CI_WALLET_SEED'] && process.env['NODE_ENV'] !== 'production') {
+                seed = process.env['CI_WALLET_SEED'];
+                audit.warn('wallet_ci_fallback', { note: 'Using CI_WALLET_SEED. NEVER do this in production.' });
+            }
+            else {
+                const { generateMnemonic } = await import('bip39');
+                seed = generateMnemonic(256);
+                await this.keytarSet(seed);
+                audit.info('wallet_created', { note: 'New BIP-39 seed generated.' });
+            }
+        }
+        this.cachedSeed = seed;
+        return seed;
+    }
+    async getOrCreateWallet() {
+        if (this.cachedAddress) {
+            return { address: this.cachedAddress, chain: 'base' };
+        }
+        const audit = audit_js_1.AuditLogger.getInstance();
+        const seed = await this.getSeed();
+        const address = await this.deriveAddress(seed);
+        this.cachedAddress = address;
+        audit.info('wallet_loaded', { address });
+        return { address, chain: 'base' };
+    }
+    async deriveAddress(mnemonic) {
+        // BIP-44 deterministic derivation: m/44'/60'/0'/0/0 (Base = EVM)
+        const { mnemonicToSeedSync } = await import('bip39');
+        const { default: HDKey } = await import('hdkey');
+        const { privateKeyToAccount } = await import('viem/accounts');
+        const seed = mnemonicToSeedSync(mnemonic);
+        const hdkey = HDKey.fromMasterSeed(seed);
+        const child = hdkey.derive("m/44'/60'/0'/0/0");
+        if (!child.privateKey) {
+            throw new Error('Failed to derive private key from HD path');
+        }
+        const account = privateKeyToAccount(`0x${child.privateKey.toString('hex')}`);
+        return account.address;
+    }
+    async signPayload(payload) {
+        const mnemonic = await this.getSeed();
+        const { mnemonicToSeedSync } = await import('bip39');
+        const { default: HDKey } = await import('hdkey');
+        const { privateKeyToAccount } = await import('viem/accounts');
+        const seed = mnemonicToSeedSync(mnemonic);
+        const hdkey = HDKey.fromMasterSeed(seed);
+        const child = hdkey.derive("m/44'/60'/0'/0/0");
+        if (!child.privateKey)
+            throw new Error('Key derivation failed');
+        const account = privateKeyToAccount(`0x${child.privateKey.toString('hex')}`);
+        return account.signMessage({ message: payload });
+    }
+}
+exports.WalletManager = WalletManager;
+//# sourceMappingURL=wallet.js.map

package/dist/server/payments/wallet.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wallet.js","sourceRoot":"","sources":["../../../src/server/payments/wallet.ts"],"names":[],"mappings":";;;AAAA,mDAAmD;AAEnD,MAAM,gBAAgB,GAAG,UAAU,CAAC;AACpC,MAAM,gBAAgB,GAAG,aAAa,CAAC;AAOvC,MAAa,aAAa;IAChB,MAAM,CAAC,QAAQ,CAAgB;IAC/B,aAAa,GAAkB,IAAI,CAAC;IACpC,UAAU,GAAkB,IAAI,CAAC;IAEzC,gBAAuB,CAAC;IAExB,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;YAC5B,aAAa,CAAC,QAAQ,GAAG,IAAI,aAAa,EAAE,CAAC;QAC/C,CAAC;QACD,OAAO,aAAa,CAAC,QAAQ,CAAC;IAChC,CAAC;IAED,4FAA4F;IACpF,KAAK,CAAC,SAAS;QACrB,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;YAClC,OAAO,MAAM,EAAE,CAAC,WAAW,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,KAAa;QACnC,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;YAClC,MAAM,EAAE,CAAC,WAAW,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACP,yDAAyD;QAC3D,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,+CAA+C;IAC/C,mEAAmE;IACnE,wDAAwD;IACxD,mDAAmD;IACnD,KAAK,CAAC,OAAO;QACX,IAAI,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC;QAE5C,MAAM,KAAK,GAAG,sBAAW,CAAC,WAAW,EAAE,CAAC;QAExC,IAAI,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QAElC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAC3C,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,GAAG,OAAO,CAAC;gBACf,KAAK,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,IAAI,EAAE,+CAA+C,EAAE,CAAC,CAAC;YAC3F,CAAC;iBAAM,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,EAAE,CAAC;gBACrF,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;gBACrC,KAAK,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,IAAI,EAAE,oDAAoD,EAAE,CAAC,CAAC;YACnG,CAAC;iBAAM,CAAC;gBACN,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;gBACnD,IAAI,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;gBAC7B,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBAC3B,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,4BAA4B,EAAE,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;QAED,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,iBAAiB;QACrB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,aAAa,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QACxD,CAAC;QAED,MAAM,KAAK,GAAG,sBAAW,CAAC,WAAW,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QACzC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,QAAgB;QAC1C,iEAAiE;QACjE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QACrD,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;QAE9D,MAAM,IAAI,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAE/C,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,OAAO,GAAG,mBAAmB,CAAC,KAAK,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC7E,OAAO,OAAO,CAAC,OAAO,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QAEtC,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QACrD,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;QAE9D,MAAM,IAAI,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAE/C,IAAI,CAAC,KAAK,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAEhE,MAAM,OAAO,GAAG,mBAAmB,CAAC,KAAK,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC7E,OAAO,OAAO,CAAC,WAAW,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;IACnD,CAAC;CACF;AAhHD,sCAgHC"}

package/dist/server/payments/x402.d.ts

@@ -0,0 +1,29 @@
+import { z } from 'zod';
+export declare const PaymentConfigSchema: z.ZodObject<{
+    price: z.ZodString;
+    currency: z.ZodEnum<["USDC", "RLUSD"]>;
+    toolName: z.ZodString;
+    walletAddress: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    currency: "USDC" | "RLUSD";
+    price: string;
+    toolName: string;
+    walletAddress?: string | undefined;
+}, {
+    currency: "USDC" | "RLUSD";
+    price: string;
+    toolName: string;
+    walletAddress?: string | undefined;
+}>;
+export type PaymentConfig = z.infer<typeof PaymentConfigSchema>;
+export interface PaymentResult {
+    receiptId: string;
+    txHash: string;
+    chain: string;
+    amountPaid: string;
+    currency: string;
+    timestamp: number;
+    walletAddress: string;
+}
+export declare function executeX402Payment(config: PaymentConfig): Promise<PaymentResult>;
+//# sourceMappingURL=x402.d.ts.map

package/dist/server/payments/x402.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"x402.d.ts","sourceRoot":"","sources":["../../../src/server/payments/x402.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AASxB,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;EAK9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;CACvB;AA6BD,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,aAAa,GACpB,OAAO,CAAC,aAAa,CAAC,CAwGxB"}

package/dist/server/payments/x402.js

@@ -0,0 +1,122 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PaymentConfigSchema = void 0;
+exports.executeX402Payment = executeX402Payment;
+const zod_1 = require("zod");
+const audit_js_1 = require("../security/audit.js");
+const ap2_js_1 = require("./ap2.js");
+const wallet_js_1 = require("./wallet.js");
+const router_js_1 = require("./router.js");
+const receipt_js_1 = require("./receipt.js");
+const bureau_js_1 = require("../../lib/credit/bureau.js");
+const pricing_js_1 = require("../registry/pricing.js");
+exports.PaymentConfigSchema = zod_1.z.object({
+    price: zod_1.z.string().regex(/^\d+(\.\d+)?$/),
+    currency: zod_1.z.enum(['USDC', 'RLUSD']),
+    toolName: zod_1.z.string(),
+    walletAddress: zod_1.z.string().optional(),
+});
+const AUTO_APPROVE_THRESHOLD = parseFloat(process.env['AUTO_APPROVE_THRESHOLD_USD'] ?? '1.0');
+const DAILY_SPEND_CAP = parseFloat(process.env['DAILY_SPEND_CAP_USD'] ?? '50.0');
+const dailySpend = new Map();
+function getTodayKey() {
+    return new Date().toISOString().slice(0, 10);
+}
+function getDailySpend(wallet) {
+    const today = getTodayKey();
+    const entry = dailySpend.get(wallet);
+    if (!entry || entry.date !== today)
+        return 0;
+    return entry.amount;
+}
+function addDailySpend(wallet, amount) {
+    const today = getTodayKey();
+    const current = getDailySpend(wallet);
+    dailySpend.set(wallet, { amount: current + amount, date: today });
+}
+async function executeX402Payment(config) {
+    const audit = audit_js_1.AuditLogger.getInstance();
+    const wallet = await wallet_js_1.WalletManager.getInstance().getOrCreateWallet();
+    const walletAddress = wallet.address;
+    // Enforce daily spend cap (N9)
+    const priceNum = parseFloat(config.price);
+    const currentSpend = getDailySpend(walletAddress);
+    if (currentSpend + priceNum > DAILY_SPEND_CAP) {
+        audit.warn('spend_cap_exceeded', {
+            wallet: walletAddress,
+            current: currentSpend,
+            requested: priceNum,
+            cap: DAILY_SPEND_CAP,
+        });
+        throw new Error(`Daily spend cap of $${DAILY_SPEND_CAP} exceeded. Current: $${currentSpend.toFixed(4)}`);
+    }
+    // Verify price cache freshness (N12)
+    const cachedPrice = await pricing_js_1.PriceRegistry.getInstance().getPrice(config.toolName);
+    if (!cachedPrice) {
+        throw new Error('Price data stale or unavailable. Rejecting payment.');
+    }
+    if (cachedPrice !== config.price) {
+        throw new Error(`Price mismatch: expected ${cachedPrice}, got ${config.price}. Cache may be stale.`);
+    }
+    // Credit Bureau check (N8)
+    const score = await bureau_js_1.CreditBureau.getInstance().getScore(walletAddress);
+    const autoApprove = priceNum <= AUTO_APPROVE_THRESHOLD && score >= 300;
+    audit.info('payment_attempt', {
+        tool: config.toolName,
+        price: config.price,
+        currency: config.currency,
+        wallet: walletAddress,
+        bureauScore: score,
+        autoApprove,
+    });
+    if (!autoApprove && score < 300) {
+        throw new Error(`Credit Bureau score ${score} below minimum 300. Payment requires manual approval.`);
+    }
+    // AP2 mandate verification (N6)
+    const ap2 = ap2_js_1.AP2Client.getInstance();
+    const mandateValid = await ap2.verifyMandate(walletAddress, {
+        maxAmount: config.price,
+        currency: config.currency,
+        toolName: config.toolName,
+    });
+    if (!mandateValid) {
+        audit.warn('ap2_mandate_rejected', { wallet: walletAddress, tool: config.toolName });
+        throw new Error('AP2 mandate verification failed. Agent not authorized for this payment.');
+    }
+    // Route payment to cheapest/fastest chain (N13)
+    const router = router_js_1.ChainRouter.getInstance();
+    const txResult = await router.route({
+        amount: config.price,
+        currency: config.currency,
+        from: walletAddress,
+        to: process.env['SML_PAYMENT_RECEIVER'] ?? '',
+        timeoutMs: 500,
+    });
+    addDailySpend(walletAddress, priceNum);
+    // Generate 402Proof receipt (N7)
+    const receipt = await receipt_js_1.ReceiptStore.getInstance().create({
+        txHash: txResult.txHash,
+        chain: txResult.chain,
+        amount: config.price,
+        currency: config.currency,
+        tool: config.toolName,
+        wallet: walletAddress,
+    });
+    audit.info('payment_success', {
+        receiptId: receipt.id,
+        txHash: txResult.txHash,
+        chain: txResult.chain,
+        tool: config.toolName,
+        wallet: walletAddress,
+    });
+    return {
+        receiptId: receipt.id,
+        txHash: txResult.txHash,
+        chain: txResult.chain,
+        amountPaid: config.price,
+        currency: config.currency,
+        timestamp: Date.now(),
+        walletAddress,
+    };
+}
+//# sourceMappingURL=x402.js.map

package/dist/server/payments/x402.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"x402.js","sourceRoot":"","sources":["../../../src/server/payments/x402.ts"],"names":[],"mappings":";;;AAuDA,gDA0GC;AAjKD,6BAAwB;AACxB,mDAAmD;AACnD,qCAAqC;AACrC,2CAA4C;AAC5C,2CAA0C;AAC1C,6CAA4C;AAC5C,0DAA0D;AAC1D,uDAAuD;AAE1C,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1C,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,eAAe,CAAC;IACxC,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAC;AAcH,MAAM,sBAAsB,GAAG,UAAU,CACvC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,IAAI,KAAK,CACnD,CAAC;AAEF,MAAM,eAAe,GAAG,UAAU,CAChC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,MAAM,CAC7C,CAAC;AAEF,MAAM,UAAU,GAAG,IAAI,GAAG,EAA4C,CAAC;AAEvE,SAAS,WAAW;IAClB,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,aAAa,CAAC,MAAc;IACnC,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK;QAAE,OAAO,CAAC,CAAC;IAC7C,OAAO,KAAK,CAAC,MAAM,CAAC;AACtB,CAAC;AAED,SAAS,aAAa,CAAC,MAAc,EAAE,MAAc;IACnD,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACtC,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACpE,CAAC;AAEM,KAAK,UAAU,kBAAkB,CACtC,MAAqB;IAErB,MAAM,KAAK,GAAG,sBAAW,CAAC,WAAW,EAAE,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,yBAAa,CAAC,WAAW,EAAE,CAAC,iBAAiB,EAAE,CAAC;IACrE,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC;IAErC,+BAA+B;IAC/B,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,aAAa,CAAC,aAAa,CAAC,CAAC;IAClD,IAAI,YAAY,GAAG,QAAQ,GAAG,eAAe,EAAE,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,oBAAoB,EAAE;YAC/B,MAAM,EAAE,aAAa;YACrB,OAAO,EAAE,YAAY;YACrB,SAAS,EAAE,QAAQ;YACnB,GAAG,EAAE,eAAe;SACrB,CAAC,CAAC;QACH,MAAM,IAAI,KAAK,CACb,uBAAuB,eAAe,wBAAwB,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CACxF,CAAC;IACJ,CAAC;IAED,qCAAqC;IACrC,MAAM,WAAW,GAAG,MAAM,0BAAa,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAChF,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,WAAW,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,4BAA4B,WAAW,SAAS,MAAM,CAAC,KAAK,uBAAuB,CACpF,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,MAAM,KAAK,GAAG,MAAM,wBAAY,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;IACvE,MAAM,WAAW,GAAG,QAAQ,IAAI,sBAAsB,IAAI,KAAK,IAAI,GAAG,CAAC;IAEvE,KAAK,CAAC,IAAI,CAAC,iBAAiB,EAAE;QAC5B,IAAI,EAAE,MAAM,CAAC,QAAQ;QACrB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,MAAM,EAAE,aAAa;QACrB,WAAW,EAAE,KAAK;QAClB,WAAW;KACZ,CAAC,CAAC;IAEH,IAAI,CAAC,WAAW,IAAI,KAAK,GAAG,GAAG,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CACb,uBAAuB,KAAK,uDAAuD,CACpF,CAAC;IACJ,CAAC;IAED,gCAAgC;IAChC,MAAM,GAAG,GAAG,kBAAS,CAAC,WAAW,EAAE,CAAC;IACpC,MAAM,YAAY,GAAG,MAAM,GAAG,CAAC,aAAa,CAAC,aAAa,EAAE;QAC1D,SAAS,EAAE,MAAM,CAAC,KAAK;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;KAC1B,CAAC,CAAC;IAEH,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,KAAK,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QACrF,MAAM,IAAI,KAAK,CACb,yEAAyE,CAC1E,CAAC;IACJ,CAAC;IAED,gDAAgD;IAChD,MAAM,MAAM,GAAG,uBAAW,CAAC,WAAW,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC;QAClC,MAAM,EAAE,MAAM,CAAC,KAAK;QACpB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,IAAI,EAAE,aAAa;QACnB,EAAE,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,EAAE;QAC7C,SAAS,EAAE,GAAG;KACf,CAAC,CAAC;IAEH,aAAa,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;IAEvC,iCAAiC;IACjC,MAAM,OAAO,GAAG,MAAM,yBAAY,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC;QACtD,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,MAAM,EAAE,MAAM,CAAC,KAAK;QACpB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,IAAI,EAAE,MAAM,CAAC,QAAQ;QACrB,MAAM,EAAE,aAAa;KACtB,CAAC,CAAC;IAEH,KAAK,CAAC,IAAI,CAAC,iBAAiB,EAAE;QAC5B,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,IAAI,EAAE,MAAM,CAAC,QAAQ;QACrB,MAAM,EAAE,aAAa;KACtB,CAAC,CAAC;IAEH,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,UAAU,EAAE,MAAM,CAAC,KAAK;QACxB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,aAAa;KACd,CAAC;AACJ,CAAC"}

package/dist/server/registry/catalog.d.ts

@@ -0,0 +1,12 @@
+export interface ToolMeta {
+    name: string;
+    description: string;
+    price: string;
+    currency: 'USDC' | 'RLUSD';
+    freeTier?: string;
+    ap2Required: boolean;
+    cacheTtl?: number;
+}
+export declare const CATALOG: ToolMeta[];
+export declare function getToolMeta(name: string): ToolMeta | undefined;
+//# sourceMappingURL=catalog.d.ts.map

package/dist/server/registry/catalog.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"catalog.d.ts","sourceRoot":"","sources":["../../../src/server/registry/catalog.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,OAAO,EAAE,QAAQ,EA8C7B,CAAC;AAEF,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAE9D"}